diff --git a/flake.lock b/flake.lock index 99e53d5..2b57a89 100755 --- a/flake.lock +++ b/flake.lock @@ -53,16 +53,16 @@ }, "Pi5-nixpkgs": { "locked": { - "lastModified": 1746461020, - "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -87,6 +87,22 @@ "type": "github" } }, + "argononed": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, "authentik-src": { "flake": false, "locked": { @@ -731,40 +747,6 @@ "type": "github" } }, - "libcamera-src": { - "flake": false, - "locked": { - "lastModified": 1725630279, - "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=", - "owner": "raspberrypi", - "repo": "libcamera", - "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "repo": "libcamera", - "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", - "type": "github" - } - }, - "libpisp-src": { - "flake": false, - "locked": { - "lastModified": 1724944683, - "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=", - "owner": "raspberrypi", - "repo": "libpisp", - "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "v1.0.7", - "repo": "libpisp", - "type": "github" - } - }, "napalm": { "inputs": { "flake-utils": [ @@ -798,7 +780,9 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nas-nixpkgs" + ], "poetry2nix": "poetry2nix", "systems": "systems" }, @@ -1099,6 +1083,52 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746225872, + "narHash": "sha256-ySSk4r9Mq6dO2MYaik4vTU18sA17aHTSb2LsAFXdw3E=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "33343fd9a237ed98df52e3611f833fdab729c358", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-raspberrypi": { + "inputs": { + "argononed": "argononed", + "nixos-images": "nixos-images", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1746230872, + "narHash": "sha256-w7i0IrlgT/EIgKhu35NEPRwvN2pFqWlKAuzjjCodTyA=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "747b7b8b9644971755c903f4c30d854147371bd7", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1746328495, @@ -1228,16 +1258,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1746461020, - "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", - "owner": "NixOS", + "lastModified": 1745988343, + "narHash": "sha256-pC1h2+78R9cGcLFpgzFqt00V9S2OShgoQXygfb7+K3w=", + "owner": "nvmd", "repo": "nixpkgs", - "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", + "rev": "69ab0db654ca18be1b4cc5ceddf56f1581fb7173", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nvmd", + "ref": "modules-with-keys-unstable", "repo": "nixpkgs", "type": "github" } @@ -1370,33 +1400,6 @@ "type": "github" } }, - "raspberry-pi-nix": { - "inputs": { - "libcamera-src": "libcamera-src", - "libpisp-src": "libpisp-src", - "nixpkgs": "nixpkgs_2", - "rpi-bluez-firmware-src": "rpi-bluez-firmware-src", - "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src", - "rpi-firmware-src": "rpi-firmware-src", - "rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src", - "rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src", - "rpi-linux-stable-src": "rpi-linux-stable-src", - "rpicam-apps-src": "rpicam-apps-src" - }, - "locked": { - "lastModified": 1742223591, - "narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=", - "owner": "nix-community", - "repo": "raspberry-pi-nix", - "rev": "3e8100d5e976a6a2be363015cb33463af9ef441a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "raspberry-pi-nix", - "type": "github" - } - }, "root": { "inputs": { "Pi5-home-manager": "Pi5-home-manager", @@ -1423,9 +1426,9 @@ "nas-nixpkgs-stable": "nas-nixpkgs-stable", "nas-sops-nix": "nas-sops-nix", "nix-darwin": "nix-darwin", + "nixos-raspberrypi": "nixos-raspberrypi", "nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-unstable": "nixpkgs-unstable", - "raspberry-pi-nix": "raspberry-pi-nix", "steamdeck-chaotic": "steamdeck-chaotic", "steamdeck-home-manager": "steamdeck-home-manager", "steamdeck-impermanence": "steamdeck-impermanence", @@ -1437,125 +1440,6 @@ "steamdeck-steam-rom-manager": "steamdeck-steam-rom-manager" } }, - "rpi-bluez-firmware-src": { - "flake": false, - "locked": { - "lastModified": 1708969706, - "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=", - "owner": "RPi-Distro", - "repo": "bluez-firmware", - "rev": "78d6a07730e2d20c035899521ab67726dc028e1c", - "type": "github" - }, - "original": { - "owner": "RPi-Distro", - "ref": "bookworm", - "repo": "bluez-firmware", - "type": "github" - } - }, - "rpi-firmware-nonfree-src": { - "flake": false, - "locked": { - "lastModified": 1723266537, - "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=", - "owner": "RPi-Distro", - "repo": "firmware-nonfree", - "rev": "4b356e134e8333d073bd3802d767a825adec3807", - "type": "github" - }, - "original": { - "owner": "RPi-Distro", - "ref": "bookworm", - "repo": "firmware-nonfree", - "type": "github" - } - }, - "rpi-firmware-src": { - "flake": false, - "locked": { - "lastModified": 1728405098, - "narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=", - "owner": "raspberrypi", - "repo": "firmware", - "rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "1.20241008", - "repo": "firmware", - "type": "github" - } - }, - "rpi-linux-6_12_17-src": { - "flake": false, - "locked": { - "lastModified": 1740765145, - "narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=", - "owner": "raspberrypi", - "repo": "linux", - "rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "rpi-6.12.y", - "repo": "linux", - "type": "github" - } - }, - "rpi-linux-6_6_78-src": { - "flake": false, - "locked": { - "lastModified": 1740503700, - "narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=", - "owner": "raspberrypi", - "repo": "linux", - "rev": "2e071057fded90e789c0101498e45a1778be93fe", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "rpi-6.6.y", - "repo": "linux", - "type": "github" - } - }, - "rpi-linux-stable-src": { - "flake": false, - "locked": { - "lastModified": 1728403745, - "narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=", - "owner": "raspberrypi", - "repo": "linux", - "rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "stable_20241008", - "repo": "linux", - "type": "github" - } - }, - "rpicam-apps-src": { - "flake": false, - "locked": { - "lastModified": 1727515047, - "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=", - "owner": "raspberrypi", - "repo": "rpicam-apps", - "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031", - "type": "github" - }, - "original": { - "owner": "raspberrypi", - "ref": "v1.5.2", - "repo": "rpicam-apps", - "type": "github" - } - }, "rust-analyzer-src": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 1001615..501869c 100755 --- a/flake.nix +++ b/flake.nix @@ -119,7 +119,7 @@ # nixpgs Pi5-nixpkgs = { - url = "github:NixOS/nixpkgs/nixos-24.11"; + url = "github:NixOS/nixpkgs/nixos-24.05"; }; # Home Manager @@ -144,7 +144,7 @@ inputs.nixpkgs.follows = "Pi5-nixpkgs"; }; - raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; + nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi"; ##################################################### # Steamdeck # @@ -256,7 +256,7 @@ Pi5-impermanence, Pi5-nixos-hardware, Pi5-sops-nix, - raspberry-pi-nix, + nixos-raspberrypi, # Steamdeck steamdeck-nixpkgs, @@ -384,31 +384,77 @@ }; # Pi5 - "pi5" = Pi5-nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; + "pi5" = nixos-raspberrypi.lib.nixosSystem { + specialArgs = inputs; modules = [ - Pi5-nixos-hardware.nixosModules.raspberry-pi-4 - Pi5-impermanence.nixosModules.impermanence - ./hosts/pi5/configuration.nix - Pi5-sops-nix.nixosModules.sops - raspberry-pi-nix.nixosModules.raspberry-pi - raspberry-pi-nix.nixosModules.sd-image - - Pi5-home-manager.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.matt = - { ... }: - { - imports = [ - ./hosts/pi5/home.nix - Pi5-sops-nix.homeManagerModules.sops - ]; - }; + # Hardware specific configuration, see section below for a more complete + # list of modules + imports = with nixos-raspberrypi.nixosModules; [ + raspberry-pi-5.base + raspberry-pi-5.display-vc4 + raspberry-pi-5.bluetooth + ]; } + + ({ config, pkgs, lib, ... }: + let + kernelBundle = pkgs.linuxAndFirmware.v6_6_31; + in { + boot = { + loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; + kernelPackages = kernelBundle.linuxPackages_rpi5; + }; + nixpkgs.overlays = lib.mkAfter [ + (self: super: { + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # enableRedistributableFirmware is enabled + # I know no easier way to override this package + inherit (kernelBundle) raspberrypiWirelessFirmware; + # Some derivations want to use it as an input, + # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules + inherit (kernelBundle) raspberrypifw; + }) + ]; + networking.hostName = "pi5"; + + system.nixos.tags = let + cfg = config.boot.loader.raspberryPi; + in [ + "raspberry-pi-${cfg.variant}" + cfg.bootloader + config.boot.kernelPackages.kernel.version + ]; + }) + + # ... + ]; }; + # "pi5" = Pi5-nixpkgs.lib.nixosSystem { + # system = "aarch64-linux"; + # modules = [ + # Pi5-nixos-hardware.nixosModules.raspberry-pi-4 + # Pi5-impermanence.nixosModules.impermanence + # ./hosts/pi5/configuration.nix + # Pi5-sops-nix.nixosModules.sops + + + # Pi5-home-manager.nixosModules.home-manager + # { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.users.matt = + # { ... }: + # { + # imports = [ + # ./hosts/pi5/home.nix + # Pi5-sops-nix.homeManagerModules.sops + # ]; + # }; + # } + # ]; + # }; "steamdeck" = steamdeck-nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/hosts/pi5/bootconfig.nix b/hosts/pi5/bootconfig.nix new file mode 100644 index 0000000..1f232a8 --- /dev/null +++ b/hosts/pi5/bootconfig.nix @@ -0,0 +1,45 @@ +{ config, pkgs, lib, ... }: + +{ + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + options = { + # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart + # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) + # creates a serial console, accessible using GPIOs 14 and 15 (pins + # 8 and 10 on the 40-pin header) + enable_uart = { + enable = true; + value = true; + }; + # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage + # enable debug logging to the UART, also automatically enables + # UART logging in `start.elf` + uart_2ndstage = { + enable = true; + value = true; + }; + }; + + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} \ No newline at end of file diff --git a/hosts/pi5/configuration.nix b/hosts/pi5/configuration.nix index 5c76667..d70a0b5 100755 --- a/hosts/pi5/configuration.nix +++ b/hosts/pi5/configuration.nix @@ -8,18 +8,19 @@ let user = "matt"; password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; SSID = "Joey's Jungle 5G"; - wifiSecrets = config.sops.secrets."wifi-password".path; + wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path; interface = "wlan0"; timezone = "America/Chicago"; hostname = "pi5"; in { imports = [ - ./boot.nix - # ./hardware-configuration.nix + # ./boot.nix + ./hardware-configuration.nix ./impermanence.nix -# ./sops.nix - ../default.nix + ./bootconfig.nix + # ./sops.nix + # ../default.nix ]; raspberry-pi-nix.board = lib.mkForce "bcm2712"; @@ -29,11 +30,13 @@ in settings = { substituters = [ # "https://cache.mjallen.dev" + "https://nixos-raspberrypi.cachix.org" "https://nix-community.cachix.org" "https://cache.nixos.org/" ]; trusted-public-keys = [ # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; warn-dirty = lib.mkForce false; @@ -48,6 +51,18 @@ in ]; }; }; + # Configure nixpkgs + # Enable non free + nixpkgs.config.allowUnfree = lib.mkForce true; + + # Hardware configs + hardware = { + # Bluetooth + bluetooth.enable = lib.mkDefault true; + + # Enable all firmware + enableAllFirmware = lib.mkForce true; + }; services.xserver = { enable = false; @@ -72,28 +87,14 @@ in time.timeZone = timezone; networking = { - networkmanager.enable = lib.mkForce false; hostName = hostname; - wireless = { - enable = false; - secretsFile = wifiSecrets; - networks."${SSID}".psk = "ext:PSK"; - interfaces = [ interface ]; - }; defaultGateway.address = "10.0.1.1"; nameservers = [ "10.0.1.1" ]; - interfaces.enabcm6e4ei0.ipv4.addresses = [ { - address = "10.0.1.2"; - prefixLength = 24; - } ]; - firewall = { enable = true; allowPing = true; - allowedTCPPorts = [ 80 53 ]; - allowedUDPPorts = [ 80 53 ]; }; }; @@ -126,6 +127,35 @@ in enableZshIntegration = true; }; + security = { + rtkit.enable = lib.mkDefault true; + + # configure sudo + sudo.enable = lib.mkDefault false; + sudo-rs = { + enable = lib.mkDefault true; + extraRules = [ + { + commands = [ + { + command = "${pkgs.systemd}/bin/systemctl suspend"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.systemd}/bin/reboot"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.systemd}/bin/poweroff"; + options = [ "NOPASSWD" ]; + } + ]; + groups = [ "wheel" ]; + } + ]; + }; + }; + users = { mutableUsers = false; users."${user}" = { diff --git a/hosts/pi5/hardware-configuration.nix b/hosts/pi5/hardware-configuration.nix index 329b7b5..4b96a62 100644 --- a/hosts/pi5/hardware-configuration.nix +++ b/hosts/pi5/hardware-configuration.nix @@ -16,53 +16,52 @@ fileSystems."/" = { device = "none"; fsType = "tmpfs"; + mode = "755"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/etc" = + { device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615"; + fsType = "btrfs"; + options = [ "subvol=etc" "compress=zstd" "noatime" ]; + }; + + fileSystems."/root" = + { device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" "noatime" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7EC2-DEAC"; + { device = "/dev/disk/by-uuid/7793-909B"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; fileSystems."/boot/firmware" = - { device = "/dev/disk/by-uuid/7E6D-6434"; + { device = "/dev/disk/by-uuid/777B-8D3F"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/etc" = - { device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b"; - fsType = "btrfs"; - options = [ "subvol=etc" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b"; - fsType = "btrfs"; - options = [ "subvol=log" ]; - }; - - fileSystems."/root" = - { device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/d390a564-9ef9-4c7d-ae1a-93951e9873dd"; } - ]; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -73,4 +72,4 @@ # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} +} \ No newline at end of file diff --git a/hosts/pi5/networking.nix b/hosts/pi5/networking.nix new file mode 100755 index 0000000..ca29c52 --- /dev/null +++ b/hosts/pi5/networking.nix @@ -0,0 +1,46 @@ +{ lib, config, ... }: +let + hostname = "pi5"; +in +{ + # Networking configs + networking = { + hostName = hostname; + + # Enable Network Manager + networkmanager = { + enable = lib.mkDefault true; + wifi.powersave = lib.mkDefault false; + settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; + ensureProfiles = { + environmentFiles = [ + config.sops.secrets.wifi.path + ]; + + profiles = { + "Joey's Jungle 5G" = { + connection = { + id = "Joey's Jungle 5G"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Joey's Jungle 5G"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$PSK"; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file