mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp pi5

Browse Source
This commit is contained in:
mjallen18
2025-05-09 13:32:54 -05:00
parent 2b2fa1bdbc
commit 27b8d8e4d7
6 changed files with 320 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
hosts/pi5/bootconfig.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, pkgs, lib, ... }:
{
hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
# in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# 8 and 10 on the 40-pin header)
enable_uart = {
enable = true;
value = true;
};
# https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
# enable debug logging to the UART, also automatically enables
# UART logging in `start.elf`
uart_2ndstage = {
enable = true;
value = true;
};
};
# Base DTB parameters
# https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
base-dt-params = {
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
pciex1 = {
enable = true;
value = "on";
};
# PCIe Gen 3.0
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
pciex1_gen = {
enable = true;
value = "3";
};
};
};
};
}

68
hosts/pi5/configuration.nix
View File

@@ -8,18 +8,19 @@ let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joey's Jungle 5G";
wifiSecrets = config.sops.secrets."wifi-password".path;
wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path;
interface = "wlan0";
timezone = "America/Chicago";
hostname = "pi5";
in
{
imports = [
./boot.nix
# ./hardware-configuration.nix
# ./boot.nix
./hardware-configuration.nix
./impermanence.nix
# ./sops.nix
../default.nix
./bootconfig.nix
# ./sops.nix
# ../default.nix
];
raspberry-pi-nix.board = lib.mkForce "bcm2712";
@@ -29,11 +30,13 @@ in
settings = {
substituters = [
# "https://cache.mjallen.dev"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
@@ -48,6 +51,18 @@ in
];
};
};
# Configure nixpkgs
# Enable non free
nixpkgs.config.allowUnfree = lib.mkForce true;
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
services.xserver = {
enable = false;
@@ -72,28 +87,14 @@ in
time.timeZone = timezone;
networking = {
networkmanager.enable = lib.mkForce false;
hostName = hostname;
wireless = {
enable = false;
secretsFile = wifiSecrets;
networks."${SSID}".psk = "ext:PSK";
interfaces = [ interface ];
};
defaultGateway.address = "10.0.1.1";
nameservers = [ "10.0.1.1" ];
interfaces.enabcm6e4ei0.ipv4.addresses = [ {
address = "10.0.1.2";
prefixLength = 24;
} ];
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 80 53 ];
allowedUDPPorts = [ 80 53 ];
};
};
@@ -126,6 +127,35 @@ in
enableZshIntegration = true;
};
security = {
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
users = {
mutableUsers = false;
users."${user}" = {

71
hosts/pi5/hardware-configuration.nix
View File

@@ -16,53 +16,52 @@
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
mode = "755";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7EC2-DEAC";
{ device = "/dev/disk/by-uuid/7793-909B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/7E6D-6434";
{ device = "/dev/disk/by-uuid/777B-8D3F";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9141e15a-2ac8-4344-affe-8408800a442b";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d390a564-9ef9-4c7d-ae1a-93951e9873dd"; }
];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@@ -73,4 +72,4 @@
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}
}

46
hosts/pi5/networking.nix Executable file
View File

@@ -0,0 +1,46 @@
{ lib, config, ... }:
let
hostname = "pi5";
in
{
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 5G" = {
connection = {
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 5G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}