temp pi5

2025-05-09 13:32:54 -05:00
parent 2b2fa1bdbc
commit 27b8d8e4d7
6 changed files with 320 additions and 270 deletions
--- a/hosts/pi5/configuration.nix
+++ b/hosts/pi5/configuration.nix
@@ -8,18 +8,19 @@ let
  user = "matt";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  SSID = "Joey's Jungle 5G";
-  wifiSecrets = config.sops.secrets."wifi-password".path;
+  wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path;
  interface = "wlan0";
  timezone = "America/Chicago";
  hostname = "pi5";
 in
 {
  imports = [
-    ./boot.nix
-    # ./hardware-configuration.nix
+    # ./boot.nix
+    ./hardware-configuration.nix
    ./impermanence.nix
-#    ./sops.nix
-    ../default.nix
+    ./bootconfig.nix
+    # ./sops.nix
+    # ../default.nix
  ];

  raspberry-pi-nix.board = lib.mkForce "bcm2712";
@@ -29,11 +30,13 @@ in
    settings = {
      substituters = [
        # "https://cache.mjallen.dev"
+        "https://nixos-raspberrypi.cachix.org"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
+        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      warn-dirty = lib.mkForce false;
@@ -48,6 +51,18 @@ in
      ];
    };
  };
+  # Configure nixpkgs
+  # Enable non free
+  nixpkgs.config.allowUnfree = lib.mkForce true;
+
+  # Hardware configs
+  hardware = {
+    # Bluetooth
+    bluetooth.enable = lib.mkDefault true;
+
+    # Enable all firmware
+    enableAllFirmware = lib.mkForce true;
+  };
 
  services.xserver = {
    enable = false;
@@ -72,28 +87,14 @@ in
  time.timeZone = timezone;

  networking = {
-    networkmanager.enable = lib.mkForce false;
    hostName = hostname;
-    wireless = {
-      enable = false;
-      secretsFile = wifiSecrets;
-      networks."${SSID}".psk = "ext:PSK";
-      interfaces = [ interface ];
-    };

    defaultGateway.address = "10.0.1.1";
    nameservers = [ "10.0.1.1" ];

-    interfaces.enabcm6e4ei0.ipv4.addresses = [ {
-     address = "10.0.1.2";
-     prefixLength = 24;
-    } ];
-
    firewall = {
      enable = true;
      allowPing = true;
-      allowedTCPPorts = [ 80 53 ];
-      allowedUDPPorts = [ 80 53 ];
    };
  };

@@ -126,6 +127,35 @@ in
    enableZshIntegration = true;
  };

+  security = {
+    rtkit.enable = lib.mkDefault true;
+
+    # configure sudo
+    sudo.enable = lib.mkDefault false;
+    sudo-rs = {
+      enable = lib.mkDefault true;
+      extraRules = [
+        {
+          commands = [
+            {
+              command = "${pkgs.systemd}/bin/systemctl suspend";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${pkgs.systemd}/bin/reboot";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${pkgs.systemd}/bin/poweroff";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+          groups = [ "wheel" ];
+        }
+      ];
+    };
+  };
+
  users = {
    mutableUsers = false;
    users."${user}" = {