cleanup

flake.nix

@@ -172,6 +172,11 @@
       inputs.nixpkgs.follows = "pi4-nixpkgs";
     };
 
+    # Nix hardware
+    pi4-nixos-hardware = {
+      url = "github:NixOS/nixos-hardware/master";
+    };
+
     pi4-nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi";
 
     pi4-disko = {
@@ -298,6 +303,7 @@
       pi4-home-manager,
       pi4-impermanence,
       pi4-sops-nix,
+      pi4-nixos-hardware,
       pi4-nixos-raspberrypi,
       pi4-disko,
 
@@ -434,6 +440,7 @@
             pi5-impermanence.nixosModules.impermanence
             pi5-sops-nix.nixosModules.sops
             ./hosts/pi5/configuration.nix
+            pi5-nixos-hardware.nixosModules.raspberry-pi-5
             {
               # Hardware specific configuration, see section below for a more complete
               # list of modules
@@ -470,7 +477,7 @@
           modules = [
             pi4-disko.nixosModules.disko
             ./share/disko/pi-uefi-disko.nix
-
+            pi4-nixos-hardware.nixosModules.raspberry-pi-4
             pi4-impermanence.nixosModules.impermanence
             pi4-sops-nix.nixosModules.sops
             ./hosts/pi4/configuration.nix

hosts/nas/sops.nix

@@ -32,6 +32,11 @@ in
         group = config.users.users."${user}".group;
       };
       "wifi" = { };
+
+      # ------------------------------
+      # ups
+      # ------------------------------
+      
       "jallen-nas/ups_password" = {
         mode = "0777";
         restartUnits = [
@@ -41,18 +46,51 @@ in
           "upsmon.service"
         ];
       };
+
+      # ------------------------------
+      # SSH keys
+      # ------------------------------
+
+      "ssh-keys-public/jallen-nas-root" = {
+        path = "/root/.ssh/id_ed25519.pub";
+        mode = "0640";
+      };
+      "ssh-keys-private/jallen-nas-root" = {
+        path = "/root/.ssh/id_ed25519";
+        mode = "0640";
+      };
+
+      # ------------------------------
+      # authentik
+      # ------------------------------
+
       "jallen-nas/authentik-env" = {
         restartUnits = [ "authentik.service" ];
       };
+
+      # ------------------------------
+      # collabora # TODO
+      # ------------------------------
+
       "jallen-nas/collabora" = {
         restartUnits = [ "podman-collabora.service" ];
       };
+
+      # ------------------------------
+      # mariadb # TODO
+      # ------------------------------
+
       "jallen-nas/mariadb/db_pass" = {
         restartUnits = [ "podman-mariadb.service" ];
       };
       "jallen-nas/mariadb/root_pass" = {
         restartUnits = [ "podman-mariadb.service" ];
       };
+
+      # ------------------------------
+      # nextcloud
+      # ------------------------------
+
       "jallen-nas/nextcloud/dbpassword" = {
         mode = "0650";
         owner = config.users.users."${user}".name;
@@ -71,23 +109,48 @@ in
         group = config.users.users."${user}".group;
         restartUnits = [ "container@nextcloud.service" ];
       };
+
+      # ------------------------------
+      # onlyoffice
+      # ------------------------------
+
       "jallen-nas/onlyoffice-key" = {
         mode = "0650";
         owner = config.users.users."${user}".name;
         group = config.users.users."${user}".group;
         restartUnits = [ "container@nextcloud.service" ];
       };
+
+      # ------------------------------
+      # manyfold
+      # ------------------------------
+
       "jallen-nas/manyfold/secretkeybase" = {
         restartUnits = [ "podman-manyfold.service" ];
       };
+
+      # ------------------------------
+      # immich
+      # ------------------------------
+
       "jallen-nas/immich/db-password" = {
         mode = "0440";
         group = "keys";
         restartUnits = [ "container@immich.service" ];
       };
+
+      # ------------------------------
+      # open-webui
+      # ------------------------------
+
       "jallen-nas/open-webui" = {
         restartUnits = [ "open-webui.service" ];
       };
+
+      # ------------------------------
+      # paperless
+      # ------------------------------
+
       "jallen-nas/paperless/secret" = {
         restartUnits = [ "container@paperless.service" ];
       };
@@ -97,6 +160,11 @@ in
       "jallen-nas/paperless/authentik-client-secret" = {
         restartUnits = [ "container@paperless.service" ];
       };
+
+      # ------------------------------
+      # Gitea
+      # ------------------------------
+
       "jallen-nas/gitea/mail-key" = {
         owner = "root";
         group = "keys";
@@ -109,6 +177,10 @@ in
         mode = "0440";
         restartUnits = [ "container@gitea.service" ];
       };
+
+      # ------------------------------
+      # free-games-claimer
+      # ------------------------------
       "jallen-nas/free-games/eg-email" = { };
       "jallen-nas/free-games/eg-pass" = { };
       "jallen-nas/free-games/eg-otp" = { };
@@ -116,14 +188,11 @@ in
       "jallen-nas/free-games/pg-pass" = { };
       "jallen-nas/free-games/gog-email" = { };
       "jallen-nas/free-games/gog-pass" = { };
-      "ssh-keys-public/jallen-nas-root" = {
+
-        path = "/root/.ssh/id_ed25519.pub";
+      # ------------------------------
-        mode = "0640";
+      # Secureboot keys
-      };
+      # ------------------------------
-      "ssh-keys-private/jallen-nas-root" = {
+
-        path = "/root/.ssh/id_ed25519";
-        mode = "0640";
-      };
       "secureboot/GUID" = {
         path = "/etc/secureboot/GUID";
         mode = "0640";
@@ -154,6 +223,9 @@ in
       };
     };
 
+    # ------------------------------
+    # Templates
+    # ------------------------------
     templates = {
       "fgc.env" = {
         content = ''

hosts/pi4/sops.nix

@@ -7,6 +7,9 @@ in
     defaultSopsFile = ../../secrets/secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
+    # ------------------------------
+    # Secrets
+    # ------------------------------
     secrets = {
       "wifi" = { };
       "desktop/matt_password" = {
@@ -19,6 +22,7 @@ in
       # ------------------------------
       # SSH keys
       # ------------------------------
+
       "ssh-keys-public/pi4" = {
         mode = "0644";
         owner = config.users.users."${user}".name;

hosts/pi5/sops.nix

@@ -7,6 +7,9 @@ in
     defaultSopsFile = ../../secrets/secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
+    # ------------------------------
+    # Secrets
+    # ------------------------------
     secrets = {
       "wifi" = { };
       "desktop/matt_password" = {
@@ -19,6 +22,7 @@ in
       # ------------------------------
       # SSH keys
       # ------------------------------
+
       "ssh-keys-public/pi5" = {
         mode = "0644";
         owner = config.users.users."${user}".name;