From 6d1e9e59d788b68ac1b7f4b0bc0ba91dfb48d90d Mon Sep 17 00:00:00 2001
From: mjallen18 <matt.l.jallen@gmail.com>
Date: Mon, 3 Mar 2025 18:17:33 -0600
Subject: [PATCH] stuff from pi

---
 hosts/pi4/adguard.nix       |  4 ++--
 hosts/pi4/boot.nix          |  8 +++++---
 hosts/pi4/configuration.nix | 22 +++++++++++++++++++---
 hosts/pi4/impermanence.nix  | 12 ++++++++----
 4 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/hosts/pi4/adguard.nix b/hosts/pi4/adguard.nix
index cbb7ed6..72b4ff3 100755
--- a/hosts/pi4/adguard.nix
+++ b/hosts/pi4/adguard.nix
@@ -1,10 +1,10 @@
 { ... }:
 {
-  services.adguard = {
+  services.adguardhome = {
     enable = true;
     allowDHCP = true;
     port = 3000;
     openFirewall = true;
     mutableSettings = true;
   };
-}
\ No newline at end of file
+}
diff --git a/hosts/pi4/boot.nix b/hosts/pi4/boot.nix
index f372135..c0fc0db 100755
--- a/hosts/pi4/boot.nix
+++ b/hosts/pi4/boot.nix
@@ -12,8 +12,10 @@
       systemd-boot.enable = true;
       generic-extlinux-compatible.enable = lib.mkForce false;
     };
-    # kernelParams = [
+    kernelParams = [
     #   "snd_bcm2835.enable_hdmi=1"
-    #   ];
+      "brcmfmac.roamoff=1"
+      "brcmfmac.feature_disable=0x282000"
+      ];
   };
-}
\ No newline at end of file
+}
diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix
index 14b6f48..3c8004f 100755
--- a/hosts/pi4/configuration.nix
+++ b/hosts/pi4/configuration.nix
@@ -8,7 +8,7 @@ let
   user = "matt";
   password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
   SSID = "Joey's Jungle 5G";
-  SSIDpassword = config.sops.templates."wifi-password".content;
+  SSIDpassword = ""; # config.sops.templates."wifi-password".content;
   interface = "wlan0";
   timezone = "America/Chicago";
   hostname = "pi4";
@@ -16,10 +16,11 @@ in
 {
   imports = [
     # Include the results of the hardware scan.
+    ./adguard.nix
     ./boot.nix
     ./hardware-configuration.nix
     ./impermanence.nix
-    ./sops.nix
+#    ./sops.nix
     ./ups-monitor.nix
     ../default.nix
   ];
@@ -79,13 +80,28 @@ in
   time.timeZone = timezone;
 
   networking = {
-    networkmanager.enable = lib.mkForce true;
+    networkmanager.enable = lib.mkForce false;
     hostName = hostname;
     wireless = {
       enable = false;
       networks."${SSID}".psk = SSIDpassword;
       interfaces = [ interface ];
     };
+
+    defaultGateway.address = "10.0.1.1";
+    nameservers = [ "10.0.1.1" ];
+
+    interfaces.enabcm6e4ei0.ipv4.addresses = [ {
+     address = "10.0.1.2";
+     prefixLength = 24;
+    } ];
+
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 80 53 ];
+      allowedUDPPorts = [ 80 53 ];
+    };
   };
 
   systemd.services.btattach = {
diff --git a/hosts/pi4/impermanence.nix b/hosts/pi4/impermanence.nix
index 63df79f..352c30b 100755
--- a/hosts/pi4/impermanence.nix
+++ b/hosts/pi4/impermanence.nix
@@ -10,6 +10,10 @@
       "/var/lib/nixos"
       "/var/lib/libvirt"
       "/var/lib/systemd/coredump"
+      {
+        directory = "/var/lib/private";
+        mode = "u=rwx,g=,o=";
+      }
       "/etc/NetworkManager/system-connections"
       {
         directory = "/etc/nix";
@@ -18,10 +22,10 @@
         mode = "u=rwx,g=rx,o=rx";
       }
     ];
-    files = [
-      "/etc/machine-id"
-      { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
-    ];
+#    files = [
+#      "/etc/machine-id"
+#      { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+#    ];
   };
 
   security.sudo.extraConfig = ''