pi4

flake.lock

@@ -1,92 +1,5 @@
 {
   "nodes": {
-    "Pi5-home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "Pi5-nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746632058,
-        "narHash": "sha256-Mp5Bbvb+YlFEZ76C/0wFS6C1lRfH3D60u465wFNlnS0=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "708074ae6db9e0468e4f48477f856e8c2d059795",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "Pi5-impermanence": {
-      "locked": {
-        "lastModified": 1737831083,
-        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "type": "github"
-      }
-    },
-    "Pi5-nixos-hardware": {
-      "locked": {
-        "lastModified": 1746621361,
-        "narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=",
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "master",
-        "repo": "nixos-hardware",
-        "type": "github"
-      }
-    },
-    "Pi5-nixpkgs": {
-      "locked": {
-        "lastModified": 1735563628,
-        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "Pi5-sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "Pi5-nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746485181,
-        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
-      }
-    },
     "argononed": {
       "flake": false,
       "locked": {
@@ -103,6 +16,22 @@
         "type": "github"
       }
     },
+    "argononed_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1729566243,
+        "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=",
+        "owner": "nvmd",
+        "repo": "argononed",
+        "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nvmd",
+        "repo": "argononed",
+        "type": "github"
+      }
+    },
     "authentik-src": {
       "flake": false,
       "locked": {
@@ -433,22 +362,6 @@
       }
     },
     "flake-compat_5": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1746162366,
-        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_6": {
       "flake": false,
       "locked": {
         "lastModified": 1696426674,
@@ -1125,6 +1038,32 @@
         "type": "github"
       }
     },
+    "nixos-images_2": {
+      "inputs": {
+        "nixos-stable": [
+          "pi4-nixos-raspberrypi",
+          "nixpkgs"
+        ],
+        "nixos-unstable": [
+          "pi4-nixos-raspberrypi",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746225872,
+        "narHash": "sha256-ySSk4r9Mq6dO2MYaik4vTU18sA17aHTSb2LsAFXdw3E=",
+        "owner": "nvmd",
+        "repo": "nixos-images",
+        "rev": "33343fd9a237ed98df52e3611f833fdab729c358",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nvmd",
+        "ref": "sdimage-installer",
+        "repo": "nixos-images",
+        "type": "github"
+      }
+    },
     "nixos-raspberrypi": {
       "inputs": {
         "argononed": "argononed",
@@ -1241,22 +1180,6 @@
       }
     },
     "nixpkgs-stable_5": {
-      "locked": {
-        "lastModified": 1746557022,
-        "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_6": {
       "locked": {
         "lastModified": 1730741070,
         "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
@@ -1305,6 +1228,22 @@
       }
     },
     "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1745988343,
+        "narHash": "sha256-pC1h2+78R9cGcLFpgzFqt00V9S2OShgoQXygfb7+K3w=",
+        "owner": "nvmd",
+        "repo": "nixpkgs",
+        "rev": "69ab0db654ca18be1b4cc5ceddf56f1581fb7173",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nvmd",
+        "ref": "modules-with-keys-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1744932701,
         "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
@@ -1320,26 +1259,202 @@
         "type": "github"
       }
     },
-    "pi5-cosmic": {
+    "pi4-disko": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
         "nixpkgs": [
-          "Pi5-nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable_5",
-        "rust-overlay": "rust-overlay_4"
+          "pi4-nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1746800640,
-        "narHash": "sha256-JYIzK5YIuB23xhaHftCFlJgxbZQigmGR73tVsotQnxk=",
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "rev": "745255df83cd31ce7cfbb1089d4b747b9f9d7d8b",
+        "lastModified": 1742690494,
+        "narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=",
+        "owner": "nvmd",
+        "repo": "disko",
+        "rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b",
         "type": "github"
       },
       "original": {
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
+        "owner": "nvmd",
+        "ref": "gpt-attrs",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "pi4-home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "pi4-nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746981801,
+        "narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "pi4-impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "pi4-nixos-raspberrypi": {
+      "inputs": {
+        "argononed": "argononed_2",
+        "nixos-images": "nixos-images_2",
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1746230872,
+        "narHash": "sha256-w7i0IrlgT/EIgKhu35NEPRwvN2pFqWlKAuzjjCodTyA=",
+        "owner": "nvmd",
+        "repo": "nixos-raspberrypi",
+        "rev": "747b7b8b9644971755c903f4c30d854147371bd7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nvmd",
+        "repo": "nixos-raspberrypi",
+        "type": "github"
+      }
+    },
+    "pi4-nixpkgs": {
+      "locked": {
+        "lastModified": 1735563628,
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pi4-sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "pi4-nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
+    "pi5-home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "pi5-nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746981801,
+        "narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "pi5-impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "pi5-nixos-hardware": {
+      "locked": {
+        "lastModified": 1746814339,
+        "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "pi5-nixpkgs": {
+      "locked": {
+        "lastModified": 1735563628,
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pi5-sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "pi5-nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
         "type": "github"
       }
     },
@@ -1439,7 +1554,7 @@
           "steamdeck-lanzaboote",
           "nixpkgs"
         ],
-        "nixpkgs-stable": "nixpkgs-stable_6"
+        "nixpkgs-stable": "nixpkgs-stable_5"
       },
       "locked": {
         "lastModified": 1731363552,
@@ -1457,11 +1572,6 @@
     },
     "root": {
       "inputs": {
-        "Pi5-home-manager": "Pi5-home-manager",
-        "Pi5-impermanence": "Pi5-impermanence",
-        "Pi5-nixos-hardware": "Pi5-nixos-hardware",
-        "Pi5-nixpkgs": "Pi5-nixpkgs",
-        "Pi5-sops-nix": "Pi5-sops-nix",
         "desktop-chaotic": "desktop-chaotic",
         "desktop-home-manager": "desktop-home-manager",
         "desktop-impermanence": "desktop-impermanence",
@@ -1484,7 +1594,17 @@
         "nixos-raspberrypi": "nixos-raspberrypi",
         "nixpkgs-stable": "nixpkgs-stable_4",
         "nixpkgs-unstable": "nixpkgs-unstable",
-        "pi5-cosmic": "pi5-cosmic",
+        "pi4-disko": "pi4-disko",
+        "pi4-home-manager": "pi4-home-manager",
+        "pi4-impermanence": "pi4-impermanence",
+        "pi4-nixos-raspberrypi": "pi4-nixos-raspberrypi",
+        "pi4-nixpkgs": "pi4-nixpkgs",
+        "pi4-sops-nix": "pi4-sops-nix",
+        "pi5-home-manager": "pi5-home-manager",
+        "pi5-impermanence": "pi5-impermanence",
+        "pi5-nixos-hardware": "pi5-nixos-hardware",
+        "pi5-nixpkgs": "pi5-nixpkgs",
+        "pi5-sops-nix": "pi5-sops-nix",
         "steamdeck-chaotic": "steamdeck-chaotic",
         "steamdeck-home-manager": "steamdeck-home-manager",
         "steamdeck-impermanence": "steamdeck-impermanence",
@@ -1594,27 +1714,6 @@
       }
     },
     "rust-overlay_4": {
-      "inputs": {
-        "nixpkgs": [
-          "pi5-cosmic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746758179,
-        "narHash": "sha256-JECUw1YBEsTsVauvupRzE5ykZaJoyhHCpoY87ZZJGas=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "4fd00513eac6b6140c5dced3e1b8133e2369a0f8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
-    "rust-overlay_5": {
       "inputs": {
         "nixpkgs": [
           "steamdeck-lanzaboote",
@@ -1641,7 +1740,7 @@
         "flake-schemas": "flake-schemas_2",
         "home-manager": "home-manager_2",
         "jovian": "jovian_2",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1745232749,
@@ -1717,13 +1816,13 @@
     "steamdeck-lanzaboote": {
       "inputs": {
         "crane": "crane_3",
-        "flake-compat": "flake-compat_6",
+        "flake-compat": "flake-compat_5",
         "flake-parts": "flake-parts_4",
         "nixpkgs": [
           "steamdeck-nixpkgs"
         ],
         "pre-commit-hooks-nix": "pre-commit-hooks-nix_3",
-        "rust-overlay": "rust-overlay_5"
+        "rust-overlay": "rust-overlay_4"
       },
       "locked": {
         "lastModified": 1737639419,

flake.nix

@@ -114,42 +114,71 @@
     };
 
     #####################################################
-    #                     Pi5                           #
+    #                     pi5                           #
     #####################################################
 
     # nixpgs
-    Pi5-nixpkgs = {
+    pi5-nixpkgs = {
       url = "github:NixOS/nixpkgs/nixos-24.05";
     };
 
     # Home Manager
-    Pi5-home-manager = {
+    pi5-home-manager = {
       url = "github:nix-community/home-manager";
-      inputs.nixpkgs.follows = "Pi5-nixpkgs";
+      inputs.nixpkgs.follows = "pi5-nixpkgs";
     };
 
     # Impermenance
-    Pi5-impermanence = {
+    pi5-impermanence = {
       url = "github:nix-community/impermanence";
     };
 
     # Nix hardware
-    Pi5-nixos-hardware = {
+    pi5-nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
     };
 
     # Sops-nix
-    Pi5-sops-nix = {
+    pi5-sops-nix = {
       url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "Pi5-nixpkgs";
+      inputs.nixpkgs.follows = "pi5-nixpkgs";
     };
 
     nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi";
 
-    # cosmic launcher
-    pi5-cosmic = {
-      url = "github:lilyinstarlight/nixos-cosmic";
-      inputs.nixpkgs.follows = "Pi5-nixpkgs";
+    #####################################################
+    #                     pi4                           #
+    #####################################################
+
+    # nixpgs
+    pi4-nixpkgs = {
+      url = "github:NixOS/nixpkgs/nixos-24.05";
+    };
+
+    # Home Manager
+    pi4-home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "pi4-nixpkgs";
+    };
+
+    # Impermenance
+    pi4-impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+
+    # Sops-nix
+    pi4-sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "pi4-nixpkgs";
+    };
+
+    pi4-nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi";
+
+    pi4-disko = {
+      # the fork is needed for partition attributes support
+      url = "github:nvmd/disko/gpt-attrs";
+      # url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "pi4-nixpkgs";
     };
 
     #####################################################
@@ -256,14 +285,21 @@
       nas-nixos-hardware,
       nas-sops-nix,
 
-      # Pi5
-      Pi5-nixpkgs,
-      Pi5-home-manager,
-      Pi5-impermanence,
-      Pi5-nixos-hardware,
-      Pi5-sops-nix,
+      # pi5
+      pi5-nixpkgs,
+      pi5-home-manager,
+      pi5-impermanence,
+      pi5-nixos-hardware,
+      pi5-sops-nix,
       nixos-raspberrypi,
-      pi5-cosmic,
+
+      # pi4
+      pi4-nixpkgs,
+      pi4-home-manager,
+      pi4-impermanence,
+      pi4-sops-nix,
+      pi4-nixos-raspberrypi,
+      pi4-disko,
 
       # Steamdeck
       steamdeck-nixpkgs,
@@ -390,13 +426,13 @@
           ];
         };
 
-        # Pi5
+        # pi5
         "pi5" = nixos-raspberrypi.lib.nixosSystem {
           specialArgs = inputs;
           system = "aarch64-linux";
           modules = [
-            Pi5-impermanence.nixosModules.impermanence
-            Pi5-sops-nix.nixosModules.sops
+            pi5-impermanence.nixosModules.impermanence
+            pi5-sops-nix.nixosModules.sops
             ./hosts/pi5/configuration.nix
             {
               # Hardware specific configuration, see section below for a more complete 
@@ -407,7 +443,7 @@
                 raspberry-pi-5.bluetooth
               ];
             }
-            Pi5-home-manager.nixosModules.home-manager
+            pi5-home-manager.nixosModules.home-manager
             {
               home-manager.useGlobalPkgs = true;
               home-manager.useUserPackages = true;
@@ -417,11 +453,46 @@
                 {
                   imports = [
                     ./hosts/pi5/home.nix
-                    Pi5-sops-nix.homeManagerModules.sops
+                    pi5-sops-nix.homeManagerModules.sops
+                  ];
+                };
+            }
+          ];
+        };
+
+        # pi4
+        "pi4" = pi4-nixos-raspberrypi.lib.nixosSystem {
+          specialArgs = inputs;
+          system = "aarch64-linux";
+          modules = [
+            pi4-impermanence.nixosModules.impermanence
+            pi4-sops-nix.nixosModules.sops
+            pi4-disko.nixosModules.disko
+            ./hosts/pi4/disko.nix
+            ./hosts/pi4/configuration.nix
+            {
+              # Hardware specific configuration, see section below for a more complete 
+              # list of modules
+              imports = with nixos-raspberrypi.nixosModules; [
+                raspberry-pi-5.base
+                raspberry-pi-5.display-vc4
+                raspberry-pi-5.bluetooth
+              ];
+            }
+            pi4-home-manager.nixosModules.home-manager
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.backupFileExtension = "backup";
+              home-manager.users.matt = 
+                { ... }:
+                {
+                  imports = [
+                    ./hosts/pi4/home.nix
+                    pi4-sops-nix.homeManagerModules.sops
                   ];
                 };
             }
-            # pi5-cosmic.nixosModules.default
           ];
         };
 

hosts/pi4/boot.nix

@@ -0,0 +1,52 @@
+{ pkgs, lib, ... }:
+let
+  kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
+in
+{
+  boot = {
+    loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
+    kernelPackages = kernelBundle.linuxPackages_rpi4;
+  };
+  
+  hardware.raspberry-pi.config = {
+    all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
+
+      options = {
+        # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
+        # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
+        # creates a serial console, accessible using GPIOs 14 and 15 (pins 
+        #  8 and 10 on the 40-pin header)
+        enable_uart = {
+          enable = true;
+          value = true;
+        };
+        # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
+        # enable debug logging to the UART, also automatically enables 
+        # UART logging in `start.elf`
+        uart_2ndstage = {
+          enable = true;
+          value = true;
+        };
+      };
+
+      # Base DTB parameters
+      # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
+      base-dt-params = {
+
+        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
+        pciex1 = {
+          enable = true;
+          value = "on";
+        };
+        # PCIe Gen 3.0
+        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
+        pciex1_gen = {
+          enable = true;
+          value = "3";
+        };
+
+      };
+
+    };
+  };
+}

hosts/pi4/configuration.nix

@@ -0,0 +1,87 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+let
+  user = "matt";
+  password = config.sops.secrets."jallen-nas/admin_password".path;
+  kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
+in
+{
+  imports = [
+    ./boot.nix
+    ./impermanence.nix
+    ./networking.nix
+    ./sops.nix
+    ../default.nix
+    ../../modules/desktop-environments/cosmic/default.nix
+  ];
+
+  # Enable nix flakes and nix-command tools
+  nix = {
+    settings = {
+      substituters = [
+        "https://nixos-raspberrypi.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
+      ];
+    };
+  };
+
+  # Configure nixpkgs
+  nixpkgs = {
+    overlays = lib.mkAfter [
+      (self: super: {
+        # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least 
+        # enableRedistributableFirmware is enabled
+        # I know no easier way to override this package
+        inherit (kernelBundle) raspberrypiWirelessFirmware;
+        # Some derivations want to use it as an input,
+        # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
+        inherit (kernelBundle) raspberrypifw;
+      })
+    ];
+  };
+
+  system.nixos.tags = let
+    cfg = config.boot.loader.raspberryPi;
+  in [
+    "raspberry-pi-${cfg.variant}"
+    cfg.bootloader
+    config.boot.kernelPackages.kernel.version
+  ];
+
+  systemd.services.btattach = {
+    before = [ "bluetooth.service" ];
+    after = [ "dev-ttyAMA0.device" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    libraspberrypi
+    raspberrypi-eeprom
+    raspberrypifw
+    raspberrypiWirelessFirmware
+    raspberrypi-armstubs
+    vim
+  ];
+
+  users = {
+    mutableUsers = false;
+    users."${user}" = {
+      isNormalUser = true;
+      hashedPasswordFile = password;
+      extraGroups = [
+        "wheel"
+        "docker"
+      ];
+      shell = pkgs.zsh;
+    };
+  };
+}

hosts/pi4/home.nix

@@ -0,0 +1,105 @@
+{ pkgs, ... }:
+let
+  shellAliases = {
+    ll = "ls -alh";
+    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18";
+    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18";
+    update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
+    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas";
+    nas-ssh = "kitten ssh admin@10.0.1.18";
+    ducks = "du -cksh * | sort -hr | head -n 15";
+  };
+
+  gitAliases = {
+    co = "checkout";
+    ci = "commit";
+    cia = "commit --amend";
+    s = "status";
+    st = "status";
+    b = "branch";
+    p = "pull --rebase";
+    pu = "push";
+  };
+in
+{
+  home.username = "matt";
+  home.homeDirectory = "/home/matt";
+  home.stateVersion = "23.11";
+
+  sops = {
+    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+    validateSopsFiles = false;
+    secrets = {
+      "ssh-keys-public/pi4" = {
+        path = "/home/matt/.ssh/id_ed25519.pub";
+        mode = "0644";
+      };
+      "ssh-keys-private/pi4" = {
+        path = "/home/matt/.ssh/id_ed25519";
+        mode = "0600";
+      };
+      "ssh-keys-public/desktop-nixos" = {
+        path = "/home/matt/.ssh/authorized_keys";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/desktop-nixos-root" = {
+        path = "/home/matt/.ssh/authorized_keys2";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/desktop-windows" = {
+        path = "/home/matt/.ssh/authorized_keys3";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/macbook-macos" = {
+        path = "/home/matt/.ssh/authorized_keys4";
+        mode = "0600";
+      };
+    };
+  };
+
+  programs = {
+    fish.enable = false;
+    mangohud.enable = true;
+    java.enable = true;
+    home-manager.enable = true;
+
+    zsh = {
+      enable = true;
+      enableCompletion = true;
+      autosuggestion.enable = true;
+      syntaxHighlighting.enable = true;
+
+      shellAliases = shellAliases;
+
+      oh-my-zsh = {
+        enable = true;
+        plugins = [ "git" ];
+        theme = "fishy";
+      };
+    };
+    
+    git = {
+      enable = true;
+      userName = "mjallen18";
+      userEmail = "matt.l.jallen@gmail.com";
+      aliases = gitAliases;
+    };
+  };
+
+  home.packages = with pkgs; [
+    age
+    btop
+    fastfetch
+    firefox
+    home-manager
+    lm_sensors
+    mission-center
+    sops
+    tree
+    vscode
+  ];
+}

hosts/pi4/impermanence.nix

@@ -0,0 +1,36 @@
+{ ... }:
+{
+  # Set up impernance configuration for things like bluetooth
+  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
+
+  environment.persistence."/nix/persist/system" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/libvirt"
+      "/var/lib/systemd/coredump"
+      {
+        directory = "/var/lib/private";
+        mode = "u=rwx,g=,o=";
+      }
+      "/etc/NetworkManager/system-connections"
+      {
+        directory = "/etc/nix";
+        user = "root";
+        group = "root";
+        mode = "u=rwx,g=rx,o=rx";
+      }
+    ];
+#    files = [
+#      "/etc/machine-id"
+#      { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+#    ];
+  };
+
+  security.sudo.extraConfig = ''
+    # rollback results in sudo lectures after each reboot
+    Defaults lecture = never
+  '';
+
+}

hosts/pi4/networking.nix

@@ -0,0 +1,54 @@
+{ lib, config, ... }:
+let
+  hostname = "pi4";
+in
+{
+  # Networking configs
+  networking = {
+    hostName = hostname;
+
+    defaultGateway.address = "10.0.1.1";
+    nameservers = [ "10.0.1.1" ];
+
+    firewall = {
+      enable = true;
+      allowPing = true;
+    };
+
+    # Enable Network Manager
+    networkmanager = {
+      enable = lib.mkDefault true;
+      wifi.powersave = lib.mkDefault false;
+      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
+      ensureProfiles = {
+        environmentFiles = [
+          config.sops.secrets.wifi.path
+        ];
+
+        profiles = {
+          "Joey's Jungle 5G" = {
+            connection = {
+              id = "Joey's Jungle 5G";
+              type = "wifi";
+            };
+            ipv4 = {
+              method = "auto";
+            };
+            ipv6 = {
+              addr-gen-mode = "stable-privacy";
+              method = "auto";
+            };
+            wifi = {
+              mode = "infrastructure";
+              ssid = "Joey's Jungle 5G";
+            };
+            wifi-security = {
+              key-mgmt = "sae";
+              psk = "$PSK";
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/pi4/sops.nix

@@ -0,0 +1,36 @@
+{ config, ... }:
+let
+  user = "matt";
+in
+{
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+    secrets = {
+      "wifi" = { };
+      "desktop/matt_password" = {
+        neededForUsers = true;
+        mode = "0600";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+      };
+
+      # ------------------------------
+      # SSH keys
+      # ------------------------------
+      "ssh-keys-public/pi4" = {
+        mode = "0644";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+        restartUnits = [ "sshd.service" ];
+      };
+      "ssh-keys-private/pi4" = {
+        mode = "0600";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+        restartUnits = [ "sshd.service" ];
+      };
+    };
+  };
+}