From 8cebea49bd7125386ec4b2c86809ad171cd9ea5d Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Sun, 11 May 2025 17:52:55 -0500 Subject: [PATCH] pi4 --- flake.lock | 425 ++++++++++++++++++++++-------------- flake.nix | 121 +++++++--- hosts/pi4/boot.nix | 52 +++++ hosts/pi4/configuration.nix | 87 ++++++++ hosts/pi4/home.nix | 105 +++++++++ hosts/pi4/impermanence.nix | 36 +++ hosts/pi4/networking.nix | 54 +++++ hosts/pi4/sops.nix | 36 +++ 8 files changed, 728 insertions(+), 188 deletions(-) create mode 100755 hosts/pi4/boot.nix create mode 100755 hosts/pi4/configuration.nix create mode 100755 hosts/pi4/home.nix create mode 100755 hosts/pi4/impermanence.nix create mode 100755 hosts/pi4/networking.nix create mode 100755 hosts/pi4/sops.nix diff --git a/flake.lock b/flake.lock index 7e3636d..66b25a7 100755 --- a/flake.lock +++ b/flake.lock @@ -1,92 +1,5 @@ { "nodes": { - "Pi5-home-manager": { - "inputs": { - "nixpkgs": [ - "Pi5-nixpkgs" - ] - }, - "locked": { - "lastModified": 1746632058, - "narHash": "sha256-Mp5Bbvb+YlFEZ76C/0wFS6C1lRfH3D60u465wFNlnS0=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "708074ae6db9e0468e4f48477f856e8c2d059795", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "Pi5-impermanence": { - "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "Pi5-nixos-hardware": { - "locked": { - "lastModified": 1746621361, - "narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, - "Pi5-nixpkgs": { - "locked": { - "lastModified": 1735563628, - "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "Pi5-sops-nix": { - "inputs": { - "nixpkgs": [ - "Pi5-nixpkgs" - ] - }, - "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, "argononed": { "flake": false, "locked": { @@ -103,6 +16,22 @@ "type": "github" } }, + "argononed_2": { + "flake": false, + "locked": { + "lastModified": 1729566243, + "narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=", + "owner": "nvmd", + "repo": "argononed", + "rev": "16dbee54d49b66d5654d228d1061246b440ef7cf", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "argononed", + "type": "github" + } + }, "authentik-src": { "flake": false, "locked": { @@ -433,22 +362,6 @@ } }, "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_6": { "flake": false, "locked": { "lastModified": 1696426674, @@ -1125,6 +1038,32 @@ "type": "github" } }, + "nixos-images_2": { + "inputs": { + "nixos-stable": [ + "pi4-nixos-raspberrypi", + "nixpkgs" + ], + "nixos-unstable": [ + "pi4-nixos-raspberrypi", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746225872, + "narHash": "sha256-ySSk4r9Mq6dO2MYaik4vTU18sA17aHTSb2LsAFXdw3E=", + "owner": "nvmd", + "repo": "nixos-images", + "rev": "33343fd9a237ed98df52e3611f833fdab729c358", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "sdimage-installer", + "repo": "nixos-images", + "type": "github" + } + }, "nixos-raspberrypi": { "inputs": { "argononed": "argononed", @@ -1241,22 +1180,6 @@ } }, "nixpkgs-stable_5": { - "locked": { - "lastModified": 1746557022, - "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_6": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -1305,6 +1228,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1745988343, + "narHash": "sha256-pC1h2+78R9cGcLFpgzFqt00V9S2OShgoQXygfb7+K3w=", + "owner": "nvmd", + "repo": "nixpkgs", + "rev": "69ab0db654ca18be1b4cc5ceddf56f1581fb7173", + "type": "github" + }, + "original": { + "owner": "nvmd", + "ref": "modules-with-keys-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1744932701, "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", @@ -1320,26 +1259,202 @@ "type": "github" } }, - "pi5-cosmic": { + "pi4-disko": { "inputs": { - "flake-compat": "flake-compat_5", "nixpkgs": [ - "Pi5-nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_5", - "rust-overlay": "rust-overlay_4" + "pi4-nixpkgs" + ] }, "locked": { - "lastModified": 1746800640, - "narHash": "sha256-JYIzK5YIuB23xhaHftCFlJgxbZQigmGR73tVsotQnxk=", - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "rev": "745255df83cd31ce7cfbb1089d4b747b9f9d7d8b", + "lastModified": 1742690494, + "narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=", + "owner": "nvmd", + "repo": "disko", + "rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b", "type": "github" }, "original": { - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", + "owner": "nvmd", + "ref": "gpt-attrs", + "repo": "disko", + "type": "github" + } + }, + "pi4-home-manager": { + "inputs": { + "nixpkgs": [ + "pi4-nixpkgs" + ] + }, + "locked": { + "lastModified": 1746981801, + "narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "pi4-impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "pi4-nixos-raspberrypi": { + "inputs": { + "argononed": "argononed_2", + "nixos-images": "nixos-images_2", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1746230872, + "narHash": "sha256-w7i0IrlgT/EIgKhu35NEPRwvN2pFqWlKAuzjjCodTyA=", + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "rev": "747b7b8b9644971755c903f4c30d854147371bd7", + "type": "github" + }, + "original": { + "owner": "nvmd", + "repo": "nixos-raspberrypi", + "type": "github" + } + }, + "pi4-nixpkgs": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pi4-sops-nix": { + "inputs": { + "nixpkgs": [ + "pi4-nixpkgs" + ] + }, + "locked": { + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "pi5-home-manager": { + "inputs": { + "nixpkgs": [ + "pi5-nixpkgs" + ] + }, + "locked": { + "lastModified": 1746981801, + "narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "pi5-impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "pi5-nixos-hardware": { + "locked": { + "lastModified": 1746814339, + "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "pi5-nixpkgs": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pi5-sops-nix": { + "inputs": { + "nixpkgs": [ + "pi5-nixpkgs" + ] + }, + "locked": { + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", "type": "github" } }, @@ -1439,7 +1554,7 @@ "steamdeck-lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_6" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1731363552, @@ -1457,11 +1572,6 @@ }, "root": { "inputs": { - "Pi5-home-manager": "Pi5-home-manager", - "Pi5-impermanence": "Pi5-impermanence", - "Pi5-nixos-hardware": "Pi5-nixos-hardware", - "Pi5-nixpkgs": "Pi5-nixpkgs", - "Pi5-sops-nix": "Pi5-sops-nix", "desktop-chaotic": "desktop-chaotic", "desktop-home-manager": "desktop-home-manager", "desktop-impermanence": "desktop-impermanence", @@ -1484,7 +1594,17 @@ "nixos-raspberrypi": "nixos-raspberrypi", "nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-unstable": "nixpkgs-unstable", - "pi5-cosmic": "pi5-cosmic", + "pi4-disko": "pi4-disko", + "pi4-home-manager": "pi4-home-manager", + "pi4-impermanence": "pi4-impermanence", + "pi4-nixos-raspberrypi": "pi4-nixos-raspberrypi", + "pi4-nixpkgs": "pi4-nixpkgs", + "pi4-sops-nix": "pi4-sops-nix", + "pi5-home-manager": "pi5-home-manager", + "pi5-impermanence": "pi5-impermanence", + "pi5-nixos-hardware": "pi5-nixos-hardware", + "pi5-nixpkgs": "pi5-nixpkgs", + "pi5-sops-nix": "pi5-sops-nix", "steamdeck-chaotic": "steamdeck-chaotic", "steamdeck-home-manager": "steamdeck-home-manager", "steamdeck-impermanence": "steamdeck-impermanence", @@ -1594,27 +1714,6 @@ } }, "rust-overlay_4": { - "inputs": { - "nixpkgs": [ - "pi5-cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746758179, - "narHash": "sha256-JECUw1YBEsTsVauvupRzE5ykZaJoyhHCpoY87ZZJGas=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "4fd00513eac6b6140c5dced3e1b8133e2369a0f8", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_5": { "inputs": { "nixpkgs": [ "steamdeck-lanzaboote", @@ -1641,7 +1740,7 @@ "flake-schemas": "flake-schemas_2", "home-manager": "home-manager_2", "jovian": "jovian_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1745232749, @@ -1717,13 +1816,13 @@ "steamdeck-lanzaboote": { "inputs": { "crane": "crane_3", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_4", "nixpkgs": [ "steamdeck-nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix_3", - "rust-overlay": "rust-overlay_5" + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1737639419, diff --git a/flake.nix b/flake.nix index c4043f3..a330b63 100755 --- a/flake.nix +++ b/flake.nix @@ -114,42 +114,71 @@ }; ##################################################### - # Pi5 # + # pi5 # ##################################################### # nixpgs - Pi5-nixpkgs = { + pi5-nixpkgs = { url = "github:NixOS/nixpkgs/nixos-24.05"; }; # Home Manager - Pi5-home-manager = { + pi5-home-manager = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "Pi5-nixpkgs"; + inputs.nixpkgs.follows = "pi5-nixpkgs"; }; # Impermenance - Pi5-impermanence = { + pi5-impermanence = { url = "github:nix-community/impermanence"; }; # Nix hardware - Pi5-nixos-hardware = { + pi5-nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; # Sops-nix - Pi5-sops-nix = { + pi5-sops-nix = { url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "Pi5-nixpkgs"; + inputs.nixpkgs.follows = "pi5-nixpkgs"; }; nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi"; - # cosmic launcher - pi5-cosmic = { - url = "github:lilyinstarlight/nixos-cosmic"; - inputs.nixpkgs.follows = "Pi5-nixpkgs"; + ##################################################### + # pi4 # + ##################################################### + + # nixpgs + pi4-nixpkgs = { + url = "github:NixOS/nixpkgs/nixos-24.05"; + }; + + # Home Manager + pi4-home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "pi4-nixpkgs"; + }; + + # Impermenance + pi4-impermanence = { + url = "github:nix-community/impermanence"; + }; + + # Sops-nix + pi4-sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "pi4-nixpkgs"; + }; + + pi4-nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi"; + + pi4-disko = { + # the fork is needed for partition attributes support + url = "github:nvmd/disko/gpt-attrs"; + # url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "pi4-nixpkgs"; }; ##################################################### @@ -256,14 +285,21 @@ nas-nixos-hardware, nas-sops-nix, - # Pi5 - Pi5-nixpkgs, - Pi5-home-manager, - Pi5-impermanence, - Pi5-nixos-hardware, - Pi5-sops-nix, + # pi5 + pi5-nixpkgs, + pi5-home-manager, + pi5-impermanence, + pi5-nixos-hardware, + pi5-sops-nix, nixos-raspberrypi, - pi5-cosmic, + + # pi4 + pi4-nixpkgs, + pi4-home-manager, + pi4-impermanence, + pi4-sops-nix, + pi4-nixos-raspberrypi, + pi4-disko, # Steamdeck steamdeck-nixpkgs, @@ -390,13 +426,13 @@ ]; }; - # Pi5 + # pi5 "pi5" = nixos-raspberrypi.lib.nixosSystem { specialArgs = inputs; system = "aarch64-linux"; modules = [ - Pi5-impermanence.nixosModules.impermanence - Pi5-sops-nix.nixosModules.sops + pi5-impermanence.nixosModules.impermanence + pi5-sops-nix.nixosModules.sops ./hosts/pi5/configuration.nix { # Hardware specific configuration, see section below for a more complete @@ -407,7 +443,7 @@ raspberry-pi-5.bluetooth ]; } - Pi5-home-manager.nixosModules.home-manager + pi5-home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -417,11 +453,46 @@ { imports = [ ./hosts/pi5/home.nix - Pi5-sops-nix.homeManagerModules.sops + pi5-sops-nix.homeManagerModules.sops + ]; + }; + } + ]; + }; + + # pi4 + "pi4" = pi4-nixos-raspberrypi.lib.nixosSystem { + specialArgs = inputs; + system = "aarch64-linux"; + modules = [ + pi4-impermanence.nixosModules.impermanence + pi4-sops-nix.nixosModules.sops + pi4-disko.nixosModules.disko + ./hosts/pi4/disko.nix + ./hosts/pi4/configuration.nix + { + # Hardware specific configuration, see section below for a more complete + # list of modules + imports = with nixos-raspberrypi.nixosModules; [ + raspberry-pi-5.base + raspberry-pi-5.display-vc4 + raspberry-pi-5.bluetooth + ]; + } + pi4-home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.users.matt = + { ... }: + { + imports = [ + ./hosts/pi4/home.nix + pi4-sops-nix.homeManagerModules.sops ]; }; } - # pi5-cosmic.nixosModules.default ]; }; diff --git a/hosts/pi4/boot.nix b/hosts/pi4/boot.nix new file mode 100755 index 0000000..35a4edf --- /dev/null +++ b/hosts/pi4/boot.nix @@ -0,0 +1,52 @@ +{ pkgs, lib, ... }: +let + kernelBundle = pkgs.linuxAndFirmware.v6_6_31; +in +{ + boot = { + loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; + kernelPackages = kernelBundle.linuxPackages_rpi4; + }; + + hardware.raspberry-pi.config = { + all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters + + options = { + # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart + # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) + # creates a serial console, accessible using GPIOs 14 and 15 (pins + # 8 and 10 on the 40-pin header) + enable_uart = { + enable = true; + value = true; + }; + # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage + # enable debug logging to the UART, also automatically enables + # UART logging in `start.elf` + uart_2ndstage = { + enable = true; + value = true; + }; + }; + + # Base DTB parameters + # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 + base-dt-params = { + + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie + pciex1 = { + enable = true; + value = "on"; + }; + # PCIe Gen 3.0 + # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 + pciex1_gen = { + enable = true; + value = "3"; + }; + + }; + + }; + }; +} diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix new file mode 100755 index 0000000..83017ba --- /dev/null +++ b/hosts/pi4/configuration.nix @@ -0,0 +1,87 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: +let + user = "matt"; + password = config.sops.secrets."jallen-nas/admin_password".path; + kernelBundle = pkgs.linuxAndFirmware.v6_6_31; +in +{ + imports = [ + ./boot.nix + ./impermanence.nix + ./networking.nix + ./sops.nix + ../default.nix + ../../modules/desktop-environments/cosmic/default.nix + ]; + + # Enable nix flakes and nix-command tools + nix = { + settings = { + substituters = [ + "https://nixos-raspberrypi.cachix.org" + ]; + trusted-public-keys = [ + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + ]; + }; + }; + + # Configure nixpkgs + nixpkgs = { + overlays = lib.mkAfter [ + (self: super: { + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # enableRedistributableFirmware is enabled + # I know no easier way to override this package + inherit (kernelBundle) raspberrypiWirelessFirmware; + # Some derivations want to use it as an input, + # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules + inherit (kernelBundle) raspberrypifw; + }) + ]; + }; + + system.nixos.tags = let + cfg = config.boot.loader.raspberryPi; + in [ + "raspberry-pi-${cfg.variant}" + cfg.bootloader + config.boot.kernelPackages.kernel.version + ]; + + systemd.services.btattach = { + before = [ "bluetooth.service" ]; + after = [ "dev-ttyAMA0.device" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; + }; + }; + + environment.systemPackages = with pkgs; [ + git + libraspberrypi + raspberrypi-eeprom + raspberrypifw + raspberrypiWirelessFirmware + raspberrypi-armstubs + vim + ]; + + users = { + mutableUsers = false; + users."${user}" = { + isNormalUser = true; + hashedPasswordFile = password; + extraGroups = [ + "wheel" + "docker" + ]; + shell = pkgs.zsh; + }; + }; +} diff --git a/hosts/pi4/home.nix b/hosts/pi4/home.nix new file mode 100755 index 0000000..a2e89a8 --- /dev/null +++ b/hosts/pi4/home.nix @@ -0,0 +1,105 @@ +{ pkgs, ... }: +let + shellAliases = { + ll = "ls -alh"; + update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18"; + update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18"; + update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos"; + update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas"; + nas-ssh = "kitten ssh admin@10.0.1.18"; + ducks = "du -cksh * | sort -hr | head -n 15"; + }; + + gitAliases = { + co = "checkout"; + ci = "commit"; + cia = "commit --amend"; + s = "status"; + st = "status"; + b = "branch"; + p = "pull --rebase"; + pu = "push"; + }; +in +{ + home.username = "matt"; + home.homeDirectory = "/home/matt"; + home.stateVersion = "23.11"; + + sops = { + age.keyFile = "/home/matt/.config/sops/age/keys.txt"; + defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + validateSopsFiles = false; + secrets = { + "ssh-keys-public/pi4" = { + path = "/home/matt/.ssh/id_ed25519.pub"; + mode = "0644"; + }; + "ssh-keys-private/pi4" = { + path = "/home/matt/.ssh/id_ed25519"; + mode = "0600"; + }; + "ssh-keys-public/desktop-nixos" = { + path = "/home/matt/.ssh/authorized_keys"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-nixos-root" = { + path = "/home/matt/.ssh/authorized_keys2"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-windows" = { + path = "/home/matt/.ssh/authorized_keys3"; + mode = "0600"; + }; + + "ssh-keys-public/macbook-macos" = { + path = "/home/matt/.ssh/authorized_keys4"; + mode = "0600"; + }; + }; + }; + + programs = { + fish.enable = false; + mangohud.enable = true; + java.enable = true; + home-manager.enable = true; + + zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + + shellAliases = shellAliases; + + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + theme = "fishy"; + }; + }; + + git = { + enable = true; + userName = "mjallen18"; + userEmail = "matt.l.jallen@gmail.com"; + aliases = gitAliases; + }; + }; + + home.packages = with pkgs; [ + age + btop + fastfetch + firefox + home-manager + lm_sensors + mission-center + sops + tree + vscode + ]; +} diff --git a/hosts/pi4/impermanence.nix b/hosts/pi4/impermanence.nix new file mode 100755 index 0000000..352c30b --- /dev/null +++ b/hosts/pi4/impermanence.nix @@ -0,0 +1,36 @@ +{ ... }: +{ + # Set up impernance configuration for things like bluetooth + # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints. + + environment.persistence."/nix/persist/system" = { + hideMounts = true; + directories = [ + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/libvirt" + "/var/lib/systemd/coredump" + { + directory = "/var/lib/private"; + mode = "u=rwx,g=,o="; + } + "/etc/NetworkManager/system-connections" + { + directory = "/etc/nix"; + user = "root"; + group = "root"; + mode = "u=rwx,g=rx,o=rx"; + } + ]; +# files = [ +# "/etc/machine-id" +# { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; } +# ]; + }; + + security.sudo.extraConfig = '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + +} diff --git a/hosts/pi4/networking.nix b/hosts/pi4/networking.nix new file mode 100755 index 0000000..f676cfc --- /dev/null +++ b/hosts/pi4/networking.nix @@ -0,0 +1,54 @@ +{ lib, config, ... }: +let + hostname = "pi4"; +in +{ + # Networking configs + networking = { + hostName = hostname; + + defaultGateway.address = "10.0.1.1"; + nameservers = [ "10.0.1.1" ]; + + firewall = { + enable = true; + allowPing = true; + }; + + # Enable Network Manager + networkmanager = { + enable = lib.mkDefault true; + wifi.powersave = lib.mkDefault false; + settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; + ensureProfiles = { + environmentFiles = [ + config.sops.secrets.wifi.path + ]; + + profiles = { + "Joey's Jungle 5G" = { + connection = { + id = "Joey's Jungle 5G"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Joey's Jungle 5G"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$PSK"; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/pi4/sops.nix b/hosts/pi4/sops.nix new file mode 100755 index 0000000..d150cfb --- /dev/null +++ b/hosts/pi4/sops.nix @@ -0,0 +1,36 @@ +{ config, ... }: +let + user = "matt"; +in +{ + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + secrets = { + "wifi" = { }; + "desktop/matt_password" = { + neededForUsers = true; + mode = "0600"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + }; + + # ------------------------------ + # SSH keys + # ------------------------------ + "ssh-keys-public/pi4" = { + mode = "0644"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "sshd.service" ]; + }; + "ssh-keys-private/pi4" = { + mode = "0600"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "sshd.service" ]; + }; + }; + }; +}