stuff

2025-09-02 19:23:08 -05:00
parent e79ae984a3
commit a6167bf31c
16 changed files with 226 additions and 508 deletions
--- a/systems/aarch64-linux/pi4/boot.nix
+++ b/systems/aarch64-linux/pi4/boot.nix
@@ -1,47 +1,12 @@
-# { pkgs, lib, ... }:
-# let
-#   uefi_pi4 = pkgs.callPackage ./pi4-uefi.nix { };
-# in
-# {
-#   boot = {
-#     loader = {
-#         systemd-boot.enable = lib.mkForce false;
-#         efi.canTouchEfiVariables = false;
-#         generic-extlinux-compatible.enable = lib.mkForce true;
-#     };
-#     plymouth.enable = false;
-#     kernelPackages = pkgs.linuxPackages_rpi4;
-#     kernelModules = [ "i2c-dev" "i2c-bcm2835" ];
-#     initrd.kernelModules = [  "i2c-dev" "i2c-bcm2835"  ];
-#   };
-#   # environment.systemPackages = [ uefi_pi4 ];
-
-#   # Copy UEFI firmware files to the boot partition
-#   # system.activationScripts.installUEFIFirmware.text = ''
-#   #   cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/
-#   # '';
-# }
 {
-  config,
  pkgs,
-  lib,
  ...
 }:
 let
  kernelBundle = pkgs.linuxAndFirmware.latest;
 in
 {
-  system.nixos.tags =
-    let
-      cfg = config.boot.loader.raspberry-pi;
-    in
-    [
-      "raspberry-pi-${cfg.variant}"
-      cfg.bootloader
-      config.boot.kernelPackages.kernel.version
-    ];
-
-  boot = lib.mkForce {
+  boot = {
    loader.raspberry-pi = {
      firmwarePackage = kernelBundle.raspberrypifw;
      variant = "4";
--- a/systems/aarch64-linux/pi4/default.nix
+++ b/systems/aarch64-linux/pi4/default.nix
@@ -10,10 +10,20 @@
  imports = [
    ./adguard.nix
    ./boot.nix
-    ./networking.nix # - moved to modules/nixos/network
    ./sops.nix
  ];

+  nixpkgs.overlays = [
+    (_self: super: {
+      # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
+      # enableRedistributableFirmware is enabled
+      inherit (super) raspberrypiWirelessFirmware;
+      # Some derivations want to use it as an input,
+      # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
+      inherit (super) raspberrypifw;
+    })
+  ];
+
  ${namespace} = {
    impermanence.enable = true;
    hardware = {
@@ -38,7 +48,7 @@
        address = "10.0.1.2/24";
        gateway = "10.0.1.1";
        dns = "1.1.1.1";
-        interface = "end0";
+        interface = "enabcm6e4ei0";
      };
      firewall = {
        enable = true;
@@ -46,16 +56,13 @@
        allowedTCPPorts = [ 53 ];
        allowedUDPPorts = [ 53 ];
      };
-      wifi = {
-        enable = true;
-        powersave = false;
+      networkmanger = {
+        profiles = {
+          "static-enabcm6e4ei0" = {
+            type = "ethernet";
+          };
+        };
      };
    };
  };
-
-  # Root user configuration - explicit to avoid conflicts with home-manager
-  users.users.root = {
-    isSystemUser = true;
-    isNormalUser = false;
-  };
 }
--- a/systems/aarch64-linux/pi5/default.nix
+++ b/systems/aarch64-linux/pi5/default.nix
@@ -30,16 +30,6 @@
    };
    network = {
      hostName = "pi5";
-      ipv4 = {
-        method = "manual";
-        gateway = "10.0.1.1";
-        dns = "10.0.1.1";
-        interface = "wlan0";
-      };
-      firewall = {
-        enable = true;
-        allowPing = true;
-      };
    };
  };
 }
--- a/systems/aarch64-linux/pi5/networking.nix
+++ b/systems/aarch64-linux/pi5/networking.nix
@@ -1,18 +0,0 @@
-{ ... }:
-let
-  hostname = "pi5";
-in
-{
-  # Networking configs
-  networking = {
-    hostName = hostname;
-
-    defaultGateway.address = "10.0.1.1";
-    nameservers = [ "10.0.1.1" ];
-
-    firewall = {
-      enable = true;
-      allowPing = true;
-    };
-  };
-}
--- a/systems/x86_64-linux/jallen-nas/default.nix
+++ b/systems/x86_64-linux/jallen-nas/default.nix
@@ -70,7 +70,29 @@
    # #                 Impermanence                  # #
    # ###################################################

-    impermanence.enable = true;
+    impermanence = {
+      enable = true;
+      extraDirectories = [
+        {
+          directory = "/var/lib/private/authentik/media";
+          user = "authentik";
+          group = "authentik";
+          mode = "u=rwx,g=,o=";
+        }
+        {
+          directory = "/var/lib/crowdsec";
+          user = "crowdsec";
+          group = "crowdsec";
+          mode = "u=rwx,g=rwx,o=rx";
+        }
+        {
+          directory = "/plugins-storage";
+          user = "traefik";
+          group = "traefik";
+          mode = "u=rwx,g=rwx,o=rx";
+        }
+      ];
+    };

    # ###################################################
    # #                  Monitoring                   # #
--- a/systems/x86_64-linux/matt-nixos/default.nix
+++ b/systems/x86_64-linux/matt-nixos/default.nix
@@ -53,16 +53,6 @@

    network = {
      hostName = "matt-nixos";
-      wifi = {
-        enable = true;
-        powersave = false;
-        profiles = {
-          "Joey's Jungle 6G" = {
-            ssid = "Joey's Jungle 6G";
-            keyMgmt = "sae";
-          };
-        };
-      };
    };
  };

--- a/systems/x86_64-linux/nuc-nixos/default.nix
+++ b/systems/x86_64-linux/nuc-nixos/default.nix
@@ -24,7 +24,16 @@
    # #                 Impermanence                  # #
    # ###################################################

-    impermanence.enable = true;
+    impermanence = {
+      enable = true;
+      extraDirectories = [
+        "/var/lib/homeassistant"
+        "/var/lib/mosquitto"
+        "/var/lib/music-assistant"
+        "/var/lib/postgresql"
+        "/var/lib/zigbee2mqtt"
+      ];
+    };

    # ###################################################
    # #                    Network                    # #
@@ -40,15 +49,6 @@
        dns = "10.0.1.1";
        interface = "wlo1";
      };
-      wifi = {
-        enable = true;
-        profiles = {
-          "Joey's Jungle 6G" = {
-            ssid = "Joey's Jungle 6G";
-            keyMgmt = "sae";
-          };
-        };
-      };
      firewall = {
        enable = true;
        allowPing = true;