pi4

2025-01-30 20:14:36 -06:00
parent 88c98a2230
commit b25fd960c6
8 changed files with 133 additions and 111 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1736445563,
-        "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=",
+        "lastModified": 1737810234,
+        "narHash": "sha256-zTS99/ZE8khNnIWFEsF21E6seR9IizGYkY19t6iK7z4=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c",
+        "rev": "1fa3cbed36fb03d2f6ceab981d083af98b5c7d0f",
        "type": "github"
      },
      "original": {
@@ -45,18 +45,12 @@
      }
    },
    "crane": {
-      "inputs": {
-        "nixpkgs": [
-          "lanzaboote",
-          "nixpkgs"
-        ]
-      },
      "locked": {
-        "lastModified": 1717535930,
-        "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=",
+        "lastModified": 1731098351,
+        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "55e7754ec31dac78980c8be45f8a28e80e370946",
+        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
        "type": "github"
      },
      "original": {
@@ -68,11 +62,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@@ -117,11 +111,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1727826117,
-        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
+        "lastModified": 1736143030,
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
        "type": "github"
      },
      "original": {
@@ -138,11 +132,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717285511,
-        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "lastModified": 1730504689,
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
        "type": "github"
      },
      "original": {
@@ -159,11 +153,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -176,24 +170,6 @@
      "inputs": {
        "systems": "systems_2"
      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_3"
-      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@@ -273,11 +249,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1736688610,
-        "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=",
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
@@ -291,7 +267,6 @@
        "crane": "crane",
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_2",
-        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
@@ -299,23 +274,23 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1718178907,
-        "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=",
+        "lastModified": 1737639419,
+        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086",
+        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "v0.4.1",
+        "ref": "v0.4.2",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "manyfold": {
      "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
@@ -452,28 +427,28 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1727825735,
-        "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
+        "lastModified": 1735774519,
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1710695816,
-        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
+        "lastModified": 1730741070,
+        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
+        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -496,11 +471,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1737632463,
-        "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=",
+        "lastModified": 1737746512,
+        "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9",
+        "rev": "825479c345a7f806485b7f00dbe3abb50641b083",
        "type": "github"
      },
      "original": {
@@ -560,11 +535,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1735164664,
-        "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=",
+        "lastModified": 1736884309,
+        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e",
+        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
        "type": "github"
      },
      "original": {
@@ -587,11 +562,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1717664902,
-        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
+        "lastModified": 1731363552,
+        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
+        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
        "type": "github"
      },
      "original": {
@@ -618,21 +593,17 @@
    },
    "rust-overlay": {
      "inputs": {
-        "flake-utils": [
-          "lanzaboote",
-          "flake-utils"
-        ],
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1717813066,
-        "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=",
+        "lastModified": 1731897198,
+        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465",
+        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
        "type": "github"
      },
      "original": {
@@ -707,21 +678,6 @@
        "type": "github"
      }
    },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@@ -37,7 +37,7 @@

    # Lanzaboote
    lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.4.1";
+      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };

--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -79,6 +79,7 @@ in
    gnomeExtensions.dash-to-dock
    gnomeExtensions.dash-to-panel
    gnomeExtensions.tiling-assistant
+    google-chrome
    goverlay
    heroic
    home-manager
@@ -106,6 +107,7 @@ in
    python312Packages.pytest-cov
    python312Packages.pyaml
    qmk
+    remmina
    smile
    sops
    spotify
--- a/hosts/pi4/configuration.nix
+++ b/hosts/pi4/configuration.nix
@@ -2,13 +2,13 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 let
  user = "matt";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  SSID = "Joey's Jungle 5G";
-  SSIDpassword = "kR8v&3Qd";
+  SSIDpassword = config.sops.templates."wifi-password".content;
  interface = "wlan0";
  timezone = "America/Chicago";
  hostname = "pi4";
@@ -17,6 +17,8 @@ in
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
+    ./impermanence.nix
+    ./sops.nix
    ../default.nix
  ];

@@ -44,6 +46,17 @@ in
    #   ];
  };

+  services.xerver = {
+    enable = true;
+    desktopManager = {
+      budgie.enable = true;
+    };
+    displayManager = {
+      lightdm.enable = true;
+      lightdm.defaultSession = "budgie-desktop";
+    };
+  };
+
  # hardware = {
  #   raspberry-pi."4".fkms-3d.enable = true;
  #   raspberry-pi."4".apply-overlays-dtmerge.enable = true;
@@ -58,8 +71,6 @@ in
  # Set your time zone.
  time.timeZone = timezone;

-  sound.enable = true;
-
  networking = {
    hostName = hostname;
    wireless = {
@@ -82,6 +93,9 @@ in
    vim
    libraspberrypi
    raspberrypi-eeprom
+    raspberrypifw
+    raspberrypiWirelessFirmware
+    raspberrypi-armstubs
    htop
    git
  ];
--- a/hosts/pi4/home.nix
+++ b/hosts/pi4/home.nix
@@ -1,4 +1,25 @@
 { ... }:
+let
+  shellAliases = {
+    ll = "ls -alh";
+    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18";
+    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18";
+    update-flake = "sudo nix flake update ~/nix-config";
+    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas";
+    nas-ssh = "kitten ssh admin@10.0.1.18";
+  };
+
+  gitAliases = {
+    co = "checkout";
+    ci = "commit";
+    cia = "commit --amend";
+    s = "status";
+    st = "status";
+    b = "branch";
+    p = "pull --rebase";
+    pu = "push";
+  };
+in
 {

  home.username = "matt";
@@ -8,6 +29,7 @@

  programs = {
    fish.enable = false;
+    mangohud.enable = true;
    java.enable = true;

    zsh = {
@@ -16,12 +38,7 @@
      autosuggestion.enable = true;
      syntaxHighlighting.enable = true;

-      shellAliases = {
-        ll = "ls -alh";
-        update = "sudo nixos-rebuild switch";
-        nas-update = "nixos-rebuild switch --use-remote-sudo --target-host admin@jallen-nas.local --build-host localhost --flake ~/nix-config/flake.nix#jallen-nas";
-        nas-ssh = "ssh admin@jallen-nas.local";
-      };
+      shellAliases = shellAliases;

      oh-my-zsh = {
        enable = true;
@@ -35,16 +52,7 @@
    enable = true;
    userName = "mjallen18";
    userEmail = "matt.l.jallen@gmail.com";
-    aliases = {
-      co = "checkout";
-      ci = "commit";
-      cia = "commit --amend";
-      s = "status";
-      st = "status";
-      b = "branch";
-      # p = "pull --rebase";
-      pu = "push";
-    };
+    aliases = gitAliases;
  };

  programs.command-not-found.enable = true;
--- a/hosts/pi4/impermenance.nix
+++ b/hosts/pi4/impermenance.nix
@@ -0,0 +1,31 @@
+{ ... }:
+{
+  # Set up impernance configuration for things like bluetooth
+  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
+
+  environment.persistence."/nix/persist/system" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/libvirt"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      {
+        directory = "/etc/nix";
+        user = "root";
+        group = "root";
+        mode = "u=rwx,g=rx,o=rx";
+      }
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+
+  security.sudo.extraConfig = ''
+    # rollback results in sudo lectures after each reboot
+    Defaults lecture = never
+  '';
+
+}
--- a/hosts/pi4/sops.nix
+++ b/hosts/pi4/sops.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  sops.secrets."wifi" = { };
+  sops.templates."wifi-password".content = ''
+    ${config.sops.secrets."wifi".path}
+  '';
+}
--- a/share/impermanence/default.nix
+++ b/share/impermanence/default.nix
@@ -9,6 +9,7 @@
      "/var/lib/bluetooth"
      "/var/lib/nixos"
      "/var/lib/libvirt"
+      "/var/lib/waydroid"
      "/var/lib/systemd/coredump"
      "/etc/NetworkManager/system-connections"
      "/etc/secureboot"