pi4

2025-01-30 20:14:36 -06:00
parent 88c98a2230
commit b25fd960c6
8 changed files with 133 additions and 111 deletions
--- a/hosts/pi4/configuration.nix
+++ b/hosts/pi4/configuration.nix
@@ -2,13 +2,13 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 let
  user = "matt";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  SSID = "Joey's Jungle 5G";
-  SSIDpassword = "kR8v&3Qd";
+  SSIDpassword = config.sops.templates."wifi-password".content;
  interface = "wlan0";
  timezone = "America/Chicago";
  hostname = "pi4";
@@ -17,6 +17,8 @@ in
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
+    ./impermanence.nix
+    ./sops.nix
    ../default.nix
  ];

@@ -44,6 +46,17 @@ in
    #   ];
  };

+  services.xerver = {
+    enable = true;
+    desktopManager = {
+      budgie.enable = true;
+    };
+    displayManager = {
+      lightdm.enable = true;
+      lightdm.defaultSession = "budgie-desktop";
+    };
+  };
+
  # hardware = {
  #   raspberry-pi."4".fkms-3d.enable = true;
  #   raspberry-pi."4".apply-overlays-dtmerge.enable = true;
@@ -58,8 +71,6 @@ in
  # Set your time zone.
  time.timeZone = timezone;

-  sound.enable = true;
-
  networking = {
    hostName = hostname;
    wireless = {
@@ -82,6 +93,9 @@ in
    vim
    libraspberrypi
    raspberrypi-eeprom
+    raspberrypifw
+    raspberrypiWirelessFirmware
+    raspberrypi-armstubs
    htop
    git
  ];
--- a/hosts/pi4/home.nix
+++ b/hosts/pi4/home.nix
@@ -1,4 +1,25 @@
 { ... }:
+let
+  shellAliases = {
+    ll = "ls -alh";
+    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18";
+    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18";
+    update-flake = "sudo nix flake update ~/nix-config";
+    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas";
+    nas-ssh = "kitten ssh admin@10.0.1.18";
+  };
+
+  gitAliases = {
+    co = "checkout";
+    ci = "commit";
+    cia = "commit --amend";
+    s = "status";
+    st = "status";
+    b = "branch";
+    p = "pull --rebase";
+    pu = "push";
+  };
+in
 {

  home.username = "matt";
@@ -8,6 +29,7 @@

  programs = {
    fish.enable = false;
+    mangohud.enable = true;
    java.enable = true;

    zsh = {
@@ -16,12 +38,7 @@
      autosuggestion.enable = true;
      syntaxHighlighting.enable = true;

-      shellAliases = {
-        ll = "ls -alh";
-        update = "sudo nixos-rebuild switch";
-        nas-update = "nixos-rebuild switch --use-remote-sudo --target-host admin@jallen-nas.local --build-host localhost --flake ~/nix-config/flake.nix#jallen-nas";
-        nas-ssh = "ssh admin@jallen-nas.local";
-      };
+      shellAliases = shellAliases;

      oh-my-zsh = {
        enable = true;
@@ -35,16 +52,7 @@
    enable = true;
    userName = "mjallen18";
    userEmail = "matt.l.jallen@gmail.com";
-    aliases = {
-      co = "checkout";
-      ci = "commit";
-      cia = "commit --amend";
-      s = "status";
-      st = "status";
-      b = "branch";
-      # p = "pull --rebase";
-      pu = "push";
-    };
+    aliases = gitAliases;
  };

  programs.command-not-found.enable = true;
--- a/hosts/pi4/impermenance.nix
+++ b/hosts/pi4/impermenance.nix
@@ -0,0 +1,31 @@
+{ ... }:
+{
+  # Set up impernance configuration for things like bluetooth
+  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
+
+  environment.persistence."/nix/persist/system" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/libvirt"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      {
+        directory = "/etc/nix";
+        user = "root";
+        group = "root";
+        mode = "u=rwx,g=rx,o=rx";
+      }
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+
+  security.sudo.extraConfig = ''
+    # rollback results in sudo lectures after each reboot
+    Defaults lecture = never
+  '';
+
+}
--- a/hosts/pi4/sops.nix
+++ b/hosts/pi4/sops.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  sops.secrets."wifi" = { };
+  sops.templates."wifi-password".content = ''
+    ${config.sops.secrets."wifi".path}
+  '';
+}