mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

idk moving stuff

Browse Source
This commit is contained in:
mjallen18
2025-05-09 15:18:30 -05:00
parent 4c29bea94d
commit b6137d4543
4 changed files with 49 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/default.nix
View File

@@ -145,6 +145,11 @@ in
enableSSHSupport = lib.mkDefault true; enableSSHSupport = lib.mkDefault true;
}; };
command-not-found.enable = lib.mkForce false; command-not-found.enable = lib.mkForce false;
nix-index = {
enable = true;
enableBashIntegration = false;
enableZshIntegration = true;
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

96
hosts/pi5/configuration.nix
View File

@@ -5,12 +5,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
user = "matt"; user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; password = config.sops.secrets."jallen-nas/admin_password".path;
SSID = "Joey's Jungle 5G";
wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path;
interface = "wlan0";
timezone = "America/Chicago";
hostname = "pi5";
kernelBundle = pkgs.linuxAndFirmware.v6_6_31; kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
in in
{ {
@@ -22,40 +17,21 @@ in
./sops.nix ./sops.nix
../default.nix ../default.nix
]; ];
networking.networkmanager.enable = true;
programs.zsh.enable = true;
# Enable nix flakes and nix-command tools # Enable nix flakes and nix-command tools
nix = { nix = {
settings = { settings = {
substituters = [ substituters = [
# "https://cache.mjallen.dev"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
]; ];
trusted-public-keys = [ trusted-public-keys = [
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = lib.mkDefault [
"root"
"@wheel"
user
]; ];
}; };
}; };
# Configure nixpkgs # Configure nixpkgs
nixpkgs = { nixpkgs = {
# Enable non free
config.allowUnfree = lib.mkForce true;
overlays = lib.mkAfter [ overlays = lib.mkAfter [
(self: super: { (self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
@@ -77,29 +53,6 @@ in
config.boot.kernelPackages.kernel.version config.boot.kernelPackages.kernel.version
]; ];
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
services.xserver = {
enable = false;
desktopManager = {
budgie.enable = false;
};
displayManager = {
lightdm.enable = false;
};
};
# Set your time zone.
time.timeZone = timezone;
systemd.services.btattach = { systemd.services.btattach = {
before = [ "bluetooth.service" ]; before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ]; after = [ "dev-ttyAMA0.device" ];
@@ -110,61 +63,20 @@ in
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop git
sops
vscode
vim
libraspberrypi libraspberrypi
raspberrypi-eeprom raspberrypi-eeprom
raspberrypifw raspberrypifw
raspberrypiWirelessFirmware raspberrypiWirelessFirmware
raspberrypi-armstubs raspberrypi-armstubs
htop vim
git
]; ];
services.openssh.enable = true;
programs.command-not-found.enable = lib.mkForce false;
programs.nix-index = {
enable = true;
enableBashIntegration = false;
enableZshIntegration = true;
};
security = {
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
users = { users = {
mutableUsers = false; mutableUsers = false;
users."${user}" = { users."${user}" = {
isNormalUser = true; isNormalUser = true;
initialHashedPassword = password; hashedPasswordFile = password;
extraGroups = [ extraGroups = [
"wheel" "wheel"
"docker" "docker"

17
hosts/pi5/home.nix
View File

@@ -4,9 +4,10 @@ let
ll = "ls -alh"; ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18"; update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18";
update-flake = "sudo nix flake update ~/nix-config"; update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas"; update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.18"; nas-ssh = "kitten ssh admin@10.0.1.18";
ducks = "du -cksh * | sort -hr | head -n 15";
}; };
gitAliases = { gitAliases = {
@@ -21,7 +22,6 @@ let
}; };
in in
{ {
home.username = "matt"; home.username = "matt";
home.homeDirectory = "/home/matt"; home.homeDirectory = "/home/matt";
home.stateVersion = "23.11"; home.stateVersion = "23.11";
@@ -89,4 +89,17 @@ in
aliases = gitAliases; aliases = gitAliases;
}; };
}; };
home.packages = with pkgs; [
age
btop
fastfetch
firefox
home-manager
lm_sensors
mission-center
sops
tree
vscode
];
} }

25
hosts/pi5/sops.nix
View File

@@ -1,4 +1,7 @@
{ ... }: { ... }:
let
user = "matt";
in
{ {
sops = { sops = {
defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFile = ../../secrets/secrets.yaml;
@@ -6,6 +9,28 @@
secrets = { secrets = {
"wifi" = { }; "wifi" = { };
"desktop/matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/pi5" = {
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/pi5" = {
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
}; };
}; };
} }