From d7958927b5435a560414cc5fdb262fca700371c4 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 19 Feb 2026 18:35:13 -0600 Subject: [PATCH] retire pi4 --- .sops.yaml | 19 -- docs/architecture.md | 1 - docs/systems/README.md | 1 - flake.nix | 9 - homes/aarch64-linux/matt@pi4/default.nix | 54 ----- homes/aarch64-linux/root@pi4/default.nix | 18 -- modules/nixos/services/attic/default.nix | 4 - packages/uboot/default.nix | 263 ----------------------- packages/uboot/python.nix | 160 -------------- packages/uboot/version.json | 13 -- secrets/pi4-secrets.yaml | 181 ---------------- systems/aarch64-linux/pi4/adguard.nix | 58 ----- systems/aarch64-linux/pi4/boot.nix | 82 ------- systems/aarch64-linux/pi4/default.nix | 105 --------- systems/aarch64-linux/pi4/networking.nix | 72 ------- systems/aarch64-linux/pi4/sops.nix | 55 ----- 16 files changed, 1095 deletions(-) delete mode 100755 homes/aarch64-linux/matt@pi4/default.nix delete mode 100644 homes/aarch64-linux/root@pi4/default.nix delete mode 100644 packages/uboot/default.nix delete mode 100644 packages/uboot/python.nix delete mode 100644 packages/uboot/version.json delete mode 100644 secrets/pi4-secrets.yaml delete mode 100644 systems/aarch64-linux/pi4/adguard.nix delete mode 100755 systems/aarch64-linux/pi4/boot.nix delete mode 100755 systems/aarch64-linux/pi4/default.nix delete mode 100755 systems/aarch64-linux/pi4/networking.nix delete mode 100755 systems/aarch64-linux/pi4/sops.nix diff --git a/.sops.yaml b/.sops.yaml index 1bd0855..cdc7e1b 100755 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,12 +2,10 @@ keys: - &matt-pgp CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 - &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 - - &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u - &matt_pi5 age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l - &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf - &admin age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs - &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt - - &pi4 age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje - &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg - &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 @@ -24,12 +22,10 @@ creation_rules: - *matt-pgp age: - *matt - - *matt_pi4 - *matt_pi5 - *desktop - *admin - *jallen-nas - - *pi4 - *pi5 - *deck - *steamdeck @@ -70,29 +66,14 @@ creation_rules: - *jallen-nas - *matt_allyx - *allyx - - path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *matt-pgp - age: - - *matt - - *matt_pi4 - - *matt_pi5 - - *desktop - - *pi4 - - *pi5 - - *admin - - *jallen-nas - path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *matt-pgp age: - *matt - - *matt_pi4 - *matt_pi5 - *desktop - - *pi4 - *pi5 - *admin - *jallen-nas diff --git a/docs/architecture.md b/docs/architecture.md index 4ac3457..ffc3450 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -36,7 +36,6 @@ This NixOS configuration repository is built using [Nix Flakes](https://nixos.wi ├── jallen-nas/ # NAS server configuration ├── matt-nixos/ # Desktop configuration ├── nuc-nixos/ # NUC configuration - ├── pi4/ # Raspberry Pi 4 configuration └── ... # Other system configurations ``` diff --git a/docs/systems/README.md b/docs/systems/README.md index 560e272..19abbec 100644 --- a/docs/systems/README.md +++ b/docs/systems/README.md @@ -7,7 +7,6 @@ This directory contains documentation for each system configuration in this repo - [Desktop (matt-nixos)](./matt-nixos.md) - Main desktop computer - [NAS (jallen-nas)](./jallen-nas.md) - Home server and NAS - [NUC (nuc-nixos)](./nuc-nixos.md) - Intel NUC -- [Raspberry Pi 4](./pi4.md) - Raspberry Pi 4 - [Raspberry Pi 5](./pi5.md) - Raspberry Pi 5 - [MacBook Pro (nixOS)](./macbook-pro-nixos.md) - MacBook Pro running NixOS diff --git a/flake.nix b/flake.nix index 8d0e269..83feadf 100644 --- a/flake.nix +++ b/flake.nix @@ -199,15 +199,6 @@ ]; }; - # ###################################################### - # Pi4 # - # ###################################################### - pi4 = { - modules = with inputs; [ - disko.nixosModules.disko - ]; - }; - # ###################################################### # Pi5 # # ###################################################### diff --git a/homes/aarch64-linux/matt@pi4/default.nix b/homes/aarch64-linux/matt@pi4/default.nix deleted file mode 100755 index f5b15b3..0000000 --- a/homes/aarch64-linux/matt@pi4/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ lib, namespace, ... }: -let - inherit (lib.${namespace}) enabled disabled; -in -{ - home.username = "matt"; - - sops = { - age.keyFile = "/home/matt/.config/sops/age/keys.txt"; - defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; - validateSopsFiles = false; - secrets = { - "ssh-keys-public/pi4" = { - path = "/home/matt/.ssh/id_ed25519.pub"; - mode = "0644"; - }; - "ssh-keys-private/pi4" = { - path = "/home/matt/.ssh/id_ed25519"; - mode = "0600"; - }; - # "ssh-keys-public/desktop-nixos" = { - # path = "/home/matt/.ssh/authorized_keys"; - # mode = "0600"; - # }; - - # "ssh-keys-public/desktop-nixos-root" = { - # path = "/home/matt/.ssh/authorized_keys2"; - # mode = "0600"; - # }; - - # "ssh-keys-public/desktop-windows" = { - # path = "/home/matt/.ssh/authorized_keys3"; - # mode = "0600"; - # }; - - # "ssh-keys-public/macbook-macos" = { - # path = "/home/matt/.ssh/authorized_keys4"; - # mode = "0600"; - # }; - }; - }; - - programs = { - mangohud = lib.mkForce enabled; - }; - - services = { - nextcloud-client = lib.mkForce disabled; - kdeconnect = { - enable = false; - indicator = false; - }; - }; -} diff --git a/homes/aarch64-linux/root@pi4/default.nix b/homes/aarch64-linux/root@pi4/default.nix deleted file mode 100644 index 281b2f1..0000000 --- a/homes/aarch64-linux/root@pi4/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - namespace, - ... -}: -let - inherit (lib.${namespace}) disabled; -in -{ - home.username = "root"; - services = { - nextcloud-client = lib.mkForce disabled; - kdeconnect = { - enable = false; - indicator = false; - }; - }; -} diff --git a/modules/nixos/services/attic/default.nix b/modules/nixos/services/attic/default.nix index cbf673e..a5b147d 100644 --- a/modules/nixos/services/attic/default.nix +++ b/modules/nixos/services/attic/default.nix @@ -107,10 +107,6 @@ let echo "steamdeck built successfully at $(date)" fi; - if nh os build --hostname=pi4 --out-link=result-pi4; then - echo "pi4 built successfully at $(date)" - fi; - if nh os build --hostname=pi5 --out-link=result-pi5; then echo "pi5 built successfully at $(date)" fi; diff --git a/packages/uboot/default.nix b/packages/uboot/default.nix deleted file mode 100644 index 6f4be09..0000000 --- a/packages/uboot/default.nix +++ /dev/null @@ -1,263 +0,0 @@ -{ - lib, - bc, - bison, - flex, - gnutls, - installShellFiles, - libuuid, - ncurses, - openssl, - swig, - which, - python3, - perl, - buildPackages, - callPackages, - darwin, - namespace, -}@pkgs: - -let - inherit (lib.trivial) importJSON; - inherit (lib.${namespace}) selectVariant mkAllSources; - - versionSpec = importJSON ./version.json; - selected = selectVariant versionSpec null null; - sources = mkAllSources selected; - - defaultVersion = selected.variables.version; - defaultSrc = sources.uboot; - - # Dependencies for the tools need to be included as either native or cross, - # depending on which we're building - toolsDeps = [ - ncurses # tools/kwboot - libuuid # tools/mkeficapsule - gnutls # tools/mkeficapsule - openssl # tools/mkimage and tools/env/fw_printenv - ]; - - buildUBoot = lib.makeOverridable ( - { - version ? null, - src ? null, - filesToInstall, - pythonScriptsToInstall ? { }, - installDir ? "$out", - defconfig, - extraPatches ? [ ], - extraMakeFlags ? [ ], - extraMeta ? { }, - crossTools ? false, - stdenv ? pkgs.stdenv, - ... - }@args: - stdenv.mkDerivation ( - { - pname = "uboot-${defconfig}"; - - version = if src == null then defaultVersion else version; - - src = if src == null then defaultSrc else src; - - patches = extraPatches; - - postPatch = '' - ${lib.concatMapStrings (script: '' - substituteInPlace ${script} \ - --replace "#!/usr/bin/env python3" "#!${pythonScriptsToInstall.${script}}/bin/python3" - '') (builtins.attrNames pythonScriptsToInstall)} - patchShebangs tools - patchShebangs scripts - ''; - - nativeBuildInputs = [ - ncurses # tools/kwboot - bc - bison - flex - installShellFiles - (buildPackages.python3.withPackages (p: [ - p.libfdt - p.setuptools # for pkg_resources - p.pyelftools - ])) - swig - which # for scripts/dtc-version.sh - perl # for oid build (secureboot) - ] - ++ lib.optionals (!crossTools) toolsDeps - ++ lib.optionals stdenv.buildPlatform.isDarwin [ darwin.DarwinTools ]; # sw_vers command is needed on darwin - depsBuildBuild = [ buildPackages.gccStdenv.cc ]; # gccStdenv is needed for Darwin buildPlatform - buildInputs = lib.optionals crossTools toolsDeps; - - hardeningDisable = [ "all" ]; - - enableParallelBuilding = true; - - makeFlags = [ - "DTC=${lib.getExe buildPackages.dtc}" - "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - "HOSTCFLAGS=-fcommon" - ] - ++ extraMakeFlags; - - passAsFile = [ "extraConfig" ]; - - configurePhase = '' - runHook preConfigure - - make -j$NIX_BUILD_CORES ${defconfig} - - cat $extraConfigPath >> .config - - runHook postConfigure - ''; - - installPhase = '' - runHook preInstall - - mkdir -p ${installDir} - cp ${ - lib.concatStringsSep " " (filesToInstall ++ builtins.attrNames pythonScriptsToInstall) - } ${installDir} - - mkdir -p "$out/nix-support" - ${lib.concatMapStrings (file: '' - echo "file binary-dist ${installDir}/${baseNameOf file}" >> "$out/nix-support/hydra-build-products" - '') (filesToInstall ++ builtins.attrNames pythonScriptsToInstall)} - - runHook postInstall - ''; - - dontStrip = true; - - meta = - with lib; - { - homepage = "https://www.denx.de/wiki/U-Boot/"; - description = "Boot loader for embedded systems"; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ - dezgeg - lopsided98 - ]; - } - // extraMeta; - } - // removeAttrs args [ - "extraMeta" - "pythonScriptsToInstall" - ] - ) - ); -in -{ - inherit buildUBoot; - - ubootTools = buildUBoot { - defconfig = "tools-only_defconfig"; - installDir = "$out/bin"; - hardeningDisable = [ ]; - dontStrip = false; - extraMeta.platforms = lib.platforms.linux; - - crossTools = true; - extraMakeFlags = [ - "HOST_TOOLS_ALL=y" - "NO_SDL=1" - "cross_tools" - "envtools" - ]; - - outputs = [ - "out" - "man" - ]; - - postInstall = '' - installManPage doc/*.1 - - # from u-boot's tools/env/README: - # "You should then create a symlink from fw_setenv to fw_printenv. They - # use the same program and its function depends on its basename." - ln -s $out/bin/fw_printenv $out/bin/fw_setenv - ''; - - filesToInstall = [ - "tools/dumpimage" - "tools/fdt_add_pubkey" - "tools/fdtgrep" - "tools/kwboot" - "tools/mkeficapsule" - "tools/mkenvimage" - "tools/mkimage" - "tools/env/fw_printenv" - "tools/mkeficapsule" - ]; - - pythonScriptsToInstall = { - "tools/efivar.py" = (python3.withPackages (ps: [ ps.pyopenssl ])); - }; - }; - - ubootPythonTools = lib.recurseIntoAttrs (callPackages ./python.nix { }); - - ubootQemuAarch64 = buildUBoot { - defconfig = "qemu_arm64_defconfig"; - extraMeta.platforms = [ "aarch64-linux" ]; - filesToInstall = [ "u-boot.bin" ]; - }; - - ubootQemuArm = buildUBoot { - defconfig = "qemu_arm_defconfig"; - extraMeta.platforms = [ "armv7l-linux" ]; - filesToInstall = [ "u-boot.bin" ]; - }; - - ubootQemuRiscv64Smode = buildUBoot { - defconfig = "qemu-riscv64_smode_defconfig"; - extraMeta.platforms = [ "riscv64-linux" ]; - filesToInstall = [ "u-boot.bin" ]; - }; - - ubootQemuX86 = buildUBoot { - defconfig = "qemu-x86_defconfig"; - extraConfig = '' - CONFIG_USB_UHCI_HCD=y - CONFIG_USB_EHCI_HCD=y - CONFIG_USB_EHCI_GENERIC=y - CONFIG_USB_XHCI_HCD=y - ''; - extraMeta.platforms = [ - "i686-linux" - "x86_64-linux" - ]; - filesToInstall = [ "u-boot.rom" ]; - }; - - ubootQemuX86_64 = buildUBoot { - defconfig = "qemu-x86_64_defconfig"; - extraConfig = '' - CONFIG_USB_UHCI_HCD=y - CONFIG_USB_EHCI_HCD=y - CONFIG_USB_EHCI_GENERIC=y - CONFIG_USB_XHCI_HCD=y - ''; - extraMeta.platforms = [ "x86_64-linux" ]; - filesToInstall = [ "u-boot.rom" ]; - }; - - ubootRaspberryPi4 = buildUBoot { - defconfig = "rpi_4_defconfig"; - extraMeta.platforms = [ "aarch64-linux" ]; - filesToInstall = [ "u-boot.bin" ]; - }; - - ubootRaspberryPi5 = buildUBoot { - defconfig = "rpi_arm64_defconfig"; - extraMeta.platforms = [ "aarch64-linux" ]; - filesToInstall = [ "u-boot.bin" ]; - }; -} diff --git a/packages/uboot/python.nix b/packages/uboot/python.nix deleted file mode 100644 index dc81ec0..0000000 --- a/packages/uboot/python.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ - lib, - python3Packages, - fetchPypi, - makeWrapper, - - armTrustedFirmwareTools, - bzip2, - cbfstool, - gzip, - lz4, - lzop, - openssl, - ubootTools, - vboot-utils, - xilinx-bootgen, - xz, - zstd, -}: - -let - # We are fetching from PyPI because the code in the repository seems to be - # lagging behind the PyPI releases somehow... - version = "0.0.7"; -in -rec { - - u_boot_pylib = python3Packages.buildPythonPackage rec { - pname = "u_boot_pylib"; - inherit version; - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-A5r20Y8mgxhOhaKMpd5MJN5ubzPbkodAO0Tr0RN1SRA="; - }; - - build-system = with python3Packages; [ - setuptools - ]; - - checkPhase = '' - ${python3Packages.python.interpreter} "src/$pname/__main__.py" - # There are some tests in other files, but they are broken - ''; - - pythonImportsCheck = [ "u_boot_pylib" ]; - }; - - dtoc = python3Packages.buildPythonPackage rec { - pname = "dtoc"; - inherit version; - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-NA96CznIxjqpw2Ik8AJpJkJ/ei+kQTCUExwFgssV+CM="; - }; - - build-system = with python3Packages; [ - setuptools - ]; - - dependencies = - (with python3Packages; [ - libfdt - ]) - ++ [ - u_boot_pylib - ]; - - pythonImportsCheck = [ "dtoc" ]; - }; - - binman = - let - btools = [ - armTrustedFirmwareTools - bzip2 - cbfstool - # TODO: cst - gzip - lz4 - # TODO: lzma_alone - lzop - openssl - ubootTools - vboot-utils - xilinx-bootgen - xz - zstd - ]; - in - python3Packages.buildPythonApplication rec { - pname = "binary_manager"; - inherit version; - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-llEBBhUoW5jTEQeoaTCjZN8y6Kj+PGNUSB3cKpgD06w="; - }; - - patches = [ - ./binman-resources.patch - ]; - patchFlags = [ - "-p2" - "-d" - "src" - ]; - - build-system = with python3Packages; [ - setuptools - ]; - - nativeBuildInputs = [ makeWrapper ]; - - dependencies = - (with python3Packages; [ - jsonschema - pycryptodomex - pyelftools - yamllint - ]) - ++ [ - dtoc - u_boot_pylib - ]; - - preFixup = '' - wrapProgram "$out/bin/binman" --prefix PATH : "${lib.makeBinPath btools}" - ''; - }; - - patman = python3Packages.buildPythonApplication rec { - pname = "patch_manager"; - inherit version; - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-zD9e87fpWKynpUcfxobbdk6wbM6Ja3f8hEVHS7DGIKQ="; - }; - - build-system = with python3Packages; [ - setuptools - ]; - - dependencies = - (with python3Packages; [ - aiohttp - pygit2 - ]) - ++ [ - u_boot_pylib - ]; - }; - -} diff --git a/packages/uboot/version.json b/packages/uboot/version.json deleted file mode 100644 index 5a313a0..0000000 --- a/packages/uboot/version.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "schemaVersion": 1, - "variables": { - "version": "2025.07" - }, - "sources": { - "uboot": { - "fetcher": "url", - "urlTemplate": "https://ftp.denx.de/pub/u-boot/u-boot-${version}.tar.bz2", - "hash": "sha256-D5M/bFpCaJW/MG6T5qxTxghw5LVM2lbZUhG+yZ5jvsc=" - } - } -} diff --git a/secrets/pi4-secrets.yaml b/secrets/pi4-secrets.yaml deleted file mode 100644 index b425582..0000000 --- a/secrets/pi4-secrets.yaml +++ /dev/null @@ -1,181 +0,0 @@ -pi4: - matt-password: ENC[AES256_GCM,data:2gQOr6LlHNAL0CBk12R8lu1pgMLWc017k7M4xDNSpOM1iqEnoODSeFa2JhjJqf2st3kaJuDVucmiPgBcW51Hm1k+z15Rokz78Q==,iv:pcBy2UWjSEiPIcLayi4wWw2jRB7rdxYUqnVxt3DHKKc=,tag:wSOEVbjDEpUYjrZFe484hQ==,type:str] - sys-public-key: ENC[AES256_GCM,data:4m0G3buO6ao+hzpEQ5pFAjqrd9DjLE+ld+N3KT4mYdRfUD/SfcIrpP0ML8c4Omx34J9xPIxBJPAeJp1CNdvMfG4OZ56AB0p+bHVTS3W5GUx+eIeiDsoGQbM=,iv:kU0O88hShlik8xNnk0j2Qbkv+5KNCk03w66stkSlOJs=,tag:pg6SiaH1Mb3my+U8aqE4Lw==,type:str] - sys-priv-key: ENC[AES256_GCM,data:f/gszWqZ62i7SPCs3Jo1KcGrLyW5tk649XyiNEQcWwO6egE725s2PYM4bCkfKcKbyaXduN/L1F4Yos7etfJzmwo0LcW5DnmO0bOizWbSrxF5VYfeVGYeGzvGFOmrQwHPIQRdWrw62YKt1LG0W2boSJ44MDJD8P/po9zwbtiLYat9cLrEFUpWydvZ+i+Ua24fr8NQTD5jRfV7xDhy83gj4X0PDfa9I+PzHpiY9GZFEPJlcxdwRbm2fjc0+7pemJG1hwb/mwLYl5nTfsNPfO4oDJNPDAsUUGL1jYYSSwYZT0HDOVP2ToWXc06B4vIxxacjyZN6my7Sfn5uQkdavhNYUgsyOMV0Dhhow5MD8Mt1w6xv7jODlzK4mb84tU3qWHRRfcmrXDz9ZiQ2YBnhH7vUgcx1J70HwtttR3i0FWFVT92RvO5i83SNZtAgMwvsaIANHCnnhG+ZMnaIURzMAsZAqo2HpRQ18C3X+UKLyvs+scIAjaW1XYDCOR5OdT1CXAv2jWm7Dl9L0QkTysdZ+G5/,iv:hzbJ8cfdpiyXAjSRWxyNHqsq8D2LNNUP8nNvRswJzNw=,tag:ubJiNhOKz7g2hhAsj9JJYw==,type:str] - nebula: - ca-cert: ENC[AES256_GCM,data:FDlXjLyMcKdwXVSP+boKAjNprWDYkKsdmdA7RHK9/+Pa8gUpmhqJKRuJp0ta2T6KTCGdh+cRFBPy0PgME7wkjY5ygjiGJV5ixGIN8x+JkfP+1Moi5GZlYK27JTGoX5I+9bRmSWN9mjoGqby4ms+x/gh2S8OBTpOMWCUhDOjtShr7YEJ57Q4z2stxv+IXxIKkfFAtnpb0a0QdFJZP2/2D5KligoXEL410FGhigHJ1dOLIoXYtqXDtUVMxoouzLf4lrnWCljVYr2OeI39wRPLHOkE+MnhYIHTzre8M9urchCHVTN//tQBWaeeia/lI7rGbduk6vqHZo7fXku1D1A==,iv:3lwMkR9AB7wWxXqW5HTaDFTI+vB4ebSdR1Yg3an89qE=,tag:vLn+lrHa2yLg5KSzW8HUKw==,type:str] - ca-key: ENC[AES256_GCM,data:vKbPalJqrqS2uNiykKMvAZOSUYPZqEovo7xCO80RPqNhoUKQ9snpfsggWTMhk5U5tWWu9aUSBJn7XGXB7aRLuGXCpqtR+N7Rtz+2Ec2BNb9ETnI2AI8/BsTkZe5P2U2cn2va1hXPTPN1xWW7n11DLAqnQTBGizOVNH4mTXktW2JS37k+X1C57CazQoc90iNbOJqPlHI0QjHdhcH8yO7DOnY8f9LdHvBPh6ANfUt4,iv:qtyDl3TfNgwDvTY+H+hJuNEj5g1+01MXixZG9dGJyys=,tag:pyeNhIiiKOilhNEIaJ/abg==,type:str] - lighthouse-cert: ENC[AES256_GCM,data:EJq8S1vI/SZ8A5MzSdMcuvvSZADuzB7CwPa5dsSUvqSeBkapHbCkJiki885D0TpXfc8SxDDZCMUvv4cAHbH2ZlKhuOB8klT4tm1fP3p/P10WrV8SPje87XZ870mtH8bdoVLrdPHjvmotBkXCskTeSDcDlgS4+fMUrxO8gB5O/HIx1tFn5eDoUtdOAlqYAGDiZALGbI2c3Acwtl5pzI39iHtag7YmAEEUQSY1732e/G79wWd4iaOpKZDo7Uig+PIIpymYZgweNtYNGRl7+xKZsJcB21gVnpofUIm6QDwhg1XJ79WIOacBL3d1IKrdipj7uBMd9HbIhlfioOl1noyqICdg8IjlMgSX2FVDu75gMQu+WpuFhaJn1lcnO1na3UoLfz16bX+7T8fuFWhONAxwKmI7V6nQfmplBsE=,iv:hHsCuoBL9bDnDSlooEJDVFYo8pn38eT+p2bQ6EbJwhI=,tag:/7jZvWvcgcPcQp/HrFY8HA==,type:str] - lighthouse-key: ENC[AES256_GCM,data:BsGgTwdse1aBdZGYUWdNTbn1+tw/gnj+hvxGbaK6hZLoL3Pp0ytGbwt9QcyXUrqJd8SDByhEQM1ZdZQt9PYnA7Urs6RFFyw+nFJCClC8RJ4ncpkOcElu8yRcUZdlQtpRQK3+db6E7/15hzJTEufLf+CUO1Bg8UfDuJQRb5ur4Q==,iv:2/o63fIvyvqb0UdubUI7wyTm7a/hYWl9kQzOoO3IDFg=,tag:E9Fl4HGkTQFrqmOuQLWHzg==,type:str] -sops: - shamir_threshold: 1 - age: - - recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NlFoc2hlSEtzQXlxRkdz - YXU0SFZoT0QzbDJ0cGhZVTBGZVJMYkF0ZkhJCkxkVFJueEx6S1VlQUJseWxnQlZH - aTVrbVRyUjNPMkp6dXJGS3lLWnBVV3MKLS0tIHhUYjE1NjdHRHBTMGd1UVZUQy9S - a1Z6U3VPQ3daOVBIZ1M0UHo3VGV4QXMKoyOfYaPQOgdFDPthdnsSu/d3fv+KdY/D - KxZmSd8V4ECgcwhI39d/SRbs1ipcr9915lKT31c3MFqGNXrN1kpxnQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSExvRGwwT1dobmt0R250 - R0JPc3lxRFVON2xIK1ViTjg3WW5JdStBbkdRCmdTc1NOTDY4c3hVMWtNVE1ERThr - K2hWeE1uRHFsdXI3Uzh4S3JwY1Buc0kKLS0tICtUSWovZWZLdHk0cjVJSktCbW1s - djBhblNsQUtINmxRc0VRbDlIYUJwWkEKZavXvFPT9pzaMEuH+Dl5NNlerG8PQoFa - zlbwXbRj2nqlQ/fxmPhsaak9QXOHa13mzpnQp6gZIBf75g7ip14XNQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTOTlocHFoZHoyN0s4Q0tV - Z2ZQdzlzMGpWZnBpaTRVNGljNjNVamxFc0Y4ClM2ZWVTOTFHNnM1ajdJcGpSN2dv - TDVTTWNZUjZqbStMTzFROS8rN1B6NDgKLS0tIHZVZmlMTHpQOWFqbEoxMkd5UGJC - OXlOMVMrcmh5SEViUkhMSUROOGI3a1UKXsXMhwbxySqr5yawE47OyzJtMeICZXgT - S8l7/3dFybBZ5AkDRY+81ubJO893/wGDfgYjJn+L1uAw+FM+FqU7Ng== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWVpXakFuL2QwbjdvY3hG - NDlXcjlFOGtRMWVXQ2NwSXBXNU5LWU8wZFJZCmlrWlM0UzdRQk5IaXRKNkQ5N2NY - YytnVkpFRi9icnRWRHo1N093R0YvZXMKLS0tIGovMEsrYzlNN1c2UEhEZUZWTSt6 - YjI2UXJ5UzhiSVp6Q01aVHRUOFBTZm8KGVSZPOEpUsw3U3nL51F1lH5uXpknRDqN - OhaRmuoW+XosHMOuJ3ZBMp3tLoxYEg6kZ+nQJp9oiGfl01UaFqdQHA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR3ZzU2lQZldqZ2Nkd0dm - dTd1eGZrZEFSOTJLTXpzSG9xWjgrWHJza1JJCmd4QWlyUjVGV04wd1dveUkvWU1t - ZjRzQUk0eGJxd0FSaDFpLzVHYTBMWDQKLS0tIEppbW1nUm9nWkdlQXg1M2FYb1hD - eTl0cG8vUlJHYUJFQjNvb2tuZEt1NGMK2ZKzwoUwTHKixc8XfUg6pv23m5ZqjPgZ - Y/1Z4RyL2OwNQRxeqiOY7p9LrGmPgszMuAlFQb/r/BlAgaEkNLl0fw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bGs0ZnJwMUVCa0R5TWFU - OW5odnNvcWc5V2FrTGVkR2o5Vy9UTnQ0SFgwCk14TXJmL0djcTBzQlVaUDJJTzFY - RFhMNzhPakJyNmtTeUhiMkNaUkFSQ1EKLS0tIFVLNTJiNy9wMDd5RmdrRnZQM0l3 - UmJ5eXdmVFJrTVd0cmE0aitITC81Z3cKtWRvDiKJUserIJWVhD4+nnpckVexdkaq - GkJJPRiKmxP7LtO0vJV8m7xKV33frSNk5772H5mnJu/STdultvwd8Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUmgyMyt4TG04bjlzV1BJ - MENrV3Nmb1dhY2t0a3dBRnFJZzRudDNlalVZCmdzOUo0UEJ4QmFBNXA4aUlkY1do - QWhMR29sUnhuZlprb3NCbEhhMnd2RDAKLS0tIGFCUk5DS0M2dk9LNWlpenpXQk8r - SFZUYXpsbENkS014Tks3ZWJPNCtDb2sK8CtjOC4EnBgd8xSc6GwGtXnoGX/Wf1s2 - r1L97kqmMRD7Npwhs2gT+5kilEJBpIT+djfsc0KlezONOTVKJiiT0A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeXY0ZmRQL3E3enVQMHFh - Wk1scFpoeFhwMG9iQmFMTklWMzhWM1Z5MFIwCnJJTG44NVMrZXVuVEtXRThxMy8v - VTM3U1dCRnFZOW15aHZoemh6YitRODgKLS0tIEVQaHlPankzNHJORHhyUnplSnRw - QmZESkVxSlZ1aUMrTUhZRFV6bjZXVXMK6n1TE1RTHxlqV198Hf+GjSMeSCXsEDpm - 1LVqSF1t7hQzXAf6M1hncKWmmvf8QZDzFPQsc1Rmoo0JRAeL1CUlYw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBia1lDOEFIYXRxbk1yaHVG - NHNrN016UnVyUEx5YXdwWXRuUVJ2VkdzT1FFCm52dFlNYkp4M0YvRUQxZU1UTzBx - SnBZdVZGZlIvaUZIQzBxY0NuY3dtYWsKLS0tIDFvTVJBNlpmZ2ZkOTM1bVFHcGRi - VFB3aTlNUFlOUC9TZmVJSGdlTU9UVFkKdL3zout9Xl/tYCdkGmO3rUxPXF3XhchR - cTvSkyqOLcfno4AwB4nC18pGfhxYh0O1AsJrfUYfZUDm4AydqC6RIg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbnZvK3VyYjdiQ2VFekZF - aXpSbCsrZEFqSmdkV1c2OFZJdkpseEFSOWpFCkpTS2dVYjFiNENDQnFjTEtUK010 - Wk1kVndqZldhWlVVV2gyRkdUY0dxMEkKLS0tIDcvVkI3OUJXZnBvUC9xTmxzdHFP - cHEwL1oyRUl3blYrKzZaaE5zME8xU1UKhPCOFlYU6SuDe5riehIIuMhUB/KSSyD7 - YZ+CqCBVFECF1vhfgvPj432Aqdd0yS6M/9r1Bqt+fcj+fRz2bGXapw== - -----END AGE ENCRYPTED FILE----- - - recipient: age12gu9hqhd56yl5x3t5yenkn9yg57du08h77vzjqsmnu5hdppne38qcur5a0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRm1IMjJXcmh0cnVwOFlY - MUV0d3dNYjVqSkNqZjNqdHprc04zbGViRDI0CklVVklkV0owUUFJVXNqc09tbFpn - azA1M3R2eUlJVVBaUGFhZDJoLy9rTEUKLS0tIDI4S1pZSUZ3Q0ZPOVV3T0FJQ3NZ - UFhFR3R4emR0UHpFalJ0b1dwZmhRYUEKn849C7Xp1uDeAZRNXqF/WxSx+y204U9q - uuEUgbstlOvqRGFs6buGRFTLFi845qfv4J0QnXvj/COLZfNjwl3Jbg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1t7378n8kmd3f32fkye2gw3jj6qswv3exjdx0dq8kl0xra3tmcdnsvddq3u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyN1U3WkFuSlZ1ekhkVVJU - VU51WjlCc1hySnlLVWFONWdnZ2VPTHFid3pVCkcwNmRXendXZjRRazhkSzRWU2FF - Z0xHQjlsVllYdkN1OGtmTEVXcnUwSVEKLS0tIG5YTmxGTzUyQ2IxR2VBMmQwUThX - Uk1kQ0w1VGh6YUZaZ1NvSHIwelZFSHcKtjHNHVWu9bpDEsUmibm3vXwf/ff2Zmtk - YiZmlU2imQ6WWPcTfGDPsNZ0YhA8mPxoWdzpHt10elUCwCpyi3L7iA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yn82e39pxt0d0pgny34ux4lkge4ff7wxvsye8ragvwngehemt4ps27phyw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNDA4SDJIVnJySUVMMTZw - UnZxb05OK1h6aldBT0kreE9jRHYyYyttZlNvCjZBQTlzajFweUoxSnRCMUpCQWQr - V0Q2eGVYOENpSlFWWlFUQThOREVpVG8KLS0tIDAwUWk2aW1NMFZsWWFabGhSKzMv - NUMyN01MVTlsbWpNV24yOVVhZitGd1kKa8dbwXGW5Bthym+BuGr+E8bYMbHb07ew - YbTskFI7vkMRWg1VGWMbrzvoqdVP7xJpUBtUo3okL4j/au+hG+br5w== - -----END AGE ENCRYPTED FILE----- - - recipient: age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MFFxUmkvVFRrNWN2V2Z1 - ekV4ejJlMFZ3WkhycXBjRGFZa05XWHdHQjE0CnpuaG9TVjJ2ZkkweDNFUXgxWnBt - YmhLRzFzRzlSRGpKTm1LMmcwZVdlU3cKLS0tIE10a1pVOW5jQ0kwWHdWcmlNY0hm - ZU4rL3BiT29jcHNGU0xzajIvb0hqU0EKtkiSn5PVzJYZmCEnsa7a3AZW5PhlwWXt - 8TLrM5WYljSR7rzeqmVH5PaXT6olUXo/NCmbqiM1R5nizNBDbKGLbQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1n5frpwgvps7c2348ynu9g7g47kqar4srdplw5kkcyn4x80eqzetqw3ej2m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBib0ZWUXpJVXkyLzdEdnN2 - TDIzd0F6WkdDbGgrMW9BS00rTmtvSGV3Y0RjClI2YTkxb0pUazlYY3dsOFBmcXpC - cFg5bVJOL3ZKQ3N4L2lSZ0xaTjVPMFUKLS0tIFo1YklYdXZNam5FbnhEZDUxKzYr - TXh5SmQxK0pmRG80bjVzUUNYWmRKcG8K5xbwbYccoMcpmS3oSSBFpHaYkZizfxhK - 03lO4cEDsufZAt95OzD6pQZCaBp8dVsyZTJQaDTMsnsPTQ5Kxq6sng== - -----END AGE ENCRYPTED FILE----- - - recipient: age1lvks0rdf743cn9rvvx90mzu3mjldydlzslpmv9608wn4j0m8u3xsmu7yew - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZnQ0U1FieWlWRVpYWUQ0 - ZGNRV3l3MTRvM2VBVjVnSitwTXp1Y0l5bzFvCm4xRXJXTzA1YmhERkszSkhVaVFF - Qnc4T0pVRi92MVh2UHlUd3E0OU9lM28KLS0tIDZ3TUZ3cHBUc0NnTHl4K0JLZ3J0 - RWRidzlRQ2Qrb3hZQmI4UkNiOXlNTXMK7e3ZpGsleiDmH3YscwbpkHUo1vF4g34u - dx7EBE89sCYLFHPXk0bkZIOe/CTXUDBDiFHew4zL3I60mwMJKKnisw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-13T19:10:40Z" - mac: ENC[AES256_GCM,data:HaMU0o8ORSUCrcmppdJwpXj4YgKESOUy9YJPktBvY7s1QhQVqvzNigxcvJcpGFexvy9/I6mBxzc7JYDPuMmSyaaFQyTZ6e47cxshqy5Sxxs6U7lyxPWynnC7nU1F+CWhkqULQ0+v45NB6wilHc+ASOb1JGSF546ffZDmbJ+eDU4=,iv:+5+S63+PtrCvVFdfSAUHUoS342g6LzoICFUpR2OL9ns=,tag:WnksdwIcQCDCmMiIwbSUpQ==,type:str] - pgp: - - created_at: "2026-02-06T15:34:32Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA0B7mmjbybiOAQ/+N+WG14Kn6aqETcs3SDEvdeREb//2S/suf27VIT7NqdEY - VZWa19oWO20+pSD1WZAQDatXFo4Ty13az1pSIUhKRj6jwkzvtAwAXQcH3i6oRQPv - Fsh2mMfeq6+bgLqCbD74DckM4j7e+sj1mENMKUwTALdY6ecdoADA97vcxEuvPWoJ - g9KDwX4xKzjRujsmPTa7Q2daq/9/607WU+FlkkdQK6wCUgn6eNXSXLSdITB/TAe2 - YVtEGj0+bgMawItah9uro6eiL4hpOJhVDk8R2Vq7/qkV+eSI5DW6hlXAMlZXZ4SU - WtaqQ1vb7sYQ9PHHpMkZ0qo9TxQDo6RpKonj0qP2Ihm0hh39n/hEcHI+Q8L78OcZ - ZcdnxU9RsLqXEgi/QvDITGCxFB58Ng1Kx0IEYNxav+4s2Vb28KqukpCPPwBOf2nI - MqzDn/mDtsu6RR/d0OO8qN6Rp+fg2k4RBoB7rYLM5mSFmx1S/MYbM1JTdVmSGvCL - mCnuZE18WGBgd7qfH7A6J11H/jIWCAB4UyIZXtJcGm/hCqIkDATqe0f7QMC6S+qR - Zl/3zdzv3MaKTotLTfJC9Y+teOrMlk/OYrDjEg5btHI/XJOn0V2lxE9O3Z/i3l50 - 16U/oUK54jaZi1+ZvHgHwjEFcDJ74IoyWvBh25vg1qhQVH9a1to74a/yq2zKYIzS - XgHVF+/WTjQvEl44RiuLuUDxlDrxOUwer+bTM8Rx9BDFhqDfH+GKvZKwQdwu72Ri - hvUppPOtx6x1Q++S9/luXy25dlC/EDkmUyzQgT6m4GzlxiOWkW0dxfob547PYlI= - =abGW - -----END PGP MESSAGE----- - fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 - unencrypted_suffix: _unencrypted - version: 3.11.0 diff --git a/systems/aarch64-linux/pi4/adguard.nix b/systems/aarch64-linux/pi4/adguard.nix deleted file mode 100644 index c731b4f..0000000 --- a/systems/aarch64-linux/pi4/adguard.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, ... }: -{ - services.resolved.enable = lib.mkForce false; - services.adguardhome = { - enable = true; - openFirewall = true; - allowDHCP = true; - mutableSettings = true; - settings = { - http.address = "0.0.0.0:0"; - users = [ - { - name = "mjallen"; - password = "$2a$10$G07P7V1EnBQxWtMNGyfgTOTpAgr4d.uqYoG.cGSFCv9jQdiYWCsfq"; - } - ]; - dns = { - upstream_dns = [ - "https://dns10.quad9.net/dns-query" - "1.1.1.1" - "8.8.8.8" - ]; - bootstrap_dns = [ - "9.9.9.10" - "149.112.112.10" - "2620:fe::10" - "2620:fe::fe:10" - ]; - upstream_mode = "load_balance"; - trusted_proxies = [ - "127.0.0.0/8" - "::1/128" - "10.0.1.3" - ]; - cache_optimistic = true; - }; - dhcp = { - enabled = false; - interface_name = "end0"; - local_domain_name = "lan"; - dhcpv4 = { - gateway_ip = "10.0.1.1"; - subnet_mask = "255.255.255.0"; - range_start = "10.0.1.100"; - range_end = "10.0.1.254"; - lease_duration = 86400; - icmp_timeout_msec = 1000; - }; - dhcpv6 = { - range_start = "2001::1"; - lease_duration = 86400; - ra_slaac_only = false; - ra_allow_slaac = false; - }; - }; - }; - }; -} diff --git a/systems/aarch64-linux/pi4/boot.nix b/systems/aarch64-linux/pi4/boot.nix deleted file mode 100755 index 86521d6..0000000 --- a/systems/aarch64-linux/pi4/boot.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - pkgs, - lib, - namespace, - ... -}: -{ - boot = { - # loader.raspberry-pi = { - # firmwarePackage = kernelBundle.raspberrypifw; - # variant = "4"; - # }; - # kernelPackages = kernelBundle.linuxPackages_rpi4; - # kernelPackages = pkgs.${namespace}.linuxPackages_cachyos-lto; - kernelPackages = pkgs.${namespace}.linuxPackages_rpi4-lts; - initrd = { - availableKernelModules = { - bcachefs = lib.mkForce false; - }; - kernelModules = { - bcachefs = lib.mkForce false; - }; - }; - supportedFilesystems = { - bcachefs = lib.mkForce false; - }; - }; - - specialisation = { - "linux-latest".configuration = { - boot = { - kernelPackages = lib.mkOverride 90 pkgs.unstable.linuxPackages_latest; - }; - }; - }; - - ${namespace}.hardware.raspberry-pi.config = { - all = { - # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters - - base-dt-params = { - i2c_arm = { - enable = true; - value = "on"; - }; - i2c = { - enable = true; - value = "on"; - }; - spi = { - enable = true; - value = "on"; - }; - }; - - options = { - # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart - # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) - # creates a serial console, accessible using GPIOs 14 and 15 (pins - # 8 and 10 on the 40-pin header) - enable_uart = { - enable = true; - value = true; - }; - # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage - # enable debug logging to the UART, also automatically enables - # UART logging in `start.elf` - uart_2ndstage = { - enable = true; - value = true; - }; - }; - - # Base DTB parameters - # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132 - base-dt-params = { - - }; - - }; - }; -} diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix deleted file mode 100755 index 53e69b0..0000000 --- a/systems/aarch64-linux/pi4/default.nix +++ /dev/null @@ -1,105 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ - namespace, - ... -}: -{ - imports = [ - ./adguard.nix - ./boot.nix - ./sops.nix - ]; - - nixpkgs.overlays = [ - (_self: super: { - # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least - # enableRedistributableFirmware is enabled - inherit (super) raspberrypiWirelessFirmware; - # Some derivations want to use it as an input, - # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules - inherit (super) raspberrypifw; - }) - ]; - - ${namespace} = { - impermanence.enable = true; - hardware = { - disko = { - enable = true; - firmware = { - enableFirmware = true; - firmwareDisk = "/dev/mmcblk1"; - }; - }; - raspberry-pi = { - enable = true; - variant = "4"; - }; - }; - headless.enable = true; - user = { - name = "matt"; - mutableUsers = false; - hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; - extraGroups = [ - "docker" - "video" - ]; - }; - network = { - hostName = "pi4"; - ipv4 = { - interface = "end0"; - method = "manual"; - address = "10.0.1.2/24"; - gateway = "10.0.1.1"; - dns = "1.1.1.1"; - }; - firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - networkmanager = { - profiles = { - "static-end0" = { - type = "ethernet"; - }; - }; - }; - }; - services = { - nebula-lighthouse = { - enable = true; - port = 4242; - }; - }; - }; - - services.kmscon = { - enable = true; - hwRender = true; - }; - - programs = { - seahorse.enable = false; - }; - - virtualisation = { - docker.enable = false; - podman.enable = false; - waydroid.enable = false; - libvirtd.enable = false; - }; - - # Root user configuration - explicit to avoid conflicts with home-manager - users.users.root = { - isSystemUser = true; - isNormalUser = false; - }; - fileSystems."/etc".neededForBoot = true; -} diff --git a/systems/aarch64-linux/pi4/networking.nix b/systems/aarch64-linux/pi4/networking.nix deleted file mode 100755 index ceb6f8d..0000000 --- a/systems/aarch64-linux/pi4/networking.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ lib, config, ... }: -{ - # Networking configs - networking = { - # hostName = lib.mkForce hostname; - - defaultGateway.address = "10.0.1.1"; - nameservers = [ "10.0.1.1" ]; - - firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - # Enable Network Manager - networkmanager = { - enable = lib.mkDefault true; - wifi.powersave = lib.mkDefault false; - settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; - ensureProfiles = { - environmentFiles = [ - config.sops.secrets.wifi.path - ]; - - profiles = { - # "Joey's Jungle 5G" = { - # connection = { - # id = "Joey's Jungle 5G"; - # type = "wifi"; - # }; - # ipv4 = { - # method = "auto"; - # }; - # ipv6 = { - # addr-gen-mode = "stable-privacy"; - # method = "auto"; - # }; - # wifi = { - # mode = "infrastructure"; - # ssid = "Joey's Jungle 5G"; - # }; - # wifi-security = { - # key-mgmt = "sae"; - # psk = "$PSK"; - # }; - # }; - - "static-enabcm6e4ei0" = { - connection = { - id = "static-enabcm6e4ei0"; - type = "ethernet"; - interface-name = "enabcm6e4ei0"; - }; - - ipv4 = { - method = "manual"; - address = "10.0.1.2/24"; - gateway = "10.0.1.1"; - dns = "1.1.1.1"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - }; - }; - }; - }; - }; -} diff --git a/systems/aarch64-linux/pi4/sops.nix b/systems/aarch64-linux/pi4/sops.nix deleted file mode 100755 index e79165e..0000000 --- a/systems/aarch64-linux/pi4/sops.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, ... }: -let - user = "matt"; - defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml"); -in -{ - sops = { - age.keyFile = "/home/matt/.config/sops/age/keys.txt"; - validateSopsFiles = false; - # ------------------------------ - # Secrets - # ------------------------------ - secrets = { - # ------------------------------ - # SSH keys - # ------------------------------ - - "ssh-keys-public/pi4" = { - mode = "0644"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; - restartUnits = [ "sshd.service" ]; - }; - "ssh-keys-private/pi4" = { - mode = "0600"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; - restartUnits = [ "sshd.service" ]; - }; - "ssh-keys-public/pi5" = { - neededForUsers = true; - mode = "0600"; - owner = config.users.users.root.name; - group = config.users.users.root.group; - restartUnits = [ "sshd.service" ]; - }; - "pi4/sys-public-key" = { - sopsFile = defaultSops; - neededForUsers = true; - mode = "0600"; - owner = config.users.users.root.name; - group = config.users.users.root.group; - restartUnits = [ "sshd.service" ]; - }; - "pi4/sys-priv-key" = { - sopsFile = defaultSops; - neededForUsers = true; - mode = "0600"; - owner = config.users.users.root.name; - group = config.users.users.root.group; - restartUnits = [ "sshd.service" ]; - }; - }; - }; -}