retire pi4

systems/aarch64-linux/pi4/adguard.nix

@@ -1,58 +0,0 @@
-{ lib, ... }:
-{
-  services.resolved.enable = lib.mkForce false;
-  services.adguardhome = {
-    enable = true;
-    openFirewall = true;
-    allowDHCP = true;
-    mutableSettings = true;
-    settings = {
-      http.address = "0.0.0.0:0";
-      users = [
-        {
-          name = "mjallen";
-          password = "$2a$10$G07P7V1EnBQxWtMNGyfgTOTpAgr4d.uqYoG.cGSFCv9jQdiYWCsfq";
-        }
-      ];
-      dns = {
-        upstream_dns = [
-          "https://dns10.quad9.net/dns-query"
-          "1.1.1.1"
-          "8.8.8.8"
-        ];
-        bootstrap_dns = [
-          "9.9.9.10"
-          "149.112.112.10"
-          "2620:fe::10"
-          "2620:fe::fe:10"
-        ];
-        upstream_mode = "load_balance";
-        trusted_proxies = [
-          "127.0.0.0/8"
-          "::1/128"
-          "10.0.1.3"
-        ];
-        cache_optimistic = true;
-      };
-      dhcp = {
-        enabled = false;
-        interface_name = "end0";
-        local_domain_name = "lan";
-        dhcpv4 = {
-          gateway_ip = "10.0.1.1";
-          subnet_mask = "255.255.255.0";
-          range_start = "10.0.1.100";
-          range_end = "10.0.1.254";
-          lease_duration = 86400;
-          icmp_timeout_msec = 1000;
-        };
-        dhcpv6 = {
-          range_start = "2001::1";
-          lease_duration = 86400;
-          ra_slaac_only = false;
-          ra_allow_slaac = false;
-        };
-      };
-    };
-  };
-}

systems/aarch64-linux/pi4/boot.nix

@@ -1,82 +0,0 @@
-{
-  pkgs,
-  lib,
-  namespace,
-  ...
-}:
-{
-  boot = {
-    #   loader.raspberry-pi = {
-    #     firmwarePackage = kernelBundle.raspberrypifw;
-    #     variant = "4";
-    #   };
-    #   kernelPackages = kernelBundle.linuxPackages_rpi4;
-    # kernelPackages = pkgs.${namespace}.linuxPackages_cachyos-lto;
-    kernelPackages = pkgs.${namespace}.linuxPackages_rpi4-lts;
-    initrd = {
-      availableKernelModules = {
-        bcachefs = lib.mkForce false;
-      };
-      kernelModules = {
-        bcachefs = lib.mkForce false;
-      };
-    };
-    supportedFilesystems = {
-        bcachefs = lib.mkForce false;
-    };
-  };
-
-  specialisation = {
-    "linux-latest".configuration = {
-      boot = {
-        kernelPackages = lib.mkOverride 90 pkgs.unstable.linuxPackages_latest;
-      };
-    };
-  };
-
-  ${namespace}.hardware.raspberry-pi.config = {
-    all = {
-      # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
-
-      base-dt-params = {
-        i2c_arm = {
-          enable = true;
-          value = "on";
-        };
-        i2c = {
-          enable = true;
-          value = "on";
-        };
-        spi = {
-          enable = true;
-          value = "on";
-        };
-      };
-
-      options = {
-        # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
-        # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
-        # creates a serial console, accessible using GPIOs 14 and 15 (pins
-        #  8 and 10 on the 40-pin header)
-        enable_uart = {
-          enable = true;
-          value = true;
-        };
-        # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
-        # enable debug logging to the UART, also automatically enables
-        # UART logging in `start.elf`
-        uart_2ndstage = {
-          enable = true;
-          value = true;
-        };
-      };
-
-      # Base DTB parameters
-      # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
-      base-dt-params = {
-
-      };
-
-    };
-  };
-}

systems/aarch64-linux/pi4/default.nix

@@ -1,105 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{
-  namespace,
-  ...
-}:
-{
-  imports = [
-    ./adguard.nix
-    ./boot.nix
-    ./sops.nix
-  ];
-
-  nixpkgs.overlays = [
-    (_self: super: {
-      # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
-      # enableRedistributableFirmware is enabled
-      inherit (super) raspberrypiWirelessFirmware;
-      # Some derivations want to use it as an input,
-      # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
-      inherit (super) raspberrypifw;
-    })
-  ];
-
-  ${namespace} = {
-    impermanence.enable = true;
-    hardware = {
-      disko = {
-        enable = true;
-        firmware = {
-          enableFirmware = true;
-          firmwareDisk = "/dev/mmcblk1";
-        };
-      };
-      raspberry-pi = {
-        enable = true;
-        variant = "4";
-      };
-    };
-    headless.enable = true;
-    user = {
-      name = "matt";
-      mutableUsers = false;
-      hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
-      extraGroups = [
-        "docker"
-        "video"
-      ];
-    };
-    network = {
-      hostName = "pi4";
-      ipv4 = {
-        interface = "end0";
-        method = "manual";
-        address = "10.0.1.2/24";
-        gateway = "10.0.1.1";
-        dns = "1.1.1.1";
-      };
-      firewall = {
-        enable = true;
-        allowPing = true;
-        allowedTCPPorts = [ 53 ];
-        allowedUDPPorts = [ 53 ];
-      };
-      networkmanager = {
-        profiles = {
-          "static-end0" = {
-            type = "ethernet";
-          };
-        };
-      };
-    };
-    services = {
-      nebula-lighthouse = {
-        enable = true;
-        port = 4242;
-      };
-    };
-  };
-
-  services.kmscon = {
-    enable = true;
-    hwRender = true;
-  };
-
-  programs = {
-    seahorse.enable = false;
-  };
-
-  virtualisation = {
-    docker.enable = false;
-    podman.enable = false;
-    waydroid.enable = false;
-    libvirtd.enable = false;
-  };
-
-  # Root user configuration - explicit to avoid conflicts with home-manager
-  users.users.root = {
-    isSystemUser = true;
-    isNormalUser = false;
-  };
-  fileSystems."/etc".neededForBoot = true;
-}

systems/aarch64-linux/pi4/networking.nix

@@ -1,72 +0,0 @@
-{ lib, config, ... }:
-{
-  # Networking configs
-  networking = {
-    # hostName = lib.mkForce hostname;
-
-    defaultGateway.address = "10.0.1.1";
-    nameservers = [ "10.0.1.1" ];
-
-    firewall = {
-      enable = true;
-      allowPing = true;
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
-    };
-
-    # Enable Network Manager
-    networkmanager = {
-      enable = lib.mkDefault true;
-      wifi.powersave = lib.mkDefault false;
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-      ensureProfiles = {
-        environmentFiles = [
-          config.sops.secrets.wifi.path
-        ];
-
-        profiles = {
-          # "Joey's Jungle 5G" = {
-          #   connection = {
-          #     id = "Joey's Jungle 5G";
-          #     type = "wifi";
-          #   };
-          #   ipv4 = {
-          #     method = "auto";
-          #   };
-          #   ipv6 = {
-          #     addr-gen-mode = "stable-privacy";
-          #     method = "auto";
-          #   };
-          #   wifi = {
-          #     mode = "infrastructure";
-          #     ssid = "Joey's Jungle 5G";
-          #   };
-          #   wifi-security = {
-          #     key-mgmt = "sae";
-          #     psk = "$PSK";
-          #   };
-          # };
-
-          "static-enabcm6e4ei0" = {
-            connection = {
-              id = "static-enabcm6e4ei0";
-              type = "ethernet";
-              interface-name = "enabcm6e4ei0";
-            };
-
-            ipv4 = {
-              method = "manual";
-              address = "10.0.1.2/24";
-              gateway = "10.0.1.1";
-              dns = "1.1.1.1";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-          };
-        };
-      };
-    };
-  };
-}

systems/aarch64-linux/pi4/sops.nix

@@ -1,55 +0,0 @@
-{ config, lib, ... }:
-let
-  user = "matt";
-  defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
-in
-{
-  sops = {
-    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-    validateSopsFiles = false;
-    # ------------------------------
-    # Secrets
-    # ------------------------------
-    secrets = {
-      # ------------------------------
-      # SSH keys
-      # ------------------------------
-
-      "ssh-keys-public/pi4" = {
-        mode = "0644";
-        owner = config.users.users."${user}".name;
-        group = config.users.users."${user}".group;
-        restartUnits = [ "sshd.service" ];
-      };
-      "ssh-keys-private/pi4" = {
-        mode = "0600";
-        owner = config.users.users."${user}".name;
-        group = config.users.users."${user}".group;
-        restartUnits = [ "sshd.service" ];
-      };
-      "ssh-keys-public/pi5" = {
-        neededForUsers = true;
-        mode = "0600";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-        restartUnits = [ "sshd.service" ];
-      };
-      "pi4/sys-public-key" = {
-        sopsFile = defaultSops;
-        neededForUsers = true;
-        mode = "0600";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-        restartUnits = [ "sshd.service" ];
-      };
-      "pi4/sys-priv-key" = {
-        sopsFile = defaultSops;
-        neededForUsers = true;
-        mode = "0600";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-        restartUnits = [ "sshd.service" ];
-      };
-    };
-  };
-}