mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pis

Browse Source
This commit is contained in:
mjallen18
2025-07-21 18:59:53 -05:00
parent b43816579f
commit e3bfbae131
28 changed files with 342 additions and 3383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
flake.lock generated
View File

@@ -864,15 +864,15 @@
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_11"
}, },
"locked": { "locked": {
"lastModified": 1752372167, "lastModified": 1753141210,
"narHash": "sha256-xI8GUvFtgbE9AXRwh3korfSrm/lWBJmLXQFTLi7lL8E=", "narHash": "sha256-yV7+cv0q5XL7uv9gvSG7R0jktgXgB+forv3c7TfY2T8=",
"owner": "nvmd", "owner": "mjallen18",
"repo": "nixos-raspberrypi", "repo": "nixos-raspberrypi",
"rev": "fa7959822f0c4d14c5bd287017aa903a264025a5", "rev": "e0f487998cb4409408f03e019c71c21011edb84c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nvmd", "owner": "mjallen18",
"repo": "nixos-raspberrypi", "repo": "nixos-raspberrypi",
"type": "github" "type": "github"
} }

2739
flake.lock.ori
View File

File diff suppressed because it is too large Load Diff

31
flake.nix
View File

@@ -48,7 +48,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi"; nixos-raspberrypi.url = "github:mjallen18/nixos-raspberrypi";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
@@ -177,6 +177,31 @@
nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-pc
]; ];
}; };
# ######################################################
# Pi4 #
# ######################################################
pi4 = {
modules = with inputs; [
disko.nixosModules.disko
nixos-raspberrypi.nixosModules.raspberry-pi-4.base
nixos-raspberrypi.nixosModules.raspberry-pi-4.display-vc4
nixos-raspberrypi.lib.inject-overlays
];
};
# ######################################################
# Pi5 #
# ######################################################
pi5 = {
modules = with inputs; [
disko.nixosModules.disko
nixos-raspberrypi.nixosModules.raspberry-pi-5.base
nixos-raspberrypi.nixosModules.raspberry-pi-5.display-vc4
nixos-raspberrypi.nixosModules.raspberry-pi-5.bluetooth
nixos-raspberrypi.lib.inject-overlays
];
};
}; };
overlays = with inputs; [ nix-vscode-extensions.overlays.default ]; overlays = with inputs; [ nix-vscode-extensions.overlays.default ];
@@ -226,10 +251,8 @@
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix; formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
}; };
}; };
piSystems = import ./systems/aarch64-linux/pi4/flake.nix { inherit inputs; };
in in
snowfall // { snowfall // {
nixosConfigurations = snowfall.nixosConfigurations // piSystems; nixosConfigurations = snowfall.nixosConfigurations;
}; };
} }

1
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -55,7 +55,6 @@ in
}; };
programs = { programs = {
java.enable = lib.mkForce true;
mangohud.enable = lib.mkForce true; mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases; zsh.shellAliases = shellAliases;
}; };

10
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, namespace, ... }:
let let
shellAliases = { shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
@@ -9,14 +9,6 @@ let
}; };
in in
{ {
imports = [
../../share/home/defaults.nix
../../share/home/git.nix
../../share/home/gnome.nix
../../share/home/librewolf.nix
../../share/home/shell.nix
../../share/home/vscode.nix
];
home.username = "matt"; home.username = "matt";

18
homes/aarch64-linux/root@pi4/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, ... }:
let
shellAliases = {
update-boot = "nixos-rebuild boot --max-jobs 10";
update-switch = "nixos-rebuild switch --max-jobs 10";
};
in
{
home = {
username = "root";
homeDirectory = lib.mkForce "/${config.home.username}";
enableNixpkgsReleaseCheck = false;
};
programs = {
zsh.shellAliases = shellAliases;
};
}

1
modules/home/home/default.nix
View File

@@ -41,7 +41,6 @@
home-manager.enable = lib.mkDefault true; home-manager.enable = lib.mkDefault true;
java = { java = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
package = pkgs.jdk17;
}; };
mangohud.enable = lib.mkDefault true; mangohud.enable = lib.mkDefault true;
password-store.enable = true; password-store.enable = true;

9
modules/home/programs/code/default.nix
View File

@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, system, ... }:
let let
isArm = "aarch64-linux" == system;
open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension { open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension {
pname = "open-remote-ssh"; pname = "open-remote-ssh";
version = "0.0.49"; version = "0.0.49";
@@ -12,6 +13,9 @@ let
name = "open-remote-ssh.zip"; name = "open-remote-ssh.zip";
}; };
}; };
x86_only = with pkgs; [
vscode-extensions.redhat.vscode-xml
];
in in
{ {
programs = { programs = {
@@ -35,14 +39,13 @@ in
vscode-extensions.ms-python.pylint vscode-extensions.ms-python.pylint
vscode-extensions.ms-python.python vscode-extensions.ms-python.python
# vscode-extensions.ms-python.vscode-pylance # vscode-extensions.ms-python.vscode-pylance
vscode-extensions.redhat.vscode-xml
vscode-extensions.redhat.vscode-yaml vscode-extensions.redhat.vscode-yaml
vscode-extensions.yy0931.vscode-sqlite3-editor vscode-extensions.yy0931.vscode-sqlite3-editor
# open-remote-ssh # open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh # nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
# open-vsx.jeanp413.open-remote-ssh # open-vsx.jeanp413.open-remote-ssh
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ] ++ ( if !isArm then x86_only else [ ] ) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{ {
name = "copilot-mcp"; name = "copilot-mcp";
publisher = "automatalabs"; publisher = "automatalabs";

157
modules/home/user/default.nix Normal file
View File

@@ -0,0 +1,157 @@
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.user;
home-directory =
if cfg.name == null then
null
else if pkgs.stdenv.hostPlatform.isDarwin then
"/Users/${cfg.name}"
else
"/home/${cfg.name}";
in
{
options.${namespace}.user = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to configure the user account.";
};
email = mkOption {
type = types.str;
default = "jalle008@proton.me";
description = "The email of the user.";
};
fullName = mkOption {
type = types.str;
default = "Austin Horstman";
description = "The full name of the user.";
};
home = mkOption {
type = (types.nullOr types.str);
default = home-directory;
description = "The user's home directory.";
};
icon = mkOption {
type = (types.nullOr types.package);
default = pkgs.${namespace}.user-icon;
description = "The profile picture to use for the user.";
};
name = mkOption {
type = (types.nullOr types.str);
default = config.snowfallorg.user.name;
description = "The user account.";
};
};
config = mkIf cfg.enable (mkMerge [
{
assertions = [
{
assertion = cfg.name != null;
message = "${namespace}.user.name must be set";
}
{
assertion = cfg.home != null;
message = "${namespace}.user.home must be set";
}
];
home = {
file =
{
"Desktop/.keep".text = "";
"Documents/.keep".text = "";
"Downloads/.keep".text = "";
"Music/.keep".text = "";
"Pictures/.keep".text = "";
"Videos/.keep".text = "";
}
// lib.optionalAttrs (cfg.icon != null) {
".face".source = cfg.icon;
".face.icon".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
};
homeDirectory = mkDefault cfg.home;
shellAliases = {
# nix specific aliases
cleanup = "sudo nix-collect-garbage --delete-older-than 3d && nix-collect-garbage -d";
bloat = "nix path-info -Sh /run/current-system";
curgen = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
gc-check = "nix-store --gc --print-roots | egrep -v \"^(/nix/var|/run/\w+-system|\{memory|/proc)\"";
repair = "nix-store --verify --check-contents --repair";
nixnuke = ''
# Kill nix-daemon and nix processes first
sudo pkill -9 -f "nix-(daemon|store|build)" || true
# Find and kill all nixbld processes
for pid in $(ps -axo pid,user | ${getExe pkgs.gnugrep} -E '[_]?nixbld[0-9]+' | ${getExe pkgs.gawk} '{print $1}'); do
sudo kill -9 "$pid" 2>/dev/null || true
done
# Restart nix-daemon based on platform
if [ "$(uname)" = "Darwin" ]; then
sudo launchctl kickstart -k system/org.nixos.nix-daemon
else
sudo systemctl restart nix-daemon.service
fi
'';
flake = "nix flake";
nix = "nix -vL";
gsed = "${getExe pkgs.gnused}";
hmvar-reload = ''__HM_ZSH_SESS_VARS_SOURCED=0 source "/etc/profiles/per-user/${config.${namespace}.user.name}/etc/profile.d/hm-session-vars.sh"'';
# File management
rcp = "${getExe pkgs.rsync} -rahP --mkpath --modify-window=1"; # Rsync copy keeping all attributes,timestamps,permissions"
rmv = "${getExe pkgs.rsync} -rahP --mkpath --modify-window=1 --remove-sent-files"; # Rsync move keeping all attributes,timestamps,permissions
tarnow = "${getExe pkgs.gnutar} -acf ";
untar = "${getExe pkgs.gnutar} -zxvf ";
wget = "${getExe pkgs.wget} -c ";
remove-empty = ''${getExe' pkgs.findutils "find"} . -type d --empty --delete'';
print-empty = ''${getExe' pkgs.findutils "find"} . -type d --empty --print'';
dfh = "${getExe' pkgs.coreutils "df"} -h";
duh = "${getExe' pkgs.coreutils "du"} -h";
usage = "${getExe' pkgs.coreutils "du"} -ah -d1 | sort -rn 2>/dev/null";
# Navigation shortcuts
home = "cd ~";
dots = "cd $DOTS_DIR";
".." = "cd ..";
"..." = "cd ../..";
"...." = "cd ../../..";
"....." = "cd ../../../..";
"......" = "cd ../../../../..";
# Colorize output
dir = "${getExe' pkgs.coreutils "dir"} --color=auto";
egrep = "${getExe' pkgs.gnugrep "egrep"} --color=auto";
fgrep = "${getExe' pkgs.gnugrep "fgrep"} --color=auto";
grep = "${getExe pkgs.gnugrep} --color=auto";
vdir = "${getExe' pkgs.coreutils "vdir"} --color=auto";
# Misc
clear = "clear && ${getExe config.programs.fastfetch.package}";
clr = "clear";
pls = "sudo";
psg = "${getExe pkgs.ps} aux | grep";
myip = "${getExe pkgs.curl} ifconfig.me";
# Cryptography
genpass = "${getExe pkgs.openssl} rand - base64 20"; # Generate a random, 20-character password
sha = "shasum -a 256"; # Test checksum
};
username = mkDefault cfg.name;
};
}
]);
}

4
modules/nixos/desktop/hyprland/default.nix
View File

@@ -64,7 +64,7 @@ in
hyprland = { hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
portalPackage = pkgs.xdg-desktop-portal-hyprland; portalPackage = lib.mkDefault pkgs.xdg-desktop-portal-hyprland;
}; };
nm-applet.enable = true; nm-applet.enable = true;
@@ -161,7 +161,7 @@ in
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
xdgOpenUsePortal = true; xdgOpenUsePortal = true;
extraPortals = [ extraPortals = lib.mkDefault [
pkgs.xdg-desktop-portal-hyprland pkgs.xdg-desktop-portal-hyprland
pkgs.xdg-desktop-portal-gnome pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-gtk

2
modules/nixos/hardware/default.nix
View File

@@ -1,6 +1,6 @@
{ lib, system, ... }: { lib, system, ... }:
let let
isArm = builtins.match "aarch64*" system != null; isArm = "aarch64-linux" == system;
in in
{ {
hardware = { hardware = {

4
modules/nixos/home/default.nix
View File

@@ -53,8 +53,8 @@
# Add any other external HM modules here # Add any other external HM modules here
]; ];
# users.${config.${namespace}.user.name} = lib.types.mkAliasDefinitions options.${namespace}.home.extraOptions; users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; # users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true; verbose = true;
}; };

66
modules/nixos/user/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.user;
in
{
options.${namespace}.user = with types; {
email = lib.mkOption {
type = str;
default = "jalle008@proton.me";
description = "The email of the user.";
};
extraGroups = lib.mkOption {
type = (listOf str);
default = [ ];
description = "Groups for the user to be assigned.";
};
extraOptions = lib.mkOption {
type = attrs;
default = { };
description = "Extra options passed to <option>users.users.<name></option>.";
};
fullName = lib.mkOption {
type = str;
default = "Matt Jallen";
description = "The full name of the user.";
};
name = lib.mkOption {
type = str;
default = "matt";
description = "The name to use for the user account.";
};
};
config = {
users.users.${cfg.name} = {
inherit (cfg) name;
extraGroups = [
"wheel"
"systemd-journal"
"mpd"
"audio"
"video"
"input"
"plugdev"
"lp"
"tss"
"power"
"nix"
] ++ cfg.extraGroups;
group = "users";
home = "/home/${cfg.name}";
isNormalUser = true;
shell = lib.mkDefault pkgs.zsh;
uid = 1000;
} // cfg.extraOptions;
};
}

69
systems/aarch64-linux/pi4/argononed.nix
View File

@@ -1,69 +0,0 @@
# { ... }:
# {
# programs.argon.one = {
# enable = true;
# settings = {
# # Is 'celsius' by default, can also be set to 'fahrenheit'
# displayUnits = "celsius";
# # This is the same config as the original Argon40 config.
# # This is also the default config for this flake.
# fanspeed = [
# {
# # This the temperature threshold at which this fan speed will activate.
# # The temperature is in the above specified unit.
# temperature = 55;
# # This is speed percentage at which the fan will spin.
# speed = 30;
# }
# {
# temperature = 60;
# speed = 55;
# }
# {
# temperature = 65;
# speed = 100;
# }
# ];
# ir = {
# enable = true;
# gpio.enable = true;
# keymap = {
# "POWER" = "00ff39c6";
# "UP" = "00ff53ac";
# "DOWN" = "00ff4bb4";
# "LEFT" = "00ff9966";
# "RIGHT" = "00ff837c";
# "VOLUMEUP" = "00ff01fe";
# "VOLUMEDOWN" = "00ff817e";
# "OK" = "00ff738c";
# "HOME" = "00ffd32c";
# "MENU" = "00ffb946";
# "BACK" = "00ff09f6";
# };
# };
# };
# };
# }
# { lib, stdenv, pkgs, config, ...}:
# {
# imports = let
# argononed = fetchGit {
# url = "https://github.com/mjallen18/argononed.git";
# ref = "dev"; # Or any other branches deemed suitable
# };
# in
# [ "${argononed}/OS/nixos" ];
# services.argonone = {
# enable = true;
# logLevel = 4;
# settings = {
# fanTemp0 = 36; fanSpeed0 = 10;
# fanTemp1 = 41; fanSpeed1 = 50;
# fanTemp2 = 46; fanSpeed2 = 80;
# hysteresis = 4;
# };
# };
# }

17
systems/aarch64-linux/pi4/boot.nix
View File

@@ -21,13 +21,24 @@
# # cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/ # # cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/
# # ''; # # '';
# } # }
{ pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
kernelBundle = pkgs.linuxAndFirmware.latest; kernelBundle = pkgs.linuxAndFirmware.latest;
in in
{ {
boot = { system.nixos.tags = let
loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; cfg = config.boot.loader.raspberry-pi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
boot = lib.mkForce {
loader.raspberry-pi = {
firmwarePackage = kernelBundle.raspberrypifw;
variant = "4";
};
kernelPackages = kernelBundle.linuxPackages_rpi4; kernelPackages = kernelBundle.linuxPackages_rpi4;
}; };

61
systems/aarch64-linux/pi4/default.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: { config, lib, pkgs, namespace, ... }:
let let
user = "matt"; user = "matt";
# password = config.sops.secrets."pi4/matt-password".path; # password = config.sops.secrets."pi4/matt-password".path;
@@ -12,11 +12,14 @@ in
imports = [ imports = [
./adguard.nix ./adguard.nix
./boot.nix ./boot.nix
./impermanence.nix
./networking.nix ./networking.nix
./sops.nix ./sops.nix
]; ];
${namespace} = {
hardware.disko.enable = true;
};
nix = { nix = {
settings = { settings = {
substituters = [ substituters = [
@@ -45,14 +48,6 @@ in
]; ];
}; };
system.nixos.tags = let
cfg = config.boot.loader.raspberryPi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
programs.zsh.enable = true; programs.zsh.enable = true;
hardware.i2c.enable = true; hardware.i2c.enable = true;
@@ -88,26 +83,32 @@ in
users = { users = {
mutableUsers = false; mutableUsers = false;
users."${user}" = { users = {
isNormalUser = true; "${user}" = {
# hashedPasswordFile = password; isNormalUser = true;
password = "BogieDudie1"; # hashedPasswordFile = password;
extraGroups = [ password = "BogieDudie1";
"wheel" extraGroups = [
"docker" "wheel"
"video" "docker"
]; "video"
shell = pkgs.zsh; ];
openssh.authorizedKeys.keys = [ shell = pkgs.zsh;
# macBook openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" # macBook
# desktop windows "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" # desktop windows
# desktop nixos "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" # desktop nixos
]; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
}; ];
};
users.root.shell = pkgs.zsh; root = {
isSystemUser = true;
isNormalUser = false;
shell = pkgs.zsh;
};
};
}; };
} }

102
systems/aarch64-linux/pi4/disko.nix
View File

@@ -1,102 +0,0 @@
{ config, lib, ... }:
let
rootDisk = "/dev/sda1";
in
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "15G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot/firmware
FIRMWARE = {
priority = 1;
name = "FIRMWARE";
start = "1M";
end = "1G";
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/firmware";
mountOptions = [ "umask=0077" ];
};
};
# /boot
ESP = {
priority = 2;
name = "ESP";
# start = "1G";
# end = "2G";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
};
};
};
}

45
systems/aarch64-linux/pi4/flake.nix
View File

@@ -1,45 +0,0 @@
{ inputs }:
with inputs;
{
pi4 = nixos-raspberrypi.lib.nixosSystem {
specialArgs = inputs // {
# Add any special args you need
};
system = "aarch64-linux";
modules = [
# Import your Snowfall modules manually
./default.nix
disko.nixosModules.disko
./disko.nix
nixos-hardware.nixosModules.raspberry-pi-4
{
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-4.base
raspberry-pi-4.display-vc4
raspberry-pi-4.bluetooth
raspberry-pi-4.case-argonone
];
}
impermanence.nixosModules.impermanence
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.sharedModules = [
sops-nix.homeManagerModules.sops
];
home-manager.users.matt = import (../../../homes/aarch64-linux + "/matt@pi4/default.nix");
home-manager.users.root = { ... }: {
imports = [
# Your root user config
sops-nix.homeManagerModules.sops
];
home.stateVersion = "23.11";
};
}
];
};
}

35
systems/aarch64-linux/pi4/impermanence.nix
View File

@@ -1,35 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/systemd/coredump"
{
directory = "/var/lib/private";
mode = "u=rwx,g=,o=";
}
"/etc/NetworkManager/system-connections"
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
];
files = [
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

22
systems/aarch64-linux/pi4/pi4-hw.nix
View File

@@ -1,22 +0,0 @@
{ ... }:
{
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = true;
backlight.enable = false;
bluetooth.enable = true;
dwc2.enable = true;
i2c0.enable = true;
i2c1.enable = true;
leds = {
eth.disable = false;
act.disable = false;
pwr.disable = false;
};
fkms-3d.enable = true;
xhci.enable = true;
};
deviceTree.filter = "bcm2711-rpi-4*.dtb";
};
}

23
systems/aarch64-linux/pi4/pi4-uefi.nix
View File

@@ -1,23 +0,0 @@
{ stdenv, fetchzip }:
stdenv.mkDerivation rec {
pname = "uefi_rpi4";
version = "1.38";
src = fetchzip {
url = "https://github.com/pftf/RPi4/releases/download/v1.38/RPi4_UEFI_Firmware_v1.38.zip";
hash = "sha256-9tOr80jcmguFy2bSz+H3TfmG8BkKyBTFoUZkMy8x+0g=";
stripRoot = false;
};
installPhase = ''
mkdir -p $out/share/uefi_rpi4
cp -r * $out/share/uefi_rpi4
'';
meta = {
description = "UEFI Firmware for Raspberry Pi 4";
homepage = "https://github.com/pftf/RPi4";
platforms = [ "aarch64-linux" ];
};
}

58
systems/aarch64-linux/pi4/pkg.nix
View File

@@ -1,58 +0,0 @@
{ lib, stdenv, fetchFromGitHub, nix-gitignore, dtc, installShellFiles, logLevel ? 5, ... }:
let
rawSrc = fetchFromGitHub {
owner = "mjallen18";
repo = "argononed";
rev = "master"; # replace with actual commit or tag
sha256 = "sha256-PpFR+6Aa4Pz9EmxOayMSsSTKFzUR6sYIAkGZ8+SUK18="; # fill this in with actual hash
};
ignores = ''
/*
!/version
!/makefile
!/configure
!/src
!/OS
/OS/*
!/OS/_common/
!/OS/nixos/
'';
cleanSrc = nix-gitignore.gitignoreSourcePure ignores rawSrc;
in
stdenv.mkDerivation {
pname = "argononed";
version = lib.strings.fileContents "${cleanSrc}/version";
src = cleanSrc;
nativeBuildInputs = [ dtc installShellFiles ];
preConfigure = ''
patchShebangs --build ./configure
export TARGET_DISTRO=nixos
'';
patches = [
"${cleanSrc}/OS/nixos/patches/nixos.patch"
"${cleanSrc}/OS/nixos/patches/shutdown.patch"
];
buildFlags = [ "LOGLEVEL=${toString logLevel}" ];
installFlags = [ "NIX_DRVOUT=$(out)" ];
postInstall = ''
installShellCompletion --bash --name argonone-cli OS/_common/argonone-cli-complete.bash
'';
meta = {
description = "A replacement daemon for the Argon One Raspberry Pi case";
homepage = "https://gitlab.com/DarkElvenAngel/argononed";
license = lib.licenses.mit;
platforms = [ "aarch64-linux" ];
};
}

2
systems/aarch64-linux/pi5/boot.nix
View File

@@ -4,7 +4,7 @@ let
in in
{ {
boot = { boot = {
loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw; loader.raspberry-pi.firmwarePackage = kernelBundle.raspberrypifw;
kernelPackages = kernelBundle.linuxPackages_rpi5; kernelPackages = kernelBundle.linuxPackages_rpi5;
}; };

12
systems/aarch64-linux/pi5/configuration.nix → systems/aarch64-linux/pi5/default.nix Executable file → Normal file
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: { config, lib, pkgs, namespace, ... }:
let let
user = "matt"; user = "matt";
password = config.sops.secrets."pi5/matt-password".path; password = config.sops.secrets."pi5/matt-password".path;
@@ -11,14 +11,16 @@ in
{ {
imports = [ imports = [
./boot.nix ./boot.nix
./impermanence.nix
./networking.nix ./networking.nix
./services.nix ./services.nix
./sops.nix ./sops.nix
../../modules/desktop-environments/hyprland
./hass.nix
]; ];
${namespace} = {
hardware.disko.enable = true;
desktop.hyprland.enable = false;
};
# Enable nix flakes and nix-command tools # Enable nix flakes and nix-command tools
nix = { nix = {
settings = { settings = {
@@ -49,7 +51,7 @@ in
}; };
system.nixos.tags = let system.nixos.tags = let
cfg = config.boot.loader.raspberryPi; cfg = config.boot.loader.raspberry-pi;
in [ in [
"raspberry-pi-${cfg.variant}" "raspberry-pi-${cfg.variant}"
cfg.bootloader cfg.bootloader

109
systems/aarch64-linux/pi5/disko.nix
View File

@@ -1,109 +0,0 @@
{ ... }:
let
rootDisk = "/dev/nvme0n1";
in
{
disko.devices.disk.main.imageSize = "15G";
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot/firmware
FIRMWARE = {
priority = 1;
name = "FIRMWARE";
start = "1M";
end = "1G";
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/firmware";
mountOptions = [ "umask=0077" ];
};
};
# /boot
ESP = {
priority = 2;
name = "ESP";
# start = "1G";
# end = "2G";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"tmp" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/tmp";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
};
};
};
}

74
systems/aarch64-linux/pi5/hardware-configuration.nix
View File

@@ -1,74 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7793-909B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/15B0-5CAA";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

36
systems/aarch64-linux/pi5/impermanence.nix
View File

@@ -1,36 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/systemd/coredump"
{
directory = "/var/lib/private";
mode = "u=rwx,g=,o=";
}
"/etc/NetworkManager/system-connections"
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
];
# files = [
# "/etc/machine-id"
# { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
# ];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

8
systems/aarch64-linux/pi5/sops.nix
View File

@@ -4,7 +4,7 @@ let
in in
{ {
sops = { sops = {
defaultSopsFile = ../../secrets/pi5-secrets.yaml; defaultSopsFile = ../../../secrets/pi5-secrets.yaml;
# age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/home/matt/.config/sops/age/keys.txt"; age.keyFile = "/home/matt/.config/sops/age/keys.txt";
@@ -13,7 +13,7 @@ in
# ------------------------------ # ------------------------------
secrets = { secrets = {
"wifi" = { "wifi" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
}; };
"pi5/matt-password" = { "pi5/matt-password" = {
neededForUsers = true; neededForUsers = true;
@@ -27,14 +27,14 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/pi5" = { "ssh-keys-public/pi5" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
mode = "0644"; mode = "0644";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/pi5" = { "ssh-keys-private/pi5" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;