mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pi4 cleanup

Browse Source
This commit is contained in:
mjallen18
2025-05-18 18:57:47 -05:00
parent 0e43e68a94
commit f486116c64
7 changed files with 43 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
flake.nix
View File

@@ -435,7 +435,7 @@
pi5-sops-nix.nixosModules.sops
./hosts/pi5/configuration.nix
{
# Hardware specific configuration, see section below for a more complete
# Hardware specific configuration, see section below for a more complete
# list of modules
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-5.base
@@ -448,7 +448,7 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.users.matt =
home-manager.users.matt =
{ ... }:
{
imports = [
@@ -474,17 +474,8 @@
pi4-impermanence.nixosModules.impermanence
pi4-sops-nix.nixosModules.sops
./hosts/pi4/configuration.nix
# {
# disko.imageBuilder = {
# enableBinfmt = true;
# pkgs = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux;
# kernelPackages = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux.linuxPackages_latest;
# };
# nixpkgs.hostPlatform = "aarch64-linux";
# }
#{
# # Hardware specific configuration, see section below for a more complete
# # Hardware specific configuration, see section below for a more complete
# # list of modules
# imports = with nixos-raspberrypi.nixosModules; [
# raspberry-pi-4.base
@@ -497,7 +488,7 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.users.matt =
home-manager.users.matt =
{ ... }:
{
imports = [

53
hosts/pi4/boot.nix
View File

@@ -1,7 +1,4 @@
{ pkgs, lib, ... }:
let
# kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
in
{ pkgs, ... }:
{
boot = {
loader = {
@@ -10,53 +7,5 @@ in
};
plymouth.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
initrd.postDeviceCommands = ''
echo "Running pre-boot fs resize"
/sbin/e2fsck -f /dev/mmcblk1p3
/sbin/resize2fs /dev/mmcblk1p3
'';
};
# hardware.raspberry-pi.config = {
# all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
# options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
# in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# 8 and 10 on the 40-pin header)
# enable_uart = {
# enable = true;
# value = true;
# };
# https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
# enable debug logging to the UART, also automatically enables
# UART logging in `start.elf`
# uart_2ndstage = {
# enable = true;
# value = true;
# };
# };
# Base DTB parameters
# https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L1323
# base-dt-params = {
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
# pciex1 = {
# enable = true;
# value = "on";
# };
# PCIe Gen 3.0
# https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
# pciex1_gen = {
# enable = true;
# value = "3";
# };
# };
# };
# };
}

42
hosts/pi4/configuration.nix
View File

@@ -2,60 +2,22 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
let
user = "matt";
password = config.sops.secrets."desktop/matt_password".path;
# kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
in
{
imports = [
./adguard.nix
./boot.nix
./impermanence.nix
# ./hardware-configuration.nix
# ../../share/disko/default-hardware-config.nix
./networking.nix
# ./sops.nix
./sops.nix
../default.nix
];
programs.zsh.enable = true;
# Enable nix flakes and nix-command tools
# nix = {
# settings = {
# substituters = [
# "https://nixos-raspberrypi.cachix.org"
# ];
# trusted-public-keys = [
# "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# ];
# };
# };
# Configure nixpkgs
# nixpkgs = {
# overlays = lib.mkAfter [
# (self: super: {
# # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
# inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
# inherit (kernelBundle) raspberrypifw;
# })
# ];
# };
# system.nixos.tags = let
# cfg = config.boot.loader.raspberryPi;
# in [
# "raspberry-pi-${cfg.variant}"
# cfg.bootloader
# config.boot.kernelPackages.kernel.version
# ];
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];

74
hosts/pi4/hardware-configuration.nix
View File

@@ -1,74 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/BB3E-1C0D";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/BB27-527E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

62
hosts/pi4/home.nix
View File

@@ -26,40 +26,40 @@ in
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
# sops = {
# age.keyFile = "/home/matt/.config/sops/age/keys.txt";
# defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
# validateSopsFiles = false;
# secrets = {
# "ssh-keys-public/pi4" = {
# path = "/home/matt/.ssh/id_ed25519.pub";
# mode = "0644";
# };
# "ssh-keys-private/pi4" = {
# path = "/home/matt/.ssh/id_ed25519";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/matt/.ssh/authorized_keys";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/matt/.ssh/authorized_keys2";
mode = "0600";
};
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
"ssh-keys-public/desktop-windows" = {
path = "/home/matt/.ssh/authorized_keys3";
mode = "0600";
};
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
# };
# };
"ssh-keys-public/macbook-macos" = {
path = "/home/matt/.ssh/authorized_keys4";
mode = "0600";
};
};
};
programs = {
fish.enable = false;

8
hosts/pi4/impermanence.nix
View File

@@ -22,10 +22,10 @@
mode = "u=rwx,g=rx,o=rx";
}
];
# files = [
# "/etc/machine-id"
# { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
# ];
files = [
"/etc/machine-id"
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
security.sudo.extraConfig = ''

2
hosts/pi4/networking.nix
View File

@@ -24,7 +24,7 @@ in
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
# config.sops.secrets.wifi.path
config.sops.secrets.wifi.path
];
profiles = {