diff --git a/flake.nix b/flake.nix index f72adea..7edaeaf 100755 --- a/flake.nix +++ b/flake.nix @@ -435,7 +435,7 @@ pi5-sops-nix.nixosModules.sops ./hosts/pi5/configuration.nix { - # Hardware specific configuration, see section below for a more complete + # Hardware specific configuration, see section below for a more complete # list of modules imports = with nixos-raspberrypi.nixosModules; [ raspberry-pi-5.base @@ -448,7 +448,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.users.matt = + home-manager.users.matt = { ... }: { imports = [ @@ -474,17 +474,8 @@ pi4-impermanence.nixosModules.impermanence pi4-sops-nix.nixosModules.sops ./hosts/pi4/configuration.nix - # { - # disko.imageBuilder = { - # enableBinfmt = true; - # pkgs = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux; - # kernelPackages = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux.linuxPackages_latest; - # }; - - # nixpkgs.hostPlatform = "aarch64-linux"; - # } #{ - # # Hardware specific configuration, see section below for a more complete + # # Hardware specific configuration, see section below for a more complete # # list of modules # imports = with nixos-raspberrypi.nixosModules; [ # raspberry-pi-4.base @@ -497,7 +488,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.users.matt = + home-manager.users.matt = { ... }: { imports = [ diff --git a/hosts/pi4/boot.nix b/hosts/pi4/boot.nix index e289c43..c0a4a6b 100755 --- a/hosts/pi4/boot.nix +++ b/hosts/pi4/boot.nix @@ -1,7 +1,4 @@ -{ pkgs, lib, ... }: -let -# kernelBundle = pkgs.linuxAndFirmware.v6_6_31; -in +{ pkgs, ... }: { boot = { loader = { @@ -10,53 +7,5 @@ in }; plymouth.enable = true; kernelPackages = pkgs.linuxPackages_latest; - initrd.postDeviceCommands = '' - echo "Running pre-boot fs resize" - /sbin/e2fsck -f /dev/mmcblk1p3 - /sbin/resize2fs /dev/mmcblk1p3 - ''; }; - -# hardware.raspberry-pi.config = { -# all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters - -# options = { - # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart - # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`) - # creates a serial console, accessible using GPIOs 14 and 15 (pins - # 8 and 10 on the 40-pin header) -# enable_uart = { -# enable = true; -# value = true; -# }; - # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage - # enable debug logging to the UART, also automatically enables - # UART logging in `start.elf` -# uart_2ndstage = { -# enable = true; - -# value = true; -# }; -# }; - - # Base DTB parameters - # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L1323 -# base-dt-params = { - - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie -# pciex1 = { -# enable = true; -# value = "on"; -# }; - # PCIe Gen 3.0 - # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0 -# pciex1_gen = { -# enable = true; -# value = "3"; -# }; - -# }; - -# }; -# }; } diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix index 207335e..f5c8e2d 100755 --- a/hosts/pi4/configuration.nix +++ b/hosts/pi4/configuration.nix @@ -2,60 +2,22 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: let user = "matt"; password = config.sops.secrets."desktop/matt_password".path; -# kernelBundle = pkgs.linuxAndFirmware.v6_6_31; in { imports = [ ./adguard.nix ./boot.nix ./impermanence.nix - # ./hardware-configuration.nix - # ../../share/disko/default-hardware-config.nix ./networking.nix -# ./sops.nix + ./sops.nix ../default.nix ]; programs.zsh.enable = true; - # Enable nix flakes and nix-command tools -# nix = { -# settings = { -# substituters = [ -# "https://nixos-raspberrypi.cachix.org" -# ]; -# trusted-public-keys = [ -# "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" -# ]; -# }; -# }; - - # Configure nixpkgs -# nixpkgs = { -# overlays = lib.mkAfter [ -# (self: super: { -# # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least - # enableRedistributableFirmware is enabled - # I know no easier way to override this package -# inherit (kernelBundle) raspberrypiWirelessFirmware; - # Some derivations want to use it as an input, - # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules -# inherit (kernelBundle) raspberrypifw; -# }) -# ]; -# }; - -# system.nixos.tags = let -# cfg = config.boot.loader.raspberryPi; -# in [ -# "raspberry-pi-${cfg.variant}" -# cfg.bootloader -# config.boot.kernelPackages.kernel.version -# ]; - systemd.services.btattach = { before = [ "bluetooth.service" ]; after = [ "dev-ttyAMA0.device" ]; diff --git a/hosts/pi4/hardware-configuration.nix b/hosts/pi4/hardware-configuration.nix deleted file mode 100644 index edfaa11..0000000 --- a/hosts/pi4/hardware-configuration.nix +++ /dev/null @@ -1,74 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BB3E-1C0D"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/boot/firmware" = - { device = "/dev/disk/by-uuid/BB27-527E"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/etc" = - { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655"; - fsType = "btrfs"; - options = [ "subvol=etc" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655"; - fsType = "btrfs"; - options = [ "subvol=log" ]; - }; - - fileSystems."/root" = - { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/pi4/home.nix b/hosts/pi4/home.nix index e3061b5..f836324 100755 --- a/hosts/pi4/home.nix +++ b/hosts/pi4/home.nix @@ -26,40 +26,40 @@ in home.homeDirectory = "/home/matt"; home.stateVersion = "23.11"; -# sops = { -# age.keyFile = "/home/matt/.config/sops/age/keys.txt"; -# defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; -# validateSopsFiles = false; -# secrets = { -# "ssh-keys-public/pi4" = { -# path = "/home/matt/.ssh/id_ed25519.pub"; -# mode = "0644"; -# }; -# "ssh-keys-private/pi4" = { -# path = "/home/matt/.ssh/id_ed25519"; -# mode = "0600"; -# }; -# "ssh-keys-public/desktop-nixos" = { -# path = "/home/matt/.ssh/authorized_keys"; -# mode = "0600"; -# }; + sops = { + age.keyFile = "/home/matt/.config/sops/age/keys.txt"; + defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + validateSopsFiles = false; + secrets = { + "ssh-keys-public/pi4" = { + path = "/home/matt/.ssh/id_ed25519.pub"; + mode = "0644"; + }; + "ssh-keys-private/pi4" = { + path = "/home/matt/.ssh/id_ed25519"; + mode = "0600"; + }; + "ssh-keys-public/desktop-nixos" = { + path = "/home/matt/.ssh/authorized_keys"; + mode = "0600"; + }; -# "ssh-keys-public/desktop-nixos-root" = { -# path = "/home/matt/.ssh/authorized_keys2"; -# mode = "0600"; -# }; + "ssh-keys-public/desktop-nixos-root" = { + path = "/home/matt/.ssh/authorized_keys2"; + mode = "0600"; + }; -# "ssh-keys-public/desktop-windows" = { -# path = "/home/matt/.ssh/authorized_keys3"; -# mode = "0600"; -# }; + "ssh-keys-public/desktop-windows" = { + path = "/home/matt/.ssh/authorized_keys3"; + mode = "0600"; + }; -# "ssh-keys-public/macbook-macos" = { -# path = "/home/matt/.ssh/authorized_keys4"; -# mode = "0600"; -# }; -# }; -# }; + "ssh-keys-public/macbook-macos" = { + path = "/home/matt/.ssh/authorized_keys4"; + mode = "0600"; + }; + }; + }; programs = { fish.enable = false; diff --git a/hosts/pi4/impermanence.nix b/hosts/pi4/impermanence.nix index 352c30b..a119696 100755 --- a/hosts/pi4/impermanence.nix +++ b/hosts/pi4/impermanence.nix @@ -22,10 +22,10 @@ mode = "u=rwx,g=rx,o=rx"; } ]; -# files = [ -# "/etc/machine-id" -# { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; } -# ]; + files = [ + "/etc/machine-id" + { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + ]; }; security.sudo.extraConfig = '' diff --git a/hosts/pi4/networking.nix b/hosts/pi4/networking.nix index 154b540..6968e62 100755 --- a/hosts/pi4/networking.nix +++ b/hosts/pi4/networking.nix @@ -24,7 +24,7 @@ in settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; ensureProfiles = { environmentFiles = [ -# config.sops.secrets.wifi.path + config.sops.secrets.wifi.path ]; profiles = {