pi4 cleanup

2025-05-18 18:57:47 -05:00
parent 0e43e68a94
commit f486116c64
7 changed files with 43 additions and 215 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -435,7 +435,7 @@
            pi5-sops-nix.nixosModules.sops
            ./hosts/pi5/configuration.nix
            {
-              # Hardware specific configuration, see section below for a more complete 
+              # Hardware specific configuration, see section below for a more complete
              # list of modules
              imports = with nixos-raspberrypi.nixosModules; [
                raspberry-pi-5.base
@@ -448,7 +448,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.backupFileExtension = "backup";
-              home-manager.users.matt = 
+              home-manager.users.matt =
                { ... }:
                {
                  imports = [
@@ -474,17 +474,8 @@
            pi4-impermanence.nixosModules.impermanence
            pi4-sops-nix.nixosModules.sops
            ./hosts/pi4/configuration.nix
            # {
            #     disko.imageBuilder = {
            #       enableBinfmt = true;
            #       pkgs = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux;
            #       kernelPackages = inputs.pi4-nixpkgs.legacyPackages.x86_64-linux.linuxPackages_latest;
            #   };
            #   nixpkgs.hostPlatform = "aarch64-linux";
            # }
            #{
-            #  # Hardware specific configuration, see section below for a more complete 
+            #  # Hardware specific configuration, see section below for a more complete
            #  # list of modules
            #  imports = with nixos-raspberrypi.nixosModules; [
            #    raspberry-pi-4.base
@@ -497,7 +488,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.backupFileExtension = "backup";
-              home-manager.users.matt = 
+              home-manager.users.matt =
                { ... }:
                {
                  imports = [
--- a/hosts/pi4/boot.nix
+++ b/hosts/pi4/boot.nix
@@ -1,7 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, ... }:
 let
 #  kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
 in
 {
  boot = {
    loader = {
@@ -10,53 +7,5 @@ in
    };
    plymouth.enable = true;
    kernelPackages = pkgs.linuxPackages_latest;
    initrd.postDeviceCommands = ''
        echo "Running pre-boot fs resize"
        /sbin/e2fsck -f /dev/mmcblk1p3
        /sbin/resize2fs /dev/mmcblk1p3
      '';
  };
 #  hardware.raspberry-pi.config = {
 #    all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
 #      options = {
        # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
        # in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
        # creates a serial console, accessible using GPIOs 14 and 15 (pins 
        #  8 and 10 on the 40-pin header)
 #        enable_uart = {
 #          enable = true;
 #          value = true;
 #        };
        # https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
        # enable debug logging to the UART, also automatically enables 
        # UART logging in `start.elf`
 #        uart_2ndstage = {
 #          enable = true;
 #          value = true;
 #        };
 #      };
      # Base DTB parameters
      # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L1323
 #      base-dt-params = {
        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
 #        pciex1 = {
 #          enable = true;
 #          value = "on";
 #        };
        # PCIe Gen 3.0
        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
 #        pciex1_gen = {
 #          enable = true;
 #          value = "3";
 #        };
 #      };
 #    };
 #  };
 }
--- a/hosts/pi4/configuration.nix
+++ b/hosts/pi4/configuration.nix
@@ -2,60 +2,22 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 let
  user = "matt";
  password = config.sops.secrets."desktop/matt_password".path;
 #  kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
 in
 {
  imports = [
    ./adguard.nix
    ./boot.nix
    ./impermanence.nix
    # ./hardware-configuration.nix
    # ../../share/disko/default-hardware-config.nix
    ./networking.nix
-#    ./sops.nix
+   ./sops.nix
    ../default.nix
  ];
  programs.zsh.enable = true;
  # Enable nix flakes and nix-command tools
 #  nix = {
 #    settings = {
 #      substituters = [
 #        "https://nixos-raspberrypi.cachix.org"
 #      ];
 #      trusted-public-keys = [
 #        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
 #      ];
 #    };
 #  };
  # Configure nixpkgs
 #  nixpkgs = {
 #    overlays = lib.mkAfter [
 #      (self: super: {
 #        # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least 
        # enableRedistributableFirmware is enabled
        # I know no easier way to override this package
 #        inherit (kernelBundle) raspberrypiWirelessFirmware;
        # Some derivations want to use it as an input,
        # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
 #        inherit (kernelBundle) raspberrypifw;
 #      })
 #    ];
 #  };
 #  system.nixos.tags = let
 #    cfg = config.boot.loader.raspberryPi;
 #  in [
 #    "raspberry-pi-${cfg.variant}"
 #    cfg.bootloader
 #    config.boot.kernelPackages.kernel.version
 #  ];
  systemd.services.btattach = {
    before = [ "bluetooth.service" ];
    after = [ "dev-ttyAMA0.device" ];
--- a/hosts/pi4/hardware-configuration.nix
+++ b/hosts/pi4/hardware-configuration.nix
@@ -1,74 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "none";
      fsType = "tmpfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/BB3E-1C0D";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  fileSystems."/boot/firmware" =
    { device = "/dev/disk/by-uuid/BB27-527E";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
      fsType = "btrfs";
      options = [ "subvol=nix" ];
    };
  fileSystems."/etc" =
    { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
      fsType = "btrfs";
      options = [ "subvol=etc" ];
    };
  fileSystems."/var/log" =
    { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
      fsType = "btrfs";
      options = [ "subvol=log" ];
    };
  fileSystems."/root" =
    { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
      fsType = "btrfs";
      options = [ "subvol=root" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-uuid/683f2c98-9802-44bb-bd89-69ad960b8655";
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/hosts/pi4/home.nix
+++ b/hosts/pi4/home.nix
@@ -26,40 +26,40 @@ in
  home.homeDirectory = "/home/matt";
  home.stateVersion = "23.11";
-#  sops = {
+ sops = {
-#    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
+   age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-#    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+   defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-#    validateSopsFiles = false;
+   validateSopsFiles = false;
-#    secrets = {
+   secrets = {
-#      "ssh-keys-public/pi4" = {
+     "ssh-keys-public/pi4" = {
-#        path = "/home/matt/.ssh/id_ed25519.pub";
+       path = "/home/matt/.ssh/id_ed25519.pub";
-#        mode = "0644";
+       mode = "0644";
-#      };
+     };
-#      "ssh-keys-private/pi4" = {
+     "ssh-keys-private/pi4" = {
-#        path = "/home/matt/.ssh/id_ed25519";
+       path = "/home/matt/.ssh/id_ed25519";
-#        mode = "0600";
+       mode = "0600";
-#      };
+     };
-#      "ssh-keys-public/desktop-nixos" = {
+     "ssh-keys-public/desktop-nixos" = {
-#        path = "/home/matt/.ssh/authorized_keys";
+       path = "/home/matt/.ssh/authorized_keys";
-#        mode = "0600";
+       mode = "0600";
-#      };
+     };
-#      "ssh-keys-public/desktop-nixos-root" = {
+     "ssh-keys-public/desktop-nixos-root" = {
-#        path = "/home/matt/.ssh/authorized_keys2";
+       path = "/home/matt/.ssh/authorized_keys2";
-#        mode = "0600";
+       mode = "0600";
-#      };
+     };
-#      "ssh-keys-public/desktop-windows" = {
+     "ssh-keys-public/desktop-windows" = {
-#        path = "/home/matt/.ssh/authorized_keys3";
+       path = "/home/matt/.ssh/authorized_keys3";
-#        mode = "0600";
+       mode = "0600";
-#      };
+     };
-#      "ssh-keys-public/macbook-macos" = {
+     "ssh-keys-public/macbook-macos" = {
-#        path = "/home/matt/.ssh/authorized_keys4";
+       path = "/home/matt/.ssh/authorized_keys4";
-#        mode = "0600";
+       mode = "0600";
-#      };
+     };
-#    };
+   };
-#  };
+ };
  programs = {
    fish.enable = false;
--- a/hosts/pi4/impermanence.nix
+++ b/hosts/pi4/impermanence.nix
@@ -22,10 +22,10 @@
        mode = "u=rwx,g=rx,o=rx";
      }
    ];
-#    files = [
+   files = [
-#      "/etc/machine-id"
+     "/etc/machine-id"
-#      { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+     { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
-#    ];
+   ];
  };
  security.sudo.extraConfig = ''
--- a/hosts/pi4/networking.nix
+++ b/hosts/pi4/networking.nix
@@ -24,7 +24,7 @@ in
      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
      ensureProfiles = {
        environmentFiles = [
-#          config.sops.secrets.wifi.path
+         config.sops.secrets.wifi.path
        ];
        profiles = {