# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: let user = "matt"; password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; SSID = "Joey's Jungle 5G"; wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path; interface = "wlan0"; timezone = "America/Chicago"; hostname = "pi5"; kernelBundle = pkgs.linuxAndFirmware.v6_6_31; in { imports = [ ./boot.nix ./hardware-configuration.nix ./impermanence.nix ./networking.nix ./sops.nix ]; networking.networkmanager.enable = true; programs.zsh.enable = true; # Enable nix flakes and nix-command tools nix = { settings = { substituters = [ # "https://cache.mjallen.dev" "https://nixos-raspberrypi.cachix.org" "https://nix-community.cachix.org" "https://cache.nixos.org/" ]; trusted-public-keys = [ # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; warn-dirty = lib.mkForce false; experimental-features = lib.mkForce [ "nix-command" "flakes" ]; trusted-users = lib.mkDefault [ "root" "@wheel" user ]; }; }; # Configure nixpkgs nixpkgs = { # Enable non free config.allowUnfree = lib.mkForce true; overlays = lib.mkAfter [ (self: super: { # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least # enableRedistributableFirmware is enabled # I know no easier way to override this package inherit (kernelBundle) raspberrypiWirelessFirmware; # Some derivations want to use it as an input, # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules inherit (kernelBundle) raspberrypifw; }) ]; }; system.nixos.tags = let cfg = config.boot.loader.raspberryPi; in [ "raspberry-pi-${cfg.variant}" cfg.bootloader config.boot.kernelPackages.kernel.version ]; # Hardware configs hardware = { # Bluetooth bluetooth.enable = lib.mkDefault true; # Enable all firmware enableAllFirmware = lib.mkForce true; }; services.xserver = { enable = false; desktopManager = { budgie.enable = false; }; displayManager = { lightdm.enable = false; }; }; # Set your time zone. time.timeZone = timezone; systemd.services.btattach = { before = [ "bluetooth.service" ]; after = [ "dev-ttyAMA0.device" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; }; }; environment.systemPackages = with pkgs; [ argononed vim libraspberrypi raspberrypi-eeprom raspberrypifw raspberrypiWirelessFirmware raspberrypi-armstubs htop git ]; services.openssh.enable = true; programs.command-not-found.enable = lib.mkForce false; programs.nix-index = { enable = true; enableBashIntegration = false; enableZshIntegration = true; }; security = { rtkit.enable = lib.mkDefault true; # configure sudo sudo.enable = lib.mkDefault false; sudo-rs = { enable = lib.mkDefault true; extraRules = [ { commands = [ { command = "${pkgs.systemd}/bin/systemctl suspend"; options = [ "NOPASSWD" ]; } { command = "${pkgs.systemd}/bin/reboot"; options = [ "NOPASSWD" ]; } { command = "${pkgs.systemd}/bin/poweroff"; options = [ "NOPASSWD" ]; } ]; groups = [ "wheel" ]; } ]; }; }; users = { mutableUsers = false; users."${user}" = { isNormalUser = true; initialHashedPassword = password; extraGroups = [ "wheel" "docker" ]; shell = pkgs.zsh; }; }; }