# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { lib, namespace, ... }: let net = lib.${namespace}.network; in { imports = [ ./adguard.nix ./boot.nix ./sops.nix ]; virtualisation.docker.enable = true; ${namespace} = { sops.enable = true; # ################################################### # # Impermanence # # # ################################################### impermanence = { enable = true; # extraDirectories = [ # { # directory = "/var/cache/ccache"; # user = "nobody"; # group = "nobody"; # mode = "u=rwx,g=rwx,o=rx"; # } # ]; }; # ################################################### # # Hardware # # # ################################################### hardware = { disko = { enable = true; firmware = { enableFirmware = true; }; }; raspberry-pi = { enable = true; variant = "5"; bootType = "uefi"; pwm.enable = false; disable-wifi.enable = false; modesetting.enable = false; i2c.enable = false; apply-overlays-dtmerge.enable = false; overlays = { pi5DisableWifi.enable = true; pi5DisableBluetooth.enable = true; pi5i2c0.enable = true; pi5i2c1.enable = true; pi5i2c2.enable = true; pi5i2c3.enable = true; pi5Sdio.enable = true; pi5Spi21cs.enable = true; pi5Spi22cs.enable = true; pi5Spi31cs.enable = true; pi5Spi32cs.enable = true; pi5Spi51cs.enable = true; pi5Spi52cs.enable = true; pi5Uart0.enable = true; pi5Uart1.enable = true; pi5Uart2.enable = true; pi5Uart3.enable = true; pi5Uart4.enable = true; pi5Vc4Kms.enable = true; bcm2712d0.enable = true; }; }; }; headless.enable = true; # ################################################### # # Desktop # # # ################################################### desktop.hyprland.enable = false; # ################################################### # # User # # # ################################################### user = { name = "matt"; mutableUsers = false; extraGroups = [ "docker" ]; }; # ################################################### # # Services # # # ################################################### services = { attic = { enable = true; port = net.ports.pi5.attic; listenAddress = "[::]"; environmentFile = "/run/secrets/pi5/attic-key"; configDir = "/mnt/attic-store"; }; nebula = { enable = true; isLighthouse = true; port = 4242; secretsPrefix = "pi5/nebula"; secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"; hostSecretName = "lighthouse"; stats = { enable = true; listenAddress = "127.0.0.1"; statsPort = 8474; }; }; nebula-ui = { enable = true; port = 8473; networkName = "jallen-nebula"; caCertSecretKey = "pi5/nebula/ca-cert"; caKeySecretKey = "pi5/nebula/ca-key"; secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"; statsListenAddress = "127.0.0.1"; statsPort = 8474; reverseProxy = { enable = true; subdomain = "nebula"; }; }; }; # ################################################### # # Network # # # ################################################### network = { hostName = net.hosts.pi5.hostname; ipv4 = { inherit (net.hosts.pi5) gateway; method = "manual"; address = net.hosts.pi5.lan4; dns = "1.1.1.1"; interface = "end0"; }; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 53 net.ports.pi5.attic ]; allowedUDPPorts = [ 53 ]; }; networkmanager.profiles = { "static-end0" = { type = "ethernet"; interface = "end0"; }; }; }; }; # ################################################### # # FileSystems # # # ################################################### fileSystems."/mnt/attic-store" = { device = "/dev/disk/by-uuid/E81DBFCC-066E-46A3-8018-AA3BF4573074"; fsType = "xfs"; options = [ "defaults" "noatime" "nofail" ]; }; boot.supportedFilesystems = [ "bcachefs" ]; programs.seahorse.enable = false; }