# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { lib, namespace, ... }: { imports = [ ./adguard.nix ./boot.nix ./sops.nix ]; virtualisation.docker.enable = true; ${namespace} = { sops.enable = true; # ################################################### # # Impermanence # # # ################################################### impermanence = { enable = true; # extraDirectories = [ # { # directory = "/var/cache/ccache"; # user = "nobody"; # group = "nobody"; # mode = "u=rwx,g=rwx,o=rx"; # } # ]; }; # ################################################### # # Hardware # # # ################################################### hardware = { disko = { enable = true; firmware = { enableFirmware = true; }; }; raspberry-pi = { enable = true; variant = "5"; bootType = "uefi"; pwm.enable = false; disable-wifi.enable = false; modesetting.enable = false; i2c.enable = false; apply-overlays-dtmerge.enable = false; overlays = { pi5DisableWifi.enable = true; pi5DisableBluetooth.enable = true; pi5i2c0.enable = true; pi5i2c1.enable = true; pi5i2c2.enable = true; pi5i2c3.enable = true; pi5Sdio.enable = true; pi5Spi21cs.enable = true; pi5Spi22cs.enable = true; pi5Spi31cs.enable = true; pi5Spi32cs.enable = true; pi5Spi51cs.enable = true; pi5Spi52cs.enable = true; pi5Uart0.enable = true; pi5Uart1.enable = true; pi5Uart2.enable = true; pi5Uart3.enable = true; pi5Uart4.enable = true; pi5Vc4Kms.enable = true; bcm2712d0.enable = true; }; }; }; headless.enable = true; # ################################################### # # Desktop # # # ################################################### desktop.hyprland.enable = false; # ################################################### # # User # # # ################################################### user = { name = "matt"; mutableUsers = false; extraGroups = [ "docker" ]; }; # ################################################### # # Services # # # ################################################### services = { nebula = { enable = true; isLighthouse = true; port = 4242; secretsPrefix = "pi5/nebula"; secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"; hostSecretName = "lighthouse"; }; }; # ################################################### # # Network # # # ################################################### network = { hostName = "pi5"; ipv4 = { method = "manual"; address = "10.0.1.2/24"; gateway = "10.0.1.1"; dns = "1.1.1.1"; interface = "end0"; }; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; networkmanager = { profiles = { "static-end0" = { type = "ethernet"; }; }; }; }; }; # ################################################### # # FileSystems # # # ################################################### boot.supportedFilesystems = [ "bcachefs" ]; fileSystems."/etc".neededForBoot = true; programs.seahorse.enable = false; }