nix-config/systems/aarch64-linux/pi4/default.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  pkgs,
  namespace,
  ...
}:
{
  imports = [
    ./adguard.nix
    ./boot.nix
    ./sops.nix
  ];

  nixpkgs.overlays = [
    (_self: super: {
      # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
      # enableRedistributableFirmware is enabled
      inherit (super) raspberrypiWirelessFirmware;
      # Some derivations want to use it as an input,
      # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
      inherit (super) raspberrypifw;
    })
  ];

  ${namespace} = {
    impermanence.enable = true;
    hardware = {
      disko = {
        enable = true;
        enableFirmware = true;
      };
      raspberry-pi = {
        enable = true;
        variant = "4";
      };
    };
    user = {
      name = "matt";
      mutableUsers = false;
      extraGroups = [
        "docker"
        "video"
      ];
    };
    network = {
      hostName = "pi4";
      ipv4 = {
        interface = "end0";
        method = "manual";
        address = "10.0.1.2/24";
        gateway = "10.0.1.1";
        dns = "1.1.1.1";
      };
      firewall = {
        enable = true;
        allowPing = true;
        allowedTCPPorts = [ 53 ];
        allowedUDPPorts = [ 53 ];
      };
      networkmanager = {
        profiles = {
          "static-end0" = {
            type = "ethernet";
          };
        };
      };
    };
  };

  services.kmscon = {
    enable = true;
    hwRender = true;
    fonts = [
      {
        name = "JetBrainsMono NFM";
        package = pkgs.nerd-fonts.jetbrains-mono;
      }
    ];
  };

  virtualisation = {
    docker.enable = false;
    podman.enable = false;
    waydroid.enable = false;
    libvirtd.enable = false;
  };

  # Root user configuration - explicit to avoid conflicts with home-manager
  users.users.root = {
    isSystemUser = true;
    isNormalUser = false;
  };
}