mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
62736ed77c4b434b831bbc442f7bf505181c9fd2
nix-config/systems/aarch64-linux/pi5/default.nix
Matt Jallen 06c1ae13df config cleanups
2026-03-27 13:29:45 -05:00

153 lines
4.0 KiB
Nix
Raw Blame History

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
namespace,
...
}:
{
imports = [
./adguard.nix
./boot.nix
./sops.nix
];
virtualisation.docker.enable = true;
${namespace} = {
sops.enable = true;
# ###################################################
# # Impermanence # #
# ###################################################
impermanence = {
enable = true;
# extraDirectories = [
# {
# directory = "/var/cache/ccache";
# user = "nobody";
# group = "nobody";
# mode = "u=rwx,g=rwx,o=rx";
# }
# ];
};
# ###################################################
# # Hardware # #
# ###################################################
hardware = {
disko = {
enable = true;
firmware = {
enableFirmware = true;
};
};
raspberry-pi = {
enable = true;
variant = "5";
bootType = "uefi";
pwm.enable = false;
disable-wifi.enable = false;
modesetting.enable = false;
i2c.enable = false;
apply-overlays-dtmerge.enable = false;
overlays = {
pi5DisableWifi.enable = true;
pi5DisableBluetooth.enable = true;
pi5i2c0.enable = true;
pi5i2c1.enable = true;
pi5i2c2.enable = true;
pi5i2c3.enable = true;
pi5Sdio.enable = true;
pi5Spi21cs.enable = true;
pi5Spi22cs.enable = true;
pi5Spi31cs.enable = true;
pi5Spi32cs.enable = true;
pi5Spi51cs.enable = true;
pi5Spi52cs.enable = true;
pi5Uart0.enable = true;
pi5Uart1.enable = true;
pi5Uart2.enable = true;
pi5Uart3.enable = true;
pi5Uart4.enable = true;
pi5Vc4Kms.enable = true;
bcm2712d0.enable = true;
};
};
};
headless.enable = true;
# ###################################################
# # Desktop # #
# ###################################################
desktop.hyprland.enable = false;
# ###################################################
# # User # #
# ###################################################
user = {
name = "matt";
mutableUsers = false;
extraGroups = [ "docker" ];
};
# ###################################################
# # Services # #
# ###################################################
services = {
nebula = {
enable = true;
isLighthouse = true;
port = 4242;
secretsPrefix = "pi5/nebula";
secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
hostSecretName = "lighthouse";
};
};
# ###################################################
# # Network # #
# ###################################################
network = {
hostName = "pi5";
ipv4 = {
method = "manual";
address = "10.0.1.2/24";
gateway = "10.0.1.1";
dns = "1.1.1.1";
interface = "end0";
};
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
networkmanager.profiles = {
"static-end0" = {
type = "ethernet";
interface = "end0";
};
};
};
};
# ###################################################
# # FileSystems # #
# ###################################################
boot.supportedFilesystems = [ "bcachefs" ];
programs.seahorse.enable = false;
}
Reference in New Issue View Git Blame Copy Permalink