nix-config/systems/aarch64-linux/pi4/default.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  lib,
  pkgs,
  namespace,
  ...
}:
let
  kernelBundle = pkgs.linuxAndFirmware.latest;
in
{
  imports = [
    ./adguard.nix
    ./boot.nix
    # ./networking.nix - moved to modules/nixos/network
    ./sops.nix
  ];

  ${namespace} = {
    hardware.disko.enable = true;
    user = {
      name = "matt";
      password = "BogieDudie1";
      mutableUsers = false;
      extraGroups = [
        "docker"
        "video"
      ];
    };
    network = {
      hostName = "pi4";
      ipv4 = {
        method = "manual";
        address = "10.0.1.2/24";
        gateway = "10.0.1.1";
        dns = "1.1.1.1";
      };
      firewall = {
        enable = true;
        allowPing = true;
        allowedTCPPorts = [ 53 ];
        allowedUDPPorts = [ 53 ];
      };
      wifi = {
        enable = true;
        powersave = false;
      };
    };
  };

  # Configure nixpkgs
  nixpkgs = {
    overlays = lib.mkAfter [
      (_self: _super: {
        # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
        # enableRedistributableFirmware is enabled
        # I know no easier way to override this package
        inherit (kernelBundle) raspberrypiWirelessFirmware;
        # Some derivations want to use it as an input,
        # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
        inherit (kernelBundle) raspberrypifw;
      })
    ];
  };
  hardware.i2c.enable = true;

  systemd.services.btattach = {
    before = [ "bluetooth.service" ];
    after = [ "dev-ttyAMA0.device" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
    };
  };

  environment = {
    systemPackages = with pkgs; [
      i2c-tools
      libraspberrypi
      raspberrypi-eeprom
      raspberrypifw
      raspberrypiWirelessFirmware
      raspberrypi-armstubs
    ];
  };

  # Root user configuration - explicit to avoid conflicts with home-manager
  users.users.root = {
    isSystemUser = true;
    isNormalUser = false;
    shell = pkgs.zsh;
  };

  programs = {
    kdeconnect.enable = false;
  };
}