mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
70002a19e2d6543e952668facff2d75198e9dee3
nix-config/docs/systems/pi5.md
mjallen18 70002a19e2 hmm
2026-04-07 18:39:42 -05:00

1.6 KiB
Executable File
Raw Blame History

Raspberry Pi 5 (pi5)

systems/aarch64-linux/pi5/

Hardware

  • Board: Raspberry Pi 5
  • Boot: UEFI (via rpi5-uefi)
  • Storage: bcachefs
  • Connectivity: Ethernet (end0); Wi-Fi and Bluetooth disabled via device tree overlays

Key Features

  • Headless server (no display, no desktop)
  • Nebula VPN lighthouse — the central relay for the jallen-nebula overlay network
  • AdGuard Home DNS server (port 53)
  • Docker
  • Impermanence (ephemeral root)
  • Extensive Raspberry Pi device tree overlays configured (I²C, SPI, UART, SDIO, etc.)

Network

  • LAN IP: 10.0.1.2 (static, end0)
  • Gateway: 10.0.1.1
  • DNS: 1.1.1.1
  • Nebula: lighthouse at 10.1.1.1, listening on UDP 4242 (public: mjallen.dev:4242)
  • Firewall: TCP/UDP 53 open (DNS)

Nebula Lighthouse

The pi5 acts as the Nebula VPN lighthouse for the whole network. All other Nebula nodes connect to it to discover peers.

mjallen.services.nebula = {
  enable         = true;
  isLighthouse   = true;
  port           = 4242;
  secretsPrefix  = "pi5/nebula";
  secretsFile    = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
  hostSecretName = "lighthouse";
};

Services

Service Port Description
AdGuard Home 53 DNS ad-blocking
Nebula 4242 (UDP) VPN lighthouse

Configuration Files

File Purpose
default.nix Main config
boot.nix UEFI boot, kernel
adguard.nix AdGuard Home configuration
sops.nix Secret declarations (SSH keys, system keys)

Secrets

Secrets are in secrets/pi5-secrets.yaml, encrypted for: matt, matt_pi5, desktop, pi5, admin, jallen-nas.

Reference in New Issue View Git Blame Copy Permalink