mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
9c326f576865844f539a5404a421e762bd149d89
nix-config/systems/aarch64-linux/pi5/default.nix
Matt Jallen 9c326f5768 neb
2026-04-08 17:36:21 -05:00

210 lines
5.2 KiB
Nix
Executable File
Raw Blame History

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
namespace,
...
}:
let
net = lib.${namespace}.network;
in
{
imports = [
./adguard.nix
./boot.nix
./sops.nix
];
virtualisation.docker.enable = true;
${namespace} = {
sops.enable = true;
# ###################################################
# # Impermanence # #
# ###################################################
impermanence = {
enable = true;
# extraDirectories = [
# {
# directory = "/var/cache/ccache";
# user = "nobody";
# group = "nobody";
# mode = "u=rwx,g=rwx,o=rx";
# }
# ];
};
# ###################################################
# # Hardware # #
# ###################################################
hardware = {
disko = {
enable = true;
firmware = {
enableFirmware = true;
};
};
raspberry-pi = {
enable = true;
variant = "5";
bootType = "uefi";
pwm.enable = false;
disable-wifi.enable = false;
modesetting.enable = false;
i2c.enable = false;
apply-overlays-dtmerge.enable = false;
overlays = {
pi5DisableWifi.enable = true;
pi5DisableBluetooth.enable = true;
pi5i2c0.enable = true;
pi5i2c1.enable = true;
pi5i2c2.enable = true;
pi5i2c3.enable = true;
pi5Sdio.enable = true;
pi5Spi21cs.enable = true;
pi5Spi22cs.enable = true;
pi5Spi31cs.enable = true;
pi5Spi32cs.enable = true;
pi5Spi51cs.enable = true;
pi5Spi52cs.enable = true;
pi5Uart0.enable = true;
pi5Uart1.enable = true;
pi5Uart2.enable = true;
pi5Uart3.enable = true;
pi5Uart4.enable = true;
pi5Vc4Kms.enable = true;
bcm2712d0.enable = true;
};
};
};
headless.enable = true;
# ###################################################
# # Desktop # #
# ###################################################
desktop.hyprland.enable = false;
# ###################################################
# # User # #
# ###################################################
user = {
name = "matt";
mutableUsers = false;
extraGroups = [ "docker" ];
};
# ###################################################
# # Services # #
# ###################################################
services = {
attic = {
enable = true;
port = net.ports.pi5.attic;
listenAddress = "[::]";
environmentFile = "/run/secrets/pi5/attic-key";
configDir = "/mnt/attic-store";
};
nebula = {
enable = true;
isLighthouse = true;
port = 4242;
secretsPrefix = "pi5/nebula";
secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
hostSecretName = "lighthouse";
stats = {
enable = true;
listenAddress = "0.0.0.0";
statsPort = 8474;
};
};
nebula-ui = {
enable = true;
port = 8473;
networkName = "jallen-nebula";
caCertSecretKey = "pi5/nebula/ca-cert";
caKeySecretKey = "pi5/nebula/ca-key";
secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
statsListenAddress = "0.0.0.0";
statsPort = 8474;
reverseProxy = {
enable = true;
subdomain = "nebula";
};
};
};
# ###################################################
# # Network # #
# ###################################################
network = {
hostName = net.hosts.pi5.hostname;
ipv4 = {
inherit (net.hosts.pi5) gateway;
method = "manual";
address = net.hosts.pi5.lan4;
dns = "1.1.1.1";
interface = "end0";
};
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
53
net.ports.pi5.attic
];
allowedUDPPorts = [ 53 ];
};
networkmanager.profiles = {
"static-end0" = {
type = "ethernet";
interface = "end0";
};
};
};
};
# ###################################################
# # FileSystems # #
# ###################################################
fileSystems."/mnt/attic-store" = {
device = "/dev/disk/by-uuid/E81DBFCC-066E-46A3-8018-AA3BF4573074";
fsType = "xfs";
options = [
"defaults"
"noatime"
"nofail"
];
};
users = {
users = {
atticd = {
isSystemUser = true;
group = "atticd";
extraGroups = [ "keys" ];
};
};
groups = {
atticd = { };
};
};
boot.supportedFilesystems = [ "bcachefs" ];
programs.seahorse.enable = false;
}
Reference in New Issue View Git Blame Copy Permalink