diff --git a/flake.lock b/flake.lock index 37a1826..836d9c9 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1677676435, @@ -136,6 +151,7 @@ "agenix": "agenix", "firefox-gnome-theme": "firefox-gnome-theme", "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "secrets": "secrets", "thunderbird-gnome-theme": "thunderbird-gnome-theme" diff --git a/flake.nix b/flake.nix index 8e05514..35baae4 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,7 @@ url = "github:rafaelmardojai/firefox-gnome-theme"; flake = false; }; + nixos-hardware.url = "github:NixOS/nixos-hardware"; secrets = { url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; flake = false; @@ -22,7 +23,7 @@ }; }; - outputs = inputs @ { self, nixpkgs, agenix, home-manager, secrets, ... }: + outputs = inputs @ { self, nixpkgs, agenix, home-manager, nixos-hardware, secrets, ... }: let nixpkgsForSystem = system: inputs.nixpkgs; overlays = [ @@ -34,7 +35,7 @@ home-manager.nixosModule ./modules ]; - nixosSystem = system: name: + nixosSystem = { system, name, extraModules ? [] }: let nixpkgs = nixpkgsForSystem system; lib = (import nixpkgs { inherit overlays system; }).lib; @@ -56,15 +57,17 @@ }; }) ./hosts/${name} - ]; + ] ++ extraModules; }; - nixosConfigurations = { - atlas = nixosSystem "x86_64-linux" "atlas"; - eos = nixosSystem "x86_64-linux" "eos"; - helios = nixosSystem "x86_64-linux" "helios"; - odyssey = nixosSystem "x86_64-linux" "odyssey"; - }; in - { inherit nixosConfigurations; }; + { + nixosConfigurations = { + atlas = nixosSystem { system = "x86_64-linux"; name = "atlas"; }; + eos = nixosSystem { system = "x86_64-linux"; name = "eos"; }; + helios = nixosSystem { system = "x86_64-linux"; name = "helios"; }; + odyssey = nixosSystem { system = "x86_64-linux"; name = "odyssey"; }; + pi = nixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; + }; + }; } diff --git a/hosts/pi/README.md b/hosts/pi/README.md new file mode 100644 index 0000000..aebe82b --- /dev/null +++ b/hosts/pi/README.md @@ -0,0 +1,18 @@ +# Pi + +## Overview +Raspberry Pi 4 + +## Specs +* SoC - Broadcom BCM2711 +* CPU - ARM Cortex-A72 @ 1.8 GHz +* Memory - 8 GB LPDDR4 + +### Disks +Device | Partitions _(filesystem, usage)_ +--- | --- +SD card | `/dev/sda1` (ext4, NixOS Root) + +### Networks +- DHCP on `10.0.1.0/24` subnet. +- Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`. diff --git a/hosts/pi/default.nix b/hosts/pi/default.nix new file mode 100644 index 0000000..afc9a59 --- /dev/null +++ b/hosts/pi/default.nix @@ -0,0 +1,79 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../server.nix + ]; + + networking.hostId = "731d1660"; + + hardware = { + raspberry-pi."4" = { + apply-overlays-dtmerge.enable = true; + audio.enable = false; + fkms-3d.enable = true; + xhci.enable = true; + }; + deviceTree = { + enable = true; + overlays = [ + { name = "hifiberry-digi-pro"; dtboFile = "${pkgs.device-tree_rpi.overlays}/hifiberry-digi-pro.dtbo"; } + ]; + }; + firmware = with pkgs; [ + firmwareLinuxNonfree + wireless-regdb + ]; + }; + + sound.enable = true; + console.enable = false; + + age.secrets."passwords/networks.age" = { + file = "${inputs.secrets}/passwords/networks.age"; + }; + + networking = { + wireless = { + enable = true; + interfaces = [ "wlan0" ]; + environmentFile = config.age.secrets."passwords/networks.age".path; + networks = { + "Apollo 600 Mbps".psk = "@PSK_APOLLO@"; + }; + }; + }; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + systemWide = true; + }; + + services.shairport-sync = { + enable = true; + group = "pipewire"; + openFirewall = true; + }; + + services.zigbee2mqtt = { + enable = true; + settings = { + homeassistant = true; + frontend = true; + permit_join = true; + }; + }; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; + + system.stateVersion = "22.11"; +} + diff --git a/hosts/pi/hardware-configuration.nix b/hosts/pi/hardware-configuration.nix new file mode 100644 index 0000000..4fef963 --- /dev/null +++ b/hosts/pi/hardware-configuration.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + ]; + + boot = { + # Stop ZFS kernel being built + supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ]; + tmp.cleanOnBoot = true; + }; + + # Fix missing modules + # https://github.com/NixOS/nixpkgs/issues/154163 + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; +} + diff --git a/hosts/server.nix b/hosts/server.nix index f957a59..1c4ec85 100644 --- a/hosts/server.nix +++ b/hosts/server.nix @@ -18,6 +18,8 @@ console.keyMap = "uk"; + documentation.enable = false; + services.openssh = { enable = true; settings = {