# SPDX-FileCopyrightText: 2025 Ethan Reece # # SPDX-License-Identifier: MIT { inputs, lib, pkgs, ... }: let username = "ethanreece"; homeDirectory = "/home/${username}"; disk-labels = { boot = "NIXOS_BOOT"; firmware = "NIXOS_FW"; luks = "NIXOS_LUKS"; root = "NIXOS_ROOT"; }; in { programs = { git.enable = true; vim.enable = true; }; services = { btrfs.autoScrub.enable = true; openssh.enable = true; }; hardware.enableRedistributableFirmware = true; boot = { kernel.sysctl = { "kernel.randomize_va_space" = 0; # Disable ASLR }; kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; supportedFilesystems = [ "btrfs" ]; loader = { grub.enable = false; generic-extlinux-compatible.enable = true; }; initrd = { luks.devices.luksroot = { device = "/dev/disk/by-label/NIXOS_LUKS"; preLVM = true; allowDiscards = true; }; # SPDX-SnippetBegin # SPDX-License-Identifier: MIT # SPDX-SnippetCopyrightText: 2018, 2019, 2022-2024 Nix community projects postResumeCommands = lib.mkAfter '' mkdir /btrfs_tmp mount /dev/disk/by-label/${disk-labels.root} /btrfs_tmp if [[ -e /btrfs_tmp/root ]]; then mkdir -p /btrfs_tmp/old_roots timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" fi delete_subvolume_recursively() { IFS=$'\n' for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do delete_subvolume_recursively "/btrfs_tmp/$i" done btrfs subvolume delete "$1" } for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively "$i" done btrfs subvolume create /btrfs_tmp/root umount /btrfs_tmp ''; # SPDX-SnippetEnd }; }; environment = { systemPackages = [ pkgs.age pkgs.btrfs-progs pkgs.cryptsetup pkgs.lvm2 pkgs.nerd-fonts.jetbrains-mono pkgs.shadow pkgs.speedtest-cli pkgs.uutils-coreutils-noprefix pkgs.wget ]; persistence."/persistent" = { enable = true; hideMounts = true; directories = [ "/var/log" "/var/lib/bluetooth" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; } ]; files = [ "/etc/machine-id" { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } ]; }; }; # fileSystems = { # "/" = { # device = "/dev/disk/by-label/NIXOS_ROOT"; # fsType = "btrfs"; # options = [ "subvol=root" ]; # }; # "/persistent" = { # device = "/dev/disk/by-label/NIXOS_ROOT"; # neededForBoot = true; # fsType = "btrfs"; # options = [ "subvol=persistent" ]; # }; # "/nix" = { # device = "/dev/disk/by-label/NIXOS_ROOT"; # fsType = "btrfs"; # options = [ "subvol=nix" ]; # }; # "/boot" = { # device = "/dev/disk/by-label/NIXOS_BOOT"; # fsType = "vfat"; # }; # "/firmware" = { # device = "/dev/disk/by-label/NIXOS_FW"; # fsType = "vfat"; # }; # }; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { inherit inputs username homeDirectory; }; users.${username} = { imports = [ ../../home-manager/raspi/impermanence.nix ../../home-manager/raspi/home.nix ]; }; }; networking = { hostName = "raspi-nixos-edr220000"; wireless = { enable = true; interfaces = "wlan0"; }; firewall = { enable = true; }; }; time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "JetBrains Mono Nerd Font"; keymap = "us"; }; users.users.${username} = { extraGroups = [ "wheel" "networkmanager" ]; isNormalUser = true; }; system.stateVersion = "23.11"; }