me/nix-system-configurations
1
0
Fork 0
Code Activity
nix-system-configurations/nixos/raspi/configuration.nix

177 lines
4.4 KiB
Nix
Raw Permalink Blame History

# SPDX-FileCopyrightText: 2025 Ethan Reece <contact@ethanreece.com>
#
# SPDX-License-Identifier: MIT
{
inputs,
lib,
pkgs,
...
}:
let
username = "ethanreece";
homeDirectory = "/home/${username}";
disk-labels = {
boot = "NIXOS_BOOT";
firmware = "NIXOS_FW";
luks = "NIXOS_LUKS";
root = "NIXOS_ROOT";
};
in
{
programs = {
git.enable = true;
vim.enable = true;
};
services = {
btrfs.autoScrub.enable = true;
openssh.enable = true;
};
hardware.enableRedistributableFirmware = true;
boot = {
kernel.sysctl = {
"kernel.randomize_va_space" = 0; # Disable ASLR
};
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
supportedFilesystems = [ "btrfs" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
initrd = {
luks.devices.luksroot = {
device = "/dev/disk/by-label/NIXOS_LUKS";
preLVM = true;
allowDiscards = true;
};
# SPDX-SnippetBegin
# SPDX-License-Identifier: MIT
# SPDX-SnippetCopyrightText: 2018, 2019, 2022-2024 Nix community projects <https://github.com/nix-community/disko/blob/545aba02960caa78a31bd9a8709a0ad4b6320a5c/README.md>
postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/disk/by-label/${disk-labels.root} /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
# SPDX-SnippetEnd
};
};
environment = {
systemPackages = [
pkgs.age
pkgs.btrfs-progs
pkgs.cryptsetup
pkgs.lvm2
pkgs.nerd-fonts.jetbrains-mono
pkgs.shadow
pkgs.speedtest-cli
pkgs.uutils-coreutils-noprefix
pkgs.wget
];
persistence."/persistent" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
];
files = [
"/etc/machine-id"
{
file = "/var/keys/secret_file";
parentDirectory = {
mode = "u=rwx,g=,o=";
};
}
];
};
};
# fileSystems = {
# "/" = {
# device = "/dev/disk/by-label/NIXOS_ROOT";
# fsType = "btrfs";
# options = [ "subvol=root" ];
# };
# "/persistent" = {
# device = "/dev/disk/by-label/NIXOS_ROOT";
# neededForBoot = true;
# fsType = "btrfs";
# options = [ "subvol=persistent" ];
# };
# "/nix" = {
# device = "/dev/disk/by-label/NIXOS_ROOT";
# fsType = "btrfs";
# options = [ "subvol=nix" ];
# };
# "/boot" = {
# device = "/dev/disk/by-label/NIXOS_BOOT";
# fsType = "vfat";
# };
# "/firmware" = {
# device = "/dev/disk/by-label/NIXOS_FW";
# fsType = "vfat";
# };
# };
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs username homeDirectory; };
users.${username} = {
imports = [
../../home-manager/raspi/impermanence.nix
../../home-manager/raspi/home.nix
];
};
};
networking = {
hostName = "raspi-nixos-edr220000";
wireless = {
enable = true;
interfaces = "wlan0";
};
firewall = {
enable = true;
};
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "JetBrains Mono Nerd Font";
keymap = "us";
};
users.users.${username} = {
extraGroups = [
"wheel"
"networkmanager"
];
isNormalUser = true;
};
system.stateVersion = "23.11";
}
View git blame Copy permalink