Merge pull request 'rp5' (#10 ) from rp5 into main

Reviewed-on: #10
rp5: working adguardhome!
2024-11-25 22:33:27 +01:00 · 2024-11-25 22:25:05 +01:00 · 2024-11-25 15:52:10 +01:00 · 2024-11-24 00:03:36 +01:00 · 2024-11-24 00:03:35 +01:00 · 2024-11-24 00:03:34 +01:00
11 changed files with 441 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@ -741,6 +741,40 @@
        "type": "github"
      }
    },
+    "libcamera-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1725630279,
+        "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      }
+    },
+    "libpisp-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724944683,
+        "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
+        "owner": "raspberrypi",
+        "repo": "libpisp",
+        "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.0.7",
+        "repo": "libpisp",
+        "type": "github"
+      }
+    },
    "nix-ld": {
      "inputs": {
        "nixpkgs": [
@ -1026,6 +1060,35 @@
        "type": "github"
      }
    },
+    "raspberry-pi-nix": {
+      "inputs": {
+        "libcamera-src": "libcamera-src",
+        "libpisp-src": "libpisp-src",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
+        "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
+        "rpi-firmware-src": "rpi-firmware-src",
+        "rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src",
+        "rpi-linux-6_6_54-src": "rpi-linux-6_6_54-src",
+        "rpicam-apps-src": "rpicam-apps-src",
+        "u-boot-src": "u-boot-src"
+      },
+      "locked": {
+        "lastModified": 1731941843,
+        "narHash": "sha256-/QG4C9WVP79A7jRFC3Ci1q1l6ah7gr3/SF/MWUk/hhM=",
+        "owner": "nix-community",
+        "repo": "raspberry-pi-nix",
+        "rev": "aaec735faf81ff05356d65c7408136d2c1522d34",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "raspberry-pi-nix",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "fenix": "fenix",
@ -1045,12 +1108,115 @@
        "nixpkgs-latest-factorio": "nixpkgs-latest-factorio",
        "nixpkgs-master": "nixpkgs-master",
        "nixpkgs-unstable": "nixpkgs-unstable",
+        "raspberry-pi-nix": "raspberry-pi-nix",
        "snowfall-flake": "snowfall-flake",
        "snowfall-lib": "snowfall-lib_2",
        "sops-nix": "sops-nix",
        "zen-browser": "zen-browser"
      }
    },
+    "rpi-bluez-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1708969706,
+        "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
+        "owner": "RPi-Distro",
+        "repo": "bluez-firmware",
+        "rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "bluez-firmware",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-nonfree-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1723266537,
+        "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
+        "owner": "RPi-Distro",
+        "repo": "firmware-nonfree",
+        "rev": "4b356e134e8333d073bd3802d767a825adec3807",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "firmware-nonfree",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727798811,
+        "narHash": "sha256-eavbshXGYmkYR33y9FLcQMJoAYdYTESVEy0g/RRXnb0=",
+        "owner": "raspberrypi",
+        "repo": "firmware",
+        "rev": "287e6a6c2d3b50eee3e2c5b2eacdd907e5cbe09a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "1.20241001",
+        "repo": "firmware",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_10_12-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728305462,
+        "narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.10.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_6_54-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728155174,
+        "narHash": "sha256-/8RjW35XQMnshjAE4Ey8j3oWzE2GOntnBYY6PlvZGhs=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "12f0f28db3afe451a81a34c5a444f6841c10067c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.6.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpicam-apps-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727515047,
+        "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
+        "owner": "raspberrypi",
+        "repo": "rpicam-apps",
+        "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.5.2",
+        "repo": "rpicam-apps",
+        "type": "github"
+      }
+    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
@ -1280,6 +1446,19 @@
        "type": "github"
      }
    },
+    "u-boot-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1719857238,
+        "narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=",
+        "type": "tarball",
+        "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
+      }
+    },
    "xdph": {
      "inputs": {
        "hyprland-protocols": [
--- a/flake.nix
+++ b/flake.nix
@ -78,6 +78,11 @@
    ## temporary
    zen-browser.url = "github:ch4og/zen-browser-flake";

+    raspberry-pi-nix = {
+      url = "github:nix-community/raspberry-pi-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    ################
    ## inputs for dev shells

@ -124,6 +129,14 @@
        sops-nix.nixosModules.sops
      ];

+      systems.hosts.nixberry.modules = with inputs; [
+        raspberry-pi-nix.nixosModules.raspberry-pi
+        raspberry-pi-nix.nixosModules.sd-image
+      ];
+
      systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ];
+    }
+    // {
+      self = inputs.self;
    };
 }
--- a/homes/aarch64-linux/cholli@nixberry/default.nix
+++ b/homes/aarch64-linux/cholli@nixberry/default.nix
@ -0,0 +1,22 @@
+{
+  lib,
+  pkgs,
+  config,
+  osConfig ? { },
+  format ? "unknown",
+  ...
+}:
+with lib.wyrdgard;
+{
+  wyrdgard = {
+    apps = {
+      kitty = enabled;
+    };
+
+    tools = {
+      direnv = enabled;
+    };
+  };
+
+  home.stateVersion = "24.11";
+}
--- a/homes/x86_64-linux/cholli@wsl/default.nix
+++ b/homes/x86_64-linux/cholli@wsl/default.nix
@ -17,4 +17,6 @@ with lib.wyrdgard;
      direnv = enabled;
    };
  };
+
+  home.stateVersion = "24.05";
 }
--- a/modules/home/apps/cli-apps/fish/default.nix
+++ b/modules/home/apps/cli-apps/fish/default.nix
@ -24,7 +24,6 @@ in
        shellInit = ''
          zoxide init fish | source
          direnv hook fish | source
-          source ~/.config/op/plugins.sh

          set -x LESS_TERMCAP_mb \e'[01;32m'
          set -x LESS_TERMCAP_md \e'[01;32m'
--- a/modules/nixos/apps/cli-apps/helix/default.nix
+++ b/modules/nixos/apps/cli-apps/helix/default.nix
@ -8,7 +8,7 @@
  ...
 }:
 let
-  inherit (lib) mkIf mkEnableOption;
+  inherit (lib) mkIf mkEnableOption mkOption;
  cfg = config.${namespace}.apps.cli-apps.helix;

  cachix-url = "https://helix.cachix.org";
@ -19,13 +19,17 @@ in
 {
  options.${namespace}.apps.cli-apps.helix = {
    enable = mkEnableOption "Whether to enable helix or not";
+    pkg = mkOption {
+      type = lib.types.package;
+      default = helix-pkg;
+      description = "Which helix pacakge to use";
+    };
  };

  config = mkIf cfg.enable {
    environment = {
      systemPackages = [
-        helix-pkg
-        pkgs.wl-clipboard
+        cfg.pkg
      ];
    };

--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -45,6 +45,10 @@ in
      nixfmt-rfc-style
      nix-prefetch-git
      nix-du
+
+      nix-weather
+      nix-index
+      nix-output-monitor
    ];

    nix =
--- a/modules/nixos/submodules/basics/default.nix
+++ b/modules/nixos/submodules/basics/default.nix
@ -36,6 +36,9 @@ in
      nix = {
        enable = true;
        extra-substituters = {
+          "https://cache.lix.systems" = {
+            key = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=";
+          };
          "https://nix-community.cachix.org" = {
            key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
          };
--- a/modules/nixos/tools/git/default.nix
+++ b/modules/nixos/tools/git/default.nix
@ -34,7 +34,7 @@ in
        lfs.enable = true;
        signing = {
          key = cfg.signingKey;
-          signByDefault = mkIf gpg.enable true;
+          signByDefault = true;
        };
        extraConfig = {
          init = {
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@ -0,0 +1,190 @@
+{
+  config,
+  inputs,
+  lib,
+  modulesPath,
+  namespace,
+  ...
+}:
+
+with lib.${namespace};
+let
+  inherit (lib) mkForce;
+
+  ipAddress = "192.168.178.2";
+in
+{
+  imports = with inputs.nixos-hardware.nixosModules; [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    raspberry-pi-5
+  ];
+
+  security.sudo.wheelNeedsPassword = false;
+  users.users.remotebuild = {
+    isNormalUser = true;
+    createHome = false;
+    group = "remotebuild";
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
+    ];
+  };
+
+  users.groups.remotebuild = { };
+
+  nix = {
+    nrBuildUsers = 64;
+    settings = {
+      trusted-users = [ "remotebuild" ];
+
+      min-free = 10 * 1024 * 1024;
+      max-free = 200 * 1024 * 1024;
+
+      max-jobs = "auto";
+      cores = 0;
+    };
+  };
+
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  };
+
+  networking = {
+    interfaces.wlan0 = {
+      ipv4.addresses = [
+        {
+          address = ipAddress;
+          prefixLength = 24;
+        }
+      ];
+      useDHCP = true;
+    };
+    defaultGateway = {
+      address = "192.168.178.1";
+      interface = "wlan0";
+    };
+
+    wireless = {
+      enable = true;
+      networks = {
+        "Slow Internet" = {
+          pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
+        };
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      53
+      80
+    ];
+    allowedUDPPorts = [
+      53
+    ];
+  };
+
+  services.adguardhome = {
+    enable = true;
+    host = ipAddress;
+    port = 80;
+
+    settings = {
+      http = {
+        address = "0.0.0.0:80";
+      };
+      dns = {
+        ratelimit = 0;
+        bind_hosts = [ "0.0.0.0" ];
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+          "8.8.8.8"
+          "8.8.4.4"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+      };
+
+      filters =
+        map
+          (url: {
+            enabled = true;
+            url = url;
+          })
+          [
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
+          ];
+
+    };
+  };
+
+  # Pi specific stuff  
+  raspberry-pi-nix.board = "bcm2712";
+  hardware = {
+    raspberry-pi = {
+      config = {
+        all = {
+          base-dt-params = {
+            BOOT_UART = {
+              value = 1;
+              enable = true;
+            };
+            uart_2ndstage = {
+              value = 1;
+              enable = true;
+            };
+          };
+          dt-overlays = {
+            disable-bt = {
+              enable = true;
+              params = { };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  ${namespace} = {
+    submodules.basics = enabled;
+
+    system = {
+      # cachemiss for webkit gtk
+      hardware.networking.enable = mkForce false;
+
+      # rasberry pi uses alternative boot settings
+      boot.enable = mkForce false;
+    };
+
+    user.trustedPublicKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0"
+    ];
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+}
--- a/systems/x86_64-linux/yggdrasil/default.nix
+++ b/systems/x86_64-linux/yggdrasil/default.nix
@ -32,6 +32,26 @@ in
    backupFileExtension = ".bak";
  };

+  nix = {
+    distributedBuilds = true;
+    settings.builders-use-substitutes = true;
+    buildMachines = [
+      {
+        hostName = "nixberry";
+        sshUser = "remotebuild";
+        sshKey = "/root/.ssh/remotebuild";
+        systems = [ "aarch64-linux" ];
+        protocol = "ssh-ng";
+
+        supportedFeatures = [
+          "nixos-test"
+          "big-parallel"
+          "kvm"
+        ];
+      }
+    ];
+  };
+
  ${namespace} = {
    archetypes = {
      gaming.enable = true;
Author	SHA1	Message	Date
Christoph Hollizeck	ca03ee5cb4	Merge pull request 'rp5' (#10 ) from rp5 into main Reviewed-on: #10	2024-11-25 22:33:27 +01:00
Christoph Hollizeck	047d4f7dbd	rp5: working adguardhome!	2024-11-25 22:25:05 +01:00
Christoph Hollizeck	965aa569ff	rp5: finally working nix-sdcard, enableing remote build on the nix system now	2024-11-25 15:52:10 +01:00
Christoph Hollizeck	b99a02b7a2	rp5: add nixos-hardware for config	2024-11-24 00:03:36 +01:00
Christoph Hollizeck	f8ec2f5d8f	fix build issues with the sd image	2024-11-24 00:03:35 +01:00
Christoph Hollizeck	b75537a353	rp5: add debian pi as remote builder	2024-11-24 00:03:34 +01:00
Christoph Hollizeck	335070d08e	rp5: init	2024-11-24 00:03:33 +01:00