Daholli/nixos-config
1
0
Fork 0
Code Issues 3 Pull requests 1 Releases Packages Activity Actions

Compare commits

base: Daholli:1957b47664c7fb320b94e97bfddc9be1dd32fa13
Branches Tags
Daholli:main
Daholli:main-merge
Daholli:rewrite
..
compare: Daholli:ca03ee5cb4e46f32738074980eac1418bfd8d964
Branches Tags
Daholli:main-merge
Daholli:rewrite
Daholli:main

7 commits
1957b47664 ... ca03ee5cb4

Author SHA1 Message Date
Christoph Hollizeck
ca03ee5cb4 Merge pull request 'rp5' (#10) from rp5 into main 
Reviewed-on: #10
 2024-11-25 22:33:27 +01:00
Christoph Hollizeck
047d4f7dbd
rp5: working adguardhome! 2024-11-25 22:25:05 +01:00
Christoph Hollizeck
965aa569ff
rp5: finally working nix-sdcard, enableing remote build on the nix system now 2024-11-25 15:52:10 +01:00
Christoph Hollizeck
b99a02b7a2
rp5: add nixos-hardware for config 2024-11-24 00:03:36 +01:00
Christoph Hollizeck
f8ec2f5d8f
fix build issues with the sd image 2024-11-24 00:03:35 +01:00
Christoph Hollizeck
b75537a353
rp5: add debian pi as remote builder 2024-11-24 00:03:34 +01:00
Christoph Hollizeck
335070d08e
rp5: init 2024-11-24 00:03:33 +01:00
11 changed files with 441 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

179
flake.lock generated
View file

@ -741,6 +741,40 @@
"type": "github" "type": "github"
} }
}, },
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1725630279,
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1724944683,
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.7",
"repo": "libpisp",
"type": "github"
}
},
"nix-ld": { "nix-ld": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1026,6 +1060,35 @@
"type": "github" "type": "github"
} }
}, },
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": [
"nixpkgs"
],
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src",
"rpi-linux-6_6_54-src": "rpi-linux-6_6_54-src",
"rpicam-apps-src": "rpicam-apps-src",
"u-boot-src": "u-boot-src"
},
"locked": {
"lastModified": 1731941843,
"narHash": "sha256-/QG4C9WVP79A7jRFC3Ci1q1l6ah7gr3/SF/MWUk/hhM=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "aaec735faf81ff05356d65c7408136d2c1522d34",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"fenix": "fenix", "fenix": "fenix",
@ -1045,12 +1108,115 @@
"nixpkgs-latest-factorio": "nixpkgs-latest-factorio", "nixpkgs-latest-factorio": "nixpkgs-latest-factorio",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"raspberry-pi-nix": "raspberry-pi-nix",
"snowfall-flake": "snowfall-flake", "snowfall-flake": "snowfall-flake",
"snowfall-lib": "snowfall-lib_2", "snowfall-lib": "snowfall-lib_2",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
}, },
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1723266537,
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1727798811,
"narHash": "sha256-eavbshXGYmkYR33y9FLcQMJoAYdYTESVEy0g/RRXnb0=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "287e6a6c2d3b50eee3e2c5b2eacdd907e5cbe09a",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20241001",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_10_12-src": {
"flake": false,
"locked": {
"lastModified": 1728305462,
"narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.10.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_54-src": {
"flake": false,
"locked": {
"lastModified": 1728155174,
"narHash": "sha256-/8RjW35XQMnshjAE4Ey8j3oWzE2GOntnBYY6PlvZGhs=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "12f0f28db3afe451a81a34c5a444f6841c10067c",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.6.y",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1727515047,
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.2",
"repo": "rpicam-apps",
"type": "github"
}
},
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1280,6 +1446,19 @@
"type": "github" "type": "github"
} }
}, },
"u-boot-src": {
"flake": false,
"locked": {
"lastModified": 1719857238,
"narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=",
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
},
"original": {
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "hyprland-protocols": [

13
flake.nix
View file

@ -78,6 +78,11 @@
## temporary ## temporary
zen-browser.url = "github:ch4og/zen-browser-flake"; zen-browser.url = "github:ch4og/zen-browser-flake";
raspberry-pi-nix = {
url = "github:nix-community/raspberry-pi-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
################ ################
## inputs for dev shells ## inputs for dev shells
@ -124,6 +129,14 @@
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
systems.hosts.nixberry.modules = with inputs; [
raspberry-pi-nix.nixosModules.raspberry-pi
raspberry-pi-nix.nixosModules.sd-image
];
systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ]; systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ];
}
// {
self = inputs.self;
}; };
} }

22
homes/aarch64-linux/cholli@nixberry/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
pkgs,
config,
osConfig ? { },
format ? "unknown",
...
}:
with lib.wyrdgard;
{
wyrdgard = {
apps = {
kitty = enabled;
};
tools = {
direnv = enabled;
};
};
home.stateVersion = "24.11";
}

2
homes/x86_64-linux/cholli@wsl/default.nix
View file

@ -17,4 +17,6 @@ with lib.wyrdgard;
direnv = enabled; direnv = enabled;
}; };
}; };
home.stateVersion = "24.05";
} }

1
modules/home/apps/cli-apps/fish/default.nix
View file

@ -24,7 +24,6 @@ in
shellInit = '' shellInit = ''
zoxide init fish | source zoxide init fish | source
direnv hook fish | source direnv hook fish | source
source ~/.config/op/plugins.sh
set -x LESS_TERMCAP_mb \e'[01;32m' set -x LESS_TERMCAP_mb \e'[01;32m'
set -x LESS_TERMCAP_md \e'[01;32m' set -x LESS_TERMCAP_md \e'[01;32m'

10
modules/nixos/apps/cli-apps/helix/default.nix
View file

@ -8,7 +8,7 @@
... ...
}: }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.apps.cli-apps.helix; cfg = config.${namespace}.apps.cli-apps.helix;
cachix-url = "https://helix.cachix.org"; cachix-url = "https://helix.cachix.org";
@ -19,13 +19,17 @@ in
{ {
options.${namespace}.apps.cli-apps.helix = { options.${namespace}.apps.cli-apps.helix = {
enable = mkEnableOption "Whether to enable helix or not"; enable = mkEnableOption "Whether to enable helix or not";
pkg = mkOption {
type = lib.types.package;
default = helix-pkg;
description = "Which helix pacakge to use";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment = { environment = {
systemPackages = [ systemPackages = [
helix-pkg cfg.pkg
pkgs.wl-clipboard
]; ];
}; };

4
modules/nixos/nix/default.nix
View file

@ -45,6 +45,10 @@ in
nixfmt-rfc-style nixfmt-rfc-style
nix-prefetch-git nix-prefetch-git
nix-du nix-du
nix-weather
nix-index
nix-output-monitor
]; ];
nix = nix =

3
modules/nixos/submodules/basics/default.nix
View file

@ -36,6 +36,9 @@ in
nix = { nix = {
enable = true; enable = true;
extra-substituters = { extra-substituters = {
"https://cache.lix.systems" = {
key = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=";
};
"https://nix-community.cachix.org" = { "https://nix-community.cachix.org" = {
key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
}; };

2
modules/nixos/tools/git/default.nix
View file

@ -34,7 +34,7 @@ in
lfs.enable = true; lfs.enable = true;
signing = { signing = {
key = cfg.signingKey; key = cfg.signingKey;
signByDefault = mkIf gpg.enable true; signByDefault = true;
}; };
extraConfig = { extraConfig = {
init = { init = {

190
systems/aarch64-linux/nixberry/default.nix Normal file
View file

@ -0,0 +1,190 @@
{
config,
inputs,
lib,
modulesPath,
namespace,
...
}:
with lib.${namespace};
let
inherit (lib) mkForce;
ipAddress = "192.168.178.2";
in
{
imports = with inputs.nixos-hardware.nixosModules; [
(modulesPath + "/installer/scan/not-detected.nix")
raspberry-pi-5
];
security.sudo.wheelNeedsPassword = false;
users.users.remotebuild = {
isNormalUser = true;
createHome = false;
group = "remotebuild";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
];
};
users.groups.remotebuild = { };
nix = {
nrBuildUsers = 64;
settings = {
trusted-users = [ "remotebuild" ];
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
max-jobs = "auto";
cores = 0;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
networking = {
interfaces.wlan0 = {
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.178.1";
interface = "wlan0";
};
wireless = {
enable = true;
networks = {
"Slow Internet" = {
pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
};
};
};
};
networking.firewall = {
allowedTCPPorts = [
53
80
];
allowedUDPPorts = [
53
];
};
services.adguardhome = {
enable = true;
host = ipAddress;
port = 80;
settings = {
http = {
address = "0.0.0.0:80";
};
dns = {
ratelimit = 0;
bind_hosts = [ "0.0.0.0" ];
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
};
filters =
map
(url: {
enabled = true;
url = url;
})
[
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
];
};
};
# Pi specific stuff
raspberry-pi-nix.board = "bcm2712";
hardware = {
raspberry-pi = {
config = {
all = {
base-dt-params = {
BOOT_UART = {
value = 1;
enable = true;
};
uart_2ndstage = {
value = 1;
enable = true;
};
};
dt-overlays = {
disable-bt = {
enable = true;
params = { };
};
};
};
};
};
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
${namespace} = {
submodules.basics = enabled;
system = {
# cachemiss for webkit gtk
hardware.networking.enable = mkForce false;
# rasberry pi uses alternative boot settings
boot.enable = mkForce false;
};
user.trustedPublicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0"
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

20
systems/x86_64-linux/yggdrasil/default.nix
View file

@ -32,6 +32,26 @@ in
backupFileExtension = ".bak"; backupFileExtension = ".bak";
}; };
nix = {
distributedBuilds = true;
settings.builders-use-substitutes = true;
buildMachines = [
{
hostName = "nixberry";
sshUser = "remotebuild";
sshKey = "/root/.ssh/remotebuild";
systems = [ "aarch64-linux" ];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
];
}
];
};
${namespace} = { ${namespace} = {
archetypes = { archetypes = {
gaming.enable = true; gaming.enable = true;