100 lines
2.7 KiB
Nix
100 lines
2.7 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
rpi-pi = inputs.raspberry-pi-nix;
|
|
in
|
|
{
|
|
# To build an sd-card image
|
|
# $ nix build .#nixosConfigurations.rpi-5-rpi-5-aarch64-linux.config.system.build.sdImage --json &| nom
|
|
# $ sudo dd if=./result/sd-image/nixos-sd-image-26.05.20260120.80e4adb-aarch64-linux.img of=/dev/sdc conv=fsync status=progress
|
|
|
|
imports = [
|
|
rpi-pi.nixosModules.raspberry-pi
|
|
rpi-pi.nixosModules.sd-image
|
|
./containers.nix
|
|
];
|
|
nix.settings = {
|
|
substituters = [ "https://nix-community.cachix.org" ];
|
|
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
|
|
};
|
|
|
|
services.traefik = {
|
|
enable = true;
|
|
|
|
staticConfigOptions = {
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
asDefault = true;
|
|
};
|
|
websecure = {
|
|
address = ":443";
|
|
asDefault = true;
|
|
http.tls.certResolver = "letsencrypt";
|
|
};
|
|
traefik = {
|
|
address = ":8081";
|
|
};
|
|
};
|
|
certificatesResolvers.letsencrypt.acme = {
|
|
email = "doloroo@proton.me";
|
|
storage = "${config.services.traefik.dataDir}/acme.json";
|
|
httpChallenge.entryPoint = "web";
|
|
};
|
|
api.dashboard = true;
|
|
api.insecure = true;
|
|
};
|
|
};
|
|
|
|
# TEMP
|
|
networking.firewall.enable = false;
|
|
|
|
users = {
|
|
mutableUsers = false;
|
|
users.doloro = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key
|
|
];
|
|
initialPassword = "meowmeowmeow";
|
|
};
|
|
users.root = {
|
|
initialPassword = "rootmeow";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key
|
|
];
|
|
};
|
|
};
|
|
|
|
networking.hostName = "nixos-001-rp5";
|
|
|
|
services.openssh.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
libraspberrypi
|
|
];
|
|
|
|
sdImage.compressImage = false;
|
|
|
|
raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit
|
|
# We need to rebuild kernel for 6.12
|
|
# raspberry-pi-nix.kernel-version = "v6_12_17";
|
|
raspberry-pi-nix.uboot.enable = false;
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
system.stateVersion = "25.11";
|
|
nixpkgs.hostPlatform = "aarch64-linux";
|
|
}
|