diff --git a/config/common/default.nix b/config/common/default.nix index 9935a19..252e38f 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -29,11 +29,6 @@ with lib; { fish.enable = true; }; - deployment.tags = [ "all" ]; - deployment.targetHost = mkDefault config.networking.fqdn; - deployment.targetPort = mkDefault 22; - deployment.targetUser = mkDefault null; - security.dhparams.defaultBitSize = 4096; system.activationScripts.motd.text = let diff --git a/config/hosts/lain/configuration.nix b/config/hosts/lain/configuration.nix new file mode 100644 index 0000000..0a33ee9 --- /dev/null +++ b/config/hosts/lain/configuration.nix @@ -0,0 +1,99 @@ +{ config, inputs, lib, pkgs, ... }: { + imports = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ../../common + ../../profiles/headless.nix + ]; + + boot.loader.efi.canTouchEfiVariables = true; + console.enable = false; + + deployment = { + targetHost = "192.168.178.170"; + targetUser = "nixos"; + }; + + environment.systemPackages = with pkgs; [ + kodiPackages.jellyfin + kodiPackages.keymap + libcec + libraspberrypi + raspberrypi-eeprom + ]; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + hardware = { + bluetooth.enable = true; + deviceTree.enable = true; + raspberry-pi."4" = { + audio.enable = false; + apply-overlays-dtmerge.enable = true; + fkms-3d.enable = true; + }; + }; + + kyouma.machine-type.physical = true; + + nixpkgs.overlays = [ + (self: super: { libcec = super.libcec.override { withLibraspberrypi = true; }; }) + ]; + + networking.hostName = "lain"; + networking.networkmanager.enable = true; + systemd.network.enable = lib.mkForce false; + + systemd.sockets."cec-client" = { + after = [ "dev-vchiq.device" ]; + bindsTo = [ "dev-vchiq.device" ]; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenFIFO = "/run/cec.fifo"; + SocketGroup = "video"; + SocketMode = "0660"; + }; + }; + systemd.services."cec-client" = { + after = [ "dev-vchiq.device" ]; + bindsTo = [ "dev-vchiq.device" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1''; + ExecStop = ''/bin/sh -c "echo q > /run/cec.fifo"''; + StandardInput = "socket"; + StandardOutput = "journal"; + Restart="no"; + }; + }; + + services.avahi = { + enable = true; + ipv6 = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + services.cage = { + enable = true; + program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; + user = "kodi"; + }; + services.fstrim.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + services.udev.extraRules = '' + # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below) + KERNEL=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq" + ''; + + users.mutableUsers = lib.mkForce true; + users.users.kodi.extraGroups = [ "video" ]; + users.extraUsers.kodi.isNormalUser = true; +} diff --git a/config/hosts/lain/iso.nix b/config/hosts/lain/iso.nix new file mode 100644 index 0000000..07d6fa7 --- /dev/null +++ b/config/hosts/lain/iso.nix @@ -0,0 +1,15 @@ +{ config, lib, inputs, ... }: { + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ./configuration.nix + ]; + networking.networkmanager.enable = lib.mkForce false; + networking.wireless = { + enable = true; + networks."Fernmeldestelle".psk = null; + interfaces = [ "wlan0" ]; + }; + users.users.emily = { + initialPassword = "changeme"; + }; +} diff --git a/config/hosts/ryuuko/configuration.nix b/config/hosts/ryuuko/configuration.nix index 48502d0..4995bb9 100644 --- a/config/hosts/ryuuko/configuration.nix +++ b/config/hosts/ryuuko/configuration.nix @@ -7,6 +7,7 @@ ./disko.nix ]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.extraModprobeConfig = '' options i915 enable_guc=3 ''; diff --git a/config/profiles/graphical/default.nix b/config/profiles/graphical/default.nix index 0cbc76e..31e9985 100644 --- a/config/profiles/graphical/default.nix +++ b/config/profiles/graphical/default.nix @@ -14,6 +14,7 @@ security.pam.services.swaylock = {}; + services.dbus.packages = [ pkgs.gcr ]; services.geoclue2.enable = true; services.pipewire = { @@ -635,6 +636,7 @@ services.gpg-agent = { enable = true; enableSshSupport = true; + pinentryPackage = pkgs.pinentry-gnome3; }; services.swayidle = diff --git a/flake.nix b/flake.nix index 0824fd3..642dbe2 100644 --- a/flake.nix +++ b/flake.nix @@ -23,14 +23,23 @@ outputs = { self, nixpkgs, flake-utils, ... }@inputs: { colmena = let - hosts = [ "web-dus" "crime" "ryuuko" ]; + hosts = [ "web-dus" "crime" "ryuuko" "lain" ]; hostCfg = hostname: { imports = [ (./config/hosts/${hostname}/configuration.nix) ]; + deployment = with nixpkgs.lib; { + tags = [ "all" ]; + targetHost = mkDefault config.networking.fqdn; + targetPort = mkDefault 22; + targetUser = mkDefault null; + }; }; in { meta = { allowApplyAll = false; nixpkgs = nixpkgs.legacyPackages.x86_64-linux; + nodeNixpkgs = { + lain = nixpkgs.legacyPackages.aarch64-linux; + }; specialArgs = { inherit inputs; }; }; } // (builtins.listToAttrs (builtins.map (hosts: nixpkgs.lib.attrsets.nameValuePair hosts (hostCfg hosts)) hosts)); @@ -44,7 +53,15 @@ ./config/hosts/ryuuko/disko.nix ]; }; + lain = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./config/hosts/lain/iso.nix + ]; + }; }; + images.lain = self.nixosConfigurations.lain.config.system.build.sdImage; } // flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; in {