commit 0cb82a43fbe648402ce8e77a41867a696e30483e Author: LordGrimmauld Date: Sat Jan 27 10:53:10 2024 +0100 first basic config diff --git a/authorizedKeys.nix b/authorizedKeys.nix new file mode 100644 index 0000000..a7b42af --- /dev/null +++ b/authorizedKeys.nix @@ -0,0 +1,6 @@ +# these are public keys. Publishing them shouldn't be an issue until there is quantum computers breaking rsa. +# todo: use post-quantum keys for ssh (not possible yet, yikes) +[ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de" +] diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..afb3157 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,96 @@ +{ stable, config, pkgs, lib, ... }: + +let + SSID = "mywifi"; + SSIDpassword = "mypassword"; + interface = "wlan0"; + hostname = "nixpi"; +in { + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + console.keyMap = "de"; + + services.xserver = { + layout = "de"; + xkbVariant = ""; + }; + + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + networking = { + hostName = hostname; + wireless = { + enable = true; + networks."${SSID}".psk = SSIDpassword; + interfaces = [ interface ]; + }; + }; + + environment.systemPackages = with pkgs; [ vim ]; + + services.openssh.enable = true; + + programs.xonsh.enable = true; + users = { + mutableUsers = false; + users."pi" = { + shell = pkgs.xonsh; + isNormalUser = true; + hashedPassword = "$y$j9T$ODBtPwWjIx50Bjhctw9kW/$jhfsHaAyh8zOXBV7cCK9l2M0yWyE3VLiL0h55XXV5J2"; + extraGroups = [ "wheel" ]; + }; + }; + + hardware.enableRedistributableFirmware = true; + system.stateVersion = "23.11"; + + environment.systemPackages = with pkgs; [ + wget + hyfetch + usbutils + pciutils + git + btop + git-lfs + lm_sensors + file + raspberrypi-eeprom + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config.allowUnfree = true; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d9bf892 --- /dev/null +++ b/flake.lock @@ -0,0 +1,140 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "owner": "ryantm", + "repo": "agenix", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1706173671, + "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4fddc9be4eaf195d631333908f2a454b03628ee5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..57d0345 --- /dev/null +++ b/flake.nix @@ -0,0 +1,26 @@ +# /etc/nixos/flake.nix +{ + description = "flake for a remote display on a raspi"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; + agenix.url = "github:ryantm/agenix"; + }; + + outputs = {nixpkgs, nixpkgs-stable, agenix, ...} @ inputs: let + system = "aarch64-linux"; + stable = import nixpkgs-stable { inherit system; config.allowUnfree = true; }; + in { + nixosConfigurations.nixpi = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs stable; }; + modules = [ + ./configuration.nix + agenix.nixosModules.default + ]; + }; + +# formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; + }; +}