From cbdc9b0d7ccdbd518fac9bfd6f2a7a5fdabcaf6b Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 27 Aug 2025 20:37:55 -0500 Subject: [PATCH] hardware specific pi4 stuff --- .sops.yaml | 4 ++++ .../configuration/homebox/default.nix | 2 +- .../configuration/laptop/default.nix | 2 +- system-config/configuration/pi4/default.nix | 24 +++++++++---------- .../services/containers/netbird/default.nix | 1 + 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 24aead6..a25b9e8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -11,6 +11,10 @@ creation_rules: key_groups: - age: - *laptop + - path_regex: pi4/secrets.yaml$ + key_groups: + - age: + - *laptop - path_regex: nathan/secrets.yaml$ key_groups: - age: diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index 6eefa54..b8904e8 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -92,7 +92,7 @@ system.stateVersion = "23.05"; # Did you read the comment? sops = { - age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; + age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/system-config/configuration/laptop/default.nix b/system-config/configuration/laptop/default.nix index 6ef12f2..7f48651 100644 --- a/system-config/configuration/laptop/default.nix +++ b/system-config/configuration/laptop/default.nix @@ -162,7 +162,7 @@ }; sops = { - age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; + age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; defaultSopsFormat = "yaml"; secrets."nathan/pass".neededForUsers = true; diff --git a/system-config/configuration/pi4/default.nix b/system-config/configuration/pi4/default.nix index ad5bf77..9a48af9 100644 --- a/system-config/configuration/pi4/default.nix +++ b/system-config/configuration/pi4/default.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, ... }: { +{ config, pkgs, inputs, ... }: { imports = [ ./hardware-configuration.nix @@ -14,15 +14,17 @@ config = { - users.users.nathan.initialPassword = "7567"; - sysconfig = { remoteBuildClient = true; users = { nathan = { - #hashedPasswordFile = config.sops.secrets."nathan/pass".path; + hashedPasswordFile = config.sops.secrets."nathan/pass".path; shell = pkgs.zsh; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" + ]; extraGroups = [ "wheel" "networkmanager" @@ -101,11 +103,15 @@ services = { udev.extraRules = '' + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" ''; pulseaudio = { enable = true; extraConfig = '' + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 ''; }; @@ -121,19 +127,11 @@ }; }; - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - settings = { - experimental-features = [ "nix-command" "flakes" ]; - }; - }; - sops = { - age.keyFile = "/home/nathan/.config/sops/age/keys.txt"; + age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; defaultSopsFormat = "yaml"; }; - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; diff --git a/system-config/services/containers/netbird/default.nix b/system-config/services/containers/netbird/default.nix index ae0ab7f..b17a254 100644 --- a/system-config/services/containers/netbird/default.nix +++ b/system-config/services/containers/netbird/default.nix @@ -19,6 +19,7 @@ services.netbird = { enable = config.sysconfig.services.netbird.enable; + ui.enable = true; /*package = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux";