hardware specific pi4 stuff

.sops.yaml

@@ -11,6 +11,10 @@ creation_rules:
     key_groups:
     - age:
       - *laptop
+  - path_regex: pi4/secrets.yaml$
+    key_groups:
+    - age:
+      - *laptop
   - path_regex: nathan/secrets.yaml$
     key_groups:
     - age:

system-config/configuration/homebox/default.nix

@@ -92,7 +92,7 @@
         system.stateVersion = "23.05"; # Did you read the comment?
 
             sops = {
-                age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
+                age.keyFile = "/var/lib/sops/age/keys.txt";
                 defaultSopsFile = ./secrets.yaml;
                 defaultSopsFormat = "yaml";
 

system-config/configuration/laptop/default.nix

@@ -162,7 +162,7 @@
             };
 
         sops = {
-            age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
+            age.keyFile = "/var/lib/sops/age/keys.txt";
             defaultSopsFile = ./secrets.yaml;
             defaultSopsFormat = "yaml";
             secrets."nathan/pass".neededForUsers = true;

system-config/configuration/pi4/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, inputs, ... }: {
+{ config, pkgs, inputs, ... }: {
 
     imports = [
         ./hardware-configuration.nix
@@ -14,15 +14,17 @@
 
     config = {
 
-        users.users.nathan.initialPassword = "7567";
-
         sysconfig = {
             remoteBuildClient = true;
 
             users = {
                 nathan = {
-                    #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
+                    hashedPasswordFile = config.sops.secrets."nathan/pass".path;
                     shell = pkgs.zsh;
+                    sshKeys = [
+                        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
+                        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
+                    ];
                     extraGroups = [
                         "wheel"
                         "networkmanager"
@@ -101,11 +103,15 @@
 
         services = {
             udev.extraRules = ''
+                SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
+                SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
+                SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
             '';
 
             pulseaudio = {
                 enable = true;
                 extraConfig = ''
+                    load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
                 '';
             };
 
@@ -121,21 +127,13 @@
             };
         };
 
-        nix = {
-            nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-            settings = {
-                experimental-features = [ "nix-command" "flakes" ];
-            };
-        };
-
         sops = {
-            age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
+            age.keyFile = "/var/lib/sops/age/keys.txt";
             defaultSopsFile = ./secrets.yaml;
             defaultSopsFormat = "yaml";
         };
        
 
-
         fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
 
         sound.enable = true;

system-config/services/containers/netbird/default.nix

@@ -19,6 +19,7 @@
 
         services.netbird = {
             enable = config.sysconfig.services.netbird.enable;
+            ui.enable = true;
             /*package =  let 
                 pkgs-us = import inputs.nixpkgs-us {
                     system = "x86_64-linux";