first commit

modules/base.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  # Not strictly necessary, but nice to have.
+  boot.tmp.useTmpfs = true;
+  boot.tmp.tmpfsSize = "50%"; # Depends on the size of your storage.
+
+  # Reduces writes to hardware memory, which increases the lifespan
+  # of an SSD.
+  zramSwap.enable = true;
+  zramSwap.memoryPercent = 150;
+}

modules/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

modules/networking.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  # Setup wifi
+  networking = {
+    hostName = "saschas-netbird-pi";
+    wireless.enable = true;
+    wireless.networks = {
+      Baldur.psk = "SAAEOAAA";
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  users.users."sascha".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtdzyY4r7DgB6KGBx+Svvy7oPsoUMsgZh4fRxPSjuv7 sascha@sascha"
+  ];
+}

modules/system.nix

@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  system.stateVersion = "25.05";
+
+  nix.settings.trusted-substituters = [
+    "https://cache.nixos.org"
+    "https://nix-community.cachix.org"
+  ];
+  nix.settings.trusted-public-keys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+  ];
+
+  hardware.enableAllHardware = lib.mkForce false;
+}

modules/users.nix

@@ -0,0 +1,27 @@
+{
+  users.users.sascha = {
+    isNormalUser = true;
+    home = "/home/sascha";
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "audio"
+      "video"
+    ];
+  };
+
+  security.sudo.execWheelOnly = true;
+
+  # don't require password for sudo
+  security.sudo.extraRules = [
+    {
+      users = [ "sascha" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}