first commit

2025-05-29 09:29:43 +02:00 · 2025-05-29 09:29:43 +02:00 · f9cc68899b
commit f9cc68899b
7 changed files with 228 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,81 @@
+{
+  "nodes": {
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1747663185,
+        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1747900541,
+        "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1748162331,
+        "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixos-generators": "nixos-generators",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,32 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+  };
+
+  outputs =
+    {
+      nixpkgs,
+      nixos-generators,
+      nixos-hardware,
+      ...
+    }:
+    {
+      packages.aarch64-linux.installer-sd-image = nixos-generators.nixosGenerate {
+        system = "aarch64-linux";
+        format = "sd-aarch64-installer";
+        modules = [
+          ./modules/hardware-configuration.nix
+          ./modules/system.nix
+          nixos-hardware.nixosModules.raspberry-pi-4
+          ./modules/base.nix
+          ./modules/networking.nix
+          ./modules/users.nix
+        ];
+      };
+    };
+}
--- a/modules/base.nix
+++ b/modules/base.nix
@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  # Not strictly necessary, but nice to have.
+  boot.tmp.useTmpfs = true;
+  boot.tmp.tmpfsSize = "50%"; # Depends on the size of your storage.
+
+  # Reduces writes to hardware memory, which increases the lifespan
+  # of an SSD.
+  zramSwap.enable = true;
+  zramSwap.memoryPercent = 150;
+}
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -0,0 +1,23 @@
+{ ... }:
+{
+  # Setup wifi
+  networking = {
+    hostName = "saschas-netbird-pi";
+    wireless.enable = true;
+    wireless.networks = {
+      Baldur.psk = "SAAEOAAA";
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  users.users."sascha".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtdzyY4r7DgB6KGBx+Svvy7oPsoUMsgZh4fRxPSjuv7 sascha@sascha"
+  ];
+}
--- a/modules/system.nix
+++ b/modules/system.nix
@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  system.stateVersion = "25.05";
+
+  nix.settings.trusted-substituters = [
+    "https://cache.nixos.org"
+    "https://nix-community.cachix.org"
+  ];
+  nix.settings.trusted-public-keys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+  ];
+
+  hardware.enableAllHardware = lib.mkForce false;
+}
--- a/modules/users.nix
+++ b/modules/users.nix
@ -0,0 +1,27 @@
+{
+  users.users.sascha = {
+    isNormalUser = true;
+    home = "/home/sascha";
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "audio"
+      "video"
+    ];
+  };
+
+  security.sudo.execWheelOnly = true;
+
+  # don't require password for sudo
+  security.sudo.extraRules = [
+    {
+      users = [ "sascha" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}