servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Update to raspberry pi stuff

Browse Source
This commit is contained in:
uttarayan21
2025-07-12 20:38:45 +05:30
parent 1c49719787
commit 2981ca1143
23 changed files with 400 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/deoxys/configuration.nix
View File

@@ -34,15 +34,7 @@
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.latest;
buildMachines = [
{
hostName = "sh.darksailor.dev";
sshUser = "remotebuilder";
system = "x86_64-linux";
protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}
];
buildMachines = [];
distributedBuilds = true;
};

1
nixos/mirai/mirai.nix
View File

@@ -17,6 +17,7 @@
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
fileSystems."/var/lib/nextcloud" = {
device = "/media/nextcloud";

2
nixos/ryu/configuration.nix
View File

@@ -101,7 +101,7 @@
buildMachines = [
../../builders/mirai.nix
../../builders/shiro.nix
../../builders/tsuba.nix
# ../../builders/tsuba.nix
];
distributedBuilds = true;
};

3
nixos/ryu/ryu.nix
View File

@@ -36,6 +36,9 @@
firmware = [pkgs.linux-firmware];
};
# nixpkgs.localSystem = {system = "x86_64-linux";};
# nixpkgs.crossSystem = {system = "aarch64-linux";};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
services.fprintd.enable = true;
services.sshd.enable = true;
boot.loader.systemd-boot.consoleMode = "max";

24
nixos/tsuba/configuration.nix
View File

@@ -2,27 +2,32 @@
config,
pkgs,
lib,
device,
...
}: {
nixpkgs.config.allowUnfree = true;
security.sudo.wheelNeedsPassword = false;
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/servius/.config/sops/age/keys.txt";
};
nix = {
settings = {
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"];
trusted-users = ["root" "remotebuilder" device.user];
substituters = [
"https://nix-community.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
# "mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
'';
gc = {
automatic = true;
@@ -37,12 +42,21 @@
../../builders/tsuba.nix
];
};
users.users.servius = {
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel"];
initialPassword = "aaa";
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
users.users.remotebuilder = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
];
};
system.stateVersion = "25.05";
services.openssh.enable = true;
}

36
nixos/tsuba/default.nix
View File

@@ -5,41 +5,33 @@
overlays,
home-manager,
nur,
nixos-rpi,
nixos-raspberrypi,
...
}: (builtins.mapAttrs (
name: device:
nixos-rpi.lib.nixosSystemFull {
inherit nixpkgs;
nixos-raspberrypi.lib.nixosSystem {
specialArgs =
inputs
// {
inherit device;
};
system = device.system;
specialArgs = {
inherit device;
nixos-raspberrypi = inputs.nixos-raspberrypi;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
};
modules = [
inputs.disko.nixosModules.disko
nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
{
imports = with nixos-rpi.nixosModules; [
nixos-raspberrypi.lib.inject-overlays
nixpkgs.overlays = overlays;
imports = with nixos-raspberrypi.nixosModules; [
raspberry-pi-5.base
raspberry-pi-5.display-vc4
raspberry-pi-5.bluetooth
trusted-nix-caches
nixpkgs-rpi
nixos-raspberrypi.lib.inject-overlays-global
];
networking.hostName = name;
}
./configuration.nix
./disk-config.nix
./services
./${name}.nix
{nixpkgs.overlays = overlays;}
nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
inputs.arion.nixosModules.arion
{
nixpkgs.config.allowUnfree = true;
}
];
}
)

142
nixos/tsuba/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
{
config,
lib,
...
}: let
firmwarePartition = lib.recursiveUpdate {
# label = "FIRMWARE";
priority = 1;
type = "0700"; # Microsoft basic data
# attributes = [
# 0 # Required Partition
# ];
size = "1024M";
content = {
type = "filesystem";
format = "vfat";
# mountpoint = "/boot/firmware";
mountOptions = [
"noatime"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=1min"
];
};
};
espPartition = lib.recursiveUpdate {
# label = "ESP";
type = "EF00"; # EFI System Partition (ESP)
# attributes = [
# 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config
# ];
size = "1024M";
content = {
type = "filesystem";
format = "vfat";
# mountpoint = "/boot";
mountOptions = [
"noatime"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=1min"
"umask=0077"
];
};
};
in {
disko.devices = {
disk = {
one = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
FIRMWARE = firmwarePartition {
label = "FIRMWARE";
content.mountpoint = "/boot/firmware";
};
ESP = espPartition {
label = "ESP";
content.mountpoint = "/boot";
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
two = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "64G";
lvm_type = "mirror";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
nix = {
size = "256G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
};
};
home = {
size = "256G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
media = {
size = "100%";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/volumes/media";
};
};
};
};
};
};
}

37
nixos/tsuba/services/caddy.nix Normal file
View File

@@ -0,0 +1,37 @@
{
config,
pkgs,
...
}: {
sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user;
templates = {
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
'';
};
};
services = {
caddy = {
enable = true;
extraConfig = ''
(hetzner) {
tls {
propagation_timeout -1
propagation_delay 30s
dns hetzner {env.HETZNER_API_KEY}
}
}
'';
package = pkgs.caddy.withPlugins {
plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
};
};
};
systemd.services.caddy = {
serviceConfig = {
EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
};
};
}

12
nixos/tsuba/services/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{...}: {
imports = [
./tailscale.nix
./samba.nix
./jellyfin.nix
./caddy.nix
./sonarr.nix
./radarr.nix
./prowlarr.nix
./deluge.nix
];
}

11
nixos/tsuba/services/deluge.nix Normal file
View File

@@ -0,0 +1,11 @@
{...}: {
services = {
deluge.enable = true;
caddy = {
virtualHosts."deluge.tsuba.darksailor.dev".extraConfig = ''
import hetzner
reverse_proxy localhost:8112
'';
};
};
}

11
nixos/tsuba/services/jellyfin.nix Normal file
View File

@@ -0,0 +1,11 @@
{...}: {
services = {
# jellyfin.enable = true;
jellyseerr.enable = true;
caddy = {
virtualHosts."jellyfin.tsuba.darksailor.dev".extraConfig = ''
reverse_proxy localhost:8096
'';
};
};
}

11
nixos/tsuba/services/prowlarr.nix Normal file
View File

@@ -0,0 +1,11 @@
{...}: {
services = {
prowlarr.enable = true;
caddy = {
virtualHosts."prowlarr.tsuba.darksailor.dev".extraConfig = ''
import hetzner
reverse_proxy localhost:9696
'';
};
};
}

11
nixos/tsuba/services/radarr.nix Normal file
View File

@@ -0,0 +1,11 @@
{...}: {
services = {
radarr.enable = true;
caddy = {
virtualHosts."radarr.tsuba.darksailor.dev".extraConfig = ''
import hetzner
reverse_proxy localhost:7878
'';
};
};
}

38
nixos/tsuba/services/samba.nix Normal file
View File

@@ -0,0 +1,38 @@
{...}: {
services = {
samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "tsuba";
"netbios name" = "tsuba";
"security" = "user";
# "hosts allow" = "192.168.0. 127.0.0.1 localhost ";
# "hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"min protocol" = "SMB2";
"max protocol" = "SMB3";
};
nas = {
"path" = "/volumes/media";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
# "force user" = "username";
# "force group" = "groupname";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
networking.firewall.allowPing = true;
}

11
nixos/tsuba/services/sonarr.nix Normal file
View File

@@ -0,0 +1,11 @@
{...}: {
services = {
sonarr.enable = true;
caddy = {
virtualHosts."sonarr.tsuba.darksailor.dev".extraConfig = ''
import hetzner
reverse_proxy localhost:8989
'';
};
};
}

22
nixos/tsuba/services/tailscale.nix Normal file
View File

@@ -0,0 +1,22 @@
{
pkgs,
lib,
...
}: {
services = {
tailscale = {
enable = true;
# useRoutingFeatures = "both";
# extraUpFlags = ["--advertise-routes=192.168.0.0/24"];
};
# networkd-dispatcher = {
# enable = true;
# rules."50-tailscale" = {
# onState = ["routable"];
# script = ''
# ${lib.getExe pkgs.ethtool} -K en01 rx-udp-gro-forwarding on rg-xgro-list off
# '';
# };
# };
};
}

50
nixos/tsuba/tsuba.nix
View File

@@ -1,11 +1,12 @@
{
config,
pkgs,
device,
lib,
...
}: {
# networking.hostName = "tsuba";
networking.filrewall.logRefusedConnections = lib.mkDefault false;
networking.hostName = device.name;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.useNetworkd = true;
systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false;
@@ -18,16 +19,37 @@
config.boot.kernelPackages.kernel.version
];
hardware.raspberry-pi.config = {
dtparam = "audio=on";
camera_auto_detect = 0;
display_auto_detect = 0;
auto_initramfs = 1;
disable_fw_kms_setup = 1;
arm_boost = 1;
arm_64bit = 1;
all = {
usb_max_current_enable = 1;
};
};
# hardware.raspberry-pi.config = {
# all = {
# "dtparam" = [
# "pciex1"
# "pciex1_gen=2"
# ];
# };
# };
hardware.raspberry-pi.extra-config = ''
[all]
dtparam=pciex1
dtparam=pciex1_gen=2
'';
}
# ({
# config,
# pkgs,
# lib,
# ...
# }: {
#
# system.nixos.tags = let
# cfg = config.boot.loader.raspberryPi;
# in [
# "raspberry-pi-${cfg.variant}"
# cfg.bootloader
# config.boot.kernelPackages.kernel.version
# ];
# # hardware.raspberry-pi.config = {
# # };
# system.stateVersion = "25.05";
# services.openssh.enable = true;
# })