Let's try making an SD image directly?
This commit is contained in:
parent
ca7785c04b
commit
766169ec50
2 changed files with 44 additions and 112 deletions
|
|
@ -19,6 +19,7 @@
|
|||
heroic
|
||||
r2modman
|
||||
ryujinx
|
||||
lutris
|
||||
];
|
||||
|
||||
programs.mangohud = {
|
||||
|
|
|
|||
|
|
@ -1,117 +1,32 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import shared configurations
|
||||
../../shared
|
||||
# ../../../disko/wheatley
|
||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
||||
|
||||
# Import shared settings
|
||||
../../shared
|
||||
];
|
||||
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.generic-extlinux-compatible.configurationLimit = 5;
|
||||
boot.loader.grub.enable = false;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
# boot.extraModulePackages = [
|
||||
# (pkgs.callPackage ./rtl8189es.nix {
|
||||
# kernel = config.boot.kernelPackages.kernel;
|
||||
# })
|
||||
# ];
|
||||
nixpkgs = {
|
||||
# You can add overlays here
|
||||
overlays = [
|
||||
nixpkgs.overlays = [
|
||||
(final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // {allowMissing = true;});
|
||||
})
|
||||
];
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
hardware.raspberry-pi."4".fkms-3d.enable = true;
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
sops.secrets."wireless.env".mode = "0440";
|
||||
sops.secrets."wireless.env".owner = config.users.users.root.name;
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
age
|
||||
git
|
||||
htop
|
||||
libraspberrypi
|
||||
];
|
||||
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200n8"
|
||||
];
|
||||
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
# This will add each flake input as a registry
|
||||
# To make nix3 commands consistent with your flake
|
||||
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
||||
|
||||
# This will additionally add your inputs to the system's legacy channels
|
||||
# Making legacy nix commands consistent as well, awesome!
|
||||
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
||||
|
||||
settings = {
|
||||
# Enable flakes and new 'nix' command
|
||||
experimental-features = "nix-command flakes";
|
||||
# Deduplicate and optimize nix store
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
networking.networkmanager.wifi.powersave = false;
|
||||
# networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
|
||||
# networking.wireless.networks."KPNAA6306" = {
|
||||
# hidden = true;
|
||||
# auth = ''
|
||||
# key_mgmt=WPA-PSK
|
||||
# password="@PSK_HOME@"
|
||||
# '';
|
||||
# };
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [22 80 443 5335 8080 46899 46898];
|
||||
allowedUDPPorts = [5335 46899 46898];
|
||||
};
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
};
|
||||
sdImage.compressImage = false;
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
|
|
@ -121,18 +36,34 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.hostName = "wheatley"; # Define your hostname
|
||||
networking.hostName = "wheatley";
|
||||
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4;
|
||||
boot.supportedFilesystems = lib.mkForce ["vfat" "btrfs" "tmpfs"];
|
||||
networking.wireless.interfaces = ["enu1u1"];
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "no";
|
||||
};
|
||||
|
||||
# powerManagement.cpuFreqGovernor = "powersave";
|
||||
powerManagement.cpufreq.max = 648000;
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "unstable"; # Did you read the comment?
|
||||
system.stateVersion = "25.05";
|
||||
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue