wip add aur0ra

2026-04-26 19:07:12 +02:00 · 2026-04-26 19:07:12 +02:00 · 1366030c9b
commit 1366030c9b
parent 96239eef49
8 changed files with 321 additions and 45 deletions
--- a/nixosConfigurations/aur0ra/default.nix
+++ b/nixosConfigurations/aur0ra/default.nix
@ -0,0 +1,56 @@
+{ lib, ... }:
+{
+  imports = [
+    ./hardware.nix
+    ./nice-looking-console.nix
+  ];
+
+  users.users.ruth = {
+    # initialPassword = "setup";
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "video"
+    ];
+    # Allow the graphical user to login without password
+    initialHashedPassword = "";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
+    ];
+  };
+  nix.settings.trusted-users = [ "ruth" ];
+
+  # Don't require sudo/root to `reboot` or `poweroff`.
+  security.polkit.enable = true;
+
+  # Allow passwordless sudo from nixos user
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
+  services.openssh.enable = true;
+
+  # https://github.com/nvmd/nixos-raspberrypi-demo/blob/c521600570f0365ae9c846af4b023049b80ae331/modules/server-networking.nix
+
+  networking.firewall.logRefusedConnections = lib.mkDefault false;
+
+  # Use networkd instead of the pile of shell scripts
+  # NOTE: SK: is it safe to combine with NetworkManager on desktops?
+  networking.useNetworkd = lib.mkDefault true;
+
+  # The notion of "online" is a broken concept
+  # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
+  # https://github.com/NixOS/nixpkgs/issues/247608
+  systemd.services.NetworkManager-wait-online.enable = false;
+  systemd.network.wait-online.enable = false;
+
+  # Do not take down the network for too long when upgrading,
+  # This also prevents failures of services that are restarted instead of stopped.
+  # It will use `systemctl restart` rather than stopping it with `systemctl stop`
+  # followed by a delayed `systemctl start`.
+  systemd.services.systemd-networkd.stopIfChanged = false;
+  # Services that are only restarted might be not able to resolve when resolved is stopped before
+  systemd.services.systemd-resolved.stopIfChanged = false;
+}
--- a/nixosConfigurations/aur0ra/hardware.nix
+++ b/nixosConfigurations/aur0ra/hardware.nix
@ -0,0 +1,64 @@
+{ nixos-raspberrypi, lib, ... }:
+{
+  imports = with nixos-raspberrypi.nixosModules; [
+    raspberry-pi-5.base
+    raspberry-pi-5.bluetooth
+    raspberry-pi-5.page-size-16k
+    raspberry-pi-5.display-vc4
+  ];
+
+  # No one got time for xz compression.
+  #isoImage.squashfsCompression = "zstd";
+
+  boot.loader = {
+    raspberry-pi.bootloader = "kernel";
+    systemd-boot.enable = lib.mkForce false;
+    #generic-extlinux-compatible.enable = lib.mkForce false;
+  };
+
+  /*
+    fileSystems = {
+      "/boot/firmware" = {
+        # TODO
+        device = "/dev/disk/by-uuid/2175-794E";
+        fsType = "vfat";
+        options = [
+          "noatime"
+          "noauto"
+          "x-systemd.automount"
+          "x-systemd.idle-timeout=1min"
+        ];
+      };
+      "/" = {
+        # TODO
+        device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+        fsType = "ext4";
+        options = [ "noatime" ];
+      };
+    };
+  */
+
+  hardware.raspberry-pi.config = {
+    all = {
+      # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
+      # Base DTB parameters
+      # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
+      base-dt-params = {
+
+        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
+        pciex1 = {
+          enable = true;
+          value = "on";
+        };
+        # PCIe Gen 3.0
+        # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
+        pciex1_gen = {
+          enable = true;
+          value = "3";
+        };
+
+      };
+
+    };
+  };
+}
--- a/nixosConfigurations/aur0ra/nice-looking-console.nix
+++ b/nixosConfigurations/aur0ra/nice-looking-console.nix
@ -0,0 +1,32 @@
+# re-borrowed from https://github.com/nvmd/nixos-raspberrypi-demo/blob/main/modules/nice-looking-console.nix
+{ lib, pkgs, ... }:
+{
+  # The following have been borrowed from:
+  # https://github.com/nix-community/nixos-images/blob/b733f0680a42cc01d6ad53896fb5ca40a66d5e79/nix/image-installer/module.nix#L84
+
+  console.earlySetup = true;
+  # ter-u22n is probably too big
+  console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz";
+
+  # Make colored console output more readable
+  # for example, `ip addr`s (blues are too dark by default)
+  # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
+  console.colors = lib.mkDefault [
+    "000000"
+    "CC0000"
+    "4E9A06"
+    "C4A000"
+    "3465A4"
+    "75507B"
+    "06989A"
+    "D3D7CF"
+    "555753"
+    "EF2929"
+    "8AE234"
+    "FCE94F"
+    "739FCF"
+    "AD7FA8"
+    "34E2E2"
+    "EEEEEC"
+  ];
+}