hosts/mouse/installer.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / hosts / mouse / installer.nix
at master 2.2 kB view raw
 1{
 2  nixpkgs,
 3  lib,
 4  pkgs,
 5  config,
 6  ...
 7}:
 8
 9# A minimal config for a ARMv6-L Raspberry Pi 1 that can be built to an SD card image with:
10#   `nix build .#nixosConfigurations.mouse-install.config.system.build.toplevel
11#
12# Some package can't be cross compiled to ARMv6-L Linux from x86_64 Linux in nixpkgs revision
13# b8dd8be3c790215716e7c12b247f45ca525867e2 (e.g. nvim) so are excluded.
14#
15# To automatically join a Tailscale network at freumh.org add the secret in a `headscale` file
16# in the project root.
17{
18  imports = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];
19
20  # from hardware-configuration.nix
21  # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318
22  boot.initrd.availableKernelModules = lib.mkForce [ ];
23
24  networking.useDHCP = lib.mkDefault true;
25
26  hardware.enableRedistributableFirmware = lib.mkDefault true;
27
28  console = {
29    font = "Lat2-Terminus16";
30    keyMap = "uk";
31  };
32
33  nixpkgs.hostPlatform = lib.systems.examples.raspberryPi;
34
35  programs.bash.shellInit = ''
36    export VISUAL=vim
37    set -o vi
38  '';
39
40  users =
41    let
42      hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";
43    in
44    {
45      mutableUsers = false;
46      users.ryan = {
47        isNormalUser = true;
48        extraGroups = [
49          "wheel" # enable sudo
50        ];
51        hashedPassword = hashedPassword;
52        openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];
53      };
54      users.root = {
55        hashedPassword = hashedPassword;
56        openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];
57      };
58    };
59
60  environment.systemPackages = with pkgs; [
61    vim
62    tmux
63  ];
64
65  services.tailscale = {
66    enable = true;
67    #authKeyFile = ../../headscale;
68    extraUpFlags = [ "--login-server https://headscale.freumh.org" ];
69  };
70  networking.firewall = {
71    checkReversePath = "loose";
72    trustedInterfaces = [ "tailscale0" ];
73    allowedUDPPorts = [ config.services.tailscale.port ];
74  };
75
76  services.openssh = {
77    enable = true;
78    openFirewall = lib.mkDefault false;
79    settings = {
80      PermitRootLogin = "yes";
81      PasswordAuthentication = false;
82    };
83  };
84}