hosts/mouse/sd-image.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / hosts / mouse / sd-image.nix
at master 2.1 kB view raw
 1{
 2  nixpkgs,
 3  lib,
 4  pkgs,
 5  config,
 6  ...
 7}:
 8
 9{
10  imports = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ];
11
12  # from hardware-configuration.nix
13  # https://github.com/NixOS/nixpkgs/issues/141470#issuecomment-996202318
14  boot.initrd.availableKernelModules = lib.mkForce [
15    "xhci_pci"
16    "usbhid"
17  ];
18  #boot.initrd.availableKernelModules = lib.mkForce [ ];
19
20  boot.initrd.kernelModules = [ ];
21  boot.kernelModules = [ ];
22  boot.extraModulePackages = [ ];
23
24  swapDevices = [
25    {
26      device = "/var/swap";
27      size = 4096;
28    }
29  ];
30
31  networking.useDHCP = lib.mkDefault true;
32
33  hardware.enableRedistributableFirmware = lib.mkDefault true;
34
35  # https://discourse.nixos.org/t/building-libcamera-for-raspberry-pi/26133/7
36  nixpkgs.hostPlatform = {
37    system = "armv6l-linux";
38    gcc = {
39      arch = "armv6k";
40      fpu = "vfp";
41    };
42  };
43  # required removing ncdu, pandoc, nix-tree, and neovim for cross-compilation
44
45  networking.hostName = "mouse";
46
47  users =
48    let
49      hashedPassword = "$6$IPvnJnu6/fp1Jxfy$U6EnzYDOC2NqE4iqRrkJJbSTHHNWk0KwK1xyk9jEvlu584UWQLyzDVF5I1Sh47wQhSVrvUI4mrqw6XTTjfPj6.";
50    in
51    {
52      mutableUsers = false;
53      users.ryan = {
54        isNormalUser = true;
55        extraGroups = [
56          "wheel" # enable sudo
57        ];
58        hashedPassword = hashedPassword;
59        openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];
60      };
61      users.root = {
62        hashedPassword = hashedPassword;
63        openssh.authorizedKeys.keyFiles = [ ../../modules/authorized_keys ];
64      };
65    };
66
67  environment.systemPackages = with pkgs; [ vim ];
68
69  services.tailscale = {
70    enable = true;
71    #authKeyFile = ../../headscale;
72    extraUpFlags = [ "--login-server https://headscale.freumh.org" ];
73  };
74  networking.firewall = {
75    checkReversePath = "loose";
76    trustedInterfaces = [ "tailscale0" ];
77    allowedUDPPorts = [ config.services.tailscale.port ];
78  };
79
80  services.openssh = {
81    enable = true;
82    openFirewall = lib.mkDefault false;
83    settings = {
84      PermitRootLogin = "yes";
85      PasswordAuthentication = false;
86    };
87  };
88}