julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Start migration to using flake-parts

Browse Source
This commit is contained in:
Julian Mutter
2026-03-23 20:34:48 +01:00
parent ba56618049
commit 6cbe60c784
158 changed files with 1935 additions and 1830 deletions
Download Patch File Download Diff File Expand all files Collapse all files

523
hosts/pianonix/default.nix
View File

@@ -1,276 +1,285 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
lib,
inputs,
config,
pkgs,
self,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix
../common/global
../common/users/julian
../common/optional/binarycaches.nix
../common/optional/pipewire.nix
../common/optional/remote-builder.nix
../common/optional/pcmanfm.nix
../common/optional/redshift.nix
../common/optional/authentication.nix
../common/optional/avahi.nix
];
environment.systemPackages = [
(pkgs.python3.withPackages (p:
with p; [
numpy
pillow
flask
rpi-gpio
webcolors
psutil
mido
rtmidi-python
spidev
waitress
websockets
werkzeug
pkgs.frajul.rpi-ws281x-python
]))
];
# disko.devices.disk.main.device = "/dev/mmcblk1";
# enabled by fish, disabling speeds up builds
documentation.man.generateCaches = false;
# networking.enableIPv6 = false; # This only leads to issues with avahi
# services.avahi.ipv6 = false;
hardware.raspberry-pi."4".bluetooth.enable = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
services.blueman.enable = true; # bluetooth gui
# raspberry pi specific
# systemd.services.btattach = {
# before = [ "bluetooth.service" ];
# after = [ "dev-ttyAMA0.device" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
# };
# };
# networking.wireless.enable = true;
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "SMARTments".pskRaw = "ext:PSK";
# };
# networking.networkmanager.enable = lib.mkForce false;
services.gnome.at-spi2-core.enable = true; # for onboard
networking.hostName = "pianonix";
system.stateVersion = "22.11";
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
sopsFile = ./secrets-vnc-passwd.bin;
format = "binary";
};
sops.secrets."wifi/pianonix" = {};
sops.secrets."syncthing/pianonix/key" = {};
sops.secrets."syncthing/pianonix/cert" = {};
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { };
sops.secrets."wg-config" = {
sopsFile = ./secrets-wg-config.bin;
format = "binary";
};
networking.wg-quick.interfaces = {
home = {
configFile = config.sops.secrets."wg-config".path;
autostart = true; # This interface is started on boot
};
};
modules = {
syncthing = {
enable = true;
overrideSettings = true;
};
};
# Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xfce";
services.displayManager.autoLogin = {
enable = true;
user = "julian";
};
systemd.services.x11vnc = {
description = "Run x11vnc server";
after = ["display-manager.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
config.sops.secrets."vnc-passwd".path
} -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
User = config.users.users.julian.name;
Restart = "on-failure";
Environment = "DISPLAY=:0";
};
};
boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
# De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ];
services.xserver.enable = true;
services.xserver.desktopManager = {
xfce = {
enable = true;
};
};
services.xserver.displayManager.sessionCommands = ''
# Prevent screen from going blank or turning off (values in min)
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
'';
services.xserver.xautolock.enable = false;
services.xserver.desktopManager.xfce.enableScreensaver = false;
# xdg.portal.lxqt.enable = true;
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
};
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
];
services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
services.syncthing.settings = {
devices = {
"aspi-nix" = {
id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
};
"pianonix" = {
id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
};
};
folders = {
"Klavier" = {
path = "/home/julian/Klavier";
id = "flc3m-q4gp2";
devices = [
"aspi-nix"
"pianonix"
];
};
};
};
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
5900 # for vnc
];
# Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
# If no user is logged in, the machine will power down after 20 minutes.
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;
## Raspberry pi specific config
# hardware.raspberry-pi."4" = {
# fkms-3d.enable = true;
# touch-ft5406.enable = true;
# };
# Prevent host becoming unreachable on wifi after some time (for raspberry pi)
networking.networkmanager.wifi.powersave = false;
# Enable audio devices on raspberry pi
# boot.kernelParams = [
# "snd_bcm2835.enable_hdmi=1"
# "snd_bcm2835.enable_headphones=1"
# ];
# boot.loader.raspberryPi.firmwareConfig = ''
# dtparam=audio=on
# '';
## Enable SPI
hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true;
hardware.deviceTree = {
enable = true;
filter = lib.mkForce "*-rpi-4*.dtb";
overlays = [
{
name = "spi";
dtboFile = ./spi0-0cs.dtbo;
}
flake.nixosConfigurations.pianonix = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.hosts.pianonix
];
};
users.groups.spi = {};
flake.nixosModules.hosts.pianonix = {
lib,
inputs,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
# services.udev.extraRules = ''
# SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
# '';
./hardware-configuration.nix
## Use GPIO as non-root
# Create gpio group
users.groups.gpio = {};
../common/global
../common/users/julian
../common/optional/binarycaches.nix
# Change permissions gpio devices
services.udev.extraRules = ''
SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
../common/optional/pipewire.nix
../common/optional/remote-builder.nix
../common/optional/pcmanfm.nix
../common/optional/redshift.nix
../common/optional/authentication.nix
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
../common/optional/avahi.nix
];
# Add user to group
users.users.julian.extraGroups = ["gpio"];
environment.systemPackages = [
(pkgs.python3.withPackages (p:
with p; [
numpy
pillow
flask
rpi-gpio
webcolors
psutil
mido
rtmidi-python
spidev
waitress
websockets
werkzeug
## My own Piano LED Visualizer
services.piano-led-visualizer.enable = true;
pkgs.frajul.rpi-ws281x-python
]))
];
## Crude fix for avahi
systemd.timers.avahiRestart = {
description = "Restart avahi-daemon every 5 minutes";
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "avahiRestart.service";
# disko.devices.disk.main.device = "/dev/mmcblk1";
# enabled by fish, disabling speeds up builds
documentation.man.generateCaches = false;
# networking.enableIPv6 = false; # This only leads to issues with avahi
# services.avahi.ipv6 = false;
hardware.raspberry-pi."4".bluetooth.enable = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
services.blueman.enable = true; # bluetooth gui
# raspberry pi specific
# systemd.services.btattach = {
# before = [ "bluetooth.service" ];
# after = [ "dev-ttyAMA0.device" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
# };
# };
# networking.wireless.enable = true;
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "SMARTments".pskRaw = "ext:PSK";
# };
# networking.networkmanager.enable = lib.mkForce false;
services.gnome.at-spi2-core.enable = true; # for onboard
networking.hostName = "pianonix";
system.stateVersion = "22.11";
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
sopsFile = ./secrets-vnc-passwd.bin;
format = "binary";
};
};
sops.secrets."wifi/pianonix" = {};
sops.secrets."syncthing/pianonix/key" = {};
sops.secrets."syncthing/pianonix/cert" = {};
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { };
systemd.services.avahiRestart = {
description = "Restart avahi-daemon service";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service";
sops.secrets."wg-config" = {
sopsFile = ./secrets-wg-config.bin;
format = "binary";
};
networking.wg-quick.interfaces = {
home = {
configFile = config.sops.secrets."wg-config".path;
autostart = true; # This interface is started on boot
};
};
modules = {
syncthing = {
enable = true;
overrideSettings = true;
};
};
# Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xfce";
services.displayManager.autoLogin = {
enable = true;
user = "julian";
};
systemd.services.x11vnc = {
description = "Run x11vnc server";
after = ["display-manager.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
config.sops.secrets."vnc-passwd".path
} -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
User = config.users.users.julian.name;
Restart = "on-failure";
Environment = "DISPLAY=:0";
};
};
boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
# De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ];
services.xserver.enable = true;
services.xserver.desktopManager = {
xfce = {
enable = true;
};
};
services.xserver.displayManager.sessionCommands = ''
# Prevent screen from going blank or turning off (values in min)
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
'';
services.xserver.xautolock.enable = false;
services.xserver.desktopManager.xfce.enableScreensaver = false;
# xdg.portal.lxqt.enable = true;
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
};
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
];
services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
services.syncthing.settings = {
devices = {
"aspi-nix" = {
id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
};
"pianonix" = {
id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
};
};
folders = {
"Klavier" = {
path = "/home/julian/Klavier";
id = "flc3m-q4gp2";
devices = [
"aspi-nix"
"pianonix"
];
};
};
};
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
5900 # for vnc
];
# Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
# If no user is logged in, the machine will power down after 20 minutes.
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;
## Raspberry pi specific config
# hardware.raspberry-pi."4" = {
# fkms-3d.enable = true;
# touch-ft5406.enable = true;
# };
# Prevent host becoming unreachable on wifi after some time (for raspberry pi)
networking.networkmanager.wifi.powersave = false;
# Enable audio devices on raspberry pi
# boot.kernelParams = [
# "snd_bcm2835.enable_hdmi=1"
# "snd_bcm2835.enable_headphones=1"
# ];
# boot.loader.raspberryPi.firmwareConfig = ''
# dtparam=audio=on
# '';
## Enable SPI
hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true;
hardware.deviceTree = {
enable = true;
filter = lib.mkForce "*-rpi-4*.dtb";
overlays = [
{
name = "spi";
dtboFile = ./spi0-0cs.dtbo;
}
];
};
users.groups.spi = {};
# services.udev.extraRules = ''
# SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
# '';
## Use GPIO as non-root
# Create gpio group
users.groups.gpio = {};
# Change permissions gpio devices
services.udev.extraRules = ''
SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
# Add user to group
users.users.julian.extraGroups = ["gpio"];
## My own Piano LED Visualizer
services.piano-led-visualizer.enable = true;
## Crude fix for avahi
systemd.timers.avahiRestart = {
description = "Restart avahi-daemon every 5 minutes";
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "avahiRestart.service";
};
};
systemd.services.avahiRestart = {
description = "Restart avahi-daemon service";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service";
};
};
};
}