rpi5: initial config

JamieMagee · Dec 26, 2024 · 67ed88e · 67ed88e
1 parent f004b0b
commit 67ed88e
Show file tree

Hide file tree

Showing 11 changed files with 409 additions and 0 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -14,6 +14,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    raspberry-pi-nix = {
+      url = "github:nix-community/raspberry-pi-nix/v0.4.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     deploy-rs = {
       url = "github:serokell/deploy-rs";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -92,13 +97,15 @@
       nixosConfigurations = {
         jamie-desktop = mkSystem "jamie-desktop" "x86_64-linux" [ ];
         rpi = mkSystem "rpi" "aarch64-linux" [ ];
+        rpi5 = mkSystem "rpi5" "aarch64-linux" [ ];
         jamie-hyperv = mkSystem "jamie-hyperv" "x86_64-linux" [ ];
         alfred = mkSystem "alfred" "x86_64-linux" [ ];
       };
 
       homeConfigurations = {
         "jamie@jamie-desktop" = mkHome "jamie" "wsl" "x86_64-linux" [ ];
         "jamie@rpi" = mkHome "jamie" "rpi" "aarch64-linux" [ ];
+        "jamie@rpi5" = mkHome "jamie" "rpi5" "aarch64-linux" [ ];
         "jamie@jamie-hyperv" = mkHome "jamie" "jamie-hyperv" "x86_64-linux" [ ];
         "jamie@alfred" = mkHome "jamie" "alfred" "x86_64-linux" [ ];
         "jamie@generic" = mkHome "jamie" "generic" "x86_64-linux" [ ];

diff --git a/home/jamie/rpi5.nix b/home/jamie/rpi5.nix
@@ -0,0 +1,8 @@
+{ inputs, ... }:
+{
+  imports = [
+    ./global
+
+    ./features/cli
+  ];
+}
diff --git a/hosts/common/global/nix.nix b/hosts/common/global/nix.nix
@@ -18,6 +18,18 @@
         "flakes"
       ];
       warn-dirty = false;
+      substituters = [
+        "https://cache.nixos.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-substituters = [
+        "https://cache.nixos.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
     };
     package = pkgs.nixVersions.latest;
     gc = {

diff --git a/hosts/rpi5/README.md b/hosts/rpi5/README.md
diff --git a/hosts/rpi5/default.nix b/hosts/rpi5/default.nix
@@ -0,0 +1,23 @@
+{ inputs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global
+    ../common/users/jamie.nix
+
+    ../common/optional/vscode-server.nix
+
+    ./services
+  ];
+
+  networking = {
+    hostName = "rpi5";
+  };
+
+  hardware.bluetooth.enable = true;
+
+  raspberry-pi-nix.libcamera-overlay.enable = false;
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/rpi5/hardware-configuration.nix b/hosts/rpi5/hardware-configuration.nix
@@ -0,0 +1,39 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.raspberry-pi-nix.nixosModules.raspberry-pi
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+    "/boot/firmware" = {
+      device = "/dev/disk/by-label/FIRMWARE";
+      fsType = "vfat";
+    };
+  };
+
+  hardware = {
+    raspberry-pi = {
+      config = {
+        all = {
+          base-dt-params = {
+            usb_max_current_enable = {
+              enable = true;
+              value = 1;
+            };
+            pciex1_gen = {
+              value = 3;
+              enable = true;
+            };
+          };
+        };
+      };
+    };
+  };
+
+  raspberry-pi-nix.board = "bcm2712";
+  nixpkgs.hostPlatform.system = "aarch64-linux";
+}
diff --git a/hosts/rpi5/services/adguard.nix b/hosts/rpi5/services/adguard.nix
@@ -0,0 +1,29 @@
+{
+  services.adguardhome = {
+    enable = true;
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      53
+      853
+    ];
+    allowedUDPPorts = [
+      53
+      853
+    ];
+  };
+
+  services.caddy.virtualHosts."rpi5.tailnet-0b15.ts.net" = {
+    extraConfig = ''
+      handle_path /dns* {
+        reverse_proxy http://[::1]:3000
+      }
+
+      @dns {
+        header Referer https://rpi5.tailnet-0b15.ts.net/dns
+      }
+      reverse_proxy @dns http://[::1]:3000
+    '';
+  };
+}
diff --git a/hosts/rpi5/services/caddy.nix b/hosts/rpi5/services/caddy.nix
@@ -0,0 +1,24 @@
+{ config, ... }:
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts."rpi5.tailnet-0b15.ts.net".extraConfig = ''
+      header X-Content-Type-Options nosniff
+      header X-Frame-Options SAMEORIGIN
+      header -Server
+    '';
+  };
+
+  networking.firewall.interfaces.tailscale0 = {
+    allowedTCPPorts = [
+      80
+      443
+    ];
+    allowedUDPPorts = [
+      80
+      443
+    ];
+  };
+
+  services.tailscale.permitCertUid = config.services.caddy.user;
+}
diff --git a/hosts/rpi5/services/default.nix b/hosts/rpi5/services/default.nix
@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./adguard.nix
+    ./caddy.nix
+    ./home-assistant
+  ];
+}