updates

flake.nix

@@ -64,9 +64,17 @@
           system = "x86_64-linux";
           hostName = "wsl-dev";
         }
+        // flakeLib.mkNixosConfiguration {
+          inherit inputs nixpkgs outputs flakeLib overlays vars;
+          system = "x86_64-linux";
+          hostName = "pi-installer";
+          modules = [
+              inputs.raspberry-pi-nix.nixosModules.sd-image
+          ];
+        }
         // flakeLib.mkNixosConfiguration {
           inherit inputs outputs nixpkgs vars flakeLib overlays;
-            system = "aarch64-linux";
+          system = "aarch64-linux";
           hostName = "pi0";
         }
         // flakeLib.mkNixosConfiguration {
@@ -131,8 +139,17 @@
           description = "";
         };
       };
+      images = {
+        pi-installer = self.outputs.nixosConfigurations.pi-installer.config.system.build.sdImage;
+      };
     }
-    // flake-utils.lib.eachDefaultSystem (system: { });
+    // flake-utils.lib.eachDefaultSystem (system: let 
+      pkgs = import nixpkgs {
+        inherit system;
+      };
+    in { 
+      devShells.default = pkgs.mkShell {};
+    });
 
   inputs = {
     # System
@@ -159,9 +176,9 @@
       inputs.systems.follows = "systems";
     };
     sops-nix = {
-        url = "github:Mic92/sops-nix";
+      url = "github:Mic92/sops-nix";
-        inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-      };
+    };
     nixos-wsl = {
       url = "github:nix-community/NixOS-WSL";
       inputs = {

lib/mkNixosConfiguration.nix

@@ -1,13 +1,13 @@
-{
+{ inputs
-  inputs,
+, outputs
-  outputs,
+, flakeLib
-  flakeLib,
+, overlays
-  overlays,
+, system
-  system,
+, hostName
-  hostName,
+, nixpkgs
-  nixpkgs,
+, vars
-  vars,
+, modules ? [ ]
-  ...
+, ...
 }: {
   ${hostName} = nixpkgs.lib.nixosSystem {
     inherit system;
@@ -21,6 +21,6 @@
     };
     modules = [
       ../profiles/nixos/${hostName}/configuration.nix
-    ];
+    ] ++ modules;
   };
 }

modules/home-manager/base/nixpkgs.nix

@@ -1,5 +1,6 @@
-{
+{pkgs, ...}: {
   nixpkgs = {
     config.allowUnfree = true;
   };
+  nix.package = pkgs.nix;
 }

modules/home-manager/binary-cache/default.nix

@@ -3,7 +3,7 @@ _: {
     # package = pkgs.nix;
     settings = {
       substituters = [
-        "http://nixcache.odie.home.arpa"
+        "http://nix-cache.gaja-group.intranet:5000"
         "https://nix-community.cachix.org"
         "https://cache.nixos.org/"
       ];

modules/home-manager/desktop/theme/gtk.nix

@@ -19,7 +19,7 @@
         package = pkgs.papirus-icon-theme;
       };
       theme = {
-        name = "Catppuccin-Mocha-Standard-Blue-Dark";
+        name = "catppuccin-mocha-blue-standard+default";
         package = pkgs.catppuccin-gtk;
       };
     };

modules/home-manager/sops/default.nix

@@ -1,12 +1,12 @@
-{ inputs, ... }: {
+{ inputs, vars, ... }: {
   imports = [
     inputs.sops-nix.homeManagerModules.sops
   ];
 
   sops = {
-    age.keyFile = "/home/user/.age-key.txt"; # must have no password!
+    #age.keyFile = "/home/${vars.username}/.sops-key.txt"; # must have no password!
     # It's also possible to use a ssh key, but only when it has no password:
-    #age.sshKeyPaths = [ "/home/user/path-to-ssh-key" ];
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     defaultSopsFile = ../../../secrets/general.yaml;
     secrets.hello = {
       # sopsFile = ./secrets.yml.enc; # optionally define per-secret files

modules/nixos/base/nixos/default.nix

@@ -12,23 +12,22 @@
         automatic = true;
       };
       channel.enable = false;
-
       registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
       nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
       settings = {
-        trusted-users = [ "root" "@wheel" ];
+        trusted-users = [ "@wheel" ];
         experimental-features = [ "nix-command" "flakes" ];
         auto-optimise-store = true;
         substituters = [
-          "http://nix-cache.gaja-group.intranet:5000"
           "https://nix-community.cachix.org"
-          "https://cache.nixos.org"
+          "http://nix-cache.gaja-group.intranet:5000"
         ];
         trusted-public-keys = [
           "nix-cache.gaja-group.intranet:EcUsafvI9NUrnab3DA71s2PGjAYMgct0FOvCwdYuStw="
           "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         ];
         nix-path = config.nix.nixPath;
+        flake-registry = "";
       };
       gc = {
         automatic = true;
@@ -38,10 +37,7 @@
       buildMachines = [
         {
           hostName = "nix-cache.gaja-group.intranet";
-          #system = "x86_64-linux";
           protocol = "ssh-ng";
-          # if the builder supports building for multiple architectures,
-          # replace the previous line by, e.g.,
           systems = [ "x86_64-linux" "aarch64-linux" ];
           maxJobs = 4;
           speedFactor = 2;
@@ -50,7 +46,6 @@
         }
       ];
       distributedBuilds = true;
-      # optional, useful when the builder has a faster internet connection than yours
       extraOptions = ''
         builders-use-substitutes = true
       '';

modules/nixos/base/raspberry-pi/cec/default.nix

@@ -11,5 +11,14 @@
     environment.systemPackages = with pkgs; [
       libcec
     ];
+
+    nixpkgs = {
+      overlays = [
+        (final: prev: {
+          makeModulesClosure = x: prev.makeModulesClosure (x // { allowMissing = true; });
+          libcec = prev.libcec.override { withLibraspberrypi = true; };
+        })
+      ];
+    };
   };
 }

modules/nixos/desktop/fonts/default.nix

@@ -7,7 +7,8 @@
       noto-fonts
       noto-fonts-emoji
       sarasa-gothic
-      (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
+      nerd-fonts.symbols-only
+      #(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
     ];
     fontconfig = {
       antialias = true;

profiles/home-manager/odie@pi0/home.nix

@@ -1,6 +1,7 @@
 { outputs, ... }: {
   imports = [
     outputs.homeManagerModules.base
+    outputs.homeManagerModules.shell
     outputs.homeManagerModules.user
   ];
 }

profiles/home-manager/odie@wanaheim/home.nix

@@ -12,6 +12,7 @@
     outputs.homeManagerModules.games
     outputs.homeManagerModules.user
     outputs.homeManagerModules.binary-cache
+    outputs.homeManagerModules.sops
   ];
   home.stateVersion = "23.11";
   desktop = {

profiles/nixos/pi-installer/configuration.nix

@@ -0,0 +1,30 @@
+{ nixpkgs
+, pkgs
+, outputs
+, vars
+, ...
+}:
+{
+  imports = [
+    #inputs.nixos-hardware.nixosModules.raspberry-pi-4
+    outputs.nixosModules.base
+    outputs.nixosModules.raspberry-pi
+    ./hardware-configuration.nix
+  ];
+
+  networking = {
+    inherit (vars) hostName domain;
+  };
+  security.rtkit.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    libraspberrypi
+    raspberrypi-eeprom
+    nfs-utils
+  ];
+
+  users.users.odie.initialPassword = "odie";
+
+  programs.zsh.enable = true;
+
+}

profiles/nixos/pi-installer/hardware-configuration.nix

@@ -0,0 +1,83 @@
+{ lib, pkgs, ... }: {
+  boot = {
+    loader = {
+      systemd-boot.enable = false;
+    };
+  };
+
+  swapDevices = [{
+    device = "/var/lib/swapfile";
+    size = 4 * 1024;
+  }];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+
+  raspberry-pi-nix = {
+    board = "bcm2711";
+    uboot.enable = true;
+  };
+
+  hardware = {
+    raspberry-pi = {
+      enable = true;
+      config = {
+        pi4 = {
+          options = {
+            arm_boost = {
+              enable = true;
+              value = true;
+            };
+            gpu_mem = {
+              enable = true;
+              value = "256";
+            };
+          };
+          dt-overlays = {
+            vc4-kms-v3d = {
+              enable = true;
+              params = { cma-256 = { enable = true; }; };
+            };
+          };
+        };
+        all = {
+          options = {
+            arm_64bit = {
+              enable = true;
+              value = true;
+            };
+          };
+          base-dt-params = {
+            BOOT_UART = {
+              value = 1;
+              enable = true;
+            };
+            uart_2ndstage = {
+              value = 1;
+              enable = true;
+            };
+          };
+          dt-overlays = {
+            disable-bt = {
+              enable = true;
+              params = { };
+            };
+            vc4-kms-v3d = {
+              enable = true;
+              params = { };
+            };
+          };
+        };
+      };
+    };
+  };
+  system.stateVersion = "25.05";
+
+  nixpkgs.hostPlatform.system = "aarch64-linux";
+  #nixpkgs.buildPlatform.system = "x86_64-linux";
+}

profiles/nixos/wanaheim/configuration.nix

@@ -3,10 +3,11 @@
 }: {
   imports = [
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t410
-    inputs.nur.nixosModules.nur
+    inputs.nur.modules.nixos.default
     outputs.nixosModules.base
     outputs.nixosModules.desktop
     outputs.nixosModules.wsl
+    outputs.nixosModules.sops
     ./hardware-configuration.nix
   ];
 

remote-deploy.sh

@@ -5,6 +5,6 @@ set -e
 HOSTNAME=$1
 
 GC_FORCE_UNMAP_ON_GCOLLECT=1 nix build -L ".#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel"
-#nix copy --no-check-sigs --to "ssh-ng://root@${HOSTNAME}" "./result"
+nix copy --no-check-sigs --to "ssh-ng://root@${HOSTNAME}" "./result"
-#ssh "root@${HOSTNAME}" nix-env -p /nix/var/nix/profiles/system --set "$(readlink ./result)"
+ssh "root@${HOSTNAME}" nix-env -p /nix/var/nix/profiles/system --set "$(readlink ./result)"
-#ssh "root@${HOSTNAME}" /nix/var/nix/profiles/system/bin/switch-to-configuration switch
+ssh "root@${HOSTNAME}" /nix/var/nix/profiles/system/bin/switch-to-configuration switch