nixos-config/rpi4.nix

{ config, pkgs, ... }:

with builtins; {
  imports = [
    # ./hardware/base.nix
    ./hardware/gpu-rpi4.nix
    # ./system
    ./system/nix.nix
    ./system/i18n.nix
    ./system/networking.nix
    ./services/restic/rpi4.nix
    ./services/syncthing/rpi4.nix
    ./services/kodi.nix
    ./services/jellyfin.nix
    ./services/etebase.nix
    # ./services/photoprism.nix # TODO not working on aarch64 due to tensorflow
    ./services/home-assistant.nix
    ./services/owntracks.nix
  ];

  nixpkgs.config.allowUnfree = true;

  # rpi4 base config
  boot.loader.grub.enable = false;
  boot.loader.raspberryPi.enable = true;
  boot.loader.raspberryPi.version = 4;
  boot.kernelPackages = pkgs.linuxPackages_rpi4;
  boot.kernelParams = [ "console=ttyAMA0,115200" "console=tty1" ];
  hardware.enableRedistributableFirmware = true;

  networking.domain = "home.felschr.com";

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  security.acme = {
    acceptTerms = true;
    email = "dev@felschr.com";
  };

  services.cfdyndns = {
    enable = true;
    email = "felschr@pm.me";
    apikeyFile = "/etc/nixos/secrets/cfdyndns-apikey";
    records = [
      "*.home.felschr.com"
      "home.felschr.com"
      "owntracks.felschr.com"
      "etebase.felschr.com"
    ];
  };

  services.nginx = {
    enable = true;

    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    virtualHosts = {
      ${config.networking.domain} = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://localhost:8123";
          proxyWebsockets = true;
        };
      };
    };
  };

  programs.zsh.enable = true;

  services.openssh = {
    enable = true;
    challengeResponseAuthentication = false;
    passwordAuthentication = false;
    permitRootLogin = "no";
  };

  boot.initrd.network.ssh = {
    enable = true;
    authorizedKeys = [ (readFile "./key") ];
  };

  users.users.felschr = {
    isNormalUser = true;
    extraGroups = [ "wheel" "audio" "disk" "media" ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keyFiles = [ ./key ];
  };

  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
    backupFileExtension = "backup";
    users.felschr = import ./home/felschr-rpi4.nix;
  };

  # only change this when specified in release notes
  system.stateVersion = "20.09";
}
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`{ config, pkgs, ... }:`

feat: add syncthing 2020-10-06 17:41:56 +02:00			`with builtins; {`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`imports = [`
			`# ./hardware/base.nix`
fix(rpi4): set up GPU support 2020-10-06 18:09:04 +02:00			`./hardware/gpu-rpi4.nix`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`# ./system`
			`./system/nix.nix`
			`./system/i18n.nix`
feat(rpi4): enable networking config 2021-05-11 21:26:18 +02:00			`./system/networking.nix`
feat(rpi4): add restic backup service 2021-03-21 14:24:35 +01:00			`./services/restic/rpi4.nix`
fix(rpi4): switch to correct syncthing module 2020-10-06 17:44:49 +02:00			`./services/syncthing/rpi4.nix`
feat(rpi4): add kodi 2021-03-13 12:55:00 +01:00			`./services/kodi.nix`
feat: add syncthing 2020-10-06 17:41:56 +02:00			`./services/jellyfin.nix`
feat(rpi4): add etebase-server 2021-02-15 21:06:51 +01:00			`./services/etebase.nix`
fix(rpi4): disable photoprism due to issues on aarch64 2021-04-04 20:34:32 +02:00			`# ./services/photoprism.nix # TODO not working on aarch64 due to tensorflow`
feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`./services/home-assistant.nix`
feat(rpi4): add owntracks config 2020-12-02 10:33:12 +01:00			`./services/owntracks.nix`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`];`

			`nixpkgs.config.allowUnfree = true;`

			`# rpi4 base config`
			`boot.loader.grub.enable = false;`
			`boot.loader.raspberryPi.enable = true;`
			`boot.loader.raspberryPi.version = 4;`
			`boot.kernelPackages = pkgs.linuxPackages_rpi4;`
feat: add syncthing 2020-10-06 17:41:56 +02:00			`boot.kernelParams = [ "console=ttyAMA0,115200" "console=tty1" ];`
chore: adjust enabled firmware 2020-10-03 16:25:05 +02:00			`hardware.enableRedistributableFirmware = true;`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00
feat(rpi4): setup acme and cfdyndns 2020-10-03 16:23:36 +02:00			`networking.domain = "home.felschr.com";`

feat: add syncthing 2020-10-06 17:41:56 +02:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
feat(rpi4): setup acme and cfdyndns 2020-10-03 16:23:36 +02:00
			`security.acme = {`
			`acceptTerms = true;`
feat(rpi4): update cfdyndns & acme setup 2021-02-14 23:49:43 +01:00			`email = "dev@felschr.com";`
feat(rpi4): setup acme and cfdyndns 2020-10-03 16:23:36 +02:00			`};`

chore(flake): update inputs 2020-11-14 11:16:08 +01:00			`services.cfdyndns = {`
feat(rpi4): setup acme and cfdyndns 2020-10-03 16:23:36 +02:00			`enable = true;`
			`email = "felschr@pm.me";`
			`apikeyFile = "/etc/nixos/secrets/cfdyndns-apikey";`
fix: remove system.autoUpgrade 2021-02-16 16:51:10 +01:00			`records = [`
feat(rpi4): update cfdyndns & acme setup 2021-02-14 23:49:43 +01:00			`"*.home.felschr.com"`
			`"home.felschr.com"`
			`"owntracks.felschr.com"`
feat(rpi4): add etebase-server 2021-02-15 21:06:51 +01:00			`"etebase.felschr.com"`
feat(rpi4): update cfdyndns & acme setup 2021-02-14 23:49:43 +01:00			`];`
feat(rpi4): setup acme and cfdyndns 2020-10-03 16:23:36 +02:00			`};`

feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`services.nginx = {`
			`enable = true;`

			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`

			`virtualHosts = {`
feat(home-manager): set backupFileExtension 2020-11-07 11:59:08 +01:00			`${config.networking.domain} = {`
feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:8123";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`
			`};`

feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`programs.zsh.enable = true;`

feat(rpi4): switch to key authentication for openssh 2020-10-03 19:13:33 +02:00			`services.openssh = {`
			`enable = true;`
			`challengeResponseAuthentication = false;`
			`passwordAuthentication = false;`
			`permitRootLogin = "no";`
			`};`

			`boot.initrd.network.ssh = {`
			`enable = true;`
feat: add syncthing 2020-10-06 17:41:56 +02:00			`authorizedKeys = [ (readFile "./key") ];`
feat(rpi4): switch to key authentication for openssh 2020-10-03 19:13:33 +02:00			`};`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00
			`users.users.felschr = {`
			`isNormalUser = true;`
feat(jellyfin): change user & group 2021-05-27 12:38:34 +02:00			`extraGroups = [ "wheel" "audio" "disk" "media" ];`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`shell = pkgs.zsh;`
feat(rpi4): switch to key authentication for openssh 2020-10-03 19:13:33 +02:00			`openssh.authorizedKeys.keyFiles = [ ./key ];`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`};`

			`home-manager = {`
			`useUserPackages = true;`
			`useGlobalPkgs = true;`
feat(home-manager): set backupFileExtension 2020-11-07 11:59:08 +01:00			`backupFileExtension = "backup";`
feat: add initial rpi4 config 2020-09-27 14:27:25 +02:00			`users.felschr = import ./home/felschr-rpi4.nix;`
			`};`

			`# only change this when specified in release notes`
			`system.stateVersion = "20.09";`
			`}`