hosts/organelle/configuration.nix at 7c02e516ff4f48b9eaa050d4859d0d33396277ec · seanaye.bsky.social/nixos-config

me like nix

nixos-config / hosts / organelle / configuration.nix

at 7c02e516ff4f48b9eaa050d4859d0d33396277ec 2.5 kB View raw

Sean Aye allow more keys 3mo ago

 1{ pkgs, lib, inputs, config, ... }:
 2
 3{
 4  imports = [ ../pi-common/wifi.nix ];
 5
 6  networking.hostName = "organelle";
 7
 8  # CM3+ uses BCM2837 (same SoC as Pi 3 / Pi Zero 2W)
 9  boot.kernelPackages = pkgs.linuxPackages_rpi3;
10  boot.supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
11  boot.initrd.systemd.enable = false;
12
13  # Use firmware DTB (has RPi-specific labels)
14  hardware.deviceTree.enable = lib.mkForce false;
15
16  # Enable SPI in firmware config.txt
17  sdImage.populateFirmwareCommands = lib.mkAfter ''
18    chmod u+w ./firmware/config.txt
19    cat >> ./firmware/config.txt << EOF
20dtparam=spi=on
21gpu_mem=64
22hdmi_force_hotplug=1
23EOF
24  '';
25
26  hardware.enableRedistributableFirmware = true;
27
28  # Organelle hello world app
29  environment.systemPackages = [
30    inputs.organelle-hello.packages.aarch64-linux.default
31  ];
32
33  # Run on boot
34  systemd.services.organelle-hello = {
35    description = "Organelle Hello World";
36    wantedBy = [ "multi-user.target" ];
37    serviceConfig = {
38      ExecStart = "${inputs.organelle-hello.packages.aarch64-linux.default}/bin/organelle-hello";
39      Restart = "on-failure";
40      # Root needed for GPIO/SPI access via rppal
41      User = "root";
42    };
43  };
44
45  # GPIO/SPI device permissions
46  services.udev.extraRules = ''
47    SUBSYSTEM=="spidev", GROUP="gpio", MODE="0660"
48    SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660"
49  '';
50
51  # User config
52  users.users.sean = {
53    isNormalUser = true;
54    extraGroups = [ "wheel" "gpio" ];
55    openssh.authorizedKeys.keys = [
56      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCIqgZ7kedxo+mOW7YG73Vp3zel3h180y3GKvHtRsXfGlpIIvRDy7pgCBQ4AGXYD4y78URQmFohYSAPqCPOPaWcU2un3XG9KvCzEsHmsbskPonitUmCiKvrKkb6oW4jCBtd7AEtBn+AiajAQFtPZ7NN2Df3AmTypvR6Irg7R+nxnfc9NTIHmGvxSDyWcbb4pguL20sctUSqGL6xGh8q/bqhdOThSimM+z9bEUNxK/5rPhwkNniMrp4pJcUrUiAh5/4DiRFG6KT+oeg+/myoz/Z1sPvAs7u/8JDQI4RshRD8Hu0oTkRBN6Hxj478q2SXbeBUZlD6IdjP3RhGpmSecoDdtWqKbpuV3eVRtQtba3KL86GBeV/bugaOdJ1Aud+1SOFJreAAuvxzMMKT+cdQZk6oOPP148DA/No+mDm/2S43lcdCXh79wA6YRAmKQ8jmZxTCtPutrvuZK1rguvvUlEoG/vhdNHh7eDa4Td07V6bjCRPUl8qk/e4M0E3pwsTlZc="
57      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOIgEteUEW06dnBHe2z8vNLwz2iMKe8bba6JgMmOUpcBAAAABHNzaDo= sean@framework16"
58    ];
59  };
60
61  services.openssh = {
62    enable = true;
63    settings = {
64      PasswordAuthentication = false;
65      PermitRootLogin = "no";
66    };
67  };
68
69  security.sudo.wheelNeedsPassword = false;
70  networking.useDHCP = true;
71
72  system.stateVersion = "24.11";
73}

Configure Feed

Configure Feed