+34

flake.lock

Reviewed

··· 60 60 "type": "github" 61 61 } 62 62 }, 63 63 + "crane": { 64 64 + "locked": { 65 65 + "lastModified": 1771438068, 66 66 + "narHash": "sha256-nGBbXvEZVe/egCPVPFcu89RFtd8Rf6J+4RFoVCFec0A=", 67 67 + "owner": "ipetkov", 68 68 + "repo": "crane", 69 69 + "rev": "b5090e53e9d68c523a4bb9ad42b4737ee6747597", 70 70 + "type": "github" 71 71 + }, 72 72 + "original": { 73 73 + "owner": "ipetkov", 74 74 + "repo": "crane", 75 75 + "type": "github" 76 76 + } 77 77 + }, 63 78 "darwin": { 64 79 "inputs": { 65 80 "nixpkgs": [ ··· 347 362 "type": "github" 348 363 } 349 364 }, 365 365 + "organelle-hello": { 366 366 + "inputs": { 367 367 + "crane": "crane", 368 368 + "nixpkgs": [ 369 369 + "nixpkgs" 370 370 + ] 371 371 + }, 372 372 + "locked": { 373 373 + "lastModified": 1771523993, 374 374 + "narHash": "sha256-zcs8fYPMUrM7JnFte1pglV3Qr/3Q8UVLmvUHwzDjtOk=", 375 375 + "path": "/home/sean/dev/organelle-hello", 376 376 + "type": "path" 377 377 + }, 378 378 + "original": { 379 379 + "path": "/home/sean/dev/organelle-hello", 380 380 + "type": "path" 381 381 + } 382 382 + }, 350 383 "root": { 351 384 "inputs": { 352 385 "agenix": "agenix", ··· 357 390 "nixarr": "nixarr", 358 391 "nixos-hardware": "nixos-hardware", 359 392 "nixpkgs": "nixpkgs_5", 393 393 + "organelle-hello": "organelle-hello", 360 394 "zen-browser": "zen-browser" 361 395 } 362 396 },

+23

flake.nix

Reviewed

··· 23 23 url = "github:ryantm/agenix"; 24 24 inputs.nixpkgs.follows = "nixpkgs"; 25 25 }; 26 26 + organelle-hello = { 27 27 + url = "path:/home/sean/dev/organelle-hello"; 28 28 + inputs.nixpkgs.follows = "nixpkgs"; 29 29 + }; 26 30 }; 27 31 28 32 outputs = ··· 36 40 copyparty, 37 41 nixos-hardware, 38 42 agenix, 43 43 + organelle-hello, 39 44 ... 40 45 }@inputs: 41 46 { ··· 121 126 ./hosts/pizero/configuration.nix 122 127 123 128 # Allow missing kernel modules (Pi kernel doesn't have all x86 modules) 129 129 + ({ 130 130 + nixpkgs.overlays = [ 131 131 + (final: super: { 132 132 + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); 133 133 + }) 134 134 + ]; 135 135 + }) 136 136 + ]; 137 137 + specialArgs = { inherit inputs; }; 138 138 + }; 139 139 + 140 140 + organelle = nixpkgs.lib.nixosSystem { 141 141 + system = "aarch64-linux"; 142 142 + modules = [ 143 143 + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" 144 144 + agenix.nixosModules.default 145 145 + ./hosts/organelle/configuration.nix 146 146 + 124 147 ({ 125 148 nixpkgs.overlays = [ 126 149 (final: super: {

+72

hosts/organelle/configuration.nix

Reviewed

··· 1 1 + { pkgs, lib, inputs, config, ... }: 2 2 + 3 3 + { 4 4 + imports = [ ../pi-common/wifi.nix ]; 5 5 + 6 6 + networking.hostName = "organelle"; 7 7 + 8 8 + # CM3+ uses BCM2837 (same SoC as Pi 3 / Pi Zero 2W) 9 9 + boot.kernelPackages = pkgs.linuxPackages_rpi3; 10 10 + boot.supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; 11 11 + boot.initrd.systemd.enable = false; 12 12 + 13 13 + # Use firmware DTB (has RPi-specific labels) 14 14 + hardware.deviceTree.enable = lib.mkForce false; 15 15 + 16 16 + # Enable SPI in firmware config.txt 17 17 + sdImage.populateFirmwareCommands = lib.mkAfter '' 18 18 + chmod u+w ./firmware/config.txt 19 19 + cat >> ./firmware/config.txt << EOF 20 20 + dtparam=spi=on 21 21 + gpu_mem=64 22 22 + hdmi_force_hotplug=1 23 23 + EOF 24 24 + ''; 25 25 + 26 26 + hardware.enableRedistributableFirmware = true; 27 27 + 28 28 + # Organelle hello world app 29 29 + environment.systemPackages = [ 30 30 + inputs.organelle-hello.packages.aarch64-linux.default 31 31 + ]; 32 32 + 33 33 + # Run on boot 34 34 + systemd.services.organelle-hello = { 35 35 + description = "Organelle Hello World"; 36 36 + wantedBy = [ "multi-user.target" ]; 37 37 + serviceConfig = { 38 38 + ExecStart = "${inputs.organelle-hello.packages.aarch64-linux.default}/bin/organelle-hello"; 39 39 + Restart = "on-failure"; 40 40 + # Root needed for GPIO/SPI access via rppal 41 41 + User = "root"; 42 42 + }; 43 43 + }; 44 44 + 45 45 + # GPIO/SPI device permissions 46 46 + services.udev.extraRules = '' 47 47 + SUBSYSTEM=="spidev", GROUP="gpio", MODE="0660" 48 48 + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660" 49 49 + ''; 50 50 + 51 51 + # User config 52 52 + users.users.sean = { 53 53 + isNormalUser = true; 54 54 + extraGroups = [ "wheel" "gpio" ]; 55 55 + openssh.authorizedKeys.keys = [ 56 56 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCIqgZ7kedxo+mOW7YG73Vp3zel3h180y3GKvHtRsXfGlpIIvRDy7pgCBQ4AGXYD4y78URQmFohYSAPqCPOPaWcU2un3XG9KvCzEsHmsbskPonitUmCiKvrKkb6oW4jCBtd7AEtBn+AiajAQFtPZ7NN2Df3AmTypvR6Irg7R+nxnfc9NTIHmGvxSDyWcbb4pguL20sctUSqGL6xGh8q/bqhdOThSimM+z9bEUNxK/5rPhwkNniMrp4pJcUrUiAh5/4DiRFG6KT+oeg+/myoz/Z1sPvAs7u/8JDQI4RshRD8Hu0oTkRBN6Hxj478q2SXbeBUZlD6IdjP3RhGpmSecoDdtWqKbpuV3eVRtQtba3KL86GBeV/bugaOdJ1Aud+1SOFJreAAuvxzMMKT+cdQZk6oOPP148DA/No+mDm/2S43lcdCXh79wA6YRAmKQ8jmZxTCtPutrvuZK1rguvvUlEoG/vhdNHh7eDa4Td07V6bjCRPUl8qk/e4M0E3pwsTlZc=" 57 57 + ]; 58 58 + }; 59 59 + 60 60 + services.openssh = { 61 61 + enable = true; 62 62 + settings = { 63 63 + PasswordAuthentication = false; 64 64 + PermitRootLogin = "no"; 65 65 + }; 66 66 + }; 67 67 + 68 68 + security.sudo.wheelNeedsPassword = false; 69 69 + networking.useDHCP = true; 70 70 + 71 71 + system.stateVersion = "24.11"; 72 72 + }