Changes to rpi setup

hosts/pi-main/default.nix

@@ -14,6 +14,34 @@
   # -------------------------------------------------------------------------
   networking.hostName = "pi-main";
 
+  # -------------------------------------------------------------------------
+  # WiFi — static IP, always connect to home network
+  # -------------------------------------------------------------------------
+  networking.wireless = {
+    enable = true;
+    # secretsFile is read by wpa_supplicant at runtime; values are literal
+    # (not env vars). The key name after "ext:" must match a line in the file
+    # formatted as: key_name=the-actual-password
+    secretsFile = config.sops.secrets."wifi/psk".path;
+    networks."Zakobar".pskRaw = "ext:wifi_psk";
+  };
+
+  # Static IP on wlan0
+  networking.interfaces.wlan0.ipv4.addresses = [{
+    address      = "192.168.1.100";
+    prefixLength = 24;
+  }];
+  networking.defaultGateway  = "192.168.1.1";
+  networking.nameservers     = [ "1.1.1.1" "8.8.8.8" ];
+
+  # Disable DHCP on wlan0 — we're using a static address
+  networking.useDHCP = false;
+  networking.interfaces.wlan0.useDHCP = false;
+
+  # The secret file must contain exactly one line: wifi_psk=<your-password>
+  # Add it with: sops secrets/secrets.yaml  → wifi/psk: "wifi_psk=YourPassword"
+  sops.secrets."wifi/psk" = { owner = "root"; mode = "0400"; };
+
   # -------------------------------------------------------------------------
   # Admin user
   # -------------------------------------------------------------------------
@@ -22,7 +50,7 @@
     extraGroups     = [ "wheel" "podman" ];
     # Paste your SSH public key here
     openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAA... your-key-here"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBFZRqiTsOCAJPMqUyMeLd2MbyjdGoyqDVq5/Inhb6EOaM1NUGG4b6FPmYgFLyJIm5LC9BOo6M7npiaiOs/zMqp+hoGLNQUNwm5/G0uy1bjkEfKdUTdGnJ2+M9rkxrR1c+KXrjkiqECqTbnPE4mJbGyVxBW2MwMeP5w8c0DB5KO528PetvHMPPQuEdXyZzDI4kKtVpMlJoPIrIGlNFX0G/wrgXcM4zU1snOTuYGqZnWW++4kBsgIlRKpf/bLJyUMTp30eLVr0fQ6OMBtj1tzUUBaaowU6VGYQQDU/rIh/NpkA2cEVPXZegM4OohkAqrJBFPIAg90WD9Z/SyQlz0Jn8PpAloP0Cuq2vVRr+QLEwxqGiFq91YQ2VtwksMHwJGVrXRCNegpxTZQijWMEd+o0FD2cEd7Ftw6v2L6g12GJ3QGX/q0d/u0GongLLa9fPXl4VoAu7AL+cUcbX/SS7RCG8kYAR3DwOazVbK0NWEdwvWdoSU4lZ3j2at1xqMGjHjyLiTeUqZBjm+Sl5MJWIYNg+8hnONljvggg4SzDFDAkgVLZtOCaZibsMA1ucGR7VRCM09uoaEI4/ZS5pCBtYcp8X67Bv67Og8s2NFf5sUfYBPPKpdBSs+dEPycNVff6JlmzfNiyzLawacGKIDWYSgkOl43N/5ehtpsL3HMZ+5SVNIw=="
     ];
   };
 
@@ -34,7 +62,7 @@
   homey.storage = {
     # Replace with the actual by-id path of your USB drive.
     # Find it: ls -la /dev/disk/by-id/ | grep -v part
-    device     = "/dev/disk/by-id/REPLACE-WITH-YOUR-DRIVE-ID";
+    device     = "/dev/disk/by-id/usb-WD_Ext_HDD_1021_5743415A4146313531393031-0:0-part1";
     mountPoint = "/mnt/data";
     fsType     = "ext4";
   };
@@ -66,7 +94,7 @@
   #   "sftp:user@nas.local:/backups/homey"
   #   "b2:your-bucket-name:homey"
   #   "rclone:remote:homey"
-  homey.backup.repository = "sftp:REPLACE-WITH-BACKUP-DESTINATION";
+  homey.backup.repository = "s3:https://s3.us-east-005.backblazeb2.com/zakobar-home-backup";
 
   # -------------------------------------------------------------------------
   # Local DNS overrides (optional — makes LAN clients hit the Pi directly

hosts/pi-main/hardware.nix

@@ -2,56 +2,37 @@
 
 # Hardware configuration for the primary Raspberry Pi 4 (8 GB).
 #
-# SD card layout assumed:
-#   /dev/mmcblk0p1  — /boot/firmware  (FAT32, ~256 MB)
-#   /dev/mmcblk0p2  — /              (ext4)
+# nixos-raspberrypi's raspberry-pi-4.base module (imported in flake.nix)
+# provides everything that nixos-hardware.raspberry-pi-4 previously did:
+#   - linuxPackages_rpi4 vendor kernel + matching firmware
+#   - u-boot bootloader with /boot/firmware partition management
+#   - initrd modules (xhci_pci, usbhid, usb_storage, vc4, pcie_brcmstb, etc.)
+#   - config.txt generation
+#
+# This file adds only host-specific overrides on top of that.
 #
 # External HD:
 #   Set homey.storage.device to the by-id path of your USB drive.
-#   Example: /dev/disk/by-id/usb-WD_Elements_12345-0:0-part1
 #   Find it with: ls -la /dev/disk/by-id/
 #
-# To generate this file fresh after installing NixOS on the Pi, run:
-#   nixos-generate-config --show-hardware-config
-# and merge the output here.
+# TODO: Verify SD card partition labels after first flash.
+#   The config assumes labels NIXOS_SD (root) and FIRMWARE (boot).
+#   Check with: lsblk -o NAME,LABEL
+#   Update fileSystems entries below if they differ.
 
 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  # tmpfs for /tmp — keep the SD card writes down
+  boot.tmp.useTmpfs = true;
 
-  # -------------------------------------------------------------------------
-  # Boot loader — Raspberry Pi 4 uses U-Boot / extlinux
-  # -------------------------------------------------------------------------
-  boot = {
-    loader = {
-      grub.enable          = false;
-      generic-extlinux-compatible.enable = true;
-    };
-
-    # Pi 4 kernel — use the mainline kernel with RPi patches
-    kernelPackages = pkgs.linuxPackages_rpi4;
-
-    # tmpfs for /tmp — keep the SD card writes down
-    tmp.useTmpfs = true;
-
-    # Modules needed for USB storage (external HD)
-    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "uas" ];
-    kernelModules = [];
-    extraModulePackages = [];
-  };
-
-  # -------------------------------------------------------------------------
   # Filesystems
-  # -------------------------------------------------------------------------
   fileSystems."/" = {
-    device  = "/dev/disk/by-label/NIXOS_SD";  # label the root partition NIXOS_SD when flashing
+    device  = "/dev/disk/by-label/NIXOS_SD";
     fsType  = "ext4";
     options = [ "noatime" ];
   };
 
   fileSystems."/boot/firmware" = {
-    device  = "/dev/disk/by-label/FIRMWARE";  # FAT32 boot partition
+    device  = "/dev/disk/by-label/FIRMWARE";
     fsType  = "vfat";
     options = [ "fmask=0022" "dmask=0022" ];
   };
@@ -61,24 +42,9 @@
 
   swapDevices = [];
 
-  # -------------------------------------------------------------------------
-  # Hardware
-  # -------------------------------------------------------------------------
-  hardware = {
-    # Enable the RPi firmware (needed for GPU, WiFi, Bluetooth)
-    raspberry-pi."4".apply-overlays-dtmerge.enable = true;
-
-    # Disable GPU memory split for a headless server (gives more RAM to OS)
-    # Set via config.txt if needed: gpu_mem=16
-  };
-
-  # -------------------------------------------------------------------------
   # Platform
-  # -------------------------------------------------------------------------
   nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 
-  # -------------------------------------------------------------------------
   # Power management
-  # -------------------------------------------------------------------------
   powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
 }