Aner Zakobar
2f0d0b5e4c
Replaces the Helm/k3s setup with a declarative NixOS configuration targeting
a Raspberry Pi 4. Services run as podman containers under systemd, with data
on an external HD at /mnt/data. Key components:
- flake.nix: multi-host flake with pi-main (aarch64) and a placeholder for a
second machine
- modules/common.nix: shared system config (nix, podman, sops, SSH)
- modules/storage.nix: external HD mount with per-service subdirs
- modules/caddy.nix: Caddy with cloudflare DNS-01 ACME + authelia forward_auth
- modules/cloudflared.nix: Cloudflare tunnel for remote access
- modules/backup.nix: restic daily backups with NC maintenance mode pre-hook
- modules/services/{openldap,authelia,gitea,nextcloud,phpldapadmin}.nix: core services
- modules/services/{jellyfin,transmission}.nix: media services (disabled by default)
- secrets/: sops-nix scaffold with .sops.yaml age key config
- hosts/pi-main/: hardware config + service selection for the Pi
- PORTING.md: step-by-step migration guide (SD card → data restore → verify)
85 lines
2.9 KiB
Nix
85 lines
2.9 KiB
Nix
{ config, lib, pkgs, modulesPath, ... }:
|
|
|
|
# Hardware configuration for the primary Raspberry Pi 4 (8 GB).
|
|
#
|
|
# SD card layout assumed:
|
|
# /dev/mmcblk0p1 — /boot/firmware (FAT32, ~256 MB)
|
|
# /dev/mmcblk0p2 — / (ext4)
|
|
#
|
|
# External HD:
|
|
# Set homey.storage.device to the by-id path of your USB drive.
|
|
# Example: /dev/disk/by-id/usb-WD_Elements_12345-0:0-part1
|
|
# Find it with: ls -la /dev/disk/by-id/
|
|
#
|
|
# To generate this file fresh after installing NixOS on the Pi, run:
|
|
# nixos-generate-config --show-hardware-config
|
|
# and merge the output here.
|
|
|
|
{
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
];
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Boot loader — Raspberry Pi 4 uses U-Boot / extlinux
|
|
# -------------------------------------------------------------------------
|
|
boot = {
|
|
loader = {
|
|
grub.enable = false;
|
|
generic-extlinux-compatible.enable = true;
|
|
};
|
|
|
|
# Pi 4 kernel — use the mainline kernel with RPi patches
|
|
kernelPackages = pkgs.linuxPackages_rpi4;
|
|
|
|
# tmpfs for /tmp — keep the SD card writes down
|
|
tmp.useTmpfs = true;
|
|
|
|
# Modules needed for USB storage (external HD)
|
|
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "uas" ];
|
|
kernelModules = [];
|
|
extraModulePackages = [];
|
|
};
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Filesystems
|
|
# -------------------------------------------------------------------------
|
|
fileSystems."/" = {
|
|
device = "/dev/disk/by-label/NIXOS_SD"; # label the root partition NIXOS_SD when flashing
|
|
fsType = "ext4";
|
|
options = [ "noatime" ];
|
|
};
|
|
|
|
fileSystems."/boot/firmware" = {
|
|
device = "/dev/disk/by-label/FIRMWARE"; # FAT32 boot partition
|
|
fsType = "vfat";
|
|
options = [ "fmask=0022" "dmask=0022" ];
|
|
};
|
|
|
|
# External HD — device path is set in default.nix via homey.storage.device.
|
|
# storage.nix creates the actual fileSystems entry from that option.
|
|
|
|
swapDevices = [];
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Hardware
|
|
# -------------------------------------------------------------------------
|
|
hardware = {
|
|
# Enable the RPi firmware (needed for GPU, WiFi, Bluetooth)
|
|
raspberry-pi."4".apply-overlays-dtmerge.enable = true;
|
|
|
|
# Disable GPU memory split for a headless server (gives more RAM to OS)
|
|
# Set via config.txt if needed: gpu_mem=16
|
|
};
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Platform
|
|
# -------------------------------------------------------------------------
|
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Power management
|
|
# -------------------------------------------------------------------------
|
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
|
}
|