~

2025-05-01 03:09:32 +00:00 · 2025-03-22 16:16:26 -04:00 · 2025-03-22 16:16:26 -04:00 · 8accea9cc6
commit 8accea9cc6
parent 1f4a53d646
9 changed files with 231 additions and 1 deletions
--- a/nixos/hosts/near/rpi5-config/configuration.nix
+++ b/nixos/hosts/near/rpi5-config/configuration.nix
@ -0,0 +1,141 @@
+{ config, pkgs, lib, modulesPath, ... }:
+
+{
+
+  ## System
+
+  imports =
+    [ ./hardware.nix
+      "${modulesPath}/profiles/headless.nix"
+    ];
+
+  networking.hostName = "wilson";
+
+  system.stateVersion = "23.11";
+
+  # turn off screen 5min after boot
+  boot.kernelParams = [ "consoleblank=300" ];
+
+  nix.settings.experimental-features = [ "nix-command" ];
+
+
+  ## Packages
+
+  nixpkgs.overlays = lib.singleton (self: super:
+    { # don't shadow procps, etc.
+      busybox = lib.setPrio 20 super.busybox;
+    });
+
+
+  ## Environment
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+  i18n.extraLocaleSettings.LC_TIME = "it_IT.UTF-8";
+
+  time.timeZone = "Europe/Rome";
+
+  environment.sessionVariables =
+    { PATH = [ "$HOME/bin" ];
+      XDG_CONFIG_HOME = "$HOME/etc";
+      XDG_DATA_HOME   = "$HOME/var/lib";
+      XDG_CACHE_HOME  = "$HOME/var/cache";
+      EDITOR = "vi";
+      LESS = "-RSic -j.5";
+      ABDUCO_CMD = "ash";
+      ABDUCO_SOCKET_DIR = "$XDG_RUNTIME_DIR";
+      SYSTEMD_COLORS = "16";
+      PS1 = ''\e[32m\u\e[0m@\e[33m\H \e[36m\w\n\e[34mλ\e[0m '';
+    };
+
+  environment.shellInit =
+    ''
+      # create XDG directories
+      mkdir -p $XDG_CONFIG_HOME $XDG_DATA_HOME $XDG_CACHE_HOME $HOME/bin
+
+      # some aliases
+      alias l="ls -lh"
+      alias e="$EDITOR"
+      alias ip="ip -c"
+    '';
+
+  environment.systemPackages = with pkgs; [ abduco busybox ];
+
+
+  ## Users
+
+  users.users.rnhmjoj =
+    { isNormalUser = true;
+      shell        = "${pkgs.busybox}/bin/ash";
+      extraGroups  = [ "wheel" ];
+      openssh.authorizedKeys.keys = [ key ];
+    };
+
+
+  ## Security
+
+  security.sudo.wheelNeedsPassword = false;
+
+  # never interrupt host key generation
+  systemd.services.openssh.serviceConfig.TimeoutStartSec = "infinity";
+
+  services.openssh.enable = true;
+  services.openssh.settings.PermitRootLogin = "no";
+
+  nix.settings.trusted-users = [ "rnhmjoj" "root" ];
+
+
+  ## Network
+
+  networking.usePredictableInterfaceNames = false;
+
+  # Bridges for wired to wireless
+  networking.bridges.br0.interfaces = [ "eth0" ];
+
+  # change MAC address
+  networking.interfaces.eth0.macAddress = "00:68:eb:26:b2:42";
+  networking.interfaces.br0.macAddress =  "00:68:eb:26:b2:43";
+
+  # Enable forwarding packets
+  boot.kernel.sysctl = {
+    "net.ipv6.conf.all.forwarding" = 1;
+    "net.ipv4.conf.all.forwarding" = 1;
+  };
+
+  # Create an access point
+  services.hostapd.enable = true;
+  services.hostapd.radios.wlan0 =
+    { band = "5g";
+      channel = 0;
+      countryCode = "PA";
+      wifi4.capabilities =
+        [ "HT40+" "SHORT-GI-20" "SHORT-GI-40" "MAX-AMSDU-3839" "DSSS_CCK-40" ];
+      wifi5.capabilities = [ "MAX-MPDU-3895" "SHORT-GI-80" "SU-BEAMFORMEE" ];
+      wifi5.operatingChannelWidth = "80";
+      networks.wlan0 =
+        { ssid = "<ssid-here>";
+          bssid = "f8:0d:ac:60:E0:f9";
+          authentication.mode = "wpa2-sha1";
+          authentication.wpaPassword = "<psk-here>";
+          settings.bridge = "br0";
+        };
+    };
+
+
+  ## Make the image small
+
+  # disable nscd
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [];
+
+  # use chrony
+  services.timesyncd.enable = false;
+  services.chrony.enable = true;
+
+  # disable systemd stuff
+  services.dbus.enable = lib.mkForce false;
+  systemd.coredump.enable = false;
+  systemd.services.mount-pstore.enable = false;
+  systemd.services.systemd-udev-settle.enable = false;
+  systemd.services.systemd-hostnamed.enable   = false;
+
+}