jet/noisebell
jet/noisebell
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
noisebell/pi/configuration.nix

81 lines
2.2 KiB
Nix
Raw Blame History

{ config, ... }:
{
system.stateVersion = "24.11";
networking.hostName = "noisebridge-pi";
networking.wireless = {
enable = true;
networks."Noisebridge".psk = "noisebridge";
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Decrypted at runtime by agenix
age.identityPaths = [
"/boot/noisebell-bootstrap.agekey"
"/etc/ssh/ssh_host_ed25519_key"
];
age.secrets.tailscale-auth-key.file = ../secrets/tailscale-auth-key.age;
age.secrets.pi-to-cache-key.file = ../secrets/pi-to-cache-key.age;
age.secrets.cache-to-pi-key.file = ../secrets/cache-to-pi-key.age;
services.noisebell = {
enable = true;
port = 80;
endpointUrl = "https://noisebell.extremist.software/webhook";
apiKeyFile = config.age.secrets.pi-to-cache-key.path;
inboundApiKeyFile = config.age.secrets.cache-to-pi-key.path;
};
hardware.enableRedistributableFirmware = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
"boot.shell_on_fail"
"loglevel=7"
"systemd.log_level=debug"
"systemd.log_target=console"
];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale-auth-key.path;
};
services.openssh.enable = true;
system.activationScripts.pi-zero-2-dtb-compat.text = ''
for dtb_dir in /boot/nixos/*-dtbs/broadcom; do
if [ -d "$dtb_dir" ]; then
if [ -f "$dtb_dir/bcm2837-rpi-zero-2-w.dtb" ] && [ ! -e "$dtb_dir/bcm2837-rpi-zero-2.dtb" ]; then
cp "$dtb_dir/bcm2837-rpi-zero-2-w.dtb" "$dtb_dir/bcm2837-rpi-zero-2.dtb"
elif [ -f "$dtb_dir/bcm2837-rpi-3-b.dtb" ] && [ ! -e "$dtb_dir/bcm2837-rpi-zero-2.dtb" ]; then
cp "$dtb_dir/bcm2837-rpi-3-b.dtb" "$dtb_dir/bcm2837-rpi-zero-2.dtb"
fi
fi
done
'';
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
];
}
Reference in a new issue View git blame Copy permalink