1
0
Fork 0
nix-configuration/systems/aarch64-linux/Pihole/default.nix

112 lines
2.6 KiB
Nix
Raw Normal View History

2024-05-16 16:19:04 +00:00
{
2024-05-21 16:15:23 +00:00
config,
2024-05-16 16:19:04 +00:00
pkgs,
lib,
2024-12-06 18:04:47 +00:00
namespace,
2024-05-16 16:19:04 +00:00
...
}:
let
stateVersion = "24.05";
hostName = "Pihole";
# Script to unlock /sda and create /home symlinks, mount /swap, etc.
start-pihole_script = pkgs.writeShellScriptBin "start-pihole" ''
#!/usr/bin/env bash
# Script to unlock the /sda partition and setup its files.
# check if the current user is root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# local storage partition
echo "Unlocking storage partition:"
cryptsetup luksOpen /dev/disk/by-uuid/b09893d7-cc1f-4482-bf7a-126d03923b45 sda
# mount local storage
if [ ! -f /dev/mapper/sda ]; then
echo "Mounting and symlinking home:"
mount -o relatime /dev/mapper/sda /sda
if [ $? -eq "0" ]; then
# Symlink @home files out into my actual home
# See https://superuser.com/a/633610
2025-01-12 23:18:56 +00:00
ln -s /sda/@home/* /home/aires
else
echo "Failed to mount @home"
fi
echo "Mounting and symlinking swap:"
mount -o subvol=@swap,noatime /dev/mapper/sda /swap
if [ $? -eq "0" ]; then
swapon /swap/swapfile
else
echo "Failed to mount swap"
fi
else
echo "Failed to unlock sda."
fi
exit 0
'';
in
{
imports = [ ./hardware-configuration.nix ];
2024-02-29 14:53:34 +00:00
system.stateVersion = stateVersion;
2024-09-08 15:58:56 +00:00
networking = {
hostName = hostName;
# Connect to the network automagically
networkmanager.enable = lib.mkForce false;
2024-12-18 22:59:32 +00:00
wireless = {
enable = true;
networks = {
"${config.${namespace}.secrets.networking.networks.home.SSID}" = {
psk = "${config.${namespace}.secrets.networking.networks.home.password}";
};
2024-09-08 15:58:56 +00:00
};
};
};
2024-02-29 14:53:34 +00:00
2025-01-13 14:47:58 +00:00
# Disable smartd: daemon fails when it doesn't detect any drives to monitor on startup
services.smartd.enable = lib.mkForce false;
2024-12-06 18:04:47 +00:00
${namespace} = {
bootloader.enable = false; # Bootloader configured in hardware-configuration.nix
2024-12-18 21:49:16 +00:00
editor = "nano";
2024-06-24 18:01:51 +00:00
packages = with pkgs; [
2025-01-12 18:54:30 +00:00
btrfs-progs
cryptsetup
2024-06-24 18:26:41 +00:00
libraspberrypi
linuxKernel.kernels.linux_rpi4
2024-06-24 18:26:41 +00:00
raspberrypifw
raspberrypi-eeprom
start-pihole_script
2024-06-24 18:26:41 +00:00
];
2024-12-18 21:49:16 +00:00
services = {
autoUpgrade = {
enable = true;
configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
ssh = {
enable = true;
ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
};
tor = {
enable = true;
snowflake-proxy.enable = true;
};
};
2024-06-24 18:01:51 +00:00
users.aires.enable = true;
};
2024-02-29 14:53:34 +00:00
}