Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a11ywatch and related configurations for Podman and Nginx

Browse Source 
- Introduced a new module for a11ywatch with Podman support, creating a bridge network and defining backend and frontend containers.
- Configured Nginx to serve the a11ywatch application with SSL and ACME support.
- Added user and group configurations for a11ywatch.
- Created a systemd service to ensure the Podman network exists on boot.

Implement Firefox Container Controller extension and host

- Added a module for the Firefox Container Controller extension, allowing installation via Nix.
- Created a native messaging host for the extension to communicate with the container controller.
- Included CLI helpers to enqueue commands for showing and hiding containers.

Enable fingerprint authentication in PAM

- Configured fingerprint authentication for login, sudo, and swaylock services.

Setup Raspberry Pi OS image creation script

- Developed a script to create a read-only Raspberry Pi OS Lite image with Snapcast client.
- Included configuration for Wi-Fi, hostname, and Snapcast server.
- Implemented user and group setup for Snapcast client and ensured necessary services are enabled.

Document Raspberry Pi Zero W setup instructions

- Added detailed instructions for configuring Raspberry Pi OS on Zero W, including disabling unused services and setting up Snapcast client.

Create test configuration script for NixOS

- Implemented a script to perform dry-builds for NixOS configurations, allowing for easy validation of host configurations.
This commit is contained in:
Dominik Polakovics Polakovics
2025-05-29 00:10:07 +02:00
parent 8e52274edd
commit 53d73142ae
32 changed files with 1280 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
raspberry/README.md
View File

@@ -11,3 +11,57 @@ export TMPDIR=/nix/persist/home/dominik/tmp/build-sdcard
- add wifi psk
- nix-build '<nixpkgs/nixos>' -A config.system.build.sdImage -I nixos-config=./sd-card-zero.nix --argstr system aarch64-linux
install rasberry pi os
connect via ssh
edit /boot/firmware/config.txt
dtoverlay=hifiberry-dacplus-std
force_eeprom_read=0
auto_initramfs=1
disable_fw_kms_setup=1
arm_64bit=1
disable_overscan=1
arm_boost=1
[cm4]
otg_mode=1
[cm5]
dtoverlay=dwc2,dr_mode=host
edit /boot/firmware/cmdline.txt
add ro to the end of the line
setup user and group snapclient, add to audio group
sudo groupadd -r snapclient
sudo useradd -r -g snapclient -G audio snapclient
download snapclient release arm64 with pulse
wget https://github.com/badaix/snapcast/releases/download/v0.31.0/snapclient_0.31.0-1_arm64_bookworm_with-pulse.deb
wget https://github.com/badaix/snapcast/releases/download/v0.31.0/snapclient_0.31.0-1_armhf_bookworm_with-pulse.deb
install deb package
sudo dpkg -i snapclient_0.31.0-1_arm64_bookworm_with-pulse.deb
sudo dpkg -i snapclient_0.31.0-1_armhf_bookworm_with-pulse.deb
sudo apt install -f -y
vim.tiny /etc/default/snapclient
START_SNAPCLIENT=true
SNAPCLIENT_OPTS="--hostID music-bedroom -h snapcast.cloonar.com"
sudo systemctl enable snapclient
make filesystem read-only
mv /etc/resolv.conf /var/run/
ln -s /var/run/resolv.conf /etc/resolv.conf
add /etc/NetworkManager/NetworkManager.conf main
rc-manager=file
change /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=3bd31f85-01 /boot/firmware vfat defaults,ro 0 2
PARTUUID=3bd31f85-02 / ext4 defaults,noatime,ro 0 1
tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev 0 0
tmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev 0 0
tmpfs /var/log tmpfs defaults,noatime,nosuid,nodev,noexec 0 0
tmpfs /var/lib/dhcp tmpfs defaults,noatime,nosuid,nodev,noexec 0 0

71
raspberry/sd-card-zero.nix
View File

@@ -18,16 +18,10 @@ in
nixpkgs.buildPlatform.system = "x86_64-linux"; # Change if building on a different architecture
imports = [
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
"${builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware.git"; }}/raspberry-pi/4"
# "${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/master.tar.gz"}/raspberry-pi/4"
];
# nixpkgs.overlays = [
# (final: super: {
# makeModulesClosure = x:
# super.makeModulesClosure (x // { allowMissing = true; });
# })
# ];
nix.settings.trusted-users = [ "root" "dominik" ];
swapDevices = [ { device = "/swapfile"; size = 2048; } ]; # 2GB swap
@@ -44,58 +38,21 @@ in
};
networking.firewall.logRefusedConnections = false;
# boot.kernelPackages = pkgs.linuxPackages_rpi3;
# hardware.deviceTree.enable = true;
# hardware.deviceTree.overlays = [ {
# name = "hifiberry-dacplus";
# dtboFile = "${pkgs.linuxKernel.kernels.linux_rpi3}/dtbs/overlays/hifiberry-dacplus.dtbo";
# } ];
hardware.deviceTree.filter = "bcm2708-rpi-zero*.dtb"; # This line does not change anything in this case
hardware.deviceTree.enable = true;
hardware.deviceTree.overlays = [
{
name = "hifiberry-dacplusadc";
dtboFile = "${pkgs.device-tree_rpi.overlays}/hifiberry-dacplus.dtbo";
# dtsText = ''
# /dts-v1/;
# /plugin/;
#
# / {
# compatible = "brcm,bcm2835";
#
# fragment@0 {
# target = <&i2s>;
# __overlay__ {
# status = "okay";
# };
# };
#
# fragment@1 {
# target-path = "/";
# __overlay__ {
# dacplus_codec: dacplus-codec {
# #sound-dai-cells = <0>;
# compatible = "hifiberry,hifiberry-dacplus";
# status = "okay";
# };
# };
# };
#
# fragment@2 {
# target = <&sound>;
# __overlay__ {
# compatible = "hifiberry,hifiberry-dacplus";
# i2s-controller = <&i2s>;
# status = "okay";
# };
# };
# };
# '';
}
];
hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true;
systemd.services = {
"load-dacplus-overlay" = {
serviceConfig = {
Type = "oneshot";
};
wantedBy = ["multi-user.target"];
script = ''
${pkgs.libraspberrypi}/bin/dtoverlay -d ${config.boot.kernelPackages.kernel}/dtbs/overlays/ hifiberry-dacplus || echo "already in use"
'';
};
};
sound.enable = true;
# sound.enable = true;
# hardware.pulseaudio.enable = true;
systemd.services.snapclient = {

57
raspberry/zero-w.md Normal file
View File

@@ -0,0 +1,57 @@
install rasberry pi os
connect via ssh
edit /boot/firmware/config.txt
dtoverlay=hifiberry-dacplus-std
force_eeprom_read=0
auto_initramfs=1
disable_fw_kms_setup=1
disable_overscan=1
arm_boost=1
[cm4]
otg_mode=1
[cm5]
dtoverlay=dwc2,dr_mode=host
edit /boot/firmware/cmdline.txt
add ro to the end of the line
disable unused stuff
sudo systemctl disable bluetooth
sudo systemctl disable hciuart.service
sudo systemctl disable avahi-daemon.service
sudo systemctl disable triggerhappy.service
sudo systemctl disable dphys-swapfile.service
sudo systemctl disable apt-daily.timer
sudo systemctl disable apt-daily-upgrade.timer
setup user and group snapclient, add to audio group
sudo groupadd -r snapclient
sudo useradd -r -g snapclient -G audio snapclient
download snapclient release arm64 with pulse
wget https://github.com/badaix/snapcast/releases/download/v0.31.0/snapclient_0.31.0-1_armhf_bookworm_with-pulse.deb
install deb package
sudo dpkg -i snapclient_0.31.0-1_armhf_bookworm_with-pulse.deb
sudo apt install -f -y
vim.tiny /etc/default/snapclient
START_SNAPCLIENT=true
SNAPCLIENT_OPTS="--hostID music-bedroom -h snapcast.cloonar.com"
sudo systemctl enable snapclient
make filesystem read-only
mv /etc/resolv.conf /var/run/
ln -s /var/run/resolv.conf /etc/resolv.conf
add /etc/NetworkManager/NetworkManager.conf main
rc-manager=file
change /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=3bd31f85-01 /boot/firmware vfat defaults,ro 0 2
PARTUUID=3bd31f85-02 / ext4 defaults,noatime,ro 0 1
tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev 0 0
tmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev 0 0
tmpfs /var/log tmpfs defaults,noatime,nosuid,nodev,noexec 0 0
tmpfs /var/lib/dhcp tmpfs defaults,noatime,nosuid,nodev,noexec 0 0