Fixed Freya deployment

flake.nix

@@ -286,12 +286,13 @@
             system = "aarch64-linux";
             modules = commonModules ++ [
               nixos-hardware.nixosModules.raspberry-pi-4
-              # ./freya/hardware-configuration.nix
+              ./freya/hardware-configuration.nix
-              "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
-              # ({nixosModules,...}: "${nixosModules}/installer/sd-card/sd-image-aarch64.nix")
               ./freya/configuration.nix
+
               { home-manager.users.bertof = import ./freya/hm.nix; }
-              ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; })
+              ({ lib, ... }: {
+                boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+              })
             ];
           };
         };
@@ -373,6 +374,15 @@
                 self.nixosConfigurations.baldur;
             };
           };
+
+          freya = {
+            hostname = "192.168.1.2";
+            profiles.system = {
+              user = "root";
+              path = deploy-rs.lib.aarch64-linux.activate.nixos
+                self.nixosConfigurations.freya;
+            };
+          };
         };
       };
 

freya/configuration.nix

@@ -1,21 +1,29 @@
 { pkgs, ... }: {
-  boot = {
-    # kernelPackages = pkgs.linuxPackages_latest;
-    loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; };
-  };
 
   console = { font = "Lat2-Terminus16"; keyMap = "it"; };
 
-  environment = { pathsToLink = [ "/share/zsh" ]; systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; }; };
+  environment = {
+    pathsToLink = [ "/share/zsh" ];
+    systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
+  };
+
+  hardware = {
+    bluetooth = {
+      enable = true;
+      package = pkgs.bluezFull;
+    };
+    opengl = {
+      enable = true;
+      driSupport = true;
+    };
+    raspberry-pi."4" = {
+      audio.enable = true;
+      fkms-3d.enable = true;
+    };
+  };
 
   i18n.defaultLocale = "it_IT.UTF-8";
 
-  programs = {
-    dconf.enable = true;
-    gnupg.agent = { enable = true; enableSSHSupport = true; };
-    zsh = { enable = true; syntaxHighlighting.enable = true; };
-  };
-
   networking = {
     hostName = "freya";
     # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
@@ -23,7 +31,15 @@
     useDHCP = false;
   };
 
-  time.timeZone = "Europe/Rome";
+  programs = {
+    dconf.enable = true;
+    gnupg.agent = { enable = true; enableSSHSupport = true; };
+    zsh = { enable = true; syntaxHighlighting.enable = true; };
+  };
+
+  security.sudo.extraConfig = ''
+    Defaults pwfeedback
+  '';
 
   services = {
     avahi = {
@@ -38,15 +54,22 @@
         workstation = true;
       };
       extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
-
     };
-    # bazarr = { enable = true; openFirewall = true; group = "users"; };
+    blueman.enable = true;
-    # blueman.enable = true;
     dbus.packages = [ pkgs.dconf ];
     gnome.gnome-keyring.enable = true;
     openssh = { enable = true; openFirewall = true; };
+    xserver = {
+      enable = true;
+      desktopManager.retroarch = {
+        enable = true;
+        package = pkgs.retroarchFull;
+      };
+    };
   };
 
+  time.timeZone = "Europe/Rome";
+
   users.users = {
     bertof = {
       isNormalUser = true;
@@ -63,16 +86,7 @@
       ];
       shell = pkgs.zsh;
     };
-    # tiziano = {
-    #   isNormalUser = true;
-    #   openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
-    # };
-    # jellyfin.extraGroups = [ "video" ];
   };
 
-  security.sudo.extraConfig = ''
-    Defaults pwfeedback
-  '';
-
   system.stateVersion = "22.11";
 }

freya/hardware-configuration.nix

@@ -0,0 +1,30 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

freya/hm.nix

@@ -7,26 +7,19 @@
     };
     packages = builtins.attrValues {
       inherit (pkgs)
-        file htop neofetch nix-prefetch-scripts ripgrep wget xclip yq;
+        cava gallery-dl procps wireguard-tools httpie;
     };
   };
   imports = [
     ../hm_modules/__basic.nix
 
-    # ../hm_modules/development/cpp.nix
+    ../hm_modules/cava.nix
-    # ../hm_modules/development/data.nix
+    ../hm_modules/dunst.nix
-    # ../hm_modules/development/go.nix
-    # ../hm_modules/development/javascript.nix
-    # ../hm_modules/development/latex.nix
-    # ../hm_modules/development/python.nix
-    # ../hm_modules/development/rust.nix
-
-    # ../hm_modules/fonts.nix
     ../hm_modules/helix.nix
-    # ../hm_modules/kitty.nix
+    ../hm_modules/kitty.nix
-    # ../hm_modules/lf.nix
+    ../hm_modules/lf.nix
-    # ../hm_modules/megasync.nix
+    ../hm_modules/spotifyd.nix
-    # ../hm_modules/noti.nix
+    ../hm_modules/xidlehook.nix
   ];
 
   home.stateVersion = "22.11";

nixos_modules/remote-deploy.nix

@@ -1,8 +1,8 @@
-{
+{ lib, ... }: {
   services.openssh = {
     enable = true;
     openFirewall = true;
-    permitRootLogin = "prohibit-password";
+    permitRootLogin = lib.mkDefault "prohibit-password";
     passwordAuthentication = false;
     kbdInteractiveAuthentication = false;
   };

odin/hm.nix

@@ -16,15 +16,14 @@
         # mycrypto
         # pcmanfm
         # pulseaudio
-        retroarchFull
         # signal-desktop
         # slack
         # wineFull
         arandr authy bitwarden cava discord dmenu droidcam easyeffects evince
-        gallery-dl krita meld openvpn p7zip pavucontrol pentablet-driver postman
+        gallery-dl gucharmap handbrake httpie inkscape krita meld openvpn p7zip
-        procps pulseaudio shotwell skypeforlinux spotify tdesktop teams
+        pavucontrol pentablet-driver postman procps pulseaudio retroarchFull
-        thunderbird transmission-gtk virt-manager virt-viewer wireguard-tools
+        shotwell skypeforlinux spotify tdesktop teams thunderbird transmission-gtk
-        xournalpp zoom-us gucharmap handbrake httpie inkscape;
+        virt-manager virt-viewer wireguard-tools xournalpp zoom-us;
       inherit (pkgs.gnome)
         # geary
         # gnome-boxes

secrets/secrets.nix

@@ -17,7 +17,9 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
   loki =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb";
-  systems = [ odin thor baldur loki ];
+  freya =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBclEOy4xs9yBp4RgfTf1FPeqTdERM6d6nDhnMQ3WVGI";
+  systems = [ odin thor baldur loki freya ];
 in
 {
   # "oauth_proxy_client_credentials.age".publicKeys = users ++ systems;

secrets/spotify_password.age

@@ -1,21 +1,24 @@
 age-encryption.org/v1
--> ssh-ed25519 13iwjQ 9aoog/kXoUjWDvBc9PWsuiDqosDZZ2V9O2K5ZS5R/HM
+-> ssh-ed25519 13iwjQ /Rmmvw0p6DZ7aGnMemqE4o/T5egJ2nRr6Ea7RABaoX0
-68DRiAN5GaU5SowcxkzJTQ3llZHDHiVYEj9AkNYvnTc
+H/jX5rPg2RG6vFdR4pc7Z+slx2kFF4cPzW/LI46LkAU
--> ssh-ed25519 7MB20A GDfksSg6a17FEPYshKpnw23KRx4cHZFn/9CSzBGxrn0
+-> ssh-ed25519 7MB20A XcQg1psOjZXueouNw8sg3WRVLIm5rnAZY8DdsOoXlQg
-ICWw//xtkwcjHuHoLTXTzpDa1du8J6bG2QacjTV6fs4
+e9cjUymnPxbKEF98RWK6JjzI/y4qWIhWEk4keIG2UgQ
--> ssh-ed25519 ieE3Vw EJkUKGOgjA8a3D5umr3I7VpOtjVix903hbF6o2TfKmg
+-> ssh-ed25519 ieE3Vw Pvvi73SMREG9baVcT68OL9/DYdMYiNWRPBYfzK/ltlQ
-ISY9RdtzRoX554WxIM2uW7iBG2LzuecnazlgY5dFoio
+YzxiQX2lHmnNH79c7AABg/3Gz02Zc+BXzg2PMcYTdYA
--> ssh-ed25519 lC44xg PzOCoNzINU9MUeUNo47oPofF1XclvMXE+vz0ELjGiiI
+-> ssh-ed25519 lC44xg 17PRg8lmBxejX2B6enYCFbp8nVArOzfpsKdmpemZUXI
-KymnQOnLvJm1X0KabTFiKRiHo+x9olhLYUeDuoCMRzE
+bNboF5jbhxJvM+kIOghcJygvNDvJEMMcMdPYonSB31A
--> ssh-ed25519 IvyYug CEqfcL5R0kkC2x2s6kb9lePx9Kt3j+pazymbsmeijGI
+-> ssh-ed25519 IvyYug KZ0FT8OYhCEUlKO13YpwRXYcKAQKlR2Nqh2GnEUHMRI
-Nsw3/j4KT/8ZHDthSLljqEBJvvfQ1AaSw0uIZMq33Yc
+teURFNlCUoQGFvZnYD+Gj+xwLjJA6CzMl5FB58bMxHs
--> ssh-ed25519 v7O/FA BWzFBCTXSURu97zS41saKbK6sNLXxCzD2CiGX4VhgBQ
+-> ssh-ed25519 v7O/FA uJwWy77gKJvbS1gpd8GvVcyjvfCPgtBEXOR2KH5pZHc
-F9IhjUqkfpg6kOo6WLtzxyRJ1c9A3uSF3jHxFmH9WB8
+chawOJvYoJUg7U4k8U33i7fgoDCWP42s22C9RsoOw30
--> ssh-ed25519 Wzv8ew IjPoGA720sr+Ke9Klt9tOWl9YYJJZ6E+zJF89Meztzs
+-> ssh-ed25519 Wzv8ew Jptd53uF7c0qIyGIq+m5Pn1gV3jajTdglkVwBvFR2GQ
-A85Kgs6R91eH/MZ64D8tFUpDPMrAWzFp8fkZk1nbMgw
+/UgadCGML7iuJSSPqRoef9AhV10oKCBSJM+/lz4eHes
--> ssh-ed25519 XgC3XA 3qyHI8WIto41UStTx2nUR8YP7rCd7Ax61Xc+zx4FPSo
+-> ssh-ed25519 XgC3XA k94WW5viGatt5zKkeXEbQYep8GOiNS1oRj/k1spkdjo
-MJBvA4fEuKtjsB7EIxdVuVEXaW0t3IEgZzirKAwrOEI
+OJVFSqYfiy8JvC/JxKyDl2idF7CBCUUmtCHHiru3vNE
--> np;-grease 1)BDO$X)
+-> ssh-ed25519 l795CA mKZKQvx4rGJMbTBse7O05VofBZpYESCQKT6AhzTT9Ec
-/+zl7WOsIa1rwc+B6gKI4nkqwV6vcA
+xLNtv4RGq88UTMXB1+HhYAKfoDJhSQA6VACcyle+sEg
---- qhruLmvOui+PeIZb1vGFu+ZxUkeJn/RwvaGhZicxj5s
+-> }15U*uy@-grease <7zx}O
-:çê$ÉpFD½w#¤ÆÞ\YeªwÁéí}¼ÕüÂ}|`Š/\úw<C3BA>ûsPa7¿cW¹
+IPc7fEI8wgTJgmjMZebEM8GEE7wzdMRQ61FLog/fKRsxqeoIoykiKJnEAGKxgQkE
+A3vAHJyb7gasd3I
+--- BSHDp5Toqplk2opWHZE8HYoepxgCze2O8D3YUu9DU04
+÷‡Á‰æü`‚iC†ààú±½"¨ß$²‚H‚ÕÎNq¹ÎÁ<C38E>6gíÆNl#÷‡5Ÿ