rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: change orpheus config

Browse source
This commit is contained in:
Mohammad Rafiq 2025-04-04 18:30:26 +08:00
parent cea222a40c
commit 5fb7fe5cd6
No known key found for this signature in database
1 changed files with 7 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.nix
View file

@ -23,6 +23,7 @@
./modules/nix-config.nix ./modules/nix-config.nix
./modules/security.nix ./modules/security.nix
./modules/users.nix ./modules/users.nix
./modules/networking.nix
]; ];
desktopModules = [ desktopModules = [
./modules/graphical.nix ./modules/graphical.nix
@ -41,7 +42,6 @@
./modules/filesystems/hw-nemesis.nix ./modules/filesystems/hw-nemesis.nix
./modules/hardware/cpu_amd.nix ./modules/hardware/cpu_amd.nix
./modules/hardware/nvidia.nix ./modules/hardware/nvidia.nix
./modules/networking.nix
inputs.nixos-hardware.nixosModules.gigabyte-b650 inputs.nixos-hardware.nixosModules.gigabyte-b650
{ {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
@ -52,49 +52,27 @@
./modules/bootloaders/systemd-boot.nix ./modules/bootloaders/systemd-boot.nix
./modules/filesystems/impermanence.nix ./modules/filesystems/impermanence.nix
./modules/hardware/cpu_intel.nix ./modules/hardware/cpu_intel.nix
./modules/networking.nix
]) ])
++ (lib.optionals (hostname == "orpheus") [ ++ (lib.optionals (hostname == "orpheus") [
# inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
# Base SD image module for the target architecture
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
( (
{ {
pkgs, pkgs,
config,
lib, lib,
bootDisk,
... ...
}: }:
{ {
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
# fileSystems."/" = { fileSystems."/" = {
# device = bootDisk; device = bootDisk;
# fsType = "ext4"; fsType = "ext4";
# }; };
services.cage = { services.cage = {
enable = true; enable = true;
user = "rafiq"; user = "rafiq";
program = "${pkgs.firefox}/bin/firefox -kiosk -private-window https://youtube.com/tv"; program = "${pkgs.firefox}/bin/firefox -kiosk -private-window https://youtube.com/tv";
}; };
networking = {
hostName = hostname;
useDHCP = lib.mkDefault true;
# Configures a simple stateful firewall.
# By default, it doesn't allow any incoming connections.
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
services.openssh.enable = true;
services.openssh.settings.PrintMotd = true;
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets.ts_auth_key.path;
};
} }
) )
]); ]);