From 52902348c873378426f50013f707971bf4f8e5ee Mon Sep 17 00:00:00 2001
From: Sense T <me@sense-t.eu.org>
Date: Tue, 18 Jul 2023 13:52:59 +0000
Subject: [PATCH] init

---
 .gitignore                        |  2 +
 Makefile                          | 25 ++++++++
 README.md                         |  1 +
 configuration.nix                 | 16 ++++++
 flake.nix                         | 44 ++++++++++++++
 global/containers.nix             | 46 +++++++++++++++
 global/default.nix                |  8 +++
 global/software-configuration.nix | 96 +++++++++++++++++++++++++++++++
 global/system-configuration.nix   | 49 ++++++++++++++++
 global/user-configuration.nix     | 24 ++++++++
 hardware-configuration.nix        | 43 ++++++++++++++
 11 files changed, 354 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Makefile
 create mode 100644 README.md
 create mode 100644 configuration.nix
 create mode 100644 flake.nix
 create mode 100644 global/containers.nix
 create mode 100644 global/default.nix
 create mode 100644 global/software-configuration.nix
 create mode 100644 global/system-configuration.nix
 create mode 100644 global/user-configuration.nix
 create mode 100644 hardware-configuration.nix

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5dc8a67
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.zst
+passwords/*
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a7a5a70
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,25 @@
+############################################################################
+#
+#  Nix commands related to the local machine
+#
+############################################################################
+
+deploy:
+	nixos-rebuild switch --flake '.#gpd' --use-remote-sudo
+
+debug:
+	nixos-rebuild switch --flake '.#gpd' --use-remote-sudo --show-trace --verbose
+
+update:
+	nix flake update
+
+history:
+	nix profile history --profile /nix/var/nix/profiles/system
+
+gc:
+	# remove all generations older than 7 days
+	sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 3d
+
+	# garbage collect all unused nix store entries
+	sudo nix store gc --debug
+	nix-collect-garbage -d
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e840bb7
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# RPI3-Configurations
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..7bc7105
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,16 @@
+# NixOS configurations file.
+{ config, pkgs, lib, ... }: {
+  system.stateVersion = "23.05";
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+
+    # User custom configurations.
+    ./global
+  ];
+
+  system.autoUpgrade = {
+    enable = false;
+    flake = "git+https://git.sense-t.eu.org/NixOS/rpi3-configurations#default";
+  };
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..7f319ed
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,44 @@
+{
+  description = "NixOS configuration for Raspberry Pi 3+";
+
+  nixConfig = rec {
+    auto-optimise-store = true;
+    experimental-features = [ "nix-command" "flakes" ];
+    trusted-substituters = [
+      "https://mirrors.ustc.edu.cn/nix-channels/store" # 中科大
+      "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # 清华
+      "https://mirrors.bfsu.edu.cn/nix-channels/store" # 北外
+      "https://mirror.sjtu.edu.cn/nix-channels/store" # 交大
+      "https://nixos-cn.cachix.org"
+      "https://cache.nixos.org/"
+    ];
+    substituters = trusted-substituters;
+
+    trusted-users = [
+      "user"
+      "root"
+      "@wheel"
+    ];
+  };
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-23.05";
+  };
+
+  outputs = { self, nixpkgs, ... }: {
+    nixosConfigurations.default = nixpkgs.lib.nixosSystem rec {
+      system = "aarch64-linux";
+
+      specialArgs = {
+        pkgs = import nixpkgs {
+          system = system;
+          config.allowUnfree = true;
+        };
+      };
+
+      modules = [
+        ./configuration.nix
+      ];
+    };
+  };
+}
diff --git a/global/containers.nix b/global/containers.nix
new file mode 100644
index 0000000..c6d4082
--- /dev/null
+++ b/global/containers.nix
@@ -0,0 +1,46 @@
+{
+  virtualisation = {
+    podman.enable = true;
+    oci-containers.backend = "podman";
+
+    oci-containers.containers = {
+      wsproxy = {
+        login.username = "senseab";
+        login.registry = "ghcr.io";
+        login.passwordFile = "/var/lib/secrets/podman/ghcr.io"; # should create it manually.
+        image = "ghcr.io/senseab/wsproxy:master";
+        autoStart = true;
+
+        environment = {
+          CONFIG_NO_TLS_VERIFY = "true";
+          CONFIG_ADDR = "wss://dev.wetofu.me/path";
+          WSPROXY_MODE = "client";
+        };
+
+        ports = [
+          "1089:1089"
+        ];
+      };
+
+      zeronet = {
+        autoStart = true;
+        dependsOn = [ "wsproxy" ];
+        image = "supersandro2000/zeronet";
+
+        ports = [
+          "26552:26552"
+          "43110:43110"
+        ];
+
+        environment = {
+          ENABLE_TOR = "false";
+          UI_PASSWORD = "12345678";
+        };
+
+        volumes = [
+          "/var/lib/zeronet:/root/data"
+        ];
+      };
+    };
+  };
+}
diff --git a/global/default.nix b/global/default.nix
new file mode 100644
index 0000000..202bc19
--- /dev/null
+++ b/global/default.nix
@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./system-configuration.nix
+    ./software-configuration.nix
+    ./user-configuration.nix
+    ./containers.nix
+  ];
+}
diff --git a/global/software-configuration.nix b/global/software-configuration.nix
new file mode 100644
index 0000000..1bd718d
--- /dev/null
+++ b/global/software-configuration.nix
@@ -0,0 +1,96 @@
+{ pkgs, ... }:
+let
+  downloadDir = "/mnt/Downloads";
+in
+{
+  # Enable automatic login for the user.
+  services = {
+    # sudo tailscale up --operator=$USER 
+    # use https://hs.wetofu.me
+    tailscale.enable = true;
+    logrotate.checkConfig = false;
+
+    openssh = {
+      enable = true;
+      banner = "Must back to QingDao! Must back HOME!";
+
+      settings = {
+        PermitRootLogin = false;
+        PasswordAuthentication = false;
+      };
+    };
+
+    ntp = {
+      enable = true;
+      servers = [
+        "ntp.ntsc.ac.cn" # China
+      ];
+    };
+
+    transmission = {
+      enable = false;
+      openPeerPorts = true;
+      downloadDirPermissions = "777";
+
+      settings = {
+        download-dir = downloadDir;
+        peer-port-random-low = "42333";
+        peer-port-random-on-start = true;
+      };
+    };
+
+    resilio = {
+      enable = true;
+      deviceName = "Gangly4670";
+      enableWebUI = true;
+      directoryRoot = downloadDir;
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        default = {
+          default = true;
+          locations = {
+            "/" = {
+              root = "/var/lib/nginx/html";
+            };
+
+            "/files" = {
+              alias = downloadDir;
+              extraConfig = "autoindex on;";
+            };
+
+            "/transmission" = {
+              proxyPass = "http://localhost:9091";
+            };
+
+            "/sync" = {
+              proxyPass = "http://localhost:9000";
+            };
+          };
+        };
+      };
+    };
+
+    samba = {
+      enable = true;
+      shares = {
+        share = {
+          path = downloadDir;
+          browseable = "yes";
+          "read only" = true;
+        };
+      };
+    };
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    libraspberrypi
+  ];
+
+  programs = {
+  };
+}
diff --git a/global/system-configuration.nix b/global/system-configuration.nix
new file mode 100644
index 0000000..80480c4
--- /dev/null
+++ b/global/system-configuration.nix
@@ -0,0 +1,49 @@
+{
+  time.timeZone = "Asia/Shanghai";
+  security.sudo.wheelNeedsPassword = false;
+  networking.firewall.enable = false;
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "zh_CN.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "zh_CN.UTF-8";
+      LC_IDENTIFICATION = "zh_CN.UTF-8";
+      LC_MEASUREMENT = "zh_CN.UTF-8";
+      LC_MONETARY = "zh_CN.UTF-8";
+      LC_NAME = "zh_CN.UTF-8";
+      LC_NUMERIC = "zh_CN.UTF-8";
+      LC_PAPER = "zh_CN.UTF-8";
+      LC_TELEPHONE = "zh_CN.UTF-8";
+      LC_TIME = "zh_CN.UTF-8";
+    };
+  };
+
+  nix.settings = {
+    auto-optimise-store = true;
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+
+    substituters = [
+      "https://mirrors.ustc.edu.cn/nix-channels/store" # 中科大
+      "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # 清华
+      "https://mirrors.bfsu.edu.cn/nix-channels/store" # 北外
+      "https://mirror.sjtu.edu.cn/nix-channels/store" # 交大
+      "https://nixos-cn.cachix.org"
+      "https://cache.nixos.org/"
+    ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 1w";
+  };
+}
diff --git a/global/user-configuration.nix b/global/user-configuration.nix
new file mode 100644
index 0000000..ee89c01
--- /dev/null
+++ b/global/user-configuration.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }: {
+  users = {
+    mutableUsers = false;
+    users = {
+      pi = {
+        isNormalUser = true;
+        description = "Default user";
+
+        packages = with pkgs; [
+          gnumake42
+        ];
+
+        extraGroups = [
+          "wheel"
+        ];
+
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4D8YhuKaVoVu5f51SwO8FHmIMxytQ1VXzLr4qe1GnQ tonychyi@TonyChyideMacBook-Pro.local"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpWqnXVD/wC1IyWMNUtvPCnj7NtTfT1GaeKiDYILHIa coder@code-server-7dd77f88fb-5vlbj"
+        ];
+      };
+    };
+  };
+}
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
new file mode 100644
index 0000000..11e8022
--- /dev/null
+++ b/hardware-configuration.nix
@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    fsType = "ext4";
+  };
+
+  fileSystems."/mnt" = {
+    fsType = "ext4";
+    device = "/dev/disk/by-uuid/e419e4b8-d51c-4d5f-ad9f-91c4c0c4a52d";
+  };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enu1u1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.enableRedistributableFirmware = true;
+}