From 7ed54e66ec86773d65b5ee5f625905590eb366be Mon Sep 17 00:00:00 2001
From: Sebastian Moser <me@c2vi.dev>
Date: Tue, 21 Nov 2023 14:59:08 +0100
Subject: [PATCH] ...

---
 flake.nix               |  19 +++----
 hardware/hpm-laptop.nix |   7 ---
 hosts/lush.nix          |  92 +++++++++------------------------
 hosts/rpi.nix           | 111 ++++++++++++++++++++++++++--------------
 4 files changed, 104 insertions(+), 125 deletions(-)

diff --git a/flake.nix b/flake.nix
index 885ace2..bc9f223 100644
--- a/flake.nix
+++ b/flake.nix
@@ -87,14 +87,15 @@
 
       		modules = [
          		./hosts/hpm.nix
-					./hardware/hpm-laptop.nix
+					  ./hardware/hpm-laptop.nix
       		];
    		};
 
       # my server at home
    		"rpi" = nixpkgs.lib.nixosSystem {
-			  inherit specialArgs;
-      	system = "x86_64-linux";
+			  #inherit specialArgs;
+        specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; };
+        system = "aarch64-linux";
         modules = [
           ./hosts/rpi.nix
         ];
@@ -103,18 +104,9 @@
       # my raspberry to try out stuff with
    		"lush" = nixpkgs.lib.nixosSystem {
         system = "aarch64-linux";
+        specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; };
         modules = [
-          "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
-          inputs.nixos-hardware.nixosModules.raspberry-pi-4
           ./hosts/lush.nix
-          {
-	          system.stateVersion = "23.05"; # Did you read the comment?
-
-            nixpkgs.hostPlatform.system = "aarch64-linux";
-            nixpkgs.buildPlatform.system = "x86_64-linux";
-
-            hardware.enableRedistributableFirmware = true;
-          }
         ];
       };
 
@@ -208,6 +200,7 @@
         #modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-no-zfs-installer.nix" ];
       #}).config.system.build.sdImage;
       lush = self.nixosConfigurations.lush.config.system.build.sdImage;
+      rpi = self.nixosConfigurations.rpi.config.system.build.sdImage;
       test = nixpkgs.legacyPackages.x86_64-linux.pkgsCross.raspberryPi.raspberrypi-armstubs;
 		};
 
diff --git a/hardware/hpm-laptop.nix b/hardware/hpm-laptop.nix
index aa8591c..a8e03a8 100755
--- a/hardware/hpm-laptop.nix
+++ b/hardware/hpm-laptop.nix
@@ -35,13 +35,6 @@
 		fsType = "vfat";
 	};
 
-	fileSystems."/tmp" = {
-   	fsType = "tmpfs";
-   	device = "tmpfs";
-   	options = [ "nosuid" "nodev" "relatime" "size=14G" ];
-	};
-
-
 	swapDevices = [
 		{ device = "/dev/disk/by-uuid/418bf0d8-e548-45d5-802a-53de72707ebc"; }
    ];
diff --git a/hosts/lush.nix b/hosts/lush.nix
index 1ade70d..e812e39 100644
--- a/hosts/lush.nix
+++ b/hosts/lush.nix
@@ -1,5 +1,16 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, inputs, ... }:
 {
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+  imports = [
+      "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+      #inputs.nixos-hardware.nixosModules.raspberry-pi-4
+  ];
+
+  #nixpkgs.hostPlatform.system = "aarch64-linux";
+  #nixpkgs.buildPlatform.system = "x86_64-linux";
+
+  hardware.enableRedistributableFirmware = true;
 
   # This causes an overlay which causes a lot of rebuilding
   environment.noXlibs = lib.mkForce false;
@@ -12,28 +23,34 @@
     };
 
   boot = {
-    kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+    #kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
     loader = {
       generic-extlinux-compatible.enable = lib.mkDefault true;
       grub.enable = lib.mkDefault false;
     };
   };
 
-  nix.settings = {
-    experimental-features = lib.mkDefault "nix-command flakes";
-    trusted-users = [ "root" "@wheel" ];
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
   };
 
   # end of base.nix
 
   environment.systemPackages = with pkgs; [ vim git ];
-  services.openssh.enable = true;
-  networking.hostName = "luna";
+  networking.hostName = "lush";
   users = {
     users.me = {
       password = "hello";
       isNormalUser = true;
       extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWsqiz0gEepvPONYxqhKKq4Vxfe1h+jo11k88QozUch me@bitwarden"
+      ];
     };
   };
   networking = {
@@ -50,7 +67,6 @@
 
   /*
   boot = {
-
     kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
     initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
     loader = {
@@ -58,64 +74,6 @@
       generic-extlinux-compatible.enable = true;
     };
   };
-
-
-  fileSystems = {
-
-    "/" = {
-
-      device = "/dev/disk/by-label/NIXOS_SD";
-
-      fsType = "ext4";
-
-      options = [ "noatime" ];
-
-    };
-
-  };
-
-
-  networking = {
-
-    hostName = hostname;
-
-    wireless = {
-
-      enable = true;
-
-      networks."${SSID}".psk = SSIDpassword;
-
-      interfaces = [ interface ];
-
-    };
-
-  };
-
-
-  environment.systemPackages = with pkgs; [ vim ];
-
-
-  services.openssh.enable = true;
-
-
-  users = {
-
-    mutableUsers = false;
-
-    users."${user}" = {
-
-      isNormalUser = true;
-
-      password = password;
-
-      extraGroups = [ "wheel" ];
-
-    };
-
-  };
-
-
-
-  system.stateVersion = "23.11";
   */
+
 }
diff --git a/hosts/rpi.nix b/hosts/rpi.nix
index 2dba505..99b305c 100644
--- a/hosts/rpi.nix
+++ b/hosts/rpi.nix
@@ -1,13 +1,24 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, inputs, ... }:
 {
   imports = [
+    "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+    inputs.nixos-hardware.nixosModules.raspberry-pi-4
+
 		../common/all.nix
 		../common/nixos-headless.nix
 
-		../users/me/default.nix
+		../users/me/headless.nix
 		../users/root/default.nix
   ];
 
+  system.stateVersion = "23.05";
+
+  # to cross compile
+  #nixpkgs.hostPlatform.system = "aarch64-linux";
+  #nixpkgs.buildPlatform.system = "x86_64-linux";
+
+  hardware.enableRedistributableFirmware = true;
+
   # This causes an overlay which causes a lot of rebuilding
   environment.noXlibs = lib.mkForce false;
   # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
@@ -20,7 +31,7 @@
     };
 
   boot = {
-    kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+    #kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
     loader = {
       generic-extlinux-compatible.enable = lib.mkDefault true;
       grub.enable = lib.mkDefault false;
@@ -80,43 +91,67 @@
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
 	];
 
-
-
 	################################ samba ######################################
 	services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
 
 	services.samba = {
-  		enable = true;
-  		securityType = "user";
-  		extraConfig = ''
-			security = user
-			map to guest = bad user
-			guest account = me
-
-			server role = standalone server
-			workgroup = WORKGROUP
-  		'';
-  		shares = {
-    		rpi_schule = {
-    			path = "${workDir}/rpi-schule/";
-	 			"guest ok" = "yes";
-    			"read only" = "no";
-    			public = "yes";
-    			writable = "yes";
-    			printable = "no";
-    			comment = "share for rpi in school wlan";
-    		};
-
-    		share = {
-    			comment = "share for sharing stuff";
-    			path = "${workDir}/share";
-    			public = "yes";
-	 			"guest ok" = "yes";
-    			"read only" = "no";
-    			writable = "yes";
-    		};
-  		};
-	};
-
-
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      server role = standalone server
+      map to guest = bad user
+      usershare allow guests = yes
+      hosts allow = 192.168.0.0/16
+      hosts deny = 0.0.0.0
+      workgroup = WORKGROUP
+      security = user
+    '';
+    shares = {
+      files = {
+        "valid users" = "files";
+        "comment" = "all my files";
+        "path" = "/home/files/storage/files";
+        "read only" = "no";
+        "guest ok" = "no";
+        "force user" = "files";
+        "force group" = "files";
+        "force create mode" = "0777";
+        # Papierkorb
+        "vfs object" = "recycle";
+        "recycle:repository" = "/home/files/storage/files/trash-files";
+        "recycle:keeptree" = "No";
+        "recycle:versions" = "Yes";
+        "recycle:touch" = "Yes";
+        "recycle:touch_mtime" = "Yes";
+        "recycle:maxsize" = "8000";
+      };
+      lan = {
+        "comment" = "gastordner";
+        "path" = "/home/files/storage/lan";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "force user" = "files";
+        "force group" = "files";
+        "force create mode" = "0777";
+        # Papierkorb
+        "vfs object" = "recycle";
+        "recycle:repository" = "/home/files/storage/files/trash-lan";
+        "recycle:keeptree" = "No";
+        "recycle:versions" = "Yes";
+        "recycle:touch" = "Yes";
+        "recycle:touch_mtime" = "Yes";
+        "recycle:maxsize" = "8000";
+      };
+      mama = {
+        "comment" = "Meine Dateien auf Mamas Laptop";
+        "path" = "/home/files/storage/files/stuff/Mamas-Laptop";
+        "read only" = "no";
+        "guest ok" = "no";
+        "valid users" = "mamafiles";
+        "force user" = "files";
+        "force group" = "files";
+        "force create mode" = "0777";
+      };
+    };
+  };
 }