Bare-bones Raspberry box config

hosts/box/default.nix

@@ -6,7 +6,6 @@
 }: {
   imports = [
     ./dns.nix
-    ./glance.nix
     ./packages.nix
     ./hardware-configuration.nix
     ../../modules/userapps/utils.nix
@@ -14,6 +13,9 @@
     ../../modules/raspberrypi.nix
     ../../modules/common/networking.nix
     ../../modules/common/shell.nix
+    ../../modules/de/multiple-dms.nix
+    ../../modules/de/gnome.nix
+    ../../modules/common/pipewire.nix
     ./user.nix
   ];
   networking.hostName = "box";

hosts/oldbox/default.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ./dns.nix
+    ./glance.nix
+    ./packages.nix
+    ./hardware-configuration.nix
+    ../../modules/userapps/utils.nix
+    ../../modules/common/nix.nix
+    ../../modules/raspberrypi.nix
+    ../../modules/common/networking.nix
+    ../../modules/common/shell.nix
+    ./user.nix
+  ];
+  networking.hostName = "box";
+  networking.firewall.enable = false;
+  # This will be overridden by system/default.nix
+  system.stateVersion = "25.05";
+}

hosts/oldbox/dns.nix

@@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  services.pihole-web = {
+    enable = true;
+    ports = [8085];
+  };
+
+  services.pihole-ftl = {
+    enable = true;
+    #openFirewallDNS = true;
+    #openFirewallDHCP = true;
+    queryLogDeleter.enable = true;
+    lists = [
+      {
+        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
+        # Alternatively, use the file from nixpkgs. Note its contents won't be
+        # automatically updated by Pi-hole, as it would with an online URL.
+        # url = "file://${pkgs.stevenblack-blocklist}/hosts";
+        description = "Steven Black's unified adlist";
+      }
+      {
+        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt";
+        description = "Hagezi Ultimate";
+      }
+      {
+        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt";
+        description = "Hazegi NSFW";
+      }
+    ];
+    settings = {
+      files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
+      dns = {
+        domainNeeded = true;
+        expandHosts = true;
+        interface = "end0";
+        listeningMode = "BIND";
+        domain = "lan";
+        upstreams = ["9.9.9.11"];
+        hosts = [
+          "*.bigbox.lan 192.168.0.131"
+          "bigbox.lan 192.168.0.131"
+          "inv.bigbox.lan 192.168.0.131"
+          "media.bigbox.lan 192.168.0.131"
+          "type.bigbox.lan 192.168.0.131"
+          "bookmarks.bigbox.lan 192.168.0.131"
+          "bin.bigbox.lan 192.168.0.131"
+          "ai.bigbox.lan 192.168.0.131"
+          "speed.bigbox.lan 192.168.0.131"
+          "syncthing.bigbox.lan 192.168.0.131"
+          "kiwix.bigbox.lan 192.168.0.131"
+          "torrent.bigbox.lan 192.168.0.131"
+          "gitea.bigbox.lan 192.168.0.131"
+          "news.bigbox.lan 192.168.0.131"
+        ];
+      };
+      dhcp = {
+        active = false;
+        router = "192.168.0.1";
+        start = "192.168.0.2";
+        end = "192.168.0.99";
+        netmask = "255.255.255.0";
+        leaseTime = "1d";
+        #ipv6 = true;
+        multiDNS = true;
+        rapidCommit = true;
+        hosts = [
+          # Static address for the current host
+          "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite"
+          "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite"
+          "60:30:d4:6b:89:10,192.168.0.100,puter,infinite"
+        ];
+      };
+      misc.dnsmasq_lines = [
+        # This DHCP server is the only one on the network
+        #"dhcp-authoritative"
+        # Source: https://data.iana.org/root-anchors/root-anchors.xml
+        "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"
+      ];
+    };
+  };
+}

hosts/oldbox/hardware-configuration.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  boot.blacklistedKernelModules = [
+    "bluetooth"
+    "btbcm"
+    "hci_uart"
+    "hci_bcm"
+  ];
+
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = ["noatime"];
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+}

hosts/oldbox/packages.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../modules/userapps/utils.nix
+  ];
+
+  services.openssh.enable = true;
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+}

hosts/oldbox/user.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  users.users.boxuser = {
+    isNormalUser = true;
+    group = "boxuser";
+    extraGroups = ["wheel" "docker" "networkmanager"]; # Enable ‘sudo’ for the user.
+    hashedPassword = "$6$Gk6L21XBSf.YbfU1$eadMLbwvAgudTjPOLCsZfRNxfGptARnAazhs0xz/GcNEYGQS/GjLov/jJsHnPIKBNIPQJEG4XhZ3K097bfi1c1";
+    packages = with pkgs; [
+      fastfetch
+    ];
+  };
+
+  users.users.boxuser.shell = pkgs.bash;
+  users.groups.boxuser = {};
+}