feat(komunix): create nixos configurations for raspiberry pi 4

.gitignore

@@ -8,5 +8,6 @@ terraform.tfstate.*
 
 ### direnv ###
 .direnv
+.pre-commit-config.yaml
 
 # End of https://www.toptal.com/developers/gitignore/api/direnv

README.md

@@ -13,17 +13,44 @@ If you're curious about the infrastructure behind [evilfactorylabs.org](https://
 
 ## Prerequisites
 
-You don't technically need to run or setup anything on your end. But if you want to setup for your own needs, you can take a look into [`shell.nix`](./shell.nix) and [`.envrc.example`](./.envrc.example) or you can just install [Terraform](https://terraform.io) on your machine (and messing with your own very [environment variables](https://direnv.net)).
+You don't technically need to run or setup anything on your end. But if you want to setup for your own needs, you can take a look into [`development.nix`](./nix/development.nix#L37-L41) and [`.envrc.example`](./.envrc.example) or you can just install [Terraform](https://terraform.io) on your machine (and messing with your own very [environment variables](https://direnv.net)).
 
 You have to know a little knowledge in using Terraform so you know what you're doing ;)
 
 ## How to use
 
 You can just clone this repo, create a new branch, and push your changes. Anyone with direct write access to the repository (i.e: making a pull request from this repo) will propagate `terraform plan` command behind the scenes. Only repository maintainers can initialize `terraform apply` but who knows, right?
 
+## Machines
+
+### Komunix
+
+**Raspberry Pi 4 Model B Rev 1.2**
+
+#### Flash Images 
+
+we our using `NixOS` and creating sd-card image with command:
+
+```console
+$ nix build github:evilfactorylabs/area13#nixosConfigurations.komunix.config.system.build.sdImage
+
+# verify image created in `result/sd-image/*.img`
+
+# write image with pv and dd  - WARNING! rdiskX replace with actual id (e.g. rdisk5)
+$ nix run nixpkgs#pv ./result/sd-image/*.img | sudo dd of=/dev/rdiskX bs=4M 
+
+```
+
+### Update System Configurations
+
+```console
+$ nix run nixpkgs#nixos-rebuild --flake github:evilfactorylabs/area13#komunix  switch --target-host <IP> --build-host <IP>
+```
+
 ## Maintainers
 
 - [faultables](https://github.com/faultables), @evilfactorylabs
+- [r17x](https://github.com/r17x), @evilfactorylabs
 
 ## License
 

flake.nix

@@ -0,0 +1,36 @@
+{
+  description = "Komunix.org Configurations";
+
+  outputs =
+    inputs:
+    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [
+        "aarch64-darwin"
+        "aarch64-linux"
+        "x86_64-linux"
+      ];
+
+      imports = [ ./nix ];
+    };
+
+  inputs = {
+    ## -- nixpkgs
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.follows = "nixpkgs-unstable";
+
+    ### -- hardware specific modules
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
+
+    #### core for modularitation
+    flake-parts.url = "github:hercules-ci/flake-parts";
+
+    #### file-based configurations
+    ez-configs.url = "github:ehllie/ez-configs";
+    ez-configs.inputs.nixpkgs.follows = "nixpkgs";
+    ez-configs.inputs.flake-parts.follows = "flake-parts";
+
+    #### utilities
+    git-hooks.url = "github:cachix/git-hooks.nix";
+    git-hooks.inputs.nixpkgs.follows = "nixpkgs";
+  };
+}

nix/configurations/nixos/komunix.nix

@@ -0,0 +1,99 @@
+{
+  maintainers,
+  inputs,
+  ezModules,
+  pkgs,
+  ...
+}:
+
+{
+  system.stateVersion = "25.05";
+
+  imports = with ezModules; [
+    # using for creating sd image
+    "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+    # hardware support for raspberry pi 4
+    inputs.nixos-hardware.nixosModules.raspberry-pi-4
+    # our hardware configuration for raspberry pi 4
+    rpi4
+  ];
+
+  nix.settings = {
+    auto-optimise-store = true;
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+
+  nixpkgs = {
+    hostPlatform = "aarch64-linux";
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  networking = {
+    networkmanager.enable = true;
+    firewall.allowedTCPPorts = [
+      22
+      80
+    ];
+    hostName = "komunix";
+  };
+
+  time.timeZone = "Asia/Jakarta";
+
+  users.users.komunix = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+    ];
+    description = "Komunix.org";
+    openssh.authorizedKeys.keys = maintainers.getMaintainerKeysByRole "core";
+    # Allow the graphical user to login without password
+    initialHashedPassword = "";
+  };
+
+  services.openssh = {
+    enable = true;
+    banner = ''
+
+       _   __                            _      
+      | | / /                           (_)     
+      | |/ /  ___  _ __ ___  _   _ _ __  ___  __
+      |    \ / _ \| '_ ` _ \| | | | '_ \| \ \/ /
+      | |\  \ (_) | | | | | | |_| | | | | |>  < 
+      \_| \_/\___/|_| |_| |_|\__,_|_| |_|_/_/\_\
+
+          ;/nix/store/milik-bersama;
+
+    '';
+  };
+
+  # add swap
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 2048;
+    }
+  ];
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 50;
+  };
+
+  # simplify sudo
+  security = {
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+  };
+
+  # Allow the user to log in as root without a password.
+  users.users.root.initialHashedPassword = "";
+}