7 files changed, 126 insertions, 0 deletions
diff --git a/flake.lock b/flake.lock
index 337ba57..ece0ad3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -83,6 +83,21 @@
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1743420942,
+        "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1739206421,
@@ -136,6 +151,7 @@
         "agenix": "agenix",
         "flake-compat": "flake-compat",
         "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "oisd": "oisd"
diff --git a/flake.nix b/flake.nix
index 7b9727e..f738533 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,8 @@
 
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
+
     home-manager = {
       url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -52,6 +54,7 @@
       { name = "corsac"; system = x86; tailscale.ip = "100.64.100.100"; }
       { name = "lapin"; system = arm; tailscale.ip = "100.83.254.27"; }
       { name = "renard"; system = x86; tailscale.ip = "100.75.17.75"; }
+      { name = "fourmi"; system = arm; tailscale.ip = "100.99.119.83"; }
     ];
 
     overlays = [ agenix.overlays.default ];
diff --git a/machines/fourmi/default.nix b/machines/fourmi/default.nix
new file mode 100644
index 0000000..780838d
--- /dev/null
+++ b/machines/fourmi/default.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../modules/common.nix
+
+    ./hardware.nix
+    ./devices.nix
+  ];
+
+  foundation.monitoring = {
+    client.enable = false;
+  };
+
+  # extra packages for dealing with the device
+  # hardware.
+  environment.systemPackages = with pkgs; [
+    libraspberrypi
+    raspberrypi-eeprom
+  ];
+
+  system.stateVersion = "24.11";
+}
diff --git a/machines/fourmi/devices.nix b/machines/fourmi/devices.nix
new file mode 100644
index 0000000..3738553
--- /dev/null
+++ b/machines/fourmi/devices.nix
@@ -0,0 +1,38 @@
+{ lib, nixos-hardware, ... }:
+
+{
+  # correctly configure hardware in this pi server.
+  imports = [
+    nixos-hardware.nixosModules.raspberry-pi-4
+  ];
+
+  # boot settings
+  boot = {
+    loader = { 
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+
+    kernelModules = [ "wireguard" ];
+  };
+
+  # apply rpi4-specific device tree from nixos-hardware.
+  hardware = {
+    raspberry-pi."4".apply-overlays-dtmerge.enable = true;
+    deviceTree = {
+      enable = true;
+      filter = "*rpi-4-*.dtb";
+    };
+  };
+
+  networking = {
+    # todo: configure properly
+    firewall.enable = lib.mkForce false;
+
+    useDHCP = true;
+    networkmanager = {
+      enable = false;
+      wifi.powersave = false;
+    };
+  };
+}
diff --git a/machines/fourmi/hardware.nix b/machines/fourmi/hardware.nix
new file mode 100644
index 0000000..e3913be
--- /dev/null
+++ b/machines/fourmi/hardware.nix
@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
diff --git a/machines/fourmi/home.nix b/machines/fourmi/home.nix
new file mode 100644
index 0000000..be5d645
--- /dev/null
+++ b/machines/fourmi/home.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../modules/home/common.nix
+  ];
+
+  home.stateVersion = "24.11";
+}
diff --git a/secrets/keys.nix b/secrets/keys.nix
index 6f6aa8e..9c7412c 100644
--- a/secrets/keys.nix
+++ b/secrets/keys.nix
@@ -14,6 +14,11 @@ let
       user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlqytVSNMFAfbB+rdiNktv3WYViVBMeK7zUO2Pjfii+";
       system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxghVX0Oq+eHklg/e7s/qhC8CK8PLUgvpLk2G53xEjK";
     };
+
+    fourmi = {
+      user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfbbNX3QvNPH5TKQ0nZcBLzFicmzxmfHjPYHsqiJh6s";
+      system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClKCe1ziELUE1N+65xdpctJT1rpn5OgJd0NWNg6bW6J";
+    };
   };
 
   desktops = {