infra/hosts/cyt-pi/configuration.nix

{ config, lib, pkgs, paths, self, ... }:

{
  # Basic Host Info
  networking.hostName = "cyt-pi";
  time.timeZone = "America/Montreal";
  i18n.defaultLocale = "en_CA.UTF-8";

  # System State
  system.stateVersion = "25.05";

  # Boot & Hardware (Pi Zero 2 W is ARM64)
  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Networking
  networking.networkmanager.enable = true;
  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "prohibit-password";
  };

  # User
  users.users.gortium = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "kismet" ];
    openssh.authorizedKeys.keys = [
      # Populate with your public key
    ];
  };

  # CYT Project Dependencies (Headless)
  environment.systemPackages = with pkgs; [
    git
    python311
    python311Packages.opencv4
    python311Packages.numpy
    python311Packages.pillow
    autossh # For the reverse tunnel
    kismet # Wi-Fi monitoring
  ];

  # Kismet Service
  systemd.services.kismet = {
    description = "Kismet Wi-Fi Monitor";
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      User = "gortium";
      Group = "kismet";
      ExecStart = ''
        ${pkgs.kismet}/bin/kismet -c panda --log-base=/home/gortium/kismet_logs --no-nc-ui
      '';
      Restart = "always";
      RestartSec = "10s";
    };
  };

  # Reverse SSH Tunnel Service
  systemd.services.cyt-tunnel = {
    description = "Reverse SSH Tunnel to lazyworkhorse.net";
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      User = "gortium";
      ExecStart = ''
        ${pkgs.autossh}/bin/autossh -M 0 -N \
          -o "ServerAliveInterval 30" \
          -o "ServerAliveCountMax 3" \
          -R 19999:localhost:22 \
          gortium@lazyworkhorse.net -p 2425 \
          -i /home/gortium/.ssh/cyt_tunnel_key
      '';
      Restart = "always";
      RestartSec = "10s";
    };
  };

  # CYT Application Service
  systemd.services.cyt-app = {
    description = "Chasing Your Tail - Target Detector";
    after = [ "network-online.target" "kismet.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      User = "gortium";
      WorkingDirectory = "/home/gortium/Chasing-Your-Tail-NG";
      ExecStart = ''
        ${pkgs.python311}/bin/python3 target_detector_cli.py --min-ssids 2
      '';
      Restart = "on-failure";
      RestartSec = "60s";
      Environment = [
        "CYT_KISMET_LOGS=/home/gortium/kismet_logs"
      ];
    };
  };
}
feat: isolate docker networks and add cyt-pi remote node config - Refactor all 12 compose stacks to use isolated networks with Traefik as the hub - Add openclaw-ssh sidecar to ai stack for reverse tunneling (port 2425) - Add sshnode entrypoint to Traefik configuration - Add cyt-pi host configuration for Pi Zero 2 W (headless) - Include kismet and target_detector_cli services for remote Wi-Fi monitoring - Add reverse SSH tunnel service via autossh 2026-04-06 19:14:57 -04:00			`{ config, lib, pkgs, paths, self, ... }:`

			`{`
			`# Basic Host Info`
			`networking.hostName = "cyt-pi";`
			`time.timeZone = "America/Montreal";`
			`i18n.defaultLocale = "en_CA.UTF-8";`

			`# System State`
			`system.stateVersion = "25.05";`

			`# Boot & Hardware (Pi Zero 2 W is ARM64)`
			`boot.loader.grub.enable = false;`
			`boot.loader.generic-extlinux-compatible.enable = true;`
			`boot.kernelPackages = pkgs.linuxPackages_latest;`

			`# Networking`
			`networking.networkmanager.enable = true;`
			`services.openssh = {`
			`enable = true;`
			`settings.PermitRootLogin = "prohibit-password";`
			`};`

			`# User`
			`users.users.gortium = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" "networkmanager" "kismet" ];`
			`openssh.authorizedKeys.keys = [`
			`# Populate with your public key`
			`];`
			`};`

			`# CYT Project Dependencies (Headless)`
			`environment.systemPackages = with pkgs; [`
			`git`
			`python311`
			`python311Packages.opencv4`
			`python311Packages.numpy`
			`python311Packages.pillow`
			`autossh # For the reverse tunnel`
			`kismet # Wi-Fi monitoring`
			`];`

			`# Kismet Service`
			`systemd.services.kismet = {`
			`description = "Kismet Wi-Fi Monitor";`
			`after = [ "network-online.target" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
			`User = "gortium";`
			`Group = "kismet";`
			`ExecStart = ''`
			`${pkgs.kismet}/bin/kismet -c panda --log-base=/home/gortium/kismet_logs --no-nc-ui`
			`'';`
			`Restart = "always";`
			`RestartSec = "10s";`
			`};`
			`};`

			`# Reverse SSH Tunnel Service`
			`systemd.services.cyt-tunnel = {`
			`description = "Reverse SSH Tunnel to lazyworkhorse.net";`
			`after = [ "network-online.target" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
			`User = "gortium";`
			`ExecStart = ''`
			`${pkgs.autossh}/bin/autossh -M 0 -N \`
			`-o "ServerAliveInterval 30" \`
			`-o "ServerAliveCountMax 3" \`
			`-R 19999:localhost:22 \`
			`gortium@lazyworkhorse.net -p 2425 \`
			`-i /home/gortium/.ssh/cyt_tunnel_key`
			`'';`
			`Restart = "always";`
			`RestartSec = "10s";`
			`};`
			`};`

			`# CYT Application Service`
			`systemd.services.cyt-app = {`
			`description = "Chasing Your Tail - Target Detector";`
			`after = [ "network-online.target" "kismet.service" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
			`User = "gortium";`
			`WorkingDirectory = "/home/gortium/Chasing-Your-Tail-NG";`
			`ExecStart = ''`
			`${pkgs.python311}/bin/python3 target_detector_cli.py --min-ssids 2`
			`'';`
			`Restart = "on-failure";`
			`RestartSec = "60s";`
			`Environment = [`
			`"CYT_KISMET_LOGS=/home/gortium/kismet_logs"`
			`];`
			`};`
			`};`
			`}`