diff --git a/ansible/roles/sftp/tasks/common.yaml b/ansible/roles/sftp/tasks/common.yaml index 4a3821a..f1245ba 100644 --- a/ansible/roles/sftp/tasks/common.yaml +++ b/ansible/roles/sftp/tasks/common.yaml @@ -64,6 +64,23 @@ # force: true # diff: false +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0700 + owner: nochainstounlock + group: nochainstounlock + loop: + - /home/nochainstounlock/.ssh + +- name: Set authorized keys + authorized_key: + user: nochainstounlock + key: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix + exclusive: true + - import_tasks: tasks/freebsd.yaml when: 'os_flavor == "freebsd"' diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index 3b1f6da..076fd14 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -9,9 +9,9 @@ { imports = [ ./roles/reset + ./roles/global_options ./util/unfree_polyfill ./roles/iso - ./hosts/odo "${ builtins.fetchTarball { url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz"; @@ -55,6 +55,10 @@ ./roles/wasm ./roles/vnc_client ./roles/chromecast + ./roles/memtest86 + ./roles/kodi + ./roles/ansible + ./roles/bluetooth ]; nix.settings.experimental-features = [ diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix index 91b59fe..2b84092 100644 --- a/nix/configuration/flake.nix +++ b/nix/configuration/flake.nix @@ -81,11 +81,19 @@ }; systems = { odo = { - main = nixpkgs.lib.nixosSystem (base_x86_64_linux // { }); + main = nixpkgs.lib.nixosSystem ( + base_x86_64_linux + // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/odo + ]; + } + ); iso = nixpkgs.lib.nixosSystem ( base_x86_64_linux // { modules = base_x86_64_linux.modules ++ [ + ./hosts/odo (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") # TODO: Figure out how to do image based appliances # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") @@ -98,10 +106,36 @@ } ); }; + neelix = { + main = nixpkgs.lib.nixosSystem ( + base_x86_64_linux + // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/neelix + ]; + } + ); + iso = nixpkgs.lib.nixosSystem ( + base_x86_64_linux + // { + modules = base_x86_64_linux.modules ++ [ + ./hosts/neelix + (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") + { + isoImage.makeEfiBootable = true; + isoImage.makeUsbBootable = true; + me.buildingIso = true; + } + ]; + } + ); + }; }; in { nixosConfigurations.odo = systems.odo.main; iso.odo = systems.odo.iso.config.system.build.isoImage; + nixosConfigurations.neelix = systems.neelix.main; + iso.neelix = systems.neelix.iso.config.system.build.isoImage; }; } diff --git a/nix/configuration/hosts/neelix/default.nix b/nix/configuration/hosts/neelix/default.nix new file mode 100644 index 0000000..926d60c --- /dev/null +++ b/nix/configuration/hosts/neelix/default.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ./optimized_build.nix + ./power_management.nix + ]; + + # Generate with `head -c4 /dev/urandom | od -A none -t x4` + networking.hostId = "fbd233d8"; + + networking.hostName = "neelix"; # Define your hostname. + + time.timeZone = "America/New_York"; + i18n.defaultLocale = "en_US.UTF-8"; + + me.secureBoot.enable = false; + + # Early KMS + boot.initrd.kernelModules = [ "i915" ]; + + # Mount tmpfs at /tmp + boot.tmp.useTmpfs = true; + + me.graphical = true; + me.graphicsCardType = "intel"; + + me.kodi.enable = true; + me.bluetooth.enable = true; +} diff --git a/nix/configuration/hosts/neelix/disk-config.nix b/nix/configuration/hosts/neelix/disk-config.nix new file mode 100644 index 0000000..f9204aa --- /dev/null +++ b/nix/configuration/hosts/neelix/disk-config.nix @@ -0,0 +1,140 @@ +# Manual Step: +# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 +# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 +{ + config, + lib, + pkgs, + ... +}: + +lib.mkIf (!config.me.buildingIso) { + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "umask=0077" + "noatime" + "discard" + ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + # mode = "mirror"; + # Workaround: cannot import 'zroot': I/O error in disko tests + options.cachefile = "none"; + options = { + ashift = "12"; + compatibility = "openzfs-2.2-freebsd"; + autotrim = "on"; + }; + rootFsOptions = { + acltype = "posixacl"; + atime = "off"; + relatime = "off"; + xattr = "sa"; + mountpoint = "none"; + compression = "lz4"; + canmount = "off"; + utf8only = "on"; + dnodesize = "auto"; + normalization = "formD"; + }; + + datasets = { + "linux/nix" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "linux/nix/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; + }; + "linux/nix/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank"; + options = { + recordsize = "1MiB"; + compression = "lz4"; + }; + }; + "linux/nix/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank"; + }; + "linux/nix/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank"; + }; + "linux/nix/state" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/state"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank"; + }; + }; + }; + }; + }; + + # Make sure all persistent volumes are marked as neededForBoot + # + # Also mounts /home so it is mounted before the user home directories are created. + fileSystems."/persist".neededForBoot = true; + fileSystems."/state".neededForBoot = true; + fileSystems."/home".neededForBoot = true; + + fileSystems."/".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/nix".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/persist".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/state".options = [ + "noatime" + "norelatime" + ]; + fileSystems."/home".options = [ + "noatime" + "norelatime" + ]; +} diff --git a/nix/configuration/hosts/neelix/hardware-configuration.nix b/nix/configuration/hosts/neelix/hardware-configuration.nix new file mode 100644 index 0000000..b583e6a --- /dev/null +++ b/nix/configuration/hosts/neelix/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nix/configuration/hosts/neelix/optimized_build.nix b/nix/configuration/hosts/neelix/optimized_build.nix new file mode 100644 index 0000000..a6ae54f --- /dev/null +++ b/nix/configuration/hosts/neelix/optimized_build.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ ]; + + config = lib.mkMerge [ + { } + (lib.mkIf (!config.me.buildingIso) { + nix.settings.system-features = lib.mkForce [ + "gccarch-alderlake" + "gccarch-x86-64-v3" + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + ]; + + # nixpkgs.hostPlatform = { + # gcc.arch = "alderlake"; + # gcc.tune = "alderlake"; + # system = "x86_64-linux"; + + # }; + + nixpkgs.overlays = [ + ( + self: super: + let + optimizeWithFlags = + pkg: flags: + pkg.overrideAttrs (old: { + NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags; + }); + addConfig = + additionalConfig: pkg: + pkg.override (oldconfig: { + structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig; + }); + in + { + linux_alderlake = + addConfig + { + # Full preemption + PREEMPT = lib.mkOverride 60 lib.kernel.yes; + PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; + + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = lib.kernel.yes; + DEFAULT_BBR = lib.kernel.yes; + + # Preemptive Full Tickless Kernel at 300Hz + HZ = lib.kernel.freeform "300"; + HZ_300 = lib.kernel.yes; + HZ_1000 = lib.kernel.no; + } + ( + optimizeWithFlags super.linux_6_12 [ + "-march=alderlake" + "-mtune=alderlake" + ] + ); + } + ) + ]; + + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake; + }) + (lib.mkIf (config.me.buildingIso) { + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12; + boot.supportedFilesystems = [ "zfs" ]; + }) + ]; +} diff --git a/nix/configuration/hosts/neelix/power_management.nix b/nix/configuration/hosts/neelix/power_management.nix new file mode 100644 index 0000000..c63a7a9 --- /dev/null +++ b/nix/configuration/hosts/neelix/power_management.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + environment.systemPackages = with pkgs; [ + powertop + ]; + + # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. + # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). + boot.kernelParams = [ + "pcie_aspm=force" + # "pcie_aspm.policy=powersupersave" + "nowatchdog" + ]; + + # default performance balance_performance balance_power power + # defaults to balance_performance + # systemd.tmpfiles.rules = [ + # "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" + # "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" + # ]; + + boot.extraModprobeConfig = '' + options snd_hda_intel power_save=1 + ''; +} diff --git a/nix/configuration/hosts/odo/default.nix b/nix/configuration/hosts/odo/default.nix index 52c4081..5690f4d 100644 --- a/nix/configuration/hosts/odo/default.nix +++ b/nix/configuration/hosts/odo/default.nix @@ -31,4 +31,7 @@ me.graphical = true; me.graphicsCardType = "amd"; + + me.sway.enable = true; + me.ansible.enable = true; } diff --git a/nix/configuration/hosts/odo/disk-config.nix b/nix/configuration/hosts/odo/disk-config.nix index 07048d4..dc31c68 100644 --- a/nix/configuration/hosts/odo/disk-config.nix +++ b/nix/configuration/hosts/odo/disk-config.nix @@ -1,3 +1,6 @@ +# Manual Step: +# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 +# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 { config, lib, diff --git a/nix/configuration/hosts/odo/optimized_build.nix b/nix/configuration/hosts/odo/optimized_build.nix index 43d09b8..7e6fbc0 100644 --- a/nix/configuration/hosts/odo/optimized_build.nix +++ b/nix/configuration/hosts/odo/optimized_build.nix @@ -7,65 +7,75 @@ { imports = [ ]; - nix.settings.system-features = lib.mkForce [ - "gccarch-znver4" - "gccarch-skylake" - # "gccarch-alderlake" missing WAITPKG - "gccarch-x86-64-v3" - "gccarch-x86-64-v4" - "benchmark" - "big-parallel" - "kvm" - "nixos-test" + config = lib.mkMerge [ + { } + (lib.mkIf (!config.me.buildingIso) { + nix.settings.system-features = lib.mkForce [ + "gccarch-znver4" + "gccarch-skylake" + # "gccarch-alderlake" missing WAITPKG + "gccarch-x86-64-v3" + "gccarch-x86-64-v4" + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + ]; + + # nixpkgs.hostPlatform = { + # gcc.arch = "znver4"; + # gcc.tune = "znver4"; + # system = "x86_64-linux"; + + # }; + + nixpkgs.overlays = [ + ( + self: super: + let + optimizeWithFlags = + pkg: flags: + pkg.overrideAttrs (old: { + NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags; + }); + addConfig = + additionalConfig: pkg: + pkg.override (oldconfig: { + structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig; + }); + in + { + linux_znver4 = + addConfig + { + # Full preemption + PREEMPT = lib.mkOverride 60 lib.kernel.yes; + PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; + + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = lib.kernel.yes; + DEFAULT_BBR = lib.kernel.yes; + + # Preemptive Full Tickless Kernel at 300Hz + HZ = lib.kernel.freeform "300"; + HZ_300 = lib.kernel.yes; + HZ_1000 = lib.kernel.no; + } + ( + optimizeWithFlags super.linux_6_12 [ + "-march=znver4" + "-mtune=znver4" + ] + ); + } + ) + ]; + + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4; + }) + (lib.mkIf (config.me.buildingIso) { + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12; + boot.supportedFilesystems.zfs = true; + }) ]; - - # nixpkgs.hostPlatform = { - # gcc.arch = "znver4"; - # gcc.tune = "znver4"; - # system = "x86_64-linux"; - # }; - - nixpkgs.overlays = [ - ( - self: super: - let - optimizeWithFlags = - pkg: flags: - pkg.overrideAttrs (old: { - NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags; - }); - addConfig = - additionalConfig: pkg: - pkg.override (oldconfig: { - structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig; - }); - in - { - linux_znver4 = - addConfig - { - # Full preemption - PREEMPT = lib.mkOverride 60 lib.kernel.yes; - PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no; - - # Google's BBRv3 TCP congestion Control - TCP_CONG_BBR = lib.kernel.yes; - DEFAULT_BBR = lib.kernel.yes; - - # Preemptive Full Tickless Kernel at 300Hz - HZ = lib.kernel.freeform "300"; - HZ_300 = lib.kernel.yes; - HZ_1000 = lib.kernel.no; - } - ( - optimizeWithFlags super.linux_6_12 [ - "-march=znver4" - "-mtune=znver4" - ] - ); - } - ) - ]; - - boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4); } diff --git a/nix/configuration/roles/ansible/default.nix b/nix/configuration/roles/ansible/default.nix new file mode 100644 index 0000000..58a3d06 --- /dev/null +++ b/nix/configuration/roles/ansible/default.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + ansible.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install ansible."; + }; + }; + + config = lib.mkIf config.me.ansible.enable ( + lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + ansible + ]; + + nixpkgs.overlays = [ + (final: prev: { + ansible = pkgs.symlinkJoin { + name = "ansible"; + paths = [ + (prev.ansible.overridePythonAttrs { + propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ]; + }) + ]; + buildInputs = [ pkgs.makeWrapper ]; + postBuild = '' + wrapProgram $out/bin/ansible --prefix PATH : ${lib.makeBinPath [ ]} + ''; + }; + }) + ]; + } + ] + ); +} diff --git a/nix/configuration/roles/blank/default.nix b/nix/configuration/roles/blank/default.nix index 7f220e5..d38650e 100644 --- a/nix/configuration/roles/blank/default.nix +++ b/nix/configuration/roles/blank/default.nix @@ -8,6 +8,23 @@ { imports = [ ]; - environment.systemPackages = with pkgs; [ - ]; + options.me = { + blank.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install blank."; + }; + }; + + config = lib.mkIf config.me.blank.enable ( + lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + ]; + } + (lib.mkIf config.me.graphical { + }) + ] + ); } diff --git a/nix/configuration/roles/bluetooth/default.nix b/nix/configuration/roles/bluetooth/default.nix new file mode 100644 index 0000000..eb026c6 --- /dev/null +++ b/nix/configuration/roles/bluetooth/default.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + bluetooth.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install bluetooth."; + }; + }; + + config = lib.mkIf config.me.bluetooth.enable ( + lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + ]; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + # Enable support for showing battery charge level. + Experimental = true; + }; + }; + }; + + environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { + hideMounts = true; + directories = [ + "/var/lib/bluetooth" # Bluetooth pairing information. + ]; + }; + } + ] + ); +} diff --git a/nix/configuration/roles/boot/default.nix b/nix/configuration/roles/boot/default.nix index a75dfb1..3918e2f 100644 --- a/nix/configuration/roles/boot/default.nix +++ b/nix/configuration/roles/boot/default.nix @@ -41,6 +41,8 @@ # Automatically delete old generations boot.loader.systemd-boot.configurationLimit = 3; + boot.loader.systemd-boot.memtest86.enable = true; + # Check what will be lost with `zfs diff zroot/linux/root@blank` boot.initrd.systemd.enable = lib.mkDefault true; boot.initrd.systemd.services.zfs-rollback = { diff --git a/nix/configuration/roles/global_options/default.nix b/nix/configuration/roles/global_options/default.nix new file mode 100644 index 0000000..a7b77ff --- /dev/null +++ b/nix/configuration/roles/global_options/default.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + + }; + + # options.me.graphicsCardType = lib.mkOption { + # type = lib.types.nullOr ( + # lib.types.enum [ + # "amd" + # "intel" + # "nvidia" + # ] + # ); + # default = null; + # example = "amd"; + # description = "What graphics card type is in the computer."; + # }; + + # options.me.graphical = lib.mkOption { + # type = lib.types.bool; + # default = false; + # example = true; + # description = "Whether we want to install graphical programs."; + # }; +} diff --git a/nix/configuration/roles/kodi/default.nix b/nix/configuration/roles/kodi/default.nix new file mode 100644 index 0000000..b37bf06 --- /dev/null +++ b/nix/configuration/roles/kodi/default.nix @@ -0,0 +1,99 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + kodi.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install kodi."; + }; + }; + + config = lib.mkIf config.me.kodi.enable ( + lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + ]; + } + (lib.mkIf config.me.graphical { + services.cage.user = "kodi"; + services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; + services.cage.enable = true; + + nixpkgs.overlays = [ + (final: prev: { + kodi-wayland = prev.kodi-wayland.withPackages ( + kodiPkgs: with kodiPkgs; [ + joystick + vfs-sftp + ] + ); + }) + ]; + + users.users.kodi = { + isNormalUser = true; + createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481 + group = "kodi"; + extraGroups = [ ]; + uid = 12000; + packages = with pkgs; [ + tree + ]; + # Generate with `mkpasswd -m scrypt` + hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" + ]; + }; + users.groups.kodi.gid = 12000; + + environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { + hideMounts = true; + users.kodi = { + directories = [ + { + directory = ".ssh"; + user = "kodi"; + group = "kodi"; + mode = "0755"; + } + { + directory = ".kodi"; + user = "kodi"; + group = "kodi"; + mode = "0755"; + } + ]; + }; + }; + + home-manager.users.kodi = + { pkgs, ... }: + { + # home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml; + + # home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source = + # ./files/DualSense_Wireless_Controller_13b_8a.xml; + + # TODO: Maybe .kodi/userdata/sources.xml + # TODO: ./userdata/guisettings.xml:303: 128 + + # The state version is required and should stay at the version you + # originally installed. + home.stateVersion = "24.11"; + }; + }) + ] + ); +} diff --git a/nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml b/nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml new file mode 100644 index 0000000..8389c4b --- /dev/null +++ b/nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/nix/configuration/roles/kodi/files/mediasources.xml b/nix/configuration/roles/kodi/files/mediasources.xml new file mode 100644 index 0000000..2b5f26b --- /dev/null +++ b/nix/configuration/roles/kodi/files/mediasources.xml @@ -0,0 +1,5 @@ + + + sftp://nochainstounlock@stuff.fizz.buzz:42069/readonly/library/ + + diff --git a/nix/configuration/roles/memtest86/default.nix b/nix/configuration/roles/memtest86/default.nix new file mode 100644 index 0000000..f552ba2 --- /dev/null +++ b/nix/configuration/roles/memtest86/default.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + config = lib.mkMerge [ + { } + (lib.mkIf (config.me.buildingIso) { + # boot.loader.systemd-boot.memtest86.enable = true; + boot.loader.grub.memtest86.enable = true; + }) + ]; +} diff --git a/nix/configuration/roles/network/default.nix b/nix/configuration/roles/network/default.nix index 17ec9e7..c3a14e8 100644 --- a/nix/configuration/roles/network/default.nix +++ b/nix/configuration/roles/network/default.nix @@ -40,6 +40,7 @@ 10.216.1.1 homeserver 10.216.1.6 media #10.216.1.12 odo + 10.216.1.14 neelix 10.217.1.1 drmario 10.217.2.1 mrmanager ''; diff --git a/nix/configuration/roles/sway/default.nix b/nix/configuration/roles/sway/default.nix index 74faeb5..e0acb25 100644 --- a/nix/configuration/roles/sway/default.nix +++ b/nix/configuration/roles/sway/default.nix @@ -266,6 +266,15 @@ in ./notification.nix ]; + options.me = { + sway.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to install sway."; + }; + }; + options.me.swayIncludes = lib.mkOption { type = lib.types.listOf lib.types.package; default = [ ]; @@ -277,7 +286,7 @@ in description = "List of packages to import as sway configs."; }; - config = { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { environment.systemPackages = with pkgs; [ alacritty pcmanfm diff --git a/nix/configuration/roles/sway/force_focus.nix b/nix/configuration/roles/sway/force_focus.nix index 28bf8c8..d276cbf 100644 --- a/nix/configuration/roles/sway/force_focus.nix +++ b/nix/configuration/roles/sway/force_focus.nix @@ -19,7 +19,7 @@ in { imports = [ ]; - config = lib.mkIf config.me.graphical { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { me.swayIncludes = [ force_focus_sway_config ]; diff --git a/nix/configuration/roles/sway/iso.nix b/nix/configuration/roles/sway/iso.nix index 6882e71..66bbb1f 100644 --- a/nix/configuration/roles/sway/iso.nix +++ b/nix/configuration/roles/sway/iso.nix @@ -16,7 +16,7 @@ in { imports = [ ]; - config = lib.mkIf (config.me.buildingIso) { + config = lib.mkIf (config.me.buildingIso && config.me.graphical && config.me.sway.enable) { # Launch a terminal at boot in the live ISO for when hotkeys don't work. me.swayIncludes = [ launch_terminal diff --git a/nix/configuration/roles/sway/lockscreen.nix b/nix/configuration/roles/sway/lockscreen.nix index 79a81c2..7870852 100644 --- a/nix/configuration/roles/sway/lockscreen.nix +++ b/nix/configuration/roles/sway/lockscreen.nix @@ -25,7 +25,7 @@ in { imports = [ ]; - config = lib.mkIf config.me.graphical { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { me.swayIncludes = [ lockscreen_sway_config ]; diff --git a/nix/configuration/roles/sway/notification.nix b/nix/configuration/roles/sway/notification.nix index ae2f40c..2e3a790 100644 --- a/nix/configuration/roles/sway/notification.nix +++ b/nix/configuration/roles/sway/notification.nix @@ -24,7 +24,7 @@ in { imports = [ ]; - config = lib.mkIf config.me.graphical { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { me.swayIncludes = [ notification_sway_config ]; diff --git a/nix/configuration/roles/sway/rofimoji.nix b/nix/configuration/roles/sway/rofimoji.nix index 52929b5..b220e3f 100644 --- a/nix/configuration/roles/sway/rofimoji.nix +++ b/nix/configuration/roles/sway/rofimoji.nix @@ -17,7 +17,7 @@ in { imports = [ ]; - config = lib.mkIf config.me.graphical { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { me.swayIncludes = [ rofimoji_sway_config ]; @@ -49,14 +49,14 @@ in }) (final: prev: { tofi = pkgs.symlinkJoin { - name = "tofi"; - paths = [ prev.tofi ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/tofi-drun --add-flags --font=${pkgs.source-sans-pro}/share/fonts/opentype/SourceSansPro-Regular.otf --add-flags --config=${./files/tofi-config} - wrapProgram $out/bin/tofi --add-flags --config=${./files/tofi-config} - ''; - }; + name = "tofi"; + paths = [ prev.tofi ]; + buildInputs = [ pkgs.makeWrapper ]; + postBuild = '' + wrapProgram $out/bin/tofi-drun --add-flags --font=${pkgs.source-sans-pro}/share/fonts/opentype/SourceSansPro-Regular.otf --add-flags --config=${./files/tofi-config} + wrapProgram $out/bin/tofi --add-flags --config=${./files/tofi-config} + ''; + }; }) ]; }; diff --git a/nix/configuration/roles/sway/screenshot.nix b/nix/configuration/roles/sway/screenshot.nix index c1e55c8..0db8383 100644 --- a/nix/configuration/roles/sway/screenshot.nix +++ b/nix/configuration/roles/sway/screenshot.nix @@ -34,7 +34,7 @@ in { imports = [ ]; - config = lib.mkIf config.me.graphical { + config = lib.mkIf (config.me.graphical && config.me.sway.enable) { me.swayIncludes = [ screenshot_sway_config ];