diff --git a/mediabox/configuration.nix b/mediabox/configuration.nix index 79a3000..47edf32 100644 --- a/mediabox/configuration.nix +++ b/mediabox/configuration.nix @@ -4,6 +4,9 @@ { config, pkgs, + lib, + sops-nix, + zremap, ... }: { imports = []; @@ -11,6 +14,14 @@ system.stateVersion = "23.05"; system.autoUpgrade.enable = false; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.secrets."peerix/private" = { + sopsFile = ./secrets/peerix.yaml; + mode = "0400"; + owner = config.users.users.nobody.name; + group = config.users.users.nobody.group; + }; + nix = { optimise.automatic = true; gc.automatic = true; @@ -22,13 +33,23 @@ }; boot = { - kernelParams = ["msr.allow_writes=on"]; - kernelPackages = pkgs.linuxPackages_latest; - kernelModules = ["acpi_call"]; - supportedFilesystems = ["btrfs"]; - loader.systemd-boot.enable = true; - tmpOnTmpfs = true; initrd.compressor = "zstd"; + kernelModules = ["acpi_call"]; + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["msr.allow_writes=on"]; + loader.systemd-boot.editor = false; + loader.systemd-boot.enable = true; + readOnlyNixStore = true; + supportedFilesystems = ["btrfs"]; + tmpOnTmpfs = true; + }; + + security = { + rtkit.enable = true; + acme = { + acceptTerms = true; + defaults.email = "aasmir@gmx.com"; + }; }; powerManagement = { @@ -41,6 +62,7 @@ enable = true; allowedTCPPorts = [80 443]; }; + hostName = "mediabox"; interfaces.enp0s25.useDHCP = true; interfaces.wlp3s0.useDHCP = false; @@ -52,6 +74,11 @@ networkmanager.dns = "none"; extraHosts = '' 192.168.1.173 nixy.lan + 192.168.88.171 jellyfin.mediabox.lan + 192.168.88.171 mediabox.lan + 192.168.88.171 qbittorrent.mediabox.lan + 192.168.88.1 router.lan + 192.168.88.231 workstation.lan ''; }; @@ -63,62 +90,6 @@ variables = { PATH = "$HOME/.cargo/bin"; }; - systemPackages = with pkgs; [ - acpi - bluez - bluez-tools - btop - fd - ffmpeg - file - fzf - fzy - htop - imv - interception-tools - jq - macchanger - moreutils - mosh - mpc_cli - nano - neovim - ninja - nix-index - ntfs3g - ntfsprogs - pciutils - pstree - psutils - pulsemixer - python3 - zip - python3Packages.pip - ripgrep - rnix-lsp - rsync - scrot - silver-searcher - strace - tig - unrar - unzip - usbutils - vimpc - xdg_utils - xsel - weechat - wget - z-lua - breeze-icons - hicolor-icon-theme - rtorrent - lm_sensors - alejandra - ethtool - nmap - wireshark - ]; }; programs.gnupg.agent = { @@ -149,7 +120,19 @@ serviceConfig.Type = "oneshot"; }; - wakeonlan = { + "zremap" = { + description = "Intercepts keyboard udev events"; + wants = ["systemd-udevd.service"]; + wantedBy = ["multi-user.target"]; + serviceConfig.Nice = -20; + script = '' + sleep 1 + ${zremap.defaultPackage.x86_64-linux}/bin/zremap \ + /dev/input/by-path/platform-i8042-serio-0-event-kbd + ''; + }; + + "wakeonlan" = { description = "Reenable wake on lan every boot"; after = ["network.target"]; serviceConfig = { @@ -173,23 +156,17 @@ }; }; - security = { - rtkit.enable = true; - acme = { - acceptTerms = true; - defaults.email = "aasmir@gmx.com"; - }; - }; - services = { - fwupd.enable = true; - fstrim.enable = true; - ntp.enable = true; - openssh.enable = true; - thinkfan.enable = true; acpid.enable = true; btrfs.autoScrub.enable = true; + dbus.enable = true; + fstrim.enable = true; + fwupd.enable = true; + ntp.enable = true; + openssh.enable = true; restya-board.enable = false; + thinkfan.enable = false; + xrdp = { enable = true; defaultWindowManager = "icewm"; @@ -345,7 +322,6 @@ }; }; }; - }; fonts.fonts = with pkgs; [