feat(machine): introduce monkey

.sops.yaml

@@ -7,6 +7,7 @@ keys:
       - &ajgon age13s2dafyr9sfltp8heujttxug4v4m3qhj7sxzqrj6x6x3cu5n29uqfvj62l
   - hosts:
       - &deedee age15j2q7j9nx0eklslk93zstedzkhhm3r6kqfd7pgcesne6c9yeldzqdvm0v8
+      - &monkey age1lfx84pz5u2hcdmtkpc7hw0kw080065c3fhvatghqzpp9fla3my2s5kd45x
 
 
 creation_rules:
@@ -15,6 +16,11 @@ creation_rules:
       - age:
           - *ajgon
           - *deedee
+  - path_regex: monkey/.*\.sops\.yaml$
+    key_groups:
+      - age:
+          - *ajgon
+          - *monkey
   - path_regex: piecyk/.*\.sops\.yaml$
     key_groups:
       - age:

flake.nix

@@ -67,6 +67,9 @@ rec {
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.nixos-stable.follows = "nixpkgs-stable";
     };
+    nixos-hardware = {
+      url = "github:NixOS/nixos-hardware/master";
+    };
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";

local/scripts/secrets.tar.gz.enc

@@ -1,14 +1,22 @@
-U2FsdGVkX1/maQg4PC2urwi3CeI2rTrzaUeDycpx1U+6CvCi4unh2u+J51ytrG0d
-uHSc90bE73MZqfF2W3iCCyX0WB0AG5WuGlDdZDSxOlIaRYDd6EGWnbJ1iJLcx6ng
-iNDY8vAojNXaM0lMEy3uqhlc0i0pYZhbwt5vhxmfB55m/iUOaQS105Nv+r9S4U2V
-Hs3WvWcafio7Tz0tghBd9fdsRA7iy58uVbgh36Nsny1dLHCOUTWJawqXAGXfV7xT
-gNKCo7L4zpoduU884S5g7Vlet9cOgtlhAmZPjz3ZY/xOMjohdBmvXPjLvg5rNXYy
-TZFuqB66VE2uPjVUwtmucUiO4Pd39TqeElC+c+zatxJbhW6rBeyDIfcWd69ibKZq
-lyts/nXp1LZViegsBZ3dpFIh7ZhNf6GwQ7o6wKVZX+Ki7SA52Bcw7XG3s/Dd1uwq
-jB22Ogol6iVczVj11PCnSShNkGFdwcE0XyLWO/TvE04Qtx1mOoaaj3tHbgaPc0q4
-po0peSPgL7khYL2bOJT/J7uozQyAIBbdRwZYxemf48CcwipHLH8hfnmnbl7zJoho
-bn+o6UNLUBHPtS/M9SC3+hqVXvUKPcUJjdY5jWqCRUE8a2EfzrUxJIY64kO6Mror
-oCXSgJR6+iSosfmYoje2u2jjOxvUysolXEqrzwxY8ysMFIu2jt9Hrga9iY14OX1S
-yuRcpKxtR/5uy1uyxHo/K9ZjLdkFdECbJ9vnBv/M96PsscSk9kPy1KQrNnJHPfys
-Qb90eYsKIUi98hCmsa1sBMxZZ2BkdLzYQBZnr0JAIDFT0vdDT571qGxLl1lCte9J
-YX2l5lyi06qkbcVKtPCYxcdIxVORMyS7BXh1xAqi0x4=
+U2FsdGVkX1+5BN1hj1rr9mOAUUVstl0H/atY6z4GxwwL+HlyCFy+r9EGCXY3knBa
+oFnvuVkC4nVfHGhEmpc7nC/3uzDgGQlnb9lKhaBB7UVNX/jhxXHLjHKDkX528E7J
+jgKE0tSBRc96tglNALXaAL8MRKx4WQPS5NYHHcn/3v6JagfLO34Wo59u1h/j3M9t
+4GxGiUbA+c97CF5/2E53MMS5aQUtKegAFIDzuwO1tMXMhWMy42S0LOfPymhA+y8x
+HuiP5+ESZ5Ac/C8xDd6z9SewdodzWgQnvgBdgPUK/kDsL2TQmKwXrtj2FhDuEfd/
+TslXmaL3vhuJkDNf8mEM7V4jPkNWkl475FAVF4FYPi0BhqYALv+QYxCFjLbpvUk9
+EPgz26uJZoihg/fR+XdIwW7/E9XtDHa84i/ZDZXHjDkM1KPyHxRpBS5ID56DOkih
+R9RjSLDYCtOto24rOk24Yb34xva5ewypQT0hjkyYZ+ePeoZk+qjy/1Na6q91vFWN
+UqQ90E08CZ/bEGpmREaNUwqGJoF/FpSS1H24wmks6YJvVefa7ZJNOUgpfsApG/nx
+tTJ3lWgc0LbwdGnPfeyhVj3zflCN3l1oRjv7WKHqFK4FnYALGZF1bmTDQ3LApZMr
+zS0Oyno1LQWLU2m49V4AU10+FNxtbCnD40Knfy7VSW/DG5fQ33PLRFhGwmkqfDAu
+OoyHE8UfF1xClMFMNHR/IGuArbAyiyaqX6YQ+qz39ZqJwhj1gk0qO1vWElSHldkm
+OvIXoeFD6+1J3vDyPABGp4saCfxYrXl2NfvOkSH62Gj0zxzrUDzWGFTvYQJd4ORp
+x282BcCeDrNmvU/S6HZhG/WmzU+3iZ/lYWLhaYjsgQhTEVS3ScEDSw4HbJ6c5vRa
+/IkHQdCX/8YAuwSanc2fkcujz+WQXDbhWGSzXtCxDYhesQ1WC2N2oost+Oq7SGvW
+ZZrkAya8wZwQr5uj1Qa+fspBM8K6Xut4wwS9uCxnwX2TCtZTLcWS2YGVb6JQac8w
+x+dBZNanMZcHL98mefJBcv2B8GMMgdBpc3pUy3vLHHGqtfKyjkXyVDxpMCxqx/E4
+c09CnvXxgB/AIHrrgnnPyrbHz8DJ9mb3Ly6Jaiz3fpzcLk8eTEr6Knu7ACvjLLNv
+M0C5Hf8QJE9e9/llqdPuCHRNkBEIwcaSVcFpYM+hKtEiHYzjqbJ2HmCOrNM3926c
+tS5SHUy7lfSafX76FwxLOqTxUAw5P5KqINlwc27+vDZHm5s6K1k0VIgkCaC30tS3
+PbnUfkGgB8AOULoZT5IWJbzaoWd1E8ZeXXZS00surZ8eSFUZHFkdHftLxNt6dmus
+rwFzgmwWSydUfcbZGM5GVQ==

machines/deedee/configuration.nix

@@ -8,6 +8,7 @@ let
   videoPath = "${mediaPath}/video";
 
   gwIP = "192.168.100.1";
+  monkeyIP = "10.200.10.10";
   nasIP = "10.100.10.1";
   omadaIP = "10.100.1.1";
   ownIP = "10.100.20.1";
@@ -143,6 +144,7 @@ rec {
       adminPasswordSopsSecret = "credentials/services/admin";
       customMappings = {
         "deedee.home.arpa" = ownIP;
+        "monkey.home.arpa" = monkeyIP;
         "nas.home.arpa" = nasIP;
       };
     };

machines/default.nix

@@ -8,6 +8,7 @@
 {
   imports = [
     ./deedee
+    ./monkey
     ./piecyk
   ];
 

machines/monkey/configuration.nix

@@ -0,0 +1,95 @@
+{ lib, pkgs, ... }:
+rec {
+  sops = {
+    defaultSopsFile = ./secrets.sops.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = {
+      "credentials/system/ajgon" = { };
+    };
+  };
+
+  myHardware = {
+    bluetooth = {
+      enable = true;
+      trust = [ "58:10:31:7B:BE:7F" ];
+      # sadly, wake from bluetooth doesn't work on NUCs :(
+    };
+    sound.enable = true;
+  };
+
+  mySystem = {
+    purpose = "Forwarding media streams";
+    filesystem = "zfs";
+    primaryUser = "ajgon";
+    primaryUserPasswordSopsSecret = "credentials/system/ajgon";
+    rootDomain = "rzegocki.dev";
+    extraModules = [ "hid_playstation" ];
+
+    alerts = {
+      pushover.enable = true;
+    };
+
+    autoUpgrade.enable = true;
+
+    disks = {
+      enable = true;
+      hostId = "f848d6d1";
+      swapSize = "4G";
+      systemDiskDevs = [ "/dev/disk/by-id/nvme-Patriot_M.2_P300_256GB_P300NDBB24031803163" ];
+      systemDatasets = {
+        nix = {
+          type = "zfs_fs";
+          mountpoint = "/nix";
+        };
+      };
+    };
+
+    networking = {
+      enable = true;
+      firewallEnable = false;
+      hostname = "monkey";
+      mainInterface = {
+        name = "eno1";
+        bridge = true;
+        bridgeMAC = "02:00:0a:c8:0a:0a";
+        DNS = [
+          "9.9.9.9"
+          "149.112.112.10"
+        ];
+      };
+    };
+
+    ssh = {
+      enable = true;
+      authorizedKeys = {
+        "${mySystem.primaryUser}" = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrBLT88ZZ+lO8hHcj+4jqtor79OLhQZcDWF98kkWkfn personal"
+        ];
+      };
+    };
+  };
+
+  mySystemApps = {
+    plymouth.enable = true;
+    xorg = {
+      enable = true;
+      kiosk = {
+        enable = true;
+        command = ''
+          ${lib.getExe pkgs.bash} -c '${lib.getExe pkgs.chiaki-ng}; ${lib.getExe' pkgs.systemd "systemctl"} poweroff'
+        '';
+      };
+    };
+  };
+
+  myHomeApps = {
+    chiaki-ng.enable = true;
+    gnupg.enable = false;
+    ssh.enable = false;
+    wakatime.enable = false;
+
+    zsh.promptColor = "yellow";
+  };
+
+  system.stateVersion = "24.11";
+}

machines/monkey/default.nix

@@ -0,0 +1,22 @@
+{ inputs, lib, ... }:
+rec {
+  flakePart = {
+    nixosConfigurations.monkey = lib.mkNixosConfig {
+      system = "x86_64-linux";
+      hardwareModules = [
+        inputs.nixos-hardware.nixosModules.intel-nuc-8i7beh
+        ../../modules/hardware/nuc8.nix
+      ];
+      profileModules = [
+        ./configuration.nix
+      ];
+    };
+
+    deploy.nodes.monkey = lib.mkDeployConfig {
+      system = "x86_64-linux";
+      target = "monkey.home.arpa";
+      sshUser = "ajgon";
+      nixosConfig = flakePart.nixosConfigurations.monkey;
+    };
+  };
+}

machines/monkey/secrets.sops.yaml

@@ -0,0 +1,39 @@
+alerts:
+    pushover:
+        env: ENC[AES256_GCM,data:mbNBDeKl9pqGzjIIulEZ/ZciMHui+TzXNsruXKJRI2gEnjMdjq4X7kubAOFqhCf+VtYyxdjwvTYjcQZgqk9UosukaE2feVGz8ZzwFrAfaAgk5l+5jp9tJzNMT0ca3GoZLQ==,iv:IyxeaY+UjDTeOvawWK/V1EhHcNEybpSW+i/7gECirpE=,tag:1U8a1LXo2pUyMAUUnlk0LA==,type:str]
+credentials:
+    system:
+        ajgon: ENC[AES256_GCM,data:nEo5IQtkZT03HJMK+KvicPZgmRDdTTF0ei4/adq0ZuDrlqQhLMZeIiJliXRT68/6Crx08cYm/SEgjVnAKgA/8Fovoj/DvC2tTQ==,iv:643nWw59TQRfF0kHKqNrXbkZTQ9pk8YhKt1EZBavEvQ=,tag:M1Hz11Xr1L6ndEvL2+4slA==,type:str]
+home:
+    apps:
+        chiaki-ng:
+            config: ENC[AES256_GCM,data:UVYk7qVv2hjggq49byNy1lCqmlh2g1odY+/oW9/Tl0jHYB0FOz/iph4+OcoQIyFSlw8E5XqJZPdXpy3zmpILzK0IF42ubIUpT9mupkzi6RHk3pvhtGYwXWBB7lgu22eLPRoIOcb5+xGKjBOwHERIA+OlMdkAwkCvWT8TDuB1jWKP9yyVl2enzp4jK905zzNsQ8g/COJxUrmO3iZelqLZQVP4VpKeqiD1pUV548BjbLUM+DzomyHFct1OY0/fHc7l48IMvTxroj7E1QP0O90Nt1gfopVvZImX+NPxpeju/Ly+epP0fZH/28WFKl4E8RdruZ7WjdpDQzxPF47IV0VNkT8M5SIvTWlNz8NMH7wQdsESpMY6o1AQHXl0gSz8xhYWtb5Ufvl4++OfVr55MonzNlaTcYxkJw6IM7cecKJoCACyEStA1fNf5noLcbZs5olmB6kfZRifW0h4xZxQREfCc9EuEJKNZO1DZJo5V9jP/IAqZi9jF7rnIcnsRkKrtyvGIgZCMG6nxPkvLe/yVgJ2BvIVm7qOg5KGdEG3IndakF7aoKW/cM4JYCWLqHojE/9dUQ31/RvxEk0OV4qwjvUvW3GHCfx9Z0FwIUjI01R7LwL7DGthXYlE4Qtxzv/i5Fmting7ThkbDUBaF4FvJfH8hLw2bIilVCtivUSWtgS2X8p6sBn1JTDfl54FefL6U3u2bNKc4wRIkdilb2g+JHeOV3PTTQJJ5/pJjQ6ZobtBoXwehf7a5SVlPjtKcTdKDr0e+J5jtnr9rVyE0axOZhXQf0SBa+UxLyQAsqkp+ynnKnIichZHD7EhaKUDobToCoJtuvdQS8hjKsyRRwuN0AwNZE0xeCdnK5t7DHGbU7Sz5XNeEmcJrwYeklwnJXTGx3h6vOUr3K79RiS7bc5ZOCJTA9OqAH78EuSY+Pry/SnEv40l055lqIeG+3qNEc8p5OkrrNmSxQ0dpqMfLYCovSNaJVbwBuH1N94Pde2w,iv:d/Cq1kR6Ykkjo40iD59/B+l92Ak1XsfQdIqhuUptKHY=,tag:B/kpofr4nOizEgna2kHaSw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age13s2dafyr9sfltp8heujttxug4v4m3qhj7sxzqrj6x6x3cu5n29uqfvj62l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTWRSMGIvN2l1UExmam44
+            NEpnNi9pSGNpSlBzaklOMVBQZ1dMVjBHS3hNCnc1M2xBaWZBLzZqYU1GU3FTK2FJ
+            VmhYSzBZZkJWd0Q2ckRxN2ZPM1VqdE0KLS0tIDN2WkxnVjJCWU84ZzZ4WmFIRDcw
+            eDlCdVplUkZvS0R6TW1DQzFvQjh3bEUKXB5MbXfbTF0k6Udx0ewwPUFEYGoJ1xAu
+            ZBSSHBsh6eoP2V56SjYOxkV9QrRxVJtwWWPYqqOXCrDwJaoabKp6gA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1lfx84pz5u2hcdmtkpc7hw0kw080065c3fhvatghqzpp9fla3my2s5kd45x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscUdYUlR1ZG5kaUc5VWs0
+            TFNvL2ZPYmt6WTk4NHRROXZoSk5rWG1Ra2dJCm5WYUlLMFlyZmhYT2YxUXpic0pG
+            VElFSVQyK25kSVAwcExjTmZWY2l5T1EKLS0tIHFWSjg3bm5sSTdQcWFLRm1id1ZN
+            Qi9OSVIyODVXbEJla3dySEUrM3ZTQ3MKp/lwGNMqRSaP7CQvsfeYAePDCNUkFjaO
+            5XE/FhtwBthS27jt16NY0GJCYG8azLV+K5zJw/AiDtlt3n7f1lnN4g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-14T01:05:12Z"
+    mac: ENC[AES256_GCM,data:tyu83gq5LFEUBoP9XscbPqQcvWlThfhajBqotkGZbFvOr2yWZxE6dtu/0ZtTxBg6v3mViQmXNt/0jvuBYZo+77rnlaVMQYYKWj7S8vI4Qj5JRj8YV5O2aanHoh5vqlQ1Sq64l5uvUkC7MPKBDAy3auNSBFE35WNrBfZtyIEcPGE=,iv:LKM9VtabxnH/j8ZUgsE+jzEnWaH+cnr7986izqyHMTM=,tag:+QGKdw7D0s4SMrh9yy9GUA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

machines/piecyk/configuration.nix

@@ -79,6 +79,7 @@ rec {
       # ensure that homelab is available even if local DNS dies
       extraHosts = ''
         10.100.20.1 deedee.home.arpa
+        10.200.10.10 monkey.home.arpa
       '';
     };
 

modules/apps/caffeine/default.nix

@@ -15,7 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
     # in awesome service runs too early and caffeine breaks
-    services.caffeine.enable = osConfig.mySystem.xorg.windowManager != "awesome";
+    services.caffeine.enable = osConfig.mySystemApps.xorg.windowManager != "awesome";
 
     myHomeApps.awesome.autorun = [ (lib.getExe pkgs.caffeine-ng) ];
   };

modules/apps/chiaki-ng/default.nix

@@ -0,0 +1,58 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.myHomeApps.chiaki-ng;
+
+  # hack, to enable touchpad click while streaming.
+  # Normally Linux hijacks touchpad, and treats it as a mouse, mapping touchpad click to left-click.
+  # However chiaki doesn't support left-click, but lucky for us - interprets right-click as touchpad.
+  # So swapping left-click with right-click makes touchpad behaving as expected, while also small portion
+  # of touchpad (at the bottom) still behaving like left-click, to ease navigation on chiaki itself.
+  padRemapper = pkgs.writeShellScriptBin "input-remapper" ''
+    pad_name="Wireless Controller Touchpad"
+    while true; do
+      sleep 5
+      if ${lib.getExe pkgs.xorg.xinput} | grep -q "$pad_name"; then
+        pad_id="$(${lib.getExe pkgs.xorg.xinput} | grep 'Wireless Controller Touchpad' | sed -E 's@.*id=([0-9]+).*@\1@g')"
+
+        if [[ "$(${lib.getExe pkgs.xorg.xinput} get-button-map "$pad_id")"] == 1* ]]; then
+          ${lib.getExe pkgs.xorg.xinput} set-button-map "$pad_id" 3 2 1 4 5 6 7
+        fi
+      fi
+    done
+  '';
+in
+{
+  options.myHomeApps.chiaki-ng = {
+    enable = lib.mkEnableOption "chiaki-ng";
+    configFileSopsSecret = lib.mkOption {
+      type = lib.types.str;
+      description = "Sops secret name containing chiaki-ng config.";
+      default = "home/apps/chiaki-ng/config";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops.secrets."${cfg.configFileSopsSecret}" = { };
+
+    xsession.initExtra = lib.mkAfter ''
+      ${lib.getExe padRemapper} &
+    '';
+
+    home = {
+      activation = {
+        chiaki-ng = lib.hm.dag.entryAfter [ "sopsNix" ] ''
+          mkdir -p ${config.xdg.configHome}/Chiaki
+          cp ${lib.getExe padRemapper} /tmp/pr
+          cp ${
+            config.sops.secrets."${cfg.configFileSopsSecret}".path
+          } ${config.xdg.configHome}/Chiaki/Chiaki.conf
+        '';
+      };
+    };
+  };
+}

modules/apps/default.nix

@@ -25,6 +25,7 @@ _: {
     ./alacritty
     ./awesome
     ./caffeine
+    ./chiaki-ng
     ./discord
     ./dunst
     ./firefox

modules/hardware/nuc8.nix

@@ -0,0 +1,28 @@
+_: {
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "nvme"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+        "rtsx_pci_sdmmc"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    enableRedistributableFirmware = true;
+  };
+}