From c60de688d9bb9e482fea0f30c4fec7ea7710c76f Mon Sep 17 00:00:00 2001 From: Igor Rzegocki Date: Thu, 14 Nov 2024 02:10:08 +0100 Subject: [PATCH] feat(machine): introduce monkey --- .sops.yaml | 6 ++ flake.lock | 17 +++++ flake.nix | 3 + local/scripts/secrets.tar.gz.enc | 36 ++++++---- machines/deedee/configuration.nix | 2 + machines/default.nix | 1 + machines/monkey/configuration.nix | 95 +++++++++++++++++++++++++++ machines/monkey/default.nix | 22 +++++++ machines/monkey/secrets.sops.yaml | 39 +++++++++++ machines/piecyk/configuration.nix | 1 + modules/apps/caffeine/default.nix | 2 +- modules/apps/chiaki-ng/default.nix | 58 ++++++++++++++++ modules/apps/default.nix | 1 + modules/hardware/nuc8.nix | 28 ++++++++ modules/system/core.nix | 9 +++ modules/system/hardware/bluetooth.nix | 1 + modules/system/networking.nix | 1 + 17 files changed, 307 insertions(+), 15 deletions(-) create mode 100644 machines/monkey/configuration.nix create mode 100644 machines/monkey/default.nix create mode 100644 machines/monkey/secrets.sops.yaml create mode 100644 modules/apps/chiaki-ng/default.nix create mode 100644 modules/hardware/nuc8.nix diff --git a/.sops.yaml b/.sops.yaml index 5e2a11c4..f13968fe 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &ajgon age13s2dafyr9sfltp8heujttxug4v4m3qhj7sxzqrj6x6x3cu5n29uqfvj62l - hosts: - &deedee age15j2q7j9nx0eklslk93zstedzkhhm3r6kqfd7pgcesne6c9yeldzqdvm0v8 + - &monkey age1lfx84pz5u2hcdmtkpc7hw0kw080065c3fhvatghqzpp9fla3my2s5kd45x creation_rules: @@ -15,6 +16,11 @@ creation_rules: - age: - *ajgon - *deedee + - path_regex: monkey/.*\.sops\.yaml$ + key_groups: + - age: + - *ajgon + - *monkey - path_regex: piecyk/.*\.sops\.yaml$ key_groups: - age: diff --git a/flake.lock b/flake.lock index 44c42ad7..ceb5c83f 100644 --- a/flake.lock +++ b/flake.lock @@ -572,6 +572,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1731403644, + "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "f6581f1c3b137086e42a08a906bdada63045f991", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixos-images": { "inputs": { "nixos-stable": [ @@ -717,6 +733,7 @@ "lix-module": "lix-module", "nix-index-database": "nix-index-database", "nixos-anywhere": "nixos-anywhere", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index 057a9fc3..619b83b6 100644 --- a/flake.nix +++ b/flake.nix @@ -67,6 +67,9 @@ rec { inputs.nixpkgs.follows = "nixpkgs"; inputs.nixos-stable.follows = "nixpkgs-stable"; }; + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/local/scripts/secrets.tar.gz.enc b/local/scripts/secrets.tar.gz.enc index 44773a5b..a2cefcb8 100644 --- a/local/scripts/secrets.tar.gz.enc +++ b/local/scripts/secrets.tar.gz.enc @@ -1,14 +1,22 @@ -U2FsdGVkX1/maQg4PC2urwi3CeI2rTrzaUeDycpx1U+6CvCi4unh2u+J51ytrG0d -uHSc90bE73MZqfF2W3iCCyX0WB0AG5WuGlDdZDSxOlIaRYDd6EGWnbJ1iJLcx6ng -iNDY8vAojNXaM0lMEy3uqhlc0i0pYZhbwt5vhxmfB55m/iUOaQS105Nv+r9S4U2V -Hs3WvWcafio7Tz0tghBd9fdsRA7iy58uVbgh36Nsny1dLHCOUTWJawqXAGXfV7xT -gNKCo7L4zpoduU884S5g7Vlet9cOgtlhAmZPjz3ZY/xOMjohdBmvXPjLvg5rNXYy -TZFuqB66VE2uPjVUwtmucUiO4Pd39TqeElC+c+zatxJbhW6rBeyDIfcWd69ibKZq -lyts/nXp1LZViegsBZ3dpFIh7ZhNf6GwQ7o6wKVZX+Ki7SA52Bcw7XG3s/Dd1uwq -jB22Ogol6iVczVj11PCnSShNkGFdwcE0XyLWO/TvE04Qtx1mOoaaj3tHbgaPc0q4 -po0peSPgL7khYL2bOJT/J7uozQyAIBbdRwZYxemf48CcwipHLH8hfnmnbl7zJoho -bn+o6UNLUBHPtS/M9SC3+hqVXvUKPcUJjdY5jWqCRUE8a2EfzrUxJIY64kO6Mror -oCXSgJR6+iSosfmYoje2u2jjOxvUysolXEqrzwxY8ysMFIu2jt9Hrga9iY14OX1S -yuRcpKxtR/5uy1uyxHo/K9ZjLdkFdECbJ9vnBv/M96PsscSk9kPy1KQrNnJHPfys -Qb90eYsKIUi98hCmsa1sBMxZZ2BkdLzYQBZnr0JAIDFT0vdDT571qGxLl1lCte9J -YX2l5lyi06qkbcVKtPCYxcdIxVORMyS7BXh1xAqi0x4= +U2FsdGVkX1+5BN1hj1rr9mOAUUVstl0H/atY6z4GxwwL+HlyCFy+r9EGCXY3knBa +oFnvuVkC4nVfHGhEmpc7nC/3uzDgGQlnb9lKhaBB7UVNX/jhxXHLjHKDkX528E7J +jgKE0tSBRc96tglNALXaAL8MRKx4WQPS5NYHHcn/3v6JagfLO34Wo59u1h/j3M9t +4GxGiUbA+c97CF5/2E53MMS5aQUtKegAFIDzuwO1tMXMhWMy42S0LOfPymhA+y8x +HuiP5+ESZ5Ac/C8xDd6z9SewdodzWgQnvgBdgPUK/kDsL2TQmKwXrtj2FhDuEfd/ +TslXmaL3vhuJkDNf8mEM7V4jPkNWkl475FAVF4FYPi0BhqYALv+QYxCFjLbpvUk9 +EPgz26uJZoihg/fR+XdIwW7/E9XtDHa84i/ZDZXHjDkM1KPyHxRpBS5ID56DOkih +R9RjSLDYCtOto24rOk24Yb34xva5ewypQT0hjkyYZ+ePeoZk+qjy/1Na6q91vFWN +UqQ90E08CZ/bEGpmREaNUwqGJoF/FpSS1H24wmks6YJvVefa7ZJNOUgpfsApG/nx +tTJ3lWgc0LbwdGnPfeyhVj3zflCN3l1oRjv7WKHqFK4FnYALGZF1bmTDQ3LApZMr +zS0Oyno1LQWLU2m49V4AU10+FNxtbCnD40Knfy7VSW/DG5fQ33PLRFhGwmkqfDAu +OoyHE8UfF1xClMFMNHR/IGuArbAyiyaqX6YQ+qz39ZqJwhj1gk0qO1vWElSHldkm +OvIXoeFD6+1J3vDyPABGp4saCfxYrXl2NfvOkSH62Gj0zxzrUDzWGFTvYQJd4ORp +x282BcCeDrNmvU/S6HZhG/WmzU+3iZ/lYWLhaYjsgQhTEVS3ScEDSw4HbJ6c5vRa +/IkHQdCX/8YAuwSanc2fkcujz+WQXDbhWGSzXtCxDYhesQ1WC2N2oost+Oq7SGvW +ZZrkAya8wZwQr5uj1Qa+fspBM8K6Xut4wwS9uCxnwX2TCtZTLcWS2YGVb6JQac8w +x+dBZNanMZcHL98mefJBcv2B8GMMgdBpc3pUy3vLHHGqtfKyjkXyVDxpMCxqx/E4 +c09CnvXxgB/AIHrrgnnPyrbHz8DJ9mb3Ly6Jaiz3fpzcLk8eTEr6Knu7ACvjLLNv +M0C5Hf8QJE9e9/llqdPuCHRNkBEIwcaSVcFpYM+hKtEiHYzjqbJ2HmCOrNM3926c +tS5SHUy7lfSafX76FwxLOqTxUAw5P5KqINlwc27+vDZHm5s6K1k0VIgkCaC30tS3 +PbnUfkGgB8AOULoZT5IWJbzaoWd1E8ZeXXZS00surZ8eSFUZHFkdHftLxNt6dmus +rwFzgmwWSydUfcbZGM5GVQ== diff --git a/machines/deedee/configuration.nix b/machines/deedee/configuration.nix index aed0fd1a..7f686b88 100644 --- a/machines/deedee/configuration.nix +++ b/machines/deedee/configuration.nix @@ -8,6 +8,7 @@ let videoPath = "${mediaPath}/video"; gwIP = "192.168.100.1"; + monkeyIP = "10.200.10.10"; nasIP = "10.100.10.1"; omadaIP = "10.100.1.1"; ownIP = "10.100.20.1"; @@ -143,6 +144,7 @@ rec { adminPasswordSopsSecret = "credentials/services/admin"; customMappings = { "deedee.home.arpa" = ownIP; + "monkey.home.arpa" = monkeyIP; "nas.home.arpa" = nasIP; }; }; diff --git a/machines/default.nix b/machines/default.nix index 38835b0b..5e04831b 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -8,6 +8,7 @@ { imports = [ ./deedee + ./monkey ./piecyk ]; diff --git a/machines/monkey/configuration.nix b/machines/monkey/configuration.nix new file mode 100644 index 00000000..6573dad5 --- /dev/null +++ b/machines/monkey/configuration.nix @@ -0,0 +1,95 @@ +{ lib, pkgs, ... }: +rec { + sops = { + defaultSopsFile = ./secrets.sops.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets = { + "credentials/system/ajgon" = { }; + }; + }; + + myHardware = { + bluetooth = { + enable = true; + trust = [ "58:10:31:7B:BE:7F" ]; + # sadly, wake from bluetooth doesn't work on NUCs :( + }; + sound.enable = true; + }; + + mySystem = { + purpose = "Forwarding media streams"; + filesystem = "zfs"; + primaryUser = "ajgon"; + primaryUserPasswordSopsSecret = "credentials/system/ajgon"; + rootDomain = "rzegocki.dev"; + extraModules = [ "hid_playstation" ]; + + alerts = { + pushover.enable = true; + }; + + autoUpgrade.enable = true; + + disks = { + enable = true; + hostId = "f848d6d1"; + swapSize = "4G"; + systemDiskDevs = [ "/dev/disk/by-id/nvme-Patriot_M.2_P300_256GB_P300NDBB24031803163" ]; + systemDatasets = { + nix = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + }; + }; + + networking = { + enable = true; + firewallEnable = false; + hostname = "monkey"; + mainInterface = { + name = "eno1"; + bridge = true; + bridgeMAC = "02:00:0a:c8:0a:0a"; + DNS = [ + "9.9.9.9" + "149.112.112.10" + ]; + }; + }; + + ssh = { + enable = true; + authorizedKeys = { + "${mySystem.primaryUser}" = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrBLT88ZZ+lO8hHcj+4jqtor79OLhQZcDWF98kkWkfn personal" + ]; + }; + }; + }; + + mySystemApps = { + plymouth.enable = true; + xorg = { + enable = true; + kiosk = { + enable = true; + command = '' + ${lib.getExe pkgs.bash} -c '${lib.getExe pkgs.chiaki-ng}; ${lib.getExe' pkgs.systemd "systemctl"} poweroff' + ''; + }; + }; + }; + + myHomeApps = { + chiaki-ng.enable = true; + gnupg.enable = false; + ssh.enable = false; + wakatime.enable = false; + + zsh.promptColor = "yellow"; + }; + + system.stateVersion = "24.11"; +} diff --git a/machines/monkey/default.nix b/machines/monkey/default.nix new file mode 100644 index 00000000..a3688d63 --- /dev/null +++ b/machines/monkey/default.nix @@ -0,0 +1,22 @@ +{ inputs, lib, ... }: +rec { + flakePart = { + nixosConfigurations.monkey = lib.mkNixosConfig { + system = "x86_64-linux"; + hardwareModules = [ + inputs.nixos-hardware.nixosModules.intel-nuc-8i7beh + ../../modules/hardware/nuc8.nix + ]; + profileModules = [ + ./configuration.nix + ]; + }; + + deploy.nodes.monkey = lib.mkDeployConfig { + system = "x86_64-linux"; + target = "monkey.home.arpa"; + sshUser = "ajgon"; + nixosConfig = flakePart.nixosConfigurations.monkey; + }; + }; +} diff --git a/machines/monkey/secrets.sops.yaml b/machines/monkey/secrets.sops.yaml new file mode 100644 index 00000000..1d2cef2a --- /dev/null +++ b/machines/monkey/secrets.sops.yaml @@ -0,0 +1,39 @@ +alerts: + pushover: + env: ENC[AES256_GCM,data:mbNBDeKl9pqGzjIIulEZ/ZciMHui+TzXNsruXKJRI2gEnjMdjq4X7kubAOFqhCf+VtYyxdjwvTYjcQZgqk9UosukaE2feVGz8ZzwFrAfaAgk5l+5jp9tJzNMT0ca3GoZLQ==,iv:IyxeaY+UjDTeOvawWK/V1EhHcNEybpSW+i/7gECirpE=,tag:1U8a1LXo2pUyMAUUnlk0LA==,type:str] +credentials: + system: + ajgon: ENC[AES256_GCM,data:nEo5IQtkZT03HJMK+KvicPZgmRDdTTF0ei4/adq0ZuDrlqQhLMZeIiJliXRT68/6Crx08cYm/SEgjVnAKgA/8Fovoj/DvC2tTQ==,iv:643nWw59TQRfF0kHKqNrXbkZTQ9pk8YhKt1EZBavEvQ=,tag:M1Hz11Xr1L6ndEvL2+4slA==,type:str] +home: + apps: + chiaki-ng: + config: ENC[AES256_GCM,data:UVYk7qVv2hjggq49byNy1lCqmlh2g1odY+/oW9/Tl0jHYB0FOz/iph4+OcoQIyFSlw8E5XqJZPdXpy3zmpILzK0IF42ubIUpT9mupkzi6RHk3pvhtGYwXWBB7lgu22eLPRoIOcb5+xGKjBOwHERIA+OlMdkAwkCvWT8TDuB1jWKP9yyVl2enzp4jK905zzNsQ8g/COJxUrmO3iZelqLZQVP4VpKeqiD1pUV548BjbLUM+DzomyHFct1OY0/fHc7l48IMvTxroj7E1QP0O90Nt1gfopVvZImX+NPxpeju/Ly+epP0fZH/28WFKl4E8RdruZ7WjdpDQzxPF47IV0VNkT8M5SIvTWlNz8NMH7wQdsESpMY6o1AQHXl0gSz8xhYWtb5Ufvl4++OfVr55MonzNlaTcYxkJw6IM7cecKJoCACyEStA1fNf5noLcbZs5olmB6kfZRifW0h4xZxQREfCc9EuEJKNZO1DZJo5V9jP/IAqZi9jF7rnIcnsRkKrtyvGIgZCMG6nxPkvLe/yVgJ2BvIVm7qOg5KGdEG3IndakF7aoKW/cM4JYCWLqHojE/9dUQ31/RvxEk0OV4qwjvUvW3GHCfx9Z0FwIUjI01R7LwL7DGthXYlE4Qtxzv/i5Fmting7ThkbDUBaF4FvJfH8hLw2bIilVCtivUSWtgS2X8p6sBn1JTDfl54FefL6U3u2bNKc4wRIkdilb2g+JHeOV3PTTQJJ5/pJjQ6ZobtBoXwehf7a5SVlPjtKcTdKDr0e+J5jtnr9rVyE0axOZhXQf0SBa+UxLyQAsqkp+ynnKnIichZHD7EhaKUDobToCoJtuvdQS8hjKsyRRwuN0AwNZE0xeCdnK5t7DHGbU7Sz5XNeEmcJrwYeklwnJXTGx3h6vOUr3K79RiS7bc5ZOCJTA9OqAH78EuSY+Pry/SnEv40l055lqIeG+3qNEc8p5OkrrNmSxQ0dpqMfLYCovSNaJVbwBuH1N94Pde2w,iv:d/Cq1kR6Ykkjo40iD59/B+l92Ak1XsfQdIqhuUptKHY=,tag:B/kpofr4nOizEgna2kHaSw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13s2dafyr9sfltp8heujttxug4v4m3qhj7sxzqrj6x6x3cu5n29uqfvj62l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTWRSMGIvN2l1UExmam44 + NEpnNi9pSGNpSlBzaklOMVBQZ1dMVjBHS3hNCnc1M2xBaWZBLzZqYU1GU3FTK2FJ + VmhYSzBZZkJWd0Q2ckRxN2ZPM1VqdE0KLS0tIDN2WkxnVjJCWU84ZzZ4WmFIRDcw + eDlCdVplUkZvS0R6TW1DQzFvQjh3bEUKXB5MbXfbTF0k6Udx0ewwPUFEYGoJ1xAu + ZBSSHBsh6eoP2V56SjYOxkV9QrRxVJtwWWPYqqOXCrDwJaoabKp6gA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lfx84pz5u2hcdmtkpc7hw0kw080065c3fhvatghqzpp9fla3my2s5kd45x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscUdYUlR1ZG5kaUc5VWs0 + TFNvL2ZPYmt6WTk4NHRROXZoSk5rWG1Ra2dJCm5WYUlLMFlyZmhYT2YxUXpic0pG + VElFSVQyK25kSVAwcExjTmZWY2l5T1EKLS0tIHFWSjg3bm5sSTdQcWFLRm1id1ZN + Qi9OSVIyODVXbEJla3dySEUrM3ZTQ3MKp/lwGNMqRSaP7CQvsfeYAePDCNUkFjaO + 5XE/FhtwBthS27jt16NY0GJCYG8azLV+K5zJw/AiDtlt3n7f1lnN4g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-14T01:05:12Z" + mac: ENC[AES256_GCM,data:tyu83gq5LFEUBoP9XscbPqQcvWlThfhajBqotkGZbFvOr2yWZxE6dtu/0ZtTxBg6v3mViQmXNt/0jvuBYZo+77rnlaVMQYYKWj7S8vI4Qj5JRj8YV5O2aanHoh5vqlQ1Sq64l5uvUkC7MPKBDAy3auNSBFE35WNrBfZtyIEcPGE=,iv:LKM9VtabxnH/j8ZUgsE+jzEnWaH+cnr7986izqyHMTM=,tag:+QGKdw7D0s4SMrh9yy9GUA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/machines/piecyk/configuration.nix b/machines/piecyk/configuration.nix index 7a6c8050..371cb869 100644 --- a/machines/piecyk/configuration.nix +++ b/machines/piecyk/configuration.nix @@ -79,6 +79,7 @@ rec { # ensure that homelab is available even if local DNS dies extraHosts = '' 10.100.20.1 deedee.home.arpa + 10.200.10.10 monkey.home.arpa ''; }; diff --git a/modules/apps/caffeine/default.nix b/modules/apps/caffeine/default.nix index 4ef8c900..92e33664 100644 --- a/modules/apps/caffeine/default.nix +++ b/modules/apps/caffeine/default.nix @@ -15,7 +15,7 @@ in config = lib.mkIf cfg.enable { # in awesome service runs too early and caffeine breaks - services.caffeine.enable = osConfig.mySystem.xorg.windowManager != "awesome"; + services.caffeine.enable = osConfig.mySystemApps.xorg.windowManager != "awesome"; myHomeApps.awesome.autorun = [ (lib.getExe pkgs.caffeine-ng) ]; }; diff --git a/modules/apps/chiaki-ng/default.nix b/modules/apps/chiaki-ng/default.nix new file mode 100644 index 00000000..fea65982 --- /dev/null +++ b/modules/apps/chiaki-ng/default.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.myHomeApps.chiaki-ng; + + # hack, to enable touchpad click while streaming. + # Normally Linux hijacks touchpad, and treats it as a mouse, mapping touchpad click to left-click. + # However chiaki doesn't support left-click, but lucky for us - interprets right-click as touchpad. + # So swapping left-click with right-click makes touchpad behaving as expected, while also small portion + # of touchpad (at the bottom) still behaving like left-click, to ease navigation on chiaki itself. + padRemapper = pkgs.writeShellScriptBin "input-remapper" '' + pad_name="Wireless Controller Touchpad" + while true; do + sleep 5 + if ${lib.getExe pkgs.xorg.xinput} | grep -q "$pad_name"; then + pad_id="$(${lib.getExe pkgs.xorg.xinput} | grep 'Wireless Controller Touchpad' | sed -E 's@.*id=([0-9]+).*@\1@g')" + + if [[ "$(${lib.getExe pkgs.xorg.xinput} get-button-map "$pad_id")"] == 1* ]]; then + ${lib.getExe pkgs.xorg.xinput} set-button-map "$pad_id" 3 2 1 4 5 6 7 + fi + fi + done + ''; +in +{ + options.myHomeApps.chiaki-ng = { + enable = lib.mkEnableOption "chiaki-ng"; + configFileSopsSecret = lib.mkOption { + type = lib.types.str; + description = "Sops secret name containing chiaki-ng config."; + default = "home/apps/chiaki-ng/config"; + }; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."${cfg.configFileSopsSecret}" = { }; + + xsession.initExtra = lib.mkAfter '' + ${lib.getExe padRemapper} & + ''; + + home = { + activation = { + chiaki-ng = lib.hm.dag.entryAfter [ "sopsNix" ] '' + mkdir -p ${config.xdg.configHome}/Chiaki + cp ${lib.getExe padRemapper} /tmp/pr + cp ${ + config.sops.secrets."${cfg.configFileSopsSecret}".path + } ${config.xdg.configHome}/Chiaki/Chiaki.conf + ''; + }; + }; + }; +} diff --git a/modules/apps/default.nix b/modules/apps/default.nix index 84911920..af7936a7 100644 --- a/modules/apps/default.nix +++ b/modules/apps/default.nix @@ -25,6 +25,7 @@ _: { ./alacritty ./awesome ./caffeine + ./chiaki-ng ./discord ./dunst ./firefox diff --git a/modules/hardware/nuc8.nix b/modules/hardware/nuc8.nix new file mode 100644 index 00000000..3e080457 --- /dev/null +++ b/modules/hardware/nuc8.nix @@ -0,0 +1,28 @@ +_: { + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware = { + cpu.intel.updateMicrocode = true; + enableRedistributableFirmware = true; + }; +} diff --git a/modules/system/core.nix b/modules/system/core.nix index f23afc55..8576a08d 100644 --- a/modules/system/core.nix +++ b/modules/system/core.nix @@ -21,6 +21,13 @@ in default = [ ]; }; + extraModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Extra modules to load on boot."; + default = [ ]; + example = [ "thunderbolt" ]; + }; + filesystem = lib.mkOption { type = lib.types.enum [ "ext4" @@ -105,6 +112,8 @@ in users.groups.services = { }; + boot.kernelModules = config.mySystem.extraModules; + services.zfs = lib.mkIf (config.mySystem.filesystem == "zfs") { autoScrub.enable = true; trim.enable = true; diff --git a/modules/system/hardware/bluetooth.nix b/modules/system/hardware/bluetooth.nix index f505fdd8..981bd790 100644 --- a/modules/system/hardware/bluetooth.nix +++ b/modules/system/hardware/bluetooth.nix @@ -30,6 +30,7 @@ in }; }; }; + default = { }; }; }; diff --git a/modules/system/networking.nix b/modules/system/networking.nix index 0b36552f..c2692a1e 100644 --- a/modules/system/networking.nix +++ b/modules/system/networking.nix @@ -85,6 +85,7 @@ in resolvconf.enable = false; useDHCP = false; useHostResolvConf = false; + interfaces."${cfg.mainInterface.name}".wakeOnLan.enable = true; }; services = {