{ config, lib, pkgs, inputs, ... }: { # Setup hardware imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel ]; # Sops setup for this machine sops.secrets = { "borg-ssh-key" = { sopsFile = ../../secrets/perception/borg.yaml; format = "yaml"; }; "borg-password" = { sopsFile = ../../secrets/perception/borg.yaml; format = "yaml"; }; }; # Setup system configuration nathan = { services = { borg = { enable = true; extraExcludes = [ "/var/log" ]; passwordFile = config.sops.secrets."borg-password".path; sshKey = config.sops.secrets."borg-ssh-key".path; }; }; config = { setupGrub = false; nix = { autoUpdate = true; autoGC = true; }; harden = false; }; }; # Configure bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.kernelParams = [ "net.ifnames=0" ]; # Configure networking networking = { domain = "mccarty.io"; useDHCP = true; # Open ports in firewall firewall = { allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; }; }; # Setup home manager home-manager.users.nathan = import ./home.nix; ## Media Streaming setup # Setup hardware hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ inputs.nixpkgs-unstable.libva inputs.nixpkgs-unstable.vaapiIntel inputs.nixpkgs-unstable.libvdpau-va-gl inputs.nixpkgs-unstable.vaapiVdpau inputs.nixpkgs-unstable.intel-ocl ]; }; # Newer kernel boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_2; # Configure plex services.plex = let plexPass = pkgs.plex.override { plexRaw = pkgs.plexRaw.overrideAttrs (_: rec { version = "1.32.0.6918-6f393eda1"; src = pkgs.fetchurl { url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; sha256 = "sha256-9rGmUk0m7tBLSo5LeQ1fv2rnmK7WQ9AVDUPU0aqXLrM="; }; buildInputs = with pkgs; [ libva vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]; }); }; in { enable = true; # package = plexPass; package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.plex; openFirewall = true; }; # Configure tatulli services.tautulli = { enable = true; openFirewall = true; }; }