From db64c2090c812ef3a4261a5d369bfe60f816c52a Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Mon, 27 May 2024 21:12:29 -0600
Subject: [PATCH] hosts/tv: init with basic kodi config

---
 flake.nix                           |  5 ++-
 hosts/tv/default.nix                | 69 +++++++++++++++++++++++++++++
 hosts/tv/hardware-configuration.nix | 34 ++++++++++++++
 users/default.nix                   | 11 ++---
 4 files changed, 113 insertions(+), 6 deletions(-)
 create mode 100644 hosts/tv/default.nix
 create mode 100644 hosts/tv/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 177fd60..c8284e7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -231,6 +231,9 @@
           nixos-hardware.nixosModules.framework-13-7040-amd
         ] "europa";
         clunk = buildSys "x86_64-linux" unstable [ ] "clunk";
+        tv = buildSys "x86_64-linux" stable [
+          nixos-hardware.nixosModules.framework-11th-gen-intel
+        ] "tv";
         orcim = buildSys "x86_64-linux" unstable [ ] "orcim";
         pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
         stan = buildSys "x86_64-linux" unstable [
@@ -367,7 +370,7 @@
 
       checks =
         let
-          buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" ];
+          buildList = [ "europa" "stan" "h" "box" "faf" "weather" "clunk" "orcim" "tv" ];
         in
         with unstable.lib;
         foldl' recursiveUpdate { } (mapAttrsToList
diff --git a/hosts/tv/default.nix b/hosts/tv/default.nix
new file mode 100644
index 0000000..99d3ead
--- /dev/null
+++ b/hosts/tv/default.nix
@@ -0,0 +1,69 @@
+{ pkgs
+, ...
+}:
+let
+  pubKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
+  ];
+  myKodi = pkgs.kodi.withPackages (kp: [
+    kp.somafm
+    kp.jellyfin
+    kp.invidious
+  ]);
+in
+{
+  _module.args.isUnstable = false;
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  boot = {
+    loader.grub = {
+      enable = true;
+      devices = [
+        "/dev/disk/by-id/wwn-0x5001b448be78d64a"
+      ];
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  networking = {
+    hostName = "tv";
+    networkmanager.enable = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 ];
+      checkReversePath = "loose";
+    };
+  };
+
+  services = {
+    fwupd = {
+      enable = true;
+    };
+
+    xserver = {
+      libinput.enable = true;
+      enable = true;
+      desktopManager.kodi = {
+        enable = true;
+        package = myKodi;
+      };
+      videoDrivers = [ "intel" ];
+    };
+  };
+
+  users = {
+    users = {
+      root = { openssh.authorizedKeys.keys = pubKeys; };
+      tv = {
+        openssh.authorizedKeys.keys = pubKeys;
+        isNormalUser = true;
+      };
+    };
+  };
+
+  system = {
+    stateVersion = "22.11";
+  };
+}
diff --git a/hosts/tv/hardware-configuration.nix b/hosts/tv/hardware-configuration.nix
new file mode 100644
index 0000000..98af9cc
--- /dev/null
+++ b/hosts/tv/hardware-configuration.nix
@@ -0,0 +1,34 @@
+{ config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    bluetooth.enable = true;
+  };
+}
diff --git a/users/default.nix b/users/default.nix
index d90728b..82dc54b 100644
--- a/users/default.nix
+++ b/users/default.nix
@@ -16,7 +16,7 @@ in
     defaultUsers = {
       enable = mkOption {
         description = "Enable regular set of users";
-        default = true;
+        default = if (builtins.hasAttr "${config.networking.hostName}" config.xin-secrets) then true else false;
         example = true;
         type = lib.types.bool;
       };
@@ -26,14 +26,15 @@ in
   config =
     let
       inherit (config.networking) hostName;
-      secretAttrs = config.xin-secrets.${hostName}.user_passwords;
       hasQbit =
-        if builtins.hasAttr "qbit" secretAttrs then
-          true
-        else false;
+        if (builtins.hasAttr hostName config.xin-secrets) &&
+          (builtins.hasAttr "qbit" config.xin-secrets.${hostName}.user_passwords) then true else false;
     in
     mkIf config.defaultUsers.enable {
       sops =
+        let
+          secretAttrs = config.xin-secrets.${hostName}.user_passwords;
+        in
         {
           age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
           secrets = mkMerge [