{ config, pkgs, ... }: let hdmiHandler = pkgs.writeShellScript "hdmi-handler" '' #!/usr/bin/env bash PORT="/sys/class/drm/card0-HDMI-A-1/status" USER="nicole" read status < "$PORT" if [[ "$status" == "connected" ]]; then runuser -l "$USER" -c "systemctl --user start kodi.service" # runuser -l "$USER" -c "systemctl --user start vm-viewer@ha-vm.service" else runuser -l "$USER" -c "systemctl --user stop vm-viewer@ha-vm.service" || true runuser -l "$USER" -c "systemctl --user stop kodi.service" fi ''; in { imports = [ ./hardware/hardware-configuration.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.kernelModules = [ "overlay" "vmd" ]; boot.initrd.systemd.tmpfiles.settings."nixdirs" = { "/nix".d = { mode = "0755"; type = "d"; user = "root"; group = "root";}; "/nix/.ro-store".d = { mode = "0755"; type = "d"; user = "root"; group = "root";}; "/nix/.rw-store".d = { mode = "0755"; type = "d"; user = "root"; group = "root";}; }; boot.zfs.extraPools = ["tank"]; networking.hostName = "nix-nas"; networking.hostId = "39373132"; # via: head -c4 /etc/machine-id | od -An -tx4 fileSystems."/" = { device = "rpool/root"; fsType = "zfs"; neededForBoot = true; }; fileSystems."/nix" = { device = "rpool/nix"; fsType = "zfs"; neededForBoot = true; }; fileSystems."/home" = { device = "tank/home"; fsType = "zfs"; }; fileSystems."/tank" = { device = "tank/media"; fsType = "zfs"; }; swapDevices = [ ]; users.users.nicole = { isNormalUser = true; hashedPassword = "$6$p73d5mOLoSuJGOol$KRlszaPXZK9/frADlfR3kAr/57DD5f4.CPTGNNX80QWEWFE5y.bM1WiZwmRHiAlrws3q/zCDQ6AqeSyCUX.8U/"; extraGroups = [ "wheel" "docker" "libvirtd" ]; linger = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAsiKDWCwyf1usprg3K6Zk0xE9S4DX6+Bc4+nIOZGmf drezil@Manticore" ]; }; system.stateVersion = "25.05"; # ← einmalig festnageln security.sudo.wheelNeedsPassword = false; services.openssh.enable = true; services.zfs.autoScrub.enable = true; # Snapshots & Details kommen später systemd.services.zfs-prune-snapshots = { description = "Remove ZFS snapshots older than policy"; serviceConfig.ExecStart = "/run/current-system/sw/bin/zfs-prune-snapshots -r --keep=2w"; startAt = "daily"; }; # Wir pinnen den Kernel, bis ZFS 2.3.x für 6.13 bereit ist boot.kernelPackages = pkgs.linuxPackages_6_12; environment.systemPackages = with pkgs; [ git vim zfs virt-viewer kodi ]; #### Virtualisation virtualisation.docker.enable = true; virtualisation.libvirtd.enable = true; users.groups.docker.members = [ "nicole" ]; programs.virt-manager.enable = true; #### nix-Cache # --- Binary-Cache services.nix-serve = { enable = true; secretKeyFile = "/var/cache/nix/secret-key"; openFirewall = true; port = 5000; }; nix.settings = { substituters = [ "http://nix-nas:5000" "https://cache.nixos.org" ]; trusted-public-keys = [ "nas-cache:rgCDn9SwmvxvhjiEiRgrjAuAEyRiJT/aBIlywetuypM=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # Standard-Key vom upstream Cache ]; secret-key-files = [ "/var/cache/nix/secret-key" ]; }; ########################################################################## ### Kodi & TV-Detect ##################################################### ########################################################################## ### UDEV-Regel + Skript ################################################## services.udev.extraRules = '' ACTION=="change", SUBSYSTEM=="drm", ENV{HOTPLUG}=="1", RUN+="${hdmiHandler}" ''; ## Kodi – GBM/Wayland Stand-alone ################################### systemd.user.services.kodi = { description = "Kodi Media Center (stand-alone)"; # wird nur manuell/über den Udev-Hook gestartet → kein wantedBy nötig # wantedBy = [ "default.target" ]; # auskommentieren, falls immer laufen soll after = [ "graphical-session.target" ]; # optional serviceConfig = { Type = "simple"; ExecStart = "${pkgs.kodi}/bin/kodi-standalone"; Restart = "on-failure"; }; }; ### Virt-Viewer Template-Unit (optional) ################################# systemd.user.services."vm-viewer@" = { description = "Virt-viewer fullscreen for %i"; serviceConfig = { ExecStart = "${pkgs.virt-viewer}/bin/virt-viewer --full-screen --wait --domain-name %i"; Restart = "on-failure"; }; }; }