diff --git a/flake.nix b/flake.nix index fae9300..1ecc950 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,6 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixpkgs-unstable, nur, ... }@inputs: @@ -65,7 +64,6 @@ desktop = mkSystem { path = ./system/machines/desktop; }; server = mkSystem { path = ./system/machines/server; }; wsl = mkSystem { path = ./system/machines/wsl; }; - tv = mkSystem { path = ./system/machines/tv; system = "aarch64-linux"; }; }; devShells.x86_64-linux.default = with mkPkgs "x86_64-linux"; mkShell { diff --git a/system/keys/windows/ssh.pub.key b/system/keys/windows/ssh.pub.key deleted file mode 100644 index dedd09a..0000000 --- a/system/keys/windows/ssh.pub.key +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBamn0zxYt6mwWLrPkDDXTrfe/tdpGCw6DBLiTw5QuxD bryan@ramos.codes diff --git a/system/machines/tv/default.nix b/system/machines/tv/default.nix deleted file mode 100644 index a788314..0000000 --- a/system/machines/tv/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.nixos-hardware.nixosModules.raspberry-pi-4 - ../../../user - ../../keys - ./hardware.nix - ./system.nix - ./modules/kiosk - ]; -} \ No newline at end of file diff --git a/system/machines/tv/hardware.nix b/system/machines/tv/hardware.nix deleted file mode 100644 index e42e88b..0000000 --- a/system/machines/tv/hardware.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "usbhid" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - - # Pi boots via extlinux from the Hydra SD image — not GRUB/systemd-boot - loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; - - # UUIDs are baked into the Hydra SD image — identical on every Pi flashed - # from that image. FIRMWARE (FAT) holds the Pi bootloader; NIXOS_SD (ext4) - # is root. /boot/firmware must be mounted so nixos-rebuild can update - # extlinux config on subsequent rebuilds. - fileSystems."/" = { - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - }; - - fileSystems."/boot/firmware" = { - device = "/dev/disk/by-uuid/2178-694E"; - fsType = "vfat"; - options = [ "nofail" "noauto" ]; - }; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} \ No newline at end of file diff --git a/system/machines/tv/modules/default.nix b/system/machines/tv/modules/default.nix deleted file mode 100644 index aa06974..0000000 --- a/system/machines/tv/modules/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./kiosk - ]; -} diff --git a/system/machines/tv/modules/kiosk/default.nix b/system/machines/tv/modules/kiosk/default.nix deleted file mode 100644 index c2837f0..0000000 --- a/system/machines/tv/modules/kiosk/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ pkgs, lib, config, ... }: - -with lib; -let - cfg = config.modules.system.kiosk; -in -{ - options.modules.system.kiosk = { - enable = mkEnableOption "kiosk mode (Cage + Firefox fullscreen browser)"; - - user = mkOption { - type = types.str; - description = "user account the kiosk session runs as"; - }; - - url = mkOption { - type = types.str; - default = "about:blank"; - description = "URL loaded by Firefox on startup"; - }; - }; - - config = mkIf cfg.enable { - # Cage is a minimal Wayland compositor that runs exactly one program - # fullscreen. Combined with auto-login it gives us a zero-chrome kiosk. - services.cage = { - enable = true; - user = cfg.user; - program = '' - ${pkgs.firefox}/bin/firefox \ - --kiosk \ - ${cfg.url} - ''; - }; - - # System-wide Firefox policies. Writes /etc/firefox/policies/policies.json - # which Firefox reads regardless of how it's launched. - programs.firefox = { - enable = true; - policies = { - # Force-install uBlock Origin from AMO. The "latest.xpi" URL is - # Mozilla's stable redirect — it always resolves to the current - # release and is explicitly supported for enterprise policy use. - ExtensionSettings = { - "uBlock0@raymondhill.net" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; - installation_mode = "force_installed"; - }; - }; - - # Trim everything Firefox does that makes no sense on a TV - DisableTelemetry = true; - DisablePocket = true; - DisableFirefoxStudies = true; - DisableProfileImport = true; - DontCheckDefaultBrowser = true; - OverrideFirstRunPage = ""; - OverridePostUpdatePage = ""; - NoDefaultBookmarks = true; - PasswordManagerEnabled = false; - - # DRM on — required for Netflix/Prime/etc. to even attempt playback. - # On aarch64 the Widevine CDM still has to be fetched at runtime and - # may be refused by streaming services; YouTube/Twitch/non-DRM work - # regardless. - EncryptedMediaExtensions = { - Enabled = true; - Locked = true; - }; - }; - }; - - # Firefox runs on Wayland cleanly only with this env var. - environment.sessionVariables.MOZ_ENABLE_WAYLAND = "1"; - - # Pi 4 can't wake from a powered-off state via the remote (no standby - # circuit), so shutting down via the remote's power button strands the - # system until someone reaches the power cable. Ignore the key entirely - # and rely on the TV's own power to hide the display. - services.logind.settings.Login.HandlePowerKey = "ignore"; - - # PipeWire for audio out over HDMI / 3.5mm - services.pipewire = { - enable = true; - audio.enable = true; - pulse.enable = true; - alsa.enable = true; - }; - }; -} diff --git a/system/machines/tv/system.nix b/system/machines/tv/system.nix deleted file mode 100644 index 6052c6a..0000000 --- a/system/machines/tv/system.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ pkgs, lib, config, ... }: - -{ - system.stateVersion = "25.11"; - - imports = [ ./modules ]; - - modules.system.kiosk = { - enable = true; - user = config.user.name; - url = "about:blank"; - }; - - users.users.${config.user.name} = { - isNormalUser = true; - shell = pkgs.bash; - extraGroups = [ "wheel" "networkmanager" "video" "audio" "input" ]; - openssh.authorizedKeys.keys = [ - "${config.machines.keys.desktop.ssh}" - "${config.machines.keys.windows.ssh}" - ]; - }; - - nix = { - channel.enable = false; - package = pkgs.nixVersions.stable; - extraOptions = "experimental-features = nix-command flakes"; - settings = { - auto-optimise-store = true; - trusted-users = [ "${config.user.name}" ]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - environment.systemPackages = with pkgs; [ - vim - git - htop - ]; - - security.sudo = { - wheelNeedsPassword = false; - execWheelOnly = true; - }; - - time.timeZone = "America/New_York"; - - services.timesyncd = { - enable = true; - servers = [ - "0.pool.ntp.org" - "1.pool.ntp.org" - "2.pool.ntp.org" - "3.pool.ntp.org" - ]; - }; - - i18n.defaultLocale = "en_US.UTF-8"; - console.font = "Lat2-Terminus16"; - - networking = { - hostName = "tv"; - useDHCP = false; - interfaces.end0 = { - ipv4.addresses = [{ - address = "192.168.0.176"; - prefixLength = 24; - }]; - }; - defaultGateway = "192.168.0.1"; - nameservers = [ "1.1.1.1" "8.8.8.8" ]; - firewall = { - enable = true; - allowedTCPPorts = [ 22 ]; - }; - }; - - services.openssh = { - enable = true; - startWhenNeeded = true; - settings = { - X11Forwarding = false; - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; -} \ No newline at end of file