5 files changed, 45 insertions, 3 deletions

diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index e59ec01..c797d29 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -1,4 +1,3 @@
-# channel="nixos-small"
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
@@ -9,17 +8,42 @@
   imports = [
     ./hardware-configuration.nix
     <top/profiles/server>
+    <top/shared/monitoring.nix>
     <top/shared/tailscale.nix>
     <top/shared/basics-physical.nix>
     <top/shared/vpn.nix>
     ./home-automation.nix
     ./kodi.nix
     ./torrent.nix
+    ./hosehawk.nix
   ];
 
+  # enable unlocking full disk encryption via SSH
+  boot.kernelParams = ["ip=dhcp"];
+  boot.initrd = {
+    availableKernelModules = ["r8169"]; # for Ethernet
+    network = {
+      enable = true;
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
+        authorizedKeys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo/Y7w3hQgUIOQi63e8+L7eTMsVWl1vqY+Bd4tvwShdAj8ECU6JnD6gkCVzqXfUNdpA0Csd9PZlGAbXU+0kxudryFV6mxbXvYf+z70vcF02L5lDJ1tzCV7t7SwXnoenSNBIra/M2zDFgGM4oUkl9iZ2wxn/X/mvFzopJsM3xe2YNtJhXzCyaQTakKRDdHMyj9E867Ko03H6ZD2PI+9G+S39tk5ZLIcG9qhLTfDPziiZj7AIeTYVoxQycajwSlvp8BLzxxCKH8Mq7qW86jfT4lYvUuL5ItQ1cdFbmvJNKpgGXBzgBU+6kWf5c7P2aajhE3otgpfBXWBZRA3hKk+E+xX martin@hamac"
+        ];
+        shell = "/bin/cryptsetup-askpass";
+      };
+    };
+  };
+  # unsure why this is necessary
+  networking.interfaces.enp3s0.useDHCP = true;
+
   home-automation.zigbee2mqttPort = 8080;
   torrent.qbittorrentWebUiPort = 7777;
   torrent.networkNamespace = "se";
+  monitoring.alloyUiPort = 3001;
+  monitoring.lokiPort = 3030;
+  monitoring.prometheusNodeExporterPort = 9002;
 
   home-automation.zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0";
 
diff --git a/nixos/hosts/ev/hosehawk.nix b/nixos/hosts/ev/hosehawk.nix
new file mode 100644
index 0000000..146272d
--- /dev/null
+++ b/nixos/hosts/ev/hosehawk.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    /home/martin/repos/hosehawk/services/hosenest.nix
+    /home/martin/repos/hosehawk/services/hosehawk.nix
+  ];
+
+  services.hosenest.enable = true;
+  services.hosehawk = {
+    enable = true;
+    hosenestUrl = "http://localhost:${toString config.services.hosenest.port}/";
+  };
+}
diff --git a/nixos/hosts/ev/kodi.nix b/nixos/hosts/ev/kodi.nix
index 2aea216..3862dfe 100644
--- a/nixos/hosts/ev/kodi.nix
+++ b/nixos/hosts/ev/kodi.nix
@@ -7,7 +7,10 @@ let
 in
 {
   config = {
-    users.extraUsers.kodi.isNormalUser = true;
+    users.users.kodi = {
+      isNormalUser = true;
+      extraGroups = ["audio"];
+    };
 
     services = {
       cage = {
diff --git a/nixos/hosts/ev/metadata.toml b/nixos/hosts/ev/metadata.toml
new file mode 100644
index 0000000..58f0301
--- /dev/null
+++ b/nixos/hosts/ev/metadata.toml
@@ -0,0 +1 @@
+channel = "nixos-small"
diff --git a/nixos/hosts/ev/torrent.nix b/nixos/hosts/ev/torrent.nix
index ddc4dcb..a09c507 100644
--- a/nixos/hosts/ev/torrent.nix
+++ b/nixos/hosts/ev/torrent.nix
@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 let
-  helpers = import <top/helpers.nix> { inherit config; };
+  helpers = import <top/helpers.nix> { inherit config lib pkgs; };
   cfg = config.torrent;
 in
 {