# Intel NUC (nuc-nixos)

`systems/x86_64-linux/nuc-nixos/`

## Hardware

- **Device**: Intel NUC
- **Disk**: btrfs with LUKS encryption
- **Security**: TPM2, Lanzaboote (Secure Boot)
- **Kernel**: CachyOS `linux-cachyos-lto` (x86_64-v4 build)

## Key Features

- Headless server (no display manager, watchdog enabled)
- Home Assistant — the primary smart home controller
- OpenThread Border Router (OTBR) for Matter/Thread devices
- Impermanence (ephemeral root, persistent state for HA and related services)
- btrfs filesystem (unlike the bcachefs-based NAS and Pi5)

## Network

- **LAN IP**: 10.0.1.4 (static, `enp2s0`)
- **Gateway / DNS**: 10.0.1.1
- **Firewall**: 1883 (MQTT), 8880/8881 (OTBR), 8192

## Services

| Service | Port | Description |
|---|---|---|
| Home Assistant | 8097 | Smart home controller |
| Mosquitto (MQTT) | 1883 | IoT message broker |
| Zigbee2MQTT | 8080 | Zigbee device bridge |
| Music Assistant | 8095 | Music streaming |
| OTBR | 8880/8881 | OpenThread Border Router (Matter/Thread) |
| ESPHome | — | ESP microcontroller firmware |
| PostgreSQL | — | HA database backend |

## Persistent Directories

The following directories survive reboots via impermanence:

- `/esphome`
- `/var/lib/homeassistant`
- `/var/lib/mosquitto`
- `/var/lib/music-assistant`
- `/var/lib/postgresql`
- `/var/lib/zigbee2mqtt`

## Configuration Files

| File | Purpose |
|---|---|
| `default.nix` | All config in one file — HA, OTBR, network, hardware, impermanence |

## Secrets

Secrets are in `secrets/nuc-secrets.yaml`, encrypted for: `nuc`, `admin_nuc`, `matt`, `admin`, `jallen-nas`.