commit 77b8273d6feb402197f5a9c65f939e03772ffa21
parent 22c91ef6af8faca668d8d4f34f83ef9406ee03b6
Author: Vincent Demeester <vincent@sbr.pm>
Date: Wed, 17 Aug 2022 16:39:36 +0200
flake.nix: add wakasu hosts…
New laptop, x1 gen 9th, that will replace naruhodo, naming it wakasu
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 124 insertions(+), 1 deletion(-)
diff --git a/flake.nix b/flake.nix
@@ -158,10 +158,15 @@
naruhodo = {
modules = unstableModules ++ [
nixos-hardware.nixosModules.lenovo-thinkpad-t480s
- nixos-hardware.nixosModules.common-pc-laptop-ssd
./systems/hosts/naruhodo.nix
];
};
+ wakasu = {
+ modules = unstableModules ++ [
+ nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
+ ./systems/hosts/wakasu.nix
+ ];
+ };
# WSL setup
# FIXME okinawa doesn't have openssh
okinawa = {
diff --git a/systems/hardware/thinkpad-x1g9.nix b/systems/hardware/thinkpad-x1g9.nix
@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+{
+ # imports = [
+ # ./thinkpad.nix
+ # ];
+}
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -0,0 +1,112 @@
+# { sources ? import ../../nix
+# , lib ? sources.lib
+# , pkgs ? sources.pkgs { }
+# , ...
+# }:
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = "wakasu";
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+
+ endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+ endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+
+ getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
+ metadata = importTOML ../../ops/hosts.toml;
+in
+{
+ imports = [
+ ../hardware/thinkpad-x1g9.nix
+ (import ../../users).vincent
+ (import ../../users).root
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/root";
+ fsType = "ext4";
+ options = [ "noatime" "discard" ];
+ };
+
+ boot.initrd.luks.devices = {
+ root = {
+ device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
+ preLVM = true;
+ allowDiscards = true;
+ keyFile = "/dev/disk/by-id/usb-_USB_DISK_2.0_070D375D84327E87-0:0";
+ keyFileOffset = 30992883712;
+ keyFileSize = 4096;
+ fallbackToPassword = true;
+ };
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/2294-77F4";
+ fsType = "vfat";
+ };
+
+ swapDevices = [{ device = "/dev/disk/by-uuid/c00da13a-39ee-4640-9783-baf0a3d13e73"; }];
+
+ networking = {
+ hostName = hostname;
+ };
+
+ boot = {
+ loader.systemd-boot.netbootxyz.enable = true;
+ kernelPackages = pkgs.linuxPackages_latest;
+ tmpOnTmpfs = true;
+ plymouth = {
+ enable = true;
+ themePackages = [ pkgs.my.adi1090x-plymouth ];
+ theme = "deus_ex";
+ # hexagon, green_loader, deus_ex, cuts, sphere, spinner_alt
+ };
+ };
+
+ # FIXME Fix tmpOnTmpfs
+ systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ];
+
+
+ services.udev.extraRules = ''
+ # STM32 rules for the Moonlander and Planck EZ
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \
+ MODE:="0666", \
+ SYMLINK+="stm32_dfu"
+
+ # Suspend the system when battery level drops to 5% or lower
+ SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="${pkgs.systemd}/bin/systemctl hibernate"
+ '';
+ services.hardware.bolt.enable = true;
+ core.nix = {
+ # temporary or not
+ localCaches = [ ];
+ };
+
+ modules = {
+ hardware = {
+ yubikey.enable = true;
+ };
+ };
+ environment.systemPackages = with pkgs; [
+ docker-client
+ ];
+
+ services = {
+ logind.extraConfig = ''
+ HandleLidSwitchExternalPower=ignore
+ HandleLidSwitchDocked=ignore
+ '';
+ wireguard = {
+ enable = true;
+ ips = [ "${metadata.hosts.naruhodo.wireguard.addrs.v4}/24" ];
+ endpoint = endpointIP;
+ endpointPort = endpointPort;
+ endpointPublicKey = endpointPublicKey;
+ };
+ # syncthing.guiAddress = "${metadata.hosts.naruhodo.wireguard.addrs.v4}:8384";
+ };
+
+}