home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 77b8273d6feb402197f5a9c65f939e03772ffa21
parent 22c91ef6af8faca668d8d4f34f83ef9406ee03b6
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Wed, 17 Aug 2022 16:39:36 +0200

flake.nix: add wakasu hosts…

New laptop, x1 gen 9th, that will replace naruhodo, naming it wakasu

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 7++++++-
Asystems/hardware/thinkpad-x1g9.nix | 6++++++
Asystems/hosts/wakasu.nix | 112+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 124 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix @@ -158,10 +158,15 @@ naruhodo = { modules = unstableModules ++ [ nixos-hardware.nixosModules.lenovo-thinkpad-t480s - nixos-hardware.nixosModules.common-pc-laptop-ssd ./systems/hosts/naruhodo.nix ]; }; + wakasu = { + modules = unstableModules ++ [ + nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen + ./systems/hosts/wakasu.nix + ]; + }; # WSL setup # FIXME okinawa doesn't have openssh okinawa = { diff --git a/systems/hardware/thinkpad-x1g9.nix b/systems/hardware/thinkpad-x1g9.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: +{ + # imports = [ + # ./thinkpad.nix + # ]; +} diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix @@ -0,0 +1,112 @@ +# { sources ? import ../../nix +# , lib ? sources.lib +# , pkgs ? sources.pkgs { } +# , ... +# }: +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = "wakasu"; + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; + endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; + endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; + + getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs; + metadata = importTOML ../../ops/hosts.toml; +in +{ + imports = [ + ../hardware/thinkpad-x1g9.nix + (import ../../users).vincent + (import ../../users).root + ]; + + fileSystems."/" = { + device = "/dev/mapper/root"; + fsType = "ext4"; + options = [ "noatime" "discard" ]; + }; + + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def"; + preLVM = true; + allowDiscards = true; + keyFile = "/dev/disk/by-id/usb-_USB_DISK_2.0_070D375D84327E87-0:0"; + keyFileOffset = 30992883712; + keyFileSize = 4096; + fallbackToPassword = true; + }; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2294-77F4"; + fsType = "vfat"; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/c00da13a-39ee-4640-9783-baf0a3d13e73"; }]; + + networking = { + hostName = hostname; + }; + + boot = { + loader.systemd-boot.netbootxyz.enable = true; + kernelPackages = pkgs.linuxPackages_latest; + tmpOnTmpfs = true; + plymouth = { + enable = true; + themePackages = [ pkgs.my.adi1090x-plymouth ]; + theme = "deus_ex"; + # hexagon, green_loader, deus_ex, cuts, sphere, spinner_alt + }; + }; + + # FIXME Fix tmpOnTmpfs + systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ]; + + + services.udev.extraRules = '' + # STM32 rules for the Moonlander and Planck EZ + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \ + MODE:="0666", \ + SYMLINK+="stm32_dfu" + + # Suspend the system when battery level drops to 5% or lower + SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="${pkgs.systemd}/bin/systemctl hibernate" + ''; + services.hardware.bolt.enable = true; + core.nix = { + # temporary or not + localCaches = [ ]; + }; + + modules = { + hardware = { + yubikey.enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + docker-client + ]; + + services = { + logind.extraConfig = '' + HandleLidSwitchExternalPower=ignore + HandleLidSwitchDocked=ignore + ''; + wireguard = { + enable = true; + ips = [ "${metadata.hosts.naruhodo.wireguard.addrs.v4}/24" ]; + endpoint = endpointIP; + endpointPort = endpointPort; + endpointPublicKey = endpointPublicKey; + }; + # syncthing.guiAddress = "${metadata.hosts.naruhodo.wireguard.addrs.v4}:8384"; + }; + +}