From cc3463b8f74772ba1ea83ff915065a2b42d38260 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 4 Sep 2023 16:19:55 +0200
Subject: [PATCH] feat(hosts/potksed): add temporary host for my desktop

---
 hosts.toml                                    |   8 +++
 hosts/potksed/default.nix                     |  52 ++++++++++++++++++
 hosts/potksed/fs.nix                          |  39 +++++++++++++
 hosts/potksed/net.nix                         |  44 +++++++++++++++
 hosts/potksed/secrets/host.pub                |   1 +
 hosts/potksed/secrets/local.nix.age           | Bin 0 -> 642 bytes
 .../potksed/initrd_host_ed25519_key.age       | Bin 0 -> 786 bytes
 7 files changed, 144 insertions(+)
 create mode 100644 hosts/potksed/default.nix
 create mode 100644 hosts/potksed/fs.nix
 create mode 100644 hosts/potksed/net.nix
 create mode 100644 hosts/potksed/secrets/host.pub
 create mode 100644 hosts/potksed/secrets/local.nix.age
 create mode 100644 secrets/generated/potksed/initrd_host_ed25519_key.age

diff --git a/hosts.toml b/hosts.toml
index c7480ec..39b0d32 100644
--- a/hosts.toml
+++ b/hosts.toml
@@ -1,3 +1,11 @@
+#[kroma]
+#type = "nixos"
+#system = "x86_64-linux"
+
+[potksed]
+type = "nixos"
+system = "x86_64-linux"
+
 [nom]
 type = "nixos"
 system = "x86_64-linux"
diff --git a/hosts/potksed/default.nix b/hosts/potksed/default.nix
new file mode 100644
index 0000000..63b1319
--- /dev/null
+++ b/hosts/potksed/default.nix
@@ -0,0 +1,52 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-hdd
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+
+    ../../modules/optional/hardware/physical.nix
+
+    ../../modules
+    ../../modules/optional/boot-efi.nix
+    ../../modules/optional/initrd-ssh.nix
+    ../../modules/optional/dev
+    ../../modules/optional/graphical
+    ../../modules/optional/laptop.nix
+    ../../modules/optional/sound.nix
+    ../../modules/optional/zfs.nix
+
+    ../../users/myuser
+
+    ./fs.nix
+    ./net.nix
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+
+  hardware.nvidia.modesetting.enable = true;
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  hardware.nvidia.powerManagement.enable = true;
+  hardware.nvidia.open = false;
+  hardware.nvidia.nvidiaSettings = true;
+
+  environment.systemPackages = with pkgs; [
+    killall
+    vaapiVdpau
+    libvdpau-va-gl
+  ];
+  environment.shellInit = ''
+    gpg-connect-agent /bye
+    export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+  '';
+}
diff --git a/hosts/potksed/fs.nix b/hosts/potksed/fs.nix
new file mode 100644
index 0000000..ad8bd16
--- /dev/null
+++ b/hosts/potksed/fs.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      m2-ssd = {
+        type = "disk";
+        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
+        content = with lib.disko.gpt; {
+          type = "table";
+          format = "gpt";
+          partitions = [
+            (partEfi "efi" "0%" "1GiB")
+            (partSwap "swap" "1GiB" "17GiB")
+            (partLuksZfs "rpool" "17GiB" "100%")
+          ];
+        };
+      };
+      #data-hdd = {
+      #  type = "disk";
+      #  device = "/dev/disk/by-id/${config.repo.secrets.local.disk.data-hdd}";
+      #  content = with lib.disko.gpt; {
+      #    type = "table";
+      #    format = "gpt";
+      #    partitions = [
+      #      (partLuksZfs "data" "0%" "100%")
+      #    ];
+      #  };
+      #};
+    };
+    zpool = with lib.disko.zfs; {
+      rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;};
+    };
+  };
+
+  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
+}
diff --git a/hosts/potksed/net.nix b/hosts/potksed/net.nix
new file mode 100644
index 0000000..0d279b5
--- /dev/null
+++ b/hosts/potksed/net.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  networking = {
+    inherit (config.repo.secrets.local.networking) hostId;
+    wireless.iwd.enable = true;
+  };
+
+  boot.initrd.systemd.network = {
+    enable = true;
+    networks = {inherit (config.systemd.network.networks) "10-lan1";};
+  };
+
+  systemd.network.networks = {
+    "10-lan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan1.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
+    "10-wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wlan1.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 40;
+      dhcpV6Config.RouteMetric = 40;
+    };
+  };
+
+  networking.nftables.firewall = {
+    zones = lib.mkForce {
+      untrusted.interfaces = ["lan1" "wlan1"];
+    };
+  };
+}
diff --git a/hosts/potksed/secrets/host.pub b/hosts/potksed/secrets/host.pub
new file mode 100644
index 0000000..720eeed
--- /dev/null
+++ b/hosts/potksed/secrets/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsN0UQtOwon+OJL98WGt9yM78tCGw6SWJflKyCqr2xY
diff --git a/hosts/potksed/secrets/local.nix.age b/hosts/potksed/secrets/local.nix.age
new file mode 100644
index 0000000000000000000000000000000000000000..83d42c12005d70748fe09c969b5a1c080c5c6b7c
GIT binary patch
literal 642
zcmV-|0)72qXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVFIYL)!S79<(YBh97
zazSuSFiS&oVQ*wHP(n{bD@SNiM|f#7H8)giYFP?PZ!&phGDS);MKy11b5b=$T1#+B
zL|8d^F;z!Oc1A~VM?q|9K}2Clc})r}J|J*ub}eu+H8vo4aZ_bDQ6NEgFGV(UXlrsZ
zGH*$7FjQk_W;aQ0M>%O`PEBuGF>!A-Z8CT^Vo66aVOk0{Mk{MjF;Q1+QBZGYYFc$e
zSu06tMPxx`O)_~mZg^`mR6#FFLS%PzY(WYwJ|I$KK|+2lXL4m>b7deWL@6m?O(1n3
zY<gE)O;St>VskMvFJozQF=S>qQDSCBF==sHb8azKV^wld3N0-yAarw6Z8CaMZ&qr0
zLr6GqYDqX)RYz1tP)uSuNHbGxR&z~eb~ZO!Lway$3hc%D0iIG`nO-Qk_1Mbv?c&QZ
z({Z)Fw7K$`zCe1G*20^TRS+|I&CKM@BM%i#%o~5HhW<9hSF{2?l@O0BJZvhE1AgY|
ziocEx&Hvriy8zwM!|Bi6<RTIQ`Q0Y3)F^Hk1l{VvZ=h<>swtYvu4CAj_N>8V9#dq}
zQ&y_^iD`}TZj5ER*gEp@3G@dVEYRp5hOD^;vh1e%M%`r?@XrZ!UpikCZS#lUi{rCM
z>Z1j!WLq}bcUwM}#5j#{dv|J(En3371HcjX=r|fMZRC;>p6#>F<2<OB+%bPL@1CP1
zZW^MF6Ki7NeM$6_h#!yU?U_g!0vdkzJ3J^KduTuvZ=@H#zQTc`@H&k*9b$`i>dp2=
c)_WurQcc}B#!8Nu{#W)0d9%FP0`MzcR7UO!NB{r;

literal 0
HcmV?d00001

diff --git a/secrets/generated/potksed/initrd_host_ed25519_key.age b/secrets/generated/potksed/initrd_host_ed25519_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..252aa09b911be7a63bf03f69031003a15f8461c3
GIT binary patch
literal 786
zcmV+t1MU1_XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVOP(mwca7}b!a%*L7
zYjrtpGdNmMSZ_~RWG`bmFDo!tI6_z}bxm_*R8<OXX>wXxY-m+tMKw=Icq?yIYcWA-
zHhOkLYB_mOM^Q0#G)z-PaC$OpSuhGMJ|J*ub}eu+H8vo4aZ_bDQ6NDwGjc0rQh04n
zM@TtIW@~RtMRO}{RCsYoXJtrfRdjJfF*0p+OHx)yQ&9?8WO7SmYg%zHX>Ck&VK-AT
zF>z~gZZTJBVrolwM?^(wF=t6<QD$g3Qg;e1J|HA@EoX9NVRL05K~Er4d}lmjS~?(7
zEIbNKYcEAHK~!vJctvYbI8Z@jFKT)?OGYm*X=pTXOi*DncS&t_cUN$8b8bX=R&F<K
zK?*G`Eg(fyPkJ#jXjnyOZdqhOD^D_6NoGfAT4hpGY)xu3T0%`LGD|aJbZR$qGzysf
zpAk95&@*7#xlic%y7mlRqQX8J2mar?fd1LBLM7(j{!5T|rx3)=f!-vmYt`_uXAV26
zB0A29Jx|6hP3t_?IM?}VO2uYz(GVXT*tzCZe$u^U>;EB|fx+7nd5G77;HB@HkYBvg
z|9rxdYi=)My9Tj4>@@L<-`bi~k~#pa2nVR@3ZqhFaX2sAJS&cv#JjsQtCkGE$%Kwp
z_nn1UB1~@_j8}YsFpB!_8<yZ$;#T;q7wEFyG0yr_53lKttq}7KLYKj?6G_6Y=09V$
z_|RaB5nvEweobQ(*@Rkp_tQ(MH@?BjRk}6joxWTs#|xfR=GUM*p%thL4DuI$FbtaH
zm$qkD#FOto;^uTn!G59tiN#jn4#|U(D8erl>4VNeBfD-(evF`vjrSkHUU1az?UI+Z
zP)CvBI+XU1VIB?!$maxqwiSOurf;~m2|z4*Sh*+oX`^MZGG%D2ISm32q$wr26NMHn
ziYn)?IQ?32@*4!u{!Lk<x2hSdKvTFkH+2WZT?NC;gq=v+jy6xwnsb~8gYd$5apxl^
Q-$i22$xHBACYVqC@W&cYssI20

literal 0
HcmV?d00001