Add wip idefix config

3 files changed, 107 insertions, 0 deletions

diff --git a/host/hardware/idefix.nix b/host/hardware/idefix.nix
new file mode 100644
index 0000000..73795f8
--- /dev/null
+++ b/host/hardware/idefix.nix
@@ -0,0 +1,50 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
+      kernelModules = [ ];
+      secrets = {
+        "/crypto_keyfile.bin" = null;
+      };
+      # Enable swap on luks
+      luks.devices."luks-d66399c9-3eb8-4ebc-9855-9aae346feabf".device = "/dev/disk/by-uuid/d66399c9-3eb8-4ebc-9855-9aae346feabf";
+      luks.devices."luks-d66399c9-3eb8-4ebc-9855-9aae346feabf".keyFile = "/crypto_keyfile.bin";
+      luks.devices."luks-1747c7bf-b0e6-4202-8e00-393c0e5a01f2".device = "/dev/disk/by-uuid/1747c7bf-b0e6-4202-8e00-393c0e5a01f2";
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+      efi.efiSysMountPoint = "/boot/efi";
+    };
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a368ee22-54d1-45ff-b61b-529b9b438e52";
+      fsType = "ext4";
+    };
+
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/F393-BC14";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/51ac8775-7ff6-4869-addb-fe139198e7c8"; }
+    ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  hardware.bluetooth.enable = true;
+}
diff --git a/host/idefix.nix b/host/idefix.nix
new file mode 100644
index 0000000..80711f2
--- /dev/null
+++ b/host/idefix.nix
@@ -0,0 +1,53 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware/idefix.nix
+    ./software/desktop
+    ./software/desktop/gnome.nix
+  ];
+
+  console.keyMap = pkgs.lib.mkForce "us";
+
+  networking = {
+    hostName = "idefix";
+    firewall.enable = false;
+    networkmanager.enable = true;
+  };
+
+  users.extraUsers.common.extraGroups  = [ "networkmanager" ];
+
+  services = {
+    upower.enable = true;
+    acpid.enable  = true;
+    blueman.enable = true;
+    xserver.libinput.enable = true;
+  };
+
+  powerManagement.powertop.enable = true;
+
+  services.xserver = {
+    layout = pkgs.lib.mkForce "us";
+    xkbVariant = pkgs.lib.mkForce "";
+  };
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.8/24" ];
+
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        { # automatix
+          publicKey  = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint   = "kummerlaender.eu:54321";
+
+          persistentKeepalive = 10;
+        }
+      ];
+    };
+  };
+
+  system.stateVersion = "22.05";
+}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index 102fe80..29aaec5 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -38,6 +38,10 @@
           publicKey = "0nd/5vZaerTCUpS6uXsulCTzI3ZsUT2N2pnh7zTo8wg=";
           allowedIPs = [ "10.100.0.7" ];
         }
+        { # idefix
+          publicKey = "sF89wadXLEMXeNHNFPas7umP/QeyXMs3s7XGfXmY2lc=";
+          allowedIPs = [ "10.100.0.8" ];
+        }
       ];
     };
   };