Merge 'Add lime configuration' (#10)

Reviewed-on: #10

flake.lock

@@ -83,11 +83,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1684596126,
+        "lastModified": 1686922395,
-        "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=",
+        "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d",
+        "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c",
         "type": "github"
       },
       "original": {
@@ -112,6 +112,21 @@
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1686838567,
+        "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1677676435,
@@ -130,11 +145,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1683286087,
+        "lastModified": 1686501370,
-        "narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=",
+        "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3e313808bd2e0a0669430787fb22e43b2f4bf8bf",
+        "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519",
         "type": "github"
       },
       "original": {
@@ -146,11 +161,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1684570954,
+        "lastModified": 1686869522,
-        "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
+        "narHash": "sha256-tbJ9B8WLCTnVP/LwESRlg0dII6Zyg2LmUU/mB9Lu98E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3",
+        "rev": "7c67f006ea0e7d0265f16d7df07cc076fdffd91f",
         "type": "github"
       },
       "original": {
@@ -203,6 +218,7 @@
       "inputs": {
         "agenix": "agenix",
         "home-manager": "home-manager_2",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
         "pwnix": "pwnix"
       }

flake.nix

@@ -8,9 +8,10 @@
       url = git+https://im.badat.dev/bad/pwnix.git;
     };
     agenix.url = github:ryantm/agenix;
+    nixos-hardware.url = github:NixOS/nixos-hardware;
   };
 
-  outputs = args@{ home-manager, nixpkgs, agenix, ... }: with nixpkgs; {
+  outputs = args@{ home-manager, nixpkgs, agenix, nixos-hardware, ... }: with nixpkgs; {
   
       # Configurations for NixOS machines.
       nixosConfigurations =
@@ -41,6 +42,21 @@
             specialArgs = args;
           };
 
+          # Thinkpad
+          "lime" = lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = [
+              (mkUserConfig ./system/lime)
+              agenix.nixosModules.default
+              nixos-hardware.nixosModules.lenovo-thinkpad-x390
+              nixos-hardware.nixosModules.common-gpu-nvidia-disable
+              ./system/lime/core.nix
+              ./shared/core
+              ./shared/secrets.nix
+            ];
+            specialArgs = args;
+          };
+
         };
 
       # Configurations for non-NixOS machines.
@@ -60,4 +76,4 @@
     
   };
   
-}
+}

secrets.nix

@@ -2,10 +2,15 @@ let strawberry = [
       (builtins.readFile ./system/strawberry/keys/riley.pub)
       (builtins.readFile ./system/strawberry/keys/root.pub)
     ];
+    lime = [
+      (builtins.readFile ./system/lime/keys/riley.pub)
+      (builtins.readFile ./system/lime/keys/root.pub)
+    ];
     dev-lt-63 = [
       (builtins.readFile ./system/dev-lt-63/keys/riley.pub)
     ];
+    all = strawberry ++ lime ++ dev-lt-63;
 in {
   # Secrets for backup cloud storage provider
-  "secret/backblaze.age".publicKeys = strawberry ++ dev-lt-63;
+  "secret/backblaze.age".publicKeys = all;
 }

shared/core/gui.nix

@@ -12,7 +12,6 @@ in {
 
   config = lib.mkIf (cfg.enable) {
     hardware.opengl.enable = true;
-    hardware.nvidia.modesetting.enable = true;
 
     security.rtkit.enable = true;
 
@@ -21,7 +20,6 @@ in {
     services.xserver = {
       enable = true;
       displayManager.gdm.enable = true;
-      videoDrivers = [ "nvidia" ];
     };
 
     services.pipewire = {

shared/core/ssh.nix

@@ -4,14 +4,11 @@
 
   services.openssh = {
     enable = true;
-    settings.passwordAuthentication = false;
+    settings.PasswordAuthentication = false;
   };
 
   users.users."riley" = {
     packages = [ pkgs.openssh ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDroUHLf56zlYLiMoD1JV5XXZNwY9tftobDttC6hnfiM riley@dev-lt-63"
-    ];
   };
 
 }

shared/home/gui/sway.nix

@@ -53,12 +53,6 @@ in with lib; {
       # This is all required to get it to not die.
       enable = true;
       wrapperFeatures.gtk = true;
-      extraSessionCommands = ''
-        export WLR_NO_HARDWARE_CURSORS=1;
-        export WLR_RENDERER=vulkan;
-        export WLR_EGL_NO_MODIFIERS=1;
-      '';
-      extraOptions = [ "--unsupported-gpu" ];
       systemdIntegration = true;
 
       extraConfig = ''

shared/home/mpd.nix

@@ -1,8 +1,9 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 
 {
   services.mpd = {
     enable = true;
+    musicDirectory = "${config.home.homeDirectory}/music";
   };
 
   programs.ncmpcpp = {

system/lime/core.nix

@@ -0,0 +1,19 @@
+{ lib, modulesPath, ... }: {
+
+  imports = [./hardware-configuration.nix];
+
+  custom = {
+    gui.enable = true;
+    backups.enable = true;
+  };
+
+  networking.hostName = "lime";
+  networking.networkmanager.enable = true;
+
+  system.stateVersion = "22.11";
+  services.xserver.libinput.enable = true;
+
+  home-manager.users."riley".home.stateVersion = "22.11";
+
+}
+

system/lime/hardware-configuration.nix

@@ -0,0 +1,60 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  boot.loader.grub = {
+efiSupport = true;
+device = "nodev";
+	enable = true;
+};
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS-ROOT";
+      fsType = "btrfs";
+    };
+
+  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2745-1284";
+      fsType = "vfat";
+    };
+
+  swapDevices = [
+	{
+		device = "/swap/swapfile";
+		size = 16*1024;
+	}
+ ];
+
+# Hibernation
+# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
+boot.resumeDevice = "/dev/disk/by-label/NIXOS-ROOT";
+boot.kernelParams = [
+	# btrfs inspect-internal map-swapfile -r /swap/swapfile
+	"resume_offset=2630912"
+];
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

system/lime/home.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  custom.gui = {
+    enable = true;
+    bar = {
+      network.wifi = "wlp0s20f3";
+    };
+  };
+}

system/lime/keys/riley.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9GMwZQHCuD8vf3YGp/SSo5rHnQ56mwN6urpxLEK66 riley@lime

system/lime/keys/root.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime

system/strawberry/core.nix

@@ -47,4 +47,8 @@
   swapDevices = [
     { device = "/dev/nixos/swap"; }
   ];
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia.modesetting.enable = true;
+
 }

system/strawberry/home.nix

@@ -7,4 +7,14 @@
       network.eth = "enp9s0";
     };
   };
+
+  # Due to Hardware :tm: this is needed to get sway to not crash
+  wayland.windowManager.sway = {
+    extraSessionCommands = ''
+      export WLR_NO_HARDWARE_CURSORS=1;
+      export WLR_RENDERER=vulkan;
+      export WLR_EGL_NO_MODIFIERS=1;
+    '';
+    extraOptions = [ "--unsupported-gpu" ];
+  };
 }