From 02bb843015deae18200bcea7850912c704db9dec Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Fri, 7 Jan 2022 20:44:10 +0100
Subject: [PATCH] init pa600

---
 nix/os/devices/steveej-pa600/boot.nix         |  8 +++
 .../devices/steveej-pa600/configuration.nix   | 14 +++++
 nix/os/devices/steveej-pa600/hw.nix           | 26 ++++++++++
 nix/os/devices/steveej-pa600/pkg.nix          | 12 +++++
 nix/os/devices/steveej-pa600/system.nix       | 52 +++++++++++++++++++
 nix/os/devices/steveej-pa600/user.nix         | 15 ++++++
 nix/os/devices/steveej-pa600/versions.nix     | 30 +++++++++++
 .../devices/steveej-pa600/versions.tmpl.nix   | 30 +++++++++++
 8 files changed, 187 insertions(+)
 create mode 100644 nix/os/devices/steveej-pa600/boot.nix
 create mode 100644 nix/os/devices/steveej-pa600/configuration.nix
 create mode 100644 nix/os/devices/steveej-pa600/hw.nix
 create mode 100644 nix/os/devices/steveej-pa600/pkg.nix
 create mode 100644 nix/os/devices/steveej-pa600/system.nix
 create mode 100644 nix/os/devices/steveej-pa600/user.nix
 create mode 100644 nix/os/devices/steveej-pa600/versions.nix
 create mode 100644 nix/os/devices/steveej-pa600/versions.tmpl.nix

diff --git a/nix/os/devices/steveej-pa600/boot.nix b/nix/os/devices/steveej-pa600/boot.nix
new file mode 100644
index 0000000..2f5f8ea
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/boot.nix
@@ -0,0 +1,8 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false; 
+}
diff --git a/nix/os/devices/steveej-pa600/configuration.nix b/nix/os/devices/steveej-pa600/configuration.nix
new file mode 100644
index 0000000..b78c268
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/configuration.nix
@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  imports = [
+    ../../profiles/common/configuration.nix
+    ../../profiles/graphical/configuration.nix
+    ../../modules/opinionatedDisk.nix
+
+    ./system.nix
+    ./hw.nix
+    ./pkg.nix
+    ./user.nix
+  ];
+}
diff --git a/nix/os/devices/steveej-pa600/hw.nix b/nix/os/devices/steveej-pa600/hw.nix
new file mode 100644
index 0000000..53d8f19
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/hw.nix
@@ -0,0 +1,26 @@
+{ ... }:
+
+let
+  stage1Modules =  [
+    "aesni_intel"
+    "kvm-intel"
+    "aes_x86_64"
+
+    "xhci_pci"
+    "hxci_hcd"
+  ];
+
+in
+{
+  # TASK: new device
+  hardware.opinionatedDisk = {
+    enable = true;
+    encrypted = true;
+    diskId = "ata-TOSHIBA_MK1652GSX_Y8B9CL6XT";
+  };
+
+  # boot.initrd.availableKernelModules = stage1Modules;
+  boot.initrd.kernelModules = stage1Modules;
+  boot.extraModprobeConfig = ''
+  '';
+}
diff --git a/nix/os/devices/steveej-pa600/pkg.nix b/nix/os/devices/steveej-pa600/pkg.nix
new file mode 100644
index 0000000..01b4cba
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/pkg.nix
@@ -0,0 +1,12 @@
+{ pkgs
+, ...
+}:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+  home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
+  services.teamviewer.enable = true;
+  system.stateVersion = "20.09";
+}
diff --git a/nix/os/devices/steveej-pa600/system.nix b/nix/os/devices/steveej-pa600/system.nix
new file mode 100644
index 0000000..e2c9cfd
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/system.nix
@@ -0,0 +1,52 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+in {
+
+  # TASK: new device
+  networking.hostName = "steveej-pa600"; # Define your hostname.
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [
+      hplip
+      mfcl3770cdw.driver
+      mfcl3770cdw.cupswrapper
+    ];
+  };
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  security.pki.certificateFiles = [
+    "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  ];
+
+  services.xserver.videoDrivers = [ "modesetting" ];
+  services.xserver.serverFlagsSection = ''
+    Option "BlankTime" "0"
+    Option "StandbyTime" "0"
+    Option "SuspendTime" "0"
+    Option "OffTime" "0"
+  '';
+
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+
+  hardware.ledger.enable = true;
+}
diff --git a/nix/os/devices/steveej-pa600/user.nix b/nix/os/devices/steveej-pa600/user.nix
new file mode 100644
index 0000000..f07b2ac
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/user.nix
@@ -0,0 +1,15 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  passwords = import ../../../variables/passwords.crypt.nix;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in {
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  };
+}
diff --git a/nix/os/devices/steveej-pa600/versions.nix b/nix/os/devices/steveej-pa600/versions.nix
new file mode 100644
index 0000000..6f983f2
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/versions.nix
@@ -0,0 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "cb7c39605051c7b268f8e0c5c47818a06b5d88c5";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "22f6736e628958f05222ddaadd7df7818fe8f59d";
+  };
+}
diff --git a/nix/os/devices/steveej-pa600/versions.tmpl.nix b/nix/os/devices/steveej-pa600/versions.tmpl.nix
new file mode 100644
index 0000000..09f95fd
--- /dev/null
+++ b/nix/os/devices/steveej-pa600/versions.tmpl.nix
@@ -0,0 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}