steveej-x13s-rmvbl: boring setup with copying the whole x13s flake

nix/os/devices/steveej-x13s-rmvbl/configuration.nix

@@ -10,9 +10,139 @@
 }:
 
 {
+  nixos-x13s = {
+    enable = true;
+    # TODO: use hardware address
+    bluetoothMac = "65:9e:7a:8b:86:28";
+  };
+
+  systemd.services.bluetooth-mac = {
+    enable = true;
+    path = [
+      pkgs.systemd
+      pkgs.util-linux
+      pkgs.bluez5-experimental
+      pkgs.expect
+    ];
+    script = ''
+      # TODO: this may not be required
+      while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do
+        echo Waiting for bluetooth firmware to complete
+        echo sleep 1
+      done
+
+      (
+        # best effort
+        set +e
+        rfkill block bluetooth
+        echo $?
+        btmgmt public-addr ${config.nixos-x13s.bluetoothMac}
+        echo $?
+        rfkill unblock bluetooth
+        echo $?
+      )
+    '';
+    requiredBy = [ "bluetooth.service" ];
+    before = [ "bluetooth.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+
+      # we need a tty, otherwise btmgmt will hang
+      StandardInput = "tty";
+      TTYPath = "/dev/tty2";
+      TTYReset = "yes";
+      TTYVHangup = "yes";
+    };
+  };
+
   imports = [
-    ../steveej-x13s/configuration.nix
+    nodeFlake.inputs.nixos-x13s.nixosModules.default
+
+    repoFlake.inputs.sops-nix.nixosModules.sops
+    nodeFlake.inputs.disko.nixosModules.disko
+    ./disko.nix
+
+    ../../snippets/nix-settings.nix
+    ../../profiles/common/user.nix
+
+    {
+      services.openssh.enable = true;
+      services.openssh.settings.PermitRootLogin = "yes";
+      services.openssh.openFirewall = true;
+
+      sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
+      sops.defaultSopsFormat = "yaml";
+
+      users.commonUsers = {
+        enable = true;
+        enableNonRoot = true;
+      };
+    }
+
+
+    ../../snippets/home-manager-with-zsh.nix
+    ../../snippets/sway-desktop.nix
+    ../../snippets/bluetooth.nix
+    ../../snippets/timezone.nix
+    ../../snippets/radicale.nix
   ];
 
-  users.commonUsers.installPassword = "install";
+  networking.hostName = nodeName;
+  networking.firewall.enable = true;
+  networking.networkmanager.enable = true;
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = [
+    pkgs.sshfs
+    pkgs.util-linux
+    pkgs.coreutils
+    pkgs.vim
+
+    pkgs.git
+    pkgs.git-crypt
+  ];
+
+  system.stateVersion = "23.11";
+  home-manager.users.root = _: {
+    home.stateVersion = "23.11";
+  };
+  home-manager.users.steveej = _: {
+    home.stateVersion = "23.11";
+
+    imports = [
+      ../../../home-manager/configuration/graphical-fullblown.nix
+    ];
+
+    home.sessionVariables = { };
+
+    home.packages = with pkgs; [
+    ];
+
+    # TODO: currently unsupported
+    services.gammastep.enable = lib.mkForce false;
+    # programs.chromium.enable = lib.mkForce false;
+  };
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = lib.mkForce false;
+    loader.efi.efiSysMountPoint = "/boot";
+    blacklistedKernelModules = [ "wwan" ];
+  };
+
+  # see https://linrunner.de/tlp/
+  services.tlp = {
+    enable = true;
+    settings = {
+      START_CHARGE_THRESH_BAT0 = "80";
+      STOP_CHARGE_THRESH_BAT0 = "85";
+    };
+  };
+
+  # android on linux
+  virtualisation.waydroid.enable = true;
+  virtualisation.podman.enable = true;
+  virtualisation.podman.dockerCompat = true;
 }