clean up and refactor more into OS snippets; bluetooth works on x13s

nix/os/devices/steveej-x13s/configuration.nix

@@ -10,31 +10,60 @@
 }:
 
 {
+  nixos-x13s = {
+    enable = true;
+    # TODO: use hardware address
+    bluetoothMac = "65:9e:7a:8b:86:28";
+  };
+
+  systemd.services.bluetooth-mac = {
+    enable = true;
+    path = [
+      pkgs.systemd
+      pkgs.util-linux
+      pkgs.bluez5-experimental
+      pkgs.expect
+    ];
+    script = ''
+      # TODO: this may not be required
+      while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do
+        echo Waiting for bluetooth firmware to complete
+        echo sleep 1
+      done
+
+      (
+        # best effort
+        set +e
+        rfkill block bluetooth
+        echo $?
+        btmgmt public-addr ${config.nixos-x13s.bluetoothMac}
+        echo $?
+        rfkill unblock bluetooth
+        echo $?
+      )
+    '';
+    requiredBy = [ "bluetooth.service" ];
+    before = [ "bluetooth.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+
+      # we need a tty, otherwise btmgmt will hang
+      StandardInput = "tty";
+      TTYPath = "/dev/tty2";
+      TTYReset = "yes";
+      TTYVHangup = "yes";
+    };
+  };
+
   imports = [
+    nodeFlake.inputs.nixos-x13s.nixosModules.default
+
     repoFlake.inputs.sops-nix.nixosModules.sops
     nodeFlake.inputs.disko.nixosModules.disko
     ./disko.nix
 
-    repoFlake.nixosModules.thinkpad-x13s
-
-    ../../profiles/common/pkg.nix
-
-    {
-      # flake registry
-      nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
-
-      nix.nixPath = [
-        "nixpkgs=${pkgs.path}"
-      ];
-
-      nix.settings.experimental-features = [
-        "nix-command"
-        "flakes"
-      ];
-
-      nix.settings.max-jobs = lib.mkDefault "auto";
-    }
-
+    ../../snippets/nix-settings.nix
     ../../profiles/common/user.nix
 
     {
@@ -42,30 +71,23 @@
       services.openssh.settings.PermitRootLogin = "yes";
       services.openssh.openFirewall = true;
 
-      # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
-      # sops.defaultSopsFormat = "yaml";
+      sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
+      sops.defaultSopsFormat = "yaml";
 
       users.commonUsers = {
         enable = true;
         enableNonRoot = true;
-        installPassword = "install";
       };
     }
 
-    nodeFlake.inputs.home-manager.nixosModules.home-manager
 
+    ../../snippets/home-manager-with-zsh.nix
     ../../snippets/sway-desktop.nix
+    ../../snippets/bluetooth.nix
     ../../snippets/timezone.nix
     # ../../snippets/radicale.nix
   ];
 
-  hardware.thinkpad-x13s = {
-    enable = true;
-
-    # TODO: use hardware address
-    bluetoothMac = "65:9e:7a:8b:86:28";
-  };
-
   networking.hostName = nodeName;
   networking.firewall.enable = true;
   networking.networkmanager.enable = true;
@@ -93,12 +115,23 @@
       ../../../home-manager/configuration/graphical-fullblown.nix
     ];
 
-    # seems to be broke on install
-    programs.chromium.enable = lib.mkForce false;
-
     home.sessionVariables = { };
 
     home.packages = with pkgs; [
     ];
+
+    # TODO: currently unsupported
+    services.gammastep.enable = lib.mkForce false;
+    # programs.chromium.enable = lib.mkForce false;
+  };
+
+  boot = {
+    kernelParams = [
+      "dtb=sc8280xp-lenovo-thinkpad-x13s.dtb"
+    ];
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = lib.mkForce false;
+    loader.efi.efiSysMountPoint = "/boot";
+    blacklistedKernelModules = [ "wwan" ];
   };
 }