hosts/miyagi: init

hosts/default.nix

@@ -14,6 +14,7 @@
     # ./installer
     ./ude
     ./kogata
+    ./miyagi
   ];
 
   builders =

hosts/miyagi/default.nix

@@ -0,0 +1,91 @@
+{
+  configurations.nixos.miyagi =
+    {
+      config,
+      pkgs,
+      username,
+      ...
+    }:
+    {
+      imports = [
+        ./sway.nix
+        ./disks.nix
+      ];
+      nixpkgs.hostPlatform = "x86_64-linux";
+
+      boot.kernelModules = [
+        "kvm-intel"
+        "i2c-dev"
+      ];
+
+      boot = {
+        loader.systemd-boot.enable = true;
+        loader.efi.canTouchEfiVariables = true;
+      };
+
+      powerManagement.cpuFreqGovernor = "performance";
+
+      networking.networkmanager.enable = true;
+
+      zramSwap.enable = true;
+      boot.kernel.sysctl."kernel.sysrq" = 1;
+
+      age.secrets.niko-pass.file = ../../secrets/miyagi-niko-pass.age;
+      users.users.${username} = {
+        hashedPasswordFile = config.age.secrets.niko-pass.path;
+        extraGroups = [
+          "libvirtd"
+          "i2c"
+          "networkmanager"
+        ];
+      };
+
+      settei.user.config = {
+        common.desktop.enable = true;
+        home.packages = [ pkgs.slack ];
+        programs.git.userEmail = "nrabulinski@antmicro.com";
+        # TODO: Move to common?
+        xdg.mimeApps = {
+          enable = true;
+          defaultApplications = {
+            "x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
+            "x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
+            "x-scheme-handler/chrome" = "org.qutebrowser.qutebrowser.desktop";
+            "text/html" = "org.qutebrowser.qutebrowser.desktop";
+            "application/x-extension-htm" = "org.qutebrowser.qutebrowser.desktop";
+            "application/x-extension-html" = "org.qutebrowser.qutebrowser.desktop";
+            "application/x-extension-shtml" = "org.qutebrowser.qutebrowser.desktop";
+            "application/xhtml+xml" = "org.qutebrowser.qutebrowser.desktop";
+            "application/x-extension-xhtml" = "org.qutebrowser.qutebrowser.desktop";
+            "application/x-extension-xht" = "org.qutebrowser.qutebrowser.desktop";
+            "application/pdf" = "org.qutebrowser.qutebrowser.desktop";
+          };
+        };
+      };
+      common.incus.enable = true;
+
+      services.udisks2.enable = true;
+      services.printing = {
+        enable = true;
+        drivers = [ pkgs.brlaser ];
+      };
+      services.avahi = {
+        enable = true;
+        nssmdns4 = true;
+      };
+      hardware.bluetooth = {
+        enable = true;
+        settings.General.ControllerMode = "bredr";
+      };
+      hardware.keyboard.qmk.enable = true;
+
+      systemd.coredump.enable = true;
+
+      # Needed for enableAllFirmware
+      nixpkgs.config.allowUnfree = true;
+      hardware = {
+        enableAllFirmware = true;
+        cpu.intel.updateMicrocode = true;
+      };
+    };
+}

hosts/miyagi/disks.nix

@@ -0,0 +1,83 @@
+args:
+let
+  bootDevice = args.bootDevice or "/dev/nvme0n1";
+in
+{
+  disko.devices.disk.bootDisk = {
+    type = "disk";
+    device = bootDevice;
+    content = {
+      type = "gpt";
+      partitions = {
+        esp = {
+          label = "ESP";
+          priority = 3;
+          type = "EF00";
+          start = "1MiB";
+          end = "512MiB";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        };
+        nixos = {
+          label = "primary";
+          priority = 1;
+          start = "512MiB";
+          end = "-8G";
+          content = {
+            type = "btrfs";
+            extraArgs = [ "-f" ];
+            subvolumes =
+              let
+                mountOptions = [
+                  "compress=zstd"
+                  "noatime"
+                ];
+              in
+              {
+                "/root" = {
+                  inherit mountOptions;
+                  mountpoint = "/";
+                };
+                "/home" = {
+                  inherit mountOptions;
+                  mountpoint = "/home";
+                };
+                "/nix" = {
+                  inherit mountOptions;
+                  mountpoint = "/nix";
+                };
+                "/persist" = {
+                  inherit mountOptions;
+                  mountpoint = "/persist";
+                };
+                "/log" = {
+                  inherit mountOptions;
+                  mountpoint = "/var/log";
+                };
+              };
+          };
+        };
+        swap = {
+          label = "swap";
+          priority = 2;
+          size = "100%";
+          content.type = "swap";
+        };
+      };
+    };
+  };
+
+  fileSystems."/var/log".neededForBoot = true;
+
+  fileSystems."/bulk" = {
+    device = "/dev/disk/by-label/bulk";
+    fsType = "btrfs";
+    options = [
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+}

hosts/miyagi/sway.nix

@@ -0,0 +1,133 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services.greetd = {
+    enable = true;
+    settings.default_session = {
+      command = "${lib.getExe pkgs.greetd.tuigreet} --time --cmd ${lib.getExe config.programs.sway.package}";
+      user = "niko";
+    };
+  };
+
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.base = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  security.pam.services.swaylock = { };
+  xdg.portal.config.common.default = "*";
+
+  settei.user.config =
+    { config, ... }:
+    {
+      home.packages = with pkgs; [
+        (writeShellApplication {
+          name = "lock";
+          text = ''
+            swaymsg output '*' power off
+            swaylock -c 000000
+            swaymsg output '*' power on
+          '';
+        })
+        (writeShellApplication {
+          name = "screenshot";
+          runtimeInputs = [
+            slurp
+            grim
+            wl-clipboard
+          ];
+          text = ''
+            grim -g "$(slurp)" - | \
+              wl-copy -t image/png
+          '';
+        })
+        # Bitwarden stuff, move to separate module or properly package?
+        # Maybe use some other input method?
+        (rofi-rbw.override { waylandSupport = true; })
+        rbw
+        pinentry.curses
+      ];
+
+      wayland.windowManager.sway =
+        let
+          mod = config.wayland.windowManager.sway.config.modifier;
+        in
+        {
+          enable = true;
+          package = null;
+          config.terminal = "wezterm";
+          config.modifier = "Mod4";
+          config.fonts.names = [ "Iosevka Nerd Font" ];
+          config.keybindings = lib.mkOptionDefault {
+            "${mod}+b" = "exec rofi-rbw --selector rofi";
+            "${mod}+d" = "exec rofi -show drun";
+            "${mod}+Shift+s" = "exec screenshot";
+          };
+          config.keycodebindings = {
+            "${mod}+Shift+60" = "exec lock";
+          };
+          config.window.commands =
+            let
+              alwaysFloating = [
+                { window_role = "pop-up"; }
+                { window_role = "bubble"; }
+                { window_role = "dialog"; }
+                { window_type = "dialog"; }
+                { window_role = "task_dialog"; }
+                { window_type = "menu"; }
+                { app_id = "floating"; }
+                { app_id = "floating_update"; }
+                { class = "(?i)pinentry"; }
+                { title = "Administrator privileges required"; }
+                { title = "About Mozilla Firefox"; }
+                { window_role = "About"; }
+                {
+                  app_id = "firefox";
+                  title = "Library";
+                }
+              ];
+            in
+            map (criteria: {
+              inherit criteria;
+              command = "floating enable";
+            }) alwaysFloating;
+          config.output = {
+            "HDMI-A-1" = {
+              pos = "0 472";
+            };
+            "DP-1" = {
+              pos = "2560 0";
+              transform = "90";
+            };
+          };
+          config.input = {
+            "type:pointer" = {
+              accel_profile = "flat";
+              pointer_accel = "0.2";
+            };
+            "type:keyboard" = {
+              xkb_layout = "pl";
+            };
+          };
+          config.workspaceOutputAssign = [
+            {
+              workspace = "1";
+              output = "HDMI-A-1";
+            }
+            {
+              workspace = "2";
+              output = "DP-1";
+            }
+          ];
+        };
+      programs.rofi = {
+        enable = true;
+        package = pkgs.rofi-wayland;
+      };
+    };
+}

secrets/miyagi-niko-pass.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 g2vRWw 3mHAcu63Cw+hKbRkAQMlddIg071e+ggdU7lGWF3Lmmw
+K3NBGhpyON3JLa8kb46dJD6mY+4ZHYDO5v78uYUY96s
+-> ssh-ed25519 GKhvwg hm8EAsFbWe1OykH/uovSvmPJdVIQd91rcWvgjfIEPwg
+Wn1ywatZ7KCfxOhvoLXUGAA15nAobR6Qs+5xuOb51rM
+--- NS6E6N7YAmP+kTht3ZiqVEuyNsJzIumut4sppS7L6dQ
+a9ë¼3ÌØjm¶á;0pýû’lÀ;¨nçŽc CJÐë³HÔúH×ñ ìëʴÄ/ôM¶0¬¾º,kJoZŽ<5A>!¢‹¢´­µ?:^°D72ñÚZ5ao¡'Í4óžÙT09‹

secrets/secrets.nix

@@ -72,4 +72,8 @@ in
     keys.other.bootstrap
   ];
   "ntfy-alert-pass.age".publicKeys = (builtins.attrValues keys.system) ++ [ keys.other.bootstrap ];
+  "miyagi-niko-pass.age".publicKeys = [
+    keys.system.miyagi
+    keys.other.bootstrap
+  ];
 }