Add laptop configuration

README.md

@@ -3,8 +3,10 @@ Using [colmena](https://github.com/zhaofengli/colmena)
 
 ## Hosts
 - `bloodletting`: Main server
+- `ritual`: NixOS laptop
 
 ### Manual setup on blank system/migrations
+Bloodletting:
 - `colmena apply` - deploy config
 - `passwd` - set user passwords
 - rsync state:
@@ -21,6 +23,16 @@ Using [colmena](https://github.com/zhaofengli/colmena)
     - `prometheus2`
   - `/home/ftp`  
 
+Ritual:
+- `colmena apply[-local]` - deploy config
+- `mkdir -p ~/.gnupg` - create directory for gnupg
+- manual configuration/login:
+  - Firefox
+    - Copy extension data
+  - Element
+  - Telegram Desktop
+  - Geary
+
 ### Rsyncd Modules
 Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
 

flake.lock

@@ -142,11 +142,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1678157206,
+        "lastModified": 1678284394,
-        "narHash": "sha256-LUOJ2KUK9oCV4aKxsAaJP9mskONxm9UIwpocI1/dpDA=",
+        "narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "136d1164e06c8ae6f23d611e8fcc2c3e53b9bd80",
+        "rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c",
         "type": "github"
       },
       "original": {
@@ -163,11 +163,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1678109311,
+        "lastModified": 1678271387,
-        "narHash": "sha256-Q64FoCH5rp3XHoC8u1+KyjLEFGTY7kX9YaIaYfugvfY=",
+        "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "04d6cad67557512452decbfe888c68fa11338a96",
+        "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1677932085,
+        "lastModified": 1677063315,
-        "narHash": "sha256-+AB4dYllWig8iO6vAiGGYl0NEgmMgGHpy9gzWJ3322g=",
+        "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3c5319ad3aa51551182ac82ea17ab1c6b0f0df89",
+        "rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
         "type": "github"
       },
       "original": {
@@ -347,11 +347,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1678072060,
+        "lastModified": 1678137616,
-        "narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=",
+        "narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560",
+        "rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8",
         "type": "github"
       },
       "original": {

flake.nix

@@ -22,7 +22,7 @@
         nixpkgs = import nixpkgs {
           system = "x86_64-linux";
           overlays = [
-            (self: super: { helix = helix.packages.${self.system}.default; })
+            (final: prev: { helix = helix.packages.${final.system}.default; })
           ];
         };
       };
@@ -53,6 +53,21 @@
           };
         };
       };
+
+      ritual = {
+        imports = [
+          ./common
+          ./hosts/ritual/configuration.nix
+          (import "${home-manager}/nixos")
+        ];
+
+        deployment = {
+          targetUser = "root";
+          targetHost = "ritual";
+
+          allowLocalDeployment = true;
+        };
+      };
     };
   };
 }

hosts/ritual/configuration.nix

@@ -0,0 +1,50 @@
+{ config, pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../common/fragments/graphical
+    ../../common/fragments/yubikey.nix
+    ../../common/home_manager/common.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  boot.loader.systemd-boot.configurationLimit = 5;
+
+  # Setup keyfile
+  boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
+
+  networking.hostName = "ritual";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    banner = ''
+      Hello mistress ^,,^
+    '';
+    passwordAuthentication = false;
+  };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.dnsname.enable = true;
+    };
+    oci-containers = { backend = "podman"; };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

hosts/ritual/hardware-configuration.nix

@@ -0,0 +1,50 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };
+
+  boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device =
+    "/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
+
+  # Enable swap on luks
+  boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device =
+    "/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
+  boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile =
+    "/crypto_keyfile.bin";
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/9A5C-CE17";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}