oh god what have i doneHEADmain

2 files changed, 126 insertions, 0 deletions

diff --git a/hosts/work/default.nix b/hosts/work/default.nix
new file mode 100644
index 0000000..c419fd9
--- /dev/null
+++ b/hosts/work/default.nix
@@ -0,0 +1,62 @@
+{config, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global
+    ../common/optional/wireless.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "work";
+
+  # Slows down write operations considerably
+  nix.settings.auto-optimise-store = false;
+
+  services = {
+    logind.extraConfig = ''
+      HandleLidSwitchExternalPower=ignore
+    '';
+  };
+
+  virtualisation.docker = {
+    enable = true;
+
+    daemon.settings = {
+      userland-proxy = false;
+      experimental = true;
+      metrics-addr = "0.0.0.0:9323";
+      ipv6 = true;
+      fixed-cidr-v6 = "fd00::/80";
+    };
+    # rootless = {
+    #   enable = true;
+    #   setSocketVariable = true;
+    # };
+    storageDriver = "btrfs";
+  };
+
+  users.users.sadbeast = {
+    hashedPasswordFile = config.sops.secrets.sadbeast-password.path;
+
+    extraGroups = ["docker"];
+
+    subUidRanges = [
+      {
+        startUid = 100000;
+        count = 65536;
+      }
+    ];
+    subGidRanges = [
+      {
+        startGid = 100000;
+        count = 65536;
+      }
+    ];
+  };
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/work/hardware-configuration.nix b/hosts/work/hardware-configuration.nix
new file mode 100644
index 0000000..f174382
--- /dev/null
+++ b/hosts/work/hardware-configuration.nix
@@ -0,0 +1,64 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+    fsType = "btrfs";
+    options = ["subvol=root"];
+  };
+
+  boot.initrd.luks.devices."work".device = "/dev/disk/by-uuid/7ce450be-7739-476e-9a8d-e25e57d8707f";
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+    fsType = "btrfs";
+    options = ["subvol=nix"];
+  };
+
+  fileSystems."/persistent" = {
+    device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+    fsType = "btrfs";
+    options = ["subvol=persistent"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A468-9833";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-label/swap";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking = {
+    useDHCP = lib.mkDefault true;
+    wireless = {
+      enable = true;
+      userControlled.enable = true;
+    };
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    graphics.enable = true;
+  };
+}