13 files changed, 210 insertions, 0 deletions
diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix
new file mode 100644
index 0000000..04d45ee
--- /dev/null
+++ b/hosts/aptos/default.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, hostname, ... }:
+
+{
+  imports = [ # Include the results of the hardware scan.
+    ./hardware.nix
+    ./sound.nix
+    ./networking.nix
+    ./profile.nix
+    ./home.nix
+    ./services.nix
+  ];
+
+  virtualisation.docker = { enable = true; };
+
+  virtualisation.containerd = {
+    enable = true;
+    settings = {
+      plugins."io.containerd.grpc.v1.cri" = {
+        containerd.snapshotter = "overlayfs";
+      };
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+}
+
diff --git a/hosts/aptos/hardware.nix b/hosts/aptos/hardware.nix
new file mode 100644
index 0000000..085db9f
--- /dev/null
+++ b/hosts/aptos/hardware.nix
@@ -0,0 +1,45 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
+    fsType = "btrfs";
+    options = [ "subvol=nixos" ];
+  };
+
+  boot.initrd.luks.devices."system".device =
+    "/dev/disk/by-uuid/c83a8db7-4215-4864-8a46-b8ca839d8c05";
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
+    fsType = "btrfs";
+    options = [ "subvol=home" ];
+  };
+
+  fileSystems."/.snapshots" = {
+    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
+    fsType = "btrfs";
+    options = [ "subvol=snapshots" ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/42D9-6EA8";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/24041034-ff39-44bf-a04c-8fd8318b554d"; }];
+
+  my.hardware.intel.enable = true;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/hosts/aptos/home.nix b/hosts/aptos/home.nix
new file mode 100644
index 0000000..d7a6545
--- /dev/null
+++ b/hosts/aptos/home.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+  my.home = {
+    packages.enable = true;
+    bluetooth.enable = true;
+    element.enable = true;
+    zsh.enable = true;
+    git.enable = true;
+    go.enable = true;
+    python.enable = true;
+    scanner.enable = true;
+    tmux.enable = true;
+    yt-dlp.enable = true;
+  };
+}
diff --git a/hosts/aptos/networking.nix b/hosts/aptos/networking.nix
new file mode 100644
index 0000000..111fbe7
--- /dev/null
+++ b/hosts/aptos/networking.nix
@@ -0,0 +1,38 @@
+{ lib, ... }:
+
+{
+  # Use systemd-networkd for networking
+  systemd.network = {
+    enable = true;
+    networks = {
+      wlan0 = {
+        matchConfig.Name = "wlan0";
+        networkConfig = { DHCP = "yes"; };
+        extraConfig = ''
+          [DHCPv4]
+          UseDNS=yes
+          UseDomains=yes
+        '';
+      };
+    };
+  };
+
+  networking = {
+    hostName = "aptos";
+    useNetworkd = true;
+    useDHCP = false;
+    private-wireguard.enable = true;
+  };
+
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [ ];
+
+  # Use systemd-resolved
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
+
+  my.hardware.networking.wireless.enable = true;
+  my.services.tailscale.enable = true;
+}
diff --git a/hosts/aptos/profile.nix b/hosts/aptos/profile.nix
new file mode 100644
index 0000000..4e5b48d
--- /dev/null
+++ b/hosts/aptos/profile.nix
@@ -0,0 +1,14 @@
+{ ... }: {
+
+  # Install tools related to the scanner (scanimage etc)
+  hardware.sane.enable = true;
+
+  my.profiles = {
+    # Laptop specific configuration
+    laptop.enable = true;
+    bluetooth.enable = true;
+    desktop.enable = true;
+    multimedia.enable = true;
+    trusted.enable = true;
+  };
+}
diff --git a/hosts/aptos/secrets/gcloud/world-nix.age b/hosts/aptos/secrets/gcloud/world-nix.age
new file mode 100644
index 0000000..a8b51b2
--- /dev/null
+++ b/hosts/aptos/secrets/gcloud/world-nix.age
diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age
new file mode 100644
index 0000000..59c435a
--- /dev/null
+++ b/hosts/aptos/secrets/restic/repo-users.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg 5MAt41NmpX7UB+6zxI8NHrXpjvsn0iiEaUDwgt4RWDQ
+40RuB49FnH8WkPptwfiC4Es5b8JkI5PT6eau0f2wtOI
+-> ssh-ed25519 +LF+iw kchufYdtZ4Zp3fT58mFxbe033PLCPHXvMBwdR+xTTFM
+Kya9nVBHiVuDD5DJPQfsl3c5V64uCJb2nbPhWfbFqnA
+-> '-grease a3~x=^
+bn2D2ZS3fW4a42Au7J95HAQPE9IBGOULmNKH6XFWKNi+BzWiG3yo37MOog
+--- jvVR43MbkXMwylmHM3IrKwGjfnL8TdnWRoIrUergBC4
+Us9��������'��`}�m�)N��=~/�}��TDQM�u������v$�
+\ No newline at end of file
diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
new file mode 100644
index 0000000..9e503b2
--- /dev/null
+++ b/hosts/aptos/secrets/secrets.nix
@@ -0,0 +1,28 @@
+let
+  fcuny =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
+  aptos =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTcPGaiL+/Mwl8JzLHrBwas7QvWPjix4lnaAA1tw+5t";
+in {
+  "wireguard_privatekey.age".publicKeys = [ fcuny aptos ];
+
+  "syncthing/key.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
+
+  "syncthing/cert.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
+
+  "restic/repo-users.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
+
+  "gcloud/world-nix.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
+}
diff --git a/hosts/aptos/secrets/syncthing/cert.age b/hosts/aptos/secrets/syncthing/cert.age
new file mode 100644
index 0000000..33c6645
--- /dev/null
+++ b/hosts/aptos/secrets/syncthing/cert.age
diff --git a/hosts/aptos/secrets/syncthing/key.age b/hosts/aptos/secrets/syncthing/key.age
new file mode 100644
index 0000000..4e5c123
--- /dev/null
+++ b/hosts/aptos/secrets/syncthing/key.age
diff --git a/hosts/aptos/secrets/wireguard_privatekey.age b/hosts/aptos/secrets/wireguard_privatekey.age
new file mode 100644
index 0000000..17559c3
--- /dev/null
+++ b/hosts/aptos/secrets/wireguard_privatekey.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg FHZdyNsEtCMF7rNUGO7TauqsMfwDDGwcp9Qm0Ol9e1g
+RmWlyqW2jq3WkfRRmbGpaT/gre3ZSqQp4+lYEgXszAM
+-> ssh-ed25519 +LF+iw ZmLkAMA1NOAwFMoCa0keA4K8VIo+hnTctFCWVaQbFWI
+mm91OaR6HC/W6Wml+AYwnKN1nzOmqt43VpEzv6SYKFE
+-> $.%v/-grease R
+sVPs8WkXy+KnPioNwaun9oDe6k5ZvDQr7Km/6xIKmrOQkaEzflrLJXgj4GdmByki
+KktJM38SRPKiBhW757c
+--- Y3jxOsnE/O8pGbt3P85sz1ZQ5uHzmIjozAzSvmhimHA
+V��sk����¾�\�븡Ф����B��ȴRO���Y�x�y�+���!�m3;!{����HC�;�A�}��
+\ No newline at end of file
diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix
new file mode 100644
index 0000000..a2210e2
--- /dev/null
+++ b/hosts/aptos/services.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+let secrets = config.age.secrets;
+in {
+  my.services = {
+    backup = {
+      enable = true;
+      user = "fcuny";
+      repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny";
+      exclude = [
+        "/home/fcuny/.cache"
+        "/home/fcuny/downloads"
+        "/home/fcuny/workspace/linux.git"
+      ];
+      timerConfig = { OnCalendar = "06:30"; };
+      passwordFile = secrets."restic/repo-users".path;
+      paths = [ "/home/fcuny" ];
+    };
+  };
+}
diff --git a/hosts/aptos/sound.nix b/hosts/aptos/sound.nix
new file mode 100644
index 0000000..947f9cd
--- /dev/null
+++ b/hosts/aptos/sound.nix
@@ -0,0 +1 @@
+{ ... }: { my.hardware.sound = { pipewire = { enable = true; }; }; }