holy moly we're almost there

hosts/bootstrap.nix

@@ -0,0 +1,18 @@
+{ profiles, ... }:
+{
+  # build with: `bud build bootstrap bootstrapIso`
+  # reachable on the local link via ssh root@fe80::47%eno1
+  # where 'eno1' is replaced by your own machine's network
+  # interface that has the local link to the target machine
+  imports = [
+    # profiles.networking
+    profiles.core
+    profiles.users.root # make sure to configure ssh keys
+    profiles.users.nixos
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+
+  # will be overridden by the bootstrapIso instrumentation
+  fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
+}

hosts/box/configuration.nix

@@ -0,0 +1,95 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    version = 2;
+    efiSupport = true;
+    enableCryptodisk = true;
+    efiInstallAsRemovable = true;
+  };
+
+  boot.initrd.secrets = {
+    "/keyfile0.bin" = /etc/secrets/initrd/keyfile0.bin;
+    "/keyfile1.bin" = /etc/secrets/initrd/keyfile1.bin;
+  };
+
+  boot.initrd.luks.devices = {
+    "root" = {
+      #name = "root";
+      device = "/dev/disk/by-uuid/f37f3222-47d7-42d8-b400-363320a31853"; # UUID for /dev/nvme01np2 
+      preLVM = true;
+      allowDiscards = true;
+      keyFile = "/keyfile0.bin";
+    };
+  };
+
+  # Data mount
+  # fileSystems."/data" = {
+  #   device = "/dev/disk/by-uuid/3276a297-9ee4-4998-b262-1ed100366c06"; # UUID for /dev/mapper/crypted-data
+  #   encrypted = {
+  #     enable = true;
+  #     label = "crypted-data";
+  #     blkDev = "/dev/disk/by-uuid/8a317bf4-fe13-4334-a6df-5fe5a5048b5e"; # UUID for /dev/sda1
+  #     keyFile = "/keyfile1.bin";
+  #   };
+  # };
+
+  networking.interfaces.enp2s0 = {
+    ipv4.addresses = [{
+      address = "192.168.1.240";
+      prefixLength = 24;
+    }];
+    ipv4.routes = [{ address = "192.168.1.0"; prefixLength = 24; via = "192.168.1.1"; }];
+    useDHCP = false;
+  };
+  #networking.nameservers = [ "172.16.11.240" ];
+  networking.nameservers = [ "192.168.1.1" ];
+  networking.defaultGateway = {
+    address = "192.168.1.1";
+    interface = "enp2s0";
+  };
+
+  networking.hostName = "box"; # Define your hostname.
+  # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.wlp3s0.useDHCP = true;
+
+  # Set your time zone.
+  time.timeZone = "Australia/Brisbane";
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  sound.enable = false;
+
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.pinentryFlavor = "curses";
+  programs.gnupg.agent.enableSSHSupport = true;
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.09"; # Did you read the comment?
+
+}
+

hosts/box/default.nix

@@ -0,0 +1,49 @@
+{ self, pkgs, profiles, suites, ... }:
+{
+  imports = [
+    ./configuration.nix
+  ] ++ suites.mossnet;
+
+  home-manager.users.anish = { self, suites, ... }: {
+    imports = [ ] ++ suites.hmBase;
+  };
+
+  # For some reason this doesn't work in the profile, but does over here??
+  # Something weird in the way I'm importing nixpkgs in the profile or something
+  services."grasp".enable = true;
+  services."grasp".path = "/home/anish/kitaab/grasp/grasp.wiki";
+  services."grasp".user = "anish";
+
+  # Backups
+  age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
+  services.postgresqlBackup = {
+    enable = true;
+    databases = [ "wallabag" ];
+    location = "/var/backup/postgresql";
+  };
+  mossnet.backup = {
+    enable = true;
+    name = "mossnet";
+    paths = [
+      "/var/lib/taskserver" # taskwarrior
+      "/var/www/shaarli-config" # sharli
+      "/var/backup/postgresql" # wallabag
+      "/var/lib/radicale" # radicale
+      "/home/anish/usr/drawing" # syncthing
+      "/home/anish/usr/nonfiction" # syncthing
+      "/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul 
+    ];
+    # seafile
+  };
+
+  age.secrets.box-wg.file = "${self}/secrets/box-wg.age";
+  age.secrets.box-wg.owner = "anish";
+  mossnet.wg = {
+    enable = true;
+    ips = [ "10.0.69.4/24" ];
+    privateKeyFile = "/run/agenix/box-wg";
+  };
+  services.syncthing.guiAddress = "0.0.0.0:8384"; # public syncthing
+
+  system.stateVersion = "19.09";
+}

hosts/box/hardware-configuration.nix

@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "thunderbolt" "uas" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/ade0752d-84d3-4e39-865b-9027ba2d5c67";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/1715-278E";
+      fsType = "vfat";
+    };
+
+  fileSystems."/mnt/one" =
+    {
+      device = "/dev/disk/by-uuid/0f857c6e-509d-436f-9e78-bc25f1b0d23b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/mnt/two" =
+    {
+      device = "/dev/disk/by-uuid/5bc894bf-ed87-4c30-aab4-87e154e0cd08";
+      fsType = "ext4";
+    };
+
+  fileSystems."/mnt/three" =
+    {
+      device = "/dev/disk/by-uuid/0be3ded1-9c8b-40aa-94ca-dc2297d5988e";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/b790abb4-ba5f-4476-8f09-b0fc575414aa"; }];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/cube/configuration.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  networking.hostName = "cube"; # Define your hostname.
+  time.timeZone = "Australia/Brisbane";
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    gitAndTools.gitFull
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+}
+

hosts/cube/default.nix

@@ -0,0 +1,10 @@
+{ profiles, suites, ... }:
+{
+  imports = [
+    ./configuration.nix
+  ] ++ suites.cube;
+
+  home-manager.users.anish = { self, suites, ... }: {
+    imports = [ ] ++ suites.hmBase;
+  };
+}

hosts/cube/hardware-configuration.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9233d8be-539f-43c8-9b83-84b5b4d72a93";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E00D-9070";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/curve/configuration.nix

@@ -0,0 +1,50 @@
+{
+  imports = [ ./hardware-configuration.nix ];
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  # Minimal list of modules to use the EFI system partition and the YubiKey
+  boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
+
+  # Enable support for the YubiKey PBA
+  boot.initrd.luks.yubikeySupport = true;
+
+  # Configuration to use your Luks device
+  boot.initrd.luks.devices = {
+    "crypthome" = {
+      device = "/dev/sda2";
+      preLVM = true; # You may want to set this to false if you need to start a network service first
+      yubikey = {
+        slot = 2;
+        twoFactor = true; # Set to false if you did not set up a user password.
+        storage = {
+          device = "/dev/sda1";
+        };
+      };
+    };
+  };
+  networking.hostName = "curve";
+  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  time.timeZone = "Australia/Brisbane";
+
+  networking.useDHCP = false;
+  networking.interfaces.enp0s31f6.useDHCP = true;
+  networking.interfaces.wlp3s0.useDHCP = true;
+  networking.wireless.enable = true;
+  networking.wireless.interfaces = [ "wlp3s0" ];
+  networking.wireless.userControlled.enable = true;
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  sound.enable = true;
+
+  services.xserver.libinput.enable = true;
+}

hosts/curve/curve.nix

@@ -0,0 +1,16 @@
+{ profiles, suites, ... }:
+{
+  imports = [
+    profiles.core
+    profiles.users.anish
+    profiles.hardware.curve # how else to deal with hardware?
+  ];
+
+  bud.enable = true;
+
+  # Speed up boot by removing dependency on network 
+  systemd = {
+    targets.network-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"]
+    services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["network-online.target"]
+  };
+}

hosts/curve/default.nix

@@ -0,0 +1,152 @@
+{ self, profiles, suites, ... }:
+{
+  imports = [
+    ./configuration.nix
+    profiles.mossnet-hosts
+  ] ++ suites.curve;
+
+  home-manager.users.anish = { suites, ... }: {
+    imports = suites.gui;
+  };
+
+  programs.gnupg.agent.pinentryFlavor = "gnome3";
+
+  fileSystems."/mnt/ftp" = {
+    device = "192.168.1.240:/home/ftp";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  fileSystems."/mnt/tv" = {
+    device = "192.168.1.240:/mnt/three/tv";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  fileSystems."/mnt/movies" = {
+    device = "192.168.1.240:/mnt/three/movies";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  # lazy enable of ports necessary for KDE connect which is installed via cli home profile (for some reason?)
+  networking.firewall = {
+    allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
+    allowedUDPPortRanges = [{ from = 1714; to = 1764; }];
+  };
+
+  age.secrets.curve-wg.file = "${self}/secrets/curve-wg.age";
+  age.secrets.curve-wg.owner = "anish";
+  mossnet.wg = {
+    enable = true;
+    ips = [ "10.0.69.2/24" ];
+    privateKeyFile = "/run/agenix/curve-wg";
+  };
+
+  age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
+  mossnet.backup = {
+    enable = true;
+    name = "curve";
+    paths = [ "/home/anish" ];
+  };
+
+  # enable adb 
+  # TODO move this (it's for KaiOS WebIDE devShell?)
+  programs.adb.enable = true;
+  #virtualisation.docker.enable = true;
+  boot.blacklistedKernelModules = [ "qcserial" ];
+  # Used for packer Capsul
+  users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" ];
+  virtualisation.libvirtd.enable = true;
+  hardware.keyboard.zsa.enable = true;
+  services.udev.extraRules = ''
+    # Qualcomm EDL
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="9008", MODE="0666", GROUP="plugdev"
+
+    # Qualcomm Memory Debug
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="9006", MODE="0666", GROUP="plugdev"
+
+    # Atmel DFU
+    ### ATmega16U2
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2fef", TAG+="uaccess"
+    ### ATmega32U2
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", TAG+="uaccess"
+    ### ATmega16U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff3", TAG+="uaccess"
+    ### ATmega32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", TAG+="uaccess"
+    ### AT90USB64
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff9", TAG+="uaccess"
+    ### AT90USB162
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffa", TAG+="uaccess"
+    ### AT90USB128
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", TAG+="uaccess"
+
+    # Input Club
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c11", ATTRS{idProduct}=="b007", TAG+="uaccess"
+
+    # STM32duino
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="0003", TAG+="uaccess"
+    # STM32 DFU
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+    # BootloadHID
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", TAG+="uaccess"
+
+    # USBAspLoader
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", TAG+="uaccess"
+
+    # ModemManager should ignore the following devices
+    # Atmel SAM-BA (Massdrop)
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+    # Caterina (Pro Micro)
+    ## pid.codes shared PID
+    ### Keyboardio Atreus 2 Bootloader
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2302", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Spark Fun Electronics
+    ### Pro Micro 3V3/8MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9203", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Pro Micro 5V/16MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9205", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### LilyPad 3V3/8MHz (and some Pro Micro clones)
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Pololu Electronics
+    ### A-Star 32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="0101", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Arduino SA
+    ### Leonardo
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Micro
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Adafruit Industries LLC
+    ### Feather 32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000c", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### ItsyBitsy 32U4 3V3/8MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000d", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### ItsyBitsy 32U4 5V/16MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000e", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## dog hunter AG
+    ### Leonardo
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Micro
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+    # hid_listen
+    KERNEL=="hidraw*", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
+
+    # hid bootloaders
+    ## QMK HID
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2067", TAG+="uaccess"
+    ## PJRC's HalfKay
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0478", TAG+="uaccess"
+  '';
+
+  # enable wireguard tunnel
+  # privKey = "/run/secrets/curve-wg"; -> local config
+  # publicKey = "..."; -> shipped to server config
+  # IP = "10.0.69.2"; -> shipped to both configs
+  system.stateVersion = "22.05";
+}

hosts/curve/hardware-configuration.nix

@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/74ba39ee-35cd-4b87-9ee9-651384fa55bd";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/74ba39ee-35cd-4b87-9ee9-651384fa55bd";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/87DA-98E7";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/c36e3ba9-8eee-4fbf-837c-7e1cfda33f09"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/curve/hardware.bak

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6ee9d430-1b1b-4e39-bced-606145570a78";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/6ee9d430-1b1b-4e39-bced-606145570a78";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AD0C-92EF";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/5486bd9f-6826-4ac7-b09b-8768a35c331f"; }
+    ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

hosts/helix/configuration.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  networking.hostName = "helix"; # Define your hostname.
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+  services.openssh.permitRootLogin = "no";
+  sound.enable = false;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "22.05"; # Did you read the comment?
+}
+

hosts/helix/default.nix

@@ -0,0 +1,35 @@
+{ self, profiles, suites, ... }:
+{
+  imports = [
+    ./configuration.nix
+  ] ++ suites.sealight;
+
+  home-manager.users.anish = { self, suites, ... }: {
+    imports = [ ] ++ suites.hmBase;
+  };
+
+  # Capsul specific
+  users.users.cyberian = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  mossnet.wg = {
+    enable = true;
+    ips = [ "10.0.69.5/24" ];
+    privateKeyFile = "/home/anish/wg/wg-priv";
+  };
+
+  # mossnet.backup = {
+  #   enable = false;
+  #   name = "sealight";
+  #   paths = [ "/var/backup/postgresql" ];
+  # };
+
+  # age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
+  # services.postgresqlBackup = {
+  #   enable = false;
+  #   databases = [ "matrix-synapse" "gitea" ];
+  #   location = "/var/backup/postgresql";
+  # };
+}

hosts/helix/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "floppy" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/7c560634-d545-41cc-b375-42ce3037fd73";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}