holy moly we're almost there

hosts/curve/configuration.nix

@@ -0,0 +1,50 @@
+{
+  imports = [ ./hardware-configuration.nix ];
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  # Minimal list of modules to use the EFI system partition and the YubiKey
+  boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
+
+  # Enable support for the YubiKey PBA
+  boot.initrd.luks.yubikeySupport = true;
+
+  # Configuration to use your Luks device
+  boot.initrd.luks.devices = {
+    "crypthome" = {
+      device = "/dev/sda2";
+      preLVM = true; # You may want to set this to false if you need to start a network service first
+      yubikey = {
+        slot = 2;
+        twoFactor = true; # Set to false if you did not set up a user password.
+        storage = {
+          device = "/dev/sda1";
+        };
+      };
+    };
+  };
+  networking.hostName = "curve";
+  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  time.timeZone = "Australia/Brisbane";
+
+  networking.useDHCP = false;
+  networking.interfaces.enp0s31f6.useDHCP = true;
+  networking.interfaces.wlp3s0.useDHCP = true;
+  networking.wireless.enable = true;
+  networking.wireless.interfaces = [ "wlp3s0" ];
+  networking.wireless.userControlled.enable = true;
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  sound.enable = true;
+
+  services.xserver.libinput.enable = true;
+}

hosts/curve/curve.nix

@@ -0,0 +1,16 @@
+{ profiles, suites, ... }:
+{
+  imports = [
+    profiles.core
+    profiles.users.anish
+    profiles.hardware.curve # how else to deal with hardware?
+  ];
+
+  bud.enable = true;
+
+  # Speed up boot by removing dependency on network 
+  systemd = {
+    targets.network-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"]
+    services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["network-online.target"]
+  };
+}

hosts/curve/default.nix

@@ -0,0 +1,152 @@
+{ self, profiles, suites, ... }:
+{
+  imports = [
+    ./configuration.nix
+    profiles.mossnet-hosts
+  ] ++ suites.curve;
+
+  home-manager.users.anish = { suites, ... }: {
+    imports = suites.gui;
+  };
+
+  programs.gnupg.agent.pinentryFlavor = "gnome3";
+
+  fileSystems."/mnt/ftp" = {
+    device = "192.168.1.240:/home/ftp";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  fileSystems."/mnt/tv" = {
+    device = "192.168.1.240:/mnt/three/tv";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  fileSystems."/mnt/movies" = {
+    device = "192.168.1.240:/mnt/three/movies";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+  };
+
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  # lazy enable of ports necessary for KDE connect which is installed via cli home profile (for some reason?)
+  networking.firewall = {
+    allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
+    allowedUDPPortRanges = [{ from = 1714; to = 1764; }];
+  };
+
+  age.secrets.curve-wg.file = "${self}/secrets/curve-wg.age";
+  age.secrets.curve-wg.owner = "anish";
+  mossnet.wg = {
+    enable = true;
+    ips = [ "10.0.69.2/24" ];
+    privateKeyFile = "/run/agenix/curve-wg";
+  };
+
+  age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
+  mossnet.backup = {
+    enable = true;
+    name = "curve";
+    paths = [ "/home/anish" ];
+  };
+
+  # enable adb 
+  # TODO move this (it's for KaiOS WebIDE devShell?)
+  programs.adb.enable = true;
+  #virtualisation.docker.enable = true;
+  boot.blacklistedKernelModules = [ "qcserial" ];
+  # Used for packer Capsul
+  users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" ];
+  virtualisation.libvirtd.enable = true;
+  hardware.keyboard.zsa.enable = true;
+  services.udev.extraRules = ''
+    # Qualcomm EDL
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="9008", MODE="0666", GROUP="plugdev"
+
+    # Qualcomm Memory Debug
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="9006", MODE="0666", GROUP="plugdev"
+
+    # Atmel DFU
+    ### ATmega16U2
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2fef", TAG+="uaccess"
+    ### ATmega32U2
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", TAG+="uaccess"
+    ### ATmega16U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff3", TAG+="uaccess"
+    ### ATmega32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", TAG+="uaccess"
+    ### AT90USB64
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff9", TAG+="uaccess"
+    ### AT90USB162
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffa", TAG+="uaccess"
+    ### AT90USB128
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", TAG+="uaccess"
+
+    # Input Club
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c11", ATTRS{idProduct}=="b007", TAG+="uaccess"
+
+    # STM32duino
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="0003", TAG+="uaccess"
+    # STM32 DFU
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+    # BootloadHID
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", TAG+="uaccess"
+
+    # USBAspLoader
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", TAG+="uaccess"
+
+    # ModemManager should ignore the following devices
+    # Atmel SAM-BA (Massdrop)
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+    # Caterina (Pro Micro)
+    ## pid.codes shared PID
+    ### Keyboardio Atreus 2 Bootloader
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2302", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Spark Fun Electronics
+    ### Pro Micro 3V3/8MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9203", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Pro Micro 5V/16MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9205", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### LilyPad 3V3/8MHz (and some Pro Micro clones)
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Pololu Electronics
+    ### A-Star 32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="0101", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Arduino SA
+    ### Leonardo
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Micro
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## Adafruit Industries LLC
+    ### Feather 32U4
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000c", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### ItsyBitsy 32U4 3V3/8MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000d", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### ItsyBitsy 32U4 5V/16MHz
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000e", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ## dog hunter AG
+    ### Leonardo
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+    ### Micro
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+    # hid_listen
+    KERNEL=="hidraw*", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
+
+    # hid bootloaders
+    ## QMK HID
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2067", TAG+="uaccess"
+    ## PJRC's HalfKay
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0478", TAG+="uaccess"
+  '';
+
+  # enable wireguard tunnel
+  # privKey = "/run/secrets/curve-wg"; -> local config
+  # publicKey = "..."; -> shipped to server config
+  # IP = "10.0.69.2"; -> shipped to both configs
+  system.stateVersion = "22.05";
+}

hosts/curve/hardware-configuration.nix

@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/74ba39ee-35cd-4b87-9ee9-651384fa55bd";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/74ba39ee-35cd-4b87-9ee9-651384fa55bd";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/87DA-98E7";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/c36e3ba9-8eee-4fbf-837c-7e1cfda33f09"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/curve/hardware.bak

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6ee9d430-1b1b-4e39-bced-606145570a78";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/6ee9d430-1b1b-4e39-bced-606145570a78";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AD0C-92EF";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/5486bd9f-6826-4ac7-b09b-8768a35c331f"; }
+    ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}