add X1

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>

systems/x86_64-linux/x1/default.nix

@@ -0,0 +1,150 @@
+{ config, pkgs, lib, ... }:
+with lib;
+with lib.plusultra;
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+    plusultra.gui.enable = true;
+
+  programs.dconf.enable = true;
+
+  boot = {
+    tmp.cleanOnBoot = true;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+      timeout = 2;
+    };
+    initrd.systemd.enable = true;
+  };
+
+  # Configure console keymap
+  console.keyMap = "de-latin1-nodeadkeys";
+  i18n.extraLocaleSettings = {
+    LC_MESSAGES = "en_US.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      age
+      clevis
+      delta
+      efibootmgr
+      git
+      git-delete-merged-branches
+      home-manager
+      htop
+      mdadm
+      mosh
+      nixpkgs-fmt
+      openssl
+      restic
+      rrsync
+      sops
+      strace
+      tmux
+      tpm2-pkcs11
+      tpm2-pkcs11.out
+      tpm2-tools
+      vim
+      wget
+    ];
+    shells = [ pkgs.fish pkgs.bash ];
+  };
+
+  hardware = {
+    cpu = {
+      amd.updateMicrocode = lib.mkDefault true;
+      intel.updateMicrocode = lib.mkDefault true;
+    };
+    enableRedistributableFirmware = lib.mkDefault true;
+    enableAllFirmware = true;
+  };
+
+  programs = {
+    bash = {
+      ## shellInit = ''
+      interactiveShellInit = ''
+        bind '"\e[A": history-search-backward'
+        bind '"\e[B": history-search-forward'
+      '';
+    };
+    starship.enable = true;
+    mosh.enable = true;
+    vim.defaultEditor = true;
+    fish.enable = true;
+  };
+
+  # powerManagement.cpuFreqGovernor = "ondemand";
+
+  services = {
+    dbus.implementation = "broker";
+    dbus.packages = [ pkgs.gcr ];
+    fail2ban.enable = true;
+    fwupd.enable = true;
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "prohibit-password";
+      settings.X11Forwarding = true;
+    };
+  };
+
+  security = {
+    tpm2.enable = lib.mkDefault true;
+    tpm2.abrmd.enable = lib.mkDefault true;
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+    };
+  };
+
+  # Auto system update
+  # https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade
+  #system.autoUpgrade = {
+  #enable = true;
+  #operation = "boot";
+  #flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]
+  #    flake = "??";
+  #	};
+  system.stateVersion = "23.11";
+
+  time.timeZone = "Europe/Berlin";
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
+    "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
+    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
+  ];
+
+#  users.users.harald = {
+#    shell = pkgs.fish;
+#    isNormalUser = true;
+#    description = "harald";
+#    extraGroups = [ "networkmanager" "wheel" "sgx" "libvirtd" "tss" "rspamd" ];
+#    openssh.authorizedKeys.keys = [
+#      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
+#      "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
+#      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
+#      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
+#    ];
+#  };
+#
+
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      # Create a `docker` alias for podman, to use it as a drop-in replacement
+      dockerCompat = true;
+
+      # For Nixos version > 22.11
+      defaultNetwork.settings = { dns_enabled = true; };
+    };
+  };
+}

systems/x86_64-linux/x1/hardware-configuration.nix

@@ -0,0 +1,49 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices.data = {
+    device = "/dev/nvme0n1p5";
+    preLVM = true;
+  };
+  boot.initrd.luks.devices.swap = {
+    device = "/dev/nvme0n1p5";
+    preLVM = true;
+  };
+
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/941C-7B02";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}