From d4b12af8440f85d88123415c452514a7f074689b Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 19 Mar 2024 19:46:12 +0100
Subject: [PATCH] add t15

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 homes/x86_64-linux/harald@t15/default.nix     | 65 +++++++++++++
 modules/nixos/services/base/default.nix       |  2 +-
 modules/nixos/services/gui/default.nix        |  2 +-
 systems/x86_64-linux/t15/default.nix          | 41 ++++++++
 .../t15/hardware-configuration.nix            | 97 +++++++++++++++++++
 5 files changed, 205 insertions(+), 2 deletions(-)
 create mode 100644 homes/x86_64-linux/harald@t15/default.nix
 create mode 100644 systems/x86_64-linux/t15/default.nix
 create mode 100644 systems/x86_64-linux/t15/hardware-configuration.nix

diff --git a/homes/x86_64-linux/harald@t15/default.nix b/homes/x86_64-linux/harald@t15/default.nix
new file mode 100644
index 0000000..c1d73cf
--- /dev/null
+++ b/homes/x86_64-linux/harald@t15/default.nix
@@ -0,0 +1,65 @@
+{ lib
+, config
+, ...
+}:
+{
+  home.sessionPath = [ "$HOME/bin" ];
+
+  plusultra = {
+    user = {
+      enable = true;
+      name = config.snowfallorg.user.name;
+    };
+    cli-apps = {
+      bash.enable = true;
+      fish.enable = true;
+      neovim.enable = true;
+      bat.enable = true;
+      starship.enable = true;
+      home-manager.enable = true;
+    };
+    tools = {
+      git.enable = true;
+      direnv.enable = true;
+    };
+  };
+
+  fonts.fontconfig.enable = true;
+
+  dconf.settings = {
+    # ...
+    "org/gnome/shell" = {
+      disable-user-extensions = false;
+
+      # `gnome-extensions list` for a list
+      enabled-extensions = [
+        "Vitals@CoreCoding.com"
+        "appindicatorsupport@rgcjonas.gmail.com"
+        "dash-to-panel@jderose9.github.com"
+        "hibernate-status@dromi"
+      ];
+
+      favorite-apps = [
+        "org.gnome.Console.desktop"
+        "jetbrains-toolbox.desktop"
+        "org.mozilla.firefox.desktop"
+        "firefox.desktop"
+        "thunderbird.desktop"
+        "org.mozilla.Thunderbird.desktop"
+        "slack.desktop"
+        "keybase.desktop"
+        "spotify.desktop"
+        "org.gnome.Nautilus.desktop"
+        "virt-manager.desktop"
+      ];
+    };
+    "org/virt-manager/virt-manager/connections" = {
+      autoconnect = [ "qemu:///system" ];
+      uris = [ "qemu:///system" ];
+    };
+  };
+
+  xdg.enable = true;
+  xdg.mime.enable = true;
+}
+
diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index b2227b1..aff0444 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -12,7 +12,7 @@ in
 
   config = mkIf cfg.enable {
     # Configure console keymap
-    console.keyMap = "us";
+    console.keyMap = lib.mkDefault "us";
 
     # Select internationalisation properties.
     i18n.defaultLocale = "en_US.UTF-8";
diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix
index ad079f7..d133016 100644
--- a/modules/nixos/services/gui/default.nix
+++ b/modules/nixos/services/gui/default.nix
@@ -39,7 +39,7 @@ in
       ];
 
       xserver = {
-        layout = "de+us";
+        layout = lib.mkDefault "de+us";
         enable = true;
         displayManager.gdm.enable = true;
         desktopManager.gnome.enable = true;
diff --git a/systems/x86_64-linux/t15/default.nix b/systems/x86_64-linux/t15/default.nix
new file mode 100644
index 0000000..07c6801
--- /dev/null
+++ b/systems/x86_64-linux/t15/default.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+with lib;
+with lib.plusultra;
+{
+  imports = [ ./hardware-configuration.nix ];
+
+  plusultra = {
+    base.enable = true;
+    gui.enable = true;
+    nix-ld.enable = true;
+    nix.enable = true;
+    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
+    podman.enable = true;
+    secureboot.enable = false;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    operation = "boot";
+    allowReboot = false;
+  };
+
+  system.stateVersion = "23.11";
+
+  sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
+  sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
+  sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
+
+  services.openssh.hostKeys = [
+    {
+      path = "/persist/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+    {
+      path = "/persist/ssh/ssh_host_rsa_key";
+      type = "rsa";
+      bits = 4096;
+    }
+  ];
+
+}
diff --git a/systems/x86_64-linux/t15/hardware-configuration.nix b/systems/x86_64-linux/t15/hardware-configuration.nix
new file mode 100644
index 0000000..9e1a63a
--- /dev/null
+++ b/systems/x86_64-linux/t15/hardware-configuration.nix
@@ -0,0 +1,97 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "nvme"
+    "rng_core"
+    "sd_mod"
+    "sdhci_pci"
+    "thunderbolt"
+    "tpm"
+    "tpm_crb"
+    "tpm_tis"
+    "tpm_tis_core"
+    "trusted"
+    "uas"
+    "usb_storage"
+    "usbhid"
+    "xhci_pci"
+    "uas"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelParams = [
+    "lockdown=confidentiality"
+    "intel_iommu=on"
+    "quiet"
+    "splash"
+    "video=efifb:nobgrt"
+  ];
+
+  boot.extraModulePackages = [ ];
+
+  services.btrfs.autoScrub.enable = true;
+  swapDevices = [{ device = "/swapfile"; }];
+
+  boot.initrd.luks.devices.crypted = {
+    device = "/dev/nvme0n1p2";
+    preLVM = true;
+  };
+
+  fileSystems = {
+    "/" =
+      {
+        device = "/dev/mapper/crypted";
+        fsType = "btrfs";
+        options = [ "subvol=/rootfs" ];
+        neededForBoot = true;
+      };
+    "/nix" = {
+      device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "subvol=/nix" ];
+      neededForBoot = true;
+    };
+    "/home" = {
+      device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "subvol=/home" ];
+    };
+    "/persist" = {
+      device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "subvol=/persist" ];
+      neededForBoot = true;
+    };
+    "/boot" =
+      {
+        device = "/dev/disk/by-partlabel/disk-one-ESP";
+        fsType = "vfat";
+      };
+  };
+
+  console.keyMap = "de-latin1-nodeadkeys";
+  services.xserver = {
+    layout = "de";
+    xkbVariant = "nodeadkeys";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp82s0u1u3u4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}