From acadf155783c38d90a0c72ce43e42fa45e2d1911 Mon Sep 17 00:00:00 2001
From: Victor Mignot <root@victormignot.fr>
Date: Fri, 26 Jul 2024 20:34:42 +0200
Subject: [PATCH] Introduce fuyuki

---
 .sops.yaml                                    |   9 ++
 configurations/fuyuki/default.nix             | 126 ++++++++++++++++++
 configurations/fuyuki/secrets/secrets.yaml    |  33 +++++
 machines.nix                                  |   8 ++
 .../workstation/home-manager/desktop/sway.nix |   7 +
 5 files changed, 183 insertions(+)
 create mode 100644 configurations/fuyuki/default.nix
 create mode 100644 configurations/fuyuki/secrets/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 32352ee..1c0b37e 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &london_system age1rr2u4kk5jc0zk5mmgcfzlddzz82u9ldqwnd2mkcspnps7pzegsms7fys7u
   - &london_dala age19m7s6rl4l88nv0f7el70k9u9mv6fd0nq5nw5a3f6p3ffzch274lsksu3y7
   - &camelot_system age1qp54d5gzvpyedcv26uckz7lmy2a48m27astawa62hkey59qgmg8setufp5
+  - &fuyuki_system age1lpk05l443jd7ra27hssvkc9xctpl990dy78tghmr4e8x7lfndy3qwhakwm
   - &pgp_dala 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C
 
 creation_rules:
@@ -27,3 +28,11 @@ creation_rules:
         - *camelot_system
         pgp:
         - *pgp_dala
+
+  # Fuyuki
+  - path_regex: configurations/fuyuki/secrets/secrets.yaml$
+    key_groups:
+      - age:
+        - *fuyuki_system
+        pgp:
+        - *pgp_dala
diff --git a/configurations/fuyuki/default.nix b/configurations/fuyuki/default.nix
new file mode 100644
index 0000000..dde385e
--- /dev/null
+++ b/configurations/fuyuki/default.nix
@@ -0,0 +1,126 @@
+{
+  config,
+  lib,
+  extraInfo,
+  pkgs,
+  ...
+}:
+{
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [
+    "dm-snapshot"
+    "i915"
+  ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  services.tlp.enable = true;
+
+  useLatestKernel = true;
+  hwAccelerationGPU = "intel";
+
+  isProfessional = false;
+  allowUnfreePackages = true;
+  keymap = "us";
+
+  luksDevices = [
+    {
+      name = "crypted-nixos";
+      deviceUUID = "401036ff-8ad8-4738-a249-85391dac0430";
+      isPreLVM = true;
+    }
+  ];
+
+  filesystems = [
+    {
+      mountpoint = "/";
+      deviceUUID = "663f1c4a-dce6-48b2-b8e2-a602e812c49b";
+      fsType = "ext4";
+    }
+
+    {
+      mountpoint = "/boot";
+      deviceUUID = "3F42-7C9B";
+      fsType = "vfat";
+    }
+
+    {
+      mountpoint = "/nix";
+      deviceUUID = "148a5295-396b-495b-b46e-1fa4e99cf9d0";
+      fsType = "ext4";
+    }
+
+    {
+      mountpoint = "/home";
+      deviceUUID = "16b6bd32-465c-4a42-a082-df42d912e5e5";
+      fsType = "ext4";
+    }
+  ];
+
+  swapDeviceUUID = "0bc27219-00dd-4ae9-b946-ab65a68cbdf1";
+
+  sops = {
+    gnupg.sshKeyPaths = [ ];
+    age = {
+      sshKeyPaths = [ ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+    };
+    defaultSopsFile = ./secrets/secrets.yaml;
+    secrets.wg0_private = { };
+  };
+
+  networking.wg-quick.interfaces.wg0 = {
+    address = [ "10.100.0.3/24" ];
+    listenPort = 51820;
+    privateKeyFile = config.sops.secrets.wg0_private.path;
+
+    dns = [ "10.100.0.1" ];
+
+    peers = [
+      # RockPro 64
+      {
+        publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
+        endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
+        allowedIPs = [ "10.100.0.1/32" ];
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+
+  machineUsers = {
+    dala = {
+      description = "Dala";
+      groups = [
+        "wheel"
+        "network"
+        "audio"
+        "video"
+        "docker"
+        "wireshark"
+      ];
+      uid = 1000;
+      shell = pkgs.fish;
+
+      enableHomeManagerProfile = true;
+      homeManagerConfig = {
+        programs.helix.enable = true;
+        desktop.monitors = [
+          {
+            name = "Chimei Innolux Corporation 0x14C9 Unknown";
+            resolution = "1920x1080@60.008Hz";
+            position = "0 0";
+            defaultWorkspace = 1;
+          }
+        ];
+        nixpkgs.config.allowUnfree = true;
+        development.embedded.enableTools = true;
+      };
+    };
+  };
+}
diff --git a/configurations/fuyuki/secrets/secrets.yaml b/configurations/fuyuki/secrets/secrets.yaml
new file mode 100644
index 0000000..a14636a
--- /dev/null
+++ b/configurations/fuyuki/secrets/secrets.yaml
@@ -0,0 +1,33 @@
+wg0_private: ENC[AES256_GCM,data:+59MHO/LNuoqcJZYB05ukVPgRT+RJOsn4IL6Pk16OsSFp22Ikd/t5AIyY8E=,iv:tg7Gl+Ad2bGTYmpkPS4nuIRYX5j9rhB2oOY4JX8YYKo=,tag:Tp3SQkxDUg2X1HZrVAVs5g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1lpk05l443jd7ra27hssvkc9xctpl990dy78tghmr4e8x7lfndy3qwhakwm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVWVQZ1ZmWlJyMTRGMmlr
+            TDRab1ZqWmx0cjNkb3YzQzF0NXlDK0tib2dZCkFXeXdhSTJDSnA3Nm4zNk50bDQr
+            RzdndkxxbkhHZldsb24wdmZXSGdMZ1UKLS0tIG14WnRPNG84YUJkUjFheE4zeHpS
+            Yi9zM01zUWx4ZUg0RmVIcDhWOFk1NDQKpmZvV9rmwF561rwb7fFjF8JoQ5Ofik+L
+            cMO7E1Df02f+Mxbg44Mz7nh5978ZAuEkxeAhP0rjjzxGyipWShWfjQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-26T18:29:32Z"
+    mac: ENC[AES256_GCM,data:XcpJnbtRxY8UbePnSVq2cBP8A2kekulMgFK7/tIJj63S6Ur72vx/Q9YoiSjwy1vhyhSnS3IBp9PSjEpiLF73Frxr4iQA9j42SvoXdS4h6Q6iQgnphGnKUbT8/GqQK/0cuyvqfBUH7y1BzsGcowvJBUmnWaMK2lJsx4O4/A5os+A=,iv:p+5aV2BMgOd3q/kdnNVZugEf5M5kY1r3kW7Db71cttE=,tag:1lyVYY2ykIW0tF0cab7Vxw==,type:str]
+    pgp:
+        - created_at: "2024-07-26T18:28:14Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D0ZiEKlLM+TsSAQdAejTjnmBOyBz6qc0KMhjtJwyOZL/yQcI56OuDbdgp7R4w
+            MVMW5no+XnlskkMfESs9REov8T2MjfO6lqqrUj1Q1IIQaP/QlQ9DIS4ejt4nskE3
+            1GgBCQIQPs6lEe9b6Ih2LYt9PaTZ5SSpfNNLsjcfK7lE6EEE9fiEDhhW2CkVN5dq
+            NejQOIQOv6/0Q4wqbrNzNcqi9UtfXk5XLsqfhJSTuBMne+FaJmmV3ET4TwYt/RH5
+            8XGa13+6HDSHTg==
+            =F/Hd
+            -----END PGP MESSAGE-----
+          fp: 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
diff --git a/machines.nix b/machines.nix
index e533567..a6d424d 100644
--- a/machines.nix
+++ b/machines.nix
@@ -14,4 +14,12 @@
     enableHomeManager = false;
     stateVersion = "23.11";
   };
+
+  fuyuki = {
+    machineType = "workstation";
+    nixpkgsUnstable = true;
+    system = "x86_64-linux";
+    enableHomeManager = true;
+    stateVersion = "22.05";
+  };
 }
diff --git a/modules/workstation/home-manager/desktop/sway.nix b/modules/workstation/home-manager/desktop/sway.nix
index 7da1575..80250aa 100644
--- a/modules/workstation/home-manager/desktop/sway.nix
+++ b/modules/workstation/home-manager/desktop/sway.nix
@@ -56,6 +56,13 @@ in
           xkb_layout = "us";
           xkb_options = "compose:ralt";
         };
+
+        "Synaptics TM3276-022" = {
+          dwt = "enabled";
+          tap = "enabled";
+          natural_scroll = "enabled";
+          middle_emulation = "enabled";
+        };
       };
 
       seat = {