From e3c820b6e5ae7ed8d518520b49c8141247c3499b Mon Sep 17 00:00:00 2001
From: Frantisek Bohacek <rutherther@proton.me>
Date: Fri, 17 Nov 2023 12:25:08 +0100
Subject: [PATCH] feat: add new laptop phobos

---
 hosts/default.nix                             |  31 ++++++
 hosts/laptop-phobos/default.nix               | 101 ++++++++++++++++++
 .../laptop-phobos/hardware-configuration.nix  |  38 +++++++
 hosts/laptop-phobos/home.nix                  |  40 +++++++
 modules/services/syncthing.nix                |  13 +--
 modules/services/wireguard.nix                |   2 +-
 6 files changed, 218 insertions(+), 7 deletions(-)
 create mode 100644 hosts/laptop-phobos/default.nix
 create mode 100644 hosts/laptop-phobos/hardware-configuration.nix
 create mode 100644 hosts/laptop-phobos/home.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index 1c2b1de..e4ffaa3 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -65,6 +65,37 @@ in
     ];
   };
 
+  laptop-phobos = lib.nixosSystem {                                # Laptop profile
+    # Thinkpad T14s
+    inherit system;
+    specialArgs = {
+      inherit inputs stable user location;
+    };
+    modules = [
+      inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
+      nur.nixosModules.nur
+      { nixpkgs.overlays = [ nur.overlay ]; }
+      ./laptop-phobos
+      ./configuration.nix
+
+      home-manager.nixosModules.home-manager {
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          inherit inputs stable user location;
+        };
+        home-manager.users.${user} = {
+          imports = [
+            nur.hmModules.nur
+            nix-index-database.hmModules.nix-index
+            { nixpkgs.overlays = [ nur.overlay ]; }
+            (import ./home.nix)
+            (import ./laptop-phobos/home.nix)
+          ];
+        };
+      }
+    ];
+  };
+
   desktop-clotho = lib.nixosSystem {                               # Desktop profile
     inherit system;
     specialArgs = {
diff --git a/hosts/laptop-phobos/default.nix b/hosts/laptop-phobos/default.nix
new file mode 100644
index 0000000..c6bf729
--- /dev/null
+++ b/hosts/laptop-phobos/default.nix
@@ -0,0 +1,101 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   ├─ ./bspwm
+#       │   │   └─ default.nix
+#       │   └─ ./virtualisation
+#       │       └─ docker.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ inputs, config, pkgs, lib, user, ... }:
+
+{
+  imports =                                               # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++            # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/desktop/dm/sddm.nix)] ++       # Desktop manager
+    [(import ../../modules/desktop/qtile/default.nix)] ++ # Window Manager
+    [(import ../../modules/desktop/gnome/default.nix)] ++ # Window Manager
+    (import ../../modules/hardware) ++
+    (import ../../modules/desktop/virtualisation);
+
+  networking.hostName = "laptop-phobos";
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+      efi = {
+        canTouchEfiVariables = true;
+      };
+      systemd-boot = {
+        enable = true;
+        editor = false;                     # Better security, disallows passing /bin/sh to start as root
+        configurationLimit = 5;
+      };
+      timeout = 1;                          # Grub auto select time
+    };
+
+    initrd.luks.devices = {
+      "crypted-linux-root" = {
+        device = "/dev/disk/by-label/crypted-linux-root";
+        preLVM = true;
+        # allowDiscards = true;
+      };
+    };
+  };
+
+  hardware = {                              # No xbacklight, this is the alterantive
+    brillo.enable = true;
+  };
+
+  programs = {
+    xss-lock = let
+    xsecurelock = (pkgs.xsecurelock.overrideAttrs(attrs: {
+          postInstall = attrs.postInstall or "" + ''
+            wrapProgram $out/bin/xsecurelock --set XSECURELOCK_COMPOSITE_OBSCURER 0
+          '';
+        }));
+    in {
+      enable = true;
+      lockerCommand = "${xsecurelock}/bin/xsecurelock";
+    };
+  };
+
+  services = {
+    # tlp.enable = true;                      # TLP and auto-cpufreq for power management
+    logind.lidSwitch = "lock";           # lock on lid close
+    auto-cpufreq.enable = true;
+    blueman.enable = true;
+
+    xserver.libinput = {
+      enable = true;
+      touchpad = {
+        naturalScrolling = true;
+        tapping = true;
+      };
+    };
+
+    printing = {
+      enable = true;
+      drivers = [
+        pkgs.splix
+        pkgs.samsung-unified-linux-driver
+      ];
+    };
+  };
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "${inputs.semi-secrets.wg.lan.laptopPhobosIp}/32" ];
+    };
+  };
+}
diff --git a/hosts/laptop-phobos/hardware-configuration.nix b/hosts/laptop-phobos/hardware-configuration.nix
new file mode 100644
index 0000000..75a8137
--- /dev/null
+++ b/hosts/laptop-phobos/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos-root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/laptop-phobos/home.nix b/hosts/laptop-phobos/home.nix
new file mode 100644
index 0000000..062e5e5
--- /dev/null
+++ b/hosts/laptop-phobos/home.nix
@@ -0,0 +1,40 @@
+#
+#  Home-manager configuration for laptop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │       └─ home.nix *
+#   └─ ./modules
+#       └─ ./desktop
+#           └─ ./bspwm
+#              └─ home.nix
+#
+
+{ pkgs, lib, config, ... }:
+
+{
+  imports =
+    [
+      ../../modules/desktop/qtile/home.nix # Window Manager
+      ../../modules/desktop/gnome/home.nix
+    ];
+
+  home = {                                # Specific packages for laptop
+    packages = [
+      pkgs.distrobox
+
+      # Power Management
+      pkgs.acpi
+    ];
+  };
+
+  services = {                            # Applets
+    network-manager-applet.enable = true; # Network
+    cbatticon = {
+     enable = true;
+     criticalLevelPercent = 10;
+     lowLevelPercent = 20;
+   };
+  };
+}
diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix
index 1f450dd..e4061f6 100644
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -16,26 +16,27 @@
 
       devices = {
         "phone" = { id = inputs.semi-secrets.syncthing.devices.phone; };
-        "nixos-desktop" = { id = inputs.semi-secrets.syncthing.devices.desktop; };
-        "nixos-laptop" = { id = inputs.semi-secrets.syncthing.devices.laptop; };
+        "desktop" = { id = inputs.semi-secrets.syncthing.devices.desktop; };
+        "laptop-old" = { id = inputs.semi-secrets.syncthing.devices.laptop; };
+        "laptop" = { id = inputs.semi-secrets.syncthing.devices.laptopPhobos; };
       };
 
       folders = {
         "uni" = {
           path = "/home/${user}/doc/uni";
-          devices = [ "phone" "nixos-desktop" "nixos-laptop" ];
+          devices = [ "phone" "desktop" "laptop" "laptop-old" ];
         };
         "notes" = {
           path = "/home/${user}/doc/notes/obsidian/Notes";
-          devices = [ "phone" "nixos-desktop" "nixos-laptop" ];
+          devices = [ "phone" "desktop" "laptop" "laptop-old" ];
         };
         "camera" = {
           path = "/home/${user}/doc/camera";
-          devices = [ "phone" "nixos-desktop" "nixos-laptop" ];
+          devices = [ "phone" "desktop" "laptop" "laptop-old" ];
         };
         "study" = {
           path = "/home/${user}/doc/study";
-          devices = [ "phone" "nixos-desktop" "nixos-laptop" ];
+          devices = [ "phone" "desktop" "laptop" "laptop-old" ];
         };
       };
       options = {
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 67458fd..b794044 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -7,7 +7,7 @@
 
   networking = {
     nameservers = [
-      inputs.semi-secrets.wg.lan.serverIp
+      #inputs.semi-secrets.wg.lan.serverIp
       "1.1.1.1"
       "1.0.0.1"
     ];
-- 
2.48.1