feat: add moritz-laptop

flake.nix

@@ -100,6 +100,7 @@
         inventory = {
           machines = {
             moritz-desktop.tags = ["peer"];
+            moritz-laptop.tags = ["peer"];
             moritz-server.tags = [];
           };
           services.zerotier.default = {

machines/moritz-laptop/configuration.nix

@@ -0,0 +1,245 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./disko.nix
+    ../../modules/moritz/default.nix
+    ../../modules/shared.nix
+  ];
+
+  time.timeZone = "Europe/Berlin";
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHlemuKagHwz2T5rEwgJNlVUdUdOXyPtCEzD73CrwY2zmpR4AMj7y9u3Rm7HwHUDjLap1ZFwg+53bAsVP6HFZccCXoIfO/8BL0WDGQJrfgb+A+UiRhSqSvyZ77bGJkadbBkadguz3qR3PHcb41DOlhuqVcHxsY8ceHMxAuyb0pLJVJLeytMD+CHS/r7hoj2hckTNAZ+VhCXBtdZfZ7uPUBxLfluYRNNMmdwCglsg3RUS242nJUzy3A84+CXIGeWmNG9Fu45IDkwMthxSW9klyU9R38R9DBDcugkyb6vz+JKSuRVAa47qh/kmtsYekfL3ul9D2JN32P8S+6ZoXx+gXupGJ0ltwJWAFkhLJ+yeXj9kCOv/mIUmCB14jMGsvKiSwV25O/twyjqe2LEkMVgimgrjEYoHu+ZTyp0iFtUvSrFo4tsAhfWPV9yj4F/hUksW7xKIwq5Niyx7he5M/XddudtnAximyiBDGCdJm1Ejl0UaGa6ZQv7y6VZdx0PyZuraT7l9ub8so6JlE4cVgSSU9vE0IS2QqBuHhsIjh8RVksoTR2NQbeDdGaGpGnq2C8y0rDXwE/EJA4LK45khX/GPn73n8F0kBG8dBrWgRDAEODpmebScO7d5mCeM0z3lPcRmh+3e3DPnVVOl+uR7udlc7NauLzl7q913UtxZaF1PlD7Q== cardno:15_584_308
+    ''
+  ];
+
+  # Set this for clan commands use ssh i.e. `clan machines update`
+  # If you change the hostname, you need to update this line to root@<new-hostname>
+  # This only works however if you have avahi running on your admin machine else use IP
+  clan.core.networking.targetHost = "root@moritz-laptop";
+
+  my = {
+    ai.enable = true;
+    profiles = {
+      desktop.enable = true;
+      personal.enable = true;
+      personal.mail = true;
+      personal.contacts = true;
+      personal.calendar = true;
+      impermanence.enable = true;
+    };
+    programs.aider.enable = true;
+  };
+
+  users.users.moritz.packages = with pkgs; [
+    poetry
+    wl-clipboard
+  ];
+
+  home-manager.users.moritz.services.kanshi.settings = [
+    {
+      profile.name = "undocked";
+      profile.outputs = [
+        {
+          criteria = "eDP-1";
+          scale = 1.0;
+        }
+      ];
+    }
+    {
+      profile.name = "docked-scads";
+      profile.outputs = [
+        {
+          criteria = "eDP-1";
+          position = "640,1800"; # NOTE: 2160 / 1.2 = 1800
+        }
+        {
+          criteria = "Dell Inc. DELL P4317Q";
+          scale = 1.2;
+          position = "0,0";
+        }
+      ];
+    }
+  ];
+
+  services.kanata = {
+    enable = true;
+    keyboards = {
+      laptop = {
+        devices = [
+          "/dev/input/by-path/platform-i8042-serio-0-event-kbd"
+        ];
+        config = "
+          (defsrc
+            grv  1    2    3    4    5    6    7    8    9    0    -    =    bspc
+            tab  q    w    e    r    t    y    u    i    o    p    [    ]    \
+            caps a    s    d    f    g    h    j    k    l    ;    '    ret
+            lsft z    x    c    v    b    n    m    ,    .    /    rsft
+            lctl lmet lalt           spc            ralt      rctl
+          )
+
+          (deflayermap (default)
+            ;; tarmak 1a
+            j n
+            n k
+            k e
+
+            ;; tarmak 1b
+            h m
+            m h
+
+            ;; tarmak 2a
+            b z
+            z x
+            x c
+
+            ;; tarmak 2b
+            e f
+            f t
+            t b
+
+            ;; tarmak 3
+            c d
+            d s
+            s r
+
+            ;; tarmak 4
+            r p
+            p ;
+            ; o
+            o y
+            y j
+
+            ;; tarmak 5
+            u l
+            l i
+            i u
+
+            ;; caps-word tap-dance
+            lsft (tap-dance 200 (_ (caps-word 2000) _ _))
+
+            ;; change ctrl alt and meta
+            lctl lalt
+            lmet lctl
+            lalt (tap-dance 200 (lmet (multi lmet alt) lmet lmet))
+
+            ;; hjkl layer
+            ralt (tap-hold 200 200 (layer-switch hjkl) (layer-while-held hjkl)) ;; tap: switch   hold: switch while held
+
+            ;; switch to normal keyboard layout
+            rctl (layer-switch normal)
+          )
+
+          (deflayermap (normal)
+            rctl (layer-switch default))
+
+          (deflayermap (hjkl)
+            h left
+            j down
+            k up
+            l right
+
+            ralt (layer-switch default))
+        ";
+      };
+    };
+  };
+
+  # BOOT
+  boot = {
+    supportedFilesystems = ["zfs"];
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.availableKernelModules = ["rtsx_pci_sdmmc"];
+  };
+
+  # SERVICES
+  services = {
+    libinput.enable = true;
+    libinput.touchpad.disableWhileTyping = true;
+    printing.enable = true;
+    logind.lidSwitch = "hybrid-sleep";
+  };
+
+  # NETWORKING
+  networking = {
+    networkmanager.enable = true;
+
+    useDHCP = false;
+    interfaces.wlp1s0.useDHCP = true;
+    # interfaces.enp4s0f4u2.useDHCP = true;
+  };
+
+  console.keyMap = "en";
+
+  # needed for enabling hibernation
+  security.protectKernelImage = false;
+
+  # Powersaving
+  services.tlp.enable = true;
+  powerManagement.enable = true;
+  powerManagement.powertop.enable = true;
+
+  systemd = {
+    # Hibernare on low battery
+    timers.hibernate-on-low-battery = {
+      wantedBy = ["multi-user.target"];
+      timerConfig = {
+        OnUnitActiveSec = "120";
+        OnBootSec = "120";
+      };
+    };
+    services.hibernate-on-low-battery = let
+      batteryLevelSufficient = let
+        batteryPath = "/sys/class/power_supply/BATT";
+      in
+        pkgs.writeShellScriptBin "battery-level-sufficient" ''
+          test "$(cat ${batteryPath}/status)" != Discharging \
+            || test "$(cat ${batteryPath}/capacity)" -ge 5
+        '';
+    in {
+      serviceConfig.Type = "oneshot";
+      onFailure = ["hibernate.target"];
+      script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
+    };
+    services.asus-touchpad-numpad = {
+      description = "Activate Numpad inside the touchpad with top right corner switch";
+      documentation = ["https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver"];
+      path = [pkgs.i2c-tools];
+      script = ''
+        cd ${inputs.asus-touchpad-numpad-driver}
+        # In the last argument here you choose your layout.
+        ${
+          pkgs.python3.withPackages (ps: [ps.libevdev])
+        }/bin/python asus_touchpad.py m433ia
+      '';
+      # Probably needed because it fails on boot seemingly because the driver
+      # is not ready yet. Alternatively, you can use `sleep 3` or similar in the
+      # `script`.
+      serviceConfig = {
+        RestartSec = "1s";
+        Restart = "on-failure";
+      };
+      wantedBy = ["multi-user.target"];
+    };
+  };
+
+  # Trackpad
+  # i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver
+  hardware.i2c.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+}

machines/moritz-laptop/disko.nix

@@ -0,0 +1,104 @@
+{pkgs, ...}: {
+  # needed for zfs pool
+  networking.hostId = "9c85d185";
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          compression = "zstd";
+          "com.sun:auto-snapshot" = "false";
+          "acltype" = "posixacl"; # NOTE: needed for systemd https://github.com/NixOS/nixpkgs/issues/16954
+        };
+        mountpoint = null;
+
+        datasets = {
+          encrypted = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "none";
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+            };
+            # use this to read the key during boot
+            postCreateHook = ''
+              zfs set keylocation="prompt" "zroot/$name";
+            '';
+          };
+          "encrypted/root" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/";
+            postCreateHook = "zfs snapshot zroot/encrypted/root@blank";
+          };
+          "encrypted/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/nix";
+          };
+          "encrypted/persist" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/persist";
+            options."com.sun:auto-snapshot" = "true";
+          };
+        };
+      };
+    };
+  };
+  # rollback to blank
+  boot.initrd.systemd.services.rollback = {
+    description = "Rollback ZFS datasets to a pristine state";
+    wantedBy = [
+      "initrd.target"
+    ];
+    after = [
+      "zfs-import-zroot.service"
+    ];
+    before = [
+      "sysroot.mount"
+    ];
+    path = with pkgs; [
+      zfs
+    ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      zfs rollback -r zroot/encrypted/root@blank && echo "rollback complete"
+    '';
+  };
+  boot.initrd.systemd.enable = true;
+  fileSystems."/persist".neededForBoot = true;
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+    autoSnapshot.enable = true;
+  };
+}

modules/moritz/profiles/personal_contacts.nix

@@ -47,7 +47,7 @@ in {
       prompts.password.type = "hidden";
       prompts.password.persist = true;
       share = true;
-      files.password.owner = "moritz";
+      files.password.owner = lib.mkForce "moritz";
     };
   };
 }

modules/moritz/profiles/personal_mail.nix

@@ -69,7 +69,7 @@ in {
       prompts.password.type = "hidden";
       prompts.password.persist = true;
       share = true;
-      files.password.owner = "moritz";
+      files.password.owner = lib.mkForce "moritz";
     };
   };
 }