feat(hosts): lost-home host

2026-04-14 18:55:08 -03:00
parent d1ce9a1c64
commit 8e4ec43cb3
4 changed files with 189 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -115,6 +115,20 @@
          ./hosts/infriltrator/configuration.nix
        ];
      };
+      "lost-home" = nixpkgs.lib.nixosSystem rec {
+        system = "x86_64-linux";
+        specialArgs = {
+          pkgs-unstable = import nixpkgs-unstable {
+            inherit system;
+            config.allowUnfree = true;
+            config.allowUnfreePredicate = _: true;
+          };
+          inherit inputs self;
+        };
+        modules = [
+          ./hosts/lost-home/configuration.nix
+        ];
+      };
    };

    homeConfigurations = forAllSystems ({
--- a/hosts/lost-home/configuration.nix
+++ b/hosts/lost-home/configuration.nix
@@ -0,0 +1,113 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  self,
+  ...
+}: {
+  imports = [
+    ./disko.nix
+    inputs.disko.nixosModules.disko
+    ./hardware-configuration.nix
+  ];
+
+  # Users
+  users.users."guz" = {
+    extraGroups = ["wheel" "guz"];
+    isNormalUser = true;
+    password = "1313";
+    # hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
+    shell = self.packages.${pkgs.stdenv.hostPlatform.system}.devkit.zsh;
+  };
+  users.groups."guz" = {};
+
+  # GnuPG keyring
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    settings.default-cache-ttl = 3600 * 24;
+  };
+
+  # Yet another nix cli helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 7d --keep 3";
+    flake = "/home/guz/Projects/dot013-nix";
+  };
+
+  # QMK keyboard
+  hardware.keyboard.qmk.enable = true;
+  services.udev.packages = with pkgs; [via vial];
+
+  # Pipewire
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # Networking
+  networking.hostName = "lost-home";
+  networking.networkmanager.enable = true;
+
+  # Firewall
+  networking.firewall.enable = true;
+  networking.firewall.allowedUDPPorts = [53];
+  networking.firewall.allowedTCPPorts = [80 433];
+
+  # SSH
+  services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = true;
+    PermitRootLogin = "forced-commands-only";
+  };
+
+  # Locale
+  time.timeZone = "America/Sao_Paulo";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = let
+    locale = "pt_BR.UTF-8";
+  in {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = locale;
+  };
+
+  # Keyboard
+  services.xserver.xkb.layout = "br";
+  console.keyMap = "br-abnt2";
+
+  security.polkit.enable = true;
+
+  # Nix
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "via"
+    ];
+
+  # Bootloader
+  boot.loader.grub.enable = lib.mkForce true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}
--- a/hosts/lost-home/disko.nix
+++ b/hosts/lost-home/disko.nix
@@ -0,0 +1,41 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/sdd"; # This will be overwritten by disko-install
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02"; # for grub MBR
+          };
+          ESP = {
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 4 * 1024;
+    }
+  ];
+}
--- a/hosts/lost-home/hardware-configuration.nix
+++ b/hosts/lost-home/hardware-configuration.nix
@@ -0,0 +1,21 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "rtsx_pci_sdmmc"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}