mv hosts nixosConfigurations

nixosConfigurations/vinzenz-pc2/configuration.nix

@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./hardware.nix
+    ./vscode-server.nix
+    ./hass.nix
+  ];
+  config = {
+    nix.settings.extra-platforms = [
+      "aarch64-linux"
+      "i686-linux"
+    ];
+
+    services.xserver.xkb = {
+      # Configure keymap in X11
+      layout = "de";
+      variant = "";
+    };
+
+    # Configure console keymap
+    console.keyMap = "de";
+
+    users.users.vinzenz.openssh.authorizedKeys.keys = [
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming''
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
+    ];
+
+    users.users.ronja.openssh.authorizedKeys.keys = [
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
+    ];
+
+    environment.systemPackages = with pkgs; [ lact ];
+  };
+}

nixosConfigurations/vinzenz-pc2/fstab.nix

@@ -0,0 +1,37 @@
+{
+  "/" = {
+    device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };
+
+  "/home" = {
+    device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+    fsType = "btrfs";
+    options = [ "subvol=@home" ];
+  };
+
+  "/games" = {
+    device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+    fsType = "btrfs";
+    options = [ "subvol=@games" ];
+  };
+
+  "/boot" = {
+    device = "/dev/disk/by-uuid/AF67-8F16";
+    fsType = "vfat";
+  };
+
+  #"/mnt/nixos_btrfs_root" = {
+  #  # subvolume with id 5 is always the root volume
+  #  # this is convenient for managing the flat subvolume hierarchy
+  #  device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+  #  fsType = "btrfs";
+  #  options = [ "subvolid=5" ];
+  #};
+
+  "/mnt/ssd2" = {
+    device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a";
+    fsType = "ext4";
+  };
+}

nixosConfigurations/vinzenz-pc2/hardware.nix

@@ -0,0 +1,25 @@
+{ ... }:
+{
+  imports = [ ../../modules/amd-graphics.nix ];
+  config = {
+    # amd cpu
+    boot.kernelModules = [ "kvm-amd" ];
+    hardware.cpu.amd.updateMicrocode = true;
+
+    boot = {
+      initrd.availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "sd_mod"
+      ]; # "usb_storage"
+      loader.efi.efiSysMountPoint = "/boot";
+    };
+
+    fileSystems = import ./fstab.nix;
+    swapDevices = [ ];
+
+    networking.interfaces.eno1.wakeOnLan.enable = true;
+  };
+}

nixosConfigurations/vinzenz-pc2/hass.nix

@@ -0,0 +1,62 @@
+{ pkgs, ... }:
+let
+  hass-image = "ghcr.io/home-assistant/home-assistant:stable";
+  hass-service = "podman-homeassistant";
+in
+{
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers.homeassistant = {
+      image = hass-image;
+      hostname = "hass.lan";
+      serviceName = hass-service;
+      volumes = [ "home-assistant:/config" ];
+      environment.TZ = "Europe/Berlin";
+      extraOptions = [ "--network=host" ];
+    };
+  };
+
+  systemd = {
+    timers.update-hass = {
+      timerConfig = {
+        Unit = "update-hass.service";
+        OnCalendar = "Sun 02:00";
+      };
+      wantedBy = [ "timers.target" ];
+    };
+
+    services.update-hass = {
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = pkgs.writeShellScriptBin "update-hass" ''
+          podman pull ${hass-image};
+          systemctl restart ${hass-service};
+        '';
+      };
+    };
+  };
+
+  services = {
+    mosquitto = {
+      enable = true;
+    };
+
+    nginx = {
+      enable = true;
+
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+
+      # TODO: add ssl
+      # TODO: add pam auth
+
+      virtualHosts."hass.lan" = {
+        locations."/" = {
+          proxyPass = "localhost:8123";
+        };
+      };
+    };
+  };
+}

nixosConfigurations/vinzenz-pc2/imports.nix

@@ -0,0 +1,16 @@
+{ nixosModules, ... }:
+{
+  imports = [
+    ../../modules/gnome.nix
+    ../../modules/gaming.nix
+    nixosModules.steam
+    nixosModules.printing
+    nixosModules.podman
+    #../../modules/niri.nix
+    ../../modules/desktop-environment.nix
+    ../../modules/desktop-hardware.nix
+
+    ../../home/vinzenz
+    ../../home/ronja
+  ];
+}

nixosConfigurations/vinzenz-pc2/vscode-server.nix

@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+{
+  services.openvscode-server = {
+    enable = true;
+    package = pkgs.unstable.openvscode-server;
+    telemetryLevel = "off";
+    port = 8542;
+    host = "127.0.0.1";
+    withoutConnectionToken = true;
+    extraPackages = with pkgs; [
+      nodejs
+      git
+      gh
+      direnv
+    ];
+  };
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        8542
+        8543
+        8544
+        80
+        1313
+        5201
+      ];
+    };
+  };
+}