feat(systems): Add new system ocicat
Coded has gotten a new laptop and therefore needs another system, this
is that
Change-Id: I4287715eda72de11055360a0342c03898496c810
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/762
Tested-by: Samuel Shuert <coded@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/systems/x86_64-linux/ocicat/boot/default.nix b/systems/x86_64-linux/ocicat/boot/default.nix
new file mode 100644
index 0000000..2941952
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/boot/default.nix
@@ -0,0 +1,33 @@
+{ ... }:
+{
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "ahci"
+ "usbhid"
+ "sd_mod"
+ "ext4"
+ ];
+ boot.initrd.kernelModules = [
+ "kvm-amd"
+ "amdgpu"
+ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.initrd = {
+ systemd.enable = true; # needed for the way we do our YubiKey
+ luks.devices."key".device = "/dev/disk/by-uuid/a703bd90-d5ff-42fe-b5b7-dfa696d665ca";
+ luks.devices."NIXROOT" = {
+ device = "/dev/disk/by-uuid/0ab9f369-f8a2-4522-bca6-024a5236290c";
+ keyFile = "/key:/dev/mapper/key";
+ };
+ # luks.devices."BACKUPS" = {
+ # device = "/dev/disk/by-uuid/{FILL_IN}";
+ # keyFile = "/key:/dev/mapper/key";
+ # };
+ };
+}
diff --git a/systems/x86_64-linux/ocicat/compositor/default.nix b/systems/x86_64-linux/ocicat/compositor/default.nix
new file mode 100644
index 0000000..d6a852e
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/compositor/default.nix
@@ -0,0 +1,3 @@
+{
+ chimera.compositors.niri.enable = true;
+}
diff --git a/systems/x86_64-linux/ocicat/console/default.nix b/systems/x86_64-linux/ocicat/console/default.nix
new file mode 100644
index 0000000..bfb89e8
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/console/default.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+ console.keyMap = "us";
+}
diff --git a/systems/x86_64-linux/ocicat/default.nix b/systems/x86_64-linux/ocicat/default.nix
new file mode 100644
index 0000000..b0d10ba
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/default.nix
@@ -0,0 +1,15 @@
+{ ... }:
+{
+ imports = [
+ ./boot
+ ./compositor
+ ./console
+ ./games
+ ./hardware/cpu
+ ./hardware/filesystems
+ ./networking
+ ./users
+ ./time
+ ./yubikey
+ ];
+}
diff --git a/systems/x86_64-linux/ocicat/games/default.nix b/systems/x86_64-linux/ocicat/games/default.nix
new file mode 100644
index 0000000..aa603bc
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/games/default.nix
@@ -0,0 +1,3 @@
+{ ... }: {
+ chimera.games.steam.enable = true;
+}
\ No newline at end of file
diff --git a/systems/x86_64-linux/ocicat/hardware/cpu/default.nix b/systems/x86_64-linux/ocicat/hardware/cpu/default.nix
new file mode 100644
index 0000000..c019598
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/hardware/cpu/default.nix
@@ -0,0 +1,4 @@
+{ lib, config, ... }:
+{
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/systems/x86_64-linux/ocicat/hardware/filesystems/default.nix b/systems/x86_64-linux/ocicat/hardware/filesystems/default.nix
new file mode 100644
index 0000000..77b98e2
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/hardware/filesystems/default.nix
@@ -0,0 +1,18 @@
+{ ... }:
+{
+ fileSystems."/" = {
+ device = "/dev/mapper/NIXROOT";
+ fsType = "btrfs";
+ };
+
+ # fileSystems."/backups" = {
+ # device = "/dev/mapper/BACKUPS";
+ # fsType = "btrfs";
+ # };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/90EA-208A";
+ fsType = "vfat";
+ options = [ "umask=0022" ];
+ };
+}
diff --git a/systems/x86_64-linux/ocicat/networking/default.nix b/systems/x86_64-linux/ocicat/networking/default.nix
new file mode 100644
index 0000000..5b990ba
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/networking/default.nix
@@ -0,0 +1,7 @@
+{ lib, config, ... }:
+{
+ networking = {
+ hostName = "ocicat";
+ useDHCP = lib.mkDefault true;
+ };
+}
diff --git a/systems/x86_64-linux/ocicat/time/default.nix b/systems/x86_64-linux/ocicat/time/default.nix
new file mode 100644
index 0000000..ae0d0da
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/time/default.nix
@@ -0,0 +1,3 @@
+{ ... }: {
+ time.timeZone = "America/New_York";
+}
diff --git a/systems/x86_64-linux/ocicat/users/default.nix b/systems/x86_64-linux/ocicat/users/default.nix
new file mode 100644
index 0000000..cf0e733
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/users/default.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+ users.users.coded.hashedPasswordFile =
+ config.sops.secrets."systems/x86_64-linux/ocicat/users/passwords.sops.coded.json:coded".path;
+
+ users.users.minion.hashedPasswordFile =
+ config.sops.secrets."systems/x86_64-linux/ocicat/users/passwords.sops.coded.json:minion".path;
+
+ sops.secrets."systems/x86_64-linux/ocicat/users/passwords.sops.coded.json:coded" = {
+ mode = "0400";
+ owner = config.users.users.root.name;
+ group = config.users.users.root.group;
+ sopsFile = ./passwords.sops.coded.json;
+ format = "json";
+ key = "coded";
+ neededForUsers = true;
+ };
+
+ sops.secrets."systems/x86_64-linux/ocicat/users/passwords.sops.coded.json:minion" = {
+ mode = "0400";
+ owner = config.users.users.root.name;
+ group = config.users.users.root.group;
+ sopsFile = ./passwords.sops.coded.json;
+ format = "json";
+ key = "minion";
+ neededForUsers = true;
+ };
+}
diff --git a/systems/x86_64-linux/ocicat/users/passwords.sops.coded.json b/systems/x86_64-linux/ocicat/users/passwords.sops.coded.json
new file mode 100644
index 0000000..d21f783
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/users/passwords.sops.coded.json
@@ -0,0 +1,32 @@
+{
+ "coded": "ENC[AES256_GCM,data:HbydDoeYX+hoOMijjLFJCwWUl68rpZUHnXL9M0JJLUCMwFTcTWfzgL8hIP9dzU7VVbUCh4dB4VNT0YFQ,iv:dqZf+/aFAb4Zrw09gmO1PKPtY8NJ7oLam3Few6c6zzs=,tag:m+xTA5ZcINVRP7oI+ZLHVA==,type:str]",
+ "minion": "ENC[AES256_GCM,data:cBHPHsscUgu6RKP9cX3wcdCp1CmkDdOGvqI8pkigqfMypQO9J1KcBaPAT9cRqNrVt2QiBNtm0y87pRZz,iv:4THhdRdpNM7oXuMgOkoqO5vSWs6ie2VAhIrl6C6u02s=,tag:X2ym5nZRp10sQZsxXmcM+g==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2024-06-28T21:34:08Z",
+ "mac": "ENC[AES256_GCM,data:D0ZGXwKiwA+7rjWvk0Y6A8M7O7bDw4hNldaR8Y+yNUqm9nYYCi86rTHvQFOJDSf4zcBCh3nj8Gu1US+LnY4/BTAg0iahn7AgUd7UHn14uLesBK6j7qS4FtmHsMBAtb+gztio3mMX6Nssfa8MxUsqsucLSv1EwHGLsxBbp2qtJ74=,iv:aT9MfggQl//HKaaxbBUmfZZls5FLRrSbvwSpLVow32Q=,tag:Y3xkgrkLKIDi31J6cunhkA==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2024-06-28T21:45:22Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D6MHlIv4I/7ASAQdAIAKZnS1Xkhbi4pFH6aBJFJsksurWBMBp0hxivQp3OwQw\nz1QsoSdegtthdD0r/fgh7OZwAxWcgrp8Zvw+ulEE749f5H10xCW07xKwyTbh3hhO\n0l4B4bqoJYT36J/M+jPizG6yQNcKWmlVrWsrF64s/C85bXzuOFQGWEfjqlM8r7sq\nkmCL2uwbXwpV4I49CbY7M4fowxy3AAIyRJ9nihZNRr663KsZSBp0esrDoGYBZ5io\n=9Ab0\n-----END PGP MESSAGE-----",
+ "fp": "BC82DF237610AE9113EB075900E944BFBE99ADB5"
+ },
+ {
+ "created_at": "2024-06-28T21:45:22Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA+Wu2Xdd0hVDARAAyMpe5tOhKKiV1MyRC4JSJna5yHkECo7hIcjCtflxLR75\na/BLTrVxbyf/8Bfv2Uz+Uz0yzk3ojd5TYhmozqRVP9glCaexWKEY4hOGdE1BnaDl\nQn23Ezk2ib5VGtRchUCNqWHfIRACDRlJRagEZaBPS+4zl37ixq6/aCoBVdjlEZiM\nN9LmDl5jf+1XTSIBjhtivc8KyxSbRVop0gOgFp7DkBMho+WZAeKd7kvYZCpYuoWG\nfLawwRHDiDjDKTiH1QGf5ZhwwC3cTD1rAkLV2djGavuHvzhQ5ZPcUkh2QdVzqbLo\nqklvhKaYDKYaUkyWb7euqMDC/JXry6PUfoHF4JuO9Rk9uXgcH7QyfjdRLP92Zr+F\nazZu5xWnEkLF1WHPrsiZBSsLYIVgMt05XBzYor7ukLyMyP8HN1f2QvofNmQLAM5H\n2Va+mJnMd1x7dg8wkzJUWkO+IkUyNWz7pr0g1UwTk6JS7xDpOVEe+siNzx+Lywt5\ngFyo0Ez1TsDKwAXxhjXRkcw5RI2x3eOacD/9pCOjoX3yaqZw2ynTkIKJG57aKx+M\nv9IcCIXmuedhLdjl6TATRyEs1VmGB2dw+XTfBxBEC251aLnY5bZ0Iuq7kcVcZAMp\n7J36yrVbSdoDnmJJtD01dsvAr31j0x+HxvaIeq2yVxGosUsNLileAI5hFqY4phLS\nWAGFdnM4pldAJ8cmnoG4gwfU54S1OD8VKdKejK+FljSy3lTF1baSsUI/9/3GnZKU\nwfXdiNbc9gRvMeSL+rgnDXlESbqkNesGRtM3j/TA/HxL54IsHijDc/0=\n=APQj\n-----END PGP MESSAGE-----",
+ "fp": "B5237D6B63AB2E13FDA07170E5AED9775DD21543"
+ },
+ {
+ "created_at": "2024-06-28T21:45:22Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA0V5hlydTOZ+AQ/+OEL5Kzf3Kaz/JBRYfrOfSTBcSoNg9P4v5lioELh+zHa1\nEzOPzTuudYrhJ05LJIBrEmuSF3kqDwzO0rUs/wOHijSA01W2WbjQ45XJY1SzEnTD\nBeRh3citrVX94Tlp0DfCLD0G8K9DqeJ4c2is4/f/D5ibTBas0Hc028sNwjmshq3l\nJjDVWsFGEAOggkqo2Mrxhj8FFeh/gPxbc3nSx5A582RjBoIzNCI5w9hGQsQ7+kaI\n8qCWJ6N/AyJAFG/xJRterfgIrVr/5KMHFV/AuO4DLBEsEMIfzcXRqlBbUbWgfsjj\nm+/0+nb0paX1rWSPXk7qVVGN6Q8U4EuLwnCCuLR2qscGCq72bpJ9SHewTuCzkcQn\nwWRXSi7V8k7WnjYOOkzH5UBrtPDvhRl6vA2U9MoB4xZIfswP3vtxEVL8B6wfaogU\nJLs3AIyU7g/FA46WL0d4ta5E8Ki3cmc4+/y0Ezp4m0T/I3bvowSYd0FMtgG53AsG\nhmdd41tT0BPD2EugqwcoAaPxaPquMQemPaoyazHVHjKQzoDUf/jviF7+fDnJahgx\nMKg/l7oC2btrLLoyrr3xFrSldjTnRBgae9bv+WrzmQ1z+K89f5wSTX0qCbzqa1h/\nHCRSJsnofnTyVBWoJwE8wXh/S6Yi3jqh6haXGXCnHdqW14Yckg9iB1ZGmjxCF6nS\nWAGYzKnYhpmDTfDyr30q6JRX305KqNoNjEr2VVIHtazmKs+bPSpz2I8PoJbCVv6Z\nyttlazXnFYyTzwAt0yHi3JPQXoYQRtdISUR3NUL1uqJtZ950XPHVAg8=\n=Ar37\n-----END PGP MESSAGE-----",
+ "fp": "58BF6324CE6D45E156490D0F4579865C9D4CE67E"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.8.1"
+ }
+}
\ No newline at end of file
diff --git a/systems/x86_64-linux/ocicat/yubikey/default.nix b/systems/x86_64-linux/ocicat/yubikey/default.nix
new file mode 100644
index 0000000..5194cd7
--- /dev/null
+++ b/systems/x86_64-linux/ocicat/yubikey/default.nix
@@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+ chimera.yubikey.enable = true;
+}