feat: add work laptop configuration

2025-12-09 21:03:44 +05:00
parent 1ad2c6ea8e
commit 5e84abe9d9
23 changed files with 582 additions and 7 deletions
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -16,9 +16,6 @@
  ];

  hostSpec = {
-    username = "shahab";
-    handle = "shahab96";
-    email = {user = "shahab@dogar.dev";};
    userFullName = "Shahab Dogar";
    networking.ports.tcp.ssh = 22;
  };
@@ -69,7 +66,7 @@
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 10d --keep 10";
-    flake = "/home/user/${config.hostSpec.home}/nix-config";
+    flake = "${config.hostSpec.home}/nix-config";
  };

  # ========= Sops =========
--- a/hosts/common/disks/blueocean.nix
+++ b/hosts/common/disks/blueocean.nix
@@ -0,0 +1,116 @@
+{
+  lib,
+  primary,
+  nix,
+  withSwap,
+  swapSize,
+  label,
+  ...
+}: {
+  disko = {
+    devices = {
+      disk = {
+        main = {
+          device = primary;
+
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              boot = {
+                name = "boot";
+                size = "1M";
+                type = "EF02";
+              };
+              esp = {
+                name = "ESP";
+                size = "500M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                };
+              };
+              luks = {
+                size = "100%";
+                content = {
+                  name = "crypted";
+                  type = "luks";
+                  passwordFile = "/tmp/secret.key";
+                  settings = {
+                    allowDiscards = true;
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                  };
+                  content = {
+                    type = "lvm_pv";
+                    vg = "crypt_vg";
+                  };
+                };
+              };
+            };
+          };
+        };
+        secondary = {
+          device = nix;
+
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              luks = {
+                size = "100%";
+                content = {
+                  name = "crypt-nix";
+                  type = "luks";
+                  passwordFile = "/tmp/secret.key";
+                  settings = {
+                    allowDiscards = true;
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                  };
+                  content = {
+                    type = "btrfs";
+                    extraArgs = ["-L nix -f"];
+                    subvolumes = {
+                      "@nix" = {
+                        mountpoint = "/nix";
+                        mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
+                      };
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+      lvm_vg = {
+        crypt_vg = {
+          type = "lvm_vg";
+          lvs = {
+            swap = lib.mkIf withSwap {
+              size = "${swapSize}G";
+              content = {
+                type = "swap";
+                resumeDevice = true;
+              };
+            };
+            main = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-L" label "-f"];
+                subvolumes = {
+                  "@root" = {
+                    mountpoint = "/";
+                    mountOptions = ["subvol=root" "compress=zstd" "noatime"];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}