From 2b55215d3856e1e0c044696f84442660410224c9 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Fri, 31 May 2024 23:21:40 -0600
Subject: [PATCH] Add Howl

---
 machines/howl/default.nix                | 61 ++++++++++++++++++++++++
 machines/howl/hardware-configuration.nix | 47 ++++++++++++++++++
 machines/howl/properties.nix             | 26 ++++++++++
 3 files changed, 134 insertions(+)
 create mode 100644 machines/howl/default.nix
 create mode 100644 machines/howl/hardware-configuration.nix
 create mode 100644 machines/howl/properties.nix

diff --git a/machines/howl/default.nix b/machines/howl/default.nix
new file mode 100644
index 0000000..1652d0d
--- /dev/null
+++ b/machines/howl/default.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+
+  # for luks onlock over tor
+  services.tor.enable = true;
+  services.tor.client.enable = true;
+
+  # don't use remote builders
+  nix.distributedBuilds = lib.mkForce false;
+
+  services.udev.extraRules = ''
+    # depthai
+    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
+
+    # Moonlander
+    # Rules for Oryx web flashing and live training
+    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
+    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
+    # Wally Flashing rules for the Moonlander and Planck EZ
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
+  '';
+  services.udev.packages = [ pkgs.platformio ];
+  users.groups.plugdev = {
+    members = [ "googlebot" ];
+  };
+
+  # virt-manager
+  virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+  environment.systemPackages = with pkgs; [ virt-manager ];
+  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
+
+  # allow building ARM derivations
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  services.spotifyd.enable = true;
+
+  virtualisation.podman.enable = true;
+  virtualisation.podman.dockerCompat = true;
+
+  virtualisation.appvm.enable = true;
+  virtualisation.appvm.user = "googlebot";
+
+  services.mount-samba.enable = true;
+
+  de.enable = true;
+  de.touchpad.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    # barrier
+    24800
+  ];
+
+  programs.adb.enable = true;
+}
diff --git a/machines/howl/hardware-configuration.nix b/machines/howl/hardware-configuration.nix
new file mode 100644
index 0000000..92ceb0a
--- /dev/null
+++ b/machines/howl/hardware-configuration.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # boot
+  boot.loader.systemd-boot.enable = true;
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # firmware
+  firmware.x86_64.enable = true;
+
+  # disks
+  remoteLuksUnlock.enable = true;
+  boot.initrd.luks.devices."enc-pv" = {
+    device = "/dev/disk/by-uuid/c801586b-f0a2-465c-8dae-532e61b83fee";
+    allowDiscards = true;
+  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
+      fsType = "btrfs";
+    };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B087-2C20";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/machines/howl/properties.nix b/machines/howl/properties.nix
new file mode 100644
index 0000000..f01b23c
--- /dev/null
+++ b/machines/howl/properties.nix
@@ -0,0 +1,26 @@
+{
+  hostNames = [
+    "howl"
+  ];
+
+  arch = "x86_64-linux";
+
+  systemRoles = [
+    "personal"
+  ];
+
+  hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQi3q8jU6vRruExAL60J7GFO1gS8HsmXVJuKRT4ljrG";
+
+  userKeys = [
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPnLt84bKhUgFxjQf10+Htro9Lo1Pabqm8mGalBUniv
+  ];
+
+  deployKeys = [
+    # TODO
+  ];
+
+  remoteUnlock = {
+    hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0N80r0Sl2WlJaUqfxZPkOtYyGumFazkIqq7eq3Gd2o";
+    onionHost = "ll6yjnkh4psmfwmtkmqoutl4gq4elqzbmjxv4s6gpgoavyi3kwhjvnqd.onion";
+  };
+}