feat(flake/nixosConfigurations): introduce convenience function

2 files changed, 170 insertions, 7 deletions

diff --git a/flake/nixosConfigurations/basesystem.nix b/flake/nixosConfigurations/basesystem.nix
new file mode 100644
index 0000000..a5b0499
--- /dev/null
+++ b/flake/nixosConfigurations/basesystem.nix
@@ -0,0 +1,138 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  hostname,
+  mainDisk,
+  rootPart,
+  bootPart,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+  #options.my = with lib;
+  #with lib.types; {
+  #  hostname = mkOption {
+  #    type = str;
+  #    default = null;
+  #  };
+  #  rootPart = mkOption {
+  #    type = str;
+  #    default = null;
+  #  };
+  #  mainDisk = mkOption {
+  #    type = str;
+  #    default = null;
+  #  };
+  #  bootPart = mkOption {
+  #    type = str;
+  #    default = null;
+  #  };
+  #};
+  networking.hostName = hostname;
+
+  boot = {
+    initrd = {
+      systemd.enable = true;
+      availableKernelModules = ["xhci_pci" "nvme" "rtsx_pci_sdmmc"];
+      kernelModules = [];
+      luks.devices."cryptroot" = {
+        crypttabExtraOpts = ["fido2-device=auto"];
+        device = rootPart;
+      };
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+    kernelPackages = pkgs.linuxPackages_latest;
+    lanzaboote = {
+      enable = true;
+      configurationLimit = 10;
+      pkiBundle = "/etc/secureboot";
+    };
+    resumeDevice = mainDisk;
+    kernelParams = ["resume_offset=369403136"];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["defaults" "size=2G" "mode=755"];
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["defaults" "size=5G" "mode=755"];
+    };
+    "/nix" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=nix" "compress-force=zstd"];
+    };
+    "/etc/NetworkManager" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=networkmanagerconfig" "compress-force=zstd"];
+    };
+    "/etc/secureboot" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=secureboot" "compress-force=zstd"];
+    };
+    "/etc/nixos" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=nixconfig" "compress-force=zstd"];
+    };
+    "/srv" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=srv" "compress-force=zstd"];
+      neededForBoot = true;
+    };
+    "/swap" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=swap" "noatime"];
+    };
+    "/home" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=home" "compress-force=zstd"];
+    };
+    "/srv/snapshots" = {
+      device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = ["subvol=snapshots" "compress-force=zstd"];
+    };
+    "/boot" = {
+      device = bootPart;
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/swap/swapfile";
+    }
+  ];
+
+  system.stateVersion = "23.05";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  time.timeZone = "Europe/Berlin";
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/flake/nixosConfigurations/default.nix b/flake/nixosConfigurations/default.nix
index ca48c21..60f33b1 100644
--- a/flake/nixosConfigurations/default.nix
+++ b/flake/nixosConfigurations/default.nix
@@ -27,15 +27,40 @@
       };
     }
   ];
+  nixosConfig = {
+    hostname,
+    mainDisk,
+    rootPart,
+    bootPart,
+    system ? "x86_64-linux",
+  } @ conf:
+    nixpkgs.lib.nixosSystem {
+      inherit system;
+      specialArgs = attrs // conf;
+      modules =
+        [
+          (import ../../sys)
+          (import ../../secrets)
+          (import ./basesystem.nix)
+        ]
+        ++ defaultModules;
+    };
 in {
-  thinklappi = nixpkgs.lib.nixosSystem {
+  #thinklappi = nixpkgs.lib.nixosSystem {
+  #  system = "x86_64-linux";
+  #  specialArgs = attrs;
+  #  modules =
+  #    [
+  #      ../../hosts/thinklappi
+  #    ]
+  #    ++ defaultModules;
+  #};
+  thinklappi = nixosConfig {
+    hostname = "thinklappi";
+    rootPart = "/dev/disk/by-uuid/6700d662-29a9-4ea5-8ca6-85d42550b3ab";
+    mainDisk = "/dev/disk/by-uuid/68da1329-f5ea-4f2c-a38e-faffaaaa6b5a";
+    bootPart = "/dev/disk/by-uuid/4064-2D6C";
     system = "x86_64-linux";
-    specialArgs = attrs;
-    modules =
-      [
-        ../../hosts/thinklappi
-      ]
-      ++ defaultModules;
   };
   thinklappi-bootstrap = nixpkgs.lib.nixosSystem {
     system = "x86_64-linux";