some refactor

1 files changed, 134 insertions, 0 deletions

diff --git a/machines/kj-laptop01/configuration.nix b/machines/kj-laptop01/configuration.nix
new file mode 100644
index 0000000..610ecd3
--- /dev/null
+++ b/machines/kj-laptop01/configuration.nix
@@ -0,0 +1,134 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  sops,
+  config,
+  ...
+}@args:
+{
+  imports = [
+    ./disk-config.nix
+  ];
+
+  nix = {
+    extraOptions = ''
+      experimental-features = ca-derivations nix-command flakes
+    '';
+    settings = {
+      substituters = [
+        "https://cache.nixos.org"
+        "https://cache.ngi0.nixos.org/"
+      ];
+      trusted-public-keys = [
+        "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
+      ];
+    };
+  };
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    age.generateKey = false;
+
+    secrets = {
+      luks_passphrase = { };
+      kj_hashed_password = {
+        neededForUsers = true;
+      };
+      ssh_host_key_ed25519 = { };
+      ssh_host_key_rsa = { };
+    };
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  system.stateVersion = "25.05";
+  swapDevices = [
+    {
+      device = "/swap/swapfile";
+      size = 32768;
+    }
+  ];
+
+  security.sudo.enable = true;
+  users.mutableUsers = false;
+  users.groups.kjtsanaktsidis = { };
+  users.users = {
+    kjtsanaktsidis = {
+      createHome = true;
+      isNormalUser = true;
+      description = "KJ Tsanaktsidis";
+      group = "kjtsanaktsidis";
+      extraGroups = [
+        "wheel"
+        "networkmanager"
+      ];
+      shell = pkgs.zsh;
+      hashedPasswordFile = config.sops.secrets.kj_hashed_password.path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local"
+      ];
+    };
+  };
+
+  # Enable systemd-resolved for DNS
+  services.resolved = {
+    enable = true;
+    llmnr = "true";
+    extraConfig = ''
+      MulticastDNS=yes
+    '';
+  };
+  networking.hostName = "kj-laptop01";
+  networking.nameservers = [ "127.0.0.53" ];
+  networking.networkmanager = {
+    enable = true;
+    dns = "systemd-resolved";
+    # Enable mDNS on NetworkManager connections
+    connectionConfig = {
+      "connection.mdns" = "2"; # 2 = yes (resolve & register)
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      {
+        type = "ed25519";
+        path = config.sops.secrets.ssh_host_key_ed25519.path;
+      }
+      {
+        type = "rsa";
+        path = config.sops.secrets.ssh_host_key_rsa.path;
+      }
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [];
+
+  # Enable zsh system-wide
+  programs.zsh.enable = true;
+
+  # Disable Alt+Left/Right virtual terminal switching
+  console.keyMap = "us";
+
+  # Create systemd service to disable only Alt+Arrow VT switching
+  systemd.services.disable-alt-arrow-vt = {
+    description = "Disable Alt+Arrow VT switching";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "systemd-vconsole-setup.service" ];
+    script = ''
+      # Define string sequences for Alt+Arrow that generate proper terminal escape sequences
+      cat << 'EOF' | ${pkgs.kbd}/bin/loadkeys
+      string F200 = "\033[1;3D"
+      string F201 = "\033[1;3C"
+      alt keycode 105 = F200
+      alt keycode 106 = F201
+      EOF
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+  };
+}