6 files changed, 182 insertions, 0 deletions
diff --git a/os/cez/modules/getty.nix b/os/cez/modules/getty.nix
new file mode 100644
index 0000000..725eb4b
--- /dev/null
+++ b/os/cez/modules/getty.nix
@@ -0,0 +1,15 @@
+{ config, ... }: let
+  user = config.userdata.name;
+in {
+  systemd.services."getty@".serviceConfig.TTYVTDisallocate = "no";
+
+  services.getty = {
+    loginOptions = "-f ${user}";
+    extraArgs = [
+      "--nonewline"
+      "--skip-login"
+      "--noclear"
+      "--noissue"
+    ];
+  };
+}
diff --git a/os/cez/modules/network.nix b/os/cez/modules/network.nix
new file mode 100644
index 0000000..fb30056
--- /dev/null
+++ b/os/cez/modules/network.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  networking = {
+    firewall.enable = false;
+
+    wireless.iwd = { 
+      enable = true;
+      settings = {
+        General.EnableNetworkConfiguration = true;
+        Network.NameResolvingService = "resolvconf";
+      };
+    };
+  };
+}
diff --git a/os/cez/modules/sshfs.nix b/os/cez/modules/sshfs.nix
new file mode 100644
index 0000000..2431b96
--- /dev/null
+++ b/os/cez/modules/sshfs.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+let
+  domain = config.userdata.domain;
+  user = config.userdata.name;
+  uid = config.users.users.${user}.uid;
+  gid = config.users.groups.users.gid;
+in
+{
+  sops.secrets."misc/sftp" = {};
+  system.fsPackages = with pkgs; [ sshfs ];
+
+  fileSystems."/media/kay" = {
+    device = "sftp@${domain}:";
+    fsType = "sshfs";
+    options = [
+      "allow_other"         # for non-root access
+      "uid=${toString uid}"
+      "gid=${toString gid}"
+      "_netdev"             # this is a network fs
+      "x-systemd.automount" # mount on demand
+      "reconnect"              # handle connection drops
+      "ServerAliveInterval=15" # keep connections alive
+      "IdentityFile=${config.sops.secrets."misc/sftp".path}"
+    ];
+  };
+}
diff --git a/os/cez/modules/tlp.nix b/os/cez/modules/tlp.nix
new file mode 100644
index 0000000..912fd5f
--- /dev/null
+++ b/os/cez/modules/tlp.nix
@@ -0,0 +1,26 @@
+{ ... }: {
+  services.tlp = {
+    enable = true;
+
+    settings = {
+      RADEON_DPM_STATE_ON_AC = "performance";
+      RADEON_DPM_STATE_ON_BAT = "battery";
+
+      NMI_WATCHDOG = 0;
+
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+
+      DEVICES_TO_ENABLE_ON_AC = "bluetooth";
+      DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE = "bluetooth";
+
+      CPU_BOOST_ON_AC = 1;
+      CPU_BOOST_ON_BAT = 0;
+      CPU_HWP_DYN_BOOST_ON_AC = 1;
+      CPU_HWP_DYN_BOOST_ON_BAT = 0;
+
+      PLATFORM_PROFILE_ON_AC = "balanced";
+      PLATFORM_PROFILE_ON_BAT = "low-power";
+    };
+  };
+}
diff --git a/os/cez/modules/wayland.nix b/os/cez/modules/wayland.nix
new file mode 100644
index 0000000..1ce04cf
--- /dev/null
+++ b/os/cez/modules/wayland.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }: let
+  user = config.userdata.name;
+in {
+  # pkgs
+  environment.systemPackages = with pkgs; [
+    bemenu
+    sway
+    i3status
+    swaylock
+    swayidle
+    swaybg
+    foot
+    wl-clipboard
+    mako
+    xdg-utils
+    libnotify
+  ];
+
+  users.users.${user} = {
+    extraGroups = [ "seat" ];
+    packages = with pkgs; [
+      zathura
+      mpv
+      imv
+      wtype
+      qemu
+      OVMFFull
+      grim
+      slurp
+      tor-browser-bundle-bin
+      element-desktop-wayland
+      pinentry-bemenu
+    ];
+  };
+
+  # font
+  fonts = {
+    packages = with pkgs; [
+      terminus-nerdfont
+      dm-sans
+    ];
+    enableDefaultPackages = true;
+    fontconfig = {
+      hinting.style = "full";
+      subpixel.rgba = "rgb";
+      defaultFonts = {
+        monospace = [ "Terminess Nerd Font" ];
+        serif = [ "DeepMind Sans" ];
+        sansSerif = [ "DeepMind Sans" ];
+      };
+    };
+  };
+
+  # misc
+  services = {
+    seatd.enable = true;
+    dbus = {
+      enable = true;
+      implementation = "broker";
+    };
+  };
+
+  programs = {
+    gnupg.agent = {
+      enable = true;
+      pinentryPackage = pkgs.pinentry-bemenu;
+    };
+  };
+
+  security.pam.services.swaylock.text = "auth include login";
+  hardware.opengl.enable = true;
+}
diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix
new file mode 100644
index 0000000..d8e8dd0
--- /dev/null
+++ b/os/cez/modules/wireguard.nix
@@ -0,0 +1,27 @@
+{ config, ... }:
+
+let
+  domain = config.userdata.domain;
+in
+{
+  sops.secrets."misc/wireguard" = {};
+
+  networking.wg-quick.interfaces."kay" = {
+    autostart = false;
+    address = [ "10.0.1.2/24" ];
+    dns = [ "10.0.1.1" ];
+    mtu = 1380;
+    privateKeyFile = config.sops.secrets."misc/wireguard".path;
+
+    peers = [{
+      publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw=";
+      allowedIPs = [
+        "10.0.1.0/24"
+        "104.16.0.0/12"
+        "172.64.0.0/13"
+      ];
+      endpoint = "${domain}:51820";
+      persistentKeepalive = 25;
+    }];
+  };
+}