From 802681a2bef8d95cf0ca4fe47e372af58be7b40f Mon Sep 17 00:00:00 2001
From: noe <git@kat.cafe>
Date: Fri, 15 Dec 2023 03:23:14 +0000
Subject: [PATCH] cider init

---
 .sops.yaml                                   |  7 +++
 flake.nix                                    |  7 ++-
 home-manager/noe/hosts/cider.nix             |  6 +++
 nixos/client.nix                             |  8 +--
 nixos/features/systemd-boot.nix              |  6 ++-
 nixos/features/wifi.nix                      | 11 ++++
 nixos/features/xfce.nix                      |  2 +-
 nixos/hosts/cider/default.nix                | 30 +++++++++++
 nixos/hosts/cider/hardware-configuration.nix | 36 +++++++++++++
 secrets/default.yaml                         | 57 ++++++++++++++------
 10 files changed, 146 insertions(+), 24 deletions(-)
 create mode 100644 home-manager/noe/hosts/cider.nix
 create mode 100644 nixos/hosts/cider/default.nix
 create mode 100644 nixos/hosts/cider/hardware-configuration.nix

diff --git a/.sops.yaml b/.sops.yaml
index b9b76e4..bbf4b80 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,6 +4,7 @@ keys: &all
   - &m_thonkpad age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
   - &m_blueberry age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm
   - &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
+  - &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
 
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@@ -27,3 +28,9 @@ creation_rules:
           - *op_noe
           - *op_noe_2
           - *m_work-mac
+  - path_regex: secrets/cider/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *op_noe
+          - *op_noe_2
+          - *m_cider
diff --git a/flake.nix b/flake.nix
index bfb6e2a..9bf4c74 100644
--- a/flake.nix
+++ b/flake.nix
@@ -98,7 +98,10 @@
 
         # Blueberry Lab
         blueberry = mkNixos [ ./nixos/hosts/blueberry ];
-	
+        
+        # Asahi MacBook Air M2
+        cider = mkNixos [ ./nixos/hosts/cider ];       
+ 	
         # 2015 MBP
         #echo = mkNixos [ ./nixos/hosts/echo ];
 
@@ -131,7 +134,7 @@
       };
 
       darwinConfigurations = {
-        noe-air = mkDarwin "aarch64-darwin" [ ./darwin/hosts/noe-air ];
+        # in asahi => noe-air = mkDarwin "aarch64-darwin" [ ./darwin/hosts/noe-air ];
         AMERMACC02G65A8MD6T = mkDarwin "x86_64-darwin" [ ./darwin/hosts/work-mac ];
       };
 
diff --git a/home-manager/noe/hosts/cider.nix b/home-manager/noe/hosts/cider.nix
new file mode 100644
index 0000000..fec4317
--- /dev/null
+++ b/home-manager/noe/hosts/cider.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = [
+    ../common
+    ../common/home-user.nix
+  ];
+}
diff --git a/nixos/client.nix b/nixos/client.nix
index cd5816c..5c663cf 100644
--- a/nixos/client.nix
+++ b/nixos/client.nix
@@ -1,13 +1,13 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
   imports = [
     ./base.nix
     ./features/fonts.nix
   ];
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = lib.mkDefault true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkDefault true;
 
-  boot.kernelPackages = pkgs.linuxPackages_zen;
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
 
   environment.systemPackages = with pkgs; [
     firefox
diff --git a/nixos/features/systemd-boot.nix b/nixos/features/systemd-boot.nix
index 36ba2ed..4408ddd 100644
--- a/nixos/features/systemd-boot.nix
+++ b/nixos/features/systemd-boot.nix
@@ -1,4 +1,6 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, system, ... }: let 
+  canTouchEfiVariables = system.hostPlatform != "aarch64-linux"
+in {
   boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi = { inherit canTouchEfiVariables };
 }
diff --git a/nixos/features/wifi.nix b/nixos/features/wifi.nix
index e13a297..c4cc202 100644
--- a/nixos/features/wifi.nix
+++ b/nixos/features/wifi.nix
@@ -2,6 +2,17 @@
 
   networking.networkmanager = {
     enable = true;
+    wifi.backend = "iwd";
+  };
+
+  systemd.services.NetworkManager-wait-online.enable = false;
+
+  networking.wireless.iwd = {
+    enable = true;
+    settings = {
+      General.EnableNetworkConfiguration = true;
+      General.AutoConnect = true;
+    };
   };
 
   # TODO: WiFi password automation
diff --git a/nixos/features/xfce.nix b/nixos/features/xfce.nix
index b3c0878..8f61f9b 100644
--- a/nixos/features/xfce.nix
+++ b/nixos/features/xfce.nix
@@ -1,6 +1,6 @@
 { pkgs, ... }: {
   imports = [
-    ./sound.nix
+    #./sound.nix
   ];
 
   services.xserver = {
diff --git a/nixos/hosts/cider/default.nix b/nixos/hosts/cider/default.nix
new file mode 100644
index 0000000..c2c1642
--- /dev/null
+++ b/nixos/hosts/cider/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, inputs, ... }: {
+  imports = [
+    inputs.apple-silicon.nixosModules.apple-silicon-support
+
+    ./hardware-configuration.nix
+    ../../client.nix
+
+    ../../features/xfce.nix #TODO: sound may be wrong
+    ../../features/wifi.nix
+  ];
+  
+  home-manager.users.noe = import ../../../home-manager/noe/hosts/cider.nix;
+
+  networking.hostName = "cider";
+  system.stateVersion = "24.05";  
+
+  # aarch64 / asahi stuff
+  hardware.asahi = {
+    withRust = true;
+    
+    #withEdgeKernelConfig = true;
+    
+    #useExperimentalGPUDriver = true;
+    #experimentalGPUInstallMode = "replace";
+    
+    #useAlsaUcm = true;
+  };
+
+  networking.wireless.iwd.package = pkgs.stable.iwd; # unstable issue on aarch64: https://github.com/NixOS/nixpkgs/issues/273958  
+}
diff --git a/nixos/hosts/cider/hardware-configuration.nix b/nixos/hosts/cider/hardware-configuration.nix
new file mode 100644
index 0000000..bb07bd9
--- /dev/null
+++ b/nixos/hosts/cider/hardware-configuration.nix
@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "usb_storage" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9d66d26a-b441-4337-86a1-c56a09667043";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AA30-1E15";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
diff --git a/secrets/default.yaml b/secrets/default.yaml
index 855596f..314edab 100644
--- a/secrets/default.yaml
+++ b/secrets/default.yaml
@@ -11,29 +11,56 @@ sops:
         - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRkJDOUZDaUVHTnNsNW9y
-            eE1DVXVXNUpEOGpsVnZQVkFTUFdvTjlUWUZnCndvVTlId3hGNnZzbXc2YW5MTFY3
-            TXZabTdoU3p0UVgybUZBdWFJbmUva2MKLS0tIGlNaGJWczlUVGgzYkUyb043WVRT
-            a3V2d2FjT0JCN0Q0RTZEcnpZZXdlaGsKO7LKi/0hup/vBootyE56eP08flFoILYo
-            Dp0RU5GaSlTRv5ZbLanML1ocrUJp2TBy8NcGqCywCMChN9PzeGVGGQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeDFET1lCZTJZbG9TOERL
+            dWd3TG9YdkdUblN6Y1lLdW5YeEJ5TEpZL0FjCkpWSy9CNTdSSmIvblJFNmlsM1VR
+            L1lNeXdrbWtpVGhIaEJDVVY0MUR2bXMKLS0tIEd5ZnVrRGpqQSs1VDFZSERDbUNv
+            aWtKUXAvK0t0VFc2b3M1UlQyU3RQMmcK8thzaS1hLNfVqOZr/puDmY8Pr1PZaWAD
+            FKqkMx05rMGMPPtBGM63hmZyltlbafaDlX7iiNebZSHCwn81bv0nVA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNFZLNkg2Vm5lbFRLb1lV
+            MUdUZWduVU9HNEN0dWt5ZUY1M2g4UkJCREdZClFFSytidFA2Y1ppNWI2cGhtOWxE
+            Qjg1NHh6SDNwVStEV0FLTE5iNTZXQUUKLS0tIHBTRVN0Y3NNelBEM0l5RThjVkFn
+            RHdadFJZVmxROXA1K2ZNYUxMUlJxKzQKnOmzREhFGeyEA//E6HCfSYD9C81JjugB
+            crYdpK0DCWMKepgIpJmYUnQQTzdyPqUJiqtZ81TCbyOU6xlkU8uA3Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRW9IZEJ5SUthM3FsSFZy
-            ZVc2TGk4SjhKanlkN2owMUN3L2ZST0FmQ0djCitIQ0RaOFhoSGdWZnp4cWZPR0pj
-            TjdidlBaOUFLYndONExzWTJvUVgydUkKLS0tIEw5eDJTMXVnc2VlcHRvdmR4Y0Vz
-            Y1ZpMGFXZVl3UE5yU1VlcjdsWEtETmcKo6RNsXqER4K+M9BpRiL+13Lj67iY6Kxk
-            7xTcxNzzk5aXaVT8iUfKuh6fITr23CDfBVRgIw59AKINtQfCeofxdg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkN1NJV2RENExlcGxvcVRI
+            K0haNDlJb3lmT3VJOWZ5eTBjaWFYRm85elI4CnNkeUFVMThSck9mdzFlcG5IeGZJ
+            K2RyRHFhMlI2OHlLcVp6QlNQQ01rVjQKLS0tIFZMNG1Gc0tIMVdGWk1MNVUxbEVu
+            Vk1zZHNxaHRHOEE3TDdoeGxlMlVwQnMKdQT/ctoXHgPLsDQfW4jSAsIhk9nLfdaN
+            XuocOsjteIXdwNK120ANjrqbyyWoJ2WFnYvVXsy4uu9731WsANs44g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRUNtbnA5ZjBxNkpQdFVs
-            ejc0Z1huVkNNWVA3amczMzNqMVQ2NThwNDM4Cjc5a2lXckM5NWdva1BqbFFXdnhD
-            dTYxZlp1VEFaK1hGSVc5QmUrMzl6VTQKLS0tIHhQYUlYSkRSVTNxa3hWS0plWG50
-            WG92WDdZYXZjZEhGWFZpVmpTTTVUc00KLYBVIJj3hm75/qtApgUCDRHxT8m+qy3x
-            ymdV0aKTMmam9/POlDeKTvj+GNx/gZ0cWH8cmRCjSMstp3DgG0/Hzw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRm1XMmgvUGlId3FaYmNC
+            WkR4NlJWcDU5QVJCcGMxUVU2QWdrS3Y1SERZCmcyZWJkWGUrTmZQZ2syemt4SGZ4
+            YVVJRjdSWUZaTEx3ZEFRZW9TSEN5LzQKLS0tIFU0NjlvNWVkTWY1bDhreG91RWN5
+            WCtYQnFzMVo1ZmlRMW9DU1ZWM1EzR28KbP5JXNNTiFO/7XrnwAIzXgGHlApMS2u6
+            P+dUOFl3r7htybg7XK+Bf3vEwzozHzX7fthQH4oi90eopsYU3UNBsA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZmFJb2RDMUU2dU45d2hu
+            OGFWbTJCbnh6RW9VdVlLS0xDWnphUWtvSFVnClBTUm9VK0k2ZHhOTXhwZ29hck9u
+            QU81RXVsc0tLc1VHTWNrYU9oem1jZ2cKLS0tIERxeHNFTDNPb0xMYnk3MEdkNzdu
+            YW9WZkp5bHh4NzRhSU1xU0txWFF4M0UK3m3fIdnqaooRYHRA7GMwpCGDOR2YJv3F
+            4CogoEtSJe+SLJdEnMDOxxiaMDcw+aRJ8wSEchgAt/6gFzpAbGZhRA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSkdvZEdXU0dxVmRTbXly
+            V0d2a1c3MFRTcVdZWk1WT2JTaEtrTzRRQ1ZVCmUyQkdZTWlXWGRraVJueGZWTkpp
+            OHZiMjVzZDZwRThmNVlWQVNNbWVpRTQKLS0tIHFqODVYbC9Oc3ZKNmxGbkIraFdM
+            T0RXVHRzaWNjLzFXQTFMeS9YcXY3dUkKOBQCTIUOB7MHjJS3xMeUHaZ3NrgH37Gg
+            FaSKiVTaJgnjxhZgUIVg9Wq5HU77hx4dm/FS/aWMT8E8OZNL3YT1bQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-12-10T04:05:10Z"
     mac: ENC[AES256_GCM,data:73XfD7acH2PkT3DCO33tOkrdpdur8g7NkkXJp9OvRvqwdregVos++TmabA6/akrrRFPJkWwI2/Y5WZQjWzIkFWsFnzj0cl0Dv0sT69YrhpsidiaNMUbyIt+D29T0s4AIvccCjh64HSXJjWRPzLawIypJSQkkTzbQkIDsC2n6T98=,iv:s9Fn3CSllkRXM4qD70kHdveCnoRzOh70YNXjMTxcBqM=,tag:SKm6CwT1517DH6ldWpgVpg==,type:str]