hosts: add elnucentre

hosts/default.nix

@@ -167,4 +167,28 @@ in
       }
     ];
   };
+
+  elnucentre = lib.nixosSystem {
+    inherit system;
+    specialArgs = {
+      inherit user;
+    };
+    modules = configImports ++ [
+      ./elnucentre
+      {
+        networking.hostName = "elnucentre";
+      }
+      home-manager.nixosModules.home-manager {
+        home-manager = {
+          useUserPackages = true;
+          extraSpecialArgs = { inherit user; };
+          users.${user} = {
+            imports = hmImports ++ [
+              (import ./elnucentre/home.nix)
+            ];
+          };
+        };
+      }
+    ];
+  };
 }

hosts/elnucentre/default.nix

@@ -0,0 +1,26 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./modules/ssh.nix
+  ];
+
+  services.tailscale.enable = true;
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
+  boot.loader = {
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot";
+    };
+    grub = {
+      efiSupport = true;
+      device = "nodev";
+    };
+  };
+}

hosts/elnucentre/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/elnucentre/home.nix

@@ -0,0 +1,13 @@
+{ lib, ... }:
+
+{
+  imports = [
+    ../../modules/bash
+    ../../modules/neovim
+  ];
+  # Disable greeter, which is getting run twice somehow
+  programs.bash = with import ../../modules/bash/bashrc.nix; {
+    bashrcExtra = lib.mkForce bashrcExtra;
+    profileExtra = greeter;
+  };
+}

hosts/elnucentre/modules/ssh.nix

@@ -0,0 +1,11 @@
+{ user, ... }:
+
+let keys = [
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQNlGt62dBMojVCX7EUIia+wfSDfLzV4YCPi8SZ2xrp elnu@elnu.com" # elnu
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH62YpVC8GaZXE8CHfyl1yAXXdlUSGNkyE95whYdUpct elnu@elnu.com" # pang13
+]; in
+{
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+  users.users.${user}.openssh.authorizedKeys.keys = keys;
+}