From a68a903b9ed3ec748841ba3c7f5ad6714f3d475d Mon Sep 17 00:00:00 2001
From: Hektor Misplon <hektor.misplon@pm.me>
Date: Tue, 11 Nov 2025 23:35:48 +0100
Subject: [PATCH] Set up astyanax host

---
 flake.nix                        |  16 ++++-
 home/hosts/astyanax/default.nix  | 101 +++++++++++++++++++++++++++++++
 home/hosts/vm/default.nix        | 101 +------------------------------
 home/hosts/work/packages.nix     |   3 +-
 hosts/astyanax/configuration.nix |  46 ++++++++++++++
 hosts/astyanax/hard.nix          |  38 ++++++++++++
 hosts/vm/configuration.nix       |   4 +-
 7 files changed, 205 insertions(+), 104 deletions(-)
 create mode 100644 home/hosts/astyanax/default.nix
 create mode 100644 hosts/astyanax/configuration.nix
 create mode 100644 hosts/astyanax/hard.nix

diff --git a/flake.nix b/flake.nix
index e1ea647..836472b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,7 +44,21 @@
             home-manager.nixosModules.home-manager
             ./hosts/vm/configuration.nix
             nix-topology.nixosModules.default
-            { environment.systemPackages = [ nvim.packages.x86_64-linux.nvim ]; }
+            {
+              environment.systemPackages = [ nvim.packages.x86_64-linux.nvim ];
+            }
+          ];
+        };
+        astyanax = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            disko.nixosModules.disko
+            home-manager.nixosModules.home-manager
+            ./hosts/astyanax/configuration.nix
+            nix-topology.nixosModules.default
+            {
+              environment.systemPackages = [ nvim.packages.x86_64-linux.nvim ];
+            }
           ];
         };
       };
diff --git a/home/hosts/astyanax/default.nix b/home/hosts/astyanax/default.nix
new file mode 100644
index 0000000..5fb624a
--- /dev/null
+++ b/home/hosts/astyanax/default.nix
@@ -0,0 +1,101 @@
+{ config, pkgs, ... }:
+
+{
+  home.stateVersion = "25.05";
+
+  home.username = "h";
+  home.homeDirectory = "/home/h";
+
+  programs = {
+    bash = {
+      enable = true;
+      enableCompletion = true;
+      initExtra = ''
+        for f in ${config.home.homeDirectory}/.bashrc.d/*; do
+          [ -f "$f" ] && source "$f"
+        done
+
+        source ${config.home.homeDirectory}/.bash_aliases/all
+        source ${config.home.homeDirectory}/.bash_aliases/lang-js
+
+        # host-specific config goes here
+        # ...
+
+        export PATH=${../../../dots/.bin}:$PATH
+      '';
+    };
+    firefox.enable = true;
+    fzf = {
+      enable = true;
+      enableBashIntegration = true;
+    };
+    git.enable = true;
+    home-manager.enable = true;
+  };
+
+  home.packages = with pkgs; [
+    bash-completion
+    bash-language-server
+    bat
+    brightnessctl
+    entr
+    eslint_d
+    feh
+    firefox-devedition
+    fzf
+    git
+    haskell-language-server
+    haskellPackages.pandoc-crossref
+    haskellPackages.hadolint
+    htop
+    jq
+    keepassxc
+    kitty
+    lua-language-server
+    # neovim
+    nixfmt-rfc-style
+    nmap
+    nodejs_24
+    nodePackages.ts-node
+    nvimpager
+    ormolu
+    pandoc
+    parallel
+    pass
+    pnpm
+    ripgrep
+    silver-searcher
+    sshfs
+    stylelint
+    svelte-language-server
+    tailwindcss-language-server
+    taskwarrior3
+    tldr
+    tmux
+    tmuxp
+    tree
+    tree-sitter
+    typescript-language-server
+    unzip
+    vim-language-server
+    vimPlugins.vim-plug
+    vtsls
+    wget
+    xbanish
+    xclip
+    yaml-language-server
+  ];
+
+  home.file = {
+    ".inputrc".source = ../../../dots/.inputrc;
+    ".bashrc.d/prompt".source = ../../../dots/.bashrc.d/prompt;
+    ".bashrc.d/editor".source = ../../../dots/.bashrc.d/editor;
+    ".bash_aliases/all".source = ../../../dots/.bash_aliases/all;
+    ".bash_aliases/lang-js".source = ../../../dots/.bash_aliases/lang-js;
+    ".config/kitty/kitty.conf".source = ../../../dots/.config/kitty/kitty.conf;
+    ".config/kitty/themes/zenwritten_light.conf".source =
+      ../../../dots/.config/kitty/themes/zenwritten_light.conf;
+    ".config/kitty/themes/zenwritten_dark.conf".source =
+      ../../../dots/.config/kitty/themes/zenwritten_dark.conf;
+  };
+}
diff --git a/home/hosts/vm/default.nix b/home/hosts/vm/default.nix
index 53caf8c..8548ecf 100644
--- a/home/hosts/vm/default.nix
+++ b/home/hosts/vm/default.nix
@@ -1,100 +1 @@
-{ config, pkgs, ... }:
-
-{
-  home.stateVersion = "25.05";
-
-  home.username = "h";
-  home.homeDirectory = "/home/h";
-
-  programs = {
-    bash = {
-      enable = true;
-      enableCompletion = true;
-      initExtra = ''
-        for f in ${config.home.homeDirectory}/.bashrc.d/*; do
-          [ -f "$f" ] && source "$f"
-        done
-
-        source ${config.home.homeDirectory}/.bash_aliases/all
-        source ${config.home.homeDirectory}/.bash_aliases/lang-js
-
-        # host-specific config goes here
-        # ...
-
-        export PATH=${../../../dots/.bin}:$PATH
-      '';
-    };
-    firefox.enable = true;
-    fzf = {
-      enable = true;
-      enableBashIntegration = true;
-    };
-    git.enable = true;
-    home-manager.enable = true;
-  };
-
-  home.packages = with pkgs; [
-    bash-completion
-    bash-language-server
-    bat
-    brightnessctl
-    entr
-    eslint_d
-    feh
-    firefox-devedition
-    fzf
-    git
-    haskell-language-server
-    haskellPackages.pandoc-crossref
-    haskellPackages.hadolint
-    htop
-    jq
-    keepassxc
-    kitty
-    lua-language-server
-    # neovim
-    nmap
-    nodejs_24
-    nodePackages.ts-node
-    nvimpager
-    ormolu
-    pandoc
-    parallel
-    pass
-    pnpm
-    ripgrep
-    silver-searcher
-    sshfs
-    stylelint
-    svelte-language-server
-    tailwindcss-language-server
-    taskwarrior3
-    tldr
-    tmux
-    tmuxp
-    tree
-    tree-sitter
-    typescript-language-server
-    unzip
-    vim-language-server
-    vimPlugins.vim-plug
-    vtsls
-    wget
-    xbanish
-    xclip
-    yaml-language-server
-  ];
-
-  home.file = {
-    ".inputrc".source = ../../../dots/.inputrc;
-    ".bashrc.d/prompt".source = ../../../dots/.bashrc.d/prompt;
-    ".bashrc.d/editor".source = ../../../dots/.bashrc.d/editor;
-    ".bash_aliases/all".source = ../../../dots/.bash_aliases/all;
-    ".bash_aliases/lang-js".source = ../../../dots/.bash_aliases/lang-js;
-    ".config/kitty/kitty.conf".source = ../../../dots/.config/kitty/kitty.conf;
-    ".config/kitty/themes/zenwritten_light.conf".source =
-      ../../../dots/.config/kitty/themes/zenwritten_light.conf;
-    ".config/kitty/themes/zenwritten_dark.conf".source =
-      ../../../dots/.config/kitty/themes/zenwritten_dark.conf;
-  };
-}
+import ../astyanax
diff --git a/home/hosts/work/packages.nix b/home/hosts/work/packages.nix
index 1de47f0..eb5f947 100644
--- a/home/hosts/work/packages.nix
+++ b/home/hosts/work/packages.nix
@@ -1,3 +1,4 @@
 { pkgs, config, ... }:
 
-with pkgs; [ ]
+with pkgs;
+[ ]
diff --git a/hosts/astyanax/configuration.nix b/hosts/astyanax/configuration.nix
new file mode 100644
index 0000000..31947f5
--- /dev/null
+++ b/hosts/astyanax/configuration.nix
@@ -0,0 +1,46 @@
+{ ... }:
+
+{
+  system.stateVersion = "25.05";
+
+  imports = [
+    ./hard.nix
+    ../../modules/bootloader.nix
+    ../../modules/disko.zfs-encrypted-root.nix
+    ../../modules/keyboard
+    ../../modules/networking.nix
+    ../../modules/users.nix
+    ../../modules/audio.nix
+    ../../modules/printing.nix
+    ../../modules/localization.nix
+    ../../modules/fonts
+    ../../modules/ssh/hardened-openssh.nix
+  ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  services.xserver = {
+    displayManager.gdm.enable = true;
+    displayManager.gdm.wayland = true;
+    desktopManager.gnome.enable = true;
+  };
+
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    users.h = ../../home/hosts/astyanax;
+  };
+
+  networking.hostId = "80eef97e";
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  services.openssh = {
+    enable = true;
+    harden = true;
+  };
+}
diff --git a/hosts/astyanax/hard.nix b/hosts/astyanax/hard.nix
new file mode 100644
index 0000000..9c89f61
--- /dev/null
+++ b/hosts/astyanax/hard.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "uas"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix
index c02c577..41e703c 100644
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -23,6 +23,8 @@
     "flakes"
   ];
 
+  nixpkgs.config.allowUnfree = true;
+
   disko = {
     devices.disk.main.device = "/dev/vda";
     devices.disk.main.imageName = "nixos-vm";
@@ -41,8 +43,6 @@
     };
   };
 
-  nixpkgs.config.allowUnfree = true;
-
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;