transient system

flake.nix

@@ -93,6 +93,16 @@
       ];
     };
 
+    nixosConfigurations.transient = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = base-modules ++ [
+        ./nixos/transient/configuration.nix
+        ./nixos/shared/user-system.nix
+        ./nixos/shared/graphical.nix
+        (rachel-home-module system)
+      ];
+    };
+
     nixosConfigurations.computational = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
       modules = base-modules ++ [

nixos/shared/user-system.nix

@@ -38,13 +38,13 @@
     options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ];
   };
 
-  fileSystems."/mnt/eta" =
-  let secrets = import ../../secrets/eta.nix;
-  in {
-    device = "//192.168.30.33/users";
-    fsType = "cifs";
-    options = [ "username=${secrets.etaUser}" "password=${secrets.etaPass}" "uid=1000" "gid=1000" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ];
-  };
+  # fileSystems."/mnt/eta" =
+  # let secrets = import ../../secrets/eta.nix;
+  # in {
+    # device = "//192.168.30.33/users";
+    # fsType = "cifs";
+    # options = [ "username=${secrets.etaUser}" "password=${secrets.etaPass}" "uid=1000" "gid=1000" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ];
+  # };
 
   services.xserver = {
     xkb = {

nixos/transient/configuration.nix

@@ -0,0 +1,43 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # HW
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+    extraPackages = with pkgs; [
+      intel-ocl
+      intel-compute-runtime
+      intel-media-driver
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+    ];
+  };
+  hardware.bluetooth.enable = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "transient";
+  networking.networkmanager = {
+    enable = true;
+    wifi.powersave = true;
+    wifi.scanRandMacAddress = true;
+    wifi.macAddress = "random";
+  };
+
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
+

nixos/transient/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/b8c4fa67-322b-46a7-9fe9-8dc5d020f891";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A4F2-F615";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/dc2f5eb3-3447-4ae6-adc9-790adee78555"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/transient/lam.nix

@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+{
+  # [HARDWARE]
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+    extraPackages = with pkgs; [
+      intel-ocl
+      intel-compute-runtime
+      intel-media-driver
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+    ];
+  };
+  hardware.bluetooth.enable = true;
+  services.logind = {
+    lidSwitch = "hibernate";
+    lidSwitchDocked = "ignore";
+    lidSwitchExternalPower = "hibernate";
+  };
+  services.udev.extraRules = ''
+    KERNEL=="0000:00:14.0", SUBSYSTEM=="pci", ATTR{power/wakeup}="disabled"
+  '';
+
+  # [BOOT / DISK ENCRYPTION]
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    efiSupport = true;
+    enableCryptodisk = true;
+    theme = ../../resources/grub-theme;
+  };
+
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.initrd = {
+    availableKernelModules = [ "aesni_intel" "cryptd" ];
+    secrets = { "/boot/key" = "/boot/key"; };
+    luks.mitigateDMAAttacks = true;
+    luks.devices = {
+      root = {
+        device = "/dev/disk/by-uuid/91114176-b6cc-4454-89df-e2bf5c1fac0a";
+        keyFile = "/boot/key";
+        preLVM = true;
+      };
+    };
+  };
+
+  # [NETWORKING]
+  networking.hostName = "lambda";
+  networking.networkmanager = {
+    enable = true;
+    wifi.powersave = true;
+    wifi.scanRandMacAddress = true;
+    wifi.macAddress = "random";
+  };
+
+  system.stateVersion = "24.05";
+}