nix: tucked away hosts

nix/configurations/host/bismuth/builders.nix

@@ -0,0 +1,74 @@
+{
+  nix.distributedBuilds = true;
+
+  # NOTE:
+  # https://github.com/NixOS/hydra/issues/584#issuecomment-1901289182
+  # use ssh-ng to "fix" not trusted user issue
+  nix.buildMachines = [
+    {
+      hostName = "carbon";
+      system = "x86_64-linux";
+      protocol = "ssh";
+      sshUser = "leana";
+      sshKey = "/Users/leana/.ssh/id_ed25519";
+      speedFactor = 2;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+      mandatoryFeatures = [ ];
+    }
+    {
+      hostName = "oracle";
+      system = "aarch64-linux";
+      protocol = "ssh-ng";
+      sshUser = "ubuntu";
+      sshKey = "/Users/leana/.ssh/id_ed25519";
+      speedFactor = 8;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+      mandatoryFeatures = [ ];
+    }
+    {
+      hostName = "paradize";
+      system = "aarch64-linux";
+      protocol = "ssh-ng";
+      sshUser = "leana";
+      sshKey = "/Users/leana/.ssh/id_ed25519";
+      speedFactor = 1;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+      mandatoryFeatures = [ ];
+    }
+    {
+      hostName = "hydrogen";
+      system = "aarch64-linux";
+      protocol = "ssh-ng";
+      sshUser = "leana";
+      sshKey = "/Users/leana/.ssh/id_ed25519";
+      speedFactor = 1;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+      mandatoryFeatures = [ ];
+    }
+  ];
+
+  # optional, useful when the builder has a faster internet connection than yours
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+}

nix/configurations/host/bismuth/default.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  imports = [ ./builders.nix ];
+
+  environment.systemPackages = [
+    pkgs.vim
+    pkgs.gnumake
+    pkgs.gnused
+    pkgs.cachix
+  ];
+}

nix/configurations/host/carbon/age.nix

@@ -0,0 +1,14 @@
+{
+  age = {
+    identityPaths = [ "/home/leana/.ssh/id_ed25519" ];
+    secrets.sshconcfig = {
+      file = ../../secrets/sshconfig.age;
+      path = "/home/leana/.ssh/config";
+      mode = "644";
+      owner = "leana";
+    };
+    secrets.wpa_password.file = ../../secrets/wpa_password.age;
+    secrets.wireguard_priv.file = ../../secrets/wireguard_priv.age;
+    secrets.wireguard_psk.file = ../../secrets/wireguard_psk.age;
+  };
+}

nix/configurations/host/carbon/audio.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  sound = {
+    enable = true;
+    mediaKeys.enable = true;
+  };
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  environment.systemPackages = [
+    pkgs.helvum
+    pkgs.pavucontrol
+    pkgs.easyeffects
+  ];
+}

nix/configurations/host/carbon/battery.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  systemd.services.battery-charge-threshold = {
+    enable = true;
+    description = "Set the battery charge threshold";
+    unitConfig = {
+      After = "multi-user.target";
+      StartLimitBurst = 0;
+    };
+    serviceConfig = {
+      User = "root";
+      Group = "root";
+      Type = "oneshot";
+      Restart = "on-failure";
+      ExecStart = "${pkgs.bash}/bin/bash -c 'echo 70 > /sys/class/power_supply/BAT1/charge_control_start_threshold; echo 80 > /sys/class/power_supply/BAT1/charge_control_end_threshold'";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

nix/configurations/host/carbon/bluetooth.nix

@@ -0,0 +1,15 @@
+{
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  # FIXME: this breaks the handsfree microphone mode for XM4
+  # environment.etc = {
+  #   "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+  #     bluez_monitor.properties = {
+  #       ["bluez5.enable-sbc-xq"] = true,
+  #       ["bluez5.enable-msbc"] = true,
+  #       ["bluez5.enable-hw-volume"] = true,
+  #       ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+  #     }
+  #   '';
+  # };
+}

nix/configurations/host/carbon/certs/universite_de_rennes.pem

@@ -0,0 +1,97 @@
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
+s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
+vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
+Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
+IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
+tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
+xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
+icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
+D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
+5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
+KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
+EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
+ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
+BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
+L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
+BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
+A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
+rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
+/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
+CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
+zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
+vGp4z7h/jnZymQyd/teRCBaho1+V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
+gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
+ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
+MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
+BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
+r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
+PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
+LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
+TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
+TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
+FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
+d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
+2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
+URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
+NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
+lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
+K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
+BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
+AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
+Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
+BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
+AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
+lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
+hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
+AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
+ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
+48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
+EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
+bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
+vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
+apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
+Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
+-----END CERTIFICATE-----
+

nix/configurations/host/carbon/default.nix

@@ -0,0 +1,52 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ./age.nix
+    ./battery.nix
+    ./gui.nix
+    ./locale.nix
+    ./audio.nix
+    ./networking.nix
+    ./bluetooth.nix
+    ./packages.nix
+    ./virt.nix
+  ];
+
+  system.stateVersion = "24.05";
+
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  users.users.leana = {
+    uid = 1000;
+    isNormalUser = true;
+    description = "leana";
+    extraGroups = [
+      "wheel" # sudoers
+      "video" # light
+      "audio" # pipewire
+      "docker"
+      "vboxusers"
+    ];
+    packages = [ ];
+  };
+
+  nix.settings.trusted-users = [
+    "root"
+    "@wheel"
+  ];
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 15d";
+  };
+
+  nix.optimise = {
+    automatic = true;
+    dates = [ "weekly" ];
+  };
+}

nix/configurations/host/carbon/gui.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+{
+  services = {
+    xserver.enable = true;
+
+    xserver = {
+      autoRepeatDelay = 300;
+      autoRepeatInterval = 40;
+    };
+
+    picom.enable = true;
+    xserver.displayManager.lightdm = {
+      enable = true;
+      background = "#000000";
+      greeters.gtk.cursorTheme = {
+        name = "Adwaita";
+        package = pkgs.gnome.adwaita-icon-theme;
+        size = 32;
+      };
+    };
+    xserver.windowManager.xmonad = {
+      enable = true;
+      enableContribAndExtras = true;
+      extraPackages = hp: [ hp.neat-interpolation ];
+    };
+
+    libinput = {
+      mouse = {
+        naturalScrolling = true;
+        accelSpeed = "-0.5";
+      };
+      touchpad = {
+        naturalScrolling = true;
+        tapping = false;
+      };
+    };
+  };
+
+  programs.light.enable = true;
+}

nix/configurations/host/carbon/hardware-configuration.nix

@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/7810e3a3-fed9-4c2d-8a39-a6063d0863cf";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-a80f77f5-9c77-4730-aa0b-2a496c32f44b".device = "/dev/disk/by-uuid/a80f77f5-9c77-4730-aa0b-2a496c32f44b";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E63B-47B3";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/2fd42520-5c2c-4d64-82ba-613033d34799"; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nix/configurations/host/carbon/locale.nix

@@ -0,0 +1,137 @@
+{ pkgs, ... }:
+{
+  time.timeZone = "Europe/Paris";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "fr_FR.UTF-8";
+      LC_IDENTIFICATION = "fr_FR.UTF-8";
+      LC_MEASUREMENT = "fr_FR.UTF-8";
+      LC_MONETARY = "fr_FR.UTF-8";
+      LC_NAME = "fr_FR.UTF-8";
+      LC_NUMERIC = "fr_FR.UTF-8";
+      LC_PAPER = "fr_FR.UTF-8";
+      LC_TELEPHONE = "fr_FR.UTF-8";
+      LC_TIME = "fr_FR.UTF-8";
+    };
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+      "fr_FR.UTF-8/UTF-8"
+      "zh_TW.UTF-8/UTF-8"
+    ];
+  };
+
+  i18n.inputMethod.enabled = "fcitx5";
+  i18n.inputMethod.fcitx5.addons = [
+    pkgs.fcitx5-chinese-addons
+    pkgs.fcitx5-table-extra
+  ];
+  i18n.inputMethod.fcitx5.ignoreUserConfig = true;
+
+  i18n.inputMethod.fcitx5.settings.inputMethod = {
+    "Groups/0" = {
+      "Name" = "gCangjie";
+      "Default Layout" = "us";
+      "DefaultIM" = "cangjie5";
+    };
+    "Groups/0/Items/0" = {
+      "Name" = "cangjie5";
+      "Layout" = null;
+    };
+
+    "Groups/1" = {
+      "Name" = "gDvorak";
+      "Default Layout" = "myDvorak";
+      "DefaultIM" = "keyboard-myDvorak";
+    };
+    "Groups/1/Items/0" = {
+      "Name" = "keyboard-myDvorak";
+      "Layout" = null;
+    };
+
+    "Groups/2" = {
+      "Name" = "gDvorakFrench";
+      "Default Layout" = "myDvorakFrench";
+      "DefaultIM" = "keyboard-myDvorakFrench";
+    };
+    "Groups/2/Items/0" = {
+      "Name" = "keyboard-myDvorakFrench";
+      "Layout" = null;
+    };
+
+    "GroupOrder" = {
+      "0" = "gDvorak";
+      "1" = "gDvorakFrench";
+      "2" = "gCangjie";
+    };
+  };
+  i18n.inputMethod.fcitx5.settings.globalOptions = {
+    Hotkey = {
+      EnumerateWithTriggerKeys = true;
+      EnumerateForwardKeys = null;
+      EnumerateBackwardKeys = null;
+      EnumerateSkipFirst = null;
+    };
+
+    "Hotkey/TriggerKeys" = { };
+    "Hotkey/AltTriggerKeys" = {
+      "0" = "Shift_L";
+    };
+    "Hotkey/EnumerateGroupForwardKeys" = {
+      "0" = "Control+space";
+    };
+    "Hotkey/EnumerateGroupBackwardKeys" = {
+      "0" = "Control+Shift+space";
+    };
+
+    "Hotkey/PrevPage" = {
+      "0" = "Up";
+    };
+    "Hotkey/NextPage" = {
+      "0" = "Down";
+    };
+    "Hotkey/PrevCandidate" = {
+      "0" = "Shift+Tab";
+    };
+    "Hotkey/NextCandidate" = {
+      "0" = "Tab";
+    };
+
+    Behavior = {
+      ActiveByDefault = false;
+      ShareInputState = "No";
+      PreeditEnabledByDefault = true;
+      ShowInputMethodInformation = true;
+      ShowInputMethodInformationWhenFocusIn = false;
+      CompactInputmethodInformation = true;
+      ShowFirstInputMethodInformation = true;
+      DefaultPageSize = "5";
+      OverriedXkbOption = false;
+      CustomXkbOption = null;
+      EnabledAddons = null;
+      DisabledAddons = null;
+      PreloadInputMethod = true;
+      AllowInputMethodForPassword = false;
+      ShowPreeditForPassword = false;
+      AutoSavePeriod = "30";
+    };
+  };
+
+  i18n.inputMethod.fcitx5.settings.addons = {
+    classicui.globalSection = {
+      "Vertical Candidate List" = false;
+      WheelForPaging = true;
+      Font = "HanaMinB 12";
+      MenuFont = "HanaMinB 12";
+      TrayFont = "HanaMinB 12";
+      PreferTextIcon = false;
+      ShowLayoutNameInIcon = true;
+      UseInputMethodLanguageToDisplayText = true;
+      Theme = "default";
+      DarkTheme = "default-dark";
+      UseDarkTheme = false;
+      UseAccentColor = true;
+      PerScreenDPI = false;
+    };
+  };
+}

nix/configurations/host/carbon/networking.nix

@@ -0,0 +1,95 @@
+{
+  config,
+  hostname,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  networking.hostName = hostname;
+
+  networking.networkmanager.enable = lib.mkForce false;
+
+  services.openssh.enable = true;
+
+  fileSystems =
+    let
+      opts = [
+        "noauto"
+        "x-systemd.automount"
+        "x-systemd.idle-timeout=60"
+        "x-systemd.device-timeout=5s"
+        "x-systemd.mount-timeout=5s"
+      ];
+    in
+    {
+      "/mnt/data" = {
+        device = "10.0.0.20:/mnt/mainPool/data";
+        fsType = "nfs";
+        options = opts;
+      };
+      "/mnt/archive" = {
+        device = "10.0.0.20:/mnt/mainPool/data/Archive";
+        fsType = "nfs";
+        options = opts;
+      };
+      "/mnt/documents" = {
+        device = "10.0.0.20:/mnt/mainPool/data/Documents";
+        fsType = "nfs";
+        options = opts;
+      };
+    };
+
+  networking.wireless = {
+    enable = true;
+    userControlled.enable = true;
+    environmentFile = config.age.secrets.wpa_password.path;
+    # To add networks: https://nixos.wiki/wiki/Wpa_supplicant
+    networks = {
+      "HiddenParadize@Earth2077".psk = "@HOME@";
+      "iPhone de Léana 江".psk = "@PHONE@";
+      eduroam = {
+        authProtocols = [ "WPA-EAP" ];
+        auth = ''
+          pairwise=CCMP
+          group=CCMP TKIP
+          eap=PEAP
+          ca_cert="${./certs/universite_de_rennes.pem}"
+          identity="@EDUROAM_ID@"
+          altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
+          phase2="auth=MSCHAPV2"
+          password="@EDUROAM_PSK_L@&@EDUROAM_PSK_R@"
+          anonymous_identity="anonymous@univ-rennes.fr"
+        '';
+      };
+    };
+  };
+
+  systemd.targets.wireguard-wg0.wantedBy = lib.mkForce [ ];
+  networking.wireguard = {
+    interfaces = {
+      wg0 = {
+        ips = [ "10.66.66.50/32" ];
+        privateKeyFile = config.age.secrets.wireguard_priv.path;
+        postSetup = ''
+          ${pkgs.iproute}/bin/ip route replace 10.66.66.1 dev wg0
+          ${pkgs.iproute}/bin/ip route replace 10.0.0.20 via 10.66.66.1 dev wg0
+          ${pkgs.iproute}/bin/ip route replace 10.0.0.31 via 10.66.66.1 dev wg0
+        '';
+        peers = [
+          {
+            publicKey = "amb6icauPN4P/suyNZoPsVVkB5+MiAnhFF6hIeUiNFE=";
+            presharedKeyFile = config.age.secrets.wireguard_psk.path;
+            allowedIPs = [
+              "10.66.66.1/32"
+              "10.0.0.20/32"
+              "10.0.0.31/32"
+            ];
+            endpoint = "moon.earth2077.fr:660";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}

nix/configurations/host/carbon/packages.nix

@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    pkgs.curl
+    pkgs.stow
+    pkgs.gcc
+
+    pkgs.agenix
+  ];
+
+  programs.vim.defaultEditor = true;
+  programs.git.enable = true;
+  # TODO: moved to home-manager, verify this
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   pinentryPackage = pkgs.pinentry-curses;
+  #   settings = {
+  #     default-cache-ttl = 1209600;
+  #     max-cache-ttl = 1209600;
+  #   };
+  # };
+  programs.dconf.enable = true;
+  services.gnome.gnome-keyring.enable = true;
+}

nix/configurations/host/carbon/virt.nix

@@ -0,0 +1,6 @@
+{
+  virtualisation = {
+    docker.enable = true;
+    virtualbox.host.enable = true;
+  };
+}

nix/configurations/host/tungsten/default.nix

@@ -0,0 +1 @@
+{ }