feat: add new device.

hosts/tyr/configuration.nix

@@ -0,0 +1,141 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Get nicer hostname
+  networking.hostName = "tyr"; # Define your hostname.
+
+  # Enable flakes
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Setup gpu
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Zagreb";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "hr_HR.UTF-8";
+    LC_IDENTIFICATION = "hr_HR.UTF-8";
+    LC_MEASUREMENT = "hr_HR.UTF-8";
+    LC_MONETARY = "hr_HR.UTF-8";
+    LC_NAME = "hr_HR.UTF-8";
+    LC_NUMERIC = "hr_HR.UTF-8";
+    LC_PAPER = "hr_HR.UTF-8";
+    LC_TELEPHONE = "hr_HR.UTF-8";
+    LC_TIME = "hr_HR.UTF-8";
+  };
+
+  # Enable seatd
+  services.seatd.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+  };
+  # Fix not saving my state
+  hardware.alsa.enablePersistence = true;
+
+  # Enable polkit
+  security.polkit.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.crony = {
+    isNormalUser = true;
+    description = "Crony";
+    # hashedPasswordFile = "${config.age.secrets.crony-passwd.path}";
+    extraGroups = ["networkmanager" "wheel" "video" "input" "audio" "gamemode" "seat" "realtime"];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+    ];
+  };
+
+  # users.users.root.hashedPasswordFile = "${config.age.secrets.root-passwd.path}";
+
+  # users.mutableUsers = false;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Setup community cache
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+
+  # Optimise storage
+  nix.optimise = {
+    automatic = true;
+    dates = ["weekly"];
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+    lm_sensors
+    libva-utils
+    alsa-utils
+    neovim
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      PubkeyAuthentication yes
+      PermitEmptyPasswords no
+
+      AddressFamily inet
+      MaxAuthTries 3
+    '';
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+  ];
+
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "65.21.241.194"
+    ];
+  };
+
+  crony.secrets.enable = true;
+
+  # Enable nixd to see nixpkgs path
+  nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+
+  # DO NOT CHANGE
+  system.stateVersion = "24.11";
+}

hosts/tyr/disk-config.nix

@@ -0,0 +1,55 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"];
+                subvolumes = {
+                  "@" = {
+                    mountpoint = "/";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@home" = {
+                    mountpoint = "/home";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/tyr/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}