feat: add new device.

hosts/tyr/configuration.nix

@@ -0,0 +1,141 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Get nicer hostname
+  networking.hostName = "tyr"; # Define your hostname.
+
+  # Enable flakes
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Setup gpu
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Zagreb";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "hr_HR.UTF-8";
+    LC_IDENTIFICATION = "hr_HR.UTF-8";
+    LC_MEASUREMENT = "hr_HR.UTF-8";
+    LC_MONETARY = "hr_HR.UTF-8";
+    LC_NAME = "hr_HR.UTF-8";
+    LC_NUMERIC = "hr_HR.UTF-8";
+    LC_PAPER = "hr_HR.UTF-8";
+    LC_TELEPHONE = "hr_HR.UTF-8";
+    LC_TIME = "hr_HR.UTF-8";
+  };
+
+  # Enable seatd
+  services.seatd.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+  };
+  # Fix not saving my state
+  hardware.alsa.enablePersistence = true;
+
+  # Enable polkit
+  security.polkit.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.crony = {
+    isNormalUser = true;
+    description = "Crony";
+    # hashedPasswordFile = "${config.age.secrets.crony-passwd.path}";
+    extraGroups = ["networkmanager" "wheel" "video" "input" "audio" "gamemode" "seat" "realtime"];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+    ];
+  };
+
+  # users.users.root.hashedPasswordFile = "${config.age.secrets.root-passwd.path}";
+
+  # users.mutableUsers = false;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Setup community cache
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+
+  # Optimise storage
+  nix.optimise = {
+    automatic = true;
+    dates = ["weekly"];
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+    lm_sensors
+    libva-utils
+    alsa-utils
+    neovim
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      PubkeyAuthentication yes
+      PermitEmptyPasswords no
+
+      AddressFamily inet
+      MaxAuthTries 3
+    '';
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+  ];
+
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "65.21.241.194"
+    ];
+  };
+
+  crony.secrets.enable = true;
+
+  # Enable nixd to see nixpkgs path
+  nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+
+  # DO NOT CHANGE
+  system.stateVersion = "24.11";
+}