wake on lan udev, SSH initrd, flake lock update, TODO nix settings

nix-config/host/materusPC/boot.nix

@@ -0,0 +1,94 @@
+{
+  pkgs,
+  lib,
+  materusArgs,
+  mkk,
+  ...
+}:
+{
+  boot.supportedFilesystems = [
+    "ntfs"
+    "btrfs"
+    "vfat"
+    "exfat"
+    "ext4"
+  ];
+
+  boot.tmp.useTmpfs = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    device = "nodev";
+    gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
+    gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
+    useOSProber = true;
+    memtest86.enable = true;
+  };
+
+  boot.plymouth.enable = true;
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  boot.kernelParams = [ "ip=${mkk.local}" ];
+  # Use latest kernel.
+  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
+
+  boot.initrd = {
+
+    availableKernelModules = [
+      "r8169"
+      "wireguard"
+    ];
+    luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
+    luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
+    secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard";
+    systemd = {
+      enable = true;
+      network = {
+        netdevs."30-wg-initrd" = {
+          netdevConfig = {
+            Kind = "wireguard";
+            Name = "wg-initrd";
+          };
+          wireguardConfig = {
+            PrivateKeyFile = "/etc/secrets/30-wg-initrd.key";
+          };
+          wireguardPeers = [
+            {
+              AllowedIPs = [
+                "${mkk.wireguard.ip-masks.main}"
+                "${mkk.wireguard.peers.valkyrie.ip}/32"
+              ];
+              PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}";
+              Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
+              PersistentKeepalive = 25;
+            }
+          ];
+        };
+        networks."30-wg-initrd" = {
+          name = "wg-initrd";
+          addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ];
+        };
+        networks."10-lan" = {
+          matchConfig.Name = "eno1";
+          networkConfig.DHCP = "yes";
+        };
+
+      };
+    };
+    network = {
+      enable = true;
+      flushBeforeStage2 = true;
+      ssh = {
+        enable = true;
+        port = 22;
+        authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ];
+        hostKeys = [
+          "/mkk/keys/ssh_host_ed25519_key"
+          "/mkk/keys/ssh_host_rsa_key"
+        ];
+      };
+    };
+  };
+}

nix-config/host/materusPC/configuration.nix

@@ -17,14 +17,6 @@ let
   });
 in
 {
-  # Use the systemd-boot EFI boot loader.
-
-  boot.plymouth.enable = true;
-
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  # Use latest kernel.
-  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
 
   # Set your time zone.
   time.timeZone = "Europe/Warsaw";

nix-config/host/materusPC/default.nix

@@ -6,6 +6,7 @@
     ./audio.nix
     ./network.nix
     ./services.nix
+    ./boot.nix
 
     ./virtualization/libvirt.nix
     ./virtualization/vfio.nix

nix-config/host/materusPC/hardware-configuration.nix

@@ -76,25 +76,6 @@ in
   ]
   ++ video;
 
-  boot.supportedFilesystems = [
-    "ntfs"
-    "btrfs"
-    "vfat"
-    "exfat"
-    "ext4"
-  ];
-  boot.tmp.useTmpfs = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = true;
-    device = "nodev";
-    gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
-    gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
-    useOSProber = true;
-    memtest86.enable = true;
-  };
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/materusPC_ROOT";
@@ -108,9 +89,6 @@ in
     ];
   };
 
-  boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
-  boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
-
   fileSystems."/home" = {
     device = "/dev/disk/by-label/materusPC_ROOT";
     fsType = "btrfs";

nix-config/host/materusPC/network.nix

@@ -46,4 +46,7 @@
       proxy = { };
     };
   };
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g"
+  '';
 }

nix-config/host/materusPC/services.nix

@@ -3,8 +3,12 @@
   imports = [
     #region KDE
     {
-      services.displayManager.sddm.enable = true;
-      services.displayManager.sddm.wayland.enable = true;
+      services.displayManager = {
+        autoLogin.enable = true;
+        autoLogin.user = "materus";
+        sddm.enable = true;
+        sddm.wayland.enable = true;
+      };
 
       services.desktopManager.plasma6.enable = true;
       services.desktopManager.plasma6.enableQt5Integration = true;
@@ -40,7 +44,7 @@
   #endregion
   programs.kdeconnect.enable = true;
   services.libinput.enable = true;
-  
+
   services.dbus.enable = true;
   services.dbus.packages = [ pkgs.gcr ];