first commit

hosts/common/global/default.nix

@@ -0,0 +1,7 @@
+{
+  inputs,
+  outputs,
+  ...
+}: {
+
+}

hosts/common/users/dwessels/default.nix

@@ -0,0 +1,41 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.dwessels = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "audio"
+      "deluge"
+      "docker"
+      "git"
+      "i2c"
+      "libvirtd"
+      "mysql"
+      "network"
+      "plugdev"
+      "video"
+      "wheel"
+      "wireshark"
+   ];
+   hashedPasswordFile = config.sops.secrets.dwessels-password.path;
+  };
+
+  sops.secrets.dwessels-password = {
+    sopsFile = ../../secrets.yaml;
+    neededForUsers = true;
+  };
+
+  home-manager.users.dwessels = import ../../../../home/dwessels/${config.networking.hostName}.nix;
+
+  security.pam.services = {
+    swaylock = {};
+    hyprlock = {};
+  };
+}

hosts/common/users/secrets.yaml

@@ -0,0 +1,17 @@
+dwessels-password: ENC[AES256_GCM,data:5FIfaQxiCOWT/uaf,iv:KyYcbVYyzC6lj4B4SOKtAgLLDIuB1HPbszBf654USSc=,tag:ndZ6BWqMAWeGv/y+htLizw==,type:str]
+sops:
+    age:
+        - recipient: age1yubikey1qvztykl49tq9njv2qhaqs9lm43mpfjkrgjlddhyp9tu6mgngxzg8v7v9rql
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDgwUnBpQSBBN0JXQW5Q
+            bzhUUjNtdmp6MUFjcG1UMlBaa2RNUDlYalJpOEdxNUhjQ3FHNQpEWE1idHp6ZFc1
+            VmdGUFRHNmZ5VHhyRzRHOCt0dmZMeEUyb1A4OE9yWm5nCi0tLSBhaU80aEJMZWxE
+            dkd5cnNYb3VNUFM0aGE3cUdsZDFORTNha2Z3UTZ6dWlFChMForXFy2Z0vq/ba0Fb
+            vlWRL14GHg2LinIyS1+2z8KwYfEp2mkIhg1y8/j+uraqFH2HQEM/3TOzTg9D/7Dw
+            JoQ=
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-30T23:40:22Z"
+    mac: ENC[AES256_GCM,data:4czv8j8VZ7WsU1cpULCgZDazoeI5f9vtrK8fuP2Y4y/H1HG1iRPq8TsEvB7Y5xIdXc8ZF9ff6r30KaNgt0IYBrPNoEZhsymiF7nsck43uPE51Utlhk/T1epJ7uvPYnLppSIGq6Gtzm2rlgiTGpM+H3KAC/0x+1bfz5WGcdSnr1w=,iv:liApOUtDkGBc3ct5A6k9EDafzODQxBzW7x1dREtGJJU=,tag:jPgQ+15821z5ENLS7ruljw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0

hosts/raidy/default.nix

@@ -0,0 +1,20 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../common/global
+    ../common/users/dwessels
+
+  ];
+
+  networking = {
+    hostName = "raidy";
+    useDHCP = true;
+  };
+
+  system.stateVersion = "22.11";
+
+}

hosts/raidy/hardware-configuration.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci_renesas" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/3b9e8881-eaf3-4d32-955c-f8f2d1ac1a17";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9246-7480";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}