add kaworu system (desktop)

5 files changed, 114 insertions, 15 deletions

diff --git a/.sops.yaml b/.sops.yaml
index bb1aff9..7d7da6a 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,9 +5,11 @@ keys:
   # Hosts
   - &hosts:
     - &shinji 2A8A27879715447AEEC59D0C18DCCBE353963394
+    - &kaworu FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
 creation_rules:
   - path_regex: ^secrets.yaml$
     key_groups:
       - pgp:
         - *freya
         - *shinji
+        - *kaworu
diff --git a/files/keys/kaworu.asc b/files/keys/kaworu.asc
new file mode 100644
index 0000000..28ec11f
--- /dev/null
+++ b/files/keys/kaworu.asc
@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZ5hP3RYJKwYBBAHaRw8BAQdAUGrBfyCf71SN4jtAFh+opVa/S9S+mrLXWaaD
+MMavubC0M0ZyZXlhIE11cnBoeSAoS2F3b3J1IGtleSBwYWlyKSA8ZnJleWFAZnJl
+eWFjYXQub3JnPoiOBBMWCgA2FiEE/dXZgMov7/GqhDOxD3zXuRq3zwEFAmeYT90C
+GwMECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEA9817kat88B0wQA/2/BPW/o+MEh
+kVsk7tYiiRJD40H3HziUB7K/9rAd1O9NAP49f508UMpNM+nJgbi8bKMjrSooz8Hj
+4nrGXh5gvqMBDrg4BGeYT90SCisGAQQBl1UBBQEBB0ArFtZlWFcLaZBKVq13GyoF
+mfARLvuOzsFWwz3ae9/XUwMBCAeIeAQYFgoAIBYhBP3V2YDKL+/xqoQzsQ9817ka
+t88BBQJnmE/dAhsMAAoJEA9817kat88B/10BANQ3s8RY+wD1RzJqAqScsFqcGnE7
+c97gtmjmgI4sWgSIAP44jgBykGXfiFpt0AO+2HHmduSWlpaOs+XYyMkTdzByAA==
+=4ESU
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/flake.nix b/flake.nix
index 7268eef..f4feb65 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,10 +27,12 @@
   in rec {
     nixosConfigurations = {
       shinji = import ./hosts/shinji.nix { inherit inputs options; };
+      kaworu = import ./hosts/kaworu.nix { inherit inputs options; };
     };
 
     homeConfigurations = {
       shinji = nixosConfigurations.shinji.config.home-manager.users.${options.user}.home;
+      kaworu = nixosConfigurations.kaworu.config.home-manager.users.${options.user}.home;
     };
   };
 }
diff --git a/hosts/kaworu.nix b/hosts/kaworu.nix
new file mode 100644
index 0000000..0f666fb
--- /dev/null
+++ b/hosts/kaworu.nix
@@ -0,0 +1,71 @@
+# Kaworu
+# System configuration for my desktop
+
+{
+  inputs,
+  options,
+  ...
+}:
+
+inputs.nixpkgs.lib.nixosSystem rec {
+  system = "x86_64-linux";
+  specialArgs = { inherit inputs; };
+  modules = [
+    options
+    ../nix
+    {
+      # options
+      hostName = "kaworu";
+      monitors = [{
+        name = "HDMI-A-1";
+        scale = 1.0;
+      }];
+
+      # hardware
+      hardware.graphics.enable = true;
+      hardware.bluetooth.enable = true;
+
+      # bootloader
+      boot.loader.systemd-boot.enable = true;
+      boot.loader.efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+
+      # kernel modules
+      boot.initrd.availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+      ];
+      boot.initrd.kernelModules = [ ];
+      boot.kernelModules = [ "kvm-amd" ];
+      boot.extraModulePackages = [ ];
+
+      # firmware
+      hardware.enableRedistributableFirmware = true;
+      hardware.cpu.amd.updateMicrocode = true;
+
+      # luks device
+      boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/89257280-202b-4565-b832-89f160d5e4e2";
+
+      # root
+      fileSystems."/" = {
+        device = "/dev/disk/by-uuid/4906f0dd-b036-40fc-9a3f-0d031dbc2513";
+        fsType = "btrfs";
+      };
+
+      # boot
+      fileSystems."/boot/efi" = {
+        device = "/dev/disk/by-uuid/099A-D668";
+        fsType = "vfat";
+        options = [ "fmask=0022" "dmask=0022" ];
+      };
+
+      # swap
+      swapDevices = [ ];
+    }
+  ];
+}
diff --git a/secrets.yaml b/secrets.yaml
index 28ca3a6..2a20fa7 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,34 +1,45 @@
-freyanetWg: ENC[AES256_GCM,data:xRM6yS/p2PrntO33TCIUrv3giPAdtKapkK/cQoNmraAKQCNOkwccmn4kXY0=,iv:OHnIVZVDZ7mTHM9pNFPiEKLUl02C9I1yQtSp3JbSstk=,tag:LFlLKGYe0HcU/GvOVFrVbg==,type:str]
+freyanetWg: ENC[AES256_GCM,data:mUI3eIwFzanJz9iJCbIBDg3FMKdDMcOQ6u96mk5/zZd8MG5kuOG39wu8xZQ=,iv:Sd6EjuQiNhD0QupGpbRPJF7aIBCJJ3/LNNmUYlBMRNI=,tag:KFKoL0JbSfEQidaEzi049Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2025-01-24T17:44:07Z"
-    mac: ENC[AES256_GCM,data:KIRtBWMriL3LWC67RyJrKwcZtt5lYifHZJ3SgJf424CbRbTZtmPmQBCAiLy1Mctwjg8774by0e+mGMPRzI17GqIX26FSh8QWdTaW6o/p9YIIkjjQX8XDtASshZMYgqy/psEBA6NJ68vmAUFHaDpc7UYfy4nZ7jDu6NNVTXI9AsA=,iv:20n+SDE6EWaL+HKWSPY6a1NSa195gFIuMFiv6gccDRc=,tag:P/URXcSJcaogxmw+MXlh/Q==,type:str]
+    lastmodified: "2025-01-28T03:38:29Z"
+    mac: ENC[AES256_GCM,data:2DA6o6yq0jbaNjNf6x15UrzVl7jOz7MXnAZf53kwEU94OIDr10xSLjaPmv9c+7FNTPXlesldNOY6LNsiaMGiOg+CWLA8RF9W0N/m23TtwC91PZEfvHFYpIyJsUlGFh9SzP1kgtIdoPIL40Clt1cjvb5Kf9wXlTlR1IBG0hXnobk=,iv:M7YtsfwDu4rSoXoTwnqxAuMCP92urQZCQxSMU8bWmRU=,tag:pMF1h81YlR8edyA4PddGSQ==,type:str]
     pgp:
-        - created_at: "2025-01-24T17:44:07Z"
+        - created_at: "2025-01-28T03:38:29Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D0Q846mnV8HYSAQdAa2X6kxQtkBLjRtRbK26TGpr28mJWV8lTz6AxgYCsuQAw
-            23kWYwg2wVdnTKCRcVcTYZcyqXx41Cl9tW/GAQRrUdZqDPKAqrNVI7W+/lNdgygz
-            0l4B9zbWc86uX/2uTgTU08mNV5qedoSa0myxUhXDYcSaHT1UNWutIxcxyMjRimIR
-            pHmAnVaBmiDlCwq7TM4zSrg/N4mtbeRbWn0OVeaUPU8jZ6XmKaFFKLp262GC1Vn0
-            =GiBI
+            hF4D0Q846mnV8HYSAQdA/6JUyYGRuAjB6bCVUXTo7TSK7pCXvJIQhlWRGW4bITEw
+            JqUBHaJLP4OVj3OQfJ8kS22WdNCjZuXieGAaNHdycc6X6RsMZMaFOYJyv6zETyRR
+            0lwBoJvUiOaubpetO8I7o/8mZE1YeyYwvBfve06Y03FobLsnGyWIJEetQ02XCTNq
+            EoGakt8S4yZMVvcUSTJMyBwm5XdQ1VxJYBhO0FNE0BssY40TnGpeMYXQlO3saQ==
+            =32DI
             -----END PGP MESSAGE-----
           fp: D9AF0A4209B7C2DE11A884BFACBC553660D9993D
-        - created_at: "2025-01-24T17:44:07Z"
+        - created_at: "2025-01-28T03:38:29Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D/YCJcy0T0DkSAQdAzsg6F1Y2KECBBychHLVefYwOOg3Lv7kgVK6rU4mH80sw
-            Cm4WOEkHJdloDSZRCXYs2maIYVDQoFM9pL4sLCr9Tpw050L9vSdI0IuWS7I8G9RR
-            0l4B3mZM3R58dyyZw0p7br/oPXPavRguwFiTs5sa6EeDonclDvXjMhq2c1jVYWw8
-            iC77SDpZ0X9wz/Mq4Fptd56ywFqg9Zx2Odu171eqH5W7majQyiBIaSJGBEnVX8LX
-            =OiC0
+            hF4D/YCJcy0T0DkSAQdAN9vFfITcf5mBKfpKWDSNdRl5FVJm/5+aUp3TsxcWZy0w
+            nFxEY/7L+bSfLiJ6wJNrar5WJIEEwPfoMnSIczBH1rHxFzMMgoCZhDwyg16uYgJU
+            0lwBoiBR1dYs9Lp5UXY9Wx78thLOzx+lBNpkDpEk/NQ8HZGDsRvgk+eqbKK5wSJ0
+            H2cpzmIQAh+VV/8ET1A5ennbDBvZkGszWH1KlrHsvlH/Y9lP3SCvvqOItYAn+Q==
+            =nJOb
             -----END PGP MESSAGE-----
           fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
+        - created_at: "2025-01-28T03:38:29Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D44lFd4jLszcSAQdApkf/uS4BHv2ePPQbOpHkWov+xfV1IzZ0TZIVeT84vz4w
+            HS27ZMyvkD7u+RHt+UzSZOg1Z1KgzE2twHWeOuP4DTszF58Y4pKdQImp/KfcurTj
+            0lwBDWuWh98V2xiALZdPAe+EifO2H+fVJVflGth5UR7j2sCYO5x+PZajCErnU0b7
+            6cjWkcFKVdPdNJbl0g2YC2ILZHUlt2jgtr/yx06arb9f2cLK2Gc/rlpz4CfUHA==
+            =1S+6
+            -----END PGP MESSAGE-----
+          fp: FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
     unencrypted_suffix: _unencrypted
     version: 3.9.3