add thinkpad host

5 files changed, 116 insertions, 18 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 7d7da6a..50297bc 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -6,6 +6,7 @@ keys:
   - &hosts:
     - &shinji 2A8A27879715447AEEC59D0C18DCCBE353963394
     - &kaworu FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
+    - &thinkpad ED1C2FCA9DF4A843D740222A2320AAE969A6A53D
 creation_rules:
   - path_regex: ^secrets.yaml$
     key_groups:
@@ -13,3 +14,4 @@ creation_rules:
         - *freya
         - *shinji
         - *kaworu
+        - *thinkpad
diff --git a/files/keys/thinkpad.asc b/files/keys/thinkpad.asc
new file mode 100644
index 0000000..be92432
--- /dev/null
+++ b/files/keys/thinkpad.asc
@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEaFdiiRYJKwYBBAHaRw8BAQdALb+t75mJH4LazlEYOAtpe6dIHzF6HIp8CEdp
+LgANpzS0NUZyZXlhIE11cnBoeSAoVGhpbmtwYWQga2V5IHBhaXIpIDxmcmV5YUBm
+cmV5YWNhdC5vcmc+iI4EExYKADYWIQTtHC/KnfSoQ9dAIiojIKrpaaalPQUCaFdi
+iQIbAwQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQIyCq6WmmpT2z3gEAodU5dSOQ
+2U0fJsjQniA10CnXHQNzpKIMTH6g9H4U74gBAN/Vus725zVIly7MWtJYy78Uqcon
+WMeXm3zPHbe55DsGuDgEaFdiiRIKKwYBBAGXVQEFAQEHQPsmJ74jvF1VEpAc5n6d
+I5luNmdLvw9Tp766/ZwTgHk9AwEIB4h4BBgWCgAgFiEE7Rwvyp30qEPXQCIqIyCq
+6WmmpT0FAmhXYokCGwwACgkQIyCq6WmmpT2UtAD6A9AVzAzybLad/VLahxT/YKXJ
+zr3/qE2exo3SRQnl6SYA/AtYIn2Ld+9WsGWxRUgwKIMwoJ/kJqzB2HjEwTzCywoH
+=zQnQ
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/flake.nix b/flake.nix
index 349561f..c7ec637 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,11 +47,13 @@
     nixosConfigurations = {
       shinji = import ./hosts/shinji.nix {inherit inputs options;};
       kaworu = import ./hosts/kaworu.nix {inherit inputs options;};
+      thinkpad = import ./hosts/thinkpad.nix {inherit inputs options;};
     };
 
     homeConfigurations = {
       shinji = nixosConfigurations.shinji.config.home-manager.users.${options.user}.home;
       kaworu = nixosConfigurations.kaworu.config.home-manager.users.${options.user}.home;
+      thinkpad = nixosConfigurations.thinkpad.config.home-manager.users.${options.user}.home;
     };
 
     lib = import ./lib {
diff --git a/hosts/thinkpad.nix b/hosts/thinkpad.nix
new file mode 100644
index 0000000..bb7a75a
--- /dev/null
+++ b/hosts/thinkpad.nix
@@ -0,0 +1,70 @@
+# Thinkpad
+#System configuration for my thinkpad
+{
+  inputs,
+  options,
+  ...
+}:
+inputs.nixpkgs.lib.nixosSystem rec {
+  system = "x86_64-linux";
+  specialArgs = {inherit inputs;};
+  modules = [
+    options
+    ../config
+    ../home
+    ../programs
+    ../system
+    {
+      # options
+      hostName = "thinkpad";
+      monitors = [
+        {
+          name = "eDP-1";
+          scale = 1.0;
+        }
+      ];
+
+      # hardware
+      hardware.graphics.enable = true;
+      hardware.bluetooth.enable = true;
+
+      # bootloader
+      boot.loader.systemd-boot.enable = true;
+      boot.loader.efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+
+      # kernel modules
+      boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
+      boot.initrd.kernelModules = [];
+      boot.kernelModules = ["kvm-intel"];
+      boot.extraModulePackages = [];
+
+      # firmware
+      hardware.enableRedistributableFirmware = true;
+      hardware.cpu.intel.updateMicrocode = true;
+
+      # luks device
+      boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/fe5e24c0-d35d-4722-929d-1496b7eb9872";
+
+      # root
+      fileSystems."/" = {
+        device = "/dev/disk/by-uuid/e7bdadd0-0914-42ea-81c4-4449537d3477";
+        fsType = "btrfs";
+      };
+
+      # boot
+      fileSystems."/boot/efi" = {
+        device = "/dev/disk/by-uuid/6CE8-EFE0";
+        fsType = "vfat";
+        options = ["fmask=0022" "dmask=0022"];
+      };
+
+      # swap
+      swapDevices = [
+        {device = "/dev/disk/by-uuid/01099db8-dd7a-4fe5-981a-6889fdb3735e";}
+      ];
+    }
+  ];
+}
diff --git a/secrets.yaml b/secrets.yaml
index 35be139..34f4e49 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -4,38 +4,49 @@ sops:
     lastmodified: "2025-04-11T19:33:22Z"
     mac: ENC[AES256_GCM,data:eD9BZlEgriyrmFqtb/EBmfQieI3/fh5vat1yPc3cQsBvs+lRlsYKBL367TiJ/giXso5KLqoIXAjeJwW/ogimMLACljgw9b3BbUcyhjvcUCXJS3BLe60oTDxLxY+PDyIM5BfrAVSK+1u8ruiOnIIaxfjc+cRsrQ8m5OZB+IoGAL8=,iv:k0tRFqW/syl+fcbzgaI7R6Pcen9+A2aWRCnAe9ydE+k=,tag:JpTyhYKMjP4a7BfdkGe1Hw==,type:str]
     pgp:
-        - created_at: "2025-01-28T03:38:29Z"
+        - created_at: "2025-06-22T02:12:53Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D0Q846mnV8HYSAQdA/6JUyYGRuAjB6bCVUXTo7TSK7pCXvJIQhlWRGW4bITEw
-            JqUBHaJLP4OVj3OQfJ8kS22WdNCjZuXieGAaNHdycc6X6RsMZMaFOYJyv6zETyRR
-            0lwBoJvUiOaubpetO8I7o/8mZE1YeyYwvBfve06Y03FobLsnGyWIJEetQ02XCTNq
-            EoGakt8S4yZMVvcUSTJMyBwm5XdQ1VxJYBhO0FNE0BssY40TnGpeMYXQlO3saQ==
-            =32DI
+            hF4D0Q846mnV8HYSAQdAzKIka/6+CAsrNvU0weCOPG38jlA0YnDQ2gDEaaDhf0Aw
+            BtWDMgMJlTxzo9tUGpuXwuEYfDAZpuWuFIjFbtp768DYNPaN9Wmmm+jSx1qCGZ6x
+            0lwBIeZjweoMkleQnE4UtHdhIZAUXoCfjQGCcx3Dwx/H11CNcyCwSt95TC1EL7eY
+            p884gDA34cDUh7uUJPck1WygVQ0jzA4i1Ch9n6/Q5C26Ued0wh8729vyTk7hXQ==
+            =Qguq
             -----END PGP MESSAGE-----
           fp: D9AF0A4209B7C2DE11A884BFACBC553660D9993D
-        - created_at: "2025-01-28T03:38:29Z"
+        - created_at: "2025-06-22T02:12:53Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D/YCJcy0T0DkSAQdAN9vFfITcf5mBKfpKWDSNdRl5FVJm/5+aUp3TsxcWZy0w
-            nFxEY/7L+bSfLiJ6wJNrar5WJIEEwPfoMnSIczBH1rHxFzMMgoCZhDwyg16uYgJU
-            0lwBoiBR1dYs9Lp5UXY9Wx78thLOzx+lBNpkDpEk/NQ8HZGDsRvgk+eqbKK5wSJ0
-            H2cpzmIQAh+VV/8ET1A5ennbDBvZkGszWH1KlrHsvlH/Y9lP3SCvvqOItYAn+Q==
-            =nJOb
+            hF4D/YCJcy0T0DkSAQdArCNML8aKs0757sEa3YSSLwSTo+fFbCVjJUxWV8gquF0w
+            SO4W8U/s7/en90lOXL2k+5pPGvG5xiN6lijV/rc3+5QPIJLiY9fm4FeNgBeX2DKY
+            0lwBkaFNwjeC2uUlBMi5m+3AkF+pWpac8CpTZLMavZ8hSd3JwDzogw1+aVLm7lbe
+            ekL+uqFb/y6Bo0ebhA4p7tk74mP6GtKhACGqR1fGpAiGuDmVcyUjpBDnpx2tvw==
+            =YUdf
             -----END PGP MESSAGE-----
           fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
-        - created_at: "2025-01-28T03:38:29Z"
+        - created_at: "2025-06-22T02:12:53Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D44lFd4jLszcSAQdApkf/uS4BHv2ePPQbOpHkWov+xfV1IzZ0TZIVeT84vz4w
-            HS27ZMyvkD7u+RHt+UzSZOg1Z1KgzE2twHWeOuP4DTszF58Y4pKdQImp/KfcurTj
-            0lwBDWuWh98V2xiALZdPAe+EifO2H+fVJVflGth5UR7j2sCYO5x+PZajCErnU0b7
-            6cjWkcFKVdPdNJbl0g2YC2ILZHUlt2jgtr/yx06arb9f2cLK2Gc/rlpz4CfUHA==
-            =1S+6
+            hF4D44lFd4jLszcSAQdAK6lS4tHEuGkJckClsPvDkMbU6kyiNAGQR3cWenwvrkAw
+            FiBTZtT6UboTCceTDBfSk/huWLVuscKqYnKwPtdlsK4NkWTAKxfvjF06y9OyW7I4
+            0lwBU9fxLeKv+8JLo7bGYRr4i/vkknuDKN8BtsntpZkTpjrJWCQd4+GMUaWLrgwt
+            8c8GCA809l8GTibAsrvz5amyMTQJhMjy0SlDB63EJ66zhnC7NAn/pMV51SImwA==
+            =tvsS
             -----END PGP MESSAGE-----
           fp: FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
+        - created_at: "2025-06-22T02:12:53Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DNAX7itQ/dpkSAQdAlC4c4IRLY1UbXE8Av+qJrTwx/GOFe4HEh/vyHJF+kUMw
+            P5b9sovQhj33NkYIVf2w8Iq7/fH63aGG/DGPiJ96TiFqZ/QZmfcYOxefL2+Xz3N6
+            0lwBGulU7wahnvZJa6Rxl++ac8GYXxsTyMZsM5XMOOzeynkUPiGFnDltaUBQK38X
+            Yk5r0XVw6R6wYEmS6IxgZFLgV/hVdc3Tonbiwt8zRZyaoUPBugmt02iR4LrQlA==
+            =5aoB
+            -----END PGP MESSAGE-----
+          fp: ED1C2FCA9DF4A843D740222A2320AAE969A6A53D
     unencrypted_suffix: _unencrypted
     version: 3.10.1