...

hosts/hpm.nix

@@ -4,6 +4,7 @@
 		../common/all.nix
 		../common/nixos.nix
 		../common/nixos-graphical.nix
+    ../common/building.nix
 
 		../users/me/default.nix
 	];

hosts/luna.nix

@@ -0,0 +1,46 @@
+{ lib, pkgs, ... }:
+{
+  # This causes an overlay which causes a lot of rebuilding
+  environment.noXlibs = lib.mkForce false;
+  # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
+  # disk with this label on first boot. Therefore, we need to keep it. It is the
+  # only information from the installer image that we need to keep persistent
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  boot = {
+    kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+    loader = {
+      generic-extlinux-compatible.enable = lib.mkDefault true;
+      grub.enable = lib.mkDefault false;
+    };
+  };
+  nix.settings = {
+    experimental-features = lib.mkDefault "nix-command flakes";
+    trusted-users = [ "root" "@wheel" ];
+  };
+
+  # end of base.nix
+
+  environment.systemPackages = with pkgs; [ vim git ];
+  services.openssh.enable = true;
+  networking.hostName = "luna";
+  users = {
+    users.me = {
+      password = "hello";
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+  networking = {
+    interfaces."wlan0".useDHCP = true;
+    wireless = {
+      interfaces = [ "wlan0" ];
+      enable = true;
+      networks = {
+        seb-phone.psk = "hellogello";
+      };
+    };
+  };
+}

hosts/main.nix

@@ -1,5 +1,5 @@
 
-{ pkgs, lib, workDir, self, secretsDir, ... }:
+{ pkgs, lib, workDir, self, secretsDir, config,  ... }:
 {
 
   # https://bugzilla.kernel.org/show_bug.cgi?id=110941
@@ -15,6 +15,7 @@
 		../common/all.nix
 		../common/nixos.nix
 		../common/nixos-graphical.nix
+    ../common/building.nix
 
 		../users/me/default.nix
 		../users/root/default.nix
@@ -34,34 +35,8 @@
     };
   };
 
-	nix.settings = {
-		trusted-public-keys = [
-			"sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo="
-		];
-      #builders = "@/etc/nix/machines";
-      trusted-users = [ "me" ];
-	};
    nix = {
       distributedBuilds = false; # false, because i can't build on hpm currently ... not signed by trusted user error
-      buildMachines = [
-         {
-            hostName = "hpm";
-            maxJobs = 8;
-            speedFactor = 5;
-            systems = [
-               "x86_64-linux"
-            ];
-         }
-         /*
-         {
-            hostName = "main";
-            maxJobs = 4;
-            systems = [
-               "x86_64-linux"
-            ];
-         }
-         */
-      ];
    };
 
 	networking.hostName = "main";
@@ -69,9 +44,15 @@
    networking.extraHosts = ''
       192.168.1.6 hpm
       192.168.1.2 rpi
+      127.0.0.1 youtube.com
+      127.0.0.1 www.youtube.com
    '';
 
 
+  # to build rpi images
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+
 	# some bind mounts
 	fileSystems."${workDir}/priv-share/things" = {
 		device = "${workDir}/things";
@@ -86,6 +67,46 @@
   		options = [ "bind" ];
 	};
 
+  # my youtube blocking service
+  systemd.services.stark = 
+    let 
+    stark = pkgs.writeShellApplication {
+      name = "stark";
+
+      runtimeInputs = with pkgs; [ curl w3m ];
+
+      text = ''
+        if [ -f "/etc/host-youtube-block" ];
+        then
+          timeout=$(cat /etc/host-youtube-block)
+          if [[ "$timeout" == "1" ]]
+          then
+            rm /etc/host-youtube-block
+          else
+            timeout=$((timeout - 1))
+            echo -en $timeout > /etc/host-youtube-block
+          fi
+        else
+          rm /etc/hosts
+          ln -nsf ${config.environment.etc.hosts.source.outPath} /etc/hosts
+        fi
+      '';
+      };
+    in
+  {
+    enable = true;
+    description = "block Youtube";
+    unitConfig = {
+      Type = "simple";
+    };
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = "60s";
+      ExecStart = "${stark}/bin/stark";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
 
 	# syncthing for main
 	services.syncthing = {

hosts/privision-main.nix

@@ -0,0 +1,59 @@
+{ inputs, self, nixpkgs, specialArgs, ... }:
+{
+  outputs.apps = {
+    main = inputs.nix-provision.mkProvision self.outputs.nixosConfigurations.main;
+  };
+  outputs.nixosConfigurations.main = nixpkgs.lib.nixosSystem {
+    inherit specialArgs;
+    system = "x86_64-linux";
+
+    modules = [
+      ./hosts/main.nix
+      ./hardware/my-hp-laptop.nix
+      {
+        provision = {
+          type = "disk";
+          # other types: phone, wsl, libirt-vm, installer,
+
+          lvm.physicalVolumes.lvm0 = {
+            logicalVolumes = [
+              {
+                label = "root";
+                type = "btrfs";
+              }
+              {
+                label = "swap";
+                type = "swap";
+              }
+              {
+                label = "work";
+                type = "btrfs";
+              }
+            ];
+          };
+
+          hardware.boot = {
+          };
+
+          hardware.drive = {
+            type = "gpt";
+            partitions = [
+              {
+                label = "boot";
+                type = "fat32";
+              }
+              {
+                type = "luks";
+                secret = "luks-secret";
+                containing = {
+                  type = "lvm-pv";
+                  partOf = "lvm0";
+                };
+              }
+            ];
+          };
+        };
+      }
+    ];
+  };
+}