feat: move x2100 to hyprland

machines/x2100/default.nix

@@ -1,23 +1,37 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
-  imports =
-    [
-      ./hardware.nix
-      ./home-julien.nix
-      ../../share.nix
-    ];
-
+  imports = [
+    ./hardware.nix
+    ./home-julien.nix
+  ];
 
+  # Lanzaboote 
   boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.lanzaboote = {
     enable = true;
     pkiBundle = "/etc/secureboot";
   };
 
-  boot.initrd.systemd.enable = true;
-  sound.enable = true;
+  # Automatic root partition decryption with TPM2
+  boot.initrd = {
+    systemd = {
+      enable = true;
+      enableTpm2 = true;
+    };
+    clevis = {
+      enable = true;
+      devices."/dev/nvme0n1p1".secretFile = ./root.jwe;
+    };
+  };
 
+  # Sound
+  sound.enable = true;
   services.pipewire = {
     enable = true;
     alsa.enable = true;
@@ -25,13 +39,10 @@
     pulse.enable = true;
     wireplumber.enable = true;
   };
-
   hardware.pulseaudio.enable = lib.mkForce false;
 
   services.postgresql.enable = true;
 
-  networking.hostName = "x2100";
-
   networking.wireless.enable = false;
 
   environment.sessionVariables = {
@@ -41,7 +52,7 @@
   services.logind.lidSwitch = "suspend";
 
   services.tailscale.enable = true;
-  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+  networking.networkmanager.enable = true;
 
   networking.networkmanager.dns = "systemd-resolved";
   services.resolved.enable = true;
@@ -71,8 +82,6 @@
   security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
   users.users.julien.extraGroups = [ "tss" ]; # tss group has access to TPM devices
 
-
-
   nix = {
     distributedBuilds = true;
     buildMachines = [
@@ -81,14 +90,16 @@
         maxJobs = 100;
         systems = [ "x86_64-linux" ];
         sshUser = "root";
-        supportedFeatures = [ "kvm" "nixos-test" ];
+        supportedFeatures = [
+          "kvm"
+          "nixos-test"
+        ];
         sshKey = "/home/julien/.ssh/id_ed25519";
         speedFactor = 2;
       }
     ];
   };
 
-
   environment.systemPackages = with pkgs; [
     tailscale
     brightnessctl
@@ -96,7 +107,6 @@
     wl-mirror
   ];
 
-
   networking.wireguard.interfaces.rezo = {
     ips = [ "fd81:fb3a:50cc::200/128" ];
     privateKeyFile = "/root/wg-private";
@@ -109,7 +119,6 @@
     ];
   };
 
-
   security.pam.services.swaylock = { };
 
   services.printing.enable = true;
@@ -118,11 +127,6 @@
   # for a WiFi printer
   services.avahi.openFirewall = true;
 
-  programs.sway = {
-    enable = true;
-    wrapperFeatures.gtk = true;
-  };
-  #  programs.sway.package = null;
   programs.ssh.startAgent = true;
 
   services.gnome.gnome-keyring.enable = true;
@@ -132,9 +136,34 @@
     "zotero-6.0.27"
   ];
 
+  services.hash-collection = {
+    enable = true;
+    collection-url = "https://reproducibility.nixos.social";
+    tokenFile = "/home/julien/lila-secrets/tokenfile";
+    secretKeyFile = "/home/julien/lila-secrets/secret.key";
+  };
+
+  nix.settings = {
+    post-build-hook = lib.mkForce (
+      pkgs.writeScript "hash-collection-build-hook" ''
+        #!/bin/sh
+        export HASH_COLLECTION_SERVER=${config.services.hash-collection.collection-url}
+        export HASH_COLLECTION_TOKEN=$(cat ${toString config.services.hash-collection.tokenFile})
+        export HASH_COLLECTION_SECRET_KEY=$(cat ${toString config.services.hash-collection.secretKeyFile})
+
+        # redirect stderr to stdout, otherwise it appears to go missing?
+        ${pkgs.lila-build-hook}/bin/build-hook 2>&1
+      ''
+    );
+  };
+
+  # Desktop environment
+  programs.xwayland.enable = true;
+  programs.hyprland = {
+    enable = true;
+    package = pkgs.unstable.hyprland;
+    portalPackage = pkgs.unstable.xdg-desktop-portal-hyprland;
+  };
+
   system.stateVersion = "23.05";
-
 }
-
-
-