Add initial laptop server config

flake.nix

@@ -75,6 +75,22 @@
             };
         };
 
+        nixosConfigurations."ty-laptop-server" = nixpkgs.lib.nixosSystem {
+            inherit system;
+
+            modules = [
+                ./hosts/laptop-server
+
+                # Better command-not-found
+                nix-index-database.nixosModules.nix-index
+                { programs.nix-index-database.comma.enable = true; }
+            ];
+
+            specialArgs = {
+                inherit inputs system secrets;
+            };
+        };
+
         # Add home manager configuration compatibility to the main flake
         homeConfigurations."ty" = home-manager.lib.homeManagerConfiguration {
             inherit pkgs;

hosts/laptop-server/default.nix

@@ -0,0 +1,19 @@
+
+
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ inputs, ... }:
+
+{
+    imports = [
+        ./hardware-configuration.nix
+        ./modules
+    ];
+
+    system.stateVersion = "24.11";
+
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+    nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+}

hosts/laptop-server/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7d9d2023-bbe4-4d89-8f99-26fae870e8a6";
+      fsType = "btrfs";
+      options = [ "subvol=@" ];
+    };
+
+  boot.initrd.luks.devices."luks-9d5521ec-109d-4134-8261-93172f2b07d4".device = "/dev/disk/by-uuid/9d5521ec-109d-4134-8261-93172f2b07d4";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DADC-9B17";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/laptop-server/modules/bootloader.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+    boot.loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+    };
+}

hosts/laptop-server/modules/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+    imports = [
+        ./bootloader.nix
+        ./networking.nix
+    ];
+}

hosts/laptop-server/modules/display.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+    # Set US keyboard
+    services.xserver.xkb = {
+        layout = "us";
+        variant = "";
+    };
+}

hosts/laptop-server/modules/locale.nix

@@ -0,0 +1,19 @@
+{ ... }:
+{
+    # Set timezone to MST
+    time.timeZone = "America/Denver";
+
+    # Set english UTF-8 locale
+    i18n.defaultLocale = "en_US.UTF-8";
+    i18n.extraLocaleSettings = {
+        LC_ADDRESS = "en_US.UTF-8";
+        LC_IDENTIFICATION = "en_US.UTF-8";
+        LC_MEASUREMENT = "en_US.UTF-8";
+        LC_MONETARY = "en_US.UTF-8";
+        LC_NAME = "en_US.UTF-8";
+        LC_NUMERIC = "en_US.UTF-8";
+        LC_PAPER = "en_US.UTF-8";
+        LC_TELEPHONE = "en_US.UTF-8";
+        LC_TIME = "en_US.UTF-8";
+    };
+}

hosts/laptop-server/modules/networking.nix

@@ -0,0 +1,17 @@
+{ ... }:
+{
+    networking.hostName = "ty-laptop-server";
+
+    # Enable firewall
+    networking.firewall.enable = true;
+    
+    # Enable NetworkManager
+    networking.networkmanager.enable = true;
+
+    # Tailscale overlay network configuration
+    services.tailscale = {
+        enable = true;
+        useRoutingFeatures = "both";
+        openFirewall = true;
+    };
+}

hosts/laptop-server/modules/users.nix

@@ -0,0 +1,22 @@
+{ pkgs, secrets, ... }:
+{
+    # Make users fully declarative
+    users.mutableUsers = false;
+
+    # Set default shell to Zsh
+    users.defaultUserShell = pkgs.zsh;
+    users.users = {
+        # Main ty user
+        ty = {
+            isNormalUser = true;
+            useDefaultShell = true;
+            description = "Tyler Beckman";
+            extraGroups = [
+                "networkmanager" # Can manage networking
+                "wheel" # Can use sudo
+            ];
+            
+            hashedPassword = secrets.passwords.users.ty;
+        };
+    };
+}