From 6db830472c1fc071af74ebb9e61c16fcca14a732 Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Sat, 14 Jun 2025 11:08:58 +0200
Subject: [PATCH] Add kujima's config (android)

---
 README.md                               |  2 +-
 flake.lock                              | 16 ++++++++++++++++
 flake.nix                               | 15 +++++++++++----
 hosts/kujima/hardware-configuration.nix |  5 +++++
 lib/mksystem.nix                        | 10 +++++++++-
 modules/cli/default.nix                 |  8 ++++++--
 6 files changed, 48 insertions(+), 8 deletions(-)
 create mode 100644 hosts/kujima/hardware-configuration.nix

diff --git a/README.md b/README.md
index 2fac772..36d39e6 100644
--- a/README.md
+++ b/README.md
@@ -24,5 +24,5 @@
 ## Notes for myself
 
 `mkdir -p /nix/persist/home` (else persisted seems to be bugged)
-`nix-shell --run 'mkpasswd -m SHA-512' -p mkpasswd` to generate a password
+`nix-shell --run 'mkpasswd -p mkpasswd -m SHA-512  | tr -d \\n'` to generate a password
 `NIX_CONFIG="extra-access-tokens = github.com=$(gh auth token)" nix flake update`
diff --git a/flake.lock b/flake.lock
index cb60ee2..e6665d6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -290,6 +290,21 @@
         "type": "github"
       }
     },
+    "nixos-avf": {
+      "locked": {
+        "lastModified": 1747400219,
+        "narHash": "sha256-MuBMdJiGPqZ9+mB6ppML5hbEhDvMFDNXtVxv2wkhpNg=",
+        "owner": "nix-community",
+        "repo": "nixos-avf",
+        "rev": "7f8d2b87877ed851db8060220eec92b180961977",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-avf",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1748634340,
@@ -367,6 +382,7 @@
         "neovim-nightly": "neovim-nightly",
         "nix-darwin": "nix-darwin",
         "nix-index-database": "nix-index-database",
+        "nixos-avf": "nixos-avf",
         "nixos-hardware": "nixos-hardware",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index 35f7178..12d6e8f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,11 @@
       url = "github:nix-community/NixOS-WSL";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nix-darwin = {
+      url = "github:LnL7/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-avf.url = "github:nix-community/nixos-avf";
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -27,10 +32,6 @@
       url = "github:zoriya/river/0.3.x";
       flake = false;
     };
-    nix-darwin = {
-      url = "github:LnL7/nix-darwin";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     zen-browser = {
       url = "github:youwen5/zen-browser-flake";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -95,6 +96,12 @@
       wsl = true;
     };
 
+    nixosConfigurations.kujima = mkSystem "kujima" {
+      env = "none";
+      system = "aarch64-linux";
+      avf = true;
+    };
+
     darwinConfigurations."zroux-mac" = mkSystem "zroux-mac" {
       env = "none";
       user = "zroux";
diff --git a/hosts/kujima/hardware-configuration.nix b/hosts/kujima/hardware-configuration.nix
new file mode 100644
index 0000000..aa8c914
--- /dev/null
+++ b/hosts/kujima/hardware-configuration.nix
@@ -0,0 +1,5 @@
+{lib, ...}: {
+  system.stateVersion = "25.11";
+  environment.persistence."/nix/persist".enable = false;
+  services.automatic-timezoned.enable = lib.mkForce false;
+}
diff --git a/lib/mksystem.nix b/lib/mksystem.nix
index 9c930e4..e2480ce 100644
--- a/lib/mksystem.nix
+++ b/lib/mksystem.nix
@@ -8,6 +8,7 @@
   system ? "x86_64-linux",
   wsl ? false,
   darwin ? false,
+  avf ? false,
   custom ? [],
   customHome ? [],
 }: let
@@ -48,9 +49,10 @@ in
             openssh.authorizedKeys.keys = [
               "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGcLP/ZEjnSgkzQMBeLLOWn5uejSr9Gg1h9PJZECVTLm+VDQ7KyI3ORZt+qbfEnsnGL73iwcAqB5Upy9Cdj0182mnrTk2ZViNMeFT7kLBF0yXpiajQTtMjENYj0nbNWpQ5+sJrtJKKYK/tBghW8PyTrJPpVQcrLcf4D66U5DkkJNRDeu4v9SjHKaASUeyia4gRSVV59Ugtrl0lz8sl4yBSL4957zwzdkNR0pVmftaKmUP4KfBvpNcFOOpHcdvzDtEPQs8j0g2l65YOQNNFSMsYQfxt1X4zmEi4unRIlECglaPz12CyoTiM2xmCWa/mS5nm0dR1VbEHFMRtGbbgm9MwedXoxYAfycbu08fqi1AAvg7MQxDNLfWWBIHe7+imGLKrVkqk8B89I409iI4YiOytnUkxKZkxynqVYtEE0bx5J15mniq2vJTw9JD89qSVkvGjZNGuJgh4leIlxPGj4iP8KY3N3Ifaf72PsmmwW4rB5JPDW93RL1DZV8lk3NgyF8M= zoriya@fuhen" # laptop
               "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpQ8Td98YIS0EtVQ7xabYVe9A9/+ZECrHBpKi01NKQ0Mleg9Z4fnTsdGFX1uhbG6Pu7niBVzYReVTC1CbyVWKmm/4DbbRpaqY94eOzQEe0p4wMSURQ9weuB5737k+5MuLDLUbhc1ytDa84Ubj/A/rQUueKdq2K1o+YSN7b7HKe7kXoXACEpbrSCC43mteBgCtvgsLY0New9xXnvGFJPSe7PcjYkOhSJB1xA0Gu4DoDdOyErvV62QQH4sSQMu5cFICJGfdXQzBdshA8MgWKXFv3Hq7K5/GGDNyCsMxeoPQET3vbmgUsE+KGtcdqizdFM3bAfCBGXOBx6h7BoNuQzkp8hgmrq62CmMwF0krX05Sb3qR/wVjRKDo9pYuSk6/awnnBp5kY6sNgEruI93ZXNQWMkxXQNbmpCi+uEvzMveP16O/uP3NxklD4wtmfpSZsxBi+jRGFqcjdy3Qlc13Tiz98EBaXkir9YwUAh8SNs3gRaJGI0Fn2HzUCPH0zNh42EY8= zoriya@kadan" # server
-              "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGoTI403QZIO8E+mrZu0Jw+Tu+xzSfgdyBMLIFLHiJMheBr+GAxnycQJC7W1O/dHe3esih1DPB/dtF3HJgIKWx9cVSOacgNSVN3xz2wEnrkJY8tP+GmL4WaieHL3qK9eu8Qx3zhMjA/tDyFwG0gbIqkm5T3mh5KtEBLvPiqJsavAh24Oyo3/hoQkZp6QW+iei+wbRIHp+CkEjeUQPXvMRemOHc2VjUyY72+NXzbufZYH5xpnqAzTgn/kT1b1y5ipd+QVKnG7LEJt2Kd7mDZ7e/Dgi4VMBkJ9JaAmxLl+SrdZ1dSOrCojfyRc83nBkEYaIsoYtSQTHFQn4utDI8rsUFwkTLR1+tR9PXIz5dFd5kWUpHAM273XsMCTVqq9Dm2XToK3uguVlXVmv9X87f8PHFwdWX8x5FnB3qaOxpQefI+PWkZybDqp6NRwsSJZ5JJn5dOUNrkZnLlgl6zVbuuFneN1oBZE5X+pZayFRBtDP5G1B1gU3qbIAyo83vPAzUFUM= u0_a369@localhost" # android
               "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/c2rQ9xUI6XpDR/+dmCK5IcxkOIezvNtbC2EVTrfh73H5juotME6JrQSxgQjtgsaUAzZzrac9kI/7Do8/lisbofdKRcneXi2UEeERKrKEwC/EGcQgqnoPLL1+mnqwvQ923d3105DV4hFksoDbblCinFuUr5s55EMm991IL/T70cy820AOgAf+hgleM1Its47EBkZBzpa4KwxYepJG0+kBa7K1Loi9QgBvTGpxs7rWMDxllfL6ivrWJxAKRZdWlJ/MKBVQIYhv0W+vaQ7OZA1qUY4bq/9wY/i88nixbVSPJmikj0+QNeLksU78bOIxLpTTeLdH4HQ6+qKOBT3JhEpBtUHdBxOT5tYJTr4qwjevlFqceLw3x1V9URxPS2XBDjlxnzYzdnD40LK5BehXdmElGio9dy98/qJINbDW/7AH+BpP1GWNKVhiYXPj7A/2fkFD2K7DgIgGlsrZthS+LxDTEcQ8Yx0iD/+nI8LcnvU42S0muSvmP7LE4xBl8AoaI0= zoriya@nixos" # lucca windows
               "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0lycSIHU5JVcA7M3ChDJliER5MDoaqxWCGX8LeGwklQVwKcUY3y4gO0pD8DRHWrgQv44qP4owxOX7/ulHPjQehzPOU+as3qRH0e76EFutwN6tNvE56PNvwsAFiPVoz4ykDqZNwl8IXO9rk2JQuw+UOAvI7Lq0citaBwHzYaw+eO7qHi9iQHYZLsxgu6SzaOxbp7gmppZ//6PHD7ypxqiRORqW/xlt3N70va4zORdk6M4hMoFZCh33PYUiua01iLMxiBvDGC0pzMtmvRkSlmvZv30zdO/B9l/bBrjhtcAz2l/fabFG6gAlTeprzvv36kItKy2taxcBuQr6NxhtvLW6zF422/MibMsqSIb2KsMdO15DAVm3lMFMQDVUY+7t5rssvV5MVU05Tnnw5cKLTzVC6fVnPlBVJPfnYwPGRyJVZgp4Q7uAdVmitCL/+zxHDbAw5AmRgV4WJ86h5lRRzH41KtncC57Ilbe6BUbIwQF7oowJs67TttF6L7HwQx9b+ns= zroux@zroux-mac" # lucca macos
+              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/TujCSbUueF4p3wbzImPkEvgJjshDfh2sb/bwGdaRN" # bitwarden
+              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzfKjYeQ80s/M+qEKCxBhseJjLa2OwBk9ZrHeku90Vg zoriya@kujima" # android
             ];
           };
         })
@@ -113,6 +115,12 @@ in
           };
         })
       ]
+      ++ nixpkgs.lib.optionals avf [
+        inputs.nixos-avf.nixosModules.avf
+        {
+          avf.defaultUser = user;
+        }
+      ]
       ++ nixpkgs.lib.optionals darwin [
         inputs.nix-index-database.darwinModules.nix-index
       ]
diff --git a/modules/cli/default.nix b/modules/cli/default.nix
index d98540f..fb8eafd 100644
--- a/modules/cli/default.nix
+++ b/modules/cli/default.nix
@@ -1,10 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ./nix/nix.nix
     ./nix/impermanence.nix
   ];
 
-  security.sudo.wheelNeedsPassword = true;
+  security.sudo.wheelNeedsPassword = lib.mkForce true;
   security.sudo.extraConfig = ''
     Defaults  lecture="never"
   '';