hamie: init, but also not working

bin/mkboot

@@ -4,6 +4,9 @@ case $1 in
 arm | arm64)
 	nix build .#nixosConfigurations.arm64Install.config.system.build.sdImage
 	;;
+hamie)
+	nix build .#nixosConfigurations.hamie.config.system.build.sdImage
+	;;
 haas)
 	nix build .#nixosConfigurations.hassInstall.config.system.build.isoImage
 	;;

flake.nix

@@ -257,6 +257,17 @@
           "${stable}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix"
         ];
       };
+
+      hamie = stable.lib.nixosSystem {
+        system = "aarch64-linux";
+
+        modules = [
+          (import ./minimal.nix)
+          xin-secrets.nixosModules.sops
+
+          "${stable}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
+        ];
+      };
     };
 
     packages = forAllSystems (system: let
@@ -348,7 +359,7 @@
     };
 
     checks = let
-      buildList = ["europa" "stan" "h" "box" "faf"];
+      buildList = ["europa" "stan" "h" "box" "faf" "hamie"];
     in
       with unstable.lib;
         foldl' recursiveUpdate {} (mapAttrsToList (name: system: {

minimal.nix

@@ -0,0 +1,158 @@
+{
+  config,
+  lib,
+  options,
+  pkgs,
+  ...
+}: let
+  managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
+in {
+  imports = [./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix];
+
+  options.myconf = {
+    hwPubKeys = lib.mkOption rec {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        managementKey
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo="
+        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
+      ];
+      example = default;
+      description = "List of hardwar public keys to use";
+    };
+    zshPrompt = lib.mkOption rec {
+      type = lib.types.lines;
+      example = default;
+      description = "Base zsh prompt";
+      default = ''
+        autoload -U promptinit && promptinit
+        autoload -Uz vcs_info
+        autoload -Uz colors && colors
+
+        setopt prompt_subst
+        #setopt prompt_sp
+
+        zstyle ':vcs_info:*' enable git hg cvs
+        zstyle ':vcs_info:*' get-revision true
+        zstyle ':vcs_info:git:*' check-for-changes true
+        zstyle ':vcs_info:git:*' formats '(%b)'
+
+        precmd_vcs_info() { vcs_info }
+        precmd_functions+=( precmd_vcs_info )
+
+        prompt_char() {
+          if [ -z "$IN_NIX_SHELL" ]; then
+            echo -n "%#"
+          else
+            echo -n ";"
+          fi
+        }
+
+        PROMPT='%n@%m[%(?.%{$fg[default]%}.%{$fg[red]%})%?%{$reset_color%}]:%~$vcs_info_msg_0_$(prompt_char) '
+
+        eval "$(direnv hook zsh)"
+
+      '';
+    };
+    zshConf = lib.mkOption rec {
+      type = lib.types.lines;
+      example = default;
+      description = "Base zsh config";
+      default = ''
+        export NO_COLOR=1
+        # That sweet sweet ^W
+        WORDCHARS='*?_-.[]~=&;!#$%^(){}<>'
+
+        autoload -Uz compinit && compinit
+
+        set -o emacs
+
+      '';
+    };
+  };
+
+  config = {
+    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+
+    # from https://github.com/dylanaraps/neofetch
+    users.motd = ''
+
+                ::::.    ':::::     ::::'
+                ':::::    ':::::.  ::::'
+                  :::::     '::::.:::::
+            .......:::::..... ::::::::
+           ::::::::::::::::::. ::::::    ::::.
+          ::::::::::::::::::::: :::::.  ::::'
+                 .....           ::::' :::::'
+                :::::            '::' :::::'
+       ........:::::               ' :::::::::::.
+      :::::::::::::                 :::::::::::::
+       ::::::::::: ..              :::::
+           .::::: .:::            :::::
+          .:::::  .....
+          :::::   :::::.  ......:::::::::::::'
+           :::     ::::::. ':::::::::::::::::'
+                  .:::::::: '::::::::::
+                 .::::'''::::.     '::::.
+                .::::'   ::::.     '::::.
+               .::::      ::::      '::::.
+
+    '';
+    boot.tmp.cleanOnBoot = true;
+
+    environment.systemPackages = with pkgs; [inetutils];
+
+    environment.interactiveShellInit = ''
+      alias vi=nvim
+    '';
+
+    time.timeZone = "US/Mountain";
+
+    systemd.services."setdate" =
+      if pkgs.system == "aarch64-linux"
+      then {
+        description = "Set date on boot";
+        wantedBy = ["network-online.target"];
+        after = ["network-online.target"];
+        script = ''
+          . /etc/profile;
+          ${pkgs.outils}/bin/rdate pool.ntp.org
+        '';
+        serviceConfig.Type = "oneshot";
+      }
+      else {};
+
+    programs = {
+      zsh.enable = true;
+      ssh = {
+        startAgent = true;
+        extraConfig = "";
+      };
+    };
+
+    users.users.root = {
+      openssh.authorizedKeys.keys = config.myconf.hwPubKeys;
+    };
+
+    services = {
+      openntpd.enable = true;
+      pcscd.enable = true;
+      openssh = {
+        enable = true;
+        settings = {
+          PermitRootLogin = lib.mkForce "prohibit-password";
+          PasswordAuthentication = false;
+          KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"];
+          Macs = [
+            "hmac-sha2-512-etm@openssh.com"
+            "hmac-sha2-256-etm@openssh.com"
+            "umac-128-etm@openssh.com"
+          ];
+        };
+      };
+    };
+    system.stateVersion = "21.11";
+  };
+}