feat: Add new laptop configuration

hosts/ws-think/configuration.nix

@@ -0,0 +1,107 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.05";
+
+  # Machine hostname
+  networking.hostName = "ws-think";
+
+  # Admin users
+  users.users.jan.extraGroups = [
+    "wheel"
+    "wireshark"
+    "podman"
+    "libvirtd"
+  ];
+
+  # Set up kerberos
+  security.krb5 = {
+    enable = true;
+    settings = {
+      libdefaults = {
+        rdns = false;
+      };
+      realms = (inputs.secrets.gewis.krb5Realm);
+    };
+  };
+
+  services.netbird = {
+    enable = true;
+  };
+
+  # SSH X11 forwarding
+  programs.ssh.forwardX11 = true;
+
+  # Enable older samba versions
+  services.samba = {
+    enable = true;
+    settings = {
+      global = {
+        "invalid users" = [ "root" ];
+        "passwd program" = "/run/wrappers/bin/passwd %u";
+        "security" = "user";
+        "client min protocol" = "NT1";
+      };
+    };
+  };
+
+  # TODO: Remove once laptop is properly integrated into domain
+  programs.ssh = {
+    package = pkgs.openssh_gssapi;
+    extraConfig = ''
+      GSSAPIAuthentication yes
+    '';
+  };
+
+  # Enable virtualisation for VMs
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
+  # Enable wireshark
+  programs.wireshark = {
+    enable = true;
+    dumpcap.enable = true;
+    usbmon.enable = true;
+  };
+
+  # Enable Nix-LD
+  programs.nix-ld = {
+    enable = true;
+  };
+
+  # Set up wstunnel client
+  services.wstunnel = {
+    enable = true;
+    clients.wg-tunnel = {
+      connectTo = "wss://tunnel.bulthuis.dev:443";
+      settings.local-to-remote = [
+        "udp://51820:10.10.40.100:51820"
+      ];
+    };
+  };
+
+  # Enable flatpak
+  services.flatpak.enable = true;
+
+  # Module setup
+  modules = {
+    profiles.laptop.enable = true;
+  };
+
+  # Set up podman
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    dockerSocket.enable = true;
+    autoPrune.enable = true;
+  };
+
+  # Set up hardware
+  imports = [ ./hardware-configuration.nix ];
+}

hosts/ws-think/hardware-configuration.nix

@@ -0,0 +1,58 @@
+{ ... }:
+
+{
+  # Machine platform
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  # Set hostid (required for ZFS)
+  networking.hostId = "deadbeef";
+
+  modules.disko = {
+    enable = true;
+    profile = "ws-think";
+  };
+
+  # Hardware configuration
+  hardware.enableRedistributableFirmware = true;
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  hardware.cpu.intel.updateMicrocode = true;
+
+  # Filesystems
+  fileSystems = {
+    "/" = {
+      device = "tank/root";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/nix" = {
+      device = "tank/nix";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/persist" = {
+      device = "tank/persist";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/46BF-DE2C";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+  };
+}

hosts/ws-think/users/jan.nix

@@ -0,0 +1,31 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  home.stateVersion = "25.11";
+
+  modules.profiles.jan.enable = true;
+
+  # home.packages = with pkgs; [
+  #   opencloud-desktop
+  #   code-nautilus
+  #   nautilus-open-in-blackbox
+  # ];
+
+  xdg.desktopEntries = {
+    canvas = {
+      name = "Canvas";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://canvas.tue.nl\" --user-data-dir=/home/jan/.local/state/Canvas";
+      settings.StartupWMClass = "chrome-canvas.tue.nl__-Default";
+    };
+    overleaf = {
+      name = "Overleaf";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://www.overleaf.com\" --user-data-dir=/home/jan/.local/state/Overleaf";
+      settings.StartupWMClass = "chrome-www.overleaf.com__-Default";
+    };
+  };
+}

profiles/disko/ws-think.nix

@@ -0,0 +1,65 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        imageSize = "64G"; # For test VMs
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            zfs = {
+              end = "-16G";
+              content = {
+                type = "zfs";
+                pool = "tank";
+              };
+            };
+            swap = {
+              size = "100%";
+              content = {
+                type = "swap";
+                discardPolicy = "both";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      tank = {
+        type = "zpool";
+        rootFsOptions = {
+          compression = "zstd";
+        };
+        mountpoint = null;
+        postCreateHook = "zfs snapshot -r tank@blank && zfs hold -r blank tank@blank";
+
+        datasets = {
+          root = {
+            type = "zfs_fs";
+            mountpoint = "/";
+          };
+          nix = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+          };
+          persist = {
+            type = "zfs_fs";
+            mountpoint = "/persist";
+          };
+        };
+      };
+    };
+  };
+}