From f75eec54841ce55547478fef7e435d60a4009d88 Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Wed, 14 May 2025 12:07:20 +0000
Subject: [PATCH] Add hidden partition

---
 flake.nix                         |   1 +
 hosts/hidden/boot/default.nix     |   8 +++
 hosts/hidden/default.nix          |  17 +++++
 hosts/hidden/disko/default.nix    | 106 ++++++++++++++++++++++++++++++
 hosts/hidden/hardware/default.nix |  22 +++++++
 hosts/hidden/user/default.nix     |   7 ++
 6 files changed, 161 insertions(+)
 create mode 100644 hosts/hidden/boot/default.nix
 create mode 100644 hosts/hidden/default.nix
 create mode 100644 hosts/hidden/disko/default.nix
 create mode 100644 hosts/hidden/hardware/default.nix
 create mode 100644 hosts/hidden/user/default.nix

diff --git a/flake.nix b/flake.nix
index 05eb6b53..3cb28dc0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,6 +68,7 @@
       hostChannels = {
         tower = stable;
         detritus = stable;
+        hidden = stable;
 
         intuos = stable;
         jupiter = unstable;
diff --git a/hosts/hidden/boot/default.nix b/hosts/hidden/boot/default.nix
new file mode 100644
index 00000000..3cf63f7f
--- /dev/null
+++ b/hosts/hidden/boot/default.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader.systemd-boot.enable = true;
+    plymouth.enable = true;
+  };
+}
diff --git a/hosts/hidden/default.nix b/hosts/hidden/default.nix
new file mode 100644
index 00000000..91f5ae24
--- /dev/null
+++ b/hosts/hidden/default.nix
@@ -0,0 +1,17 @@
+{ ... }:
+{
+  imports = [
+    ./boot
+    ./disko
+    ./hardware
+    ./user
+    ../../modules/system
+  ];
+
+  networking.hostName = "hidden";
+
+  system = {
+    desktop.enable = true;
+    stateVersion = "24.11";
+  };
+}
diff --git a/hosts/hidden/disko/default.nix b/hosts/hidden/disko/default.nix
new file mode 100644
index 00000000..c7209669
--- /dev/null
+++ b/hosts/hidden/disko/default.nix
@@ -0,0 +1,106 @@
+{ config, disko, ... }:
+{
+  imports = [ disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk = {
+      "${config.networking.hostName}" = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+            };
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "${config.networking.hostName}-disk";
+                settings.allowDiscards = true;
+                passwordFile = "/tmp/secret.key";
+                content = {
+                  type = "lvm_pv";
+                  vg = "${config.networking.hostName}";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+
+    lvm_vg = {
+      "${config.networking.hostName}" = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/root" = {
+                  mountpoint = "/";
+                  mountOptions = [
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+                "/prev" = {
+                  mountpoint = "/prev";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noexec"
+                    "ssd"
+                  ];
+                };
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+
+                # Impermanence
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+                "/persist/.snapshots" = { };
+                "/persist/home" = { };
+                "/persist/home/.snapshots" = { };
+              };
+            };
+          };
+          swap = {
+            size = "2G";
+            content = {
+              type = "swap";
+              discardPolicy = "both";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # Needed for impermanence
+  fileSystems."/persist".neededForBoot = true;
+}
diff --git a/hosts/hidden/hardware/default.nix b/hosts/hidden/hardware/default.nix
new file mode 100644
index 00000000..e395f502
--- /dev/null
+++ b/hosts/hidden/hardware/default.nix
@@ -0,0 +1,22 @@
+{ config, lib, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ahci"
+        "nvme"
+        "sd_mod"
+        "sr_mod"
+        "usbhid"
+        "xhci_pci"
+      ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+    kernelModules = [ "kvm-intel" ];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/hidden/user/default.nix b/hosts/hidden/user/default.nix
new file mode 100644
index 00000000..3ca3a690
--- /dev/null
+++ b/hosts/hidden/user/default.nix
@@ -0,0 +1,7 @@
+{ config, lib, ... }:
+{
+  home-manager.users."${config.sysusers.main}".home = {
+    guifull.enable = true;
+    stateVersion = lib.mkForce config.system.stateVersion;
+  };
+}