Bring lithium config in line with helium

machine-confs/lithium.nix

@@ -1,13 +1,47 @@
 { config, pkgs, ... }:
 {
-  networking.hostName = "lithium";
+  networking = {
+    hostName = "lithium";
+
+    firewall.allowedUDPPorts = [ 51820 ];
+
+    wg-quick.interfaces.wg0 = {
+      autostart = false;
+      address = [ "172.16.0.4/24" ];
+      dns = [
+        "192.168.0.1"
+        "vsinerva.fi"
+      ];
+      privateKeyFile = "/root/wireguard-keys/privatekey-home";
+      listenPort = 51820;
+
+      peers = [
+        {
+          publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
+          allowedIPs = [ "0.0.0.0/0" ];
+          endpoint = "wg.vsinerva.fi:51820";
+        }
+      ];
+    };
+  };
+  # Dirty hack to fix autostart failing due to DNS lookups
+  systemd.services."wg-quick-wg0".serviceConfig = {
+    Restart = "on-failure";
+    RestartSec = "1s";
+  };
+
+  services.openssh.enable = pkgs.lib.mkForce false;
+  services.fail2ban.enable = pkgs.lib.mkForce false;
 
   imports = [
     ../base.nix
     ../users/vili.nix
     ../desktop.nix
     ../development.nix
+    #    ../services/syncthing.nix
     ../services/redshift.nix
+    ../hardware-specific/keychron-q11.nix
+    ../hardware-specific/trackball.nix
     ../hardware-specific/usb-automount.nix
   ];
 
@@ -19,12 +53,20 @@
   ];
 
   boot = {
-    #resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
-    #kernelParams = [ "resume_offset=44537856" ];
+    initrd.luks.devices."nixos" = {
+      keyFileSize = 8192;
+      keyFile = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55EA5741216B0A93E02B3-0:0";
+      fallbackToPassword = true;
+    };
+
+    resumeDevice = "/dev/mapper/nixos";
+    kernelParams = [ "resume_offset=39292928" ];
 
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
   };
+
+  logind.lidSwitch = if config.boot.resumeDevice != "" then "hibernate" else "suspend";
 }