chore: refactor user modules

flake.nix

@@ -3,20 +3,22 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    devenv = {
+      url = "github:cachix/devenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    devenv = {
-      url = "github:cachix/devenv";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     pumo-system-info = {
       url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -86,10 +88,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "minimal";
         };
         modules = [
-          ./users/phundrak/alys.nix
+          ./users/phundrak/host/alys.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -97,10 +98,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "fullHome";
         };
         modules = [
-          ./users/phundrak/marpa.nix
+          ./users/phundrak/host/marpa.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -108,10 +108,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "fullHome";
         };
         modules = [
-          ./users/phundrak/gampo.nix
+          ./users/phundrak/host/gampo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -119,10 +118,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "minimal";
         };
         modules = [
-          ./users/phundrak/tilo.nix
+          ./users/phundrak/host/tilo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };

hosts/alys/configuration.nix

@@ -1,64 +1,41 @@
-{
+{inputs, ...}: {
-  pkgs,
-  inputs,
-  ...
-}: {
   imports = [
     ./hardware-configuration.nix
-    ./host.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
+    ../../system
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
   ];
 
-  zramSwap.enable = true;
-
-  # networking.domain = "phundrak.com";
   system = {
-    amdgpu.enable = false;
     boot = {
-      kernel = {
+      kernel.hardened = true;
-        hardened = true;
-        cpuVendor = "amd";
-      };
       systemd-boot = false;
-      zfs.enable = false;
+      zram = {
+        enable = true;
+        memoryMax = 512;
+      };
     };
+    dev.docker.enable = true;
     networking = {
       hostname = "alys";
       domain = "phundrak.com";
       id = "41157110";
-      firewall.openPorts = [
-        22
-      ];
     };
-    sound.enable = false;
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
+    };
+    services = {
+      endlessh.enable = true;
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+    };
     users = {
       root.disablePassword = true;
-      phundrak = true;
+      phundrak.enable = true;
     };
   };
-
-  modules = {
-    ssh = {
-      enable = true;
-      allowedUsers = ["phundrak"];
-      passwordAuthentication = false;
-    };
-    endlessh.enable = false;
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
-
-  # networking.hostName = "alys";
-  # users.users.root.openssh.authorizedKeys.keys = [
-  #   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+b7BE/gHrHVkqNVfHtp2r4OCUDdohst8hb3Bz5tYtx3gvXJQCB1rFc2hgQJf8FsVyQbidS64lnhU1rUIEbFhv7itT5FGGUnfJEYs64W30wKsnPSb5WXdFXzrNi8za48i2oNl9JA9Fj9k6isyvkTup89hB+ELbXIcfz3bM93WaAt2dIgKijXaAMAAA+tHhgWvlrHlvGlU9/KxY3ZOQSoEboPXd7TDyOf1672eAibYyb5h1HIewYZ+xv1X4dxx/c9Arh4K0s8scuB7XTQQkEbRUEYKD2YXKN83Z09jfMlMYuBAKKO8zU4CM2KTbL7kEVgNc/ArY+uCAakmC5+eS7LxMuOt86+Bi4gXTJ6o6dbfUbCGiq751ni8pg44YSfwYiI05vvZ08eIyNkowumD+X4GRW4tu0I3qK8TI7exeEeoQIwlSfLXlYHEdNB8Q3feLyhHMRkxXgUskbXwWIBexLzJyY40tyqQplZWbYGrUEmjxZ7FWmaV+o8ZjnU2GfJ8JoWyCnEYfRc6Z2ILdXNDRzZ9qYOwefMHtuaYaYYximL+zdVVrm4EZuOetmaJ6zblk4ebU3GZjYykB8DmCDFDZO9koKwzPazLKQl0OWzmQqgxVNg7Mg1NZbuRQgVAhKPelnqejaXbf2/IHAYBn5LDR1Jew5+srlstM9XuYG2whEOx84w== Lucien Cartier-Tilet <lucien@phundrak.com>"
-  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com"
-  # ];
   system.stateVersion = "23.11";
 }

hosts/alys/host.nix

@@ -1,3 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [neofetch vim emacs];
-}

hosts/gampo/configuration.nix

@@ -7,55 +7,72 @@
   imports = [
     inputs.sops-nix.nixosModules.sops
     ./hardware-configuration.nix
-    ./services
+    # ./services
-    ../../modules/opentablet.nix
+    ../../system
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
   ];
 
+  system = {
+    boot = {
+      plymouth.enable = true;
+      kernel = {
+        cpuVendor = "intel";
+        package = pkgs.linuxPackages;
+        modules = ["i915"];
+      };
+      systemd-boot = true;
+    };
+    desktop = {
+      hyprland.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
+      };
+    };
+    dev.docker = {
+      enable = true;
+      podman.enable = true;
+      autoprune.enable = true;
+    };
+    hardware = {
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      ibmTrackpoint.disable = true;
+      opentablet.enable = true;
+      sound.enable = true;
+    };
+    misc.keymap = "fr-bepo";
+    networking = {
+      hostname = "gampo";
+      id = "0630b33f";
+      hostFiles = [config.sops.secrets.extraHosts.path];
+    };
+    packages = {
+      appimage.enable = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      ssh.enable = true;
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
   sops.secrets.extraHosts = {
     inherit (config.users.users.root) group;
     owner = config.users.users.phundrak.name;
     mode = "0440";
   };
 
-  boot.initrd.kernelModules = ["i915"];
-
-  system = {
-    boot.plymouth.enable = true;
-    docker = {
-      enable = true;
-      autoprune.enable = true;
-      podman.enable = true;
-    };
-    networking = {
-      hostname = "gampo";
-      id = "0630b33f";
-      hostFiles = [config.sops.secrets.extraHosts.path];
-    };
-    sound.enable = true;
-  };
-
-  modules = {
-    appimage.enable = true;
-    hyprland.enable = true;
-  };
-
   security.rtkit.enable = true;
 
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    curl
-    openssl
-    wget
-  ];
-
-  nix.settings.trusted-users = ["root" "phundrak"];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database
   # versions on your system were taken. It‘s perfectly fine and

hosts/gampo/services/default.nix

@@ -1,7 +1,7 @@
 {
-  imports = [
+  # imports = [
-    ./gnome.nix
+  #   ./gnome.nix
-  ];
+  # ];
 
   services = {
     # Enable CUPS to print documents.

hosts/marpa/configuration.nix

@@ -1,42 +1,48 @@
 {
   config,
-  pkgs,
   inputs,
   ...
 }: {
   imports = [
     inputs.sops-nix.nixosModules.sops
     ./system/hardware-configuration.nix
-    ./services
+    ../../system
-    ../../modules/opentablet.nix
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
   ];
 
-  sops.secrets.extraHosts = {
-    inherit (config.users.users.root) group;
-    owner = config.users.users.phundrak.name;
-    mode = "0440";
-  };
-
-  security.polkit.enable = true;
-
-  fileSystems."/games" = {
-    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
-    fsType = "ext4";
-  };
-
   system = {
-    amdgpu.enable = true;
+    boot = {
-    boot.plymouth.enable = true;
+      extraModprobeConfig = ''
-    docker = {
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
+      '';
+      plymouth.enable = true;
+      kernel.cpuVendor = "amd";
+      systemd-boot = true;
+    };
+    desktop = {
+      hyprland.enable = true;
+      niri.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
+      };
+    };
+    dev.docker = {
       enable = true;
       podman.enable = true;
       autoprune.enable = true;
     };
+    hardware = {
+      amdgpu.enable = true;
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      opentablet.enable = true;
+      sound = {
+        enable = true;
+        jack = true;
+        scarlett.enable = true;
+      };
+    };
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "marpa";
       id = "7EA4A111";
@@ -49,34 +55,45 @@
         }
       ];
     };
-    sound = {
+    packages = {
-      enable = true;
+      appimage.enable = true;
-      jack = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      printing.enable = true;
+      ssh.enable = true;
+      sunshine = {
+        enable = true;
+        autostart = true;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
     };
   };
 
-  modules = {
+  sops.secrets.extraHosts = {
-    appimage.enable = true;
+    inherit (config.users.users.root) group;
-    hyprland.enable = true;
+    owner = config.users.users.phundrak.name;
+    mode = "0440";
   };
 
-  security.rtkit.enable = true;
+  security = {
+    polkit.enable = true;
+    rtkit.enable = true;
+  };
 
-  nix.settings.trusted-users = ["root" "phundrak"];
+  fileSystems."/games" = {
-
+    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
-  environment.systemPackages = with pkgs; [
+    fsType = "ext4";
-    clinfo # AMD
+  };
-    curl
-    openssl
-    wget
-    alsa-scarlett-gui
-  ];
-
-  boot.extraModprobeConfig = ''
-    options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
-  '';
-
-  programs.nix-ld.enable = true;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/marpa/services/default.nix

@@ -1,25 +1,24 @@
 {
-  imports = [
+  # imports = [
-    ./logind.nix
+  #   ./logind.nix
-    ../../../modules/ssh.nix
+  #   ../../../system
-    ../../../modules/sunshine.nix
+  # ];
-    ../../../modules/xserver.nix
+  # imports = [
-  ];
+  #   ./logind.nix
+  #   ../../../modules/ssh.nix
+  #   ../../../modules/sunshine.nix
+  # ];
 
-  modules = {
+  # modules = {
-    sunshine = {
+  #   sunshine = {
-      enable = true;
+  #     enable = true;
-      autostart = true;
+  #     autostart = true;
-    };
+  #   };
-    xserver = {
+  # };
-      amdgpu.enable = true;
+  # services = {
-      de = "gnome";
+  #   blueman.enable = true;
-    };
+  #   fwupd.enable = true;
-  };
+  #   printing.enable = true;
-  services = {
+  #   openssh.enable = true;
-    blueman.enable = true;
+  # };
-    fwupd.enable = true;
-    printing.enable = true;
-    openssh.enable = true;
-  };
 }

hosts/tilo/configuration.nix

@@ -1,24 +1,15 @@
 # Edit this configuration file to define what should be installed on your
 # system.  Help is available in the configuration.nix(5) man page and in
 # the NixOS manual (accessible by running ‘nixos-help’).
-{
+{inputs, ...}: {
-  pkgs,
-  inputs,
-  ...
-}: {
   imports = [
     ./hardware-configuration.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
+    ../../system
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
     ./services
   ];
 
   system = {
-    amdgpu.enable = false;
     boot = {
       kernel = {
         hardened = true;
@@ -29,16 +20,15 @@
         pools = ["tank"];
       };
     };
-    docker.enable = true;
+    dev.docker.enable = true;
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "tilo";
       id = "7110b33f";
       firewall = {
         openPorts = [
-          22 # SSH
           80 # HTTP
           443 # HTTPS
-          2222 # endlessh
           25565 # Minecraft
         ];
         extraCommands = ''
@@ -47,28 +37,24 @@
         '';
       };
     };
-    nix.gc.automatic = true;
+    packages.nix = {
-    sound.enable = false;
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
+    };
+    services = {
+      endlessh.enable = true;
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+    };
     users = {
       root.disablePassword = true;
-      phundrak = true;
+      phundrak.enable = true;
     };
-    console.keyMap = "fr-bepo";
   };
 
-  modules = {
-    ssh = {
-      enable = true;
-      allowedUsers = ["phundrak"];
-      passwordAuthentication = false;
-    };
-    endlessh.enable = true;
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

keys/id_alys.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTv1lb6d99O84jeh6GdjPm8Gnt/HncSRhGhmoTq7BMK lucien@phundrak.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTv1lb6d99O84jeh6GdjPm8Gnt/HncSRhGhmoTq7BMK lucien@phundrak.com

modules/opentablet.nix

@@ -1,6 +0,0 @@
-{
-  hardware.opentabletdriver = {
-    enable = true;
-    daemon.enable = true;
-  };
-}

modules/system.nix

@@ -1,183 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.system;
-in {
-  imports = [
-    ./amdgpu.nix
-    ./appimage.nix
-    ./boot.nix
-    ./locale.nix
-    ./networking.nix
-    ./nix.nix
-    ./plymouth.nix
-    ./sound.nix
-    ./users.nix
-    ./dev/docker.nix
-  ];
-
-  options.system = with types; {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
-    boot = {
-      kernel = {
-        package = mkOption {
-          type = raw;
-          default = pkgs.linuxPackages_zen;
-        };
-        modules = mkOption {
-          type = listOf str;
-          default = [];
-        };
-        cpuVendor = mkOption {
-          description = "Intel or AMD?";
-          type = enum ["intel" "amd"];
-          default = "amd";
-        };
-        v4l2loopback = mkOption {
-          description = "Enables v4l2loopback";
-          type = bool;
-          default = true;
-        };
-        hardened = mkEnableOption "Enables hardened Linux kernel";
-      };
-      systemd-boot = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Does the system use systemd-boot?";
-      };
-      plymouth.enable = mkEnableOption "Enables Plymouth";
-      zfs = {
-        enable = mkEnableOption "Enables ZFS";
-        pools = mkOption {
-          type = listOf str;
-          default = [];
-        };
-      };
-    };
-    docker = {
-      enable = mkEnableOption "Enable Docker";
-      podman.enable = mkEnableOption "Enable Podman rather than Docker";
-      nvidia.enable = mkEnableOption "Activate Nvidia support";
-      autoprune.enable = mkEnableOption "Enable autoprune";
-    };
-    networking = {
-      hostname = mkOption {
-        type = str;
-        example = "gampo";
-      };
-      id = mkOption {
-        type = str;
-        example = "deadb33f";
-      };
-      domain = mkOption {
-        type = nullOr str;
-        example = "phundrak.com";
-        default = null;
-      };
-      hostFiles = mkOption {
-        type = listOf path;
-        example = [/path/to/hostFile];
-        default = [];
-      };
-      firewall = {
-        openPorts = mkOption {
-          type = listOf int;
-          example = [22 80 443];
-          default = [];
-        };
-        openPortRanges = mkOption {
-          type = listOf (attrsOf port);
-          default = [];
-          example = [
-            {
-              from = 8080;
-              to = 8082;
-            }
-          ];
-          description = ''
-            A range of TCP and UDP ports on which incoming connections are
-            accepted.
-          '';
-        };
-        extraCommands = mkOption {
-          type = nullOr lines;
-          example = "iptables -A INPUTS -p icmp -j ACCEPT";
-          default = null;
-        };
-      };
-    };
-    nix = {
-      disableSandbox = mkOption {
-        type = bool;
-        default = false;
-      };
-      gc = {
-        automatic = mkOption {
-          type = bool;
-          default = true;
-        };
-        dates = mkOption {
-          type = str;
-          default = "Monday 01:00 UTC";
-        };
-        options = mkOption {
-          type = str;
-          default = "--delete-older-than 30d";
-        };
-      };
-    };
-    sound = {
-      enable = mkEnableOption "Whether to enable sounds with Pipewire";
-      alsa = mkOption {
-        type = bool;
-        example = true;
-        default = true;
-        description = "Whether to enable ALSA support with Pipewire";
-      };
-      jack = mkOption {
-        type = bool;
-        example = true;
-        default = false;
-        description = "Whether to enable JACK support with Pipewire";
-      };
-      package = mkOption {
-        type = package;
-        example = pkgs.pulseaudio;
-        default = pkgs.pulseaudioFull;
-        description = "Which base package to use for PulseAudio";
-      };
-    };
-    users = {
-      root.disablePassword = mkEnableOption "Disables root password";
-      phundrak = mkOption {
-        type = bool;
-        default = true;
-      };
-    };
-    timezone = mkOption {
-      type = str;
-      default = "Europe/Paris";
-    };
-    console.keyMap = mkOption {
-      type = str;
-      default = "fr";
-    };
-  };
-
-  config = {
-    boot.tmp.cleanOnBoot = true;
-    time.timeZone = cfg.timezone;
-    console.keyMap = cfg.console.keyMap;
-    modules = {
-      boot = {
-        inherit (cfg) amdgpu;
-        inherit (cfg.boot) kernel systemd-boot plymouth zfs;
-      };
-      inherit (cfg) sound users networking docker amdgpu;
-    };
-  };
-}

programs/flatpak.nix

@@ -1,3 +0,0 @@
-{
-  services.flatpak.enable = true;
-}

programs/steam.nix

@@ -1,21 +0,0 @@
-{pkgs, ...}: {
-  programs = {
-    steam = {
-      enable = true;
-      protontricks.enable = true;
-      remotePlay.openFirewall = true;
-      localNetworkGameTransfers.openFirewall = true;
-      gamescopeSession.enable = true;
-      extraCompatPackages = [pkgs.proton-ge-bin];
-    };
-    gamescope = {
-      enable = true;
-      capSysNice = true;
-      args = [
-        "--rt"
-        "--expose-wayland"
-      ];
-    };
-  };
-  hardware.steam-hardware.enable = true;
-}

system/boot/boot.nix

@@ -5,10 +5,16 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot;
+  cfg = config.system.boot;
 in {
-  options.modules.boot = {
+  options.system.boot = {
-    amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+    extraModprobeConfig = mkOption {
+      type = types.lines;
+      default = "";
+      example = ''
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
+      '';
+    };
     kernel = {
       package = mkOption {
         type = types.raw;
@@ -45,7 +51,7 @@ in {
   };
 
   config.boot = {
-    initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
+    initrd.kernelModules = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
     loader = {
       systemd-boot.enable = cfg.systemd-boot;
       efi.canTouchEfiVariables = cfg.systemd-boot;

system/boot/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./boot.nix
+    ./plymouth.nix
+    ./zram.nix
+  ];
+}

system/boot/plymouth.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot.plymouth;
+  cfg = config.system.boot.plymouth;
 in {
-  options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
+  options.system.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
   config.boot = mkIf cfg.enable {
     plymouth = {
       inherit (cfg) enable;

system/boot/zram.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.boot.zram;
+in {
+  options.system.boot.zram = {
+    enable = mkEnableOption "Enable ZRAM";
+    memoryMax = mkOption {
+      type = types.int;
+      example = "512";
+      description = "Maximum size allocated to ZRAM in MiB";
+    };
+  };
+  config.zramSwap = mkIf cfg.enable {
+    inherit (cfg) enable;
+    memoryMax = cfg.memoryMax * 1024 * 1024;
+  };
+}

system/default.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.misc;
+in {
+  imports = [
+    ./boot
+    ./desktop
+    ./dev
+    ./hardware
+    ./i18n
+    ./network
+    ./packages
+    ./security
+    ./services
+    ./users
+  ];
+
+  options.system.misc = {
+    timezone = mkOption {
+      type = types.str;
+      default = "Europe/Paris";
+    };
+    keymap = mkOption {
+      type = types.str;
+      default = "fr";
+      example = "fr-bepo";
+      description = "Keymap to use in the TTY console";
+    };
+  };
+
+  config = {
+    boot.tmp.cleanOnBoot = true;
+    time.timeZone = cfg.timezone;
+    console.keyMap = cfg.keymap;
+  };
+}

system/desktop/default.nix

@@ -0,0 +1,3 @@
+{
+  imports = [./hyprland.nix ./niri.nix ./xserver.nix];
+}

system/desktop/hyprland.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.system.desktop.hyprland;
 in {
-  options.modules.hyprland.enable = mkEnableOption "Enables Hyprland";
+  options.system.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
   config.programs.hyprland = mkIf cfg.enable {
     inherit (cfg) enable;
     withUWSM = true;

system/desktop/niri.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.system.desktop.niri;
+in {
+  options.system.desktop.niri.enable = mkEnableOption "Enables Niri";
+  config.programs.niri = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/desktop/xserver.nix

@@ -4,10 +4,10 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.xserver;
+  cfg = config.system.desktop.xserver;
 in {
-  options.modules.xserver = {
+  options.system.desktop.xserver = {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
+    enable = mkEnableOption "Enables xserver";
     de = mkOption {
       type = types.enum ["gnome" "kde"];
       default = "gnome";
@@ -15,7 +15,7 @@ in {
       description = "Which DE to enable";
     };
   };
-  config.services = {
+  config.services = mkIf cfg.enable {
     displayManager = {
       sddm.enable = mkIf (cfg.de == "kde") true;
       gdm.enable = mkIf (cfg.de == "gnome") true;
@@ -34,8 +34,8 @@ in {
     };
 
     xserver = {
-      enable = true;
+      inherit (cfg) enable;
-      videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
+      videoDrivers = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
       xkb = {
         layout = "fr";
         variant = "bepo_afnor";

system/dev/default.nix

@@ -0,0 +1,3 @@
+{
+  imports = [./docker.nix];
+}

system/dev/docker.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.docker;
+  cfg = config.system.dev.docker;
 in {
-  options.modules.docker = {
+  options.system.dev.docker = {
     enable = mkEnableOption "Enable Docker";
     podman.enable = mkEnableOption "Enable Podman rather than Docker";
     nvidia.enable = mkEnableOption "Activate Nvidia support";

system/hardware/amdgpu.nix

@@ -5,13 +5,18 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.amdgpu;
+  cfg = config.system.hardware.amdgpu;
 in {
-  options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+  options.system.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
   config = mkIf cfg.enable {
     systemd.tmpfiles.rules = [
       "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
     ];
     hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
+    environment.systemPackages = with pkgs; [
+      clinfo
+      amdgpu_top
+      nvtopPackages.amd
+    ];
   };
 }

system/hardware/bluetooth.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.hardware.bluetooth;
+in {
+  options.system.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
+  config = mkIf cfg.enable {
+    hardware.bluetooth.enable = cfg.enable;
+    services.blueman.enable = cfg.enable;
+  };
+}

system/hardware/corne.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.hardware.corne;
+in {
+  options.system.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
+  config.services.udev = mkIf cfg.allowHidAccess {
+    extraRules = ''
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    '';
+  };
+}

system/hardware/default.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./amdgpu.nix
+    ./bluetooth.nix
+    ./corne.nix
+    ./ibm-trackpoint.nix
+    ./opentablet.nix
+    ./sound.nix
+  ];
+}

system/hardware/ibm-trackpoint.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.hardware.ibmTrackpoint;
+in {
+  options.system.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
+  config.services.udev = mkIf cfg.disable {
+    extraRules = ''
+      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
+    '';
+  };
+}

system/hardware/opentablet.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.hardware.opentablet;
+in {
+  options.system.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
+  config.hardware.opentabletdriver = mkIf cfg.enable {
+    inherit (cfg) enable;
+    daemon.enable = true;
+  };
+}

system/hardware/sound.nix

@@ -5,10 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.sound;
+  cfg = config.system.hardware.sound;
 in {
-  options.modules.sound = {
+  options.system.hardware.sound = {
     enable = mkEnableOption "Whether to enable sounds with Pipewire";
+    scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
     alsa = mkOption {
       type = types.bool;
       example = true;
@@ -29,12 +30,15 @@ in {
     };
   };
 
-  config.services.pipewire = mkIf cfg.enable {
+  config = {
-    enable = true;
+    environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
-    alsa = mkIf cfg.alsa {
+    services.pipewire = mkIf cfg.enable {
-      enable = mkDefault true;
+      enable = true;
-      support32Bit = mkDefault true;
+      alsa = mkIf cfg.alsa {
+        enable = mkDefault true;
+        support32Bit = mkDefault true;
+      };
+      jack.enable = mkDefault cfg.jack;
     };
-    jack.enable = mkDefault cfg.jack;
   };
 }

system/i18n/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./locale.nix
+  ];
+}

system/network/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./networking.nix
+  ];
+}

system/network/networking.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.networking;
+  cfg = config.system.networking;
 in {
-  options.modules.networking = with types; {
+  options.system.networking = with types; {
     hostname = mkOption {
       type = str;
       example = "gampo";

system/packages/appimage.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.appimage;
+  cfg = config.system.packages.appimage;
 in {
-  options.modules.appimage.enable = mkEnableOption "Enables AppImage support";
+  options.system.packages.appimage.enable = mkEnableOption "Enables AppImage support";
   config.programs.appimage = mkIf cfg.enable {
     inherit (cfg) enable;
     binfmt = true;

system/packages/default.nix

@@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  imports = [
+    ./appimage.nix
+    ./flatpak.nix
+    ./nano.nix
+    ./nix.nix
+    ./steam.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    curl
+    openssl
+    wget
+  ];
+}

system/packages/flatpak.nix

@@ -0,0 +1,22 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.packages.flatpak;
+in {
+  options.system.packages.flatpak = {
+    enable = mkEnableOption "Enable Flatpak support";
+    builder.enable = mkEnableOption "Enable Flatpak builder";
+  };
+  config = {
+    services.flatpak = mkIf cfg.enable {
+      inherit (cfg) enable;
+    };
+    environment.systemPackages = mkIf cfg.builder.enable [
+      pkgs.flatpak-buildR
+    ];
+  };
+}

system/packages/nix.nix

@@ -4,10 +4,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nix;
+  cfg = config.system.packages.nix;
 in {
-  options.modules.nix = {
+  options.system.packages.nix = {
-    disableSandbox = mkEnableOption "Disables Nix sandbox";
+    allowUnfree = mkEnableOption "Enable unfree packages";
+    disableSandbox = mkEnableOption "Disable Nix sandbox";
     gc = {
       automatic = mkOption {
         type = types.bool;
@@ -22,17 +23,27 @@ in {
         default = "--delete-older-than 30d";
       };
     };
+    nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
+    trusted-users = mkOption {
+      type = types.listOf types.str;
+      example = ["alice" "bob"];
+      default = [];
+    };
   };
 
   config = {
     nix = {
+      inherit (cfg) gc;
       settings = {
+        inherit (cfg) trusted-users;
         sandbox = cfg.disableSandbox;
         experimental-features = ["nix-command" "flakes"];
         auto-optimise-store = true;
       };
-      inherit (cfg) gc;
     };
     nixpkgs.config.allowUnfree = true;
+    programs = {
+      inherit (cfg) nix-ld;
+    };
   };
 }

system/packages/steam.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.programs.steam;
+in {
+  options.system.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
+  config = mkIf cfg.enable {
+    programs = {
+      steam = {
+        inherit (cfg) enable;
+        protontricks.enable = true;
+        remotePlay.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+        gamescopeSession.enable = true;
+        extraCompatPackages = [pkgs.proton-ge-bin];
+      };
+      gamescope = {
+        enable = true;
+        capSysNice = true;
+        args = [
+          "--rt"
+          "--expose-wayland"
+        ];
+      };
+    };
+    hardware.steam-hardware = {
+      inherit (cfg) enable;
+    };
+  };
+}

system/security/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./sops.nix
+  ];
+}

system/security/sops.nix

@@ -1,6 +1,6 @@
 {
   sops = {
-    defaultSopsFile = ../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
     age = {
       # automatically import user SSH keys as age keys

system/services/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./endlessh.nix
+    ./fwupd.nix
+    ./printing.nix
+    ./ssh.nix
+    ./sunshine.nix
+  ];
+}

system/services/endlessh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.endlessh;
+  cfg = config.system.services.endlessh;
 in {
-  options.modules.endlessh = {
+  options.system.services.endlessh = {
     enable = mkEnableOption "Enables endlessh.";
     port = mkOption {
       type = types.port;

system/services/fwupd.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.services.fwupd;
+in {
+  options.system.services.fwupd.enable = mkEnableOption "Enable fwupd";
+  config.services.fwupd = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/printing.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.system.services.printing;
+in {
+  options.system.services.printing.enable = mkEnableOption "Enable printing with CUPS";
+  config.services.printing = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/ssh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.ssh;
+  cfg = config.system.services.ssh;
 in {
-  options.modules.ssh = {
+  options.system.services.ssh = {
     enable = mkEnableOption "Enables OpenSSH";
     allowedUsers = mkOption {
       type = types.listOf types.str;
@@ -20,7 +20,7 @@ in {
     };
   };
   config.services.openssh = mkIf cfg.enable {
-    enable = true;
+    inherit (cfg) enable;
     settings = {
       AllowUsers = cfg.allowedUsers;
       PermitRootLogin = "no";

system/services/sunshine.nix

@@ -4,19 +4,17 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.sunshine;
+  cfg = config.system.services.sunshine;
 in {
-  options.modules.sunshine = {
+  options.system.services.sunshine = {
-    enable = mkEnableOption "Enables moonlight";
+    enable = mkEnableOption "Enables Sunshine";
     autostart = mkEnableOption "Enables autostart";
   };
   config.services.sunshine = mkIf cfg.enable {
-    enable = true;
+    inherit (cfg) enable;
     autoStart = cfg.autostart;
     capSysAdmin = true;
     openFirewall = true;
-    settings = {
+    settings.sunshine_name = config.system.networking.hostname;
-      sunshine_name = "marpa";
-    };
   };
 }

system/users/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./phundrak.nix
+  ];
+}

system/users/phundrak.nix

@@ -5,14 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.users;
+  cfg = config.system.users;
 in {
-  options.modules.users = {
+  options.system.users = {
     root.disablePassword = mkEnableOption "Disables root password";
-    phundrak = mkOption {
+    phundrak.enable = mkEnableOption "Enables users phundrak";
-      type = types.bool;
-      default = true;
-    };
   };
 
   config = {
@@ -21,12 +18,12 @@ in {
         hashedPassword = mkIf cfg.root.disablePassword "*";
         shell = pkgs.zsh;
       };
-      phundrak = {
+      phundrak = mkIf cfg.phundrak.enable {
         isNormalUser = true;
         description = "Lucien Cartier-Tilet";
         extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
         shell = pkgs.zsh;
-        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ./keys;
+        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
       };
     };
     programs.zsh.enable = true;

users/modules/cli/bat.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.bat;
+  cfg = config.home.cli.bat;
 in {
-  options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
+  options.home.cli.bat.extras = mkEnableOption "Enables extra packages for bat.";
   config.programs.bat = {
     enable = true;
     config = {

users/modules/cli/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli;
+in {
+  imports = [
+    ./bat.nix
+    ./btop.nix
+    ./direnv.nix
+    ./eza.nix
+    ./mu.nix
+    ./nh.nix
+    ./nix-index.nix
+    ./scripts
+    ./tealdeer.nix
+    ./yt-dlp.nix
+  ];
+
+  options.home.cli.fullDesktop = mkEnableOption "Enable all optional modules and options";
+  config.home.cli = {
+    bat.extras = mkDefault cfg.fullDesktop;
+    mu.enable = mkDefault cfg.fullDesktop;
+    scripts.enable = mkDefault cfg.fullDesktop;
+    yt-dlp.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/cli/mu.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.mu;
+in {
+  options.home.cli.mu.enable = mkEnableOption "Enable mu";
+  config.programs.mu.enable = cfg.enable;
+}

users/modules/cli/nh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nh;
+  cfg = config.home.cli.nh;
 in {
-  options.modules.nh.flake = mkOption {
+  options.home.cli.nh.flake = mkOption {
     type = types.path;
     default = "/home/phundrak/.dotfiles";
     example = "/etc/nixos";

users/modules/cli/nix-index.nix

@@ -0,0 +1,10 @@
+{inputs, ...}: {
+  imports = [
+    inputs.nix-index-database.homeModules.nix-index
+  ];
+
+  programs = {
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
+  };
+}

users/modules/cli/scripts/default.nix

@@ -0,0 +1,15 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.scripts;
+  files = filesystem.listFilesRecursive ./.;
+  scriptFiles = builtins.filter (path: baseNameOf path != "default.nix") files;
+  scripts = map (file: (import file {inherit pkgs config;})) scriptFiles;
+in {
+  options.home.cli.scripts.enable = mkEnableOption "Add custom scripts to PATH";
+  config.home.packages = mkIf cfg.enable scripts;
+}

users/modules/cli/scripts/launch-with-emacsclient.nix

@@ -1,10 +1,10 @@
 {
   pkgs,
-  emacsPackage,
+  config,
   ...
 }:
 pkgs.writeShellScriptBin "launch-with-emacsclient" ''
   filename="$1"
   line="$2"
   column="$3"
-  ${emacsPackage}/bin/emacsclient +$line:$column "$filename"''
+  ${config.home.dev.editors.emacs.package}/bin/emacsclient +$line:$column "$filename"''

users/modules/cli/yt-dlp.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.yt-dlp;
+in {
+  options.home.cli.yt-dlp.enable = mkEnableOption "Enable yt-dlp";
+  config.programs.yt-dlp = mkIf cfg.enable {
+    inherit (cfg) enable;
+    settings = {
+      embed-thumbnail = true;
+      embed-subs = true;
+      sub-langs = "all";
+    };
+  };
+}

users/modules/default.nix

@@ -1,17 +1,29 @@
 {
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home;
+in {
   imports = [
     ./basics.nix
-    ./bat.nix
+    ./cli
-    ./btop.nix
+    ./desktop
-    ./direnv.nix
+    ./dev
-    ./eza.nix
+    ./media
-    ./gpg.nix
+    ./services
-    ./mopidy.nix
+    ./security
-    ./nh.nix
-    ./nix-index.nix
     ./shell
-    ./ssh.nix
-    ./tealdeer.nix
-    ./vcs
   ];
+
+  options.home.fullDesktop = mkEnableOption "Enable most modules";
+  config.home = {
+    cli.fullDesktop = mkDefault cfg.fullDesktop;
+    desktop.fullDesktop = mkDefault cfg.fullDesktop;
+    dev.fullDesktop = mkDefault cfg.fullDesktop;
+    media.fullDesktop = mkDefault cfg.fullDesktop;
+    security.fullDesktop = mkDefault cfg.fullDesktop;
+    services.fullDesktop = mkDefault cfg.fullDesktop;
+  };
 }

users/modules/desktop/default.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop;
+in {
+  imports = [
+    ./emoji.nix
+    ./eww.nix
+    ./hyprland.nix
+    ./kdeconnect.nix
+    ./kitty.nix
+    ./obs.nix
+    ./qt.nix
+    ./swaync.nix
+    ./waybar.nix
+    ./wlsunset.nix
+    ./wofi.nix
+  ];
+
+  options.home.desktop.fullDesktop = mkEnableOption "Enable options for graphical environments";
+  config.home.desktop = {
+    eww.enable = mkDefault cfg.fullDesktop;
+    hyprland.enable = mkDefault cfg.fullDesktop;
+    kdeconnect.enable = mkDefault cfg.fullDesktop;
+    kitty.enable = mkDefault cfg.fullDesktop;
+    obs.enable = mkDefault cfg.fullDesktop;
+    qt.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/desktop/eww.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.eww;
+in {
+  options.home.desktop.eww.enable = mkEnableOption "Enable eww support";
+  config.programs.eww = mkIf cfg.enable {
+    inherit (cfg) enable;
+    configDir = ./eww-config;
+  };
+}

users/modules/desktop/hyprland.nix

@@ -5,8 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.home.desktop.hyprland;
-  rofi-emoji = import ../scripts/rofi-emoji.nix {inherit pkgs;};
+  rofi-emoji = import ../cli/scripts/rofi-emoji.nix {inherit pkgs;};
+  laptops = ["gampo"];
 in {
   imports = [
     ./swaync.nix
@@ -14,33 +15,34 @@ in {
     ./wlsunset.nix
   ];
 
-  options.modules.hyprland = {
+  options.home.desktop.hyprland = {
     enable = mkEnableOption "Enables Hyprland";
-    swaync = mkEnableOption "Enables swaync";
     emacsPkg = mkOption {
       type = types.package;
-      default = pkgs.emacs;
+      default = config.home.dev.editors.emacs.package or pkgs.emacs;
+      # default = pkgs.emacs;
+      example = pkgs.emacs;
     };
     host = mkOption {
-      type = types.enum ["tilo" "gampo"];
+      type = types.enum ["gampo" "marpa"];
-      default = "tilo";
       description = ''
         Which host is Hyprland running on.
 
-        This helps determine the monitors layout.
+        This helps determine the monitors layout and enable battery support in waybar.
       '';
     };
-    waybar = {
-      enable = mkEnableOption "Enables waybar.";
-      battery = mkEnableOption "Enables battery support.";
-      style = mkOption {
-        type = types.path;
-        example = ./style.css;
-      };
-    };
   };
 
   config = mkIf cfg.enable {
+    home.desktop = {
+      swaync.enable = mkDefault true;
+      waybar = {
+        enable = mkDefault true;
+        battery = mkDefault (builtins.elem cfg.host laptops);
+      };
+      wlsunset.enable = mkDefault true;
+      wofi.enable = mkDefault true;
+    };
     wayland.windowManager.hyprland = {
       enable = true;
       xwayland.enable = true;
@@ -58,7 +60,7 @@ in {
         };
         monitor =
           {
-            "tilo" = [
+            "marpa" = [
               "DP-1, 3440x1440@144, 1080x550, 1"
               "DP-2, 2560x1080@60, 0x0, 1, transform, 1"
             ];
@@ -286,12 +288,5 @@ in {
         };
       };
     };
-    modules = {
-      swaync.enable = cfg.swaync;
-      waybar = mkIf cfg.waybar.enable {
-        inherit (cfg.waybar) enable battery style;
-      };
-      wlsunset.enable = true;
-    };
   };
 }

users/modules/desktop/kdeconnect.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kdeconnect;
+in {
+  options.home.desktop.kdeconnect.enable = mkEnableOption "Enable KDE Connect";
+  config.services.kdeconnect = mkIf cfg.enable {
+    enable = true;
+    indicator = true;
+  };
+}

users/modules/desktop/kitty.nix

@@ -1,6 +1,15 @@
-{pkgs, ...}: {
+{
-  programs.kitty = {
+  pkgs,
-    enable = true;
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kitty;
+in {
+  options.home.desktop.kitty.enable = mkEnableOption "Enable kitty terminal";
+  config.programs.kitty = mkIf cfg.enable {
+    inherit (cfg) enable;
     themeFile = "Nord";
     font = {
       package = pkgs.cascadia-code;

users/modules/desktop/obs.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.obs;
+in {
+  options.home.desktop.obs.enable = mkEnableOption "Enables OBS Studio";
+  config.programs.obs-studio = mkIf cfg.enable {
+    inherit (cfg) enable;
+    plugins = with pkgs.obs-studio-plugins; [
+      input-overlay
+      obs-backgroundremoval
+      obs-mute-filter
+      obs-pipewire-audio-capture
+      obs-source-clone
+      obs-source-record
+      obs-tuna
+    ];
+  };
+}

users/modules/desktop/qt.nix

@@ -0,0 +1,11 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.qt;
+in {
+  options.home.desktop.qt.enable = mkEnableOption "Enable Qt support";
+  config.qt.enable = cfg.enable;
+}

users/modules/desktop/swaync.nix

@@ -5,12 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.swaync;
+  cfg = config.home.desktop.swaync;
 in {
-  options.modules.swaync = {
+  options.home.desktop.swaync.enable = mkEnableOption "Enables swaync";
-    enable = mkEnableOption "Enables swaync";
-  };
-
   config = mkIf cfg.enable {
     services.swaync.enable = true;
     home.packages = [pkgs.swaynotificationcenter];

users/modules/desktop/waybar.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.waybar;
+  cfg = config.home.desktop.waybar;
 in {
-  options.modules.waybar = {
+  options.home.desktop.waybar = {
     enable = mkEnableOption "Enables waybar.";
     battery = mkEnableOption "Enables battery support.";
     style = mkOption {

users/modules/desktop/wlsunset.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.wlsunset;
+  cfg = config.home.desktop.wlsunset;
 in {
-  options.modules.wlsunset = {
+  options.home.desktop.wlsunset = {
     enable = mkEnableOption "Enables wlsunset";
     latitude = mkOption {
       type = with types; nullOr (oneOf [str ints.unsigned float]);

users/modules/desktop/wofi.nix

@@ -1,10 +1,18 @@
 {
-  programs.wofi = {
+  lib,
-    enable = true;
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.wofi;
+in {
+  options.home.desktop.wofi.enable = mkEnableOption "Enable wofi support";
+  config.programs.wofi = mkIf cfg.enable {
+    inherit (cfg) enable;
     settings = {
       modi = "ssh,drun,combi";
       sidebar-mode = false;
-      width = 30;
+      width = 50;
       line-margin = 10;
       lines = 6;
       columns = 2;

users/modules/dev/default.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev;
+in {
+  imports = [
+    ./editors
+    ./ollama.nix
+    ./vcs
+  ];
+
+  options.home.dev.fullDesktop = mkEnableOption "Enables everything except AI";
+  config.home.dev = {
+    vcs.fullDesktop = mkDefault cfg.fullDesktop;
+    editors.fullDesktop = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/dev/editors/default.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.editors;
+in {
+  imports = [
+    ./emacs.nix
+  ];
+
+  options.home.dev.editors.fullDesktop = mkEnableOption "Enable all editors";
+  config.home.dev.editors.emacs = {
+    enable = mkDefault cfg.fullDesktop;
+    service = mkDefault cfg.fullDesktop;
+    mu4eMime = mkDefault cfg.fullDesktop;
+    org-protocol = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/dev/editors/emacs.nix

@@ -11,9 +11,9 @@ with lib; let
       epkgs.pdf-tools
     ]
   ));
-  cfg = config.modules.emacs;
+  cfg = config.home.dev.editors.emacs;
 in {
-  options.modules.emacs = {
+  options.home.dev.editors.emacs = {
     enable = mkEnableOption "enables Emacs";
     package = mkOption {
       type = types.package;
@@ -25,6 +25,7 @@ in {
   };
 
   config = {
+    home.packages = [pkgs.emacs-all-the-icons-fonts];
     programs.emacs = mkIf cfg.enable {
       enable = true;
       inherit (cfg) package;

users/modules/dev/ollama.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.ollama;
+  cfg = config.home.dev.ollama;
 in {
-  options.modules.ollama = {
+  options.home.dev.ollama = {
     enable = mkEnableOption "Enables Ollama";
     gpu = mkOption {
       type = types.nullOr types.enum ["none" "amd" "nvidia"];

users/modules/dev/vcs/default.nix

@@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.vcs;
+in {
+  imports = [./git.nix ./jujutsu.nix];
+
+  options.home.dev.vcs = {
+    fullDesktop = mkEnableOption "Enable all optional values";
+    name = mkOption {
+      type = types.str;
+      default = "Lucien Cartier-Tilet";
+    };
+    email = mkOption {
+      type = types.str;
+      default = "lucien@phundrak.com";
+    };
+    editor = mkOption {
+      type = types.str;
+      default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
+    };
+    publicKey = {
+      content = mkOption {
+        type = types.nullOr types.str;
+        example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGj+J6N6SO+4P8dOZqfR1oiay2yxhhHnagH52avUqw5h";
+        default = null;
+      };
+      file = mkOption {
+        type = with types; nullOr path;
+        default = "/home/phundrak/.ssh/id_ed25519.pub";
+      };
+    };
+  };
+
+  config.home.dev.vcs = {
+    git = {
+      enable = mkDefault true;
+      inherit (cfg) name email editor;
+      publicKeyFile = cfg.publicKey.file;
+      cliff = mkDefault cfg.fullDesktop;
+      completeConfig = mkDefault cfg.fullDesktop;
+    };
+    jj = {
+      enable = mkDefault true;
+      inherit (cfg) name email editor;
+      signing.sshKey = mkDefault (cfg.publicKey.file or cfg.publicKey.content);
+    };
+  };
+}

users/modules/dev/vcs/git.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.git;
+  cfg = config.home.dev.vcs.git;
 in {
-  options.modules.git = {
+  options.home.dev.vcs.git = {
     enable = mkEnableOption "enables git";
     email = mkOption {
       type = types.str;
@@ -57,7 +57,11 @@ in {
     };
     completeConfig = mkEnableOption "Complete configuration for workstations";
     emacs = {
-      integration = mkEnableOption "enables Emacs integration";
+      integration = mkOption {
+        description = "enables Emacs integration";
+        type = types.bool;
+        default = config.home.dev.editors.emacs.enable;
+      };
       pkg = mkOption {
         type = types.package;
         default = pkgs.emacs;
@@ -111,7 +115,7 @@ in {
         };
         commit.gpgsign = cfg.publicKeyFile != null;
         gpg.format = "ssh";
-        gpg.ssh.allowedSignersFile = (mkIf (cfg.publicKeyFile != null)) "~/.ssh/allowed_signers";
+        gpg.ssh.allowedSignersFile = "${config.home.homeDirectory}/.ssh/allowed_signers";
         init.defaultBranch = "main";
         pull.rebase = true;
         push = {

users/modules/dev/vcs/jujutsu.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.jj;
+  cfg = config.home.dev.vcs.jj;
 in {
-  options.modules.jj = {
+  options.home.dev.vcs.jj = {
     enable = mkEnableOption "enables jj";
     name = mkOption {
       type = types.str;
@@ -19,7 +19,10 @@ in {
     };
     editor = mkOption {
       type = types.str;
-      default = "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs";
+      default =
+        if config.home.dev.editors.emacs.enable
+        then "${pkgs.emacs}/bin/emacsclient -c -a ${pkgs.emacs}/bin/emacs"
+        else "${pkgs.nano}/bin/nano";
     };
     signing = {
       enable = mkEnableOption "enables signing jj commits";
@@ -41,6 +44,7 @@ in {
       ui = {
         default-command = "st";
         pager = ":builtin";
+        show-cryptographic-signatures = true;
         inherit (cfg) editor;
       };
       signing = mkIf cfg.signing.enable {
@@ -50,6 +54,13 @@ in {
         backends."ssh.allowed-signers" = "~/.ssh/allowed_signers";
         backends."ssh.program" = "${pkgs.openssh}/bin/ssh-keygen";
       };
+      aliases = {
+        l = ["log"];
+        lc = ["log" "-r" "(remote_bookmarks()..@)::"];
+        n = ["new"];
+        dm = ["desc" "-m"];
+        tug = ["bookmark" "move" "--from" "heads(::@- & bookmarks())" "--to" "@-"];
+      };
     };
   };
 }

users/modules/eww.nix

@@ -1,6 +0,0 @@
-{
-  programs.eww = {
-    enable = true;
-    configDir = ./eww-config;
-  };
-}