fix: sign again with jujutsu

Add a screen resolution for when logging in remotely from Moonlight,
namely from my Thinkpad x220 and my FydeTab Duo.

.envrc

@@ -1,3 +1,4 @@
+# -*- mode: sh; -*-
 if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi

README.md

@@ -4,14 +4,12 @@ Personal NixOS configuration for my machines, using Nix Flakes for reproducible
 
 ## Repository Structure
 
-- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations
+- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations.
-- **hosts/**: Host-specific NixOS configurations
+- **hosts/**: Contains the host-specific NixOS configurations.
-- **modules/**: Custom NixOS modules reusable across different hosts
+- **system/**: Holds system-wide configuration modules that can be shared across different hosts. This includes things like boot settings, desktop environments, hardware configurations, networking, packages, security, and system services.
-- **programs/**: System-level programs shared across hosts
+- **users/**: Manages user-specific configurations. It's split into `modules` for reusable home-manager configurations and `phundrak` for my personal configuration.
-- **secrets/**: Encrypted secrets managed with sops-nix
+- **keys/**: Public keys for various machines.
-- **system/**: Common system-level configurations shared across hosts
+- **secrets/**: Encrypted secrets managed with `sops-nix`.
-- **users/phundrak/**: Home-manager configuration for my user
-- **users/modules/**: Custom user modules reusable across configurations
 
 ## Usage
 
@@ -51,24 +49,9 @@ nh home switch
 
 Format Nix files (using Alejandra):
 ```bash
-nix fmt
+nix fmt .
 ```
 
-## Development
-
-For development, a devShell is provided with linting tools and git hooks:
-
-```bash
-nix develop
-```
-
-This will set up an environment with:
-- alejandra (formatting)
-- commitizen (commit messages)
-- deadnix (dead code detection)
-- statix (linting)
-- Other useful git hooks
-
 ## Contributing
 
 Feel free to fork this repository and make your own changes. If you have any improvements or suggestions, please open an issue or submit a pull request.

flake.lock

@@ -6,7 +6,8 @@
           "devenv"
         ],
         "flake-compat": [
-          "devenv"
+          "devenv",
+          "flake-compat"
         ],
         "git-hooks": [
           "devenv",
@@ -18,11 +19,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748883665,
+        "lastModified": 1760971495,
-        "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
+        "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=",
         "owner": "cachix",
         "repo": "cachix",
-        "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
+        "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2",
         "type": "github"
       },
       "original": {
@@ -32,10 +33,32 @@
         "type": "github"
       }
     },
+    "claude-desktop": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1761825061,
+        "narHash": "sha256-AeRQZKr8+1XQer+WmbwtQaQBy05UDgeNNE7YZjNLuS0=",
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "rev": "791cd93cfe216ad06ab740f0fdc142119b1d6ec2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "type": "github"
+      }
+    },
     "devenv": {
       "inputs": {
         "cachix": "cachix",
         "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
         "git-hooks": "git-hooks",
         "nix": "nix",
         "nixpkgs": [
@@ -43,11 +66,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753300020,
+        "lastModified": 1761922975,
-        "narHash": "sha256-jRO3ELwG+FfYDBTDDhBJNjGuJjB4IgziuB1JWoz6l1A=",
+        "narHash": "sha256-j4EB5ku/gDm7h7W7A+k70RYj5nUiW/l9wQtXMJUD2hg=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "90266818017f7a6885edc75eb4a13b68862675ea",
+        "rev": "c9f0b47815a4895fadac87812de8a4de27e0ace1",
         "type": "github"
       },
       "original": {
@@ -59,11 +82,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
+        "lastModified": 1761588595,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -76,16 +99,15 @@
       "inputs": {
         "nixpkgs-lib": [
           "devenv",
-          "nix",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1733312601,
+        "lastModified": 1760948891,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
         "type": "github"
       },
       "original": {
@@ -112,6 +134,24 @@
         "type": "github"
       }
     },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -125,11 +165,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750779888,
+        "lastModified": 1760663237,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
         "type": "github"
       },
       "original": {
@@ -167,11 +207,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753373145,
+        "lastModified": 1761878381,
-        "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=",
+        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f",
+        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
         "type": "github"
       },
       "original": {
@@ -186,7 +226,10 @@
           "devenv",
           "flake-compat"
         ],
-        "flake-parts": "flake-parts",
+        "flake-parts": [
+          "devenv",
+          "flake-parts"
+        ],
         "git-hooks-nix": [
           "devenv",
           "git-hooks"
@@ -203,16 +246,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1752773918,
+        "lastModified": 1761648602,
-        "narHash": "sha256-dOi/M6yNeuJlj88exI+7k154z+hAhFcuB8tZktiW7rg=",
+        "narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=",
         "owner": "cachix",
         "repo": "nix",
-        "rev": "031c3cf42d2e9391eee373507d8c12e0f9606779",
+        "rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6",
         "type": "github"
       },
       "original": {
         "owner": "cachix",
-        "ref": "devenv-2.30",
+        "ref": "devenv-2.30.6",
         "repo": "nix",
         "type": "github"
       }
@@ -224,11 +267,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752985182,
+        "lastModified": 1761451000,
-        "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
+        "narHash": "sha256-qBJL6xEIjqYq9zOcG2vf2nPTeVBppNJzvO0LuQWMwMo=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
+        "rev": "ed6b293161b378a7368cda38659eb8d3d9a0dac4",
         "type": "github"
       },
       "original": {
@@ -239,11 +282,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753250450,
+        "lastModified": 1761907660,
-        "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
+        "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
+        "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
         "type": "github"
       },
       "original": {
@@ -255,7 +298,7 @@
     },
     "pumo-system-info": {
       "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -282,21 +325,22 @@
         ]
       },
       "locked": {
-        "lastModified": 1753335654,
+        "lastModified": 1761897390,
-        "narHash": "sha256-XpegouCfuzYNECDpH0+J3UEdearlYhRkRgOZ97l16E8=",
+        "narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",
         "ref": "refs/heads/master",
-        "rev": "f90bef2d994c88f075dbc2fcd81140e160351328",
+        "rev": "fc704e6b5d445899a1565955268c91942a4f263f",
-        "revCount": 654,
+        "revCount": 700,
         "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
       },
       "original": {
         "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
       }
     },
     "root": {
       "inputs": {
+        "claude-desktop": "claude-desktop",
         "devenv": "devenv",
         "home-manager": "home-manager",
         "nix-index-database": "nix-index-database",
@@ -335,11 +379,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752544651,
+        "lastModified": 1760998189,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
         "type": "github"
       },
       "original": {
@@ -363,6 +407,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "zen-browser": {
       "inputs": {
         "nixpkgs": [
@@ -370,11 +429,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752725859,
+        "lastModified": 1761883599,
-        "narHash": "sha256-kjpmc7Y164ajPdscAZLFQTtzXP5sEE2dR30NuHe5lQY=",
+        "narHash": "sha256-ntnfAAqSuXI/+uqXAWUjbY5arB7sRK9cpgFbHbCZgK8=",
         "owner": "youwen5",
         "repo": "zen-browser-flake",
-        "rev": "2276ddce91a949e0819d9e8c4b171c40ce770390",
+        "rev": "5355c0dc6857a2aa34b126fb4a93a454ed702f52",
         "type": "github"
       },
       "original": {

flake.nix

@@ -3,27 +3,29 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    devenv = {
+      url = "github:cachix/devenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    devenv = {
-      url = "github:cachix/devenv";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     pumo-system-info = {
       url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     quickshell = {
-      url = "git+https://git.outfoxxed.me/outfoxxed/quickshell";
+      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -32,6 +34,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    claude-desktop = {
+      url = "github:k3d3/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     zen-browser = {
       url = "github:youwen5/zen-browser-flake";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -81,77 +88,66 @@
       ];
     };
 
-    homeConfigurations = {
+    homeConfigurations = let
+      extraSpecialArgs = {inherit inputs outputs system;};
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in {
       "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        inherit extraSpecialArgs pkgs;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-          home-conf = "minimal";
-        };
         modules = [
-          ./users/phundrak/alys.nix
+          ./users/phundrak/host/alys.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        inherit extraSpecialArgs pkgs;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-          home-conf = "fullHome";
-        };
         modules = [
-          ./users/phundrak/marpa.nix
+          ./users/phundrak/host/marpa.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        inherit extraSpecialArgs pkgs;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-          home-conf = "fullHome";
-        };
         modules = [
-          ./users/phundrak/gampo.nix
+          ./users/phundrak/host/gampo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        inherit extraSpecialArgs pkgs;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-          home-conf = "minimal";
-        };
         modules = [
-          ./users/phundrak/tilo.nix
+          ./users/phundrak/host/tilo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
     };
 
-    nixosConfigurations = {
+    nixosConfigurations = let
+      specialArgs = {inherit inputs outputs;};
+    in {
       alys = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/alys/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
       gampo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/gampo/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
       marpa = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/marpa/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
       tilo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/tilo/configuration.nix
           inputs.sops-nix.nixosModules.sops

hosts/alys/configuration.nix

@@ -1,64 +1,41 @@
-{
+{inputs, ...}: {
-  pkgs,
-  inputs,
-  ...
-}: {
   imports = [
     ./hardware-configuration.nix
-    ./host.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
+    ../../system
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
   ];
 
-  zramSwap.enable = true;
+  mySystem = {
-
-  # networking.domain = "phundrak.com";
-  system = {
-    amdgpu.enable = false;
     boot = {
-      kernel = {
+      kernel.hardened = true;
-        hardened = true;
-        cpuVendor = "amd";
-      };
       systemd-boot = false;
-      zfs.enable = false;
+      zram = {
+        enable = true;
+        memoryMax = 512;
+      };
     };
+    dev.docker.enable = true;
     networking = {
       hostname = "alys";
       domain = "phundrak.com";
       id = "41157110";
-      firewall.openPorts = [
-        22
-      ];
     };
-    sound.enable = false;
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
+    };
+    services = {
+      endlessh.enable = true;
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+    };
     users = {
       root.disablePassword = true;
-      phundrak = true;
+      phundrak.enable = true;
     };
   };
-
-  modules = {
-    ssh = {
-      enable = true;
-      allowedUsers = ["phundrak"];
-      passwordAuthentication = false;
-    };
-    endlessh.enable = false;
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
-
-  # networking.hostName = "alys";
-  # users.users.root.openssh.authorizedKeys.keys = [
-  #   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+b7BE/gHrHVkqNVfHtp2r4OCUDdohst8hb3Bz5tYtx3gvXJQCB1rFc2hgQJf8FsVyQbidS64lnhU1rUIEbFhv7itT5FGGUnfJEYs64W30wKsnPSb5WXdFXzrNi8za48i2oNl9JA9Fj9k6isyvkTup89hB+ELbXIcfz3bM93WaAt2dIgKijXaAMAAA+tHhgWvlrHlvGlU9/KxY3ZOQSoEboPXd7TDyOf1672eAibYyb5h1HIewYZ+xv1X4dxx/c9Arh4K0s8scuB7XTQQkEbRUEYKD2YXKN83Z09jfMlMYuBAKKO8zU4CM2KTbL7kEVgNc/ArY+uCAakmC5+eS7LxMuOt86+Bi4gXTJ6o6dbfUbCGiq751ni8pg44YSfwYiI05vvZ08eIyNkowumD+X4GRW4tu0I3qK8TI7exeEeoQIwlSfLXlYHEdNB8Q3feLyhHMRkxXgUskbXwWIBexLzJyY40tyqQplZWbYGrUEmjxZ7FWmaV+o8ZjnU2GfJ8JoWyCnEYfRc6Z2ILdXNDRzZ9qYOwefMHtuaYaYYximL+zdVVrm4EZuOetmaJ6zblk4ebU3GZjYykB8DmCDFDZO9koKwzPazLKQl0OWzmQqgxVNg7Mg1NZbuRQgVAhKPelnqejaXbf2/IHAYBn5LDR1Jew5+srlstM9XuYG2whEOx84w== Lucien Cartier-Tilet <lucien@phundrak.com>"
-  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com"
-  # ];
   system.stateVersion = "23.11";
 }

hosts/alys/host.nix

@@ -1,3 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [neofetch vim emacs];
-}

hosts/gampo/configuration.nix

@@ -7,55 +7,71 @@
   imports = [
     inputs.sops-nix.nixosModules.sops
     ./hardware-configuration.nix
-    ./services
+    ../../system
-    ../../modules/opentablet.nix
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
   ];
 
+  mySystem = {
+    boot = {
+      plymouth.enable = true;
+      kernel = {
+        cpuVendor = "intel";
+        package = pkgs.linuxPackages;
+        modules = ["i915"];
+      };
+      systemd-boot = true;
+    };
+    desktop = {
+      hyprland.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
+      };
+    };
+    dev.docker = {
+      enable = true;
+      podman.enable = true;
+      autoprune.enable = true;
+    };
+    hardware = {
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      ibmTrackpoint.disable = true;
+      opentablet.enable = true;
+      sound.enable = true;
+    };
+    misc.keymap = "fr-bepo";
+    networking = {
+      hostname = "gampo";
+      id = "0630b33f";
+      hostFiles = [config.sops.secrets.extraHosts.path];
+    };
+    packages = {
+      appimage.enable = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      ssh.enable = true;
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
   sops.secrets.extraHosts = {
     inherit (config.users.users.root) group;
     owner = config.users.users.phundrak.name;
     mode = "0440";
   };
 
-  boot.initrd.kernelModules = ["i915"];
-
-  system = {
-    boot.plymouth.enable = true;
-    docker = {
-      enable = true;
-      autoprune.enable = true;
-      podman.enable = true;
-    };
-    networking = {
-      hostname = "gampo";
-      id = "0630b33f";
-      hostFiles = [config.sops.secrets.extraHosts.path];
-    };
-    sound.enable = true;
-  };
-
-  modules = {
-    appimage.enable = true;
-    hyprland.enable = true;
-  };
-
   security.rtkit.enable = true;
 
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    curl
-    openssl
-    wget
-  ];
-
-  nix.settings.trusted-users = ["root" "phundrak"];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database
   # versions on your system were taken. It‘s perfectly fine and

hosts/gampo/services/default.nix

@@ -1,15 +0,0 @@
-{
-  imports = [
-    ./gnome.nix
-  ];
-
-  services = {
-    # Enable CUPS to print documents.
-    printing.enable = true;
-    openssh.enable = true;
-    fwupd.enable = true;
-    udev.extraRules = ''
-      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
-    '';
-  };
-}

hosts/gampo/services/gnome.nix

@@ -1,11 +0,0 @@
-{
-  services.xserver = {
-    enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-    xkb = {
-      layout = "fr";
-      variant = "bepo";
-    };
-  };
-}

hosts/marpa/configuration.nix

@@ -1,42 +1,52 @@
 {
   config,
-  pkgs,
   inputs,
   ...
 }: {
   imports = [
     inputs.sops-nix.nixosModules.sops
-    ./system/hardware-configuration.nix
+    ./hardware-configuration.nix
-    ./services
+    ../../system
-    ../../modules/opentablet.nix
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
   ];
 
-  sops.secrets.extraHosts = {
+  mySystem = {
-    inherit (config.users.users.root) group;
+    boot = {
-    owner = config.users.users.phundrak.name;
+      extraModprobeConfig = ''
-    mode = "0440";
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
-  };
+      '';
-
+      plymouth.enable = true;
-  security.polkit.enable = true;
+      kernel.cpuVendor = "amd";
-
+      systemd-boot = true;
-  fileSystems."/games" = {
-    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
-    fsType = "ext4";
-  };
-
-  system = {
-    amdgpu.enable = true;
-    boot.plymouth.enable = true;
-    docker = {
-      enable = true;
-      podman.enable = true;
-      autoprune.enable = true;
     };
+    desktop = {
+      hyprland.enable = true;
+      niri.enable = true;
+      waydroid.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
+      };
+    };
+    dev = {
+      docker = {
+        enable = true;
+        podman.enable = true;
+        autoprune.enable = true;
+      };
+      qemu.enable = true;
+    };
+    hardware = {
+      amdgpu.enable = true;
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      opentablet.enable = true;
+      sound = {
+        enable = true;
+        jack = true;
+        scarlett.enable = true;
+      };
+    };
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "marpa";
       id = "7EA4A111";
@@ -49,34 +59,46 @@
         }
       ];
     };
-    sound = {
+    packages = {
-      enable = true;
+      appimage.enable = true;
-      jack = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      printing.enable = true;
+      ssh.enable = true;
+      sunshine = {
+        enable = true;
+        autostart = true;
+      };
+      languagetool.enable = true;
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
     };
   };
 
-  modules = {
+  sops.secrets.extraHosts = {
-    appimage.enable = true;
+    inherit (config.users.users.root) group;
-    hyprland.enable = true;
+    owner = config.users.users.phundrak.name;
+    mode = "0440";
   };
 
-  security.rtkit.enable = true;
+  security = {
+    polkit.enable = true;
+    rtkit.enable = true;
+  };
 
-  nix.settings.trusted-users = ["root" "phundrak"];
+  fileSystems."/games" = {
-
+    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
-  environment.systemPackages = with pkgs; [
+    fsType = "ext4";
-    clinfo # AMD
+  };
-    curl
-    openssl
-    wget
-    alsa-scarlett-gui
-  ];
-
-  boot.extraModprobeConfig = ''
-    options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
-  '';
-
-  programs.nix-ld.enable = true;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/marpa/services/default.nix

@@ -1,25 +1,24 @@
 {
-  imports = [
+  # imports = [
-    ./logind.nix
+  #   ./logind.nix
-    ../../../modules/ssh.nix
+  #   ../../../system
-    ../../../modules/sunshine.nix
+  # ];
-    ../../../modules/xserver.nix
+  # imports = [
-  ];
+  #   ./logind.nix
+  #   ../../../modules/ssh.nix
+  #   ../../../modules/sunshine.nix
+  # ];
 
-  modules = {
+  # modules = {
-    sunshine = {
+  #   sunshine = {
-      enable = true;
+  #     enable = true;
-      autostart = true;
+  #     autostart = true;
-    };
+  #   };
-    xserver = {
+  # };
-      amdgpu.enable = true;
+  # services = {
-      de = "gnome";
+  #   blueman.enable = true;
-    };
+  #   fwupd.enable = true;
-  };
+  #   printing.enable = true;
-  services = {
+  #   openssh.enable = true;
-    blueman.enable = true;
+  # };
-    fwupd.enable = true;
-    printing.enable = true;
-    openssh.enable = true;
-  };
 }

hosts/tilo/configuration.nix

@@ -1,24 +1,15 @@
 # Edit this configuration file to define what should be installed on your
 # system.  Help is available in the configuration.nix(5) man page and in
 # the NixOS manual (accessible by running ‘nixos-help’).
-{
+{inputs, ...}: {
-  pkgs,
-  inputs,
-  ...
-}: {
   imports = [
     ./hardware-configuration.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
+    ../../system
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
     ./services
   ];
 
-  system = {
+  mySystem = {
-    amdgpu.enable = false;
     boot = {
       kernel = {
         hardened = true;
@@ -29,46 +20,43 @@
         pools = ["tank"];
       };
     };
-    docker.enable = true;
+    dev.docker.enable = true;
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "tilo";
       id = "7110b33f";
       firewall = {
         openPorts = [
-          22 # SSH
           80 # HTTP
           443 # HTTPS
-          2222 # endlessh
           25565 # Minecraft
         ];
-        extraCommands = ''
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-        '';
       };
     };
-    nix.gc.automatic = true;
+    packages.nix = {
-    sound.enable = false;
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
+    };
+    services = {
+      calibre.enable = true;
+      endlessh.enable = true;
+      jellyfin.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/stacks/plex/plex-config";
+      };
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+    };
     users = {
       root.disablePassword = true;
-      phundrak = true;
+      phundrak.enable = true;
     };
-    console.keyMap = "fr-bepo";
   };
 
-  modules = {
-    ssh = {
-      enable = true;
-      allowedUsers = ["phundrak"];
-      passwordAuthentication = false;
-    };
-    endlessh.enable = true;
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

modules/amdgpu.nix

@@ -1,17 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.modules.amdgpu;
-in {
-  options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
-  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = [
-      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
-    ];
-    hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
-  };
-}

modules/opentablet.nix

@@ -1,6 +0,0 @@
-{
-  hardware.opentabletdriver = {
-    enable = true;
-    daemon.enable = true;
-  };
-}

modules/sunshine.nix

@@ -1,22 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.modules.sunshine;
-in {
-  options.modules.sunshine = {
-    enable = mkEnableOption "Enables moonlight";
-    autostart = mkEnableOption "Enables autostart";
-  };
-  config.services.sunshine = mkIf cfg.enable {
-    enable = true;
-    autoStart = cfg.autostart;
-    capSysAdmin = true;
-    openFirewall = true;
-    settings = {
-      sunshine_name = "marpa";
-    };
-  };
-}

modules/system.nix

@@ -1,183 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.system;
-in {
-  imports = [
-    ./amdgpu.nix
-    ./appimage.nix
-    ./boot.nix
-    ./locale.nix
-    ./networking.nix
-    ./nix.nix
-    ./plymouth.nix
-    ./sound.nix
-    ./users.nix
-    ./dev/docker.nix
-  ];
-
-  options.system = with types; {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
-    boot = {
-      kernel = {
-        package = mkOption {
-          type = raw;
-          default = pkgs.linuxPackages_zen;
-        };
-        modules = mkOption {
-          type = listOf str;
-          default = [];
-        };
-        cpuVendor = mkOption {
-          description = "Intel or AMD?";
-          type = enum ["intel" "amd"];
-          default = "amd";
-        };
-        v4l2loopback = mkOption {
-          description = "Enables v4l2loopback";
-          type = bool;
-          default = true;
-        };
-        hardened = mkEnableOption "Enables hardened Linux kernel";
-      };
-      systemd-boot = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Does the system use systemd-boot?";
-      };
-      plymouth.enable = mkEnableOption "Enables Plymouth";
-      zfs = {
-        enable = mkEnableOption "Enables ZFS";
-        pools = mkOption {
-          type = listOf str;
-          default = [];
-        };
-      };
-    };
-    docker = {
-      enable = mkEnableOption "Enable Docker";
-      podman.enable = mkEnableOption "Enable Podman rather than Docker";
-      nvidia.enable = mkEnableOption "Activate Nvidia support";
-      autoprune.enable = mkEnableOption "Enable autoprune";
-    };
-    networking = {
-      hostname = mkOption {
-        type = str;
-        example = "gampo";
-      };
-      id = mkOption {
-        type = str;
-        example = "deadb33f";
-      };
-      domain = mkOption {
-        type = nullOr str;
-        example = "phundrak.com";
-        default = null;
-      };
-      hostFiles = mkOption {
-        type = listOf path;
-        example = [/path/to/hostFile];
-        default = [];
-      };
-      firewall = {
-        openPorts = mkOption {
-          type = listOf int;
-          example = [22 80 443];
-          default = [];
-        };
-        openPortRanges = mkOption {
-          type = listOf (attrsOf port);
-          default = [];
-          example = [
-            {
-              from = 8080;
-              to = 8082;
-            }
-          ];
-          description = ''
-            A range of TCP and UDP ports on which incoming connections are
-            accepted.
-          '';
-        };
-        extraCommands = mkOption {
-          type = nullOr lines;
-          example = "iptables -A INPUTS -p icmp -j ACCEPT";
-          default = null;
-        };
-      };
-    };
-    nix = {
-      disableSandbox = mkOption {
-        type = bool;
-        default = false;
-      };
-      gc = {
-        automatic = mkOption {
-          type = bool;
-          default = true;
-        };
-        dates = mkOption {
-          type = str;
-          default = "Monday 01:00 UTC";
-        };
-        options = mkOption {
-          type = str;
-          default = "--delete-older-than 30d";
-        };
-      };
-    };
-    sound = {
-      enable = mkEnableOption "Whether to enable sounds with Pipewire";
-      alsa = mkOption {
-        type = bool;
-        example = true;
-        default = true;
-        description = "Whether to enable ALSA support with Pipewire";
-      };
-      jack = mkOption {
-        type = bool;
-        example = true;
-        default = false;
-        description = "Whether to enable JACK support with Pipewire";
-      };
-      package = mkOption {
-        type = package;
-        example = pkgs.pulseaudio;
-        default = pkgs.pulseaudioFull;
-        description = "Which base package to use for PulseAudio";
-      };
-    };
-    users = {
-      root.disablePassword = mkEnableOption "Disables root password";
-      phundrak = mkOption {
-        type = bool;
-        default = true;
-      };
-    };
-    timezone = mkOption {
-      type = str;
-      default = "Europe/Paris";
-    };
-    console.keyMap = mkOption {
-      type = str;
-      default = "fr";
-    };
-  };
-
-  config = {
-    boot.tmp.cleanOnBoot = true;
-    time.timeZone = cfg.timezone;
-    console.keyMap = cfg.console.keyMap;
-    modules = {
-      boot = {
-        inherit (cfg) amdgpu;
-        inherit (cfg.boot) kernel systemd-boot plymouth zfs;
-      };
-      inherit (cfg) sound users networking docker amdgpu;
-    };
-  };
-}

programs/flatpak.nix

@@ -1,3 +0,0 @@
-{
-  services.flatpak.enable = true;
-}

programs/steam.nix

@@ -1,21 +0,0 @@
-{pkgs, ...}: {
-  programs = {
-    steam = {
-      enable = true;
-      protontricks.enable = true;
-      remotePlay.openFirewall = true;
-      localNetworkGameTransfers.openFirewall = true;
-      gamescopeSession.enable = true;
-      extraCompatPackages = [pkgs.proton-ge-bin];
-    };
-    gamescope = {
-      enable = true;
-      capSysNice = true;
-      args = [
-        "--rt"
-        "--expose-wayland"
-      ];
-    };
-  };
-  hardware.steam-hardware.enable = true;
-}

secrets/secrets.yaml

@@ -1,10 +1,10 @@
-extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
+extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
 mopidy:
     spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
     bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
 emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
 ssh:
-    hosts: ENC[AES256_GCM,data:X/MrxeaqJnggoL9X8Y0+15A52FoihVRFp4vBZNr/QlJAKRn0B1eH6LI4wVzNokMbPUGlmYEElShy38ce+7EehL5HJcbwpEquvgQpLN2lZ4FhMLbW7yN3Q8DdZKqv4RNsm8vjuJPGwHGEVOhdvvnyM6IVpvLvMuH7MLJg4hLSArBzX7N0i5qg8piWI3pHqoPV4yO7kysSSF7D13HXen3fX+dbpBno/n0U+Xq8gcFyUKAqN6h65frkH2pyQcxIrCYcsFoJcU2jIzUY94xCSZZT7ocItzKD5YtVRki6F4Gh0/QgFeFcCn20Z0w8B7WvkjcR98FE+i5D9128uv2iiKEyeNaB4hc14dFCG4iZWW1KcSUojBnXHpFj22aByJaxjcFVg5BIVyde8L4hEinztWjNwbRzi1d9b34qeARcEzDQ3fwSNL/XFrlTvNZp565y/rPBLceksELewpWyX4Te3fuNOOw7hQqX3cjbGfw/FNuBVI/jnkEC+acGi23HnwmnDz87KCGZ738OAQ78F5awuoHnHhePvj0bUe3DTdW9Uj8amnaq1IeIu/BBcutewgez7ZHWamIWiOuVaZUISD6wrYk4pe5KqAZieUdotxbx7eihpw0ozEzQaNU3WBwQ8YxIyEnzcnsAihXCcgbm1/8FzWxghN3elA48UqVwaa4ZHK01l8+jD5yGjuCTCcpmSkVZBg8XrH7VWm+pZMCt3FRus3vFWq/iLsapIu6YSWG+mCYCjEK5hhbZs7ELxpdIzCw6Hiqm+P4nWVwA0ddbtSA7Rhu33CTKzdc0/KIQN78U0P+AsV0tVy7oLboIEZhpsj6XXYwQv5q9d0eJw/hibsqHdRb144Zn0hJDqxe/R+vCDk2iC3OYx5pG4oFbBG8V487QC67TG4Q+ztGCL8+W8+ZoVjK+atfA2LVHVWobFWNmqAE9CbVu8cbW3BhAtWrBZGgUMW5noFi64U411QEPS88odXtaqhUoN77rMhYCtVBxSSkGMWvwY2VZn6UvY8NZTExD5rJmDU9rRHmCNHq4WaAjxUg1rzwd4VO9CDnCf2gSeF466blpf2JEky8=,iv:0laLebvzVUMrKT30Jx/HaRS426PsWD3oFTesV4tnnDg=,tag:DApK5SSAriLib00FTz+jcg==,type:str]
+    hosts: ENC[AES256_GCM,data:Z+ODSCeKqt2ipgR9ZMV13kHZSZrwr7pY+kXM2Ej2Mc7WrBXoN25T+OWPJ6uf70yBGMID1faaWtbMUCjsp6gjqIVR7UH59yVfuKGDQIw5FSy3bdyvADITjASJMFIfO1xsu8iY0h18PdUBqNNYnt27c+3Bxn5SP0r6OCUC48SkSeCVhxtFIIMR4ZiVHZwQ2pD1GwLjmdUPPSpEJg5vpjFhFKB6Ab8z+qN5GaYMov2NKivMNVTBQUHpgmf58D6MI/AnjUbVsLuOmp0V3lhy8/qX33tgogpVv/RA6gAITVlAf9rGwaF+axZ0iy0T/gF7VJEGX6RUHbVUJoX1j8szDq/P4oqczFubrZdmRIbutG4tEcnYXltMu2NELFP+bl/G4y1gIV2b+s0k+UQJXn4KaiyXbtQXvOJ91+s7iMyTDi4QQd07l7nFqGGgzoKTYVfQK0e5ilEofRQrXwAb+p6Pwkvth8ktONFgD0sQHL75a8lS//8Mzvqopy5Vp0FQJ+OSW89Eeu2wrw9yNP2yuMDX9tvgDuZV4hgvDa9tTxvfGoMDXWARhSBt/F/a4ZkrNV9unjgEXbkrewezn1Jk+XWtAlussbTEXkKG87v2Q0V8zBa8gsB/5g514dIP6+UJdc3GEJzMLkQNcHYn9r3Ou8n+YgXD8zu5OnZXtNZ/x+J6NxH7tudiO5O0XctRwJQibidS2ONUhdkQGBt1JrAysGbNTuXC8Sn391rc11lsH+wIGpZg4zR+rdP4FWs68v/o9WtCJDCejnlyQ1DQ+avLc0aT4xxJZh8uM2iSsfi/TzRr9w0wVe2y3xAxsQMCfvhFcl9agfmAgGZcfVPCU9nc4dIfdGW1kTN7s3Izvy4mYaqd9mv0xxYARf7roJDGWie0VNxXQVt2o1tIQCqAhZ/bbgPG5VDyD15LGDI8BZCFaAOKlXn+beVMt6E1JJPlHa0vOwnbMVVKcUS/d5jA9nnb20Pwz4F3b532/ERmSkVlcZmCKqQOxo0YADb7Cm1fFBj6Eum0+F+jspg9QQmMjPPsb+NbMqnFd5DNDY+e95hr7tUEy4/yxiXiM0cu1w==,iv:I4TtUJdQFOVik5L26XHukxix0FCm/JNi6nVZg5qRMqs=,tag:vnO6DlUW5XnougyiJzwNdg==,type:str]
 sops:
     age:
         - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
@@ -61,7 +61,7 @@ sops:
             QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
             9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-06T19:20:04Z"
+    lastmodified: "2025-11-02T16:19:20Z"
-    mac: ENC[AES256_GCM,data:59Mu6RlGEXV7BsNsX0yIr/zUgl9gvk77o2moF4D7GgPwllSVFLRB8Y3LvE7+NXLIjLj19nrK6b99CiH08NmWhSBO37+xXU/eYQ/W2wIEVIxfmhVcF9ePIZPwVuegLZ707S8jZDOcYzPOQuURe9hhbxJJPgHzzPzYoh7yushYUME=,iv:h6DCciUZtRMZFGB7PMfg4xnOWxyKQS/vfnOG1tqVfrI=,tag:q65pnHbLcUG+Gxo7K3Ca1w==,type:str]
+    mac: ENC[AES256_GCM,data:2UFvzqhsR9OecqRX/n2O5wJ1fcdhetNE37Vj56rL6tRxT42uU8SKy7hxROS0LcrwKs59Km7P1oO/mYW6eyuLAZ7R5MAm18R5UYIYpKV8oevNUYMl0bsJkMnzl+nxz2i0ceg38rsioS9frK9a29hbJiV6Vr9yubHNdtZF4YqRmH0=,iv:Cx2nN4Gm0L+aWi6jbLuSuzhhzD8W5PzCLmJajyb/oEo=,tag:6wM1m8LB+7Rd/F9h62C4gg==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0

system/boot/boot.nix

@@ -5,10 +5,16 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot;
+  cfg = config.mySystem.boot;
 in {
-  options.modules.boot = {
+  options.mySystem.boot = {
-    amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+    extraModprobeConfig = mkOption {
+      type = types.lines;
+      default = "";
+      example = ''
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
+      '';
+    };
     kernel = {
       package = mkOption {
         type = types.raw;
@@ -45,7 +51,7 @@ in {
   };
 
   config.boot = {
-    initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
+    initrd.kernelModules = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
     loader = {
       systemd-boot.enable = cfg.systemd-boot;
       efi.canTouchEfiVariables = cfg.systemd-boot;

system/boot/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./boot.nix
+    ./plymouth.nix
+    ./zram.nix
+  ];
+}

system/boot/plymouth.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot.plymouth;
+  cfg = config.mySystem.boot.plymouth;
 in {
-  options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
+  options.mySystem.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
   config.boot = mkIf cfg.enable {
     plymouth = {
       inherit (cfg) enable;

system/boot/zram.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.boot.zram;
+in {
+  options.mySystem.boot.zram = {
+    enable = mkEnableOption "Enable ZRAM";
+    memoryMax = mkOption {
+      type = types.int;
+      example = "512";
+      description = "Maximum size allocated to ZRAM in MiB";
+    };
+  };
+  config.zramSwap = mkIf cfg.enable {
+    inherit (cfg) enable;
+    memoryMax = cfg.memoryMax * 1024 * 1024;
+  };
+}

system/default.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.misc;
+in {
+  imports = [
+    ./boot
+    ./desktop
+    ./dev
+    ./hardware
+    ./i18n
+    ./network
+    ./packages
+    ./security
+    ./services
+    ./users
+  ];
+
+  options.mySystem.misc = {
+    timezone = mkOption {
+      type = types.str;
+      default = "Europe/Paris";
+    };
+    keymap = mkOption {
+      type = types.str;
+      default = "fr";
+      example = "fr-bepo";
+      description = "Keymap to use in the TTY console";
+    };
+  };
+
+  config = {
+    boot.tmp.cleanOnBoot = true;
+    time.timeZone = cfg.timezone;
+    console.keyMap = cfg.keymap;
+  };
+}

system/desktop/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./hyprland.nix
+    ./niri.nix
+    ./waydroid.nix
+    ./xserver.nix
+  ];
+}

system/desktop/hyprland.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.mySystem.desktop.hyprland;
 in {
-  options.modules.hyprland.enable = mkEnableOption "Enables Hyprland";
+  options.mySystem.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
   config.programs.hyprland = mkIf cfg.enable {
     inherit (cfg) enable;
     withUWSM = true;

system/desktop/niri.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.desktop.niri;
+in {
+  options.mySystem.desktop.niri.enable = mkEnableOption "Enables Niri";
+  config.programs.niri = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/desktop/waydroid.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.desktop.waydroid;
+in {
+  options.mySystem.desktop.waydroid.enable = mkEnableOption "Enables Waydroid";
+  config = mkIf cfg.enable {
+    virtualisation.waydroid.enable = cfg.enable;
+    environment.systemPackages = [pkgs.waydroid-helper];
+  };
+}

system/desktop/xserver.nix

@@ -4,10 +4,10 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.xserver;
+  cfg = config.mySystem.desktop.xserver;
 in {
-  options.modules.xserver = {
+  options.mySystem.desktop.xserver = {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
+    enable = mkEnableOption "Enables xserver";
     de = mkOption {
       type = types.enum ["gnome" "kde"];
       default = "gnome";
@@ -15,7 +15,7 @@ in {
       description = "Which DE to enable";
     };
   };
-  config.services = {
+  config.services = mkIf cfg.enable {
     displayManager = {
       sddm.enable = mkIf (cfg.de == "kde") true;
       gdm.enable = mkIf (cfg.de == "gnome") true;
@@ -34,8 +34,8 @@ in {
     };
 
     xserver = {
-      enable = true;
+      inherit (cfg) enable;
-      videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
+      videoDrivers = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
       xkb = {
         layout = "fr";
         variant = "bepo_afnor";

system/dev/default.nix

@@ -0,0 +1,3 @@
+{
+  imports = [./docker.nix ./qemu.nix];
+}

system/dev/docker.nix

@@ -1,12 +1,13 @@
 {
   lib,
   config,
+  pkgs,
   ...
 }:
 with lib; let
-  cfg = config.modules.docker;
+  cfg = config.mySystem.dev.docker;
 in {
-  options.modules.docker = {
+  options.mySystem.dev.docker = {
     enable = mkEnableOption "Enable Docker";
     podman.enable = mkEnableOption "Enable Podman rather than Docker";
     nvidia.enable = mkEnableOption "Activate Nvidia support";
@@ -14,8 +15,12 @@ in {
   };
 
   config = {
-    virtualisation = {
+    environment.systemPackages = mkIf cfg.podman.enable [
-      docker = mkIf (cfg.enable && !cfg.podman.enable) {
+      pkgs.podman-desktop
+      pkgs.podman-compose
+    ];
+    virtualisation = mkIf cfg.enable {
+      docker = mkIf (!cfg.podman.enable) {
         enable = true;
         enableNvidia = cfg.nvidia.enable;
         autoPrune.enable = cfg.autoprune.enable;

system/dev/qemu.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.dev.qemu;
+in {
+  options.mySystem.dev.qemu = {
+    enable = mkEnableOption "Enable QEMU";
+    users = mkOption {
+      type = types.listOf types.str;
+      default = ["phundrak"];
+      example = ["user1" "user2"];
+    };
+  };
+  config = mkIf cfg.enable {
+    programs.virt-manager.enable = true;
+    users.groups.libvirtd.members = cfg.users;
+    virtualisation = {
+      libvirtd.enable = true;
+      spiceUSBRedirection.enable = true;
+    };
+    environment.systemPackages = with pkgs; [
+      qemu
+      quickemu
+      swtpm
+    ];
+    systemd.tmpfiles.rules = ["L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware"];
+    boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  };
+}

system/hardware/amdgpu.nix

@@ -0,0 +1,62 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.amdgpu;
+in {
+  options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+  config = mkIf cfg.enable {
+    hardware = {
+      graphics = {
+        enable = true;
+        enable32Bit = true;
+        extraPackages = with pkgs; [
+          mesa # Mesa drivers for AMD GPUs
+          rocmPackages.clr # common language runtime for ROCm
+          rocmPackages.clr.icd # ROCm ICD for OpenCL
+          rocmPackages.rocblas # ROCm BLAS library
+          rocmPackages.hipblas #
+          rocmPackages.rpp # High-performance computer vision library
+          nvtopPackages.amd # GPU utilization monitoring
+        ];
+      };
+      amdgpu = {
+        initrd.enable = true;
+        opencl.enable = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      clinfo
+      amdgpu_top
+      nvtopPackages.amd
+    ];
+    systemd = {
+      packages = with pkgs; [lact];
+      services.lactd.wantedBy = ["multi-user.target"];
+      tmpfiles.rules = let
+        rocmEnv = pkgs.symlinkJoin {
+          name = "rocm-combined";
+          paths = with pkgs.rocmPackages; [
+            clr
+            clr.icd
+            rocblas
+            hipblas
+            rpp
+          ];
+        };
+      in [
+        "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+      ];
+    };
+    environment.variables = {
+      ROCM_PATH = "/opt/rocm"; # Set ROCm path
+      HIP_VISIBLE_DEVICES = "1"; # Use only the eGPU (ID 1)
+      ROCM_VISIBLE_DEVICES = "1"; # Optional: ROCm equivalent for visibility
+      # LD_LIBRARY_PATH = "/opt/rocm/lib";         # Add ROCm libraries
+      HSA_OVERRIDE_GFX_VERSION = "10.3.0"; # Set GFX version override
+    };
+  };
+}

system/hardware/bluetooth.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.bluetooth;
+in {
+  options.mySystem.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
+  config = mkIf cfg.enable {
+    hardware.bluetooth.enable = cfg.enable;
+    services.blueman.enable = cfg.enable;
+  };
+}

system/hardware/corne.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.corne;
+in {
+  options.mySystem.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
+  config.services.udev = mkIf cfg.allowHidAccess {
+    extraRules = ''
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    '';
+  };
+}

system/hardware/default.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./amdgpu.nix
+    ./bluetooth.nix
+    ./corne.nix
+    ./ibm-trackpoint.nix
+    ./opentablet.nix
+    ./sound.nix
+  ];
+}

system/hardware/ibm-trackpoint.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.ibmTrackpoint;
+in {
+  options.mySystem.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
+  config.services.udev = mkIf cfg.disable {
+    extraRules = ''
+      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
+    '';
+  };
+}

system/hardware/opentablet.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.opentablet;
+in {
+  options.mySystem.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
+  config.hardware.opentabletdriver = mkIf cfg.enable {
+    inherit (cfg) enable;
+    daemon.enable = true;
+  };
+}

system/hardware/sound.nix

@@ -5,10 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.sound;
+  cfg = config.mySystem.hardware.sound;
 in {
-  options.modules.sound = {
+  options.mySystem.hardware.sound = {
     enable = mkEnableOption "Whether to enable sounds with Pipewire";
+    scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
     alsa = mkOption {
       type = types.bool;
       example = true;
@@ -29,12 +30,18 @@ in {
     };
   };
 
-  config.services.pipewire = mkIf cfg.enable {
+  config = {
-    enable = true;
+    environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
-    alsa = mkIf cfg.alsa {
+    services.pipewire = mkIf cfg.enable {
-      enable = mkDefault true;
+      enable = true;
-      support32Bit = mkDefault true;
+      alsa = mkIf cfg.alsa {
+        enable = mkDefault true;
+        support32Bit = mkDefault true;
+      };
+      jack.enable = mkDefault cfg.jack;
+    };
+    programs.noisetorch = mkIf cfg.enable {
+      inherit (cfg) enable;
     };
-    jack.enable = mkDefault cfg.jack;
   };
 }

system/i18n/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./locale.nix
+  ];
+}

system/network/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./networking.nix
+    ./tailscale.nix
+  ];
+}

system/network/networking.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.networking;
+  cfg = config.mySystem.networking;
 in {
-  options.modules.networking = with types; {
+  options.mySystem.networking = with types; {
     hostname = mkOption {
       type = str;
       example = "gampo";

system/network/tailscale.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.network.tailscale;
+in {
+  options.mySystem.network.tailscale = {
+    enable = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+  config.services.tailscale.enable = cfg.enable;
+}

system/packages/appimage.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.appimage;
+  cfg = config.mySystem.packages.appimage;
 in {
-  options.modules.appimage.enable = mkEnableOption "Enables AppImage support";
+  options.mySystem.packages.appimage.enable = mkEnableOption "Enables AppImage support";
   config.programs.appimage = mkIf cfg.enable {
     inherit (cfg) enable;
     binfmt = true;

system/packages/default.nix

@@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  imports = [
+    ./appimage.nix
+    ./flatpak.nix
+    ./nano.nix
+    ./nix.nix
+    ./steam.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    curl
+    openssl
+    wget
+  ];
+}

system/packages/flatpak.nix

@@ -0,0 +1,22 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.packages.flatpak;
+in {
+  options.mySystem.packages.flatpak = {
+    enable = mkEnableOption "Enable Flatpak support";
+    builder.enable = mkEnableOption "Enable Flatpak builder";
+  };
+  config = {
+    services.flatpak = mkIf cfg.enable {
+      inherit (cfg) enable;
+    };
+    environment.systemPackages = mkIf cfg.builder.enable [
+      pkgs.flatpak-buildR
+    ];
+  };
+}

system/packages/nix.nix

@@ -4,10 +4,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nix;
+  cfg = config.mySystem.packages.nix;
 in {
-  options.modules.nix = {
+  options.mySystem.packages.nix = {
-    disableSandbox = mkEnableOption "Disables Nix sandbox";
+    allowUnfree = mkEnableOption "Enable unfree packages";
+    disableSandbox = mkEnableOption "Disable Nix sandbox";
     gc = {
       automatic = mkOption {
         type = types.bool;
@@ -22,17 +23,27 @@ in {
         default = "--delete-older-than 30d";
       };
     };
+    nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
+    trusted-users = mkOption {
+      type = types.listOf types.str;
+      example = ["alice" "bob"];
+      default = [];
+    };
   };
 
   config = {
     nix = {
+      inherit (cfg) gc;
       settings = {
+        inherit (cfg) trusted-users;
         sandbox = cfg.disableSandbox;
         experimental-features = ["nix-command" "flakes"];
         auto-optimise-store = true;
       };
-      inherit (cfg) gc;
     };
     nixpkgs.config.allowUnfree = true;
+    programs = {
+      inherit (cfg) nix-ld;
+    };
   };
 }

system/packages/steam.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.programs.steam;
+in {
+  options.mySystem.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
+  config = mkIf cfg.enable {
+    programs = {
+      steam = {
+        inherit (cfg) enable;
+        protontricks.enable = true;
+        remotePlay.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+        gamescopeSession.enable = true;
+        extraCompatPackages = [pkgs.proton-ge-bin];
+      };
+      gamescope = {
+        enable = true;
+        capSysNice = true;
+        args = [
+          "--rt"
+          "--expose-wayland"
+        ];
+      };
+    };
+    hardware.steam-hardware = {
+      inherit (cfg) enable;
+    };
+  };
+}

system/security/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./sops.nix
+  ];
+}

system/security/sops.nix

@@ -1,6 +1,6 @@
 {
   sops = {
-    defaultSopsFile = ../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
     age = {
       # automatically import user SSH keys as age keys

system/services/calibre.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.calibre;
+in {
+  options.mySystem.services.calibre = {
+    enable = mkEnableOption "Enable Calibre Web";
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "users";
+    };
+    dataDir = mkOption {
+      type = types.str;
+      example = "/tank/calibre/conf";
+      default = "/tank/calibre/conf";
+    };
+    library = mkOption {
+      type = types.str;
+      example = "/tank/calibre/library";
+      default = "/tank/calibre/library";
+    };
+  };
+  config.services.calibre-web = mkIf cfg.enable {
+    inherit (cfg) enable user dataDir group;
+    options = {
+      calibreLibrary = cfg.library;
+      enableBookConversion = true;
+      enableBookUploading = true;
+    };
+  };
+}

system/services/default.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ./calibre.nix
+    ./endlessh.nix
+    ./fwupd.nix
+    ./jellyfin.nix
+    ./languagetool.nix
+    ./plex.nix
+    ./printing.nix
+    ./ssh.nix
+    ./sunshine.nix
+  ];
+}

system/services/endlessh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.endlessh;
+  cfg = config.mySystem.services.endlessh;
 in {
-  options.modules.endlessh = {
+  options.mySystem.services.endlessh = {
     enable = mkEnableOption "Enables endlessh.";
     port = mkOption {
       type = types.port;

system/services/fwupd.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.fwupd;
+in {
+  options.mySystem.services.fwupd.enable = mkEnableOption "Enable fwupd";
+  config.services.fwupd = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/jellyfin.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.jellyfin;
+in {
+  options.mySystem.services.jellyfin = {
+    enable = mkEnableOption "Enable Jellyfin";
+    dataDir = mkOption {
+      type = types.str;
+      default = "/tank/jellyfin/data";
+      example = "/tank/jellyfin/data";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "users";
+    };
+  };
+  config.services.jellyfin = mkIf cfg.enable {
+    inherit (cfg) enable group user dataDir;
+  };
+}

system/services/languagetool.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.languagetool;
+in {
+  options.mySystem.services.languagetool = {
+    enable = mkEnableOption "Enables languagetool";
+    port = mkOption {
+      type = types.port;
+      default = 8081;
+      example = 80;
+    };
+  };
+  config.services.languagetool = mkIf cfg.enable {
+    inherit (cfg) enable port;
+  };
+}

system/services/plex.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.plex;
+in {
+  options.mySystem.services.plex = {
+    enable = mkEnableOption "Enable Plex";
+    group = mkOption {
+      type = types.str;
+      default = "users";
+      example = "users";
+      description = "Group under which Plex runs";
+    };
+    dataDir = mkOption {
+      type = types.str;
+      example = "/tank/plex-config";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+  };
+  config = {
+    services.plex = mkIf cfg.enable {
+      inherit (cfg) enable user group dataDir;
+      openFirewall = cfg.enable;
+    };
+    boot.kernel.sysctl = {
+      "kernel.unprivileged_userns_clone" = 1;
+    };
+  };
+}

system/services/printing.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.printing;
+in {
+  options.mySystem.services.printing.enable = mkEnableOption "Enable printing with CUPS";
+  config.services.printing = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/ssh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.ssh;
+  cfg = config.mySystem.services.ssh;
 in {
-  options.modules.ssh = {
+  options.mySystem.services.ssh = {
     enable = mkEnableOption "Enables OpenSSH";
     allowedUsers = mkOption {
       type = types.listOf types.str;
@@ -20,7 +20,7 @@ in {
     };
   };
   config.services.openssh = mkIf cfg.enable {
-    enable = true;
+    inherit (cfg) enable;
     settings = {
       AllowUsers = cfg.allowedUsers;
       PermitRootLogin = "no";

system/services/sunshine.nix

@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.sunshine;
+in {
+  options.mySystem.services.sunshine = {
+    enable = mkEnableOption "Enables Sunshine";
+    autostart = mkEnableOption "Enables autostart";
+  };
+  config.services.sunshine = mkIf cfg.enable {
+    inherit (cfg) enable;
+    autoStart = cfg.autostart;
+    capSysAdmin = true;
+    openFirewall = true;
+    settings.sunshine_name = config.mySystem.networking.hostname;
+    applications.apps = [
+      {
+        name = "Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Low Res Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Steam Big Picture";
+        detached = ["setsid steam steam://open/bigpicture"];
+        prep-cmd = {
+          do = "";
+          undo = "setsid steam steam://close/bigpicture";
+        };
+        image-path = "steam.png";
+      }
+      {
+        name = "OpenTTD";
+        cmd = "openttd";
+        image-path = "/home/phundrak/.config/sunshine/covers/igdb_18074.png";
+      }
+      {
+        name = "OpenMW";
+        cmd = "openmw";
+      }
+    ];
+  };
+}

system/users/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./phundrak.nix
+  ];
+}

system/users/phundrak.nix

@@ -5,14 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.users;
+  cfg = config.mySystem.users;
 in {
-  options.modules.users = {
+  options.mySystem.users = {
     root.disablePassword = mkEnableOption "Disables root password";
-    phundrak = mkOption {
+    phundrak.enable = mkEnableOption "Enables users phundrak";
-      type = types.bool;
-      default = true;
-    };
   };
 
   config = {
@@ -21,12 +18,12 @@ in {
         hashedPassword = mkIf cfg.root.disablePassword "*";
         shell = pkgs.zsh;
       };
-      phundrak = {
+      phundrak = mkIf cfg.phundrak.enable {
         isNormalUser = true;
         description = "Lucien Cartier-Tilet";
         extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
         shell = pkgs.zsh;
-        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ./keys;
+        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
       };
     };
     programs.zsh.enable = true;

users/modules/cli/bat.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.bat;
+  cfg = config.home.cli.bat;
 in {
-  options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
+  options.home.cli.bat.extras = mkEnableOption "Enables extra packages for bat.";
   config.programs.bat = {
     enable = true;
     config = {
@@ -19,7 +19,6 @@ in {
     extraPackages = mkIf cfg.extras (with pkgs.bat-extras; [
       batman
       batpipe
-      batgrep
     ]);
   };
 }

users/modules/cli/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli;
+in {
+  imports = [
+    ./bat.nix
+    ./btop.nix
+    ./direnv.nix
+    ./eza.nix
+    ./mu.nix
+    ./nh.nix
+    ./nix-index.nix
+    ./scripts
+    ./tealdeer.nix
+    ./yt-dlp.nix
+  ];
+
+  options.home.cli.fullDesktop = mkEnableOption "Enable all optional modules and options";
+  config.home.cli = {
+    bat.extras = mkDefault cfg.fullDesktop;
+    mu.enable = mkDefault cfg.fullDesktop;
+    scripts.enable = mkDefault cfg.fullDesktop;
+    yt-dlp.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/cli/mu.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.mu;
+in {
+  options.home.cli.mu.enable = mkEnableOption "Enable mu";
+  config.programs.mu.enable = cfg.enable;
+}

users/modules/cli/nh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nh;
+  cfg = config.home.cli.nh;
 in {
-  options.modules.nh.flake = mkOption {
+  options.home.cli.nh.flake = mkOption {
     type = types.path;
     default = "/home/phundrak/.dotfiles";
     example = "/etc/nixos";

users/modules/cli/nix-index.nix

@@ -0,0 +1,10 @@
+{inputs, ...}: {
+  imports = [
+    inputs.nix-index-database.homeModules.nix-index
+  ];
+
+  programs = {
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
+  };
+}

users/modules/cli/scripts/askpass.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}:
+pkgs.writeShellScriptBin "askpass" ''
+  ${pkgs.rofi}/bin/rofi -dmenu -password -no-fixed-num-lines -p $(printf \"$*\" | sed 's/://')''

users/modules/cli/scripts/default.nix

@@ -0,0 +1,15 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.scripts;
+  files = filesystem.listFilesRecursive ./.;
+  scriptFiles = builtins.filter (path: baseNameOf path != "default.nix") files;
+  scripts = map (file: (import file {inherit pkgs config;})) scriptFiles;
+in {
+  options.home.cli.scripts.enable = mkEnableOption "Add custom scripts to PATH";
+  config.home.packages = mkIf cfg.enable scripts;
+}

users/modules/cli/scripts/launch-with-emacsclient.nix

@@ -1,10 +1,10 @@
 {
   pkgs,
-  emacsPackage,
+  config,
   ...
 }:
 pkgs.writeShellScriptBin "launch-with-emacsclient" ''
   filename="$1"
   line="$2"
   column="$3"
-  ${emacsPackage}/bin/emacsclient +$line:$column "$filename"''
+  ${config.home.dev.editors.emacs.package}/bin/emacsclient +$line:$column "$filename"''

users/modules/cli/scripts/ytplay.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}:
 pkgs.writeShellScriptBin "ytplay" ''
-  URL=$(${pkgs.wofi}/bin/wofi --dmenu -i -p "Video URL")
+  URL=$(rofi -dmenu -i -p "Video URL")
   if [ -z "$URL" ]; then
       echo "You need to provide a URL"
       exit 1
@@ -9,7 +9,7 @@ pkgs.writeShellScriptBin "ytplay" ''
                           grep -E "webm.*[0-9]+x[0-9]" | \
                           awk '{print $3 " " $1}' | \
                           sort -gu | \
-                          ${pkgs.wofi}/bin/wofi --dmenu -i -p "Resolution")
+                          rofi -dmenu -i -p "Resolution")
   mapfile -t RESOLUTION <<< "$RESOLUTION_CHOICE"
   RESOLUTION_CODE=''${RESOLUTION[0]}
   ${pkgs.mpv}/bin/mpv --ytdl-format="''${RESOLUTION_CODE}+bestaudio/best" "$URL"

users/modules/cli/yt-dlp.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.yt-dlp;
+in {
+  options.home.cli.yt-dlp.enable = mkEnableOption "Enable yt-dlp";
+  config.programs.yt-dlp = mkIf cfg.enable {
+    inherit (cfg) enable;
+    settings = {
+      embed-thumbnail = true;
+      embed-subs = true;
+      sub-langs = "all";
+    };
+  };
+}

users/modules/default.nix

@@ -1,17 +1,29 @@
 {
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home;
+in {
   imports = [
     ./basics.nix
-    ./bat.nix
+    ./cli
-    ./btop.nix
+    ./desktop
-    ./direnv.nix
+    ./dev
-    ./eza.nix
+    ./media
-    ./gpg.nix
+    ./services
-    ./mopidy.nix
+    ./security
-    ./nh.nix
-    ./nix-index.nix
     ./shell
-    ./ssh.nix
-    ./tealdeer.nix
-    ./vcs
   ];
+
+  options.home.fullDesktop = mkEnableOption "Enable most modules";
+  config.home = {
+    cli.fullDesktop = mkDefault cfg.fullDesktop;
+    desktop.fullDesktop = mkDefault cfg.fullDesktop;
+    dev.fullDesktop = mkDefault cfg.fullDesktop;
+    media.fullDesktop = mkDefault cfg.fullDesktop;
+    security.fullDesktop = mkDefault cfg.fullDesktop;
+    services.fullDesktop = mkDefault cfg.fullDesktop;
+  };
 }

users/modules/desktop/default.nix

@@ -0,0 +1,34 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop;
+in {
+  imports = [
+    ./eww.nix
+    ./hyprland.nix
+    ./kdeconnect.nix
+    ./kitty.nix
+    ./obs.nix
+    ./qt.nix
+    ./rofi
+    ./swaync.nix
+    ./waybar.nix
+    ./wlr-which-key.nix
+    ./wlsunset.nix
+  ];
+
+  options.home.desktop.fullDesktop = mkEnableOption "Enable options for graphical environments";
+  config.home.desktop = {
+    eww.enable = mkDefault cfg.fullDesktop;
+    hyprland.enable = mkDefault cfg.fullDesktop;
+    kdeconnect.enable = mkDefault cfg.fullDesktop;
+    kitty.enable = mkDefault cfg.fullDesktop;
+    obs.enable = mkDefault cfg.fullDesktop;
+    qt.enable = mkDefault cfg.fullDesktop;
+    rofi.enable = mkDefault cfg.fullDesktop;
+    wlr-which-key.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/desktop/eww.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.eww;
+in {
+  options.home.desktop.eww.enable = mkEnableOption "Enable eww support";
+  config.programs.eww = mkIf cfg.enable {
+    inherit (cfg) enable;
+    configDir = ./eww-config;
+  };
+}

users/modules/desktop/hyprland.nix

@@ -5,42 +5,45 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.home.desktop.hyprland;
-  rofi-emoji = import ../scripts/rofi-emoji.nix {inherit pkgs;};
+  laptops = ["gampo"];
 in {
   imports = [
     ./swaync.nix
     ./waybar.nix
     ./wlsunset.nix
+    ./hyprpaper.nix
   ];
 
-  options.modules.hyprland = {
+  options.home.desktop.hyprland = {
     enable = mkEnableOption "Enables Hyprland";
-    swaync = mkEnableOption "Enables swaync";
     emacsPkg = mkOption {
       type = types.package;
-      default = pkgs.emacs;
+      default = config.home.dev.editors.emacs.package or pkgs.emacs;
+      example = pkgs.emacs;
     };
     host = mkOption {
-      type = types.enum ["tilo" "gampo"];
+      type = types.enum ["gampo" "marpa"];
-      default = "tilo";
       description = ''
         Which host is Hyprland running on.
 
-        This helps determine the monitors layout.
+        This helps determine the monitors layout and enable battery support in waybar.
       '';
     };
-    waybar = {
-      enable = mkEnableOption "Enables waybar.";
-      battery = mkEnableOption "Enables battery support.";
-      style = mkOption {
-        type = types.path;
-        example = ./style.css;
-      };
-    };
   };
 
   config = mkIf cfg.enable {
+    home.desktop = {
+      hyprpaper.enable = true;
+      rofi.enable = mkDefault true;
+      swaync.enable = mkDefault true;
+      waybar = {
+        enable = mkDefault true;
+        battery = mkDefault (builtins.elem cfg.host laptops);
+      };
+      wlsunset.enable = mkDefault true;
+    };
+    services.blueman-applet.enable = true;
     wayland.windowManager.hyprland = {
       enable = true;
       xwayland.enable = true;
@@ -58,9 +61,11 @@ in {
         };
         monitor =
           {
-            "tilo" = [
+            "marpa" = [
               "DP-1, 3440x1440@144, 1080x550, 1"
               "DP-2, 2560x1080@60, 0x0, 1, transform, 1"
+              # "DP-2, 1366x768@60, 0x0, 1"
+              # "DP-2, 1829x1143@60, 0x0, 1"
             ];
             "gampo" = [];
           }."${cfg.host}";
@@ -109,11 +114,11 @@ in {
         $right = r
         $up = s
         $down = t
-        $menu = ${pkgs.wofi}/bin/wofi --show drun
+        $menu = rofi -combi-modi drun,calc -show combi
 
         bind = SUPER, Return, exec, ${pkgs.kitty}/bin/kitty ${pkgs.tmux}/bin/tmux
-        bind = SUPER, Space, submap, leader
+        bind = SUPER, Space,  exec, ${pkgs.wlr-which-key}/bin/wlr-which-key
-        bind = , Print, submap, screenshot
+        bind =      , Print,  exec, ${pkgs.wlr-which-key}/bin/wlr-which-key -k s
 
         submap = leader
         bind = , l, exec, plock
@@ -142,11 +147,13 @@ in {
         bind = , u, submap, reset
         bind = , escape, submap, reset
         bind = CTRL, g, submap, reset
+
         submap = buffers
         bind = , d, killactive,
         bind = , d, submap, reset
         bind = , escape, submap, reset
         bind = CTRL, g, submap, reset
+
         submap = resize
         binde = , $left, resizeactive, -10 0
         binde = , $right, resizeactive, 10 0
@@ -155,15 +162,21 @@ in {
         bind = , q, submap, reset
         bind = , escape, submap, reset
         bind = CTRL, g, submap, reset
+
         submap = rofi
-        bind = , e, exec, ${rofi-emoji}/bin/rofi-emoji
+        bind = , b, exec, rofi-bluetooth
+        bind = , b, submap, reset
+        bind = , e, exec, rofi -show emoji
         bind = , e, submap, reset
         bind = , r, exec, $menu
         bind = , r, submap, reset
+        bind = , s, exec, rofi -show ssh
+        bind = , r, submap, reset
         bind = , y, exec, ytplay
         bind = , y, submap, reset
         bind = , escape, submap, reset
         bind = CTRL, g, submap, reset
+
         submap = screenshot
         bind = , Print, exec, screenshot
         bind = , Print, submap, reset
@@ -179,6 +192,7 @@ in {
         bind = Shift, s, submap, reset
         bind = , escape, submap, reset
         bind = CTRL, g, submap, reset
+
         submap = windows
         bind = , period, submap, resize
         bind = , $left, movefocus, l
@@ -268,30 +282,5 @@ in {
         bind = SUPER_SHIFT, asterisk, movetoworkspace, 10
       '';
     };
-    services = {
-      blueman-applet.enable = true;
-      wpaperd = {
-        enable = true;
-        settings = {
-          default = {
-            path = "/home/phundrak/Pictures/Wallpapers/nord";
-            duration = "5m";
-            sorting = "random";
-            mode = "center";
-            recursive = true;
-          };
-          DP-3 = {
-            mode = "fit-border-color";
-          };
-        };
-      };
-    };
-    modules = {
-      swaync.enable = cfg.swaync;
-      waybar = mkIf cfg.waybar.enable {
-        inherit (cfg.waybar) enable battery style;
-      };
-      wlsunset.enable = true;
-    };
   };
 }

users/modules/desktop/hyprpaper.nix

@@ -0,0 +1,87 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.hyprpaper;
+in {
+  options.home.desktop.hyprpaper = {
+    enable = mkEnableOption "Enables Hyprpaper";
+    default = mkOption {
+      type = types.str;
+      default = "/home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
+      example = "/home/user/image.jpg";
+    };
+    wallpapers-dir = mkOption {
+      type = types.str;
+      default = "/home/phundrak/Pictures/Wallpapers/nord/";
+      example = "/home/user/Pictures/";
+    };
+    rotation-interval = mkOption {
+      type = types.str;
+      default = "5m";
+      example = "10m";
+      description = "Interval between wallpaper rotations";
+    };
+  };
+  config = mkIf cfg.enable {
+    services.hyprpaper = {
+      inherit (cfg) enable;
+      settings = {
+        ipc = "on";
+        splash = false;
+        preload = cfg.default;
+        wallpaper = ", ${cfg.default}";
+      };
+    };
+    systemd.user = {
+      services.hyprpaper-rotation = {
+        Unit = {
+          Description = "Rotate Hyprpaper wallpaper";
+          After = "graphical-session.target";
+        };
+        Service = {
+          Type = "oneshot";
+          ExecCondition = "pidof Hyprland";
+          ExecStart = "${config.home.homeDirectory}/.config/hypr/hyprpaper-rotate.sh";
+        };
+      };
+
+      timers.hyprpaper-rotation = {
+        Unit = {
+          Description = "Timer for rotating Hyprpaper wallpaper";
+        };
+        Timer = {
+          OnBootSec = cfg.rotation-interval;
+          OnUnitActiveSec = cfg.rotation-interval;
+        };
+        Install = {
+          WantedBy = ["timers.target"];
+        };
+      };
+    };
+    home.file.".config/hypr/hyprpaper-rotate.sh" = {
+      text = ''
+        #!/usr/bin/env bash
+        set -euo pipefail
+
+        WALLPAPER_DIR="${cfg.wallpapers-dir}"
+
+        # Find a random wallpaper
+        WP=$(find "$WALLPAPER_DIR" -type f \( -iname "*.jpg" -o -iname "*.jpeg" -o -iname "*.png" \) | shuf -n 1)
+
+        if [ -z "$WP" ]; then
+          echo "No wallpapers found in $WALLPAPER_DIR"
+          exit 1
+        fi
+
+        echo "Setting wallpaper to: $WP"
+
+        # Load and set the wallpaper
+        hyprctl hyprpaper preload "$WP" && hyprctl hyprpaper wallpaper ",$WP"
+      '';
+      executable = true;
+    };
+  };
+}

users/modules/desktop/kdeconnect.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kdeconnect;
+in {
+  options.home.desktop.kdeconnect.enable = mkEnableOption "Enable KDE Connect";
+  config.services.kdeconnect = mkIf cfg.enable {
+    enable = true;
+    indicator = true;
+  };
+}

users/modules/desktop/kitty.nix

@@ -1,6 +1,15 @@
-{pkgs, ...}: {
+{
-  programs.kitty = {
+  pkgs,
-    enable = true;
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kitty;
+in {
+  options.home.desktop.kitty.enable = mkEnableOption "Enable kitty terminal";
+  config.programs.kitty = mkIf cfg.enable {
+    inherit (cfg) enable;
     themeFile = "Nord";
     font = {
       package = pkgs.cascadia-code;