chore: upgrade flake lockfile

They take a long time compiling on my laptop, so I’ll install them
through flatpak instead.

README.md

@@ -4,14 +4,12 @@ Personal NixOS configuration for my machines, using Nix Flakes for reproducible
 
 ## Repository Structure
 
-- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations
-- **hosts/**: Host-specific NixOS configurations
-- **modules/**: Custom NixOS modules reusable across different hosts
-- **programs/**: System-level programs shared across hosts
-- **secrets/**: Encrypted secrets managed with sops-nix
-- **system/**: Common system-level configurations shared across hosts
-- **users/phundrak/**: Home-manager configuration for my user
-- **users/modules/**: Custom user modules reusable across configurations
+- **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations.
+- **hosts/**: Contains the host-specific NixOS configurations.
+- **system/**: Holds system-wide configuration modules that can be shared across different hosts. This includes things like boot settings, desktop environments, hardware configurations, networking, packages, security, and system services.
+- **users/**: Manages user-specific configurations. It's split into `modules` for reusable home-manager configurations and `phundrak` for my personal configuration.
+- **keys/**: Public keys for various machines.
+- **secrets/**: Encrypted secrets managed with `sops-nix`.
 
 ## Usage
 
@@ -51,24 +49,9 @@ nh home switch
 
 Format Nix files (using Alejandra):
 ```bash
-nix fmt
+nix fmt .
 ```
 
-## Development
-
-For development, a devShell is provided with linting tools and git hooks:
-
-```bash
-nix develop
-```
-
-This will set up an environment with:
-- alejandra (formatting)
-- commitizen (commit messages)
-- deadnix (dead code detection)
-- statix (linting)
-- Other useful git hooks
-
 ## Contributing
 
 Feel free to fork this repository and make your own changes. If you have any improvements or suggestions, please open an issue or submit a pull request.

flake.lock

@@ -18,11 +18,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748883665,
-        "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
+        "lastModified": 1752264895,
+        "narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=",
         "owner": "cachix",
         "repo": "cachix",
-        "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
+        "rev": "47053aef762f452e816e44eb9a23fbc3827b241a",
         "type": "github"
       },
       "original": {
@@ -36,6 +36,7 @@
       "inputs": {
         "cachix": "cachix",
         "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
         "git-hooks": "git-hooks",
         "nix": "nix",
         "nixpkgs": [
@@ -43,11 +44,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753300020,
-        "narHash": "sha256-jRO3ELwG+FfYDBTDDhBJNjGuJjB4IgziuB1JWoz6l1A=",
+        "lastModified": 1759437797,
+        "narHash": "sha256-+MwJvMExEcRpDIVKMwL1ZsSnC4AuhnooM7PNJh02S5I=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "90266818017f7a6885edc75eb4a13b68862675ea",
+        "rev": "89ce1b7ac66ca381a335a60ad6acc723ef6f42f3",
         "type": "github"
       },
       "original": {
@@ -76,16 +77,15 @@
       "inputs": {
         "nixpkgs-lib": [
           "devenv",
-          "nix",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1756770412,
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
         "type": "github"
       },
       "original": {
@@ -125,11 +125,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750779888,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "lastModified": 1758108966,
+        "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
         "type": "github"
       },
       "original": {
@@ -167,11 +167,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753373145,
-        "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=",
+        "lastModified": 1759337100,
+        "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f",
+        "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
         "type": "github"
       },
       "original": {
@@ -186,7 +186,10 @@
           "devenv",
           "flake-compat"
         ],
-        "flake-parts": "flake-parts",
+        "flake-parts": [
+          "devenv",
+          "flake-parts"
+        ],
         "git-hooks-nix": [
           "devenv",
           "git-hooks"
@@ -203,16 +206,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1752773918,
-        "narHash": "sha256-dOi/M6yNeuJlj88exI+7k154z+hAhFcuB8tZktiW7rg=",
+        "lastModified": 1758763079,
+        "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=",
         "owner": "cachix",
         "repo": "nix",
-        "rev": "031c3cf42d2e9391eee373507d8c12e0f9606779",
+        "rev": "6f0140527c2b0346df4afad7497baa08decb929f",
         "type": "github"
       },
       "original": {
         "owner": "cachix",
-        "ref": "devenv-2.30",
+        "ref": "devenv-2.30.5",
         "repo": "nix",
         "type": "github"
       }
@@ -224,11 +227,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752985182,
-        "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
+        "lastModified": 1759032422,
+        "narHash": "sha256-WZf+FhebP2/1pK2np5xj/NuDjD6fXK2BHnq/tPUN18o=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
+        "rev": "ec7a78cb0e098832d8acac091a4df393259c4839",
         "type": "github"
       },
       "original": {
@@ -239,11 +242,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753250450,
-        "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
+        "lastModified": 1759381078,
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
         "type": "github"
       },
       "original": {
@@ -282,17 +285,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1753335654,
-        "narHash": "sha256-XpegouCfuzYNECDpH0+J3UEdearlYhRkRgOZ97l16E8=",
+        "lastModified": 1759303785,
+        "narHash": "sha256-EUXrK7pUIzOQWR1dquZh26A6W8lsY2oiHEEZzQnsarM=",
         "ref": "refs/heads/master",
-        "rev": "f90bef2d994c88f075dbc2fcd81140e160351328",
-        "revCount": 654,
+        "rev": "9662234759eb57f2a1057f2a1c667da1bf128c1c",
+        "revCount": 686,
         "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
       },
       "original": {
         "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
       }
     },
     "root": {
@@ -335,11 +338,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752544651,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "lastModified": 1759188042,
+        "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d",
         "type": "github"
       },
       "original": {
@@ -370,11 +373,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752725859,
-        "narHash": "sha256-kjpmc7Y164ajPdscAZLFQTtzXP5sEE2dR30NuHe5lQY=",
+        "lastModified": 1759205174,
+        "narHash": "sha256-LMfGQsy3OibEqr3WtLCOqUVdOy5/6DJKWHV8h+1Vapk=",
         "owner": "youwen5",
         "repo": "zen-browser-flake",
-        "rev": "2276ddce91a949e0819d9e8c4b171c40ce770390",
+        "rev": "afd770119e0f9fbb085665738f3fa4c28ff42f78",
         "type": "github"
       },
       "original": {

flake.nix

@@ -3,27 +3,29 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    devenv = {
+      url = "github:cachix/devenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    devenv = {
-      url = "github:cachix/devenv";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     pumo-system-info = {
       url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     quickshell = {
-      url = "git+https://git.outfoxxed.me/outfoxxed/quickshell";
+      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -86,10 +88,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "minimal";
         };
         modules = [
-          ./users/phundrak/alys.nix
+          ./users/phundrak/host/alys.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -97,10 +98,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "fullHome";
         };
         modules = [
-          ./users/phundrak/marpa.nix
+          ./users/phundrak/host/marpa.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -108,10 +108,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "fullHome";
         };
         modules = [
-          ./users/phundrak/gampo.nix
+          ./users/phundrak/host/gampo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
@@ -119,10 +118,9 @@
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
-          home-conf = "minimal";
         };
         modules = [
-          ./users/phundrak/tilo.nix
+          ./users/phundrak/host/tilo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };

hosts/alys/configuration.nix

@@ -1,64 +1,41 @@
-{
-  pkgs,
-  inputs,
-  ...
-}: {
+{inputs, ...}: {
   imports = [
     ./hardware-configuration.nix
-    ./host.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
+    ../../system
   ];
 
-  zramSwap.enable = true;
-
-  # networking.domain = "phundrak.com";
-  system = {
-    amdgpu.enable = false;
+  mySystem = {
     boot = {
-      kernel = {
-        hardened = true;
-        cpuVendor = "amd";
-      };
+      kernel.hardened = true;
       systemd-boot = false;
-      zfs.enable = false;
+      zram = {
+        enable = true;
+        memoryMax = 512;
       };
+    };
+    dev.docker.enable = true;
     networking = {
       hostname = "alys";
       domain = "phundrak.com";
       id = "41157110";
-      firewall.openPorts = [
-        22
-      ];
     };
-    sound.enable = false;
-    users = {
-      root.disablePassword = true;
-      phundrak = true;
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
     };
-  };
-
-  modules = {
+    services = {
+      endlessh.enable = true;
       ssh = {
         enable = true;
         allowedUsers = ["phundrak"];
         passwordAuthentication = false;
       };
-    endlessh.enable = false;
     };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
-
-  # networking.hostName = "alys";
-  # users.users.root.openssh.authorizedKeys.keys = [
-  #   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+b7BE/gHrHVkqNVfHtp2r4OCUDdohst8hb3Bz5tYtx3gvXJQCB1rFc2hgQJf8FsVyQbidS64lnhU1rUIEbFhv7itT5FGGUnfJEYs64W30wKsnPSb5WXdFXzrNi8za48i2oNl9JA9Fj9k6isyvkTup89hB+ELbXIcfz3bM93WaAt2dIgKijXaAMAAA+tHhgWvlrHlvGlU9/KxY3ZOQSoEboPXd7TDyOf1672eAibYyb5h1HIewYZ+xv1X4dxx/c9Arh4K0s8scuB7XTQQkEbRUEYKD2YXKN83Z09jfMlMYuBAKKO8zU4CM2KTbL7kEVgNc/ArY+uCAakmC5+eS7LxMuOt86+Bi4gXTJ6o6dbfUbCGiq751ni8pg44YSfwYiI05vvZ08eIyNkowumD+X4GRW4tu0I3qK8TI7exeEeoQIwlSfLXlYHEdNB8Q3feLyhHMRkxXgUskbXwWIBexLzJyY40tyqQplZWbYGrUEmjxZ7FWmaV+o8ZjnU2GfJ8JoWyCnEYfRc6Z2ILdXNDRzZ9qYOwefMHtuaYaYYximL+zdVVrm4EZuOetmaJ6zblk4ebU3GZjYykB8DmCDFDZO9koKwzPazLKQl0OWzmQqgxVNg7Mg1NZbuRQgVAhKPelnqejaXbf2/IHAYBn5LDR1Jew5+srlstM9XuYG2whEOx84w== Lucien Cartier-Tilet <lucien@phundrak.com>"
-  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw9oiK8tZ5Vpz82RaRLpITU8qeJrT2hjvudGEDQu2QW lucien@phundrak.com"
-  # ];
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
   system.stateVersion = "23.11";
 }

hosts/alys/host.nix

@@ -1,3 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [neofetch vim emacs];
-}

hosts/gampo/configuration.nix

@@ -7,55 +7,71 @@
   imports = [
     inputs.sops-nix.nixosModules.sops
     ./hardware-configuration.nix
-    ./services
-    ../../modules/opentablet.nix
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
+    ../../system
   ];
 
+  mySystem = {
+    boot = {
+      plymouth.enable = true;
+      kernel = {
+        cpuVendor = "intel";
+        package = pkgs.linuxPackages;
+        modules = ["i915"];
+      };
+      systemd-boot = true;
+    };
+    desktop = {
+      hyprland.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
+      };
+    };
+    dev.docker = {
+      enable = true;
+      podman.enable = true;
+      autoprune.enable = true;
+    };
+    hardware = {
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      ibmTrackpoint.disable = true;
+      opentablet.enable = true;
+      sound.enable = true;
+    };
+    misc.keymap = "fr-bepo";
+    networking = {
+      hostname = "gampo";
+      id = "0630b33f";
+      hostFiles = [config.sops.secrets.extraHosts.path];
+    };
+    packages = {
+      appimage.enable = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      ssh.enable = true;
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
   sops.secrets.extraHosts = {
     inherit (config.users.users.root) group;
     owner = config.users.users.phundrak.name;
     mode = "0440";
   };
 
-  boot.initrd.kernelModules = ["i915"];
-
-  system = {
-    boot.plymouth.enable = true;
-    docker = {
-      enable = true;
-      autoprune.enable = true;
-      podman.enable = true;
-    };
-    networking = {
-      hostname = "gampo";
-      id = "0630b33f";
-      hostFiles = [config.sops.secrets.extraHosts.path];
-    };
-    sound.enable = true;
-  };
-
-  modules = {
-    appimage.enable = true;
-    hyprland.enable = true;
-  };
-
   security.rtkit.enable = true;
 
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    curl
-    openssl
-    wget
-  ];
-
-  nix.settings.trusted-users = ["root" "phundrak"];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database
   # versions on your system were taken. It‘s perfectly fine and

hosts/gampo/services/default.nix

@@ -1,15 +0,0 @@
-{
-  imports = [
-    ./gnome.nix
-  ];
-
-  services = {
-    # Enable CUPS to print documents.
-    printing.enable = true;
-    openssh.enable = true;
-    fwupd.enable = true;
-    udev.extraRules = ''
-      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
-    '';
-  };
-}

hosts/gampo/services/gnome.nix

@@ -1,11 +0,0 @@
-{
-  services.xserver = {
-    enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-    xkb = {
-      layout = "fr";
-      variant = "bepo";
-    };
-  };
-}

hosts/marpa/configuration.nix

@@ -1,42 +1,52 @@
 {
   config,
-  pkgs,
   inputs,
   ...
 }: {
   imports = [
     inputs.sops-nix.nixosModules.sops
-    ./system/hardware-configuration.nix
-    ./services
-    ../../modules/opentablet.nix
-    ../../modules/sops.nix
-    ../../modules/system.nix
-    ../../programs/flatpak.nix
-    ../../programs/hyprland.nix
-    ../../programs/steam.nix
+    ./hardware-configuration.nix
+    ../../system
   ];
 
-  sops.secrets.extraHosts = {
-    inherit (config.users.users.root) group;
-    owner = config.users.users.phundrak.name;
-    mode = "0440";
+  mySystem = {
+    boot = {
+      extraModprobeConfig = ''
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
+      '';
+      plymouth.enable = true;
+      kernel.cpuVendor = "amd";
+      systemd-boot = true;
     };
-
-  security.polkit.enable = true;
-
-  fileSystems."/games" = {
-    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
-    fsType = "ext4";
+    desktop = {
+      hyprland.enable = true;
+      niri.enable = true;
+      waydroid.enable = true;
+      xserver = {
+        enable = true;
+        de = "gnome";
       };
-
-  system = {
-    amdgpu.enable = true;
-    boot.plymouth.enable = true;
+    };
+    dev = {
       docker = {
         enable = true;
         podman.enable = true;
         autoprune.enable = true;
       };
+      qemu.enable = true;
+    };
+    hardware = {
+      amdgpu.enable = true;
+      bluetooth.enable = true;
+      corne.allowHidAccess = true;
+      opentablet.enable = true;
+      sound = {
+        enable = true;
+        jack = true;
+        scarlett.enable = true;
+      };
+    };
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "marpa";
       id = "7EA4A111";
@@ -49,34 +59,45 @@
         }
       ];
     };
-    sound = {
-      enable = true;
-      jack = true;
-    };
-  };
-
-  modules = {
+    packages = {
       appimage.enable = true;
-    hyprland.enable = true;
+      flatpak.enable = true;
+      nix = {
+        nix-ld.enable = true;
+        trusted-users = ["root" "phundrak"];
+      };
+    };
+    programs.steam.enable = true;
+    services = {
+      fwupd.enable = true;
+      printing.enable = true;
+      ssh.enable = true;
+      sunshine = {
+        enable = true;
+        autostart = true;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
   };
 
-  security.rtkit.enable = true;
+  sops.secrets.extraHosts = {
+    inherit (config.users.users.root) group;
+    owner = config.users.users.phundrak.name;
+    mode = "0440";
+  };
 
-  nix.settings.trusted-users = ["root" "phundrak"];
+  security = {
+    polkit.enable = true;
+    rtkit.enable = true;
+  };
 
-  environment.systemPackages = with pkgs; [
-    clinfo # AMD
-    curl
-    openssl
-    wget
-    alsa-scarlett-gui
-  ];
-
-  boot.extraModprobeConfig = ''
-    options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
-  '';
-
-  programs.nix-ld.enable = true;
+  fileSystems."/games" = {
+    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
+    fsType = "ext4";
+  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/marpa/services/default.nix

@@ -1,25 +1,24 @@
 {
-  imports = [
-    ./logind.nix
-    ../../../modules/ssh.nix
-    ../../../modules/sunshine.nix
-    ../../../modules/xserver.nix
-  ];
+  # imports = [
+  #   ./logind.nix
+  #   ../../../system
+  # ];
+  # imports = [
+  #   ./logind.nix
+  #   ../../../modules/ssh.nix
+  #   ../../../modules/sunshine.nix
+  # ];
 
-  modules = {
-    sunshine = {
-      enable = true;
-      autostart = true;
-    };
-    xserver = {
-      amdgpu.enable = true;
-      de = "gnome";
-    };
-  };
-  services = {
-    blueman.enable = true;
-    fwupd.enable = true;
-    printing.enable = true;
-    openssh.enable = true;
-  };
+  # modules = {
+  #   sunshine = {
+  #     enable = true;
+  #     autostart = true;
+  #   };
+  # };
+  # services = {
+  #   blueman.enable = true;
+  #   fwupd.enable = true;
+  #   printing.enable = true;
+  #   openssh.enable = true;
+  # };
 }

hosts/tilo/configuration.nix

@@ -1,24 +1,15 @@
 # Edit this configuration file to define what should be installed on your
 # system.  Help is available in the configuration.nix(5) man page and in
 # the NixOS manual (accessible by running ‘nixos-help’).
-{
-  pkgs,
-  inputs,
-  ...
-}: {
+{inputs, ...}: {
   imports = [
     ./hardware-configuration.nix
     inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
-    ../../modules/system.nix
-    ../../modules/ssh.nix
-    ../../modules/endlessh.nix
-    ../../programs/nano.nix
+    ../../system
     ./services
   ];
 
-  system = {
-    amdgpu.enable = false;
+  mySystem = {
     boot = {
       kernel = {
         hardened = true;
@@ -29,45 +20,42 @@
         pools = ["tank"];
       };
     };
-    docker.enable = true;
+    dev.docker.enable = true;
+    misc.keymap = "fr-bepo";
     networking = {
       hostname = "tilo";
       id = "7110b33f";
       firewall = {
         openPorts = [
-          22 # SSH
           80 # HTTP
           443 # HTTPS
-          2222 # endlessh
           25565 # Minecraft
         ];
-        extraCommands = ''
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-        '';
       };
     };
-    nix.gc.automatic = true;
-    sound.enable = false;
-    users = {
-      root.disablePassword = true;
-      phundrak = true;
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = ["root" "phundrak"];
     };
-    console.keyMap = "fr-bepo";
+    services = {
+      calibre.enable = true;
+      endlessh.enable = true;
+      jellyfin.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/stacks/plex/plex-config";
       };
-
-  modules = {
       ssh = {
         enable = true;
         allowedUsers = ["phundrak"];
         passwordAuthentication = false;
       };
-    endlessh.enable = true;
     };
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.systemPackages = [pkgs.openssl];
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

modules/opentablet.nix

@@ -1,6 +0,0 @@
-{
-  hardware.opentabletdriver = {
-    enable = true;
-    daemon.enable = true;
-  };
-}

modules/sunshine.nix

@@ -1,22 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.modules.sunshine;
-in {
-  options.modules.sunshine = {
-    enable = mkEnableOption "Enables moonlight";
-    autostart = mkEnableOption "Enables autostart";
-  };
-  config.services.sunshine = mkIf cfg.enable {
-    enable = true;
-    autoStart = cfg.autostart;
-    capSysAdmin = true;
-    openFirewall = true;
-    settings = {
-      sunshine_name = "marpa";
-    };
-  };
-}

modules/system.nix

@@ -1,183 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.system;
-in {
-  imports = [
-    ./amdgpu.nix
-    ./appimage.nix
-    ./boot.nix
-    ./locale.nix
-    ./networking.nix
-    ./nix.nix
-    ./plymouth.nix
-    ./sound.nix
-    ./users.nix
-    ./dev/docker.nix
-  ];
-
-  options.system = with types; {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
-    boot = {
-      kernel = {
-        package = mkOption {
-          type = raw;
-          default = pkgs.linuxPackages_zen;
-        };
-        modules = mkOption {
-          type = listOf str;
-          default = [];
-        };
-        cpuVendor = mkOption {
-          description = "Intel or AMD?";
-          type = enum ["intel" "amd"];
-          default = "amd";
-        };
-        v4l2loopback = mkOption {
-          description = "Enables v4l2loopback";
-          type = bool;
-          default = true;
-        };
-        hardened = mkEnableOption "Enables hardened Linux kernel";
-      };
-      systemd-boot = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Does the system use systemd-boot?";
-      };
-      plymouth.enable = mkEnableOption "Enables Plymouth";
-      zfs = {
-        enable = mkEnableOption "Enables ZFS";
-        pools = mkOption {
-          type = listOf str;
-          default = [];
-        };
-      };
-    };
-    docker = {
-      enable = mkEnableOption "Enable Docker";
-      podman.enable = mkEnableOption "Enable Podman rather than Docker";
-      nvidia.enable = mkEnableOption "Activate Nvidia support";
-      autoprune.enable = mkEnableOption "Enable autoprune";
-    };
-    networking = {
-      hostname = mkOption {
-        type = str;
-        example = "gampo";
-      };
-      id = mkOption {
-        type = str;
-        example = "deadb33f";
-      };
-      domain = mkOption {
-        type = nullOr str;
-        example = "phundrak.com";
-        default = null;
-      };
-      hostFiles = mkOption {
-        type = listOf path;
-        example = [/path/to/hostFile];
-        default = [];
-      };
-      firewall = {
-        openPorts = mkOption {
-          type = listOf int;
-          example = [22 80 443];
-          default = [];
-        };
-        openPortRanges = mkOption {
-          type = listOf (attrsOf port);
-          default = [];
-          example = [
-            {
-              from = 8080;
-              to = 8082;
-            }
-          ];
-          description = ''
-            A range of TCP and UDP ports on which incoming connections are
-            accepted.
-          '';
-        };
-        extraCommands = mkOption {
-          type = nullOr lines;
-          example = "iptables -A INPUTS -p icmp -j ACCEPT";
-          default = null;
-        };
-      };
-    };
-    nix = {
-      disableSandbox = mkOption {
-        type = bool;
-        default = false;
-      };
-      gc = {
-        automatic = mkOption {
-          type = bool;
-          default = true;
-        };
-        dates = mkOption {
-          type = str;
-          default = "Monday 01:00 UTC";
-        };
-        options = mkOption {
-          type = str;
-          default = "--delete-older-than 30d";
-        };
-      };
-    };
-    sound = {
-      enable = mkEnableOption "Whether to enable sounds with Pipewire";
-      alsa = mkOption {
-        type = bool;
-        example = true;
-        default = true;
-        description = "Whether to enable ALSA support with Pipewire";
-      };
-      jack = mkOption {
-        type = bool;
-        example = true;
-        default = false;
-        description = "Whether to enable JACK support with Pipewire";
-      };
-      package = mkOption {
-        type = package;
-        example = pkgs.pulseaudio;
-        default = pkgs.pulseaudioFull;
-        description = "Which base package to use for PulseAudio";
-      };
-    };
-    users = {
-      root.disablePassword = mkEnableOption "Disables root password";
-      phundrak = mkOption {
-        type = bool;
-        default = true;
-      };
-    };
-    timezone = mkOption {
-      type = str;
-      default = "Europe/Paris";
-    };
-    console.keyMap = mkOption {
-      type = str;
-      default = "fr";
-    };
-  };
-
-  config = {
-    boot.tmp.cleanOnBoot = true;
-    time.timeZone = cfg.timezone;
-    console.keyMap = cfg.console.keyMap;
-    modules = {
-      boot = {
-        inherit (cfg) amdgpu;
-        inherit (cfg.boot) kernel systemd-boot plymouth zfs;
-      };
-      inherit (cfg) sound users networking docker amdgpu;
-    };
-  };
-}

programs/flatpak.nix

@@ -1,3 +0,0 @@
-{
-  services.flatpak.enable = true;
-}

programs/steam.nix

@@ -1,21 +0,0 @@
-{pkgs, ...}: {
-  programs = {
-    steam = {
-      enable = true;
-      protontricks.enable = true;
-      remotePlay.openFirewall = true;
-      localNetworkGameTransfers.openFirewall = true;
-      gamescopeSession.enable = true;
-      extraCompatPackages = [pkgs.proton-ge-bin];
-    };
-    gamescope = {
-      enable = true;
-      capSysNice = true;
-      args = [
-        "--rt"
-        "--expose-wayland"
-      ];
-    };
-  };
-  hardware.steam-hardware.enable = true;
-}

secrets/secrets.yaml

@@ -1,10 +1,10 @@
-extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
+extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
 mopidy:
     spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
     bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
 emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
 ssh:
-    hosts: ENC[AES256_GCM,data:X/MrxeaqJnggoL9X8Y0+15A52FoihVRFp4vBZNr/QlJAKRn0B1eH6LI4wVzNokMbPUGlmYEElShy38ce+7EehL5HJcbwpEquvgQpLN2lZ4FhMLbW7yN3Q8DdZKqv4RNsm8vjuJPGwHGEVOhdvvnyM6IVpvLvMuH7MLJg4hLSArBzX7N0i5qg8piWI3pHqoPV4yO7kysSSF7D13HXen3fX+dbpBno/n0U+Xq8gcFyUKAqN6h65frkH2pyQcxIrCYcsFoJcU2jIzUY94xCSZZT7ocItzKD5YtVRki6F4Gh0/QgFeFcCn20Z0w8B7WvkjcR98FE+i5D9128uv2iiKEyeNaB4hc14dFCG4iZWW1KcSUojBnXHpFj22aByJaxjcFVg5BIVyde8L4hEinztWjNwbRzi1d9b34qeARcEzDQ3fwSNL/XFrlTvNZp565y/rPBLceksELewpWyX4Te3fuNOOw7hQqX3cjbGfw/FNuBVI/jnkEC+acGi23HnwmnDz87KCGZ738OAQ78F5awuoHnHhePvj0bUe3DTdW9Uj8amnaq1IeIu/BBcutewgez7ZHWamIWiOuVaZUISD6wrYk4pe5KqAZieUdotxbx7eihpw0ozEzQaNU3WBwQ8YxIyEnzcnsAihXCcgbm1/8FzWxghN3elA48UqVwaa4ZHK01l8+jD5yGjuCTCcpmSkVZBg8XrH7VWm+pZMCt3FRus3vFWq/iLsapIu6YSWG+mCYCjEK5hhbZs7ELxpdIzCw6Hiqm+P4nWVwA0ddbtSA7Rhu33CTKzdc0/KIQN78U0P+AsV0tVy7oLboIEZhpsj6XXYwQv5q9d0eJw/hibsqHdRb144Zn0hJDqxe/R+vCDk2iC3OYx5pG4oFbBG8V487QC67TG4Q+ztGCL8+W8+ZoVjK+atfA2LVHVWobFWNmqAE9CbVu8cbW3BhAtWrBZGgUMW5noFi64U411QEPS88odXtaqhUoN77rMhYCtVBxSSkGMWvwY2VZn6UvY8NZTExD5rJmDU9rRHmCNHq4WaAjxUg1rzwd4VO9CDnCf2gSeF466blpf2JEky8=,iv:0laLebvzVUMrKT30Jx/HaRS426PsWD3oFTesV4tnnDg=,tag:DApK5SSAriLib00FTz+jcg==,type:str]
+    hosts: ENC[AES256_GCM,data:j7+Ua5G8dePL5GO+Tf8+hnoJsSfKo2z4I0OcVfSyJ3dc6yyYZVho8iG9bqPAqVR5d7SJr391zCLMJp/jRDpDFLkzQB54udVKI8ob0C2w2xBznPZJsC7qZMptQ+n4IHO1ZROSi/vBadCUfEWKNO9e8gsroBYmliy/31M5IlA85Vx6q4Zx0qIFylfIhBDto3jD2DRcbjWP8NvjJcY7YLrN2sv8RR7QqX1q+0ZxpgFhg+W+a5Dz8JBVsPEdjNJqFAKAmUGKXf4bpEIS5lLUxxZweizEiWgo4nYJgA0kqVYEOiErOPgtpnBKiJlR+fLGuVwdGxVOUMvttZtyIgHc4CWgOJ0h67h4eVii+zeLn0GPJl3i2g5bjOArHKLfkKGduqii4n/1p9VvVTAOn5dj0/NtD2JNJF9kUDr1nMyMa1xA35gzv1vp/U55L6ZU/BRpBPzka6i8nGnCkDVdoUG0DKhN9ooXRpUS9L+W1iz480fzb6i/tfmlhx7Ms1T9VybYFkGLNkxnsrt5Oc24o0XD5/A1j8bJgNWo6aWSA748ZWtN0mXDzB5sH4TVtaZAGlyU9r/x5oCuWPN2qhZ8d2i7g5rceZW5ang/uyXNt8Le5cKvLw3Rhf4BTFhQ6+VJ4/SpdfnLZ17djjbwZO1DT5Nb0RUObcilcwbmUwqvmLbcrdmsfQMOcetRwFpIdoX6MjkRiC1WZ4cz8bMU7ArnK/n15dsIdaiiUfuOJAiBYut1PaJBoZDe8pXzOE6U1s57sejUf1T7NHp2epyevCAYuVG71dAFLn1oLM+FWXuBm6ogFLujoFh7XCVVqdf6j348/ekzBxDIemzS4G1+zflG3AteLWcslGVTNmx0rb3GlSHGNVNZoeHvYAHIIEyWpY4Yd01R8RhjrFXQo9comnpoQXSlFDvuUGTxuUpsariAof4wKLdpqj8Dc4ZaDvd1pAGVh7RBqR4rn4kClbWUVcSFy7QWs9T5Sw0fU/bLL76N6x9Y44P5NQLAJvZ0z8rhIPl0u8OwIhhEwkhWdFLSulk/N7+DVqrRpj7bB5hB8jZWspsl44IdiZWY3UPs7zs=,iv:3q4FYxDWPGyMqeKoSTRxSPvqZXzwg/NeHZh70d38HYM=,tag:jA8/5yi74/mOuu/b83WEeg==,type:str]
 sops:
     age:
         - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
@@ -61,7 +61,7 @@ sops:
             QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
             9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-06T19:20:04Z"
-    mac: ENC[AES256_GCM,data:59Mu6RlGEXV7BsNsX0yIr/zUgl9gvk77o2moF4D7GgPwllSVFLRB8Y3LvE7+NXLIjLj19nrK6b99CiH08NmWhSBO37+xXU/eYQ/W2wIEVIxfmhVcF9ePIZPwVuegLZ707S8jZDOcYzPOQuURe9hhbxJJPgHzzPzYoh7yushYUME=,iv:h6DCciUZtRMZFGB7PMfg4xnOWxyKQS/vfnOG1tqVfrI=,tag:q65pnHbLcUG+Gxo7K3Ca1w==,type:str]
+    lastmodified: "2025-08-07T09:16:46Z"
+    mac: ENC[AES256_GCM,data:3PIJps2hoavPJ6ig+943FE73lBhCfxv8vuzmgTtooH386V12/PQN+Opt/ZoIbXU9w21XelZ/C5xPr8rcuw5ADx9K/KjdMm8jyLCO6/+iBf6SjnbC3E0DyiDit50UtWxKc32ryiJ8m5hYfX6O2H8WIGFa+6wp5KISV9pkc09CNZA=,iv:xzwEhhBJQOlde8Ib+tZpv+2CHfR83dFevdwERkYTsTE=,tag:SzdcZH19kSTnNs16754IMw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

system/boot/boot.nix

@@ -5,10 +5,16 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot;
+  cfg = config.mySystem.boot;
 in {
-  options.modules.boot = {
-    amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+  options.mySystem.boot = {
+    extraModprobeConfig = mkOption {
+      type = types.lines;
+      default = "";
+      example = ''
+        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
+      '';
+    };
     kernel = {
       package = mkOption {
         type = types.raw;
@@ -45,7 +51,7 @@ in {
   };
 
   config.boot = {
-    initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
+    initrd.kernelModules = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
     loader = {
       systemd-boot.enable = cfg.systemd-boot;
       efi.canTouchEfiVariables = cfg.systemd-boot;

system/boot/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./boot.nix
+    ./plymouth.nix
+    ./zram.nix
+  ];
+}

system/boot/plymouth.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.boot.plymouth;
+  cfg = config.mySystem.boot.plymouth;
 in {
-  options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
+  options.mySystem.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
   config.boot = mkIf cfg.enable {
     plymouth = {
       inherit (cfg) enable;

system/boot/zram.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.boot.zram;
+in {
+  options.mySystem.boot.zram = {
+    enable = mkEnableOption "Enable ZRAM";
+    memoryMax = mkOption {
+      type = types.int;
+      example = "512";
+      description = "Maximum size allocated to ZRAM in MiB";
+    };
+  };
+  config.zramSwap = mkIf cfg.enable {
+    inherit (cfg) enable;
+    memoryMax = cfg.memoryMax * 1024 * 1024;
+  };
+}

system/default.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.misc;
+in {
+  imports = [
+    ./boot
+    ./desktop
+    ./dev
+    ./hardware
+    ./i18n
+    ./network
+    ./packages
+    ./security
+    ./services
+    ./users
+  ];
+
+  options.mySystem.misc = {
+    timezone = mkOption {
+      type = types.str;
+      default = "Europe/Paris";
+    };
+    keymap = mkOption {
+      type = types.str;
+      default = "fr";
+      example = "fr-bepo";
+      description = "Keymap to use in the TTY console";
+    };
+  };
+
+  config = {
+    boot.tmp.cleanOnBoot = true;
+    time.timeZone = cfg.timezone;
+    console.keyMap = cfg.keymap;
+  };
+}

system/desktop/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./hyprland.nix
+    ./niri.nix
+    ./waydroid.nix
+    ./xserver.nix
+  ];
+}

system/desktop/hyprland.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.mySystem.desktop.hyprland;
 in {
-  options.modules.hyprland.enable = mkEnableOption "Enables Hyprland";
+  options.mySystem.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
   config.programs.hyprland = mkIf cfg.enable {
     inherit (cfg) enable;
     withUWSM = true;

system/desktop/niri.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.desktop.niri;
+in {
+  options.mySystem.desktop.niri.enable = mkEnableOption "Enables Niri";
+  config.programs.niri = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/desktop/waydroid.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.desktop.waydroid;
+in {
+  options.mySystem.desktop.waydroid.enable = mkEnableOption "Enables Waydroid";
+  config = mkIf cfg.enable {
+    virtualisation.waydroid.enable = cfg.enable;
+    environment.systemPackages = [ pkgs.waydroid-helper ];
+  };
+}

system/desktop/xserver.nix

@@ -4,10 +4,10 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.xserver;
+  cfg = config.mySystem.desktop.xserver;
 in {
-  options.modules.xserver = {
-    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
+  options.mySystem.desktop.xserver = {
+    enable = mkEnableOption "Enables xserver";
     de = mkOption {
       type = types.enum ["gnome" "kde"];
       default = "gnome";
@@ -15,7 +15,7 @@ in {
       description = "Which DE to enable";
     };
   };
-  config.services = {
+  config.services = mkIf cfg.enable {
     displayManager = {
       sddm.enable = mkIf (cfg.de == "kde") true;
       gdm.enable = mkIf (cfg.de == "gnome") true;
@@ -34,8 +34,8 @@ in {
     };
 
     xserver = {
-      enable = true;
-      videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
+      inherit (cfg) enable;
+      videoDrivers = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
       xkb = {
         layout = "fr";
         variant = "bepo_afnor";

system/dev/default.nix

@@ -0,0 +1,3 @@
+{
+  imports = [./docker.nix ./qemu.nix];
+}

system/dev/docker.nix

@@ -1,12 +1,13 @@
 {
   lib,
   config,
+  pkgs,
   ...
 }:
 with lib; let
-  cfg = config.modules.docker;
+  cfg = config.mySystem.dev.docker;
 in {
-  options.modules.docker = {
+  options.mySystem.dev.docker = {
     enable = mkEnableOption "Enable Docker";
     podman.enable = mkEnableOption "Enable Podman rather than Docker";
     nvidia.enable = mkEnableOption "Activate Nvidia support";
@@ -14,6 +15,9 @@ in {
   };
 
   config = {
+    environment.systemPackages = mkIf cfg.podman.enable [
+      pkgs.podman-desktop
+    ];
     virtualisation = {
       docker = mkIf (cfg.enable && !cfg.podman.enable) {
         enable = true;

system/dev/qemu.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.dev.qemu;
+in {
+  options.mySystem.dev.qemu.enable = mkEnableOption "Enable QEMU";
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      qemu
+      virt-manager
+    ];
+    systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  };
+}

system/hardware/amdgpu.nix

@@ -5,13 +5,18 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.amdgpu;
+  cfg = config.mySystem.hardware.amdgpu;
 in {
-  options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+  options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
   config = mkIf cfg.enable {
     systemd.tmpfiles.rules = [
       "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
     ];
     hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
+    environment.systemPackages = with pkgs; [
+      clinfo
+      amdgpu_top
+      nvtopPackages.amd
+    ];
   };
 }

system/hardware/bluetooth.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.bluetooth;
+in {
+  options.mySystem.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
+  config = mkIf cfg.enable {
+    hardware.bluetooth.enable = cfg.enable;
+    services.blueman.enable = cfg.enable;
+  };
+}

system/hardware/corne.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.corne;
+in {
+  options.mySystem.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
+  config.services.udev = mkIf cfg.allowHidAccess {
+    extraRules = ''
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    '';
+  };
+}

system/hardware/default.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./amdgpu.nix
+    ./bluetooth.nix
+    ./corne.nix
+    ./ibm-trackpoint.nix
+    ./opentablet.nix
+    ./sound.nix
+  ];
+}

system/hardware/ibm-trackpoint.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.ibmTrackpoint;
+in {
+  options.mySystem.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
+  config.services.udev = mkIf cfg.disable {
+    extraRules = ''
+      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
+    '';
+  };
+}

system/hardware/opentablet.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.hardware.opentablet;
+in {
+  options.mySystem.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
+  config.hardware.opentabletdriver = mkIf cfg.enable {
+    inherit (cfg) enable;
+    daemon.enable = true;
+  };
+}

system/hardware/sound.nix

@@ -5,10 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.sound;
+  cfg = config.mySystem.hardware.sound;
 in {
-  options.modules.sound = {
+  options.mySystem.hardware.sound = {
     enable = mkEnableOption "Whether to enable sounds with Pipewire";
+    scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
     alsa = mkOption {
       type = types.bool;
       example = true;
@@ -29,7 +30,9 @@ in {
     };
   };
 
-  config.services.pipewire = mkIf cfg.enable {
+  config = {
+    environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
+    services.pipewire = mkIf cfg.enable {
       enable = true;
       alsa = mkIf cfg.alsa {
         enable = mkDefault true;
@@ -37,4 +40,8 @@ in {
       };
       jack.enable = mkDefault cfg.jack;
     };
+    programs.noisetorch = mkIf cfg.enable {
+      inherit (cfg) enable;
+    };
+  };
 }

system/i18n/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./locale.nix
+  ];
+}

system/network/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./networking.nix
+    ./tailscale.nix
+  ];
+}

system/network/networking.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.networking;
+  cfg = config.mySystem.networking;
 in {
-  options.modules.networking = with types; {
+  options.mySystem.networking = with types; {
     hostname = mkOption {
       type = str;
       example = "gampo";

system/network/tailscale.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.network.tailscale;
+in {
+  options.mySystem.network.tailscale = {
+    enable = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+  config.services.tailscale.enable = cfg.enable;
+}

system/packages/appimage.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.appimage;
+  cfg = config.mySystem.packages.appimage;
 in {
-  options.modules.appimage.enable = mkEnableOption "Enables AppImage support";
+  options.mySystem.packages.appimage.enable = mkEnableOption "Enables AppImage support";
   config.programs.appimage = mkIf cfg.enable {
     inherit (cfg) enable;
     binfmt = true;

system/packages/default.nix

@@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  imports = [
+    ./appimage.nix
+    ./flatpak.nix
+    ./nano.nix
+    ./nix.nix
+    ./steam.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    curl
+    openssl
+    wget
+  ];
+}

system/packages/flatpak.nix

@@ -0,0 +1,22 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.packages.flatpak;
+in {
+  options.mySystem.packages.flatpak = {
+    enable = mkEnableOption "Enable Flatpak support";
+    builder.enable = mkEnableOption "Enable Flatpak builder";
+  };
+  config = {
+    services.flatpak = mkIf cfg.enable {
+      inherit (cfg) enable;
+    };
+    environment.systemPackages = mkIf cfg.builder.enable [
+      pkgs.flatpak-buildR
+    ];
+  };
+}

system/packages/nix.nix

@@ -4,10 +4,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nix;
+  cfg = config.mySystem.packages.nix;
 in {
-  options.modules.nix = {
-    disableSandbox = mkEnableOption "Disables Nix sandbox";
+  options.mySystem.packages.nix = {
+    allowUnfree = mkEnableOption "Enable unfree packages";
+    disableSandbox = mkEnableOption "Disable Nix sandbox";
     gc = {
       automatic = mkOption {
         type = types.bool;
@@ -22,17 +23,27 @@ in {
         default = "--delete-older-than 30d";
       };
     };
+    nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
+    trusted-users = mkOption {
+      type = types.listOf types.str;
+      example = ["alice" "bob"];
+      default = [];
+    };
   };
 
   config = {
     nix = {
+      inherit (cfg) gc;
       settings = {
+        inherit (cfg) trusted-users;
         sandbox = cfg.disableSandbox;
         experimental-features = ["nix-command" "flakes"];
         auto-optimise-store = true;
       };
-      inherit (cfg) gc;
     };
     nixpkgs.config.allowUnfree = true;
+    programs = {
+      inherit (cfg) nix-ld;
+    };
   };
 }

system/packages/steam.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.programs.steam;
+in {
+  options.mySystem.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
+  config = mkIf cfg.enable {
+    programs = {
+      steam = {
+        inherit (cfg) enable;
+        protontricks.enable = true;
+        remotePlay.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+        gamescopeSession.enable = true;
+        extraCompatPackages = [pkgs.proton-ge-bin];
+      };
+      gamescope = {
+        enable = true;
+        capSysNice = true;
+        args = [
+          "--rt"
+          "--expose-wayland"
+        ];
+      };
+    };
+    hardware.steam-hardware = {
+      inherit (cfg) enable;
+    };
+  };
+}

system/security/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./sops.nix
+  ];
+}

system/security/sops.nix

@@ -1,6 +1,6 @@
 {
   sops = {
-    defaultSopsFile = ../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
     age = {
       # automatically import user SSH keys as age keys

system/services/calibre.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.calibre;
+in {
+  options.mySystem.services.calibre = {
+    enable = mkEnableOption "Enable Calibre Web";
+    user = mkOption {
+      type = types.string;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.string;
+      default = "users";
+    };
+    dataDir = mkOption {
+      type = types.string;
+      example = "/tank/calibre/conf";
+      default = "/tank/calibre/conf";
+    };
+    library = mkOption {
+      type = types.string;
+      example = "/tank/calibre/library";
+      default = "/tank/calibre/library";
+    };
+  };
+  config.services.calibre-web = mkIf cfg.enable {
+    inherit (cfg) enable user group dataDir;
+    options = {
+      calibreLibrary = cfg.library;
+      enableBookConversion = true;
+      enableBookUploading = true;
+    };
+  };
+}

system/services/default.nix

@@ -0,0 +1,12 @@
+{
+  imports = [
+    ./calibre.nix
+    ./endlessh.nix
+    ./fwupd.nix
+    ./jellyfin.nix
+    ./plex.nix
+    ./printing.nix
+    ./ssh.nix
+    ./sunshine.nix
+  ];
+}

system/services/endlessh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.endlessh;
+  cfg = config.mySystem.services.endlessh;
 in {
-  options.modules.endlessh = {
+  options.mySystem.services.endlessh = {
     enable = mkEnableOption "Enables endlessh.";
     port = mkOption {
       type = types.port;

system/services/fwupd.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.fwupd;
+in {
+  options.mySystem.services.fwupd.enable = mkEnableOption "Enable fwupd";
+  config.services.fwupd = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/jellyfin.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.jellyfin;
+in {
+  options.mySystem.services.jellyfin = {
+    enable = mkEnableOption "Enable Jellyfin";
+    dataDir = mkOption {
+      type = types.string;
+      default = "/tank/jellyfin/data";
+      example = "/tank/jellyfin/data";
+    };
+    user = mkOption {
+      type = types.string;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.string;
+      default = "users";
+    };
+  };
+  config.services.jellyfin = mkIf cfg.enable {
+    inherit (cfg) enable group user dataDir;
+  };
+}

system/services/plex.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.plex;
+in {
+  options.mySystem.services.plex = {
+    enable = mkEnableOption "Enable Plex";
+    group = mkOption {
+      type = types.string;
+      default = "users";
+      example = "users";
+      description = "Group under which Plex runs";
+    };
+    dataDir = mkOption {
+      type = types.string;
+      example = "/tank/plex-config";
+    };
+    user = mkOption {
+      type = types.string;
+      default = "phundrak";
+    };
+  };
+  config = {
+    services.plex = mkIf cfg.enable {
+      inherit (cfg) enable user group dataDir;
+      openFirewall = cfg.enable;
+    };
+    boot.kernel.sysctl = {
+      "kernel.unprivileged_userns_clone" = 1;
+    };
+  };
+}

system/services/printing.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.printing;
+in {
+  options.mySystem.services.printing.enable = mkEnableOption "Enable printing with CUPS";
+  config.services.printing = mkIf cfg.enable {
+    inherit (cfg) enable;
+  };
+}

system/services/ssh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.ssh;
+  cfg = config.mySystem.services.ssh;
 in {
-  options.modules.ssh = {
+  options.mySystem.services.ssh = {
     enable = mkEnableOption "Enables OpenSSH";
     allowedUsers = mkOption {
       type = types.listOf types.str;
@@ -20,7 +20,7 @@ in {
     };
   };
   config.services.openssh = mkIf cfg.enable {
-    enable = true;
+    inherit (cfg) enable;
     settings = {
       AllowUsers = cfg.allowedUsers;
       PermitRootLogin = "no";

system/services/sunshine.nix

@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.sunshine;
+in {
+  options.mySystem.services.sunshine = {
+    enable = mkEnableOption "Enables Sunshine";
+    autostart = mkEnableOption "Enables autostart";
+  };
+  config.services.sunshine = mkIf cfg.enable {
+    inherit (cfg) enable;
+    autoStart = cfg.autostart;
+    capSysAdmin = true;
+    openFirewall = true;
+    settings.sunshine_name = config.mySystem.networking.hostname;
+    applications.apps = [
+      {
+        name = "Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Low Res Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Steam Big Picture";
+        detached = ["setsid steam steam://open/bigpicture"];
+        prep-cmd = {
+          do = "";
+          undo = "setsid steam steam://close/bigpicture";
+        };
+        image-path = "steam.png";
+      }
+      {
+        name = "OpenTTD";
+        cmd = "openttd";
+        image-path = "/home/phundrak/.config/sunshine/covers/igdb_18074.png";
+      }
+      {
+        name = "OpenMW";
+        cmd = "openmw";
+      }
+    ];
+  };
+}

system/users/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./phundrak.nix
+  ];
+}

system/users/phundrak.nix

@@ -5,14 +5,11 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.users;
+  cfg = config.mySystem.users;
 in {
-  options.modules.users = {
+  options.mySystem.users = {
     root.disablePassword = mkEnableOption "Disables root password";
-    phundrak = mkOption {
-      type = types.bool;
-      default = true;
-    };
+    phundrak.enable = mkEnableOption "Enables users phundrak";
   };
 
   config = {
@@ -21,12 +18,12 @@ in {
         hashedPassword = mkIf cfg.root.disablePassword "*";
         shell = pkgs.zsh;
       };
-      phundrak = {
+      phundrak = mkIf cfg.phundrak.enable {
         isNormalUser = true;
         description = "Lucien Cartier-Tilet";
         extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
         shell = pkgs.zsh;
-        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ./keys;
+        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
       };
     };
     programs.zsh.enable = true;

users/modules/cli/bat.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.bat;
+  cfg = config.home.cli.bat;
 in {
-  options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
+  options.home.cli.bat.extras = mkEnableOption "Enables extra packages for bat.";
   config.programs.bat = {
     enable = true;
     config = {

users/modules/cli/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli;
+in {
+  imports = [
+    ./bat.nix
+    ./btop.nix
+    ./direnv.nix
+    ./eza.nix
+    ./mu.nix
+    ./nh.nix
+    ./nix-index.nix
+    ./scripts
+    ./tealdeer.nix
+    ./yt-dlp.nix
+  ];
+
+  options.home.cli.fullDesktop = mkEnableOption "Enable all optional modules and options";
+  config.home.cli = {
+    bat.extras = mkDefault cfg.fullDesktop;
+    mu.enable = mkDefault cfg.fullDesktop;
+    scripts.enable = mkDefault cfg.fullDesktop;
+    yt-dlp.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/cli/mu.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.mu;
+in {
+  options.home.cli.mu.enable = mkEnableOption "Enable mu";
+  config.programs.mu.enable = cfg.enable;
+}

users/modules/cli/nh.nix

@@ -4,9 +4,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.nh;
+  cfg = config.home.cli.nh;
 in {
-  options.modules.nh.flake = mkOption {
+  options.home.cli.nh.flake = mkOption {
     type = types.path;
     default = "/home/phundrak/.dotfiles";
     example = "/etc/nixos";

users/modules/cli/nix-index.nix

@@ -0,0 +1,10 @@
+{inputs, ...}: {
+  imports = [
+    inputs.nix-index-database.homeModules.nix-index
+  ];
+
+  programs = {
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
+  };
+}

users/modules/cli/scripts/default.nix

@@ -0,0 +1,15 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.scripts;
+  files = filesystem.listFilesRecursive ./.;
+  scriptFiles = builtins.filter (path: baseNameOf path != "default.nix") files;
+  scripts = map (file: (import file {inherit pkgs config;})) scriptFiles;
+in {
+  options.home.cli.scripts.enable = mkEnableOption "Add custom scripts to PATH";
+  config.home.packages = mkIf cfg.enable scripts;
+}

users/modules/cli/scripts/launch-with-emacsclient.nix

@@ -1,10 +1,10 @@
 {
   pkgs,
-  emacsPackage,
+  config,
   ...
 }:
 pkgs.writeShellScriptBin "launch-with-emacsclient" ''
   filename="$1"
   line="$2"
   column="$3"
-  ${emacsPackage}/bin/emacsclient +$line:$column "$filename"''
+  ${config.home.dev.editors.emacs.package}/bin/emacsclient +$line:$column "$filename"''

users/modules/cli/yt-dlp.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.cli.yt-dlp;
+in {
+  options.home.cli.yt-dlp.enable = mkEnableOption "Enable yt-dlp";
+  config.programs.yt-dlp = mkIf cfg.enable {
+    inherit (cfg) enable;
+    settings = {
+      embed-thumbnail = true;
+      embed-subs = true;
+      sub-langs = "all";
+    };
+  };
+}

users/modules/default.nix

@@ -1,17 +1,29 @@
 {
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home;
+in {
   imports = [
     ./basics.nix
-    ./bat.nix
-    ./btop.nix
-    ./direnv.nix
-    ./eza.nix
-    ./gpg.nix
-    ./mopidy.nix
-    ./nh.nix
-    ./nix-index.nix
+    ./cli
+    ./desktop
+    ./dev
+    ./media
+    ./services
+    ./security
     ./shell
-    ./ssh.nix
-    ./tealdeer.nix
-    ./vcs
   ];
+
+  options.home.fullDesktop = mkEnableOption "Enable most modules";
+  config.home = {
+    cli.fullDesktop = mkDefault cfg.fullDesktop;
+    desktop.fullDesktop = mkDefault cfg.fullDesktop;
+    dev.fullDesktop = mkDefault cfg.fullDesktop;
+    media.fullDesktop = mkDefault cfg.fullDesktop;
+    security.fullDesktop = mkDefault cfg.fullDesktop;
+    services.fullDesktop = mkDefault cfg.fullDesktop;
+  };
 }

users/modules/desktop/default.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop;
+in {
+  imports = [
+    ./emoji.nix
+    ./eww.nix
+    ./hyprland.nix
+    ./kdeconnect.nix
+    ./kitty.nix
+    ./obs.nix
+    ./qt.nix
+    ./swaync.nix
+    ./waybar.nix
+    ./wlsunset.nix
+    ./wofi.nix
+  ];
+
+  options.home.desktop.fullDesktop = mkEnableOption "Enable options for graphical environments";
+  config.home.desktop = {
+    eww.enable = mkDefault cfg.fullDesktop;
+    hyprland.enable = mkDefault cfg.fullDesktop;
+    kdeconnect.enable = mkDefault cfg.fullDesktop;
+    kitty.enable = mkDefault cfg.fullDesktop;
+    obs.enable = mkDefault cfg.fullDesktop;
+    qt.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/desktop/eww.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.eww;
+in {
+  options.home.desktop.eww.enable = mkEnableOption "Enable eww support";
+  config.programs.eww = mkIf cfg.enable {
+    inherit (cfg) enable;
+    configDir = ./eww-config;
+  };
+}

users/modules/desktop/hyprland.nix

@@ -5,8 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
-  rofi-emoji = import ../scripts/rofi-emoji.nix {inherit pkgs;};
+  cfg = config.home.desktop.hyprland;
+  rofi-emoji = import ../cli/scripts/rofi-emoji.nix {inherit pkgs;};
+  laptops = ["gampo"];
 in {
   imports = [
     ./swaync.nix
@@ -14,33 +15,34 @@ in {
     ./wlsunset.nix
   ];
 
-  options.modules.hyprland = {
+  options.home.desktop.hyprland = {
     enable = mkEnableOption "Enables Hyprland";
-    swaync = mkEnableOption "Enables swaync";
     emacsPkg = mkOption {
       type = types.package;
-      default = pkgs.emacs;
+      default = config.home.dev.editors.emacs.package or pkgs.emacs;
+      # default = pkgs.emacs;
+      example = pkgs.emacs;
     };
     host = mkOption {
-      type = types.enum ["tilo" "gampo"];
-      default = "tilo";
+      type = types.enum ["gampo" "marpa"];
       description = ''
         Which host is Hyprland running on.
 
-        This helps determine the monitors layout.
+        This helps determine the monitors layout and enable battery support in waybar.
       '';
     };
-    waybar = {
-      enable = mkEnableOption "Enables waybar.";
-      battery = mkEnableOption "Enables battery support.";
-      style = mkOption {
-        type = types.path;
-        example = ./style.css;
-      };
-    };
   };
 
   config = mkIf cfg.enable {
+    home.desktop = {
+      swaync.enable = mkDefault true;
+      waybar = {
+        enable = mkDefault true;
+        battery = mkDefault (builtins.elem cfg.host laptops);
+      };
+      wlsunset.enable = mkDefault true;
+      wofi.enable = mkDefault true;
+    };
     wayland.windowManager.hyprland = {
       enable = true;
       xwayland.enable = true;
@@ -58,7 +60,7 @@ in {
         };
         monitor =
           {
-            "tilo" = [
+            "marpa" = [
               "DP-1, 3440x1440@144, 1080x550, 1"
               "DP-2, 2560x1080@60, 0x0, 1, transform, 1"
             ];
@@ -270,28 +272,15 @@ in {
     };
     services = {
       blueman-applet.enable = true;
-      wpaperd = {
+      hyprpaper = {
         enable = true;
         settings = {
-          default = {
-            path = "/home/phundrak/Pictures/Wallpapers/nord";
-            duration = "5m";
-            sorting = "random";
-            mode = "center";
-            recursive = true;
-          };
-          DP-3 = {
-            mode = "fit-border-color";
+          ipc = "on";
+          splash = false;
+          preload = "/home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
+          wallpaper = ", /home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
         };
       };
     };
   };
-    modules = {
-      swaync.enable = cfg.swaync;
-      waybar = mkIf cfg.waybar.enable {
-        inherit (cfg.waybar) enable battery style;
-      };
-      wlsunset.enable = true;
-    };
-  };
 }

users/modules/desktop/kdeconnect.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kdeconnect;
+in {
+  options.home.desktop.kdeconnect.enable = mkEnableOption "Enable KDE Connect";
+  config.services.kdeconnect = mkIf cfg.enable {
+    enable = true;
+    indicator = true;
+  };
+}

users/modules/desktop/kitty.nix

@@ -1,6 +1,15 @@
-{pkgs, ...}: {
-  programs.kitty = {
-    enable = true;
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.kitty;
+in {
+  options.home.desktop.kitty.enable = mkEnableOption "Enable kitty terminal";
+  config.programs.kitty = mkIf cfg.enable {
+    inherit (cfg) enable;
     themeFile = "Nord";
     font = {
       package = pkgs.cascadia-code;

users/modules/desktop/obs.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.obs;
+in {
+  options.home.desktop.obs.enable = mkEnableOption "Enables OBS Studio";
+  config.programs.obs-studio = mkIf cfg.enable {
+    inherit (cfg) enable;
+    plugins = with pkgs.obs-studio-plugins; [
+      input-overlay
+      obs-backgroundremoval
+      obs-mute-filter
+      obs-pipewire-audio-capture
+      obs-source-clone
+      obs-source-record
+      obs-tuna
+    ];
+  };
+}

users/modules/desktop/qt.nix

@@ -0,0 +1,11 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.qt;
+in {
+  options.home.desktop.qt.enable = mkEnableOption "Enable Qt support";
+  config.qt.enable = cfg.enable;
+}