feat: reworked directory structure of host

flake.nix

@@ -55,7 +55,7 @@
   } @ inputs:
     {
       secrets = {
-        masterIdentities = [./secrets/NIXOSc.key.pub ./secrets/NIXOSa.key.pub];
+        masterIdentities = [./secrets/NIXOSc.key.pub];
         extraEncryptionPubkeys = [./secrets/recipients.txt];
         content = import ./nix/secrets.nix inputs;
       };

hosts/common/core/default.nix

@@ -0,0 +1,20 @@
+{
+  imports = [
+    ./inputrc.nix
+    ./issue.nix
+    ./net.nix
+    ./nix.nix
+    ./ssh.nix
+    ./system.nix
+    ./xdg.nix
+  ];
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    verbose = true;
+  };
+  # HM zsh needs this or else the startup order is fucked
+  # and env variables will be loaded incorrectly
+  programs.zsh.enable = true;
+}

hosts/common/core/inputrc.nix

@@ -0,0 +1,110 @@
+{
+  environment.etc."inputrc".text = ''
+    # /etc/inputrc: initialization file for readline
+    #
+    # For more information on how this file works, please see the
+    # INITIALIZATION FILE section of the readline(3) man page
+    #
+    # Quick dirty little note:
+    #  To get the key sequence for binding, you can abuse bash.
+    #  While running bash, hit CTRL+V, and then type the key sequence.
+    #  So, typing 'ALT + left arrow' in Konsole gets you back:
+    #    ^[[1;3D
+    #  The readline entry to make this skip back a word will then be:
+    #    "\e[1;3D" backward-word
+    #
+    # Customization note:
+    #  You don't need to put all your changes in this file.  You can create
+    #  ~/.inputrc which starts off with the line:
+    #    $include /etc/inputrc
+    #  Then put all your own stuff after that.
+    #
+
+    # do not bell on tab-completion
+    set bell-style none
+
+    set history-size -1
+
+    set meta-flag on
+    set input-meta on
+    set convert-meta off
+    set output-meta on
+
+    # dont output everything on first line
+    set horizontal-scroll-mode off
+
+
+    # append slash to completed directories & symlinked directories
+    set mark-directories on
+    set mark-symlinked-directories on
+
+    # dont expand ~ in tab completion
+    set expand-tilde off
+
+    # instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking
+    set show-all-if-ambiguous on
+    set completion-query-items 300
+
+
+    $if mode=emacs
+
+    # for linux console and RH/Debian xterm
+    # allow the use of the Home/End keys
+    "\e[1~": beginning-of-line
+    "\e[4~": end-of-line
+    # map "page up" and "page down" to search history based on current cmdline
+    "\e[5~": history-search-backward
+    "\e[6~": history-search-forward
+    # allow the use of the Delete/Insert keys
+    "\e[3~": delete-char
+    "\e[2~": quoted-insert
+
+    # gnome / others (escape + arrow key)
+    "\e[5C": forward-word
+    "\e[5D": backward-word
+    # konsole / xterm / rxvt (escape + arrow key)
+    "\e\e[C": forward-word
+    "\e\e[D": backward-word
+    # gnome / konsole / others (control + arrow key)
+    "\e[1;5C": forward-word
+    "\e[1;5D": backward-word
+    # aterm / eterm (control + arrow key)
+    "\eOc": forward-word
+    "\eOd": backward-word
+
+    # konsole (alt + arrow key)
+    "\e[1;3C": forward-word
+    "\e[1;3D": backward-word
+
+    # Chromebooks remap alt + backspace so provide alternative (alt + k)
+    "\ek": backward-kill-word
+
+    $if term=rxvt
+    "\e[8~": end-of-line
+
+    "\e[3^": kill-line
+    "\e[3@": backward-kill-line
+    $endif
+
+    # for non RH/Debian xterm, can't hurt for RH/Debian xterm
+    "\eOH": beginning-of-line
+    "\eOF": end-of-line
+
+    # for freebsd console
+    "\e[H": beginning-of-line
+    "\e[F": end-of-line
+
+    # fix Home and End for German users
+    "\e[7~": beginning-of-line
+    "\e[8~": end-of-line
+
+    # ctrl [+ shift] + del = kill line [backward]
+    "\e[3;5~": kill-line
+    "\e[3;6~": backward-kill-line
+    $endif
+
+    # Up and Down should search history based on current cmdline
+    "\e[A": history-search-backward
+    "\e[B": history-search-forward
+  '';
+}

hosts/common/core/issue.nix

@@ -0,0 +1,7 @@
+{
+  environment.etc.issue.text = ''
+    <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
+  '';
+
+  users.motd = "Guten Tach";
+}

hosts/common/core/net.nix

@@ -0,0 +1,19 @@
+{nodeName, ...}: {
+  networking = {
+    useNetworkd = true;
+    dhcpcd.enable = false;
+    hostName = nodeName;
+  };
+  # Should remain enabled since nscd from glibc is kinda ass
+  services.nscd.enableNsncd = true;
+  systemd.network = {
+    enable = true;
+    wait-online.anyInterface = true;
+  };
+  services.resolved = {
+    enable = true;
+    # man i whish dnssec would be viable to use
+    dnssec = "allow-downgrade";
+    llmnr = "true";
+  };
+}

hosts/common/core/nix.nix

@@ -31,12 +31,13 @@
          builders-use-substitutes = true
          experimental-features = nix-command flakes recursive-nix
          flake-registry = /etc/nix/registry.json
-      plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+         plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+      extra-builtins-file = ${../../../nix/extra-builtins.nix}
     '';
     optimise.automatic = true;
     gc = {
       automatic = true;
-      dates = "weekly";
+      dates = "monthly";
     };
 
     registry = {
@@ -46,18 +47,6 @@
       templates.flake = inputs.templates;
     };
   };
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # breaks flake based building
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  # TODO unify the stateversions here and of homemanager
+  system.stateVersion = "23.05";
 }

hosts/common/core/ssh.nix

@@ -0,0 +1,20 @@
+{
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "yes";
+    };
+    hostKeys = [
+      {
+        # never set this to an actual nix type path
+        # or else .....
+        # it will end up in the nix store
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}

hosts/common/core/system.nix

@@ -0,0 +1,59 @@
+{
+  inputs,
+  lib,
+  nodePath,
+  pkgs,
+  nodeName,
+  ...
+}: {
+  rekey = {
+    inherit
+      (inputs.self.secrets)
+      masterIdentities
+      extraEncryptionPubkeys
+      ;
+
+    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
+    hostPubkey = let
+      pubkeyPath = nodePath + "/secrets/host.pub";
+    in
+      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
+      pubkeyPath;
+  };
+  boot = {
+    initrd.systemd.enable = true;
+    initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
+    supportedFilesystems = ["ntfs"];
+    kernelModules = ["kvm-intel"];
+    tmp.useTmpfs = true;
+  };
+
+  security.sudo.enable = false;
+
+  time.timeZone = lib.mkDefault "Europe/Berlin";
+  i18n.defaultLocale = "C.UTF-8";
+  services.xserver = {
+    layout = "de";
+    xkbVariant = "bone";
+  };
+  console = {
+    font = "ter-v28n";
+    packages = with pkgs; [terminus_font];
+    useXkbConfig = true; # use xkbOptions in tty.
+    keyMap = lib.mkDefault "de-latin1-nodeadkeys";
+  };
+
+  users.mutableUsers = false;
+  environment.systemPackages = with pkgs; [
+    wget
+    gcc
+    tree
+    rage
+    file
+    ripgrep
+    killall
+    fd
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

hosts/common/core/xdg.nix

@@ -0,0 +1,14 @@
+{
+  # XDG base spec
+  environment.sessionVariables = rec {
+    XDG_CACHE_HOME = "\${HOME}/.cache";
+    XDG_CONFIG_HOME = "\${HOME}/.config";
+    XDG_STATE_HOME = "\${HOME}/.local/state";
+    XDG_DATA_HOME = "\${HOME}/.local/share";
+    # xdg ninja recommendations
+    CARGO_HOME = "${XDG_DATA_HOME}/cargo";
+    CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
+    RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
+    WINEPREFIX = "${XDG_DATA_HOME}/wine";
+  };
+}

hosts/common/dev/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./docs.nix
+  ];
+  environment.enableDebugInfo = true;
+}

hosts/common/dev/docs.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    man-pages
+    man-pages-posix
+  ];
+  documentation = {
+    dev.enable = true;
+    man.enable = true;
+    info.enable = false;
+  };
+}

hosts/common/efi.nix

@@ -0,0 +1,7 @@
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+}

hosts/common/graphical/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./fonts.nix
+  ];
+}

hosts/common/graphical/fonts.nix

@@ -0,0 +1,53 @@
+{pkgs, ...}: {
+  fonts = {
+    enableDefaultFonts = false;
+    enableGhostscriptFonts = false;
+    fontDir.enable = false;
+    fontconfig = {
+      defaultFonts = {
+        sansSerif = ["IBM Plex Sans"];
+        serif = ["IBM Plex Sans"];
+        monospace = ["FiraCode Nerd Font"];
+        emoji = ["Noto Color Emoji"];
+      };
+      localConf = ''
+        <?xml version="1.0"?>
+        <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+        <fontconfig>
+            <alias binding="weak">
+                <family>monospace</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+            <alias binding="weak">
+                <family>sans-serif</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+            <alias binding="weak">
+                <family>serif</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+        </fontconfig>
+      '';
+    };
+    fonts = with pkgs; [
+      (nerdfonts.override {fonts = ["FiraCode"];})
+      ibm-plex
+      dejavu_fonts
+      unifont
+      freefont_ttf
+      gyre-fonts # TrueType substitutes for standard PostScript fonts
+      liberation_ttf
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-cjk-serif
+      noto-fonts-emoji
+      noto-fonts-extra
+    ];
+  };
+}

hosts/common/graphical/hyprland.nix

@@ -0,0 +1,9 @@
+{
+  programs.hyprland.enable = true;
+  services.dbus.enable = true;
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = with pkgs; [xdg-desktop-portal-hyprland];
+  };
+}

hosts/common/hardware/bluetooth.nix

@@ -0,0 +1,27 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [bluetuith];
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    disabledPlugins = ["sap"];
+    settings = {
+      General = {
+        FastConnectable = "true";
+        JustWorksRepairing = "always";
+        MultiProfile = "multiple";
+        Enable = "Source,Sink,Media,Socket";
+      };
+    };
+  };
+
+  hardware.pulseaudio = {
+    package = pkgs.pulseaudio.override {bluetoothSupport = true;};
+    extraConfig = ''
+      load-module module-bluetooth-discover
+      load-module module-bluetooth-policy
+      load-module module-switch-on-connect
+    '';
+    extraModules = with pkgs; [pulseaudio-modules-bt];
+  };
+}

hosts/common/hardware/intel.nix

@@ -0,0 +1,4 @@
+{
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.cpu.intel.updateMicrocode = true;
+}

hosts/common/hardware/nvidia.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  services.xserver.videoDrivers = lib.mkForce ["nvidia"];
+
+  hardware = {
+    opengl = {
+      enable = true;
+      driSupport32Bit = true;
+    };
+    nvidia = {
+      powerManagement = {
+        enable = true;
+        finegrained = true;
+      };
+      modesetting.enable = true;
+    };
+  };
+}

hosts/common/hardware/physical.nix

@@ -0,0 +1,13 @@
+# Configuration for actual physical machines
+{config, ...}: {
+  hardware = {
+    enableRedistributableFirmware = true;
+    enableAllFirmware = true;
+  };
+
+  services = {
+    fwupd.enable = true;
+    smartd.enable = true;
+    thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
+  };
+}

hosts/common/laptop.nix

@@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  services = {
+    physlock.enable = true;
+    tlp = {
+      enable = true;
+      # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
+      settings = {
+        USB_EXLUDE_PHONE = 1;
+      };
+    };
+    udev.extraRules = ''
+      ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness"
+    '';
+  };
+}

hosts/common/networking.nix

@@ -1,39 +0,0 @@
-{
-  networking.wireless.iwd.enable = true;
-  rekey.secrets.eduroam = {
-    file = ../../secrets/iwd/eduroam.8021x.age;
-    path = "/var/lib/iwd/eduroam.8021x";
-  };
-  rekey.secrets.devoloog = {
-    file = ../../secrets/iwd/devolo-og.psk.age;
-    path = "/var/lib/iwd/devolo-og.psk";
-  };
-  rekey.secrets.kaist = {
-    file = ../../secrets/iwd/kaist.8021x.age;
-    path = "/var/lib/iwd/Welcome_KAIST.8021x";
-  };
-
-  networking.useNetworkd = true;
-  networking.dhcpcd.enable = false;
-  # Should remain enabled since nscd from glibc is kinda ass
-  services.nscd.enableNsncd = true;
-  systemd.network.wait-online.anyInterface = true;
-  # Fuck korea.
-  # I need a static global IP address for my dorm LAN
-  # So to not dox myself this config file is hardcoded
-  rekey.secrets.enp0s20f0u2u4 = {
-    file = ../../secrets/koreaIP.age;
-    path = "/etc/systemd/network/10-enp0s20f0u2u4.network";
-    mode = "444";
-  };
-  services.resolved = {
-    enable = true;
-  };
-  # Add the VPN based route to my paperless instance to
-  # etc/hosts
-  networking.extraHosts = ''
-    10.0.0.1 paperless.lel.lol
-  '';
-
-  networking.firewall.enable = false;
-}

hosts/common/nvidia.nix

@@ -1,24 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  services.xserver.videoDrivers = lib.mkForce ["nvidia"];
-
-  hardware.nvidia = {
-    powerManagement = {
-      enable = true;
-      finegrained = true;
-    };
-    modesetting.enable = true;
-    prime = {
-      offload = {
-        enableOffloadCmd = true;
-        enable = true;
-      };
-
-      intelBusId = "PCI:00:02:0";
-      nvidiaBusId = "PCI:59:00:0";
-    };
-  };
-}

hosts/common/pipewire.nix

@@ -6,13 +6,6 @@
   environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
 
   hardware.pulseaudio.enable = lib.mkForce false;
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.settings = {
-    General = {
-      Enable = "Source,Sink,Media,Socket";
-    };
-  };
-
   security.rtkit.enable = true;
 
   services.pipewire = {
@@ -22,5 +15,5 @@
     pulse.enable = true;
   };
 
-  sound.enable = true;
+  sound.enable = false;
 }

hosts/common/steam.nix

@@ -0,0 +1,13 @@
+{pkgs, ...}: {
+  programs.steam = {
+    enable = true;
+    package = pkgs.steam.override {
+      extraPkgs = pkgs:
+        with pkgs; [
+          # vampir überlebende braucht diese pkgs
+          libgdiplus
+          cups
+        ];
+    };
+  };
+}

hosts/common/touchscreen.nix

@@ -1,10 +0,0 @@
-pkgs:
-# This is small script to map touchinputs to outputs
-# in an ideal world this would happen automatically but
-# with udev and X11 we truly do not live in an ideal world
-"${pkgs.writeShellScriptBin "fix-shit" ''
-     xinput --map-to-output "ELAN2514:00 04F3:2817" eDP-1
-     xinput --map-to-output "ELAN2514:00 04F3:2817 Stylus Pen (0)" eDP-1
-  xset r rate 235 60
-  autorandr -c
-''}/bin/fix-shit"

hosts/common/yubikey.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    yubikey-personalization
+    yubikey-manager
+    age-plugin-yubikey
+  ];
+
+  services.pcscd.enable = true;
+
+  services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
+}

hosts/common/zfs.nix

@@ -0,0 +1,25 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  boot.supportedFilesystems = ["zfs"];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  # The root pool should never be imported forcefully.
+  # Failure to import is important to notice!
+  boot.zfs.forceImportRoot = false;
+
+  environment.systemPackages = with pkgs; [zfs];
+
+  services.zfs = {
+    autoScrub = {
+      enable = true;
+      interval = "weekly";
+    };
+    trim = {
+      enable = true;
+      interval = "weekly";
+    };
+  };
+}

hosts/patricknix/default.nix

@@ -1,87 +1,42 @@
 {
   config,
-  inputs,
   pkgs,
-  nodeName,
-  lib,
+  nixos-hardware,
   ...
 }: let
   shell = pkgs.zsh;
 in {
   imports = [
-    # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-    #user home configuration
-    ../../users/patrick
-    #
+    nixos-hardware.common-cpu-intel
+    nixos-hardware.common-gpu-intel
+    nixos-hardware.common-pc-laptop
+    nixos-hardware.common-pc-laptop-ssd
+
+    ../common/core
+    ../common/dev
+    ../common/graphical
+    ../common/hardware/bluetooth.nix
+    ../common/hardware/intel.nix
+    ../common/hardware/physical.nix
+    ../common/efi.nix
+    ../common/laptop.nix
     ../common/pipewire.nix
-    ../common/nvidia.nix
-    ../common/wireguard.nix
-    ../common/smb-mounts.nix
-    ../common/networking.nix
-    ../common/nix.nix
+    ../common/steam.nix
+    ../common/yubikey.nix
+    ../common/zfs.nix
+
+    ../common/hardware/nvidia.nix
+    ./prime-offload.nix
+
+    ./net.nix
+    ./fs.nix
+    ./smb-mounts.nix
+    ./wireguard.nix
   ];
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "patricknix"; # Define your hostname.
-  networking.hostId = "68438432";
-
   # Set your time zone.
   time.timeZone = "Asia/Seoul";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "C.UTF-8";
-  services.xserver = {
-    layout = "de";
-    xkbVariant = "bone";
-  };
-  programs.hyprland.enable = true;
-  console = {
-    font = "ter-v28n";
-    packages = with pkgs; [terminus_font];
-    useXkbConfig = true; # use xkbOptions in tty.
-  };
-
-  rekey = {
-    inherit
-      (inputs.self.secrets)
-      masterIdentities
-      extraEncryptionPubkeys
-      ;
-
-    #forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
-    hostPubkey = let
-      pubkeyPath = ../. + "/${nodeName}/secrets/host.pub";
-    in
-      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
-      pubkeyPath;
-  };
-
-  hardware.opengl.enable = true;
-
-  nixpkgs.config.allowUnfree = true;
-
-  services.tlp = {
-    enable = true;
-    # currently broken. Issue open at https://github.com/linrunner/TLP/issues/692
-    settings = {
-      USB_EXLUDE_PHONE = 1;
-    };
-  };
-
-  # Disable mutable Users, any option can only be set by the nix config
-  users.mutableUsers = false;
-
   rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
 
-  environment.etc.issue.text = ''
-    <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
-  '';
-
-  users.motd = "Guten Tach";
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.patrick = {
     inherit shell;
@@ -94,9 +49,6 @@ in {
   };
   users.groups.patrick.gid = 1000;
   # Allow users in group video to edit backlight setting
-  services.udev.extraRules = ''
-    ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness"
-  '';
 
   rekey.secrets.root.file = ../../secrets/root.passwd.age;
   users.users.root = {
@@ -108,87 +60,13 @@ in {
     passwordFile = config.rekey.secrets.root.path;
   };
 
-  security.sudo.enable = false;
-
-  documentation.dev.enable = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
-    xterm
-    wget
-    gcc
-    tree
-    age-plugin-yubikey
-    rage
-    file
-    ripgrep
-    killall
-    fd
-    man-pages
-    man-pages-posix
     # xournalpp needs this or else it will crash
     gnome3.adwaita-icon-theme
   ];
-  # HM zsh needs this or else the startup order is fucked
-  # and env variables will be loaded incorrectly
-  programs.zsh.enable = true;
-
-  services.physlock.enable = true;
-
-  programs.steam = {
-    enable = true;
-    package = pkgs.steam.override {
-      extraPkgs = pkgs:
-        with pkgs; [
-          # vampir überlebende braucht diese pkgs
-          libgdiplus
-          cups
-        ];
-    };
-  };
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      PermitRootLogin = "yes";
-    };
-    hostKeys = [
-      {
-        # never set this to an actual nix type path
-        # or else .....
-        # it will end up in the nix store
-        path = "/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-    ];
-  };
-
-  services.thermald.enable = true;
-  services.pcscd.enable = true;
-  services.fstrim.enable = true;
-  hardware.cpu.intel.updateMicrocode = true;
-
-  services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
-
   environment.shellInit = ''
     gpg-connect-agent /bye
     export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
     umask 077
   '';
-  # XDG base spec
-  environment.sessionVariables = rec {
-    XDG_CACHE_HOME = "\${HOME}/.cache";
-    XDG_CONFIG_HOME = "\${HOME}/.config";
-    XDG_STATE_HOME = "\${HOME}/.local/state";
-    XDG_DATA_HOME = "\${HOME}/.local/share";
-    # xdg ninja recommendations
-    CARGO_HOME = "${XDG_DATA_HOME}/cargo";
-    CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
-    RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
-    WINEPREFIX = "${XDG_DATA_HOME}/wine";
-  };
 }

hosts/patricknix/fs.nix

@@ -0,0 +1,13 @@
+{
+  fileSystems."/" = {
+    device = "rpool/ROOT/nixos";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/BC47-8FB9";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+}

hosts/patricknix/hardware-configuration.nix

@@ -1,40 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
-  boot.initrd.kernelModules = [];
-  boot.supportedFilesystems = ["ntfs"];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "rpool/ROOT/nixos";
-    fsType = "zfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/BC47-8FB9";
-    fsType = "vfat";
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s20f0u2u4.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/patricknix/net.nix

@@ -0,0 +1,48 @@
+{
+  nodeSecrets,
+  nodePath,
+  ...
+}: {
+  networking = {
+    inherit (nodeSecrets.networking) hostId;
+    wireless.iwd.enable = true;
+    # Add the VPN based route to my paperless instance to
+    # etc/hosts
+    extraHosts = ''
+      10.0.0.1 paperless.lel.lol
+    '';
+  };
+
+  # Fuck korea.
+  # I need a static global IP address for my dorm LAN
+  # So to not dox myself this config file is hardcoded
+  systemd.network.networks = {
+    "lan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
+      networkConfig.IPv6PrivacyExtensions = "yes";
+      gateway = [nodeSecrets.networking.fuckKoreanDorm.gateway];
+      address = [nodeSecrets.networking.fuckKoreanDorm.address];
+      dns = ["9.9.9.9"];
+    };
+    "wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
+      networkConfig.IPv6PrivacyExtensions = "yes";
+      # TODO: change dns to own when at hom
+      dns = ["9.9.9.9"];
+    };
+  };
+  rekey.secrets.eduroam = {
+    file = nodePath + "/secrets/iwd/eduroam.8021x.age";
+    path = "/var/lib/iwd/eduroam.8021x";
+  };
+  rekey.secrets.devoloog = {
+    file = nodePath + "/secrets/iwd/devolo-og.psk.age";
+    path = "/var/lib/iwd/devolo-og.psk";
+  };
+  rekey.secrets.kaist = {
+    file = nodePath + "/secrets/iwd/kaist.8021x.age";
+    path = "/var/lib/iwd/Welcome_KAIST.8021x";
+  };
+}

hosts/patricknix/prime-offload.nix

@@ -0,0 +1,11 @@
+{
+  hardware.nvidia.prime = {
+    offload = {
+      enableOffloadCmd = true;
+      enable = true;
+    };
+
+    intelBusId = "PCI:00:02:0";
+    nvidiaBusId = "PCI:59:00:0";
+  };
+}

nix/generate-node.nix

@@ -22,6 +22,7 @@ in
       inherit nodeName;
       inherit nodeMeta;
       inherit hyprland;
+      nodePath = ../hosts + "/${nodeName}/";
       secrets = self.secrets.content;
       nodeSecrets = self.secrets.content.nodes.${nodeName};
       nixos-hardware = nixos-hardware.nixosModules;

users/patrick/default.nix

@@ -1,9 +1,8 @@
-{
-  config,
-  home-manager,
-  hyprland,
-  ...
-}: {
+{hyprland, ...}: {
+  # TODO: only import this if the current host is a nixos host
+  imports = [
+    ../../hosts/common/graphical/hyprland.nix
+  ];
   home-manager.users.patrick.imports = [
     hyprland.homeManagerModules.default
     ./patrick.nix