chore: new README

chore: new structure

README.md

@@ -1,67 +1,73 @@
-# Meine wundervolle nix config
+# Meine wundervolle nix config  ❄️
 
-## Structure
+[Structure](./STRUCTURE.md)
 
-- `hosts/` contain nixos configuration for hosts
-    - `<hostname>/` configuration for hosts
-        - `default.nix` Toplevel system definition
-        - `fs.nix` file system definiton
-        - `net.nix` network setup
-        - `secrets/` secrets local to this hosts
-            - `secrets.nix.age` local secrets usable on deploy
-            - `host.pub` host public key, needed for rekeying agenix secrets
-- `modules/` extra nixos modules and shared configurations
-    - `secrets.nix` module to enable deploy-time secrets
-    - `config/` base configuration used on all machines
-    - `dev/` configuration options enabling developer environment
-    - `graphical/` configuration for graphical environments
-    - `hardware/` configuration for hardware components
-    - `impermanence/` impermanence modules for hosts
-- `nix/` additional nix functions
-    - `devshell.nix` Development shell
-    - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
-    - TODO
-    - `lib.nix` additional library functions
-- `secrets/` global secrets
-    - `<name>.key.pub` public key handles to decrypt secrets using yubikey
-    - `recipients.txt` rage recipient file for encrypting secrets
-        - currently containing both yubikeys and a rage backup key
-    - `secrets.nix.age` global secrets available at deploy
-- `users/` home manager user configuration
-    - `common/` shared home-manager modules
-        - `graphical/` configuration for graphical programs
-        - `programs/` configuration for miscellaneous programs
-        - `shells/` configuration for shells
-        - `default.nix` minimal setup for all users
-        - `interactive.nix` minimal setup for interactive users on a command line
-        - `graphical.nix` configuration for users utilizing a graphical interface
-    - `<username>/` configuration for users
-        - `impermanence.nix` users persistence configuration
-- `keys` collection of yubikeys public key parts for decryption
-- `img` images, encrypted to not break any copyright by redistribution
 
 ## Hosts
-- `patricknix` Patricks main laptop
+| | Name | Device | Description
-- `desktopnix` Patricks main desktop
+---|---|---|---
-- `testienix` old laptop for testing
+💻 | patricknix | HP spectre x360 | Patrick's laptop, mainly used for on the go university
-- `gojo` Simons Laptop
+🖥️ | desktopnix | Intel i5-8600K <br> NVIDIA GeForce GTX 1080 <br> 32 GiB RAM | Patrick's desktop, used for most development and gaming
+🖥️ | elisabeth | AMD Ryzen 7 5800X <br> 32 GiB RAM | Server running most cloud services
+🖥️ | maddy | Hetzner VPS | Static IP server running mail
+💻 | gojo | ? |Simons Laptop
+
+## User Configuration
+This showcases my end user setup, which I dailydrive on all my hosts.
+
+| | Programm | Description
+---|---|---
+🐚 Shell | [ZSH](./users/common/shells/zsh/default.nix) & [Starship](./users/common/shells/starfish.nix) | ZSH with FZF autocomplete, starship prompt, sqlite history and histdb-skim for fancy reverse search
+🪟 WM | [Sway](./users/common/graphical/wayland/sway.nix) & [i3](./users/common/graphical/Xorg/i3.nix) | Tiling window managers with similar behaviour for wayland and xorg
+🖼️ Styling | [Stylix](./modules/graphical/default.nix) | globally consistent styling 
+📝 Editor | [NeoVim](./users/common/programs/nvim/default.nix) | Extensively configured neovim
+🎮 Gaming | [Bottles](./users/common/programs/bottles.nix) & [Steam](./modules/optional/steam.nix) | Pew, Pew and such
+🌐 Browser | [Firefox](./users/patrick/firefox.nix) | Heavily configured Firefox to still my privacy and security needs
+💻 Terminal | [Kitty](./users/common/programs/kitty.nix) | fast terminal
+🎵 Music | [Spotify](./users/common/programs/spicetify.nix) | Fancy looking spotify using spicetify
+📫 Mail | [Thunderbird](./users/common/programs/thunderbird.nix) | Best email client there is
+🎛️ StreamDeck | [StreamDeck](./users/patrick/streamdeck.nix) | More hotkeys = more better
+
+## Service Configuration
+These are services I've set up
+
+| | Programm | Description
+---|---|---
+💸 Budgeting | [FireflyIII](./config/services/firefly.nix) | Self Hosted budgeting tool
+🛡️ AdBlock | [AdGuard Home](./config/services/adguardhome.nix) | DNS Adblocker
+🔨 Git | [Forgejo](./config/services/forgejo.nix) | Selfhosted GitHub alternative
+📸 Photos | [Immich](./config/services/immich.nix) | Selfhosted Google Photos equivalent
+🔒 SSO | [Kanidm](./config/services/kanidm.nix) | Secure single sign on Identity Provider
+📧 E-Mail | [Maddy](./config/services/maddy.nix) | All in one mail server
+🎧 Communication | [Murmur](./config/services/murmur.nix) | Selfhosted mumble server for secure and always available communication
+🌐 VPN | [Netbird](./config/services/netbird.nix) | Easy to use peer to peer VPN solution based on wireguard
+🌧️ Cloud | [NextCloud](./config/services/nextcloud.nix) | All in one cloud solution providing online File storage as well as notes, contacts and calendar synchronization
+🗄️ Documents | [Paperless](./config/services/paperless.nix) | Machine learnig supported document organizing plattform
+📁 NAS | [Samba](./config/services/samba.nix) | Local network shared storage
+📰 Feedreader | [freshRSS](./config/services/ttrss.nix) | hosted RSS feed aggregator
+🔑 Passwords | [Vaultwarden](./config/services/vaultwarden.nix) | Self hosted bitwarden server
+🎵 Music | [Your Spotify](./config/services/yourspotify.nix) | Spotify listening habits analyzer
+
+
+## External dependencies
+These are notable external flakes which this config depend upon
+
+| Name | Usage |
+---|---
+[NixVim](https://github.com/nix-community/nixvim) | NeoVim using nix
+[MicroVM](https://github.com/astro/microvm.nix) | Declarative VMs
+[Disko](https://github.com/nix-community/disko)| disk partitioning
+[nixos-generators](https://github.com/nix-community/nixos-generators) | generate installers
+[home-manager](https://github.com/nix-community/home-manager) | user config
+[agenix](https://github.com/ryantm/agenix) | secret files for nix
+[agenix-rekey](https://github.com/oddlama/agenix-rekey) | secret files that are git commitable
+[nixos-nftables-firewall](https://github.com/thelegy/nixos-nftables-firewall) | nftables based firewall
+[impermanence](https://github.com/nix-community/impermanence) | stateless filesystem
+[lanzaboote](https://github.com/nix-community/lanzaboote) | Secure Boot
+[stylix](https://github.com/danth/stylix) | theming
+[spicetify](https://github.com/the-argus/spicetify-nix) | spotify looking fancy
 
-## Users
-- `patrick` my normal everyday unprivileged user
-- `root` root user imported by every host
 
-## Flake output structure
-- `checks` linting and other checks for this repository
-    - `pre-commit-check` automatic checks executed as pre-commit hooks
-- `nixosHosts` top level configs for hosts
-- `nodes` alias to `nixosNodes`
-- `devshell` development shell using devshell
-- `formatter` nix code formatter
-- `hosts` host meta declaration
-- `pkgs` nixpkgs
-- `packages` additional packages
-- `secretsConfig` meta configuration for secrets
-- `stateVersion` global stateversion used by nixos and home-manager to determine default config
 
 ## How-To
 
@@ -72,8 +78,8 @@
     1. Create and fill `default.nix`
     1. Fill `net.nix`
     1. Fill `fs.nix`
-    2. Don't forget to add necesarry config for filesystems, etc.
+    2. Don't forget to add necessary config for filesystems, etc.
-3. Generate ISO image with `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
+3. Generate ISO image using `nix build --print-out-paths --no-link .#images.<target-system>.live-iso`
     - This might take multiple minutes(~10)
     - Alternatively boot an official nixos image connect with password
 3. Copy ISO to usb using dd
@@ -85,6 +91,7 @@
 5. Deploy system
 
 ### Add secureboot to new systems
+
 1. generate keys with `sbct create-keys`
 1. tar the resulting folder using `tar cvf secureboot.tar -C /etc/secureboot .`
 1. Copy the tar to local using scp and encrypt it using rage
@@ -104,10 +111,11 @@
 1. Time to reboot and pray
 
 ### Add luks encryption TPM keys
+
 `systemd-cryptenroll --tpm2-with-pin={yes/no} --tpm2-device=auto <device>`
 
 
-## Deploy
+### Deploy from new host
 
 If deploying from a host not containing the necessary nix configuration option append
 ```bash

STRUCTURE.md

@@ -0,0 +1,38 @@
+This file contains a small overview over the contents and structure of this repository, mainly for me to remember where I put my shit.
+
+- `config/` contains shared nixos configuration
+    - `basic/` the basic system configuration, this should be applied for all systems
+        - `system.nix` a far descendant of the original `configuration.nix`
+            any global configuration should be done here first and later moved to their own file if necessary
+    - `hardware/` configuration for specific hardware
+    - `optional/` optionally includable configuration
+    - `services/` configuration for independent services
+- `hosts/` contain nixos configuration for hosts
+    - `<hostname>/` configuration for hosts
+        - `default.nix` Toplevel system definition
+        - `fs.nix` file system definiton
+        - `net.nix` network setup
+        - *`guests.nix`* optional config for guest systems
+        - `secrets/` secrets local to this hosts
+            - `secrets.nix.age` local secrets usable while evaluating
+            - `host.pub` host public key, needed for rekeying agenix secrets
+- `keys/` public keys needed for evaluating the system
+- `lib/` extra library functions
+- `modules/` extra nixos modules
+- `modules-hm/` extra home-manager modules
+- `nix/` additional nix functions
+    - `devshell.nix` Development shell
+    - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
+- `pkgs/` additional packages
+- `secrets/` global secrets
+    - `recipients.txt` rage recipient file for encrypting secrets
+        - currently containing all yubikeys and a rage backup key
+    - `secrets.nix.age` global secrets available at deploy
+- `users/` home manager user configuration
+    - `common/` shared home-manager modules
+        - `graphical/` configuration for graphical programs
+        - `programs/` configuration for miscellaneous programs
+        - `shells/` configuration for shells
+        - `default.nix` minimal setup for all users
+    - `<username>/` configuration for users
+        - `impermanence.nix` users persistence configuration

config/basic/default.nix

@@ -6,36 +6,35 @@
   imports = [
     ./boot.nix
     ./home-manager.nix
+    ./impermanence.nix
     ./inputrc.nix
     ./issue.nix
     ./net.nix
+    ./nftables.nix
     ./nix.nix
     ./ssh.nix
     ./system.nix
     ./users.nix
     ./xdg.nix
-    ./nftables.nix
 
     ../../users/root
 
-    ../secrets.nix
+    ../../modules/deterministic-ids.nix
-    ../meta.nix
+    ../../modules/distributed-config.nix
-    ../smb-mounts.nix
+    ../../modules/meta.nix
-    ../deterministic-ids.nix
+    ../../modules/iwd.nix
-    ../distributed-config.nix
+    ../../modules/secrets.nix
-    ../optional/iwd.nix
+    ../../modules/smb-mounts.nix
-    ./impermanence
 
+    inputs.agenix-rekey.nixosModules.default
+    inputs.agenix.nixosModules.default
+    inputs.disko.nixosModules.disko
     inputs.home-manager.nixosModules.default
     inputs.impermanence.nixosModules.impermanence
-    inputs.agenix.nixosModules.default
-    inputs.agenix-rekey.nixosModules.default
-    inputs.disko.nixosModules.disko
     inputs.lanzaboote.nixosModules.lanzaboote
-    inputs.nixvim.nixosModules.nixvim
     inputs.nixos-extra-modules.nixosModules.default
-    inputs.musnix.nixosModules.musnix
     inputs.nixos-nftables-firewall.nixosModules.default
+    inputs.nixvim.nixosModules.nixvim
   ];
   age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"];
   boot.mode = lib.mkDefault "efi";

config/basic/home-manager.nix

@@ -5,7 +5,10 @@
   nodes,
   ...
 }: {
-  imports = [./impermanence/users.nix];
+  imports = [
+    ../../modules-hm/impermanence.nix
+    ../../modules-hm/images.nix
+  ];
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;
@@ -22,7 +25,6 @@
       inputs.nixos-extra-modules.homeManagerModules.default
       inputs.nixvim.homeManagerModules.nixvim
       inputs.spicetify-nix.homeManagerModule
-      inputs.wired-notify.homeManagerModules.default
     ];
   };
   # HM zsh needs this or else the startup order is fucked

config/basic/issue.nix

@@ -1,6 +1,6 @@
 {
   environment.etc.issue.text = ''
-    <<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
+    <<< Welcome to NixOS (\m) - \l >>>
   '';
 
   users.motd = "Guten Tach";

config/optional/dev.nix

@@ -5,19 +5,14 @@
   ...
 }:
 lib.optionalAttrs (!minimal) {
-  imports = [
-    ./docs.nix
-  ];
   environment.systemPackages = with pkgs; [
     gnumake
     pciutils
     gcc
     usbutils
+    man-pages
+    man-pages-posix
   ];
-  programs.wireshark = {
-    enable = true;
-    package = pkgs.wireshark;
-  };
 
   services.nixseparatedebuginfod.enable = true;
   environment = {
@@ -28,4 +23,9 @@ lib.optionalAttrs (!minimal) {
       umask 077
     '';
   };
+  documentation = {
+    dev.enable = true;
+    man.enable = true;
+    info.enable = false;
+  };
 }

config/optional/graphical.nix

@@ -0,0 +1,228 @@
+{
+  config,
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mkOption
+    types
+    ;
+in {
+  options.hidpi = mkOption {
+    default = false;
+    type = types.bool;
+    description = "Enable HighDPI configuration for this host and all installed users";
+  };
+
+  # stylix acceses stylix options on import meaning you can only import this module when you're actually setting stylix options
+  imports = [
+    inputs.stylix.nixosModules.stylix
+  ];
+
+  config = {
+    environment.systemPackages = with pkgs; [
+      xdg-utils
+    ];
+    xdg.portal = {
+      xdgOpenUsePortal = true;
+      enable = true;
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-wlr
+        xdg-desktop-portal-gtk
+      ];
+      config = {
+        common.default = [
+          "gtk"
+        ];
+        sway.default = [
+          "wlr"
+        ];
+      };
+    };
+    # needed for gnome pinentry
+    services.dbus.packages = [pkgs.gcr];
+    fonts = {
+      enableGhostscriptFonts = false;
+      fontDir.enable = false;
+      fontconfig = {
+        localConf = ''
+          <?xml version="1.0"?>
+          <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+          <fontconfig>
+              <alias binding="weak">
+                  <family>monospace</family>
+                  <prefer>
+                      <family>emoji</family>
+                  </prefer>
+              </alias>
+              <alias binding="weak">
+                  <family>sans-serif</family>
+                  <prefer>
+                      <family>emoji</family>
+                  </prefer>
+              </alias>
+              <alias binding="weak">
+                  <family>serif</family>
+                  <prefer>
+                      <family>emoji</family>
+                  </prefer>
+              </alias>
+          </fontconfig>
+        '';
+      };
+      packages = with pkgs; [
+        (nerdfonts.override {fonts = ["FiraCode"];})
+        ibm-plex
+        dejavu_fonts
+        unifont
+        freefont_ttf
+        gyre-fonts # TrueType substitutes for standard PostScript fonts
+        liberation_ttf
+        noto-fonts
+        noto-fonts-cjk-sans
+        noto-fonts-cjk-serif
+        noto-fonts-emoji
+        noto-fonts-extra
+      ];
+    };
+    stylix.fonts = {
+      serif = {
+        package = pkgs.dejavu_fonts;
+        name = "IBM Plex Serif";
+      };
+
+      sansSerif = {
+        package = pkgs.dejavu_fonts;
+        name = "IBM Plex Sans";
+      };
+
+      monospace = {
+        # No need for patched nerd fonts, kitty can pick up on them automatically,
+        # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font
+        package = pkgs.jetbrains-mono;
+        name = "JetBrains Mono";
+      };
+
+      emoji = {
+        package = pkgs.noto-fonts-emoji;
+        name = "Noto Color Emoji";
+      };
+    };
+    stylix = {
+      autoEnable = false;
+      polarity = "dark";
+      image = config.lib.stylix.pixel "base00";
+      base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml";
+      # Has to be green
+      override.base0B = "#00CC99";
+      #base16Scheme = {
+      #	base00 = "#101419";
+      #	base01 = "#171B20";
+      #	base02 = "#21262e";
+      #	base03 = "#242931";
+      #	base04 = "#485263";
+      #	base05 = "#b6beca";
+      #	base06 = "#dee1e6";
+      #	base07 = "#e3e6eb";
+      #	base08 = "#e05f65";
+      #	base09 = "#f9a872";
+      #	base0A = "#f1cf8a";
+      #	base0B = "#78dba9";
+      #	base0C = "#74bee9";
+      #	base0D = "#70a5eb";
+      #	base0E = "#c68aee";
+      #	base0F = "#9378de";
+      #};
+      ## based on decaycs-dark, bright variant
+      #base16Scheme = {
+      #  base00 = "#101419";
+      #  base01 = "#171B20";
+      #  base02 = "#21262e";
+      #  base03 = "#242931";
+      #  base04 = "#485263";
+      #  base05 = "#b6beca";
+      #  base06 = "#dee1e6";
+      #  base07 = "#e3e6eb";
+      #  base08 = "#e5646a";
+      #  base09 = "#f7b77c";
+      #  base0A = "#f6d48f";
+      #  base0B = "#94F7C5";
+      #  base0C = "#79c3ee";
+      #  base0D = "#75aaf0";
+      #  base0E = "#cb8ff3";
+      #  base0F = "#9d85e1";
+      #};
+    };
+
+    home-manager.sharedModules = [
+      ({
+        pkgs,
+        config,
+        nixosConfig,
+        ...
+      }: {
+        stylix = {
+          cursor = {
+            package = pkgs.openzone-cursors;
+            name = "OpenZone_White_Slim";
+            size =
+              if nixosConfig.hidpi
+              then 48
+              else 18;
+          };
+          inherit (nixosConfig.stylix) polarity;
+          targets = {
+            gtk.enable = true;
+            bat.enable = true;
+            dunst.enable = true;
+            zathura.enable = true;
+            xresources.enable = true;
+          };
+        };
+
+        xresources.properties = {
+          "Xft.hinting" = true;
+          "Xft.antialias" = true;
+          "Xft.autohint" = false;
+          "Xft.lcdfilter" = "lcddefault";
+          "Xft.hintstyle" = "hintfull";
+          "Xft.rgba" = "rgb";
+        };
+
+        gtk = let
+          gtk34extraConfig = {
+            gtk-application-prefer-dark-theme = 1;
+            gtk-cursor-theme-size = 18;
+            gtk-enable-animations = true;
+            gtk-xft-antialias = 1;
+            gtk-xft-dpi = 96; # XXX: delete for wayland?
+            gtk-xft-hinting = 1;
+            gtk-xft-hintstyle = "hintfull";
+            gtk-xft-rgba = "rgb";
+          };
+        in {
+          enable = true;
+          iconTheme = {
+            name = "Vimix-Doder";
+            package = pkgs.vimix-icon-theme;
+          };
+
+          gtk2.extraConfig = "gtk-application-prefer-dark-theme = true";
+          gtk3.extraConfig = gtk34extraConfig;
+          gtk4.extraConfig = gtk34extraConfig;
+        };
+
+        home.sessionVariables.GTK_THEME = config.gtk.theme.name;
+
+        qt = {
+          enable = true;
+          platformTheme = "gnome";
+          style.name = "Adwaita-Dark";
+        };
+      })
+    ];
+  };
+}

config/services/firefly.nix

@@ -3,7 +3,7 @@
   lib,
   ...
 }: {
-  imports = [../fireflyIII.nix];
+  imports = [../../modules/fireflyIII.nix];
 
   wireguard.elisabeth = {
     client.via = "elisabeth";

config/services/kanidm.nix

@@ -1,7 +1,7 @@
 {config, ...}: let
   kanidmdomain = "auth.${config.secrets.secrets.global.domains.web}";
 in {
-  imports = [../kanidm.nix];
+  imports = [../../modules/kanidm.nix];
   wireguard.elisabeth = {
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [3000];

config/services/netbird.nix

@@ -1,7 +1,7 @@
 {config, ...}: {
   imports = [
-    ../netbird-server.nix
+    ../../modules/netbird-server.nix
-    ../netbird-dashboard.nix
+    ../../modules/netbird-dashboard.nix
   ];
   wireguard.elisabeth = {
     client.via = "elisabeth";

config/services/samba.nix

@@ -10,7 +10,7 @@
 
   disabledModules = ["services/networking/netbird.nix"];
 
-  imports = [../netbird-client.nix];
+  imports = [../../modules/netbird-client.nix];
   services.netbird.tunnels = {
     netbird-samba = {
       environment = {
@@ -214,7 +214,7 @@
   # to get this file start a smbd, add users using 'smbpasswd -a <user>'
   # then export the database using 'pdbedit -e tdbsam:<location>'
   age.secrets.smbpassdb = {
-    rekeyFile = ../../secrets/smbpassdb.tdb.age;
+    rekeyFile = config.node.secretsDir + "/smbpassdb.tdb.age";
   };
   users = let
     users = lib.unique (lib.mapAttrsToList (_: val: val."force user") config.services.samba.shares);

config/services/yourspotify.nix

@@ -7,7 +7,7 @@
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [3000 80];
   };
-  imports = [./your_spotify_m.nix];
+  imports = [../../modules/your_spotify.nix];
   age.secrets.spotifySecret = {
     owner = "root";
     mode = "440";

flake.lock

@@ -569,24 +569,6 @@
         "type": "github"
       }
     },
-    "flake-parts_4": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib_2"
-      },
-      "locked": {
-        "lastModified": 1709336216,
-        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "flake-utils": {
       "inputs": {
         "systems": "systems_3"
@@ -733,24 +715,6 @@
         "type": "github"
       }
     },
-    "flake-utils_9": {
-      "inputs": {
-        "systems": "systems_12"
-      },
-      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -1053,26 +1017,6 @@
         "type": "github"
       }
     },
-    "musnix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1712254133,
-        "narHash": "sha256-fwuWrAprqoA4fUrkZGVb6PjRpebm5xjNsyoaw+JVSyY=",
-        "owner": "musnix",
-        "repo": "musnix",
-        "rev": "b5bcdce137b00185dce5fa578739cd52770b8794",
-        "type": "github"
-      },
-      "original": {
-        "owner": "musnix",
-        "repo": "musnix",
-        "type": "github"
-      }
-    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -1284,24 +1228,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-lib_2": {
-      "locked": {
-        "dir": "lib",
-        "lastModified": 1709237383,
-        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
-        "type": "github"
-      },
-      "original": {
-        "dir": "lib",
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1685801374,
@@ -1437,22 +1363,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1706487304,
-        "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixvim": {
       "inputs": {
         "devshell": "devshell_4",
@@ -1631,7 +1541,6 @@
         "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
         "microvm": "microvm",
-        "musnix": "musnix",
         "nix-index-database": "nix-index-database",
         "nixos-extra-modules": "nixos-extra-modules",
         "nixos-generators": "nixos-generators",
@@ -1644,7 +1553,7 @@
         "spicetify-nix": "spicetify-nix",
         "stylix": "stylix",
         "systems": "systems_11",
-        "wired-notify": "wired-notify"
+        "templates": "templates"
       }
     },
     "rust-overlay": {
@@ -1672,25 +1581,6 @@
         "type": "github"
       }
     },
-    "rust-overlay_2": {
-      "inputs": {
-        "flake-utils": "flake-utils_9",
-        "nixpkgs": "nixpkgs_5"
-      },
-      "locked": {
-        "lastModified": 1711764554,
-        "narHash": "sha256-I2/x/jFd7MAuIi3+kncIF0zJwhkFzxpi5XFdT2RLOF8=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "7cf3d11d06dcd12fb62ca2c039f3c5e25b53c5a7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
     "spectrum": {
       "flake": false,
       "locked": {
@@ -1801,21 +1691,6 @@
         "type": "github"
       }
     },
-    "systems_12": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "systems_2": {
       "locked": {
         "lastModified": 1681028828,
@@ -1936,6 +1811,21 @@
         "type": "github"
       }
     },
+    "templates": {
+      "locked": {
+        "lastModified": 1696855554,
+        "narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=",
+        "ref": "refs/heads/main",
+        "rev": "a6c35c2af9f26599e81002630329054b99efbe79",
+        "revCount": 11,
+        "type": "git",
+        "url": "https://git.lel.lol/patrick/nix-templates.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lel.lol/patrick/nix-templates.git"
+      }
+    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -1957,28 +1847,6 @@
         "repo": "treefmt-nix",
         "type": "github"
       }
-    },
-    "wired-notify": {
-      "inputs": {
-        "flake-parts": "flake-parts_4",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "rust-overlay": "rust-overlay_2"
-      },
-      "locked": {
-        "lastModified": 1711861273,
-        "narHash": "sha256-VuPSgDhK2zNtOZlpEXKBnMqSd9SkeC4ZQDDuX/swiDg=",
-        "owner": "Toqozz",
-        "repo": "wired-notify",
-        "rev": "54bae8ac6154e52215c4c0f7d25fb5e735b9179e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Toqozz",
-        "repo": "wired-notify",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -60,17 +60,13 @@
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
-    musnix = {
-      url = "github:musnix/musnix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
 
     nixos-nftables-firewall = {
       url = "github:thelegy/nixos-nftables-firewall";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    #templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
+    templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
 
     impermanence.url = "github:nix-community/impermanence";
 
@@ -80,6 +76,7 @@
       url = "github:numtide/devshell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -87,17 +84,11 @@
 
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.3.0";
-
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     stylix.url = "github:danth/stylix";
 
-    wired-notify = {
-      url = "github:Toqozz/wired-notify";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     spicetify-nix.url = "github:the-argus/spicetify-nix";
 
     nixvim = {
@@ -114,7 +105,6 @@
     nixos-generators,
     pre-commit-hooks,
     devshell,
-    wired-notify,
     nixvim,
     nixos-extra-modules,
     ...
@@ -166,7 +156,6 @@
             nixos-extra-modules.overlays.default
             devshell.overlays.default
             agenix-rekey.overlays.default
-            wired-notify.overlays.default
             nixvim.overlays.default
           ];
         inherit system;
@@ -177,7 +166,7 @@
         inherit pkgs;
         modules = [
           ./nix/installer-configuration.nix
-          ./modules/config/ssh.nix
+          ./config/basic/ssh.nix
         ];
         format =
           {

hosts/desktopnix/default.nix

@@ -11,24 +11,24 @@
     inputs.nixos-hardware.nixosModules.common-pc-hdd
     inputs.nixos-hardware.nixosModules.common-pc-ssd
 
-    ../../modules/config
+    ../../config/basic
-    ../../modules/dev
-    ../../modules/graphical
 
-    ../../modules/optional/xserver.nix
+    ../../config/hardware/bluetooth.nix
-    ../../modules/optional/secureboot.nix
+    ../../config/hardware/nintendo.nix
+    ../../config/hardware/nvidia.nix
+    ../../config/hardware/physical.nix
+    ../../config/hardware/pipewire.nix
+    ../../config/hardware/yubikey.nix
 
-    ../../modules/hardware/nintendo.nix
+    ../../config/optional/dev.nix
-    ../../modules/hardware/nvidia.nix
+    ../../config/optional/graphical.nix
-    ../../modules/hardware/physical.nix
+    ../../config/optional/printing.nix
-    ../../modules/hardware/pipewire.nix
+    ../../config/optional/secureboot.nix
-    ../../modules/hardware/yubikey.nix
+    ../../config/optional/steam.nix
-    ../../modules/hardware/bluetooth.nix
+    ../../config/optional/xserver.nix
-    ../../modules/hardware/zfs.nix
+    ../../config/optional/zfs.nix
 
-    ../../modules/optional/streamdeck.nix
+    ../../modules-hm/streamdeck.nix
-    ../../modules/optional/steam.nix
-    ../../modules/optional/printing.nix
 
     ./net.nix
     ./fs.nix

hosts/elisabeth/default.nix

@@ -12,12 +12,13 @@
       inputs.nixos-hardware.nixosModules.common-cpu-amd
       inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
 
-      ../../modules/config
+      ../../config/basic
-      ../../modules/optional/initrd-ssh.nix
-      ../../modules/optional/secureboot.nix
 
-      ../../modules/hardware/physical.nix
+      ../../config/optional/initrd-ssh.nix
-      ../../modules/hardware/zfs.nix
+      ../../config/optional/secureboot.nix
+      ../../config/optional/zfs.nix
+
+      ../../config/hardware/physical.nix
 
       ./net.nix
       ./fs.nix

hosts/elisabeth/guests.nix

@@ -213,8 +213,8 @@ in {
         dataset = "bunker/shared/paperless";
       };
       modules = [
-        ../../modules/config
+        ../../config/basic
-        ../../modules/services/${guestName}.nix
+        ../../config/services/${guestName}.nix
         {
           node.secretsDir = config.node.secretsDir + "/${guestName}";
           networking.nftables.firewall.zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName];

hosts/gojo/default.nix

@@ -9,20 +9,17 @@
     inputs.nixos-hardware.nixosModules.common-pc-laptop
     inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
 
-    ../../modules/config
+    ../../config/basic
-    ../../modules/dev
+    ../../config/optional/dev.nix
-    ../../modules/graphical
+    ../../config/optional/graphical.nix
-
+    ../../config/optional/wayland.nix
-    ../../modules/optional/wayland.nix
+    ../../config/optional/xserver.nix
-    ../../modules/optional/xserver.nix
+    ../../config/optional/printing.nix
-    ../../modules/optional/printing.nix
+    ../../config/hardware/bluetooth.nix
-
+    ../../config/hardware/laptop.nix
-    ../../modules/hardware/bluetooth.nix
+    ../../config/hardware/physical.nix
-    ../../modules/hardware/laptop.nix
+    ../../config/hardware/pipewire.nix
-    ../../modules/hardware/physical.nix
+    ../../config/hardware/yubikey.nix
-    ../../modules/hardware/pipewire.nix
-    ../../modules/hardware/yubikey.nix
-    ../../modules/hardware/zfs.nix
 
     ./net.nix
     ./fs.nix

hosts/maddy/default.nix

@@ -1,20 +1,12 @@
 {
-  lib,
+  imports = [
-  minimal,
+    ../../config/basic
-  ...
+    ../../config/optional/initrd-ssh.nix
-}: {
+    ../../config/services/maddy.nix
-  imports =
+    ../../config/optional/zfs.nix
-    [
-      ../../modules/config
-      ../../modules/optional/initrd-ssh.nix
-      ../../modules/services/maddy.nix
-
-      ../../modules/hardware/zfs.nix
 
     ./net.nix
     ./fs.nix
-    ]
-    ++ lib.lists.optionals (!minimal) [
   ];
   services.xserver = {
     layout = "de";

hosts/patricknix/default.nix

@@ -9,24 +9,23 @@
     inputs.nixos-hardware.nixosModules.common-pc-laptop
     inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
 
-    ../../modules/config
+    ../../config/basic
-    ../../modules/dev
-    ../../modules/graphical
 
-    ../../modules/optional/wayland.nix
+    ../../config/hardware/bluetooth.nix
-    ../../modules/optional/secureboot.nix
+    ../../config/hardware/laptop.nix
-    ../../modules/optional/printing.nix
+    ../../config/hardware/nvidia.nix
+    ../../config/hardware/physical.nix
+    ../../config/hardware/pipewire.nix
+    ../../config/hardware/prime-offload.nix
+    ../../config/hardware/yubikey.nix
 
-    ../../modules/hardware/bluetooth.nix
+    ../../config/optional/dev.nix
-    ../../modules/hardware/laptop.nix
+    ../../config/optional/graphical.nix
-    ../../modules/hardware/nvidia.nix
+    ../../config/optional/printing.nix
-    ../../modules/hardware/physical.nix
+    ../../config/optional/secureboot.nix
-    ../../modules/hardware/pipewire.nix
+    ../../config/optional/steam.nix
-    ../../modules/hardware/yubikey.nix
+    ../../config/optional/wayland.nix
-    ../../modules/hardware/zfs.nix
+    ../../config/optional/zfs.nix
-
-    ../../modules/hardware/prime-offload.nix
-    ../../modules/optional/steam.nix
 
     ./net.nix
     ./fs.nix

modules-hm/images.nix

@@ -0,0 +1,67 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit
+    (lib)
+    mkEnableOption
+    mkMerge
+    attrNames
+    flip
+    filterAttrs
+    mkIf
+    mkOption
+    types
+    removeSuffix
+    hasPrefix
+    mapAttrs'
+    listToAttrs
+    ;
+in {
+  home-manager.sharedModules = [
+    {
+      options.images = {
+        enable = mkEnableOption "Enable images";
+        images = mkOption {
+          type = types.attrsOf types.path;
+          readOnly = true;
+          default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) (
+            name: value: {
+              inherit (value) name;
+              value = value.path;
+            }
+          );
+        };
+      };
+    }
+  ];
+
+  imports = [
+    (
+      {config, ...}: {
+        age.secrets = mkMerge (
+          flip map
+          (attrNames config.home-manager.users)
+          (
+            user:
+              mkIf config.home-manager.users.${user}.images.enable (
+                listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../secrets/img)))
+                  (
+                    file: {
+                      name = "images-${user}-${file}";
+                      value = {
+                        name = removeSuffix ".age" file;
+                        rekeyFile = ../secrets/img/${file};
+                        owner = user;
+                        group = user;
+                      };
+                    }
+                  ))
+              )
+          )
+        );
+      }
+    )
+  ];
+}

modules-hm/impermanence.nix

@@ -10,10 +10,8 @@
     attrNames
     mkOption
     types
-    hasAttr
     mkMerge
     isAttrs
-    mkIf
     ;
 in {
   # Expose a home manager module for each user that allows extending

modules/config/usbguard.nix

@@ -1,7 +0,0 @@
-{config, ...}: {
-  age.secrets.usbguard.rekeyFile = ../../secrets/usbguard.rules.age;
-  services.usbguard = {
-    ruleFile = config.age.secrets.usbguard.path;
-    #enable = true;
-  };
-}

modules/dev/docs.nix

@@ -1,11 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    man-pages
-    man-pages-posix
-  ];
-  documentation = {
-    dev.enable = true;
-    man.enable = true;
-    info.enable = false;
-  };
-}

modules/graphical/default.nix

@@ -1,93 +0,0 @@
-{
-  inputs,
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  inherit
-    (lib)
-    mkOption
-    types
-    ;
-in {
-  options.hidpi = mkOption {
-    default = false;
-    type = types.bool;
-    description = "Enable HighDPI configuration for this host and all installed users";
-  };
-  imports = [
-    inputs.stylix.nixosModules.stylix
-    ./fonts.nix
-    ./images.nix
-  ];
-
-  config = {
-    environment.systemPackages = with pkgs; [
-      xdg-utils
-    ];
-    xdg.portal = {
-      xdgOpenUsePortal = true;
-      enable = true;
-      extraPortals = with pkgs; [
-        xdg-desktop-portal-wlr
-        xdg-desktop-portal-gtk
-      ];
-      config = {
-        common.default = [
-          "gtk"
-        ];
-        sway.default = [
-          "wlr"
-        ];
-      };
-    };
-    # needed for gnome pinentry
-    services.dbus.packages = [pkgs.gcr];
-    stylix = {
-      autoEnable = false;
-      polarity = "dark";
-      image = config.lib.stylix.pixel "base00";
-      base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml";
-      # Has to be green
-      override.base0B = "#00CC99";
-      #base16Scheme = {
-      #	base00 = "#101419";
-      #	base01 = "#171B20";
-      #	base02 = "#21262e";
-      #	base03 = "#242931";
-      #	base04 = "#485263";
-      #	base05 = "#b6beca";
-      #	base06 = "#dee1e6";
-      #	base07 = "#e3e6eb";
-      #	base08 = "#e05f65";
-      #	base09 = "#f9a872";
-      #	base0A = "#f1cf8a";
-      #	base0B = "#78dba9";
-      #	base0C = "#74bee9";
-      #	base0D = "#70a5eb";
-      #	base0E = "#c68aee";
-      #	base0F = "#9378de";
-      #};
-      ## based on decaycs-dark, bright variant
-      #base16Scheme = {
-      #  base00 = "#101419";
-      #  base01 = "#171B20";
-      #  base02 = "#21262e";
-      #  base03 = "#242931";
-      #  base04 = "#485263";
-      #  base05 = "#b6beca";
-      #  base06 = "#dee1e6";
-      #  base07 = "#e3e6eb";
-      #  base08 = "#e5646a";
-      #  base09 = "#f7b77c";
-      #  base0A = "#f6d48f";
-      #  base0B = "#94F7C5";
-      #  base0C = "#79c3ee";
-      #  base0D = "#75aaf0";
-      #  base0E = "#cb8ff3";
-      #  base0F = "#9d85e1";
-      #};
-    };
-  };
-}

modules/graphical/fonts.nix

@@ -1,75 +0,0 @@
-{
-  pkgs,
-  minimal,
-  lib,
-  ...
-}:
-lib.optionalAttrs (!minimal) {
-  fonts = {
-    enableGhostscriptFonts = false;
-    fontDir.enable = false;
-    fontconfig = {
-      localConf = ''
-        <?xml version="1.0"?>
-        <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
-        <fontconfig>
-            <alias binding="weak">
-                <family>monospace</family>
-                <prefer>
-                    <family>emoji</family>
-                </prefer>
-            </alias>
-            <alias binding="weak">
-                <family>sans-serif</family>
-                <prefer>
-                    <family>emoji</family>
-                </prefer>
-            </alias>
-            <alias binding="weak">
-                <family>serif</family>
-                <prefer>
-                    <family>emoji</family>
-                </prefer>
-            </alias>
-        </fontconfig>
-      '';
-    };
-    packages = with pkgs; [
-      (nerdfonts.override {fonts = ["FiraCode"];})
-      ibm-plex
-      dejavu_fonts
-      unifont
-      freefont_ttf
-      gyre-fonts # TrueType substitutes for standard PostScript fonts
-      liberation_ttf
-      noto-fonts
-      noto-fonts-cjk-sans
-      noto-fonts-cjk-serif
-      noto-fonts-emoji
-      noto-fonts-extra
-    ];
-  };
-  stylix.fonts = {
-    serif = {
-      package = pkgs.dejavu_fonts;
-      name = "IBM Plex Serif";
-    };
-
-    sansSerif = {
-      package = pkgs.dejavu_fonts;
-      name = "IBM Plex Sans";
-    };
-
-    monospace = {
-      # No need for patched nerd fonts, kitty can pick up on them automatically,
-      # and ideally every program should do that: https://sw.kovidgoyal.net/kitty/faq/#kitty-is-not-able-to-use-my-favorite-font
-      package = pkgs.jetbrains-mono;
-      name = "JetBrains Mono";
-    };
-
-    emoji = {
-      package = pkgs.noto-fonts-emoji;
-      name = "Noto Color Emoji";
-    };
-  };
-}

modules/graphical/images.nix

@@ -1,65 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  inherit
-    (lib)
-    mkEnableOption
-    mkMerge
-    attrNames
-    flip
-    filterAttrs
-    mkIf
-    mkOption
-    types
-    removeSuffix
-    hasPrefix
-    mapAttrs'
-    listToAttrs
-    ;
-in {
-  home-manager.sharedModules = [
-    {
-      options.images = {
-        enable = mkEnableOption "Enable images";
-        images = mkOption {
-          type = types.attrsOf types.path;
-          readOnly = true;
-          default = flip mapAttrs' (filterAttrs (n: _: hasPrefix "images-" n) config.age.secrets) (
-            name: value: {
-              inherit (value) name;
-              value = value.path;
-            }
-          );
-        };
-      };
-    }
-  ];
-
-  imports = [
-    {
-      age.secrets = mkMerge (
-        flip map
-        (attrNames config.home-manager.users)
-        (
-          user:
-            mkIf config.home-manager.users.${user}.images.enable (
-              listToAttrs (flip map (attrNames (filterAttrs (_: type: type == "regular") (builtins.readDir ../../img)))
-                (
-                  file: {
-                    name = "images-${user}-${file}";
-                    value = {
-                      name = removeSuffix ".age" file;
-                      rekeyFile = ../../img/${file};
-                      owner = user;
-                      group = user;
-                    };
-                  }
-                ))
-            )
-        )
-      );
-    }
-  ];
-}

users/common/graphical/Xorg/i3.nix

@@ -7,7 +7,6 @@
   # import shared sway config
   imports = [../sway3.nix];
   systemd.user.services = {
-    wired.Install.WantedBy = lib.mkForce ["i3-session.target"];
     flameshot.Install.WantedBy = lib.mkForce ["i3-session.target"];
   };
   stylix.targets.i3.enable = true;

users/common/graphical/default.nix

@@ -3,11 +3,6 @@
   config,
   ...
 }: {
-  imports = [
-    #./deadd
-    ./themes.nix
-    #./wired-notify.nix
-  ];
   home = {
     packages = with pkgs; [
       zathura

users/common/graphical/themes.nix

@@ -1,65 +0,0 @@
-{
-  pkgs,
-  config,
-  nixosConfig,
-  ...
-}: {
-  stylix = {
-    cursor = {
-      package = pkgs.openzone-cursors;
-      name = "OpenZone_White_Slim";
-      size =
-        if nixosConfig.hidpi
-        then 48
-        else 18;
-    };
-    inherit (nixosConfig.stylix) polarity;
-    targets = {
-      gtk.enable = true;
-      bat.enable = true;
-      dunst.enable = true;
-      zathura.enable = true;
-      xresources.enable = true;
-    };
-  };
-
-  xresources.properties = {
-    "Xft.hinting" = true;
-    "Xft.antialias" = true;
-    "Xft.autohint" = false;
-    "Xft.lcdfilter" = "lcddefault";
-    "Xft.hintstyle" = "hintfull";
-    "Xft.rgba" = "rgb";
-  };
-
-  gtk = let
-    gtk34extraConfig = {
-      gtk-application-prefer-dark-theme = 1;
-      gtk-cursor-theme-size = 18;
-      gtk-enable-animations = true;
-      gtk-xft-antialias = 1;
-      gtk-xft-dpi = 96; # XXX: delete for wayland?
-      gtk-xft-hinting = 1;
-      gtk-xft-hintstyle = "hintfull";
-      gtk-xft-rgba = "rgb";
-    };
-  in {
-    enable = true;
-    iconTheme = {
-      name = "Vimix-Doder";
-      package = pkgs.vimix-icon-theme;
-    };
-
-    gtk2.extraConfig = "gtk-application-prefer-dark-theme = true";
-    gtk3.extraConfig = gtk34extraConfig;
-    gtk4.extraConfig = gtk34extraConfig;
-  };
-
-  home.sessionVariables.GTK_THEME = config.gtk.theme.name;
-
-  qt = {
-    enable = true;
-    platformTheme = "gnome";
-    style.name = "Adwaita-Dark";
-  };
-}

users/common/programs/email.nix

@@ -1,7 +0,0 @@
-{
-  accounts.email.accounts = {
-    "1" = {
-      address = "";
-    };
-  };
-}

users/common/programs/git.nix

@@ -1,7 +1,4 @@
 {pkgs, ...}: {
-  home.shellAliases = {
-    commit-reuse-message = ''git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG'';
-  };
   programs.git = {
     enable = true;
     difftastic.enable = true;
@@ -12,6 +9,8 @@
       a = "add";
       p = "push";
       rebase = "rebase --gpg-sign";
+      fixup = ''!f() { TARGET=$(git rev-parse "$1"); git commit --fixup=$TARGET ''${@:2} && EDITOR=true git rebase -i --gpg-sign --autostash --autosquash $TARGET^; }; f'';
+      crm = ''!git commit -v -S --edit --file "$(git rev-parse --git-dir)"/COMMIT_EDITMSG'';
     };
     extraConfig = {
       core.pager = "${pkgs.delta}/bin/delta";

users/common/programs/openttd.nix

@@ -1,9 +0,0 @@
-{pkgs, ...}: {
-  home.persistence."/persist".directories = [
-    ".local/share/openttd"
-  ];
-
-  home.packages = [
-    pkgs.openttd
-  ];
-}

users/patrick/default.nix

@@ -68,7 +68,6 @@ lib.optionalAttrs (!minimal) {
         ../common/programs/kitty.nix
         ../common/programs/minecraft.nix
         ../common/programs/nvim
-        ../common/programs/openttd.nix
         ../common/programs/poe.nix
         ../common/programs/spicetify.nix
         ../common/programs/thunderbird.nix

users/patrick/ssh.nix

@@ -42,6 +42,7 @@
         user = "team402";
       };
       "*" = {
+        user = "root";
         identitiesOnly = true;
         inherit identityFile;
       };