.gitattributes

@@ -1,3 +1,2 @@
 *.yaml diff=sopsdiffer
-.pre-commit-config.yaml diff=default
 

.github/workflows/validate.yml

@@ -1,27 +0,0 @@
-name: Validate
-
-on:
-  pull_request:
-
-jobs:
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: cachix/install-nix-action@v26
-        with:
-          extra_nix_config: |
-            trusted-users = root @runner
-
-      - name: Validate flake
-        run: nix flake show
-
-      - name: Check formatting
-        run: nix fmt -- --ci .
-
-      - name: Run deadnix
-        run: nix run nixpkgs#deadnix ./modules ./lib
-
-      - name: Run statix
-        run: nix run nixpkgs#statix check -- .

.pre-commit-config.yaml

@@ -1,26 +0,0 @@
-repos:
-  - repo: local
-    hooks:
-      - id: nixfmt
-        name: nixfmt
-        entry: nix
-        language: system
-        types: [nix]
-        pass_filenames: false
-        args: ["fmt"]
-
-      - id: deadnix
-        name: deadnix
-        entry: deadnix
-        language: system
-        types: [nix]
-        args: ["./modules", "./lib"]
-
-      - id: statix
-        name: statix
-        entry: statix
-        language: system
-        types: [nix]
-        pass_filenames: false
-        args: ["check", "."]
-

.sops.yaml

@@ -60,7 +60,7 @@ creation_rules:
     key_groups:
       - age:
           - *system_rainbow_planet
-  - path_regex: modules/shared/secrets.yaml$
+  - path_regex: modules/hosts/common/secrets.yaml$
     key_groups:
       - age:
           - *system_bigboy

2024-12-rework/.gitignore

@@ -0,0 +1,2 @@
+result/
+result

2024-12-rework/configuration.nix

@@ -0,0 +1,25 @@
+{ inputs, pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  system.stateVersion = "23.05";
+
+  boot = {
+    initrd.systemd = {
+      enable = true;
+      network.wait-online.enable = false; # Handled by NetworkManager
+    };
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot= {
+        enable = true;
+        consoleMode = "1";
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    olm
+  ];
+}

2024-12-rework/flake.lock

@@ -0,0 +1,183 @@
+{
+  "nodes": {
+    "config": {
+      "locked": {
+        "dir": "templates/config",
+        "lastModified": 1719931926,
+        "narHash": "sha256-B8j9lHX0LqWlZkm8JxZRN6919RQjJEu/1J1SR8pU/ww=",
+        "owner": "stackbuilders",
+        "repo": "nixpkgs-terraform",
+        "rev": "034287ee462c87dadc14a94d4b53a48ed66c7b3d",
+        "type": "github"
+      },
+      "original": {
+        "dir": "templates/config",
+        "owner": "stackbuilders",
+        "repo": "nixpkgs-terraform",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733050161,
+        "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-24.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1733120037,
+        "narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-1_0": {
+      "locked": {
+        "lastModified": 1699291058,
+        "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
+        "type": "github"
+      }
+    },
+    "nixpkgs-1_6": {
+      "locked": {
+        "lastModified": 1712757991,
+        "narHash": "sha256-kR7C7Fqt3JP40h0mzmSZeWI5pk1iwqj4CSeGjnUbVHc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932",
+        "type": "github"
+      }
+    },
+    "nixpkgs-1_9": {
+      "locked": {
+        "lastModified": 1732617236,
+        "narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1722555339,
+        "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+      }
+    },
+    "nixpkgs-terraform": {
+      "inputs": {
+        "config": "config",
+        "flake-parts": "flake-parts",
+        "nixpkgs-1_0": "nixpkgs-1_0",
+        "nixpkgs-1_6": "nixpkgs-1_6",
+        "nixpkgs-1_9": "nixpkgs-1_9",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1732844581,
+        "narHash": "sha256-BwHD1d6Bl5LL/HciTf+mQmBN3I3S6nYqcB+5BXVozNk=",
+        "owner": "stackbuilders",
+        "repo": "nixpkgs-terraform",
+        "rev": "b4db1b59d8f62cd37b6f9540e368d0e2627c4a2d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "stackbuilders",
+        "repo": "nixpkgs-terraform",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-terraform": "nixpkgs-terraform"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

2024-12-rework/flake.nix

@@ -0,0 +1,30 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+
+    home-manager = {
+      url = "github:nix-community/home-manager/release-24.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nixpkgs-terraform = {
+      url = "github:stackbuilders/nixpkgs-terraform";
+      # inputs.nixpkgs-1_6.follows = "nixpkgs";
+      # inputs.nixpkgs-1_9.follows = "nixpkgs-unstable";
+    };
+  };
+
+  outputs = inputs: {
+    nixosConfigurations = {
+      rainbow-planet = inputs.nixpkgs.lib.nixosSystem {
+        specialArgs = { inherit inputs; };
+        system = "x86_64-linux";
+        modules = [
+          ./configuration.nix
+          ./nixpkgs-settings.nix
+          inputs.home-manager.nixosModules.home-manager
+        ];
+      };
+    };
+  };
+}

2024-12-rework/hardware-configuration.nix

@@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelParams = [
+    "i915.enable_fbc=1"
+    "i915.enable_psr=2"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/924D-E7A4";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

2024-12-rework/nixpkgs-settings.nix

@@ -0,0 +1,9 @@
+{ inputs, ... }: {
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [ "olm-3.2.16" "electron-27.3.11" ];
+    };
+    overlays = [ inputs.nixpkgs-terraform.overlays.default ];
+  };
+}

README.md

@@ -1,9 +1,10 @@
 # Dots
 
-This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system. It also contains as much configruation as I can make work on other Linux distros such as Ubuntu.
+This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system.
 
 - [Flake structure](#flake-structure)
-- [Formatting and CI](#formatting-and-ci)
+- [Note](#note)
+- [Repo structure](#repo-structure)
 - [Historical bits](#historical-bits)
 - [Adding a new macOS host](#adding-a-new-macos-host)
   - [Extras steps not done by Nix and/or Homebrew and/or mas](#extras-steps-not-done-by-nix-andor-homebrew-andor-mas)
@@ -14,32 +15,102 @@ This repo is a Nix flake that manages most of my setup on macOS and fully manage
 - [Adding a NixOS host](#adding-a-nixos-host)
   - [Post-install](#post-install)
 
+
 ## Flake structure
 
-- `flake.nix` defines inputs, outputs, and instantiates host configurations via `lib/` functions
+> **RESTRUCTURING IN PROGRESS**: please note, I am restructuring this to remove a lot of complexity. This first pass is done and moves home manager bits into modules that have home in the name. Things that apply to everything under a part of the tree are in a corresponding `default.nix`
-- `lib/` contains helper functions:
-  - `mkNixosHost` - constructs NixOS system configurations
-  - `mkDarwinHost` - constructs nix-darwin system configurations
-  - `mkHomeConfig` - constructs Home Manager configurations
-- `modules/` contains Nix modules organized by type:
-  - `modules/shared/` - shared modules imported by multiple hosts
-    - `modules/shared/home/general/` - Home Manager config for all GUI users
-    - `modules/shared/home/linux/` - Home Manager config for Linux-specific apps
-    - `modules/shared/nixos/` - NixOS modules (i18n, flatpaks, restic, etc.)
-  - `modules/hosts/` - host-specific configurations
-    - `modules/hosts/nixos/` - NixOS host configs and hardware configs
-    - `modules/hosts/darwin/` - macOS host configs
-    - `modules/hosts/home-manager-only/` - Home Manager-only configs
 
-## Formatting and CI
+The Nix bits are driven by `flake.nix` which pulls in things under `modules/`. Both Intel and Apple Silicon macOS are suppoted, as is NixOS. The flake is structured like so:
 
-This repo uses the following tools for code quality:
+- description: a human readable description of this flake
+- inputs: all the places things are pulled from
+- outputs:
+  - all the outputs from the inputs
+  - a `let` ... `in` block that contains:
+    - `darwinHostConfig` which takes a set of paramters as an attribute set and pulls in all the things needed to use Nix on a macOS host
+    - `mkNixosHost` which takes a set of parameters as an attribute set and pulls in all the things needed to configure a NixOS host
+    - `linuxHomeConfig` which takes a set of paramters as an attribute set and pulls in the things I manage on non-NixOS Linux hosts
+  - the body of outputs that contains:
+    - `darwinConfigurations` contains is an attribute set that contains keys named for each macOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters
+    - `nixosConfigurations` contains is an attribute set that contains keys named for each NixOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters
+    - `homeConfigurations` contains an entry for each username set to the results of a call to `linuxHomeConfig` with values for each of the required parameters
 
-- **nixfmt** - Formats Nix files. Run `nix fmt .` to format all files.
+The parameters on `darwinHostConfig` & `mkNixosHost` are:
-- **deadnix** - Finds unused code in Nix files.
-- **statix** - Checks Nix code for common issues and style problems.
 
-Pre-commit hooks are configured in `.pre-commit-config.yaml` and run automatically before commits. CI validation is defined in `.github/workflows/validate.yml`.
+- `system:` the system definition to use for nixpkgs
+- `hostname:` the hostname of the machine being configured
+- `username:` the username being configured on the host (all code currently assumes there is a single human user managed by Nix)
+- `additionalModules:` any nix modules that are desired to supplement the default for the host. An example use case for this is adding in the hardware specific module from `nixos-hardware`.
+- `additionalSpecialArgs:` any supplemental arguments to be passed to `specialArgs`.
+
+The parameters on `linxuHomeConfig` are the same as the above.
+
+## Note
+
+> All the bits below here are useful, but may be slightly outdated... I have not done a good job of keeping them updated.
+
+## Repo structure
+
+The Nix stuff is structured like so, at least for now:
+
+```bash
+$ tree . -I legacy* -I link* --gitignore --dirsfirst
+.
+├── modules
+│   ├── home-manager
+│   │   ├── common
+│   │   │   ├── linux-apps
+│   │   │   │   ├── tilix.nix
+│   │   │   │   ├── waybar.nix
+│   │   │   │   └── xfce4-terminal.nix
+│   │   │   ├── all-cli.nix
+│   │   │   ├── all-darwin.nix
+│   │   │   ├── all-gui.nix
+│   │   │   └── all-linux.nix
+│   │   ├── files
+│   │   │   ├── tilix
+│   │   │   │   └── Beanbag-Mathias.json
+│   │   │   ├── waybar
+│   │   │   │   ├── config
+│   │   │   │   └── style.css
+│   │   │   ├── xfce4
+│   │   │   │   └── terminal
+│   │   │   │       ├── accels.scm
+│   │   │   │       └── terminalrc
+│   │   │   └── Microsoft.PowerShell_profile.ps1
+│   │   └── hosts
+│   │       ├── Blue-Rock
+│   │       │   └── gene.liverman.nix
+│   │       ├── nixnuc
+│   │       │   └── gene.nix
+│   │       └── rainbow-planet
+│   │           └── gene.nix
+│   ├── hosts
+│   │   ├── darwin
+│   │   │   └── Blue-Rock
+│   │   │       └── default.nix
+│   │   └── nixos
+│   │       ├── nixnuc
+│   │       │   ├── default.nix
+│   │       │   └── hardware-configuration.nix
+│   │       └── rainbow-planet
+│   │           ├── default.nix
+│   │           └── hardware-configuration.nix
+│   └── system
+│       └── common
+│           ├── linux
+│           │   └── internationalisation.nix
+│           ├── all-darwin.nix
+│           └── all-nixos.nix
+├── LICENSE
+├── README.md
+├── Vagrantfile
+├── flake.lock
+└── flake.nix
+
+23 directories, 29 files
+
+```
 
 ## Historical bits
 

examples/flake-structure.nix

@@ -1,46 +1,49 @@
 {
-  inputs = {
+  inputs = {};
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+  outputs = inputs@{}: let
-    home-manager.url = "github:nix-community/home-manager";
+    darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }:
-    nix-darwin.url = "github:lnl7/nix-darwin";
+      nix-darwin.lib.darwinSystem { };
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
-  };
 
-  outputs =
+    mkNixosHost = { system, hostname, username, additionalModules, additionalSpecialArgs }:
-    inputs@{ self, ... }:
+      nixpkgs.lib.nixosSystem { };
-    let
-      # Import helper functions from lib/
-      localLib = import ./lib { inherit inputs; };
-    in
-    {
-      # Darwin (macOS) hosts
-      darwinConfigurations = {
-        mightymac = localLib.mkDarwinHost {
-          system = "aarch64-darwin";
-          hostname = "mightymac";
-          username = "gene.liverman";
-        };
-      };
     
-      # NixOS hosts
+    linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }:
-      nixosConfigurations = {
+      home-manager.lib.homeManagerConfiguration { };
-        rainbow-planet = localLib.mkNixosHost {
-          system = "x86_64-linux";
-          hostname = "rainbow-planet";
-          username = "gene";
-          additionalModules = [
-            inputs.nixos-hardware.nixosModules.dell-xps-13-9360
-          ];
-        };
-      };
 
-      # Home Manager (only) users
+  in {
-      homeConfigurations = {
+    # Darwin (macOS) hosts
-        gene = localLib.mkHomeConfig {
+    darwinConfigurations = {
-          system = "x86_64-linux";
+      mightymac = darwinHostConfig {
-          homeDirectory = "/home/gene";
+        system = "aarch64-darwin";
-          username = "gene";
+        hostname = "mightymac";
-        };
+        username = "gene.liverman";
+        additionalModules = [];
+        additionalSpecialArgs = {};
       };
     };
+
+    # NixOS hosts
+    nixosConfigurations = {
+      rainbow-planet = mkNixosHost {
+        system = "x86_64-linux";
+        hostname = "rainbow-planet";
+        username = "gene";
+        additionalModules = [
+          nixos-hardware.nixosModules.dell-xps-13-9360
+        ];
+        additionalSpecialArgs = {};
+      };
+    };
+
+    # Home Manager (only) users
+    homeConfigurations = {
+      gene = linuxHomeConfig {
+        system = "x86_64-linux";
+        hostname = "mini-watcher";
+        username = "gene";
+        additionalModules = [];
+        additionalSpecialArgs = {};
+      };
+    };
+  };
 }

flake.lock

@@ -69,27 +69,6 @@
         "type": "github"
       }
     },
-    "deadnix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "utils": "utils"
-      },
-      "locked": {
-        "lastModified": 1764114543,
-        "narHash": "sha256-+C39E8qmGODT6eB0rhE/VX+DcekXW/Xww5IL/xlERNY=",
-        "owner": "astro",
-        "repo": "deadnix",
-        "rev": "d590041677add62267bef35ddec63cd9402d3505",
-        "type": "github"
-      },
-      "original": {
-        "owner": "astro",
-        "repo": "deadnix",
-        "type": "github"
-      }
-    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -97,11 +76,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773889306,
+        "lastModified": 1773025010,
-        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
+        "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
+        "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3",
         "type": "github"
       },
       "original": {
@@ -132,28 +111,6 @@
         "type": "github"
       }
     },
-    "fenix_2": {
-      "inputs": {
-        "nixpkgs": [
-          "statix",
-          "nixpkgs"
-        ],
-        "rust-analyzer-src": "rust-analyzer-src_2"
-      },
-      "locked": {
-        "lastModified": 1645251813,
-        "narHash": "sha256-cQ66tGjnZclBCS3nD26mZ5fUH+3/HnysGffBiWXUSHk=",
-        "owner": "nix-community",
-        "repo": "fenix",
-        "rev": "9892337b588c38ec59466a1c89befce464aae7f8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "fenix",
-        "type": "github"
-      }
-    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -189,11 +146,11 @@
     "flake-compat_3": {
       "flake": false,
       "locked": {
-        "lastModified": 1767039857,
+        "lastModified": 1761588595,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -287,11 +244,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772893680,
+        "lastModified": 1763319842,
-        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
+        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
+        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
         "type": "github"
       },
       "original": {
@@ -351,11 +308,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773963144,
+        "lastModified": 1772985280,
-        "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=",
+        "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a91b3ea73a765614d90360580b689c48102d1d33",
+        "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
         "type": "github"
       },
       "original": {
@@ -374,11 +331,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1773726513,
+        "lastModified": 1772680513,
-        "narHash": "sha256-0Qxa98QMOrE48quqNmE6vFatfZ94hPUF2CQ2cI8Hkow=",
+        "narHash": "sha256-zwVeM1TgfwMIq026uln9hqcCIINsLv6jEjztPqx0q+U=",
         "owner": "numtide",
         "repo": "nix-auth",
-        "rev": "8d0466addaf3318af68d8299a8981bb04a873597",
+        "rev": "77c07e9a107972dd2170da6da9ed1e73e65c4a4a",
         "type": "github"
       },
       "original": {
@@ -507,11 +464,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1774018263,
+        "lastModified": 1772972630,
-        "narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=",
+        "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "2d4b4717b2534fad5c715968c1cece04a172b365",
+        "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
         "type": "github"
       },
       "original": {
@@ -554,11 +511,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1773840656,
+        "lastModified": 1772956932,
-        "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
+        "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
+        "rev": "608d0cadfed240589a7eea422407a547ad626a14",
         "type": "github"
       },
       "original": {
@@ -586,11 +543,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1773964973,
+        "lastModified": 1773068389,
-        "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=",
+        "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25",
+        "rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
         "type": "github"
       },
       "original": {
@@ -658,11 +615,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774233120,
+        "lastModified": 1773203147,
-        "narHash": "sha256-txGwTNKNYQT1rFPkxd6imEvQ03SmIyKAXNBaYtB3Jes=",
+        "narHash": "sha256-16q/JVUUM8SqeDY4rmM7wt53dXj2dPeBIfGPVP9/NOo=",
         "owner": "genebean",
         "repo": "private-flake",
-        "rev": "45fca86f711966ee29add03027ee3ffc48992110",
+        "rev": "510a9214433b56fde82cd572063b99ec9a32eb7f",
         "type": "github"
       },
       "original": {
@@ -674,7 +631,6 @@
     "root": {
       "inputs": {
         "compose2nix": "compose2nix",
-        "deadnix": "deadnix",
         "disko": "disko",
         "flox": "flox",
         "genebean-omp-themes": "genebean-omp-themes",
@@ -689,8 +645,7 @@
         "nixpkgs-unstable": "nixpkgs-unstable",
         "private-flake": "private-flake",
         "simple-nixos-mailserver": "simple-nixos-mailserver",
-        "sops-nix": "sops-nix",
+        "sops-nix": "sops-nix"
-        "statix": "statix"
       }
     },
     "rust-analyzer-src": {
@@ -710,23 +665,6 @@
         "type": "github"
       }
     },
-    "rust-analyzer-src_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1645205556,
-        "narHash": "sha256-e4lZW3qRyOEJ+vLKFQP7m2Dxh5P44NrnekZYLxlucww=",
-        "owner": "rust-analyzer",
-        "repo": "rust-analyzer",
-        "rev": "acf5874b39f3dc5262317a6074d9fc7285081161",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rust-analyzer",
-        "ref": "nightly",
-        "repo": "rust-analyzer",
-        "type": "github"
-      }
-    },
     "rust-overlay": {
       "inputs": {
         "nixpkgs": [
@@ -758,11 +696,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773912645,
+        "lastModified": 1766537863,
-        "narHash": "sha256-QHzRqq6gh+t3F/QU9DkP7X63dDDcuIQmaDz12p7ANTg=",
+        "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "25e6dbb8fca3b6e779c5a46fd03bd760b2165bb5",
+        "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
         "type": "gitlab"
       },
       "original": {
@@ -779,11 +717,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774154798,
+        "lastModified": 1773096132,
-        "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=",
+        "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
         "owner": "mic92",
         "repo": "sops-nix",
-        "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170",
+        "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
         "type": "github"
       },
       "original": {
@@ -792,52 +730,16 @@
         "type": "github"
       }
     },
-    "statix": {
-      "inputs": {
-        "fenix": "fenix_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1676888642,
-        "narHash": "sha256-C73LOMVVCkeL0jA5xN7klLEDEB4NkuiATEJY4A/tIyM=",
-        "owner": "astro",
-        "repo": "statix",
-        "rev": "3c7136a23f444db252a556928c1489869ca3ab4e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "astro",
-        "repo": "statix",
-        "type": "github"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1773297127,
+        "lastModified": 1772660329,
-        "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
+        "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
+        "rev": "3710e0e1218041bbad640352a0440114b1e10428",
         "type": "github"
       },
       "original": {
@@ -845,24 +747,6 @@
         "repo": "treefmt-nix",
         "type": "github"
       }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -8,13 +8,7 @@
 
     compose2nix = {
       url = "github:aksiksi/compose2nix";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows ="nixpkgs";
-    };
-
-    # Linting and formatting
-    deadnix = {
-      url = "github:astro/deadnix";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
 
     # Format disks with nix-config
@@ -85,120 +79,122 @@
     # Secrets managemnt
     sops-nix = {
       url = "github:mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows ="nixpkgs";
-    };
-
-    # Linting and formatting
-    statix = {
-      url = "github:astro/statix";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
 
   }; # end inputs
-  outputs =
+  outputs = inputs@{ self, ... }: let
-    inputs@{ self, nixpkgs, ... }:
+    # Functions that setup systems
-    let
+    localLib = import ./lib { inherit inputs; };    
-      # Functions that setup systems
-      localLib = import ./lib { inherit inputs; };
-      forAllSystems = nixpkgs.lib.genAttrs [
-        "x86_64-linux"
-        "aarch64-linux"
-        "x86_64-darwin"
-        "aarch64-darwin"
-      ];
-    in
-    {
-      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-tree);
 
-      # Darwin (macOS) hosts
+    linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: inputs.home-manager.lib.homeManagerConfiguration {
-      darwinConfigurations = {
+      extraSpecialArgs = { inherit inputs hostname username;
-        AirPuppet = localLib.mkDarwinHost {
+        pkgs = import inputs.nixpkgs {
-          system = "x86_64-darwin";
+          inherit system;
-          hostname = "AirPuppet";
+          config = {
+            allowUnfree = true;
+            permittedInsecurePackages = [ "olm-3.2.16" "electron-21.4.4" ];
+          };
         };
-        Blue-Rock = localLib.mkDarwinHost {
+      } // additionalSpecialArgs;
-          system = "x86_64-darwin";
+      modules = [
-          hostname = "Blue-Rock";
+        ./modules/home-manager/hosts/${hostname}/${username}.nix
-          username = "gene.liverman";
+        {
-        };
+          home = {
-        mightymac = localLib.mkDarwinHost {
+            username = "${username}";
-          hostname = "mightymac";
+            homeDirectory = "/home/${username}";
-          username = "gene.liverman";
+          };
-        };
+        }
-      }; # end darwinConfigurations
+        inputs.sops-nix.homeManagerModules.sops
+      ] ++ additionalModules;
+    }; # end homeManagerConfiguration
 
-      # NixOS hosts
+  in {
-      nixosConfigurations = {
+    # Darwin (macOS) hosts
-        bigboy = localLib.mkNixosHost {
+    darwinConfigurations = {
-          hostname = "bigboy";
+      AirPuppet = localLib.mkDarwinHost {
-          additionalModules = [
+        system = "x86_64-darwin";
-            inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52
+        hostname = "AirPuppet";
-          ];
+      };
-        };
+      Blue-Rock = localLib.mkDarwinHost {
-        hetznix01 = localLib.mkNixosHost {
+        system = "x86_64-darwin";
-          hostname = "hetznix01";
+        hostname = "Blue-Rock";
-          additionalModules = [
+        username = "gene.liverman";
-            inputs.private-flake.nixosModules.private.hetznix01
+      };
-          ];
+      mightymac = localLib.mkDarwinHost {
-        };
+        hostname = "mightymac";
-        hetznix02 = localLib.mkNixosHost {
+        username = "gene.liverman";
-          system = "aarch64-linux";
+      };
-          hostname = "hetznix02";
+    }; # end darwinConfigurations
-          additionalModules = [
-            # inputs.simple-nixos-mailserver.nixosModule
-          ];
-        };
-        kiosk-entryway = localLib.mkNixosHost {
-          # Lenovo IdeaCentre Q190
-          hostname = "kiosk-entryway";
-        };
-        kiosk-gene-desk = localLib.mkNixosHost {
-          system = "aarch64-linux";
-          hostname = "kiosk-gene-desk";
-          additionalModules = [
-            inputs.nixos-hardware.nixosModules.raspberry-pi-4
-          ];
-        };
-        nixnas1 = localLib.mkNixosHost {
-          hostname = "nixnas1";
-          additionalModules = [
-            inputs.simple-nixos-mailserver.nixosModule
-          ];
-        };
-        nixnuc = localLib.mkNixosHost {
-          hostname = "nixnuc";
-          additionalModules = [
-            inputs.simple-nixos-mailserver.nixosModule
-          ];
-        };
-        # This machines is currently running Ubuntu and
-        # configured with home-manager only.
-        #
-        #rainbow-planet = localLib.mkNixosHost {
-        #  hostname = "rainbow-planet";
-        #  additionalModules = [
-        #    inputs.nixos-cosmic.nixosModules.default
-        #    inputs.nixos-hardware.nixosModules.dell-xps-13-9360
-        #  ];
-        #};
-      }; # end nixosConfigurations
 
-      # Home Manager (only) users
+    # NixOS hosts
-      homeConfigurations = {
+    nixosConfigurations = {
-        gene-x86_64-linux = localLib.mkHomeConfig {
+      bigboy = localLib.mkNixosHost {
-          homeDirectory = "/home/gene";
+        hostname = "bigboy";
-          username = "gene";
+        additionalModules = [
-          system = "x86_64-linux";
+          inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52
-        };
+        ];
+      };
+      hetznix01 = localLib.mkNixosHost {
+        hostname = "hetznix01";
+        additionalModules = [
+          inputs.private-flake.nixosModules.private.hetznix01
+        ];
+      };
+      hetznix02 = localLib.mkNixosHost {
+        system = "aarch64-linux";
+        hostname = "hetznix02";
+        additionalModules = [
+          # inputs.simple-nixos-mailserver.nixosModule
+        ];
+      };
+      kiosk-entryway = localLib.mkNixosHost {
+        # Lenovo IdeaCentre Q190
+        hostname = "kiosk-entryway";
+      };
+      kiosk-gene-desk = localLib.mkNixosHost {
+        system = "aarch64-linux";
+        hostname = "kiosk-gene-desk";
+        additionalModules = [
+          inputs.nixos-hardware.nixosModules.raspberry-pi-4
+        ];
+      };
+      nixnas1 = localLib.mkNixosHost {
+        hostname = "nixnas1";
+        additionalModules = [
+          inputs.simple-nixos-mailserver.nixosModule
+        ];
+      };
+      nixnuc = localLib.mkNixosHost {
+        hostname = "nixnuc";
+        additionalModules = [
+          inputs.simple-nixos-mailserver.nixosModule
+        ];
+      };
+      rainbow-planet = localLib.mkNixosHost {
+        hostname = "rainbow-planet";
+        additionalModules = [
+          inputs.nixos-cosmic.nixosModules.default
+          inputs.nixos-hardware.nixosModules.dell-xps-13-9360
+        ];
+      };
+    }; # end nixosConfigurations
 
-        gene-aarch64-linux = localLib.mkHomeConfig {
+    # Home Manager (only) users
-          homeDirectory = "/home/gene";
+    homeConfigurations = {
-          username = "gene";
+      gene-x86_64-linux = localLib.mkHomeConfig {
-          system = "aarch64-linux";
+        homeDirectory = "/home/gene";
-        };
+        username = "gene";
-      }; # end homeConfigurations
+        system = "x86_64-linux";
+      };
 
-      packages.aarch64-linux.kiosk-gene-desk-sdImage =
+      gene-aarch64-linux = localLib.mkHomeConfig {
-        self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage;
+        homeDirectory = "/home/gene";
-    };
+        username = "gene";
+        system = "aarch64-linux";
+      };
+    }; # end homeConfigurations
+
+    packages.aarch64-linux.kiosk-gene-desk-sdImage = self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage;
+  };
 }

lib/default.nix

@@ -1,10 +1,8 @@
-{ inputs, ... }:
+{ inputs, ... }: let
-let
   mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; };
   mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; };
   mkNixosHost = import ./mkNixosHost.nix { inherit inputs; };
-in
+in {
-{
   inherit (mkDarwinHost) mkDarwinHost;
   inherit (mkHomeConfig) mkHomeConfig;
   inherit (mkNixosHost) mkNixosHost;

lib/mkDarwinHost.nix

@@ -1,50 +1,41 @@
-{ inputs, ... }:
+{ inputs, ... }: {
-{
+  mkDarwinHost = {
-  mkDarwinHost =
+    system ? "aarch64-darwin",
-    {
+    hostname,
-      system ? "aarch64-darwin",
+    username ? "gene",
-      hostname,
+    additionalModules ? [],
-      username ? "gene",
+    additionalSpecialArgs ? {}
-      additionalModules ? [ ],
+  }: inputs.nix-darwin.lib.darwinSystem {
-      additionalSpecialArgs ? { },
+    inherit system;
-    }:
+    specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs;
-    inputs.nix-darwin.lib.darwinSystem {
+    modules = [
-      inherit system;
+      ./nixpkgs-settings.nix
-      specialArgs = {
+
-        inherit inputs hostname username;
+      inputs.nix-homebrew.darwinModules.nix-homebrew {
+        nix-homebrew = {
+          enable = true;        # Install Homebrew under the default prefix
+          user = "${username}"; # User owning the Homebrew prefix
+          autoMigrate = true;   # Automatically migrate existing Homebrew installations
+        };
       }
-      // additionalSpecialArgs;
-      modules = [
-        ./nixpkgs-settings.nix
 
-        inputs.nix-homebrew.darwinModules.nix-homebrew
+      inputs.home-manager.darwinModules.home-manager {
-        {
+        home-manager = {
-          nix-homebrew = {
+          extraSpecialArgs = { inherit inputs username; };
-            enable = true; # Install Homebrew under the default prefix
+          useGlobalPkgs = true;
-            user = "${username}"; # User owning the Homebrew prefix
+          useUserPackages = true;
-            autoMigrate = true; # Automatically migrate existing Homebrew installations
+          users.${username}.imports = [
-          };
+            inputs.sops-nix.homeManagerModule # user-level secrets management
-        }
+            ../modules/hosts/common
+            ../modules/hosts/common/all-gui.nix
+            ../modules/hosts/darwin/home.nix
+            ../modules/hosts/darwin/${hostname}/home-${username}.nix 
+          ];
+        };
+      }
 
-        inputs.home-manager.darwinModules.home-manager
+      ../modules/hosts/darwin # system-wide stuff
-        {
+      ../modules/hosts/darwin/${hostname} # host specific stuff
-          home-manager = {
+    ] ++ additionalModules; # end modules
-            extraSpecialArgs = { inherit inputs username; };
+  }; # end darwinSystem
-            useGlobalPkgs = true;
-            useUserPackages = true;
-            users.${username}.imports = [
-              inputs.sops-nix.homeManagerModule # user-level secrets management
-              ../modules/shared/home/general
-              ../modules/shared/home/general/all-gui.nix
-              ../modules/hosts/darwin/home.nix
-              ../modules/hosts/darwin/${hostname}/home-${username}.nix
-            ];
-          };
-        }
-
-        ../modules/hosts/darwin # system-wide stuff
-        ../modules/hosts/darwin/${hostname} # host specific stuff
-      ]
-      ++ additionalModules; # end modules
-    }; # end darwinSystem
 }

lib/mkHomeConfig.nix

@@ -1,41 +1,29 @@
-{ inputs, ... }:
+{ inputs, ... }: {
-{
+  mkHomeConfig = {
-  mkHomeConfig =
+    homeDirectory,
-    {
+    system,
-      homeDirectory,
+    username,
-      system,
+  }: inputs.home-manager.lib.homeManagerConfiguration {
-      username,
+    extraSpecialArgs = { inherit inputs homeDirectory system username; };
-    }:
-    inputs.home-manager.lib.homeManagerConfiguration {
-      extraSpecialArgs = {
-        inherit
-          inputs
-          homeDirectory
-          system
-          username
-          ;
-      };
 
-      pkgs = inputs.nixpkgs.legacyPackages.${system};
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
 
-      # Specify your home configuration modules here, for example,
+    # Specify your home configuration modules here, for example,
-      # the path to your home.nix.
+    # the path to your home.nix.
-      modules = [
+    modules = [
-        ./nixpkgs-settings.nix
+      ./nixpkgs-settings.nix
-        ../modules/hosts/home-manager-only
+      ../modules/hosts/common
-        ../modules/hosts/home-manager-only/home-${username}.nix
+      ../modules/hosts/home-manager-only
-        ../modules/shared/home/general
+      ../modules/hosts/home-manager-only/home-${username}.nix
-        ../modules/shared/linux/flatpaks.nix
 
-        {
+      {
-          home = {
+        home = {
-            username = "${username}";
+          username = "${username}";
-            homeDirectory = "${homeDirectory}";
+          homeDirectory = "${homeDirectory}";
-          };
+        };
-        }
+      }
 
-        inputs.nix-flatpak.homeManagerModules.nix-flatpak
+      inputs.sops-nix.homeManagerModules.sops
-        inputs.sops-nix.homeManagerModules.sops
+    ];
-      ];
+  };
-    };
 }

lib/mkNixosHost.nix

@@ -1,44 +1,36 @@
-{ inputs, ... }:
+{ inputs, ... }: {
-{
+  mkNixosHost = {
-  mkNixosHost =
+    system ? "x86_64-linux",
-    {
+    hostname,
-      system ? "x86_64-linux",
+    username ? "gene",
-      hostname,
+    additionalModules ? [],
-      username ? "gene",
+    additionalSpecialArgs ? {}
-      additionalModules ? [ ],
+  }: inputs.nixpkgs.lib.nixosSystem {
-      additionalSpecialArgs ? { },
+    inherit system;
-    }:
+    specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs;
-    inputs.nixpkgs.lib.nixosSystem {
+    modules = [
-      inherit system;
+      ./nixpkgs-settings.nix
-      specialArgs = {
+
-        inherit inputs hostname username;
+      inputs.disko.nixosModules.disko
+
+      inputs.home-manager.nixosModules.home-manager {
+        home-manager = {
+          extraSpecialArgs = { inherit inputs hostname username; };
+          useGlobalPkgs = true;
+          useUserPackages = true;
+          users.${username}.imports = [
+            ../modules/hosts/common
+            ../modules/hosts/common/linux/home.nix
+            ../modules/hosts/nixos/${hostname}/home-${username}.nix
+          ];
+        };
       }
-      // additionalSpecialArgs;
-      modules = [
-        ./nixpkgs-settings.nix
 
-        inputs.disko.nixosModules.disko
+      inputs.nix-flatpak.nixosModules.nix-flatpak
-
+      inputs.private-flake.nixosModules.private.ssh-keys
-        inputs.home-manager.nixosModules.home-manager
+      inputs.sops-nix.nixosModules.sops # system wide secrets management
-        {
+      ../modules/hosts/nixos # system-wide stuff
-          home-manager = {
+      ../modules/hosts/nixos/${hostname} # host specific stuff
-            extraSpecialArgs = { inherit inputs hostname username; };
+    ] ++ additionalModules;
-            useGlobalPkgs = true;
+  };
-            useUserPackages = true;
-            users.${username}.imports = [
-              ../modules/shared/home/general
-              ../modules/shared/home/linux
-              ../modules/hosts/nixos/${hostname}/home-${username}.nix
-            ];
-          };
-        }
-
-        inputs.nix-flatpak.nixosModules.nix-flatpak
-        inputs.private-flake.nixosModules.private.ssh-keys
-        inputs.sops-nix.nixosModules.sops # system wide secrets management
-        ../modules/hosts/nixos # system-wide stuff
-        ../modules/hosts/nixos/${hostname} # host specific stuff
-      ]
-      ++ additionalModules;
-    };
 }

lib/nixpkgs-settings.nix

@@ -1,4 +1,4 @@
-{
+{ inputs, ... }: {
   nixpkgs = {
     config = {
       allowUnfree = true;

modules/hosts/common/all-gui.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
-{
   home.packages = with pkgs; [
     esptool
   ];

modules/hosts/common/default.nix

@@ -1,92 +1,62 @@
-{
+{ inputs, pkgs, username, ... }: let
-  config,
+  sqlite_lib = if builtins.elem pkgs.stdenv.hostPlatform.system [
-  inputs,
+                 "aarch64-darwin"
-  pkgs,
+                 "x86_64-darwin"
-  ...
+               ]
-}:
+               then "libsqlite3.dylib"
-let
+               else "libsqlite3.so";
-  sqlite_lib =
+in {
-    if
+  home.packages = with pkgs; [
-      builtins.elem pkgs.stdenv.hostPlatform.system [
+    btop
-        "aarch64-darwin"
+    bundix
-        "x86_64-darwin"
+    cargo
-      ]
+    cheat
-    then
+    colordiff
-      "libsqlite3.dylib"
+    dogdns
-    else
+    dos2unix
-      "libsqlite3.so";
+    duf
-in
+    dust
-{
+    fd
-  home = {
+    f2
-    packages = with pkgs; [
+    git-filter-repo
-      btop
+    glab
-      bundix
+    glow
-      cargo
+    gomuks
-      cheat
+    gotop
-      colordiff
+    htop
-      deadnix
+    httpie
-      dogdns
+    hub
-      dos2unix
+    inputs.nix-auth.packages.${stdenv.hostPlatform.system}.default
-      duf
+    jq
-      dust
+    lazydocker
-      fd
+    lazygit
-      f2
+    lua-language-server
-      git-filter-repo
+    minicom
-      glab
+    mtr
-      glow
+    nil
-      gomuks
+    nix-search
-      gotop
+    nix-zsh-completions
-      htop
+    nodejs
-      httpie
+    nurl
-      hub
+    nvd
-      inputs.nix-auth.packages.${stdenv.hostPlatform.system}.default
+    onefetch
-      jq
+    powershell
-      lazydocker
+    pre-commit
-      lazygit
+    puppet-lint
-      lua-language-server
+    rename
-      minicom
+    ruby
-      mtr
+    subversion
-      nil
+    tldr
-      nix-search
+    tree
-      nix-zsh-completions
+    trippy
-      nodejs
+    vimv
-      nurl
+    watch
-      nvd
+    wget
-      nixfmt-tree
+    yq-go
-      onefetch
+  ];
-      powershell
+  home.sessionVariables = {
-      pre-commit
+    CLICLOLOR = 1;
-      puppet-lint
+    PAGER = "less";
-      rename
-      ruby
-      subversion
-      statix
-      tldr
-      tree
-      trippy
-      vimv
-      watch
-      wget
-      yq-go
-    ];
-    sessionVariables = {
-      CLICLOLOR = 1;
-      PAGER = "less";
-    };
-    file = {
-      ".config/nvim/lua/config" = {
-        source = ../../files/nvim/lua/config;
-        recursive = true;
-      };
-      ".config/nvim/lua/plugins" = {
-        source = ../../files/nvim/lua/plugins;
-        recursive = true;
-      };
-      ".config/powershell/Microsoft.PowerShell_profile.ps1".source =
-        ../../files/Microsoft.PowerShell_profile.ps1;
-      ".config/powershell/Microsoft.VSCode_profile.ps1".source =
-        ../../files/Microsoft.PowerShell_profile.ps1;
-    };
   };
   programs = {
     atuin = {
@@ -141,7 +111,7 @@ in
         "*.swp"
         ".DS_Store"
       ];
-      includes = [ { path = "~/.gitconfig-local"; } ];
+      includes = [ { path = "~/.gitconfig-local"; }];
       lfs.enable = true;
       package = pkgs.gitFull;
       settings = {
@@ -158,11 +128,6 @@ in
         user = {
           name = "Gene Liverman";
         };
-        signing = {
-          format = "ssh";
-          key = "${config.home.homeDirectory}/.ssh/id_ed25519";
-          signByDefault = true;
-        };
       };
     }; # end git
     irssi.enable = true;
@@ -194,23 +159,19 @@ in
 
       '';
       extraPackages = with pkgs; [
-        gcc # needed so treesitter can do compiling
+        gcc    # needed so treesitter can do compiling
         sqlite # needed by sqlite.lua used by telescope-cheat
       ];
       plugins = [ pkgs.vimPlugins.lazy-nvim ]; # let lazy.nvim manage every other plugin
     };
     nh = {
       enable = true;
-      flake = "${config.home.homeDirectory}/repos/dots";
+      flake = "/Users/${username}/repos/dots";
     };
     oh-my-posh = {
       enable = true;
       enableZshIntegration = true;
-      settings = builtins.fromJSON (
+      settings = builtins.fromJSON (builtins.unsafeDiscardStringContext (builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json")));
-        builtins.unsafeDiscardStringContext (
-          builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json")
-        )
-      );
       #useTheme = "amro";
       #useTheme = "montys";
     };
@@ -228,7 +189,7 @@ in
             set -g @dracula-show-battery false
             set -g @dracula-show-powerline true
             set -g @dracula-refresh-rate 10
-          '';
+            '';
         }
       ];
       extraConfig = ''
@@ -389,4 +350,17 @@ in
       };
     }; # end zsh
   }; # end programs
+
+  home.file = {
+    ".config/nvim/lua/config" = {
+      source = ./files/nvim/lua/config;
+      recursive = true;
+    };
+    ".config/nvim/lua/plugins" = {
+      source = ./files/nvim/lua/plugins;
+      recursive = true;
+    };
+    ".config/powershell/Microsoft.PowerShell_profile.ps1".source = ./files/Microsoft.PowerShell_profile.ps1;
+    ".config/powershell/Microsoft.VSCode_profile.ps1".source = ./files/Microsoft.PowerShell_profile.ps1;
+  };
 }

modules/hosts/common/linux/apps/hexchat.nix

@@ -1,3 +1,3 @@
-{
+{ ... }: {
   programs.hexchat.enable = true;
 }

modules/hosts/common/linux/apps/pidgin.nix

@@ -1,3 +1,3 @@
-{
+{ ... }: {
   programs.pidgin.enable = true;
 }

modules/hosts/common/linux/apps/tilix.nix

@@ -0,0 +1,30 @@
+{ lib, pkgs, ... }: with lib.hm.gvariant; {
+
+  dconf.settings = {
+    "com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = {
+      background-color = "#272822";
+      background-transparency-percent = 10;
+      badge-color-set = false;
+      bold-color-set = false;
+      cursor-colors-set = false;
+      font = "Hack Nerd Font Mono 12";
+      foreground-color = "#F8F8F2";
+      highlight-colors-set = false;
+      palette = [ "#272822" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F8F8F2" "#75715E" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F9F8F5" ];
+      use-system-font = false;
+      use-theme-colors = false;
+      visible-name = "Default";
+    };
+
+  };
+
+  home.file = {
+    ".config/tilix/schemes/Beanbag-Mathias.json".source = ../../files/tilix/Beanbag-Mathias.json;
+    ".config/tilix/schemes/Catppuccin-Frappe.json".source = (pkgs.fetchFromGitHub {
+      owner = "catppuccin";
+      repo = "tilix";
+      rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef";
+      hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k=";
+    } + "/src/Catppuccin-Frappe.json");
+  };
+}

modules/hosts/common/linux/apps/waybar.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }: {
+  home.file = {
+    ".config/waybar/config".source = ../../files/waybar/config;
+    ".config/waybar/frappe.css".source = (pkgs.fetchFromGitHub {
+      owner = "catppuccin";
+      repo = "waybar";
+      rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff";
+      hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8=";
+    } + "/themes/frappe.css");
+    ".config/waybar/style.css".source = ../../files/waybar/style.css;
+  };
+
+   programs = {
+    # Using file in ../../files/waybar/ to configure waybar
+    waybar.enable = true;
+  };
+}

modules/hosts/common/linux/apps/xfce4-terminal.nix

@@ -1,6 +1,6 @@
-{
+{ ... }: {
   home.file = {
-    ".config/xfce4/terminal/accels.scm".source = ../../../files/xfce4/terminal/accels.scm;
+    ".config/xfce4/terminal/accels.scm".source = ../../files/xfce4/terminal/accels.scm;
   };
 
   xfconf.settings = {
@@ -11,8 +11,7 @@
       "color-background" = "#08052b";
       "color-cursor" = "#ff7f7f";
       "color-cursor-use-default" = false;
-      "color-palette" =
+      "color-palette" = "#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff";
-        "#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff";
       "font-name" = "Hack Nerd Font Mono 12";
       "misc-always-show-tabs" = false;
       "misc-bell" = false;

modules/hosts/common/linux/flatpaks.nix

@@ -1,21 +1,16 @@
-{
+
-  # Though it wouldn't seem to be this way,
+{ ... }: {
-  # This is used both in NixOS and Home Manager
   services = {
     flatpak = {
       enable = true;
       packages = [
+        "im.riot.Riot"
         "com.cassidyjames.butler"
         "com.logseq.Logseq"
         "com.vivaldi.Vivaldi"
-        "im.riot.Riot"
-        "io.kopia.KopiaUI"
-        "org.localsend.localsend_app"
-        "org.gnome.Fractal"
         "org.signal.Signal"
         "org.telegram.desktop"
       ];
-      uninstallUnmanaged = true;
       update.auto = {
         enable = true;
         onCalendar = "daily";

modules/hosts/common/linux/home.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
-{
   home.packages = with pkgs; [
     fastfetch
   ];

modules/hosts/common/linux/internationalisation.nix

@@ -1,4 +1,4 @@
-{
+{ ... }: {
   # Select internationalisation properties.
   i18n = {
     defaultLocale = "en_US.UTF-8";

modules/hosts/common/linux/lets-encrypt.nix

@@ -1,5 +1,4 @@
-{ config, username, ... }:
+{ config, username, ... }: {
-{
 
   ##########################################################################
   #                                                                        #
@@ -11,9 +10,7 @@
     acceptTerms = true;
     defaults = {
       email = "lets-encrypt@technicalissues.us";
-      credentialFiles = {
+      credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; };
-        "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}";
-      };
       dnsProvider = "gandiv5";
       dnsResolver = "ns1.gandi.net";
       # uncomment below for testing

modules/hosts/common/linux/nixroutes.nix

@@ -0,0 +1,7 @@
+{ config, lib, ... }:
+let
+  hostName = config.networking.hostName;
+in {
+  programs.zsh.shellAliases.nixroutes =
+    "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'";
+}

modules/hosts/common/linux/restic.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, ... }: {
-{
   environment.systemPackages = with pkgs; [
     restic
   ];
@@ -30,3 +29,4 @@
     };
   };
 }
+

modules/hosts/common/linux/ripping.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
-{
   # Be sure this is added if on NixOS
   # boot.kernelModules = [ "sg" ];
 
@@ -21,3 +20,4 @@
     mkvtoolnix-cli
   ];
 }
+

modules/hosts/darwin/AirPuppet/default.nix

@@ -1,4 +1,4 @@
-{
+{ ... }: {
   system.stateVersion = 4;
 
   homebrew = {

modules/hosts/darwin/AirPuppet/home-gene.nix

@@ -1,5 +1,4 @@
-{ username, ... }:
+{ username, ... }: {
-{
   home.stateVersion = "23.11";
 
   sops = {

modules/hosts/darwin/Blue-Rock/default.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
-{
   system.stateVersion = 4;
 
   environment = {

modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix

@@ -1,5 +1,4 @@
-{ username, ... }:
+{ username, ... }: {
-{
   home.stateVersion = "23.11";
     
   programs = {

modules/hosts/darwin/default.nix

@@ -1,17 +1,8 @@
-{
+{ pkgs, hostname, username, ... }: {
-  pkgs,
-  hostname,
-  username,
-  ...
-}:
-{
   system.primaryUser = username;
 
   environment = {
-    shells = with pkgs; [
+    shells = with pkgs; [ bash zsh ];
-      bash
-      zsh
-    ];
     pathsToLink = [
       "/Applications"
       "/share/zsh"
@@ -68,7 +59,6 @@
       "gitkraken-cli"
       "handbrake-app"
       "imageoptim"
-      "itermbrowserplugin"
       "iterm2"
       "keepingyouawake"
       "libreoffice"
@@ -123,10 +113,7 @@
         "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
         "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
       ];
-      trusted-users = [
+      trusted-users = [ "@admin" "${username}" ];
-        "@admin"
-        "${username}"
-      ];
     };
     extraOptions = ''
       # Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0.

modules/hosts/darwin/home.nix

@@ -1,5 +1,4 @@
-{ username, ... }:
+{ username, ... }: {
-{
   # dawrwin-specific shell config
   programs = {
     zsh = {

modules/hosts/darwin/mightymac/default.nix

@@ -1,5 +1,4 @@
-{ inputs, pkgs, ... }:
+{ inputs, pkgs, ... }: {
-{
   system.stateVersion = 4;
 
   environment = {

modules/hosts/darwin/mightymac/home-gene.liverman.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{ config, ... }: {
-{
   home.stateVersion = "23.11";
 
   programs = {

modules/hosts/darwin/mightymac/secrets.yaml

@@ -1,7 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str]
 user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str]
 i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str]
-local_git_config: ENC[AES256_GCM,data:DjLFwnglZuH2Piami9gHUd5fmlW3luXDCxx7cEuTPRPM4Y4fr2PmXXWSIvZEo6FuVC8tAMr4Z9wbgWQumB4Ul4lIHpwHrbvS2ccOI/ye4Q9OQ/Ki9OEbVFg8nBHsz57RnD0uh3Fk+9gV0yoTmjxP2A==,iv:7Z2d/pgc4uarGe0/BAcIFGLMdBdNwhxr6wGOaZvUqxw=,tag:HgOW/RF9/QEfm+xkEV75+Q==,type:str]
+local_git_config: ENC[AES256_GCM,data:KEmChuCHJxKrZ3d72fbhgm1K+aAKjkwTpEq/qsNPOQbZqSCZgy/IQBY/L+qMJZlr3iIyrAKxN1CxfrurpB2/m+yxMo7ONoARAR6X67GqmgJX4mbO0EEHQvP6/0v/HVHfT67ZKg1oZTzmKAKr5eiyTnX4e73Ao11TySiqHTJBw4cPc0BTNmgrnf9xvXAPeYWa,iv:vyDbCml7pnouqpb+PewFBih6f7wPbHjv/GJgLUsRjbM=,tag:DLWz19yoJIZTLR46FuH/iw==,type:str]
 local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str]
 sops:
     age:
@@ -14,7 +14,7 @@ sops:
             YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB
             qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-19T15:01:09Z"
+    lastmodified: "2026-02-26T13:53:28Z"
-    mac: ENC[AES256_GCM,data:FKz9GZZfLnBFiVuyn3xmhR0p6NpPxlJBZlGL6PrqsiJWmIrzZBq6x5fj9fWprYuzeAJYRrwSX8X5fYKdatrW2aLIYrXclZl1yw3afnP65lJZvJxlhD9gD3gPZ9eMbmRUOqrhLn8OeQ+mY4WBXg0G6WNOxsp/bAQf7Xjkj1eItBI=,iv:duqy8YcrhfPmiTHJBYnFbMyv1jCxLPtU1Gbo1F/YkHs=,tag:3TNSf3BLu6Wm38RmReihwg==,type:str]
+    mac: ENC[AES256_GCM,data:QfP3eTXlhl1M3qLF+vuS6R+nwqpwjS9I6lXofSR1Qa1FsA6EsMPkzFyousS5IMScqUv5co868yS3KvXgkwwYsMkU1JwChBN2gPTF6OJ29fyjzE2jtVUop+ZRkUcV5I2FwAxMCR9LIyWNfePTpM056yGCM/2cnjOfc0vmhE2ctRw=,iv:a1VbTwMl5AuV5wN/dUpT8nrtt0qCJT9NmIb+f3avt6c=,tag:DYAue3j10rwhBTs4xRUZOw==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.12.1
+    version: 3.11.0

modules/hosts/home-manager-only/default.nix

@@ -1,11 +1,4 @@
-{
+{ config, pkgs, system, username, ... }: {
-  config,
-  pkgs,
-  system,
-  username,
-  ...
-}:
-{
   home.stateVersion = "25.05";
   home.packages = with pkgs; [
     age

modules/hosts/home-manager-only/home-gene.liverman.nix

@@ -1,3 +1,3 @@
-{
+{ ... }: {
   # Settings just for work machines go here
 }

modules/hosts/home-manager-only/home-gene.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
-{
   # Settings just for personal machines go here
 
   home.packages = with pkgs; [

modules/hosts/home-manager-only/secrets.yaml

@@ -1,4 +1,4 @@
-local_git_config: ENC[AES256_GCM,data:z/yS/4VgTapy476DAIucKd0DQsn1Rg0f8U3DAYwvI7+THGq8MAhgQ9Y=,iv:deh7DIRNPKlZJQu+ihiBzWqNV1rSP0hATERmeGCLi4s=,tag:NYVUUv1uve0Gv2sXSJuQmw==,type:str]
+local_git_config: ENC[AES256_GCM,data:7zJpT5px88Y/9S/ZR3dRZQmALdVS1aR/1qpKDYzfSAG7bTHutIXztBi93xH+iuId2blWZ7DVjRZPTLgbsxzPBGMVnwDMCTOfLPhTwbSGI6XfKXvYyl9TXNiw1qxn1zhIAia7zt2J/dBt63JMVByXaVohpHr0/9cKZio/cuI=,iv:k55B7Pe70M+enpMP+toVjyEkdIsuNnA5hRUe5Kgq5pE=,tag:6sChtIN2POPiK2zYweqTTA==,type:str]
 local_private_env: ENC[AES256_GCM,data:bUDiSzNaLDLBCM9SosCA/79utc+rqht3BqWOqgGAoc/E1YPfiCsqSOgMSRaYnACc9ubpozEGbsSSwxhq/p+4,iv:opwNCd3hAVJdXLiVbGh5FVuv0Uwnfns6QGrRKHGOtiE=,tag:Dun7sZC9RyxXiTlAPRMV6Q==,type:str]
 sops:
     age:
@@ -11,7 +11,7 @@ sops:
             aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5
             MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-22T23:15:19Z"
+    lastmodified: "2026-01-10T18:40:37Z"
-    mac: ENC[AES256_GCM,data:KAKblfnDL1nyFvPY/i9yy77RY0zr2QMYlV/asMXRd6TlR/jVGBFFdXVOFKFsbWpMbm5K8VtAOGxc/xL1NYsrAxGaoCH5YCHOjx2ZxJ9/5ZOGTSqAW7b2Ny1MlU9+IP7tD5qC3IFdzdtf3Osi7mwoQP5/xtLtZ5CP6mu+cy/xnB4=,iv:wk8pNiEcv9gGPWWNoCxpf3QmuNoZhapvo8BXKdaSy4E=,tag:8vuwebWrnv2+2SLw77ge7Q==,type:str]
+    mac: ENC[AES256_GCM,data:JfaHXsdnJNyrUEL8WyhH4ht8PO4ifQguvf0YLjmpMFbr1Mih+e/+DtQTPO9M2U/vrH7rFCk1UiZQhNZD3kY6S5LUqvHYvQwbf81zNXpGtAr/lQVT+bIJeqfRdJXkIGIZscu16Lmqm0WM6lmugfrIteNATYr9Qc4mDn2UApl5YXc=,iv:bC0XJUwgytnHefMPGsmdY5EkMTRmF5GcakjEIlIeNvs=,tag:JZ0k1y9J7StXKG3GeyGhfg==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.12.1
+    version: 3.11.0

modules/hosts/nixos/bigboy/default.nix

@@ -1,23 +1,17 @@
+{ config, pkgs, username, ... }:
+  let
+    libbluray = pkgs.libbluray.override {
+      withAACS = true;
+      withBDplus = true;
+      withJava = true;
+    };
+    vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
+  in
 {
-  config,
+  imports = [ # Include the results of the hardware scan.
-  pkgs,
-  username,
-  ...
-}:
-let
-  libbluray = pkgs.libbluray.override {
-    withAACS = true;
-    withBDplus = true;
-    withJava = true;
-  };
-  vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
-in
-{
-  imports = [
-    # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ../../../shared/linux/flatpaks.nix
+    ../../common/linux/flatpaks.nix
-    ../../../shared/nixos/ripping.nix
+    ../../common/linux/ripping.nix
   ];
 
   system.stateVersion = "24.11"; # Did you read the comment?
@@ -49,6 +43,7 @@ in
     zoom-us
   ];
 
+  
   networking.networkmanager.enable = true;
 
   programs = {
@@ -123,15 +118,10 @@ in
   users.users.${username} = {
     isNormalUser = true;
     description = "Gene Liverman";
-    extraGroups = [
+    extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
-      "networkmanager"
-      "wheel"
-      "dialout"
-      "input"
-    ];
     packages = with pkgs; [
       kdePackages.kate
-      #  thunderbird
+    #  thunderbird
     ];
   };
 }

modules/hosts/nixos/bigboy/hardware-configuration.nix

@@ -1,55 +1,32 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }:
-  config,
-  lib,
-  modulesPath,
-  ...
-}:
 
 {
-  imports = [
+  imports =
-    (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [
-        "xhci_pci"
-        "nvme"
-        "usb_storage"
-        "sd_mod"
-        "rtsx_pci_sdmmc"
-      ];
-      kernelModules = [ ];
-    };
-    kernelModules = [
-      "kvm-intel"
-      "sg"
     ];
-    extraModulePackages = [ ];
-  };
 
-  fileSystems = {
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-    "/" = {
+  boot.initrd.kernelModules = [ ];
-      device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
+  boot.kernelModules = [ "kvm-intel" "sg" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
       fsType = "ext4";
     };
 
-    "/boot" = {
+  fileSystems."/boot" =
-      device = "/dev/disk/by-uuid/59CB-16DE";
+    { device = "/dev/disk/by-uuid/59CB-16DE";
       fsType = "vfat";
-      options = [
+      options = [ "fmask=0077" "dmask=0077" ];
-        "fmask=0077"
-        "dmask=0077"
-      ];
     };
-  };
 
-  swapDevices = [
+  swapDevices =
-    { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
+    [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
-  ];
+    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

modules/hosts/nixos/bigboy/home-gene.nix

@@ -1,10 +1,9 @@
-{ ... }:
+{ ... }: {
-{
   home.stateVersion = "24.05";
   imports = [
-    ../../../shared/home/general/all-gui.nix
+    ../../common/all-gui.nix
-    ../../../shared/home/linux/apps/tilix.nix
+    ../../common/linux/apps/tilix.nix
-    ../../../shared/home/linux/apps/xfce4-terminal.nix
+    ../../common/linux/apps/xfce4-terminal.nix
   ];
 
   programs = {
@@ -28,3 +27,4 @@
     };
   };
 }
+

modules/hosts/nixos/default.nix

@@ -1,19 +1,10 @@
-{
+{ hostname, pkgs, username, ... }: {
-  hostname,
-  pkgs,
-  username,
-  ...
-}:
-{
   imports = [
-    ../../shared/nixos/internationalisation.nix
+    ../common/linux/internationalisation.nix
   ];
 
   environment = {
-    shells = with pkgs; [
+    shells = with pkgs; [ bash zsh ];
-      bash
-      zsh
-    ];
     systemPackages = with pkgs; [
       age
       dconf2nix

modules/hosts/nixos/hetznix01/default.nix

@@ -1,11 +1,6 @@
-{
+{ inputs, pkgs, username,  ... }: {
-  pkgs,
-  username,
-  ...
-}:
-{
   imports = [
-    ../../../shared/nixos/nixroutes.nix
+    ../../common/linux/nixroutes.nix
     ./disk-config.nix
     ./hardware-configuration.nix
     ./post-install
@@ -29,14 +24,14 @@
   networking = {
     # Open ports in the firewall.
     firewall.allowedTCPPorts = [
-      22 # ssh
+      22   # ssh
-      25 # SMTP (unencrypted)
+      25   # SMTP (unencrypted)
-      80 # http to local Nginx
+      80   # http to local Nginx
-      143 # imap
+      143  # imap
-      443 # https to local Nginx
+      443  # https to local Nginx
-      465 # SMTP with TLS
+      465  # SMTP with TLS
-      587 # SMTP with STARTTLS
+      587  # SMTP with STARTTLS
-      993 # imaps
+      993  # imaps
       1883 # mqtt
       8333 # Bitcoin Core
       8448 # Matrix Synapse
@@ -93,10 +88,7 @@
   users.users.${username} = {
     isNormalUser = true;
     description = "Gene Liverman";
-    extraGroups = [
+    extraGroups = [ "networkmanager" "wheel" ];
-      "networkmanager"
-      "wheel"
-    ];
     linger = true;
   };
 }

modules/hosts/nixos/hetznix01/hardware-configuration.nix

@@ -4,25 +4,14 @@
 { lib, modulesPath, ... }:
 
 {
-  imports = [
+  imports =
-    (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+    ];
 
-  boot = {
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-    initrd = {
+  boot.initrd.kernelModules = [ ];
-      availableKernelModules = [
+  boot.kernelModules = [ ];
-        "ahci"
+  boot.extraModulePackages = [ ];
-        "xhci_pci"
-        "virtio_pci"
-        "virtio_scsi"
-        "sd_mod"
-        "sr_mod"
-      ];
-      kernelModules = [ ];
-    };
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
 
   fileSystems."pack1828" = {
     device = "/dev/disk/by-id/scsi-0HC_Volume_102600992";
@@ -36,3 +25,4 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
+

modules/hosts/nixos/hetznix01/home-gene.nix

@@ -1,3 +1,3 @@
-{
+{ ... }: {
   home.stateVersion = "24.05";  
 }

modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix

@@ -1,8 +1,6 @@
-{ config, username, ... }:
+{ config, username, ... }: let
-let
   volume_base = "/var/lib/emqx";
-in
+in {
-{
   # Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html
   virtualisation.oci-containers.containers = {
     "emqx" = {

modules/hosts/nixos/hetznix01/post-install/default.nix

@@ -1,18 +1,10 @@
-{
+{ config, lib, pkgs, username, ... }: let
-  config,
-  lib,
-  pkgs,
-  username,
-  ...
-}:
-let
   domain = "technicalissues.us";
   restic_backup_time = "01:00";
-in
+in {
-{
   imports = [
-    ../../../../shared/nixos/lets-encrypt.nix
+    ../../../common/linux/lets-encrypt.nix
-    ../../../../shared/nixos/restic.nix
+    ../../../common/linux/restic.nix
     ./containers/emqx.nix
     ./matrix-synapse.nix
     ./monitoring.nix
@@ -34,7 +26,7 @@ in
         # Listen on loopback interface only, and accept requests from ::1
         net = {
           listen = "loopback";
-          post_allow.host = [ "::1" ];
+          post_allow.host = ["::1"];
         };
 
         # Restrict loading documents from WOPI Host nextcloud.example.com
@@ -170,14 +162,14 @@ in
       };
       matrix_secrets_yaml = {
         owner = config.users.users.matrix-synapse.name;
-        restartUnits = [ "matrix-synapse.service" ];
+        restartUnits = ["matrix-synapse.service"];
       };
       matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name;
-      mqtt_recorder_pass.restartUnits = [ "mosquitto.service" ];
+      mqtt_recorder_pass.restartUnits = ["mosquitto.service"];
       nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
       owntracks_basic_auth = {
         owner = config.users.users.nginx.name;
-        restartUnits = [ "nginx.service" ];
+        restartUnits = ["nginx.service"];
       };
       plausible_admin_pass.owner = config.users.users.nginx.name;
       plausible_secret_key_base.owner = config.users.users.nginx.name;
@@ -188,36 +180,31 @@ in
   };
 
   systemd.services = {
-    nextcloud-config-collabora =
+    nextcloud-config-collabora = let
-      let
+      inherit (config.services.nextcloud) occ;
-        inherit (config.services.nextcloud) occ;
 
-        wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
+      wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
-        public_wopi_url = "https://collabora.pack1828.org";
+      public_wopi_url = "https://collabora.pack1828.org";
-        wopi_allowlist = lib.concatStringsSep "," [
+      wopi_allowlist = lib.concatStringsSep "," [
-          "127.0.0.1"
+        "127.0.0.1"
-          "::1"
+        "::1"
-          "5.161.244.95"
+        "5.161.244.95"
-          "2a01:4ff:f0:977c::1"
+        "2a01:4ff:f0:977c::1"
-        ];
+      ];
-      in
+    in {
-      {
+      wantedBy = ["multi-user.target"];
-        wantedBy = [ "multi-user.target" ];
+      after = ["nextcloud-setup.service" "coolwsd.service"];
-        after = [
+      requires = ["coolwsd.service"];
-          "nextcloud-setup.service"
+      script = ''
-          "coolwsd.service"
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-        ];
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-        requires = [ "coolwsd.service" ];
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-        script = ''
+        ${occ}/bin/nextcloud-occ richdocuments:setup
-          ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+      '';
-          ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+      serviceConfig = {
-          ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+        Type = "oneshot";
-          ${occ}/bin/nextcloud-occ richdocuments:setup
-        '';
-        serviceConfig = {
-          Type = "oneshot";
-        };
       };
+    };
   };
 
   # Enable common container config files in /etc/containers

modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{ config, ... }: {
-{
   services.matrix-synapse = {
     enable = true;
     configureRedisLocally = true;
@@ -34,7 +33,7 @@
       ];
       url_preview_enabled = true;
       enable_registration = false;
-      trusted_key_servers = [ { server_name = "matrix.org"; } ];
+      trusted_key_servers = [{ server_name = "matrix.org"; }];
     };
 
   };

modules/hosts/nixos/hetznix01/post-install/monitoring.nix

@@ -1,8 +1,6 @@
-{ config, pkgs, ... }:
+{ config, pkgs, ... }: let
-let
   metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
-in
+in {
-{
   services = {
     vmagent = {
       enable = true;
@@ -16,11 +14,11 @@ in
           {
             job_name = "node";
             static_configs = [
-              { targets = [ "127.0.0.1:9100" ]; }
+              { targets = ["127.0.0.1:9100"]; }
             ];
             metric_relabel_configs = [
               {
-                source_labels = [ "__name__" ];
+                source_labels = ["__name__"];
                 regex = "go_.*";
                 action = "drop";
               }
@@ -37,11 +35,11 @@ in
           {
             job_name = "nginx";
             static_configs = [
-              { targets = [ "127.0.0.1:9113" ]; }
+              { targets = ["127.0.0.1:9113"]; }
             ];
             metric_relabel_configs = [
               {
-                source_labels = [ "__name__" ];
+                source_labels = ["__name__"];
                 regex = "go_.*";
                 action = "drop";
               }
@@ -112,7 +110,7 @@ in
     group = "vmagent";
   };
 
-  users.groups.vmagent = { };
+  users.groups.vmagent = {};
 
   # ----------------------------
   # SOPS secrets configuration
@@ -121,9 +119,10 @@ in
     secrets = {
       vmagent_push_pw = {
         owner = "vmagent";
-        restartUnits = [ "vmagent.service" ];
+        restartUnits = ["vmagent.service"];
-        sopsFile = ../../../../shared/secrets.yaml;
+        sopsFile = ../../../common/secrets.yaml;
       };
     };
   };
 }
+

modules/hosts/nixos/hetznix01/post-install/mosquitto.nix

@@ -1,21 +1,16 @@
-{ config, ... }:
+{ config, ... }: let
-let
   mqtt_domain = "mqtt.technicalissues.us";
-in
+in {
-{
+  security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}";
-  security.acme.certs.${mqtt_domain}.postRun =
-    "systemctl restart ${config.systemd.services.mosquitto.name}";
 
   services.mosquitto = {
     enable = true;
     bridges = {
       liamcottle = {
-        addresses = [
+        addresses = [{
-          {
+          address = "mqtt.meshtastic.liamcottle.net";
-            address = "mqtt.meshtastic.liamcottle.net";
+          port = 1883;
-            port = 1883;
+        }];
-          }
-        ];
         topics = [
           "msh/# out 1 \"\""
         ];
@@ -29,12 +24,10 @@ in
         };
       };
       meshtastic = {
-        addresses = [
+        addresses = [{
-          {
+          address = "mqtt.meshtastic.org";
-            address = "mqtt.meshtastic.org";
+          port = 1883;
-            port = 1883;
+        }];
-          }
-        ];
         topics = [
           "msh/# out 1 \"\""
         ];
@@ -49,12 +42,10 @@ in
         };
       };
       homeassistant = {
-        addresses = [
+        addresses = [{
-          {
+          address = "homeasistant-lc.atlas-snares.ts.net";
-            address = "homeasistant-lc.atlas-snares.ts.net";
+          port = 1883;
-            port = 1883;
+        }];
-          }
-        ];
         topics = [
           "msh/US/2/e/LongFast/!a386c80 out 1 \"\""
           "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
@@ -71,59 +62,53 @@ in
         };
       };
     };
-    listeners =
+    listeners = let
-      let
+      mqtt_users = {
-        mqtt_users = {
+        genebean = {
-          genebean = {
+          acl = [
-            acl = [
+            "readwrite msh/#"
-              "readwrite msh/#"
+          ];
-            ];
+          hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
-            hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
-          };
-          mountain_mesh = {
-            acl = [
-              "readwrite msh/#"
-            ];
-            hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
-          };
         };
-      in
+        mountain_mesh = {
-      [
+          acl = [
-        {
+            "readwrite msh/#"
-          port = 1883;
+          ];
-          users = mqtt_users;
+          hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
-          settings.allow_anonymous = false;
+        };
-        }
+      };
-        {
+    in [
-          port = 8883;
+      {
-          users = mqtt_users;
+        port = 1883;
-          settings =
+        users = mqtt_users;
-            let
+        settings.allow_anonymous = false;
-              certDir = config.security.acme.certs."${mqtt_domain}".directory;
+      }
-            in
+      {
-            {
+        port = 8883;
-              allow_anonymous = false;
+        users = mqtt_users;
-              keyfile = certDir + "/key.pem";
+        settings = let
-              certfile = certDir + "/cert.pem";
+          certDir = config.security.acme.certs."${mqtt_domain}".directory;
-              cafile = certDir + "/chain.pem";
+        in {
-            };
+          allow_anonymous = false;
-        }
+          keyfile = certDir + "/key.pem";
-        {
+          certfile = certDir + "/cert.pem";
-          port = 9001;
+          cafile = certDir + "/chain.pem";
-          users = mqtt_users;
+        };
-          settings =
+      }
-            let
+      {
-              certDir = config.security.acme.certs."${mqtt_domain}".directory;
+        port = 9001;
-            in
+        users = mqtt_users;
-            {
+        settings = let
-              allow_anonymous = false;
+          certDir = config.security.acme.certs."${mqtt_domain}".directory;
-              keyfile = certDir + "/key.pem";
+        in {
-              certfile = certDir + "/cert.pem";
+          allow_anonymous = false;
-              cafile = certDir + "/chain.pem";
+          keyfile = certDir + "/key.pem";
-              protocol = "websockets";
+          certfile = certDir + "/cert.pem";
-            };
+          cafile = certDir + "/chain.pem";
-        }
+          protocol = "websockets";
-      ];
+        };
+      }
+    ];
   };
 
   sops.secrets = {

modules/hosts/nixos/hetznix01/post-install/nginx.nix

@@ -1,11 +1,9 @@
-{ config, ... }:
+{ config, ... }: let
-let
   domain = "technicalissues.us";
   http_port = 80;
   https_port = 443;
   private_btc = "umbrel.atlas-snares.ts.net";
-in
+in {
-{
 
   services.nginx = {
     enable = true;
@@ -136,36 +134,14 @@ in
       };
       "matrix.${domain}" = {
         listen = [
-          {
+          { port = http_port; addr = "0.0.0.0"; }
-            port = http_port;
+          { port = http_port; addr = "[::]"; }
-            addr = "0.0.0.0";
-          }
-          {
-            port = http_port;
-            addr = "[::]";
-          }
 
-          {
+          { port = https_port; addr = "0.0.0.0"; ssl = true; }
-            port = https_port;
+          { port = https_port; addr = "[::]"; ssl = true; }
-            addr = "0.0.0.0";
-            ssl = true;
-          }
-          {
-            port = https_port;
-            addr = "[::]";
-            ssl = true;
-          }
 
-          {
+          { port = 8448; addr = "0.0.0.0"; ssl = true; }
-            port = 8448;
+          { port = 8448; addr = "[::]"; ssl = true; }
-            addr = "0.0.0.0";
-            ssl = true;
-          }
-          {
-            port = 8448;
-            addr = "[::]";
-            ssl = true;
-          }
         ];
         enableACME = true;
         acmeRoot = null;
@@ -219,8 +195,7 @@ in
           "/" = {
             proxyPass = "http://127.0.0.1:8083";
           };
-          "/pub" = {
+          "/pub" = { # Client apps need to point to this path
-            # Client apps need to point to this path
             extraConfig = "proxy_set_header X-Limit-U $remote_user;";
             proxyPass = "http://127.0.0.1:8083/pub";
           };

modules/hosts/nixos/hetznix02/default.nix

@@ -1,12 +1,6 @@
-{
+{ inputs, pkgs, username,  ... }: {
-  inputs,
-  pkgs,
-  username,
-  ...
-}:
-{
   imports = [
-    ../../../shared/nixos/nixroutes.nix
+    ../../common/linux/nixroutes.nix
     ./disk-config.nix
     ./hardware-configuration.nix
     ./post-install
@@ -35,9 +29,9 @@
   networking = {
     # Open ports in the firewall.
     firewall.allowedTCPPorts = [
-      22 # ssh
+      22   # ssh
-      80 # Nginx
+      80   # Nginx
-      443 # Nginx
+      443  # Nginx
     ];
     # firewall.allowedUDPPorts = [ ... ];
     # Or disable the firewall altogether.
@@ -62,10 +56,7 @@
   users.users.${username} = {
     isNormalUser = true;
     description = "Gene Liverman";
-    extraGroups = [
+    extraGroups = [ "networkmanager" "wheel" ];
-      "networkmanager"
-      "wheel"
-    ];
     linger = true;
   };
 

modules/hosts/nixos/hetznix02/disk-config.nix

@@ -44,10 +44,10 @@
       content = {
         type = "gpt";
         partitions = {
-          nix = {
+         nix = {
-            name = "nix";
+           name = "nix";
-            size = "100%";
+           size = "100%";
-            content = {
+           content = {
               type = "filesystem";
               format = "ext4";
               mountpoint = "/nix";

modules/hosts/nixos/hetznix02/hardware-configuration.nix

@@ -4,43 +4,34 @@
 { lib, modulesPath, ... }:
 
 {
-  imports = [
+  imports =
-    (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+    ];
 
   boot = {
     initrd = {
-      availableKernelModules = [
+      availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ];
-        "xhci_pci"
-        "virtio_scsi"
-        "sr_mod"
-      ];
       kernelModules = [ ];
     };
     kernelModules = [ ];
     extraModulePackages = [ ];
   };
 
-  fileSystems = {
+  fileSystems."/" =
-    "/" = {
+    { device = "/dev/disk/by-partlabel/disk-primary-root";
-      device = "/dev/disk/by-partlabel/disk-primary-root";
       fsType = "ext4";
     };
 
-    "/boot" = {
+  fileSystems."/boot" =
-      device = "/dev/disk/by-partlabel/disk-primary-ESP";
+    { device = "/dev/disk/by-partlabel/disk-primary-ESP";
       fsType = "vfat";
-      options = [
+      options = [ "fmask=0022" "dmask=0022" ];
-        "fmask=0022"
-        "dmask=0022"
-      ];
     };
 
-    "/nix" = {
+  fileSystems."/nix" =
-      device = "/dev/disk/by-partlabel/disk-volume1-nix";
+    { device = "/dev/disk/by-partlabel/disk-volume1-nix";
       fsType = "ext4";
     };
-  };
 
   swapDevices = [ ];
 

modules/hosts/nixos/hetznix02/home-gene.nix

@@ -1,3 +1,3 @@
-{
+{ ... }: {
   home.stateVersion = "24.05";
 }

modules/hosts/nixos/hetznix02/post-install/default.nix

@@ -1,7 +1,6 @@
-{ config, username, ... }:
+{ config, username, ... }: {
-{
   imports = [
-    ../../../../shared/nixos/lets-encrypt.nix
+    ../../../common/linux/lets-encrypt.nix
     ./monitoring.nix
     ./nginx.nix
   ];
@@ -24,3 +23,4 @@
     };
   };
 }
+

modules/hosts/nixos/hetznix02/post-install/monitoring.nix

@@ -1,8 +1,6 @@
-{ config, pkgs, ... }:
+{ config, pkgs, ... }: let
-let
   metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
-in
+in {
-{
   services = {
     vmagent = {
       enable = true;
@@ -16,11 +14,11 @@ in
           {
             job_name = "node";
             static_configs = [
-              { targets = [ "127.0.0.1:9100" ]; }
+              { targets = ["127.0.0.1:9100"]; }
             ];
             metric_relabel_configs = [
               {
-                source_labels = [ "__name__" ];
+                source_labels = ["__name__"];
                 regex = "go_.*";
                 action = "drop";
               }
@@ -37,11 +35,11 @@ in
           {
             job_name = "nginx";
             static_configs = [
-              { targets = [ "127.0.0.1:9113" ]; }
+              { targets = ["127.0.0.1:9113"]; }
             ];
             metric_relabel_configs = [
               {
-                source_labels = [ "__name__" ];
+                source_labels = ["__name__"];
                 regex = "go_.*";
                 action = "drop";
               }
@@ -112,7 +110,7 @@ in
     group = "vmagent";
   };
 
-  users.groups.vmagent = { };
+  users.groups.vmagent = {};
 
   # ----------------------------
   # SOPS secrets configuration
@@ -121,9 +119,10 @@ in
     secrets = {
       vmagent_push_pw = {
         owner = "vmagent";
-        restartUnits = [ "vmagent.service" ];
+        restartUnits = ["vmagent.service"];
-        sopsFile = ../../../../shared/secrets.yaml;
+        sopsFile = ../../../common/secrets.yaml;
       };
     };
   };
 }
+