refactor: simplify hosts to share a common configuration.nix

.sops.yaml

@@ -1,19 +1,7 @@
 keys:
   - &primary age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz
 creation_rules:
-  - path_regex: secrets/battleship-secrets.yaml$
-    key_groups:
-      - age:
-        - *primary
-  - path_regex: secrets/battleship-secrets.lesser.json$
-    key_groups:
-      - age:
-        - *primary
-  - path_regex: secrets/spacestation-secrets.yaml$
-    key_groups:
-      - age:
-        - *primary
-  - path_regex: secrets/spacestation-secrets.lesser.json$
+  - path_regex: secrets/secrets.yaml$
     key_groups:
       - age:
         - *primary

configuration.nix

@@ -0,0 +1,134 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./secrets.nix
+  ];
+
+  # Users
+  users.users."guz" = {
+    useDefaultShell = true;
+    isNormalUser = true;
+
+    hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
+    extraGroups = ["wheel"];
+  };
+
+  # GnuPG keyring
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    settings = {default-cache-ttl = 3600 * 24;};
+  };
+  services.pcscd.enable = true;
+
+  # Desktops
+
+  ## Hyprland
+  programs.hyprland.enable = true;
+  programs.hyprland.withUWSM = true;
+  programs.hyprlock.enable = true;
+
+  services.displayManager = {
+    sddm.enable = true;
+    sddm.wayland.enable = true;
+  };
+
+  ## XFCE (fallback)
+  services.xserver.enable = true;
+  services.xserver.desktopManager = {
+    xfce.enable = true;
+  };
+
+  # Yet another nix cli helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 7d --keep 3";
+    flake = "/home/guz/.projects/dot013-nix";
+  };
+
+  # Enable Nix-LD for standalone binaries (useful for development)
+  programs.nix-ld.enable = true;
+
+  # Bluetooth
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+  services.blueman.enable = true;
+
+  # Audio
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    wireplumber.enable = true;
+  };
+  security.rtkit.enable = true;
+
+  # Networking
+  networking = {
+    networkmanager.enable = true;
+    nameservers = ["192.168.0.1" "9.9.9.9"];
+  };
+
+  # Firewall
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [80 433];
+
+  # SSH
+  services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "forced-commands-only";
+  };
+
+  # Mosh
+  programs.mosh.enable = true;
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # Locale
+  time.timeZone = "America/Sao_Paulo";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = let
+    locale = "pt_BR.UTF-8";
+  in {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = locale;
+  };
+
+  # Keyboard
+  services.xserver.xkb = {
+    layout = "br";
+  };
+  console.keyMap = "br-abnt2";
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Nix
+  nix.settings = {
+    experimental-features = ["nix-command" "flakes"];
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

flake.nix

@@ -1,88 +1,32 @@
 {
-  description = "Nixos config flake";
-
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    stylix = {
+      url = "github:danth/stylix/release-24.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
+
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-index-database = {
-      url = "github:Mic92/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # Declaratively install flatpaks
-    flatpaks = {
-      url = "github:gmodena/nix-flatpak"; # Fork is being used until #24 merges
-    };
-    # flatpaks.url = "github:Tomaszal/nix-flatpak/feature/overrides";
-
-    # Used for theming the OS, see modules/home-manager/theme.nix
-    nix-colors = {
-      url = "github:misterio77/nix-colors";
-    };
-
-    firefox-addons = {
-      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
+    # Dependecy of the Neovim configuration at ./modules/home-manager/devenv.nix
+    go-grip = {
+      url = "github:guz013/go-grip";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    # Necessary for modules/home-manager/programs/tmux.nix
-    tmux-plugin-manager = {
-      url = "github:tmux-plugins/tpm";
-      flake = false;
-    };
-
-    rec-sh = {
-      url = "github:dot013/rec.sh";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    dot013-environment = {
-      # url = "git+file:///home/guz/.projects/dot013-environment";
-      url = "git+https://forge.capytal.company/dot013/environment";
-    };
-    dot013-neovim = {
-      # url = "git+file:///home/guz/.projects/dot013-nvim";
-      url = "git+https://forge.capytal.company/dot013/nvim";
-    };
-    dot013-shell = {
-      # url = "git+file:///home/guz/.projects/dot013-shell";
-      url = "git+https://forge.capytal.company/dot013/nvim";
-    };
-
-    nix-minecraft = {
-      url = "github:Infinidoge/nix-minecraft";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    hyprland = {
-      type = "git";
-      url = "https://github.com/hyprwm/Hyprland?ref=v0.41.2";
-      rev = "918d8340afd652b011b937d29d5eea0be08467f5";
-      submodules = true;
-    };
-    xdg-desktop-portal-hyprland = {
-      url = "github:hyprwm/xdg-desktop-portal-hyprland/v1.3.2";
-    };
-    /*
-    Note to self:
-    The last commit with working screen share, as the time of writing this, was
-    https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/6a5de92769d5b7038134044053f90e7458f6a197
-    https://github.com/hyprwm/Hyprland/commit/3c964a9fdc220250a85b1c498e5b6fad9390272f
-    so if needed, you can always roll-back.
-
-    Fuck discord.
-    */
   };
 
   outputs = {
@@ -92,25 +36,45 @@
     nixpkgs-unstable,
     ...
   } @ inputs: let
-    create-host = configs:
-      builtins.listToAttrs (map
-        (c: {
-          name = c;
-          value = nixpkgs.lib.nixosSystem {
-            specialArgs = {inherit inputs;};
-            modules = [
-              inputs.home-manager.nixosModules.default
-              (./. + ("/hosts/" + builtins.replaceStrings ["@"] ["/"] c) + /configuration.nix)
-            ];
-          };
-        })
-        configs);
-  in {
-    nixosConfigurations = create-host [
-      "battleship"
-      "fighter"
-      # "cruiser"
-      # "spacestation"
+    systems = [
+      "x86_64-linux"
+      "aarch64-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
     ];
+    forAllSystems = f:
+      nixpkgs.lib.genAttrs systems (system: let
+        pkgs = import nixpkgs {inherit system;};
+      in
+        f pkgs);
+
+    # Shared NixOS modules
+    nixosModules = [
+      inputs.stylix.nixosModules.stylix
+      home-manager.nixosModules.home-manager
+      ./home.nix
+    ];
+  in {
+    nixosConfigurations = {
+      "battleship" = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs self;};
+        modules =
+          nixosModules
+          ++ [
+            ./hosts/battleship/configuration.nix
+            ./hosts/battleship/home.nix
+          ];
+      };
+      "fighter" = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs self;};
+        modules =
+          nixosModules
+          ++ [
+            ./hosts/fighter/configuration.nix
+            ./hosts/fighter/home.nix
+          ];
+      };
+    };
+
   };
 }

hosts/battleship/configuration.nix

@@ -1,195 +1,19 @@
-{
-  config,
-  pkgs,
-  inputs,
-  lib,
-  ...
-}: {
+{lib, ...}: {
   imports = [
-    inputs.dot013-environment.nixosModules.default
-    ../../modules/nixos
-    ./secrets.nix
-    ./gpu-configuration.nix
     ./hardware-configuration.nix
+    ./gpu-configuration.nix
+    ../../configuration.nix
   ];
 
-  dot013.environment.enable = true;
-  dot013.environment.interception-tools.devices = [
-    "/dev/input/by-id/usb-BY_Tech_Gaming_Keyboard-event-kbd"
-    "/dev/input/by-id/usb-Compx_2.4G_Wireless_Receiver-event-kbd"
-  ]; # dot013.environment.interception-tools.device = "/dev/input/by-id/usb-Compx_2.4G_Wireless_Receiver-event-kbd";
-
-  programs.nh.enable = true;
-  programs.nh.flake = "/home/guz/nix";
-
-  profiles.locale.enable = true;
-
-  hardware.opentabletdriver.enable = true;
-  # services.xserver.digimend.enable = true;
-  services.libinput.enable = true;
-  services.udev.extraRules = ''
-    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="plugdev"
-  '';
-
-  virtualisation.docker.enable = true;
-
-  programs.dconf.enable = true;
-
-  programs.hyprland.enable = true;
-  /*
-  # TEMPFIX: 2024-05-04 https://github.com/NixOS/nixpkgs/issues/308287#issuecomment-2093091892
-  # After the flake update in 2024-05-04, the screen blacked out after switch
-  programs.hyprland.envVars.enable = lib.mkForce false;
-  */
-
-  services.xserver = {
-    enable = true;
-  };
-  services.displayManager = {
-    sddm.enable = true;
-    sddm.wayland.enable = true;
-  };
-
-  services.xserver.videoDrivers = ["amdgpu"];
-  boot.kernelModules = ["amdgpu"];
-  environment.variables = {
-    ROC_ENABLE_PRE_VEGA = "1";
-  };
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      libvdpau-va-gl
-      rocmPackages.clr.icd
-      vaapiVdpau
-    ];
-  };
-
-  programs.steam.enable = true;
-  programs.steam.wayland = true;
-  programs.gamemode.enable = true;
-
-  programs.gnupg.agent = {
-    enable = true;
-    pinentryPackage = pkgs.pinentry-gnome3;
-    settings = {
-      default-cache-ttl = 3600 * 24;
-    };
-  };
-
-  services.flatpak.enable = true;
-  xdg.portal.enable = true;
-  xdg.portal.extraPortals = with pkgs; [
-    xdg-desktop-portal-gtk
-  ];
-
-  services.tailscale = {
-    enable = true;
-    tailnetName = "${config.battleship-secrets.tailnet-name}";
-  };
-
-  fonts.fontconfig.enable = true;
-  fonts.packages = with pkgs; [
-    fira-code
-    (nerdfonts.override {fonts = ["FiraCode"];})
-  ];
-
-  home-manager-helper.enable = true;
-  home-manager-helper.users."guz" = {
-    name = "guz";
-    shell = pkgs.zsh;
-    hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
-    home = import ./home.nix;
-    isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "plugdev"];
+  users.users."guz" = {
     openssh.authorizedKeys.keyFiles = [
       ../../.ssh/guz-battleship.pub
     ];
   };
 
-  environment.systemPackages = with pkgs;
-    [
-      git
-      libinput
-      polkit_gnome
-    ]
-    ++ (builtins.map (p: pkgs."${p}") config.battleship-secrets.lesser.packages);
-
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.powerOnBoot = true;
-  services.blueman.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    substituters = ["https://hyprland.cachix.org"];
-    trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
-  };
-  nix.package = pkgs.nixVersions.nix_2_21;
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 10d";
-  };
-
-  programs.nix-ld.enable = true;
-  programs.nix-ld.libraries = with pkgs; [];
-
-  programs.kdeconnect.enable = true;
-
+  # Network
   networking = {
-    networkmanager.enable = true;
-    hostName = "battleship";
-    wireless.enable = false;
-    dhcpcd.enable = true;
-    defaultGateway = "${config.battleship-secrets.lesser.devices.defaultGateway}";
-    interfaces."enp6s0".ipv4.addresses = [
-      {
-        address = "${config.battleship-secrets.lesser.devices.battleship}";
-        prefixLength = 24;
-      }
-    ];
-    nameservers = ["9.9.9.9"];
-    firewall = let
-      kde-connect = {
-        from = 1714;
-        to = 1764;
-      };
-    in {
-      enable = true;
-      allowedTCPPortRanges = [kde-connect];
-      allowedUDPPortRanges = [kde-connect];
-    };
+    hostName = lib.mkForce "figther";
+    wireless.enable = lib.mkForce true;
   };
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    wireplumber.enable = true;
-    #jack.enable = true;
-  };
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings = {
-    PasswordAuthentication = false;
-    PermitRootLogin = "forced-commands-only";
-  };
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
 }

hosts/battleship/gpu-configuration.nix

@@ -4,26 +4,20 @@
   ...
 }: {
   imports = [];
-  options.shared.configuration.gpu = {};
-  config = {
-    boot.initrd.kernelModules = ["amdgpu"];
-    services.xserver.videoDrivers = ["amdgpu"];
 
-    environment = {
-      variables = {
-        ROC_ENABLE_PRE_VEGA = "1";
-      };
-      systemPackages = with pkgs; [
-        clinfo
-      ];
-    };
+  services.xserver.videoDrivers = ["amdgpu"];
 
-    hardware.opengl = {
-      enable = true;
-      extraPackages = with pkgs; [
-        amdvlk
-        rocmPackages.clr.icd
-      ];
-    };
+  environment.variables = {
+    ROC_ENABLE_PRE_VEGA = "1";
   };
+
+  boot.kernelModules = ["amdgpu"];
+  boot.initrd.kernelModules = ["amdgpu"];
+
+  hardware.opengl.enable = true;
+  hardware.opengl.extraPackages = with pkgs; [
+    amdvlk
+    rocmPackages.clr.icd
+    vaapiVdpau
+  ];
 }

hosts/battleship/hardware-configuration.nix

@@ -14,7 +14,7 @@
 
   boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
   boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-amd"];
+  boot.kernelModules = [];
   boot.extraModulePackages = [];
 
   fileSystems."/" = {

hosts/battleship/home.nix

@@ -1,32 +1,9 @@
-{...}: {
-  imports = [
-    ../../modules/home-manager
-    ./packages.nix
-    ./desktop
-    ../../modules/home-manager/programs-old/librewolf
-  ];
-
-  profiles.vault.enable = true;
-  profiles.gfonts.enable = true;
-
-  programs.bash = {
-    enable = true;
-    initExtra = ''
-      export XDG_DATA_DIRS="$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share"
-
-      export GPG_TTY=$(tty)
-    '';
-  };
-
-  services.gnome-keyring.enable = true;
-
-  services.kdeconnect.enable = true;
-
-  programs.prismlauncher.enable = true;
-
-  fonts.fontconfig.enable = true;
-
-  home.sessionVariables = {
-    EDITOR = "nvim";
+{lib, ...}: {
+  # Host specific overrides of the root home
+  home-manager.users.guz = {
+    wayland.windowManager.hyprland.settings = {
+      "$MONITOR-1" = lib.mkForce "HDMI-A-1";
+      "$MONITOR-2" = lib.mkForce "DVI-D-1";
+    };
   };
 }

hosts/fighter/configuration.nix

@@ -1,183 +1,37 @@
 {
-  config,
-  inputs,
+  lib,
   pkgs,
   ...
 }: {
   imports = [
-    inputs.dot013-environment.nixosModules.default
-    ../../modules/nixos
     ./hardware-configuration.nix
-    ./secrets.nix
+    ../../configuration.nix
   ];
 
-  dot013.environment.enable = true;
-  dot013.environment.interception-tools.devices = [
-    "/dev/input/by-path/platform-i8042-serio-0-event-kbd"
-    "/dev/input/by-id/usb-BY_Tech_Gaming_Keyboard-event-kbd"
-    "/dev/input/by-id/usb-Compx_2.4G_Wireless_Receiver-event-kbd"
-  ];
-
-  programs.nh.enable = true;
-  programs.nh.flake = "/home/guz/nix";
-
-  profiles.locale.enable = true;
-
-  virtualisation.docker.enable = true;
-
-  programs.dconf.enable = true;
-
-  programs.hyprland.enable = true;
-  programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.hyprland.override {
-    legacyRenderer = true;
-  };
-
-  programs.gnupg.agent = {
-    enable = true;
-    pinentryPackage = pkgs.pinentry-gnome3;
-    settings = {
-      default-cache-ttl = 3600 * 24;
-    };
-  };
-
-  services.xserver = {
-    enable = true;
-    desktopManager.xfce.enable = true;
-  };
-  services.displayManager = {
-    sddm.enable = true;
-    sddm.wayland.enable = true;
-  };
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      # vpl-gpu-rt
-      onevpl-intel-gpu
-    ];
-  };
-
-  services.flatpak.enable = true;
-  xdg.portal.enable = true;
-  xdg.portal.extraPortals = with pkgs; [
-    xdg-desktop-portal-gtk
-  ];
-
-  services.tailscale = {
-    enable = true;
-    tailnetName = "kiko-liberty";
-  };
-
-  fonts.fontconfig.enable = true;
-  fonts.packages = with pkgs; [
-    fira-code
-    (nerdfonts.override {fonts = ["FiraCode"];})
-  ];
-
-  home-manager-helper.enable = true;
-  home-manager-helper.users."guz" = {
-    name = "guz";
-    shell = pkgs.zsh;
-    hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
-    home = import ./home.nix;
-    isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "plugdev"];
+  users.users."guz" = {
     openssh.authorizedKeys.keyFiles = [
-      ../../.ssh/guz-figther.pub
+      ../../.ssh/guz-fighter.pub
     ];
   };
 
-  environment.systemPackages = with pkgs; [
-    git
-    libinput
-    polkit_gnome
+  # Hyprland compatibility
+  programs.hyprland.package = lib.mkForce (pkgs.hyprland.override {
+    legacyRenderer = true;
+  });
+
+  # Enable OpenGL
+  hardware.opengl.enable = true;
+  hardware.opengl.extraPackages = with pkgs; [
+    onevpl-intel-gpu
   ];
 
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.powerOnBoot = true;
-  services.blueman.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    # substituters = ["https://hyprland.cachix.org"];
-    # trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
-  };
-  nix.package = pkgs.nixVersions.nix_2_21;
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 10d";
-  };
-
-  services.logind = {
-    lidSwitch = "suspend";
-    lidSwitchExternalPower = "lock";
-  };
+  # Laptop features
+  services.logind.lidSwitch = "suspend";
+  services.logind.lidSwitchExternalPower = "lock";
 
+  # Network
   networking = {
-    networkmanager.enable = true;
-    hostName = "fighter";
-    wireless.enable = false;
-    dhcpcd.enable = true;
-    defaultGateway = "${config.battleship-secrets.lesser.devices.defaultGateway}";
-    interfaces."wlp2s0".ipv4.addresses = [
-      {
-        address = "${config.battleship-secrets.lesser.devices.figther-wifi}";
-        prefixLength = 24;
-      }
-    ];
-    interfaces."enp1s0".ipv4.addresses = [
-      {
-        address = "${config.battleship-secrets.lesser.devices.figther}";
-        prefixLength = 24;
-      }
-    ];
-    nameservers = ["9.9.9.9"];
+    hostName = lib.mkForce "fighter";
+    # wireless.enable = lib.mkForce true;
   };
-
-  # Enable sound with pipewire.
-  sound.enable = true;
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
-  };
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.allowUnfreePredicate = _: true;
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings = {
-    PasswordAuthentication = false;
-    PermitRootLogin = "forced-commands-only";
-  };
-
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [80 433];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
 }

hosts/fighter/hardware-configuration.nix

@@ -12,31 +12,32 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
   boot.initrd.kernelModules = [];
   boot.kernelModules = [];
   boot.extraModulePackages = [];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/f1f224e7-bed4-4bcb-9f0b-6619ed0378df";
+    device = "/dev/disk/by-uuid/11b2ea0b-e6bd-4cb3-8146-2f39118a023e";
     fsType = "ext4";
   };
 
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2CF0-2EC0";
+    device = "/dev/disk/by-uuid/2019-5416";
     fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
   };
 
-  swapDevices = [
-    {device = "/dev/disk/by-uuid/5c00b6ca-8238-4813-939f-43c5f2f168c2";}
-  ];
+  swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

hosts/fighter/home.nix

@@ -1,27 +1,8 @@
-{...}: {
-  imports = [
-    ../../modules/home-manager
-    ../../modules/home-manager/programs-old/librewolf
-    ./packages.nix
-    ./desktop.nix
-  ];
-
-  profiles.gfonts.enable = true;
-
-  programs.bash = {
-    enable = true;
-    initExtra = ''
-      export XDG_DATA_DIRS="$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share"
-
-      export GPG_TTY=$(tty)
-    '';
-  };
-
-  services.gnome-keyring.enable = true;
-
-  fonts.fontconfig.enable = true;
-
-  home.sessionVariables = {
-    EDITOR = "nvim";
+{lib, ...}: {
+  # Host specific overrides of the root home
+  home-manager.users.guz = {
+    wayland.windowManager.hyprland.settings = {
+      "$MONITOR-1" = lib.mkForce "eDP-1";
+    };
   };
 }

secrets.nix

@@ -0,0 +1,22 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+  sops.age.keyFile = "/sops/keys.txt";
+
+  sops.secrets."guz/password" = {
+    owner = config.users.users.guz.name;
+  };
+}

secrets/battleship-secrets.lesser.decrypted.json

@@ -0,0 +1,18 @@
+{
+	"tailnet-name": "kiko-liberty",
+	"device-ip": "100.79.141.99",
+	"devices": {
+		"defaultGateway": "192.168.0.1",
+		"battleship": "192.168.0.113",
+		"spacestation": "192.168.0.110",
+		"figther": "192.168.0.103",
+		"figther-wifi": "192.168.0.104"
+	},
+	"packages": [
+		"protonvpn-cli_2",
+		"protonvpn-gui",
+		"tor",
+		"tor-browser",
+		"monero-gui"
+	]
+}