move apps into pkgs and rename hosts

hosts/aarch64-darwin/lookingglass/default.nix

@@ -0,0 +1,37 @@
+# The Looking Glass
+# System configuration for my work Macbook
+
+rec {
+  networking.hostName = "NYCM-NMASUR2";
+  networking.computerName = "NYCM-NMASUR2";
+
+  nmasur.settings = {
+    username = "Noah.Masur";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    work.enable = true;
+    extra.enable = true;
+    gaming.enable = true;
+  };
+
+  home-manager.users."Noah.Masur" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      darwin-base.enable = true;
+      power-user.enable = true;
+      work.enable = true;
+      experimental.enable = true;
+    };
+    nmasur.presets.programs.git = {
+      name = "Noah-Masur_1701";
+      email = "${nmasur.settings.username}@take2games.com";
+    };
+  };
+}

hosts/aarch64-linux/default.nix

@@ -0,0 +1,22 @@
+# Return a list of all NixOS hosts
+
+{ nixpkgs, ... }:
+
+let
+  inherit (nixpkgs) lib;
+in
+
+lib.pipe (lib.filesystem.listFilesRecursive ./.) [
+  # Get only files ending in default.nix
+  (builtins.filter (name: lib.hasSuffix "default.nix" name))
+  # Remove this file
+  (builtins.filter (name: name != ./default.nix))
+  # Import each host function
+  map
+  (file: {
+    name = builtins.baseNameOf (builtins.dirOf file);
+    value = import file;
+  })
+  # Convert to an attrset of hostname -> host function
+  (builtins.listToAttrs)
+]

hosts/aarch64-linux/flame/cloudflared-flame.age

@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBYY0c1
+bldPMVdwRGhia0xzNm1mSGQ0eVVZZzFLMWVUdFhYVW1KY3QwTERJCm1UUDBqN1Jr
+VjRlSjROTFZEQ3UrME81Y2FyRkxjZHFvUFN1eEZNa2cwWkUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFM4ZURETk0yQ1NKN3owaDB5S3djeThtWkphS0xUaVd2MnBlS244
+d0V5bUUKKzE5UzZYUlpwTy9ydFQ3L2NmWFZBMEZCWWppYlFZQzhTVFhUc3BBRlpR
+dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgbS9HaVFFRjU4VzMvSVZ1SlExZ1BBNWxK
+RVRESEVmeWxyMW5Pclk5UU4xOApaZ0hHMnlsb1BuMThsTG82d1k1Rm94VEFMcTBH
+TFoxRWpRSXJWQUJVWGN3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBOK1AvRW5nNUlK
+NnB1UDhKdmFibTEwV2JhOGxKRGg1SnlMdytXaVQ1eW1NCnVIcjNnclVMSEJ3eDVk
+eExnY1EvbWg1OW4xR3FydDlzeUdLQW11UGRmclkKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IHNxbDlpSkpPdEZVRGhwV3NKdTNJV0NTeUZoVVg3b0ZlRWdqelNaTDRWamMK
+N1czMXlEcWZzQ1g0dkxBTnNUQjdTdnZMUE9VRGphTjB4SjJyemJiU2w5NAotLS0g
+VlgyN24vMGl3a2N6ZGs1SjhOZmttWEl3WEFOK29EOUlkZ0N3blBBcHZQOArP/uJx
+SBFvBV0rLzRbo/8nhhizuT2TtKsJSJDIsFJxAOtF8ZwIbYwauBt1tJudtJaXgbv5
+JIk53sS3lelOwH11yx0aGcBNCR2UwpuYn1IwoW0qrt3ugi8rmQPRG8c8gSyNn2u7
+PnAj/NdAjieLGGLltwdq2wJhkbv800WmKx5sGgPNT1AdBS1b84h5ipQFnFf3Fi0N
+FJa9/j5qc7JtWEy4ecU6D03zcZD+CTCoN8SIW4+fldos1u7N2v2X5/YUw7T6jQ==
+-----END AGE ENCRYPTED FILE-----

hosts/aarch64-linux/flame/default.nix

@@ -0,0 +1,59 @@
+# The Flame
+# System configuration for an Oracle free server
+
+# How to install:
+# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
+# These days, probably use nixos-anywhere instead.
+
+rec {
+  networking.hostName = "flame";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    server.enable = true;
+    communications.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+      power-user.enable = true;
+    };
+    home.stateVersion = "23.05";
+  };
+
+  system.stateVersion = "23.05";
+  # File systems must be declared in order to boot
+
+  # This is the root filesystem containing NixOS
+  # I forgot to set a clean label for it
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for systemd-boot
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D5CA-237A";
+    fsType = "vfat";
+  };
+
+  # Allows private remote access over the internet
+  nmasur.presets.services.cloudflared = {
+    tunnel = {
+      id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
+      credentialsFile = ./cloudflared-flame.age;
+      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
+    };
+  };
+}

hosts/default.nix

@@ -0,0 +1,46 @@
+# Return a list of all hosts
+
+nixpkgs:
+
+let
+  inherit (nixpkgs) lib;
+in
+
+{
+  # darwin-hosts = import ./darwin;
+  aarch64-darwin-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-darwin) [
+    # Get only files ending in default.nix
+    (builtins.filter (name: lib.hasSuffix "default.nix" name))
+    # Import each host function
+    (map (file: {
+      name = builtins.baseNameOf (builtins.dirOf file);
+      value = import file;
+    }))
+    # Convert to an attrset of hostname -> host function
+    (builtins.listToAttrs)
+  ];
+  aarch64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-linux) [
+    # Get only files ending in default.nix
+    (builtins.filter (name: lib.hasSuffix "default.nix" name))
+    # Remove the first file
+    (builtins.filter (name: name != ./aarch64-linux/default.nix))
+    # Import each host function
+    (map (file: {
+      name = builtins.baseNameOf (builtins.dirOf file);
+      value = import file;
+    }))
+    # Convert to an attrset of hostname -> host function
+    (builtins.listToAttrs)
+  ];
+  x86_64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./x86_64-linux) [
+    # Get only files ending in default.nix
+    (builtins.filter (name: lib.hasSuffix "default.nix" name))
+    # Import each host function
+    (map (file: {
+      name = lib.removeSuffix ".nix" (builtins.baseNameOf file);
+      value = import file;
+    }))
+    # Convert to an attrset of hostname -> host function
+    (builtins.listToAttrs)
+  ];
+}

hosts/x86_64-linux/arrow/default.nix

@@ -0,0 +1,32 @@
+# The Arrow
+# System configuration for temporary VM
+
+rec {
+  # Hardware
+  networking.hostName = "arrow";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    server.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+    };
+    home.stateVersion = "23.05";
+  };
+
+  system.stateVersion = "23.05";
+
+}

hosts/x86_64-linux/hydra/default.nix

@@ -0,0 +1,33 @@
+# The Hydra
+# System configuration for WSL
+
+rec {
+  # Hardware
+  networking.hostName = "hydra";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    wsl.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+      power-user.enable = true;
+    };
+    home.stateVersion = "23.05";
+  };
+
+  system.stateVersion = "23.05";
+
+}

hosts/x86_64-linux/staff/default.nix

@@ -0,0 +1,64 @@
+# The Staff
+# System configuration test
+
+rec {
+  # Hardware
+  networking.hostName = "staff";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    home.enable = true;
+    gui.enable = true;
+  };
+  nmasur.presets.services.cloudflared.enable = false;
+  nmasur.presets.services.kanata.enable = false;
+  nmasur.presets.services.openssh.enable = true;
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+      linux-gui.enable = true;
+      power-user.enable = true;
+    };
+    nmasur.presets.services.mbsync = {
+      user = nmasur.settings.username;
+      server = "noahmasur.com";
+    };
+    home.stateVersion = "23.05";
+  };
+
+  system.stateVersion = "23.05";
+  # Not sure what's necessary but too afraid to remove anything
+  # File systems must be declared in order to boot
+
+  # This is the root filesystem containing NixOS
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for Grub
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  # Allows private remote access over the internet
+  # nmasur.presets.services.cloudflared = {
+  #   tunnel = {
+  #     id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
+  #     credentialsFile = ../../private/cloudflared-tempest.age;
+  #     ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
+  #   };
+  # };
+}

hosts/x86_64-linux/swan/cloudflared-swan.age

@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuU1BO
+ZGdOVFRTekN3SFRhQWYwcWt6OHpLZXM0aENsQ3d1VWpxYUhXN3k4CnNwNWpQcU90
+elR0eWVyMWFUUkhORFRQeVdsdTErWUgzNW9mN1BWS2szbUUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIDRRS0VESG5NNWpxbm1DTjBkY2ExR3I3aE1PUTNVTXBFZ2wwVC9j
+WDIrMTgKaXkwWk1xRWp6Z3c3NFZZS0cybHFqcUVRczNMZ05tSmxPNjBlVmRHK2h3
+SQotPiBzc2gtZWQyNTUxOSBuanZYNUEgYWI1SkhBZ0Jrb3hzbDRwcnRMeHhGSlpB
+aWt5ZmRxaGhmbXFDQWdNamxRbwpXMWo0TjZhbHM3ejFYNVU5WlkxWTJSbVBPOEhr
+MUt3akxMU3QzN3Z4M0lFCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA1dmdFRE1QSU55
+WUVuOU9OTHJjM0RxVWhmTlEvdk1mNU1iUEwyNlFqRFZvCldleVNGQ1RZdU1tU2J2
+dWxGZlVkaDBWNEZRUFNBcEIvTEdkODdDS25GdGsKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IG5SbVpVZldPSkJXYm9BZ3B6OXZXMlB4T2Z5RHptR1pqbVRVUS9LVEZyUzgK
+ZlVTZWlUQ2VoWVNuOGE5Wk5vZGdVVldzbUZKRERyUFN0eVJ4TWpmL2gwcwotLS0g
+MlJmTlVkdHhHQ25JWm0xVmdjVDFYM1lHaE9WdnJSVkVMMnNwV0c4eXc0QQpYTchD
+DCiEm4rOav4/IwK26gSgi2B4qq4RETyAbF4oa87cvFM8zVXo7W8nF+eWzeWGNZrc
+yRFfOYf4gtlNCVLc+UAapvM1rKuw1IOQeJLAwGCHygXKWY7zSXdT2ERACXESvCCz
+b7W62NVx0Pc4mAAQB3QU995HFVFuHLa939PPPlkgxqepNWCKrmUFl/qjRpOoVrV6
+GwRgIo36PhcfZVCswyVXgcc4M3CCG5ZuWInuuljqTB70OzBVkKCaUeiRaRIZJg==
+-----END AGE ENCRYPTED FILE-----

hosts/x86_64-linux/swan/default.nix

@@ -0,0 +1,77 @@
+# The Swan
+# System configuration for my home NAS server
+
+rec {
+  networking.hostName = "swan";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    server.enable = true;
+    home.enable = true;
+    nas.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+    };
+    home.stateVersion = "23.05";
+  };
+
+  # Not sure what's necessary but too afraid to remove anything
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+
+  # Required for transcoding
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelParams = [
+    "radeon.si_support=0"
+    "amdgpu.si_support=1"
+    "radeon.cik_support=0"
+    "amdgpu.cik_support=1"
+    "amdgpu.dc=1"
+  ];
+
+  # Required binary blobs to boot on this machine
+  hardware.enableRedistributableFirmware = true;
+
+  # Prioritize efficiency over performance
+  powerManagement.cpuFreqGovernor = "powersave";
+
+  # Allow firmware updates
+  hardware.cpu.intel.updateMicrocode = true;
+
+  # ZFS
+  # Generated with: head -c 8 /etc/machine-id
+  networking.hostId = "600279f4"; # Random ID required for ZFS
+
+  # Sets root ext4 filesystem instead of declaring it manually
+  disko = {
+    enableConfig = true;
+    devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; });
+  };
+
+  # Allows private remote access over the internet
+  nmasur.presets.services.cloudflared = {
+    tunnel = {
+      id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
+      credentialsFile = ./cloudflared-swan.age;
+      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
+    };
+  };
+}

hosts/x86_64-linux/swan/root.nix

@@ -0,0 +1,39 @@
+{ disk, ... }:
+{
+  disk = {
+    boot = {
+      type = "disk";
+      device = disk;
+      content = {
+        type = "gpt";
+        partitions = {
+          # Boot partition
+          ESP = rec {
+            size = "512MiB";
+            type = "EF00";
+            label = "boot";
+            device = "/dev/disk/by-label/${label}";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              extraArgs = [ "-n ${label}" ];
+            };
+          };
+          # Root partition ext4
+          root = rec {
+            size = "100%";
+            label = "nixos";
+            device = "/dev/disk/by-label/${label}";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              extraArgs = [ "-L ${label}" ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/x86_64-linux/tempest/cloudflared-tempest.age

@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBMMDZj
+dkdOSTc1bHgybjAwcUVHUXFhY0I0NE45K1B5SEh4NGN4T0tpREhjCnViQzVXTVk3
+dzB5ZEY5d1hvcHVDSXVubElOdEVQQ0Fja2dnL0ZnVG4wNEUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIHRiVkNzRCs4V3EvL2szNG8zSlRYSVloRlVsSTk3a0hnSFMyUzRN
+K0lyMzQKWDhIOTVzMGJkaGpVQmNtS0pPQnNTSjRmK1dYck1SUFd5VnVvYnJSWkhs
+YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgUy9kWmxsc0p2L0pFWDlPMGlzeVBHNjJ2
+a05ycmZtbUJrOXRBVVgxVjVtZwo4RVM3Sms2M2krdjU0K1ZHREhhRkdMcENTbTJr
+UEh6cWcvOGNIRUNJZUFvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA5d0FwTWJzZEpJ
+UEJaZi91YXZOOFhGVlVVekEvSVRnK3Y2VFdhL216SVZrCkRURE9OYnIvSGVtMWNl
+MWFGSTEwUVBITTlnaWVXc1hpMFpqdFdMcFY2NHMKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IDhkUk9KTE1UMysvajY3WEx5MFdLeEdlVnBmSUx6TTlnYWdqaWorYm0rRGMK
+SlhaRFNLaTZHVkpRR3U5eE5JOTBPWWM3OTFka1ZWSHJMaFFhZG1CSzNVTQotLS0g
+THNSTmNzK3JvbVN5S3RaVlQwdDRiOWFkVGZ3WUtyT2IyMWtPSVNtajF5YwoCUWHU
+KSe09W6BaVEW2x0ieBXN6KkL4FNPAP8zCom8fNVjyjAZpxd2t0kisJjJ45xg8eG4
+x9sj+hG9EsWIFvVpnF7LUIEXcRMjvRlNXED8HmYR0qzUhc89VQ9N4EoQPJYN1dME
+kxAzH8p5HBidxfJLpACaG5QHGb97chJXTDrT+ZKt+hPfZ16OhsKBj2s0gvHbcCQH
+sdqQT4+FlJshDiRiauTmqF/umnCnzl4+H4Xe8kLVrZxDOAv1iwuTX8zcaNOFNw==
+-----END AGE ENCRYPTED FILE-----

hosts/x86_64-linux/tempest/default.nix

@@ -0,0 +1,110 @@
+# The Tempest
+# System configuration for my desktop
+
+rec {
+  # Hardware
+  networking.hostName = "tempest";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    home.enable = true;
+    gui.enable = true;
+    gaming.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = {
+      username = nmasur.settings.username;
+      fullName = nmasur.settings.fullName;
+    };
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+      linux-gui.enable = true;
+      linux-gaming.enable = true;
+      power-user.enable = true;
+      developer.enable = true;
+      experimental.enable = true;
+    };
+    nmasur.presets.services.mbsync = {
+      user = nmasur.settings.username;
+      server = "noahmasur.com";
+    };
+    home.stateVersion = "23.05";
+  };
+
+  system.stateVersion = "23.05";
+  # Not sure what's necessary but too afraid to remove anything
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+
+  # Graphics and VMs
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  services.xserver.videoDrivers = [ "amdgpu" ];
+
+  # Required binary blobs to boot on this machine
+  hardware.enableRedistributableFirmware = true;
+
+  # Prioritize performance over efficiency
+  powerManagement.cpuFreqGovernor = "performance";
+
+  # Allow firmware updates
+  hardware.cpu.amd.updateMicrocode = true;
+
+  # Helps reduce GPU fan noise under idle loads
+  hardware.fancontrol.enable = true;
+  hardware.fancontrol.config = ''
+    # Configuration file generated by pwmconfig, changes will be lost
+    INTERVAL=10
+    DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
+    DEVNAME=hwmon0=amdgpu
+    FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
+    FCFANS= hwmon0/pwm1=hwmon0/fan1_input
+    MINTEMP=hwmon0/pwm1=50
+    MAXTEMP=hwmon0/pwm1=70
+    MINSTART=hwmon0/pwm1=100
+    MINSTOP=hwmon0/pwm1=10
+    MINPWM=hwmon0/pwm1=10
+    MAXPWM=hwmon0/pwm1=240
+  '';
+
+  # File systems must be declared in order to boot
+
+  # This is the root filesystem containing NixOS
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for Grub
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  # Allows private remote access over the internet
+  nmasur.presets.services.cloudflared = {
+    tunnel = {
+      id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
+      credentialsFile = ./cloudflared-tempest.age;
+      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
+    };
+  };
+
+  # Allows requests to force machine to wake up
+  # This network interface might change, needs to be set specifically for each machine.
+  # Or set usePredictableInterfaceNames = false
+  networking.interfaces.enp5s0.wakeOnLan.enable = true;
+}