clean up host settings

and start removing if statements

hosts/tempest/default.nix

@@ -7,7 +7,6 @@ with inputs;
 
 nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
-  specialArgs = { };
   modules = [
     ./hardware-configuration.nix
     ../../modules/common
@@ -18,24 +17,26 @@ nixpkgs.lib.nixosSystem {
     {
       physical = true;
       networking.hostName = "tempest";
-      nixpkgs.overlays = [ nur.overlay ] ++ overlays;
-      # Set registry to flake packages, used for nix X commands
-      nix.registry.nixpkgs.flake = nixpkgs;
-      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
       gui.enable = true;
+      nixpkgs.overlays = [ nur.overlay ] ++ overlays;
+      passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
+
+      # Must be prepared ahead
+      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
+
+      # Theming
       theme = {
         colors = (import ../../colorscheme/gruvbox).dark;
         dark = true;
       };
       wallpaper = "${wallpapers}/gruvbox/road.jpg";
       gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
-      passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
-      wsl.enable = false;
-      publicKey = null;
 
+      # Programs and services
       charm.enable = true;
       neovim.enable = true;
       media.enable = true;
+      dotfiles.enable = true;
       firefox.enable = true;
       kitty.enable = true;
       _1password.enable = true;
@@ -46,11 +47,9 @@ nixpkgs.lib.nixosSystem {
       mail.aerc.enable = true;
       mail.himalaya.enable = true;
       keybase.enable = true;
-      # mullvad.enable = true;
+      mullvad.enable = false;
       nixlang.enable = true;
-      dotfiles.enable = true;
       yt-dlp.enable = true;
-
       gaming = {
         enable = true;
         steam.enable = true;

modules/common/mail/default.nix

@@ -32,7 +32,7 @@
         frequency = "*:0/5";
         postExec = "${pkgs.notmuch}/bin/notmuch new";
       };
-      services.imapnotify.enable = pkgs.stdenv.isLinux && config.physical;
+      services.imapnotify.enable = pkgs.stdenv.isLinux;
       programs.notmuch.enable = true;
       accounts.email = {
         maildirBasePath = "${config.homePath}/mail";

modules/common/shell/nixpkgs.nix

@@ -67,6 +67,12 @@
     # Set channel to flake packages, used for nix-shell commands
     nixPath = [ "nixpkgs=${pkgs.path}" ];
 
+    # Set registry to this flake's packages, used for nix X commands
+    registry.nixpkgs.to = {
+      type = "path";
+      path = pkgs.path;
+    };
+
   };
 
 }

modules/nixos/hardware/boot.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }: {
 
-  boot.loader = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
+  boot.loader = lib.mkIf config.physical {
     grub = {
       enable = true;
 
@@ -40,8 +40,7 @@
   };
 
   # Allow reading from Windows drives
-  boot.supportedFilesystems =
+  boot.supportedFilesystems = lib.mkIf config.physical [ "ntfs" ];
-    lib.mkIf (config.physical && pkgs.stdenv.isLinux) [ "ntfs" ];
 
   # Use latest released Linux kernel by default
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;

modules/nixos/hardware/monitors.nix

@@ -1,51 +1,50 @@
 { config, pkgs, lib, ... }: {
 
-  config =
+  config = lib.mkIf config.gui.enable {
-    lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
 
-      environment.systemPackages = with pkgs;
+    environment.systemPackages = with pkgs;
-        [
+      [
-          ddcutil # Monitor brightness control
+        ddcutil # Monitor brightness control
-        ];
+      ];
 
-      # Reduce blue light at night
+    # Reduce blue light at night
-      services.redshift = {
+    services.redshift = {
-        enable = true;
+      enable = true;
-        brightness = {
+      brightness = {
-          day = "1.0";
+        day = "1.0";
-          night = "1.0";
+        night = "1.0";
-        };
       };
-
-      # Detect monitors (brightness) for ddcutil
-      hardware.i2c.enable = true;
-
-      # Grant main user access to external monitors
-      users.users.${config.user}.extraGroups = [ "i2c" ];
-
-      services.xserver.displayManager = {
-
-        # Put the login screen on the left monitor
-        lightdm.greeters.gtk.extraConfig = ''
-          active-monitor=0
-        '';
-
-        # Set up screen position and rotation
-        setupCommands = ''
-          ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
-                                              --mode 1920x1200 \
-                                              --pos 1920x0 \
-                                              --rotate left \
-                                          --output HDMI-A-0 \
-                                              --primary \
-                                              --mode 1920x1080 \
-                                              --pos 0x560 \
-                                              --rotate normal \
-                                          --output DVI-0 --off \
-                                          --output DVI-1 --off \
-        '';
-      };
-
     };
 
+    # Detect monitors (brightness) for ddcutil
+    hardware.i2c.enable = true;
+
+    # Grant main user access to external monitors
+    users.users.${config.user}.extraGroups = [ "i2c" ];
+
+    services.xserver.displayManager = {
+
+      # Put the login screen on the left monitor
+      lightdm.greeters.gtk.extraConfig = ''
+        active-monitor=0
+      '';
+
+      # Set up screen position and rotation
+      setupCommands = ''
+        ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-1 \
+                                            --mode 1920x1200 \
+                                            --pos 1920x0 \
+                                            --rotate left \
+                                        --output HDMI-A-0 \
+                                            --primary \
+                                            --mode 1920x1080 \
+                                            --pos 0x560 \
+                                            --rotate normal \
+                                        --output DVI-0 --off \
+                                        --output DVI-1 --off \
+      '';
+    };
+
+  };
+
 }

modules/nixos/hardware/mouse.nix

@@ -1,22 +1,21 @@
 { config, pkgs, lib, ... }: {
 
-  config =
+  config = lib.mkIf config.gui.enable {
-    lib.mkIf (config.gui.enable && config.physical && pkgs.stdenv.isLinux) {
 
-      # Mouse customization
+    # Mouse customization
-      services.ratbagd.enable = true;
+    services.ratbagd.enable = true;
 
-      environment.systemPackages = with pkgs; [
+    environment.systemPackages = with pkgs; [
-        libratbag # Mouse adjustments
+      libratbag # Mouse adjustments
-        piper # Mouse adjustments GUI
+      piper # Mouse adjustments GUI
-      ];
+    ];
-
-      services.xserver.libinput.mouse = {
-        # Disable mouse acceleration
-        accelProfile = "flat";
-        accelSpeed = "1.15";
-      };
 
+    services.xserver.libinput.mouse = {
+      # Disable mouse acceleration
+      accelProfile = "flat";
+      accelSpeed = "1.15";
     };
 
+  };
+
 }

modules/nixos/hardware/networking.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }: {
+{ config, lib, ... }: {
 
-  config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
+  config = lib.mkIf config.physical {
 
     # The global useDHCP flag is deprecated, therefore explicitly set to false here.
     # Per-interface useDHCP will be mandatory in the future, so this generated config

modules/nixos/hardware/sleep.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }: {
+{ config, lib, ... }: {
 
-  config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
+  config = lib.mkIf config.physical {
 
     # Prevent wake from keyboard
     powerManagement.powerDownCommands = ''

modules/nixos/services/sshd.nix

@@ -1,9 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{ config, lib, ... }: {
 
   options = {
     publicKey = lib.mkOption {
       type = lib.types.nullOr lib.types.str;
       description = "Public SSH key authorized for this system.";
+      default = null;
     };
     permitRootLogin = lib.mkOption {
       type = lib.types.str;
@@ -12,28 +13,27 @@
     };
   };
 
-  config = lib.mkIf
+  config = lib.mkIf (!config.wsl.enable && config.publicKey != null) {
-    (pkgs.stdenv.isLinux && !config.wsl.enable && config.publicKey != null) {
+    services.openssh = {
-      services.openssh = {
+      enable = true;
-        enable = true;
+      ports = [ 22 ];
-        ports = [ 22 ];
+      allowSFTP = true;
-        allowSFTP = true;
+      settings = {
-        settings = {
+        GatewayPorts = "no";
-          GatewayPorts = "no";
+        X11Forwarding = false;
-          X11Forwarding = false;
+        PasswordAuthentication = false;
-          PasswordAuthentication = false;
+        PermitRootLogin = config.permitRootLogin;
-          PermitRootLogin = config.permitRootLogin;
-        };
       };
-
-      users.users.${config.user}.openssh.authorizedKeys.keys =
-        [ config.publicKey ];
-
-      # Implement a simple fail2ban service for sshd
-      services.sshguard.enable = true;
-
-      # Add terminfo for SSH from popular terminal emulators
-      environment.enableAllTerminfo = true;
     };
 
+    users.users.${config.user}.openssh.authorizedKeys.keys =
+      [ config.publicKey ];
+
+    # Implement a simple fail2ban service for sshd
+    services.sshguard.enable = true;
+
+    # Add terminfo for SSH from popular terminal emulators
+    environment.enableAllTerminfo = true;
+  };
+
 }