more moving things around

2025-02-21 19:12:02 +00:00 · 2025-02-16 15:40:15 -05:00 · 2025-02-16 15:40:15 -05:00 · dc6b6f8328
commit dc6b6f8328
parent b36895f108
34 changed files with 368 additions and 386 deletions
--- a/flake.nix
+++ b/flake.nix
@ -295,6 +295,9 @@
            inputs.wsl.nixosModules.wsl
            ./platforms/nixos
          ];
          specialArgs = {
            wallpapers = inputs.wallpapers;
          };
        };
      buildDarwin =
--- a/hosts-old/aarch64-darwin/default.nix
+++ b/hosts-old/aarch64-darwin/default.nix
--- a/hosts-old/aarch64-linux/default.nix
+++ b/hosts-old/aarch64-linux/default.nix
--- a/hosts-old/x86_64-linux/arrow/aws/ec2.tf
+++ b/hosts-old/x86_64-linux/arrow/aws/ec2.tf
--- a/hosts-old/x86_64-linux/arrow/aws/image.tf
+++ b/hosts-old/x86_64-linux/arrow/aws/image.tf
--- a/hosts-old/x86_64-linux/arrow/aws/main.tf
+++ b/hosts-old/x86_64-linux/arrow/aws/main.tf
--- a/hosts-old/x86_64-linux/arrow/aws/outputs.tf
+++ b/hosts-old/x86_64-linux/arrow/aws/outputs.tf
--- a/hosts-old/x86_64-linux/arrow/aws/variables.tf
+++ b/hosts-old/x86_64-linux/arrow/aws/variables.tf
--- a/hosts-old/x86_64-linux/arrow/default.nix
+++ b/hosts-old/x86_64-linux/arrow/default.nix
--- a/hosts-old/x86_64-linux/arrow/modules.nix
+++ b/hosts-old/x86_64-linux/arrow/modules.nix
--- a/hosts-old/x86_64-linux/arrow/vultr/main.tf
+++ b/hosts-old/x86_64-linux/arrow/vultr/main.tf
--- a/hosts-old/x86_64-linux/default.nix
+++ b/hosts-old/x86_64-linux/default.nix
--- a/hosts-old/x86_64-linux/hydra/default.nix
+++ b/hosts-old/x86_64-linux/hydra/default.nix
--- a/hosts-old/x86_64-linux/staff/default.nix
+++ b/hosts-old/x86_64-linux/staff/default.nix
--- a/hosts/aarch64-darwin/lookingglass/default.nix
+++ b/hosts/aarch64-darwin/lookingglass/default.nix
@ -1,60 +0,0 @@
 # The Looking Glass
 # System configuration for my work Macbook
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.darwin.lib.darwinSystem {
  system = "aarch64-darwin";
  specialArgs = { };
  modules = [
    ../../modules/common
    ../../modules/darwin
    (
      globals
      // rec {
        user = "Noah.Masur";
        gitName = "Noah-Masur_1701";
        gitEmail = "${user}@take2games.com";
      }
    )
    inputs.home-manager.darwinModules.home-manager
    inputs.mac-app-util.darwinModules.default
    {
      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
      networking.hostName = "NYCM-NMASUR2";
      networking.computerName = "NYCM-NMASUR2";
      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
      gui.enable = true;
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      mail.user = globals.user;
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = false;
      kitty.enable = true;
      discord.enable = true;
      firefox.enable = true;
      dotfiles.enable = true;
      terraform.enable = true;
      python.enable = true;
      rust.enable = true;
      lua.enable = true;
      obsidian.enable = true;
      kubernetes.enable = true;
      _1password.enable = true;
      slack.enable = true;
      wezterm.enable = true;
      yt-dlp.enable = true;
    }
  ];
 }
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -6,12 +6,28 @@
 # These days, probably use nixos-anywhere instead.
 rec {
  # Hardware
  networking.hostName = "flame";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
    hostnames =
      let
        baseName = "masu.rs";
      in
      {
        budget = "money.${baseName}";
        git = "git.${baseName}";
        influxdb = "influxdb.${baseName}";
        irc = "irc.${baseName}";
        metrics = "metrics.${baseName}";
        minecraft = "minecraft.${baseName}";
        n8n = "n8n.${baseName}";
        notifications = "ntfy.${baseName}";
        prometheus = "prom.${baseName}";
        secrets = "vault.${baseName}";
        status = "status.${baseName}";
      };
  };
  nmasur.profiles = {
@ -21,7 +37,10 @@ rec {
  };
  home-manager.users."noah" = {
-    nmasur.settings = nmasur.settings;
+    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
--- a/hosts/lookingglass/default.nix
+++ b/hosts/lookingglass/default.nix
@ -0,0 +1,39 @@
 # The Looking Glass
 # System configuration for my work Macbook
 rec {
  networking.hostName = "NYCM-NMASUR2";
  networking.computerName = "NYCM-NMASUR2";
  nmasur.settings = {
    username = "Noah.Masur";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    work.enable = true;
    extra.enable = true;
    gaming.enable = true;
  };
  home-manager.users."Noah.Masur" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
    };
    nmasur.profiles = {
      common.enable = true;
      darwin-base.enable = true;
      power-user.enable = true;
      work.enable = true;
      experimental.enable = true;
    };
    nmasur.presets.programs.git = {
      name = "Noah-Masur_1701";
      email = "${nmasur.settings.username}@take2games.com";
    };
  };
  identityFile = "/Users/${nmasur.settings.username}/.ssh/id_ed25519";
 }
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@ -0,0 +1,90 @@
 # The Swan
 # System configuration for my home NAS server
 rec {
  networking.hostName = "swan";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
    hostnames =
      let
        baseName = "masu.rs";
      in
      {
        audiobooks = "read.${baseName}";
        files = "files.${baseName}";
        paperless = "paper.${baseName}";
        photos = "photos.${baseName}";
        stream = "stream.${baseName}";
        content = "cloud.${baseName}";
        books = "books.${baseName}";
        download = "download.${baseName}";
      };
  };
  nmasur.profiles = {
    base.enable = true;
    server.enable = true;
    home.enable = true;
    nas.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
    };
  };
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usb_storage"
    "sd_mod"
  ];
  # Required for transcoding
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "radeon.si_support=0"
    "amdgpu.si_support=1"
    "radeon.cik_support=0"
    "amdgpu.cik_support=1"
    "amdgpu.dc=1"
  ];
  # Required binary blobs to boot on this machine
  hardware.enableRedistributableFirmware = true;
  # Prioritize efficiency over performance
  powerManagement.cpuFreqGovernor = "powersave";
  # Allow firmware updates
  hardware.cpu.intel.updateMicrocode = true;
  # ZFS
  # Generated with: head -c 8 /etc/machine-id
  networking.hostId = "600279f4"; # Random ID required for ZFS
  # Sets root ext4 filesystem instead of declaring it manually
  disko = {
    enableConfig = true;
    devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
  };
  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
      credentialsFile = ../../private/cloudflared-swan.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
    };
  };
 }
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@ -0,0 +1,104 @@
 # The Tempest
 # System configuration for my desktop
 rec {
  # Hardware
  networking.hostName = "tempest";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    home.enable = true;
    gui.enable = true;
    gaming.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      linux-gui.enable = true;
      linux-gaming.enable = true;
      power-user.enable = true;
      developer.enable = true;
      experimental.enable = true;
    };
  };
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  # Graphics and VMs
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [ "kvm-amd" ];
  services.xserver.videoDrivers = [ "amdgpu" ];
  # Required binary blobs to boot on this machine
  hardware.enableRedistributableFirmware = true;
  # Prioritize performance over efficiency
  powerManagement.cpuFreqGovernor = "performance";
  # Allow firmware updates
  hardware.cpu.amd.updateMicrocode = true;
  # Helps reduce GPU fan noise under idle loads
  hardware.fancontrol.enable = true;
  hardware.fancontrol.config = ''
    # Configuration file generated by pwmconfig, changes will be lost
    INTERVAL=10
    DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
    DEVNAME=hwmon0=amdgpu
    FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
    FCFANS= hwmon0/pwm1=hwmon0/fan1_input
    MINTEMP=hwmon0/pwm1=50
    MAXTEMP=hwmon0/pwm1=70
    MINSTART=hwmon0/pwm1=100
    MINSTOP=hwmon0/pwm1=10
    MINPWM=hwmon0/pwm1=10
    MAXPWM=hwmon0/pwm1=240
  '';
  # File systems must be declared in order to boot
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  # This is the boot filesystem for Grub
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
      credentialsFile = ../../private/cloudflared-tempest.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
    };
  };
  # Allows requests to force machine to wake up
  # This network interface might change, needs to be set specifically for each machine.
  # Or set usePredictableInterfaceNames = false
  networking.interfaces.enp5s0.wakeOnLan.enable = true;
 }
--- a/hosts/x86_64-linux/swan/default.nix
+++ b/hosts/x86_64-linux/swan/default.nix
@ -1,142 +0,0 @@
 # The Swan
 # System configuration for my home NAS server
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    inputs.disko.nixosModules.disko
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      server = true;
      physical = true;
      networking.hostName = "swan";
      # Not sure what's necessary but too afraid to remove anything
      boot.initrd.availableKernelModules = [
        "xhci_pci"
        "ahci"
        "nvme"
        "usb_storage"
        "sd_mod"
      ];
      # Required for transcoding
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelParams = [
        "radeon.si_support=0"
        "amdgpu.si_support=1"
        "radeon.cik_support=0"
        "amdgpu.cik_support=1"
        "amdgpu.dc=1"
      ];
      # Required binary blobs to boot on this machine
      hardware.enableRedistributableFirmware = true;
      # Prioritize efficiency over performance
      powerManagement.cpuFreqGovernor = "powersave";
      # Allow firmware updates
      hardware.cpu.intel.updateMicrocode = true;
      # ZFS
      zfs.enable = true;
      # Generated with: head -c 8 /etc/machine-id
      networking.hostId = "600279f4"; # Random ID required for ZFS
      # Sets root ext4 filesystem instead of declaring it manually
      disko = {
        enableConfig = true;
        devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
      };
      zramSwap.enable = true;
      swapDevices = [
        {
          device = "/swapfile";
          size = 4 * 1024; # 4 GB
        }
      ];
      boot.zfs = {
        # Automatically load the ZFS pool on boot
        extraPools = [ "tank" ];
        # Only try to decrypt datasets with keyfiles
        requestEncryptionCredentials = [
          "tank/archive"
          "tank/generic"
          "tank/nextcloud"
          "tank/generic/git"
        ];
        # If password is requested and fails, continue to boot eventually
        passwordTimeout = 300;
      };
      # Theming
      # Server doesn't require GUI
      gui.enable = false;
      # Still require colors for programs like Neovim, K9S
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
      };
      # Programs and services
      atuin.enable = true;
      neovim.enable = true;
      cloudflare.enable = true;
      dotfiles.enable = true;
      arrs.enable = true;
      filebrowser.enable = true;
      services.audiobookshelf.enable = true;
      services.bind.enable = true;
      services.caddy.enable = true;
      services.immich.enable = true;
      services.jellyfin.enable = true;
      services.nextcloud.enable = true;
      services.calibre-web.enable = true;
      services.openssh.enable = true;
      services.prometheus.enable = false;
      services.vmagent.enable = true;
      services.samba.enable = true;
      services.paperless.enable = true;
      services.postgresql.enable = true;
      system.autoUpgrade.enable = false;
      # Allows private remote access over the internet
      cloudflareTunnel = {
        enable = true;
        id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
        credentialsFile = ../../private/cloudflared-swan.age;
        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
      };
      # Send regular backups and litestream for DBs to an S3-like bucket
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
        resticBucket = "noahmasur-restic";
      };
      # Disable passwords, only use SSH key
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
      ];
    }
  ];
 }
--- a/hosts/x86_64-linux/tempest/default.nix
+++ b/hosts/x86_64-linux/tempest/default.nix
@ -1,153 +0,0 @@
 # The Tempest
 # System configuration for my desktop
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem rec {
  system = "x86_64-linux";
  specialArgs = {
    pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
  };
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      physical = true;
      networking.hostName = "tempest";
      # Not sure what's necessary but too afraid to remove anything
      boot.initrd.availableKernelModules = [
        "nvme"
        "xhci_pci"
        "ahci"
        "usb_storage"
        "usbhid"
        "sd_mod"
      ];
      # Graphics and VMs
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelModules = [ "kvm-amd" ];
      services.xserver.videoDrivers = [ "amdgpu" ];
      # I don't think I need this?
      # boot.kernelParams = [
      #   "video=DP-0:2560x1440@165"
      #   "video=DP-1:1920x1080@60"
      # ];
      # Required binary blobs to boot on this machine
      hardware.enableRedistributableFirmware = true;
      # Prioritize performance over efficiency
      powerManagement.cpuFreqGovernor = "performance";
      # Allow firmware updates
      hardware.cpu.amd.updateMicrocode = true;
      # Helps reduce GPU fan noise under idle loads
      hardware.fancontrol.enable = true;
      hardware.fancontrol.config = ''
        # Configuration file generated by pwmconfig, changes will be lost
        INTERVAL=10
        DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
        DEVNAME=hwmon0=amdgpu
        FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
        FCFANS= hwmon0/pwm1=hwmon0/fan1_input
        MINTEMP=hwmon0/pwm1=50
        MAXTEMP=hwmon0/pwm1=70
        MINSTART=hwmon0/pwm1=100
        MINSTOP=hwmon0/pwm1=10
        MINPWM=hwmon0/pwm1=10
        MAXPWM=hwmon0/pwm1=240
      '';
      # File systems must be declared in order to boot
      # This is the root filesystem containing NixOS
      fileSystems."/" = {
        device = "/dev/disk/by-label/nixos";
        fsType = "ext4";
      };
      # This is the boot filesystem for Grub
      fileSystems."/boot" = {
        device = "/dev/disk/by-label/boot";
        fsType = "vfat";
      };
      # Secrets must be prepared ahead before deploying
      passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
      # Theming
      # Turn on all features related to desktop and graphical applications
      gui.enable = true;
      # Set the system-wide theme, also used for non-graphical programs
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
      # Programs and services
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      media.enable = true;
      dotfiles.enable = true;
      firefox.enable = true;
      kitty.enable = true;
      _1password.enable = true;
      discord.enable = true;
      nautilus.enable = true;
      obsidian.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = true;
      keybase.enable = true;
      mullvad.enable = false;
      rust.enable = true;
      terraform.enable = true;
      wezterm.enable = true;
      yt-dlp.enable = true;
      gaming = {
        dwarf-fortress.enable = true;
        enable = true;
        steam.enable = true;
        moonlight.enable = true;
        legendary.enable = true;
        lutris.enable = true;
        ryujinx.enable = true;
      };
      services.vmagent.enable = true; # Enables Prometheus metrics
      services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
      # Allows private remote access over the internet
      cloudflareTunnel = {
        enable = true;
        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
        credentialsFile = ../../private/cloudflared-tempest.age;
        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
      };
      # Allows requests to force machine to wake up
      # This network interface might change, needs to be set specifically for each machine.
      # Or set usePredictableInterfaceNames = false
      networking.interfaces.enp5s0.wakeOnLan.enable = true;
    }
  ];
 }
--- a/pkgs/misc/wallpapers/package.nix
+++ b/pkgs/misc/wallpapers/package.nix
@ -0,0 +1,10 @@
 { pkgs, ... }:
 pkgs.
 pkgs.writeShellApplication
  {
    name = "ocr";
    runtimeInputs = [ pkgs.tesseract ];
    text = builtins.readFile ./ocr.sh;
  }
--- a/platforms/home-manager/modules/nmasur/profiles/linux-base.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-base.nix
@ -41,7 +41,7 @@ in
        trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put";
      };
      shellAbbrs = {
-        t = "trash";
+        t = lib.mkDefault "trash";
      };
    };
  };
--- a/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
@ -15,7 +15,9 @@ in
  config = lib.mkIf cfg.enable {
-    nmasur.programs.wine.enable = lib.mkDefault true;
+    nmasur.presets.programs = {
      wine.enable = lib.mkDefault true;
    };
    home.packages = lib.mkDefault [
      pkgs.heroic
--- a/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
@ -15,6 +15,32 @@ in
  config = lib.mkIf cfg.enable {
    nmasur.gtk.enable = lib.mkDefault true;
    nmasur.presets = {
      programs = {
        _1password.enable = lib.mkDefault true;
        aerc.enable = lib.mkDefault true;
        discord.enable = lib.mkDefault true;
        dotfiles.enable = lib.mkDefault true;
        firefox.enable = lib.mkDefault true;
        mpv.enable = lib.mkDefault true;
        nautilus.enable = lib.mkDefault true;
        nsxiv.enable = lib.mkDefault true;
        obsidian.enable = lib.mkDefault true;
        xclip.enable = lib.mkDefault true;
        wezterm.enable = lib.mkDefault true;
        zathura.enable = lib.mkDefault true;
      };
      services = {
        dunst.enable = lib.mkDefault false; # Off by default
        i3.enable = lib.mkDefault true;
        kanata.enable = lib.mkDefault true;
        keybase.enable = lib.mkDefault true;
        mbsync.enable = lib.mkDefault true;
        picom.enable = lib.mkDefault true;
        polybar.enable = lib.mkDefault true;
        volnoti.enable = lib.mkDefault true;
      };
    };
  };
 }
--- a/platforms/home-manager/modules/nmasur/profiles/power-user.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/power-user.nix
@ -56,6 +56,7 @@ in
      ripgrep.enable = lib.mkDefault true;
      prettyping.enable = lib.mkDefault true;
      weather.enable = lib.mkDefault true;
      yt-dlp.enable = lib.mkDefault true;
      zoxide.enable = lib.mkDefault true;
    };
--- a/platforms/nixos/modules/nmasur/presets/services/lightdm.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/lightdm.nix
@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
  wallpapers ? null,
  ...
 }:
@ -14,8 +15,9 @@ in
  options.nmasur.presets.services.lightdm = {
    enable = lib.mkEnableOption "Lightdm display manager";
    wallpaper = {
-      type = lib.types.path;
+      type = lib.types.nullOr lib.types.path;
      description = "Wallpaper background image file";
      default = "${wallpapers}/gruvbox/road.jpg";
    };
    gtk.theme = {
      name = lib.mkOption {
--- a/platforms/nixos/modules/nmasur/presets/zfs.nix
+++ b/platforms/nixos/modules/nmasur/presets/zfs.nix
@ -23,5 +23,28 @@ in
    prometheus.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
    ];
    zramSwap.enable = true;
    swapDevices = [
      {
        device = "/swapfile";
        size = 4 * 1024; # 4 GB
      }
    ];
    boot.zfs = {
      # Automatically load the ZFS pool on boot
      extraPools = [ "tank" ];
      # Only try to decrypt datasets with keyfiles
      requestEncryptionCredentials = [
        "tank/archive"
        "tank/generic"
        "tank/nextcloud"
        "tank/generic/git"
      ];
      # If password is requested and fails, continue to boot eventually
      passwordTimeout = 300;
    };
  };
 }
--- a/platforms/nixos/modules/nmasur/profiles/base.nix
+++ b/platforms/nixos/modules/nmasur/profiles/base.nix
@ -16,6 +16,12 @@ in
  config = lib.mkIf cfg.enable {
    nmasur.presets.services = {
      # Allow tunneling into the machine
      cloudflared.enable = lib.mkDefault true;
      openssh.enable = lib.mkDefault true;
    };
    # Allows us to declaritively set password
    users.mutableUsers = lib.mkDefault false;
@ -25,9 +31,6 @@ in
      # Create a home directory for human user
      isNormalUser = lib.mkDefault true;
      # Automatically create a password to start
      hashedPassword = lib.mkDefault config.passwordHash;
      extraGroups = lib.mkDefault [
        "wheel" # Sudo privileges
      ];
--- a/platforms/nixos/modules/nmasur/profiles/gaming.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gaming.nix
@ -17,14 +17,18 @@ in
    # Enable graphics acceleration
    hardware.graphics = {
-      enable = true;
+      enable = lib.mkDefault true;
-      enable32Bit = true;
+      enable32Bit = lib.mkDefault true;
    };
    # Enable gamemode which can be executed on a per-game basis
-    programs.gamemode.enable = true;
+    programs.gamemode.enable = lib.mkDefault true;
    environment.systemPackages = with pkgs; [ moonlight-qt ];
    nmasur.presets.programs = {
      steam.enable = lib.mkDefault true;
    };
  };
 }
--- a/platforms/nixos/modules/nmasur/profiles/gui.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gui.nix
@ -53,8 +53,13 @@ in
    # Detect monitors (brightness) for ddcutil
    hardware.i2c.enable = lib.mkDefault true;
-    # Grant main user access to external monitors
+    users.users.${username} = {
-    users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
+      # Grant main user access to external monitors
      extraGroups = lib.mkDefault [ "i2c" ];
      # Automatically create a password to start
      hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
    };
    services.xserver.displayManager = {
--- a/platforms/nixos/modules/nmasur/profiles/home.nix
+++ b/platforms/nixos/modules/nmasur/profiles/home.nix
@ -16,11 +16,13 @@ in
  config = lib.mkIf cfg.enable {
-    # Configure physical power buttons
+    nmasur.presets.services = {
-    nmasur.presets.services.logind.enable = lib.mkDefault true;
+      # Configure physical power buttons
      logind.enable = lib.mkDefault true;
    };
    # Enable automatic timezone updates based on location
-    services.tzupdate.enable = lib.mkDefault true;
+    services.automatic-timezoned.enable = lib.mkDefault true;
    # Allow reading from Windows drives
    boot.supportedFilesystems = [ "ntfs" ];
@ -41,24 +43,26 @@ in
    # Wake up tempest with a command
    environment.systemPackages = [
-      (pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
+      (pkgs.writeShellScriptBin "wake-tempest" "${lib.getExe pkgs.wakeonlan} --ip=192.168.1.255 74:56:3C:40:37:5D")
    ];
    # Prevent wake from keyboard
-    powerManagement.powerDownCommands = lib.mkDefault ''
+    powerManagement.powerDownCommands =
-      set +e
+      lib.mkDefault # bash
        ''
          set +e
-      # Fix for Gigabyte motherboard
+          # Fix for Gigabyte motherboard
-      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
+          # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
-      # Disable if enabled
+          # Disable if enabled
-      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
+          if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
-          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
+              echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
-      fi
+          fi
-      sleep 2
+          sleep 2
-      set -e
+          set -e
-    '';
+        '';
    services.udev.extraRules = lib.mkDefault ''
      ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
      ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"
--- a/platforms/nixos/modules/nmasur/profiles/nas.nix
+++ b/platforms/nixos/modules/nmasur/profiles/nas.nix
@ -25,16 +25,17 @@ in
        bind.enable = lib.mkDefault true;
        caddy.enable = lib.mkDefault true;
        calibre-web.enable = lib.mkDefault true;
        cloudflare.enable = lib.mkDefault true;
        cloudflared.enable = lib.mkDefault true;
        cloudflare.enable = lib.mkDefault true;
        filebrowser.enable = lib.mkDefault true;
        immich.enable = lib.mkDefault true;
        jellyfin.enable = lib.mkDefault true;
        nextcloud.enable = lib.mkDefault true;
        nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
        paperless.enable = lib.mkDefault true;
        samba.enable = lib.mkDefault true;
        postgresql.enable = lib.mkDefault true;
        samba.enable = lib.mkDefault true;
        vm-agent.enable = lib.mkDefault true;
      };
    };
--- a/platforms/nixos/modules/services/filebrowser.nix
+++ b/platforms/nixos/modules/services/filebrowser.nix
@ -20,7 +20,7 @@ let
    "auth.method" = "json";
    username = username;
    # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
-    password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
+    password = cfg.passwordHash;
  };
 in
@ -31,6 +31,7 @@ in
    passwordHash = lib.mkOption {
      type = lib.types.str;
      description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
      default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
    };
  };