flake.lock

@@ -557,6 +557,7 @@
         "tree-sitter-python": "tree-sitter-python",
         "tree-sitter-rasi": "tree-sitter-rasi",
         "tree-sitter-vimdoc": "tree-sitter-vimdoc",
+        "wallpapers": "wallpapers",
         "wsl": "wsl",
         "zenyd-mpv-scripts": "zenyd-mpv-scripts"
       }
@@ -809,6 +810,22 @@
         "type": "github"
       }
     },
+    "wallpapers": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1657544922,
+        "narHash": "sha256-1c1uDz37MhksWC75myv6jao5q2mIzD8X8I+TykXXmWg=",
+        "owner": "exorcist365",
+        "repo": "wallpapers",
+        "rev": "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "exorcist365",
+        "repo": "wallpapers",
+        "type": "gitlab"
+      }
+    },
     "wsl": {
       "inputs": {
         "flake-compat": "flake-compat_2",

flake.nix

@@ -52,11 +52,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # # Wallpapers
+    # Wallpapers
-    # wallpapers = {
+    wallpapers = {
-    #   url = "gitlab:exorcist365/wallpapers";
+      url = "gitlab:exorcist365/wallpapers";
-    #   flake = false;
+      flake = false;
-    # };
+    };
 
     # Used to generate NixOS images for other platforms
     nixos-generators = {
@@ -295,9 +295,6 @@
             inputs.wsl.nixosModules.wsl
             ./platforms/nixos
           ];
-          # specialArgs = {
-          #   wallpapers = inputs.wallpapers;
-          # };
         };
 
       buildDarwin =
@@ -320,8 +317,7 @@
       # Create nixosConfigurations using the different pkgs for each system
       # What to do with home config?
 
-      nixosModules = import ./hosts/nixos nixpkgs;
+      nixosModules = import ./hosts/x86_64-linux nixpkgs // import ./hosts/aarch64-linux nixpkgs;
-      darwinModules = import ./hosts/darwin nixpkgs;
 
       # Contains my full system builds, including home-manager
       # nixos-rebuild switch --flake .#tempest
@@ -351,27 +347,24 @@
 
       # Contains my full Mac system builds, including home-manager
       # darwin-rebuild switch --flake .#lookingglass
-      darwinConfigurations = builtins.mapAttrs (
+      darwinConfigurations = builtins.mapAttrs buildDarwin {
-        name: module:
+        pkgs = pkgsBySystem.aarch64-darwin;
-        buildDarwin {
+        modules = import ./hosts/darwin;
-          pkgs = pkgsBySystem.aarch64-darwin;
+      };
-          modules = [ module ];
-        }
-      ) darwinModules;
-      # darwinConfigurations = builtins.mapAttrs buildDarwin {
-      #   pkgs = pkgsBySystem.aarch64-darwin;
-      #   modules = import ./hosts/darwin;
-      # };
 
       # For quickly applying home-manager settings with:
       # home-manager switch --flake .#tempest
-      homeConfigurations = builtins.mapAttrs (
+      homeConfigurations = rec {
-        name: module:
+        default = personal;
-        buildHome {
+        work = buildHome {
-          pkgs = pkgsBySystem.x86_64-linux;
+          pkgs = pkgsBySystem.aarch64-darwin;
-          module = [ module ];
+          modules = { };
-        }
+        };
-      ) nixosModules;
+        personal = buildHome {
+        };
+        tempest = nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
+        lookingglass = darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
+      };
 
       # Disk formatting, only used once
       diskoConfigurations = {

hosts/aarch64-darwin/lookingglass/default.nix

@@ -0,0 +1,60 @@
+# The Looking Glass
+# System configuration for my work Macbook
+
+{
+  inputs,
+  globals,
+  overlays,
+  ...
+}:
+
+inputs.darwin.lib.darwinSystem {
+  system = "aarch64-darwin";
+  specialArgs = { };
+  modules = [
+    ../../modules/common
+    ../../modules/darwin
+    (
+      globals
+      // rec {
+        user = "Noah.Masur";
+        gitName = "Noah-Masur_1701";
+        gitEmail = "${user}@take2games.com";
+      }
+    )
+    inputs.home-manager.darwinModules.home-manager
+    inputs.mac-app-util.darwinModules.default
+    {
+      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
+      networking.hostName = "NYCM-NMASUR2";
+      networking.computerName = "NYCM-NMASUR2";
+      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
+      gui.enable = true;
+      theme = {
+        colors = (import ../../colorscheme/gruvbox-dark).dark;
+        dark = true;
+      };
+      mail.user = globals.user;
+      atuin.enable = true;
+      charm.enable = true;
+      neovim.enable = true;
+      mail.enable = true;
+      mail.aerc.enable = true;
+      mail.himalaya.enable = false;
+      kitty.enable = true;
+      discord.enable = true;
+      firefox.enable = true;
+      dotfiles.enable = true;
+      terraform.enable = true;
+      python.enable = true;
+      rust.enable = true;
+      lua.enable = true;
+      obsidian.enable = true;
+      kubernetes.enable = true;
+      _1password.enable = true;
+      slack.enable = true;
+      wezterm.enable = true;
+      yt-dlp.enable = true;
+    }
+  ];
+}

hosts/darwin/default.nix

@@ -1,16 +0,0 @@
-# Return a list of all nix-darwin hosts
-
-{ lib, ... }:
-
-lib.pipe (lib.filesystem.listFilesRecursive ./.) [
-  # Get only files ending in default.nix
-  (builtins.filter (name: lib.hasSuffix "default.nix" name))
-  # Import each host function
-  map
-  (file: {
-    name = builtins.baseNameOf (builtins.dirOf file);
-    value = import file;
-  })
-  # Convert to an attrset of hostname -> host function
-  (builtins.listToAttrs)
-]

hosts/darwin/lookingglass/default.nix

@@ -1,39 +0,0 @@
-# The Looking Glass
-# System configuration for my work Macbook
-
-rec {
-  networking.hostName = "NYCM-NMASUR2";
-  networking.computerName = "NYCM-NMASUR2";
-
-  nmasur.settings = {
-    username = "Noah.Masur";
-    fullName = "Noah Masur";
-  };
-
-  nmasur.profiles = {
-    base.enable = true;
-    work.enable = true;
-    extra.enable = true;
-    gaming.enable = true;
-  };
-
-  home-manager.users."Noah.Masur" = {
-    nmasur.settings = {
-      username = nmasur.settings.username;
-      fullName = nmasur.settings.fullName;
-    };
-    nmasur.profiles = {
-      common.enable = true;
-      darwin-base.enable = true;
-      power-user.enable = true;
-      work.enable = true;
-      experimental.enable = true;
-    };
-    nmasur.presets.programs.git = {
-      name = "Noah-Masur_1701";
-      email = "${nmasur.settings.username}@take2games.com";
-    };
-  };
-
-  identityFile = "/Users/${nmasur.settings.username}/.ssh/id_ed25519";
-}

hosts/default.nix

@@ -1,6 +1,6 @@
 # Return a list of all hosts
 
 {
-  darwin-hosts = import ./darwin;
+  darwin-hosts = import ./aarch64-darwin;
-  linux-hosts = import ./nixos;
+  linux-hosts = import ./x86_64-linux // import ./aarch64-linux;
 }

hosts/flame/default.nix

@@ -6,28 +6,12 @@
 # These days, probably use nixos-anywhere instead.
 
 rec {
+  # Hardware
   networking.hostName = "flame";
 
   nmasur.settings = {
     username = "noah";
     fullName = "Noah Masur";
-    hostnames =
-      let
-        baseName = "masu.rs";
-      in
-      {
-        budget = "money.${baseName}";
-        git = "git.${baseName}";
-        influxdb = "influxdb.${baseName}";
-        irc = "irc.${baseName}";
-        metrics = "metrics.${baseName}";
-        minecraft = "minecraft.${baseName}";
-        n8n = "n8n.${baseName}";
-        notifications = "ntfy.${baseName}";
-        prometheus = "prom.${baseName}";
-        secrets = "vault.${baseName}";
-        status = "status.${baseName}";
-      };
   };
 
   nmasur.profiles = {
@@ -37,10 +21,7 @@ rec {
   };
 
   home-manager.users."noah" = {
-    nmasur.settings = {
+    nmasur.settings = nmasur.settings;
-      username = nmasur.settings.username;
-      fullName = nmasur.settings.fullName;
-    };
     nmasur.profiles = {
       common.enable = true;
       linux-base.enable = true;

hosts/nixos/default.nix

@@ -1,20 +0,0 @@
-# Return a list of all NixOS hosts
-
-{ nixpkgs, ... }:
-
-let
-  inherit (nixpkgs) lib;
-in
-
-lib.pipe (lib.filesystem.listFilesRecursive ./.) [
-  # Get only files ending in default.nix
-  (builtins.filter (name: lib.hasSuffix "default.nix" name))
-  # Import each host function
-  map
-  (file: {
-    name = builtins.baseNameOf (builtins.dirOf file);
-    value = import file;
-  })
-  # Convert to an attrset of hostname -> host function
-  (builtins.listToAttrs)
-]

hosts/nixos/swan/default.nix

@@ -1,90 +0,0 @@
-# The Swan
-# System configuration for my home NAS server
-
-rec {
-  networking.hostName = "swan";
-
-  nmasur.settings = {
-    username = "noah";
-    fullName = "Noah Masur";
-    hostnames =
-      let
-        baseName = "masu.rs";
-      in
-      {
-        audiobooks = "read.${baseName}";
-        files = "files.${baseName}";
-        paperless = "paper.${baseName}";
-        photos = "photos.${baseName}";
-        stream = "stream.${baseName}";
-        content = "cloud.${baseName}";
-        books = "books.${baseName}";
-        download = "download.${baseName}";
-      };
-  };
-
-  nmasur.profiles = {
-    base.enable = true;
-    server.enable = true;
-    home.enable = true;
-    nas.enable = true;
-  };
-
-  home-manager.users."noah" = {
-    nmasur.settings = {
-      username = nmasur.settings.username;
-      fullName = nmasur.settings.fullName;
-    };
-    nmasur.profiles = {
-      common.enable = true;
-      linux-base.enable = true;
-    };
-  };
-
-  # Not sure what's necessary but too afraid to remove anything
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "nvme"
-    "usb_storage"
-    "sd_mod"
-  ];
-
-  # Required for transcoding
-  boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.kernelParams = [
-    "radeon.si_support=0"
-    "amdgpu.si_support=1"
-    "radeon.cik_support=0"
-    "amdgpu.cik_support=1"
-    "amdgpu.dc=1"
-  ];
-
-  # Required binary blobs to boot on this machine
-  hardware.enableRedistributableFirmware = true;
-
-  # Prioritize efficiency over performance
-  powerManagement.cpuFreqGovernor = "powersave";
-
-  # Allow firmware updates
-  hardware.cpu.intel.updateMicrocode = true;
-
-  # ZFS
-  # Generated with: head -c 8 /etc/machine-id
-  networking.hostId = "600279f4"; # Random ID required for ZFS
-
-  # Sets root ext4 filesystem instead of declaring it manually
-  disko = {
-    enableConfig = true;
-    devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
-  };
-
-  # Allows private remote access over the internet
-  nmasur.presets.services.cloudflared = {
-    tunnel = {
-      id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
-      credentialsFile = ../../private/cloudflared-swan.age;
-      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
-    };
-  };
-}

hosts/nixos/tempest/default.nix

@@ -1,104 +0,0 @@
-# The Tempest
-# System configuration for my desktop
-
-rec {
-  # Hardware
-  networking.hostName = "tempest";
-
-  nmasur.settings = {
-    username = "noah";
-    fullName = "Noah Masur";
-  };
-
-  nmasur.profiles = {
-    base.enable = true;
-    home.enable = true;
-    gui.enable = true;
-    gaming.enable = true;
-  };
-
-  home-manager.users."noah" = {
-    nmasur.settings = {
-      username = nmasur.settings.username;
-      fullName = nmasur.settings.fullName;
-    };
-    nmasur.profiles = {
-      common.enable = true;
-      linux-base.enable = true;
-      linux-gui.enable = true;
-      linux-gaming.enable = true;
-      power-user.enable = true;
-      developer.enable = true;
-      experimental.enable = true;
-    };
-  };
-
-  # Not sure what's necessary but too afraid to remove anything
-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "ahci"
-    "usb_storage"
-    "usbhid"
-    "sd_mod"
-  ];
-
-  # Graphics and VMs
-  boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.kernelModules = [ "kvm-amd" ];
-  services.xserver.videoDrivers = [ "amdgpu" ];
-
-  # Required binary blobs to boot on this machine
-  hardware.enableRedistributableFirmware = true;
-
-  # Prioritize performance over efficiency
-  powerManagement.cpuFreqGovernor = "performance";
-
-  # Allow firmware updates
-  hardware.cpu.amd.updateMicrocode = true;
-
-  # Helps reduce GPU fan noise under idle loads
-  hardware.fancontrol.enable = true;
-  hardware.fancontrol.config = ''
-    # Configuration file generated by pwmconfig, changes will be lost
-    INTERVAL=10
-    DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
-    DEVNAME=hwmon0=amdgpu
-    FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
-    FCFANS= hwmon0/pwm1=hwmon0/fan1_input
-    MINTEMP=hwmon0/pwm1=50
-    MAXTEMP=hwmon0/pwm1=70
-    MINSTART=hwmon0/pwm1=100
-    MINSTOP=hwmon0/pwm1=10
-    MINPWM=hwmon0/pwm1=10
-    MAXPWM=hwmon0/pwm1=240
-  '';
-
-  # File systems must be declared in order to boot
-
-  # This is the root filesystem containing NixOS
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
-
-  # This is the boot filesystem for Grub
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/boot";
-    fsType = "vfat";
-  };
-
-  # Allows private remote access over the internet
-  nmasur.presets.services.cloudflared = {
-    tunnel = {
-      id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
-      credentialsFile = ../../private/cloudflared-tempest.age;
-      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
-    };
-  };
-
-  # Allows requests to force machine to wake up
-  # This network interface might change, needs to be set specifically for each machine.
-  # Or set usePredictableInterfaceNames = false
-  networking.interfaces.enp5s0.wakeOnLan.enable = true;
-}

hosts/x86_64-linux/swan/default.nix

@@ -0,0 +1,142 @@
+# The Swan
+# System configuration for my home NAS server
+
+{
+  inputs,
+  globals,
+  overlays,
+  ...
+}:
+
+inputs.nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  modules = [
+    globals
+    inputs.home-manager.nixosModules.home-manager
+    inputs.disko.nixosModules.disko
+    ../../modules/common
+    ../../modules/nixos
+    {
+      nixpkgs.overlays = overlays;
+
+      # Hardware
+      server = true;
+      physical = true;
+      networking.hostName = "swan";
+
+      # Not sure what's necessary but too afraid to remove anything
+      boot.initrd.availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "nvme"
+        "usb_storage"
+        "sd_mod"
+      ];
+
+      # Required for transcoding
+      boot.initrd.kernelModules = [ "amdgpu" ];
+      boot.kernelParams = [
+        "radeon.si_support=0"
+        "amdgpu.si_support=1"
+        "radeon.cik_support=0"
+        "amdgpu.cik_support=1"
+        "amdgpu.dc=1"
+      ];
+
+      # Required binary blobs to boot on this machine
+      hardware.enableRedistributableFirmware = true;
+
+      # Prioritize efficiency over performance
+      powerManagement.cpuFreqGovernor = "powersave";
+
+      # Allow firmware updates
+      hardware.cpu.intel.updateMicrocode = true;
+
+      # ZFS
+      zfs.enable = true;
+      # Generated with: head -c 8 /etc/machine-id
+      networking.hostId = "600279f4"; # Random ID required for ZFS
+
+      # Sets root ext4 filesystem instead of declaring it manually
+      disko = {
+        enableConfig = true;
+        devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
+      };
+
+      zramSwap.enable = true;
+      swapDevices = [
+        {
+          device = "/swapfile";
+          size = 4 * 1024; # 4 GB
+        }
+      ];
+
+      boot.zfs = {
+        # Automatically load the ZFS pool on boot
+        extraPools = [ "tank" ];
+        # Only try to decrypt datasets with keyfiles
+        requestEncryptionCredentials = [
+          "tank/archive"
+          "tank/generic"
+          "tank/nextcloud"
+          "tank/generic/git"
+        ];
+        # If password is requested and fails, continue to boot eventually
+        passwordTimeout = 300;
+      };
+
+      # Theming
+
+      # Server doesn't require GUI
+      gui.enable = false;
+
+      # Still require colors for programs like Neovim, K9S
+      theme = {
+        colors = (import ../../colorscheme/gruvbox-dark).dark;
+      };
+
+      # Programs and services
+      atuin.enable = true;
+      neovim.enable = true;
+      cloudflare.enable = true;
+      dotfiles.enable = true;
+      arrs.enable = true;
+      filebrowser.enable = true;
+      services.audiobookshelf.enable = true;
+      services.bind.enable = true;
+      services.caddy.enable = true;
+      services.immich.enable = true;
+      services.jellyfin.enable = true;
+      services.nextcloud.enable = true;
+      services.calibre-web.enable = true;
+      services.openssh.enable = true;
+      services.prometheus.enable = false;
+      services.vmagent.enable = true;
+      services.samba.enable = true;
+      services.paperless.enable = true;
+      services.postgresql.enable = true;
+      system.autoUpgrade.enable = false;
+
+      # Allows private remote access over the internet
+      cloudflareTunnel = {
+        enable = true;
+        id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
+        credentialsFile = ../../private/cloudflared-swan.age;
+        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
+      };
+
+      # Send regular backups and litestream for DBs to an S3-like bucket
+      backup.s3 = {
+        endpoint = "s3.us-west-002.backblazeb2.com";
+        bucket = "noahmasur-backup";
+        accessKeyId = "0026b0e73b2e2c80000000005";
+        resticBucket = "noahmasur-restic";
+      };
+
+      # Disable passwords, only use SSH key
+      publicKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      ];
+    }
+  ];
+}

hosts/x86_64-linux/tempest/default.nix

@@ -0,0 +1,153 @@
+# The Tempest
+# System configuration for my desktop
+
+{
+  inputs,
+  globals,
+  overlays,
+  ...
+}:
+
+inputs.nixpkgs.lib.nixosSystem rec {
+  system = "x86_64-linux";
+  specialArgs = {
+    pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
+    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
+  };
+  modules = [
+    globals
+    inputs.home-manager.nixosModules.home-manager
+    ../../modules/common
+    ../../modules/nixos
+    {
+      nixpkgs.overlays = overlays;
+
+      # Hardware
+      physical = true;
+      networking.hostName = "tempest";
+
+      # Not sure what's necessary but too afraid to remove anything
+      boot.initrd.availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+      ];
+
+      # Graphics and VMs
+      boot.initrd.kernelModules = [ "amdgpu" ];
+      boot.kernelModules = [ "kvm-amd" ];
+      services.xserver.videoDrivers = [ "amdgpu" ];
+
+      # I don't think I need this?
+      # boot.kernelParams = [
+      #   "video=DP-0:2560x1440@165"
+      #   "video=DP-1:1920x1080@60"
+      # ];
+
+      # Required binary blobs to boot on this machine
+      hardware.enableRedistributableFirmware = true;
+
+      # Prioritize performance over efficiency
+      powerManagement.cpuFreqGovernor = "performance";
+
+      # Allow firmware updates
+      hardware.cpu.amd.updateMicrocode = true;
+
+      # Helps reduce GPU fan noise under idle loads
+      hardware.fancontrol.enable = true;
+      hardware.fancontrol.config = ''
+        # Configuration file generated by pwmconfig, changes will be lost
+        INTERVAL=10
+        DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
+        DEVNAME=hwmon0=amdgpu
+        FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
+        FCFANS= hwmon0/pwm1=hwmon0/fan1_input
+        MINTEMP=hwmon0/pwm1=50
+        MAXTEMP=hwmon0/pwm1=70
+        MINSTART=hwmon0/pwm1=100
+        MINSTOP=hwmon0/pwm1=10
+        MINPWM=hwmon0/pwm1=10
+        MAXPWM=hwmon0/pwm1=240
+      '';
+
+      # File systems must be declared in order to boot
+
+      # This is the root filesystem containing NixOS
+      fileSystems."/" = {
+        device = "/dev/disk/by-label/nixos";
+        fsType = "ext4";
+      };
+
+      # This is the boot filesystem for Grub
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-label/boot";
+        fsType = "vfat";
+      };
+
+      # Secrets must be prepared ahead before deploying
+      passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
+
+      # Theming
+
+      # Turn on all features related to desktop and graphical applications
+      gui.enable = true;
+
+      # Set the system-wide theme, also used for non-graphical programs
+      theme = {
+        colors = (import ../../colorscheme/gruvbox-dark).dark;
+        dark = true;
+      };
+      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
+      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
+
+      # Programs and services
+      atuin.enable = true;
+      charm.enable = true;
+      neovim.enable = true;
+      media.enable = true;
+      dotfiles.enable = true;
+      firefox.enable = true;
+      kitty.enable = true;
+      _1password.enable = true;
+      discord.enable = true;
+      nautilus.enable = true;
+      obsidian.enable = true;
+      mail.enable = true;
+      mail.aerc.enable = true;
+      mail.himalaya.enable = true;
+      keybase.enable = true;
+      mullvad.enable = false;
+      rust.enable = true;
+      terraform.enable = true;
+      wezterm.enable = true;
+      yt-dlp.enable = true;
+      gaming = {
+        dwarf-fortress.enable = true;
+        enable = true;
+        steam.enable = true;
+        moonlight.enable = true;
+        legendary.enable = true;
+        lutris.enable = true;
+        ryujinx.enable = true;
+      };
+      services.vmagent.enable = true; # Enables Prometheus metrics
+      services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
+
+      # Allows private remote access over the internet
+      cloudflareTunnel = {
+        enable = true;
+        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
+        credentialsFile = ../../private/cloudflared-tempest.age;
+        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
+      };
+
+      # Allows requests to force machine to wake up
+      # This network interface might change, needs to be set specifically for each machine.
+      # Or set usePredictableInterfaceNames = false
+      networking.interfaces.enp5s0.wakeOnLan.enable = true;
+    }
+  ];
+}

pkgs/misc/wallpapers/package.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-
-pkgs.stdenv.mkDerivation {
-  pname = "wallpapers";
-  version = "0.1";
-  src = pkgs.fetchFromGitLab {
-    owner = "exorcist365";
-    repo = "wallpapers";
-    rev = "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc";
-    sha256 = "155lb7w563dk9kdn4752hl0zjhgnq3j4cvs9z98nb25k1xpmpki7";
-  };
-  installPhase = ''
-    cp -r $src/ $out/
-  '';
-}

platforms/home-manager/modules/nmasur/presets/services/i3.nix

@@ -20,7 +20,6 @@ in
     wallpaper = {
       type = lib.types.path;
       description = "Wallpaper background image file";
-      default = "${pkgs.wallpapers}/gruvbox/road.jpg";
     };
     commands = {
       launcher = lib.mkOption {

platforms/home-manager/modules/nmasur/profiles/linux-base.nix

@@ -41,7 +41,7 @@ in
         trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put";
       };
       shellAbbrs = {
-        t = lib.mkDefault "trash";
+        t = "trash";
       };
     };
   };

platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix

@@ -15,9 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    nmasur.presets.programs = {
+    nmasur.programs.wine.enable = lib.mkDefault true;
-      wine.enable = lib.mkDefault true;
-    };
 
     home.packages = lib.mkDefault [
       pkgs.heroic

platforms/home-manager/modules/nmasur/profiles/linux-gui.nix

@@ -15,32 +15,6 @@ in
   config = lib.mkIf cfg.enable {
 
     nmasur.gtk.enable = lib.mkDefault true;
-    nmasur.presets = {
-      programs = {
-        _1password.enable = lib.mkDefault true;
-        aerc.enable = lib.mkDefault true;
-        discord.enable = lib.mkDefault true;
-        dotfiles.enable = lib.mkDefault true;
-        firefox.enable = lib.mkDefault true;
-        mpv.enable = lib.mkDefault true;
-        nautilus.enable = lib.mkDefault true;
-        nsxiv.enable = lib.mkDefault true;
-        obsidian.enable = lib.mkDefault true;
-        xclip.enable = lib.mkDefault true;
-        wezterm.enable = lib.mkDefault true;
-        zathura.enable = lib.mkDefault true;
-      };
-      services = {
-        dunst.enable = lib.mkDefault false; # Off by default
-        i3.enable = lib.mkDefault true;
-        kanata.enable = lib.mkDefault true;
-        keybase.enable = lib.mkDefault true;
-        mbsync.enable = lib.mkDefault true;
-        picom.enable = lib.mkDefault true;
-        polybar.enable = lib.mkDefault true;
-        volnoti.enable = lib.mkDefault true;
-      };
-    };
 
   };
 }

platforms/home-manager/modules/nmasur/profiles/power-user.nix

@@ -56,7 +56,6 @@ in
       ripgrep.enable = lib.mkDefault true;
       prettyping.enable = lib.mkDefault true;
       weather.enable = lib.mkDefault true;
-      yt-dlp.enable = lib.mkDefault true;
       zoxide.enable = lib.mkDefault true;
     };
 

platforms/nixos/modules/nmasur/presets/services/lightdm.nix

@@ -14,9 +14,8 @@ in
   options.nmasur.presets.services.lightdm = {
     enable = lib.mkEnableOption "Lightdm display manager";
     wallpaper = {
-      type = lib.types.nullOr lib.types.path;
+      type = lib.types.path;
       description = "Wallpaper background image file";
-      default = "${pkgs.wallpapers}/gruvbox/road.jpg";
     };
     gtk.theme = {
       name = lib.mkOption {

platforms/nixos/modules/nmasur/presets/zfs.nix

@@ -23,28 +23,5 @@ in
     prometheus.scrapeTargets = [
       "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
     ];
-
-    zramSwap.enable = true;
-    swapDevices = [
-      {
-        device = "/swapfile";
-        size = 4 * 1024; # 4 GB
-      }
-    ];
-
-    boot.zfs = {
-      # Automatically load the ZFS pool on boot
-      extraPools = [ "tank" ];
-      # Only try to decrypt datasets with keyfiles
-      requestEncryptionCredentials = [
-        "tank/archive"
-        "tank/generic"
-        "tank/nextcloud"
-        "tank/generic/git"
-      ];
-      # If password is requested and fails, continue to boot eventually
-      passwordTimeout = 300;
-    };
-
   };
 }

platforms/nixos/modules/nmasur/profiles/base.nix

@@ -16,12 +16,6 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    nmasur.presets.services = {
-      # Allow tunneling into the machine
-      cloudflared.enable = lib.mkDefault true;
-      openssh.enable = lib.mkDefault true;
-    };
-
     # Allows us to declaritively set password
     users.mutableUsers = lib.mkDefault false;
 
@@ -31,6 +25,9 @@ in
       # Create a home directory for human user
       isNormalUser = lib.mkDefault true;
 
+      # Automatically create a password to start
+      hashedPassword = lib.mkDefault config.passwordHash;
+
       extraGroups = lib.mkDefault [
         "wheel" # Sudo privileges
       ];

platforms/nixos/modules/nmasur/profiles/gaming.nix

@@ -17,18 +17,14 @@ in
 
     # Enable graphics acceleration
     hardware.graphics = {
-      enable = lib.mkDefault true;
+      enable = true;
-      enable32Bit = lib.mkDefault true;
+      enable32Bit = true;
     };
 
     # Enable gamemode which can be executed on a per-game basis
-    programs.gamemode.enable = lib.mkDefault true;
+    programs.gamemode.enable = true;
 
     environment.systemPackages = with pkgs; [ moonlight-qt ];
 
-    nmasur.presets.programs = {
-      steam.enable = lib.mkDefault true;
-    };
-
   };
 }

platforms/nixos/modules/nmasur/profiles/gui.nix

@@ -53,13 +53,8 @@ in
     # Detect monitors (brightness) for ddcutil
     hardware.i2c.enable = lib.mkDefault true;
 
-    users.users.${username} = {
+    # Grant main user access to external monitors
-      # Grant main user access to external monitors
+    users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
-      extraGroups = lib.mkDefault [ "i2c" ];
-
-      # Automatically create a password to start
-      hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
-    };
 
     services.xserver.displayManager = {
 

platforms/nixos/modules/nmasur/profiles/home.nix

@@ -16,13 +16,11 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    nmasur.presets.services = {
+    # Configure physical power buttons
-      # Configure physical power buttons
+    nmasur.presets.services.logind.enable = lib.mkDefault true;
-      logind.enable = lib.mkDefault true;
-    };
 
     # Enable automatic timezone updates based on location
-    services.automatic-timezoned.enable = lib.mkDefault true;
+    services.tzupdate.enable = lib.mkDefault true;
 
     # Allow reading from Windows drives
     boot.supportedFilesystems = [ "ntfs" ];
@@ -43,26 +41,24 @@ in
 
     # Wake up tempest with a command
     environment.systemPackages = [
-      (pkgs.writeShellScriptBin "wake-tempest" "${lib.getExe pkgs.wakeonlan} --ip=192.168.1.255 74:56:3C:40:37:5D")
+      (pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
     ];
 
     # Prevent wake from keyboard
-    powerManagement.powerDownCommands =
+    powerManagement.powerDownCommands = lib.mkDefault ''
-      lib.mkDefault # bash
+      set +e
-        ''
-          set +e
 
-          # Fix for Gigabyte motherboard
+      # Fix for Gigabyte motherboard
-          # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
+      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
-          # Disable if enabled
+      # Disable if enabled
-          if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
+      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
-              echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
+          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
-          fi
+      fi
 
-          sleep 2
+      sleep 2
 
-          set -e
+      set -e
-        '';
+    '';
     services.udev.extraRules = lib.mkDefault ''
       ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
       ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"

platforms/nixos/modules/nmasur/profiles/nas.nix

@@ -25,17 +25,16 @@ in
         bind.enable = lib.mkDefault true;
         caddy.enable = lib.mkDefault true;
         calibre-web.enable = lib.mkDefault true;
-        cloudflared.enable = lib.mkDefault true;
         cloudflare.enable = lib.mkDefault true;
+        cloudflared.enable = lib.mkDefault true;
         filebrowser.enable = lib.mkDefault true;
         immich.enable = lib.mkDefault true;
         jellyfin.enable = lib.mkDefault true;
         nextcloud.enable = lib.mkDefault true;
         nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
         paperless.enable = lib.mkDefault true;
-        postgresql.enable = lib.mkDefault true;
         samba.enable = lib.mkDefault true;
-        vm-agent.enable = lib.mkDefault true;
+        postgresql.enable = lib.mkDefault true;
       };
     };
 

platforms/nixos/modules/services/filebrowser.nix

@@ -20,7 +20,7 @@ let
     "auth.method" = "json";
     username = username;
     # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
-    password = cfg.passwordHash;
+    password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
   };
 
 in
@@ -31,7 +31,6 @@ in
     passwordHash = lib.mkOption {
       type = lib.types.str;
       description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
-      default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
     };
   };