Fresh start to clean history after subtree experiments

nixos/homeserver/configuration.nix

@@ -0,0 +1,258 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./filesystems.nix
+    ./firewall.nix
+  ];
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+
+  networking.hostName = "homeserver"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Dublin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_IE.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_IE.UTF-8";
+    LC_IDENTIFICATION = "en_IE.UTF-8";
+    LC_MEASUREMENT = "en_IE.UTF-8";
+    LC_MONETARY = "en_IE.UTF-8";
+    LC_NAME = "en_IE.UTF-8";
+    LC_NUMERIC = "en_IE.UTF-8";
+    LC_PAPER = "en_IE.UTF-8";
+    LC_TELEPHONE = "en_IE.UTF-8";
+    LC_TIME = "en_IE.UTF-8";
+  };
+
+  nix = {
+    registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
+    nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+    };
+    extraOptions = ''
+      trusted-users = root cianh
+    '';
+  };
+
+  environment.etc =
+    lib.mapAttrs'
+    (name: value: {
+      name = "nix/path/${name}";
+      value.source = value.flake;
+    })
+    config.nix.registry
+    // {
+      "justfile" = {
+        text = ''
+          default:
+              @just -g --list
+
+          update-root:
+              if `/usr/bin/env grep -Rq "nixos" /etc/*-release`; then \
+                  nixos-rebuild switch --flake /home/cianh/.config/nix/#$HOSTNAME; \
+              fi
+        '';
+        mode = "0644";
+      };
+      "root_gitconfig" = {
+        text = ''
+          [safe]
+              directory = /home/cianh/.config/nix
+        '';
+      };
+    };
+
+  system.activationScripts.linkRootJustfile = {
+    text = ''
+      ln -sf /etc/justfile /root/.justfile
+      mkdir -p /root/.config/git
+      ln -sf /etc/root_gitconfig /root/.config/git/config
+    '';
+    deps = [];
+  };
+
+  # Configure console keymap
+  console.keyMap = "uk";
+
+  users.users = {
+    cianh = {
+      isNormalUser = true;
+      hashedPasswordFile = "/etc/hashedPasswordFile";
+      description = "Cian Hughes";
+      extraGroups = ["networkmanager" "wheel" "docker" "podman" "nixcfg"];
+      shell = unstablePkgs.nushell;
+      openssh.authorizedKeys.keyFiles = [
+        ./ssh/authorized_keys
+      ];
+    };
+
+    root = {
+      shell = pkgs.bashInteractive;
+      openssh.authorizedKeys.keyFiles = [
+        ./ssh/authorized_keys
+      ];
+      extraGroups = ["docker" "podman" "nixcfg"];
+    };
+  };
+
+  # $ nix search wget
+  environment.systemPackages =
+    (with pkgs; [
+      atuin
+      bat
+      bitwarden-cli
+      bottom
+      delta
+      du-dust
+      duf
+      fastfetch
+      fd
+      fzf
+      gh
+      git
+      git-extras
+      glab
+      glow
+      gnupg
+      hexyl
+      killall
+      less
+      libsecret
+      netcat-gnu
+      nix-index
+      openssl
+      ouch
+      pass
+      passh
+      pinentry-tty
+      pkg-config
+      podman-compose
+      powertop
+      pueue
+      ripgrep
+      rm-improved
+      starship
+      tealdeer
+      wget
+      wl-clipboard
+      xclip
+      xcp
+      zellij
+      zoxide
+      monaspace
+      nerdfonts
+      brotli
+      gcc
+      gnumake
+      micro
+    ])
+    ++ (with unstablePkgs; [
+      just
+      neovim
+      nushell
+      onefetch
+      serie
+      yazi
+    ]);
+
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+    withPython3 = true;
+    withNodeJs = true;
+    withRuby = true;
+  };
+
+  # Enable the OpenSSH daemon and other remote tools.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+    extraConfig = "UsePAM yes";
+  };
+  # Modify the SSH service to prioritise because server is headless
+  systemd.services.sshd = {
+    requires = []; # Remove any non-essential dependencies
+    after = ["network.target"]; # Only need to wait for networking (obviously)
+    serviceConfig = {
+      # If SSH dies, we want to restart it asap
+      Restart = "always";
+      RestartSec = "3";
+      StartLimitIntervalSec = "0";
+      # The CPU should never be too busy to respond to SSH
+      CPUSchedulingPolicy = "rr";
+      CPUSchedulingPriority = "99";
+      IOSchedulingClass = "realtime";
+      IOSchedulingPriority = "0";
+      # Finally, if the system hits an OOM, for the love of god dont kill SSH until last
+      OOMScoreAdjust = "-1000";
+    };
+  };
+
+  # Add custom services
+  systemd.services.pueued = {
+    enable = true;
+    description = "Pueue Daemon - CLI process scheduler and manager";
+    wantedBy = ["default.target"];
+    serviceConfig = {
+      Restart = "no";
+      ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv";
+    };
+  };
+
+  # Enable GPG signing
+  services.pcscd.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-tty;
+    enableSSHSupport = true;
+  };
+
+  virtualisation = {
+    containers.enable = true;
+
+    podman = {
+      enable = true;
+      # Create a `docker` alias for podman, to use it as a drop-in replacement
+      dockerCompat = true;
+      dockerSocket.enable = true;
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+  # Set user config settings
+  users.defaultUserShell = pkgs.nushell;
+  fonts = {
+    enableDefaultPackages = true;
+    fontDir.enable = true;
+    fontconfig.defaultFonts.monospace = ["MonaspiceArNerdFontMono"];
+  };
+}

nixos/homeserver/filesystems.nix

@@ -0,0 +1,21 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  fileSystems = {
+    "/home/cianh/TV_Archive" = {
+      device = "/dev/disk/by-uuid/2ac3aa3e-91bf-4a98-9fb6-3c0235545be9";
+      fsType = "ext4";
+      options = ["nofail" "x-systemd.automount"];
+    };
+    "/home/cianh/Nextcloud" = {
+      device = "/dev/disk/by-uuid/10ebaf9a-f519-4990-b814-9d6825ad692f";
+      fsType = "ext4";
+      options = ["nofail" "x-systemd.automount"];
+    };
+  };
+}

nixos/homeserver/firewall.nix

@@ -0,0 +1,29 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80 # Webpage
+      3000 # Grafana
+      3005 # Plex
+      8096 # Jellyfin
+      8324 # Plex
+      32400 # Plex
+      32469 # Plex
+    ];
+    allowedUDPPorts = [
+      1900 # Plex
+      32410 # Plex
+      32412 # Plex
+      32413 # Plex
+      32414 # Plex
+    ];
+  };
+}

nixos/homeserver/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/b6757b17-330d-4820-a45f-bad5e7f06516";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AAE3-7115";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/173de2f3-09e8-4175-9f52-c8b6ea970ad5"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/homeserver/ssh/authorized_keys

@@ -0,0 +1,4 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDasyiBOJEJvM0OsRJVqTdNzbVnv7sf8yFz8DGmb3Jl1YdCdDnH7GI6VA0Z0WyMsaKy0xSC0JDkjEoWWr2aLCRoYb49x/WDCVPM6Kj2C9c29YUDvA2binE6PTFQyXNJ/p/uAov9QSTGaVUH4eG91S/4LILXwlgUR6tMrhbit+UlAWAPRUa8H/dwWBxXKjCpolIiFpDE7nRqpG85js3zlde5BBH/xso5koeNaS7hpkzbuhpF+9WyscWKWqJzUhYWSdb1VsXM6lrRRgBdPwnwPc5rV0h3xQw3XxBuYAAxEAd4RygCNO1WO2Z6P2b7g/tJfdSqSOeVVFgMUYB0f/OT2X3uP4nm/sR9KQ3w8J9N7Kz7Ql6a/ZAyBLAaRRSfIbiXfYL2J3CT9/mQnlWFOlE2t09pMF0GeoxBKGDwZRKeMyZOSvjkHXqKXTWg7VUJs36ixl4G1liqKsVpLBPfh5vw1RCqi9ZnuTru8HOmJE39vEu2NrSrmsfq5l/WzBd59Ns3Mu0bEfuLj2JEsxa8Xg/fMERGXukaLLZcNuxLQsVgQtIBC6VH2MUpEXEUNHXcrDh4Nj6lTGqHxQxQToa9fEsUozVSSRIhLMk35NdlSbAX5YWG5lisf9A/hzxPzLrQ+9K6gaqrTdeS1DBdl6pz1a9lUv1tAsLvtqhnAJ1zc0XHRiDksw==
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQContOwJDn+AlqueILooXw3nyPG/J/gEHMXWYiZKHpXxupzWCXEMFUa/Mkg5HKIlPZ06SrNGL+IpnLesEX+5tMCv2B5oFXz/nr1GzxlZwPOO3l61uttKAL/4KJW27Pgha5c8Z6TJctYWCPWzHj6YYb8ni3SEr1chjJ5bHNihScN/whFSdZMADws92Z86h5Z7onWbTlSaHZVy2yZZX/bCLcr4fTp1hMcQozv0Rt0NWD7bOtX7ghKgwfN+p3Nt7xbRWyyRvhXotiD7YMcaZAwT4+i+9g4nvpFd4zw4KvxXg7wCId2nKaY6P75jvfADzXNZhEJWKXjtDYrCiPBd2kEgDgyRsPypEwZvmKyL+SNYTjv1j4AlFJMS4/EWziq3CA+0qeY9osSQCpCzUSZlhNtQafugR7xYdMx5wUeWc/g9qNGmUlLkSib3gBU/mCVgHYPjuTMby25zDpBMmlrXxRbA185y4hLuj1F/8YhNzj0fAzKeSJpsbivl/FTso/hGCNOntCts1nikbVldSftWVxx7Dz2o0YhVWPyoCUeVLc1DInyhxrv+uMJbn8nuC1u003fZPlm0HpvR+ZVLP1ZiWM33pShEbX7XsKkmlFtw73dGkROlbenMl+ulA+ERNkoWD7g0ZKhUN+TNU7VmmzlXUpuimZjpiE68bGY6MZHrLBX6gTE3w== homeserver|chughes000@gmail.com
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDle7kPrzRNiwiO4JOgzBFxLOil0k+qeQttv+2ofvkGLBCOS5N06E3/bx1ZJ1kuDPZvWZgEQ8SUycgQXk7h1jiHMzMl/TMHm2p2+mu4z59eTPe+XtQaZFbx+ChCUeBTgBoyf/kyUfyqLY9ml4UTSLjBH5RqoBcxS3EDIuKH4ePDVBfHUO2Q+MAtr28cu4niqrVf2A+h0Co5OQp0TP++1cHfaRJbOdNJmX8xKIIeVbeAZyNMfsx5yDITkYv2VnMCIupiXhopu83IgY7UPRxGU31FFYKx7gtWo+gj/lGwddxwi77vOg9M7ygNXs28zMoHpULkiRs6m8TNI4zD8lKr3vHFWbflPjjjVPH9GphHxHvQJI4Crca0+ayoJzNPuWeAEK0DykzHRzM5HvM8x3jQGZbwz6lTj+6VSdlOI1mKsKP9d4NiM6PQ6xLt2kktIIwDbvtPHwMhVwbh8QrKiH7/lXoBmUe/hCxVEsL78aatrpj/T4P1+28gVzKoSPeL6+kL0/j/5OU0l3Z3Pu9jVG9GyVV3a5hP4jQfJy0FsCQejHinsltpWraKM1d1At/Wb9KJcG47xw8MDaj/OQXduzcBPpfsbwosn5mLiDMfF6taRwxVqLjPksx81dQ7siXFOuulNJpEZ3S4evSkffpU7j2484uGbrqFeX2vFm1qiZC5/59z/w== cianh@Rainbow-Laptop
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCEbctM0NQsW+69JPrTm4LhaA7r1S+cnXaTKyKdJF1giKMPW3IxK/w/A6jQwKphdQRMyXuwqdF9OWfZJ5zYVUJJj8ktHYdi4NttGbgLJw5UqFP5o1/oLi06LvENZglpice6OccOo0gKT2y3uBZ91Ifzb6yGhEdZL4fORS4SsUpPeb5W8TJi6FHHcPRuSggscZfRCLp08iiXSVM46o8fmQBuO9XZsu9KSoKgSE2oqgIPa4upOYiFhD8b4e4nUpDGCFTkRc8nFcCPQVnN1z4+13iRAg/gTKuertqeGaD7wqGZfSJpgp9BjyL4QLdgUP+EUXREJeVHGw5EYMRE8gjg5NAzXXn+DIGULjhUDJ5SneZ8jbZJXkMThFMHdK/iUJ5XZOJFJxDMtClGMZ1e25N+HZbrtCokDFHD6BcH5tf2CJusYgvmY3dUTl1iOxkF4mFyjY9OqO6BwgWjRKTAWzQsUrzE1/Q4zeWqaxb4+GkbgniHu6gkjHlBm058DKJ1zM2GzwDlBcFyvtTg2e9bD84o6VQamhuexkG2YGR/RhCLQykmDT4WLUywukaBblbonJemk82RgVHKx2434osXKh7zplQIlyN63UUtn9JLgiaRklKNTL4wVbe+qBWn+od97EFRQAd5oQlUFDz7H5wt1cx0YeoADHwB/omMSQq+PSnxS8S3Q== cianh@raspberrypi

nixos/worklaptop/configuration.nix

@@ -0,0 +1,367 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./theming.nix
+  ];
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = false;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+  hardware.nvidia-container-toolkit.enable = true;
+
+  # Bootloader.
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        efiSupport = true;
+        device = "nodev";
+        useOSProber = true;
+      };
+      efi = {
+        efiSysMountPoint = "/boot/efi";
+        canTouchEfiVariables = true;
+      };
+    };
+  };
+
+  networking.hostName = "worklaptop"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Dublin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_IE.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_IE.UTF-8";
+    LC_IDENTIFICATION = "en_IE.UTF-8";
+    LC_MEASUREMENT = "en_IE.UTF-8";
+    LC_MONETARY = "en_IE.UTF-8";
+    LC_NAME = "en_IE.UTF-8";
+    LC_NUMERIC = "en_IE.UTF-8";
+    LC_PAPER = "en_IE.UTF-8";
+    LC_TELEPHONE = "en_IE.UTF-8";
+    LC_TIME = "en_IE.UTF-8";
+  };
+
+  nix = {
+    registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
+    nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+    };
+    extraOptions = ''
+      trusted-users = root cianh
+    '';
+  };
+
+  environment.etc =
+    lib.mapAttrs'
+    (name: value: {
+      name = "nix/path/${name}";
+      value.source = value.flake;
+    })
+    config.nix.registry;
+
+  # Load nvidia driver for Xorg and Wayland
+  services = {
+    xserver = {
+      videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc.
+      enable = true;
+      displayManager.gdm.enable = true;
+      desktopManager.gnome.enable = false;
+      xkb = {
+        layout = "ie";
+        variant = "";
+      };
+    };
+  };
+
+  # Configure console keymap
+  console.keyMap = "ie";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  users.users.cianh = {
+    isNormalUser = true;
+    hashedPasswordFile = "/etc/hashedPasswordFile";
+    description = "Cian Hughes";
+    extraGroups = ["networkmanager" "wheel" "libvirtd"];
+    shell = unstablePkgs.nushell;
+  };
+  # # The hack below sets the user profile image declaratively
+  system.activationScripts.script.text = ''
+    mkdir -p /var/lib/AccountsService/{icons,users}
+    cp /home/cianh/Pictures/face.png /var/lib/AccountsService/icons/cianh
+    echo "[User]
+    Session=
+    Icon=/var/lib/AccountsService/icons/cianh
+    SystemAccount=false" > /var/lib/AccountsService/users/cianh
+    chown root:root /var/lib/AccountsService/users/cianh
+    chmod 0600 /var/lib/AccountsService/users/cianh
+    chown root:root /var/lib/AccountsService/icons/cianh
+    chmod 0444 /var/lib/AccountsService/icons/cianh
+  '';
+
+  # $ nix search wget
+  environment.systemPackages =
+    (with pkgs; [
+      # shell env programs
+      atuin
+      bat
+      bitwarden-cli
+      bottom
+      delta
+      du-dust
+      duf
+      fastfetch
+      fd
+      fzf
+      gdm
+      gh
+      git
+      git-extras
+      glab
+      glow
+      gnupg
+      grub2_efi
+      hexyl
+      killall
+      less
+      libsecret
+      mosh
+      netcat-gnu
+      nix-index
+      nix-ld
+      nmap
+      nodejs
+      openssl
+      ouch
+      pass
+      passh
+      phinger-cursors
+      pinentry-gnome3
+      pkg-config
+      podman-compose
+      powertop
+      pueue
+      qmk
+      qmk-udev-rules
+      qmk_hid
+      ripgrep
+      rm-improved
+      seahorse
+      starship
+      tealdeer
+      wget
+      wl-clipboard
+      xclip
+      xcp
+      xfce.thunar
+      xfce.tumbler
+      zellij
+      zoxide
+      # package managers
+      flatpak
+      # back-end dev tools
+      brotli
+      gcc
+      gnumake
+      # front-end dev environment
+      micro
+      # DE and accompanying tools
+      wayland
+      wayland-utils
+      sway # More stable, backup DE
+      hyprland
+      hyprlock
+      hyprpaper
+      hyprpicker
+      hyprshot
+      xdg-desktop-portal-hyprland
+      xdg-desktop-portal-wlr
+      xdg-desktop-portal-gtk
+      xdg-desktop-portal-xapp
+    ])
+    ++ (with unstablePkgs; [
+      just
+      ghostty
+      kitty
+      libnotify
+      neovim
+      nushell
+      onefetch
+      ruff
+      serie
+      swaynotificationcenter
+      uv
+      waybar
+      wofi
+      yazi
+    ]);
+
+  hardware.keyboard.qmk.enable = true;
+
+  # Activate DEs
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+  programs.sway = {
+    enable = true;
+    extraOptions = ["--unsupported-gpu"];
+  };
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+    withPython3 = true;
+    withNodeJs = true;
+    withRuby = true;
+  };
+  programs.waybar.enable = true;
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  # Enable my preferred DE utilities
+  programs.thunar.enable = true;
+  programs.thunar.plugins = with pkgs.xfce; [
+    thunar-volman
+    thunar-archive-plugin
+    thunar-media-tags-plugin
+  ];
+  services.gvfs.enable = true;
+  services.tumbler.enable = true;
+  programs.xfconf.enable = true;
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = [
+      pkgs.xdg-desktop-portal-hyprland
+      pkgs.xdg-desktop-portal-gtk
+    ];
+  };
+
+  # Disable automatically activated programs i dont want
+  programs.foot.enable = false;
+
+  # Lets also activate some handy devenv tools
+  programs.direnv.enable = true;
+  programs.direnv.nix-direnv.enable = true;
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs; [
+      acl
+      alsa-lib
+      at-spi2-core
+      attr
+      bzip2
+      curl
+      dbus
+      expat
+      glib
+      libsodium
+      libssh
+      libxml2
+      nspr
+      nss
+      openssl
+      pango
+      stdenv.cc
+      systemd
+      util-linux
+      vulkan-loader
+      xz
+      zlib
+      zstd
+    ];
+  };
+
+  # Enable flatpaks
+  services.flatpak.enable = true;
+
+  # Enable the OpenSSH daemon and other remote tools.
+  services.openssh.enable = true;
+  programs.mosh.enable = true;
+
+  # Add custom services
+  systemd.services.pueued = {
+    enable = true;
+    description = "Pueue Daemon - CLI process scheduler and manager";
+    wantedBy = ["default.target"];
+    serviceConfig = {
+      Restart = "no";
+      ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv";
+    };
+  };
+
+  # Enable GPG signing
+  services.gnome.gnome-keyring.enable = true;
+  programs.seahorse.enable = true; # enable the graphical frontend
+  security.pam.services.gdm.enableGnomeKeyring = true; # load gnome-keyring at startup
+  services.pcscd.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gnome3;
+    enableSSHSupport = true;
+  };
+
+  virtualisation = {
+    containers.enable = true;
+
+    podman = {
+      enable = true;
+      # Create a `docker` alias for podman, to use it as a drop-in replacement
+      dockerCompat = true;
+      dockerSocket.enable = true;
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+    libvirtd.enable = true;
+  };
+  programs.virt-manager.enable = true;
+
+  system.stateVersion = "23.11"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+  # Set user config settings
+  users.defaultUserShell = pkgs.nushell;
+}

nixos/worklaptop/hardware-configuration.nix

@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/1eec95dd-9663-4a46-8b6f-10f7754322fa";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/056D-249D";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/92c16a05-22ad-436d-a6ca-37d5f0c2cc3d";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 24 * 1024;
+    }
+    {
+      device = "/home/.swapfile";
+      size = 64 * 1024;
+    }
+  ];
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp58s0u1u4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/worklaptop/theming.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  # GTK theming
+  environment.sessionVariables.GTK_THEME = "Tokyonight-Dark";
+
+  # Delegate QT theming to kvantum
+  environment.sessionVariables.QT_STYLE_OVERRIDE = "kvantum";
+
+  # Fonts
+  fonts = {
+    enableDefaultPackages = true;
+    fontDir.enable = true;
+
+    fontconfig = {
+      defaultFonts = {
+        serif = ["NotoSerifNerdFont"];
+        sansSerif = ["NotoSansNerdFont"];
+        monospace = ["MonaspiceArNerdFontMono"];
+      };
+    };
+  };
+
+  # Theming packages
+  environment.systemPackages = with pkgs; [
+    # fonts
+    corefonts
+    liberation_ttf
+    monaspace
+    nerdfonts
+    nerd-font-patcher
+    noto-fonts
+    noto-fonts-color-emoji
+    vistafonts
+    winePackages.fonts
+    # Cursor
+    hyprcursor
+    # QT
+    libsForQt5.qtstyleplugin-kvantum
+    qt6Packages.qtstyleplugin-kvantum
+    # Adwaita (i love gnome, but god damn is adwaita annoying on other DEs)
+    adwaita-icon-theme
+    libadwaita
+  ];
+}