chore(flake): update flake lock to the latest version

Reviewed-on: #23

INSTALLATION.md

@@ -0,0 +1,118 @@
+# basic system installation
+
+- The installations presented in this repository are always luks encrypted
+- For simplicity I'm using device labels rather than uuids
+
+1. the partitioning layout should look somewhat like this after the installation
+```bash
+NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+nvme0n1            259:0    0 476.9G  0 disk
+├─nvme0n1p1        259:1    0     2G  0 part  /boot
+└─nvme0n1p2        259:2    0 474.9G  0 part
+  └─cryptroot      254:0    0 474.9G  0 crypt
+    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+    └─lvmroot-root 254:3    0 204.9G  0 lvm   /
+```
+
+> Note: `lsblk` may additionally show `/nix/store` as a mountpoint on `lvmroot-root`. This is not a separate partition. NixOS mounts the root device a second time at `/nix/store` with `ro,nosuid,nodev` flags to enforce store immutability at runtime.
+
+2. prepare the installation
+```bash
+# format the boot partition
+mkfs.fat -F 32 /dev/nvme0n1p1 -n "nixboot"
+# create an encrypted partition
+cryptsetup luksFormat -y --label="nixcrypt" /dev/nvme0n1p2
+# open the encrypted partition and map it to /dev/mapper/cryptroot
+cryptsetup luksOpen /dev/nvme0n1p2 cryptroot
+
+# create the physical volume
+pvcreate /dev/mapper/cryptroot
+# create a volume group inside
+vgcreate lvmroot /dev/mapper/cryptroot
+# create the swap volume
+lvcreate --size 8G lvmroot --name swap
+# if you desire, create a home volume
+lvcreate --size 150G lvmroot --name home
+# create the root volume
+lvcreate -l 100%FREE lvmroot --name root
+
+# format as usual for root partition
+mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
+# if you previously made the home partition, do it too
+mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
+# format the swap partition
+mkswap -L "nixswap" /dev/mapper/lvmroot-swap
+
+# mount root
+mount /dev/disk/by-label/nixroot /mnt
+# mount boot
+mount --mkdir /dev/nvme0n1p1 /mnt/boot
+# again, if you did the home volume
+mount --mkdir /dev/disk/by-label/nixhome /mnt/home
+# turn on swap
+swapon /dev/disk/by-label/nixswap
+```
+
+3. prepare nixos
+```bash
+# generate templates and update the hardware-configuration.nix
+nixos-generate-config --root /mnt
+
+# add dm-crypt and dm-mod to the kernelModules
+boot.initrd.kernelModules = [ "dm-crypt" "dm-mod" ];
+
+# add file systems using labels
+fileSystems."/" =
+  { device = "/dev/disk/by-label/nixroot";
+    fsType = "ext4";
+  };
+fileSystems."/boot" =
+  { device = "/dev/disk/by-label/nixboot";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+fileSystems."/home" =
+  { device = "/dev/disk/by-label/nixhome";
+    fsType = "ext4";
+  };
+swapDevices =
+  [ { device = "/dev/disk/by-label/nixswap"; }
+  ];
+
+# point the bootloader to the luks device
+boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+```
+
+4. install nixos
+```bash
+nixos-install
+```
+
+## how to deploy the initial config
+- Don't forget to install the bootloader, if you changed it since `nixos-install`
+```bash
+$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
+```
+
+## how to upgrade the system
+```bash
+$ cd /path/to/repo
+$ nix flake update
+$ sudo nixos-rebuild switch --flake .#host_name
+$ sudo nix-collect-garbage
+```
+
+## how to use nix-helper
+
+The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
+
+Basic commands with a set `NH_FLAKE` variable are:
+```bash
+$ nh os switch
+$ nh os build
+$ nh os test
+$ nh clean all --keep 5
+```
+
+There is also the option to interface with home-manager by using `nh home switch` but this isn't necessary since home-manager is imported as a module in this config.

README.md

@@ -1,117 +1,30 @@
-# 0x29a nixos config
+# NixOS config
 
-My personal nixos configuration files.
+My personal NixOS configurations.
 
-## basic system installation
+## config structure
-
-- The installations in this repository are always luks encrypted
-- For simplicity I'm using device labels rather than uuids
-
-1. the partitioning layout should look somewhat like this after the installation
 
 ```bash
-NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+.
-nvme0n1            259:0    0 476.9G  0 disk
+├── flake.lock
-├─nvme0n1p1        259:1    0     2G  0 part  /boot
+├── flake.nix # flake definition
-└─nvme0n1p2        259:2    0 474.9G  0 part
+├── hosts
-  └─cryptroot      254:0    0 474.9G  0 crypt
+│   └── neon
-    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+│       ├── configuration.nix # import nix-modules for specific host
-    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+│       └── hardware-configuration.nix # hardware configs for specific host
-    └─lvmroot-root 254:3    0 204.9G  0 lvm   /nix/store
+├── modules
-``` 
+│   ├── home-manager
-
+│   │   ├── xyz_module.nix
-2. prepare the installation
+│   └── nixos
-
+│       └── xyz_module.nix
-```bash
+└── users
-# format the boot partition
+    └── aaron
-mkfs.fat -F 32 /dev/sda1 -n "nixboot"
+        └── home.nix # import home-manager modules for specific user
-# create an encrypted partition
-cryptsetup luksFormat -y --label="nixcrypt" /dev/sda2
-# open the encrypted partition and map it to /dev/mapper/cryptroot
-cryptsetup luksOpen /dev/sda2 cryptroot
-
-# create the physical volume
-pvcreate /dev/mapper/cryptroot
-# create a volume group inside
-vgcreate lvmroot /dev/mapper/cryptroot
-# create the swap volume
-lvcreate --size 8G lvmroot --name nwap
-# if you desire, create a home volume
-lvcreate --size 150G lvmroot --name home
-# create the root volume
-lvcreate -l 100%FREE lvmroot --name root
-
-# format as usual for root partition
-mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
-# if you previously made the home partition, do it too
-mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
-# format the swap partition
-mkswap -L "nixswap" /dev/mapper/lvmroot-swap
-
-# mount root
-mount /dev/disk/by-label/nixroot /mnt
-# mount boot
-mount --mkdir /dev/sda1 /mnt/boot
-# again, if you did the home volume
-mount --mkdir /dev/disk/by-label/nixhome /mnt/home
-# turn on swap
-swapon /dev/disk/by-label/nixswap
 ```
 
-3. prepare nixos
+## installation
 
-
+For more details about the installation procedure see: [INSTALLATION.md](INSTALLATION.md)
-```bash
-# generate templates and update the hardware-configuration.nix
-sudo nixos-generate-config --root /mnt
-
-# add cryptd to the kernelModules
-boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
-
-# add file systems using labels
-fileSystems."/" =
-  { device = "/dev/disk/by-label/nixroot";
-    fsType = "ext4";
-  };
-fileSystems."/boot" =
-  { device = "/dev/disk/by-label/nixboot";
-    fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
-  };
-fileSystems."/home" =
-  { device = "/dev/disk/by-label/nixhome";
-    fsType = "ext4";
-  };
-swapDevices =
-  [ { device = "/dev/disk/by-label/nixswap"; }
-  ];
-
-# point the bootloader to the luks device
-boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
-```
-
-4. install nixos
-
-```bash
-cd /mnt
-sudo nixos-install
-```
-
-## how to deploy the inital config
-
-- Don't forget to install the bootloader, if you changed it since `nixos-install`
-
-```bash
-$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
-```
-
-## how to upgrade the system
-
-```bash
-$ cd /path/to/repo
-$ sudo nix flake update
-$ sudo nixos-rebuild switch --flake .#host_name
-```
 
 ## author
 

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765835352,
+        "lastModified": 1769996383,
-        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766282146,
+        "lastModified": 1772633327,
-        "narHash": "sha256-0V/nKU93KdYGi+5LB/MVo355obBJw/2z9b2xS3bPJxY=",
+        "narHash": "sha256-jl+DJB2DUx7EbWLRng+6HNWW/1/VQOnf0NsQB4PlA7I=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "61fcc9de76b88e55578eb5d79fc80f2b236df707",
+        "rev": "5a75730e6f21ee624cbf86f4915c6e7489c74acc",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1766070988,
+        "lastModified": 1772542754,
-        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1766273987,
+        "lastModified": 1772402258,
-        "narHash": "sha256-Y8hL2zGyt7xn5J1V806GJ9tMEk6NgVlU7xe4dS4fThE=",
+        "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "ff00fe1512dfcb31b01d770738de9299b434449b",
+        "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10",
         "type": "github"
       },
       "original": {
@@ -83,14 +83,15 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "noctalia-qs": "noctalia-qs"
       },
       "locked": {
-        "lastModified": 1766317205,
+        "lastModified": 1772639853,
-        "narHash": "sha256-PYlMsenwZCG5TrxQSyTraPw8WQwk4FGnbyFdFMuAeYA=",
+        "narHash": "sha256-u8/61CqpmQprdEiVYHnzZe1Ujv98+MRPJdFuAaOmp4c=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "51aa9fe16b0cc0dc4daa7c447843b36923434f2e",
+        "rev": "13dad396520b05691bf1fea1af11f94d3ce4142d",
         "type": "github"
       },
       "original": {
@@ -99,6 +100,27 @@
         "type": "github"
       }
     },
+    "noctalia-qs": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772227064,
+        "narHash": "sha256-f821ZSoGpa/aXrWq0gPpea9qBnX8KDyavGKkptz2Mog=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "rev": "0741d27d2f7db567270f139c5d1684614ecf9863",
+        "type": "github"
+      },
+      "original": {
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "0x29a ecosystem NixOS flake";
+  description = "0x29a NixOS flake";
   
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
@@ -28,8 +28,6 @@
           ./hosts/default/configuration.nix
           home-manager.nixosModules.home-manager
           {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
             home-manager.extraSpecialArgs = { inherit inputs; };
             home-manager.users.aaron.imports = [
               nixvim.homeModules.nixvim
@@ -47,8 +45,6 @@
           ./hosts/neon/configuration.nix
           home-manager.nixosModules.home-manager
           {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
             home-manager.extraSpecialArgs = { inherit inputs; };
             home-manager.users.aaron.imports = [
               nixvim.homeModules.nixvim

hosts/neon/configuration.nix

@@ -1,200 +1,25 @@
-{ pkgs, lib, inputs, ... }:
+{ config, pkgs, inputs, ... }:
 
 {
-  imports =
+  imports = [
-    [ 
+    ../../modules/nixos/audio.nix
-      ./hardware-configuration.nix
+    ../../modules/nixos/bootloader.nix
-    ];
+    ../../modules/nixos/certificates.nix
-
+    ../../modules/nixos/docker.nix
-  # use flakes
+    ../../modules/nixos/gnupg.nix
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+    ../../modules/nixos/locales.nix
-
+    ../../modules/nixos/networking.nix
-  # configure bootloader
+    ../../modules/nixos/niri.nix
-  boot.loader.systemd-boot.enable = true;
+    ../../modules/nixos/noctalia.nix
-  boot.loader.efi.canTouchEfiVariables = true;
+    ../../modules/nixos/openssh.nix
-  
+    ../../modules/nixos/packages.nix
-  # plymouth boot eye candy
+    ../../modules/nixos/sddm.nix
-  boot.initrd.systemd.enable = true;
+    ../../modules/nixos/services.nix
-  boot.kernelParams = [ "quiet" "loglevel=2" ];
+    ../../modules/nixos/settings.nix
-  boot.plymouth.enable = true;
+    ../../modules/nixos/steam.nix
-  boot.plymouth.theme = "spinner";
+    ../../modules/nixos/users.nix
- 
-  # use latest kernel
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  # networking
-  networking.hostName = "neon"; 
-  networking.networkmanager.enable = true;
-
-  # bluetooth
-  hardware.bluetooth.enable = true;
-
-  # time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  # select internationalisation properties
-  i18n.defaultLocale = "en_US.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
-  };
-  console = {
-    font = "Lat2-Terminus16";
-    keyMap = "de_CH-latin1";
-  };
-
-  # set up niri as window manager
-  programs.niri.enable = true;
-  # set up sddm ad display manager
-  services.displayManager.sddm = {
-    enable = true;
-    wayland = {
-      enable = true;
-    };
-    autoNumlock = true;
-    enableHidpi = true;
-    theme = "sddm-astronaut-theme";
-    settings = {
-      Theme = {
-        Current = "sddm-astronaut-theme";
-      };
-    };
-    extraPackages = with pkgs; [
-      sddm-astronaut
-    ];
-  };
-
-  services.tuned.enable = true;
-  services.upower.enable = true;
-
-  environment.pathsToLink = [ "/libexec" ];
-  environment.variables.EDITOR = "vim";
-
-  # enable sound
-  services.pipewire = {
-     enable = true;
-     pulse.enable = true;
-  };
-
-  # define a user account
-  users.users.aaron = {
-    isNormalUser = true;
-    group = "users";
-    extraGroups = [ "wheel" ];
-    shell = pkgs.zsh;
-  };
-
-  # browser
-  programs.firefox.enable = true;
-
-  # zsh config
-  programs.zsh = {
-    enable = true;
-    enableCompletion = true;
-    autosuggestions.enable = true;
-    ohMyZsh = {
-      enable = true;
-      plugins = [ "git" "sudo" ];
-      theme = "gentoo";
-    };
-  };
-
-  # system packages
-  environment.systemPackages = with pkgs; [
-    alacritty
-    btop
-    cowsay
-    dnsutils
-    efibootmgr
-    ethtool
-    file
-    ghostty
-    git
-    gnupg
-    iftop
-    imagemagick
-    imv
-    iotop
-    iperf3
-    jq
-    kdePackages.qtmultimedia
-    kitty
-    ldns
-    lm_sensors
-    lsof
-    ltrace
-    mtr
-    neovim
-    nh
-    nix-output-monitor
-    nmap
-    nvd
-    p7zip
-    pciutils
-    sddm-astronaut
-    socat
-    strace
-    sysstat
-    tree
-    unzip
-    usbutils
-    vim
-    wget
-    which
-    xwayland-satellite
-    xz
-    zip
-    zstd
   ];
 
-  # Some programs need SUID wrappers
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-     enable = true;
-     enableSSHSupport = true;
-  };
-
-  # enable steam on this machine
-  nixpkgs.config.allowUnfree = true;
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = true;
-    dedicatedServer.openFirewall = true;
-    localNetworkGameTransfers.openFirewall = true;
-  };
-
-  # fix black screen in steam on xwayland-satellite
-  programs.steam.package = pkgs.steam.override {
-    extraArgs = "-system-composer";
-  };
-
-  # enable the OpenSSH daemon
-  services.openssh = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  # firewall configs
-  networking.firewall.allowedTCPPorts = [ ];
-  networking.firewall.allowedUDPPorts = [ ];
-
-  # enable home-manager globally
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
-  home-manager.backupFileExtension = "backup";
-
-  # add flake env variable for nh
-  environment.sessionVariables = {
-    NH_FLAKE = "/home/aaron/git/nixconfig";
-  };
-
   # install state version
   system.stateVersion = "25.11"; # Don't change
 }

modules/home-manager/fonts.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # user fonts
+  home.packages = with pkgs; [
+    nerd-fonts._0xproto
+    nerd-fonts.sauce-code-pro
+    powerline-fonts
+    powerline-symbols
+  ];
+}

modules/home-manager/ghostty.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  programs.ghostty = {
+    enable = true;
+    settings = {
+      clipboard-paste-protection = false;
+      clipboard-read = "allow";
+      font-family = "0xProto Nerd Font Mono";
+      font-size = 9;
+      gtk-titlebar = false;
+      scrollback-limit = 10000;
+      shell-integration = "zsh";
+      theme = "noctalia"; # generated by noctalia-shell
+      window-decoration = "auto";
+      window-padding-x = 10;
+      window-padding-y = 10;
+    };
+  };
+}

modules/home-manager/git.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  programs.git = {
+    enable = true;
+    settings = {
+      push = { autoSetupRemote = true; };
+      user = {
+        name  = "aaron";
+        email = "aaron@0x29a.ch";
+      };
+    };
+    signing = {
+      key = "7A830180A05DAC59CDE43B0677D2F5DB48184456";
+      signByDefault = true;
+    };
+  };
+}

modules/home-manager/nixvim.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  programs.nixvim = {
+    globals.mapleader = " ";
+    enable = true;
+    viAlias = false;
+    vimAlias = true;
+    opts = {
+      number = true;
+      relativenumber = true;
+      shiftwidth = 2;
+      tabstop = 2;
+      expandtab = true;
+      incsearch = true;
+    };
+    colorschemes.nord.enable = true;
+    plugins.lualine.enable = true;
+    plugins.nix.enable = true;
+    plugins.nvim-tree.enable = true;
+    plugins.treesitter.enable = true;
+    plugins.telescope.enable = true;
+    plugins.web-devicons.enable = true;
+    plugins.indent-blankline.enable = true;
+  };
+}

modules/home-manager/programs.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # user packages
+  home.packages = with pkgs; [
+    discord
+    fastfetch
+    keepassxc
+    screenfetch
+  ];
+
+  # services and other software
+  services.syncthing.enable = true;
+  programs.home-manager.enable = true;
+}

modules/home-manager/shell.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, inputs, ... }:
+ 
+{
+  programs.zsh = {
+    enable = true;
+    autosuggestion.enable = true;
+    syntaxHighlighting.enable = true;
+    oh-my-zsh = {
+      enable = true;
+      theme = "agnoster";
+      #plugins = [ "git" "ssh-agent" ];
+    };
+  };
+
+  # set important env vars
+  home.sessionVariables = {
+    EDITOR = "vim";
+    NH_FLAKE = "/home/aaron/git/nixconfig";
+  };
+}

modules/home-manager/styling.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # set gtk theme
+  gtk = {
+    enable = true;
+    theme = {
+      name = "Adwaita-dark";
+        package = pkgs.gnome-themes-extra;
+      };
+    gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
+    gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
+  };
+
+  # set qt theme
+  qt = {
+    enable = true;
+    platformTheme.name = "qt6";
+    style = {
+      name = "adwaita-dark";
+      package = pkgs.adwaita-qt;
+    };
+  };
+
+  # ensure packages are installed
+  home.packages = with pkgs; [
+    gnome-themes-extra
+    adwaita-qt
+  ];
+}

modules/home-manager/tmux.nix

@@ -1,44 +1,12 @@
 { config, pkgs, inputs, ... }:
 
 {
-  # user config
-  home.username = "aaron";
-  home.homeDirectory = "/home/aaron";
-
-  # nixvim config
-  programs.nixvim = {
-    globals.mapleader = " ";
-    enable = true;
-    viAlias = false;
-    vimAlias = true;
-    opts = {
-      number = true;
-      relativenumber = true;
-      shiftwidth = 2;
-      tabstop = 2;
-      expandtab = true;
-      incsearch = true;
-    };
-    colorschemes.nord.enable = true;
-    plugins.lualine.enable = true;
-    plugins.nix.enable = true;
-    plugins.nvim-tree.enable = true;
-    plugins.treesitter.enable = true;
-    plugins.telescope.enable = true;
-    plugins.web-devicons.enable = true;
-    plugins.indent-blankline.enable = true;
-  };
-
-  # tmux config
   programs.tmux = {
     enable = true;
-    # Basic options
     prefix = "C-a";
     keyMode = "vi";
     mouse = true;
-    # Terminal settings
     terminal = "screen-256color";
-    # Extra configuration
     extraConfig = ''
       # Status keys
       set -g status-keys vi
@@ -85,67 +53,4 @@
       set -g window-status-separator ""
     '';
   };
-
-  # user packages
-  home.packages = with pkgs; [
-    discord
-    fastfetch
-    keepassxc
-    nerd-fonts.sauce-code-pro
-    powerline-fonts
-    powerline-symbols
-    screenfetch
-  ];
-  
-  # configure git
-  programs.git.settings = {
-    enable = true;
-    userName = "aaron";
-    userEmail = "aaron@0x29a.ch";
-  };
-
-  # configure zsh theme
-  programs.zsh = {
-    enable = true;
-    autosuggestion.enable = true;
-    syntaxHighlighting.enable = true;
-    oh-my-zsh = {
-      enable = true;
-      theme = "agnoster";
-      #plugins = [ "git" "ssh-agent" ];
-    };
-  };
-
-  # set gtk theme
-  gtk = {
-    enable = true;
-    theme = {
-      name = "Adwaita-dark";
-        package = pkgs.gnome-themes-extra;
-      };
-    gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
-    gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
-  };
-
-  # set qt theme
-  qt = {
-    enable = true;
-    platformTheme.name = "qt6";
-    style = {
-      name = "adwaita-dark";
-      package = pkgs.adwaita-qt;
-    };
-  };
-
-  # set env vars
-  home.sessionVariables = {
-    EDITOR = "vim";
-  };
-
-  # enable syncthing for user
-  services.syncthing.enable = true;
-  # enable home manager
-  programs.home-manager.enable = true;
-  # don't change
-  home.stateVersion = "25.11";
 }

modules/nixos/audio.nix

@@ -0,0 +1,9 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable sound through pipewire
+  services.pipewire = {
+     enable = true;
+     pulse.enable = true;
+  };
+}

modules/nixos/bootloader.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # set bootloader to systemd
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  # enable systemd initrd
+  boot.initrd.systemd.enable = true;
+  
+  # plymouth
+  boot.plymouth = {
+    enable = true;
+    theme = "spinner";
+  };
+
+  # kernel options
+  boot.kernelParams = [ "quiet" "acpi.debug_level=0"];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.consoleLogLevel = 2;
+
+  # Add boot-related packages
+  environment.systemPackages = with pkgs; [
+    efibootmgr
+    terminus_font
+  ];
+}

modules/nixos/certificates.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+let
+  caddyRootCA = ''
+    -----BEGIN CERTIFICATE-----
+    MIIBozCCAUmgAwIBAgIQf2N1DGp2HVOoPaGuGDEnwjAKBggqhkjOPQQDAjAwMS4w
+    LAYDVQQDEyVDYWRkeSBMb2NhbCBBdXRob3JpdHkgLSAyMDI1IEVDQyBSb290MB4X
+    DTI1MTEwNjE5NDA1OFoXDTM1MDkxNTE5NDA1OFowMDEuMCwGA1UEAxMlQ2FkZHkg
+    TG9jYWwgQXV0aG9yaXR5IC0gMjAyNSBFQ0MgUm9vdDBZMBMGByqGSM49AgEGCCqG
+    SM49AwEHA0IABGR9mSgKCSjvcv7LvvIcO84Wpf/KtC/aexT5shSKXd1R97kIyMI5
+    SUYz0MzbRZHJ4QMpIeALirOK9Eoy2zht0dKjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
+    BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRHKfIfJrrA2DACFrunVSmdnJHO
+    1zAKBggqhkjOPQQDAgNIADBFAiAoqc0+cHeq/8SQN16CKjVvXpZuMkg7NLDoWYMw
+    KgmzowIhAJlkxzBdVngwnJu8uPrVizTGF6XtmUHdJ0NDeccEqUCr
+    -----END CERTIFICATE-----
+  '';
+in
+{
+  security.pki.certificates = [
+    caddyRootCA # self-signed pki ca for my home-lab
+  ];
+}

modules/nixos/docker.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ...}:
+
+{
+  virtualisation.docker = {
+    enable = true;
+    # Customize Docker daemon settings
+    daemon.settings = {
+      dns = [ "1.1.1.1" "8.8.8.8" ];
+      log-driver = "journald";
+      registry-mirrors = [ "https://mirror.gcr.io" ];
+      storage-driver = "overlay2";
+    };
+    # Use the rootless mode
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+    # Install docker-compose
+    extraPackages = with pkgs; [
+      docker-compose
+    ];
+  };
+}

modules/nixos/gnupg.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable gnupg agent
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryPackage = pkgs.pinentry-curses;
+  };
+
+  environment.systemPackages = with pkgs; [ 
+    gnupg
+    pinentry-curses
+  ];
+}

modules/nixos/locales.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # set the time zone
+  time.timeZone = "Europe/Zurich";
+
+  # set internationalisation properties
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # set console font and keymap
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "de_CH-latin1";
+  };
+}

modules/nixos/networking.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # set hostnname
+  networking.hostName = "neon";
+
+  # user networkmanager
+  networking.networkmanager.enable = true;
+
+  # firewall default configs
+  networking.firewall.allowedTCPPorts = [ ];
+  networking.firewall.allowedUDPPorts = [ ];
+
+  # enable bluetooth
+  hardware.bluetooth.enable = true;
+  
+  # Add network-related packages
+  environment.systemPackages = with pkgs; [
+    wireguard-tools
+    update-systemd-resolved
+  ];
+}

modules/nixos/niri.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # just enable and install niri
+  programs.niri.enable = true;
+
+  # Add compositor-related packages
+  environment.systemPackages = with pkgs; [
+    xwayland-satellite
+  ];
+}

modules/nixos/noctalia.nix

@@ -1,10 +1,8 @@
-{ pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 {
   # install noctalia and helper packages
   environment.systemPackages = with pkgs; [
     inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default
-    #kdePackages.qt6ct
-    #nwg-look
     adw-gtk3
     adwaita-qt
     adwaita-qt6

modules/nixos/openssh.nix

@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable the openssh daemon
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    ports = [ 666 ];
+
+    settings = {
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
+      MaxAuthTries = 5;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      X11Forwarding = false;
+    };
+  };
+}

modules/nixos/packages.nix

@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # system packges
+  environment.systemPackages = with pkgs; [
+    alacritty
+    btop
+    cowsay
+    dnsutils
+    ethtool
+    file
+    fwupd
+    fwupd-efi
+    ghostty
+    git
+    imagemagick
+    imv
+    iperf3
+    jq
+    kdePackages.qtmultimedia
+    kitty
+    ldns
+    lm_sensors
+    lsof
+    ltrace
+    mtr
+    neovim
+    nh
+    nix-output-monitor
+    nmap
+    nvd
+    p7zip
+    pciutils
+    sddm-astronaut
+    socat
+    sof-firmware
+    strace
+    sysstat
+    terminus_font
+    tree
+    unzip
+    usbutils
+    vim
+    wget
+    which
+    xz
+    zip
+    zstd
+  ];
+
+  # browser
+  programs.firefox.enable = true;
+}

modules/nixos/sddm.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable sddm and use astronaut theme
+  services.displayManager.sddm = {
+    enable = true;
+    wayland.enable = true;
+    autoNumlock = true;
+    enableHidpi = true;
+    theme = "sddm-astronaut-theme";
+    settings = {
+      Theme = {
+        Current = "sddm-astronaut-theme";
+      };
+    };
+    extraPackages = with pkgs; [
+      sddm-astronaut
+    ];
+  };
+}

modules/nixos/services.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # list of enabled services on the system
+  services = {
+    tuned.enable = true;
+    upower.enable = true;
+    fwupd.enable = true;
+    tailscale.enable = true;
+  };
+}

modules/nixos/settings.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+
+{
+  nix = {
+    # nix settings
+    settings = {
+      # enable flakes and nix-command
+      experimental-features = [ "nix-command" "flakes" ];
+      # auto-optimize my nix-store
+      auto-optimise-store = true;
+      # use all cores
+      max-jobs = "auto";  
+      # use all available cores per job
+      cores = 0;          
+      # add trusted substituters (binary caches)
+      substituters = [
+        "https://cache.nixos.org"
+        "https://nix-community.cachix.org"
+      ];
+      # add keys
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+    
+    # enable automatic garbage collection
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+  };
+
+  # links /libexec from derivations to /run/current-system/sw
+  environment.pathsToLink = [ "/libexec" ];
+  # set the default editor to vim
+  environment.variables.EDITOR = "vim";
+
+  # enable home-manager globally
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+  home-manager.backupFileExtension = "backup";
+}

modules/nixos/steam.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # allow unfree to install steam
+  nixpkgs.config.allowUnfree = true;
+
+  # enable steam and open firewall
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+    localNetworkGameTransfers.openFirewall = true;
+    # add proton-glorious-eggroll
+    extraCompatPackages = with pkgs; [
+      proton-ge-bin
+    ];
+  };
+
+  # fix black screen in steam when using xwayland-satellite
+  programs.steam.package = pkgs.steam.override {
+    extraArgs = "-system-composer";
+  };
+}

modules/nixos/users.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # create users
+  users.users.aaron = {
+    isNormalUser = true;
+    group = "users";
+    extraGroups = [ "wheel" "networkmanager" "docker" ];
+    shell = pkgs.zsh;
+  };
+
+  # add default zsh config
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    autosuggestions.enable = true;
+    ohMyZsh = {
+      enable = true;
+      plugins = [ "git" "sudo" ];
+      theme = "gentoo";
+    };
+  };
+}

users/aaron/home.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../../modules/home-manager/fonts.nix
+    ../../modules/home-manager/git.nix
+    ../../modules/home-manager/ghostty.nix
+    ../../modules/home-manager/nixvim.nix
+    ../../modules/home-manager/programs.nix
+    ../../modules/home-manager/shell.nix
+    ../../modules/home-manager/styling.nix
+    ../../modules/home-manager/tmux.nix
+  ];
+
+  home = {
+    username = "aaron";
+    homeDirectory = "/home/aaron";
+    stateVersion = "25.11";
+  };
+}