Merge pull request 'add stellarium app' (#54) from feature/stellarium into main

Reviewed-on: #54

INSTALLATION.md

@@ -4,7 +4,6 @@
 - For simplicity I'm using device labels rather than uuids
 
 1. the partitioning layout should look somewhat like this after the installation
-
 ```bash
 NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
 nvme0n1            259:0    0 476.9G  0 disk
@@ -13,25 +12,26 @@ nvme0n1            259:0    0 476.9G  0 disk
   └─cryptroot      254:0    0 474.9G  0 crypt
     ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
     ├─lvmroot-home 254:2    0   250G  0 lvm   /home
-    └─lvmroot-root 254:3    0 204.9G  0 lvm   /nix/store
+    └─lvmroot-root 254:3    0 204.9G  0 lvm   /
-``` 
+```
+
+> Note: `lsblk` may additionally show `/nix/store` as a mountpoint on `lvmroot-root`. This is not a separate partition. NixOS mounts the root device a second time at `/nix/store` with `ro,nosuid,nodev` flags to enforce store immutability at runtime.
 
 2. prepare the installation
-
 ```bash
 # format the boot partition
-mkfs.fat -F 32 /dev/sda1 -n "nixboot"
+mkfs.fat -F 32 /dev/nvme0n1p1 -n "nixboot"
 # create an encrypted partition
-cryptsetup luksFormat -y --label="nixcrypt" /dev/sda2
+cryptsetup luksFormat -y --label="nixcrypt" /dev/nvme0n1p2
 # open the encrypted partition and map it to /dev/mapper/cryptroot
-cryptsetup luksOpen /dev/sda2 cryptroot
+cryptsetup luksOpen /dev/nvme0n1p2 cryptroot
 
 # create the physical volume
 pvcreate /dev/mapper/cryptroot
 # create a volume group inside
 vgcreate lvmroot /dev/mapper/cryptroot
 # create the swap volume
-lvcreate --size 8G lvmroot --name nwap
+lvcreate --size 8G lvmroot --name swap
 # if you desire, create a home volume
 lvcreate --size 150G lvmroot --name home
 # create the root volume
@@ -47,7 +47,7 @@ mkswap -L "nixswap" /dev/mapper/lvmroot-swap
 # mount root
 mount /dev/disk/by-label/nixroot /mnt
 # mount boot
-mount --mkdir /dev/sda1 /mnt/boot
+mount --mkdir /dev/nvme0n1p1 /mnt/boot
 # again, if you did the home volume
 mount --mkdir /dev/disk/by-label/nixhome /mnt/home
 # turn on swap
@@ -55,13 +55,12 @@ swapon /dev/disk/by-label/nixswap
 ```
 
 3. prepare nixos
-
 ```bash
 # generate templates and update the hardware-configuration.nix
-sudo nixos-generate-config --root /mnt
+nixos-generate-config --root /mnt
 
-# add cryptd to the kernelModules
+# add dm-crypt and dm-mod to the kernelModules
-boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
+boot.initrd.kernelModules = [ "dm-crypt" "dm-mod" ];
 
 # add file systems using labels
 fileSystems."/" =
@@ -86,25 +85,20 @@ boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
 ```
 
 4. install nixos
-
 ```bash
-cd /mnt
+nixos-install
-sudo nixos-install
 ```
 
-## how to deploy the inital config
+## how to deploy the initial config
-
 - Don't forget to install the bootloader, if you changed it since `nixos-install`
-
 ```bash
 $ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
 ```
 
 ## how to upgrade the system
-
 ```bash
 $ cd /path/to/repo
-$ sudo nix flake update
+$ nix flake update
 $ sudo nixos-rebuild switch --flake .#host_name
 $ sudo nix-collect-garbage
 ```
@@ -114,7 +108,6 @@ $ sudo nix-collect-garbage
 The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
 
 Basic commands with a set `NH_FLAKE` variable are:
-
 ```bash
 $ nh os switch
 $ nh os build

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769996383,
+        "lastModified": 1778716662,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
+        "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
+        "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
         "type": "github"
       },
       "original": {
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770491427,
+        "lastModified": 1780593650,
-        "narHash": "sha256-8b+0vixdqGnIIcgsPhjdX7EGPdzcVQqYxF+ujjex654=",
+        "narHash": "sha256-CHo7k65YTL3HY+WQVedDTupji+LMgNlKCdrtRHZFAK4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "cbd8a72e5fe6af19d40e2741dc440d9227836860",
+        "rev": "447fd9ff62501dae7206dfe180ee89f8de27b7d5",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1770197578,
+        "lastModified": 1780243769,
-        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
+        "narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
+        "rev": "331800de5053fcebacf6813adb5db9c9dca22a0c",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1770388595,
+        "lastModified": 1780421606,
-        "narHash": "sha256-0NvpmDqFcJAtRFJE3RDZWnN7PDJBZutoDtN+Cl8a3DY=",
+        "narHash": "sha256-ZRAMRXQE1UKBtpnPwwOqV8teaPDD/fdABvUXMjcyhow=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "51abc532525e486176f9a7b24b17908c60017b54",
+        "rev": "b7521616f15ad73c6bec458d64ed7f06f4095edb",
         "type": "github"
       },
       "original": {
@@ -83,14 +83,15 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "noctalia-qs": "noctalia-qs"
       },
       "locked": {
-        "lastModified": 1770543184,
+        "lastModified": 1780371321,
-        "narHash": "sha256-2FFYjurrYjCAT6bpN2Fv63G6vDuWybB91uvqBjJfcWE=",
+        "narHash": "sha256-WCaU6npdMdjZSZHe3XATNDFijmzRnsV8V+iR80e5deg=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "bf1a0f76bb5ca48991d51130022af6bead64d153",
+        "rev": "3aab45a2f34fd47666b05892b95054952e788de1",
         "type": "github"
       },
       "original": {
@@ -99,6 +100,29 @@
         "type": "github"
       }
     },
+    "noctalia-qs": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "nixpkgs"
+        ],
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1780194487,
+        "narHash": "sha256-M+YtjKCTkHrkplNaKVyaxfa8hAWjRF6wFOUBAZvxQ4U=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "rev": "07398e12b54f194e3a2d47c87e3fd10b8eeaa27d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
@@ -109,18 +133,56 @@
     },
     "systems": {
       "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1774449309,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-brhZ8DmuGtzkCYHJg4HEd602amKm89Y9ytsFZ5uWD1w=",
         "owner": "nix-systems",
         "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "c29398b59d2048c4ab79345812849c9bd15e9150",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
+        "ref": "future-26.11",
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "noctalia-qs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775636079,
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,6 +1,6 @@
 {
   description = "0x29a NixOS flake";
-  
+
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     home-manager = {
@@ -16,43 +16,30 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
-  
-  outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs: {
-    nixosConfigurations = {
 
-      default = nixpkgs.lib.nixosSystem {
+  outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs:
-        system = "x86_64-linux";
+  let
-        specialArgs = { inherit inputs; };
+    mkHost = hostName: nixpkgs.lib.nixosSystem {
-        modules = [
+      system = "x86_64-linux";
-          ./hosts/default/hardware-configuration.nix
+      specialArgs = { inherit inputs; };
-          ./hosts/default/configuration.nix
+      modules = [
-          home-manager.nixosModules.home-manager
+        ./hosts/${hostName}/hardware-configuration.nix
-          {
+        ./hosts/${hostName}/configuration.nix
-            home-manager.extraSpecialArgs = { inherit inputs; };
+        home-manager.nixosModules.home-manager
-            home-manager.users.aaron.imports = [
+        {
-              nixvim.homeModules.nixvim
+          home-manager.extraSpecialArgs = { inherit inputs; };
-              ./users/aaron/home.nix
+          home-manager.users.aaron.imports = [
-            ];
+            nixvim.homeModules.nixvim
-          }
+            ./users/aaron/home.nix
-        ];
+          ];
-      };
+        }
-      
+      ];
-      neon = nixpkgs.lib.nixosSystem {
+    };
-        system = "x86_64-linux";
+  in {
-        specialArgs = { inherit inputs; };
+    nixosConfigurations = {
-        modules = [
+      default = mkHost "default";
-          ./hosts/neon/hardware-configuration.nix
+      neon    = mkHost "neon";
-          ./hosts/neon/configuration.nix
+      argon   = mkHost "argon";
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.extraSpecialArgs = { inherit inputs; };
-            home-manager.users.aaron.imports = [
-              nixvim.homeModules.nixvim
-              ./users/aaron/home.nix
-            ];
-          }
-        ];
-      };
     };
   };
 }

hosts/argon/configuration.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    ../../modules/nixos/audio.nix
+    ../../modules/nixos/bootloader.nix
+    ../../modules/nixos/calibre.nix
+    ../../modules/nixos/claudecode.nix
+    ../../modules/nixos/certificates.nix
+    ../../modules/nixos/drives.nix
+    ../../modules/nixos/gnupg.nix
+    ../../modules/nixos/gnuradio.nix
+    ../../modules/nixos/graphics.nix
+    ../../modules/nixos/greetd.nix
+    ../../modules/nixos/locales.nix
+    ../../modules/nixos/networking.nix
+    ../../modules/nixos/niri.nix
+    ../../modules/nixos/noctalia.nix
+    ../../modules/nixos/openssh.nix
+    ../../modules/nixos/packages.nix
+    ../../modules/nixos/protonvpn.nix
+    ../../modules/nixos/services.nix
+    ../../modules/nixos/settings.nix
+    ../../modules/nixos/stellarium.nix
+    ../../modules/nixos/thunar.nix
+    ../../modules/nixos/steam.nix
+    ../../modules/nixos/users.nix
+  ];
+
+  # set hostname
+  networking.hostName = "argon";
+
+  # install state version
+  system.stateVersion = "25.11"; # Don't change
+}
+

hosts/argon/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-crypt dm-mod" ];
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/mapper/lvmroot-root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC1C-20EB";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/mapper/lvmroot-home";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/mapper/lvmroot-swap"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/default/configuration.nix

@@ -3,11 +3,6 @@
 { pkgs, lib, ... }:
 
 {
-  imports =
-    [ 
-      ./hardware-configuration.nix
-    ];
-
   # use flakes
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 

hosts/neon/configuration.nix

@@ -5,6 +5,7 @@
     ../../modules/nixos/audio.nix
     ../../modules/nixos/bootloader.nix
     ../../modules/nixos/certificates.nix
+    ../../modules/nixos/docker.nix
     ../../modules/nixos/gnupg.nix
     ../../modules/nixos/locales.nix
     ../../modules/nixos/networking.nix
@@ -12,13 +13,18 @@
     ../../modules/nixos/noctalia.nix
     ../../modules/nixos/openssh.nix
     ../../modules/nixos/packages.nix
+    ../../modules/nixos/protonvpn.nix
     ../../modules/nixos/sddm.nix
     ../../modules/nixos/services.nix
     ../../modules/nixos/settings.nix
+    ../../modules/nixos/stellarium.nix
     ../../modules/nixos/steam.nix
     ../../modules/nixos/users.nix
   ];
 
+  # set hostname
+  networking.hostName = "neon";
+
   # install state version
   system.stateVersion = "25.11"; # Don't change
 }

modules/home-manager/ghostty.nix

@@ -7,10 +7,11 @@
       clipboard-paste-protection = false;
       clipboard-read = "allow";
       font-family = "0xProto Nerd Font Mono";
-      font-size = 9;
+      font-size = 12;
       gtk-titlebar = false;
-      scrollback-limit = 10000;
+      scrollback-limit = 100000;
       shell-integration = "zsh";
+      shell-integration-features = "ssh-env,ssh-terminfo";
       theme = "noctalia"; # generated by noctalia-shell
       window-decoration = "auto";
       window-padding-x = 10;

modules/home-manager/nixvim.nix

@@ -2,10 +2,13 @@
 
 {
   programs.nixvim = {
-    globals.mapleader = " ";
     enable = true;
-    viAlias = false;
+
+    # set aliases
+    viAlias = true;
     vimAlias = true;
+
+    # default vim options
     opts = {
       number = true;
       relativenumber = true;
@@ -14,13 +17,81 @@
       expandtab = true;
       incsearch = true;
     };
+
+    # nvim mapleader for all command below
+    globals.mapleader = " ";
+    # set colorscheme to nord
     colorschemes.nord.enable = true;
+
+    # nvim plugins
+    plugins.indent-blankline.enable = true;
     plugins.lualine.enable = true;
     plugins.nix.enable = true;
     plugins.nvim-tree.enable = true;
-    plugins.treesitter.enable = true;
-    plugins.telescope.enable = true;
     plugins.web-devicons.enable = true;
-    plugins.indent-blankline.enable = true;
+    plugins.telescope = {
+      enable = true;
+      keymaps = {
+        "<leader>ff" = "find_files";
+        "<leader>fg" = "live_grep";
+        "<leader>fb" = "buffers";
+        "<leader>fh" = "help_tags";
+      };
+    };
+    plugins.lsp = {
+      enable = true;
+      servers.tinymist = {
+        enable = true;
+        settings = {
+          formatterMode = "typstyle";
+          exportPdf = "onSave";
+          semanticTokens = "disable"; # treesitter handles highlighting better
+        };
+      };
+      servers.pyright.enable = true;
+      servers.ruff.enable = true;
+      keymaps.lspBuf = {
+        "<leader>K"  = "hover";
+        "<leader>gd" = "definition";
+        "<leader>gr" = "references";
+        "<leader>f" = "format";
+        "<leader>rn" = "rename";
+        "<leader>ca" = "code_action";
+      };
+    };
+    plugins.treesitter = {
+      enable = true;
+      settings.ensure_installed = [ "markdown" "markdown_inline" "typst" ];
+    };
+    plugins.typst-preview = {
+      enable = true;
+      settings = {
+        open_cmd = "firefox %s";
+        dependencies_bin = {
+          tinymist = "tinymist";
+          websocat = null;
+        };
+      };
+    };
+    plugins.typst-vim = {
+      enable = true;
+      settings.pdf_viewer = "zathura";
+    };
+    plugins.render-markdown = {
+      enable = true;
+      settings = {
+        # render in normal mode, raw source in insert
+        render_modes = [ "n" "c" "t"];
+        pipe_table.preset = "round";
+        heading.width = "block";
+        file_types = [ "markdown" ];
+        completions.lsp.enabled = true;
+      };
+    };
   };
+
+  # install dependencies
+  home.packages = with pkgs; [
+    ripgrep
+  ];
 }

modules/home-manager/programs.nix

@@ -3,13 +3,23 @@
 {
   # user packages
   home.packages = with pkgs; [
+    devenv
     discord
     fastfetch
     keepassxc
-    screenfetch
+    teamspeak6-client
+    typst
+    zathura
   ];
 
   # services and other software
   services.syncthing.enable = true;
   programs.home-manager.enable = true;
+
+  # browsers
+  programs.chromium.enable = true;
+  programs.firefox = {
+    enable = true;
+    configPath = "${config.xdg.configHome}/mozilla/firefox";
+  };
 }

modules/home-manager/shell.nix

@@ -1,14 +1,27 @@
-{ config, pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, ... }:
- 
+
 {
+  # configure z-shell to use omz with some plugins
   programs.zsh = {
     enable = true;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     oh-my-zsh = {
       enable = true;
-      theme = "agnoster";
+      # add git and agents as plugins
-      #plugins = [ "git" "ssh-agent" ];
+      plugins = [ "git" "ssh-agent" "gpg-agent" ];
+      # everything here lands before `source $ZSH/oh-my-zsh.sh`
+      extraConfig = ''
+        # make omz faster on large repositories
+        DISABLE_UNTRACKED_FILES_DIRTY=true
+
+        # only display a fancy theme when glyphs are rendered
+        if [[ "$TERM" == "linux" || "$TERM" == "screen" ]]; then
+          ZSH_THEME="gentoo"
+        else
+          ZSH_THEME="agnoster"
+        fi
+      '';
     };
   };
 

modules/home-manager/styling.nix

@@ -9,6 +9,7 @@
         package = pkgs.gnome-themes-extra;
       };
     gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
+    gtk4.theme = null;
     gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
   };
 

modules/home-manager/tmux.nix

@@ -40,12 +40,17 @@
       bind J resize-pane -D 5
       bind K resize-pane -U 5
       bind L resize-pane -R 5
+      # Wayland clipboard integration
+      # Copy selection to both clipboard (Ctrl+V / Shift+Insert) and primary (middle-click)
+      bind -T copy-mode-vi y send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
+      bind -T copy-mode-vi Enter send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
+      bind -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
       # Kill commands
       bind q kill-window
       bind Q kill-session
       # Bars
-      set -g status-left "#[fg=black,bg=blue,bold] #S#[fg=blue,bg=black,nobold,noitalics,nounderscore]"
+      set -g status-left-length 24
-      set -g status-left "#[fg=black,bg=blue,bold] #S #[fg=blue,bg=black,nobold,noitalics,nounderscore]"
+      set -g status-left "#[fg=black,bg=blue,bold] #{=20:session_name} #[fg=blue,bg=black,nobold,noitalics,nounderscore]"
       set -g status-right "#{prefix_highlight}#[fg=brightblack,bg=black,nobold,noitalics,nounderscore]#[fg=white,bg=brightblack] %Y-%m-%d #[fg=white,bg=brightblack,nobold,noitalics,nounderscore]#[fg=white,bg=brightblack] %H:%M #[fg=cyan,bg=brightblack,nobold,noitalics,nounderscore]#[fg=black,bg=cyan,bold] #H "
       # Windows
       set -g window-status-format "#[fg=black,bg=brightblack,nobold,noitalics,nounderscore] #[fg=white,bg=brightblack]#I #[fg=white,bg=brightblack,nobold,noitalics,nounderscore] #[fg=white,bg=brightblack]#W #F #[fg=brightblack,bg=black,nobold,noitalics,nounderscore]"

modules/nixos/calibre.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # install calibre for ebook management and kobo syncing
+  environment.systemPackages = with pkgs; [
+    calibre
+  ];
+}

modules/nixos/claudecode.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    claude-code
+  ];
+}

modules/nixos/docker.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # add docker group to user
+  users.users.aaron.extraGroups = [ "docker" ];
+
+  virtualisation.docker = {
+    enable = true;
+    # Customize Docker daemon settings
+    daemon.settings = {
+      dns = [ "1.1.1.1" "8.8.8.8" ];
+      log-driver = "journald";
+      registry-mirrors = [ "https://mirror.gcr.io" ];
+      storage-driver = "overlay2";
+    };
+    # Use the rootless mode
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+    # Install docker-compose
+    extraPackages = with pkgs; [
+      docker-compose
+    ];
+  };
+}

modules/nixos/drives.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+# Add encrypted drives to argon
+
+{
+  # copy keyfiles into initrd to make them available during early boot
+  boot.initrd.secrets = {
+    "/etc/nixos/keys/data1.key" = "/etc/nixos/keys/data1.key";
+    "/etc/nixos/keys/data2.key" = "/etc/nixos/keys/data2.key";
+    "/etc/nixos/keys/nvmecache.key" = "/etc/nixos/keys/nvmecache.key";
+  };
+
+  # decrypt data drives with keyfiles for argon
+  boot.initrd.luks.devices = {
+    "data1" = {
+      device = "/dev/disk/by-uuid/dfae62cc-bad1-4879-bf9a-461bde833625";
+      keyFile = "/etc/nixos/keys/data1.key";
+    };
+    "data2" = {
+      device = "/dev/disk/by-uuid/8312edae-9247-481b-a313-52a7f848f027";
+      keyFile = "/etc/nixos/keys/data2.key";
+    };
+    "nvmecache" = {
+      device = "/dev/disk/by-uuid/2352250e-4ebe-4f9a-bf66-0d4aaa961bd8";
+      keyFile = "/etc/nixos/keys/nvmecache.key";
+    };
+  };
+
+  # mount decrypted filesystems
+  fileSystems."/mnt/data1" = {
+    device = "/dev/mapper/data1";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/data2" = {
+    device = "/dev/mapper/data2";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/nvmecache" = {
+    device = "/dev/mapper/nvmecache";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+}

modules/nixos/gnuradio.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # install gnuradio companion along with it's osmocom library
+  environment.systemPackages = with pkgs; [
+    (gnuradio.override {
+      extraPackages = with gnuradio.pkgs; [ osmosdr ];
+    })
+    gqrx
+    hackrf
+  ];
+}

modules/nixos/graphics.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable amd GPU acceleration (mesa, vulkan, egl)
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # install amdgpu_top
+  environment.systemPackages = with pkgs; [
+    amdgpu_top
+  ];
+  
+  # add amdgpu to the initrd for plymouth
+  hardware.amdgpu.initrd.enable = true;
+}

modules/nixos/greetd.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # greetd display manager with tuigreet
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
+        user = "greeter";
+      };
+    };
+  };
+}

modules/nixos/locales.nix

@@ -4,18 +4,18 @@
   # set the time zone
   time.timeZone = "Europe/Zurich";
 
-  # set internationalisation properties
+  # keep system language in english, but use swiss locale for formatting
   i18n.defaultLocale = "en_US.UTF-8";
   i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
+    LC_ADDRESS = "de_CH.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_IDENTIFICATION = "de_CH.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MEASUREMENT = "de_CH.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
+    LC_MONETARY = "de_CH.UTF-8";
-    LC_NAME = "en_US.UTF-8";
+    LC_NAME = "de_CH.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
+    LC_NUMERIC = "de_CH.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
+    LC_PAPER = "de_CH.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TELEPHONE = "de_CH.UTF-8";
-    LC_TIME = "en_US.UTF-8";
+    LC_TIME = "de_CH.UTF-8";
   };
 
   # set console font and keymap

modules/nixos/networking.nix

@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  # set hostnname
-  networking.hostName = "neon";
-
   # user networkmanager
   networking.networkmanager.enable = true;
 
@@ -11,6 +8,9 @@
   networking.firewall.allowedTCPPorts = [ ];
   networking.firewall.allowedUDPPorts = [ ];
 
+  # enable wifi firmware
+  hardware.enableAllFirmware = true;
+
   # enable bluetooth
   hardware.bluetooth.enable = true;
   

modules/nixos/openssh.nix

@@ -5,5 +5,15 @@
   services.openssh = {
     enable = true;
     openFirewall = true;
+    ports = [ 666 ];
+
+    settings = {
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
+      MaxAuthTries = 5;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      X11Forwarding = false;
+    };
   };
 }

modules/nixos/packages.nix

@@ -1,24 +1,19 @@
 { config, lib, pkgs, ... }:
 
 {
-  # system packges
+  # system packages
   environment.systemPackages = with pkgs; [
-    alacritty
     btop
     cowsay
     dnsutils
     ethtool
     file
-    fwupd
-    fwupd-efi
-    ghostty
     git
     imagemagick
     imv
     iperf3
     jq
     kdePackages.qtmultimedia
-    kitty
     ldns
     lm_sensors
     lsof
@@ -31,23 +26,19 @@
     nvd
     p7zip
     pciutils
-    sddm-astronaut
     socat
     sof-firmware
     strace
     sysstat
-    terminus_font
     tree
     unzip
     usbutils
     vim
+    wl-clipboard
     wget
     which
     xz
     zip
     zstd
   ];
-
-  # browser
-  programs.firefox.enable = true;
 }

modules/nixos/protonvpn.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # protonvpn uses wireguard tunnels, which break strict reverse path filtering
+  # because packets arrive on the tunnel interface but may be routed back differently.
+  # "loose" checks that the source is routable through *any* interface (not necessarily
+  # the same one), which is sufficient for wireguard while still preventing IP spoofing.
+  networking.firewall.checkReversePath = "loose";
+
+  environment.systemPackages = with pkgs; [
+    proton-vpn
+  ];
+}

modules/nixos/sddm.nix

@@ -17,4 +17,9 @@
       sddm-astronaut
     ];
   };
+
+  # Make the theme available in the system path so sddm can find it
+  environment.systemPackages = with pkgs; [
+    sddm-astronaut
+  ];
 }

modules/nixos/settings.nix

@@ -31,14 +31,18 @@
       options = "--delete-older-than 7d";
     };
   };
+  
+  # add trusted users (able to modify the nix store)
+  nix.settings.trusted-users = [ "root" "@wheel" ];
+
+  # allow unfree packages (steam, protonvpn, discord, etc.)
+  nixpkgs.config.allowUnfree = true;
 
   # links /libexec from derivations to /run/current-system/sw
   environment.pathsToLink = [ "/libexec" ];
-  # set the default editor to vim
-  environment.variables.EDITOR = "vim";
 
   # enable home-manager globally
   home-manager.useGlobalPkgs = true;
   home-manager.useUserPackages = true;
-  home-manager.backupFileExtension = "backup";
+  home-manager.backupCommand = "mv -f {file} {file}.hm-bak-$(date +%Y%m%d%H%M%S)";
 }

modules/nixos/steam.nix

@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  # allow unfree to install steam
-  nixpkgs.config.allowUnfree = true;
-
   # enable steam and open firewall
   programs.steam = {
     enable = true;

modules/nixos/stellarium.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # install stellarium for stargazing and sky simulation
+  environment.systemPackages = with pkgs; [
+    stellarium
+  ];
+}

modules/nixos/thunar.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Enable Thunar
+  programs.thunar.enable = true;
+
+  # Install Tumbler thumbnailer service
+  environment.systemPackages = with pkgs; [
+    tumbler
+  ];
+
+  # Ensure Thunar can locate the thumbnailer extensions
+  environment.pathsToLink = [ "share/thumbnailers" ];
+}

modules/nixos/users.nix

@@ -5,7 +5,7 @@
   users.users.aaron = {
     isNormalUser = true;
     group = "users";
-    extraGroups = [ "wheel" "networkmanager" ];
+    extraGroups = [ "wheel" "networkmanager" "dialout" ];
     shell = pkgs.zsh;
   };
 
@@ -14,10 +14,5 @@
     enable = true;
     enableCompletion = true;
     autosuggestions.enable = true;
-    ohMyZsh = {
-      enable = true;
-      plugins = [ "git" "sudo" ];
-      theme = "gentoo";
-    };
   };
 }