feature(zsh): only display a theme with glyphs if the terminal is able to render them

Reviewed-on: #26

INSTALLATION.md

@@ -0,0 +1,118 @@
+# basic system installation
+
+- The installations presented in this repository are always luks encrypted
+- For simplicity I'm using device labels rather than uuids
+
+1. the partitioning layout should look somewhat like this after the installation
+```bash
+NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+nvme0n1            259:0    0 476.9G  0 disk
+├─nvme0n1p1        259:1    0     2G  0 part  /boot
+└─nvme0n1p2        259:2    0 474.9G  0 part
+  └─cryptroot      254:0    0 474.9G  0 crypt
+    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+    └─lvmroot-root 254:3    0 204.9G  0 lvm   /
+```
+
+> Note: `lsblk` may additionally show `/nix/store` as a mountpoint on `lvmroot-root`. This is not a separate partition. NixOS mounts the root device a second time at `/nix/store` with `ro,nosuid,nodev` flags to enforce store immutability at runtime.
+
+2. prepare the installation
+```bash
+# format the boot partition
+mkfs.fat -F 32 /dev/nvme0n1p1 -n "nixboot"
+# create an encrypted partition
+cryptsetup luksFormat -y --label="nixcrypt" /dev/nvme0n1p2
+# open the encrypted partition and map it to /dev/mapper/cryptroot
+cryptsetup luksOpen /dev/nvme0n1p2 cryptroot
+
+# create the physical volume
+pvcreate /dev/mapper/cryptroot
+# create a volume group inside
+vgcreate lvmroot /dev/mapper/cryptroot
+# create the swap volume
+lvcreate --size 8G lvmroot --name swap
+# if you desire, create a home volume
+lvcreate --size 150G lvmroot --name home
+# create the root volume
+lvcreate -l 100%FREE lvmroot --name root
+
+# format as usual for root partition
+mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
+# if you previously made the home partition, do it too
+mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
+# format the swap partition
+mkswap -L "nixswap" /dev/mapper/lvmroot-swap
+
+# mount root
+mount /dev/disk/by-label/nixroot /mnt
+# mount boot
+mount --mkdir /dev/nvme0n1p1 /mnt/boot
+# again, if you did the home volume
+mount --mkdir /dev/disk/by-label/nixhome /mnt/home
+# turn on swap
+swapon /dev/disk/by-label/nixswap
+```
+
+3. prepare nixos
+```bash
+# generate templates and update the hardware-configuration.nix
+nixos-generate-config --root /mnt
+
+# add dm-crypt and dm-mod to the kernelModules
+boot.initrd.kernelModules = [ "dm-crypt" "dm-mod" ];
+
+# add file systems using labels
+fileSystems."/" =
+  { device = "/dev/disk/by-label/nixroot";
+    fsType = "ext4";
+  };
+fileSystems."/boot" =
+  { device = "/dev/disk/by-label/nixboot";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+fileSystems."/home" =
+  { device = "/dev/disk/by-label/nixhome";
+    fsType = "ext4";
+  };
+swapDevices =
+  [ { device = "/dev/disk/by-label/nixswap"; }
+  ];
+
+# point the bootloader to the luks device
+boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+```
+
+4. install nixos
+```bash
+nixos-install
+```
+
+## how to deploy the initial config
+- Don't forget to install the bootloader, if you changed it since `nixos-install`
+```bash
+$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
+```
+
+## how to upgrade the system
+```bash
+$ cd /path/to/repo
+$ nix flake update
+$ sudo nixos-rebuild switch --flake .#host_name
+$ sudo nix-collect-garbage
+```
+
+## how to use nix-helper
+
+The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
+
+Basic commands with a set `NH_FLAKE` variable are:
+```bash
+$ nh os switch
+$ nh os build
+$ nh os test
+$ nh clean all --keep 5
+```
+
+There is also the option to interface with home-manager by using `nh home switch` but this isn't necessary since home-manager is imported as a module in this config.

README.md

@@ -1,133 +1,30 @@
-# 0x29a nixos config
+# NixOS config
 
-My personal nixos configuration files for different environments.
+My personal NixOS configurations.
 
-## basic system installation
+## config structure
-
-- The installations presented in this repository are always luks encrypted
-- For simplicity I'm using device labels rather than uuids
-
-1. the partitioning layout should look somewhat like this after the installation
 
 ```bash
-NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+.
-nvme0n1            259:0    0 476.9G  0 disk
+├── flake.lock
-├─nvme0n1p1        259:1    0     2G  0 part  /boot
+├── flake.nix # flake definition
-└─nvme0n1p2        259:2    0 474.9G  0 part
+├── hosts
-  └─cryptroot      254:0    0 474.9G  0 crypt
+│   └── neon
-    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+│       ├── configuration.nix # import nix-modules for specific host
-    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+│       └── hardware-configuration.nix # hardware configs for specific host
-    └─lvmroot-root 254:3    0 204.9G  0 lvm   /nix/store
+├── modules
-``` 
+│   ├── home-manager
-
+│   │   ├── xyz_module.nix
-2. prepare the installation
+│   └── nixos
-
+│       └── xyz_module.nix
-```bash
+└── users
-# format the boot partition
+    └── aaron
-mkfs.fat -F 32 /dev/sda1 -n "nixboot"
+        └── home.nix # import home-manager modules for specific user
-# create an encrypted partition
-cryptsetup luksFormat -y --label="nixcrypt" /dev/sda2
-# open the encrypted partition and map it to /dev/mapper/cryptroot
-cryptsetup luksOpen /dev/sda2 cryptroot
-
-# create the physical volume
-pvcreate /dev/mapper/cryptroot
-# create a volume group inside
-vgcreate lvmroot /dev/mapper/cryptroot
-# create the swap volume
-lvcreate --size 8G lvmroot --name nwap
-# if you desire, create a home volume
-lvcreate --size 150G lvmroot --name home
-# create the root volume
-lvcreate -l 100%FREE lvmroot --name root
-
-# format as usual for root partition
-mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
-# if you previously made the home partition, do it too
-mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
-# format the swap partition
-mkswap -L "nixswap" /dev/mapper/lvmroot-swap
-
-# mount root
-mount /dev/disk/by-label/nixroot /mnt
-# mount boot
-mount --mkdir /dev/sda1 /mnt/boot
-# again, if you did the home volume
-mount --mkdir /dev/disk/by-label/nixhome /mnt/home
-# turn on swap
-swapon /dev/disk/by-label/nixswap
 ```
 
-3. prepare nixos
+## installation
 
-
+For more details about the installation procedure see: [INSTALLATION.md](INSTALLATION.md)
-```bash
-# generate templates and update the hardware-configuration.nix
-sudo nixos-generate-config --root /mnt
-
-# add cryptd to the kernelModules
-boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
-
-# add file systems using labels
-fileSystems."/" =
-  { device = "/dev/disk/by-label/nixroot";
-    fsType = "ext4";
-  };
-fileSystems."/boot" =
-  { device = "/dev/disk/by-label/nixboot";
-    fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
-  };
-fileSystems."/home" =
-  { device = "/dev/disk/by-label/nixhome";
-    fsType = "ext4";
-  };
-swapDevices =
-  [ { device = "/dev/disk/by-label/nixswap"; }
-  ];
-
-# point the bootloader to the luks device
-boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
-```
-
-4. install nixos
-
-```bash
-cd /mnt
-sudo nixos-install
-```
-
-## how to deploy the inital config
-
-- Don't forget to install the bootloader, if you changed it since `nixos-install`
-
-```bash
-$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
-```
-
-## how to upgrade the system
-
-```bash
-$ cd /path/to/repo
-$ sudo nix flake update
-$ sudo nixos-rebuild switch --flake .#host_name
-$ sudo nix-collect-garbage
-```
-
-## how to use nix-helper
-
-The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
-
-Basic commands with a set `NH_FLAKE` variable are:
-
-```bash
-$ nh os switch
-$ nh os build
-$ nh os test
-$ nh clean all --keep 5
-```
-
-There is also the option to interface with home-manager by using `nh home switch`but this isn't necessary since home-manager is imported as a module in this config.
 
 ## author
 

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765835352,
+        "lastModified": 1769996383,
-        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767907949,
+        "lastModified": 1772807318,
-        "narHash": "sha256-ihO/8Dx1sz0XbXSg0bHp8+9sEB3G/StAzyrB6GPqDd4=",
+        "narHash": "sha256-Qjw6ILt8cb2HQQpCmWNLMZZ63wEo1KjTQt+1BcQBr7k=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b1b1c68033840553f47f49e994b27a7d5dafa5e1",
+        "rev": "daa2c221320809f5514edde74d0ad0193ad54ed8",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1767767207,
+        "lastModified": 1772624091,
-        "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
+        "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
+        "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1767906546,
+        "lastModified": 1772402258,
-        "narHash": "sha256-AoSWS8+P+7hQ/jIdv0wBjgH1MvnerdWBFXO4GV3JoQs=",
+        "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "7eb8f36f085b85a2aeff929aff52d0f6aa14e000",
+        "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10",
         "type": "github"
       },
       "original": {
@@ -83,14 +83,15 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "noctalia-qs": "noctalia-qs"
       },
       "locked": {
-        "lastModified": 1767907466,
+        "lastModified": 1772821410,
-        "narHash": "sha256-uUAG4C5VOfqiuIpXELxKaAnoZO30n77oGexuPrlUM74=",
+        "narHash": "sha256-KE3cnl3eKdfoPwo5aTWmb9j2ROPcdaxWCZ9wSt2VDLc=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "9fc7a597eb905b5d83235f71a4269c1d938634c3",
+        "rev": "c685b70f10bc59180e515ccad86a80a671ce80a0",
         "type": "github"
       },
       "original": {
@@ -99,6 +100,27 @@
         "type": "github"
       }
     },
+    "noctalia-qs": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772673824,
+        "narHash": "sha256-TLHXPoELZA6VeuzC1Zpx+MnSsYzrJs+DSieMgfjAOJc=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "rev": "f8531192cd09b9ea2e78d18e9cfc9d3dba498690",
+        "type": "github"
+      },
+      "original": {
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",

flake.nix

@@ -53,6 +53,23 @@
           }
         ];
       };
+
+      argon = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/argon/hardware-configuration.nix
+          ./hosts/argon/configuration.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.extraSpecialArgs = { inherit inputs; };
+            home-manager.users.aaron.imports = [
+              nixvim.homeModules.nixvim
+              ./users/aaron/home.nix
+            ];
+          }
+        ];
+      };
     };
   };
 }

hosts/argon/configuration.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    ../../modules/nixos/audio.nix
+    ../../modules/nixos/bootloader.nix
+    ../../modules/nixos/certificates.nix
+    ../../modules/nixos/drives.nix
+    ../../modules/nixos/gnupg.nix
+    ../../modules/nixos/graphics.nix
+    ../../modules/nixos/greetd.nix
+    ../../modules/nixos/locales.nix
+    ../../modules/nixos/networking.nix
+    ../../modules/nixos/niri.nix
+    ../../modules/nixos/noctalia.nix
+    ../../modules/nixos/openssh.nix
+    ../../modules/nixos/packages.nix
+    ../../modules/nixos/protonvpn.nix
+    ../../modules/nixos/services.nix
+    ../../modules/nixos/settings.nix
+    ../../modules/nixos/steam.nix
+    ../../modules/nixos/users.nix
+  ];
+
+  # set hostname
+  networking.hostName = "argon";
+
+  # install state version
+  system.stateVersion = "25.11"; # Don't change
+}
+

hosts/argon/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-crypt dm-mod" ];
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/mapper/lvmroot-root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC1C-20EB";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/mapper/lvmroot-home";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/mapper/lvmroot-swap"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/neon/configuration.nix

@@ -4,6 +4,8 @@
   imports = [
     ../../modules/nixos/audio.nix
     ../../modules/nixos/bootloader.nix
+    ../../modules/nixos/certificates.nix
+    ../../modules/nixos/docker.nix
     ../../modules/nixos/gnupg.nix
     ../../modules/nixos/locales.nix
     ../../modules/nixos/networking.nix
@@ -18,6 +20,9 @@
     ../../modules/nixos/users.nix
   ];
 
+  # set hostname
+  networking.hostName = "neon";
+
   # install state version
   system.stateVersion = "25.11"; # Don't change
 }

modules/home-manager/fonts.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # user fonts
+  home.packages = with pkgs; [
+    nerd-fonts._0xproto
+    nerd-fonts.sauce-code-pro
+    powerline-fonts
+    powerline-symbols
+  ];
+}

modules/home-manager/ghostty.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  programs.ghostty = {
+    enable = true;
+    settings = {
+      clipboard-paste-protection = false;
+      clipboard-read = "allow";
+      font-family = "0xProto Nerd Font Mono";
+      font-size = 12;
+      gtk-titlebar = false;
+      scrollback-limit = 100000;
+      shell-integration = "zsh";
+      theme = "noctalia"; # generated by noctalia-shell
+      window-decoration = "auto";
+      window-padding-x = 10;
+      window-padding-y = 10;
+    };
+  };
+}

modules/home-manager/programs.nix

@@ -6,9 +6,6 @@
     discord
     fastfetch
     keepassxc
-    nerd-fonts.sauce-code-pro
-    powerline-fonts
-    powerline-symbols
     screenfetch
   ];
 

modules/home-manager/shell.nix

@@ -1,15 +1,25 @@
 { config, pkgs, inputs, ... }:
  
 {
+  # configure z-shell to use omz with some plugins
   programs.zsh = {
     enable = true;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     oh-my-zsh = {
       enable = true;
-      theme = "agnoster";
+      # theme will be set below
-      #plugins = [ "git" "ssh-agent" ];
+      theme = "";
+      plugins = [ "git" "ssh-agent" "gpg-agent" ];
     };
+    # only display a fancy theme when glyphs are rendered
+    initExtraBeforeCompInit = ''
+      if [[ "$TERM" == "linux" || "$TERM" == "screen" ]]; then
+        ZSH_THEME="gentoo"
+      else
+        ZSH_THEME="agnoster"
+      fi
+    '';
   };
 
   # set important env vars

modules/nixos/bootloader.nix

@@ -17,11 +17,13 @@
   };
 
   # kernel options
-  boot.kernelParams = [ "quiet" "loglevel=2" ];
+  boot.kernelParams = [ "quiet" "acpi.debug_level=0"];
   boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.consoleLogLevel = 2;
 
   # Add boot-related packages
   environment.systemPackages = with pkgs; [
     efibootmgr
+    terminus_font
   ];
 }

modules/nixos/certificates.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+let
+  caddyRootCA = ''
+    -----BEGIN CERTIFICATE-----
+    MIIBozCCAUmgAwIBAgIQf2N1DGp2HVOoPaGuGDEnwjAKBggqhkjOPQQDAjAwMS4w
+    LAYDVQQDEyVDYWRkeSBMb2NhbCBBdXRob3JpdHkgLSAyMDI1IEVDQyBSb290MB4X
+    DTI1MTEwNjE5NDA1OFoXDTM1MDkxNTE5NDA1OFowMDEuMCwGA1UEAxMlQ2FkZHkg
+    TG9jYWwgQXV0aG9yaXR5IC0gMjAyNSBFQ0MgUm9vdDBZMBMGByqGSM49AgEGCCqG
+    SM49AwEHA0IABGR9mSgKCSjvcv7LvvIcO84Wpf/KtC/aexT5shSKXd1R97kIyMI5
+    SUYz0MzbRZHJ4QMpIeALirOK9Eoy2zht0dKjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
+    BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRHKfIfJrrA2DACFrunVSmdnJHO
+    1zAKBggqhkjOPQQDAgNIADBFAiAoqc0+cHeq/8SQN16CKjVvXpZuMkg7NLDoWYMw
+    KgmzowIhAJlkxzBdVngwnJu8uPrVizTGF6XtmUHdJ0NDeccEqUCr
+    -----END CERTIFICATE-----
+  '';
+in
+{
+  security.pki.certificates = [
+    caddyRootCA # self-signed pki ca for my home-lab
+  ];
+}

modules/nixos/docker.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ...}:
+
+{
+  virtualisation.docker = {
+    enable = true;
+    # Customize Docker daemon settings
+    daemon.settings = {
+      dns = [ "1.1.1.1" "8.8.8.8" ];
+      log-driver = "journald";
+      registry-mirrors = [ "https://mirror.gcr.io" ];
+      storage-driver = "overlay2";
+    };
+    # Use the rootless mode
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+    # Install docker-compose
+    extraPackages = with pkgs; [
+      docker-compose
+    ];
+  };
+}

modules/nixos/drives.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+# Add encrypted drives to argon
+
+{
+  # copy keyfiles into initrd to make them available during early boot
+  boot.initrd.secrets = {
+    "/etc/nixos/keys/data1.key" = "/etc/nixos/keys/data1.key";
+    "/etc/nixos/keys/data2.key" = "/etc/nixos/keys/data2.key";
+    "/etc/nixos/keys/nvmecache.key" = "/etc/nixos/keys/nvmecache.key";
+  };
+
+  # decrypt data drives with keyfiles for argon
+  boot.initrd.luks.devices = {
+    "data1" = {
+      device = "/dev/disk/by-uuid/dfae62cc-bad1-4879-bf9a-461bde833625";
+      keyFile = "/etc/nixos/keys/data1.key";
+    };
+    "data2" = {
+      device = "/dev/disk/by-uuid/8312edae-9247-481b-a313-52a7f848f027";
+      keyFile = "/etc/nixos/keys/data2.key";
+    };
+    "nvmecache" = {
+      device = "/dev/disk/by-uuid/2352250e-4ebe-4f9a-bf66-0d4aaa961bd8";
+      keyFile = "/etc/nixos/keys/nvmecache.key";
+    };
+  };
+
+  # mount decrypted filesystems
+  fileSystems."/mnt/data1" = {
+    device = "/dev/mapper/data1";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/data2" = {
+    device = "/dev/mapper/data2";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/nvmecache" = {
+    device = "/dev/mapper/nvmecache";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+}

modules/nixos/graphics.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable amd GPU acceleration (mesa, vulkan, egl)
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # install amdgpu_top
+  environment.systemPackages = with pkgs; [
+    amdgpu_top
+  ];
+  
+  # add amdgpu to the initrd for plymouth
+  hardware.amdgpu.initrd.enable = true;
+}

modules/nixos/greetd.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # greetd display manager with tuigreet
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
+        user = "greeter";
+      };
+    };
+  };
+}

modules/nixos/networking.nix

@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  # set hostnname
-  networking.hostName = "neon";
-
   # user networkmanager
   networking.networkmanager.enable = true;
 
@@ -17,5 +14,6 @@
   # Add network-related packages
   environment.systemPackages = with pkgs; [
     wireguard-tools
+    update-systemd-resolved
   ];
 }

modules/nixos/openssh.nix

@@ -5,5 +5,15 @@
   services.openssh = {
     enable = true;
     openFirewall = true;
+    ports = [ 666 ];
+
+    settings = {
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
+      MaxAuthTries = 5;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      X11Forwarding = false;
+    };
   };
 }

modules/nixos/packages.nix

@@ -36,6 +36,7 @@
     sof-firmware
     strace
     sysstat
+    terminus_font
     tree
     unzip
     usbutils

modules/nixos/protonvpn.nix

@@ -0,0 +1,9 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.firewall.checkReversePath = false;
+  environment.systemPackages = with pkgs; [
+    wireguard-tools
+    protonvpn-gui
+  ];
+}

modules/nixos/services.nix

@@ -6,5 +6,6 @@
     tuned.enable = true;
     upower.enable = true;
     fwupd.enable = true;
+    tailscale.enable = true;
   };
 }

modules/nixos/users.nix

@@ -5,7 +5,7 @@
   users.users.aaron = {
     isNormalUser = true;
     group = "users";
-    extraGroups = [ "wheel" "networkmanager" ];
+    extraGroups = [ "wheel" "networkmanager" "docker" ];
     shell = pkgs.zsh;
   };
 
@@ -14,10 +14,5 @@
     enable = true;
     enableCompletion = true;
     autosuggestions.enable = true;
-    ohMyZsh = {
-      enable = true;
-      plugins = [ "git" "sudo" ];
-      theme = "gentoo";
-    };
   };
 }

users/aaron/home.nix

@@ -2,7 +2,9 @@
 
 {
   imports = [
+    ../../modules/home-manager/fonts.nix
     ../../modules/home-manager/git.nix
+    ../../modules/home-manager/ghostty.nix
     ../../modules/home-manager/nixvim.nix
     ../../modules/home-manager/programs.nix
     ../../modules/home-manager/shell.nix