Merge pull request 'chore(update): update to the latest release' (#40) from feature/updates into main

Reviewed-on: #40

INSTALLATION.md

@@ -0,0 +1,118 @@
+# basic system installation
+
+- The installations presented in this repository are always luks encrypted
+- For simplicity I'm using device labels rather than uuids
+
+1. the partitioning layout should look somewhat like this after the installation
+```bash
+NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+nvme0n1            259:0    0 476.9G  0 disk
+├─nvme0n1p1        259:1    0     2G  0 part  /boot
+└─nvme0n1p2        259:2    0 474.9G  0 part
+  └─cryptroot      254:0    0 474.9G  0 crypt
+    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+    └─lvmroot-root 254:3    0 204.9G  0 lvm   /
+```
+
+> Note: `lsblk` may additionally show `/nix/store` as a mountpoint on `lvmroot-root`. This is not a separate partition. NixOS mounts the root device a second time at `/nix/store` with `ro,nosuid,nodev` flags to enforce store immutability at runtime.
+
+2. prepare the installation
+```bash
+# format the boot partition
+mkfs.fat -F 32 /dev/nvme0n1p1 -n "nixboot"
+# create an encrypted partition
+cryptsetup luksFormat -y --label="nixcrypt" /dev/nvme0n1p2
+# open the encrypted partition and map it to /dev/mapper/cryptroot
+cryptsetup luksOpen /dev/nvme0n1p2 cryptroot
+
+# create the physical volume
+pvcreate /dev/mapper/cryptroot
+# create a volume group inside
+vgcreate lvmroot /dev/mapper/cryptroot
+# create the swap volume
+lvcreate --size 8G lvmroot --name swap
+# if you desire, create a home volume
+lvcreate --size 150G lvmroot --name home
+# create the root volume
+lvcreate -l 100%FREE lvmroot --name root
+
+# format as usual for root partition
+mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
+# if you previously made the home partition, do it too
+mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
+# format the swap partition
+mkswap -L "nixswap" /dev/mapper/lvmroot-swap
+
+# mount root
+mount /dev/disk/by-label/nixroot /mnt
+# mount boot
+mount --mkdir /dev/nvme0n1p1 /mnt/boot
+# again, if you did the home volume
+mount --mkdir /dev/disk/by-label/nixhome /mnt/home
+# turn on swap
+swapon /dev/disk/by-label/nixswap
+```
+
+3. prepare nixos
+```bash
+# generate templates and update the hardware-configuration.nix
+nixos-generate-config --root /mnt
+
+# add dm-crypt and dm-mod to the kernelModules
+boot.initrd.kernelModules = [ "dm-crypt" "dm-mod" ];
+
+# add file systems using labels
+fileSystems."/" =
+  { device = "/dev/disk/by-label/nixroot";
+    fsType = "ext4";
+  };
+fileSystems."/boot" =
+  { device = "/dev/disk/by-label/nixboot";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+fileSystems."/home" =
+  { device = "/dev/disk/by-label/nixhome";
+    fsType = "ext4";
+  };
+swapDevices =
+  [ { device = "/dev/disk/by-label/nixswap"; }
+  ];
+
+# point the bootloader to the luks device
+boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+```
+
+4. install nixos
+```bash
+nixos-install
+```
+
+## how to deploy the initial config
+- Don't forget to install the bootloader, if you changed it since `nixos-install`
+```bash
+$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
+```
+
+## how to upgrade the system
+```bash
+$ cd /path/to/repo
+$ nix flake update
+$ sudo nixos-rebuild switch --flake .#host_name
+$ sudo nix-collect-garbage
+```
+
+## how to use nix-helper
+
+The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
+
+Basic commands with a set `NH_FLAKE` variable are:
+```bash
+$ nh os switch
+$ nh os build
+$ nh os test
+$ nh clean all --keep 5
+```
+
+There is also the option to interface with home-manager by using `nh home switch` but this isn't necessary since home-manager is imported as a module in this config.

README.md

@@ -1,133 +1,30 @@
-# 0x29a nixos config
+# NixOS config
 
-My personal nixos configuration files for different environments.
+My personal NixOS configurations.
 
-## basic system installation
+## config structure
-
-- The installations presented in this repository are always luks encrypted
-- For simplicity I'm using device labels rather than uuids
-
-1. the partitioning layout should look somewhat like this after the installation
 
 ```bash
-NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+.
-nvme0n1            259:0    0 476.9G  0 disk
+├── flake.lock
-├─nvme0n1p1        259:1    0     2G  0 part  /boot
+├── flake.nix # flake definition
-└─nvme0n1p2        259:2    0 474.9G  0 part
+├── hosts
-  └─cryptroot      254:0    0 474.9G  0 crypt
+│   └── neon
-    ├─lvmroot-swap 254:1    0    20G  0 lvm   [SWAP]
+│       ├── configuration.nix # import nix-modules for specific host
-    ├─lvmroot-home 254:2    0   250G  0 lvm   /home
+│       └── hardware-configuration.nix # hardware configs for specific host
-    └─lvmroot-root 254:3    0 204.9G  0 lvm   /nix/store
+├── modules
-``` 
+│   ├── home-manager
-
+│   │   ├── xyz_module.nix
-2. prepare the installation
+│   └── nixos
-
+│       └── xyz_module.nix
-```bash
+└── users
-# format the boot partition
+    └── aaron
-mkfs.fat -F 32 /dev/sda1 -n "nixboot"
+        └── home.nix # import home-manager modules for specific user
-# create an encrypted partition
-cryptsetup luksFormat -y --label="nixcrypt" /dev/sda2
-# open the encrypted partition and map it to /dev/mapper/cryptroot
-cryptsetup luksOpen /dev/sda2 cryptroot
-
-# create the physical volume
-pvcreate /dev/mapper/cryptroot
-# create a volume group inside
-vgcreate lvmroot /dev/mapper/cryptroot
-# create the swap volume
-lvcreate --size 8G lvmroot --name nwap
-# if you desire, create a home volume
-lvcreate --size 150G lvmroot --name home
-# create the root volume
-lvcreate -l 100%FREE lvmroot --name root
-
-# format as usual for root partition
-mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root
-# if you previously made the home partition, do it too
-mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home
-# format the swap partition
-mkswap -L "nixswap" /dev/mapper/lvmroot-swap
-
-# mount root
-mount /dev/disk/by-label/nixroot /mnt
-# mount boot
-mount --mkdir /dev/sda1 /mnt/boot
-# again, if you did the home volume
-mount --mkdir /dev/disk/by-label/nixhome /mnt/home
-# turn on swap
-swapon /dev/disk/by-label/nixswap
 ```
 
-3. prepare nixos
+## installation
 
-
+For more details about the installation procedure see: [INSTALLATION.md](INSTALLATION.md)
-```bash
-# generate templates and update the hardware-configuration.nix
-sudo nixos-generate-config --root /mnt
-
-# add cryptd to the kernelModules
-boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
-
-# add file systems using labels
-fileSystems."/" =
-  { device = "/dev/disk/by-label/nixroot";
-    fsType = "ext4";
-  };
-fileSystems."/boot" =
-  { device = "/dev/disk/by-label/nixboot";
-    fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
-  };
-fileSystems."/home" =
-  { device = "/dev/disk/by-label/nixhome";
-    fsType = "ext4";
-  };
-swapDevices =
-  [ { device = "/dev/disk/by-label/nixswap"; }
-  ];
-
-# point the bootloader to the luks device
-boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
-```
-
-4. install nixos
-
-```bash
-cd /mnt
-sudo nixos-install
-```
-
-## how to deploy the inital config
-
-- Don't forget to install the bootloader, if you changed it since `nixos-install`
-
-```bash
-$ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
-```
-
-## how to upgrade the system
-
-```bash
-$ cd /path/to/repo
-$ sudo nix flake update
-$ sudo nixos-rebuild switch --flake .#host_name
-$ sudo nix-collect-garbage
-```
-
-## how to use nix-helper
-
-The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
-
-Basic commands with a set `NH_FLAKE` variable are:
-
-```bash
-$ nh os switch
-$ nh os build
-$ nh os test
-$ nh clean all --keep 5
-```
-
-There is also the option to interface with home-manager by using `nh home switch`but this isn't necessary since home-manager is imported as a module in this config.
 
 ## author
 

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765835352,
+        "lastModified": 1769996383,
-        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767048910,
+        "lastModified": 1775683737,
-        "narHash": "sha256-KLFTeA/xquN+F3XHLAXcserk0L0nijbhzuldxNDF1eE=",
+        "narHash": "sha256-oBYyowo6yfgb95Z78s3uTnAd9KkpJpwzjJbfnpLaM2Y=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d99b4ca5debaa082c7d76015aa2b7f3fc7e8b5f7",
+        "rev": "7ba4ee4228ed36123c7cb75d50524b43514ef992",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1766902085,
+        "lastModified": 1775423009,
-        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1767002962,
+        "lastModified": 1775307257,
-        "narHash": "sha256-HGFRwMRUwt56E+SiVX9YQOzpOwHy0/rtEqMoEbkF8Yg=",
+        "narHash": "sha256-y9hEecHH4ennFwIcw1n480YCGh73DkEmizmQnyXuvgg=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "63c957603751f0a107c4d9c2cbaff1c8749fc9f1",
+        "rev": "2e008bb941f72379d5b935d5bfe70ed8b7c793ff",
         "type": "github"
       },
       "original": {
@@ -83,14 +83,15 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "noctalia-qs": "noctalia-qs"
       },
       "locked": {
-        "lastModified": 1767099893,
+        "lastModified": 1775689927,
-        "narHash": "sha256-Z39jG7z4XD+H2KPSgWR0rQS3di1mTblRI5kyqcL3g7w=",
+        "narHash": "sha256-UVL4JnAHXs90AiKfhjXBQ83KhiXHAyZ4TdaPkA/ts/g=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "015ff66fbd85abda4573d864466ecf9fc64f233b",
+        "rev": "0fcaa49875bf0c994bb5c604320454ef72e6ba8b",
         "type": "github"
       },
       "original": {
@@ -99,6 +100,29 @@
         "type": "github"
       }
     },
+    "noctalia-qs": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "nixpkgs"
+        ],
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1775491791,
+        "narHash": "sha256-elzmRpudiwtYQNCKk9TAEhlYQV0+yUM81poo01Z7FfQ=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "rev": "9e2736531ef7a1a336abf7ec72255d0b192273b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
@@ -121,6 +145,43 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "noctalia-qs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775125835,
+        "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "75925962939880974e3ab417879daffcba36c4a3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,6 +1,6 @@
 {
   description = "0x29a NixOS flake";
-  
+
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     home-manager = {
@@ -16,43 +16,30 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
-  
-  outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs: {
-    nixosConfigurations = {
 
-      default = nixpkgs.lib.nixosSystem {
+  outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs:
-        system = "x86_64-linux";
+  let
-        specialArgs = { inherit inputs; };
+    mkHost = hostName: nixpkgs.lib.nixosSystem {
-        modules = [
+      system = "x86_64-linux";
-          ./hosts/default/hardware-configuration.nix
+      specialArgs = { inherit inputs; };
-          ./hosts/default/configuration.nix
+      modules = [
-          home-manager.nixosModules.home-manager
+        ./hosts/${hostName}/hardware-configuration.nix
-          {
+        ./hosts/${hostName}/configuration.nix
-            home-manager.extraSpecialArgs = { inherit inputs; };
+        home-manager.nixosModules.home-manager
-            home-manager.users.aaron.imports = [
+        {
-              nixvim.homeModules.nixvim
+          home-manager.extraSpecialArgs = { inherit inputs; };
-              ./users/aaron/home.nix
+          home-manager.users.aaron.imports = [
-            ];
+            nixvim.homeModules.nixvim
-          }
+            ./users/aaron/home.nix
-        ];
+          ];
-      };
+        }
-      
+      ];
-      neon = nixpkgs.lib.nixosSystem {
+    };
-        system = "x86_64-linux";
+  in {
-        specialArgs = { inherit inputs; };
+    nixosConfigurations = {
-        modules = [
+      default = mkHost "default";
-          ./hosts/neon/hardware-configuration.nix
+      neon    = mkHost "neon";
-          ./hosts/neon/configuration.nix
+      argon   = mkHost "argon";
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.extraSpecialArgs = { inherit inputs; };
-            home-manager.users.aaron.imports = [
-              nixvim.homeModules.nixvim
-              ./users/aaron/home.nix
-            ];
-          }
-        ];
-      };
     };
   };
 }

hosts/argon/configuration.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    ../../modules/nixos/audio.nix
+    ../../modules/nixos/bootloader.nix
+    ../../modules/nixos/certificates.nix
+    ../../modules/nixos/drives.nix
+    ../../modules/nixos/gnupg.nix
+    ../../modules/nixos/graphics.nix
+    ../../modules/nixos/greetd.nix
+    ../../modules/nixos/locales.nix
+    ../../modules/nixos/networking.nix
+    ../../modules/nixos/niri.nix
+    ../../modules/nixos/noctalia.nix
+    ../../modules/nixos/openssh.nix
+    ../../modules/nixos/packages.nix
+    ../../modules/nixos/protonvpn.nix
+    ../../modules/nixos/services.nix
+    ../../modules/nixos/settings.nix
+    ../../modules/nixos/steam.nix
+    ../../modules/nixos/users.nix
+  ];
+
+  # set hostname
+  networking.hostName = "argon";
+
+  # install state version
+  system.stateVersion = "25.11"; # Don't change
+}
+

hosts/argon/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-crypt dm-mod" ];
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt";
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/mapper/lvmroot-root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC1C-20EB";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/mapper/lvmroot-home";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/mapper/lvmroot-swap"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/default/configuration.nix

@@ -3,11 +3,6 @@
 { pkgs, lib, ... }:
 
 {
-  imports =
-    [ 
-      ./hardware-configuration.nix
-    ];
-
   # use flakes
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 

hosts/neon/configuration.nix

@@ -4,6 +4,8 @@
   imports = [
     ../../modules/nixos/audio.nix
     ../../modules/nixos/bootloader.nix
+    ../../modules/nixos/certificates.nix
+    ../../modules/nixos/docker.nix
     ../../modules/nixos/gnupg.nix
     ../../modules/nixos/locales.nix
     ../../modules/nixos/networking.nix
@@ -18,6 +20,9 @@
     ../../modules/nixos/users.nix
   ];
 
+  # set hostname
+  networking.hostName = "neon";
+
   # install state version
   system.stateVersion = "25.11"; # Don't change
 }

modules/home-manager/fonts.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # user fonts
+  home.packages = with pkgs; [
+    nerd-fonts._0xproto
+    nerd-fonts.sauce-code-pro
+    powerline-fonts
+    powerline-symbols
+  ];
+}

modules/home-manager/ghostty.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  programs.ghostty = {
+    enable = true;
+    settings = {
+      clipboard-paste-protection = false;
+      clipboard-read = "allow";
+      font-family = "0xProto Nerd Font Mono";
+      font-size = 12;
+      gtk-titlebar = false;
+      scrollback-limit = 100000;
+      shell-integration = "zsh";
+      shell-integration-features = "ssh-env,ssh-terminfo";
+      theme = "noctalia"; # generated by noctalia-shell
+      window-decoration = "auto";
+      window-padding-x = 10;
+      window-padding-y = 10;
+    };
+  };
+}

modules/home-manager/nixvim.nix

@@ -22,5 +22,6 @@
     plugins.telescope.enable = true;
     plugins.web-devicons.enable = true;
     plugins.indent-blankline.enable = true;
+    extraPlugins = [ pkgs.vimPlugins.plenary-nvim ];
   };
 }

modules/home-manager/programs.nix

@@ -3,16 +3,18 @@
 {
   # user packages
   home.packages = with pkgs; [
+    devenv
     discord
     fastfetch
     keepassxc
-    nerd-fonts.sauce-code-pro
+    teamspeak6-client
-    powerline-fonts
-    powerline-symbols
-    screenfetch
   ];
 
   # services and other software
   services.syncthing.enable = true;
   programs.home-manager.enable = true;
+
+  # browsers
+  programs.chromium.enable = true;
+  programs.firefox.enable = true;
 }

modules/home-manager/shell.nix

@@ -1,15 +1,25 @@
-{ config, pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, ... }:
  
 {
+  # configure z-shell to use omz with some plugins
   programs.zsh = {
     enable = true;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     oh-my-zsh = {
       enable = true;
-      theme = "agnoster";
+      # theme will be set below
-      #plugins = [ "git" "ssh-agent" ];
+      theme = "";
+      plugins = [ "git" "ssh-agent" "gpg-agent" ];
     };
+    # only display a fancy theme when glyphs are rendered
+    initContent = lib.mkOrder 550 ''
+      if [[ "$TERM" == "linux" || "$TERM" == "screen" ]]; then
+        ZSH_THEME="gentoo"
+      else
+        ZSH_THEME="agnoster"
+      fi
+    '';
   };
 
   # set important env vars

modules/home-manager/styling.nix

@@ -9,6 +9,7 @@
         package = pkgs.gnome-themes-extra;
       };
     gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
+    gtk4.theme = null;
     gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
   };
 

modules/home-manager/tmux.nix

@@ -40,12 +40,17 @@
       bind J resize-pane -D 5
       bind K resize-pane -U 5
       bind L resize-pane -R 5
+      # Wayland clipboard integration
+      # Copy selection to both clipboard (Ctrl+V / Shift+Insert) and primary (middle-click)
+      bind -T copy-mode-vi y send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
+      bind -T copy-mode-vi Enter send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
+      bind -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "wl-copy && wl-copy --primary"
       # Kill commands
       bind q kill-window
       bind Q kill-session
       # Bars
-      set -g status-left "#[fg=black,bg=blue,bold] #S#[fg=blue,bg=black,nobold,noitalics,nounderscore]"
+      set -g status-left-length 24
-      set -g status-left "#[fg=black,bg=blue,bold] #S #[fg=blue,bg=black,nobold,noitalics,nounderscore]"
+      set -g status-left "#[fg=black,bg=blue,bold] #{=20:session_name} #[fg=blue,bg=black,nobold,noitalics,nounderscore]"
       set -g status-right "#{prefix_highlight}#[fg=brightblack,bg=black,nobold,noitalics,nounderscore]#[fg=white,bg=brightblack] %Y-%m-%d #[fg=white,bg=brightblack,nobold,noitalics,nounderscore]#[fg=white,bg=brightblack] %H:%M #[fg=cyan,bg=brightblack,nobold,noitalics,nounderscore]#[fg=black,bg=cyan,bold] #H "
       # Windows
       set -g window-status-format "#[fg=black,bg=brightblack,nobold,noitalics,nounderscore] #[fg=white,bg=brightblack]#I #[fg=white,bg=brightblack,nobold,noitalics,nounderscore] #[fg=white,bg=brightblack]#W #F #[fg=brightblack,bg=black,nobold,noitalics,nounderscore]"

modules/nixos/bootloader.nix

@@ -17,11 +17,13 @@
   };
 
   # kernel options
-  boot.kernelParams = [ "quiet" "loglevel=2" ];
+  boot.kernelParams = [ "quiet" "acpi.debug_level=0"];
   boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.consoleLogLevel = 2;
 
   # Add boot-related packages
   environment.systemPackages = with pkgs; [
     efibootmgr
+    terminus_font
   ];
 }

modules/nixos/certificates.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+let
+  caddyRootCA = ''
+    -----BEGIN CERTIFICATE-----
+    MIIBozCCAUmgAwIBAgIQf2N1DGp2HVOoPaGuGDEnwjAKBggqhkjOPQQDAjAwMS4w
+    LAYDVQQDEyVDYWRkeSBMb2NhbCBBdXRob3JpdHkgLSAyMDI1IEVDQyBSb290MB4X
+    DTI1MTEwNjE5NDA1OFoXDTM1MDkxNTE5NDA1OFowMDEuMCwGA1UEAxMlQ2FkZHkg
+    TG9jYWwgQXV0aG9yaXR5IC0gMjAyNSBFQ0MgUm9vdDBZMBMGByqGSM49AgEGCCqG
+    SM49AwEHA0IABGR9mSgKCSjvcv7LvvIcO84Wpf/KtC/aexT5shSKXd1R97kIyMI5
+    SUYz0MzbRZHJ4QMpIeALirOK9Eoy2zht0dKjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
+    BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRHKfIfJrrA2DACFrunVSmdnJHO
+    1zAKBggqhkjOPQQDAgNIADBFAiAoqc0+cHeq/8SQN16CKjVvXpZuMkg7NLDoWYMw
+    KgmzowIhAJlkxzBdVngwnJu8uPrVizTGF6XtmUHdJ0NDeccEqUCr
+    -----END CERTIFICATE-----
+  '';
+in
+{
+  security.pki.certificates = [
+    caddyRootCA # self-signed pki ca for my home-lab
+  ];
+}

modules/nixos/docker.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # add docker group to user
+  users.users.aaron.extraGroups = [ "docker" ];
+
+  virtualisation.docker = {
+    enable = true;
+    # Customize Docker daemon settings
+    daemon.settings = {
+      dns = [ "1.1.1.1" "8.8.8.8" ];
+      log-driver = "journald";
+      registry-mirrors = [ "https://mirror.gcr.io" ];
+      storage-driver = "overlay2";
+    };
+    # Use the rootless mode
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+    # Install docker-compose
+    extraPackages = with pkgs; [
+      docker-compose
+    ];
+  };
+}

modules/nixos/drives.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+# Add encrypted drives to argon
+
+{
+  # copy keyfiles into initrd to make them available during early boot
+  boot.initrd.secrets = {
+    "/etc/nixos/keys/data1.key" = "/etc/nixos/keys/data1.key";
+    "/etc/nixos/keys/data2.key" = "/etc/nixos/keys/data2.key";
+    "/etc/nixos/keys/nvmecache.key" = "/etc/nixos/keys/nvmecache.key";
+  };
+
+  # decrypt data drives with keyfiles for argon
+  boot.initrd.luks.devices = {
+    "data1" = {
+      device = "/dev/disk/by-uuid/dfae62cc-bad1-4879-bf9a-461bde833625";
+      keyFile = "/etc/nixos/keys/data1.key";
+    };
+    "data2" = {
+      device = "/dev/disk/by-uuid/8312edae-9247-481b-a313-52a7f848f027";
+      keyFile = "/etc/nixos/keys/data2.key";
+    };
+    "nvmecache" = {
+      device = "/dev/disk/by-uuid/2352250e-4ebe-4f9a-bf66-0d4aaa961bd8";
+      keyFile = "/etc/nixos/keys/nvmecache.key";
+    };
+  };
+
+  # mount decrypted filesystems
+  fileSystems."/mnt/data1" = {
+    device = "/dev/mapper/data1";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/data2" = {
+    device = "/dev/mapper/data2";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+
+  fileSystems."/mnt/nvmecache" = {
+    device = "/dev/mapper/nvmecache";
+    fsType = "ext4";
+    options = [ "nofail" ];
+  };
+}

modules/nixos/graphics.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # enable amd GPU acceleration (mesa, vulkan, egl)
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # install amdgpu_top
+  environment.systemPackages = with pkgs; [
+    amdgpu_top
+  ];
+  
+  # add amdgpu to the initrd for plymouth
+  hardware.amdgpu.initrd.enable = true;
+}

modules/nixos/greetd.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # greetd display manager with tuigreet
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
+        user = "greeter";
+      };
+    };
+  };
+}

modules/nixos/locales.nix

@@ -4,18 +4,18 @@
   # set the time zone
   time.timeZone = "Europe/Zurich";
 
-  # set internationalisation properties
+  # keep system language in english, but use swiss locale for formatting
   i18n.defaultLocale = "en_US.UTF-8";
   i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
+    LC_ADDRESS = "de_CH.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_IDENTIFICATION = "de_CH.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MEASUREMENT = "de_CH.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
+    LC_MONETARY = "de_CH.UTF-8";
-    LC_NAME = "en_US.UTF-8";
+    LC_NAME = "de_CH.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
+    LC_NUMERIC = "de_CH.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
+    LC_PAPER = "de_CH.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TELEPHONE = "de_CH.UTF-8";
-    LC_TIME = "en_US.UTF-8";
+    LC_TIME = "de_CH.UTF-8";
   };
 
   # set console font and keymap

modules/nixos/networking.nix

@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  # set hostnname
-  networking.hostName = "neon";
-
   # user networkmanager
   networking.networkmanager.enable = true;
 
@@ -11,11 +8,15 @@
   networking.firewall.allowedTCPPorts = [ ];
   networking.firewall.allowedUDPPorts = [ ];
 
+  # enable wifi firmware
+  hardware.enableAllFirmware = true;
+
   # enable bluetooth
   hardware.bluetooth.enable = true;
   
   # Add network-related packages
   environment.systemPackages = with pkgs; [
     wireguard-tools
+    update-systemd-resolved
   ];
 }

modules/nixos/openssh.nix

@@ -5,5 +5,15 @@
   services.openssh = {
     enable = true;
     openFirewall = true;
+    ports = [ 666 ];
+
+    settings = {
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
+      MaxAuthTries = 5;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      X11Forwarding = false;
+    };
   };
 }

modules/nixos/packages.nix

@@ -1,22 +1,19 @@
 { config, lib, pkgs, ... }:
 
 {
-  # system packges
+  # system packages
   environment.systemPackages = with pkgs; [
-    alacritty
     btop
     cowsay
     dnsutils
     ethtool
     file
-    ghostty
     git
     imagemagick
     imv
     iperf3
     jq
     kdePackages.qtmultimedia
-    kitty
     ldns
     lm_sensors
     lsof
@@ -29,21 +26,19 @@
     nvd
     p7zip
     pciutils
-    sddm-astronaut
     socat
+    sof-firmware
     strace
     sysstat
     tree
     unzip
     usbutils
     vim
+    wl-clipboard
     wget
     which
     xz
     zip
     zstd
   ];
-
-  # browser
-  programs.firefox.enable = true;
 }

modules/nixos/protonvpn.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # protonvpn uses wireguard tunnels, which break strict reverse path filtering
+  # because packets arrive on the tunnel interface but may be routed back differently.
+  # "loose" checks that the source is routable through *any* interface (not necessarily
+  # the same one), which is sufficient for wireguard while still preventing IP spoofing.
+  networking.firewall.checkReversePath = "loose";
+
+  environment.systemPackages = with pkgs; [
+    proton-vpn
+  ];
+}

modules/nixos/sddm.nix

@@ -17,4 +17,9 @@
       sddm-astronaut
     ];
   };
+
+  # Make the theme available in the system path so sddm can find it
+  environment.systemPackages = with pkgs; [
+    sddm-astronaut
+  ];
 }

modules/nixos/services.nix

@@ -5,5 +5,7 @@
   services = {
     tuned.enable = true;
     upower.enable = true;
+    fwupd.enable = true;
+    tailscale.enable = true;
   };
 }

modules/nixos/settings.nix

@@ -32,13 +32,14 @@
     };
   };
 
+  # allow unfree packages (steam, protonvpn, discord, etc.)
+  nixpkgs.config.allowUnfree = true;
+
   # links /libexec from derivations to /run/current-system/sw
   environment.pathsToLink = [ "/libexec" ];
-  # set the default editor to vim
-  environment.variables.EDITOR = "vim";
 
   # enable home-manager globally
   home-manager.useGlobalPkgs = true;
   home-manager.useUserPackages = true;
-  home-manager.backupFileExtension = "backup";
+  home-manager.backupCommand = "mv -f {file} {file}.hm-bak-$(date +%Y%m%d%H%M%S)";
 }

modules/nixos/steam.nix

@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  # allow unfree to install steam
-  nixpkgs.config.allowUnfree = true;
-
   # enable steam and open firewall
   programs.steam = {
     enable = true;

modules/nixos/users.nix

@@ -5,7 +5,7 @@
   users.users.aaron = {
     isNormalUser = true;
     group = "users";
-    extraGroups = [ "wheel" "networkmanager" ];
+    extraGroups = [ "wheel" "networkmanager" "dialout" ];
     shell = pkgs.zsh;
   };
 
@@ -14,10 +14,5 @@
     enable = true;
     enableCompletion = true;
     autosuggestions.enable = true;
-    ohMyZsh = {
-      enable = true;
-      plugins = [ "git" "sudo" ];
-      theme = "gentoo";
-    };
   };
 }

users/aaron/home.nix

@@ -2,7 +2,9 @@
 
 {
   imports = [
+    ../../modules/home-manager/fonts.nix
     ../../modules/home-manager/git.nix
+    ../../modules/home-manager/ghostty.nix
     ../../modules/home-manager/nixvim.nix
     ../../modules/home-manager/programs.nix
     ../../modules/home-manager/shell.nix