repo: declutter

flake.nix

@@ -9,6 +9,10 @@
       url = "github:berberman/flakes";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -21,6 +25,9 @@
       url = "github:hyprwm/Hyprland";
       inputs.nixpkgs.follows = "nixpkgs"; # MESA/OpenGL HW workaround
     };
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
     lanzaboote = {
       url = "github:nix-community/lanzaboote";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -29,6 +36,12 @@
       url = "github:LnL7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # TODO: Unused
     #nixos-hardware = {
     #  url = "github:NixOS/nixos-hardware/master";
     #  #inputs.nixpkgs.follows = "nixpkgs";
@@ -37,17 +50,6 @@
     #  url = "github:nixpak/nixpak";
     #  inputs.nixpkgs.follows = "nixpkgs";
     #};
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    impermanence = {
-      url = "github:nix-community/impermanence";
-    };
 
     ## Non-Flake
     ### Color scheme files
@@ -66,29 +68,61 @@
   outputs = { self,
               nixpkgs,
               berberman,
+              disko,
               home-manager,
               hosts,
               hyprland,
               lanzaboote,
               nix-darwin,
               sops-nix,
-              disko,
               impermanence,
               tokyonight,
               metacubexd,
               ... } @ inputs: {
 
-    # nix-darwin (macOS)
+    ### NixOS
+    nixosConfigurations = {
+      "81FW-NixOS" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./nixos                                             # Entrypoint
+          ./machines/nixos/81fw-lenovo-legion-y7000           # Hardware-specific configurations
+          ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
+
+          ./users/guanranwang/nixos.nix                       # Home Manager entrypoint (user-specific)
+
+          { networking.hostName = "81FW-NixOS"; }             # Hostname
+        ];
+      };
+
+      ## Currently un-used.
+      "iMac-NixOS" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./nixos
+          ./machines/nixos/imac-2017
+          ./machines/nixos/imac-2017/machine-1
+
+          ./users/guanranwang/nixos.nix
+
+          { networking.hostName = "iMac-NixOS"; }
+        ];
+      };
+    };
+
+
+    ### nix-darwin (macOS)
     darwinConfigurations = {
       "iMac-macOS" = nix-darwin.lib.darwinSystem {
         system = "x86_64-darwin";
         specialArgs = { inherit inputs; };
         modules = [
-          ./darwin                          # Entrypoint
+          ./darwin
-          ./machines/darwin/imac-2017       # Hardware-specific configurations
+          ./machines/darwin/imac-2017
-                                            # Machine-specific configurations (does such stuff even exist on nix-darwin)
+
-          ./users/guanranwang/darwin.nix    # User-specific configurations
+          ./users/guanranwang/darwin.nix
-           # Flakes
 
           { networking.hostName = "iMac-macOS"; }
         ];
@@ -96,45 +130,14 @@
     };
 
 
-    # NixOS
+    ### Home-Manager
-    nixosConfigurations = {
+    # TODO: Actually figure out how this works
-      "81fw-nixos" = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./nixos                                             # Entrypoint
-          ./machines/nixos/81fw-lenovo-legion-y7000           # Hardware-specific configurations
-          ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
-          ./users/guanranwang/nixos.nix                       # User-specific configurations
-
-          { networking.hostName = "81fw-nixos"; }
-        ];
-      };
-
-      ## Currently un-used.
-      "imac-nixos" = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./nixos
-          ./machines/nixos/imac-2017
-          ./machines/nixos/imac-2017/machine-1
-          ./users/guanranwang/nixos.nix
-
-          { networking.hostName = "imac-nixos"; }
-        ];
-      };
-    };
-
-
-    # Home-Manager
     homeConfigurations = {
       "guanranwang@81fw-nixos" = home-manager.lib.homeManagerConfiguration {
         pkgs = nixpkgs.legacyPackages.x86_64-linux;
         extraSpecialArgs = { inherit inputs; };
         modules = [
           sops-nix.homeManagerModules.sops
-
           hyprland.homeManagerModules.default
           {
             wayland.windowManager.hyprland = {
@@ -153,7 +156,6 @@
         extraSpecialArgs = { inherit inputs; };
         modules = [
           sops-nix.homeManagerModules.sops
-
           hyprland.homeManagerModules.default
           {
             wayland.windowManager.hyprland = {

flakes/nixos/disko.nix

@@ -1,4 +1,4 @@
-{ disks ? [ "/dev/vdb" ], inputs, ... }:
+{ inputs, disks ? [ "/dev/vdb" ], ... }:
 
 {
   imports = [ inputs.disko.nixosModules.disko ];

flakes/nixos/lanzaboote.nix

@@ -1,10 +1,10 @@
-{ pkgs, lib, inputs, ... }:
+{ inputs, pkgs, ... }:
 
 {
   imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
 
   environment.systemPackages = with pkgs; [ sbctl ];
-  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.systemd-boot.enable = false;
   boot.lanzaboote = {
     enable = true;
     pkiBundle = "/etc/secureboot";

machines/nixos/81fw-lenovo-legion-y7000/default.nix

@@ -3,5 +3,6 @@
 {
   imports = [
     ./hardware.nix
+    ../../../nixos/presets/desktop.nix
   ];
 }

machines/nixos/81fw-lenovo-legion-y7000/hardware.nix

@@ -5,6 +5,7 @@
     ../hardware/misc/audio.nix
     ../hardware/misc/bluetooth.nix
     ../hardware/misc/opengl.nix
+    ../hardware/misc/tpm.nix
     ../hardware/cpu/intel.nix
     ../hardware/gpu/intel.nix
     ../hardware/gpu/nvidia.nix

machines/nixos/imac-2017/hardware.nix

@@ -11,12 +11,12 @@
     (modulesPath + "/installer/scan/not-detected.nix") # what is this
   ];
 
-  # from nixos-hardware
-  boot.kernelParams = [ "hid_apple.iso_layout=0" ];
-  hardware.facetimehd.enable = true; # cam already works before adding this, not sure what is the point
-
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
 
+  # Options from github:NixOS/nixos-hardware
+  boot.kernelParams = [ "hid_apple.iso_layout=0" ];
+  hardware.facetimehd.enable = true; # TODO: Camera already works before adding this, not sure what is the point...
+
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction

nixos/boot/boot.nix

@@ -7,7 +7,9 @@
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot = {
-        enable = lib.mkDefault true; # use lanzaboote instead for secureboot
+        enable = lib.mkDefault true; # mkDefault for Lanzaboote
+        editor = false; # Disabled for security
+        ### Utilities
         #netbootxyz.enable = true;
         #memtest86.enable = true;
       };

nixos/boot/default.nix

@@ -4,5 +4,7 @@
   imports = [
     ./boot.nix
     ./kernel.nix
+    ./plymouth.nix
+    ./sysctl.nix
   ];
 }

nixos/boot/kernel.nix

@@ -1,10 +1,9 @@
 { pkgs, ... }:
 
 {
-  # NOTE: secureboot enabled in flake.nix
   boot = {
-    #kernelPackages = pkgs.linuxPackages_latest; # latest kernel
+    #kernelPackages = pkgs.linuxPackages_latest;            # latest linux kernel
-    kernelPackages = pkgs.linuxPackages_zen; # zen kernel, often outdated
+    kernelPackages = pkgs.linuxPackages_zen;                # latest linux-zen kernel
-    #kernelPackages = pkgs.linuxKernel.Packages.linux_6_1;
+    #kernelPackages = pkgs.linuxKernel.Packages.linux_6_1;  # linux 6.1 LTS kernel
   };
 }

nixos/boot/plymouth.nix

@@ -0,0 +1,5 @@
+{ lib, ... }:
+
+{
+  boot.plymouth.enable = lib.mkDefault true; # mkDefault for headless devices, check out server.nix
+}

nixos/default.nix

@@ -8,7 +8,6 @@
     ./nix
     ./packages
     ./power-management
-    ./security
     #./specialisation # dont actually use this
     ./users
   ];

nixos/i18n/i18n.nix

@@ -1,7 +1,7 @@
 { ... }:
 
-# Internationalisation settings
+# Internationalisation configurations
-# IME settings are at /etc/nixos/modules/graphical/input.nix
+# Use Home Manager for IME configurations
 {
   i18n = {
     defaultLocale = "en_US.UTF-8";
@@ -27,4 +27,6 @@
   #   keyMap = "us";
   #   useXkbConfig = true; # use xkbOptions in tty.
   # };
+
+  services.xserver.layout = "us"; # keymap in x11
 }

nixos/networking/default.nix

@@ -6,7 +6,6 @@
     ./network-manager
 
     ./dhcp.nix
-    ./dns
     ./firewall.nix
     ./proxy.nix
     ./timezone.nix

nixos/networking/dns/default.nix

@@ -3,6 +3,6 @@
 {
   imports = [
     ./dns.nix
-    #./systemd-resolved.nix
+    #./systemd-resolved.nix # Returns NXDOMAIN in China Mainland, will investegate...
   ];
 }

nixos/networking/dns/systemd-resolved.nix

@@ -7,6 +7,6 @@
     dnssec = "true";
     domains = [ "~." ];
     fallbackDns = [ "8.8.8.8#dns.google" "8.8.4.4#dns.google" "2001:4860:4860::8888#dns.google" "2001:4860:4860::8844#dns.google" ];
-    #extraConfig = "DNSOverTLS=yes"; # broken as well
+    extraConfig = "DNSOverTLS=yes";
   };
 }

nixos/nix/flake.nix

@@ -1,6 +1,10 @@
 { ... }:
 
 {
-  nix.settings.experimental-features = [ "nix-command" "flakes" ]; # enable flakes
+  # Enable Flakes
-  programs.command-not-found.enable = false; # Unavailable in Flakes build
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Does not work with Flake based configurations
+  system.copySystemConfiguration = false;
+  programs.command-not-found.enable = false;
 }

nixos/nix/gc.nix

@@ -2,10 +2,10 @@
 
 {
   nix = {
-    # hard linking
+    ### Auto hard linking
     settings.auto-optimise-store = true;
 
-    # auto delete older NixOS builds
+    ### Automatically delete older NixOS builds
     gc = {
       automatic = true;
       dates = "weekly";

nixos/nix/nix.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 
 {
   nix.settings = {
@@ -29,15 +29,13 @@
     nixos.enable = false;
   };
 
-  #nix.useSandbox = false;
-
   system = {
     # Copy the NixOS configuration file and link it from the resulting system
     # (/run/current-system/configuration.nix). This is useful in case you
     # accidentally delete configuration.nix.
 
     # Does not work with flake based configurations
-    #copySystemConfiguration = true;
+    copySystemConfiguration = lib.mkDefault true;
 
 
     # This value determines the NixOS release from which the default

nixos/packages/default.nix

@@ -2,9 +2,8 @@
 
 {
   imports = [
-    ./core.nix
     ./hardware.nix
-    ./graphical
+
     ./overlays
     ./unfree
   ];

nixos/packages/graphical/default.nix

@@ -6,7 +6,9 @@
 
     #./flatpak.nix
     ./fonts.nix
+    ./gnome-keyring.nix
     ./graphical.nix
+    ./polkit.nix
     ./xdg.nix
   ];
 }

nixos/packages/graphical/display-server/input.nix

@@ -2,7 +2,6 @@
 
 {
   services.xserver = {
-    layout = "us"; # keymap in x11
     libinput = {
       enable = true;
       touchpad = {
@@ -18,7 +17,7 @@
     };
   };
 
-  # Removes debounce time
+  ### Removes debounce time
   # https://www.reddit.com/r/linux_gaming/comments/ku6gth
   environment.etc."libinput/local-overrides.quirks".text = ''
     [Never Debounce]

nixos/packages/graphical/display-server/wayland.nix

@@ -1,8 +1,8 @@
 { ... }:
 
 {
-  programs.xwayland.enable = true;
+  programs.xwayland.enable = true;        # enable XWayland
-  hardware.nvidia.nvidiaSettings = false; # nvidia settings menu, wont do anything on wayland
+  hardware.nvidia.nvidiaSettings = false; # NVIDIA settings menu, wont do anything on wayland
   environment.sessionVariables = {
     "NIXOS_OZONE_WL" = "1";               # let electron applications use wayland
   };

nixos/packages/graphical/fonts.nix

@@ -29,6 +29,6 @@
         monospace = [ "JetBrainsMono Nerd Font" "JetBrains Mono" "FiraCode Nerd Font" "Fira Code" "Noto Sans Mono" ];
       };
     };
-    # fontconfig is too limited here, use `$HOME/.config/fontconfig/fonts.conf` instead
+    # fontconfig is too limited here, and appling it globally is **bad**, use Home Manager instead
   };
 }

nixos/packages/graphical/gnome-keyring.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+  # gnome keyring
+  services.gnome.gnome-keyring.enable = true;
+  programs.seahorse.enable = true;
+  security.pam.services."gnome-keyring".text = ''
+    auth     optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
+    session  optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
+    password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
+  '';
+}

nixos/packages/graphical/graphical.nix

@@ -1,8 +1,6 @@
 { pkgs, ... }:
 
 {
-  boot.plymouth.enable = true;
-  security.polkit.enable = true;
   services = {
     # GNOME applications
     gvfs.enable = true; # nautilus
@@ -25,10 +23,5 @@
         end = "${pkgs.libnotify}/bin/notify-send 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. ⏹️'";
       };
     };
-    clash-verge = {
-      #enable = true;
-      autoStart = true; # not working at all, edit: works on gnome
-      tunMode = true;
-    };
   };
 }

nixos/packages/graphical/polkit.nix

@@ -1,6 +1,7 @@
 { pkgs, ... }:
 
 {
+  security.polkit.enable = true;
   environment.systemPackages = with pkgs; [ polkit_gnome ];
 
   # polkit_gnome autostart for wms

nixos/packages/hardware.nix

@@ -2,10 +2,7 @@
 
 {
   hardware = {
-    # Enable redistriutable firmware
     enableRedistributableFirmware = true;
-
-    # Enable all firmware
     #enableAllFirmware = true;
   };
 

nixos/packages/server.nix

@@ -1 +0,0 @@
-# no i dont actually own a server

nixos/packages/unfree/unfree.nix

@@ -10,15 +10,15 @@
     "facetimehd-firmware"     # ../hardware/hardwares/imac-2017.nix
 
     # flatpak-able
-    "discord"
-    "google-chrome"
-    "lunar-client"
     "osu-lazer-bin"
     "osu-lazer-bin-2023.1008.0" # what?
     "spotify"
     "steam"
     "steam-original"
-    "microsoft-edge-stable"
+    #"discord"
-    "qq"
+    #"google-chrome"
+    #"lunar-client"
+    #"microsoft-edge-stable"
+    #"qq"
   ];
 }

nixos/power-management/default.nix

@@ -4,7 +4,7 @@
   imports = [
     ./cpu-governor.nix
     ./system76-scheduler.nix
-    #./tlp.nix                  # ] conflicts
+    #./tlp.nix                  # ] Conflicts with each other, only choose one
     ./power-profiles-daemon.nix # ]
   ];
 }

nixos/presets/core.nix

@@ -1,9 +1,17 @@
 { config, ... }:
 
+# Imported by default, check out ./desktop.nix or ./server.nix
 {
   # Installed packages (System wide)
   environment = {
-    defaultPackages = [];
+    #defaultPackages = [];
+  };
+
+  users.mutableUsers = false;
+  environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
+  security = {
+    apparmor.enable = true;
+    sudo.execWheelOnly = true;
   };
 
   # Programs
@@ -25,9 +33,18 @@
       NixOS ${config.system.nixos.label} ${config.system.nixos.codeName} (\m) - \l
       --my-next-gpu-wont-be-nvidia
     '';
+
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+
     #cron.enable = true;
     #dbus.enable = true;
-    openssh.enable = true;
+
     # BTRFS De-Dupe
     # bruh how to make it not a background job
     # i want to run it manually

nixos/presets/desktop.nix

@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports = [
+    ./core.nix
+    ../packages/graphical
+  ];
+}

nixos/presets/server.nix

@@ -0,0 +1,9 @@
+{ ... }:
+
+# no i dont actually own a server
+{
+  imports = [
+    ./core.nix
+  ];
+  boot.plymouth.enable = false;
+}

nixos/security/default.nix

@@ -1,13 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./security.nix
-
-    ./gnome-keyring.nix
-    ./machine-id.nix
-    ./polkit.nix
-    ./sysctl.nix
-    ./tpm.nix
-  ];
-}

nixos/security/gnome-keyring.nix

@@ -1,11 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # gnome keyring
-  services.gnome.gnome-keyring.enable = true;
-  security.pam.services."gnome-keyring".text = ''
-    auth     optional    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
-    session  optional    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
-    password  optional    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
-  '';
-}

nixos/security/machine-id.nix

@@ -1,6 +0,0 @@
-{ ... }:
-
-{
-  # whonix id
-  environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb";
-}

nixos/security/security.nix

@@ -1,15 +0,0 @@
-{ ... }:
-
-{
-  security = {
-    apparmor.enable = true;
-    sudo.execWheelOnly = true;
-  };
-
-  boot.loader.systemd-boot.editor = false;
-
-  services.openssh.settings = {
-    PermitRootLogin = "no";
-    PasswordAuthentication = false;
-  };
-}

nixos/users/users.nix

@@ -1,5 +1,5 @@
 { ... }:
 
 {
-  users.mutableUsers = false;
+
 }