wip

Attempts to select the right emacs package based on whether the machine
is x11 only or not.

.sops.yaml

@@ -0,0 +1,11 @@
+keys:
+  - &admin_johno age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
+  - &host_z790prors age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
+  - &host_nixbook age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *admin_johno
+          - *host_z790prors
+          - *host_nixbook

flake.lock

@@ -1,38 +1,5 @@
 {
   "nodes": {
-    "aquamarine": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "hyprwayland-scanner": [
-          "hyprland",
-          "hyprwayland-scanner"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1725199881,
-        "narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=",
-        "owner": "hyprwm",
-        "repo": "aquamarine",
-        "rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "aquamarine",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -40,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725694918,
+        "lastModified": 1728041527,
-        "narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=",
+        "narHash": "sha256-03liqiJtk9UP7YQHW4r8MduKCK242FQzud8iWvvlK+o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda",
+        "rev": "509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e",
         "type": "github"
       },
       "original": {
@@ -53,197 +20,13 @@
         "type": "github"
       }
     },
-    "hy3": {
-      "inputs": {
-        "hyprland": [
-          "hyprland"
-        ]
-      },
-      "locked": {
-        "lastModified": 1725573970,
-        "narHash": "sha256-KJKO4b5Gl+7t3hF+X56Y0W/Lxf2OxWl/aLgzbiN3+hI=",
-        "owner": "outfoxxed",
-        "repo": "hy3",
-        "rev": "e91460d63627cdad417cac2c09897be58094e2e0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "outfoxxed",
-        "repo": "hy3",
-        "type": "github"
-      }
-    },
-    "hyprcursor": {
-      "inputs": {
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722623071,
-        "narHash": "sha256-sLADpVgebpCBFXkA1FlCXtvEPu1tdEsTfqK1hfeHySE=",
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "rev": "912d56025f03d41b1ad29510c423757b4379eb1c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "type": "github"
-      }
-    },
-    "hyprland": {
-      "inputs": {
-        "aquamarine": "aquamarine",
-        "hyprcursor": "hyprcursor",
-        "hyprlang": "hyprlang",
-        "hyprutils": "hyprutils",
-        "hyprwayland-scanner": "hyprwayland-scanner",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems",
-        "xdph": "xdph"
-      },
-      "locked": {
-        "lastModified": 1725738873,
-        "narHash": "sha256-8OT3XRoPoAhiYHMT/hQ6uKE4o7Z99a1Y+711oEPV+dg=",
-        "ref": "refs/heads/main",
-        "rev": "70add904c40924a761059e4009a8c0f1e43d76a3",
-        "revCount": 5194,
-        "submodules": true,
-        "type": "git",
-        "url": "https://github.com/hyprwm/Hyprland"
-      },
-      "original": {
-        "submodules": true,
-        "type": "git",
-        "url": "https://github.com/hyprwm/Hyprland"
-      }
-    },
-    "hyprland-protocols": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "xdph",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "xdph",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1721326555,
-        "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "type": "github"
-      }
-    },
-    "hyprlang": {
-      "inputs": {
-        "hyprutils": [
-          "hyprland",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1725188252,
-        "narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=",
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "c12ab785ce1982f82594aff03b3104c598186ddd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "type": "github"
-      }
-    },
-    "hyprutils": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1724966483,
-        "narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprutils",
-        "type": "github"
-      }
-    },
-    "hyprwayland-scanner": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1721324119,
-        "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
-        "owner": "hyprwm",
-        "repo": "hyprwayland-scanner",
-        "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprwayland-scanner",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725634671,
+        "lastModified": 1727802920,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
         "type": "github"
       },
       "original": {
@@ -253,56 +36,47 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1725762081,
+        "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "hy3": "hy3",
+        "nixpkgs": "nixpkgs",
-        "hyprland": "hyprland",
+        "sops-nix": "sops-nix"
-        "nixpkgs": "nixpkgs"
       }
     },
-    "systems": {
+    "sops-nix": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "xdph": {
       "inputs": {
-        "hyprland-protocols": "hyprland-protocols",
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
         "nixpkgs": [
-          "hyprland",
           "nixpkgs"
         ],
-        "systems": [
+        "nixpkgs-stable": "nixpkgs-stable"
-          "hyprland",
-          "systems"
-        ]
       },
       "locked": {
-        "lastModified": 1725203932,
+        "lastModified": 1727423009,
-        "narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=",
+        "narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=",
-        "owner": "hyprwm",
+        "owner": "Mic92",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "sops-nix",
-        "rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251",
+        "rev": "127a96f49ddc377be6ba76964411bab11ae27803",
         "type": "github"
       },
       "original": {
-        "owner": "hyprwm",
+        "owner": "Mic92",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "sops-nix",
         "type": "github"
       }
     }

flake.nix

@@ -4,65 +4,62 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    hyprland = {
-      type = "git";
-      url = "https://github.com/hyprwm/Hyprland";
-      submodules = true;
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    hy3 = {
-      url = "github:outfoxxed/hy3";
-      inputs.hyprland.follows = "hyprland";
-    };
   };
 
-  outputs = { self, nixpkgs, ... } @ inputs: {
+  outputs = { self, nixpkgs, ... } @ inputs: let
-    nixosConfigurations.z790prors-nix = nixpkgs.lib.nixosSystem {
+    baseModules = [
+      ./roles
+      inputs.sops-nix.nixosModules.sops
+      inputs.home-manager.nixosModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+      }
+    ];
+  in {
+    nixosConfigurations.z790prors-nix = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
       specialArgs = { inherit inputs; };
-      modules = [ 
+      modules = baseModules ++ [
         ./machines/z790prors/configuration.nix
-        inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = { inherit inputs; };
           home-manager.users.johno = import ./home/home-z790prors.nix;
+          home-manager.extraSpecialArgs.customPkgs =
+            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
         }
       ];
     };
 
-    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem {
+    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
+      modules = baseModules ++ [
-      modules = [
         ./machines/nix-book/configuration.nix
-        inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = { inherit inputs; };
           home-manager.users.johno = import ./home/home-nix-book.nix;
+          home-manager.extraSpecialArgs.customPkgs =
+            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
         }
       ];
     };
 
-    nixosConfigurations.boxy= nixpkgs.lib.nixosSystem {
+    nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
+      modules = baseModules ++ [
-      modules = [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = { inherit inputs; };
           home-manager.users.johno = import ./home/home-default.nix;
+          home-manager.extraSpecialArgs.customPkgs =
+            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
         }
       ];
     };

home/home-default.nix

@@ -1,9 +1,5 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, customPkgs, ... }:
 
-with import <nixpkgs> {};
-let
-  nextcloudTalkDesktop = pkgs.callPackage ./modules/applications/nextcloud-talk-desktop/package.nix {};
-in
 {
   # Home Manager needs a bit of information about you and the paths it should
   # manage.
@@ -63,7 +59,7 @@ in
     pkgs.wofi
     pkgs.vlc
 
-    nextcloudTalkDesktop
+    customPkgs.nextcloudTalkDesktop
   ];
 
   # Home Manager is pretty good at managing dotfiles. The primary way to manage
@@ -107,10 +103,9 @@ in
   nixpkgs.config.allowUnfree = true;
 
   imports = [
-    ./modules/applications/emacs/default.nix
+    ./modules/emacs
-    ./modules/games/lutris/default.nix
+    ./modules/lutris
-    ./modules/window_managers/hyprland/default.nix
+    ./modules/i3+sway
-    ./modules/window_managers/i3/default.nix
   ];
 
   programs.bash.enable = true;
@@ -191,15 +186,6 @@ in
     package = pkgs.kdePackages.kdeconnect-kde;
   };
 
-  services.spotifyd = {
-    enable = true;
-    settings = {
-      global = {
-        username = "johnogle222";
-      };
-    };
-  };
-
   services.syncthing = {
     enable = true;
     tray = {

home/home-nix-book.nix

@@ -3,6 +3,10 @@
 {
   imports = [
     ./home-default.nix
-    ./modules/window_managers/hyprland/nix-book.nix
+    ./modules/hyprland/nix-book.nix
   ];
+
+  home.i3_sway.extraSwayConfig = {
+    output.eDP-1.scale = "1.75";
+  };
 }

home/home-z790prors.nix

@@ -3,6 +3,6 @@
 {
   imports = [
     ./home-default.nix
-    ./modules/window_managers/hyprland/z790prors.nix
+    ./modules/hyprland/z790prors.nix
   ];
 }

home/modules/applications/emacs/default.nix

@@ -1,69 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  emacs = pkgs.emacs29;
-  doomSync = (let
-    git = pkgs.git;
-  in ''
-    export PATH=${emacs}/bin:${git}/bin:$PATH
-    ${config.xdg.configHome}/emacs/bin/doom sync -u -j $((`nproc`/4*3))
-  '');
-in {
-  home.packages = [
-    pkgs.emacs-all-the-icons-fonts
-    pkgs.fontconfig
-    pkgs.graphviz
-    pkgs.isort
-    pkgs.nerdfonts
-    pkgs.nil # nix lsp language server
-    pkgs.nixfmt-rfc-style
-    (pkgs.ripgrep.override {withPCRE2 = true;})
-    pkgs.pipenv
-    pkgs.poetry
-    pkgs.python3
-  ];
-
-  fonts.fontconfig.enable = true;
-
-  home.file = {
-    ".config/emacs" = {
-      source = fetchGit {
-        url = "https://github.com/doomemacs/doomemacs.git";
-        # When updating me, remember to run `doom sync`
-        rev = "ac1122ae67d762e09fc6684945b52adff96cf1dc";
-      };
-      # We need to use recursive mode here or else doom fails to sync for
-      # some reason related to the permissions on the synced path. I'm not
-      # quite sure of everything that's going on here.
-      recursive = true;
-
-      # Because `recursive = true` will cause this to sync every single
-      # activation, we turn this off here.
-      #
-      # There's probably a way we could do better detection of this within
-      # our onChange shell?
-      #
-      # onChange = doomSync;
-    };
-  };
-
-  home.sessionVariables = {
-    DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
-    EDITOR = "emacs -nw";
-  };
-
-  home.sessionPath = [
-    "${config.xdg.configHome}/emacs/bin"
-  ];
-
-  programs.emacs = {
-    enable = true;
-    package = emacs;
-  };
-
-  xdg.configFile."doom" = {
-    source = ./doom;
-    # Sync doom if we updated the config
-    onChange = doomSync;
-  };
-}

home/modules/emacs/default.nix

@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  doomSync = (let
+    git = pkgs.git;
+  in ''
+    export PATH=${pkgs.emacs}/bin:${git}/bin:$PATH
+    ${config.xdg.configHome}/emacs/bin/doom sync -u -j $((`nproc`/4*3))
+  '');
+in {
+  config = {
+    home.packages = [
+      pkgs.emacs-all-the-icons-fonts
+      pkgs.fontconfig
+      pkgs.graphviz
+      pkgs.isort
+      pkgs.nerdfonts
+      pkgs.nil # nix lsp language server
+      pkgs.nixfmt-rfc-style
+      (pkgs.ripgrep.override {withPCRE2 = true;})
+      pkgs.pipenv
+      pkgs.poetry
+      pkgs.python3
+    ];
+
+    fonts.fontconfig.enable = true;
+
+    home.file = {
+      ".config/emacs" = {
+        source = fetchGit {
+          url = "https://github.com/doomemacs/doomemacs.git";
+          # When updating me, remember to run `doom sync`
+          rev = "5ad99220b86ae1bf421861dfad24492d768ac4d9";
+        };
+        # We need to use recursive mode here or else doom fails to sync for
+        # some reason related to the permissions on the synced path. I'm not
+        # quite sure of everything that's going on here.
+        recursive = true;
+
+        # Because `recursive = true` will cause this to sync every single
+        # activation, we turn this off here.
+        #
+        # There's probably a way we could do better detection of this within
+        # our onChange shell?
+        #
+        # onChange = doomSync;
+      };
+    };
+
+    home.sessionVariables = {
+      DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
+      EDITOR = "emacs -nw";
+    };
+
+    home.sessionPath = [
+      "${config.xdg.configHome}/emacs/bin"
+    ];
+
+    xdg.configFile."doom" = {
+      source = ./doom;
+      # Sync doom if we updated the config
+      onChange = doomSync;
+    };
+  };
+}

home/modules/i3+sway/default.nix

@@ -0,0 +1,139 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.home.i3_sway;
+  i3_cfg = config.xsession.windowManager.i3.config;
+
+  shared_config = recursiveUpdate {
+    modifier = "Mod4";
+    terminal = "kitty";
+    defaultWorkspace = "workspace number 1";
+
+    keybindings = {
+      "${shared_config.modifier}+Return" = "exec ${i3_cfg.terminal}";
+      "${shared_config.modifier}+Shift+q" = "kill";
+      "${shared_config.modifier}+d" = "exec ${i3_cfg.menu}";
+
+      "${shared_config.modifier}+h" = "focus left";
+      "${shared_config.modifier}+j" = "focus down";
+      "${shared_config.modifier}+k" = "focus up";
+      "${shared_config.modifier}+l" = "focus right";
+
+      "${shared_config.modifier}+Shift+h" = "move left";
+      "${shared_config.modifier}+Shift+j" = "move down";
+      "${shared_config.modifier}+Shift+k" = "move up";
+      "${shared_config.modifier}+Shift+l" = "move right";
+
+      "${shared_config.modifier}+Left" = "focus left";
+      "${shared_config.modifier}+Down" = "focus down";
+      "${shared_config.modifier}+Up" = "focus up";
+      "${shared_config.modifier}+Right" = "focus right";
+
+      "${shared_config.modifier}+Shift+Left" = "move left";
+      "${shared_config.modifier}+Shift+Down" = "move down";
+      "${shared_config.modifier}+Shift+Up" = "move up";
+      "${shared_config.modifier}+Shift+Right" = "move right";
+
+      #"${shared_config.modifier}+h" = "split h";
+      "${shared_config.modifier}+v" = "split v";
+      "${shared_config.modifier}+f" = "fullscreen toggle";
+
+      "${shared_config.modifier}+s" = "layout stacking";
+      "${shared_config.modifier}+w" = "layout tabbed";
+      "${shared_config.modifier}+e" = "layout toggle split";
+
+      "${shared_config.modifier}+Shift+space" = "floating toggle";
+      "${shared_config.modifier}+space" = "focus mode_toggle";
+
+      "${shared_config.modifier}+a" = "focus parent";
+
+      "${shared_config.modifier}+Shift+minus" = "move scratchpad";
+      "${shared_config.modifier}+minus" = "scratchpad show";
+
+      "${shared_config.modifier}+1" = "workspace number 1";
+      "${shared_config.modifier}+2" = "workspace number 2";
+      "${shared_config.modifier}+3" = "workspace number 3";
+      "${shared_config.modifier}+4" = "workspace number 4";
+      "${shared_config.modifier}+5" = "workspace number 5";
+      "${shared_config.modifier}+6" = "workspace number 6";
+      "${shared_config.modifier}+7" = "workspace number 7";
+      "${shared_config.modifier}+8" = "workspace number 8";
+      "${shared_config.modifier}+9" = "workspace number 9";
+      "${shared_config.modifier}+0" = "workspace number 10";
+
+      "${shared_config.modifier}+Shift+1" =
+        "move container to workspace number 1";
+      "${shared_config.modifier}+Shift+2" =
+        "move container to workspace number 2";
+      "${shared_config.modifier}+Shift+3" =
+        "move container to workspace number 3";
+      "${shared_config.modifier}+Shift+4" =
+        "move container to workspace number 4";
+      "${shared_config.modifier}+Shift+5" =
+        "move container to workspace number 5";
+      "${shared_config.modifier}+Shift+6" =
+        "move container to workspace number 6";
+      "${shared_config.modifier}+Shift+7" =
+        "move container to workspace number 7";
+      "${shared_config.modifier}+Shift+8" =
+        "move container to workspace number 8";
+      "${shared_config.modifier}+Shift+9" =
+        "move container to workspace number 9";
+      "${shared_config.modifier}+Shift+0" =
+        "move container to workspace number 10";
+
+      "${shared_config.modifier}+Shift+c" = "reload";
+      "${shared_config.modifier}+Shift+r" = "restart";
+
+      "${shared_config.modifier}+r" = "mode resize";
+
+      "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
+      "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
+    };
+  } cfg.extraSharedConfig;
+in {
+  options.home.i3_sway = {
+    extraSharedConfig = mkOption {
+      default = {};
+    };
+    extraI3Config = mkOption {
+      default = {};
+    };
+    extraSwayConfig = mkOption {
+      default = {};
+    };
+  };
+
+  config = {
+    xsession.windowManager.i3 = let
+      base_i3_config = recursiveUpdate shared_config {
+        keybindings = {
+          "${shared_config.modifier}+Shift+e" =
+            "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
+        };
+      };
+    in {
+      enable = true;
+      config = recursiveUpdate base_i3_config cfg.extraI3Config;
+    };
+
+    wayland.windowManager.sway = let
+      base_sway_config = recursiveUpdate shared_config {
+        keybindings = {
+          "${shared_config.modifier}+Shift+e" =
+            "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
+        };
+        input = {
+          "type:keyboard" = {
+            xkb_options = "caps:escape";
+          };
+        };
+      };
+    in {
+      enable = true;
+      config = recursiveUpdate base_sway_config cfg.extraSwayConfig;
+    };
+  };
+}

home/modules/window_managers/i3/default.nix

@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  xsession.windowManager.i3 = {
-    enable = true;
-    config = {
-      modifier = "Mod4";
-    };
-  };
-}

machines/boxy/configuration.nix

@@ -2,18 +2,26 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
+{ lib, ... }:
+
+with lib;
 
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../roles/common/default.nix
-      ../../roles/nix/default.nix
-      (import ../../roles/kodi/default.nix { autologin = true; wayland = true; inherit lib; inherit pkgs; })
-      (import ../../roles/users/default.nix { extraGroups = []; })
     ];
 
+  roles = {
+    audio.enable = true;
+    kodi = {
+      enable = true;
+      autologin = true;
+      wayland = true;
+    };
+    users.enable = true;
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -22,6 +30,8 @@
 
   hardware.graphics.enable = true;
 
+  services.displayManager.enable = mkForce false;
+
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
   #

machines/nix-book/configuration.nix

@@ -2,21 +2,26 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, inputs, ... }:
+{ pkgs, ... }:
-
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../roles/common/default.nix
-      (import ../../roles/desktop/default.nix { x11Only = false; inherit inputs; inherit pkgs; })
-      ../../roles/nfs-mounts/default.nix
-      ../../roles/nix/default.nix
-      ../../roles/printing/default.nix
-      (import ../../roles/users/default.nix { extraGroups = []; })
-      ../../roles/virtualisation/default.nix
     ];
 
+  roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
+    desktop.enable = true;
+    nfs-mounts.enable = true;
+    printing.enable = true;
+    users = {
+      enable = true;
+      extraGroups = [ "video" ];
+    };
+    virtualisation.enable = true;
+  };
+
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

machines/z790prors/configuration.nix

@@ -2,23 +2,32 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ inputs, lib, pkgs, ... }:
+{ ... }:
 
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../roles/common/default.nix
-      (import ../../roles/desktop/default.nix { x11Only = true; inherit inputs; inherit pkgs; })
-      ../../roles/kids/default.nix
-      (import ../../roles/kodi/default.nix { autologin = false; wayland = false; inherit lib; inherit pkgs; })
-      ../../roles/nfs-mounts/default.nix
-      ../../roles/nix/default.nix
-      ../../roles/printing/default.nix
-      (import ../../roles/users/default.nix { extraGroups = ["input" "libvirtd"]; })
-      ../../roles/virtualisation/default.nix
     ];
 
+  roles = {
+    audio.enable = true;
+    desktop = {
+      enable = true;
+      x11Only = true;
+    };
+    kodi.enable = true;
+    nfs-mounts.enable = true;
+    printing.enable = true;
+    spotifyd.enable = true;
+    users = {
+      enable = true;
+      extraGroups = [ "input" "libvirtd" ];
+      kids = true;
+    };
+    virtualisation.enable = true;
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

machines/z790prors/hardware-configuration.nix

@@ -20,6 +20,8 @@
 
   hardware.graphics.enable = true;
   services.xserver.videoDrivers = ["nvidia"];
+  services.xserver.screenSection = ''Option "metamodes" "3440x1440_165 +0+0"'';
+  services.xserver.enableTearFree = true;
   hardware.nvidia = {
     modesetting.enable = true;
     powerManagement.enable = false;

packages/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  nextcloudTalkDesktop = pkgs.callPackage ./nextcloud-talk-desktop {};
+}

roles/audio/default.nix

@@ -0,0 +1,32 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.audio;
+in
+{
+  options.roles.audio = {
+    enable = mkEnableOption "Enable the audio role";
+  };
+
+  config = mkIf cfg.enable
+    {
+      environment.systemPackages = with pkgs; [
+        paprefs
+        pavucontrol
+        pulsemixer
+      ];
+
+      services.pipewire = {
+        enable = true;
+        pulse.enable = true;
+      };
+      hardware.pulseaudio.package = pkgs.pulseaudioFull;
+      hardware.pulseaudio.extraConfig = "
+        load-module module-combine-sink
+        load-module module-switch-on-connect
+      ";
+    };
+
+}

roles/bluetooth/default.nix

@@ -0,0 +1,26 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.bluetooth;
+in
+{
+  options.roles.bluetooth = {
+    enable = mkEnableOption "Enable the bluetooth role";
+  };
+
+  config = mkIf cfg.enable
+    {
+      hardware.bluetooth.enable = true;
+      hardware.bluetooth.powerOnBoot = true;
+      hardware.bluetooth.settings = {
+        General = {
+          Enable = "Source,Sink,Media,Socket";
+        };
+      };
+
+      services.blueman.enable = true;
+    };
+
+}

roles/common/default.nix

@@ -1,29 +0,0 @@
-{ pkgs, ... }:
-{
-  i18n.defaultLocale = "en_US.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
-  };
-  time.timeZone = "America/Los_Angeles";
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    git
-  ];
-}

roles/default.nix

@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles;
+in
+{
+  imports = [
+    ./audio
+    ./bluetooth
+    ./desktop
+    ./kodi
+    ./nfs-mounts
+    ./printing
+    ./secrets
+    ./spotifyd
+    ./users
+    ./virtualisation
+  ];
+
+  options.roles = {
+    enable = mkEnableOption "Enable roles";
+  };
+
+  config = {
+    i18n.defaultLocale = "en_US.UTF-8";
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "en_US.UTF-8";
+      LC_IDENTIFICATION = "en_US.UTF-8";
+      LC_MEASUREMENT = "en_US.UTF-8";
+      LC_MONETARY = "en_US.UTF-8";
+      LC_NAME = "en_US.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "en_US.UTF-8";
+      LC_TELEPHONE = "en_US.UTF-8";
+      LC_TIME = "en_US.UTF-8";
+    };
+    time.timeZone = "America/Los_Angeles";
+
+    # Enable the OpenSSH daemon.
+    services.openssh.enable = true;
+
+    environment.systemPackages = with pkgs; [
+      vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      git
+    ];
+
+    nix = {
+      package = pkgs.nixFlakes;
+      distributedBuilds = true;
+      buildMachines = [{
+        hostName = "z790prors.oglehome";
+        system = "x86_64-linux";
+        protocol = "ssh-ng";
+        sshUser = "johno";
+        sshKey = "/root/.ssh/id_ed25519";
+        maxJobs = 3;
+        speedFactor = 2;
+      }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+          "https://hyprland.cachix.org"
+        ];
+        trusted-public-keys = [
+          "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        ];
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/desktop/default.nix

@@ -1,50 +1,104 @@
-{ inputs, x11Only ? false, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 
+with lib;
+
+let
+  cfg = config.roles.desktop;
+
+  basePackages = with pkgs; [
+    brightnessctl
+  ];
+
+  x11BasePackages = with pkgs; [
+
+  ];
+
+  x11OnlyPackages = with pkgs; [
+    emacs
+  ];
+
+  waylandBasePackages = with pkgs; [
+    grim
+    slurp
+    wl-clipboard
+    mako
+  ];
+
+  waylandOnlyPackages = with pkgs; [
+    emacs-gtk
+  ];
+in
 {
-  services.xserver.xkb = {
+  options.roles.desktop = {
-    layout = "us";
+    enable = mkEnableOption "Enable the desktop role";
-    variant = "";
+    x11Only = mkOption {
-    options = "caps:escape";
+      type = types.bool;
-  };
+      default = false;
-  services.xserver.enable = true;
+    };
-  services.xserver.displayManager = {
-    lightdm.enable = true;
-  };
-  services.desktopManager.plasma6.enable = true;
-  programs.hyprland = {
-    enable = !x11Only;
-    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
-  };
-  services.xserver.windowManager.i3 = {
-    enable = true;
-    extraPackages = with pkgs; [
-      dmenu
-      i3status
-      i3lock
-    ];
-  };
-  # Helps with i3. Not sure what dconf is though honestly
-  programs.dconf.enable = true;
-
-  programs.kdeconnect.enable = true;
-  programs.java.enable = true;
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = true;
-    localNetworkGameTransfers.openFirewall = true;
-    #package = pkgs.steam.override {
-      #withJava = true;
-      #withPrimus = true;
-      #extraPkgs = pkgs: [ bumblebee glxinfo ];
-    #};
-  };
-  services.sunshine = {
-    enable = true;
-    autoStart = true;
-    capSysAdmin = true;
-    openFirewall = true;
   };
 
-  virtualisation.docker.enable = true;
+  config =
-  users.extraGroups.docker.members = [ "johno" ];
+    {
+      services.xserver.xkb = {
+        layout = "us";
+        variant = "";
+        options = "caps:escape";
+      };
+      services.xserver.enable = true;
+
+      services.displayManager.sddm = {
+        enable = true;
+        wayland.enable = !cfg.x11Only;
+      };
+      services.desktopManager.plasma6.enable = true;
+
+      services.xserver.windowManager.i3 = {
+        enable = true;
+        extraPackages = with pkgs; [
+          dmenu
+          i3status
+          i3lock
+        ];
+      };
+      programs.dconf.enable = true;
+      services.gnome.gnome-keyring.enable = true;
+
+      programs.sway = mkIf (!cfg.x11Only) {
+        enable = true;
+        wrapperFeatures.gtk = true;
+      };
+      programs.light.enable = mkIf (!cfg.x11Only) true;
+
+      programs.kdeconnect.enable = true;
+      programs.java.enable = true;
+      programs.steam = {
+        enable = true;
+        remotePlay.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+        #package = pkgs.steam.override {
+        #withJava = true;
+        #withPrimus = true;
+        #extraPkgs = pkgs: [ bumblebee glxinfo ];
+        #};
+      };
+      services.sunshine = {
+        enable = true;
+        autoStart = true;
+        capSysAdmin = true;
+        openFirewall = true;
+      };
+
+      virtualisation.docker.enable = true;
+      users.extraGroups.docker.members = [ "johno" ];
+
+      environment.systemPackages = with pkgs; mkMerge [
+        basePackages
+        x11BasePackages
+        (mkIf cfg.x11Only x11OnlyPackages)
+        # TODO: Do we need a "wayland only" mode?
+        (mkIf (!cfg.x11Only) waylandBasePackages)
+        (mkIf (!cfg.x11Only) waylandOnlyPackages)
+      ];
+    };
+
 }

roles/kids/default.nix

@@ -1,29 +0,0 @@
-{ pkgs, ... }:
-
-let
-  kidsPackages = with pkgs; [
-    firefox
-  ];
-in
-{
-  users.users.eli = {
-    isNormalUser = true;
-    description = "Eli";
-    home = "/home/eli";
-    packages = kidsPackages;
-  };
-
-  users.users.andrew = {
-    isNormalUser = true;
-    description = "Andrew";
-    home = "/home/andrew";
-    packages = kidsPackages;
-  };
-
-  users.users.jules = {
-    isNormalUser = true;
-    description = "Jules";
-    home = "/home/jules";
-    packages = kidsPackages;
-  };
-}

roles/kodi/default.nix

@@ -1,47 +1,71 @@
-{ autologin ? false, wayland ? false, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
 let
-  kodiBasePkg = if wayland then pkgs.kodi-wayland else pkgs.kodi;
+  cfg = config.roles.kodi;
-  kodiPkg = kodiBasePkg.withPackages (pkgs: with pkgs; [
-    jellyfin
-    steam-launcher
-    steam-library
-    youtube
-  ]);
 in
 {
-  users.extraUsers.kodi.isNormalUser = true;
+  options.roles.kodi = {
-
+    enable = mkEnableOption "Enable Kodi";
-  networking.firewall = {
+    autologin = mkOption {
-    allowedTCPPorts = [ 8080 ];
+      default = false;
-    allowedUDPPorts = [ 8080 ];
-  };
-
-  services = mkIf autologin {
-    cage = mkIf wayland {
-      user = "kodi";
-      program = "${kodiPkg}/bin/kodi-standalone";
-      enable = true;
     };
-
+    wayland = mkOption {
-    xserver = mkIf (!wayland) {
+      default = true;
-      enable = true;
-      desktopManager.kodi = {
-        enable = true;
-        package = kodiPkg;
-      };
-      displayManager.lightdm = {
-        enable = true;
-        greeter.enable = false;
-      };
-    };
-    displayManager = mkIf (!wayland) {
-      autoLogin.enable = true;
-      autoLogin.user = "kodi";
-      defaultSession = "kodi";
-      sessionData.autologinSession = "kodi";
     };
   };
+
+
+  config = let
+    kodiBasePkg = if cfg.wayland then pkgs.kodi-wayland else pkgs.kodi;
+    kodiPkg = kodiBasePkg.withPackages (pkgs: with pkgs; [
+      jellyfin
+      steam-launcher
+      steam-library
+      youtube
+    ]);
+  in mkIf cfg.enable
+    {
+      users.extraUsers.kodi.isNormalUser = true;
+
+      networking.firewall = {
+        allowedTCPPorts = [ 8080 ];
+        allowedUDPPorts = [ 8080 ];
+      };
+
+      services = if cfg.autologin then mkMerge [
+        mkIf cfg.wayland {
+          cage = mkIf cfg.wayland {
+            user = "kodi";
+            program = "${kodiPkg}/bin/kodi-standalone";
+            enable = true;
+          };
+          xserver = {
+            enable = false;
+            autorun = false;
+          };
+        }
+
+        mkIf (!cfg.wayland) {
+          xserver = {
+            enable = true;
+            desktopManager.kodi = {
+              enable = true;
+              package = kodiPkg;
+            };
+            displayManager.lightdm = {
+              enable = true;
+              greeter.enable = false;
+            };
+          };
+          displayManager = {
+            autoLogin.enable = true;
+            autoLogin.user = "kodi";
+            defaultSession = "kodi";
+            sessionData.autologinSession = "kodi";
+          };
+        }
+      ] else {};
+    };
 }

roles/nfs-mounts/default.nix

@@ -1,14 +1,31 @@
-# TODO: implement requireMount
+{ config, lib, ... }:
-{ requireMount ? false, ... }:
 
+with lib;
+
+let
+  cfg = config.roles.nfs-mounts;
+in
 {
-  fileSystems."/media" = {
+  options.roles.nfs-mounts = {
-    device = "10.0.0.43:/media";
+    enable = mkEnableOption "Enable default NFS mounts";
-    fsType = "nfs";
+    # TODO: implement requireMount
-    options = [
+    requireMount = mkOption {
-      "defaults"
+      type = types.bool;
-      "nofail"
+      description = "Hard fail if the NFS mounts are not available";
-      "softreval"
+      default = false;
-    ];
+    };
   };
+
+  config = mkIf cfg.enable
+    {
+      fileSystems."/media" = {
+        device = "10.0.0.43:/media";
+        fsType = "nfs";
+        options = [
+          "defaults"
+          "nofail"
+          "softreval"
+        ];
+      };
+    };
 }

roles/nix/default.nix

@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  nix = {
-    package = pkgs.nixFlakes;
-    distributedBuilds = true;
-    buildMachines = [{
-      hostName = "z790prors.oglehome";
-      system = "x86_64-linux";
-      protocol = "ssh-ng";
-      sshUser = "johno";
-      sshKey = "/root/.ssh/id_ed25519";
-      maxJobs = 3;
-      speedFactor = 2;
-    }];
-    settings = {
-      experimental-features = [ "nix-command" "flakes" ];
-      max-jobs = "auto";
-      trusted-users = [ "johno" ];
-      substituters = [
-        "https://hyprland.cachix.org"
-      ];
-      trusted-public-keys = [
-        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      ];
-    };
-  };
-  nixpkgs.config.allowUnfree = true;
-}

roles/printing/default.nix

@@ -1,4 +1,23 @@
-{ ... }:
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.printing;
+in
 {
-  services.printing.enable = true;
+  options.roles.printing = {
+    enable = mkEnableOption "Enable default printing setup";
+  };
+
+  config = mkIf cfg.enable
+    {
+      services.printing.enable = true;
+
+      services.avahi = {
+        enable = true;
+        nssmdns4 = true;
+        openFirewall = true;
+      };
+    };
 }

roles/secrets/default.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" "/home/johno/.ssh/id_ed25519" ];
+  sops.secrets.example_key = {};
+}

roles/spotifyd/default.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.spotifyd;
+in
+{
+  options.roles.spotifyd = {
+    enable = mkEnableOption "Enable the spotifyd role";
+  };
+
+  config = mkIf cfg.enable
+    {
+      roles.audio.enable = true;
+
+      services.spotifyd = {
+        enable = true;
+        settings = {
+          global = {
+            use_mpris = false;
+            backend = "alsa";
+            device = "sysdefault";
+            bitrate = 320;
+            cache_path = "";
+            zeroconf_port = 1234;
+            autoplay = false;
+          };
+        };
+      };
+
+      networking.firewall.allowedTCPPorts = [
+        1234
+        57621
+      ];
+      networking.firewall.allowedUDPPorts = [
+        5353
+      ];
+    };
+}

roles/users/default.nix

@@ -1,8 +1,52 @@
-{ extraGroups ? [], ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.users;
+in
 {
-  users.users.johno = {
+  options.roles.users = {
-    isNormalUser = true;
+    enable = mkEnableOption "Enable default users";
-    description = "John Ogle";
+    extraGroups = mkOption {
-    extraGroups = [ "wheel" "networkmanager" "audio" ] ++ extraGroups;
+      default = [];
+    };
+    kids = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+
+  config = let
+    kidsPackages = with pkgs; [
+      firefox
+    ];
+  in mkIf cfg.enable {
+    users.users.johno = {
+      isNormalUser = true;
+      description = "John Ogle";
+      extraGroups = [ "wheel" "networkmanager" "audio" ] ++ cfg.extraGroups;
+    };
+
+    users.users.eli = mkIf cfg.kids {
+      isNormalUser = true;
+      description = "Eli";
+      home = "/home/eli";
+      packages = kidsPackages;
+    };
+
+    users.users.andrew = mkIf cfg.kids {
+      isNormalUser = true;
+      description = "Andrew";
+      home = "/home/andrew";
+      packages = kidsPackages;
+    };
+
+    users.users.jules = mkIf cfg.kids {
+      isNormalUser = true;
+      description = "Jules";
+      home = "/home/jules";
+      packages = kidsPackages;
+    };
   };
 }

roles/virtualisation/default.nix

@@ -1,6 +1,18 @@
-{ config, ... }:
+{ config, lib, ... }:
 
+with lib;
+
+let
+  cfg = config.roles.virtualisation;
+in
 {
-  virtualisation.libvirtd.enable = true;
+  options.roles.virtualisation = {
-  programs.virt-manager.enable = true;
+    enable = mkEnableOption "Enable virtualisation";
+  };
+
+  config = mkIf cfg.enable
+    {
+      virtualisation.libvirtd.enable = true;
+      programs.virt-manager.enable = true;
+    };
 }

secrets/secrets.yaml

@@ -0,0 +1,48 @@
+hello: ENC[AES256_GCM,data:5ZpbPx3D8gQc1fOhViUqiCr0zLWYotB+vIBixqTbqP9XLS52y6tr5DXus0aV9mTgka5deqc=,iv:yPJaCqDD9WD56swfBjSm7A62ZTTIQDqyAKOgP1ese+U=,tag:bo8+7Ne2f9aEZSvpkt1fzA==,type:str]
+example_key: ENC[AES256_GCM,data:v15bEcb0H3vaj13blg==,iv:9P3IA7ChBamo41VE8G8tj46sZqeijsO1LcvwLtEPVPA=,tag:o/lAyAYYGNLP9EjQNa/K8Q==,type:str]
+example_array:
+    - ENC[AES256_GCM,data:3Vwa7dfNfKzRc/xpk6I=,iv:IevBgxwWdaBvZY1ywteWcfWwDIA8lK3FTWs67lLBKxw=,tag:Mx5lzUeNZ/3wJBWAl5XSBw==,type:str]
+    - ENC[AES256_GCM,data:epkT6WPGW5Oe/S+4HtU=,iv:N0yoDuieAaEi+NuCoCL4zrkhaDDdkttboI89m+UccjQ=,tag:OoERRByb0OM4un9oGLJQgA==,type:str]
+#ENC[AES256_GCM,data:YzMFXxn3sbbHpGB4jPRtRw==,iv:TN6ogQuH7c6xtDoWt0Ew9B2f7wuaipJynvscZmaJYoU=,tag:No0UwEktEyMNBg/46P+Zmg==,type:comment]
+example_number: ENC[AES256_GCM,data:jmLoVC+8YIlB2A==,iv:u9GztD/aE9UN5zWq3Am2nhYwmYt3sf8sy65MHbhVoD0=,tag:wKuf1mMr5XBJveJrz0uHPA==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:ZacILA==,iv:xo+7aFFQXzbJzKDY0mYTeFLf10AlnHkywDRAMHeprEM=,tag:F/OnJdqjrZP02sTLWLmnbg==,type:bool]
+    - ENC[AES256_GCM,data:NaFrvrs=,iv:kKDmGs9u/w5qrZ/379Jlx8AotUVADvH+eHwHCqykmkE=,tag:nD9TsmkXUm4ABaT1ABWmcg==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjak9vRVJtVmJoanhEZ0hQ
+            MFJwMEE4UDcrRkdPRmZ6R09FSDY1aTk3Y1dNClZJYXRLNU5senR3Qzh6VmZGMlhu
+            bnl6VjlaUEFISnBtSTVrcEd0ZjI5Q2MKLS0tIFl1b3A5ZWVqc1gvWVZnZis0ZHFk
+            bWhnNVB2TUJ4YzY4NHdSVXhPc3dReTgKWRYBbBE3+oGsRNw1CROhFY+btENbShfv
+            gw3IdW7OoZV6JpJBOcI82eOuOkIxrmgSGDGeyy10/a5MA/cB1umm+w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcmV3TDlNL2Zxb0h5QTYx
+            QkVmczA0MDc2ZnpNNU1YeFVzSXJwc3RWUmk4CjF4bHIrVU9VM3htTUxGZ2FUR256
+            UEovdVV2cmNIbkloS1VobTNFSDVyRG8KLS0tIEFhUk5kL3hCNGs4MGJBTmNJaVFm
+            b2ZBUGJ1K0lKTitKYTRUMWszQzhBU0UKBaM6t6JmWfiG+wPorGea1gqvV5RSIPyw
+            6yb2PcH2oZ0HrjJM5sjfu7XOWY3KneiZZikR1BpD5KvevfagWTSR/w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMFJiNjVOb0lTcmJ3VnhH
+            WlRKZERRZFM3TFZBZGNSZC9GdHlHakMza21zClJ3SDdFUkVRc3oyVVU3WEtDQzBu
+            OEFqS3NwbHZFUlpCYlN6RW84N0F1amcKLS0tIHFZK21aTHdwZ2dWbVRrWEZDWFZj
+            aU1IQzdTMVhnbHhsNENwMG05dXhOU2MK8fEJea9sL5JLgltVlTI6mRDb+Tl83Iz7
+            4wPYvo68cn8vimXqSk45ldHRrNa3zhYai3CalQaGtDT3fkWGvSq0zQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-28T15:44:39Z"
+    mac: ENC[AES256_GCM,data:YUi+AbS6DQTmrSyOXsbkZWfWaMyKGR8fYm/MHcxmqChi8hng+UWHBZjsLBe6ef/FLH3rnP6bhfwK8KYnVS6fHvHahoqIq/BHydTsqrclnSgRAGl8Lh0yuhwISNRvP1AuW5pd50sdQaS0uGOtzOCharI/pZ9H+cmt2SB5WOCdeLs=,iv:2nBG6it3tNSLSia8hGzCcesuK9QwzB9EzfjWegjQ2kw=,tag:RGGPAPw/rQKhWA2OqLjTJw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0