(wip) add initial k3s role definition

Attempts to select the right emacs package based on whether the machine
is x11 only or not.

.sops.yaml

@@ -0,0 +1,11 @@
+keys:
+  - &admin_johno age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
+  - &host_z790prors age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
+  - &host_nixbook age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *admin_johno
+          - *host_z790prors
+          - *host_nixbook

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725694918,
+        "lastModified": 1728041527,
-        "narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=",
+        "narHash": "sha256-03liqiJtk9UP7YQHW4r8MduKCK242FQzud8iWvvlK+o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda",
+        "rev": "509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725634671,
+        "lastModified": 1727802920,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
         "type": "github"
       },
       "original": {
@@ -36,10 +36,48 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1725762081,
+        "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1727423009,
+        "narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "127a96f49ddc377be6ba76964411bab11ae27803",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -4,56 +4,65 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, nixpkgs, ... } @ inputs: {
+  outputs = { self, nixpkgs, ... } @ inputs: let
-    nixosConfigurations.z790prors-nix = nixpkgs.lib.nixosSystem {
+    baseModules = [
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [ 
-        ./machines/z790prors/configuration.nix 
-        inputs.home-manager.nixosModules.home-manager
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = { inherit inputs; };
-          home-manager.users.johno = import ./home/home-z790prors.nix;
-        }
-      ];
-    };
-
-    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
       ./roles
-        ./machines/nix-book/configuration.nix
+      inputs.sops-nix.nixosModules.sops
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = { inherit inputs; };
+      }
-          home-manager.users.johno = import ./home/home-nix-book.nix;
+    ];
+  in {
+    nixosConfigurations.z790prors-nix = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      specialArgs = { inherit inputs; };
+      modules = baseModules ++ [
+        ./machines/z790prors/configuration.nix
+        {
+          home-manager.users.johno = import ./home/home-z790prors.nix;
+          home-manager.extraSpecialArgs.customPkgs =
+            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
         }
       ];
     };
 
-    nixosConfigurations.boxy = nixpkgs.lib.nixosSystem {
+    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
+      modules = baseModules ++ [
-      modules = [
+        ./machines/nix-book/configuration.nix
-        ./machines/boxy/configuration.nix
-        inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.useGlobalPkgs = true;
+          home-manager.users.johno = import ./home/home-nix-book.nix;
-          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs.customPkgs =
-          home-manager.extraSpecialArgs = { inherit inputs; };
+            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
-          home-manager.users.johno = import ./home/home-default.nix;
         }
       ];
     };
+
+    nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = baseModules ++ [
+        ./machines/boxy/configuration.nix
+        # inputs.home-manager.nixosModules.home-manager
+        # {
+        #   home-manager.users.johno = import ./home/home-default.nix;
+        #   home-manager.extraSpecialArgs.customPkgs =
+        #     nixpkgs.legacyPackages."${system}".callPackage ./packages {};
+        #     customPkgs = nixpkgs.legacyPackages."${system}".callPackage ./packages {};
+        # }
+      ];
+    };
   };
 }

home/home-default.nix

@@ -1,8 +1,5 @@
-{ pkgs, ... }:
+{ pkgs, customPkgs, ... }:
 
-let
-  nextcloudTalkDesktop = pkgs.callPackage ./modules/applications/nextcloud-talk-desktop/package.nix {};
-in
 {
   # Home Manager needs a bit of information about you and the paths it should
   # manage.
@@ -62,7 +59,7 @@ in
     pkgs.wofi
     pkgs.vlc
 
-    nextcloudTalkDesktop
+    customPkgs.nextcloudTalkDesktop
   ];
 
   # Home Manager is pretty good at managing dotfiles. The primary way to manage
@@ -106,9 +103,9 @@ in
   nixpkgs.config.allowUnfree = true;
 
   imports = [
-    ./modules/applications/emacs/default.nix
+    ./modules/emacs
-    ./modules/games/lutris/default.nix
+    ./modules/lutris
-    ./modules/window_managers/i3/default.nix
+    ./modules/i3+sway
   ];
 
   programs.bash.enable = true;
@@ -189,15 +186,6 @@ in
     package = pkgs.kdePackages.kdeconnect-kde;
   };
 
-  services.spotifyd = {
-    enable = true;
-    settings = {
-      global = {
-        username = "johnogle222";
-      };
-    };
-  };
-
   services.syncthing = {
     enable = true;
     tray = {

home/home-nix-book.nix

@@ -3,6 +3,10 @@
 {
   imports = [
     ./home-default.nix
-    ./modules/window_managers/hyprland/nix-book.nix
+    ./modules/hyprland/nix-book.nix
   ];
+
+  home.i3_sway.extraSwayConfig = {
+    output.eDP-1.scale = "1.75";
+  };
 }

home/home-z790prors.nix

@@ -3,6 +3,6 @@
 {
   imports = [
     ./home-default.nix
-    ./modules/window_managers/hyprland/z790prors.nix
+    ./modules/hyprland/z790prors.nix
   ];
 }

home/modules/applications/emacs/default.nix

@@ -1,69 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  emacs = pkgs.emacs29;
-  doomSync = (let
-    git = pkgs.git;
-  in ''
-    export PATH=${emacs}/bin:${git}/bin:$PATH
-    ${config.xdg.configHome}/emacs/bin/doom sync -u -j $((`nproc`/4*3))
-  '');
-in {
-  home.packages = [
-    pkgs.emacs-all-the-icons-fonts
-    pkgs.fontconfig
-    pkgs.graphviz
-    pkgs.isort
-    pkgs.nerdfonts
-    pkgs.nil # nix lsp language server
-    pkgs.nixfmt-rfc-style
-    (pkgs.ripgrep.override {withPCRE2 = true;})
-    pkgs.pipenv
-    pkgs.poetry
-    pkgs.python3
-  ];
-
-  fonts.fontconfig.enable = true;
-
-  home.file = {
-    ".config/emacs" = {
-      source = fetchGit {
-        url = "https://github.com/doomemacs/doomemacs.git";
-        # When updating me, remember to run `doom sync`
-        rev = "ac1122ae67d762e09fc6684945b52adff96cf1dc";
-      };
-      # We need to use recursive mode here or else doom fails to sync for
-      # some reason related to the permissions on the synced path. I'm not
-      # quite sure of everything that's going on here.
-      recursive = true;
-
-      # Because `recursive = true` will cause this to sync every single
-      # activation, we turn this off here.
-      #
-      # There's probably a way we could do better detection of this within
-      # our onChange shell?
-      #
-      # onChange = doomSync;
-    };
-  };
-
-  home.sessionVariables = {
-    DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
-    EDITOR = "emacs -nw";
-  };
-
-  home.sessionPath = [
-    "${config.xdg.configHome}/emacs/bin"
-  ];
-
-  programs.emacs = {
-    enable = true;
-    package = emacs;
-  };
-
-  xdg.configFile."doom" = {
-    source = ./doom;
-    # Sync doom if we updated the config
-    onChange = doomSync;
-  };
-}

home/modules/emacs/default.nix

@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  doomSync = (let
+    git = pkgs.git;
+  in ''
+    export PATH=${pkgs.emacs}/bin:${git}/bin:$PATH
+    ${config.xdg.configHome}/emacs/bin/doom sync -u -j $((`nproc`/4*3))
+  '');
+in {
+  config = {
+    home.packages = [
+      pkgs.emacs-all-the-icons-fonts
+      pkgs.fontconfig
+      pkgs.graphviz
+      pkgs.isort
+      pkgs.nerdfonts
+      pkgs.nil # nix lsp language server
+      pkgs.nixfmt-rfc-style
+      (pkgs.ripgrep.override {withPCRE2 = true;})
+      pkgs.pipenv
+      pkgs.poetry
+      pkgs.python3
+    ];
+
+    fonts.fontconfig.enable = true;
+
+    home.file = {
+      ".config/emacs" = {
+        source = fetchGit {
+          url = "https://github.com/doomemacs/doomemacs.git";
+          # When updating me, remember to run `doom sync`
+          rev = "5ad99220b86ae1bf421861dfad24492d768ac4d9";
+        };
+        # We need to use recursive mode here or else doom fails to sync for
+        # some reason related to the permissions on the synced path. I'm not
+        # quite sure of everything that's going on here.
+        recursive = true;
+
+        # Because `recursive = true` will cause this to sync every single
+        # activation, we turn this off here.
+        #
+        # There's probably a way we could do better detection of this within
+        # our onChange shell?
+        #
+        # onChange = doomSync;
+      };
+    };
+
+    home.sessionVariables = {
+      DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
+      EDITOR = "emacs -nw";
+    };
+
+    home.sessionPath = [
+      "${config.xdg.configHome}/emacs/bin"
+    ];
+
+    xdg.configFile."doom" = {
+      source = ./doom;
+      # Sync doom if we updated the config
+      onChange = doomSync;
+    };
+  };
+}

home/modules/i3+sway/default.nix

@@ -0,0 +1,139 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.home.i3_sway;
+  i3_cfg = config.xsession.windowManager.i3.config;
+
+  shared_config = recursiveUpdate {
+    modifier = "Mod4";
+    terminal = "kitty";
+    defaultWorkspace = "workspace number 1";
+
+    keybindings = {
+      "${shared_config.modifier}+Return" = "exec ${i3_cfg.terminal}";
+      "${shared_config.modifier}+Shift+q" = "kill";
+      "${shared_config.modifier}+d" = "exec ${i3_cfg.menu}";
+
+      "${shared_config.modifier}+h" = "focus left";
+      "${shared_config.modifier}+j" = "focus down";
+      "${shared_config.modifier}+k" = "focus up";
+      "${shared_config.modifier}+l" = "focus right";
+
+      "${shared_config.modifier}+Shift+h" = "move left";
+      "${shared_config.modifier}+Shift+j" = "move down";
+      "${shared_config.modifier}+Shift+k" = "move up";
+      "${shared_config.modifier}+Shift+l" = "move right";
+
+      "${shared_config.modifier}+Left" = "focus left";
+      "${shared_config.modifier}+Down" = "focus down";
+      "${shared_config.modifier}+Up" = "focus up";
+      "${shared_config.modifier}+Right" = "focus right";
+
+      "${shared_config.modifier}+Shift+Left" = "move left";
+      "${shared_config.modifier}+Shift+Down" = "move down";
+      "${shared_config.modifier}+Shift+Up" = "move up";
+      "${shared_config.modifier}+Shift+Right" = "move right";
+
+      #"${shared_config.modifier}+h" = "split h";
+      "${shared_config.modifier}+v" = "split v";
+      "${shared_config.modifier}+f" = "fullscreen toggle";
+
+      "${shared_config.modifier}+s" = "layout stacking";
+      "${shared_config.modifier}+w" = "layout tabbed";
+      "${shared_config.modifier}+e" = "layout toggle split";
+
+      "${shared_config.modifier}+Shift+space" = "floating toggle";
+      "${shared_config.modifier}+space" = "focus mode_toggle";
+
+      "${shared_config.modifier}+a" = "focus parent";
+
+      "${shared_config.modifier}+Shift+minus" = "move scratchpad";
+      "${shared_config.modifier}+minus" = "scratchpad show";
+
+      "${shared_config.modifier}+1" = "workspace number 1";
+      "${shared_config.modifier}+2" = "workspace number 2";
+      "${shared_config.modifier}+3" = "workspace number 3";
+      "${shared_config.modifier}+4" = "workspace number 4";
+      "${shared_config.modifier}+5" = "workspace number 5";
+      "${shared_config.modifier}+6" = "workspace number 6";
+      "${shared_config.modifier}+7" = "workspace number 7";
+      "${shared_config.modifier}+8" = "workspace number 8";
+      "${shared_config.modifier}+9" = "workspace number 9";
+      "${shared_config.modifier}+0" = "workspace number 10";
+
+      "${shared_config.modifier}+Shift+1" =
+        "move container to workspace number 1";
+      "${shared_config.modifier}+Shift+2" =
+        "move container to workspace number 2";
+      "${shared_config.modifier}+Shift+3" =
+        "move container to workspace number 3";
+      "${shared_config.modifier}+Shift+4" =
+        "move container to workspace number 4";
+      "${shared_config.modifier}+Shift+5" =
+        "move container to workspace number 5";
+      "${shared_config.modifier}+Shift+6" =
+        "move container to workspace number 6";
+      "${shared_config.modifier}+Shift+7" =
+        "move container to workspace number 7";
+      "${shared_config.modifier}+Shift+8" =
+        "move container to workspace number 8";
+      "${shared_config.modifier}+Shift+9" =
+        "move container to workspace number 9";
+      "${shared_config.modifier}+Shift+0" =
+        "move container to workspace number 10";
+
+      "${shared_config.modifier}+Shift+c" = "reload";
+      "${shared_config.modifier}+Shift+r" = "restart";
+
+      "${shared_config.modifier}+r" = "mode resize";
+
+      "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
+      "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
+    };
+  } cfg.extraSharedConfig;
+in {
+  options.home.i3_sway = {
+    extraSharedConfig = mkOption {
+      default = {};
+    };
+    extraI3Config = mkOption {
+      default = {};
+    };
+    extraSwayConfig = mkOption {
+      default = {};
+    };
+  };
+
+  config = {
+    xsession.windowManager.i3 = let
+      base_i3_config = recursiveUpdate shared_config {
+        keybindings = {
+          "${shared_config.modifier}+Shift+e" =
+            "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
+        };
+      };
+    in {
+      enable = true;
+      config = recursiveUpdate base_i3_config cfg.extraI3Config;
+    };
+
+    wayland.windowManager.sway = let
+      base_sway_config = recursiveUpdate shared_config {
+        keybindings = {
+          "${shared_config.modifier}+Shift+e" =
+            "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
+        };
+        input = {
+          "type:keyboard" = {
+            xkb_options = "caps:escape";
+          };
+        };
+      };
+    in {
+      enable = true;
+      config = recursiveUpdate base_sway_config cfg.extraSwayConfig;
+    };
+  };
+}

home/modules/window_managers/i3/default.nix

@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  xsession.windowManager.i3 = {
-    enable = true;
-    config = {
-      modifier = "Mod4";
-    };
-  };
-}

machines/boxy/configuration.nix

@@ -2,18 +2,25 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
+{ lib, ... }:
+
+with lib;
 
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../roles/common/default.nix
-      ../../roles/nix/default.nix
-      (import ../../roles/kodi/default.nix { autologin = true; wayland = true; inherit lib; inherit pkgs; })
-      (import ../../roles/users/default.nix { extraGroups = []; })
     ];
 
+  roles = {
+    audio.enable = true;
+    kodi = {
+      enable = true;
+      autologin = true;
+      wayland = false;
+    };
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -22,6 +29,8 @@
 
   hardware.graphics.enable = true;
 
+  #services.displayManager.enable = mkForce false;
+
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
   #

machines/nix-book/configuration.nix

@@ -10,6 +10,8 @@
     ];
 
   roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
     desktop.enable = true;
     nfs-mounts.enable = true;
     printing.enable = true;

machines/z790prors/configuration.nix

@@ -2,23 +2,32 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ inputs, lib, pkgs, ... }:
+{ ... }:
 
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../roles/common/default.nix
-      (import ../../roles/desktop/default.nix { x11Only = true; inherit inputs; inherit pkgs; })
-      ../../roles/kids/default.nix
-      (import ../../roles/kodi/default.nix { autologin = false; wayland = false; inherit lib; inherit pkgs; })
-      ../../roles/nfs-mounts/default.nix
-      ../../roles/nix/default.nix
-      ../../roles/printing/default.nix
-      (import ../../roles/users/default.nix { extraGroups = ["input" "libvirtd"]; })
-      ../../roles/virtualisation/default.nix
     ];
 
+  roles = {
+    audio.enable = true;
+    desktop = {
+      enable = true;
+      x11Only = true;
+    };
+    kodi.enable = true;
+    nfs-mounts.enable = true;
+    printing.enable = true;
+    spotifyd.enable = true;
+    users = {
+      enable = true;
+      extraGroups = [ "input" "libvirtd" ];
+      kids = true;
+    };
+    virtualisation.enable = true;
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

machines/z790prors/hardware-configuration.nix

@@ -20,6 +20,8 @@
 
   hardware.graphics.enable = true;
   services.xserver.videoDrivers = ["nvidia"];
+  services.xserver.screenSection = ''Option "metamodes" "3440x1440_165 +0+0"'';
+  services.xserver.enableTearFree = true;
   hardware.nvidia = {
     modesetting.enable = true;
     powerManagement.enable = false;

packages/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  nextcloudTalkDesktop = pkgs.callPackage ./nextcloud-talk-desktop {};
+}

roles/audio/default.nix

@@ -0,0 +1,32 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.audio;
+in
+{
+  options.roles.audio = {
+    enable = mkEnableOption "Enable the audio role";
+  };
+
+  config =
+    {
+      environment.systemPackages = with pkgs; [
+        paprefs
+        pavucontrol
+        pulsemixer
+      ];
+
+      services.pipewire = {
+        enable = true;
+        pulse.enable = true;
+      };
+      hardware.pulseaudio.package = pkgs.pulseaudioFull;
+      hardware.pulseaudio.extraConfig = "
+        load-module module-combine-sink
+        load-module module-switch-on-connect
+      ";
+    };
+
+}

roles/bluetooth/default.nix

@@ -0,0 +1,26 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.bluetooth;
+in
+{
+  options.roles.bluetooth = {
+    enable = mkEnableOption "Enable the bluetooth role";
+  };
+
+  config =
+    {
+      hardware.bluetooth.enable = true;
+      hardware.bluetooth.powerOnBoot = true;
+      hardware.bluetooth.settings = {
+        General = {
+          Enable = "Source,Sink,Media,Socket";
+        };
+      };
+
+      services.blueman.enable = true;
+    };
+
+}

roles/default.nix

@@ -7,10 +7,14 @@ let
 in
 {
   imports = [
+    ./audio
+    ./bluetooth
     ./desktop
     ./kodi
     ./nfs-mounts
     ./printing
+    ./secrets
+    ./spotifyd
     ./users
     ./virtualisation
   ];
@@ -37,11 +41,6 @@ in
     # Enable the OpenSSH daemon.
     services.openssh.enable = true;
 
-    services.pipewire = {
-      enable = true;
-      pulse.enable = true;
-    };
-
     environment.systemPackages = with pkgs; [
       vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
       git

roles/desktop/default.nix

@@ -4,6 +4,29 @@ with lib;
 
 let
   cfg = config.roles.desktop;
+
+  basePackages = with pkgs; [
+    brightnessctl
+  ];
+
+  x11BasePackages = with pkgs; [
+
+  ];
+
+  x11OnlyPackages = with pkgs; [
+    emacs
+  ];
+
+  waylandBasePackages = with pkgs; [
+    grim
+    slurp
+    wl-clipboard
+    mako
+  ];
+
+  waylandOnlyPackages = with pkgs; [
+    emacs-gtk
+  ];
 in
 {
   options.roles.desktop = {
@@ -22,8 +45,10 @@ in
         options = "caps:escape";
       };
       services.xserver.enable = true;
-      services.xserver.displayManager = {
+
-        lightdm.enable = true;
+      services.displayManager.sddm = {
+        enable = true;
+        wayland.enable = !cfg.x11Only;
       };
       services.desktopManager.plasma6.enable = true;
 
@@ -38,12 +63,6 @@ in
       programs.dconf.enable = true;
       services.gnome.gnome-keyring.enable = true;
 
-      environment.systemPackages = with pkgs; mkIf (!cfg.x11Only) [
-        grim
-        slurp
-        wl-clipboard
-        mako
-      ];
       programs.sway = mkIf (!cfg.x11Only) {
         enable = true;
         wrapperFeatures.gtk = true;
@@ -71,6 +90,15 @@ in
 
       virtualisation.docker.enable = true;
       users.extraGroups.docker.members = [ "johno" ];
+
+      environment.systemPackages = with pkgs; mkMerge [
+        basePackages
+        x11BasePackages
+        (mkIf cfg.x11Only x11OnlyPackages)
+        # TODO: Do we need a "wayland only" mode?
+        (mkIf (!cfg.x11Only) waylandBasePackages)
+        (mkIf (!cfg.x11Only) waylandOnlyPackages)
+      ];
     };
 
 }

roles/k3s/default.nix

@@ -0,0 +1,32 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.k3s;
+in
+{
+  options.roles.k3s = {
+    enable = mkEnableOption "Enable the k3s role";
+  };
+
+  config =
+    {
+      networking.firewall.allowedTCPPorts = [
+        6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+        2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+        2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+      ];
+      networking.firewall.allowedUDPPorts = [
+        8472 # k3s, flannel: required if using multi-node for inter-node networking
+      ];
+      services.k3s.enable = true;
+      services.k3s.role = "server";
+      services.k3s.tokenFile = "";
+      services.k3s.serverAddr = "https://10.0.0.222:6443";
+      services.k3s.extraFlags = toString [
+        # "--debug" # Optionally add additional args to k3s
+      ];
+      services.k3s.gracefulNodeShutdown.enable = true;
+    };
+}

roles/kodi/default.nix

@@ -50,6 +50,7 @@ in
           enable = true;
           greeter.enable = false;
         };
+	displayManager.sddm.enable = mkForce false;
       };
       displayManager = mkIf (!cfg.wayland) {
         autoLogin.enable = true;

roles/printing/default.nix

@@ -10,6 +10,10 @@ with lib;
   config = {
     services.printing.enable = true;
 
-    # TODO: Add actual printer setup config here...
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
   };
 }

roles/secrets/default.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" "/home/johno/.ssh/id_ed25519" ];
+  sops.secrets.example_key = {};
+}

roles/spotifyd/default.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.spotifyd;
+in
+{
+  options.roles.spotifyd = {
+    enable = mkEnableOption "Enable the spotifyd role";
+  };
+
+  config = {
+    roles.audio.enable = true;
+
+    services.spotifyd = {
+      enable = true;
+      settings = {
+        global = {
+          use_mpris = false;
+          backend = "alsa";
+          device = "sysdefault";
+          bitrate = 320;
+          cache_path = "";
+          zeroconf_port = 1234;
+          autoplay = false;
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      1234
+      57621
+    ];
+    networking.firewall.allowedUDPPorts = [
+      5353
+    ];
+  };
+}

secrets/secrets.yaml

@@ -0,0 +1,48 @@
+hello: ENC[AES256_GCM,data:5ZpbPx3D8gQc1fOhViUqiCr0zLWYotB+vIBixqTbqP9XLS52y6tr5DXus0aV9mTgka5deqc=,iv:yPJaCqDD9WD56swfBjSm7A62ZTTIQDqyAKOgP1ese+U=,tag:bo8+7Ne2f9aEZSvpkt1fzA==,type:str]
+example_key: ENC[AES256_GCM,data:v15bEcb0H3vaj13blg==,iv:9P3IA7ChBamo41VE8G8tj46sZqeijsO1LcvwLtEPVPA=,tag:o/lAyAYYGNLP9EjQNa/K8Q==,type:str]
+example_array:
+    - ENC[AES256_GCM,data:3Vwa7dfNfKzRc/xpk6I=,iv:IevBgxwWdaBvZY1ywteWcfWwDIA8lK3FTWs67lLBKxw=,tag:Mx5lzUeNZ/3wJBWAl5XSBw==,type:str]
+    - ENC[AES256_GCM,data:epkT6WPGW5Oe/S+4HtU=,iv:N0yoDuieAaEi+NuCoCL4zrkhaDDdkttboI89m+UccjQ=,tag:OoERRByb0OM4un9oGLJQgA==,type:str]
+#ENC[AES256_GCM,data:YzMFXxn3sbbHpGB4jPRtRw==,iv:TN6ogQuH7c6xtDoWt0Ew9B2f7wuaipJynvscZmaJYoU=,tag:No0UwEktEyMNBg/46P+Zmg==,type:comment]
+example_number: ENC[AES256_GCM,data:jmLoVC+8YIlB2A==,iv:u9GztD/aE9UN5zWq3Am2nhYwmYt3sf8sy65MHbhVoD0=,tag:wKuf1mMr5XBJveJrz0uHPA==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:ZacILA==,iv:xo+7aFFQXzbJzKDY0mYTeFLf10AlnHkywDRAMHeprEM=,tag:F/OnJdqjrZP02sTLWLmnbg==,type:bool]
+    - ENC[AES256_GCM,data:NaFrvrs=,iv:kKDmGs9u/w5qrZ/379Jlx8AotUVADvH+eHwHCqykmkE=,tag:nD9TsmkXUm4ABaT1ABWmcg==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjak9vRVJtVmJoanhEZ0hQ
+            MFJwMEE4UDcrRkdPRmZ6R09FSDY1aTk3Y1dNClZJYXRLNU5senR3Qzh6VmZGMlhu
+            bnl6VjlaUEFISnBtSTVrcEd0ZjI5Q2MKLS0tIFl1b3A5ZWVqc1gvWVZnZis0ZHFk
+            bWhnNVB2TUJ4YzY4NHdSVXhPc3dReTgKWRYBbBE3+oGsRNw1CROhFY+btENbShfv
+            gw3IdW7OoZV6JpJBOcI82eOuOkIxrmgSGDGeyy10/a5MA/cB1umm+w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcmV3TDlNL2Zxb0h5QTYx
+            QkVmczA0MDc2ZnpNNU1YeFVzSXJwc3RWUmk4CjF4bHIrVU9VM3htTUxGZ2FUR256
+            UEovdVV2cmNIbkloS1VobTNFSDVyRG8KLS0tIEFhUk5kL3hCNGs4MGJBTmNJaVFm
+            b2ZBUGJ1K0lKTitKYTRUMWszQzhBU0UKBaM6t6JmWfiG+wPorGea1gqvV5RSIPyw
+            6yb2PcH2oZ0HrjJM5sjfu7XOWY3KneiZZikR1BpD5KvevfagWTSR/w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMFJiNjVOb0lTcmJ3VnhH
+            WlRKZERRZFM3TFZBZGNSZC9GdHlHakMza21zClJ3SDdFUkVRc3oyVVU3WEtDQzBu
+            OEFqS3NwbHZFUlpCYlN6RW84N0F1amcKLS0tIHFZK21aTHdwZ2dWbVRrWEZDWFZj
+            aU1IQzdTMVhnbHhsNENwMG05dXhOU2MK8fEJea9sL5JLgltVlTI6mRDb+Tl83Iz7
+            4wPYvo68cn8vimXqSk45ldHRrNa3zhYai3CalQaGtDT3fkWGvSq0zQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-28T15:44:39Z"
+    mac: ENC[AES256_GCM,data:YUi+AbS6DQTmrSyOXsbkZWfWaMyKGR8fYm/MHcxmqChi8hng+UWHBZjsLBe6ef/FLH3rnP6bhfwK8KYnVS6fHvHahoqIq/BHydTsqrclnSgRAGl8Lh0yuhwISNRvP1AuW5pd50sdQaS0uGOtzOCharI/pZ9H+cmt2SB5WOCdeLs=,iv:2nBG6it3tNSLSia8hGzCcesuK9QwzB9EzfjWegjQ2kw=,tag:RGGPAPw/rQKhWA2OqLjTJw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0