entirely vibed refactor

nixos/modules/base.nix

@@ -0,0 +1,191 @@
+{ config, pkgs, lib, repoLocalPath, ... }:
+{
+  boot = {
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+    kernel.sysctl = {
+      "net.ipv4.ip_unprivileged_port_start" = 0;
+    };
+    initrd = {
+      network = {
+        ssh.shell = pkgs.bash;
+      };
+    };
+  };
+
+  security.sudo-rs.enable = true;
+  system.stateVersion = "24.05";
+
+  system.autoUpgrade = {
+    enable = true;
+    persistent = true;
+    flake = repoLocalPath;
+    flags = [
+      "--print-build-logs"
+      "--no-write-lock-file"
+    ];
+    dates = "daily";
+  };
+
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+      trusted-users = [ "root" "alisceon" ];
+    };
+    gc = {
+      automatic = true;
+      persistent = true;
+      dates = "daily";
+      options = "--delete-older-than 7d";
+    };
+    registry = {
+      templates.to = {
+        type = "git";
+        url = "git+ssh://git@git.malice.zone/alisceon/devenv_templates.git";
+      };
+      nixpkgs.to = {
+        type = "github";
+        owner = "NixOS";
+        repo = "nixpkgs";
+        ref = "nixos-unstable";
+      };
+      nixpkgs-stable.to = {
+        type = "github";
+        owner = "NixOS";
+        repo = "nixpkgs";
+        ref = "nixos-25.05";
+      };
+    };
+  };
+
+  console.keyMap = "sv-latin1";
+  networking.networkmanager.enable = true;
+  time.timeZone = "Europe/Stockholm";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "sv_SE.UTF-8";
+    LC_IDENTIFICATION = "sv_SE.UTF-8";
+    LC_MEASUREMENT = "sv_SE.UTF-8";
+    LC_MONETARY = "sv_SE.UTF-8";
+    LC_NAME = "sv_SE.UTF-8";
+    LC_NUMERIC = "sv_SE.UTF-8";
+    LC_PAPER = "sv_SE.UTF-8";
+    LC_TELEPHONE = "sv_SE.UTF-8";
+    LC_TIME = "sv_SE.UTF-8";
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      libressl
+      git
+      wget
+      curl
+      btop
+      ripgrep
+      fd
+      nh
+      jq
+      ncdu
+      pciutils
+      usbutils
+      tree
+      fzf
+      psmisc
+      pv
+      file
+      nix-tree
+      unzip
+      lsd
+      bash
+      nushell
+      fish
+      powershell
+      python3
+      python3Packages.python-lsp-server
+      podman
+    ];
+
+    shells = with pkgs; [
+      bash
+      nushell
+      fish
+      powershell
+      xonsh
+    ];
+
+    etc."current-system-packages".text =
+      let
+        packages = builtins.map (p: "${p.name}:\t${p}") config.environment.systemPackages;
+        sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
+      in
+      pkgs.lib.strings.concatLines sortedUnique;
+  };
+
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu.swtpm.enable = true;
+    };
+    containers.enable = true;
+    docker.enable = true;
+    podman = {
+      enable = true;
+      dockerCompat = false;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+    oci-containers.backend = "podman";
+  };
+
+  users = {
+    defaultUserShell = pkgs.bash;
+    groups.docker = { };
+    users.alisceon = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "networkmanager" "podman" "docker" "libvirtd" ];
+      shell = pkgs.xonsh;
+      openssh.authorizedKeys.keys = [
+        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPN1Cd2UlHo03Jqgi5Yb4io/3gh/X4wCb8LcmKlpAovQa271CKDBtYOUKn+Fts03g6dBMfaWMty6VGPMGDMONmc= alisceon@electra"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvRYyYjN8z0yoPrHtaTQXY0iEtPl79K6/uXVceuS+31JGjRnqJjuDYg6KxAykGSfhercNdAJ2BTYJRGpMsW0Xn7+iq07TItcjJjERm7rjQZko4vauS62NdnV6BEG+6ktasb9CcepzwoRkLEXQOad3XbLbo0V2sj6uI5Rgq2Cfh6f9x1E1DJ87o6Ngkm+vQzdv4NYeya/O4vuoAw6BNhp4vyr9k+0K+TRLjflYPUwtb8U/agoYI5RoLZMa6eBKdPbLVYyahpMlYjHwr90H4c9veHliILcDSA8h6upcXSDwZiCPyu6cI4zRbzGQVg84iLmIs5ocMWsnuDQbqn5iM3BTV37atnTPI3O2C9WBxuOaGpk4C338V0CAfTo6GG/OSaFzfLBFE29nY6uXcCPH7KiDpig0naVWlpHZhED5OQRoSXBeyu4BgadV6eZ43HOcdbOAqbLcB1nvkKPi52Vj+JqwS8zIjQpipX22Trx2u4ike99ijeK6/XeoTnEAcUS0fcYQ0FDqqfLmr/HuxkEQ2NZF0sFFqVGUlpVJMFblNOH4L8A2kApnsrmlxnlVE+r0tTnnnK5tfCpyou/LPDM+4TzGw2nV2cwsZKbGaHvMM/qIvVva90mTcYfuDvGB10eQ2P9tN1TIjseONVLDVKNjNGzDBFY4RMeMJOWWQy0aBh0FP5Q== user@hannah.afk"
+      ];
+    };
+  };
+
+  programs = {
+    command-not-found.enable = true;
+    fzf.fuzzyCompletion = true;
+    xonsh = {
+      enable = true;
+      extraPackages = ps: with ps; [
+        pyperclip
+        xonsh.xontribs.xonsh-direnv
+        pkgs.nur.repos.xonsh-xontribs.xontrib-fish-completer
+        pkgs.nur.repos.xonsh-xontribs.xontrib-abbrevs
+        pkgs.nur.repos.xonsh-xontribs.xontrib-clp
+        pkgs.nur.repos.xonsh-xontribs.xontrib-bashisms
+        (
+          ps.buildPythonPackage
+          rec {
+            name = "xontrib-fzf-completions";
+            version = "v0.0.2";
+            format = "pyproject";
+            nativeBuildInputs = [ ps.setuptools ps.setuptools-scm ps.wheel ];
+            propagatedBuildInputs = [ ps.xonsh ];
+            src = pkgs.fetchFromGitHub {
+              owner = "doronz88";
+              repo = "${name}";
+              rev = "${version}";
+              sha256 = "sha256-1z5xHX4Psevn8686QkwIzv/LOJ5IMJc2nQ5Hg/2svTc=";
+            };
+            meta = {
+              homepage = "https://github.com/doronz88/xontrib-fzf-completions";
+              description = "fuzzy completions for xonsh";
+              license = pkgs.lib.licenses.mit;
+              maintainers = [ ];
+            };
+          }
+        )
+      ];
+      config = builtins.readFile ../../home/conf/xonsh/xonshrc;
+    };
+  };
+}

nixos/modules/profiles/server.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  system.autoUpgrade.allowReboot = true;
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+  };
+
+  environment.systemPackages = with pkgs; [
+    devenv
+    direnv
+  ];
+}

nixos/modules/profiles/workstation.nix

@@ -0,0 +1,72 @@
+{ pkgs, pkgs-unstable, ... }:
+{
+  boot = {
+    plymouth.enable = true;
+    kernelParams = [
+      "quiet"
+      "udev.log_level=3"
+      "systemd.show_status=auto"
+    ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services = {
+    printing.enable = true;
+    pulseaudio.enable = false;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      pulse.enable = true;
+      jack.enable = true;
+    };
+    xserver.xkb.layout = "se";
+    gnome = {
+      gnome-keyring.enable = true;
+      gnome-initial-setup.enable = false;
+    };
+    udev.packages = [
+      pkgs.via
+      pkgs.qmk
+      pkgs.qmk-udev-rules
+      pkgs.qmk_hid
+    ];
+    fwupd.enable = true;
+    openssh.settings.PasswordAuthentication = false;
+  };
+
+  programs.dconf.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    1312
+    8000
+    8080
+    8888
+  ];
+
+  environment = {
+    systemPackages = [
+      pkgs.discord
+      pkgs.signal-desktop
+      pkgs.mumble
+      (pkgs.chromium.override { enableWideVine = true; })
+      pkgs.google-chrome
+      pkgs.vscodium
+      pkgs.codex
+      pkgs.devenv
+      pkgs.direnv
+      pkgs.syncthing
+      pkgs.steam
+      pkgs.krita
+      pkgs.edk2-uefi-shell
+      pkgs-unstable.obsidian
+      pkgs.gparted
+      pkgs.vlc
+      pkgs.via
+      pkgs.plymouth
+      pkgs.xorg.xhost
+      (pkgs.bottles.override { removeWarningPopup = true; })
+    ];
+    sessionVariables.NIXOS_OZONE_WL = "1";
+  };
+}

nixos/modules/theme/stylix.nix

@@ -0,0 +1,65 @@
+{ pkgs, ... }:
+{
+  stylix = {
+    enable = true;
+    autoEnable = true;
+    enableReleaseChecks = false;
+    base16Scheme = {
+      base00 = "#181818";
+      base01 = "#252525";
+      base02 = "#3b3b3b";
+      base03 = "#777777";
+      base04 = "#777777";
+      base05 = "#b9b9b9";
+      base06 = "#dedede";
+      base07 = "#dedede";
+      base08 = "#ed4a46";
+      base09 = "#e67f43";
+      base0A = "#dbb32d";
+      base0B = "#70b433";
+      base0C = "#3fc5b7";
+      base0D = "#a580e2";
+      base0E = "#368aeb";
+      base0F = "#eb6eb7";
+    };
+
+    polarity = "dark";
+    fonts = {
+      monospace = {
+        package = pkgs.inconsolata;
+        name = "Inconsolata";
+      };
+      sansSerif = {
+        package = pkgs.noto-fonts;
+        name = "NotoSans";
+      };
+      serif = {
+        package = pkgs.noto-fonts;
+        name = "NotoSerif";
+      };
+      emoji = {
+        package = pkgs.noto-fonts-color-emoji;
+        name = "noto-fonts-color-emoji";
+      };
+      sizes = {
+        applications = 14;
+        terminal = 14;
+        desktop = 14;
+        popups = 14;
+      };
+    };
+
+    cursor = {
+      package = pkgs.whitesur-cursors;
+      name = "WhiteSur-cursors";
+      size = 20;
+    };
+
+    icons = {
+      enable = true;
+      package = pkgs.whitesur-icon-theme;
+      light = "WhiteSur-light";
+      dark = "WhiteSur-dark";
+    };
+  };
+}

nixos/modules/wm/gnome.nix

@@ -0,0 +1,38 @@
+{ pkgs, ... }:
+{
+  security.sudo.wheelNeedsPassword = false;
+
+  services = {
+    xserver.displayManager = {
+      gdm.enable = true;
+      gdm.wayland = true;
+    };
+    xserver.desktopManager.gnome.enable = true;
+    gnome = {
+      gnome-keyring.enable = true;
+      gnome-initial-setup.enable = false;
+    };
+  };
+
+  environment = {
+    gnome.excludePackages = with pkgs; [
+      evolution
+      geary
+      gnome-contacts
+      gnome-music
+      gnome-user-docs
+      gnome-tour
+      gnome-weather
+      gnome-maps
+      gnome-calendar
+      gnome-initial-setup
+      gnome-clocks
+    ];
+
+    systemPackages = [
+      pkgs.gnome-tweaks
+      pkgs.dconf-editor
+      pkgs.gnomeExtensions.ddterm
+    ];
+  };
+}

nixos/modules/wm/sway.nix

@@ -0,0 +1,99 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    pavucontrol
+    libinput
+    libinput-gestures
+    libnotify
+    wmctrl
+    playerctl
+    xdg-utils
+    shared-mime-info
+    libsecret
+    gnome-text-editor
+    loupe
+    evince
+    seahorse
+    nautilus
+  ];
+
+  programs = {
+    sway = {
+      enable = true;
+      wrapperFeatures.base = true;
+      wrapperFeatures.gtk = true;
+      extraOptions = [ "--unsupported-gpu" ];
+      extraPackages = with pkgs; [
+        swayidle
+        swaylock
+        swaybg
+        grim
+        slurp
+        wl-clipboard
+        pulseaudio
+        sway-contrib.grimshot
+        foot
+        kitty
+        dotool
+        mako
+        espanso-wayland
+      ];
+    };
+
+    uwsm = {
+      enable = true;
+      waylandCompositors = {
+        sway = {
+          prettyName = "Sway";
+          comment = "Sway compositor managed by UWSM";
+          binPath = "${pkgs.sway}/bin/sway";
+          extraArgs = [ "--unsupported-gpu" ];
+        };
+      };
+    };
+
+    light.enable = true;
+    dconf.enable = true;
+    seahorse.enable = true;
+  };
+
+  security = {
+    polkit.enable = true;
+    pam.services = {
+      greetd.enableGnomeKeyring = true;
+      login.enableGnomeKeyring = true;
+      swaylock.text = ''
+        auth sufficient pam_unix.so try_first_pass likeauth nullok
+        auth sufficient pam_fprintd.so
+        auth include login
+      '';
+    };
+  };
+
+  services = {
+    greetd = {
+      enable = true;
+      settings = {
+        initial_session = {
+          command = "uwsm start -- sway-uwsm.desktop";
+          user = "alisceon";
+        };
+        default_session = {
+          command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd 'uwsm start -- sway-uwsm.desktop' --remember --asterisks''";
+          user = "greeter";
+        };
+      };
+    };
+
+    logind.settings.Login = {
+      HandleLidSwitch = "suspend";
+      HandleLidSwitchExternalPower = "suspend";
+    };
+
+    dbus.packages = [ pkgs.seahorse pkgs.gnome-keyring pkgs.gcr ];
+    gnome.gcr-ssh-agent.enable = true;
+    gvfs.enable = true;
+  };
+
+  users.users.alisceon.extraGroups = [ "video" "input" ];
+}