initial artemision changes (#116)

* Add artemision

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* blank config.nix for alice

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix slack (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix unipicker (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix vscode (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add wired-notify (not currently working, artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* update lock

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* initial format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision settings

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add artemision files

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision initial setup

* artemision initial setup

* sops generation

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix breaking changes, add framework module

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting and friends

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot, mutable users is true

* fmt

* Add desktop/framework dependencies

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* enable sops

* sops/ethernet fixes

* update subs

* cache key fix & mutable users

* temp neovim

* zsh changes

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* dependency fixes, zsh.nix

* zsh fixes for home-manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* minor zsh fixes

* minor zsh/home fixes

* cleanup

* typo from merge

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove owner

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* non-server :)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add display manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* switch to gdm

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland errors

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove ZFS unstable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* zsh reorg

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland enable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot partition options

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland agian

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* nix format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: ahuston-0 <alice.huston@gmail.com>

users/alice/home.nix

@@ -1,6 +1,8 @@
 { pkgs, ... }:
 
 {
+  imports = [ ./home/zsh.nix ];
+
   home = {
     # # Adds the 'hello' command to your environment. It prints a friendly
     # # "Hello, world!" when run.
@@ -52,13 +54,17 @@
   };
 
   programs = {
-    zsh.enable = true;
     starship.enable = true;
     fzf = {
       enable = true;
       enableZshIntegration = true;
     };
 
+    nix-index = {
+      enable = true;
+      enableZshIntegration = true;
+    };
+
     topgrade = {
       enable = true;
       settings = {
@@ -73,5 +79,7 @@
     };
   };
 
+  services.ssh-agent.enable = true;
+
   home.stateVersion = "23.11";
 }

users/alice/home/zsh.nix

@@ -0,0 +1,99 @@
+{ ... }:
+{
+
+  programs.zsh = {
+
+    enable = true;
+    # autosuggestion.enable = true;
+    oh-my-zsh = {
+      enable = true;
+      plugins = [
+        "git"
+        "docker"
+        "docker-compose"
+        "colored-man-pages"
+        "rust"
+        "systemd"
+        "tmux"
+        "ufw"
+        "z"
+        "fzf"
+      ];
+    };
+    initExtra = ''
+      # functions
+      function mount-data {
+          if [[ -f /home/alice/backup/.noconnection ]]; then
+      	sshfs -p 10934 lily@192.168.1.154:/mnt/backup/data/ ~/backup -C
+          else
+      	echo "Connection to backup server already open."
+          fi
+      }
+
+      function mount-backup {
+          if [[ -f /home/alice/backup/.noconnection ]]; then
+          	sudo borgmatic mount --options allow_other,nonempty --archive latest --mount-point ~/backup -c /etc/borgmatic/config_checkless.yaml
+          else
+              echo "Connection to backup server already open."
+          fi
+      }
+
+      function mount-ubuntu {
+          if [[ -f /home/alice/backup/.noconnection ]]; then
+              sshfs lily@192.168.76.101:/mnt/backup/ubuntu.old/ ~/backup -C
+          else
+              echo "Connection to backup server already open."
+          fi
+      }
+    '';
+    shellAliases = {
+      "sgc" = "sudo git -C /root/dotfiles";
+      ## SSH
+      "ssh-init" = "ssh-add -t 24h ~/.ssh/id_ed25519_janus ~/.ssh/id_ed25519_dennis ~/.ssh/id_ed25519_hetzner ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_ed25519_jeeves2 ~/.ssh/id_ed25519_jeeves ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine";
+
+      ## Backups
+      "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
+      "borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
+      "umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
+      "restic-backup" = "/home/alice/Scripts/restic/backup.sh";
+
+      ## VPN
+      "pfSense-vpn" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1194-alice-config.ovpn";
+      "pfSense-vpn-all" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1195-alice-config.ovpn";
+
+      ## Utilities
+      "lrt" = "exa --icons -lsnew";
+      "lynis-grep" = ''sudo lynis audit system 2&>1 | grep -v "egrep"'';
+      "egrep" = "grep -E";
+      "htgp" = "history | grep";
+      "gen_walpaper" = "wal -i '/home/alice/Pictures/Wallpapers/1440pdump'";
+      "vlgdf" = "valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes";
+      "ls" = "exa --icons";
+      "libreoffice-writer" = "libreoffice --writer";
+      "libreoffice-calc" = "libreoffice --calc";
+      "notes" = "code /home/alice/Scripts/Notes/dendron.code-workspace";
+      "ua-drop-caches" = "sudo paccache -rk3; yay -Sc --aur --noconfirm";
+      "ua-update-all" = ''
+        (export TMPFILE="$(mktemp)"; \
+              sudo true; \
+              rate-mirrors --save=$TMPFILE --protocol https\
+              --country-test-mirrors-per-country 10 arch --max-delay=21600 \
+                && sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist-backup \
+                && sudo mv $TMPFILE /etc/pacman.d/mirrorlist \
+                && ua-drop-caches \
+                && yay -Syyu)
+      '';
+
+      # applications (rofi entries)
+      "ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
+      "Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
+      "Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
+      "Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
+      "octave" = "prime-run octave --gui";
+      "pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";
+      "hx" = "helix";
+    };
+  };
+
+  # TODO: add environment bs
+}

users/alice/secrets.yaml

@@ -6,54 +6,54 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
+        - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D
-            dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5
-            bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0
-            enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y
-            eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Mk13QUFFeGx3OFc2MnN1
+            ejBwa25sVGJSaWhHTXI3L2dQWEk4Sm9zZ0dVCnpIblczcWRvVU02SnlNZFdvWHhy
+            d2NEMXpUUGFyUHZJeVluSEVROHV1UncKLS0tIHl0V1JaQ3ZtSkhrOXAzRkNMOU5B
+            Y0oyRWJMdXZmeDZxSzNCWUJEQzRESUkKIwxWT8Px1Y4QxW6FC349N89UbeGiA98k
+            gTwTDmABCbJt6MEc3zmoRSObirGLzgvmPjzXlHdmqcKoR0twXUBDYA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG
-            SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY
-            MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3
-            Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1
-            3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra1V4bXBkZklucDEwbmdz
+            dk41QjN0eUtsZVMvellRMFRCOHd3Q2p4cXhZCmhkZzhwWTg0QkgrQTdIeEU0QjZS
+            aTU0c1NFV1hjZmFUUTFtaUYyMG1Pd2sKLS0tICtoMmsrSHJLS3g3K1JWelFOcWhL
+            VW1yekgzQkI2Uk9tRDJQTldrakZLUmMKMhmS9xqucsbfdIe1BjlPSYkvF88onzww
+            j5YkZSaaxNHcbMaTVc1+QjYv7NooM79EpUX96hP4BDwORpU3FWS2jA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv
-            VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI
-            Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3
-            aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4
-            0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VHF0aUN3cE1OcUtzWkdM
+            UGNPdVJteDFvRXFXVFVTV2p0WDV1TjBrTDIwCjVpYU1vbXdDQ24vR25qN0pEalVw
+            U2laUHg4TkVCLzNQRDI5Tnpzam5ZT2MKLS0tIDJNdXk2Y3V0bEFlY0NLdXUyMWw0
+            aHZYZkJoajZDa0pZVkpxbzFXTm9ZbXMKamjLneLosXuqhUcsiLXFGEgMVN+Yzklh
+            XKf6vPmwcPuOsy5yimy5P/TygLWJ0JeXDoieDEL+/NN6kt2qtUWD4g==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-02-03T22:20:54Z"
     mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
     pgp:
-        - created_at: "2024-03-02T20:52:45Z"
+        - created_at: "2024-03-23T05:48:28Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e
-            +Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5
-            jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7
-            d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP
-            kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c
-            eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti
-            +ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9
-            fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI
-            D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w
-            zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE
-            NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S
-            XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc
-            m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4=
-            =iuPC
+            hQIMA84hNUGIgI/nAQ/9HO5t//5ztagOvKoBP/W4p9Huhav4MEmqZADmbXEv+ZcG
+            ihnaeiofyoaKbJXfmGZ8vDIA68ZvKFL/n0sDR/plUHAuHuCR2qa+sVmo9ruJyKEq
+            EWc/BlguqXJCiga/MP2Ocbh+XQYJMcwGorcR1tkFjL3HkHlY+MuMCZJr8nhoERba
+            bHNIG6J31EHZ3ivub38C9GWuwaosBqO5AlUH3nRA63vMcOCwdnpXzvc4qeIgtfxn
+            ouSdj7zl75v1KG8wlR0v8ciHHdNxQ/8WoLK9QduXIFnFGxAXFYOY2838mMNZOSr4
+            q6tg7ICKdMS1h3I4cTknUFEE7ZEEDMoZR/r89rJMXMQJGZ4JWVgkAroXyriRACSp
+            GmObXzur8BmJvaSmpckacNqZqUyVCveM82344t/q4BDZmiOKUhFQNeo8uQhgd3Jf
+            Z3gnNA1FsvMJOn2/oLxDP0d54uysN1fWnuhXiosiONonBNcHCuPF5Zp3OdAXJ/a9
+            YSj0n6mee600bhn0ff0MrxXfiBQUXBnTjtUljhM1EuXrniskp1OK2Xi736O+5KwN
+            ppT0Iol/cdfUcPNj+cONjkk6xVcARNuQ8vu0clGMPfqfkg3Ne9gLqUGoH5f2PMe2
+            sWNFMhhfqcnhwEGXDw3hXEGoabzxKr5YbItwe3t9oxbp59lgxuP38yaTnOe4KzPS
+            XgHntRY2zgxeKFruk8BjCyeffJO/4uXaj2LKcGcRKP3nyJ1h0JX7itmsGbYshhTZ
+            976Oaooyoabhv7NbUrZkpk6TcD+H6AIC7vavLZsva+BgDXKRH9nxTcDXo45WbL8=
+            =qXlJ
             -----END PGP MESSAGE-----
           fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
     unencrypted_suffix: _unencrypted

users/alice/systems/artemision/configuration.nix

@@ -0,0 +1,63 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../configuration.nix
+    ../programs.nix
+    ./programs.nix
+    ./desktop.nix
+  ];
+
+  time.timeZone = "America/New_York";
+  console.keyMap = "us";
+
+  # temp workaround for building while in nixos-enter
+  services.logrotate.checkConfig = false;
+
+  networking = {
+    hostId = "58f50a15";
+    firewall.enable = true;
+  };
+
+  boot = {
+    useSystemdBoot = true;
+    default = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      recommendedDefaults = true;
+      logDriver = "local";
+      storageDriver = "overlay2";
+      daemon."settings" = {
+        experimental = true;
+        data-root = "/var/lib/docker";
+        exec-opts = [ "native.cgroupdriver=systemd" ];
+        log-opts = {
+          max-size = "10m";
+          max-file = "5";
+        };
+      };
+    };
+  };
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  services.fwupd.package =
+    (import
+      (builtins.fetchTarball {
+        url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
+        sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
+      })
+      { inherit (pkgs) system; }
+    ).fwupd;
+
+  services.fprintd.enable = false;
+
+  system.stateVersion = "24.05";
+}

users/alice/systems/artemision/default.nix

@@ -0,0 +1,10 @@
+{ inputs, ... }:
+{
+  system = "x86_64-linux";
+  home = true;
+  sops = true;
+  modules = [
+    inputs.nixos-hardware.nixosModules.framework-13-7040-amd
+    { environment.systemPackages = [ inputs.wired-notify.packages.x86_64-linux.default ]; }
+  ];
+}

users/alice/systems/artemision/desktop.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+  # Optional, hint electron apps to use wayland:
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  services.xserver.displayManager.gdm = {
+    enable = true;
+  };
+}

users/alice/systems/artemision/hardware.nix

@@ -0,0 +1,90 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "thunderbolt"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [
+    "dm-snapshot"
+    "r8152"
+  ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/5AD7-6005";
+    fsType = "vfat";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp196s0f3u2u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

users/alice/systems/artemision/non-server.nix

@@ -0,0 +1,101 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  # Adds some items from the server config without importing everything
+  security.auditd.enable = true;
+  nixpkgs.config.allowUnfree = true;
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  boot = {
+    default = true;
+  };
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+
+  users = {
+    defaultUserShell = pkgs.zsh;
+    mutableUsers = false;
+  };
+
+  networking = {
+    firewall = {
+      enable = lib.mkDefault true;
+      allowedTCPPorts = [ ];
+    };
+  };
+
+  services = {
+    autopull = {
+      enable = true;
+      ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
+      path = /root/dotfiles;
+    };
+  };
+
+  # programs = {
+  #   zsh = {
+  #     enable = true;
+  #     syntaxHighlighting.enable = true;
+  #     zsh-autoenv.enable = true;
+  #     enableCompletion = true;
+  #     enableBashCompletion = true;
+  #     ohMyZsh.enable = true;
+  #     autosuggestions = {
+  #       enable = true;
+  #       strategy = [ "completion" ];
+  #       async = true;
+  #     };
+  #   };
+  # };
+
+  nix = {
+    diffSystem = true;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      keep-outputs = true;
+      builders-use-substitutes = true;
+      connect-timeout = 20;
+    };
+
+    # free up to 10 gb when only 1 gb left
+    extraOptions = ''
+      min-free = ${toString (1 * 1024 * 1024 * 1024)}
+      max-free = ${toString (10 * 1024 * 1024 * 1024)}
+    '';
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
+    optimise = {
+      automatic = true;
+      dates = [ "01:00" ];
+    };
+  };
+
+  system = {
+    autoUpgrade = {
+      enable = true;
+      randomizedDelaySec = "1h";
+      persistent = true;
+      flake = "github:RAD-Development/nix-dotfiles";
+    };
+  };
+}

users/alice/systems/artemision/programs.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    bat
+    btop
+    croc
+    deadnix
+    direnv
+    fd
+    file
+    htop
+    hwloc
+    iperf3
+    jp2a
+    jq
+    lsof
+    lynis
+    ncdu
+    neofetch
+    nix-init
+    nix-output-monitor
+    nix-prefetch
+    nix-tree
+    nixpkgs-fmt
+    nmap
+    pciutils
+    python3
+    qrencode
+    ripgrep
+    smartmontools
+    tig
+    tokei
+    tree
+    unzip
+    ventoy
+    wget
+    zoxide
+    zsh-nix-shell
+  ];
+}

users/alice/systems/artemision/secrets.yaml

@@ -0,0 +1,51 @@
+hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
+example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
+#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
+    - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
+example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
+    - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
+#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM
+            MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz
+            UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk
+            UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc
+            FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-23T05:46:44Z"
+    mac: ENC[AES256_GCM,data:/QpK5JuZgnKKHSOTKMRV291UJbPQaNFOx5hheBFx8aVKbS0TGPBMhFp65mw2dOjwT92iyjTxsox/wwev0wcNdNwlvLYTwFdwf4D6FHyLgX/DSkMfqcXbk8HHFlu0LEyd3W6wi2DBsB0KwiVcfsFKoUD4fKbpWnY2EXFOPD6L2Vg=,iv:hPlgFlPqTDXqfcCjRsJuznR+d3PlwT2kJ/TwFe1obfM=,tag:ZkpcEP0u95vvR37GkJGkuQ==,type:str]
+    pgp:
+        - created_at: "2024-03-23T05:46:35Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u
+            wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk
+            93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb
+            sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1
+            vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy
+            fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN
+            4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc
+            g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW
+            xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO
+            xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq
+            WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS
+            XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle
+            uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4=
+            =XdJo
+            -----END PGP MESSAGE-----
+          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

users/alice/systems/configuration.nix

@@ -0,0 +1,12 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ./non-server.nix ];
+
+  services.fwupd.enable = true;
+}

users/alice/systems/non-server.nix

@@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  # Adds some items from the server config without importing everything
+  security.auditd.enable = true;
+  nixpkgs.config.allowUnfree = true;
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  boot = {
+    default = true;
+  };
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+
+  users = {
+    defaultUserShell = pkgs.zsh;
+    mutableUsers = false;
+  };
+
+  networking = {
+    firewall = {
+      enable = lib.mkDefault true;
+      allowedTCPPorts = [ ];
+    };
+  };
+
+  services = {
+    autopull = {
+      enable = true;
+      ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
+      path = /root/dotfiles;
+    };
+  };
+
+  programs.zsh = {
+    enable = true;
+    syntaxHighlighting.enable = true;
+    zsh-autoenv.enable = true;
+    enableCompletion = true;
+    enableBashCompletion = true;
+    ohMyZsh.enable = true;
+    autosuggestions = {
+      enable = true;
+      strategy = [ "completion" ];
+      async = true;
+    };
+  };
+
+  nix = {
+    diffSystem = true;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      keep-outputs = true;
+      builders-use-substitutes = true;
+      connect-timeout = 20;
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+  };
+
+  system = {
+    autoUpgrade = {
+      enable = true;
+      randomizedDelaySec = "1h";
+      persistent = true;
+      flake = "github:RAD-Development/nix-dotfiles";
+    };
+  };
+}

users/alice/systems/programs.nix

@@ -0,0 +1,53 @@
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}:
+{
+  environment.systemPackages = with pkgs; [
+    bfg-repo-cleaner
+    candy-icons
+    calibre
+    # calibre dedrm?
+    discord-canary
+    fanficfare
+    ferium
+    # gestures replacement
+    gpu-viewer
+    headsetcontrol
+    ipmiview
+    ipscan
+    masterpdfeditor4
+    mons
+    # nbt explorer?
+    neovim
+    noisetorch
+    ocrmypdf
+    pinentry-rofi
+    playonlinux
+    protonmail-bridge
+    protontricks
+    redshift
+    ripgrep
+    rpi-imager
+    rofi-wayland
+    # signal in tray?
+    siji
+    simple-mtpfs
+    slack
+    snyk
+    spotify
+    spotify-player
+    #swaylock/waylock?
+    sweet-nova
+    unipicker
+    ventoy
+    vscode
+    watchman
+    xboxdrv
+    yubioath-flutter
+    zoom
+  ];
+  # ++ [ inputs.wired.packages.${system}.wired ];
+}