commit then think

hosts/dunamis/configuration.nix

@@ -8,10 +8,11 @@
     ./hardware-conf.nix
     ./users.nix
     ./programs.nix
-    ./system/main.nix
+    ./stylix.nix
     chaotic.nixosModules.default
     stylix.nixosModules.stylix
     self.nixosModules.desktop
+    self.nixosModules.system
   ];
   desktop = {
     niri.enable = true;

hosts/dunamis/stylix.nix

@@ -12,7 +12,7 @@
       name = "Bibata_Tinted";
       size = 32;
     };
-    image = ../../../wallpapers/wallhaven-o5p5ql.jpg;
+    image = ../../wallpapers/wallhaven-o5p5ql.jpg;
     opacity.terminal = 0.9;
     fonts = {
       sizes = {

hosts/dunamis/users/user/flatpak.nix

@@ -0,0 +1,110 @@
+{
+  services.flatpak = {
+    enable = true;
+    remotes = [
+      {
+        name = "flathub";
+        location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
+      }
+      {
+        name = "hero-persson";
+        location = "https://hero-persson.github.io/unmojang-flatpak/index.flatpakrepo";
+      }
+    ];
+    packages = [
+      # misc
+      "io.github.zen_browser.zen"
+      "net.mullvad.MullvadBrowser"
+      "com.obsproject.Studio"
+      "com.bitwarden.desktop"
+      "com.github.tchx84.Flatseal"
+      "org.qbittorrent.qBittorrent"
+
+      # "com.transmissionbt.Transmission"
+      "com.usebottles.bottles"
+      "com.logseq.Logseq"
+      "org.octave.Octave"
+      "io.github.martchus.syncthingtray"
+
+      # chatting
+      "org.signal.Signal"
+      "im.riot.Riot"
+      "org.telegram.desktop"
+      "io.github.spacingbat3.webcord"
+      # "dev.vencord.Vesktop"
+      "org.mozilla.Thunderbird"
+
+      # media
+      "org.atheme.audacious"
+      "io.freetubeapp.FreeTube"
+      #"io.github.celluloid_player.Celluloid"
+      # "io.mpv.Mpv"
+
+      # gaming
+      #"com.github._0negal.Viper"
+      "com.valvesoftware.Steam"
+      "net.lutris.Lutris"
+      "com.heroicgameslauncher.hgl"
+      {
+        appId = "org.unmojang.FjordLauncher";
+        origin = "hero-persson";
+      }
+      "org.freedesktop.Platform.VulkanLayer.MangoHud//24.08"
+      "org.freedesktop.Platform.VulkanLayer.gamescope//24.08"
+    ];
+    overrides = {
+      "global" = {
+        # Force Wayland by default
+        Context = {
+          sockets = ["wayland" "!x11" "!fallback-x11"];
+          filesystems = [
+            "xdg-run/pipewire-0"
+            "xdg-config/gtk-3.0:ro"
+            "xdg-config/gtk-4.0:ro"
+            # "~/.local/share/fonts:ro"
+            "~/.local/share/icons:ro"
+            # "~/.nix-profile/share/icons:ro"
+            # "~/.nix-profile/share/fonts:ro"
+            "/nix/store:ro"
+          ];
+        };
+        Environment = {
+          XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons";
+          ELECTRON_OZONE_PLATFORM_HINT = "wayland";
+          #GTK_THEME = "adw-gtk3";
+        };
+      };
+      "io.github.martchus.syncthingtray".Context.filesystems = ["/storage/games/heroic/Factorio/game/saves"];
+      "org.octave.Octave".Context.sockets = ["x11"];
+      "org.octave.Octave".Environment = {QT_QPA_PLATFORM = "xcb";};
+      "com.valvesoftware.Steam" = {
+        Context = {
+          sockets = ["x11" "wayland"];
+          filesystems = ["/storage/games/steam"];
+        };
+        Environment = {
+          STEAM_FORCE_DESKTOPUI_SCALING = "1.3";
+        };
+      };
+      "org.signal.Signal" = {
+        Environment = {
+          SIGNAL_PASSWORD_STORE = "gnome-libsecret";
+        };
+      };
+      "net.lutris.Lutris".Context = {
+        sockets = ["x11" "wayland"];
+        filesystems = ["/storage/games/lutris" "~/games/lutris"];
+      };
+      "com.heroicgameslauncher.hgl".Context = {
+        sockets = ["x11" "wayland"];
+        filesystems = ["/storage/games/heroic" "~/games/heroic"];
+      };
+      "com.usebottles.Bottles" = {
+        Context = {
+          sockets = ["x11" "wayland"];
+          filesystems = ["/home/user/docs/nure/tex-template/assets/BridgeKSG"];
+        };
+      };
+    };
+  };
+}

hosts/dunamis/users/user/home-configuration.nix

@@ -6,6 +6,7 @@
     self.homeModules.desktop
     self.homeModules.programs
     ./programs.nix
+    ./flatpak.nix
   ];
   home = {
     stateVersion = "25.05";

hosts/dunamis/users/user/programs.nix

@@ -26,6 +26,7 @@
   };
 
   home.packages = with pkgs; [
+    alejandra
     flatpak
     waycheck
     vial

hosts/sarien/configuration.nix

@@ -9,9 +9,10 @@
     ./users.nix
     ./programs.nix
     ./system/main.nix
+    ./stylix.nix
     chaotic.nixosModules.default
-    stylix.nixosModules.stylix
     self.nixosModules.desktop
+    self.nixosModules.system
   ];
   desktop = {
     hyprland.enable = true;

hosts/sarien/stylix.nix

@@ -1,4 +1,11 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    inputs.stylix.nixosModules.stylix
+  ];
   environment.systemPackages = with pkgs; [
     nerd-fonts.iosevka
   ];
@@ -11,7 +18,7 @@
       name = "Bibata-Modern-Ice";
       size = 32;
     };
-    image = ../../../wallpapers/wallhaven-p966oj.jpg;
+    image = ../../wallpapers/wallhaven-p966oj.jpg;
     opacity.terminal = 0.9;
     fonts = {
       sizes = {

hosts/sarien/system/main.nix

@@ -1,9 +0,0 @@
-{
-  imports = [
-    ./misc/main.nix
-    ./security/main.nix
-    ./virtual/main.nix
-    ./wireless/main.nix
-    ./stylix.nix
-  ];
-}

hosts/sarien/system/misc/locale.nix

@@ -1,29 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  options = {
-    locale.ukrainian.enable =
-      lib.mkEnableOption "enables ukrainian locale";
-  };
-  config = lib.mkIf config.locale.ukrainian.enable {
-    i18n = {
-      defaultLocale = "uk_UA.UTF-8";
-      extraLocaleSettings = {
-        LC_CTYPE = "uk_UA.UTF-8";
-        LC_NUMERIC = "uk_UA.UTF-8";
-        LC_TIME = "uk_UA.UTF-8";
-        LC_COLLATE = "en_US.UTF-8";
-        LC_MONETARY = "uk_UA.UTF-8";
-        LC_MESSAGES = "uk_UA.UTF-8";
-        LC_PAPER = "uk_UA.UTF-8";
-        LC_NAME = "uk_UA.UTF-8";
-        LC_ADDRESS = "uk_UA.UTF-8";
-        LC_TELEPHONE = "uk_UA.UTF-8";
-        LC_MEASUREMENT = "uk_UA.UTF-8";
-        LC_IDENTIFICATION = "uk_UA.UTF-8";
-      };
-    };
-  };
-}

hosts/sarien/system/misc/main.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./opentabletdriver.nix
-    ./qmk-vial.nix
-    ./locale.nix
-  ];
-}

hosts/sarien/system/misc/mullvad-vpn.nix

@@ -1,6 +0,0 @@
-{pkgs, ...}: {
-  services.mullvad-vpn = {
-    enable = true;
-    package = pkgs.mullvad-vpn;
-  };
-}

hosts/sarien/system/misc/opentabletdriver.nix

@@ -1,20 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  options = {
-    opentabletdriver.enable =
-      lib.mkEnableOption "enables opentabletdriver";
-  };
-  config = lib.mkIf config.opentabletdriver.enable {
-    hardware.opentabletdriver = {
-      enable = true;
-      daemon.enable = true;
-      blacklistedKernelModules = [
-        "hid-uclogic"
-        "wacom"
-      ];
-    };
-  };
-}

hosts/sarien/system/misc/qmk-vial.nix

@@ -1,17 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  options = {
-    qmk-vial.enable =
-      lib.mkEnableOption "adds a udev rule for vial keyboards";
-  };
-  config = lib.mkIf config.qmk-vial.enable {
-    services.udev.extraRules = ''
-      #vial rule
-      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
-    '';
-  };
-}

hosts/sarien/system/security/basic.nix

@@ -1,90 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.security.basic;
-in {
-  options = {
-    security.basic.enable =
-      lib.mkEnableOption "enable basic security";
-  };
-  config = lib.mkIf cfg.enable {
-    security = {
-      sudo.enable = false;
-      # doas.enable = true;
-      sudo-rs = {
-        enable = true;
-        execWheelOnly = true;
-      };
-      polkit.enable = true;
-      polkit.extraConfig = ''
-        polkit.addRule(function(action, subject) {
-          if (
-            subject.isInGroup("users")
-              && (
-                action.id == "org.freedesktop.login1.reboot" ||
-                action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
-                action.id == "org.freedesktop.login1.power-off" ||
-                action.id == "org.freedesktop.login1.power-off-multiple-sessions"
-              )
-            )
-          {
-            return polkit.Result.YES;
-          }
-        });
-      '';
-      apparmor.enable = lib.mkDefault true;
-    };
-
-    environment.systemPackages = with pkgs; [
-      (mkIf (config.security.doas.enable == true) doas-sudo-shim) # if doas install doas sudo shim
-    ];
-
-    services.dbus = {
-      apparmor = "enabled";
-      implementation = "broker";
-    };
-    services.ntpd-rs = {
-      enable = true;
-      #settings = {
-      #  server = {
-      #    require-nts = true;
-      #  };
-      #};
-    };
-
-    boot.blacklistedKernelModules = [
-      # Obscure network protocols
-      "ax25"
-      "netrom"
-      "rose"
-      # Old or rare or insufficiently audited filesystems
-      "adfs"
-      "affs"
-      "bfs"
-      "befs"
-      "cramfs"
-      "efs"
-      "erofs"
-      "exofs"
-      "freevxfs"
-      "f2fs"
-      "hfs"
-      "hpfs"
-      "jfs"
-      "minix"
-      "nilfs2"
-      "ntfs"
-      "omfs"
-      "qnx4"
-      "qnx6"
-      "sysv"
-      "ufs"
-    ];
-
-    nix.settings.allowed-users = lib.mkDefault ["@users"];
-  };
-}

hosts/sarien/system/security/dnscrypt-proxy.nix

@@ -1,49 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; {
-  options = {
-    security.dnscrypt-proxy.enable =
-      mkEnableOption "enable dnscrypt-proxy";
-  };
-  config = mkIf config.security.dnscrypt-proxy.enable {
-    networking = {
-      nameservers = ["127.0.0.1" "::1"];
-      # If using dhcpcd:
-      dhcpcd.extraConfig = "nohook resolv.conf";
-      # If using NetworkManager:
-      networkmanager.dns = "none";
-    };
-
-    # Make sure you don't have services.resolved.enable on.
-    services.dnscrypt-proxy2 = {
-      enable = true;
-      settings = {
-        ipv6_servers = false;
-        require_dnssec = true;
-
-        sources.public-resolvers = {
-          urls = [
-            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
-            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
-          ];
-          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
-          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
-        };
-
-        # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
-        server_names = [
-          #"quad9-dnscrypt-ip4-filter-pri"
-          "cloudflare"
-        ];
-      };
-    };
-
-    systemd.services.dnscrypt-proxy2.serviceConfig = {
-      StateDirectory = "dnscrypt-proxy";
-    };
-  };
-}

hosts/sarien/system/security/extensive.nix

@@ -1,66 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.security.extensive;
-in {
-  options = {
-    security.extensive.enable =
-      mkEnableOption "enable extensive security";
-  };
-  config = mkIf cfg.enable {
-    security.basic.enable = true;
-
-    environment.memoryAllocator.provider = mkDefault "scudo";
-    environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
-
-    security = {
-      lockKernelModules = mkDefault false;
-      protectKernelImage = mkDefault true;
-      # allowSimultaneousMultithreading = mkDefault false;
-      forcePageTableIsolation = mkDefault true;
-      unprivilegedUsernsClone = mkDefault config.virtualisation.containers.enable;
-      virtualisation.flushL1DataCache = mkDefault "always";
-      apparmor.enable = mkDefault true;
-      apparmor.killUnconfinedConfinables = mkDefault true;
-    };
-
-    boot.kernel.sysctl = {
-      # Hide kptrs even for processes with CAP_SYSLOG
-      "kernel.kptr_restrict" = mkOverride 500 2;
-      # Disable bpf() JIT (to eliminate spray attacks)
-      "net.core.bpf_jit_enable" = mkDefault false;
-      # Disable ftrace debugging
-      "kernel.ftrace_enabled" = mkDefault false;
-    };
-
-    boot.kernel.sysctl = {
-      # Enable strict reverse path filtering (that is, do not attempt to route
-      # packets that "obviously" do not belong to the iface's network; dropped
-      # packets are logged as martians).
-      "net.ipv4.conf.all.log_martians" = mkDefault true;
-      "net.ipv4.conf.all.rp_filter" = mkDefault "1";
-      "net.ipv4.conf.default.log_martians" = mkDefault true;
-      "net.ipv4.conf.default.rp_filter" = mkDefault "1";
-
-      # Ignore broadcast ICMP (mitigate SMURF)
-      "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault true;
-
-      # Ignore incoming ICMP redirects (note: default is needed to ensure that the
-      # setting is applied to interfaces added after the sysctls are set)
-      "net.ipv4.conf.all.accept_redirects" = mkDefault false;
-      "net.ipv4.conf.all.secure_redirects" = mkDefault false;
-      "net.ipv4.conf.default.accept_redirects" = mkDefault false;
-      "net.ipv4.conf.default.secure_redirects" = mkDefault false;
-      "net.ipv6.conf.all.accept_redirects" = mkDefault false;
-      "net.ipv6.conf.default.accept_redirects" = mkDefault false;
-
-      # Ignore outgoing ICMP redirects (this is ipv4 only)
-      "net.ipv4.conf.all.send_redirects" = mkDefault false;
-      "net.ipv4.conf.default.send_redirects" = mkDefault false;
-    };
-  };
-}

hosts/sarien/system/security/main.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./basic.nix
-    ./extensive.nix
-    ./dnscrypt-proxy.nix
-  ];
-}

hosts/sarien/system/virtual/docker.nix

@@ -1,29 +0,0 @@
-{
-  # pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.virtual.docker;
-in {
-  options = {
-    virtual.docker.enable =
-      mkEnableOption "enable docker";
-  };
-  config = mkIf cfg.enable {
-    virtualisation.docker = {
-      enable = true;
-      rootless = {
-        enable = true;
-        setSocketVariable = true;
-      };
-      storageDriver = "btrfs";
-      autoPrune.enable = true;
-      #defaultNetwork.settings = {
-      #  dns_enabled = true;
-      #};
-    };
-    virtualisation.oci-containers.backend = "docker";
-  };
-}

hosts/sarien/system/virtual/libvirt.nix

@@ -1,35 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.virtual.libvirt;
-in {
-  options = {
-    virtual.libvirt.enable =
-      mkEnableOption "enables virtualisation";
-  };
-  config = mkIf cfg.enable {
-    virtualisation.libvirtd = {
-      enable = true;
-      qemu = {
-        package = pkgs.qemu_kvm;
-        runAsRoot = false;
-        swtpm.enable = true;
-        vhostUserPackages = [pkgs.virtiofsd];
-        ovmf = {
-          enable = true;
-          packages = [
-            (pkgs.OVMF.override {
-              secureBoot = true;
-              tpmSupport = true;
-            })
-            .fd
-          ];
-        };
-      };
-    };
-  };
-}

hosts/sarien/system/virtual/main.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./libvirt.nix
-    ./podman.nix
-    ./docker.nix
-  ];
-}

hosts/sarien/system/virtual/podman.nix

@@ -1,28 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.virtual.podman;
-in {
-  options = {
-    virtual.podman.enable =
-      mkEnableOption "enables podman";
-  };
-  config = mkIf cfg.enable {
-    virtualisation = {
-      containers.enable = true;
-      podman = {
-        enable = true;
-        dockerCompat = true;
-        defaultNetwork.settings.dns_enabled = true;
-      };
-    };
-    environment.systemPackages = with pkgs; [
-      podman-tui
-      podman-compose
-    ];
-  };
-}

hosts/sarien/system/wireless/bluetooth.nix

@@ -1,21 +0,0 @@
-{
-  # pkgs,
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.wireless.bluetooth;
-in {
-  options = {
-    wireless.bluetooth = {
-      enable = mkEnableOption "enable bluetooth";
-      enableBlueman = mkEnableOption "enable bluetooth manager";
-    };
-  };
-  config = mkIf cfg.enable {
-    hardware.bluetooth.enable = true;
-    hardware.bluetooth.powerOnBoot = true;
-    services.blueman.enable = cfg.enableBlueman;
-  };
-}

hosts/sarien/system/wireless/main.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./bluetooth.nix
-    ./wifi.nix
-  ];
-}

hosts/sarien/system/wireless/wifi.nix

@@ -1,29 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.wireless.wifi;
-in {
-  options = {
-    wireless.wifi.enable =
-      mkEnableOption "enables wifi with iwd and MAC address randomisation";
-  };
-  config = mkIf cfg.enable {
-    networking = {
-      networkmanager.wifi.backend = "iwd";
-      wireless.iwd = {
-        enable = true;
-        settings = {
-          General = {
-            AddressRandomization = "network";
-          };
-          Settings = {
-            AlwaysRandomizeAddress = true;
-          };
-        };
-      };
-    };
-  };
-}

hosts/sarien/users/user/home-configuration.nix

@@ -6,6 +6,7 @@
     self.homeModules.desktop
     self.homeModules.programs
     ./programs.nix
+    ./flatpak.nix
   ];
   home = {
     stateVersion = "25.05";

modules/home/programs/console.nix

@@ -1,23 +0,0 @@
-{
-  # config,
-  pkgs,
-  ...
-}: {
-  home.packages = with pkgs; [
-    git
-    ripgrep
-    trashy
-    fd
-    dust
-    procs
-    eza
-    tree
-    speedtest-rs
-    zip
-    unzip
-    execline
-    fastfetch
-    alejandra
-    uutils-coreutils-noprefix
-  ];
-}

modules/home/programs/default.nix

@@ -1,7 +1,5 @@
 {
   imports = [
-    ./console.nix
-    ./flatpak.nix
     ./console/yazi.nix
     ./editor/main.nix
     ./shell/main.nix

modules/home/programs/editor/helix.nix

@@ -95,8 +95,8 @@ in {
           }
           {
             name = "markdown";
-            auto-format = true;
+            # auto-format = true;
-            formatter.command = "${pkgs.comrak}/bin/comrak";
+            # formatter.command = "${pkgs.comrak}/bin/comrak";
             language-servers = ["markdown-oxide"];
           }
           {

modules/nixos/system/default.nix

@@ -4,6 +4,5 @@
     ./security/main.nix
     ./virtual/main.nix
     ./wireless/main.nix
-    ./stylix.nix
   ];
 }