Template integration final touches

.forgejo/workflows/update.yaml

@@ -1,32 +0,0 @@
-on: [push]
-
-jobs:
-  # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
-  update-lockfile:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          logger: pretty
-
-#      - name: Update Lockfile
-#        uses: DeterminateSystems/update-flake-lock@main
-#        id: update
-#        with:
-#          pr-title: "chore(deps): flake inputs"
-#          commit-msg: "chore(deps): flake inputs"
-#          token: ${{ secrets.GITHUB_TOKEN }}
-
-#  build:
-#    runs-on: nix
-#    steps:
-#      - run: nix-env -iA nixpkgs.nodejs_20
-#      - uses: actions/checkout@v4
-#      - run: nix --experimental-features 'nix-command flakes' flake update
-#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
-#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda

hosts/Haven/hardware-configuration.nix

@@ -12,7 +12,6 @@
   boot = {
     supportedFilesystems = [ "btrfs" ];
     kernelModules = [ "kvm-amd" ];
-    extraModulePackages = [ ];
 
     initrd = {
       supportedFilesystems = [ "btrfs" ];

hosts/Khanda/default.nix

@@ -26,14 +26,39 @@ in
     # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
     allowUnfree = true;
 
+    apps = {
+      development.enable = true;
+      media.enable = true;
+      office.enable = true;
+      recording.enable = true;
+      social.enable = true;
+      writing = {
+        enable = true;
+        languagetool.enable = false;
+      };
+    };
+
     # Enable Secure Boot support.
-    # IMPORTANT: Read the README before enabling this option!
+    bootloader = {
-    bootloader.secureboot.enable = true;
+      enable = true;
+      secureboot.enable = true;
+      tpm2.enable = true;
+    };
 
     # Change the default text editor. Options are "emacs", "nano", or "vim".
     editor = "nano";
 
-    ui.flatpak = {
+    # Enable GPU support.
+    gpu.intel.enable = true;
+
+    # Change how long old generations are kept for.
+    retentionPeriod = "14d";
+
+    services.autoUpgrade.enable = false;
+
+    ui = {
+      desktops.gnome.enable = true;
+      flatpak = {
         # Enable Flatpak support.
         enable = true;
 
@@ -46,16 +71,7 @@ in
           "org.keepassxc.KeePassXC"
         ];
       };
-
+    };
-    # Change how long old generations are kept for.
-    retentionPeriod = "14d";
-
-    # Enable GPU support.
-    gpu.intel.enable = true;
-
-    ui.desktops.gnome.enable = true;
-
-    services.autoUpgrade.enable = false;
 
     users.aires = {
       enable = true;

hosts/Pihole/default.nix

@@ -12,28 +12,30 @@
 
   aux.system = {
     apps.tmux.enable = true;
-    users.aires.enable = true;
+    boot = {
-    boot.enable = false;
-    services.ssh = {
       enable = true;
-      ports = [ config.secrets.hosts.haven.ssh.port ];
+      secureboot.enable = false;
     };
-  };
+    packages = with pkgs; [
-
-  nix.distributedBuilds = true;
-
-  networking.hostName = "Pihole";
-  time.timeZone = "America/New_York";
-
-  environment.systemPackages = with pkgs; [
     libraspberrypi
     raspberrypifw
     raspberrypi-eeprom
     linuxKernel.kernels.linux_rpi4
   ];
+    services.ssh = {
+      enable = true;
+      ports = [ config.secrets.hosts.haven.ssh.port ];
+    };
+    users.aires.enable = true;
+  };
+
+  nix.distributedBuilds = true;
+
+  time.timeZone = "America/New_York";
 
   # Connect to the network automagically
   networking = {
+    hostName = "Pihole";
     networkmanager.enable = lib.mkForce false;
     wireless.networks = {
       "${config.secrets.networking.networks.home.SSID}" = {

hosts/Shura/default.nix

@@ -44,6 +44,7 @@ in
     };
     gpu.amd.enable = true;
     packages = with pkgs; [ boinc ];
+    retentionPeriod = "7d";
     services.autoUpgrade = {
       enable = true;
       configDir = config.secrets.nixConfigFolder;

hosts/Shura/hardware-configuration.nix

@@ -16,12 +16,6 @@
 
     # Hardware defaults detected by nixos-generate-configuration
     initrd = {
-      # SystemD in the initrd is required for TPM auto-unlocking.
-      # See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
-      # If the LUKS volume is recently created, run this command to bind it to the TPM:
-      #	sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
-      systemd.enable = true;
-
       availableKernelModules = [
         "nvme"
         "xhci_pci"

modules/autoimport.nix

@@ -16,7 +16,6 @@ let
 
   # Search all files and folders within and below the current directory.
   # Filters out directories that belong to home-manager, and don't end with .nix or are this file.
-  # Also, make the strings absolute
   validFiles =
     dir:
     map (file: ./. + "/${file}") (