67 changed files with 792 additions and 977 deletions
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@ -0,0 +1,32 @@
 on: [push]
 jobs:
  # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
  update-lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          logger: pretty
 #      - name: Update Lockfile
 #        uses: DeterminateSystems/update-flake-lock@main
 #        id: update
 #        with:
 #          pr-title: "chore(deps): flake inputs"
 #          commit-msg: "chore(deps): flake inputs"
 #          token: ${{ secrets.GITHUB_TOKEN }}
 #  build:
 #    runs-on: nix
 #    steps:
 #      - run: nix-env -iA nixpkgs.nodejs_20
 #      - uses: actions/checkout@v4
 #      - run: nix --experimental-features 'nix-command flakes' flake update
 #      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
 #      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
--- a/README.md
+++ b/README.md
@ -33,9 +33,9 @@ sudo nixos-rebuild switch --flake .#Shura
 ### Running updates
-All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
+All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `host.services.autoUpgrade = false;` to a hosts config.
-Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
+Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `host.services.autoUpgrade.pushUpdates = true;`.
 #### Manually updating
@ -129,7 +129,7 @@ This config uses two systems: Flakes, and Home-manager.
 - Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined.
 - Home-manager configs live in the `users/` folders.
- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`.
+- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `host.ui.flatpak.enable = true;`.
    - After adding a new module, make sure to `git add` it.
 ### Features
--- a/flake.lock
+++ b/flake.lock
@ -138,11 +138,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1719180626,
+        "lastModified": 1719037157,
-        "narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=",
+        "narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb",
+        "rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511",
        "type": "github"
      },
      "original": {
@ -250,16 +250,16 @@
      "locked": {
        "lastModified": 1719145664,
        "narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=",
-        "owner": "NixOS",
+        "ref": "master",
        "repo": "nixos-hardware",
        "rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e",
-        "type": "github"
+        "revCount": 1750,
        "type": "git",
        "url": "https://github.com/NixOS/nixos-hardware"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
-        "repo": "nixos-hardware",
+        "type": "git",
-        "type": "github"
+        "url": "https://github.com/NixOS/nixos-hardware"
      }
    },
    "nixpkgs": {
@ -298,13 +298,13 @@
      "locked": {
        "lastModified": 1719075281,
        "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
--- a/flake.nix
+++ b/flake.nix
@ -4,32 +4,29 @@
  description = "Aires' system Flake";
  inputs = {
-    # Import the desired Nix channel. Defaults to unstable, which uses a fully tested rolling release model.
+    # Track base packagese
-    #   You can find a list of channels at https://nixos.wiki/wiki/Nix_channels
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    #   To follow a different channel, replace `nixos-unstable` with the channel name, e.g. `nixos-24.05`.
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    # Use Lix in place of Nix.
+    # Replace Nix with Lix: https://lix.systems/
    #   If you'd rather use regular Nix, remove `lix-module.nixosModules.default` from the `modules` section below.
    #   To learn more about Lix, see https://lix.systems/
    lix-module = {
      url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.90";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Flatpak support
    nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1";
    # SecureBoot support
    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.0";
-    # NixOS hardware quirks
+    # Flatpak support
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1";
-    # Home-manager support
+    # Hardware configurations
    #nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master";
    nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master";
    # Home-manager
    home-manager = {
      url = "github:nix-community/home-manager";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
    };
    # "Secrets management"
@ -44,12 +41,12 @@
  outputs =
    inputs@{
      self,
      home-manager,
      lanzaboote,
      lix-module,
      nix-flatpak,
      nixos-hardware,
      nixpkgs,
      lanzaboote,
      nix-flatpak,
      home-manager,
      nixos-hardware,
      lix-module,
      nix-secrets,
      ...
    }:
@ -60,9 +57,15 @@
          "x86_64-linux"
          "aarch64-linux"
        ] (system: function nixpkgs.legacyPackages.${system});
      config.allowUnfree = true;
      # Define shared modules and imports
      defaultModules = [
        {
          _module.args = {
            inherit inputs;
          };
        }
        ./modules/autoimport.nix
        (import nix-secrets)
        lix-module.nixosModules.default
@ -70,9 +73,6 @@
        nix-flatpak.nixosModules.nix-flatpak
        home-manager.nixosModules.home-manager
        {
          _module.args = {
            inherit inputs;
          };
          home-manager = {
            /*
              When running, Home Manager will use the global package cache.
--- a/hosts/Dimaga/default.nix
+++ b/hosts/Dimaga/default.nix
@ -0,0 +1,39 @@
 { pkgs, ... }:
 {
  imports = [ ./hardware-configuration.nix ];
  system.stateVersion = "24.05";
  host = {
    role = "workstation";
    apps = {
      development.enable = true;
      media.enable = true;
      office.enable = true;
      writing.enable = true;
    };
    ui = {
      flatpak.enable = true;
      gnome.enable = true;
    };
    users = {
      aires = {
        enable = true;
        autologin = true;
        services = {
          syncthing = {
            enable = true;
            autostart = true;
            enableTray = false;
          };
        };
      };
    };
  };
  # Configure the virtual machine created by nixos-rebuild build-vm
  virtualisation.vmVariant.virtualisation = {
    memorySize = 2048;
    cores = 2;
  };
 }
--- a/hosts/Dimaga/hardware-configuration.nix
+++ b/hosts/Dimaga/hardware-configuration.nix
@ -0,0 +1,62 @@
 # Surface Laptop Go 1st gen
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    initrd = {
      availableKernelModules = [
        "xhci_pci"
        "nvme"
        "usb_storage"
        "usbhid"
        "sd_mod"
      ];
      kernelModules = [ ];
      luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
      fsType = "btrfs";
      options = [ "subvol=@,compress=zstd,discard" ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/0C53-A645";
      fsType = "vfat";
    };
  };
  swapDevices = [
    {
      device = "/swapfile";
      size = 4096;
    }
  ];
  networking = {
    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
    # (the default) this is the recommended approach. When using systemd-networkd it's
    # still possible to use this option, but it's recommended to use it in conjunction
    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
    useDHCP = lib.mkDefault true;
    # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
    # Set the hostname.
    hostName = "Dimaga";
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/Haven/default.nix
+++ b/hosts/Haven/default.nix
@ -22,10 +22,8 @@ in
  system.stateVersion = "24.05";
-  aux.system = {
+  host = {
-    apps.tmux.enable = true;
+    role = "server";
    gpu.amd.enable = true;
    packages = [ start-haven ];
    services = {
      acme = {
        enable = true;
@ -66,13 +64,7 @@ in
        enable = true;
        home = "${services-root}/airsonic-advanced";
      };
-      autoUpgrade = {
+      autoUpgrade.pushUpdates = true;
        enable = false;
        pushUpdates = true;
        configDir = config.secrets.nixConfigFolder;
        onCalendar = "daily";
        user = config.users.users.aires.name;
      };
      boinc.enable = true;
      cache = {
        enable = false; # Disable for now
@ -149,6 +141,9 @@ in
  # TODO: VPN (Check out Wireguard)
  # Add Haven's startup script
  environment.systemPackages = [ start-haven ];
  # Allow Haven to be a build target for other architectures (mainly ARM64)
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 }
--- a/hosts/Haven/hardware-configuration.nix
+++ b/hosts/Haven/hardware-configuration.nix
@ -12,6 +12,7 @@
  boot = {
    supportedFilesystems = [ "btrfs" ];
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
    initrd = {
      supportedFilesystems = [ "btrfs" ];
--- a/hosts/Khanda/default.nix
+++ b/hosts/Khanda/default.nix
@ -1,31 +1,12 @@
-{
+{ pkgs, lib, ... }:
  config,
  lib,
  pkgs,
  ...
 }:
 let
  # Do not change this value! This tracks when NixOS was installed on your system.
  stateVersion = "24.05";
 in
 {
  imports = [ ./hardware-configuration.nix ];
-  system.stateVersion = stateVersion;
+  system.stateVersion = "24.05";
-
+  system.autoUpgrade.enable = lib.mkForce false;
  ###*** Configure your system below this line. ***###
  # Set your time zone.
  #   To see all available timezones, run `timedatectl list-timezones`.
  time.timeZone = "America/New_York";
  # Configure the system.
  aux.system = {
    # Enable to allow unfree (e.g. closed source) packages.
    # Some settings may override this (e.g. enabling Nvidia GPU support).
    # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
    allowUnfree = true;
  host = {
    role = "workstation";
    apps = {
      development.enable = true;
      media.enable = true;
@ -37,42 +18,10 @@ in
        languagetool.enable = false;
      };
    };
    # Enable Secure Boot support.
    bootloader = {
      enable = true;
      secureboot.enable = true;
      tpm2.enable = true;
    };
    # Change the default text editor. Options are "emacs", "nano", or "vim".
    editor = "nano";
    # Enable GPU support.
    gpu.intel.enable = true;
    # Change how long old generations are kept for.
    retentionPeriod = "14d";
    services.autoUpgrade.enable = false;
    ui = {
-      desktops.gnome.enable = true;
+      flatpak.enable = true;
-      flatpak = {
+      gnome.enable = true;
        # Enable Flatpak support.
        enable = true;
        # Define Flatpak packages to install.
        packages = [
          "com.github.tchx84.Flatseal"
          "com.github.wwmm.easyeffects"
          "md.obsidian.Obsidian"
          "net.waterfox.waterfox"
          "org.keepassxc.KeePassXC"
        ];
    };
    };
    users.aires = {
      enable = true;
      services = {
@ -88,6 +37,9 @@ in
  # Build remotely
  nix.distributedBuilds = true;
  # Enable thermal control
  services.thermald.enable = true;
  # Limit the number of cores Nix can use
  nix.settings.cores = 10;
--- a/hosts/Khanda/hardware-configuration.nix
+++ b/hosts/Khanda/hardware-configuration.nix
@ -11,6 +11,9 @@
  boot = {
    initrd = {
      # Enable systemd for TPM auto-unlocking
      systemd.enable = true;
      availableKernelModules = [
        "surface_aggregator"
        "surface_aggregator_registry"
@ -20,6 +23,7 @@
        "8250_dw"
        "intel_lpss"
        "intel_lpss_pci"
        "tpm_crb"
        "xhci_pci"
        "thunderbolt"
        "nvme"
@ -29,6 +33,7 @@
        "pinctrl_tigerlake"
      ];
      kernelModules = [
        "tpm_crb"
        "surface_aggregator"
        "surface_aggregator_registry"
        "surface_aggregator_hub"
@ -55,6 +60,7 @@
    kernelModules = [
      "kvm-intel"
      "tpm_crb"
      "surface_aggregator"
      "surface_aggregator_registry"
      "surface_aggregator_hub"
@ -67,6 +73,7 @@
      "surface_kbd"
      "pinctrl_tigerlake"
    ];
    extraModulePackages = [ ];
  };
  fileSystems = {
@ -104,7 +111,11 @@
  # Install/configure additional drivers, particularly for touch
  environment.systemPackages = with pkgs; [ libwacom-surface ];
  microsoft-surface = {
    ipts.enable = true;
    surface-control.enable = true;
  };
  # NOTE: Use a default kernel to skip full kernel rebuilds
-  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 }
--- a/hosts/Pihole/default.nix
+++ b/hosts/Pihole/default.nix
@ -10,29 +10,30 @@
  system.stateVersion = "24.05";
-  aux.system = {
+  host = {
-    apps.tmux.enable = true;
+    role = "server";
-    bootloader.enable = false;  # Bootloader configured in hardware-configuration.nix
+    users.aires.enable = true;
-    packages = with pkgs; [
+    boot.enable = false;
    services.ssh = {
      enable = true;
      ports = [ config.secrets.hosts.haven.ssh.port ];
    };
  };
  nix.distributedBuilds = true;
  networking.hostName = "Pihole";
  time.timeZone = "America/New_York";
  environment.systemPackages = with pkgs; [
    libraspberrypi
    raspberrypifw
    raspberrypi-eeprom
    linuxKernel.kernels.linux_rpi4
  ];
    services.ssh = {
      enable = true;
      ports = [ config.secrets.hosts.haven.ssh.port ];
    };
    users.aires.enable = true;
  };
  nix.distributedBuilds = true;
  time.timeZone = "America/New_York";
  # Connect to the network automagically
  networking = {
    hostName = "Pihole";
    networkmanager.enable = lib.mkForce false;
    wireless.networks = {
      "${config.secrets.networking.networks.home.SSID}" = {
--- a/hosts/Shura/default.nix
+++ b/hosts/Shura/default.nix
@ -5,9 +5,6 @@
  ...
 }:
 let
  # Do not change this value! This tracks when NixOS was installed on your system.
  stateVersion = "24.05";
  # Copy bluetooth device configs
  shure-aonic-bluetooth = pkgs.writeText "info" (
    builtins.readFile ./bluetooth/shure-aonic-bluetooth-params
@ -29,9 +26,10 @@ in
 {
  imports = [ ./hardware-configuration.nix ];
-  system.stateVersion = stateVersion;
+  system.stateVersion = "24.05";
-  aux.system = {
+  host = {
    role = "workstation";
    apps = {
      development.enable = true;
      dj.enable = true;
@ -45,37 +43,9 @@ in
        languagetool.enable = true;
      };
    };
    # Configure the bootloader.
    bootloader = {
      enable = true;
      secureboot.enable = true;
      tpm2.enable = true;
    };
    # Change the default text editor. Options are "emacs", "nano", or "vim".
    editor = "nano";
    # Enable GPU support.
    gpu.amd.enable = true;
    packages = with pkgs; [
      boinc # Boinc client
    ];
    # Keep old generations for one week.
    retentionPeriod = "7d";
    # Run daily automatic updates.
    services.autoUpgrade = {
      enable = true;
      configDir = config.secrets.nixConfigFolder;
      onCalendar = "daily";
      user = config.users.users.aires.name;
    };
    ui = {
      flatpak.enable = true;
-      desktops.gnome.enable = true;
+      gnome.enable = true;
    };
    users = {
      aires = {
@ -95,6 +65,9 @@ in
    };
  };
  # Install additional packages
  environment.systemPackages = [ pkgs.boinc ];
  # Enable virtual machine manager
  programs.virt-manager.enable = true;
--- a/hosts/Shura/hardware-configuration.nix
+++ b/hosts/Shura/hardware-configuration.nix
@ -16,6 +16,12 @@
    # Hardware defaults detected by nixos-generate-configuration
    initrd = {
      # SystemD in the initrd is required for TPM auto-unlocking.
      # See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
      # If the LUKS volume is recently created, run this command to bind it to the TPM:
      #	sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
      systemd.enable = true;
      availableKernelModules = [
        "nvme"
        "xhci_pci"
@ -23,6 +29,11 @@
        "usb_storage"
        "sd_mod"
        "rtsx_pci_sdmmc"
        "tpm_crb"
      ];
      kernelModules = [
        "amdgpu"
        "tpm_crb"
      ];
      luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
        device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
--- a/hosts/configuration.nix.template
+++ b/hosts/configuration.nix.template
@ -13,7 +13,7 @@
  system.stateVersion = "24.05";
-  aux.system = {
+  host = {
    role = "workstation";
    apps = {
      # Define applications here
--- a/modules/apps/development.nix
+++ b/modules/apps/development.nix
@ -6,12 +6,12 @@
 }:
 let
-  cfg = config.aux.system.apps.development;
+  cfg = config.host.apps.development;
 in
 with lib;
 {
  options = {
-    aux.system.apps.development = {
+    host.apps.development = {
      enable = mkEnableOption (mdDoc "Enables development tools");
      kubernetes.enable = mkEnableOption (mdDoc "Enables kubectl, virtctl, and similar tools.");
    };
@ -19,7 +19,7 @@ with lib;
  config = mkMerge [
    (mkIf cfg.enable {
-      aux.system.ui.flatpak.enable = true;
+      host.ui.flatpak.enable = true;
      services.flatpak.packages = [ "com.vscodium.codium" ];
    })
--- a/modules/apps/dj.nix
+++ b/modules/apps/dj.nix
@ -1,16 +1,16 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.apps.dj;
+  cfg = config.host.apps.dj;
 in
 with lib;
 {
  options = {
-    aux.system.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)");
+    host.apps.dj.enable = mkEnableOption (mdDoc "Enables DJing tools (i.e. Mixxx)");
  };
  config = mkIf cfg.enable {
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak.packages = [ "org.mixxx.Mixxx" ];
  };
--- a/modules/apps/gaming.nix
+++ b/modules/apps/gaming.nix
@ -7,7 +7,7 @@
 # Gaming-related settings
 let
-  cfg = config.aux.system.apps.gaming;
+  cfg = config.host.apps.gaming;
  reset-controllers-script = pkgs.writeShellScriptBin "reset-controllers" ''
    #!/usr/bin/env bash
    sudo rmmod hid_xpadneo && sudo modprobe hid_xpadneo
@ -17,11 +17,11 @@ in
 with lib;
 {
  options = {
-    aux.system.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features");
+    host.apps.gaming.enable = mkEnableOption (mdDoc "Enables gaming features");
  };
  config = mkIf cfg.enable {
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak.packages = [
      "gg.minion.Minion"
      "com.valvesoftware.Steam"
--- a/modules/apps/kdeconnect.nix
+++ b/modules/apps/kdeconnect.nix
@ -0,0 +1,35 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.host.apps.kdeconnect;
 in
 with lib;
 {
  options = {
    host.apps.kdeconnect.enable = mkEnableOption (mdDoc "Enables KDE Connect");
  };
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [ gnomeExtensions.gsconnect ];
    networking.firewall = {
      allowedTCPPortRanges = [
        {
          from = 1714;
          to = 1764;
        }
      ];
      allowedUDPPortRanges = [
        {
          from = 1714;
          to = 1764;
        }
      ];
    };
  };
 }
--- a/modules/apps/media.nix
+++ b/modules/apps/media.nix
@ -1,16 +1,16 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.apps.media;
+  cfg = config.host.apps.media;
 in
 with lib;
 {
  options = {
-    aux.system.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps");
+    host.apps.media.enable = mkEnableOption (mdDoc "Enables media playback and editing apps");
  };
  config = mkIf cfg.enable {
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak = {
      packages = [
--- a/modules/apps/office.nix
+++ b/modules/apps/office.nix
@ -1,16 +1,16 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.apps.office;
+  cfg = config.host.apps.office;
 in
 with lib;
 {
  options = {
-    aux.system.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps");
+    host.apps.office.enable = mkEnableOption (mdDoc "Enables office and workstation apps");
  };
  config = mkIf cfg.enable {
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak.packages = [
      "org.onlyoffice.desktopeditors"
--- a/modules/apps/recording.nix
+++ b/modules/apps/recording.nix
@ -1,16 +1,16 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.apps.recording;
+  cfg = config.host.apps.recording;
 in
 with lib;
 {
  options = {
-    aux.system.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools");
+    host.apps.recording.enable = mkEnableOption (mdDoc "Enables video editing tools");
  };
  config = mkIf cfg.enable {
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak.packages = [
      "com.obsproject.Studio"
--- a/modules/apps/social.nix
+++ b/modules/apps/social.nix
@ -6,12 +6,12 @@
 }:
 let
-  cfg = config.aux.system.apps.social;
+  cfg = config.host.apps.social;
 in
 with lib;
 {
  options = {
-    aux.system.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps");
+    host.apps.social.enable = mkEnableOption (mdDoc "Enables chat apps");
  };
  config = mkIf cfg.enable {
@ -21,7 +21,7 @@ with lib;
      beeper
    ];
-    aux.system.ui.flatpak.enable = true;
+    host.ui.flatpak.enable = true;
    services.flatpak.packages = [ "com.discordapp.Discord" ];
  };
 }
--- a/modules/apps/tmux.nix
+++ b/modules/apps/tmux.nix
@ -6,12 +6,12 @@
 }:
 let
-  cfg = config.aux.system.apps.tmux;
+  cfg = config.host.apps.tmux;
 in
 with lib;
 {
  options = {
-    aux.system.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer");
+    host.apps.tmux.enable = mkEnableOption (mdDoc "Enables tmux - terminal multiplexer");
  };
  config = mkIf cfg.enable {
--- a/modules/apps/writing.nix
+++ b/modules/apps/writing.nix
@ -6,11 +6,11 @@
 }:
 let
-  cfg = config.aux.system.apps.writing;
+  cfg = config.host.apps.writing;
 in
 {
  options = {
-    aux.system.apps.writing = {
+    host.apps.writing = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables writing and editing tools");
      languagetool = {
        enable = lib.mkEnableOption (lib.mdDoc "Enables local Language Tool server.");
--- a/modules/autoimport.nix
+++ b/modules/autoimport.nix
@ -16,6 +16,7 @@ let
  # Search all files and folders within and below the current directory.
  # Filters out directories that belong to home-manager, and don't end with .nix or are this file.
  # Also, make the strings absolute
  validFiles =
    dir:
    map (file: ./. + "/${file}") (
--- a/modules/system/bluetooth.nix
+++ b/modules/system/bluetooth.nix
@ -1,4 +1,3 @@
 # Configures bluetooth.
 {
  lib,
  config,
@ -7,17 +6,18 @@
 }:
 let
-  cfg = config.aux.system.bluetooth;
+  cfg = config.host.ui.bluetooth;
 in
 with lib;
 {
  options = {
-    aux.system.bluetooth = {
+    host.ui.bluetooth = {
-      enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth");
+      enable = mkEnableOption (mdDoc "Enables bluetooth");
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
    # Set up Bluetooth
    hardware.bluetooth = {
      enable = true;
--- a/modules/base/bootloader.nix
+++ b/modules/base/bootloader.nix
@ -0,0 +1,67 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 # Bootloader
 let
  cfg = config.host.boot;
 in
 with lib;
 {
  options = {
    host.boot = {
      enable = mkOption {
        description = "Automatically configures the bootloader. Set to false to configure manually.";
        type = types.bool;
        default = true;
      };
      secureboot.enable = mkOption {
        description = "Enables Secureboot";
        type = types.bool;
        default = true;
      };
    };
  };
  config = mkIf cfg.enable (mkMerge [
    (mkIf cfg.secureboot.enable {
      boot = {
        # Enable Secure Boot
        bootspec.enable = true;
        # Disable systemd-boot. We lanzaboote now.
        loader.systemd-boot.enable = false;
        loader.efi.canTouchEfiVariables = true;
        lanzaboote = {
          enable = true;
          pkiBundle = "/etc/secureboot";
        };
        # Increase bootloader font size
        lanzaboote.settings.console-mode = "auto";
      };
      # Set up TPM. See https://nixos.wiki/wiki/TPM
      # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
      environment.systemPackages = with pkgs; [ tpm2-tss ];
      security.tpm2 = {
        enable = true;
        pkcs11.enable = true;
        tctiEnvironment.enable = true;
      };
    })
    # Plain boot
    (mkIf (!cfg.secureboot.enable) {
      boot = {
        loader.systemd-boot.enable = true;
        loader.efi.canTouchEfiVariables = true;
      };
    })
  ]);
 }
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@ -1,4 +1,3 @@
 # Configure basic networking options.
 _: {
  networking = {
    # Enable networking via NetworkManager
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@ -0,0 +1,65 @@
 # Nix configuration
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 {
  nix = {
    settings = {
      # Enable Flakes
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      # Use Lix instead of Nix
      substituters = [ "https://cache.lix.systems" ];
      trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
      # Only allow these users to use Nix
      allowed-users = [
        "root"
        config.users.users.aires.name
      ];
      # Avoid signature verification messages when doing remote builds
      trusted-users = [
        config.users.users.aires.name
      ] ++ lib.optionals (config.host.users.gremlin.enable) [ config.users.users.gremlin.name ];
    };
    # Enable periodic nix store optimization
    optimise.automatic = true;
    # Configure NixOS to use the same software channel as Flakes
    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
    # Configure remote build machines (mainly Haven)
    # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
    buildMachines = [
      {
        hostName = "haven";
        systems = [
          "x86_64-linux"
          "aarch64-linux"
        ];
        protocol = "ssh-ng";
        supportedFeatures = [
          "nixos-test"
          "kvm"
          "benchmark"
          "big-parallel"
        ];
      }
    ];
    # When using a builder, use its package store
    extraOptions = ''
      builders-use-substitutes = true
    '';
  };
 }
--- a/modules/base/programs.nix
+++ b/modules/base/programs.nix
@ -0,0 +1,35 @@
 # Set up program defaults
 { config, ... }:
 {
  # Set up base apps
  programs = {
    direnv.enable = true;
    nano = {
      enable = true;
      syntaxHighlight = true;
      nanorc = ''
        set linenumbers
        set tabsize 4
        set softwrap
        set autoindent
        set indicator
      '';
    };
    nh = {
      enable = true;
      flake = "${config.secrets.nixConfigFolder}";
      # Alternative garbage collection system to nix.gc.automatic
      clean = {
        enable = true;
        dates = "daily";
        extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries
      };
    };
    # Support for standard, dynamically-linked executables
    nix-ld.enable = true;
  };
 }
--- a/modules/base/roles.nix
+++ b/modules/base/roles.nix
@ -0,0 +1,57 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.host.role;
 in
 {
  options = {
    host.role = lib.mkOption {
      type = lib.types.enum [
        "server"
        "workstation"
      ];
    };
  };
  config = lib.mkMerge [
    # Servers
    (lib.mkIf (cfg == "server") {
      host.apps.tmux.enable = true;
      environment.systemPackages = with pkgs; [
        htop
        mdadm
      ];
    })
    # Workstations
    (lib.mkIf (cfg == "workstation") {
      host.ui = {
        audio.enable = true;
        bluetooth.enable = true;
        gnome.enable = true;
        flatpak.enable = true;
      };
      boot = {
        # Enable Plymouth
        plymouth.enable = true;
        plymouth.theme = "bgrt";
        # Increase minimum log level. This removes ACPI errors from the boot screen.
        consoleLogLevel = 1;
        # Add kernel parameters
        kernelParams = [
          "quiet"
          "splash"
        ];
        initrd.verbose = false;
      };
    })
  ];
 }
--- a/modules/base/shell.nix
+++ b/modules/base/shell.nix
@ -0,0 +1,10 @@
 { pkgs, ... }:
 {
  # Install ZSH for all users
  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;
  # Show a neat system statistics screen when opening a terminal
  environment.systemPackages = with pkgs; [ fastfetch ];
 }
--- a/modules/base/system.nix
+++ b/modules/base/system.nix
@ -0,0 +1,86 @@
 # System options
 {
  pkgs,
  config,
  lib,
  ...
 }:
 {
  # Set up the environment
  environment = {
    # Install base packages
    systemPackages = with pkgs; [
      bash
      dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113
      direnv
      git
      home-manager
      nano
      p7zip
      fastfetch
      nh # Nix Helper: https://github.com/viperML/nh
    ];
    variables = {
      EDITOR = "nano"; # Set default editor to nano
    };
  };
  # Configure automatic updates for all hosts
  host.services.autoUpgrade = {
    enable = true;
    configDir = config.secrets.nixConfigFolder;
    onCalendar = "daily";
    user = config.users.users.aires.name;
  };
  services = {
    # Enable fwupd (firmware updater)
    fwupd.enable = true;
    # Enable trim on supported drives
    fstrim.enable = true;
    # Autoscrub BTRFS partitions
    btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
      enable = true;
      interval = "weekly";
      fileSystems = [ "/" ];
    };
    # Allow systemd user services to keep running after the user has logged out
    logind.killUserProcesses = false;
    # Enable disk monitoring
    smartd = {
      enable = true;
      autodetect = true;
      notifications.wall.enable = true;
    };
  };
  # Reduce logout stop timer duration
  systemd.extraConfig = ''
    DefaultTimeoutStopSec=30s
  '';
  # Set your time zone.
  time.timeZone = "America/New_York";
  # Select internationalisation properties.
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
      LC_MEASUREMENT = "en_US.UTF-8";
      LC_MONETARY = "en_US.UTF-8";
      LC_NAME = "en_US.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "en_US.UTF-8";
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
    };
  };
 }
--- a/modules/common.nix
+++ b/modules/common.nix
@ -1,40 +0,0 @@
 # Modules common to all systems
 { pkgs, config, ... }:
 {
  config = {
    # Install ZSH for all users
    programs.zsh.enable = true;
    users.defaultUserShell = pkgs.zsh;
    aux.system = {
      packages = with pkgs; [
        fastfetch # Show a neat system statistics screen when opening a terminal
        nh # Nix Helper: https://github.com/viperML/nh
      ];
    };
    programs = {
      # Enable NH, an alternative nixos-rebuild frontend.
      nh = {
        enable = true;
        flake = "${config.secrets.nixConfigFolder}";
        # Alternative garbage collection system to nix.gc.automatic
        clean = {
          enable = true;
          dates = "daily";
          extraArgs = "--keep-since 7d --keep 10"; # Keep the last 10 entries
        };
      };
      # Do some additional Nano configuration
      nano.nanorc = ''
        set linenumbers
        set tabsize 4
        set softwrap
        set autoindent
        set indicator
      '';
    };
  };
 }
--- a/modules/module.nix.template
+++ b/modules/module.nix.template
@ -2,11 +2,11 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.services.myModule;
+  cfg = config.host.services.myModule;
 in
 {
  options = {
-    aux.system.services.myModule = {
+    host.services.myModule = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables this example module.");
      attributes = lib.mkOption {
        default = { };
--- a/modules/services/acme.nix
+++ b/modules/services/acme.nix
@ -1,11 +1,11 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.services.acme;
+  cfg = config.host.services.acme;
 in
 {
  options = {
-    aux.system.services.acme = {
+    host.services.acme = {
      enable = lib.mkEnableOption (
        lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)."
      );
@ -34,6 +34,6 @@ in
    # /var/lib/acme/.challenges must be writable by the ACME user
    # and readable by the Nginx user. The easiest way to achieve
    # this is to add the Nginx user to the ACME group.
-    users.users.nginx.extraGroups = lib.mkIf config.aux.system.services.nginx.enable [ "acme" ];
+    users.users.nginx.extraGroups = lib.mkIf config.host.services.nginx.enable [ "acme" ];
  };
 }
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@ -5,11 +5,11 @@
  ...
 }:
 let
-  cfg = config.aux.system.services.airsonic;
+  cfg = config.host.services.airsonic;
 in
 {
  options = {
-    aux.system.services.airsonic = {
+    host.services.airsonic = {
      autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Airsonic at boot.");
      enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service.");
      home = lib.mkOption {
@ -21,7 +21,7 @@ in
  };
  config = lib.mkIf cfg.enable {
-    aux.system.users.media.enable = true;
+    host.users.media.enable = true;
    users.users.airsonic.extraGroups = [ "media" ];
    services = {
--- a/modules/services/apcupsd.nix
+++ b/modules/services/apcupsd.nix
@ -5,12 +5,12 @@
  ...
 }:
 let
-  cfg = config.aux.system.services.apcupsd;
+  cfg = config.host.services.apcupsd;
 in
 with lib;
 {
  options = {
-    aux.system.services.apcupsd = {
+    host.services.apcupsd = {
      enable = mkEnableOption (mdDoc "Enables apcupsd");
      configText = lib.mkOption {
        type = lib.types.str;
--- a/modules/services/autoupgrade.nix
+++ b/modules/services/autoupgrade.nix
@ -7,7 +7,7 @@
 }:
 let
-  cfg = config.aux.system.services.autoUpgrade;
+  cfg = config.host.services.autoUpgrade;
  # List of packages to include in each service's $PATH
  pathPkgs = with pkgs; [
@ -25,8 +25,12 @@ let
 in
 {
  options = {
-    aux.system.services.autoUpgrade = {
+    host.services.autoUpgrade = {
-      enable = lib.mkEnableOption (lib.mdDoc "Enables automatic system updates.");
+      enable = lib.mkOption {
        default = true;
        type = lib.types.bool;
        description = "Enables automatic system updates.";
      };
      branches = lib.mkOption {
        type = lib.types.attrs;
        description = "Which local and remote branches to compare.";
--- a/modules/services/boinc.nix
+++ b/modules/services/boinc.nix
@ -6,11 +6,11 @@
 }:
 let
-  cfg = config.aux.system.services.boinc;
+  cfg = config.host.services.boinc;
 in
 {
  options = {
-    aux.system.services.boinc.enable = lib.mkEnableOption (
+    host.services.boinc.enable = lib.mkEnableOption (
      lib.mdDoc "Enables BOINC distributed computing service."
    );
  };
--- a/modules/services/cache.nix
+++ b/modules/services/cache.nix
@ -7,11 +7,11 @@
 }:
 let
-  cfg = config.aux.system.services.cache;
+  cfg = config.host.services.cache;
 in
 {
  options = {
-    aux.system.services.cache = {
+    host.services.cache = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables binary cache hosting.");
      secretKeyFile = lib.mkOption {
        default = "/var/cache-priv-key.pem";
--- a/modules/services/duplicacy-web.nix
+++ b/modules/services/duplicacy-web.nix
@ -6,13 +6,13 @@
 }:
 let
-  cfg = config.aux.system.services.duplicacy-web;
+  cfg = config.host.services.duplicacy-web;
  duplicacy-web = pkgs.callPackage ../../packages/duplicacy-web.nix { inherit pkgs lib; };
 in
 with lib;
 rec {
  options = {
-    aux.system.services.duplicacy-web = {
+    host.services.duplicacy-web = {
      enable = mkEnableOption (mdDoc "Enables duplicacy-web");
      autostart = mkOption {
        default = true;
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -5,7 +5,7 @@
  ...
 }:
 let
-  cfg = config.aux.system.services.forgejo;
+  cfg = config.host.services.forgejo;
  cli-cfg = config.services.forgejo;
  forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
@ -23,7 +23,7 @@ let
 in
 {
  options = {
-    aux.system.services.forgejo = {
+    host.services.forgejo = {
      autostart = lib.mkEnableOption (lib.mdDoc "Automatically starts Forgejo at boot.");
      enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
      domain = lib.mkOption {
--- a/modules/services/k3s.nix
+++ b/modules/services/k3s.nix
@ -0,0 +1,60 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.host.services.k3s;
 in
 with lib;
 {
  options = {
    host.services.k3s = {
      enable = mkEnableOption (mdDoc "Enables K3s");
      role = mkOption {
        default = "server";
        type = types.enum [
          "agent"
          "server"
        ];
        description = "Which K3s role to use";
      };
      serverAddr = mkOption {
        default = "";
        type = types.str;
        description = "If an agent, this is the address of the server.";
      };
    };
  };
  config = mkIf cfg.enable {
    # Add packages for developing with K3s.
    # For details, see https://nixos.wiki/wiki/K3s
    environment.systemPackages = with pkgs; [ k3s ];
    networking.firewall = {
      allowedTCPPorts = [
        6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
        # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
        # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
      ];
      allowedUDPPorts = [
        # 8472 # k3s, flannel: required if using multi-node for inter-node networking
      ];
    };
    services.k3s = {
      enable = true;
      inherit (cfg) role;
      extraFlags = toString [
        # "--kubelet-arg=v=4" # Optionally add additional args to k3s
      ];
    } // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; };
    # Increase number of open file handlers so K3s doesn't exhaust them...again.
    systemd.extraConfig = ''
      DefaultLimitNOFILE=8192:1048576
    '';
  };
 }
--- a/modules/services/msmtp.nix
+++ b/modules/services/msmtp.nix
@ -2,12 +2,12 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.services.msmtp;
+  cfg = config.host.services.msmtp;
 in
 with lib;
 {
  options = {
-    aux.system.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server");
+    host.services.msmtp.enable = mkEnableOption (mdDoc "Enables mail server");
  };
  config = mkIf cfg.enable {
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -1,11 +1,11 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.services.nginx;
+  cfg = config.host.services.nginx;
 in
 {
  options = {
-    aux.system.services.nginx = {
+    host.services.nginx = {
      autostart = lib.mkEnableOption (lib.mdDoc "Whether to autostart Nginx at boot.");
      enable = lib.mkEnableOption (lib.mdDoc "Enable the Nginx web server.");
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@ -1,11 +1,11 @@
 { config, lib, ... }:
 let
-  cfg = config.aux.system.services.ssh;
+  cfg = config.host.services.ssh;
 in
 {
  options = {
-    aux.system.services.ssh = {
+    host.services.ssh = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
      ports = lib.mkOption {
        default = [ 22 ];
--- a/modules/services/virtualization.nix
+++ b/modules/services/virtualization.nix
@ -7,11 +7,11 @@
 }:
 let
-  cfg = config.aux.system.services.virtualization;
+  cfg = config.host.services.virtualization;
 in
 {
  options = {
-    aux.system.services.virtualization = {
+    host.services.virtualization = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host.");
      user = lib.mkOption {
        default = "";
--- a/modules/system/bootloader.nix
+++ b/modules/system/bootloader.nix
@ -1,73 +0,0 @@
 # Configuration options specific to bootloader management.
 # SecureBoot is handled via Lanzaboote. See https://github.com/nix-community/lanzaboote
 {
  config,
  lib,
  pkgs,
  ...
 }:
 # Bootloader
 let
  cfg = config.aux.system.bootloader;
 in
 {
  options = {
    aux.system.bootloader = {
      enable = lib.mkOption {
        description = "Automatically configures the bootloader. Set to false to configure manually.";
        type = lib.types.bool;
        default = true;
      };
      secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support.");
      tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support.");
    };
  };
  config = lib.mkIf cfg.enable (
    lib.mkMerge [
      (lib.mkIf cfg.secureboot.enable {
        boot = {
          # Enable Secure Boot
          bootspec.enable = true;
          # Use Lanzaboote in place of systemd-boot.
          loader.systemd-boot.enable = false;
          loader.efi.canTouchEfiVariables = true;
          lanzaboote = {
            enable = true;
            pkiBundle = "/etc/secureboot";
          };
        };
      })
      # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
      (lib.mkIf (cfg.tpm2.enable) {
        boot.initrd = {
          # Enable systemd for TPM auto-unlocking
          systemd.enable = true;
          availableKernelModules = [ "tpm_crb" ];
          kernelModules = [ "tpm_crb" ];
        };
        # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
        environment.systemPackages = with pkgs; [ tpm2-tss ];
        security.tpm2 = {
          enable = true;
          pkcs11.enable = true;
          tctiEnvironment.enable = true;
        };
      })
      # Use the default systemd-boot bootloader.
      (lib.mkIf (!cfg.secureboot.enable) {
        boot.loader = {
          systemd-boot.enable = true;
          efi.canTouchEfiVariables = true;
        };
      })
    ]
  );
 }
--- a/modules/system/editor.nix
+++ b/modules/system/editor.nix
@ -1,42 +0,0 @@
 # Basic system-wide text editor configuration.
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 let
  cfg = config.aux.system.editor;
 in
 {
  options = {
    aux.system.editor = lib.mkOption {
      description = "Selects the default text editor.";
      default = "nano";
      type = lib.types.enum [
        "vim"
        "nano"
        "emacs"
      ];
    };
  };
  config = lib.mkMerge [
    (lib.mkIf (cfg == "emacs") {
      services.emacs = {
        enable = true;
        defaultEditor = true;
      };
    })
    (lib.mkIf (cfg == "nano") {
      programs.nano = {
        enable = true;
        syntaxHighlight = true;
      };
      environment.variables."EDITOR" = "nano";
    })
    (lib.mkIf (cfg == "vim") { programs.vim.defaultEditor = true; })
  ];
 }
--- a/modules/system/gpu/amd.nix
+++ b/modules/system/gpu/amd.nix
@ -1,27 +0,0 @@
 # Enables AMD GPU support.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.gpu.amd;
 in
 {
  options = {
    aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support.");
  };
  config = lib.mkIf cfg.enable {
    boot.initrd.kernelModules = [ "amdgpu" ];
    services.xserver.videoDrivers = [ "amdgpu" ];
    hardware.graphics = {
      extraPackages = [ pkgs.amdvlk ];
      # 32-bit application compatibility
      enable32Bit = true;
      extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
    };
  };
 }
--- a/modules/system/gpu/intel.nix
+++ b/modules/system/gpu/intel.nix
@ -1,44 +0,0 @@
 # Enables Intel GPU support.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.gpu.intel;
 in
 {
  options = {
    aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support.");
  };
  config = lib.mkIf cfg.enable {
    # Configuration options from NixOS-Hardware: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/intel/default.nix
    boot.initrd.kernelModules = [ "i915" ];
    environment.variables.VDPAU_DRIVER = "va_gl";
    hardware.graphics.extraPackages = with pkgs; [
      (
        if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
          vaapiIntel
        else
          intel-vaapi-driver
      )
      libvdpau-va-gl
      intel-media-driver
    ];
    hardware.graphics.extraPackages32 = with pkgs.driversi686Linux; [
      (
        if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
          vaapiIntel
        else
          intel-vaapi-driver
      )
      libvdpau-va-gl
      intel-media-driver
    ];
  };
 }
--- a/modules/system/gpu/nvidia.nix
+++ b/modules/system/gpu/nvidia.nix
@ -1,81 +0,0 @@
 # Enables Nvidia GPU support.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.gpu.nvidia;
 in
 {
  options = {
    aux.system.gpu.nvidia = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support.");
      hybrid = {
        enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support.");
        sync = lib.mkEnableOption (
          lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage."
        );
        busIDs = {
          nvidia = lib.mkOption {
            description = "The bus ID for your Nvidia GPU.";
            type = lib.types.str;
            example = "PCI:0:2:0";
            default = "";
          };
          intel = lib.mkOption {
            description = "The bus ID for your integrated Intel GPU. If you don't have an Intel GPU, you can leave this blank.";
            type = lib.types.str;
            example = "PCI:14:0:0";
            default = "";
          };
          amd = lib.mkOption {
            description = "The bus ID for your integrated AMD GPU. If you don't have an AMD GPU, you can leave this blank.";
            type = lib.types.str;
            example = "PCI:54:0:0";
            default = "";
          };
        };
      };
    };
  };
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = (cfg.busIDs.nvidia == "");
        message = "You need to define a bus ID for your Nvidia GPU. To learn how to find the bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29.";
      }
      {
        assertion = (cfg.busIDs.intel == "" && cfg.busIDs.amd == "");
        message = "You need to define a bus ID for your non-Nvidia GPU. To learn how to find your bus ID, see https://nixos.wiki/wiki/Nvidia#Configuring_Optimus_PRIME:_Bus_ID_Values_.28Mandatory.29.";
      }
    ];
    aux.system.allowUnfree = true;
    services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
    hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau ];
    hardware.nvidia = {
      modesetting.enable = true;
      nvidiaSettings = lib.mkIf (config.aux.system.ui.desktops.enable) true;
      package = config.boot.kernelPackages.nvidiaPackages.stable;
      prime = lib.mkIf cfg.hybrid.enable {
        offload = lib.mkIf (!cfg.hybrid.sync) {
          enable = true;
          enableOffloadCmd = true; # Provides `nvidia-offload` command.
        };
        sync.enable = lib.mkIf cfg.hybrid.sync true;
        nvidiaBusId = cfg.hybrid.busIDs.nvidia;
        intelBusId = lib.mkIf (cfg.hybrid.busIDs.intel != "") cfg.hybrid.busIDs.intel;
        amdgpuBusId = lib.mkIf (cfg.hybrid.busIDs.amd != "") cfg.hybrid.busIDs.amd;
      };
    };
  };
 }
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@ -1,83 +0,0 @@
 # Core Nix configuration
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 let
  cfg = config.aux.system;
 in
 {
  options = {
    aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install.");
    aux.system.retentionPeriod = lib.mkOption {
      description = "How long to retain NixOS generations. Defaults to 30 days (30d).";
      type = lib.types.str;
      default = "30d";
    };
  };
  config = {
    nixpkgs.config.allowUnfree = cfg.allowUnfree;
    nix = {
      settings = {
        # Enable Flakes
        experimental-features = [
          "nix-command"
          "flakes"
        ];
        # Use Lix instead of Nix
        substituters = [ "https://cache.lix.systems" ];
        trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
        # Only allow these users to use Nix
        allowed-users = [
          "root"
          config.users.users.aires.name
        ];
        # Avoid signature verification messages when doing remote builds
        trusted-users = [
          config.users.users.aires.name
        ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ];
      };
      # Enable periodic nix store optimization
      optimise.automatic = true;
      # Configure NixOS to use the same software channel as Flakes
      registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
      nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
      # Configure remote build machines (mainly Haven)
      # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
      buildMachines = [
        {
          hostName = "haven";
          systems = [
            "x86_64-linux"
            "aarch64-linux"
          ];
          protocol = "ssh-ng";
          supportedFeatures = [
            "nixos-test"
            "kvm"
            "benchmark"
            "big-parallel"
          ];
        }
      ];
      # When using a builder, use its package store
      extraOptions = ''
        builders-use-substitutes = true
      '';
    };
    # Support for standard, dynamically-linked executables
    programs.nix-ld.enable = true;
  };
 }
--- a/modules/system/system.nix
+++ b/modules/system/system.nix
@ -1,86 +0,0 @@
 # System options
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system;
 in
 {
  options = {
    aux.system.packages = lib.mkOption {
      description = "Additional system packages to install. This is just a wrapper for environment.systemPackages.";
      type = lib.types.listOf lib.types.package;
      default = [ ];
      example = lib.literalExpression "[ pkgs.firefox pkgs.thunderbird ]";
    };
  };
  config = {
    # Set up the environment
    environment = {
      # Install base packages
      systemPackages =
        config.aux.system.packages
        ++ (with pkgs; [
          bash
          dconf # Needed to fix an issue with Home-manager. See https://github.com/nix-community/home-manager/issues/3113
          direnv
          git
          home-manager
          p7zip
        ]);
    };
    services = {
      # Enable fwupd (firmware updater)
      fwupd.enable = true;
      # Enable trim on supported drives
      fstrim.enable = true;
      # Autoscrub BTRFS partitions
      btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
        enable = true;
        interval = "weekly";
        fileSystems = [ "/" ];
      };
      # Allow systemd user services to keep running after the user has logged out
      logind.killUserProcesses = false;
      # Enable disk monitoring
      smartd = {
        enable = true;
        autodetect = true;
        notifications.wall.enable = true;
      };
    };
    # Reduce logout stop timer duration
    systemd.extraConfig = ''
      DefaultTimeoutStopSec=30s
    '';
    # Set your time zone.
    time.timeZone = "America/New_York";
    # Select internationalisation properties.
    i18n = {
      defaultLocale = "en_US.UTF-8";
      extraLocaleSettings = {
        LC_ADDRESS = "en_US.UTF-8";
        LC_IDENTIFICATION = "en_US.UTF-8";
        LC_MEASUREMENT = "en_US.UTF-8";
        LC_MONETARY = "en_US.UTF-8";
        LC_NAME = "en_US.UTF-8";
        LC_NUMERIC = "en_US.UTF-8";
        LC_PAPER = "en_US.UTF-8";
        LC_TELEPHONE = "en_US.UTF-8";
        LC_TIME = "en_US.UTF-8";
      };
    };
  };
 }
--- a/modules/ui/audio.nix
+++ b/modules/ui/audio.nix
@ -1,4 +1,3 @@
 # Enables audio support.
 {
  pkgs,
  lib,
@ -7,19 +6,20 @@
 }:
 let
-  cfg = config.aux.system.ui.audio;
+  cfg = config.host.ui.audio;
 in
 with lib;
 {
  options = {
-    aux.system.ui.audio = {
+    host.ui.audio = {
-      enable = lib.mkEnableOption (lib.mdDoc "Enables audio.");
+      enable = mkEnableOption (mdDoc "Enables audio");
-      enableLowLatency = lib.mkEnableOption (
+      enableLowLatency = mkEnableOption (
-        lib.mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup."
+        mdDoc "Enables low-latency audio (may cause crackling) per https://nixos.wiki/wiki/PipeWire#Low-latency_setup "
      );
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
    # Enable sound with pipewire.
    sound.enable = true;
    security.rtkit.enable = true;
@ -36,7 +36,7 @@ in
      jack.enable = true;
      # Reduce audio latency per https://nixos.wiki/wiki/PipeWire#Low-latency_setup
-      extraConfig.pipewire = lib.mkIf cfg.enableLowLatency {
+      extraConfig.pipewire = mkIf cfg.enableLowLatency {
        "92-low-latency.conf" = {
          "context.properties" = {
            "default.clock.rate" = 48000;
@ -47,5 +47,7 @@ in
        };
      };
    };
    services.flatpak.packages = mkIf config.host.ui.flatpak.enable [ "com.github.wwmm.easyeffects" ];
  };
 }
--- a/modules/ui/desktops/budgie.nix
+++ b/modules/ui/desktops/budgie.nix
@ -1,32 +0,0 @@
 # Enables the Budgie desktop environment.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.ui.desktops.budgie;
 in
 {
  options = {
    aux.system.ui.desktops.budgie.enable = lib.mkEnableOption (
      lib.mdDoc "Enables the Budgie desktop environment."
    );
  };
  config = lib.mkIf cfg.enable {
    aux.system.ui.desktops.enable = true;
    services.xserver = {
      enable = true;
      desktopManager.budgie.enable = true;
      displayManager.lightdm.enable = lib.mkIf (
        !(
          config.services.xserver.displayManager.gdm.enable
          || config.services.xserver.displayManager.sddm.enable
        )
      ) true;
    };
  };
 }
--- a/modules/ui/desktops/common.nix
+++ b/modules/ui/desktops/common.nix
@ -1,104 +0,0 @@
 # Common desktop environment modules
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.ui.desktops;
 in
 {
  options = {
    aux.system.ui.desktops = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support.");
      xkb = lib.mkOption {
        description = "The keyboard layout to use by default. Defaults to us.";
        type = lib.types.attrs;
        default = {
          layout = "us";
          variant = "";
        };
      };
    };
  };
  config = lib.mkIf cfg.enable {
    aux.system = {
      bluetooth.enable = true;
      ui.audio.enable = true;
    };
    boot = {
      # Enable Plymouth for graphical bootsplash.
      plymouth = {
        enable = true;
        theme = "bgrt";
      };
      # Add kernel parameters
      kernelParams = [
        "quiet"
        "splash"
      ];
    };
    # Manage fonts
    fonts = {
      # Install extra fonts
      packages = with pkgs; [
        noto-fonts
        noto-fonts-cjk
        noto-fonts-emoji
        liberation_ttf
        fira-code
        fira-code-symbols
        fira
        roboto-slab
      ];
      # Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
      fontDir.enable = true;
    };
    services = {
      # Configure the xserver
      xserver = {
        # Enable the X11 windowing system.
        enable = true;
        # Configure keymap in X11
        xkb = config.aux.system.ui.desktops.xkb;
      };
      # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case).
      libinput.enable = true;
    };
    # Support for AppImage files
    programs.appimage = {
      enable = true;
      binfmt = true;
    };
    # Install full GStreamer capabilities.
    # References: 
    #   https://wiki.nixos.org/wiki/GStreamer
    #   https://github.com/NixOS/nixpkgs/issues/195936
    environment = {
      sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (
        with pkgs.gst_all_1;
        [
          gstreamer
          gst-plugins-base
          gst-plugins-good
          gst-plugins-bad
          gst-plugins-ugly
          gst-libav
          gst-vaapi
        ]
      );
    };
  };
 }
--- a/modules/ui/desktops/hyprland.nix
+++ b/modules/ui/desktops/hyprland.nix
@ -1,28 +0,0 @@
 # Enables the Hyprland desktop environment.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.ui.desktops.hyprland;
 in
 {
  options = {
    aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption (
      lib.mdDoc "Enables the Hyprland desktop environment."
    );
  };
  config = lib.mkIf cfg.enable {
    aux.system.ui.desktops.enable = true;
    programs.hyprland = {
      enable = true;
      xwayland.enable = true;
    };
    # Optional: hint Electron apps to use Wayland:
    environment.sessionVariables.NIXOS_OZONE_WL = "1";
  };
 }
--- a/modules/ui/desktops/kde.nix
+++ b/modules/ui/desktops/kde.nix
@ -1,54 +0,0 @@
 # Enables the KDE desktop environment.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.ui.desktops.kde;
 in
 {
  options = {
    aux.system.ui.desktops.kde = {
      enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment.");
      useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland.");
    };
  };
  config = lib.mkIf cfg.enable {
    aux.system.ui.desktops.enable = true;
    programs.dconf.enable = true;
    # Fix blank messages in KMail. See https://nixos.wiki/wiki/KDE#KMail_Renders_Blank_Messages
    environment.sessionVariables = {
      NIX_PROFILES = "${pkgs.lib.concatStringsSep " " (
        pkgs.lib.reverseList config.environment.profiles
      )}";
    };
    services = {
      displayManager.sddm.enable = true;
      desktopManager.plasma6.enable = true;
      xserver.displayManager = lib.mkIf cfg.useX11 {
        defaultSession = "plasmaX11";
        sddm.wayland.enable = lib.mkIf (
          !(
            config.services.xserver.displayManager.gdm.enable
            || config.services.xserver.displayManager.lightdm.enable
          )
        ) true;
      };
    };
    # Enable Gnome integration
    qt = {
      enable = true;
      platformTheme = "gnome";
      style = "adwaita-dark";
    };
  };
 }
--- a/modules/ui/desktops/xfce.nix
+++ b/modules/ui/desktops/xfce.nix
@ -1,30 +0,0 @@
 # Enables the XFCE desktop environment.
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.aux.system.ui.desktops.xfce;
 in
 {
  options = {
    aux.system.ui.desktops.xfce.enable = lib.mkEnableOption (
      lib.mdDoc "Enables the XFCE desktop environment."
    );
  };
  config = lib.mkIf cfg.enable {
    aux.system.ui.desktops.enable = true;
    services.xserver = {
      enable = true;
      desktopManager = {
        xterm.enable = false;
        xfce.enable = true;
      };
      displayManager.defaultSession = "xfce";
    };
  };
 }
--- a/modules/ui/flatpak.nix
+++ b/modules/ui/flatpak.nix
@ -8,20 +8,12 @@
 # Flatpak support and options
 let
-  cfg = config.aux.system.ui.flatpak;
+  cfg = config.host.ui.flatpak;
 in
 with lib;
 {
  options = {
-    aux.system.ui.flatpak = {
+    host.ui.flatpak.enable = mkEnableOption (mdDoc "Enables Flatpak");
      enable = mkEnableOption (mdDoc "Enables Flatpak support.");
      packages = lib.mkOption {
        description = "Flatpak packages to install.";
        type = lib.types.listOf lib.types.str;
        default = [ ];
        example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]";
      };
    };
  };
  config = mkIf cfg.enable {
@ -44,7 +36,12 @@ with lib;
      ];
      # Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
-      packages = cfg.packages;
+      packages = [
        "com.github.tchx84.Flatseal"
        "md.obsidian.Obsidian"
        "net.waterfox.waterfox"
        "org.keepassxc.KeePassXC"
      ];
    };
    # Workaround for getting Flatpak apps to use system fonts, icons, and cursors
@ -66,8 +63,8 @@ with lib;
        aggregatedIcons = pkgs.buildEnv {
          name = "system-icons";
          paths = with pkgs; [
-            (lib.mkIf config.aux.system.ui.desktops.gnome.enable gnome.gnome-themes-extra)
+            #libsForQt5.breeze-qt5	# for plasma
-            (lib.mkIf config.aux.system.ui.desktops.kde.enable kdePackages.breeze-icons)
+            gnome.gnome-themes-extra
            papirus-icon-theme
            qogir-icon-theme
          ];
--- a/modules/ui/desktops/gnome.nix
+++ b/modules/ui/desktops/gnome.nix
@ -1,4 +1,3 @@
 # Enables the Gnome desktop environment.
 {
  pkgs,
  config,
@ -6,29 +5,41 @@
  ...
 }:
 # UI and desktop-related options
 let
-  cfg = config.aux.system.ui.desktops.gnome;
+  cfg = config.host.ui.gnome;
 in
 with lib;
 {
  options = {
-    aux.system.ui.desktops.gnome.enable = lib.mkEnableOption (
+    host.ui.gnome.enable = mkEnableOption (mdDoc "Enables Gnome");
      lib.mdDoc "Enables the Gnome Desktop Environment."
    );
  };
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
-    aux.system.ui.desktops.enable = true;
+    host.ui = {
      audio.enable = true;
      flatpak.enable = true;
    };
    # Enable Gnome
    services = {
      # Configure the xserver
      xserver = {
-        # Remove default packages that came with the install
+        # Enable the X11 windowing system.
-        excludePackages = [ pkgs.xterm ];
+        enable = true;
        # Configure keymap in X11
        xkb = {
          layout = "us";
          variant = "";
        };
        # Enable Gnome
        desktopManager.gnome.enable = true;
        displayManager.gdm.enable = true;
        # Remove default packages that came with the install
        excludePackages = [ pkgs.xterm ];
      };
      # Install Flatpaks
@ -96,6 +107,41 @@ in
        papirus-icon-theme
        qogir-icon-theme
      ];
      # Install GStreamer plugins
      # References: 
      #   https://wiki.nixos.org/wiki/GStreamer
      #   https://github.com/NixOS/nixpkgs/issues/195936
      sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (
        with pkgs.gst_all_1;
        [
          gstreamer
          gst-plugins-base
          gst-plugins-good
          gst-plugins-bad
          gst-plugins-ugly
          gst-libav
          gst-vaapi
        ]
      );
    };
    # Manage fonts
    fonts = {
      # Install extra fonts
      packages = with pkgs; [
        noto-fonts
        noto-fonts-cjk
        noto-fonts-emoji
        liberation_ttf
        fira-code
        fira-code-symbols
        fira
        roboto-slab
      ];
      # Enable font dir for use with Flatpak. See https://nixos.wiki/wiki/Fonts#Flatpak_applications_can.27t_find_system_fonts
      fontDir.enable = true;
    };
    # Gnome UI integration for KDE apps
--- a/modules/users/aires/default.nix
+++ b/modules/users/aires/default.nix
@ -7,12 +7,12 @@
 # Define 'aires'
 let
-  cfg = config.aux.system.users.aires;
+  cfg = config.host.users.aires;
 in
 with lib;
 {
  options = {
-    aux.system.users.aires = {
+    host.users.aires = {
      enable = mkEnableOption (mdDoc "Enables aires user account");
      autologin = mkEnableOption (mdDoc "Automatically logs aires in on boot");
@ -63,9 +63,7 @@ with lib;
          homeDirectory = "/home/aires";
          # Install extra packages, specifically gnome extensions
-          packages = lib.mkIf config.aux.system.ui.desktops.gnome.enable [
+          packages = lib.mkIf config.host.ui.gnome.enable [ pkgs.gnomeExtensions.wallpaper-slideshow ];
            pkgs.gnomeExtensions.wallpaper-slideshow
          ];
          # Set environment variables
          sessionVariables = {
--- a/modules/users/common/home-manager/gnome.nix
+++ b/modules/users/common/home-manager/gnome.nix
@ -6,7 +6,7 @@
 }:
 {
  # Additional Gnome configurations via home-manager.
-  dconf.settings = lib.mkIf osConfig.aux.system.ui.desktops.gnome.enable {
+  dconf.settings = lib.mkIf osConfig.host.ui.gnome.enable {
    "org/gnome/mutter" = {
      edge-tiling = true;
      workspaces-only-on-primary = false;
--- a/modules/users/gremlin/default.nix
+++ b/modules/users/gremlin/default.nix
@ -7,12 +7,12 @@
 # Define 'gremlin' user
 let
-  cfg = config.aux.system.users.gremlin;
+  cfg = config.host.users.gremlin;
 in
 with lib;
 {
  options = {
-    aux.system.users.gremlin = {
+    host.users.gremlin = {
      enable = mkEnableOption (mdDoc "Enables gremlin user account");
      services.syncthing = {
--- a/modules/users/media/default.nix
+++ b/modules/users/media/default.nix
@ -7,13 +7,13 @@
 # Define user for managing media on Haven
 let
-  cfg = config.aux.system.users.media;
+  cfg = config.host.users.media;
 in
 with lib;
 {
  options = {
-    aux.system.users.media = {
+    host.users.media = {
      enable = mkEnableOption (mdDoc "Enables media user account");
    };
  };