Template integration final touches

.forgejo/workflows/update.yaml

@@ -1,32 +0,0 @@
-on: [push]
-
-jobs:
-  # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
-  update-lockfile:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          logger: pretty
-
-#      - name: Update Lockfile
-#        uses: DeterminateSystems/update-flake-lock@main
-#        id: update
-#        with:
-#          pr-title: "chore(deps): flake inputs"
-#          commit-msg: "chore(deps): flake inputs"
-#          token: ${{ secrets.GITHUB_TOKEN }}
-
-#  build:
-#    runs-on: nix
-#    steps:
-#      - run: nix-env -iA nixpkgs.nodejs_20
-#      - uses: actions/checkout@v4
-#      - run: nix --experimental-features 'nix-command flakes' flake update
-#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
-#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda

hosts/Dimaga/default.nix

@@ -1,47 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [ ./hardware-configuration.nix ];
-
-  system.stateVersion = "24.05";
-
-  aux.system = {
-    role = "workstation";
-    apps = {
-      development.enable = true;
-      media.enable = true;
-      office.enable = true;
-      writing.enable = true;
-    };
-    ui = {
-      flatpak.enable = true;
-      gnome.enable = true;
-    };
-    users = {
-      aires = {
-        enable = true;
-        autologin = true;
-        services = {
-          syncthing = {
-            enable = true;
-            autostart = true;
-            enableTray = false;
-          };
-        };
-      };
-    };
-  };
-
-  aux.system.services.autoUpgrade = {
-    enable = true;
-    configDir = config.secrets.nixConfigFolder;
-    onCalendar = "daily";
-    user = config.users.users.aires.name;
-    push = false;
-  };
-
-  # Configure the virtual machine created by nixos-rebuild build-vm
-  virtualisation.vmVariant.virtualisation = {
-    memorySize = 2048;
-    cores = 2;
-  };
-}

hosts/Dimaga/hardware-configuration.nix

@@ -1,62 +0,0 @@
-# Surface Laptop Go 1st gen
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [
-        "xhci_pci"
-        "nvme"
-        "usb_storage"
-        "usbhid"
-        "sd_mod"
-      ];
-      kernelModules = [ ];
-      luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
-    };
-
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
-      fsType = "btrfs";
-      options = [ "subvol=@,compress=zstd,discard" ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/0C53-A645";
-      fsType = "vfat";
-    };
-  };
-
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 4096;
-    }
-  ];
-
-  networking = {
-    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    # (the default) this is the recommended approach. When using systemd-networkd it's
-    # still possible to use this option, but it's recommended to use it in conjunction
-    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    useDHCP = lib.mkDefault true;
-    # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
-
-    # Set the hostname.
-    hostName = "Dimaga";
-  };
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/Haven/default.nix

@@ -24,6 +24,7 @@ in
 
   aux.system = {
     apps.tmux.enable = true;
+    gpu.amd.enable = true;
     packages = [ start-haven ];
     services = {
       acme = {

hosts/Haven/hardware-configuration.nix

@@ -12,7 +12,6 @@
   boot = {
     supportedFilesystems = [ "btrfs" ];
     kernelModules = [ "kvm-amd" ];
-    extraModulePackages = [ ];
 
     initrd = {
       supportedFilesystems = [ "btrfs" ];

hosts/Khanda/default.nix

@@ -26,37 +26,53 @@ in
     # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
     allowUnfree = true;
 
+    apps = {
+      development.enable = true;
+      media.enable = true;
+      office.enable = true;
+      recording.enable = true;
+      social.enable = true;
+      writing = {
+        enable = true;
+        languagetool.enable = false;
+      };
+    };
+
     # Enable Secure Boot support.
-    # IMPORTANT: Read the README before enabling this option!
+    bootloader = {
-    bootloader.secureboot.enable = true;
+      enable = true;
+      secureboot.enable = true;
+      tpm2.enable = true;
+    };
 
     # Change the default text editor. Options are "emacs", "nano", or "vim".
     editor = "nano";
 
-    ui.flatpak = {
+    # Enable GPU support.
-      # Enable Flatpak support.
+    gpu.intel.enable = true;
-      enable = true;
-
-      # Define Flatpak packages to install.
-      packages = [
-        "com.github.tchx84.Flatseal"
-        "com.github.wwmm.easyeffects"
-        "md.obsidian.Obsidian"
-        "net.waterfox.waterfox"
-        "org.keepassxc.KeePassXC"
-      ];
-    };
 
     # Change how long old generations are kept for.
     retentionPeriod = "14d";
 
-    # Enable GPU support.
-    gpu.intel.enable = true;
-
-    ui.desktops.gnome.enable = true;
-
     services.autoUpgrade.enable = false;
 
+    ui = {
+      desktops.gnome.enable = true;
+      flatpak = {
+        # Enable Flatpak support.
+        enable = true;
+
+        # Define Flatpak packages to install.
+        packages = [
+          "com.github.tchx84.Flatseal"
+          "com.github.wwmm.easyeffects"
+          "md.obsidian.Obsidian"
+          "net.waterfox.waterfox"
+          "org.keepassxc.KeePassXC"
+        ];
+      };
+    };
+
     users.aires = {
       enable = true;
       services = {

hosts/Khanda/hardware-configuration.nix

@@ -11,9 +11,6 @@
 
   boot = {
     initrd = {
-      # Enable systemd for TPM auto-unlocking
-      systemd.enable = true;
-
       availableKernelModules = [
         "surface_aggregator"
         "surface_aggregator_registry"
@@ -23,7 +20,6 @@
         "8250_dw"
         "intel_lpss"
         "intel_lpss_pci"
-        "tpm_crb"
         "xhci_pci"
         "thunderbolt"
         "nvme"
@@ -33,7 +29,6 @@
         "pinctrl_tigerlake"
       ];
       kernelModules = [
-        "tpm_crb"
         "surface_aggregator"
         "surface_aggregator_registry"
         "surface_aggregator_hub"
@@ -60,7 +55,6 @@
 
     kernelModules = [
       "kvm-intel"
-      "tpm_crb"
       "surface_aggregator"
       "surface_aggregator_registry"
       "surface_aggregator_hub"
@@ -73,7 +67,6 @@
       "surface_kbd"
       "pinctrl_tigerlake"
     ];
-    extraModulePackages = [ ];
   };
 
   fileSystems = {
@@ -113,5 +106,5 @@
   environment.systemPackages = with pkgs; [ libwacom-surface ];
 
   # NOTE: Use a default kernel to skip full kernel rebuilds
-  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 }

hosts/Pihole/default.nix

@@ -12,28 +12,30 @@
 
   aux.system = {
     apps.tmux.enable = true;
-    users.aires.enable = true;
+    boot = {
-    boot.enable = false;
-    services.ssh = {
       enable = true;
-      ports = [ config.secrets.hosts.haven.ssh.port ];
+      secureboot.enable = false;
     };
-  };
+    packages = with pkgs; [
-
-  nix.distributedBuilds = true;
-
-  networking.hostName = "Pihole";
-  time.timeZone = "America/New_York";
-
-  environment.systemPackages = with pkgs; [
     libraspberrypi
     raspberrypifw
     raspberrypi-eeprom
     linuxKernel.kernels.linux_rpi4
   ];
+    services.ssh = {
+      enable = true;
+      ports = [ config.secrets.hosts.haven.ssh.port ];
+    };
+    users.aires.enable = true;
+  };
+
+  nix.distributedBuilds = true;
+
+  time.timeZone = "America/New_York";
 
   # Connect to the network automagically
   networking = {
+    hostName = "Pihole";
     networkmanager.enable = lib.mkForce false;
     wireless.networks = {
       "${config.secrets.networking.networks.home.SSID}" = {

hosts/Shura/default.nix

@@ -42,7 +42,9 @@ in
         languagetool.enable = true;
       };
     };
-    packages = with pkgs; [boinc];
+    gpu.amd.enable = true;
+    packages = with pkgs; [ boinc ];
+    retentionPeriod = "7d";
     services.autoUpgrade = {
       enable = true;
       configDir = config.secrets.nixConfigFolder;

hosts/Shura/hardware-configuration.nix

@@ -16,12 +16,6 @@
 
     # Hardware defaults detected by nixos-generate-configuration
     initrd = {
-      # SystemD in the initrd is required for TPM auto-unlocking.
-      # See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
-      # If the LUKS volume is recently created, run this command to bind it to the TPM:
-      #	sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
-      systemd.enable = true;
-
       availableKernelModules = [
         "nvme"
         "xhci_pci"
@@ -29,11 +23,6 @@
         "usb_storage"
         "sd_mod"
         "rtsx_pci_sdmmc"
-        "tpm_crb"
-      ];
-      kernelModules = [
-        "amdgpu"
-        "tpm_crb"
       ];
       luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
         device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";

modules/autoimport.nix

@@ -16,7 +16,6 @@ let
 
   # Search all files and folders within and below the current directory.
   # Filters out directories that belong to home-manager, and don't end with .nix or are this file.
-  # Also, make the strings absolute
   validFiles =
     dir:
     map (file: ./. + "/${file}") (

modules/system/bootloader.nix

@@ -45,6 +45,13 @@ in
 
       # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
       (lib.mkIf (cfg.tpm2.enable) {
+        boot.initrd = {
+          # Enable systemd for TPM auto-unlocking
+          systemd.enable = true;
+
+          availableKernelModules = [ "tpm_crb" ];
+          kernelModules = [ "tpm_crb" ];
+        };
         # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
         environment.systemPackages = with pkgs; [ tpm2-tss ];
         security.tpm2 = {

modules/system/gpu/amd.nix

@@ -15,10 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
     boot.initrd.kernelModules = [ "amdgpu" ];
-    services.xserver = {
+    services.xserver.videoDrivers = [ "amdgpu" ];
-      enable = true;
-      videoDrivers = [ "amdgpu" ];
-    };
 
     hardware.graphics = {
       extraPackages = [ pkgs.amdvlk ];