immich

default-machine-config.nix

@@ -1,12 +1,15 @@
 {
   lib,
   pkgs,
+  inputs,
+  flakes,
   ...
 }:
 {
   imports = [
-    # ./cli-programs
+    (inputs.self + /modules/machine-type.nix)
-    # inputs.home-manager.nixosModules.home-manager
+    (inputs.self + /modules/program.nix)
+    (inputs.self + /programs)
   ];
 
   system.stateVersion = "26.05";
@@ -129,4 +132,13 @@
   };
 
   security.polkit.enable = true;
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+
+    extraSpecialArgs = {
+      inherit flakes;
+    };
+  };
 }

flake.lock

@@ -701,11 +701,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1767948332,
+        "lastModified": 1769115257,
-        "narHash": "sha256-TfGH5+8H70FUNmEuyLW799G3EVmij0aJcjaL+hYhvk0=",
+        "narHash": "sha256-Ju8QvCoBECGHoCfE9TQTUnMrK9E4BvBpyhCzh+VrerM=",
         "owner": "jdonszelmann",
         "repo": "homepage",
-        "rev": "d236b50f86a638f15a58468b28a218797c1d4c4e",
+        "rev": "53b9b3b1e3f13ea3e3f0b09856b5236c96e4cded",
         "type": "github"
       },
       "original": {
@@ -817,11 +817,11 @@
         "nixpkgs-mozilla": "nixpkgs-mozilla"
       },
       "locked": {
-        "lastModified": 1768757523,
+        "lastModified": 1768926700,
-        "narHash": "sha256-S5hYmrxZUSgyZ8609tPK00dkmd9yjTHtIMz7GHllQ+U=",
+        "narHash": "sha256-/bANzWLzVAzdRDXua/p9wIDS/RGIHSBHqyduXoCd+P8=",
         "ref": "refs/heads/main",
-        "rev": "4df0eff3871a61df547bcb1fecd657dc77dc24c7",
+        "rev": "7c883e02e2a77061bfa048d249df0d39b362a5cf",
-        "revCount": 69,
+        "revCount": 72,
         "type": "git",
         "url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git"
       },
@@ -1231,11 +1231,11 @@
     },
     "nixpkgs_18": {
       "locked": {
-        "lastModified": 1768843991,
+        "lastModified": 1769248673,
-        "narHash": "sha256-PVeXWVDWOuBB7ZmcxZxaXztvqV33ChfojMR3sczLnFg=",
+        "narHash": "sha256-oyxrDiV2yFToXpzwiJUYkxCjFHvL21tMQ2BpQMyMDTw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7f0857c5a1bffd38d5694d0979f708fec368577a",
+        "rev": "c0301d62ba146fee37e79fbc4b6323af52a2834e",
         "type": "github"
       },
       "original": {
@@ -1644,11 +1644,11 @@
         "nixpkgs-mozilla": "nixpkgs-mozilla_2"
       },
       "locked": {
-        "lastModified": 1765466675,
+        "lastModified": 1768928997,
-        "narHash": "sha256-JXtN956VZHmRHQmwx4QxA1EWC3uTKjv/O5ttA6pSb7k=",
+        "narHash": "sha256-YuG6heuos8YhDJYinNyllucglC33Rgi69FEGVl7pYI0=",
         "owner": "jdonszelmann",
         "repo": "review-queue",
-        "rev": "357bc3b37c99754b93cfc1950e69c209e374cb0c",
+        "rev": "5ab3617eab847a3007f7b70a11f912315afc3ec1",
         "type": "github"
       },
       "original": {
@@ -1821,11 +1821,11 @@
         "nixpkgs": "nixpkgs_18"
       },
       "locked": {
-        "lastModified": 1767655057,
+        "lastModified": 1769256063,
-        "narHash": "sha256-gvDWxuDucrGsBxDF0iZeFcTqVbADMcWwK2nne6LKlLs=",
+        "narHash": "sha256-fVFJ10YXPF8RfUuyL3OHOP6v0pzU78mTeKvlOCRCuuA=",
         "ref": "refs/heads/main",
-        "rev": "ea9c28258665f76042781a2b7b84ddf6d99a6e62",
+        "rev": "179e0bf0028c929978a3fbe7f77a27b2254eeb18",
-        "revCount": 6,
+        "revCount": 7,
         "type": "git",
         "url": "ssh://forgejo@git.donsz.nl/jana/server-secrets.git"
       },

flake.nix

@@ -142,8 +142,9 @@
           };
 
           imports = [
-            ./fili/configuration.nix
+            home-manager.nixosModules.home-manager
-            ./users/users.nix
+            ./hosts/fili/configuration.nix
+            ./users
             ./default-machine-config.nix
             sops-nix.nixosModules.sops
             vpn-confinement.nixosModules.default
@@ -161,8 +162,8 @@
           };
           imports = [
             home-manager.nixosModules.home-manager
-            ./kili/configuration.nix
+            ./hosts/kili/configuration.nix
-            ./users/users.nix
+            ./users
           ];
         };
       };

hosts/fili/configuration.nix

@@ -6,6 +6,13 @@ _: {
     ./services
   ];
 
+  custom.machine = {
+    type = "server";
+    capabilities = [
+      "cli"
+    ];
+  };
+
   networking.nameservers = [
     "1.1.1.1"
     "9.9.9.9"

hosts/fili/services/databases.nix

@@ -54,6 +54,10 @@
         name = "pocketid";
         ensureDBOwnership = true;
       }
+      {
+        name = "immich";
+        ensureDBOwnership = true;
+      }
     ];
     ensureDatabases = map (i: i.name) ensureUsers;
   };

hosts/fili/services/default.nix

@@ -6,9 +6,9 @@ _: {
     ./forgejo.nix
     ./obsidian-sync.nix
     ./metrics.nix
+    ./immich.nix
 
-    ./factorio.nix
+    ./factorio
-
     ./media
     ./websites
     ./auth

hosts/fili/services/factorio/default.nix

@@ -116,7 +116,7 @@ in
         "pineapple"
       ];
       extraSettingsFile = config.sops.secrets.factorio.path;
-      # mods = getMods ../../factorio-mods/tawney;
+      # mods = getMods .factorio-mods/tawney;
       package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
       port = 20001;
     }
@@ -129,7 +129,7 @@ in
         "koragendum"
       ];
       extraSettingsFile = config.sops.secrets.factorio.path;
-      mods = getMods ../../factorio-mods/snek;
+      mods = getMods ./factorio-mods/snek;
       package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
       port = 20002;
     };

hosts/fili/services/forgejo.nix

@@ -94,9 +94,9 @@
         SMTP_ADDR = "smtp.fastmail.com";
         FROM = "git@donsz.nl";
         USER = "git@donsz.nl";
+        PASSWD = config.sops.secrets.forgejo.path;
       };
     };
-    mailerPasswordFile = config.sops.secrets.forgejo.path;
   };
 
   sops.secrets.forgejo-runner = {

hosts/fili/services/immich.nix

@@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  secrets,
+  ...
+}:
+{
+
+  users.groups.jellyfin = { };
+  users.users.immich = {
+    isSystemUser = true;
+    group = "immich";
+
+    extraGroups = [
+      "video"
+      "render"
+    ];
+  };
+
+  hardware.graphics = {
+    enable = true;
+
+    extraPackages = with pkgs; [
+      intel-ocl
+      intel-media-driver
+    ];
+  };
+
+  sops.secrets.immich-session-secret = {
+    sopsFile = "${secrets}/immich.yaml";
+    key = "client_secret";
+    format = "yaml";
+  };
+
+  services.nginx.virtualHosts."photos.donsz.nl" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://[::1]:${toString config.services.immich.port}";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+      extraConfig = ''
+        client_max_body_size 50000M;
+        proxy_read_timeout   600s;
+        proxy_send_timeout   600s;
+        send_timeout         600s;
+      '';
+    };
+  };
+
+  services.immich = {
+    enable = true;
+    port = 2283;
+
+    database = {
+      name = "immich";
+      createDB = false;
+      user = "postgres";
+      host = "localhost";
+      port = 5432;
+    };
+
+    secretsFile = toString (
+      pkgs.writeText "db-password" ''
+        DB_PASSWORD=immich
+      ''
+    );
+
+    settings = {
+      server.externalDomain = "https://photos.donsz.nl";
+      logging.level = "verbose";
+
+      oauth = {
+        enabled = true;
+
+        clientSecret._secret = config.sops.secrets.immich-session-secret.path;
+        autoLaunch = true;
+        autoRegister = true;
+        buttonText = "Log in";
+        clientId = "8fd9c066-2298-4991-ba24-7c41bd73192b";
+        issuerUrl = "https://auth.donsz.nl";
+        roleClaim = "immich_role";
+        scope = "openid email profile groups";
+        tokenEndpointAuthMethod = "client_secret_post";
+        # storageLabelClaim: "",
+        # "mobileOverrideEnabled": false,
+        # "mobileRedirectUri": "",
+
+      };
+    };
+    mediaLocation = "/storage/storage/media-server/photos";
+    accelerationDevices = [
+      "/dev/dri/renderD128"
+    ];
+  };
+}

hosts/fili/services/websites/money-is-fckn-gay.nix

@@ -39,7 +39,7 @@ let
       restartIfChanged = true;
 
       serviceConfig = {
-        ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/mifg-backend";
+        ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/backend";
         Restart = "always";
         # EnvironmentFile = "/run/secrets/reviewqueue";
         StateDirectory = "${service-name}";
@@ -49,6 +49,12 @@ let
         MIFG_DATABASE_LOCATION = "/var/lib/${service-name}/db.sqlite";
         MIFG_FRONTEND_ORIGIN = "https://${public-url}";
         MIFG_PORT = toString api-port;
+        LD_LIBRARY_PATH =
+          with pkgs;
+          lib.makeLibraryPath [
+            openssl
+            sqlite
+          ];
       };
     };
   };

hosts/fili/services/websites/reviewqueue.nix

@@ -39,6 +39,12 @@
 
     environment = {
       DB_PATH = "/var/lib/reviewqueue/db.sqlite";
+      LD_LIBRARY_PATH =
+        with pkgs;
+        lib.makeLibraryPath [
+          openssl
+          sqlite
+        ];
     };
   };
 }

hosts/kili/configuration.nix

@@ -1,16 +1,24 @@
 {
   pkgs,
-  flakes,
   config,
   ...
 }:
 {
   imports = [
     ./hardware-configuration.nix
-    ../default-machine-config.nix
+    ../../default-machine-config.nix
-    ../programs/kanata/system.nix
   ];
 
+  custom.machine = {
+    type = "pc";
+    capabilities = [
+      "cli"
+      "graphical"
+      "work"
+      "fun"
+    ];
+  };
+
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
@@ -41,8 +49,6 @@
   };
 
   users.users.jana = {
-    isNormalUser = true;
-    description = "jana";
     extraGroups = [
       "networkmanager"
       "wheel"
@@ -154,14 +160,4 @@
       "root"
     ];
   };
-
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    users.jana = ./home.nix;
-
-    extraSpecialArgs = {
-      inherit flakes;
-    };
-  };
 }

kili/home.nix

@@ -1,58 +0,0 @@
-{
-  config,
-  pkgs,
-  flakes,
-  ...
-}:
-{
-  imports = [
-    flakes.nixvim.homeModules.nixvim
-    flakes.niri.homeModules.niri
-    flakes.matugen.nixosModules.default
-    flakes.noctalia.homeModules.default
-
-    # ../programs/nvim
-    ../programs/fish
-    ../programs/kanata
-    ../programs/kitty
-    ../programs/tmux
-    ../programs/git
-    ../programs/jj
-    ../programs/niri
-    ../programs/zed
-    ../programs/firefox
-  ];
-
-  home = {
-    stateVersion = "26.05";
-    username = "jana";
-    homeDirectory = "/home/jana";
-
-    packages = with pkgs; [
-      p1n3appl3.tab
-    ];
-
-  };
-
-  home.file = {
-    "dl".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.download}";
-    "doc".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.documents}";
-  };
-
-  xdg = {
-    enable = true;
-
-    configHome = "${config.home.homeDirectory}/.config";
-    userDirs = {
-      enable = true;
-      documents = "${config.home.homeDirectory}/Documents";
-      desktop = "${config.home.homeDirectory}/Documents";
-      download = "${config.home.homeDirectory}/Downloads";
-      music = "${config.home.homeDirectory}/Documents/personal/music";
-      pictures = "${config.home.homeDirectory}/Documents/personal/pictures";
-    };
-
-    mime.enable = true;
-  };
-
-}

modules/capabilities.nix

@@ -0,0 +1,10 @@
+[
+  # needs configs for cli access
+  "cli"
+  # needs configs for ui like a desktop manager and login manager
+  "graphical"
+  # needs configs for work computers like libreoffice etc
+  "work"
+  # needs configs for fun use, like steam
+  "fun"
+]

modules/home-info.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  ...
+}:
+with lib;
+{
+  options = {
+    custom.home-info = mkOption {
+      type = types.submodule {
+        options = {
+
+        };
+      };
+    };
+  };
+}

modules/machine-type.nix

@@ -0,0 +1,25 @@
+{
+  lib,
+  ...
+}:
+with lib;
+{
+  options = {
+    custom.machine = mkOption {
+      type = types.submodule {
+        options = {
+          type = mkOption {
+            type = types.enum [
+              "server"
+              "pc"
+            ];
+          };
+          capabilities = mkOption {
+            type = types.listOf (types.enum (import ./capabilities.nix));
+            default = [ "cli" ];
+          };
+        };
+      };
+    };
+  };
+}

modules/program.nix

@@ -0,0 +1,36 @@
+{
+  lib,
+  options,
+  ...
+}:
+with lib;
+{
+  options = {
+    custom.program = mkOption {
+      type = types.attrsOf (
+        types.submodule (
+          { config, ... }:
+          {
+            options = {
+              name = mkOption {
+                type = types.string;
+              };
+              requirements = mkOption {
+                type = types.listOf (types.enum (import ./capabilities.nix));
+                default = [ "cli" ];
+              };
+              home-config = mkOption {
+                type = types.deferredModule;
+              };
+              system-config = mkOption {
+                # type = types.attrs;
+                type = types.deferredModule;
+                default = { };
+              };
+            };
+          }
+        )
+      );
+    };
+  };
+}

modules/users.nix

@@ -0,0 +1,109 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib;
+let
+  cfg = config.custom.users;
+  machine = config.custom.machine;
+  valid-on-machine =
+    on:
+    # TODO: iterate over possibilities
+    if machine.type == "server" then
+      on.server
+    else if machine.type == "pc" then
+      on.pc
+    else
+      false;
+  matches-capabilities =
+    # all requirements are contained in the machine capabilities
+    requirements: lib.all (req: builtins.elem req machine.capabilities) requirements;
+  users = lib.filterAttrs (_: value: valid-on-machine value.on) cfg;
+  home-users = lib.filterAttrs (_: value: value.apply-home-configs) users;
+  stateVersion = config.system.stateVersion;
+  programs = lib.attrsets.attrValues config.custom.program;
+  valid-programs = builtins.filter (program: matches-capabilities program.requirements) programs;
+in
+{
+  options =
+    let
+      userType = types.submodule {
+        options = {
+          name = mkOption {
+            type = types.str;
+            default = [ ];
+          };
+          groups = mkOption {
+            type = types.listOf types.str;
+            default = [ ];
+          };
+          keys = mkOption {
+            type = types.listOf types.str;
+            default = [ ];
+          };
+          shell = mkOption {
+            type = types.package;
+            default = pkgs.fish;
+          };
+          on = mkOption {
+            type = types.submodule {
+              options = {
+                server = mkOption {
+                  type = types.bool;
+                  default = true;
+                };
+                pc = mkOption {
+                  type = types.bool;
+                  default = false;
+                };
+              };
+            };
+            default = { };
+          };
+          apply-home-configs = mkOption {
+            type = types.bool;
+            default = false;
+          };
+        };
+      };
+    in
+    {
+      custom.users = mkOption {
+        type = types.attrsOf userType;
+      };
+    };
+
+  config = lib.mkMerge ([
+    {
+      users.extraUsers = lib.mapAttrs (name: value: {
+        isNormalUser = true;
+        extraGroups = value.groups;
+        openssh.authorizedKeys.keys = value.keys;
+        shell = value.shell;
+        description = name;
+      }) users;
+      home-manager.users = lib.mapAttrs (
+        name: value:
+        (
+          { pkgs, lib, ... }:
+          {
+            imports = (
+              [
+                ./home-info.nix
+              ]
+              ++ (map (program: program.home-config) valid-programs)
+            );
+
+            home = {
+              inherit stateVersion;
+              username = name;
+              homeDirectory = "/home/${name}";
+            };
+          }
+        )
+      ) home-users;
+    }
+  ]);
+}

programs/default.nix

@@ -0,0 +1,79 @@
+{
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./nvim
+    ./fish
+    ./kanata
+    ./kitty
+    ./tmux
+    ./git
+    ./jj
+    ./niri
+    ./zed
+    ./firefox
+  ];
+
+  custom.program.graphcial-packages = {
+    requirements = [ "graphical" ];
+    home-config = _: {
+      home.packages = with pkgs; [
+        spotify
+        obsidian
+      ];
+    };
+  };
+
+  custom.program.fun-packages = {
+    requirements = [ "fun" ];
+    home-config = _: {
+      home.packages = with pkgs; [
+        p1n3appl3.tab
+      ];
+    };
+  };
+
+  custom.program.cli-packages = {
+    requirements = [ "cli" ];
+    home-config = _: {
+      home.packages = with pkgs; [
+        sops
+      ];
+    };
+  };
+
+  custom.program.homedirs = {
+    home-config =
+      { config, ... }:
+      {
+        home.file = {
+          "dl".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.download}";
+          "doc".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.documents}";
+        };
+      };
+  };
+
+  custom.program.xdg = {
+    home-config =
+      { config, ... }:
+      {
+        xdg = {
+          enable = true;
+
+          configHome = "${config.home.homeDirectory}/.config";
+          userDirs = {
+            enable = true;
+            documents = "${config.home.homeDirectory}/Documents";
+            desktop = "${config.home.homeDirectory}/Documents";
+            download = "${config.home.homeDirectory}/Downloads";
+            music = "${config.home.homeDirectory}/Documents/personal/music";
+            pictures = "${config.home.homeDirectory}/Documents/personal/pictures";
+          };
+
+          mime.enable = true;
+        };
+      };
+  };
+}

programs/firefox/default.nix

@@ -1,10 +1,13 @@
-{
+_: {
+  custom.program.firefox.requirements = [ "graphical" ];
+  custom.program.firefox.home-config =
+    {
       config,
       flakes,
       pkgs,
       ...
-}:
+    }:
-let
+    let
       ff-pkgs = flakes.firefox-addons.packages.${pkgs.system};
       lock-false = {
         Value = false;
@@ -14,11 +17,8 @@ let
       #   Value = true;
       #   Status = "locked";
       # };
-in
+    in
-{
+    {
-
-  home.file."${config.programs.firefox.profilesPath}/main/chrome".source =
-    "${flakes.firefox-sidebar-css}";
       programs.firefox = {
         enable = true;
         package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
@@ -73,6 +73,7 @@ in
             "browser.tabs.closeWindowWithLastTab" = lock-false;
             "sidebar.position_start" = false; # sidebar on the right
             "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            "browser.toolbars.bookmarks.visibility" = "always";
           };
 
           userChrome = builtins.readFile ./userChrome.css;
@@ -114,9 +115,19 @@ in
                 url = "https://search.nixos.org/packages?query=%s";
               }
               {
-            keyword = "!nf";
+                keyword = "!nho";
-            url = "https://search.nixos.org/flakes?query=%s";
+                url = "https://home-manager-options.extranix.com/?query=%s";
               }
+              {
+                keyword = "!no";
+                url = "https://search.nixos.org/options?query=%s";
+              }
+
+              # {
+              #   name = "bank";
+              #   toolbar = true;
+              #   url = "https://web.bunq.com/user";
+              # }
             ];
           };
 
@@ -150,4 +161,5 @@ in
         defaultApplications."x-scheme-handler/about" = [ "firefox.desktop" ];
         defaultApplications."x-scheme-handler/unknown" = [ "firefox.desktop" ];
       };
+    };
 }

programs/fish/default.nix

@@ -1,11 +1,15 @@
-{ config
+_: {
-, pkgs
+  custom.program.fish.requirements = [ "cli" ];
-, lib
+  custom.program.fish.home-config =
-, ...
+    {
-}:
+      config,
-with builtins;
+      pkgs,
-with lib.attrsets;
+      lib,
-let
+      ...
+    }:
+    with builtins;
+    with lib.attrsets;
+    let
       scripts = (import ./scripts.nix) pkgs;
       aliases = with scripts; {
         "cp-mov" = cp-media "mov" "movies";
@@ -73,8 +77,8 @@ let
           end
         end
       '';
-in
+    in
-{
+    {
       programs = {
         atuin = {
           enable = true;
@@ -233,4 +237,5 @@ in
           setupTide
         '';
       };
+    };
 }

programs/git/default.nix

@@ -1,4 +1,6 @@
 _: {
+  custom.program.git.requirements = [ "cli" ];
+  custom.program.git.home-config = _: {
     programs.git = {
       enable = true;
       signing.key = "/home/jana/.ssh/id_ed25519.pub";
@@ -33,4 +35,5 @@ _: {
       };
       enableGitIntegration = true;
     };
+  };
 }

programs/jj/default.nix

@@ -1,5 +1,8 @@
-{ config, pkgs, ... }:
+_: {
-{
+  custom.program.jujutsu.requirements = [ "cli" ];
+  custom.program.jujutsu.home-config =
+    { config, pkgs, ... }:
+    {
       programs.jujutsu = {
         enable = true;
         # package = pkgs.custom.jujutsu;
@@ -177,4 +180,5 @@
           };
         };
       };
+    };
 }

programs/kanata/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, ... }:
 let
   kanata-config = ''
     (defcfg
@@ -74,12 +74,10 @@ let
   '';
 in
 {
-  # sudo groupadd uinput
+  custom.program.kanata.requirements = [ "graphical" ];
-  # sudo usermod -aG input $USER
+  custom.program.kanata.home-config =
-  # sudo usermod -aG uinput $USER
+    { pkgs, config, ... }:
-  # echo "KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"" >> /etc/udev/rules.d/99-input.rules
+    {
-  # reboot or sudo udevadm control --reload-rules && sudo udevadm trigger
-  # sudo modprobe uinput
       systemd.user.services.kanata = {
         Unit = {
           Description = "kanata";
@@ -99,6 +97,29 @@ in
 
       home.file.kanata = {
         target = ".config/kanata/kanata.kbd";
-    text = builtins.readFile ./cfg.kbd;
+        text = kanata-config;
       };
+    };
+
+  # custom.program.kanata.system-config =
+  #   { pkgs, ... }:
+  #   {
+  # sudo groupadd uinput
+  # sudo usermod -aG input $USER
+  # sudo usermod -aG uinput $USER
+  # echo "KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"" >> /etc/udev/rules.d/99-input.rules
+  # reboot or sudo udevadm control --reload-rules && sudo udevadm trigger
+  # sudo modprobe uinput
+
+  users.groups.uinput = { };
+  users.extraUsers.jana.extraGroups = [
+    "uinput"
+    "input"
+  ];
+  environment.systemPackages = [ pkgs.kanata-with-cmd ];
+  services.udev.extraRules = ''
+    KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
+  '';
+  # };
+
 }

programs/kanata/system.nix

@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-{
-  # sudo groupadd uinput
-  # sudo usermod -aG input $USER
-  # sudo usermod -aG uinput $USER
-  # echo "KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"" >> /etc/udev/rules.d/99-input.rules
-  # reboot or sudo udevadm control --reload-rules && sudo udevadm trigger
-  # sudo modprobe uinput
-
-  users.groups.uinput = { };
-  users.extraUsers.jana.extraGroups = [
-    "uinput"
-    "input"
-  ];
-  environment.systemPackages = [ pkgs.kanata-with-cmd ];
-  services.udev.extraRules = ''
-    KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
-  '';
-}

programs/kitty/default.nix

@@ -1,5 +1,8 @@
-{ pkgs, flakes, ... }:
+_: {
-{
+  custom.program.kitty.requirements = [ "graphical" ];
+  custom.program.kitty.home-config =
+    { pkgs, flakes, ... }:
+    {
       programs.kitty = {
         enable = true;
         font = {
@@ -50,4 +53,5 @@
           mouse_map left click ungrabbed no-op
         '';
       };
+    };
 }

programs/niri/default.nix

@@ -1,11 +1,14 @@
-{
+_: {
+  custom.program.niri.requirements = [ "graphical" ];
+  custom.program.niri.home-config =
+    {
       config,
       pkgs,
       flakes,
       lib,
       ...
-}:
+    }:
-let
+    let
       noctalia =
         cmd:
         [
@@ -17,8 +20,14 @@ let
 
       wallpaper = ("${pkgs.custom.raw-data}/pacific.png");
       matugenSchemeType = "scheme-tonal-spot";
-in
+    in
-{
+    {
+      imports = [
+        flakes.niri.homeModules.niri
+        flakes.matugen.nixosModules.default
+        flakes.noctalia.homeModules.default
+      ];
+
       home.packages = with pkgs; [
         matugen
         glib
@@ -36,6 +45,36 @@ in
         noto-fonts
       ];
 
+      programs.niri.settings = {
+        # main laptop screen
+        outputs."eDP-1" = {
+          mode = {
+            width = 1928;
+            height = 1200;
+            refresh = 59.987;
+          };
+          position = {
+            x = 0;
+            y = 0;
+          };
+        };
+
+        outputs."LG Electronics LG ULTRAWIDE 411NTBK28189" = {
+          mode = {
+            width = 3440;
+            height = 1440;
+            refresh = 59.987;
+          };
+          position = {
+            x = -3440;
+            y = 240;
+          };
+
+          # focus the external screen first
+          focus-at-startup = true;
+        };
+      };
+
       home.sessionVariables = {
         QT_QPA_PLATFORMTHEME = "qt6ct";
         XCURSOR_THEME = "Adwaita";
@@ -355,19 +394,22 @@ in
             cooldown-ms = 150;
             action.focus-workspace-up = { };
           };
-      "Mod+Shift+WheelScrollDown" = {
+          "Mod+Shift+WheelScrollDown".action.focus-column-left = { };
-        cooldown-ms = 150;
+          "Mod+Shift+WheelScrollUp".action.focus-column-right = { };
-        action.move-column-to-workspace-down = { };
-      };
-      "Mod+Shift+WheelScrollUp" = {
-        cooldown-ms = 150;
-        action.move-column-to-workspace-up = { };
-      };
 
-      "Mod+WheelScrollRight".action.focus-column-right = { };
+          # "Mod+Shift+WheelScrollDown" = {
-      "Mod+WheelScrollLeft".action.focus-column-left = { };
+          #   cooldown-ms = 150;
-      "Mod+Shift+WheelScrollRight".action.move-column-right = { };
+          #   action.move-column-to-workspace-down = { };
-      "Mod+Shift+WheelScrollLeft".action.move-column-left = { };
+          # };
+          # "Mod+Shift+WheelScrollUp" = {
+          #   cooldown-ms = 150;
+          #   action.move-column-to-workspace-up = { };
+          # };
+
+          # "Mod+WheelScrollRight".action.focus-column-right = { };
+          # "Mod+WheelScrollLeft".action.focus-column-left = { };
+          # "Mod+Shift+WheelScrollRight".action.move-column-right = { };
+          # "Mod+Shift+WheelScrollLeft".action.move-column-left = { };
 
           "Mod+BracketLeft".action.consume-or-expel-window-left = { };
           "Mod+BracketRight".action.consume-or-expel-window-right = { };
@@ -555,4 +597,5 @@ in
           gtk-enable-primary-paste = false;
         };
       };
+    };
 }

programs/nvim/default.nix

@@ -1,5 +1,9 @@
-{ pkgs, inputs, ... }:
+_: {
-{
+  custom.program.nvim.requirements = [ "cli" ];
+  custom.program.nvim.home-config =
+    { pkgs, flakes, ... }:
+    {
+
       home = {
         sessionVariables = {
           EDITOR = "nvim";
@@ -7,6 +11,7 @@
       };
 
       imports = [
+        flakes.nixvim.homeModules.nixvim
         ./options.nix
         ./plugins.nix
         ./keys.nix
@@ -67,8 +72,7 @@
         extraConfigLuaPre = ''
           require("neoconf").setup({})
         '';
-    extraConfigLua =
+        extraConfigLua = ''
-      ''
           require("render-markdown").setup {
             latex_converter = '${pkgs.python312Packages.pylatexenc}/bin/latex2text',
           }
@@ -96,4 +100,5 @@
         + (builtins.readFile ./config.lua);
 
       };
+    };
 }

programs/nvim/plugins.nix

@@ -11,14 +11,14 @@ let
   };
 in
 # fzy-lua-native = pkgs.vimUtils.buildVimPlugin {
-  #   name = "fzy-lua-native";
+#   name = "fzy-lua-native";
-  #   src = pkgs.fetchFromGitHub {
+#   src = pkgs.fetchFromGitHub {
-  #     owner = "romgrk";
+#     owner = "romgrk";
-  #     repo = "fzy-lua-native";
+#     repo = "fzy-lua-native";
-  #     rev = "9d720745d5c2fb563c0d86c17d77612a3519c506";
+#     rev = "9d720745d5c2fb563c0d86c17d77612a3519c506";
-  #     hash = "sha256-pBV5iGa1+5gtM9BcDk8I5SKoQ9sydOJHsmyoBcxAct0=";
+#     hash = "sha256-pBV5iGa1+5gtM9BcDk8I5SKoQ9sydOJHsmyoBcxAct0=";
-  #   };
+#   };
-  # };
+# };
 {
   programs.nixvim = {
     plugins = {
@@ -286,8 +286,9 @@ in
 
       neo-tree = {
         enable = true;
-        closeIfLastWindow = true;
+        settings = {
-        enableGitStatus = false;
+          close_if_last_window = true;
+          enable_git_status = false;
 
           window = {
             position = "right";
@@ -301,14 +302,17 @@ in
             # };
           };
           filesystem = {
-          followCurrentFile.enabled = true;
+            follow_current_file.enabled = true;
             filteredItems = {
-            hideHidden = false;
+              hide_hidden = false;
-            hideDotfiles = false;
+              hide_dotfiles = false;
-            forceVisibleInEmptyFolder = true;
+              force_visible_in_empty_folder = true;
-            hideGitignored = false;
+              hide_gitignored = false;
             };
           };
+
+        };
+
       };
 
       nvim-lightbulb = {

programs/tmux/default.nix

@@ -1,5 +1,8 @@
-{ pkgs, ... }:
+_: {
-{
+  custom.program.tmux.requirements = [ "cli" ];
+  custom.program.tmux.home-config =
+    { pkgs, ... }:
+    {
       programs.tmux = {
         enable = true;
         mouse = true;
@@ -163,4 +166,5 @@
       #   open_file 2>&1 >> ~/open-file.log
       #
       # ''}/bin/open-file"
+    };
 }

programs/zed/default.nix

@@ -1,11 +1,15 @@
-{ pkgs, ... }:
+_: {
-{
+  custom.program.zed.requirements = [ "work" ];
+  custom.program.zed.home-config =
+    { pkgs, ... }:
+    {
       programs.zed-editor = {
         enable = true;
         extensions = [
           "nix"
           "intellij-newui-theme"
           "charmed-icons"
+          "astro"
         ];
         userSettings = {
 
@@ -163,4 +167,5 @@
           };
         };
       };
+    };
 }

users/default.nix

@@ -0,0 +1,94 @@
+{ pkgs, inputs, ... }:
+{
+  imports = [
+    (inputs.self + /modules/users.nix)
+  ];
+  users.groups.media = { };
+
+  custom.users = {
+    vivian = {
+      shell = pkgs.zsh;
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKME+A5zu36tMIsY+PBoboizgAzt6xReUNrKRBkxvl3i vivian@null"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8llUcEBHsLqotFZc++LNP2fjItuuzeUsu5ObXecYNj vivian@eevee"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
+      ];
+    };
+
+    jana = {
+      shell = pkgs.fish;
+      keys = [
+        # ori (lenovo laptop/desktop)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
+
+        # bastion (arch server)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
+
+        # fili (server)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
+
+        # kili (tudelft laptop)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
+
+        # nori hp tudelft laptop
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
+
+        # oneplus 5 phone
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
+
+        # git deploy key
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
+      ];
+      # Make me admin
+      groups = [
+        "systemd-journal"
+        "wheel"
+        "networkmanager"
+        "libvirtd"
+        "dialout"
+      ];
+
+      on = {
+        pc = true;
+      };
+
+      apply-home-configs = true;
+    };
+
+    laura = {
+      shell = pkgs.zsh;
+
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
+      ];
+    };
+
+    wffl = {
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbYifrfevSlcZvKSCpJShXGX89dlLdD0wEl5L3CvX6e"
+      ];
+      groups = [ "media" ];
+    };
+
+    julia = {
+      shell = pkgs.zsh;
+      keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfVoCjrBTOH746bJCKQwRgWzjFskNeLQKz73qmd4P3tmiJIFMAim7MiCwtQbxvIUOTZHbG7vRHZ5SwSH/d/wqmESmY1meRH/43uP4YlRRwUFkUHcwEJsVP9dDza0jYuBXVo04B/fuP93W2+aeBPKiSuWrnQ9s2LwRJ/0aqani8xpVn87EXp90aXjdF4iqu7tL4Nn1zUULYOdULrry0j6moUumUhmtkWb0PrTcxZr7BoDz8UH7Fu9G0uK8Xr5dAxs7RgTyFpUWg6h+AKQczMHLluwuRr2m12gWXKZIVO+Sw1PYYuU58Y7+E00KEM1Xy9SnuOW5ZgnxWBqydD+Gc2q67"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCatP3klEjfQPSiJNUc3FRDdz927BG1IzektpouzOZR"
+      ];
+      groups = [ "media" ];
+    };
+
+    jonathan-brouwer = {
+      shell = pkgs.zsh;
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP6UDiX8vb4rHV+8Zwaozh8dnCAsPM+fe/4BEfC/xyV jonathantbrouwer@gmail.com"
+      ];
+    };
+  };
+}

users/users.nix

@@ -1,95 +0,0 @@
-{ pkgs, ... }:
-{
-  users.groups.media = { };
-
-  users.extraUsers.vivian = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKME+A5zu36tMIsY+PBoboizgAzt6xReUNrKRBkxvl3i vivian@null"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8llUcEBHsLqotFZc++LNP2fjItuuzeUsu5ObXecYNj vivian@eevee"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
-    ];
-  };
-
-  users.extraUsers.jana = {
-    isNormalUser = true;
-    shell = pkgs.fish;
-    openssh.authorizedKeys.keys = [
-      # ori (lenovo laptop/desktop)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
-
-      # bastion (arch server)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
-
-      # fili (server)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
-
-      # kili (tudelft laptop)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
-
-      # nori hp tudelft laptop
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
-
-      # oneplus 5 phone
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
-
-      # git deploy key
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
-    ];
-    # Make me admin
-    extraGroups = [
-      "systemd-journal"
-      "wheel"
-      "networkmanager"
-      "libvirtd"
-      "dialout"
-    ];
-  };
-
-  users.extraUsers.laura = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
-    ];
-  };
-
-  users.extraUsers.wffl = {
-    isNormalUser = true;
-    shell = pkgs.fish;
-
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbYifrfevSlcZvKSCpJShXGX89dlLdD0wEl5L3CvX6e"
-    ];
-
-    extraGroups = [ "media" ];
-  };
-
-  users.extraUsers.julia = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfVoCjrBTOH746bJCKQwRgWzjFskNeLQKz73qmd4P3tmiJIFMAim7MiCwtQbxvIUOTZHbG7vRHZ5SwSH/d/wqmESmY1meRH/43uP4YlRRwUFkUHcwEJsVP9dDza0jYuBXVo04B/fuP93W2+aeBPKiSuWrnQ9s2LwRJ/0aqani8xpVn87EXp90aXjdF4iqu7tL4Nn1zUULYOdULrry0j6moUumUhmtkWb0PrTcxZr7BoDz8UH7Fu9G0uK8Xr5dAxs7RgTyFpUWg6h+AKQczMHLluwuRr2m12gWXKZIVO+Sw1PYYuU58Y7+E00KEM1Xy9SnuOW5ZgnxWBqydD+Gc2q67"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCatP3klEjfQPSiJNUc3FRDdz927BG1IzektpouzOZR"
-    ];
-
-    extraGroups = [ "media" ];
-  };
-
-  users.extraUsers.jonathan-brouwer = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP6UDiX8vb4rHV+8Zwaozh8dnCAsPM+fe/4BEfC/xyV jonathantbrouwer@gmail.com"
-    ];
-  };
-}