refactor project to prioritize correctness. place custom nixos options into existing 'modules' and prefix them with '_'. use _archetypes module for software collections, system profiles, etc. personal configs moved to _archetypes.tjkeller. probably changed or fixed or broke a few other things in the process

author: Tim Keller <tjk@tjkeller.xyz> 2025-08-21 12:27:51 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2025-08-21 12:27:51 -0500
commit: 86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5 (patch)
tree: bcde8a15f5cec938d3f4653863b0f6309bc65626 /modules
parent: 078e8ea33d29af21bad55313d75d716db8d5a617 (diff)
download: nixos-86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5.tar.xz
nixos-86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5.zip
82 files changed, 1029 insertions, 764 deletions
diff --git a/modules/archetypes/headless/default.nix b/modules/archetypes/headless/default.nix
deleted file mode 100644
index b0dfb71..0000000
--- a/modules/archetypes/headless/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ lib, ... }: {
-	autologin.enable       = lib.mkOverride 101 false;
-	avahi.enable           = lib.mkOverride 101 false;
-	bluetooth.enable       = lib.mkOverride 101 false;
-	fonts.enable           = lib.mkOverride 101 false;
-	pipewire.enable        = lib.mkOverride 101 false;
-	printing.enable        = lib.mkOverride 101 false;
-	tlp.enable             = lib.mkOverride 101 false;
-	scanning.enable        = lib.mkOverride 101 false;
-	suspend.enable         = lib.mkOverride 101 false;
-	wifi.enable            = lib.mkOverride 101 false;
-	xserver.enable         = lib.mkOverride 101 false;
-	users.setPassword.enable = lib.mkOverride 101 false;
-}
diff --git a/modules/home/default.nix b/modules/home/default.nix
index a015cc4..022ee9f 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -1,7 +1,7 @@
 { lib, userDetails, homeStateVersion, ... }: {
 	home = {
 		username = userDetails.username;
-		homeDirectory = userDetails.home;
+		homeDirectory = lib.mkForce userDetails.home;
 		stateVersion = homeStateVersion;
 	};
 
diff --git a/modules/hosts/T430/configuration.nix b/modules/hosts/T430/configuration.nix
deleted file mode 100644
index 7910275..0000000
--- a/modules/hosts/T430/configuration.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }: {
-	imports = [ ./hardware-configuration.nix ];
-
-	# TODO this does not function
-	#boot.initrd.systemd.extraBin = {
-	#	sh = "${pkgs.dash}/bin/dash";
-	#	vim = "${pkgs.neovim}/bin/nvim";
-	#};
-
-	# Open ports in the firewall.
-	# networking.firewall.allowedTCPPorts = [ ... ];
-	# networking.firewall.allowedUDPPorts = [ ... ];
-	# Or disable the firewall altogether.
-	# networking.firewall.enable = false;
-
-	system.stateVersion = "24.05";
-}
diff --git a/modules/hosts/T430/hardware-configuration.nix b/modules/hosts/T430/hardware-configuration.nix
deleted file mode 100644
index 206a525..0000000
--- a/modules/hosts/T430/hardware-configuration.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/b991914b-3a4c-4248-9472-b5403729601a";
-      fsType = "btrfs";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/modules/hosts/T430/home.nix b/modules/hosts/T430/home.nix
deleted file mode 100644
index 15df79a..0000000
--- a/modules/hosts/T430/home.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ ... }: {
-	imports = [ ../../home ];
-
-	wallpapers.enable = true;
-}
diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix
index 6ee62e9..171f746 100644
--- a/modules/hosts/T495/configuration.nix
+++ b/modules/hosts/T495/configuration.nix
@@ -1,35 +1,64 @@
 { config, lib, pkgs, ... }: {
 	imports = [
 		./hardware-configuration.nix
-		./games.nix
-		#./input-leap.nix
 		./wg.nix
+		../../nixos/archetypes/tjkeller
 	];
-	bootloader.mode = "efi";
 
-	# Enable extra software pkgs
-	software.desktop = {
-		chromium.enable = true;
-		cad.enable = true;
-		crypto.enable = true;
-		graphics.enable = true;
-		office.enable = true;
-		utilities.enable = true;
-	};
-	software.development = {
-		docker.enable = true;
+	# Setup bootloader
+	boot._loader.enable = true;
+
+	# Enable common options
+	_archetypes = {
+		# Use desktop profile
+		profiles.desktop.enable = true;
+		# Install software
+		collections = {
+			desktop = {
+				extraUtilities.enable = true;
+				cad.enable = true;
+				chromium.enable = true;
+				crypto.enable = true;
+				graphics.enable = true;
+				office.enable = true;
+			};
+			development = {
+				android.enable = true;
+				c.enable = true;
+				docker.enable = true;
+				lua.enable = true;
+				web = {
+					hugo = {
+						enable = true;
+						openFirewall = true;
+					};
+					node.enable = true;
+				};
+			};
+			bluetooth.enable = true;
+		};
+		# Setup user
+		users.primary = {
+			enable = true;
+			autologin.enable = true;
+		};
+		# Enable network drives
+		tjkeller = {
+			nas = {
+				enable = true;
+				office.enable = true;
+			};
+		};
 	};
 
-	# Enable network drives
-	nas.enable = true;
-	nas.office.enable = true;
-	nas.office.automount = false;
+	# Install spotify
+	nixpkgs.config.allowUnfree = true;
+	environment.systemPackages = with pkgs; [
+		spotify
+	];
 
 	# Use amdgpu driver for x11
 	services.xserver.videoDrivers = [ "amdgpu" ];
 
-	# Enable bluetooth
-	bluetooth.enable = true;
-
 	system.stateVersion = "24.05";
 }
diff --git a/modules/hosts/T495/games.nix b/modules/hosts/T495/games.nix
deleted file mode 100644
index 419d854..0000000
--- a/modules/hosts/T495/games.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs, ... }: {
-	nixpkgs.config.allowUnfree = true;
-	environment.systemPackages = with pkgs; [
-		#vintagestory
-		prismlauncher
-	];
-}
diff --git a/modules/hosts/T495/input-leap.nix b/modules/hosts/T495/input-leap.nix
deleted file mode 100644
index cf6d018..0000000
--- a/modules/hosts/T495/input-leap.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, ... }: {
-	environment.systemPackages = with pkgs; [
-		input-leap
-	];
-
-	networking.firewall = {
-		allowedTCPPorts = [
-			24800  # input-leaps
-		];
-	};
-}
diff --git a/modules/hosts/X230/configuration.nix b/modules/hosts/X230/configuration.nix
index 9a8e6b4..accbb1c 100644
--- a/modules/hosts/X230/configuration.nix
+++ b/modules/hosts/X230/configuration.nix
@@ -1,14 +1,29 @@
 { config, lib, pkgs, ... }: {
 	imports = [
 		./hardware-configuration.nix
+		../../nixos/archetypes/tjkeller
 	];
-	bootloader.mode = "efi";
 
-	# Enable extra software pkgs
-	software.desktop = {
-		crypto.enable = true;
-		graphics.enable = true;
-		office.enable = true;
+	# Setup bootloader
+	boot._loader.enable = true;
+
+	# Enable common options
+	_archetypes = {
+		# Use desktop profile
+		profiles.desktop.enable = true;
+		# Install software
+		collections = {
+			desktop = {
+				crypto.enable = true;
+				graphics.enable = true;
+				office.enable = true;
+			};
+		};
+		# Setup user
+		users.primary = {
+			enable = true;
+			autologin.enable = true;
+		};
 	};
 
 	system.stateVersion = "24.05";
diff --git a/modules/hosts/hp-envy-office/configuration.nix b/modules/hosts/hp-envy-office/configuration.nix
index 9b3e173..89c5da4 100644
--- a/modules/hosts/hp-envy-office/configuration.nix
+++ b/modules/hosts/hp-envy-office/configuration.nix
@@ -1,42 +1,55 @@
 { config, lib, pkgs, ... }: {
-	imports = [ ./hardware-configuration.nix ];
-
-	# Show bootloader for longer since it usually doesn't show
-	boot.loader.timeout = 15;
-
-	# Enable extra software pkgs
-	software.desktop = {
-		chromium.enable = true;
-		cad.enable = false;
-		crypto.enable = false;
-		graphics.enable = true;
-		office.enable = true;
-		utilities.enable = true;
-	};
-	software.development = {
-		docker.enable = true;
+	imports = [
+		./hardware-configuration.nix
+		../../nixos/archetypes/tjkeller
+	];
+
+	# Setup bootloader
+	boot._loader.enable = true;
+	boot.loader.timeout = 15;  # Show for longer since it's usually skipped
+
+	# Enable common options
+	_archetypes = {
+		# Use desktop profile
+		profiles.desktop.enable = true;
+		# Install software
+		collections = {
+			desktop = {
+				extraUtilities.enable = true;
+				chromium.enable = true;
+				graphics.enable = true;
+				office.enable = true;
+			};
+			development = {
+				docker.enable = true;
+				web = {
+					node.enable = true;
+				};
+			};
+			virtualization.enable = true;
+			bluetooth.enable = true;
+		};
+		# Setup user
+		users.primary = {
+			enable = true;
+		};
+		tjkeller = {
+			nas = {
+				enable = true;
+				office.enable = true;
+				office.automount = true;
+			};
+		};
 	};
 
+	# Disable suspend
+	systemd._suspend.disable = true;
+
 	# Enable virtualization
 	virtualization.enable = true;
 
-	# Enable network drives
-	nas.enable = true;
-	nas.office.enable = true;
-	nas.home.enable = false;
-
-	networking.hosts = {
-		"192.168.77.3"  = [ "devel" ];
-	};
-
 	# Use amdgpu driver for x11
 	services.xserver.videoDrivers = [ "amdgpu" ];
 
-	# Enable bluetooth
-	bluetooth.enable = true;
-
-	# Disable autologin
-	autologin.enable = false;
-
 	system.stateVersion = "24.11";
 }
diff --git a/modules/hosts/libreX60/configuration.nix b/modules/hosts/libreX60/configuration.nix
index 55f1774..9c83a42 100644
--- a/modules/hosts/libreX60/configuration.nix
+++ b/modules/hosts/libreX60/configuration.nix
@@ -2,23 +2,22 @@
 	imports = [
 		./hardware-configuration.nix
 		./powertop-auto-tune.nix
+		../../nixos/archetypes/tjkeller
 		# Uncomment this module and reboot to enable bios flashing
 		#./bios-flashing.nix
 	];
 
 	# Use grub
-	bootloader = {
+	boot._loader = {
+		enable = true;
 		loader = "grub";
 		mode = "bios";
 		grub.biosDevice = "/dev/sda";
 	};
 
-	# Use bootloader
+	# Use libre kernel
 	boot.kernelPackages = pkgs.linuxPackages-libre;
 
-	# Enable network drives
-	nas.enable = true;
-
 	# i915 Gpu requires intel driver
 	services.xserver.videoDrivers = [ "intel" ];
 
diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix
index 16ba475..36241a8 100644
--- a/modules/hosts/optiplex/configuration.nix
+++ b/modules/hosts/optiplex/configuration.nix
@@ -1,36 +1,63 @@
 { config, lib, pkgs, ... }: {
-	imports = [ ./hardware-configuration.nix ];
-	bootloader.mode = "efi";
+	imports = [
+		./hardware-configuration.nix
+		../../nixos/archetypes/tjkeller
+	];
 
-	# Allow unfree for nvidia + others
-	nixpkgs.config.allowUnfree = true;
+	# Setup bootloader
+	boot._loader.enable = true;
 
-	# Enable extra software pkgs
-	software.desktop = {
-		chromium.enable = true;
-		cad.enable = true;
-		crypto.enable = true;
-		graphics.enable = true;
-		office.enable = true;
-		utilities.enable = true;
-	};
-	software.development = {
-		docker.enable = true;
+	# Enable common options
+	_archetypes = {
+		# Use desktop profile
+		profiles.desktop.enable = true;
+		# Install software
+		collections = {
+			desktop = {
+				extraUtilities.enable = true;
+				cad.enable = true;
+				chromium.enable = true;
+				crypto.enable = true;
+				graphics.enable = true;
+				office.enable = true;
+			};
+			development = {
+				android.enable = true;
+				c.enable = true;
+				docker.enable = true;
+				lua.enable = true;
+				web = {
+					hugo = {
+						enable = true;
+						openFirewall = true;
+					};
+					node.enable = true;
+				};
+			};
+		};
+		# Setup user
+		users.primary = {
+			enable = true;
+			autologin.enable = true;
+		};
+		tjkeller = {
+			nas.enable = true;
+		};
 	};
 
-	# Install more programs
+	# Disable suspend
+	systemd._suspend.disable = true;
+
+	# Allow unfree for nvidia + others
+	nixpkgs.config.allowUnfree = true;
+
+	# Install more software
 	environment.systemPackages = with pkgs; [
 		prismlauncher
 		spotify
 		#vintagestory
 	];
 
-	# Enable network drives
-	nas.enable = true;
-
-	# Disable wifi
-	wifi.enable = false;
-
 	# Use nvidia driver
 	services.xserver.videoDrivers = [ "nvidia" ];
 	hardware.nvidia = {
@@ -42,8 +69,5 @@
 		forceFullCompositionPipeline = true;  # Enables vsync
 	};
 
-	# Disable suspend
-	suspend.enable = false;
-
 	system.stateVersion = "24.11";
 }
diff --git a/modules/nixos/archetypes/collections/bluetooth.nix b/modules/nixos/archetypes/collections/bluetooth.nix
new file mode 100644
index 0000000..749a9f1
--- /dev/null
+++ b/modules/nixos/archetypes/collections/bluetooth.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.bluetooth;
+in {
+	options._archetypes.collections.bluetooth = {
+		enable = lib.mkEnableOption "enables bluetooth and blueman";
+	};
+
+	config = lib.mkIf cfg.enable {
+		hardware.bluetooth.enable = true;
+		services.blueman.enable = config._archetypes.collections.desktop.utilities.enable;  # FIXME
+	};
+}
diff --git a/modules/nixos/archetypes/collections/desktop.nix b/modules/nixos/archetypes/collections/desktop.nix
new file mode 100644
index 0000000..fff8682
--- /dev/null
+++ b/modules/nixos/archetypes/collections/desktop.nix
@@ -0,0 +1,80 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.desktop;
+in {
+	options._archetypes.collections.desktop = {
+		utilities.enable = lib.mkEnableOption "install basic desktop utilities";
+		extraUtilities.enable = lib.mkEnableOption "install extra desktop utilities";
+		chromium = {
+			enable = lib.mkEnableOption "install chromium browser";
+			package = lib.mkOption {
+				type = lib.types.package;
+				default = pkgs.ungoogled-chromium;
+				description = "chromium package to install";
+			};
+		};
+		cad.enable = lib.mkEnableOption "install cad and 3d printing software";
+		crypto.enable = lib.mkEnableOption "install crypto wallets";
+		firefox.enable = lib.mkEnableOption "install firefox";
+		graphics.enable = lib.mkEnableOption "install graphic design software";
+		office.enable = lib.mkEnableOption "install office software";
+	};
+
+	config = {
+		environment.systemPackages = with pkgs; [
+		] ++ lib.optionals cfg.utilities.enable [
+			# Utilities
+			arandr
+			dmenu
+			libnotify
+			lowbat
+			mpv
+			pavolctld
+			pavucontrol
+			pcmanfm
+			redshift
+			scrot
+			st
+			sxiv
+			wpa_supplicant_gui
+			zathura
+		] ++ lib.optionals cfg.chromium.enable [
+			# Chrome
+			cfg.chromium.package
+		] ++ lib.optionals cfg.cad.enable [
+			# CAD
+			blender
+			freecad
+			prusa-slicer
+		] ++ lib.optionals cfg.crypto.enable [
+			# Crypto Wallets
+			sparrow
+		] ++ lib.optionals cfg.graphics.enable [
+			# Graphics
+			blender
+			geeqie
+			gimp3
+			inkscape
+		] ++ lib.optionals cfg.office.enable [
+			# Office
+			hunspell  # Spell checking in libreoffice
+			hunspellDicts.en_US
+			kdePackages.okular
+			libreoffice
+			pdfchain
+			thunderbird
+		] ++ lib.optionals cfg.extraUtilities.enable [
+			# Extra Utilities
+			jellyfin-mpv-shim
+			qbittorrent
+			qdirstat
+			remmina
+		];
+
+		# Utilities
+		programs.localsend.enable = cfg.utilities.enable;  # Installs & opens firewall
+		services.gvfs.enable = cfg.utilities.enable; # GVfs allows for mounting drives in a graphical file manager
+
+		# Firefox
+		programs.firefox.enable = cfg.firefox.enable;
+	};
+}
diff --git a/modules/nixos/archetypes/collections/development.nix b/modules/nixos/archetypes/collections/development.nix
new file mode 100644
index 0000000..d0c979f
--- /dev/null
+++ b/modules/nixos/archetypes/collections/development.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.development;
+	hugoFirewallPort = 1313;
+in {
+	options._archetypes.collections.development = {
+		utilities.enable = lib.mkEnableOption "install basic dev utilities";
+		android.enable = lib.mkEnableOption "install android dev tools";
+		c.enable = lib.mkEnableOption "install c dev tools";
+		lua.enable = lib.mkEnableOption "install lua dev tools";
+		web = {
+			hugo = {
+				enable = lib.mkEnableOption "install hugo";
+				openFirewall = lib.mkEnableOption "open the port ${hugoFirewallPort} for viewing content from hugo serve on other devices";
+			};
+			node.enable = lib.mkEnableOption "install node";
+		};
+	};
+
+	config = {
+		environment.systemPackages = with pkgs; [
+			git
+			python3
+		] ++ lib.optionals cfg.android.enable [
+			#adb-sync
+			android-tools
+		] ++ lib.optionals cfg.c.enable [
+			gcc
+			git
+			gnumake
+			pkg-config
+		] ++ lib.optionals cfg.lua.enable [
+			lua
+		] ++ lib.optionals cfg.web.hugo.enable [
+			hugo
+		] ++ lib.optionals cfg.web.node.enable [
+			nodejs
+		];
+
+		networking.firewall.allowedTCPPorts = lib.mkIf cfg.web.hugo.openFirewall [ hugoFirewallPort ];
+	};
+}
diff --git a/modules/nixos/archetypes/collections/docker.nix b/modules/nixos/archetypes/collections/docker.nix
new file mode 100644
index 0000000..629dff3
--- /dev/null
+++ b/modules/nixos/archetypes/collections/docker.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.development.docker;
+in {
+	options._archetypes.collections.development.docker = {
+		enable = lib.mkEnableOption "enables docker";
+		btrfsSupport = lib.mkOption {
+			type = lib.types.bool;
+			default = true;
+			description = "Changes docker storageDriver to btrfs.";
+		};
+	};
+
+	config = lib.mkIf cfg.enable {
+		virtualisation.docker = {
+			enable = true;
+			storageDriver = lib.mkIf cfg.btrfsSupport "btrfs";
+		};
+
+		environment.systemPackages = with pkgs; [
+			docker-compose
+		];
+	};
+}
diff --git a/modules/nixos/archetypes/collections/fonts.nix b/modules/nixos/archetypes/collections/fonts.nix
new file mode 100644
index 0000000..136e31b
--- /dev/null
+++ b/modules/nixos/archetypes/collections/fonts.nix
@@ -0,0 +1,16 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.fonts;
+in {
+	options._archetypes.collections.fonts = {
+		enable = lib.mkEnableOption "enables fonts";
+	};
+
+	config = lib.mkIf cfg.enable {
+		fonts.packages = with pkgs; [
+			commit-mono
+			inter
+			nerd-fonts.jetbrains-mono
+			tamzen
+		];
+	};
+}
diff --git a/modules/root/software/utilities.nix b/modules/nixos/archetypes/collections/utilities.nix
index 79285a1..85763a4 100644
--- a/modules/root/software/utilities.nix
+++ b/modules/nixos/archetypes/collections/utilities.nix
@@ -1,6 +1,7 @@
 { pkgs, ... }: {
 	environment.systemPackages = with pkgs; [
 		crazydiskinfo
+		dash  # TODO should be default /bin/sh
 		entr
 		fastfetch
 		ffmpeg
@@ -8,13 +9,11 @@
 		jq
 		light
 		lm_sensors
-		lowbat
 		mediainfo
 		neovim
 		nmap
 		openssl
 		p7zip
-		pavolctld
 		powertop
 		pv
 		rsync
@@ -31,4 +30,6 @@
 		xxHash
 		yt-dlp
 	];
+
+	services.gpm.enable = true;
 }
diff --git a/modules/nixos/archetypes/collections/virtualization.nix b/modules/nixos/archetypes/collections/virtualization.nix
new file mode 100644
index 0000000..fda0e48
--- /dev/null
+++ b/modules/nixos/archetypes/collections/virtualization.nix
@@ -0,0 +1,22 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.virtualization;
+in {
+	options._archetypes.collections.virtualization = {
+		enable = lib.mkEnableOption "enables virtualization and virt-manager";
+	};
+
+	config = lib.mkIf cfg.enable {
+		virtualisation = {
+			spiceUSBRedirection.enable = true;
+			libvirtd.enable = true;
+			# Enable efi support with ovmf firmware
+			libvirtd.qemu = {
+				package = pkgs.qemu_kvm;
+				runAsRoot = true;
+				swtpm.enable = true;
+				ovmf.enable = true;
+			};
+		};
+		programs.virt-manager.enable = config._archetypes.collections.desktop.utilities.enable;  # FIXME
+	};
+}
diff --git a/modules/nixos/archetypes/collections/xserver.nix b/modules/nixos/archetypes/collections/xserver.nix
new file mode 100644
index 0000000..4cbdae8
--- /dev/null
+++ b/modules/nixos/archetypes/collections/xserver.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config._archetypes.collections.desktop.xserver;
+in {
+	options._archetypes.collections.desktop.xserver = {
+		enable = lib.mkEnableOption "installs xserver";
+		utilities.enable = lib.mkEnableOption "installs basic xserver utilities";
+	};
+
+	config = lib.mkIf cfg.enable {
+		services.xserver.enable = true;
+		services.xserver.displayManager.startx.enable = true;
+		services.libinput.enable = true;  # Enable touchpad support
+
+		# Install basic X utilities
+		environment.systemPackages = with pkgs; lib.optionals cfg.utilities.enable [
+			unclutter
+			xcape
+			xclip
+			xdotool
+			xorg.setxkbmap
+			xorg.xinput
+			xorg.xkill
+			xorg.xrandr
+			xorg.xset
+			xwallpaper
+		];
+
+		# Enable TearFree option by default
+		# Not all video drivers support this option
+		services.xserver.deviceSection = ''
+			Option "TearFree" "true"
+		'';
+	};
+}
diff --git a/modules/nixos/archetypes/profiles/desktop/default.nix b/modules/nixos/archetypes/profiles/desktop/default.nix
new file mode 100644
index 0000000..d9a7dc7
--- /dev/null
+++ b/modules/nixos/archetypes/profiles/desktop/default.nix
@@ -0,0 +1,53 @@
+{ lib, config, pkgs, ... }: let
+	mkDesktop = lib.mkOverride 920;
+	cfg = config._archetypes.profiles.desktop;
+in {
+	options._archetypes.profiles.desktop = {
+		enable = lib.mkEnableOption "enable desktop profile";
+	};
+
+	config = lib.mkIf cfg.enable {
+		_archetypes.collections = {
+			desktop = {
+				utilities.enable = mkDesktop true;
+				firefox.enable = mkDesktop true;
+				xserver = {
+					enable = mkDesktop true;
+					utilities.enable = mkDesktop true;
+				};
+			};
+			development = {
+				utilities.enable = mkDesktop true;
+			};
+			fonts.enable = mkDesktop true;
+		};
+
+		_archetypes.users.primary = {
+			enable = mkDesktop true;
+		};
+
+		security = {
+			_doas.enable = mkDesktop true;
+		};
+
+		programs = {
+			_ddcutil.enable = mkDesktop true;
+			_home-manager.enable = mkDesktop true;
+		};
+
+		services = {
+			xserver = {
+				windowManager._awesome.enable = mkDesktop true;
+			};
+			_pipewire.enable = mkDesktop true;
+			_printing.enable = mkDesktop true;
+			_ssh.enable = mkDesktop true;
+			tlp.enable = mkDesktop true;
+
+			# Ensure video group can change backlight
+			udev.extraRules = ''
+				SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
+			'';
+		};
+	};
+}
diff --git a/modules/nixos/archetypes/profiles/headless/default.nix b/modules/nixos/archetypes/profiles/headless/default.nix
new file mode 100644
index 0000000..ef17db0
--- /dev/null
+++ b/modules/nixos/archetypes/profiles/headless/default.nix
@@ -0,0 +1,32 @@
+{ lib, config, ... }: let
+	mkHeadless = lib.mkOverride 910;
+	cfg = config._archetypes.profiles.headless;
+in {
+	options._archetypes.profiles.headless = {
+		enable = lib.mkEnableOption "enable headless profile";
+	};
+
+	config = lib.mkIf cfg.enable {
+		_archetypes.collections = {
+			development = {
+				utilities.enable = mkHeadless true;
+			};
+		};
+
+		_archetypes.users = {
+			primary.enable = mkHeadless true;
+		};
+
+		security = {
+			_doas.enable = mkHeadless true;
+		};
+
+		programs = {
+			_ddcutil.enable = mkHeadless true;
+		};
+
+		services = {
+			_ssh.enable = mkHeadless true;
+		};
+	};
+}
diff --git a/modules/nixos/archetypes/tjkeller/default.nix b/modules/nixos/archetypes/tjkeller/default.nix
new file mode 100644
index 0000000..6a9bbd9
--- /dev/null
+++ b/modules/nixos/archetypes/tjkeller/default.nix
@@ -0,0 +1,10 @@
+{
+	imports = [
+		./hosts.nix
+		./localization.nix
+		./nas.nix
+		./printing.nix
+		./user.nix
+		./wifi.nix
+	];
+}
diff --git a/modules/root/hosts.nix b/modules/nixos/archetypes/tjkeller/hosts.nix
index cb526f2..66c6ccc 100644
--- a/modules/root/hosts.nix
+++ b/modules/nixos/archetypes/tjkeller/hosts.nix
@@ -1,5 +1,4 @@
-{ hostname, ... }: {
-	networking.hostName = hostname;  # From flake.nix
+{
 	networking.hosts = {
 		"192.168.1.9"   = [ "optiplex" ];
 		"192.168.1.30"  = [ "localgit" ];
@@ -14,5 +13,4 @@
 			"tjkeller.xyz"
 		];
 	};
-	environment.etc.hosts.mode = "0644";  # Allow temporary imperative modifications
 }
diff --git a/modules/root/localization.nix b/modules/nixos/archetypes/tjkeller/localization.nix
index 8313f07..8313f07 100644
--- a/modules/root/localization.nix
+++ b/modules/nixos/archetypes/tjkeller/localization.nix
diff --git a/modules/nixos/archetypes/tjkeller/nas.nix b/modules/nixos/archetypes/tjkeller/nas.nix
new file mode 100644
index 0000000..1ed0ca3
--- /dev/null
+++ b/modules/nixos/archetypes/tjkeller/nas.nix
@@ -0,0 +1,35 @@
+{ lib, config, ... } :
+let
+	cfg = config._archetypes.tjkeller.nas;
+	mkNetworkFileSystem = device: automount: {
+		device = "${device}";
+		fsType = "nfs";
+		options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ];
+	};
+in {
+	options._archetypes.tjkeller.nas = {
+		enable = lib.mkEnableOption "enable network shares";
+		home = {
+			enable = lib.mkEnableOption "enable home network shares";
+			automount = lib.mkEnableOption "automount home network shares";
+		};
+		office = {
+			enable = lib.mkEnableOption "enable office network shares";
+			automount = lib.mkEnableOption "automount home network shares";
+		};
+	};
+
+	config = lib.mkIf cfg.enable {
+		fileSystems = lib.optionalAttrs cfg.home.enable {
+			"/media/Storage/Media"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media"               cfg.home.automount;
+			"/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups"             cfg.home.automount;
+			"/media/Storage/Tapes"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes"       cfg.home.automount;
+			"/media/Family Photos"   = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos"                cfg.home.automount;
+		} // lib.optionalAttrs cfg.office.enable {
+			"/media/chexx/chexx"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx"             cfg.office.automount;
+			"/media/chexx/tkdocs"    = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller"  cfg.office.automount;
+			"/media/chexx/scans"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans"             cfg.office.automount;
+		};
+		# TODO auto mkdirz
+	};
+}
diff --git a/modules/root/printing.nix b/modules/nixos/archetypes/tjkeller/printing.nix
index f0d0dd8..d5cceab 100644
--- a/modules/root/printing.nix
+++ b/modules/nixos/archetypes/tjkeller/printing.nix
@@ -1,34 +1,23 @@
 { lib, config, pkgs, ... }: {
-	options = {
-		printing.enable = lib.mkEnableOption "enables printing";
-		avahi.enable    = lib.mkEnableOption "enables avahi";
-		scanning.enable = lib.mkEnableOption "enables scanning";
-	};
-
-	config = lib.mkIf config.printing.enable {
-		services.printing = {
-			enable = true;
-			drivers = [
-				pkgs.epson-escpr2
-				pkgs.workcentre-7800-series
-			];
-		};
-
-		services.avahi = {
-			enable = true;
-			nssmdns4 = true;
-			openFirewall = true;
-		};
+	config = lib.mkIf config.services.printing.enable {
+		# Printer drivers
+		services.printing.drivers = [
+			pkgs.epson-escpr2
+			pkgs.workcentre-7800-series
+		];
 
-		environment.systemPackages = with pkgs; pkgs.lib.optionals config.scanning.enable [
+		# Scanning programs
+		environment.systemPackages = with pkgs; [
 			epsonscan2
 		];
 
+		# Printers
 		networking.hosts = {
 			"192.168.1.35"  = [ "Epson_ET-8500" ];
 			"192.168.77.40" = [ "Xerox_WorkCentre_7855" ];
 		};
 
+		# Add printers to cups
 		hardware.printers.ensurePrinters = [
 			{
 				name = "Epson_ET-8500";
diff --git a/modules/root/resources/secrets/hashed-root-password.yaml b/modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml
index a42fd42..a42fd42 100644
--- a/modules/root/resources/secrets/hashed-root-password.yaml
+++ b/modules/nixos/archetypes/tjkeller/resources/secrets/hashed-root-password.yaml
diff --git a/modules/root/resources/secrets/wpa_supplicant-conf.yaml b/modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml
index 2fd7a0e..2fd7a0e 100644
--- a/modules/root/resources/secrets/wpa_supplicant-conf.yaml
+++ b/modules/nixos/archetypes/tjkeller/resources/secrets/wpa_supplicant-conf.yaml
diff --git a/modules/nixos/archetypes/tjkeller/user.nix b/modules/nixos/archetypes/tjkeller/user.nix
new file mode 100644
index 0000000..2695549
--- /dev/null
+++ b/modules/nixos/archetypes/tjkeller/user.nix
@@ -0,0 +1,22 @@
+{ lib, config, pkgs, userDetails, ... }: let
+	cfg = config._archetypes.tjkeller.setPasswords;
+	hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+in {
+	options._archetypes.tjkeller.setPasswords = {
+		enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Load hashed root password secret
+		sops.secrets.hashed-root-password = {
+			sopsFile = ./resources/secrets/hashed-root-password.yaml;
+			neededForUsers = true;
+		};
+
+		# Apply password file
+		users.users = {
+			root = { inherit hashedPasswordFile; };
+			${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; };
+		};
+	};
+}
diff --git a/modules/root/wifi.nix b/modules/nixos/archetypes/tjkeller/wifi.nix
index 9dbf233..32b6ef8 100644
--- a/modules/root/wifi.nix
+++ b/modules/nixos/archetypes/tjkeller/wifi.nix
@@ -1,9 +1,11 @@
-{ lib, config, ... }: {
-	options = {
-		wifi.enable = lib.mkEnableOption "enables wifi";
+{ lib, config, ... }: let
+	cfg = config._archetypes.tjkeller.wifi;
+in {
+	options._archetypes.tjkeller.wifi = {
+		enable = lib.mkEnableOption "enables wifi";
 	};
 
-	config = lib.mkIf config.wifi.enable {
+	config = lib.mkIf cfg.enable {
 		networking.wireless = {
 			enable = true;  # Enables wireless support via wpa_supplicant.
 			userControlled.enable = true;
diff --git a/modules/nixos/archetypes/users/primary.nix b/modules/nixos/archetypes/users/primary.nix
new file mode 100644
index 0000000..a29c3b8
--- /dev/null
+++ b/modules/nixos/archetypes/users/primary.nix
@@ -0,0 +1,37 @@
+{ lib, config, pkgs, userDetails, ... }: let
+	cfg = config._archetypes.users.primary;
+in {
+	options._archetypes.users.primary = {
+		enable = lib.mkEnableOption "create primary user";
+		autologin.enable = lib.mkEnableOption "enables getty automatic login";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Enable zsh
+		programs.zsh.enable = true;
+
+		# Setup normal user
+		users.users.${userDetails.username} = {
+			home = userDetails.home;
+			description = userDetails.fullname;
+			isNormalUser = true;
+			shell = pkgs.zsh;
+			extraGroups = [
+				"nixbld"
+				"video"
+				"wheel"
+			] ++ lib.optionals config.hardware.i2c.enable [
+				"i2c"
+			] ++ lib.optionals config.virtualisation.libvirtd.enable [
+				"libvirtd"
+			] ++ lib.optionals config.virtualisation.docker.enable [
+				"docker"
+			];
+		};
+
+		# Configure automatic login with getty
+		services.getty = lib.mkIf cfg.autologin.enable {
+			autologinUser = userDetails.username;
+		};
+	};
+}
diff --git a/modules/nixos/bootloader.nix b/modules/nixos/bootloader.nix
new file mode 100644
index 0000000..bb807cf
--- /dev/null
+++ b/modules/nixos/bootloader.nix
@@ -0,0 +1,48 @@
+{ lib, config, ... }: let
+	cfg = config.boot._loader;
+	usingEfi  = cfg.mode == "efi";
+	usingBios = cfg.mode == "bios";
+in {
+	options.boot._loader = {
+		enable = lib.mkEnableOption "enable unified bootloader config";
+		loader = lib.mkOption {
+			type = lib.types.enum [ "grub" "systemd-boot" ];
+			default = "systemd-boot";
+			description = "whether to install grub or systemd-boot as the bootloader";
+		};
+		mode = lib.mkOption {
+			type = lib.types.enum [ "efi" "bios" ];
+			default = "efi";
+			description = "whether to install the bootloader in efi or bios mode";
+		};
+		grub = {
+			biosDevice = lib.mkOption {
+				type = lib.types.str;
+				description = "device to install grub on";
+			};
+		};
+		memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader";
+	};
+
+	config = lib.mkIf cfg.enable {
+		boot.loader = {
+			grub = lib.mkIf (cfg.loader == "grub") {
+				enable = true;
+				efiSupport = usingEfi;
+				efiInstallAsRemovable = usingEfi;
+				device = if usingBios then cfg.grub.biosDevice else "nodev";
+				enableCryptodisk = true;
+				memtest86.enable = cfg.memtest86.enable;
+			};
+			systemd-boot = lib.mkIf (cfg.loader == "systemd-boot") {
+				enable = true;
+				editor = false;
+				memtest86.enable = cfg.memtest86.enable;
+			};
+			efi = lib.mkIf usingEfi {
+				efiSysMountPoint = lib.mkIf (cfg.loader == "grub") "/boot/efi";
+				canTouchEfiVariables = true;
+			};
+		};
+	};
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
new file mode 100644
index 0000000..ed21fdc
--- /dev/null
+++ b/modules/nixos/default.nix
@@ -0,0 +1,39 @@
+{
+	imports = [
+		./archetypes/collections/bluetooth.nix
+		./archetypes/collections/desktop.nix
+		./archetypes/collections/development.nix
+		./archetypes/collections/docker.nix
+		./archetypes/collections/fonts.nix
+		./archetypes/collections/utilities.nix
+		./archetypes/collections/virtualization.nix
+		./archetypes/collections/xserver.nix
+
+		./archetypes/profiles/desktop
+		./archetypes/profiles/headless
+
+		./archetypes/users/primary.nix
+
+		./programs/awesome.nix
+		./programs/ddcutil.nix
+		./programs/home-manager.nix
+
+		./services/cgit.nix
+		./services/gitea.nix
+		./services/searxng.nix
+
+		./bootloader.nix
+		./doas.nix
+		./filesystems.nix
+		./hosts.nix
+		./net-iface-labels.nix
+		./nix.nix
+		./pipewire.nix
+		./powerkeys.nix
+		./printing.nix
+		./secrets.nix
+		./ssh.nix
+		./sudo.nix
+		./suspend.nix
+	];
+}
diff --git a/modules/nixos/doas.nix b/modules/nixos/doas.nix
new file mode 100644
index 0000000..aeed170
--- /dev/null
+++ b/modules/nixos/doas.nix
@@ -0,0 +1,17 @@
+{ lib, config, ... }: let
+	cfg = config.security._doas;
+in {
+	options.security._doas = {
+		enable = lib.mkEnableOption "enables doas";
+	};
+
+	config = lib.mkIf cfg.enable {
+		security.doas = {
+			enable = true;
+			wheelNeedsPassword = false;
+			extraRules = [
+				{ keepEnv = true; }
+			];
+		};
+	};
+}
diff --git a/modules/nixos/filesystems.nix b/modules/nixos/filesystems.nix
new file mode 100644
index 0000000..00ab409
--- /dev/null
+++ b/modules/nixos/filesystems.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }: {
+	environment.systemPackages = with pkgs; [
+		cryptsetup
+		exfat
+		ntfs3g
+	];
+}
diff --git a/modules/nixos/hosts.nix b/modules/nixos/hosts.nix
new file mode 100644
index 0000000..a87f3b4
--- /dev/null
+++ b/modules/nixos/hosts.nix
@@ -0,0 +1,4 @@
+{ hostname, ... }: {
+	networking.hostName = hostname;  # From flake.nix
+	environment.etc.hosts.mode = "0644";  # Allow temporary imperative modifications
+}
diff --git a/modules/root/net-iface-labels.nix b/modules/nixos/net-iface-labels.nix
index 4949659..b7ac655 100644
--- a/modules/root/net-iface-labels.nix
+++ b/modules/nixos/net-iface-labels.nix
@@ -1,11 +1,12 @@
 { config, lib, ... }: let
+	cfg = config.networking._interfaceLabels;
 	validMac = str: builtins.match ''^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'' str != null;
 	macAddressType = lib.types.str // {
 		check = validMac;
 		description = "a mac address (xx:xx:xx:xx:xx:xx)";
 	};
 in {
-	options.networking.interfaceLabels = {
+	options.networking._interfaceLabels = {
 		enable = lib.mkEnableOption "manually label network interfaces";
 		interfaces = lib.mkOption {
 			type = lib.types.attrsOf macAddressType;
@@ -18,10 +19,10 @@ in {
 		};
 	};
 
-	config = lib.mkIf config.networking.interfaceLabels.enable {
+	config = lib.mkIf cfg.enable {
 		networking.usePredictableInterfaceNames = false;
 		services.udev.extraRules = lib.concatStringsSep "\n" (
-			lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') config.networking.interfaceLabels.interfaces
+			lib.mapAttrsToList (name: mac: ''ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="${mac}", NAME="${name}"'') cfg.interfaces
 		);
 	};
 }
diff --git a/modules/root/nix.nix b/modules/nixos/nix.nix
index ff8dd28..ff8dd28 100644
--- a/modules/root/nix.nix
+++ b/modules/nixos/nix.nix
diff --git a/modules/nixos/pipewire.nix b/modules/nixos/pipewire.nix
new file mode 100644
index 0000000..be3eaf4
--- /dev/null
+++ b/modules/nixos/pipewire.nix
@@ -0,0 +1,14 @@
+{ lib, config, ... }: let
+	cfg = config.services._pipewire;
+in {
+	options.services._pipewire = {
+		enable = lib.mkEnableOption "enables pipewire";
+	};
+
+	config = lib.mkIf cfg.enable {
+		services.pipewire = {
+			enable = true;
+			pulse.enable = true;
+		};
+	};
+}
diff --git a/modules/root/powerkeys.nix b/modules/nixos/powerkeys.nix
index fd4aa00..fd4aa00 100644
--- a/modules/root/powerkeys.nix
+++ b/modules/nixos/powerkeys.nix
diff --git a/modules/nixos/printing.nix b/modules/nixos/printing.nix
new file mode 100644
index 0000000..a6df279
--- /dev/null
+++ b/modules/nixos/printing.nix
@@ -0,0 +1,18 @@
+{ lib, config, ... }: let
+	cfg = config.services._printing;
+in {
+	options.services._printing = {
+		enable = lib.mkEnableOption "enables printing and avahi service";
+	};
+
+	config = lib.mkIf cfg.enable {
+		services.printing.enable = true;
+
+		services.avahi = {
+			enable = true;
+			nssmdns4 = true;
+			openFirewall = true;
+		};
+	};
+}
+
diff --git a/modules/root/software/awesome.nix b/modules/nixos/programs/awesome.nix
index fdc86e8..0856384 100644
--- a/modules/root/software/awesome.nix
+++ b/modules/nixos/programs/awesome.nix
@@ -1,9 +1,11 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		xserver.awesome.enable = lib.mkEnableOption "enables awesomewm";
+{ pkgs, lib, config, ... }: let
+	cfg = config.services.xserver.windowManager._awesome;
+in {
+	options.services.xserver.windowManager._awesome = {
+		enable = lib.mkEnableOption "installs awesome window manager";
 	};
 
-	config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) {
+	config = lib.mkIf cfg.enable {
 		services.xserver.windowManager.awesome = {
 			enable = true;
 			noArgb = true;  # disables transparency. why not?
diff --git a/modules/nixos/programs/ddcutil.nix b/modules/nixos/programs/ddcutil.nix
new file mode 100644
index 0000000..ef1801b
--- /dev/null
+++ b/modules/nixos/programs/ddcutil.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config.programs._ddcutil;
+in {
+	options.programs._ddcutil = {
+		enable = lib.mkEnableOption "enables ddcutil and i2c control";
+	};
+
+	config = lib.mkIf cfg.enable {
+		hardware.i2c.enable = true;
+		environment.systemPackages = [ pkgs.ddcutil ];
+	};
+}
diff --git a/modules/nixos/programs/home-manager.nix b/modules/nixos/programs/home-manager.nix
new file mode 100644
index 0000000..49149d3
--- /dev/null
+++ b/modules/nixos/programs/home-manager.nix
@@ -0,0 +1,15 @@
+{ pkgs, lib, config, ... }: let
+	cfg = config.programs._home-manager;
+in {
+	options.programs._home-manager = {
+		enable = lib.mkEnableOption "enables home-manager";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Install home manager
+		environment.systemPackages = with pkgs; [ home-manager git ];  # Git is needed
+
+		# For home-manager to configure gtk
+		programs.dconf.enable = lib.mkDefault true;
+	};
+}
diff --git a/modules/root/secrets.nix b/modules/nixos/secrets.nix
index 416bcde..46d8f1e 100644
--- a/modules/root/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -1,6 +1,8 @@
-{ inputs, config, userDetails, ... }: {
+{ inputs, config, pkgs, userDetails, ... }: {
 	imports = [ inputs.sops-nix.nixosModules.sops ];
 
+	environment.systemPackages = with pkgs; [ age sops ];
+
 	sops = {
 		defaultSopsFormat = "yaml";
 		age.sshKeyPaths = [ "${userDetails.home}/.ssh/id_ed25519" "/root/.ssh/id_ed25519" ];
diff --git a/modules/root/services/cgit.nix b/modules/nixos/services/cgit.nix
index 366c1f8..366c1f8 100644
--- a/modules/root/services/cgit.nix
+++ b/modules/nixos/services/cgit.nix
diff --git a/modules/root/services/gitea.nix b/modules/nixos/services/gitea.nix
index 32c56db..32c56db 100644
--- a/modules/root/services/gitea.nix
+++ b/modules/nixos/services/gitea.nix
diff --git a/modules/root/services/searxng.nix b/modules/nixos/services/searxng.nix
index 8ed632e..8ed632e 100644
--- a/modules/root/services/searxng.nix
+++ b/modules/nixos/services/searxng.nix
diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix
new file mode 100644
index 0000000..8f81474
--- /dev/null
+++ b/modules/nixos/ssh.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: let
+	cfg = config.services._ssh;
+in {
+	options.services._ssh = {
+		enable = lib.mkEnableOption "enable openssh with X11 forwarding";
+	};
+
+	config = lib.mkIf cfg.enable {
+		services.openssh = {
+			enable = true;
+			settings = {
+				X11Forwarding = true;
+			};
+		};
+	};
+}
diff --git a/modules/nixos/sudo.nix b/modules/nixos/sudo.nix
new file mode 100644
index 0000000..5fa2727
--- /dev/null
+++ b/modules/nixos/sudo.nix
@@ -0,0 +1,15 @@
+{ lib, config, ... }: let
+	cfg = config.security._sudo;
+in {
+	options.security._sudo = {
+		enable = lib.mkEnableOption "enables sudo";
+	};
+
+	#config = lib.mkIf cfg.enable {
+	config = {  # TODO remove once can be built from flake w git
+		security.sudo = {
+			enable = true;
+			wheelNeedsPassword = false;
+		};
+	};
+}
diff --git a/modules/root/suspend.nix b/modules/nixos/suspend.nix
index 814ae95..11404de 100644
--- a/modules/root/suspend.nix
+++ b/modules/nixos/suspend.nix
@@ -1,9 +1,11 @@
-{ lib, config, ... }: {
-	options = {
-		suspend.enable = lib.mkEnableOption "enables suspend";
+{ lib, config, ... }: let
+	cfg = config.systemd._suspend;
+in {
+	options.systemd._suspend = {
+		disable = lib.mkEnableOption "disables suspend";
 	};
 
-	config = lib.mkIf (! config.suspend.enable) {
+	config = lib.mkIf cfg.disable {
 		# Disable suspend targets
 		systemd.targets = builtins.listToAttrs (map (name: {
 			inherit name;
diff --git a/modules/overlays/crazydiskinfo/default.nix b/modules/overlays/crazydiskinfo/default.nix
new file mode 100644
index 0000000..61de338
--- /dev/null
+++ b/modules/overlays/crazydiskinfo/default.nix
@@ -0,0 +1,41 @@
+{ lib
+, cmake
+, fetchFromGitHub
+, fetchpatch
+, libatasmart
+, ncurses5
+, stdenv
+}:
+
+stdenv.mkDerivation rec {
+  pname = "crazydiskinfo";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "otakuto";
+    repo = pname;
+    rev = "refs/tags/${version}";
+    sha256 = "sha256-+6ShoaggQ256sLSJDj4d16OipUYX/4JjEwLL5hswjiQ=";
+  };
+
+  patches = [
+    # Patch to fix build warnings
+    (fetchpatch {
+      url = "https://github.com/otakuto/crazydiskinfo/compare/1.1.0...8563aa8.diff";
+      sha256 = "sha256-z9aOQFsivu6sYgsZBOlnTvqnoR2ro/jyuO/WOimLSXk=";
+    })
+  ];
+
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ libatasmart ncurses5 ];
+
+  cmakeFlags = [ "-DCMAKE_INSTALL_PREFIX=$(out)" ];
+
+  meta = with lib; {
+    description = "CrazyDiskInfo is an interactive TUI S.M.A.R.T viewer for Unix systems";
+    homepage = "https://github.com/otakuto/crazydiskinfo";
+    mainProgram = "crazy";
+    license = licenses.mit;
+    maintainers = [ maintainers.tjkeller ];
+  };
+}
diff --git a/modules/root/software/overlays.nix b/modules/overlays/default.nix
index 2037c0d..1c0ed23 100644
--- a/modules/root/software/overlays.nix
+++ b/modules/overlays/default.nix
@@ -1,9 +1,9 @@
 { pkgs, ... }: {
 	nixpkgs.overlays = with pkgs; [
 		(final: prev: {
-			crazydiskinfo = (callPackage ./derivations/crazydiskinfo {});
-			lowbat        = (callPackage ./derivations/lowbat {});
-			workcentre-7800-series = (callPackage ./derivations/xerox-workcentre-7800-series-driver {});
+			crazydiskinfo = (callPackage ./crazydiskinfo {});
+			lowbat        = (callPackage ./lowbat {});
+			workcentre-7800-series = (callPackage ./xerox-workcentre-7800-series-driver {});
 
 			# Use my vimv-rs until pr gets merged
 			vimv-rs = prev.vimv-rs.overrideAttrs (oldAttrs: {
@@ -25,6 +25,7 @@
 				};
 			});
 		})
-		(import ./derivations/st/overrides.nix)
+		(import ./st/overrides.nix)
+		(import ./xorg/overrides.nix)
 	];
 }
diff --git a/modules/overlays/lowbat/default.nix b/modules/overlays/lowbat/default.nix
new file mode 100644
index 0000000..64ec205
--- /dev/null
+++ b/modules/overlays/lowbat/default.nix
@@ -0,0 +1,28 @@
+{ lib
+, fetchzip
+, glib
+, libnotify
+, pkg-config
+, stdenv
+}:
+
+stdenv.mkDerivation rec {
+  pname = "lowbat";
+  version = "1.2.2";
+
+  src = fetchzip {
+    url = "https://git.tjkeller.xyz/${pname}/snapshot/${pname}-${version}.tar.xz";
+    sha256 = "sha256-utdcY9qoDcrBWnGC8m/LUsnoxQ0ilssPDF44A6D/C+8=";
+  };
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ libnotify glib ];
+
+  installFlags = [ "PREFIX=$(out)" ];
+
+  meta = with lib; {
+    description = "A minimal battery level monitor daemon, written in C";
+    license = licenses.mit;
+    maintainers = [ maintainers.tjkeller ];
+  };
+}
diff --git a/modules/overlays/st/overrides.nix b/modules/overlays/st/overrides.nix
new file mode 100644
index 0000000..2d0a37e
--- /dev/null
+++ b/modules/overlays/st/overrides.nix
@@ -0,0 +1,19 @@
+final: prev: {
+  st = prev.st.overrideAttrs (finalAttrs: previousAttrs: {
+    version = "tj-0.9.2.3";
+
+    src = prev.fetchgit {
+      url = "https://git.tjkeller.xyz/${previousAttrs.pname}";
+      tag = finalAttrs.version;
+      sha256 = "sha256-SQ62io4LWsPBvX8e9vUwVVXs/2+THoR6ZZoldQ6IUJk=";
+    };
+
+    makeFlags = previousAttrs.makeFlags ++ [ "CFLAGS=-Ofast" ];
+    buildInputs = with prev.pkgs.xorg; previousAttrs.buildInputs ++ [ libXcursor libXext ];
+
+    meta = with prev.lib; previousAttrs.meta // {
+      homepage = "https://git.tjkeller.xyz/st";
+      maintainers = previousAttrs.meta.maintainers ++ [ maintainers.tjkeller ];
+    };
+  });
+}
diff --git a/modules/overlays/xerox-workcentre-7800-series-driver/default.nix b/modules/overlays/xerox-workcentre-7800-series-driver/default.nix
new file mode 100644
index 0000000..cfdaaae
--- /dev/null
+++ b/modules/overlays/xerox-workcentre-7800-series-driver/default.nix
@@ -0,0 +1,86 @@
+{
+  stdenv,
+  lib,
+  fetchurl,
+  dpkg,
+  autoPatchelfHook,
+  cups,
+  xorg,
+}:
+let
+  debPlatform =
+    if stdenv.hostPlatform.system == "x86_64-linux" then
+      "x86_64"
+    else if stdenv.hostPlatform.system == "i686-linux" then
+      "i686"
+    else
+      throw "Unsupported system: ${stdenv.hostPlatform.system}";
+in
+stdenv.mkDerivation rec {
+  pname = "xerox-workcentre-7800-series-driver";
+  version = "5.20.661.4684";
+  debpkg = "XeroxOfficev5Pkg-Linux${debPlatform}-${version}.deb";
+
+  src = fetchurl {
+    url = "https://download.support.xerox.com/pub/drivers/CQ8580/drivers/linux/pt_BR/${debpkg}";
+    sha256 = "014k0r9ij3401mnab1qzv96bjl9x7rf11aw1ibf0q370pk9jqqjb";  # TODO correct hash for i686
+  };
+
+  nativeBuildInputs = [ dpkg autoPatchelfHook ];
+  # TODO add support for disable xorg
+  buildInputs = [
+    cups
+    stdenv.cc.cc.lib
+    xorg.libX11
+    xorg.libXrender
+    xorg.libXfixes
+    xorg.libXdamage
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXrandr
+    xorg.libXext
+    xorg.libXinerama
+  ];
+
+  sourceRoot = ".";
+  unpackCmd = "dpkg-deb -x $curSrc .";
+
+  dontConfigure = true;
+  dontBuild = true;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out
+
+    # Copy and patch the binaries and libraries
+    cp -r opt $out/
+    cp -r usr $out/
+
+    # Move the PPD to CUPS model dir
+    mkdir -p $out/share/cups/model
+    cp opt/XeroxOffice/prtsys/ppd/*.ppd $out/share/cups/model/
+
+    # Install the CUPS filters
+    mkdir -p $out/lib/cups/filter
+    cp usr/lib/cups/filter/* $out/lib/cups/filter/
+
+    # Install man pages
+    mkdir -p $out/share/man
+    cp -r usr/share/man/* $out/share/man/
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Xerox WorkCentre 7800 Series Linux Printer Driver";
+    longDescription = ''
+      WorkCentre 7830/7835/7845/7855
+    '';
+    homepage = "https://www.support.xerox.com/en-us/product/workcentre-7800-series/downloads?platform=linux";
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+			#license = licenses.unfree;
+    maintainers = [];
+    platforms = platforms.linux;
+  };
+}
diff --git a/modules/overlays/xorg/overrides.nix b/modules/overlays/xorg/overrides.nix
new file mode 100644
index 0000000..7225431
--- /dev/null
+++ b/modules/overlays/xorg/overrides.nix
@@ -0,0 +1,20 @@
+final: prev: {
+	xorg = prev.xorg // {
+		# Apply startx patch to create serverauth file in /tmp instead of home directory
+		xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: {
+			version = "1.4.4";
+			patchtag = "${finalAttrs.version}-1";  # Archlinux xinit package tagged release to fetch patch from
+			# Override src since is hardcoded to 1.4.2
+			src = prev.fetchurl {
+				url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz";
+				sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk=";
+			};
+			patches = [
+				(prev.fetchpatch {
+					url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff";
+					sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda";
+				})
+			];
+		}));
+	};
+}
diff --git a/modules/root/autologin.nix b/modules/root/autologin.nix
deleted file mode 100644
index 6e66160..0000000
--- a/modules/root/autologin.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ lib, config, userDetails, ... }: {
-	options = {
-		autologin.enable   = lib.mkEnableOption "enables getty automatic login";
-		#autologin.user     = lib.mkEnableOption "populate username";
-		#autologin.password = lib.mkEnableOption "populate password";
-	};
-
-	config = lib.mkIf config.autologin.enable {
-		services.getty = {
-			autologinUser = userDetails.username;
-		};
-	};
-}
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix
deleted file mode 100644
index 1f41c7e..0000000
--- a/modules/root/bluetooth.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		bluetooth.enable = lib.mkEnableOption "enables bluetooth support";
-	};
-
-	config = lib.mkIf config.bluetooth.enable {
-		hardware.bluetooth.enable = true;
-		services.blueman.enable = true;
-	};
-}
diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix
deleted file mode 100644
index 0a45264..0000000
--- a/modules/root/bootloader.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		bootloader.loader = lib.mkOption {
-			type = lib.types.enum [ "grub" "systemd-boot" ];
-			default = "systemd-boot";
-			description = "whether to install grub or systemd-boot as the bootloader";
-		};
-		bootloader.mode = lib.mkOption {
-			type = lib.types.enum [ "efi" "bios" ];
-			default = "efi";
-			description = "whether to install the bootloader in efi or bios mode";
-		};
-		bootloader.grub = {
-			biosDevice = lib.mkOption {
-				type = lib.types.str;
-				description = "device to install grub on";
-			};
-		};
-		bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader";
-	};
-
-	config = {
-		boot.loader = {
-			grub = {
-				enable = config.bootloader.loader == "grub";
-				efiSupport = config.bootloader.mode == "efi";
-				efiInstallAsRemovable = config.bootloader.mode == "efi";
-				device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev";
-				enableCryptodisk = true;
-				memtest86.enable = config.bootloader.memtest86.enable;
-			};
-			systemd-boot = {
-				enable = config.bootloader.loader == "systemd-boot";
-				editor = false;
-				memtest86.enable = config.bootloader.memtest86.enable;
-			};
-			efi = lib.mkIf (config.bootloader.mode == "efi") {
-				efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi";
-				canTouchEfiVariables = true;
-			};
-		};
-	};
-}
diff --git a/modules/root/default.nix b/modules/root/default.nix
deleted file mode 100644
index 8072525..0000000
--- a/modules/root/default.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }: {
-	imports = [
-		./software
-		./autologin.nix
-		./bluetooth.nix
-		./bootloader.nix
-		./doas.nix
-		./firewall.nix
-		./fonts.nix
-		./home-manager.nix
-		./hosts.nix
-		./localization.nix
-		./nas.nix
-		./net-iface-labels.nix
-		./nix.nix
-		./normaluser.nix
-		./pipewire.nix
-		./powerkeys.nix
-		./printing.nix
-		./secrets.nix
-		./ssh.nix
-		./suspend.nix
-		./tlp.nix
-		./udev.nix
-		./wifi.nix
-		./x11.nix
-		./zsh.nix
-	];
-
-	autologin.enable       = lib.mkDefault true;
-	avahi.enable           = lib.mkDefault true;
-	bluetooth.enable       = lib.mkDefault false;
-	doas.enable            = lib.mkDefault true;
-	fonts.enable           = lib.mkDefault true;
-	nas = {
-		enable             = lib.mkDefault false;
-		home.enable        = lib.mkDefault true;
-		home.automount     = lib.mkDefault false;
-		office.enable      = lib.mkDefault false;
-		office.automount   = lib.mkDefault false;
-	};
-	bootloader = {
-		mode               = lib.mkDefault "bios";
-		memtest86.enable   = lib.mkDefault true;
-	};
-	home-manager.enable    = lib.mkDefault true;
-	pipewire.enable        = lib.mkDefault true;
-	printing.enable        = lib.mkDefault true;
-	tlp.enable             = lib.mkDefault true;
-	scanning.enable        = lib.mkDefault true;
-	suspend.enable         = lib.mkDefault true;
-	wifi.enable            = lib.mkDefault true;
-	xserver.enable         = lib.mkDefault true;
-	zsh.enable             = lib.mkDefault true;
-}
diff --git a/modules/root/doas.nix b/modules/root/doas.nix
deleted file mode 100644
index c6707ce..0000000
--- a/modules/root/doas.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		doas.enable = lib.mkEnableOption "enables doas";
-		sudo.enable = lib.mkEnableOption "enables sudo";
-	};
-
-	config = {
-		security = {
-			#sudo.enable = config.sudo.enable;
-			sudo.enable = true;  # TODO remove once can be built from flake w git
-			sudo.wheelNeedsPassword = false;
-			doas.enable = config.doas.enable;
-			doas.extraRules = lib.mkIf config.doas.enable [{
-				keepEnv = true;
-			}];
-			doas.wheelNeedsPassword = false;
-		};
-	};
-}
diff --git a/modules/root/firewall.nix b/modules/root/firewall.nix
deleted file mode 100644
index e038cbe..0000000
--- a/modules/root/firewall.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-	networking.firewall = {
-		allowedTCPPorts = [
-			8080
-		];
-	};
-}
diff --git a/modules/root/fonts.nix b/modules/root/fonts.nix
deleted file mode 100644
index 256e1ab..0000000
--- a/modules/root/fonts.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		fonts.enable = lib.mkEnableOption "enables fonts";
-	};
-
-	config = lib.mkIf config.fonts.enable {
-		fonts.packages = with pkgs; [
-			commit-mono
-			inter
-			nerd-fonts.jetbrains-mono
-			tamzen
-		];
-	};
-}
diff --git a/modules/root/home-manager.nix b/modules/root/home-manager.nix
deleted file mode 100644
index d271523..0000000
--- a/modules/root/home-manager.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		home-manager.enable = lib.mkEnableOption "enables home-manager";
-	};
-
-	config = lib.mkIf config.home-manager.enable {
-		environment.systemPackages = with pkgs; [
-			home-manager
-		];
-	};
-}
diff --git a/modules/root/nas.nix b/modules/root/nas.nix
deleted file mode 100644
index 0116ba3..0000000
--- a/modules/root/nas.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ lib, config, ... } :
-let
-	mkNetworkFileSystem = device: automount: {
-		device = "${device}";
-		fsType = "nfs";
-		options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ];
-	};
-in {
-	options = {
-		nas = {
-			enable = lib.mkEnableOption "enable network shares";
-			home = {
-				enable = lib.mkEnableOption "enable home network shares";
-				automount = lib.mkEnableOption "automount home network shares";
-			};
-			office = {
-				enable = lib.mkEnableOption "enable office network shares";
-				automount = lib.mkEnableOption "automount home network shares";
-			};
-		};
-	};
-
-	config = lib.mkIf config.nas.enable {
-		fileSystems = lib.optionalAttrs config.nas.home.enable {
-			"/media/Storage/Media"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media"               config.nas.home.automount;
-			"/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups"             config.nas.home.automount;
-			"/media/Storage/Tapes"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes"       config.nas.home.automount;
-			"/media/Family Photos"   = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos"                config.nas.home.automount;
-		} // lib.optionalAttrs config.nas.office.enable {
-			"/media/chexx/chexx"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx"             config.nas.office.automount;
-			"/media/chexx/tkdocs"    = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller"  config.nas.office.automount;
-			"/media/chexx/scans"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans"             config.nas.office.automount;
-		};
-		# TODO auto mkdirz
-	};
-}
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
deleted file mode 100644
index 50e9236..0000000
--- a/modules/root/normaluser.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ lib, config, userDetails, ... }: {
-	options = {
-		users.setPassword.enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
-	};
-
-	config = {
-		# Load hashed root password secret
-		sops.secrets.hashed-root-password = lib.mkIf config.users.setPassword.enable {
-			sopsFile = ./resources/secrets/hashed-root-password.yaml;
-			neededForUsers = true;
-		};
-
-		# Set hashed password file if the setPassword option is enabled
-		users.users.root.hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
-
-		# Setup normal user
-		users.users.${userDetails.username} = {
-			home = userDetails.home;
-			description = userDetails.fullname;
-			isNormalUser = true;
-			extraGroups = [
-				"i2c"
-				"libvirtd"
-				"nixbld"
-				"video"
-				"wheel"
-			];
-			hashedPasswordFile = lib.mkIf config.users.setPassword.enable config.sops.secrets.hashed-root-password.path;
-		};
-	};
-}
diff --git a/modules/root/pipewire.nix b/modules/root/pipewire.nix
deleted file mode 100644
index fd97d42..0000000
--- a/modules/root/pipewire.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		pipewire.enable = lib.mkEnableOption "enables pipewire";
-	};
-
-	config = lib.mkIf config.pipewire.enable {
-		services.pipewire = {
-			enable = true;
-			pulse.enable = true;
-		};
-	};
-}
diff --git a/modules/root/software/ddcutil.nix b/modules/root/software/ddcutil.nix
deleted file mode 100644
index 0c62370..0000000
--- a/modules/root/software/ddcutil.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, lib, config ... }: {
-	options = {
-		programs.ddcutil.enable = lib.mkEnableOption "enables ddcutil and i2c control";
-	};
-
-	config = lib.mkIf programs.ddcutil.enable {
-		hardware.i2c.enable = true;
-		environment.systemPackages = [ pkgs.ddcutil ];
-	}
-}
diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix
deleted file mode 100644
index 7adcb6a..0000000
--- a/modules/root/software/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ lib, config, ... }: {
-	imports = [
-		./awesome.nix
-		./ddcutil.nix
-		./desktop.nix
-		./development.nix
-		./docker.nix
-		./overlays.nix
-		./system.nix
-		./utilities.nix
-		./virtualization.nix
-	];
-
-	software.desktop = {
-		enable             = lib.mkDefault config.xserver.enable;
-		chromium.enable    = lib.mkDefault false;
-		cad.enable         = lib.mkDefault false;
-		crypto.enable      = lib.mkDefault false;
-		firefox.enable     = lib.mkDefault true;
-		graphics.enable    = lib.mkDefault false;
-		office.enable      = lib.mkDefault false;
-		utilities.enable   = lib.mkDefault false;
-	};
-
-	software.development = {
-		enable             = lib.mkDefault true;
-		docker = {
-			enable         = lib.mkDefault false;
-			btrfsSupport   = lib.mkDefault true;
-		};
-	};
-
-	programs.ddcutil.enable = lib.mkDefault true;
-	virtualization.enable  = lib.mkDefault false;
-	xserver.awesome.enable = lib.mkDefault true;
-}
diff --git a/modules/root/software/derivations b/modules/root/software/derivations
deleted file mode 120000
index a075779..0000000
--- a/modules/root/software/derivations
+++ /dev/null
@@ -1 +0,0 @@
-../../../derivations
-\ No newline at end of file
diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix
deleted file mode 100644
index 4dcb215..0000000
--- a/modules/root/software/desktop.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		software.desktop = {
-			enable = lib.mkEnableOption "enables desktop apps";
-			chromium = {
-				enable = lib.mkEnableOption "enables selected chromium browser package";
-				package = lib.mkOption {
-					type = lib.types.package;
-					default = pkgs.ungoogled-chromium;
-					description = "chromium package to install";
-				};
-			};
-			cad.enable = lib.mkEnableOption "enables cad and 3d printing apps";
-			crypto.enable = lib.mkEnableOption "enables crypto wallet apps";
-			firefox.enable = lib.mkEnableOption "enables firefox";
-			graphics.enable = lib.mkEnableOption "enables graphic design apps";
-			office.enable = lib.mkEnableOption "enables office apps";
-			utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps";
-		};
-	};
-
-	config = lib.mkIf config.software.desktop.enable {
-		environment.systemPackages = with pkgs; [
-			# Default
-			arandr
-			dmenu
-			libnotify
-			mpv
-			pavucontrol
-			pcmanfm
-			redshift
-			scrot
-			st
-			sxiv
-			wpa_supplicant_gui
-			zathura
-		] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [
-			# Chrome
-			config.software.desktop.chromium.package
-		] ++ pkgs.lib.optionals config.software.desktop.cad.enable [
-			# CAD
-			blender
-			freecad
-			prusa-slicer
-		] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [
-			# Crypto Wallets
-			sparrow
-		] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [
-			# Graphics
-			blender
-			geeqie
-			gimp3
-			inkscape
-		] ++ pkgs.lib.optionals config.software.desktop.office.enable [
-			# Office
-			hunspell  # Spell checking in libreoffice
-			hunspellDicts.en_US
-			kdePackages.okular
-			libreoffice
-			pdfchain
-			thunderbird
-		] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [
-			# Misc Utilities
-			jellyfin-mpv-shim
-			qbittorrent
-			qdirstat
-			remmina
-		];
-
-		programs.localsend.enable = config.software.desktop.utilities.enable;  # Installs & opens firewall
-		programs.firefox.enable = config.software.desktop.firefox.enable;
-
-		# GVfs allows for mounting drives in a graphical file manager
-		services.gvfs.enable = true;
-
-		# For home-manager to configure gtk
-		# TODO this should be there instead
-		programs.dconf.enable = config.software.desktop.enable;
-	};
-}
diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix
deleted file mode 100644
index af8a8a7..0000000
--- a/modules/root/software/development.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		software.development.enable = lib.mkEnableOption "enables development tools";
-	};
-
-	config = lib.mkIf config.software.development.enable {
-		environment.systemPackages = with pkgs; [
-			#adb-sync
-			android-tools
-			gcc
-			git
-			gnumake
-			hugo
-			lua
-			pkg-config
-		];
-
-		# Open 1313 for hugo serve
-		networking.firewall.allowedTCPPorts = [
-			1313
-		];
-	};
-}
diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix
deleted file mode 100644
index bf1898c..0000000
--- a/modules/root/software/docker.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, lib, config, userDetails, ... }: {
-	options = {
-		software.development.docker = {
-			enable = lib.mkEnableOption "enables docker";
-			btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs";
-		};
-	};
-
-	config = lib.mkIf config.software.development.docker.enable {
-		virtualisation.docker = {
-			enable = true;
-			storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs";
-		};
-
-		environment.systemPackages = with pkgs; [
-			docker-compose
-		];
-
-		users.groups.docker.members = [ userDetails.username ];
-	};
-}
diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix
deleted file mode 100644
index 4c81596..0000000
--- a/modules/root/software/system.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ pkgs, ... }: {
-	environment.systemPackages = with pkgs; [
-		age  # Secrets
-		cryptsetup
-		dash  # TODO should be default /bin/sh
-		exfat
-		git  # Needed for home-manager
-		ntfs3g
-		python3
-		sops  # Secrets
-	];
-
-	services.gpm.enable = true;
-}
diff --git a/modules/root/software/virtualization.nix b/modules/root/software/virtualization.nix
deleted file mode 100644
index 36a51fc..0000000
--- a/modules/root/software/virtualization.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ lib, config, pkgs, ... }: {
-	options = {
-		virtualization.enable = lib.mkEnableOption "enables virtualization and virt-manager";
-	};
-
-	config = lib.mkIf config.virtualization.enable {
-		virtualisation = {
-			spiceUSBRedirection.enable = true;
-			libvirtd.enable = true;
-			# Enable efi support with ovmf firmware
-			libvirtd.qemu = {
-				package = pkgs.qemu_kvm;
-				runAsRoot = true;
-				swtpm.enable = true;
-				ovmf.enable = true;
-			};
-		};
-		programs.virt-manager.enable = config.software.desktop.enable;
-	};
-}
diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix
deleted file mode 100644
index 9f6d54d..0000000
--- a/modules/root/ssh.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-	services.openssh = {
-		enable = true;
-		settings = {
-			X11Forwarding = true;
-		};
-	};
-}
diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix
deleted file mode 100644
index 3414c03..0000000
--- a/modules/root/tlp.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		tlp.enable = lib.mkEnableOption "enables tlp";
-	};
-
-	config = lib.mkIf config.tlp.enable {
-		services.tlp.enable = true;
-	};
-}
diff --git a/modules/root/udev.nix b/modules/root/udev.nix
deleted file mode 100644
index 17ed204..0000000
--- a/modules/root/udev.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ pkgs, ... }: {
-	services.udev.extraRules = ''
-		SUBSYSTEM=="backlight", ACTION=="add", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
-	'';
-}
diff --git a/modules/root/x11.nix b/modules/root/x11.nix
deleted file mode 100644
index f5a07b4..0000000
--- a/modules/root/x11.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		xserver.enable = lib.mkEnableOption "enables xserver";
-	};
-
-	config = lib.mkIf config.xserver.enable {
-		services.xserver.enable = true;
-		services.xserver.displayManager.startx.enable = true;
-		services.libinput.enable = true;  # Enable touchpad support
-
-		# Apply startx patch to create serverauth file in /tmp instead of home directory
-		nixpkgs.overlays = with pkgs; [
-			(final: prev: {
-				xorg = prev.xorg // {
-					xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: {
-						version = "1.4.4";
-						patchtag = "${finalAttrs.version}-1";  # Archlinux xinit package tagged release to fetch patch from
-						# Override src since is hardcoded to 1.4.2
-						src = prev.fetchurl {
-							url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz";
-							sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk=";
-						};
-						patches = [
-							(prev.fetchpatch {
-								url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff";
-								sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda";
-							})
-						];
-					}));
-				};
-			})
-		];
-
-		# Install basic X utilities
-		environment.systemPackages = with pkgs; [
-			unclutter
-			xcape
-			xclip
-			xdotool
-			xorg.setxkbmap
-			xorg.xinput
-			xorg.xkill
-			xorg.xrandr
-			xorg.xset
-			xwallpaper
-		];
-
-		# Enable TearFree option by default
-		# Not all video drivers support this option
-		services.xserver.deviceSection = ''
-			Option "TearFree" "true"
-		'';
-	};
-}
diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix
deleted file mode 100644
index 697cb4c..0000000
--- a/modules/root/zsh.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, config, pkgs, ... }: {
-	options = {
-		zsh.enable = lib.mkEnableOption "use zsh as default shell";
-	};
-
-	config = lib.mkIf config.zsh.enable {
-		programs.zsh.enable = true;
-		users.defaultUserShell = pkgs.zsh;
-	};
-}
author	Tim Keller <tjk@tjkeller.xyz>	2025-08-21 12:27:51 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2025-08-21 12:27:51 -0500
commit	86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5 (patch)
tree	bcde8a15f5cec938d3f4653863b0f6309bc65626 /modules
parent	078e8ea33d29af21bad55313d75d716db8d5a617 (diff)
download	nixos-86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5.tar.xz nixos-86fb7036cb4279abfc4ffc2bfa6b3a432c8700b5.zip