26 files changed, 334 insertions, 243 deletions

diff --git a/modules/root/awesome.nix b/modules/root/awesome.nix
deleted file mode 100644
index af1318f..0000000
--- a/modules/root/awesome.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ nixpkgs, pkgs, lib, config, ... }: {
-	options = {
-		xserver.awesome.enable = lib.mkEnableOption "enables awesomewm";
-	};
-
-	config = lib.mkIf config.xserver.awesome.enable {
-		services.xserver.windowManager.awesome = {
-			enable = true;
-			noArgb = true;  # disables transparency. why not?
-			luaModules = with pkgs; [
-				luajitPackages.lgi
-			];
-		};
-
-		#getLuaPath = lib: dir: "${lib}/${dir}/lua/${pkgs.luajit.luaversion}";
-		#makeSearchPath = lib.concatMapStrings (
-		#	path:
-		#		" --search "
-		#		+ (getLuaPath path "share")
-		#		+ " --search "
-		#		+ (getLuaPath path "lib")
-		#);
-
-
-		environment.systemPackages = with pkgs; [
-			(awesome.override {
-				gtk3Support = true;
-				gtk3 = gtk3;
-				lua = luajit;
-			})
-		];
-	};
-}
diff --git a/modules/root/bluetooth.nix b/modules/root/bluetooth.nix
new file mode 100644
index 0000000..d55eade
--- /dev/null
+++ b/modules/root/bluetooth.nix
@@ -0,0 +1,10 @@
+{ lib, config, ... }: {
+	options = {
+		bluetooth.enable = lib.mkEnableOption "enables bluetooth support";
+	};
+
+	config = {
+		hardware.bluetooth.enable = true;
+		services.blueman.enable = true;
+	};
+}
diff --git a/modules/root/bootloader.nix b/modules/root/bootloader.nix
new file mode 100644
index 0000000..0a45264
--- /dev/null
+++ b/modules/root/bootloader.nix
@@ -0,0 +1,43 @@
+{ lib, config, ... }: {
+	options = {
+		bootloader.loader = lib.mkOption {
+			type = lib.types.enum [ "grub" "systemd-boot" ];
+			default = "systemd-boot";
+			description = "whether to install grub or systemd-boot as the bootloader";
+		};
+		bootloader.mode = lib.mkOption {
+			type = lib.types.enum [ "efi" "bios" ];
+			default = "efi";
+			description = "whether to install the bootloader in efi or bios mode";
+		};
+		bootloader.grub = {
+			biosDevice = lib.mkOption {
+				type = lib.types.str;
+				description = "device to install grub on";
+			};
+		};
+		bootloader.memtest86.enable = lib.mkEnableOption "make Memtest86+ available from the bootloader";
+	};
+
+	config = {
+		boot.loader = {
+			grub = {
+				enable = config.bootloader.loader == "grub";
+				efiSupport = config.bootloader.mode == "efi";
+				efiInstallAsRemovable = config.bootloader.mode == "efi";
+				device = if config.bootloader.mode == "bios" then config.bootloader.grub.biosDevice else "nodev";
+				enableCryptodisk = true;
+				memtest86.enable = config.bootloader.memtest86.enable;
+			};
+			systemd-boot = {
+				enable = config.bootloader.loader == "systemd-boot";
+				editor = false;
+				memtest86.enable = config.bootloader.memtest86.enable;
+			};
+			efi = lib.mkIf (config.bootloader.mode == "efi") {
+				efiSysMountPoint = lib.mkIf (config.bootloader.loader == "grub") "/boot/efi";
+				canTouchEfiVariables = true;
+			};
+		};
+	};
+}
diff --git a/modules/root/default.nix b/modules/root/default.nix
index 368d725..c3d2dc1 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -1,62 +1,48 @@
 { lib, ... }: {
 	imports = [
+		./software
 		./autologin.nix
-		./awesome.nix
-		./ddcutil.nix
+		./bluetooth.nix
+		./bootloader.nix
 		./doas.nix
-		./docker.nix
-		./filesystems.nix
 		./fonts.nix
-		./grub.nix
 		./home-manager.nix
 		./hosts.nix
 		./localization.nix
+		./nas.nix
 		./nix.nix
 		./normaluser.nix
 		./pipewire.nix
 		./powerkeys.nix
 		./printing.nix
 		./secrets.nix
-		./software.nix
+		./ssh.nix
 		./tlp.nix
-		./virtualisation.nix
 		./wifi.nix
 		./x11.nix
+		./zsh.nix
 	];
 
 	autologin.enable       = lib.mkDefault true;
 	avahi.enable           = lib.mkDefault true;
+	bluetooth.enable       = lib.mkDefault false;
 	doas.enable            = lib.mkDefault true;
-	docker = {
+	fonts.enable           = lib.mkDefault true;
+	nas = {
 		enable             = lib.mkDefault false;
-		btrfsSupport       = lib.mkDefault true;
+		home.enable        = lib.mkDefault true;
+		office.enable      = lib.mkDefault false;
 	};
-	fonts.enable           = lib.mkDefault true;
-	#fs.networkFS.enable    = lib.mkDefault false;
-	fs.networkFS.enable    = lib.mkDefault false;
-	grub = {
-		enable             = lib.mkDefault true;
+	bootloader = {
 		mode               = lib.mkDefault "bios";
-		biosDevice         = lib.mkDefault "/dev/sda";
+		memtest86.enable   = lib.mkDefault true;
 	};
 	home-manager.enable    = lib.mkDefault true;
 	pipewire.enable        = lib.mkDefault true;
 	printing.enable        = lib.mkDefault true;
 	tlp.enable             = lib.mkDefault true;
 	scanning.enable        = lib.mkDefault true;
-	software = {
-		desktop = {
-			enable         = lib.mkDefault true;
-			extra.enable   = lib.mkDefault false;
-		};
-		dev = {
-			enable         = lib.mkDefault true;
-			extra.enable   = lib.mkDefault false;
-		};
-		utils.enable       = lib.mkDefault true;
-	};
-	virtualisation.enable  = lib.mkDefault false;
 	wifi.enable            = lib.mkDefault true;
-	xserver.awesome.enable = lib.mkDefault true;
 	xserver.enable         = lib.mkDefault true;
+	zsh.enable             = lib.mkDefault true;
 }
diff --git a/modules/root/doas.nix b/modules/root/doas.nix
index 54cf63a..c6707ce 100644
--- a/modules/root/doas.nix
+++ b/modules/root/doas.nix
@@ -5,12 +5,15 @@
 	};
 
 	config = {
-		security.sudo.enable = config.sudo.enable;
-		security.doas.enable = config.doas.enable;
-		security.doas.extraRules = lib.mkIf config.doas.enable [{
-			groups = ["wheel"];
-			keepEnv = true;
-			noPass = true;
-		}];
+		security = {
+			#sudo.enable = config.sudo.enable;
+			sudo.enable = true;  # TODO remove once can be built from flake w git
+			sudo.wheelNeedsPassword = false;
+			doas.enable = config.doas.enable;
+			doas.extraRules = lib.mkIf config.doas.enable [{
+				keepEnv = true;
+			}];
+			doas.wheelNeedsPassword = false;
+		};
 	};
 }
diff --git a/modules/root/docker.nix b/modules/root/docker.nix
deleted file mode 100644
index 2499699..0000000
--- a/modules/root/docker.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ pkgs, lib, config, userDetails, ... }: {
-	options = {
-		docker.enable = lib.mkEnableOption "enables docker";
-		docker.btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs";
-	};
-
-	config = lib.mkIf config.docker.enable {
-		virtualisation.docker = {
-			enable = true;
-			storageDriver = lib.mkIf config.docker.btrfsSupport "btrfs";
-		};
-
-		environment.systemPackages = with pkgs; [
-			docker-compose
-		];
-
-		users.groups.docker.members = [ userDetails.username ];
-	};
-}
diff --git a/modules/root/grub.nix b/modules/root/grub.nix
deleted file mode 100644
index 4e6a5f5..0000000
--- a/modules/root/grub.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ lib, config, ... }: {
-	options = {
-		grub.enable = lib.mkEnableOption "enables grub bootloader";
-		grub.mode = lib.mkOption {
-			type = lib.types.enum [ "efi" "bios" ];
-			default = "efi";
-			description = "grub mode efi or bios";
-		};
-		grub.biosDevice = lib.mkOption {
-			type = lib.types.str;
-			description = "device to install grub on";
-		};
-	};
-
-	config = lib.mkIf config.grub.enable {
-		boot.loader = {
-			grub = {
-				enable = true;
-				efiSupport = config.grub.mode == "efi";
-				efiInstallAsRemovable = config.grub.mode == "efi";
-				device = if config.grub.mode == "bios" then config.grub.biosDevice else "nodev";
-			};
-			efi.efiSysMountPoint = "/boot/efi";
-		};
-	};
-}
diff --git a/modules/root/hosts.nix b/modules/root/hosts.nix
index 7ca70ad..14daaf1 100644
--- a/modules/root/hosts.nix
+++ b/modules/root/hosts.nix
@@ -1,12 +1,14 @@
 {
 	networking.hosts = {
+		"192.168.1.9"   = [ "optiplex" ];
 		"192.168.1.30"  = [ "localgit" ];
 		"192.168.1.11"  = [ "truenas-home" ];
 		"192.168.77.11" = [ "truenas-office" ];
-		"192.168.77.8"  = [ "publicgit" ];
+		"192.168.77.8"  = [ "publicgit" "tjkeller" ];
 		"173.9.253.3"   = [
 			"git.tjkeller.xyz"
 			"piped.tjkeller.xyz"
+			"search.tjkeller.xyz"
 			"tjkeller.xyz"
 		];
 	};
diff --git a/modules/root/filesystems.nix b/modules/root/nas.nix
index 1784feb..0e11196 100644
--- a/modules/root/filesystems.nix
+++ b/modules/root/nas.nix
@@ -7,14 +7,20 @@ let
 	};
 in {
 	options = {
-		fs.networkFS.enable = lib.mkEnableOption "enable network shares";
+		nas = {
+			enable = lib.mkEnableOption "enable network shares";
+			home.enable = lib.mkEnableOption "enable home network shares";
+			office.enable = lib.mkEnableOption "enable office network shares";
+		};
 	};
-	config = {
-		fileSystems = lib.mkIf config.fs.networkFS.enable {
+
+	config = lib.mkIf config.nas.enable {
+		fileSystems = lib.optionalAttrs config.nas.home.enable {
 			"/media/Storage/Media"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media";
 			"/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups";
 			"/media/Storage/Tapes"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes";
 			"/media/Family Photos"   = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos";
+		} // lib.optionalAttrs config.nas.office.enable {
 			"/media/chexx/chexx"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx";
 			"/media/chexx/tkdocs"    = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller";
 			"/media/chexx/scans"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans";
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index 4be90e8..97e0a14 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -3,6 +3,6 @@
 		description = userDetails.fullname;
 		#home = userDetails.home.root;
 		isNormalUser = true;
-		extraGroups = [ "wheel" "docker" ];
+		extraGroups = [ "wheel" "nixbld" ];
 	};
 }
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
index b28d1f6..2f0742b 100644
--- a/modules/root/resources/secrets/secrets.yaml
+++ b/modules/root/resources/secrets/secrets.yaml
@@ -1,4 +1,4 @@
-wireless-env: ENC[AES256_GCM,data:dUpD7WA/63Ku9V4+njANI0R6pKoG4+jBGU0OHx9rj8zLeDTTm2bD9N8Fvv/sKD46IMCDY/s6ggqbfZWZyy0umitSXDGvynenIBEcXKy2ueHewlHSzJzs5zswuid1LF/ny9mFah0/cIp7+o/aNBzwhjACzwTSZ3S4OX0qHBuqZUhMFlNQyJwTVNOwTspnSg7IggpppKPte/ryXMyUs2PWoAOUkhUEz216Eu4bf69M9lJTyUPEf7z1+pTAds4LqmtMRrE37GaJKb6HxH5+8ManonLnZMRbNNB03ZHTXw+j7EPoDO8eAEWb0+m3EygBS45e4jZXpbwByEWo3GRtoysGzm/2Xj7L4wMBVuVulV7ePLBdtHOFYIBu7S1E1S/TeCKbwsZC++asec8mH4PNohUzJCaeYavbrrnOkO7LuRzwCVsfAAzkQgpvo1tofnm2XRzHjcL7tj5yff+Ynio+Rf+jjIlbBgeNf/ZNsNpqUW3uq8Iggod1JVotgk3SFL14L4Y=,iv:EqvSQfLzHB8gP7vS7o5vNT8qFWGmXJNq5+pJMLKP7D0=,tag:1dphoQHLMFyz28lOJYWp0g==,type:str]
+wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +14,8 @@ sops:
             UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
             nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-01T00:54:56Z"
-    mac: ENC[AES256_GCM,data:zwAv3vmTAhEoQpil+4tgweExbR1Vl5Vk3YJOhda2WHlVxXuZeN1wXOBOGVIFbwJOzcgY9nwcNfVlCKWXA/V3f8Znx+5mG72NbervLXmUpyBBfr9ALejlRrNT6r6r3BgPXuDHTw+66pq8L2oi3671D8rIWjddHtoJOmhNWv89ZoQ=,iv:oWdKV7bpRwGKcG0wCUUZ4qJhbk0JLkFhPRuk4JnHwQ0=,tag:A7EPpyjz2lugmkXGlnh8rQ==,type:str]
+    lastmodified: "2025-01-05T18:19:34Z"
+    mac: ENC[AES256_GCM,data:I3OlifI/TMO2Y1KZP7fku/00EN+Z9Rhu8LZmsihXK3DNVRhOQjUNOr9OkTCr+1DNVHHHMOsSXk5NyAXJA7Dv2o+8FLrgJrKBSzFetBktT6oHG0nm7l3jEt+1kPZUiXzcGvAUaxr9XdvH14iALf/zzoGHihod2j15ctx/mo5jTlg=,iv:ghPHZXdD/AUWE1kbkizZyLAUO5beOHhLIDRqDv2c33A=,tag:2J6ZTAzReSP0SYu2x2VtLQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index bfeb542..0385a0f 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -7,7 +7,7 @@
 		age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
 
 		secrets = {
-			wireless-env = { };
+			wpa_supplicant-conf = { };
 		};
 	};
 
diff --git a/modules/root/software.nix b/modules/root/software.nix
deleted file mode 100644
index fcd3c00..0000000
--- a/modules/root/software.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ pkgs, lib, config, ... }: {
-	options = {
-		software = {
-			desktop = {
-				enable = lib.mkEnableOption "enables desktop apps";
-				extra.enable = lib.mkEnableOption "enables extra desktop apps";
-			};
-			dev = {
-				enable = lib.mkEnableOption "enables development utilities";
-				extra.enable = lib.mkEnableOption "enables extra development utilities";
-			};
-			utils = {
-				enable = lib.mkEnableOption "enables general utilities";
-			};
-		};
-	};
-
-	config = {
-		environment.systemPackages = with pkgs; pkgs.lib.optionals config.software.desktop.enable [
-			# Desktop
-			alacritty
-			arandr
-			dmenu
-			firefox
-			libnotify
-			mpv
-			pavucontrol
-			pcmanfm
-			redshift
-			sxiv
-			wpa_supplicant_gui
-			zathura
-		] ++ pkgs.lib.optionals config.software.desktop.extra.enable [
-			# Desktop Extra
-			geeqie
-			gimp
-			inkscape
-			jellyfin-mpv-shim
-			libreoffice
-			localsend
-			qbittorrent
-			qdirstat
-			remmina
-			thunderbird
-			ungoogled-chromium
-		] ++ pkgs.lib.optionals config.software.dev.enable [
-			# Development
-			dash  # TODO should be default /bin/sh
-			entr
-			gcc
-			git
-			gnumake
-			jq
-			lm_sensors
-			nmap
-			openssl
-			pkg-config
-			python3
-			sassc
-			sslscan
-			wget
-		] ++ pkgs.lib.optionals config.software.dev.extra.enable [
-			# Development Extra
-			android-tools
-			cargo
-			hugo
-			lua
-			uhubctl
-			wireguard-tools
-		] ++ pkgs.lib.optionals config.software.utils.enable [
-			# Utilities
-			age
-			cryptsetup
-			fastfetch
-			htop
-			light
-			neovim
-			p7zip
-			powertop
-			pv
-			rsync
-			screen
-			scrot
-			smartmontools
-			sops
-			stress
-			testdisk
-			tmux
-			xxHash
-			(callPackage ../../derivations/lowbat {})
-			(callPackage ../../derivations/pavolctld {})
-		];
-
-		# More desktop
-		programs.dconf.enable = config.software.desktop.enable;  # For home-manager to configure gtk TODO this should be there instead
-
-		# More utilities
-		programs.zsh.enable = config.software.utils.enable;
-		users.defaultUserShell = lib.mkIf config.software.utils.enable pkgs.zsh;
-		services.openssh.enable = config.software.utils.enable;
-	};
-}
diff --git a/modules/root/software/awesome.nix b/modules/root/software/awesome.nix
new file mode 100644
index 0000000..fdc86e8
--- /dev/null
+++ b/modules/root/software/awesome.nix
@@ -0,0 +1,20 @@
+{ pkgs, lib, config, ... }: {
+	options = {
+		xserver.awesome.enable = lib.mkEnableOption "enables awesomewm";
+	};
+
+	config = lib.mkIf (config.xserver.enable && config.xserver.awesome.enable ) {
+		services.xserver.windowManager.awesome = {
+			enable = true;
+			noArgb = true;  # disables transparency. why not?
+			luaModules = with pkgs.luajitPackages; [
+				lgi
+			];
+			package = with pkgs; awesome.override {
+				gtk3Support = true;
+				gtk3 = gtk3;
+				lua = luajit;
+			};
+		};
+	};
+}
diff --git a/modules/root/ddcutil.nix b/modules/root/software/ddcutil.nix
index 93e0af5..93e0af5 100644
--- a/modules/root/ddcutil.nix
+++ b/modules/root/software/ddcutil.nix
diff --git a/modules/root/software/default.nix b/modules/root/software/default.nix
new file mode 100644
index 0000000..8d1e987
--- /dev/null
+++ b/modules/root/software/default.nix
@@ -0,0 +1,34 @@
+{ lib, config, ... }: {
+	imports = [
+		./awesome.nix
+		./ddcutil.nix
+		./desktop.nix
+		./development.nix
+		./docker.nix
+		./system.nix
+		./utilities.nix
+		./virtualisation.nix
+	];
+
+	software.desktop = {
+		enable             = lib.mkDefault config.xserver.enable;
+		chromium.enable    = lib.mkDefault false;
+		cad.enable         = lib.mkDefault false;
+		crypto.enable      = lib.mkDefault false;
+		firefox.enable     = lib.mkDefault true;
+		graphics.enable    = lib.mkDefault false;
+		office.enable      = lib.mkDefault false;
+		utilities.enable   = lib.mkDefault false;
+	};
+
+	software.development = {
+		enable             = lib.mkDefault true;
+		docker = {
+			enable         = lib.mkDefault false;
+			btrfsSupport   = lib.mkDefault true;
+		};
+	};
+
+	virtualisation.enable  = lib.mkDefault false;
+	xserver.awesome.enable = lib.mkDefault true;
+}
diff --git a/modules/root/software/derivations b/modules/root/software/derivations
new file mode 120000
index 0000000..a075779
--- /dev/null
+++ b/modules/root/software/derivations
@@ -0,0 +1 @@
+../../../derivations
\ No newline at end of file
diff --git a/modules/root/software/desktop.nix b/modules/root/software/desktop.nix
new file mode 100644
index 0000000..eb0a5ff
--- /dev/null
+++ b/modules/root/software/desktop.nix
@@ -0,0 +1,76 @@
+{ pkgs, lib, config, ... }: {
+	options = {
+		software.desktop = {
+			enable = lib.mkEnableOption "enables desktop apps";
+			chromium = {
+				enable = lib.mkEnableOption "enables selected chromium browser package";
+				package = lib.mkOption {
+					type = lib.types.package;
+					default = pkgs.ungoogled-chromium;
+					description = "chromium package to install";
+				};
+			};
+			cad.enable = lib.mkEnableOption "enables cad and 3d printing apps";
+			crypto.enable = lib.mkEnableOption "enables crypto wallet apps";
+			firefox.enable = lib.mkEnableOption "enables firefox";
+			graphics.enable = lib.mkEnableOption "enables graphic design apps";
+			office.enable = lib.mkEnableOption "enables office apps";
+			utilities.enable = lib.mkEnableOption "enables miscellaneous utility apps";
+		};
+	};
+
+	config = lib.mkIf config.software.desktop.enable {
+		environment.systemPackages = with pkgs; [
+			# Default
+			alacritty
+			arandr
+			dmenu
+			jellyfin-mpv-shim
+			libnotify
+			mpv
+			pavucontrol
+			pcmanfm
+			redshift
+			sxiv
+			wpa_supplicant_gui
+			zathura
+		] ++ pkgs.lib.optionals config.software.desktop.chromium.enable [
+			# Chrome
+			config.software.desktop.chromium.package
+		] ++ pkgs.lib.optionals config.software.desktop.cad.enable [
+			# CAD
+			blender
+			freecad
+			prusa-slicer
+		] ++ pkgs.lib.optionals config.software.desktop.crypto.enable [
+			# Crypto Wallets
+			bisq2
+			electrum
+			monero-gui
+		] ++ pkgs.lib.optionals config.software.desktop.graphics.enable [
+			# Graphics
+			blender
+			geeqie
+			gimp
+			inkscape
+		] ++ pkgs.lib.optionals config.software.desktop.office.enable [
+			# Office
+			thunderbird
+		] ++ pkgs.lib.optionals config.software.desktop.utilities.enable [
+			# Misc Utilities
+			qbittorrent
+			qdirstat
+			remmina
+		];
+
+		programs.localsend.enable = config.software.desktop.utilities.enable;  # Installs & opens firewall
+		programs.firefox.enable = config.software.desktop.firefox.enable;
+
+		# GVfs allows for mounting drives in a graphical file manager
+		services.gvfs.enable = true;
+
+		# For home-manager to configure gtk
+		# TODO this should be there instead
+		programs.dconf.enable = config.software.desktop.enable;
+	};
+}
diff --git a/modules/root/software/development.nix b/modules/root/software/development.nix
new file mode 100644
index 0000000..2a4dfba
--- /dev/null
+++ b/modules/root/software/development.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, config, ... }: {
+	options = {
+		software.development.enable = lib.mkEnableOption "enables development tools";
+	};
+
+	config = lib.mkIf config.software.development.enable {
+		environment.systemPackages = with pkgs; [
+			adb-sync
+			android-tools
+			gcc
+			git
+			gnumake
+			hugo
+			lua
+			pkg-config
+		];
+	};
+}
diff --git a/modules/root/software/docker.nix b/modules/root/software/docker.nix
new file mode 100644
index 0000000..bf1898c
--- /dev/null
+++ b/modules/root/software/docker.nix
@@ -0,0 +1,21 @@
+{ pkgs, lib, config, userDetails, ... }: {
+	options = {
+		software.development.docker = {
+			enable = lib.mkEnableOption "enables docker";
+			btrfsSupport = lib.mkEnableOption "changes docker storageDriver to btrfs";
+		};
+	};
+
+	config = lib.mkIf config.software.development.docker.enable {
+		virtualisation.docker = {
+			enable = true;
+			storageDriver = lib.mkIf config.software.development.docker.btrfsSupport "btrfs";
+		};
+
+		environment.systemPackages = with pkgs; [
+			docker-compose
+		];
+
+		users.groups.docker.members = [ userDetails.username ];
+	};
+}
diff --git a/modules/root/software/system.nix b/modules/root/software/system.nix
new file mode 100644
index 0000000..18cc8dd
--- /dev/null
+++ b/modules/root/software/system.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }: {
+	environment.systemPackages = with pkgs; [
+		age  # Secrets
+		cryptsetup
+		dash  # TODO should be default /bin/sh
+		exfat
+		git  # Needed for home-manager
+		python3
+		sops  # Secrets
+	];
+}
diff --git a/modules/root/software/utilities.nix b/modules/root/software/utilities.nix
new file mode 100644
index 0000000..dabf163
--- /dev/null
+++ b/modules/root/software/utilities.nix
@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+	environment.systemPackages = with pkgs; [
+		entr
+		fastfetch
+		ffmpeg
+		htop
+		jq
+		light
+		lm_sensors
+		mediainfo
+		neovim
+		nmap
+		openssl
+		p7zip
+		powertop
+		pv
+		rsync
+		screen
+		smartmontools
+		sslscan
+		stress
+		testdisk
+		tmux
+		uhubctl
+		wget
+		wireguard-tools
+		xxHash
+		yt-dlp
+		(callPackage ./derivations/lowbat {})
+		(callPackage ./derivations/pavolctld {})
+	];
+}
diff --git a/modules/root/virtualisation.nix b/modules/root/software/virtualisation.nix
index d57d43e..4ae15f5 100644
--- a/modules/root/virtualisation.nix
+++ b/modules/root/software/virtualisation.nix
@@ -5,6 +5,6 @@
 
 	config = lib.mkIf config.virtualisation.enable {
 		virtualisation.libvirtd.enable = true;
-		programs.virt-manager.enable = true;
+		programs.virt-manager.enable = config.software.desktop.enable;
 	};
 }
diff --git a/modules/root/ssh.nix b/modules/root/ssh.nix
new file mode 100644
index 0000000..9f6d54d
--- /dev/null
+++ b/modules/root/ssh.nix
@@ -0,0 +1,8 @@
+{
+	services.openssh = {
+		enable = true;
+		settings = {
+			X11Forwarding = true;
+		};
+	};
+}
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
index 880d436..542cfd7 100644
--- a/modules/root/wifi.nix
+++ b/modules/root/wifi.nix
@@ -1,18 +1,4 @@
-{ pkgs, lib, config, ... }:
-let
-	mkNetworksFromEnvironmentFile = n: builtins.listToAttrs (
-		map (i: {
-			name    = "@SSID_${toString i}@";
-			value = {
-				psk = "@PSK_${toString i}@";
-				priority = n - i;
-			};
-		}) (lib.lists.range 1 n)
-	);
-	environmentFile = config.sops.secrets.wireless-env.path;
-	#networks = mkNetworksFromEnvironmentFile ((builtins.length (lib.strings.splitString "\n" (builtins.readFile environmentFile))) / 2);
-	networks = mkNetworksFromEnvironmentFile 9;  # Number of networks listed in wireless-env
-in {
+{ lib, config, ... }: {
 	options = {
 		wifi.enable = lib.mkEnableOption "enables wifi";
 	};
@@ -21,8 +7,12 @@ in {
 		networking.wireless = {
 			enable = true;  # Enables wireless support via wpa_supplicant.
 			userControlled.enable = true;
-			inherit networks;
-			inherit environmentFile;
+			allowAuxiliaryImperativeNetworks = true;  # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
+		};
+
+		# Link /etc/wpa_supplicant.conf -> secret config
+		environment.etc."wpa_supplicant.conf" = {
+			source = config.sops.secrets.wpa_supplicant-conf.path;
 		};
 	};
 }
diff --git a/modules/root/zsh.nix b/modules/root/zsh.nix
new file mode 100644
index 0000000..697cb4c
--- /dev/null
+++ b/modules/root/zsh.nix
@@ -0,0 +1,10 @@
+{ lib, config, pkgs, ... }: {
+	options = {
+		zsh.enable = lib.mkEnableOption "use zsh as default shell";
+	};
+
+	config = lib.mkIf config.zsh.enable {
+		programs.zsh.enable = true;
+		users.defaultUserShell = pkgs.zsh;
+	};
+}