asdffasdfa

.sops.yml

@@ -1,8 +1,57 @@
 keys:
-  - &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+  - home:
+    - &chris age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+  - system:
+    - &aule age
+    - &mandos age
+    - &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+    - &melkor age
+    - &orome age
+    - &tulkas age
+    - &varda age
+    - &yavanna age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
 
 creation_rules:
-  - path_regex: secrets/secrets.yml$
+  #===================================================================
+  # HOSTS
+  #===================================================================
+  - path_regex: systems/x86_64-linux/aule/secrets.yaml$
+    age: *aule
+
+  - path_regex: systems/x86_64-linux/mandos/secrets.yaml$
+    age: *mandos
+
+  - path_regex: systems/x86_64-linux/manwe/secrets.yaml$
     key_groups:
       - age: 
-          - *primary
+        - *manwe
+        - *yavanna
+
+  - path_regex: systems/x86_64-linux/melkor/secrets.yaml$
+    age: *melkor
+
+  - path_regex: systems/x86_64-linux/orome/secrets.yaml$
+    age: *orome
+
+  - path_regex: systems/x86_64-linux/tulkas/secrets.yaml$
+    age: *tulkas
+
+  - path_regex: systems/x86_64-linux/varda/secrets.yaml$
+    age: *varda
+
+  - path_regex: systems/x86_64-linux/yavanna/secrets.yaml$
+    age: *yavanna
+
+  #===================================================================
+  # USERS
+  #===================================================================
+  - path_regex: homes/x86_64-linux/chris@\w+/secrets.yaml$
+    age: *chris
+          
+          
+          
+          
+          
+          
+          
+          

README.md

@@ -18,4 +18,5 @@ nix build .#install-isoConfigurations.minimal
 
 - [dafitt/dotfiles](https://github.com/dafitt/dotfiles/)
 - [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix)
+- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile)
 - [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!)

_secrets/secrets.yaml

@@ -1,30 +0,0 @@
-#ENC[AES256_GCM,data:jozDiJTPaF427kVL4MDV8VOVhft52sOS9YIfj0n8WUJmQzVoiNY=,iv:8kyaDw0l82KZfYKkfKDj0wvcIkY6zas5e8puubEr1mA=,tag:LvuVGvU195BihU8TbPN1xg==,type:comment]
-example_key: ENC[AES256_GCM,data:9jefDfjJLP8Ha135Lg==,iv:9SUpjO1t65gA3LiwYN6nMj7icwInxTCQz7JsNEfQ2XA=,tag:Y8BBSLwUQem8wSXAlvnEXg==,type:str]
-#ENC[AES256_GCM,data:IU1T4k/+44s8qFnjnreDMihjQRmMd5qSTtfA/ung5/1f1JmBXGP7EwYJBFF9BSBkBqBfv24A9Ok=,iv:tHzL3pW/qsNdWGT3c+ni0uTlkBMWOu/SsraymCuAkqs=,tag:nWZgWdPNiKQ0j/t9Z/5l5g==,type:comment]
-#ENC[AES256_GCM,data:BhUTbsJB5voz4m1w8u1Y/MI8kR5lpRW8RpZO65IyGg232uNSoBLXB2QSl1GseyTC8bZHPiCF2gnttPD+76kqVlfzhhDu4EKU,iv:Ic8ZpR2QBBGhF2++S/TR/DRutkTghpMiby+yvNy0CSE=,tag:Z1JEtowycGDNWuznlkId8A==,type:comment]
-example:
-    my_subdir:
-        my_secret: ENC[AES256_GCM,data:hccfc6uU4tGT,iv:HYjmo9kAVCcXSpDKWGku3vaJVvZHzYB3l079xXw5OEQ=,tag:c2b8BSqlL1LTcDf1nSPfVA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR
-            ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz
-            YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB
-            dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR
-            Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-09T11:37:49Z"
-    mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
-
-zitadel:
-  masterKey: thisWillBeAnEncryptedValueInTheFuture

flake.lock

@@ -67,6 +67,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1753140376,
+        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "erosanix": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -881,6 +901,7 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "erosanix": "erosanix",
         "fenix": "fenix",
         "firefox": "firefox",

flake.nix

@@ -9,6 +9,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -25,13 +30,13 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     
-    # neovim
+    nixos-wsl = {
-    nvf.url = "github:notashelf/nvf";
+      url = "github:nix-community/nixos-wsl";
-
+      inputs = {
-    # plymouth theme
+        nixpkgs.follows = "nixpkgs";
-    nixos-boot.url = "github:Melkor333/nixos-boot";
+        flake-compat.follows = "";
-
+      };
-    firefox.url = "github:nix-community/flake-firefox-nightly";
+    };
 
     stylix.url = "github:nix-community/stylix";
 
@@ -41,6 +46,12 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    # neovim
+    nvf.url = "github:notashelf/nvf";
+
+    # plymouth theme
+    nixos-boot.url = "github:Melkor333/nixos-boot";
+
     zen-browser.url = "github:MarceColl/zen-browser-flake";
 
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
@@ -67,14 +78,6 @@
     grub2-themes = {
       url = "github:vinceliuice/grub2-themes";
     };
-    
-    nixos-wsl = {
-      url = "github:nix-community/nixos-wsl";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-        flake-compat.follows = "";
-      };
-    };
   };
 
   outputs = inputs: inputs.snowfall-lib.mkFlake {

homes/x86_64-linux/chris@manwe/secrets.yaml

@@ -0,0 +1,21 @@
+user_level_secrets: ENC[AES256_GCM,data:TNT+via+r4bpgROz,iv:cVO6/r4Aovr5uJFhU87mE5XwRJ518y4OJdHo4m92ahM=,tag:jYInD+euh7k1zSnMRppI5Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYVRQTEVSMWM3WXY3eTdW
+            ZkUwSnNidlJwWGVETURpNUJRRUllYXo4WjNvCmxmN21qVzNFV3N4UVR6WEV1am1W
+            eW1KTk9HVDluek1BUnBmSGI3Y2ZqaDQKLS0tIHlMYldYMTVORVNWbEgrWlBSanRM
+            bUZiMHlOU3pxYUhQSTREb0l4TmFlOEkKiasV2H481aJzAvEAvyeWqGYDOW+WKRFX
+            yyocZDo0o1lHz/gNXoC0/ujU+O3rSXdsy6Qdz6Rm+xeFUfe4KoD4bg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-11T13:21:38Z"
+    mac: ENC[AES256_GCM,data:kfMcZuYuQqxxfqtyfH7DltSkq8YNz+vroB+ZQKTIpCNC/W6vJP1o23/xLRzdnEgnnH5GfgZQFAK8Am00/bUD2BgEPyXxXNf1lG70ocFbRM9htii92BFfHgfi25zlEqCO7yrudm1HEJyYrFbZnT63H6u1OgWSC38CzEZTBsCE0kU=,iv:feWGBau48s2GSvZjnKPfP2z46SBuHbh//4zzcLv+MTY=,tag:D86akwawLxobhEu2AvBFKg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4

justfile

@@ -15,3 +15,10 @@ install profile host:
     --flake .#{{profile}} \
     --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
     {{host}}
+
+[doc('builds the configuration for the host')]
+build host:
+    nh os build . -H {{host}}
+
+edit-secrets target:
+    sops --config "{{justfile_directory()}}/.sops.yml" edit "{{justfile_directory()}}/{{ if target =~ ".+@.+" { "homes" } else { "systems" } }}/x86_64-linux/{{target}}/secrets.yaml"

modules/home/application/zen/default.nix

@@ -15,5 +15,26 @@ in
     home.sessionVariables = {
       MOZ_ENABLE_WAYLAND = "1";
     };
+
+    programs.zen-browser = {
+      policies = {
+        AutofillAddressEnabled = true;
+        AutofillCreditCardEnabled = false;
+        DisableAppUpdate = true;
+        DisableFeedbackCommands = true;
+        DisableFirefoxStudies = true;
+        DisablePocket = true;
+        DisableTelemetry = true;
+        # DontCheckDefaultBrowser = false;
+        NoDefaultBookmarks = true;
+        # OfferToSaveLogins = false;
+        EnableTrackingProtection = {
+          Value = true;
+          Locked = true;
+          Cryptomining = true;
+          Fingerprinting = true;
+        };
+      };
+    };
   };
 }

modules/home/default.nix

@@ -37,11 +37,12 @@ in {
 
   config = {
     home.sessionVariables = {
+      SHELL = cfg.shell;
       EDITOR = cfg.editor;
       TERMINAL = cfg.terminal;
       BROWSER = cfg.browser;
     };
 
-    # home.shell = pkgs.${cfg.shell};
+    # users.defaultUserShell = pkgs.${cfg.shell};
   };
 }

modules/home/desktop/plasma/default.nix

@@ -20,6 +20,11 @@ in
       panels = import ./panels.nix;
       powerdevil = import ./power.nix;
 
+      kwin = {
+        edgeBarrier = 0;
+        cornerBarrier = false;
+      };
+
       session = {
         general.askForConfirmationOnLogout = false;
         sessionRestore.restoreOpenApplicationsOnLogin = "onLastLogout";

modules/home/terminal/ghostty/default.nix

@@ -13,6 +13,7 @@ in
     programs.ghostty = {
       enable = true;
       settings = {
+        command = config.${namespace}.defaults.shell;
         background-blur-radius = 20;
         theme = "dark:stylix,light:stylix";
         window-theme = (config.${namespace}.themes.polarity or "dark");

modules/nixos/desktop/default.nix

@@ -17,18 +17,12 @@ in
       example = "plasma";
       description = "Which desktop to enable";
     };
-
-    autoLogin = mkEnableOption "Enable plasma's auto login feature.";
   };
 
   config = mkMerge [
     ({
       services.displayManager = {
         enable = true;
-
-        autoLogin = mkIf cfg.autoLogin {
-          enable = true;
-        };
       };
     })
 

modules/nixos/hardware/bluetooth/default.nix

@@ -11,6 +11,9 @@ in
     hardware.bluetooth = {
       enable = true;
       powerOnBoot = true;
+      settings = {
+        General.Experimental = true; # Show battery charge of Bluetooth devices
+      };
     };
 
     services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {

modules/nixos/nix/default.nix

@@ -15,10 +15,10 @@ in
     nix = {
       package = pkgs.nixVersions.latest;
 
-      extraOptions = "experimental-features = nix-command flakes";
+      extraOptions = "experimental-features = nix-command flakes pipe-operators";
 
       settings = {
-        experimental-features = [ "nix-command" "flakes" ];
+        experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
         allowed-users = [ "@wheel" ];
         trusted-users = [ "@wheel" ];
 

modules/nixos/system/security/sops/default.nix

@@ -13,10 +13,10 @@ in
     environment.systemPackages = with pkgs; [ sops ];
 
     sops = {
-      defaultSopsFile = ../../../../secrets/secrets.yaml;
+      age.keyFile = "/home/.sops-key.age";
-      defaultSopsFormat = "yaml";
 
-      age.keyFile = "/home/";
+      defaultSopsFile = ../../../../systems/x86_64-linux/${config.networking.hostName}/secrets.yaml;
+      defaultSopsFormat = "yaml";
     };
   };
 }

systems/x86_64-linux/manwe/README.md

@@ -1,8 +1,3 @@
 # Description
 
-<<<<<<< HEAD
 My steambox.
-=======
-My desktop, reasoning for the name being the following chain of thought:  
-**Manwe -> the king of the valar -> leader -> desktop is main machine**
->>>>>>> 72b0f6f8fad97a4ade1b54dfada26828a170febf

systems/x86_64-linux/manwe/default.nix

@@ -28,5 +28,11 @@
     };
   };
 
+
+  services.displayManager.autoLogin = {
+    enable = true;
+    user = "chris";
+  };
+
   system.stateVersion = "23.11";
 }

systems/x86_64-linux/manwe/disks.nix

@@ -1,34 +1,59 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, inputs, ... }:
 let
   inherit (lib.modules) mkDefault;
 in
 {
-  # TODO :: Implement disko at some point
+  imports = [
+    inputs.disko.nixosModules.disko
+  ];
 
-  swapDevices = [];
+  config = {
+    swapDevices = [];
 
-  boot.supportedFilesystems = [ "nfs" ];
+    boot.supportedFilesystems = [ "nfs" ];
 
-  fileSystems = {
+    disko.devices = {
-    "/" = {
+      disk = {
-      device = "/dev/disk/by-label/nixos";
+        main = {
-      fsType = "ext4";
+          device = "/dev/nvme0";
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              ESP = {
+                size = "100M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                  mountOptions = [ "umask=0077" ];
+                };
+              };
+              root = {
+                size = "100%";
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
     };
     
-    "/boot" = {
+    fileSystems = {
-      device = "/dev/disk/by-label/boot";
+      "/home/chris/media" = {
-      fsType = "vfat";
+        device = "ulmo:/";
-      options = [ "fmask=0022" "dmask=0022" ];
+        fsType = "nfs";
-    };
+      };
 
-    "/home/chris/media" = {
+      "/home/chris/mandos" = {
-      device = "ulmo:/";
+        device = "mandos:/";
-      fsType = "nfs";
+        fsType = "nfs";
-    };
+      };
-
-    "/home/chris/mandos" = {
-      device = "mandos:/";
-      fsType = "nfs";
     };
   };
 }

systems/x86_64-linux/manwe/secrets.yaml

@@ -0,0 +1,31 @@
+zitadel:
+    masterKey: ENC[AES256_GCM,data:iSeZOloWLrdP8S+ac7ubIcv9TF3Sm8Ni,iv:8v3/ratFQ5vq2rbZOUMKfPhVTA9uQY2eFQU4IR8s3VU=,tag:9y90aDQ2PfFT//X2i2YvvA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R0UyWmx5L3hCbGhQVXI0
+            NmpkMThPVlgrRHZZMnFrNTAwbzVTY1F6NEVVCjJaRHdhbHV6R1RJM2JIQzc3dkNu
+            a01FYlM3b1dXbmxGN2tWU3FMdXMveG8KLS0tIG1SSjNXdXZNN2ZyQ2UyZ0pIZXJJ
+            NmpMS2oySFE1S1RER3J1RGl4MlRQK00Ks+PcxcHmygYz+a+d0ZrzrdUpTQ50NYkA
+            aDFbtRtukn9e7i3bGUyD4nisSvs4YjfoQxR/pC8hs4k3f5V2jwDh2w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaTN4clFoWDNwU2lpaHBn
+            M2pVeU5oM0JRNmp6NEJjQ3BHeWlzeSs3bTI0CnBocngvbzZQUXBsMG9Oc2J6dlBT
+            MjdtaFdmOHg5ZmZmSkViWGJFYThQYXcKLS0tIFRNd2JiVlFTREtDMTdzR2V0SlVo
+            Q0d5ZDVDM05LdFp4UnB4dFRPUm5vU0UKR/MAONEWaT6XXyPB1IrSIKqW5PZNIbuB
+            n7QX3DJIzlajtmq+82/wPFPTBkLvSSjV5FKL5ErMwTDndcIn+NlOhQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-11T13:11:00Z"
+    mac: ENC[AES256_GCM,data:P34YsR/Rvc3q4Os5n9hxonJLCXwifMRnKOCM59h5MRMT/aqjl+QlBX+oUADsqDSrhUscQb3N/UlpFeOT6qg+FmJbT/mYMH6v1xK16VD0M7VWydXpmjDu5If+O89lgDHsiEOGDgeR04jkiaY0yzT9U8l9CND5fMvF3I9o5Z1SZQk=,iv:NgUD8gB2bQa5vh0nb0Ngqp5dn0yqskHudWo8xoVjM4Q=,tag:5oTcnailDCHeMvMLz63e1w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4