??

nixos/system/boot/boot.nix

@@ -0,0 +1,6 @@
+{
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+}

nixos/system/boot/lanzaboote.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+# lanzaboote config
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  boot = {
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+
+    # we let lanzaboote install systemd-boot
+    loader.systemd-boot.enable = lib.mkForce false;
+  };
+
+  environment.systemPackages = [pkgs.sbctl];
+}

nixos/system/default.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  imports = [
+    ./etc
+    ./shell/sh
+  ];
+
+  console.useXkbConfig = true;
+  environment.systemPackages = with pkgs; [
+    anyrun
+  ];
+}

nixos/system/etc/dconf/default.nix

@@ -0,0 +1,3 @@
+{
+  programs.dconf.enable = true;
+}

nixos/system/etc/default.nix

@@ -0,0 +1,49 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./dconf
+    ./fonts
+    ./hyprland
+    ./nixpkgs
+    ./security
+    ./home-manager
+    ./substituters
+    ./xdg
+  ];
+
+  environment = {
+    systemPackages = [
+      pkgs.git
+      pkgs.scx
+      pkgs.stow
+    ];
+    localBinInPath = true;
+  };
+
+  nix = {
+    # pin the registry to avoid downloading and evaling a new nixpkgs version every time
+    registry = lib.mapAttrs (_: v: {flake = v;}) inputs;
+
+    # set the path for channels compat
+    nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
+
+    settings = {
+      auto-optimise-store = true;
+      builders-use-substitutes = true;
+      warn-dirty = false;
+      experimental-features = ["nix-command" "flakes"];
+      flake-registry = "/etc/nix/registry.json";
+
+      # for direnv GC roots
+      keep-derivations = true;
+      keep-outputs = true;
+
+      trusted-users = ["root" "@wheel"];
+    };
+  };
+}

nixos/system/etc/fonts/default.nix

@@ -0,0 +1,29 @@
+{pkgs, ...}: {
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    liberation_ttf
+    fira-code-symbols
+    font-awesome
+    recursive
+    input-fonts
+    (nerdfonts.override {
+      fonts = [
+        "JetBrainsMono"
+        "FiraCode"
+        "FiraMono"
+        "Iosevka"
+        "3270"
+        "DroidSansMono"
+        "SourceCodePro"
+        "UbuntuMono"
+        "Overpass"
+        "Monoid"
+        "Mononoki"
+        "Hack"
+        "IBMPlexMono"
+      ];
+    })
+  ];
+}

nixos/system/etc/home-manager/default.nix

@@ -0,0 +1,10 @@
+{inputs, ...}: {
+  imports = [
+    inputs.hm.nixosModules.default
+  ];
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+}

nixos/system/etc/hyprland/default.nix

@@ -0,0 +1,7 @@
+{inputs, ...}: {
+  imports = [
+    inputs.hyprland.nixosModules.default
+  ];
+  environment.variables.NIXOS_OZONE_WL = "1";
+  programs.hyprland.enable = true;
+}

nixos/system/etc/nixpkgs/default.nix

@@ -0,0 +1,13 @@
+{
+  nixpkgs = {
+    overlays = [
+      (_: prev: {
+        python312 = prev.python312.override {packageOverrides = _: pysuper: {nose = pysuper.pynose;};};
+      })
+    ];
+    config = {
+      allowUnfree = true;
+      input-fonts.acceptLicense = true;
+    };
+  };
+}

nixos/system/etc/security/default.nix

@@ -0,0 +1,6 @@
+{
+  security = {
+    rtkit.enable = true;
+    pam.services.hyprlock = {};
+  };
+}

nixos/system/etc/substituters/default.nix

@@ -0,0 +1,28 @@
+{
+  nix.settings = {
+    substituters = [
+      # high priority since it's almost always used
+      "https://cache.nixos.org?priority=10"
+
+      "https://anyrun.cachix.org"
+      "https://fufexan.cachix.org"
+      "https://helix.cachix.org"
+      "https://hyprland.cachix.org"
+      "https://nix-community.cachix.org"
+      "https://nix-gaming.cachix.org"
+      "https://yazi.cachix.org"
+    ];
+
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+
+      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
+      "fufexan.cachix.org-1:LwCDjCJNJQf5XD2BV+yamQIMZfcKWR9ISIFy5curUsY="
+      "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
+      "yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
+    ];
+  };
+}

nixos/system/etc/xdg/default.nix

@@ -0,0 +1,14 @@
+{pkgs, ...}: {
+  xdg.portal = {
+    enable = true;
+    xdgOpenUsePortal = true;
+    config = {
+      common.default = ["gtk"];
+      hyprland.default = ["gtk" "hyprland"];
+    };
+
+    extraPortals = [
+      pkgs.xdg-desktop-portal-gtk
+    ];
+  };
+}

nixos/system/shell/dev.nix

@@ -0,0 +1,23 @@
+{pkgs ? import <nixpkgs> {}, ...}: {
+  default = pkgs.mkShell {
+    NIX_CONFIG = "extra-experimental-features = nix-command flakes";
+    nativeBuildInputs = with pkgs; [
+      rust-analyzer
+      cargo
+      clippy
+      rustc
+      rustfmt
+      openssl
+      pkg-config
+      gtk3
+      gtk4
+      libadwaita
+      glib
+      clang
+      gnumake
+      cmake
+      nasm
+      perl
+    ];
+  };
+}

nixos/system/shell/sh/default.nix

@@ -0,0 +1 @@
+{ programs.zsh.enable = true; }

nixos/system/var/network/adampad.nix

@@ -0,0 +1,15 @@
+{
+  networking = {
+    networkmanager.enable = true;
+    hostName = "adampad";
+    nftables.enable = true;
+    firewall = {
+      enable = true;
+      interfaces = {
+        "enp7s0" = {
+          allowedTCPPorts = [22 80 443];
+        };
+      };
+    };
+  };
+}

nixos/system/var/network/cnix.nix

@@ -0,0 +1,15 @@
+{
+  networking = {
+    networkmanager.enable = true;
+    hostName = "cnix";
+    nftables.enable = true;
+    firewall = {
+      enable = true;
+      interfaces = {
+        "enp7s0" = {
+          allowedTCPPorts = [22 80 443];
+        };
+      };
+    };
+  };
+}

nixos/system/var/network/toothpc.nix

@@ -0,0 +1,15 @@
+{
+  networking = {
+    networkmanager.enable = true;
+    hostName = "toothpc";
+    nftables.enable = true;
+    firewall = {
+      enable = true;
+      interfaces = {
+        "enp4s0" = {
+          allowedTCPPorts = [22 80 443];
+        };
+      };
+    };
+  };
+}

nixos/system/var/nh/adampad.nix

@@ -0,0 +1,11 @@
+{
+  environment.variables.FLAKE = "/home/adam/.nix-config";
+  programs = {
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/home/adam/.nix-config";
+    };
+  };
+}

nixos/system/var/nh/cnix.nix

@@ -0,0 +1,11 @@
+{
+  environment.variables.FLAKE = "/home/cnst/.nix-config";
+  programs = {
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/home/cnst/.nix-config";
+    };
+  };
+}

nixos/system/var/nh/toothpc.nix

@@ -0,0 +1,11 @@
+{
+  environment.variables.FLAKE = "/home/toothpick/.nix-config";
+  programs = {
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/home/toothpick/.nix-config";
+    };
+  };
+}