??

.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &cnix age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+          - *cnix

flake.lock

@@ -1,5 +1,32 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": [
+          "hm"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722339003,
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "anyrun": {
       "inputs": {
         "flake-parts": "flake-parts",
@@ -80,12 +107,12 @@
         "yafas": "yafas"
       },
       "locked": {
-        "lastModified": 1722542796,
-        "narHash": "sha256-l+XBDAxLXPdEqPASKjyDbgBQys9IijCtHjXcEXN6YeU=",
-        "rev": "a44b84390425928d2282676e63eed3a1ee528178",
-        "revCount": 1313,
+        "lastModified": 1722615689,
+        "narHash": "sha256-1nFssdBy2Wm5tihYjabxJqGoQOVsb0FZZ7gsH28cjDY=",
+        "rev": "a74f205ab8887f08985270723823e6555efb7d83",
+        "revCount": 1314,
         "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1313%2Brev-a44b84390425928d2282676e63eed3a1ee528178/01910f91-404f-76fe-b3f8-8f4b86465e96/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1314%2Brev-a74f205ab8887f08985270723823e6555efb7d83/019113e8-6de6-7d8b-a84a-9f8dc30916f1/source.tar.gz"
       },
       "original": {
         "type": "tarball",
@@ -127,6 +154,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "devshell": {
       "inputs": {
         "nixpkgs": [
@@ -159,11 +208,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722564602,
-        "narHash": "sha256-5I9JS9he9v+uq57PwLmWoJBBsRIm+Ek4FZtACWQsmfM=",
+        "lastModified": 1722601690,
+        "narHash": "sha256-0T5UIj683XckcgZYAKauDQjDqQvcZf2b+hQrBxtvIKo=",
         "owner": "nix-community",
         "repo": "flake-firefox-nightly",
-        "rev": "e98396265bfb6d81034ca0546d7ada8afbd3d291",
+        "rev": "5783e7f3c40c73bfa2e2501da8d39670cbbd0f98",
         "type": "github"
       },
       "original": {
@@ -385,41 +434,6 @@
         "type": "github"
       }
     },
-    "flake-utils_4": {
-      "inputs": {
-        "systems": "systems_7"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "freetype2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1687587065,
-        "narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
-        "owner": "wez",
-        "repo": "freetype2",
-        "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "wez",
-        "repo": "freetype2",
-        "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
-        "type": "github"
-      }
-    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -509,23 +523,6 @@
         "type": "github"
       }
     },
-    "harfbuzz": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1711722720,
-        "narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
-        "owner": "harfbuzz",
-        "repo": "harfbuzz",
-        "rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "harfbuzz",
-        "ref": "8.4.0",
-        "repo": "harfbuzz",
-        "type": "github"
-      }
-    },
     "hm": {
       "inputs": {
         "nixpkgs": [
@@ -629,11 +626,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1722551504,
-        "narHash": "sha256-/N8voFoU8ALTK8C1esM6MM+lj9zZGCG4lbvH0mNBQUE=",
+        "lastModified": 1722616930,
+        "narHash": "sha256-KwBxmf15rUQDXP5ON7OgmKFtDd3gO2jsWJiBVJquqqI=",
         "ref": "refs/heads/main",
-        "rev": "09bb5658b7fa6c0dc4e2744797e51ad4dd25af42",
-        "revCount": 5041,
+        "rev": "1fa4b7d79baaad47fde8e72221cd77f569fbfe35",
+        "revCount": 5043,
         "submodules": true,
         "type": "git",
         "url": "https://github.com/hyprwm/Hyprland"
@@ -835,23 +832,6 @@
         "type": "github"
       }
     },
-    "libpng": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1549245649,
-        "narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
-        "owner": "glennrp",
-        "repo": "libpng",
-        "rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
-        "type": "github"
-      },
-      "original": {
-        "owner": "glennrp",
-        "repo": "libpng",
-        "rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
-        "type": "github"
-      }
-    },
     "mozilla": {
       "flake": false,
       "locked": {
@@ -1047,22 +1027,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
-      "locked": {
-        "lastModified": 1721466660,
-        "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixvim": {
       "inputs": {
         "devshell": "devshell",
@@ -1142,6 +1106,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "anyrun": "anyrun",
         "chaotic": "chaotic",
         "firefox-nightly": "firefox-nightly",
@@ -1156,8 +1121,7 @@
         "nix-gaming": "nix-gaming",
         "nixpkgs": "nixpkgs_5",
         "nixvim": "nixvim",
-        "systems": "systems_6",
-        "wezterm": "wezterm"
+        "systems": "systems_6"
       }
     },
     "rust-overlay": {
@@ -1181,27 +1145,6 @@
         "type": "github"
       }
     },
-    "rust-overlay_2": {
-      "inputs": {
-        "nixpkgs": [
-          "wezterm",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1721441897,
-        "narHash": "sha256-gYGX9/22tPNeF7dR6bWN5rsrpU4d06GnQNNgZ6ZiXz0=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "b7996075da11a2d441cfbf4e77c2939ce51506fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1689347949,
@@ -1292,21 +1235,6 @@
         "type": "github"
       }
     },
-    "systems_7": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -1353,32 +1281,6 @@
         "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix"
       }
     },
-    "wezterm": {
-      "inputs": {
-        "flake-utils": "flake-utils_4",
-        "freetype2": "freetype2",
-        "harfbuzz": "harfbuzz",
-        "libpng": "libpng",
-        "nixpkgs": "nixpkgs_6",
-        "rust-overlay": "rust-overlay_2",
-        "zlib": "zlib"
-      },
-      "locked": {
-        "dir": "nix",
-        "lastModified": 1722353247,
-        "narHash": "sha256-pPH+IJ8pljR+PmeOdckoHvbQVfSBdStKbgXcaqdkTRk=",
-        "owner": "wez",
-        "repo": "wezterm",
-        "rev": "56a27e93a9ee50aab50ff4d78308f9b3154b5122",
-        "type": "github"
-      },
-      "original": {
-        "dir": "nix",
-        "owner": "wez",
-        "repo": "wezterm",
-        "type": "github"
-      }
-    },
     "xdph": {
       "inputs": {
         "hyprland-protocols": "hyprland-protocols",
@@ -1433,23 +1335,6 @@
         "repo": "yafas",
         "type": "github"
       }
-    },
-    "zlib": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1484501380,
-        "narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
-        "owner": "madler",
-        "repo": "zlib",
-        "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "madler",
-        "ref": "v1.2.11",
-        "repo": "zlib",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -9,34 +9,26 @@
         ./home
         ./nixos/hosts
         ./nixos/pkgs
-        # ./pre-commit-hooks.nix
       ];
 
-      perSystem = {
-        config,
-        pkgs,
-        ...
-      }: {
+      perSystem = {pkgs, ...}: {
         devShells.default = pkgs.mkShell {
           packages = [
             pkgs.alejandra
             pkgs.git
             pkgs.nodePackages.prettier
+            pkgs.ssh-to-age
+            pkgs.sops
+            pkgs.age
           ];
-          name = "dots";
-          DIRENV_LOG_FORMAT = "";
-          # shellHook = ''
-          #   ${config.pre-commit.installationScript}
-          # '';
         };
-
         formatter = pkgs.alejandra;
       };
     };
+
   inputs = {
     # Nix environs
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    # nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
     systems.url = "github:nix-systems/default-linux";
     hardware.url = "github:nixos/nixos-hardware";
     lanzaboote.url = "github:nix-community/lanzaboote";
@@ -66,21 +58,24 @@
     };
     nix-gaming = {
       url = "github:fufexan/nix-gaming";
-      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.flake-parts.follows = "flake-parts";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-parts.follows = "flake-parts";
+      };
     };
     firefox-nightly = {
       url = "github:nix-community/flake-firefox-nightly";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    wezterm = {
-      url = "github:wez/wezterm?dir=nix";
-    };
     anyrun.url = "github:anyrun-org/anyrun";
-    # pre-commit-hooks = {
-    #   url = "github:cachix/pre-commit-hooks.nix";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    #   inputs.flake-compat.follows = "flake-compat";
-    # };
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        home-manager.follows = "hm";
+        systems.follows = "systems";
+        # darwin.follows = "";
+      };
+    };
   };
 }

nixos/core/default.nix

@@ -1,17 +0,0 @@
-{pkgs, ...}: {
-  imports = [
-    ./system
-    ./xdg.nix
-    ./zsh.nix
-    ./fonts.nix
-    ./home-manager.nix
-    ./hyprland.nix
-  ];
-
-  programs.dconf.enable = true;
-
-  console.useXkbConfig = true;
-  environment.systemPackages = with pkgs; [
-    anyrun
-  ];
-}

nixos/default.nix

@@ -1,36 +1,36 @@
 let
   shared = [
-    ./core
+    ./system
 
     ./locale
 
-    ./services/audio
-    ./services/greetd
-    ./services/gnome-keyring
-    ./services/gvfs
-    ./services/locate
-    ./services/mullvad
-    ./services/openssh
-    ./services/power
-    ./services/samba
-    ./services/udisks
-    ./services/fwupd
+    ./srv/audio
+    ./srv/greetd
+    ./srv/gnome-keyring
+    ./srv/gvfs
+    ./srv/locate
+    ./srv/mullvad
+    ./srv/openssh
+    ./srv/power
+    ./srv/samba
+    ./srv/udisks
+    ./srv/fwupd
   ];
 
   adampad =
     shared
     ++ [
-      ./core/system/adampad-nh.nix
+      ./system/var/nh/adampad.nix
     ];
   cnix =
     shared
     ++ [
-      ./core/system/cnix-nh.nix
+      ./system/var/nh/cnix.nix
     ];
   toothpc =
     shared
     ++ [
-      ./core/system/toothpc-nh.nix
+      ./system/var/nh/toothpc-nh.nix
     ];
 in {
   inherit shared adampad cnix toothpc;

nixos/hosts/cnix/imports.nix

@@ -1,122 +0,0 @@
-{pkgs, ...}: {
-  imports = [
-    # core
-    ../../core/fonts.nix
-    ../../core/hyprland.nix
-    ../../core/network/cnix.nix
-    ../../core/zsh.nix
-
-    # hardware
-    ../../hardware/cnix.nix
-
-    # locale
-    ../../locale
-
-    # services
-    ../../services/blueman
-    ../../services/dbus
-    ../../services/gnome-keyring
-    ../../services/greetd
-    ../../services/gvfs
-    ../../services/locate
-    ../../services/mullvad
-    ../../services/openssh
-    ../../services/audio
-    ../../services/power
-    ../../services/samba
-    ../../services/udisks
-    ../../services/xserver/cnix.nix
-
-    # extra
-    ../../extra/gaming.nix
-    ../../extra/android
-    ../../extra/workstation
-    # ../../extra/nix-ld
-  ];
-
-  environment = {
-    systemPackages = with pkgs; [
-      # Core
-      scx
-      fd
-      git
-      niv
-      nix-output-monitor
-      nvd
-      sbctl
-      rocmPackages.rocm-smi
-
-      # Util
-      anyrun
-      # curl
-      # fzf
-      # gnome-disk-utility
-      # lazygit
-      # ntfs3g
-      # p7zip
-      # ripgrep
-      stow
-      # tmux
-      # tmuxifier
-      # tree-sitter
-      # udiskie
-      # unrar
-      # unzip
-      # wget
-      # xdg-user-dirs
-      # xdg-utils
-      # zed-editor
-
-      # Dev
-      # binutils
-      # clang
-      # clang-tools
-      # cargo-edit
-      # cargo-insta
-      # cargo-nextest
-      # gcc
-      # gnumake
-      # cmake
-      # python3
-      # python312Packages.httplib2
-      # python312Packages.oauth2
-      # gtk3
-      # gtk4
-
-      # misc.language_servers
-      # typescript-language-server
-      # typescript
-      # nixd
-      # nil
-      # statix
-      # hyprlang
-      # alejandra
-      # nixpkgs-fmt
-      # pyright
-      # isort
-      # rustfmt
-      # rust-analyzer
-      # clippy
-      # lua-language-server
-      # stylua
-      # nodePackages_latest.nodejs
-      # nodePackages.prettier
-      # prettierd
-      # black
-      # vimPlugins.nvim-treesitter-parsers.typescript
-
-      # ags_dependencies
-      # bash
-      # coreutils
-      # dart-sass
-      # gawk
-      # imagemagick
-      # procps
-      # util-linux
-      # gnome.gnome-control-center
-      # mission-center
-      # overskride
-      # wlogout
-    ];
-  };
-}

nixos/hosts/cnix/system.nix

@@ -1,63 +0,0 @@
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  ...
-}: let
-  homeDir = builtins.getEnv "HOME";
-in {
-  environment.variables.FLAKE = "${homeDir}/.nix-config";
-  programs = {
-    nh = {
-      enable = true;
-      clean.enable = true;
-      clean.extraArgs = "--keep-since 4d --keep 3";
-      flake = "${homeDir}/.nix-config";
-    };
-  };
-
-  nix = {
-    # pin the registry to avoid downloading and evaling a new nixpkgs version every time
-    registry = lib.mapAttrs (_: v: {flake = v;}) inputs;
-
-    # set the path for channels compat
-    nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
-
-    settings = {
-      auto-optimise-store = true;
-      builders-use-substitutes = true;
-      warn-dirty = false;
-      experimental-features = ["nix-command" "flakes"];
-      flake-registry = "/etc/nix/registry.json";
-
-      # for direnv GC roots
-      keep-derivations = true;
-      keep-outputs = true;
-
-      trusted-users = ["root" "@wheel"];
-    };
-  };
-
-  security = {
-    rtkit.enable = true;
-    pam.services.hyprlock = {};
-  };
-
-  environment.localBinInPath = true;
-
-  console.useXkbConfig = true;
-
-  nixpkgs = {
-    overlays = [
-      (_: prev: {
-        python312 = prev.python312.override {packageOverrides = _: pysuper: {nose = pysuper.pynose;};};
-      })
-    ];
-    config = {
-      allowUnfree = true;
-      input-fonts.acceptLicense = true;
-    };
-  };
-}

nixos/hosts/default.nix

@@ -21,25 +21,25 @@
         cnix
         ++ [
           ./cnix
-          "${mod}/core/lanzaboote.nix"
-          "${mod}/core/network/cnix.nix"
+          "${mod}/system/boot/lanzaboote.nix"
+          "${mod}/system/var/network/cnix.nix"
 
           "${mod}/hardware/cnix.nix"
 
-          "${mod}/services/blueman"
-          "${mod}/services/xserver/cnix.nix"
+          "${mod}/srv/blueman"
+          "${mod}/srv/xserver/cnix.nix"
 
-          "${mod}/extra/gaming.nix"
-          "${mod}/extra/android"
-          "${mod}/extra/workstation"
+          "${mod}/opt/gaming.nix"
+          "${mod}/opt/android"
+          "${mod}/opt/workstation"
           {
             home-manager = {
               users.cnst.imports = homeImports."cnst@cnix";
-              extraSpecialArgs = specialArgs;
+              optSpecialArgs = specialArgs;
             };
           }
 
-          # inputs.agenix.nixosModules.default
+          inputs.agenix.nixosModules.default
           inputs.chaotic.nixosModules.default
         ];
     };
@@ -49,18 +49,18 @@
         toothpc
         ++ [
           ./toothpc
-          "${mod}/core/lanzaboote.nix"
-          "${mod}/core/network/toothpc.nix"
+          "${mod}/system/boot/lanzaboote.nix"
+          "${mod}/system/var/network/toothpc.nix"
 
           "${mod}/hardware/toothpc.nix"
 
-          "${mod}/services/xserver/toothpc.nix"
+          "${mod}/srv/xserver/toothpc.nix"
 
-          "${mod}/extra/gaming.nix"
+          "${mod}/opt/gaming.nix"
           {
             home-manager = {
               users.toothpick.imports = homeImports."toothpick@toothpc";
-              extraSpecialArgs = specialArgs;
+              optSpecialArgs = specialArgs;
             };
           }
 
@@ -74,19 +74,19 @@
         adampad
         ++ [
           ./adampad
-          "${mod}/core/boot.nix"
-          "${mod}/core/network/adampad.nix"
+          "${mod}/system/boot/boot.nix"
+          "${mod}/system/var/network/adampad.nix"
 
           "${mod}/hardware/adampad.nix"
 
-          "${mod}/services/xserver/adampad.nix"
-          "${mod}/services/blueman"
+          "${mod}/srv/xserver/adampad.nix"
+          "${mod}/srv/blueman"
 
-          "${mod}/extra/android"
+          "${mod}/opt/android"
           {
             home-manager = {
               users.adam.imports = homeImports."adam@adampad";
-              extraSpecialArgs = specialArgs;
+              optSpecialArgs = specialArgs;
             };
           }
 

nixos/system/default.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  imports = [
+    ./etc
+    ./shell/sh
+  ];
+
+  console.useXkbConfig = true;
+  environment.systemPackages = with pkgs; [
+    anyrun
+  ];
+}

nixos/system/etc/dconf/default.nix

@@ -0,0 +1,3 @@
+{
+  programs.dconf.enable = true;
+}

nixos/system/etc/default.nix

@@ -6,9 +6,14 @@
   ...
 }: {
   imports = [
-    ./substituters.nix
-    ./nixpkgs.nix
-    ./security.nix
+    ./dconf
+    ./fonts
+    ./hyprland
+    ./nixpkgs
+    ./security
+    ./home-manager
+    ./substituters
+    ./xdg
   ];
 
   environment = {

secrets/secrets.nix

@@ -0,0 +1,5 @@
+let
+  cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMWwiz9YWBMUKFtAmF3xTEdBW27zkBH8UYaqWWcs70d cnst@cnix";
+in {
+  "secret1.age".publicKeys = [cnst];
+}