flake.nix

@@ -9,6 +9,7 @@
     };
 
     #keep-sorted start block=yes
+
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
       #inputs.nixpkgs.follows = "nixpkgs";
@@ -96,18 +97,28 @@
     inputs@{
       self,
       nixpkgs,
+      home-manager,
       # keep-sorted start
+      lanzaboote,
       niri,
       nix-vscode-extensions,
+      nixos-generators,
+      nixos-raspberrypi,
       nixpkgs-unstable,
+      servicepoint-cli,
+      servicepoint-simulator,
+      servicepoint-tanks,
+      stylix,
       treefmt-nix,
+      zerforschen-plus,
       # keep-sorted end
       ...
     }:
     let
+      devices = import ./devices.nix { inherit self; };
       inherit (nixpkgs) lib;
-      nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; };
+      forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
-      supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations);
+      supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
       treefmt-config = {
         projectRootFile = "flake.nix";
         programs = {
@@ -136,17 +147,37 @@
     in
     {
       overlays = {
-        unstable = final: prev: {
+        unstable-packages = final: prev: {
           unstable = import nixpkgs-unstable {
             localSystem = prev.stdenv.hostPlatform;
             inherit (prev) config;
           };
         };
-        vscodeExtensions = nix-vscode-extensions.overlays.default;
-        niri = niri.overlays.niri;
       };
 
-      nixosModules = importModuleDir ./nixosModules;
+      nixosModules = (importModuleDir ./nixosModules) // {
+        niri =
+          { pkgs, ... }:
+          {
+            imports = [ niri.nixosModules.niri ];
+            nixpkgs.overlays = [ niri.overlays.niri ];
+
+            programs.niri = {
+              enable = true;
+              #package = pkgs.niri-stable;
+            };
+          };
+        pkgs-unstable = {
+          nixpkgs.overlays = [ self.overlays.unstable-packages ];
+        };
+        pkgs-vscode-extensions = {
+          nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
+        };
+        # required modules to use other modules, should not do anything on their own
+        default = {
+          imports = [ self.nixosModules.allowed-unfree-list ];
+        };
+      };
 
       homeModules = importModuleDir ./homeModules;
       homeConfigurations = {
@@ -154,7 +185,38 @@
         ronja = ./homeConfigurations/ronja;
       };
 
-      inherit nixosConfigurations;
+      nixosConfigurations = forDevice (
+        {
+          device,
+          system,
+          home-manager-users ? { },
+          nixosSystem ? nixpkgs.lib.nixosSystem,
+          ...
+        }:
+        let
+          specialArgs = inputs // {
+            inherit device home-manager-users devices;
+          };
+        in
+        nixosSystem {
+          inherit specialArgs;
+          modules = [
+            {
+              imports = [
+                ./nixosConfigurations/${device}
+                self.nixosModules.global-settings
+              ]
+              ++ (lib.optionals (home-manager-users != { }) [
+                self.nixosModules.global-settings-desktop
+              ]);
+
+              nixpkgs = {
+                hostPlatform = lib.mkDefault system;
+              };
+            }
+          ];
+        }
+      );
 
       formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);
 

homeConfigurations/muede/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, self, ... }:
 {
   imports = [
     # keep-sorted start

homeModules/git.nix

@@ -0,0 +1,6 @@
+{
+  programs.git = {
+    enable = true;
+    settings.init.defaultBranch = "main";
+  };
+}

nixosConfigurations.nix

@@ -1,127 +0,0 @@
-{
-  inputs,
-  lib,
-}:
-let
-  devices = import ./devices.nix { inherit (inputs) self; };
-  inherit (inputs)
-    self
-    home-manager
-    lanzaboote
-    nova-shell
-    servicepoint-cli
-    servicepoint-simulator
-    servicepoint-tanks
-    stylix
-    zerforschen-plus
-    ;
-  forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
-in
-forDevice (
-  {
-    device,
-    system,
-    home-manager-users ? { },
-    nixosSystem ? inputs.nixpkgs.lib.nixosSystem,
-    ...
-  }:
-  let
-    specialArgs = inputs // {
-      inherit device home-manager-users devices;
-    };
-  in
-  nixosSystem {
-    inherit specialArgs;
-    modules = [
-      ./nixosConfigurations/${device}
-      self.nixosModules.default
-
-      # keep-sorted start
-      home-manager.nixosModules.home-manager
-      lanzaboote.nixosModules.lanzaboote
-      nova-shell.nixosModules.default
-      servicepoint-cli.nixosModules.default
-      servicepoint-simulator.nixosModules.default
-      servicepoint-tanks.nixosModules.default
-      stylix.nixosModules.stylix
-      zerforschen-plus.nixosModules.default
-      # keep-sorted end
-
-      # Base config
-      {
-        nixpkgs.hostPlatform = lib.mkDefault system;
-        networking.hostName = device;
-        system = {
-          stateVersion = "22.11";
-          autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
-        };
-        nix.settings.experimental-features = [
-          "nix-command"
-          "flakes"
-        ];
-        documentation = {
-          info.enable = false;
-          doc.enable = false;
-        };
-
-        my = {
-          # keep-sorted start
-          autoupdate.enable = true;
-          distributedBuilds.enable = true;
-          extraCaches.enable = true;
-          git.enable = true;
-          globalinstalls.enable = true;
-          lixIsNix.enable = true;
-          openssh.enable = true;
-          overlays.unstable.enable = true;
-          overlays.vscodeExtensions.enable = true;
-          # prometheusNode.enable = true;
-          systemdBoot.enable = true;
-          tailscale.enable = true;
-          # keep-sorted end
-        };
-      }
-    ]
-    ++ lib.optionals (home-manager-users != { }) [
-      # Desktop config
-      {
-        home-manager = {
-          extraSpecialArgs = specialArgs;
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          users = home-manager-users;
-          sharedModules = [
-            { home.stateVersion = "22.11"; }
-            # keep-sorted start
-            self.homeModules.gnome-extensions
-            self.homeModules.nano
-            self.homeModules.templates
-            self.homeModules.zsh-basics
-            # keep-sorted end
-          ];
-        };
-
-        time.timeZone = "Europe/Berlin";
-
-        # on desktops, keep the device useable interactively during expensive builds
-        nix = {
-          daemonCPUSchedPolicy = "idle";
-          daemonIOSchedClass = "idle";
-        };
-
-        my = {
-          # keep-sorted start
-          enDe.enable = true;
-          firmwareUpdates.enable = true;
-          gnome.enable = true;
-          kdeconnect.enable = true;
-          modernDesktop.enable = true;
-          nixLd.enable = true;
-          quietBoot.enable = true;
-          stylix.enable = true;
-          # keep-sorted end
-        };
-      }
-    ];
-  }
-)

nixosConfigurations/aur0ra/hardware.nix

@@ -10,9 +10,11 @@
   # No one got time for xz compression.
   #isoImage.squashfsCompression = "zstd";
 
-  boot.loader.raspberry-pi.bootloader = "kernel";
+  boot.loader = {
-
+    raspberry-pi.bootloader = "kernel";
-  my.systemdBoot.enable = lib.mkForce false;
+    systemd-boot.enable = lib.mkForce false;
+    #generic-extlinux-compatible.enable = lib.mkForce false;
+  };
 
   /*
     fileSystems = {

nixosConfigurations/damocles/claude-container.nix

@@ -1,11 +1,12 @@
 {
   pkgs,
+  self,
   lib,
   ...
 }:
 {
 
-  my.overlays.unstable.enable = true;
+  nixpkgs.overlays = [ self.overlays.unstable-packages ];
   allowedUnfreePackages = [ "claude-code" ];
 
   environment.systemPackages = with pkgs; [

nixosConfigurations/epimetheus/default.nix

@@ -1,13 +1,8 @@
-{ modulesPath, ... }:
+{ self, ... }:
 {
-  imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
+  imports = [ self.nixosModules.pxvirt-guest ];
 
   config = {
-    my.pxvirtGuest.enable = true;
 
-    proxmoxLXC = {
-      manageNetwork = false;
-      privileged = false;
-    };
   };
 }

nixosConfigurations/forgejo-runner-1/default.nix

@@ -1,13 +1,12 @@
-{ ... }:
+{ self, ... }:
 {
   imports = [
     ./hardware.nix
     ./forgejo-runner.nix
+    self.nixosModules.podman
   ];
 
   config = {
-    my.podman.enable = true;
-
     # uncomment for build check on non arm system (requires --impure)
     # nixpkgs.buildPlatform = builtins.currentSystem;
     services.tailscale.useRoutingFeatures = "both";

nixosConfigurations/muede-lpt2/default.nix

@@ -2,17 +2,17 @@
 {
   imports = [
     ./hardware.nix
+    self.nixosModules.user-muede
+    self.nixosModules.gnome
+    self.nixosModules.wine-gaming
+    self.nixosModules.steam
+    self.nixosModules.podman
+    self.nixosModules.muede-desktop-settings
+    self.nixosModules.intel-graphics
+    self.nixosModules.secure-boot
   ];
 
   config = {
-    my.users.muede.enable = true;
-    my.wineGaming.enable = true;
-    my.steam.enable = true;
-    my.podman.enable = true;
-    my.muedeDesktopSettings.enable = true;
-    my.intelGraphics.enable = true;
-    my.secureBoot.enable = true;
-
     nix.settings.extra-platforms = [
       "aarch64-linux"
       "i686-linux"

nixosConfigurations/muede-pc2/default.nix

@@ -1,20 +1,21 @@
-{ pkgs, ... }:
+{ pkgs, self, ... }:
 {
   imports = [
     ./hardware.nix
     #    ./vscode-server.nix
     #    ./hass.nix
+
+    self.nixosModules.user-muede
+    self.nixosModules.gnome
+    self.nixosModules.wine-gaming
+    self.nixosModules.steam
+    self.nixosModules.podman
+    self.nixosModules.muede-desktop-settings
+    self.nixosModules.amd-graphics
+    self.nixosModules.secure-boot
   ];
 
   config = {
-    my.users.muede.enable = true;
-    my.wineGaming.enable = true;
-    my.steam.enable = true;
-    my.podman.enable = true;
-    my.muedeDesktopSettings.enable = true;
-    my.amdGraphics.enable = true;
-    my.secureBoot.enable = true;
-
     nix.settings.extra-platforms = [
       "aarch64-linux"
       "i686-linux"

nixosConfigurations/ronja-pc/default.nix

@@ -1,15 +1,20 @@
-{ pkgs, ... }:
+{
+  config,
+  pkgs,
+  self,
+  ...
+}:
 {
   imports = [
     ./hardware.nix
+    self.nixosModules.user-ronja
+    self.nixosModules.gnome
+    self.nixosModules.steam
+    self.nixosModules.wine-gaming
+    self.nixosModules.muede-desktop-settings
   ];
 
   config = {
-    my.users.ronja.enable = true;
-    my.steam.enable = true;
-    my.wineGaming.enable = true;
-    my.muedeDesktopSettings.enable = true;
-
     # Configure keymap in X11
     services.xserver.xkb = {
       layout = "de";
@@ -19,6 +24,8 @@
     # Configure console keymap
     console.keyMap = "de";
 
+    # List packages installed in system profile. To search, run:
+    # $ nix search wget
     environment.systemPackages = with pkgs; [
       #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
       #  wget

nixosModules/amd-graphics.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
-
-  config = lib.mkIf config.my.amdGraphics.enable {
   boot.kernelModules = [ "amdgpu" ];
   services.xserver.videoDrivers = [ "amdgpu" ];
 
@@ -20,5 +12,4 @@
   };
 
   environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
-  };
 }

nixosModules/autoupdate.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
-
-  config = lib.mkIf config.my.autoupdate.enable {
   nix = {
     optimise.automatic = true;
     gc = {
@@ -17,5 +13,4 @@
     dates = "daily";
     # do not forget to set `flake` when using this module!
   };
-  };
 }

nixosModules/default.nix

@@ -1,39 +0,0 @@
-{ ... }:
-{
-  imports = [
-    # keep-sorted start
-    ./allowed-unfree-list.nix
-    ./amd-graphics.nix
-    ./autoupdate.nix
-    ./distributed-builds.nix
-    ./en-de.nix
-    ./extra-caches.nix
-    ./firmware-updates.nix
-    ./git.nix
-    ./globalinstalls.nix
-    ./gnome.nix
-    ./intel-graphics.nix
-    ./kdeconnect.nix
-    ./latex.nix
-    ./lix-is-nix.nix
-    ./modern-desktop.nix
-    ./muede-desktop-settings.nix
-    ./nix-ld.nix
-    ./nixpkgs-overlays.nix
-    ./openssh.nix
-    ./podman.nix
-    ./printing.nix
-    ./prometheus-node.nix
-    ./pxvirt-guest.nix
-    ./quiet-boot.nix
-    ./secure-boot.nix
-    ./steam.nix
-    ./stylix.nix
-    ./systemd-boot.nix
-    ./tailscale.nix
-    ./user-muede.nix
-    ./user-ronja.nix
-    ./wine-gaming.nix
-    # keep-sorted end
-  ];
-}

nixosModules/distributed-builds.nix

@@ -32,57 +32,43 @@ let
   #   distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA...";  # from: ssh-keyscan -t ed25519 <hostname>
   # All machines automatically discover and use it after the next rebuild.
 
-  buildServerDevices = lib.filterAttrs (
+  buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices;
-    _: v: (v.distributedBuilds or { }).isBuilder or false
-  ) devices;
 
   knownHosts = lib.pipe buildServerDevices [
     (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
-    (lib.mapAttrs (
+    (lib.mapAttrs (hostName: v: {
-      _: v: {
       publicKey = v.distributedBuilds.hostPublicKey;
-      }
+    }))
-    ))
   ];
 
-  buildMachineList = lib.mapAttrsToList (
+  buildMachineList = lib.mapAttrsToList (hostName: v: {
-    hostName: v:
-    {
     inherit hostName;
     systems = [ v.system ];
     sshUser = buildUser;
     sshKey = sshKeyPath;
     protocol = "ssh-ng";
-    }
+  } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
-    // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
     speedFactor = v.distributedBuilds.speedFactor;
-    }
+  } // {
-    // {
     supportedFeatures = [
       "nixos-test"
       "big-parallel"
       "kvm"
       "benchmark"
     ];
-    }
+  }) buildServerDevices;
-  ) buildServerDevices;
 
   remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
 in
 {
-  options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
+  # Dedicated user for receiving distributed build connections
-
-  config = lib.mkIf config.my.distributedBuilds.enable {
   programs.ssh.knownHosts = knownHosts;
 
-    # Dedicated user for receiving distributed build connections
   users.users.${buildUser} = {
     isSystemUser = true;
     group = buildUser;
     useDefaultShell = true;
-      openssh.authorizedKeys.keys = map (
+    openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
-        k: ''command="nix daemon --stdio",restrict ${k}''
-      ) authorizedPublicKeys;
   };
   users.groups.${buildUser} = { };
 
@@ -104,5 +90,4 @@ in
     MemoryMax = "90%";
     OOMScoreAdjust = 500;
   };
-  };
 }

nixosModules/en-de.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
-
-  config = lib.mkIf config.my.enDe.enable {
   i18n = {
     defaultLocale = "en_US.UTF-8";
     extraLocales = [
@@ -36,5 +28,4 @@
     pkgs.hunspellDicts.de-de
     pkgs.hunspellDicts.en-us
   ];
-  };
 }

nixosModules/extra-caches.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
-
-  config = lib.mkIf config.my.extraCaches.enable {
   nix.settings = {
     substituters = [
       # keep-sorted start
@@ -23,5 +19,4 @@
       # keep-sorted end
     ];
   };
-  };
 }

nixosModules/firmware-updates.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
-
-  config = lib.mkIf config.my.firmwareUpdates.enable {
   hardware = {
     enableRedistributableFirmware = true;
     cpu = {
@@ -12,5 +8,4 @@
   };
 
   services.fwupd.enable = true;
-  };
 }

nixosModules/git.nix

@@ -1,24 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.git.enable = lib.mkEnableOption "git with credential helper";
-
-  config = lib.mkIf config.my.git.enable {
-    environment.systemPackages = [ pkgs.git-credential-oauth ];
-
-    programs.git = {
-      enable = true;
-      config = {
-        init.defaultBranch = "main";
-        credential = {
-          helper = "oauth";
-          credentialStore = "cache";
-        };
-      };
-    };
-  };
-}

nixosModules/global-settings-desktop.nix

@@ -0,0 +1,61 @@
+{
+  home-manager-users,
+  self,
+  home-manager,
+  servicepoint-cli,
+  servicepoint-simulator,
+  servicepoint-tanks,
+  stylix,
+  specialArgs,
+  nova-shell,
+  ...
+}:
+{
+  imports = [
+    # keep-sorted start
+    home-manager.nixosModules.home-manager
+    nova-shell.nixosModules.default
+    self.nixosModules.en-de
+    self.nixosModules.firmware-updates
+    self.nixosModules.gnome
+    self.nixosModules.kdeconnect
+    self.nixosModules.modern-desktop
+    self.nixosModules.niri
+    self.nixosModules.nix-ld
+    self.nixosModules.pkgs-vscode-extensions
+    self.nixosModules.quiet-boot
+    self.nixosModules.stylix
+    servicepoint-cli.nixosModules.default
+    servicepoint-simulator.nixosModules.default
+    servicepoint-tanks.nixosModules.default
+    stylix.nixosModules.stylix
+    # keep-sorted end
+  ];
+
+  config = {
+    home-manager = {
+      extraSpecialArgs = specialArgs;
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      users = home-manager-users;
+      sharedModules = [
+        { home.stateVersion = "22.11"; }
+        # keep-sorted start
+        self.homeModules.git
+        self.homeModules.gnome-extensions
+        self.homeModules.nano
+        self.homeModules.templates
+        self.homeModules.zsh-basics
+        # keep-sorted end
+      ];
+    };
+
+    time.timeZone = "Europe/Berlin";
+
+    # on desktops, keep the device useable interactively during expensive builds
+    nix = {
+      daemonCPUSchedPolicy = "idle";
+      daemonIOSchedClass = "idle";
+    };
+  };
+}

nixosModules/global-settings.nix

@@ -0,0 +1,44 @@
+{
+  device,
+  self,
+  lanzaboote,
+  zerforschen-plus,
+  ...
+}:
+{
+  imports = [
+    # keep-sorted start
+    lanzaboote.nixosModules.lanzaboote
+    self.nixosModules.allowed-unfree-list
+    self.nixosModules.autoupdate
+    self.nixosModules.default
+    self.nixosModules.distributed-builds
+    self.nixosModules.extra-caches
+    self.nixosModules.globalinstalls
+    self.nixosModules.lix-is-nix
+    self.nixosModules.openssh
+    self.nixosModules.prometheus-node
+    self.nixosModules.systemd-boot
+    self.nixosModules.tailscale
+    zerforschen-plus.nixosModules.default
+    # keep-sorted end
+  ];
+
+  config = {
+    networking.hostName = device;
+    system = {
+      stateVersion = "22.11";
+      autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
+    };
+
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+
+    documentation = {
+      info.enable = false; # info pages and the info command
+      doc.enable = false; # documentation distributed in packages' /share/doc
+    };
+  };
+}

nixosModules/globalinstalls.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
-
-  config = lib.mkIf config.my.globalinstalls.enable {
   environment.systemPackages = with pkgs; [
     ncdu
     glances
@@ -16,16 +8,23 @@
     screen
     tldr
     nix-output-monitor
+    git-credential-oauth
   ];
 
   programs = {
     zsh.enable = true;
     htop.enable = true;
     iotop.enable = true;
+    git.enable = true;
     nano = {
       enable = true;
       syntaxHighlight = true;
     };
   };
-  };
+
+  environment.etc."gitconfig".text = ''
+    [credential]
+      helper = oauth
+      credentialStore = cache
+  '';
 }

nixosModules/gnome.nix

@@ -1,17 +1,15 @@
 {
+  pkgs,
   lib,
   config,
-  pkgs,
   ...
 }:
 {
-  options = {
+  options.muede = {
-    my.gnome.enable = lib.mkEnableOption "GNOME desktop environment";
+    keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
-    muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
   };
 
-  config = lib.mkIf config.my.gnome.enable (
+  config = lib.mkMerge [
-    lib.mkMerge [
     {
       services = {
         xserver.excludePackages = [ pkgs.xterm ];
@@ -60,6 +58,5 @@
         baobab # disk usage
       ];
     })
-    ]
+  ];
-  );
 }

nixosModules/intel-graphics.nix

@@ -1,13 +1,6 @@
+{ pkgs, ... }:
 {
-  lib,
+  config = {
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
-
-  config = lib.mkIf config.my.intelGraphics.enable {
     hardware.graphics = {
       extraPackages = with pkgs; [
         intel-media-driver

nixosModules/kdeconnect.nix

@@ -5,10 +5,7 @@
   ...
 }:
 {
-  options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
+  config = lib.mkMerge [
-
-  config = lib.mkIf config.my.kdeconnect.enable (
-    lib.mkMerge [
     {
       networking.firewall =
         let
@@ -52,6 +49,5 @@
         )
       ];
     })
-    ]
+  ];
-  );
 }

nixosModules/latex.nix

@@ -1,13 +1,6 @@
+{ pkgs, ... }:
 {
-  lib,
+  config = {
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
-
-  config = lib.mkIf config.my.latex.enable {
     environment.systemPackages = with pkgs; [
       fontconfig
       texliveFull

nixosModules/lix-is-nix.nix

@@ -1,15 +1,7 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
-
-  config = lib.mkIf config.my.lixIsNix.enable {
   nixpkgs.overlays = [
-      (_: prev: {
+    (final: prev: {
       inherit (prev.lixPackageSets.stable)
         nixpkgs-review
         nix-eval-jobs
@@ -20,5 +12,4 @@
   ];
 
   nix.package = pkgs.lixPackageSets.latest.lix;
-  };
 }

nixosModules/modern-desktop.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
-
-  config = lib.mkIf config.my.modernDesktop.enable {
   services = {
     xserver.enable = true;
     libinput.enable = true;
@@ -48,5 +44,4 @@
     allowReboot = false;
     operation = "boot";
   };
-  };
 }

nixosModules/muede-desktop-settings.nix

@@ -1,19 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  niri,
-  ...
-}:
-{
-  imports = [ niri.nixosModules.niri ];
-
-  options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
-
-  config = lib.mkIf config.my.muedeDesktopSettings.enable {
-    my.overlays.niri.enable = true;
-    programs.niri.enable = true;
-
   programs.firefox.enable = true;
 
   environment.systemPackages = with pkgs; [
@@ -32,5 +18,4 @@
   # RDP connections
   services.gnome.gnome-remote-desktop.enable = true;
   networking.firewall.allowedTCPPorts = [ 3389 ];
-  };
 }

nixosModules/nix-ld.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
-
-  config = lib.mkIf config.my.nixLd.enable {
   programs.nix-ld = {
     enable = true;
     libraries = with pkgs; [
@@ -28,5 +20,4 @@
       icu
     ];
   };
-  };
 }

nixosModules/nixpkgs-overlays.nix

@@ -1,33 +0,0 @@
-{
-  lib,
-  config,
-  self,
-  ...
-}:
-{
-  options.my.overlays = {
-    enableAll = lib.mkEnableOption "all nixpkgs overlays";
-  }
-  // lib.mapAttrs (_: _: {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-    };
-  }) self.overlays;
-
-  config = lib.mkMerge (
-    [
-      {
-        my.overlays = lib.mapAttrs (_: _: {
-          enable = lib.mkDefault config.my.overlays.enableAll;
-        }) self.overlays;
-      }
-    ]
-    ++ lib.mapAttrsToList (
-      name: overlay:
-      lib.mkIf config.my.overlays.${name}.enable {
-        nixpkgs.overlays = [ overlay ];
-      }
-    ) self.overlays
-  );
-}

nixosModules/openssh.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
-
-  config = lib.mkIf config.my.openssh.enable {
   services.openssh = {
     enable = true;
     openFirewall = true;
@@ -12,5 +8,4 @@
       KbdInteractiveAuthentication = false;
     };
   };
-  };
 }

nixosModules/podman.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
-
-  config = lib.mkIf config.my.podman.enable {
   virtualisation = {
     containers.enable = true;
     podman = {
@@ -12,5 +8,4 @@
       autoPrune.enable = true;
     };
   };
-  };
 }

nixosModules/printing.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
-
-  config = lib.mkIf config.my.printing.enable {
   services = {
     # Enable CUPS to print documents.
     printing.enable = true;
@@ -13,5 +9,4 @@
       openFirewall = true; # opens the firewall for UDP port 5353
     };
   };
-  };
 }

nixosModules/prometheus-node.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
-
-  config = lib.mkIf config.my.prometheusNode.enable {
   services.prometheus.exporters = {
     node = {
       enable = true;
@@ -21,5 +17,4 @@
       ];
     };
   };
-  };
 }

nixosModules/pxvirt-guest.nix

@@ -1,12 +1,16 @@
+{ modulesPath, lib, ... }:
 {
-  lib,
+  imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
-  config,
+
-  ...
+  config = {
-}:
+    # TODO is this needed?
-{
+    # nix.settings.sandbox = false;
-  options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
+
+    proxmoxLXC = {
+      manageNetwork = false;
+      privileged = false;
+    };
 
-  config = lib.mkIf config.my.pxvirtGuest.enable {
     # Let Proxmox host handle fstrim
     services.fstrim.enable = false;
 

nixosModules/quiet-boot.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
-
-  config = lib.mkIf config.my.quietBoot.enable {
   boot = {
     kernelParams = [
       "quiet"
@@ -30,5 +22,4 @@
       ];
     };
   };
-  };
 }

nixosModules/secure-boot.nix

@@ -1,17 +1,9 @@
+{ pkgs, lib, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
-
-  config = lib.mkIf config.my.secureBoot.enable {
   # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
   # To enroll:
   # 1. sudo sbctl create-keys
-    # 2. enable this module, rebuild
+  # 2. import this module, rebuild
   # 3. Put Secure Boot in Setup mode
   # 4. sudo sbctl verify
   # 5. sudo sbctl enroll-keys --microsoft
@@ -33,5 +25,4 @@
     enable = true;
     pkiBundle = "/var/lib/sbctl";
   };
-  };
 }

nixosModules/steam.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
-
-  config = lib.mkIf config.my.steam.enable {
   hardware.steam-hardware.enable = true;
 
   programs = {
@@ -46,5 +42,4 @@
     "steam-run"
     "steam-unwrapped"
   ];
-  };
 }

nixosModules/stylix.nix

@@ -1,13 +1,5 @@
+{ pkgs, config, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
-
-  config = lib.mkIf config.my.stylix.enable {
   stylix = {
     enable = true;
     base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
@@ -91,5 +83,4 @@
       package = pkgs.adwaita-icon-theme;
     };
   };
-  };
 }

nixosModules/systemd-boot.nix

@@ -1,8 +1,4 @@
-{ lib, config, ... }:
 {
-  options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
-
-  config = lib.mkIf config.my.systemdBoot.enable {
   boot.loader = {
     timeout = 3;
     efi.canTouchEfiVariables = true;
@@ -12,5 +8,4 @@
       consoleMode = "max";
     };
   };
-  };
 }

nixosModules/tailscale.nix

@@ -1,13 +1,8 @@
-{ lib, config, ... }:
 {
-  options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
-
-  config = lib.mkIf config.my.tailscale.enable {
   services.tailscale = {
     enable = true;
     openFirewall = true;
   };
 
   networking.firewall.checkReversePath = "loose";
-  };
 }

nixosModules/user-muede.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.users.muede.enable = lib.mkEnableOption "muede user account";
-
-  config = lib.mkIf config.my.users.muede.enable {
   users.users.muede = {
     isNormalUser = true;
     uid = 1000;
@@ -42,5 +34,4 @@
 
     "claude-code"
   ];
-  };
 }

nixosModules/user-ronja.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
-
-  config = lib.mkIf config.my.users.ronja.enable {
   users.users.ronja = {
     isNormalUser = true;
     name = "ronja";
@@ -24,5 +16,4 @@
   };
 
   nix.settings.trusted-users = [ "ronja" ];
-  };
 }

nixosModules/wine-gaming.nix

@@ -1,13 +1,5 @@
+{ pkgs, ... }:
 {
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
-
-  config = lib.mkIf config.my.wineGaming.enable {
   hardware = {
     graphics = {
       enable32Bit = true;
@@ -27,5 +19,4 @@
     vulkan-tools
     mesa-demos
   ];
-  };
 }