Move variables to more convenient folder

hosts/extern/boot/default.nix

@@ -1,7 +1,36 @@
 { config, pkgs, ... }:
-{
+let
+  commonKernelParams = [
+    # VM/GPU passthrough
+    "amd_iommu=on"
+    "iommu=pt"
+    "nested=1"
+
+    # Virtualization nonsense
+    "transparent_hugepage=never"
+
+    # Isolate devices into IOMMU groups
+    "pcie_acs_override=downstream,multifunction"
+    "pci=routeirq"
+  ];
+in {
   boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
+    # Must be Zen for IOMMU isolation
+    kernelPackages = pkgs.unstable.linuxPackages_zen;
     kernel.sysctl."vm.max_map_count" = 2147483642;
+    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
+    blacklistedKernelModules = [ "pcspkr" ];
+
+    # Needed for GPU passthrough
+    initrd.kernelModules = [
+      "vfio"
+      "vfio_pci"
+      "vfio_iommu_type1"
+    ];
+  };
+
+  # Use second GPU on boot
+  specialisation.gputwo.configuration = {
+    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
   };
 }

hosts/extern/default.nix

@@ -2,13 +2,13 @@
 {
   imports = [
     ./boot
+    ./disko
+    ./filesystems
     ./hardware
-    ./nixmodules
     ./wireguard
     ../../modules/system
   ];
 
-  boot.loader.systemd-boot.enable = lib.mkForce false;
   services.btrfs.autoScrub.enable = lib.mkForce false;
 
   system.video.nvidia.enable = true;

hosts/extern/disko/default.nix

@@ -0,0 +1,96 @@
+{ disko, config, ... }:
+{
+  imports = [ disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk = {
+      "${config.networking.hostName}" = {
+        type = "disk";
+        device = "/dev/sdg";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "${config.networking.hostName}-disk";
+                settings.allowDiscards = true;
+                passwordFile = "/tmp/secret.key";
+                content = {
+                  type = "lvm_pv";
+                  vg = "${config.networking.hostName}";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+
+    nodev = {
+      "/" = {
+        fsType = "tmpfs";
+        mountOptions = [ "size=4G" ];
+      };
+    };
+
+    lvm_vg = {
+      "${config.networking.hostName}" = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+
+                # Impermanence
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+                "/persist/.snapshots" = { };
+
+                "/jimbo" = {
+                  mountpoint = "/persist/home/jimbo";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+                "/jimbo/.snapshots" = { };
+              };
+            };
+          };
+          swap = {
+            size = "8G";
+            content = {
+              type = "swap";
+              discardPolicy = "both";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # Needed for impermanence
+  fileSystems = {
+    "/persist".neededForBoot = true;
+    "/persist/home/jimbo".neededForBoot = true;
+  };
+}

hosts/extern/filesystems/default.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  fileSystems = {
+    # Remote
+    "/home/jimbo/JimboNFS" = {
+      device = "10.100.0.1:/export/JimboNFS";
+      fsType = "nfs4";
+      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
+    };
+  };
+}

hosts/extern/hardware/default.nix

@@ -1,32 +1,7 @@
 { config, lib, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
-
+  boot.kernelModules = [ "dm-snapshot" ];
-  boot = {
-    initrd = {
-      availableKernelModules = [
-        "nvme"
-        "xhci_pci"
-        "ahci"
-        "usbhid"
-        "uas"
-        "usb_storage"
-        "sd_mod"
-      ];
-      kernelModules = [
-        "dm-snapshot"
-      ];
-    };
-  };
-
-  fileSystems = {
-    # Remote
-    "/home/jimbo/JimboNFS" = {
-      device = "10.100.0.1:/export/JimboNFS";
-      fsType = "nfs4";
-      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
-    };
-  };
 
   networking.useDHCP = lib.mkDefault true;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

hosts/extern/nixmodules/default.nix

@@ -1,7 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [
-    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
-    "${modulesPath}/installer/cd-dvd/channel.nix"
-  ];
-}

modules/extras/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./overlays
+    ./variables
+  ];
+}

modules/extras/variables/secrets/default.nix

@@ -0,0 +1,56 @@
+{ lib, config, ... }:
+{
+  options.secrets = lib.mkOption {
+    type = lib.types.attrs;
+    default = {};
+  };
+
+  config.secrets = {
+    # User passwords, generated with 'mkpasswd -m sha-512'
+    jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
+
+    # Cloudflare API key
+    flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
+
+    # Wireguard keys, generated with the wg command
+    wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
+    wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
+
+    # Icecast, plaintext
+    castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
+    castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
+
+    # Photoprism, plaintext
+    prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
+
+    # Matrix secrets
+    matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
+    coturnSecret = "@OvhK7r4wu!71d9dcmQ$Z6PkqA#LP0niyJHLTiMVJFILo7@6ks3wwmjWJ*zDBV43";
+
+    # Pixelfed secret, must be 32 characters long
+    pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
+
+    # Transmission credentials, plaintext
+    transmissionCredFile = ''
+      {
+        "rpc-username": "jimbo",
+        "rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
+      }
+    '';
+
+    # Email cleartext passwords
+    noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
+
+    # Email account hashes, generated with 'mkpasswd -m bcrypt'
+    noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
+    jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
+    lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
+    cornMailHash = "$2b$05$qpG1aOA2tv3zLjzwh8/kyO3zZ8BZxvXcav0ioX7Y3Tps0tyhE/c7q";
+    tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
+
+    # IPs
+    jimIP = "99.247.177.43";
+    lunaIP = "71.87.124.226";
+    cornIP = "24.66.98.13";
+  };
+}

modules/home/default.nix

@@ -7,8 +7,7 @@
     ./settings
     ./wms
     ./users
-    ../../overlays
+    ../extras
-    ../../variables
 
     # Imports
     nur.nixosModules.nur

modules/home/programs/terminal/carapace/default.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.carapace.enable = true;
+}

modules/home/programs/terminal/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./carapace
     ./fastfetch
     ./git
     ./ncmpcpp

modules/home/programs/terminal/zsh/default.nix

@@ -2,6 +2,7 @@
 {
   programs.zsh = {
     enable = true;
+    enableCompletion = false;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     oh-my-zsh = {
@@ -34,9 +35,9 @@
       seneca = "ssh jhampton1@matrix.senecapolytechnic.ca";
     };
     initExtra = ''
+      ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
       source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
       source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh
-      ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
       setopt HIST_IGNORE_SPACE
       setopt RM_STAR_WAIT
     '';

modules/system/default.nix

@@ -7,8 +7,7 @@
     ./programs
     ./services
     ./settings
-    ../../overlays
+    ../extras
-    ../../variables
   ];
 
   time.timeZone = "America/Toronto";

modules/system/settings/documentation/default.nix

@@ -5,6 +5,4 @@
     info.enable = false;
     nixos.enable = false;
   };
-
-  programs.command-not-found.enable = true;
 }

modules/system/settings/minimal/default.nix

@@ -6,5 +6,6 @@
   };
 
   programs.less.lessopen = null;
+
   services.logrotate.enable = false;
 }