Major update to handle multiple systems

2025-02-12 14:12:11 -06:00
parent 0453901d17
commit cd1d2d866b
34 changed files with 2040 additions and 456 deletions
--- a/hosts/ori/README.org
+++ b/hosts/ori/README.org
@@ -0,0 +1,3 @@
+#+title: Just chillin'
+
+This is my profile for a personal computer. It is functionally identical to my [[../work]] profile, but includes extra things like games and social apps!
--- a/hosts/ori/configuration.nix
+++ b/hosts/ori/configuration.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+    systemSettings = {
+      # users
+      users = [ "emmet" ];
+      adminUsers = [ "emmet" ];
+
+      # hardware
+      cachy.enable = true;
+      cachy.variant = "server";
+
+      virtualization = {
+        docker.enable = true;
+      };
+
+      # dotfiles
+      dotfilesDir = "/etc/nixos";
+
+      # security
+      security = {
+        automount.enable = false;
+        blocklist.enable = true;
+        doas.enable = true;
+        firejail.enable = false; # TODO setup firejail profiles
+        firewall.enable = true;
+        gpg.enable = true;
+        sshd.enable = true;
+      };
+
+    };
+
+    user.users.emmet.openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"
+    ];
+
+    environment.systemPackages = with pkgs; [
+      rclone
+      rdiff-backup
+      rsnapshot
+      cryptsetup
+      gocryptfs
+      attic-client
+    ];
+
+    programs.fuse.userAllowOther = true;
+  };
+  
+}
--- a/hosts/ori/default.nix
+++ b/hosts/ori/default.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    home-manager.users = builtins.listToAttrs
+      (map (user: { name = user; value = 
+                      ({ imports = [ ./home.nix ../../modules/user ]; });}) config.systemSettings.users);
+    };
+}
--- a/hosts/ori/hardware-configuration.nix
+++ b/hosts/ori/hardware-configuration.nix
@@ -0,0 +1,69 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, inputs, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  services.fstrim.enable = true;
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c";
+      fsType = "btrfs";
+      options = [ "subvol=@" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/4F5E-11FB";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "weekly";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.br-df7898ffaebc.useDHCP = lib.mkDefault true;
+  # networking.interfaces.br-e6c4f9058f19.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth00e4385.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth0814d46.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth329e18d.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth54f044d.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth71ad87e.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth8a14ed4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth906e2ca.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth95a2121.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth96c8b25.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth97cb8cc.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth9f4b444.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethb88cfbb.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethc1707ca.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethec441e8.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethed69a4e.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethf0728b9.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+  };
+
+}
--- a/hosts/ori/home.nix
+++ b/hosts/ori/home.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+
+    userSettings = {
+      # setup
+      shell = {
+        enable = true;
+        apps.enable = true;
+      };
+      xdg.enable = true;
+
+      # programs
+      ranger.enable = true;
+      git.enable = true;
+    };
+
+  };
+}
--- a/hosts/polarias/README.org
+++ b/hosts/polarias/README.org
@@ -0,0 +1,3 @@
+#+title: Just chillin'
+
+This is my profile for a personal computer. It is functionally identical to my [[../work]] profile, but includes extra things like games and social apps!
--- a/hosts/polarias/configuration.nix
+++ b/hosts/polarias/configuration.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+    systemSettings = {
+      # users
+      users = [ "emmet" ];
+      adminUsers = [ "emmet" ];
+
+      # hardware
+      cachy.enable = true;
+      bluetooth.enable = true;
+      tlp.enable = true;
+      printing.enable = true;
+
+      # software
+      flatpak.enable = false;
+      virtualization = {
+        docker.enable = true;
+        virtualMachines.enable = true;
+      };
+
+      # wm
+      hyprland.enable = true;
+
+      # dotfiles
+      dotfilesDir = "/etc/nixos";
+
+      # security
+      security = {
+        automount.enable = true;
+        blocklist.enable = true;
+        doas.enable = true;
+        firejail.enable = false; # TODO setup firejail profiles
+        firewall.enable = true;
+        gpg.enable = true;
+        openvpn.enable = true;
+        sshd.enable = false;
+      };
+
+      # style
+      stylix = {
+        enable = true;
+        theme = "ayu-dark";
+      };
+    };
+  };
+  
+}
--- a/hosts/polarias/default.nix
+++ b/hosts/polarias/default.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    home-manager.users = builtins.listToAttrs
+      (map (user: { name = user; value = 
+                      ({ imports = [ ./home.nix ../../modules/user ]; });}) config.systemSettings.users);
+    };
+}
--- a/hosts/polarias/hardware-configuration.nix
+++ b/hosts/polarias/hardware-configuration.nix
@@ -0,0 +1,103 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  services.fstrim.enable = true;
+
+  services.xserver.videoDrivers = lib.mkDefault [ "modesetting" ];
+
+  hardware.graphics = {
+    enable = lib.mkDefault true;
+    enable32Bit = lib.mkDefault true;
+  };
+
+  # my stupid usb hub crashes systemct suspend half of the time now
+  # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Sleep_hooks
+  systemd.services.root-suspend = {
+    enable = true;
+    description = "Root systemd suspend prehook";
+    unitConfig = {
+      Description = "Root systemd suspend prehook";
+      Before = "sleep.target";
+    };
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.uhubctl}/bin/uhubctl -a off";
+    };
+    wantedBy = [ "sleep.target" ];
+  };
+  systemd.services.root-resume = {
+    enable = true;
+    description = "Root systemd suspend posthook";
+    unitConfig = {
+      Description = "Root systemd suspend posthook";
+      After = "suspend.target";
+    };
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.uhubctl}/bin/uhubctl -a on";
+    };
+    wantedBy = [ "suspend.target" ];
+  };
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/3618968f-1717-4c8e-b0d8-2556d18d2c4b";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-06fa6e93-9bde-4703-830e-7ee1a7292a19".device = "/dev/disk/by-uuid/06fa6e93-9bde-4703-830e-7ee1a7292a19";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E1BC-04BB";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d52b7852-f35f-4325-9adc-24aa5d3da2a3";
+      }
+    ];
+
+  services.pipewire.enable = lib.mkForce false;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.daemon.config = {
+    default-sample-format = "float32ne";
+    default-sample-rate = 48000;
+    alternate-sample-rate = 44100;
+    default-sample-channels = 2;
+    default-channel-map = "front-left,front-right";
+    default-fragments = 2;
+    default-fragment-size-msec = 125;
+    resample-method = "speex-float-5";
+    enable-lfe-remixing = "no";
+    high-priority = "yes";
+    nice-level = -11;
+    realtime-scheduling = "yes";
+    realtime-priority = 9;
+    rlimit-rtprio = 9;
+    rlimit-rttime = -1;
+    daemonize = "no";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/polarias/home.nix
+++ b/hosts/polarias/home.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+
+    userSettings = {
+      # setup
+      shell = {
+        enable = true;
+        apps.enable = true;
+        extraApps.enable = true;
+      };
+      xdg.enable = true;
+
+      # programs
+      browser = "qutebrowser";
+      brave.enable = true;
+      editor = "emacs";
+      ranger.enable = true;
+      git.enable = true;
+      engineering.enable = true;
+      art.enable = true;
+      flatpak.enable = false;
+      godot.enable = true;
+      keepass.enable = true;
+      media.enable = true;
+      music.enable = true;
+      office.enable = true;
+
+      # wm
+      hyprland.enable = true;
+
+      # style
+      stylix.enable = true;
+
+      # hardware
+      bluetooth.enable = true;
+    };
+
+  };
+}
--- a/hosts/snowfire/configuration.nix
+++ b/hosts/snowfire/configuration.nix
@@ -45,6 +45,13 @@
        theme = "io";
      };
    };
+
+    users.users.emmet.description = "Emmet";
+    home-manager.users.emmet.userSettings = {
+      name = "Emmet";
+      email = "emmet@librephoenix.com";
+    };
+
  };
  
 }
--- a/hosts/snowfire/home.nix
+++ b/hosts/snowfire/home.nix
@@ -40,5 +40,16 @@
      # hardware
      bluetooth.enable = true;
    };
+
+    wayland.windowManager.hyprland = lib.mkIf config.userSettings.hyprland.enable {
+      settings = {
+        monitor = [
+          "eDP-1,1920x1080@300,900x1080,1"
+          "HDMI-A-1,1920x1080,1920x0,1"
+          "DP-1,1920x1080,0x0,1"
+        ];
+
+      };
+    };
  };
 }
--- a/hosts/stardust/README.org
+++ b/hosts/stardust/README.org
@@ -0,0 +1,3 @@
+#+title: Just chillin'
+
+This is my profile for a personal computer. It is functionally identical to my [[../work]] profile, but includes extra things like games and social apps!
--- a/hosts/stardust/configuration.nix
+++ b/hosts/stardust/configuration.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+    systemSettings = {
+      # users
+      users = [ "corrina" ];
+      adminUsers = [ "corrina" ];
+
+      # hardware
+      cachy.enable = true;
+      bluetooth.enable = true;
+      tlp.enable = true;
+      printing.enable = true;
+
+      # software
+      flatpak.enable = false;
+      gaming.enable = true;
+      virtualization = {
+        docker.enable = true;
+      };
+
+      # wm
+      plasma.enable = true;
+
+      # security
+      security = {
+        automount.enable = true;
+        blocklist.enable = true;
+        doas.enable = true;
+        firejail.enable = false; # TODO setup firejail profiles
+        firewall.enable = true;
+        gpg.enable = true;
+        openvpn.enable = true;
+        sshd.enable = false;
+      };
+
+      # style
+      stylix = {
+        enable = true;
+        theme = "eris";
+      };
+    };
+
+    users.users.corrina.description = "Corrina";
+    home-manager.users.corrina.userSettings = {
+      name = "Corrina";
+    };
+
+  };
+  
+}
--- a/hosts/stardust/default.nix
+++ b/hosts/stardust/default.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    home-manager.users = builtins.listToAttrs
+      (map (user: { name = user; value = 
+                      ({ imports = [ ./home.nix ../../modules/user ]; });}) config.systemSettings.users);
+    };
+}
--- a/hosts/stardust/hardware-configuration.nix
+++ b/hosts/stardust/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/3d07095a-0dc5-4a51-99be-592352b5755c";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-cc9ec6bd-3b81-47ad-b289-4c56da1fc791".device = "/dev/disk/by-uuid/cc9ec6bd-3b81-47ad-b289-4c56da1fc791";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5179-698C";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/stardust/home.nix
+++ b/hosts/stardust/home.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+
+    userSettings = {
+      # setup
+      shell = {
+        enable = true;
+        apps.enable = true;
+        extraApps.enable = true;
+      };
+      xdg.enable = true;
+
+      # programs
+      browser = "brave";
+      editor = "kate";
+      ranger.enable = true;
+      git.enable = true;
+      art.enable = true;
+      flatpak.enable = false;
+      godot.enable = true;
+      keepass.enable = true;
+      media.enable = true;
+      office.enable = true;
+
+      # wm
+      plasma.enable = true;
+
+      # style
+      stylix.enable = true;
+
+      # hardware
+      bluetooth.enable = true;
+    };
+
+  };
+}
--- a/hosts/zenith/README.org
+++ b/hosts/zenith/README.org
@@ -0,0 +1,3 @@
+#+title: Just chillin'
+
+This is my profile for a personal computer. It is functionally identical to my [[../work]] profile, but includes extra things like games and social apps!
--- a/hosts/zenith/configuration.nix
+++ b/hosts/zenith/configuration.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+    systemSettings = {
+      # users
+      users = [ "emmet" ];
+      adminUsers = [ "emmet" ];
+
+      # hardware
+      cachy.enable = true;
+      bluetooth.enable = true;
+      tlp.enable = true;
+      printing.enable = true;
+
+      # software
+      flatpak.enable = false;
+      virtualization = {
+        docker.enable = true;
+        virtualMachines.enable = true;
+      };
+
+      # wm
+      hyprland.enable = true;
+
+      # dotfiles
+      dotfilesDir = "/etc/nixos";
+
+      # security
+      security = {
+        automount.enable = true;
+        blocklist.enable = true;
+        doas.enable = true;
+        firejail.enable = false; # TODO setup firejail profiles
+        firewall.enable = true;
+        gpg.enable = true;
+        openvpn.enable = true;
+        sshd.enable = false;
+      };
+
+      # style
+      stylix = {
+        enable = true;
+        theme = "alph";
+      };
+    };
+  };
+  
+}
--- a/hosts/zenith/default.nix
+++ b/hosts/zenith/default.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    home-manager.users = builtins.listToAttrs
+      (map (user: { name = user; value = 
+                      ({ imports = [ ./home.nix ../../modules/user ]; });}) config.systemSettings.users);
+    };
+}
--- a/hosts/zenith/hardware-configuration.nix
+++ b/hosts/zenith/hardware-configuration.nix
@@ -0,0 +1,86 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, inputs, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  services.fstrim.enable = true;
+
+  services.xserver.videoDrivers = lib.mkDefault [ "modesetting" ];
+
+  hardware.graphics = {
+    enable = lib.mkDefault true;
+    enable32Bit = lib.mkDefault true;
+  };
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "ahci" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
+
+  # my stupid usb hub crashes systemct suspend half of the time now
+  # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Sleep_hooks
+  systemd.services.root-suspend = {
+    enable = true;
+    description = "Root systemd suspend prehook";
+    unitConfig = {
+      Description = "Root systemd suspend prehook";
+      Before = "sleep.target";
+    };
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.uhubctl}/bin/uhubctl -a off";
+    };
+    wantedBy = [ "sleep.target" ];
+  };
+  systemd.services.root-resume = {
+    enable = true;
+    description = "Root systemd suspend posthook";
+    unitConfig = {
+      Description = "Root systemd suspend posthook";
+      After = "suspend.target";
+    };
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.uhubctl}/bin/uhubctl -a on";
+    };
+    wantedBy = [ "suspend.target" ];
+  };
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "weekly";
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ca98a0cc-4a50-4e28-84e5-0dddcbfea155";
+      fsType = "btrfs";
+      options = [ "noatime,compress-force=zstd:2,discard=async,commit=120,clear_cache,space_cache=v2,subvol=@" ];
+    };
+
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  boot.initrd.luks.devices."luks-9c74f9e5-41c3-4ba6-8a87-059dbcd4e2b3".device = "/dev/disk/by-uuid/9c74f9e5-41c3-4ba6-8a87-059dbcd4e2b3";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/4898-D64F";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+  
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/zenith/home.nix
+++ b/hosts/zenith/home.nix
@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+
+    userSettings = {
+      # setup
+      shell = {
+        enable = true;
+        apps.enable = true;
+      };
+      xdg.enable = true;
+
+      # programs
+      browser = "qutebrowser";
+      brave.enable = true;
+      editor = "emacs";
+      ranger.enable = true;
+      git.enable = true;
+      engineering.enable = true;
+      art.enable = true;
+      flatpak.enable = false;
+      godot.enable = true;
+      keepass.enable = true;
+      media.enable = true;
+      music.enable = true;
+      office.enable = true;
+      recording.enable = true;
+      virtualization = {
+        virtualMachines.enable = true;
+      };
+
+      # wm
+      hyprland.enable = true;
+
+      # style
+      stylix.enable = true;
+
+      # hardware
+      bluetooth.enable = true;
+    };
+
+    wayland.windowManager.hyprland = lib.mkIf config.userSettings.hyprland.enable {
+      settings = {
+        bind = [
+          ''SUPER,E,exec,if hyprctl clients | grep qutegmail; then echo "scratch_mail respawn not needed"; else qutebrowser --qt-flag enable-gpu-rasterization --qt-flag enable-native-gpu-memory-buffers --qt-flag num-raster-threads=4 -B ~/.browser/Teaching :'set input.mode_override passthrough -u mail.google.com' :'set window.title_format qutegmail' :'set tabs.show never' :'set statusbar.show never' https://mail.google.com; fi''
+          "SUPER,E,togglespecialworkspace,scratch_email"
+        ];
+
+        windowrulev2 = [
+          "float,title:^(qutegmail)$"
+          "size 80% 85%,title:^(qutegmail)$"
+          "workspace special:scratch_email ,title:^(qutegmail)$"
+          "center,title:^(qutegmail)$"
+        ];
+
+        monitor = [
+          "eDP-1,1920x1080,1920x0,1"
+          "HDMI-A-1,1920x1080,0x0,1"
+        ];
+
+      };
+    };
+  };
+}