Storage updates, tablet updates, presets & more

data/normal_drive_data.nix

@@ -20,5 +20,4 @@
   decrypted_root_path = "/dev/mapper/${root_mapper_name}";
 
   boot_path = "/dev/disk/by-label/${boot_label}";
-
 }

extras/mk-normal-enc-ssd.nix

@@ -1,8 +1,8 @@
 { stdenv, bash, parted, cryptsetup, e2fsprogs, dosfstools }:
-let ssd_data = import ../hosts/lappy/hardware/ssd_data.nix { };
+let ssd_data = import ../hosts/normal-enc/hardware/ssd_data.nix { };
 in stdenv.mkDerivation {
-  name = "mk-lappy-ssd";
-  src = ./mk-lappy-ssd.sh;
+  name = "mk-normal-enc-ssd";
+  src = ./mk-normal-enc-ssd.sh;
   unpackPhase = ''
     for srcFile in $src; do
       cp $srcFile $(stripHash $srcFile)
@@ -16,8 +16,8 @@ in stdenv.mkDerivation {
   inherit dosfstools;
 
   patchPhase = ''
-    substituteAllInPlace mk-lappy-ssd.sh
-    substituteInPlace mk-lappy-ssd.sh \
+    substituteAllInPlace mk-normal-enc-ssd.sh
+    substituteInPlace mk-normal-enc-ssd.sh \
       --replace "@SSD_ENCRYPTED_PARTLABEL@" "${ssd_data.encrypted_root_partlabel}" \
       --replace "@SSD_UNENCRYPTED_LABEL@" "${ssd_data.unencrypted_root_label}" \
       --replace "@SSD_BOOT_LABEL@" "${ssd_data.boot_label}"
@@ -25,7 +25,7 @@ in stdenv.mkDerivation {
 
   installPhase = ''
     mkdir -p $out/bin
-    cp mk-lappy-ssd.sh $out/bin/mk-lappy-ssd
-    chmod +x $out/bin/mk-lappy-ssd
+    cp mk-normal-enc-ssd.sh $out/bin/mk-normal-enc-ssd
+    chmod +x $out/bin/mk-normal-enc-ssd
   '';
 }

extras/mk-normal-enc-ssd.sh

@@ -34,8 +34,6 @@ SSD_UNENCRYPTED_LABEL=@SSD_UNENCRYPTED_LABEL@
 # ssd boot label
 SSD_BOOT_LABEL=@SSD_BOOT_LABEL@
 
-echo "Creating Lappy's SSD."
-
 echo "Creating Partitions..."
 @parted@/bin/parted ${SSD_PATH} -- mklabel gpt
 @parted@/bin/parted ${SSD_PATH} -- mkpart ESP fat32 1MiB 512MiB
@@ -51,10 +49,9 @@ echo "Creating Encrypted Partition"
 @cryptsetup@/bin/cryptsetup luksFormat "${SSD_PATH}${PARTITION_SEPARATOR}2" --key-file "${KEY_FILE}"
 
 echo "Opening Encrypted Partition"
-@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_enc_ssd" --key-file "${KEY_FILE}"
+@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_normal_enc_ssd" --key-file "${KEY_FILE}"
 
 echo "Formatting Encrypted Root Filesystem"
-@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_ssd
+@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_normal_enc_ssd
 
-echo "Closing Encrypted Partition"
-@cryptsetup@/bin/cryptsetup close "mk_enc_ssd"
+echo "mount /dev/mapper/mk_normal_enc_ssd to install"

home/apps/kitty.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, nixosConfig, ... }:
 
 {
   wayland.windowManager.sway.extraSessionCommands = ''
@@ -8,7 +8,7 @@
     enable = true;
     font.name = "Comic Code";
     settings = {
-      font_size = 20;
+      font_size = if nixosConfig.networking.hostName == "tablet" then 12 else 20;
       bold_font = "auto";
       italic_font = "auto";
       bold_italic_font = "auto";
@@ -17,6 +17,7 @@
       enable_audio_bell = false;
       tab_bar_style = "separator";
       tab_separator = " | ";
+      confirm_os_window_close = 0;
     };
   };
 }

home/base/zsh.nix

@@ -1,5 +1,5 @@
 { config, pkgs, ... }:
-let usb_data = import ../../hosts/lappy/hardware/usb_data.nix { };
+let usb_data = import ../../data/usb_data.nix { };
 in {
   home.packages = with pkgs; [ exa bat ripgrep vault age ];
   programs.zsh = {

home/gui/base/gtk.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ nixosConfig, pkgs, ... }: {
   gtk = {
     enable = true;
     iconTheme = {
@@ -11,7 +11,7 @@
     };
     font = {
       name = "Comic Code";
-      size = 16;
+      size = if nixosConfig.networking.hostName == "tablet" then 10 else 16;
       package = pkgs.comic-code;
     };
   };

home/gui/environments/gnome/default.nix

@@ -1,5 +1,23 @@
-{ tree, pkgs, lib, inputs, ... }:
-let hm = inputs.home-manager.lib.hm;
+{ tree, nixosConfig, pkgs, lib, inputs, ... }:
+let
+  hm = inputs.home-manager.lib.hm;
+
+  font-sizes-all = {
+    default = {
+      small = "14";
+      medium = "16";
+    };
+    tablet = {
+      small = "8";
+      medium = "10";
+    };
+  };
+
+  font-sizes = if nixosConfig.networking.hostName == "tablet" then
+    font-sizes-all.tablet
+  else
+    font-sizes-all.default;
+
 in {
   imports = with tree; [ home.apps.kitty home.apps.rofi ];
 
@@ -27,8 +45,8 @@ in {
       # TODO: Maybe do this with fontconfig too?
       font-antialiasing = "rgba";
       font-hinting = "full";
-      font-name = "Comic Code 16";
-      monospace-font-name = "Comic Code 14";
+      font-name = "Comic Code ${font-sizes.medium}";
+      monospace-font-name = "Comic Code ${font-sizes.small}";
     };
     "org/gnome/desktop/input-sources" = {
       # TODO: see if this changes when using gnome wayland?
@@ -49,6 +67,7 @@ in {
       natural-scroll = false;
       # YES!
       two-finger-scrolling-enabled = true;
+      tap-to-click = nixosConfig.networking.hostName == "tablet";
     };
     "org/gnome/desktop/privacy" = {
       hide-identity = true;
@@ -90,7 +109,7 @@ in {
     };
     "org/gnome/desktop/wm/preferences" = {
       num-workspaces = 9;
-      titlebar-font = "Comic Code Medium 14";
+      titlebar-font = "Comic Code Medium ${font-sizes.small}";
       titlebar-uses-system-font = true;
     };
     "org/gnome/settings-daemon/plugins/media-keys" = {

home/home-folders.nix

@@ -0,0 +1,16 @@
+{ config, lib, ... }: {
+  systemd.user.tmpfiles.rules = (map (dir:
+    "d ${config.home.homeDirectory}/${dir} - ${config.home.username} users") [
+      "Projects"
+      "Temp"
+      "Music"
+      "Mounts"
+      "Mounts/Storage"
+      "Mounts/Storage-Public"
+      "Mounts/Backups"
+      "Mounts/Backups-Crypt"
+      "Mounts/Photos-Crypt"
+      "Mounts/Temp1"
+      "Mounts/Temp2"
+    ]);
+}

home/network_manager/nm.nix

@@ -1,4 +0,0 @@
-{ config, ... }: {
-  xsession.preferStatusNotifierItems = true;
-  services.network-manager-applet.enable = true;
-}

home/programming/editors/vscode.nix

@@ -1,10 +1,13 @@
-{ config, pkgs, ... }:
+{ config, nixosConfig, pkgs, ... }:
 let
   configDir = "Code";
   userDir = if pkgs.stdenv.hostPlatform.isDarwin then
     "$HOME/Library/Application Support/${configDir}/User"
   else
     "${config.xdg.configHome}/${configDir}/User";
+
+  font-size = if nixosConfig.networking.hostName == "tablet" then 16 else 24;
+
 in {
   programs.vscode = {
     enable = true;

home/programming/languages/zig/zig.nix

@@ -1,6 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  home.packages = with pkgs; [ zig zls ];
-  programs.vscode.extensions = with pkgs; [ vscode-extensions.tiehuis.zig ];
-}

home/ssh-usb.nix

@@ -0,0 +1,11 @@
+{ ... }:
+let usb_data = (import ../data/usb_data.nix { });
+in {
+  programs.ssh.matchBlocks."*".identityFile = "${usb_data.ssh_priv_path}";
+  programs.git.extraConfig = {
+    gpg.format = "ssh";
+    commit.gpgsign = "true";
+    tag.gpgsign = "true";
+    user = { signingKey = "${usb_data.ssh_priv_path}"; };
+  };
+}

hosts/hetzner-vm/hardware.nix

@@ -1,7 +1,5 @@
 { modulesPath, ... }: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";

hosts/hetzner-vm/services/mailserver/config.nix

@@ -1,5 +1,5 @@
-{ }: let 
-  secrets-db = (import ../../secrets-db.nix { });
+{ }:
+let secrets-db = (import ../../secrets-db.nix { });
 in rec {
   fqdn = "mail.owo.monster";
   domains = [

hosts/hetzner-vm/services/mailserver/rspamd.nix

@@ -5,7 +5,6 @@ let
 
   ports = (import ../../ports.nix { });
 
-
   postfixCfg = config.services.postfix;
   rspamdCfg = config.services.rspamd;
   rspamdSocket = "rspamd.service";

hosts/nixos-live/nixos-live.nix

@@ -10,6 +10,10 @@
     tree.profiles.base
     tree.profiles.sshd
   ];
-  config.isoImage = { isoBaseName = "nixos-chaos"; compressImage = false; squashfsCompression = "zstd -Xcompression-level 1"; };
+  config.isoImage = {
+    isoBaseName = "nixos-chaos";
+    compressImage = false;
+    squashfsCompression = "zstd -Xcompression-level 1";
+  };
   config.services.openssh.permitRootLogin = lib.mkForce "yes";
 }

hosts/nixos.nix

@@ -37,8 +37,6 @@ in {
     system = "x86_64-linux";
     modules = defaultModules ++ [ ./tablet/tablet.nix ./tablet/hardware.nix ];
   };
- 
-
 
   rescue-x86_64 = nixosUnstableSystem {
     specialArgs = defaultSpecialArgs;

hosts/storage/hardware.nix

@@ -1,7 +1,5 @@
 { modulesPath, ... }: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";

hosts/storage/populate-rclone-config.sh

@@ -42,7 +42,7 @@ simple_get_replace_b2 "/api-keys/backblaze/Chaos-Photos" "B2_CHAOS_PHOTOS" ./tem
 
 simple_get_replace_b2 "/api-keys/backblaze/Chaos-Music" "B2_CHAOS_MUSIC" ./template
 
-simple_get_replace_b2 "/api-keys/backblaze/Cryptidz-Backup" "B2_CASSIE_CRYPTIDZ_BACKUP" ./template
+simple_get_replace_b2 "/api-keys/backblaze/Phoenix-Cryptidz-Storage" "B2_PHOENIX_CRYPTIDZ_STORAGE" ./template
 popd
 
 cat "${TMP_DIR}/template" > "${OUTPUT_FILE}"

hosts/storage/ports.nix

@@ -7,5 +7,6 @@
   rclone_serve_restic_vault = 4246;
 
   rclone_serve_http_music = 4247;
+  rclone_serve_http_public = 4248;
 
 }

hosts/storage/rclone_config.template

@@ -51,12 +51,12 @@ hard_delete = true
 type = alias
 remote = B2-Chaos-Music-Source:Chaos-Music
 
-[B2-Cassie-Cryptidz-Backup-Source]
+[B2-Phoenix-Cryptidz-Storage-Source]
 type = b2
-account = B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT
-key = B2_CASSIE_CRYPTIDZ_BACKUP_KEY
+account = B2_PHOENIX_CRYPTIDZ_STORAGE_ACCOUNT
+key = B2_PHOENIX_CRYPTIDZ_STORAGE_KEY
 hard_delete = true
 
-[B2-Cassie-Cryptidz-Backup]
+[B2-Phoenix-Cryptidz-Storage]
 type = alias
-remote = B2-Cassie-Cryptidz-Backup-Source:Cryptidz-Backup
+remote = B2-Phoenix-Cryptidz-Storage-Source:

hosts/storage/storage.nix

@@ -104,7 +104,18 @@ in {
         type = "http";
         extraArgs = [
           "--addr=:${toString ports.rclone_serve_http_music}"
-          "--baseurl=/music/"
+          "--baseurl=/Music/"
+          "--read-only"
+        ];
+        inherit serviceConfig;
+      }
+      {
+        user = "storage";
+        remote = "StorageBox:Public";
+        type = "http";
+        extraArgs = [
+          "--addr=:${toString ports.rclone_serve_http_public}"
+          "--baseurl=/Public/"
           "--read-only"
         ];
         inherit serviceConfig;
@@ -162,8 +173,10 @@ in {
     forceSSL = true;
     enableACME = true;
     locations = {
-      "/music/".proxyPass =
+      "/Music/".proxyPass =
         "http://localhost:${toString ports.rclone_serve_http_music}";
+      "/Public/".proxyPass =
+        "http://localhost:${toString ports.rclone_serve_http_public}";
     };
   };
 
@@ -205,18 +218,18 @@ in {
         source = "StorageBox:Music";
         dest = "B2-Chaos-Music:";
       }
-      # Cassie's B2
+      # Pheonix System's B2
       {
         source = "StorageBox:Backups";
-        dest = "B2-Cassie-Cryptidz-Backup:Backups";
+        dest = "B2-Phoenix-Cryptidz-Storage:Backups";
       }
       {
         source = "StorageBox:Photos";
-        dest = "B2-Cassie-Cryptidz-Backup:Photos";
+        dest = "B2-Phoenix-Cryptidz-Storage:Photos";
       }
       {
         source = "StorageBox:Music";
-        dest = "B2-Cassie-Cryptidz-Backup:Music";
+        dest = "B2-Phoenix-Cryptidz-Storage:Music";
       }
     ];
   };

hosts/tablet/hardware.nix

@@ -1,67 +1,22 @@
-{ pkgs, ... }:
+{ tree, ... }:
 let
-  usb_data = import ./hardware/usb_data.nix { };
-  ssd_data = import ./hardware/ssd_data.nix { };
+  usb_data = import ../../data/usb_data.nix { };
+  drive_data = import ../../data/normal_drive_data.nix { };
 in {
   boot = {
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-    initrd.availableKernelModules = [
+    initrd.availableKernelModules = [ # defaults from nixos-generate-config
       "xhci_pci"
-      "ahci"
       "nvme"
+      "usbhid"
       "usb_storage"
       "sd_mod"
       "rtsx_pci_sdmmc"
-      "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"
-      "uas"
-      "usbcore"
-      "usb_storage"
-      "vfat"
-      "nls_cp437"
-      "nls_iso8859_1"
-      "aesni_intel"
-      "cryptd"
     ];
     kernelModules = [ "kvm-intel" ];
-
-    initrd.postDeviceCommands = pkgs.lib.mkBefore ''
-      mkdir -m 0755 -p ${usb_data.mountpoint}
-
-      while !(test -b ${usb_data.encrypted_path})
-      do
-        echo "Please Plug In USB"
-        sleep 1
-      done
-
-      echo "Please Decrypt USB"
-
-      cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}
-
-      mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}
-    '';
-
-    initrd.luks.devices = {
-      "${ssd_data.root_mapper_name}" = {
-        device = "${ssd_data.encrypted_root_path}";
-        keyFile = "${usb_data.lappy_encryption_key_path}";
-        preLVM = false;
-        allowDiscards = true;
-      };
-    };
   };
-
-  fileSystems = {
-    "/" = {
-      device = "${ssd_data.decrypted_root_path}";
-      fsType = "${ssd_data.unencrypted_root_fs_type}";
-    };
-    "/boot" = {
-      device = "${ssd_data.boot_path}";
-      fsType = "${ssd_data.boot_fs_type}";
-    };
-  };
-
+  imports = with tree; [ presets.nixos.normal-encrypted-drive ];
 }

hosts/tablet/profiles/macos-vm.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }: {
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  environment.systemPackages = with pkgs; [
-    virt-manager
-    p7zip
-    #umlutilities
-    qemu
-    gnumake
-    libguestfs
-    python3
-  ];
-  users.users.chaos.extraGroups = [ "libvirtd" "kvm" ];
-
-}

hosts/tablet/profiles/mpd.nix

@@ -1,32 +0,0 @@
-{ pkgs, tree, ... }: {
-  imports = with tree; [
-    ./mpd-music-sync.nix
-    profiles.sound.pulseaudio.pulse-recv-native-localhost
-  ];
-
-  environment.systemPackages = with pkgs; [ mpc_cli ];
-
-  systemd.tmpfiles.rules = [
-    "d /var/lib/mpd 0755 mpd mpd -"
-    "d /var/lib/mpd/data 0755 mpd mpd -"
-    "d /var/lib/mpd/playlists 0755 mpd mpd -"
-  ];
-
-  services.mpd = {
-    enable = true;
-    dataDir = "/var/lib/mpd/data";
-    playlistDirectory = "/var/lib/mpd/playlists";
-    musicDirectory = "/music";
-    extraConfig = ''
-      host_permissions "127.0.0.1 read,add,control,admin"
-      audio_output {
-        type "pulse"
-        name "Pulseaudio"
-        server "127.0.0.1"
-      }
-    '';
-  };
-
-  systemd.services.mpd.serviceConfig.StateDirectory =
-    [ "/music" "/var/lib/mpd" ];
-}

hosts/tablet/tablet.nix

@@ -1,89 +1,26 @@
-{ tree, config, pkgs, lib, ... }:
-let usb_data = import ./hardware/usb_data.nix { };
-in {
+{ tree, config, pkgs, lib, ... }: {
   imports = with tree; [
     users.root
     users.chaos
-    profiles.tailscale
-    #profiles.dnscrypt
-    #profiles.printing
     profiles.sshd
-
-    hosts.lappy.profiles.usb-automount
-    hosts.lappy.profiles.harry-vpn
-
-    # required for dualsense controller
     profiles.kernels.latest
 
-    profiles.laptop
+    presets.nixos.desktop
+    presets.nixos.laptop
+    presets.nixos.encrypted-usb
 
-    # Bluetooth
-    #profiles.connectivity.bluetooth
-
-    profiles.connectivity.network_manager
-    profiles.connectivity.ios
-
-    profiles.sound.pipewire
-
-    profiles.gui.base
-    profiles.gui.environments.gnome
-
-    profiles.gaming.steam
-
-    # for sci-hub and whenever websites break
-    profiles.tor
-
-    # For cross compiling and deploying to raspberry
-    profiles.cross.arm64
-
-    profiles.force_dns
-    #extras.shenanigans-hotspot
+    ./profiles/harry-vpn.nix
   ];
 
-  services.mullvad-vpn.enable = true;
-
   home-manager.users.root = {
     imports = with tree; [ home.base ];
     home.stateVersion = "22.05";
   };
   home-manager.users.chaos = {
-    programs.ssh.matchBlocks."*".identityFile = "${usb_data.ssh_priv_path}";
-    programs.git.extraConfig = {
-      gpg.format = "ssh";
-      commit.gpgsign = "true";
-      tag.gpgsign = "true";
-      user = { signingKey = "${usb_data.ssh_priv_path}"; };
-    };
     imports = with tree; [
       home.base
       home.dev.all
-      #home.reversing
-
-      home.gui.base
-      home.gui.environments.gnome
-
-      #home.gaming.emulators.ds
-      #home.gaming.games.minecraft
-      #home.gaming.games.osu
-      #home.gaming.platforms.steam
-
-      #home.bluetooth
-      #home.network_manager
-
-      home.apps.vivaldi
-      home.apps.telegram
-      home.apps.quassel
-      home.apps.mpv
-      home.apps.strawberry
-      home.apps.file-roller
-      home.apps.nautilus
-      home.apps.nicotine-plus
-      home.apps.musicutil
-      home.apps.pavucontrol
-      home.apps.mullvad
-      home.apps.aria2
-      home.apps.rclone
-      home.apps.restic
+      home.home-folders
 
       home.programming.editors.vscode
       home.programming.languages.go
@@ -92,45 +29,10 @@ in {
     home.stateVersion = "22.05";
   };
 
-  hardware.opengl.extraPackages = with pkgs; [
-    vaapiIntel
-    vaapiVdpau
-    libvdpau-va-gl
-    intel-media-driver
-  ];
-
-  #services.getty.extraArgs = [ "--skip-login" "--login-options" "chaos" ];
-
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;
 
-  # Allow Soulseek
-  networking.firewall.allowedTCPPorts = [ 8080 2235 ];
-  networking.firewall.allowedTCPPortRanges = [
-    # Allow aria2 to work
-    {
-      from = 6881;
-      to = 6999;
-    }
-    {
-      from = 50101;
-      to = 50109;
-    }
-  ];
-  networking.firewall.allowedUDPPortRanges = [
-    # Allow aria2 to work
-    {
-      from = 6881;
-      to = 6999;
-    }
-    {
-      from = 50101;
-      to = 50109;
-    }
-  ];
-
-  networking.enableIPv6 = true;
-  systemd.services.NetworkManager-wait-online.enable = false;
+  networking.enableIPv6 = false;
 
   # let vscode, vivaldi, etc work.
   security.unprivilegedUsernsClone = true;
@@ -145,14 +47,11 @@ in {
   nix.extraOptions = ''
     keep-outputs = true
     keep-derivations = true
-    builders-use-substitutes = true
   '';
 
   networking.hostName = "tablet";
   time.timeZone = "Europe/London";
 
-  services.fstrim.enable = true;
-
   system.stateVersion = "21.11";
 }
 

hosts/tablet/vm.nix

@@ -1,11 +0,0 @@
-{ lib, inputs, ... }: {
-  imports = [ "${inputs.nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ];
-  users.users.root.password = "owo";
-  users.users.chaos.password = "owo";
-  home-manager.users.chaos.home.sessionVariables = {
-    WLR_RENDERER_ALLOW_SOFTWARE = "1";
-  };
-  services.getty.extraArgs = lib.mkForce [ ];
-  virtualisation.cores = 4;
-  virtualisation.qemu.options = [ "-vga" "qxl" ];
-}

hosts/vault/hardware.nix

@@ -1,7 +1,5 @@
 { modulesPath, ... }: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";

outputs.nix

@@ -22,7 +22,7 @@ in {
       exa
       #inputs.deploy-rs.packages."x86_64-linux".deploy-rs
       (pkgs-x86_64-linux.callPackage ./extras/mk-enc-usb.nix { })
-      (pkgs-x86_64-linux.callPackage ./extras/mk-lappy-ssd.nix { })
+      (pkgs-x86_64-linux.callPackage ./extras/mk-normal-enc-ssd.nix { })
     ];
   };
 }

presets/nixos/desktop.nix

@@ -0,0 +1,36 @@
+{ tree, ... }: {
+  imports = with tree; [
+    profiles.sound.pipewire
+    profiles.gui.base
+    profiles.gui.environments.gnome
+
+    profiles.firewall-allow.aria2c
+    profiles.firewall-allow.soulseek
+    profiles.mullvad
+  ];
+
+  home-manager.users.chaos = {
+    imports = with tree; [
+      home.gui.base
+      home.gui.environments.gnome
+
+      home.apps.file-roller
+      home.apps.nautilus
+      home.apps.pavucontrol
+      home.apps.mpv
+
+      home.apps.vivaldi
+      home.apps.telegram
+      home.apps.quassel
+
+      home.apps.strawberry
+      home.apps.nicotine-plus
+      home.apps.musicutil
+
+      home.apps.mullvad
+      home.apps.aria2
+      home.apps.rclone
+      home.apps.restic
+    ];
+  };
+}

presets/nixos/encrypted-usb.nix

@@ -0,0 +1,4 @@
+{ tree, ... }: {
+  imports = with tree; [ profiles.usb-automount ];
+  home-manager.users.chaos = { imports = with tree; [ home.ssh-usb ]; };
+}

presets/nixos/laptop.nix

@@ -0,0 +1,13 @@
+{ tree, ... }: {
+  imports = with tree; [
+    profiles.laptop
+
+    profiles.connectivity.network_manager
+    profiles.connectivity.ios
+
+    profiles.force_dns
+    profiles.tor
+  ];
+  services.fstrim.enable = true;
+  systemd.services.NetworkManager-wait-online.enable = false;
+}

presets/nixos/normal-encrypted-drive.nix

@@ -0,0 +1,54 @@
+{ pkgs, ... }:
+let
+  usb_data = import ../../data/usb_data.nix { };
+  drive_data = import ../../data/normal_drive_data.nix { };
+in {
+  config.boot = {
+    initrd.availableKernelModules = [
+      # For USB w/ Encryption Key
+      "usb_storage"
+      "usbcore"
+      "uas"
+      "sd_mod"
+      # For USB Keyboards
+      "usbhid"
+      # For Cryptography
+      "aesni_intel"
+      "cryptd"
+    ];
+    initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+      mkdir -m 0755 -p ${usb_data.mountpoint}
+
+      while !(test -b ${usb_data.encrypted_path})
+      do
+        echo "Please Plug In USB"
+        sleep 1
+      done
+
+      echo "Please Decrypt USB"
+
+      cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}
+
+      mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}
+    '';
+
+    initrd.luks.devices = {
+      "${drive_data.root_mapper_name}" = {
+        device = "${drive_data.encrypted_root_path}";
+        keyFile = "${usb_data.lappy_encryption_key_path}";
+        preLVM = false;
+        allowDiscards = true;
+      };
+    };
+  };
+  config.fileSystems = {
+    "/" = {
+      device = "${drive_data.decrypted_root_path}";
+      fsType = "${drive_data.unencrypted_root_fs_type}";
+    };
+    "/boot" = {
+      device = "${drive_data.boot_path}";
+      fsType = "${drive_data.boot_fs_type}";
+    };
+  };
+}

profiles/base/nix.nix

@@ -16,4 +16,5 @@
       inputs.deploy-rs.overlay
     ];
   };
+  environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev;
 }

profiles/firewall-allow/aria2c.nix

@@ -0,0 +1,22 @@
+{ ... }: {
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 6881;
+      to = 6999;
+    }
+    {
+      from = 50101;
+      to = 50109;
+    }
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    {
+      from = 6881;
+      to = 6999;
+    }
+    {
+      from = 50101;
+      to = 50109;
+    }
+  ];
+}

profiles/firewall-allow/soulseek.nix

@@ -0,0 +1 @@
+{ ... }: { networking.firewall.allowedTCPPorts = [ 2235 ]; }

profiles/laptop/default.nix

@@ -1,7 +1,8 @@
-{ config, ... }: {
+{ config, pkgs, ... }: {
   services.xserver.libinput.enable = true;
   services.tlp.enable = true;
   powerManagement.enable = true;
   powerManagement.powertop.enable = true;
   hardware.acpilight.enable = true;
+  environment.systemPackages = [ config.boot.kernelPackages.cpupower ];
 }

profiles/mullvad.nix

@@ -0,0 +1 @@
+{ ... }: { services.mullvad-vpn.enable = true; }

profiles/tailscale/tailscale.nix

@@ -1,5 +0,0 @@
-_: {
-  services.tailscale.enable = true;
-  networking.firewall.trustedInterfaces = [ "tailscale0" ];
-  networking.firewall.checkReversePath = "loose";
-}

profiles/usb-automount.nix

@@ -1,6 +1,6 @@
 { lib, pkgs, ... }:
 let
-  usb_data = import ../hardware/usb_data.nix { };
+  usb_data = import ../data/usb_data.nix { };
   mapper_name = "usb_unencrypted_afterboot";
   mapper_path = "/dev/mapper/${mapper_name}";
   mount_usb = pkgs.writeShellScriptBin "mount_usb" ''

scripts/rebuild.sh

@@ -15,4 +15,4 @@ FIRST_ARG="${1:-switch}"
 shift
 
 sudo cpupower frequency-set -g performance
-nixos-rebuild --flake "path:${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@
+nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@

treeConfig.nix

@@ -14,6 +14,8 @@
       "profiles/connectivity/*".functor.enable = true;
       "profiles/gaming/*".functor.enable = true;
       "profiles/gui/environments/*".functor.enable = true;
+      "profiles/firewall-allow/*".functor.enable = true;
+
       "users/*".functor.enable = true;
       "home/*".functor.enable = true;
       "home/gui/environments/*".functor.enable = true;
@@ -21,8 +23,10 @@
       "home/gaming/emulators/*".functor.enable = true;
       "home/gaming/games/*".functor.enable = true;
       "home/gaming/platforms/*".functor.enable = true;
-
       "home/programming/languages/*".functor.enable = true;
+
+      "presets/nixos/*".functor.enable = true;
+
       "modules/nixos" = {
         functor = {
           enable = true;