Make home-manager config for ll-latitude-e5591 build again

nixos/disko/libvirt/luks-lvm.nix

@@ -0,0 +1,13 @@
+{ ... }: {
+  disko.devices.disk.vda.content.partitions.luks = {
+    size = "100%";
+    content = {
+      type = "luks";
+      name = "crypted";
+      content = {
+        type = "lvm_pv";
+        vg = "pool";
+      };
+    };
+  };
+}

nixos/disko/libvirt/lvm-ext4.nix

@@ -0,0 +1,16 @@
+{ ... }: {
+  disko.devices.lvm_vg.pool = {
+    type = "lvm_vg";
+    lvs.root = {
+      size = "100%FREE";
+      content = {
+        type = "filesystem";
+        format = "ext4";
+        mountpoint = "/";
+        mountOptions = [
+          "defaults"
+        ];
+      };
+    };
+  };
+}

nixos/disko/libvirt/lvm.nix

@@ -0,0 +1,9 @@
+{ ... }: {
+  disko.devices.disk.vda.content.partitions.lvm = {
+    size = "100%";
+    content = {
+      type = "lvm_pv";
+      vg = "pool";
+    };
+  };
+}

nixos/disko/libvirt/uefi-base.nix

@@ -0,0 +1,21 @@
+{ ... }: {
+  disko.devices.disk.vda = {
+    type = "disk";
+    device = "/dev/vda";
+    content = {
+      type = "gpt";
+      partitions = {
+        boot = {
+          size = "1G";
+          type = "EF00";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+            mountOptions = [ "umask=0077" ];
+          };
+        };
+      };
+    };
+  };
+}

nixos/disko/libvirt/uefi-zfs-base.nix

@@ -0,0 +1,59 @@
+{ ... }: {
+  disko.devices = {
+    disk = {
+      vda = {
+        type = "disk";
+        device = "/dev/vda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "rpool";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      rpool = {
+        type = "zpool";
+
+        options = {
+          ashift = "12";
+        };
+
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "zstd";
+          acltype = "posixacl";
+          xattr = "sa";
+          canmount = "off";
+        };
+
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            postCreateHook = ''
+              zfs snapshot rpool/root@blank
+            '';
+          };
+        };
+      };
+    };
+  };
+}

nixos/disko/libvirt/zfs-encrypted.nix

@@ -0,0 +1,13 @@
+{ ... }: {
+  disko.devices.zpool.rpool = {
+    rootFsOptions = {
+      encryption = "aes-256-gcm";
+      keyformat = "passphrase";
+
+      keylocation = "prompt";
+    };
+    postCreateHook = ''
+      zfs set keylocation="prompt" rpool
+    '';
+  };
+}

nixos/disko/libvirt/zfs-mirror.nix

@@ -0,0 +1,33 @@
+# https://github.com/KornelJahn/nixos-disko-zfs-test/blob/main/hosts/testhost-disko.nix
+{ ... }: {
+  disko.devices = {
+    disk.vdb = {
+      type = "disk";
+      device = "/dev/vdb";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            size = "1G";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot1";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          zfs = {
+            size = "100%";
+            content = {
+              type = "zfs";
+              pool = "rpool";
+            };
+          };
+        };
+      };
+    };
+
+    zpool.rpool.mode = "mirror";
+  };
+}

nixos/disko/nvme/uefi-luks-lvm-ext4.nix

@@ -0,0 +1,54 @@
+{ ... }: {
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                content = {
+                  type = "lvm_pv";
+                  vg = "pool";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

nixos/features/base.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }: {
+  users.mutableUsers = false;
+
+  networking.wireless.enable = false; # For some reason this is needed all of the time
+
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  # Basic Services
+  services.smartd.enable = true;
+  services.uptimed.enable = true;
+}

nixos/features/embedded.nix

@@ -0,0 +1,45 @@
+{ pkgs, pkgs-unstable, ... }: {
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.segger-jlink.acceptLicense = true;
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "segger-jlink-qt4-810"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    pkgs-unstable.platformio # https://github.com/NixOS/nixpkgs/commit/0ba947ba44fc17c7cc94be2374dbfb939900cecd
+    segger-jlink
+
+    arduino-ide
+    stm32cubemx
+
+    avrdude
+    esptool
+    stlink
+    stlink-gui
+    (pkgs-unstable.kicad.override { addons=[pkgs-unstable.kicadAddons.kikit pkgs-unstable.kicadAddons.kikit-library]; })
+    kikit
+    screen
+    prusa-slicer
+    esphome
+    librecad
+    pulseview
+    sigrok-cli
+  ];
+
+  services.udev.packages = with pkgs; [
+    platformio
+    platformio-core
+
+    openocd
+    stlink
+    esptool
+    avrdude
+  ];
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="usb", ATTR{idVendor}="1a86", ATTR{idProduct}=="8010", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}="4348", ATTR{idProduct}=="55e0", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}="1a86", ATTR{idProduct}=="8012", MODE="0666"
+  '';
+}

nixos/features/factorio.nix

@@ -0,0 +1,14 @@
+{ pkgs, pkgs-unstable, ... }: {
+
+  environment.systemPackages = with pkgs-unstable; [
+    (factorio.override {
+      username = "";
+      token = "";
+
+      releaseType = "alpha";
+      version = "2.0.32";
+
+      # nix-prefetch-url file:///$(pwd | sed 's| |%20|')/factorio_alpha_x64-2.0.32.tar.xz --name factorio_alpha_x64-2.0.32.tar.xz
+    })
+  ];
+}

nixos/features/frigate-mpv-cage.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    mpv
+  ];
+
+  services.cage = {
+    enable = true;
+    program = "${pkgs.mpv}/bin/mpv --profile=low-latency --untimed rtsp://bastion.mlaga97.space:8554/birdseye";
+    user = "dotspace";
+    extraArguments = [ "-s" ];
+    environment = {
+      WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
+    };
+  };
+
+  systemd.services."cage-tty1.service".after = [
+    "network-online.target"
+    "systemd-resolved.service"
+  ];
+}

nixos/features/gpu/intel.nix

@@ -0,0 +1,18 @@
+{ pkgs, ... }: {
+  hardware.graphics.enable32Bit = true;
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+  };
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      intel-vaapi-driver
+      libvdpau-va-gl
+    ];
+  };
+
+  environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
+}

nixos/features/gpu/nvidia.nix

@@ -0,0 +1,40 @@
+# https://community.frame.work/t/egpu-gtx-1060-6gb-working-great-on-nixos-on-the-12th-gen-framework/40919
+{ config, ... }: {
+  # Enable OpenGL
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = ["nvidia"];
+
+  # Fix stupid UI scaling bug
+  services.xserver.dpi = 96;
+
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of
+    # supported GPUs is at:
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+}

nixos/features/gui-apps.nix

@@ -0,0 +1,2 @@
+{ pkgs, lib, unstable, ... }: {
+}

nixos/features/hardware/printing.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }: {
+  services.printing.enable = true;
+  services.printing.drivers = with pkgs; [ brlaser hplipWithPlugin ];
+
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+  };
+}

nixos/features/hardware/rtl-sdr.nix

@@ -0,0 +1,12 @@
+{ pkgs, unstable, ... }: {
+  hardware.rtl-sdr.enable = true;
+  users.users.lauren_lagarde.extraGroups = [ "plugdev" ];
+
+  services.udev.packages = [ pkgs.rtl-sdr ];
+
+  environment.systemPackages = with pkgs; [
+    gnuradio
+    soapyrtlsdr
+    gqrx
+  ];
+}

nixos/features/hardware/yubikey.nix

@@ -0,0 +1,17 @@
+{ pkgs, lib, ... }: {
+  environment.systemPackages = with pkgs; [
+		yubikey-personalization
+  ];
+
+	services.udev.packages = with pkgs; [
+		yubikey-personalization
+  ];
+
+	services.pcscd.enable = true;
+  programs.ssh.startAgent = false;
+
+	programs.gnupg.agent = {
+		enable = true;
+		enableSSHSupport = true;
+  };
+}

nixos/features/headless.nix

@@ -0,0 +1,2 @@
+{ config, lib, pkgs, callPackage, ... }: {
+}

nixos/features/i3_old.nix

@@ -0,0 +1,71 @@
+{ pkgs, lib, unstable, ... }: {
+
+  hardware.graphics.enable32Bit = true;
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Display Server Config
+
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+      gnome.enable = true;
+    };
+
+    windowManager.i3.enable = true;
+  };
+
+  services.displayManager = {
+    defaultSession = "none+i3";
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Packages
+
+  programs.virt-manager.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    # Polybar
+    siji
+    polybar
+    font-awesome
+    font-awesome_5
+    networkmanagerapplet
+
+    # Apps
+    gnome-terminal
+    chromium
+    qtpass
+    unstable.yt-dlp
+
+    rofi
+    i3status
+    i3lock
+    i3blocks
+    nemo-with-extensions
+    dunst
+    pinentry-qt
+    brightnessctl
+    openscad-unstable
+    shutter
+    pavucontrol
+    arandr
+    blueman
+    sublime-merge
+    libreoffice
+    gparted
+    loupe
+    gthumb
+    vlc
+    mpv
+
+    ledger
+    xorg.xkill
+    sound-juicer
+  ];
+}

nixos/features/i3wm.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+  services.xserver = {
+    enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+      gnome.enable = true;
+    };
+
+    windowManager = {
+      i3.enable = true;
+    };
+
+    displayManager.lightdm.enable = true;
+  };
+
+  services.displayManager.defaultSession = "none+i3";
+
+  systemd.user.services.polkit-gnome-authentication-agent-1 = {
+    description = "polkit-gnome-authentication-agent-1";
+    wantedBy = [ "graphical-session.target" ];
+    wants = [ "graphical-session.target" ];
+    after = [ "graphical-session.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      Restart = "on-failure";
+      RestartSec = 1;
+      TimeoutStopSec = 10;
+    };
+  };
+}

nixos/features/initrd-ssh.nix

@@ -0,0 +1,33 @@
+# ssh-keygen -t ed25519 -N "" -f ./ssh_host_ed25519_key
+
+{ ... }: {
+  imports = [
+    ./systemd-boot.nix
+  ];
+
+  boot.initrd = {
+    systemd = {
+      enable = true;
+      users.root.shell = "/bin/systemd-tty-ask-password-agent";
+      network = {
+        enable = true;
+        networks."10-enp1s0" = {
+          matchConfig.Name = "enp1s0";
+          networkConfig.DHCP = "yes";
+        };
+      };
+    };
+
+    network = {
+      enable = true;
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [ "/root/secrets/initrd/ssh_host_ed25519_key" ];
+        authorizedKeys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
+        ];
+      };
+    };
+  };
+}

nixos/features/networking/networkd-br0.nix

@@ -0,0 +1,23 @@
+{ ... }: {
+  networking.useNetworkd = true;
+  systemd.network = {
+    enable = true;
+    netdevs."20-br0".netdevConfig = {
+      Kind = "bridge";
+      Name = "br0";
+    };
+    networks = {
+      "40-br0" = {
+        matchConfig.Name = "br0";
+        bridgeConfig = {};
+        linkConfig = {
+          RequiredForOnline = "routable";
+        };
+        networkConfig = {
+          DHCP = "ipv4";
+          IPv6AcceptRA = true;
+        };
+      };
+    };
+  };
+}

nixos/features/openssh-server.nix

@@ -0,0 +1,9 @@
+{ lib, ... }: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = lib.mkForce "no";
+      PasswordAuthentication = false;
+    };
+  };
+}

nixos/features/stronghold-binary-cache.nix

@@ -0,0 +1,13 @@
+{ ... }: {
+  nix.settings = {
+    substituters = [
+      "http://nix-cache.stronghold.mlaga97.space"
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+    ];
+    trusted-public-keys = [
+      "nix-cache.stronghold.mlaga97.space:RR2S/XWXGjACgAeN30qWCgG1wySOyTGtup8Os3yrdQw="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+}

nixos/features/systemd-boot.nix

@@ -0,0 +1,4 @@
+{ ... }: {
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}

nixos/features/tui-apps.nix

@@ -0,0 +1,31 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    # Basic Utilities
+    bc pv killall zip unzip unrar-wrapper unar units
+
+    # System Monitoring / TUI QoL Tools
+    btop iotop tmux byobu
+
+    # Security / Cryptography
+    (pass.withExtensions (ext: with ext; [ pass-otp pass-update ]))
+    ssss gnupg pwgen qrencode diceware
+
+    # Applications
+    vim_configurable
+
+    # File Management
+    git ffmpeg restic rclone imagemagick
+
+    # File Systems
+    nfs-utils cifs-utils exfatprogs
+
+    # Networking Utilities
+    dig tinc_pre traceroute wireguard-tools iperf3
+
+    # NixOS Helpers
+    nixos-generators nix-index nix-search-cli
+
+    # Hardware Utilities
+    usbutils pciutils
+  ];
+}

nixos/features/virtualization/docker.nix

@@ -0,0 +1,11 @@
+{ ... }: {
+  virtualisation.docker.enable = true;
+  virtualisation.containers.enable = true;
+
+  # Enable podman, but don't default to it
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = false;
+    defaultNetwork.settings.dns_enabled = true;
+  };
+}

nixos/features/virtualization/dockge.nix

@@ -0,0 +1,21 @@
+{ ... }: {
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers = {
+    dockge = {
+      image = "louislam/dockge";
+      ports = [
+        "5001:5001"
+      ];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock"
+        "/opt/stacks/dockge/data:/app/data"
+        "/root/.docker/:/root/.docker"
+        "/opt/stacks:/opt/stacks"
+      ];
+      environment = {
+        DOCKGE_STACKS_DIR = "/opt/stacks";
+      };
+    };
+  };
+
+}

nixos/features/virtualization/libvirt-guest-uefi.nix

@@ -0,0 +1,8 @@
+{ ... }: {
+  boot.initrd = {
+    kernelModules = [ "virtio_net" "e1000" ];
+    availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  };
+
+  boot.zfs.devNodes = "/dev/disk/by-partuuid";
+}

nixos/features/virtualization/libvirt-host.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  virtualisation.libvirtd.enable = true;
+}

nixos/features/virtualization/persistent_docker.nix

@@ -0,0 +1,40 @@
+{ pkgs, lib, ... }: {
+  systemd.mounts = [
+    {
+      type = "ext4";
+      options = "rw";
+      what = "/dev/vda";
+      where = "/persistent";
+    }
+  ];
+
+  systemd.automounts = [
+    {
+      wantedBy = [ "multi-user.target" ];
+      where = "/persistent";
+    }
+  ];
+
+  virtualisation.docker.daemon.settings = {
+    data-root = "/persistent/docker-root";
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers = {
+    dockge = {
+      image = "louislam/dockge";
+      ports = [
+        "5001:5001"
+      ];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock"
+        "/persistent/stacks/dockge/data:/app/data"
+        "/root/.docker/:/root/.docker"
+        "/persistent/stacks:/persistent/stacks"
+      ];
+      environment = {
+        DOCKGE_STACKS_DIR = "/persistent/stacks";
+      };
+    };
+  };
+}

nixos/features/virtualization/virtualbox-host.nix

@@ -0,0 +1,10 @@
+{ ... }: {
+  virtualisation.libvirtd.enable = false;
+
+  virtualisation.virtualbox = {
+    host = {
+      enable = true;
+      enableExtensionPack = true;
+    };
+  };
+}

nixos/tweaks/aarch64-crosscompile.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+}

nixos/tweaks/bluetooth.nix

@@ -0,0 +1,25 @@
+{ pkgs, lib, ... }: {
+  hardware.enableRedistributableFirmware = true;
+
+  services.blueman.enable = true;
+
+  hardware.bluetooth = {
+    enable = true;
+    settings.General = {
+      Enable = "Source,Sink,Media,Socket";
+      Experimental = true;
+    };
+  };
+
+  # PipeWire appears to have marginally less shitty bluetooth support
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    audio.enable = true;
+    pulse.enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    jack.enable = true;
+  };
+}

nixos/tweaks/disable_firewall.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  networking.firewall.enable = false;
+}

nixos/tweaks/disable_nixos_user.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }: {
+  services.getty.autologinUser = lib.mkForce null;
+
+  users.groups.nixos = {};
+  users.users.nixos.group = "nixos";
+  users.users.nixos.isSystemUser = lib.mkForce true;
+  users.users.nixos.isNormalUser = lib.mkForce false;
+  users.users.nixos.initialHashedPassword = lib.mkForce "!";
+
+  # Disable root as well
+  users.users.root.initialHashedPassword = lib.mkForce "!";
+}

nixos/tweaks/enable_flakes.nix

@@ -0,0 +1,4 @@
+{ ... }: {
+  nix.channel.enable = false;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}

nixos/tweaks/intel_igpu_screen_tearing.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  # Fix screen tearing on Intel iGPU
+  # TODO: I think this is still broken
+  services.picom.enable = true;
+  services.picom.vSync = true;
+}

nixos/tweaks/powersave.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  powerManagement.cpuFreqGovernor = "powersave";
+}

nixos/tweaks/systemd-resolved_nonsense.nix

@@ -0,0 +1,4 @@
+{ ... }: {
+  # I...this is dumb...
+  services.resolved.extraConfig = "ResolveUnicastSingleLabel=yes";
+}

nixos/tweaks/zfs.nix

@@ -0,0 +1,16 @@
+{ config, ... }: {
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.devNodes = "/dev/disk/by-id/";
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.autoScrub.interval = "weekly";
+
+  boot.extraModprobeConfig = ''
+    # Under low-write conditions, wait up to 30 seconds before committing data to disk
+    options zfs zfs_txg_timeout=30
+
+    # Stupid silent data corruption bug (https://github.com/openzfs/zfs/issues/15933)
+    options zfs zfs_bclone_enabled=0
+    options zfs zfs_dmu_offset_next_sync=0
+  '';
+}

nixos/tweaks/zram.nix

@@ -0,0 +1,7 @@
+{ ... }: {
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    memoryPercent = 200;
+  };
+}