refactor: use flakes with deploy-rs & nixos-hardware

.envrc

@@ -0,0 +1,5 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.1.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.1.0/direnvrc" "sha256-FAT2R9yYvVg516v3LiogjIc8YfsbWbMM/itqWsm5xTA="
+fi
+
+use flake

.gitignore

@@ -1,2 +1,2 @@
-configuration.nix
-vars-*.nix
+result*
+.direnv

default.nix

@@ -1,9 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ./modules.nix
-    ./network.nix
-    ./users.nix
-  ];
-}

disks-home.nix

@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-#FIXME: komplett anpassen
-let
-  uuids = import ./vars-uuids.nix;
-in
-{
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/${uuids.fs.home}";
-    fsType = "ext4";
-  };
-}

disks-srv.nix

@@ -1,11 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  uuids = import ./vars-uuids.nix;
-in
-{
-  # FS
-  fileSystems."/srv" = {
-    device = "/dev/disk/by-uuid/${uuids.fs.srv}";
-    fsType = "ext4";
-  };
-}

disks.nix

@@ -1,32 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-#FIXME: komplett anpassen
-let
-  uuids = import ./vars-uuids.nix;
-in
-{
-  boot.initrd.luks.devices."luks-drive" = {
-    name = "luks-drive";
-    device = "/dev/disk/by-partuuid/${uuids.luks.root}";
-    preLVM = true;
-    allowDiscards = true;
-  };
-
-  # FS
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/${uuids.fs.root}";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/${uuids.fs.boot}";
-    fsType = "vfat";
-  };
-
-  # Swap
-  swapDevices = [
-    {
-      device = "/dev/disk/by-uuid/${uuids.fs.swap}";
-    }
-  ];
-}

extra/default.nix

@@ -1,99 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
-in
-{
-  imports = [
-    ./fonts.nix
-    ./nautilus.nix
-  ];
-
-  programs.gnome-disks.enable = true;
-  services.udisks2.enable = true;
-
-  xdg.mime.enable = true;
-
-  # make gnome settings persistent
-  programs.dconf.enable = true;
-
-  # gnome services
-  services.dbus.packages = [ pkgs.dconf ];
-  services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ];
-  services.gnome.gnome-keyring.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    adwaita-qt
-    arc-icon-theme
-    arc-kde-theme
-    arc-theme
-    evince
-    firefox-wayland
-    #geary
-    ghostwriter
-    (gimp-with-plugins.override {
-      plugins = with gimpPlugins; [
-        resynthesizer
-      ];
-    })
-    glib
-    gnome.adwaita-icon-theme
-    gnome.dconf-editor
-    gnome.eog
-    gnome.file-roller
-    gnome.gnome-calendar
-    gnome.gnome-system-monitor
-    gnome.simple-scan
-    keepassxc
-    keychain
-    konsole
-    libnotify
-    libreoffice
-    lollypop
-    unstable.newsflash
-    numix-cursor-theme
-    numix-icon-theme
-    numix-icon-theme-circle
-    polkit_gnome
-    qgnomeplatform
-    rhythmbox
-    simple-scan
-    socat
-    sshuttle
-    tdesktop
-    thunderbird
-    virtmanager
-    vlc
-    (mpv-with-scripts.override {
-      scripts = with mpvScripts; [
-        convert
-        mpris
-        simple-mpv-webui
-        sponsorblock
-        thumbnail
-      ];
-    })
-    wayvnc
-    xdg-utils
-    zathura
-    zeal
-
-    # TODO sort them in different files
-    pdfgrep
-    physlock
-    #symlinks
-  ];
-
-  # Enable firmware update daemon
-  services.fwupd.enable = true;
-
-  programs.wireshark.enable = true;
-  programs.wireshark.package = pkgs.wireshark;
-
-  services.accounts-daemon.enable = true;
-
-  environment.interactiveShellInit = ''
-    if test `tty` = /dev/tty1; then
-      exec sway
-    fi
-  '';
-}

flake.lock

@@ -0,0 +1,747 @@
+{
+  "nodes": {
+    "HTTP": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1451647621,
+        "narHash": "sha256-oHIyw3x0iKBexEo49YeUDV1k74ZtyYKGR2gNJXXRxts=",
+        "owner": "phadej",
+        "repo": "HTTP",
+        "rev": "9bc0996d412fef1787449d841277ef663ad9a915",
+        "type": "github"
+      },
+      "original": {
+        "owner": "phadej",
+        "repo": "HTTP",
+        "type": "github"
+      }
+    },
+    "cabal-32": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1603716527,
+        "narHash": "sha256-sDbrmur9Zfp4mPKohCD8IDZfXJ0Tjxpmr2R+kg5PpSY=",
+        "owner": "haskell",
+        "repo": "cabal",
+        "rev": "94aaa8e4720081f9c75497e2735b90f6a819b08e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "haskell",
+        "ref": "3.2",
+        "repo": "cabal",
+        "type": "github"
+      }
+    },
+    "cabal-34": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1622475795,
+        "narHash": "sha256-chwTL304Cav+7p38d9mcb+egABWmxo2Aq+xgVBgEb/U=",
+        "owner": "haskell",
+        "repo": "cabal",
+        "rev": "b086c1995cdd616fc8d91f46a21e905cc50a1049",
+        "type": "github"
+      },
+      "original": {
+        "owner": "haskell",
+        "ref": "3.4",
+        "repo": "cabal",
+        "type": "github"
+      }
+    },
+    "cabal-36": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640163203,
+        "narHash": "sha256-TwDWP2CffT0j40W6zr0J1Qbu+oh3nsF1lUx9446qxZM=",
+        "owner": "haskell",
+        "repo": "cabal",
+        "rev": "ecf418050c1821f25e2e218f1be94c31e0465df1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "haskell",
+        "ref": "3.6",
+        "repo": "cabal",
+        "type": "github"
+      }
+    },
+    "cardano-shell": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1608537748,
+        "narHash": "sha256-PulY1GfiMgKVnBci3ex4ptk2UNYMXqGjJOxcPy2KYT4=",
+        "owner": "input-output-hk",
+        "repo": "cardano-shell",
+        "rev": "9392c75087cb9a3d453998f4230930dea3a95725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "cardano-shell",
+        "type": "github"
+      }
+    },
+    "cncli": {
+      "inputs": {
+        "iohk-nix": "iohk-nix",
+        "nixpkgs": "nixpkgs",
+        "rust-nix": "rust-nix",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1639248048,
+        "narHash": "sha256-UnXYXcbkvM1K7v5DeJ4XyNZy4ZU7hqOcENy65ICizg8=",
+        "owner": "AndrewWestberg",
+        "repo": "cncli",
+        "rev": "91e61b241d92d30e5ebba1acbe395a4be5186254",
+        "type": "github"
+      },
+      "original": {
+        "owner": "AndrewWestberg",
+        "repo": "cncli",
+        "type": "github"
+      }
+    },
+    "deploy": {
+      "inputs": {
+        "fenix": [
+          "fenix"
+        ],
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "fenix",
+          "nixpkgs"
+        ],
+        "utils": "utils_2"
+      },
+      "locked": {
+        "lastModified": 1645603310,
+        "narHash": "sha256-/CTQuJzFK8pO2d4S5uKhHwT+QiNfnbCKSx7O2tW0GXQ=",
+        "owner": "input-output-hk",
+        "repo": "deploy-rs",
+        "rev": "feb44f80c634c799a661bf27c5cb4a905640fe93",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2",
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1654151426,
+        "narHash": "sha256-8KHHvaduwvobK0rEvy4eM0uEQFu+NbE3BJ9qhgEkm/w=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "b2ba32f32e5238b4c6b49f81ff3d82e4dbe7f728",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1627913399,
+        "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1623875721,
+        "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "ghc-8.6.5-iohk": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1600920045,
+        "narHash": "sha256-DO6kxJz248djebZLpSzTGD6s8WRpNI9BTwUeOf5RwY8=",
+        "owner": "input-output-hk",
+        "repo": "ghc",
+        "rev": "95713a6ecce4551240da7c96b6176f980af75cae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "ref": "release/8.6.5-iohk",
+        "repo": "ghc",
+        "type": "github"
+      }
+    },
+    "hackage": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1643073363,
+        "narHash": "sha256-66oSXQKEDIOSQ2uKAS9facCX/Zuh/jFgyFDtxEqN9sk=",
+        "owner": "input-output-hk",
+        "repo": "hackage.nix",
+        "rev": "4ef9bd3a32316ce236164c7ebff00ebeb33236e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "hackage.nix",
+        "type": "github"
+      }
+    },
+    "haskellNix": {
+      "inputs": {
+        "HTTP": "HTTP",
+        "cabal-32": "cabal-32",
+        "cabal-34": "cabal-34",
+        "cabal-36": "cabal-36",
+        "cardano-shell": "cardano-shell",
+        "flake-utils": "flake-utils_2",
+        "ghc-8.6.5-iohk": "ghc-8.6.5-iohk",
+        "hackage": "hackage",
+        "hpc-coveralls": "hpc-coveralls",
+        "nix-tools": "nix-tools",
+        "nixpkgs": [
+          "haskellNix",
+          "nixpkgs-2111"
+        ],
+        "nixpkgs-2003": "nixpkgs-2003",
+        "nixpkgs-2105": "nixpkgs-2105",
+        "nixpkgs-2111": "nixpkgs-2111",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "old-ghc-nix": "old-ghc-nix",
+        "stackage": "stackage"
+      },
+      "locked": {
+        "lastModified": 1643073543,
+        "narHash": "sha256-g2l/KDWzMRTFRugNVcx3CPZeyA5BNcH9/zDiqFpprB4=",
+        "owner": "input-output-hk",
+        "repo": "haskell.nix",
+        "rev": "14f740c7c8f535581c30b1697018e389680e24cb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "haskell.nix",
+        "rev": "14f740c7c8f535581c30b1697018e389680e24cb",
+        "type": "github"
+      }
+    },
+    "hpc-coveralls": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1607498076,
+        "narHash": "sha256-8uqsEtivphgZWYeUo5RDUhp6bO9j2vaaProQxHBltQk=",
+        "owner": "sevanspowell",
+        "repo": "hpc-coveralls",
+        "rev": "14df0f7d229f4cd2e79f8eabb1a740097fdfa430",
+        "type": "github"
+      },
+      "original": {
+        "owner": "sevanspowell",
+        "repo": "hpc-coveralls",
+        "type": "github"
+      }
+    },
+    "iohk-nix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1615911315,
+        "narHash": "sha256-3GiYZendBOpHfgDkfBI/GJfhJ3hOdd/fDq8VWSMdtng=",
+        "owner": "input-output-hk",
+        "repo": "iohk-nix",
+        "rev": "bc4216c5b0e14dbde5541763f4952f99c3c712fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "iohk-nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": "nixpkgs_3",
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1650397666,
+        "narHash": "sha256-gWYNlEyleqkPfxtGXeq6ggjzJwcXJVdieJxA1Obly9s=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "69c6fb12eea414382f0b945c0d6c574c43c7c9a3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "2.8.0",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nix-tools": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1636018067,
+        "narHash": "sha256-ng306fkuwr6V/malWtt3979iAC4yMVDDH2ViwYB6sQE=",
+        "owner": "input-output-hk",
+        "repo": "nix-tools",
+        "rev": "ed5bd7215292deba55d6ab7a4e8c21f8b1564dda",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "nix-tools",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1654057797,
+        "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1615797423,
+        "narHash": "sha256-5NGDZXPQzuoxf/42NiyC9YwwhwzfMfIRrz3aT0XHzSc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "266dc8c3d052f549826ba246d06787a219533b8f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-2003": {
+      "locked": {
+        "lastModified": 1620055814,
+        "narHash": "sha256-8LEHoYSJiL901bTMVatq+rf8y7QtWuZhwwpKE2fyaRY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1db42b7fe3878f3f5f7a4f2dc210772fd080e205",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-20.03-darwin",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-2105": {
+      "locked": {
+        "lastModified": 1640283157,
+        "narHash": "sha256-6Ddfop+rKE+Gl9Tjp9YIrkfoYPzb8F80ergdjcq3/MY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dde1557825c5644c869c5efc7448dc03722a8f09",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-21.05-darwin",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-2111": {
+      "locked": {
+        "lastModified": 1640283207,
+        "narHash": "sha256-SCwl7ZnCfMDsuSYvwIroiAlk7n33bW8HFfY8NvKhcPA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "64c7e3388bbd9206e437713351e814366e0c3284",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-21.11-darwin",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1653819578,
+        "narHash": "sha256-a1vaUl6VZz1NsWxMw0i5lRyHIOVUIuMZdQzV+4s+rY8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "baa82d4b626288c7439eeea073a18aabbe435991",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-22_05": {
+      "locked": {
+        "lastModified": 1653822412,
+        "narHash": "sha256-xZwMDQ8MdNiTwE8dcKAX1h3qCmLtuudNGxmFUX3xIes=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "db78278ff296cf21eca7e8c08ee99707387a54fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1641285291,
+        "narHash": "sha256-KYaOBNGar3XWTxTsYPr9P6u74KAqNq0wobEC236U+0c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "0432195a4b8d68faaa7d3d4b355260a3120aeeae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable_2": {
+      "locked": {
+        "lastModified": 1653931853,
+        "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1653931853,
+        "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1645296114,
+        "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.05-small",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1654005557,
+        "narHash": "sha256-J6elwUzPoco+r5qWPHhvS2EHVWomUtNcxzkfdAQOwEU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "08950a6e29cf7bddee466592eb790a417550f7f9",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1623423544,
+        "narHash": "sha256-3b6CdnlUBXb2M5F7vLQ/DVRmpu31YDo1wthdybF46Dc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5707a8efadbd9a2bfe5aa663555c62ba2933cc81",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "old-ghc-nix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1631092763,
+        "narHash": "sha256-sIKgO+z7tj4lw3u6oBZxqIhDrzSkvpHtv0Kki+lh9Fg=",
+        "owner": "angerman",
+        "repo": "old-ghc-nix",
+        "rev": "af48a7a7353e418119b6dfe3cd1463a657f342b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "angerman",
+        "ref": "master",
+        "repo": "old-ghc-nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "cncli": "cncli",
+        "deploy": "deploy",
+        "fenix": "fenix",
+        "flake-utils": "flake-utils",
+        "haskellNix": "haskellNix",
+        "nix": "nix",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_4",
+        "nixpkgs-unstable": "nixpkgs-unstable_2",
+        "sops-nix": "sops-nix",
+        "styx": "styx"
+      }
+    },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1654111402,
+        "narHash": "sha256-bPLg3p6gJ23uSC4IaYtIWj/fG6uUNHPM3xG9k2vtcZE=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "6f7c5589abfc93fbdfc071cc2716d1ea7b527e2e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    },
+    "rust-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "cncli",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1614256663,
+        "narHash": "sha256-cFew8eXUJfmlaLh4f3Z+TxAAo2Syh2xWB/3Xa/Ebd70=",
+        "owner": "input-output-hk",
+        "repo": "rust.nix",
+        "rev": "e2d4e8e5225739c4607614f98f60d2667c794558",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "ref": "work",
+        "repo": "rust.nix",
+        "type": "github"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-21_11": "nixpkgs-21_11",
+        "nixpkgs-22_05": "nixpkgs-22_05"
+      },
+      "locked": {
+        "lastModified": 1653827546,
+        "narHash": "sha256-va51HFf7UwktvriIbe9pjRPMr7p8IaxrwcDlZe7twzI=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "36b5901782e7fbfc191cace910f67f8b8743f678",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
+    "stackage": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1643073493,
+        "narHash": "sha256-5cPd1+i/skvJY9vJO1BhVRPcJObqkxDSywBEppDmb1U=",
+        "owner": "input-output-hk",
+        "repo": "stackage.nix",
+        "rev": "48e1188855ca38f3b7e2a8dba5352767a2f0a8f7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "input-output-hk",
+        "repo": "stackage.nix",
+        "type": "github"
+      }
+    },
+    "styx": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_5",
+        "utils": "utils_3"
+      },
+      "locked": {
+        "lastModified": 1642573301,
+        "narHash": "sha256-djXJRQc5RUKqoCSaHPCDbV4eenmSWjFtwPTbSLKDGUI=",
+        "owner": "disassembler",
+        "repo": "styx",
+        "rev": "eb640d08e62658e9252d334f5e2d3f3432ca36ad",
+        "type": "github"
+      },
+      "original": {
+        "owner": "disassembler",
+        "repo": "styx",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1613500319,
+        "narHash": "sha256-ybAq6pImFCSnwyhhmnnvV567JM4GuhCEG/PHBkSS86U=",
+        "owner": "kreisys",
+        "repo": "flake-utils",
+        "rev": "28e72370213c9bc2cf094ab07b8ac95f3c6bb60f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kreisys",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "utils_2": {
+      "locked": {
+        "lastModified": 1637014545,
+        "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "utils_3": {
+      "locked": {
+        "lastModified": 1623875721,
+        "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,22 @@
+{
+  description = "NixOS configuration";
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+
+    nix.url = "github:NixOS/nix/2.8.0";
+    nixpkgs.url = "nixpkgs/nixos-22.05";
+    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+
+    haskellNix.url = "github:input-output-hk/haskell.nix/14f740c7c8f535581c30b1697018e389680e24cb";
+    cncli.url = "github:AndrewWestberg/cncli";
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    deploy.url = "github:input-output-hk/deploy-rs";
+    deploy.inputs.nixpkgs.follows = "fenix/nixpkgs";
+    deploy.inputs.fenix.follows = "fenix";
+    sops-nix.url = "github:Mic92/sops-nix";
+    fenix.url = "github:nix-community/fenix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    styx.url = "github:disassembler/styx";
+  };
+  outputs = { ... } @ args: import ./outputs.nix args;
+}

legacy/install-desktop.nix

@@ -19,7 +19,6 @@ ask_if_sure
 mp_umount /
 
 ################################################################################################
-echo "Starting Root SSD"
 
 lvm_remove_lv /dev/vg_root/lv_root
 lvm_remove_lv /dev/vg_root/lv_home
@@ -39,6 +38,8 @@ sgdisk \
 	--largest-new=3  -c 3:"Crypt"                -t 3:8309 \
 	-p
 
+sleep 3
+
 cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
 cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
 
@@ -68,19 +69,4 @@ ssh-keygen -t rsa     -N "" -f "${CHROOT_BASE}/etc/secrets/initrd/ssh_host_rsa_k
 mkdir -p "${CHROOT_BASE}/etc/nixos/"
 rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
 
-cat >> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" <<END
-{
-	fs = {
-		root = "$(blkid -o value -s UUID "/dev/vg_root/lv_root")";
-		boot = "$(blkid -o value -s UUID "${DRIVE_ROOT}${PARTSEP}2")";
-		home = "$(blkid -o value -s UUID "/dev/vg_root/lv_home")";
-		swap = "$(blkid -o value -s UUID "/dev/vg_root/lv_swap")";
-	};
-
-	luks = {
-		root = "$(blkid -o value -s PARTUUID "${DRIVE_ROOT}${PARTSEP}3")";
-	};
-}
-END
-
 install_os "${CHROOT_BASE}"

legacy/install-server.sh

@@ -39,6 +39,8 @@ sgdisk \
 	--largest-new=3  -c 3:"Crypt"                -t 3:8309 \
 	-p
 
+sleep 3
+
 cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
 cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
 
@@ -48,7 +50,7 @@ vgcreate vg_root "${DRIVE_ROOT_LUKS}"
 lvcreate -L 50GiB -n lv_root vg_root
 mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root
 
-lvcreate -L 250GiB -n lv_srv vg_root
+lvcreate -L 100GiB -n lv_srv vg_root
 mkfs.ext4 -L "${HOST}-srv" /dev/vg_root/lv_srv
 
 lvcreate -L 4GiB -n lv_swap vg_root
@@ -70,19 +72,4 @@ rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
 mkdir -p "${CHROOT_BASE}/etc/secrets/initrd"
 rsync -avH "/etc/secrets/" "${CHROOT_BASE}/etc/secrets/"
 
-cat >> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" <<END
-{
-	fs = {
-		root = "$(blkid -o value -s UUID "/dev/vg_root/lv_root")";
-		boot = "$(blkid -o value -s UUID "${DRIVE_ROOT}${PARTSEP}2")";
-		srv = "$(blkid -o value -s UUID "/dev/vg_root/lv_srv")";
-		swap = "$(blkid -o value -s UUID "/dev/vg_root/lv_swap")";
-	};
-
-	luks = {
-		root = "$(blkid -o value -s PARTUUID "${DRIVE_ROOT}${PARTSEP}3")";
-	};
-}
-END
-
 install_os "${CHROOT_BASE}"

nixos/configurations.nix

@@ -0,0 +1,56 @@
+{ self
+, nixpkgs
+, nixpkgs-unstable
+, sops-nix
+, inputs
+, nixos-hardware
+, nix
+, ...
+}:
+let
+  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
+  customModules = import ./modules/default.nix;
+  overlay-unstable = final: prev: {
+    unstable = import nixpkgs-unstable {
+      inherit (final) system;
+      config.allowUnfree = true;
+    };
+  };
+  baseModules = [
+    # make flake inputs accessiable in NixOS
+    {
+      _module.args.self = self;
+      _module.args.inputs = inputs;
+    }
+    {
+      imports = [
+        ({ pkgs, ... }: {
+          nixpkgs.overlays = [ overlay-unstable ];
+          nix.nixPath = [
+            "nixpkgs=${pkgs.path}"
+          ];
+          documentation.info.enable = false;
+        })
+        sops-nix.nixosModules.sops
+      ];
+    }
+  ];
+  defaultModules = baseModules ++ customModules;
+in
+{
+  # add your model from this list: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix
+  thinkman = nixosSystem {
+    system = "x86_64-linux";
+    modules = defaultModules ++ [
+      nixos-hardware.nixosModules.lenovo-thinkpad-t14
+      ./thinkman/configuration.nix
+    ];
+  };
+  serverle = nixosSystem {
+    system = "aarch64-linux";
+    modules = defaultModules ++ [
+      nixos-hardware.nixosModules.raspberry-pi-4
+      ./serverle/configuration.nix
+    ];
+  };
+}

nixos/deploy.nix

@@ -0,0 +1,20 @@
+{ self
+, deploy
+, ...
+}:
+let
+  mkNode = server: ip: fast: {
+    hostname = "${ip}:22";
+    fastConnection = fast;
+    profiles.system.path =
+      deploy.lib.x86_64-linux.activate.nixos
+        self.nixosConfigurations."${server}";
+  };
+in
+{
+  user = "root";
+  sshUser = "felix";
+  nodes = {
+    serverle = mkNode "serverle" "192.167.178.60" true;
+  };
+}

nixos/modules/default.nix

@@ -0,0 +1,6 @@
+[
+  ./core.nix
+  ./modules.nix
+  ./network.nix
+  ./users.nix
+]

nixos/modules/desktop-development.nix

@@ -1,7 +1,4 @@
 { config, pkgs, ... }:
-let
-  unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
-in
 {
   environment.systemPackages = with pkgs; [
     arduino

nixos/modules/development.nix

@@ -1,7 +1,4 @@
 { config, pkgs, ... }:
-let
-  unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
-in
 {
   environment.systemPackages = with pkgs; [
     # rust

nixos/serverle/configuration.nix

@@ -0,0 +1,43 @@
+{ config, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disks.nix
+    ./backup.nix
+    ../modules/3d-printer.nix
+    ../modules/avahi.nix
+    ../modules/compression.nix
+    ../modules/development.nix
+    ../modules/docker.nix
+    ./dyndns.nix
+    ../modules/networkdecrypt.nix
+    ../modules/nix.nix
+    ../modules/ssh.nix
+    ../modules/webapps/config.nix
+    ../modules/webapps/bazarr.nix
+    ../modules/webapps/homer.nix
+    ../modules/webapps/jellyfin.nix
+    ../modules/webapps/navidrome.nix
+    ../modules/webapps/prowlarr.nix
+    ../modules/webapps/radarr.nix
+    ../modules/webapps/sonarr.nix
+  ];
+  networking.hostName = "serverle";
+
+  #environment.noXlibs = true;
+
+  networking.firewall.allowedTCPPorts = [
+    8080 # aria
+  ];
+
+  # Nix
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 30d";
+  };
+
+  system = {
+    stateVersion = "21.11";
+    autoUpgrade.enable = true;
+  };
+}

nixos/serverle/disks.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd.luks.devices."luks-drive" = {
+    name = "luks-drive";
+    device = "/dev/sda";
+    preLVM = true;
+    allowDiscards = true;
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/serverle-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/serverle-bo";
+    fsType = "vfat";
+  };
+
+  fileSystems."/srv" = {
+    device = "/dev/disk/by-label/serverle-srv";
+    fsType = "ext4";
+  };
+
+  swapDevices = [{
+    device = "/dev/disk/by-label/serverle-swap";
+  }];
+}
+

nixos/serverle/dyndns.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  cfg = import ../vars-dyndns.nix;
+  cfg = import ./vars-dyndns.nix;
 in
 {
   services.ddclient = {

nixos/serverle/vars-backup.nix

@@ -0,0 +1,7 @@
+{
+  borg = {
+    user = "u181505-sub1";
+    host = "u181505-sub1.your-storagebox.de";
+    dir = "serverle/";
+  };
+}

nixos/serverle/vars-dyndns.nix

@@ -0,0 +1,7 @@
+{
+  dyndns = {
+    server = "dyndns.inwx.com";
+    username = "Stunkymonkey-dyndns";
+    domains =  [ "serverle.stunkymonkey.de" ];
+  };
+}

nixos/thinkman/backup.nix

@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = import ./vars-backup.nix;
+  borgbackupMonitor = { config, pkgs, lib, ... }: with lib; {
+    key = "borgbackupMonitor";
+    _file = "borgbackupMonitor";
+    config.systemd.services = {
+      "notify-problems@" = {
+        enable = true;
+        serviceConfig.User = "felix";
+        environment.SERVICE = "%i";
+        script = ''
+          export $(cat /proc/$(${pkgs.procps}/bin/pgrep -x "sway" -u "$USER")/environ |grep -z '^DBUS_SESSION_BUS_ADDRESS=')
+          ${pkgs.libnotify}/bin/notify-send -u critical "$SERVICE FAILED!" "Run journalctl -u $SERVICE for details"
+        '';
+      };
+    } // flip mapAttrs' config.services.borgbackup.jobs (name: value:
+      nameValuePair "borgbackup-job-${name}" {
+        unitConfig.OnFailure = "notify-problems@%i.service";
+      }
+    );
+  };
+
+in
+{
+  # notification
+  imports = [
+    borgbackupMonitor
+  ];
+
+  services.borgbackup.jobs.hetzner = {
+    paths = [
+      "/"
+    ];
+    exclude = [
+      "/nix"
+      "/sys"
+      "/run"
+      "/proc"
+      "/root/.cache/"
+      "**/.Trash"
+      "/tmp/*"
+      "/var/lock/*"
+      "/var/run/*"
+      "/var/tmp/*"
+      "/home/*/tmp"
+      "/home/*/todo"
+      "/home/*/.cache"
+      "/home/*/.gvfs"
+      "/home/*/.thumbnails"
+      "/home/*/.local/share/Trash"
+      "/srv/data/tmp"
+      "/srv/data/todo"
+    ];
+    extraCreateArgs = "--exclude-caches --keep-exclude-tags --stats";
+    encryption = {
+      mode = "repokey-blake2";
+      passCommand = "cat /root/.borg_password";
+    };
+    environment.BORG_RSH = "ssh -o 'StrictHostKeyChecking=no' -i /root/.ssh/backup_ed25519 -p 23";
+    repo = "${cfg.borg.user}@${cfg.borg.host}:${cfg.borg.dir}";
+    compression = "auto,zstd";
+    doInit = false;
+    startAt = "daily";
+    persistentTimer = true;
+    prune.keep = {
+      last = 1;
+      within = "3d";
+      daily = 7;
+      weekly = 4;
+      monthly = 6;
+      yearly = 2;
+    };
+  };
+}

nixos/thinkman/configuration.nix

@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./disks.nix
+    ./hardware-configuration.nix
+    ../modules/sway.nix
+    ./backup.nix
+    ../modules/3d-design.nix
+    ../modules/android.nix
+    ../modules/avahi.nix
+    ../modules/bluetooth-audio.nix
+    ../modules/clean.nix
+    ../modules/compression.nix
+    ../modules/desktop-development.nix
+    ../modules/development.nix
+    ../modules/docker.nix
+    ../modules/filesystem.nix
+    ../modules/gaming.nix
+    ../modules/hardware-base.nix
+    ../modules/intel-video.nix
+    ../modules/intel.nix
+    ../modules/kvm.nix
+    ../modules/location.nix
+    ../modules/media.nix
+    ../modules/meeting.nix
+    ../modules/nix.nix
+    ../modules/power.nix
+    ../modules/presentation.nix
+    ../modules/printer.nix
+    ../modules/screen-sharing.nix
+    ../modules/sound.nix
+    ../modules/sync.nix
+    ../modules/systemd-user.nix
+    ../modules/systemduefi.nix
+    ../modules/tex.nix
+    ../modules/theme.nix
+    ../modules/thunderbolt.nix
+    ../modules/webcam.nix
+  ];
+
+  networking.hostName = "thinkman";
+
+  # Use latest kernel
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Nix
+  nix = {
+    autoOptimiseStore = true;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+    daemonCPUSchedPolicy = "idle";
+    daemonIOSchedPriority = 7;
+  };
+
+  system = {
+    stateVersion = "22.05";
+    autoUpgrade.enable = true;
+  };
+}

nixos/thinkman/disks.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd.luks.devices."luks-drive" = {
+    name = "luks-drive";
+    device = "/dev/nvme0";
+    preLVM = true;
+    allowDiscards = true;
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/thinkman-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/thinkman-bo";
+    fsType = "vfat";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-label/thinkman-home";
+    fsType = "ext4";
+  };
+
+  swapDevices = [{
+    device = "/dev/disk/by-label/thinkman-swap";
+  }];
+}
+

nixos/thinkman/vars-backup.nix

@@ -0,0 +1,7 @@
+{
+  borg = {
+    user = "u181505-sub1";
+    host = "u181505-sub1.your-storagebox.de";
+    dir = "thinkman/";
+  };
+}

outputs.nix

@@ -0,0 +1,28 @@
+{ self
+, flake-utils
+, nixpkgs
+, nixpkgs-unstable
+, sops-nix
+, deploy
+, ...
+} @ inputs:
+(flake-utils.lib.eachDefaultSystem (system:
+  let
+    pkgs = nixpkgs.legacyPackages."${system}";
+  in
+  {
+    devShell = pkgs.callPackage ./shell.nix {
+      inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
+      inherit (deploy.packages."${pkgs.system}") deploy-rs;
+    };
+  })) // {
+  nixosConfigurations = import ./nixos/configurations.nix (inputs // {
+    inherit inputs;
+  });
+  deploy = import ./nixos/deploy.nix (inputs // {
+    inherit inputs;
+  });
+
+  hydraJobs = nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations;
+  checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib;
+}

serverle.nix

@@ -1,47 +0,0 @@
-{ config, ... }:
-{
-  imports = [
-    ./backup.nix
-    ./default.nix
-    ./core.nix
-    ./disks.nix
-    ./disks-srv.nix
-    ./users.nix
-    ./extra/3d-printer.nix
-    ./extra/avahi.nix
-    ./extra/compression.nix
-    ./extra/development.nix
-    ./extra/docker.nix
-    ./extra/dyndns.nix
-    ./extra/networkdecrypt.nix
-    ./extra/nix.nix
-    ./extra/ssh.nix
-    ./modules/webapps
-    ./extra/webapps/bazarr.nix
-    ./extra/webapps/homer.nix
-    ./extra/webapps/jellyfin.nix
-    ./extra/webapps/navidrome.nix
-    ./extra/webapps/prowlarr.nix
-    ./extra/webapps/radarr.nix
-    ./extra/webapps/sonarr.nix
-    ./hardware/raspberrypi4.nix
-  ];
-  networking.hostName = "serverle";
-
-  #environment.noXlibs = true;
-
-  networking.firewall.allowedTCPPorts = [
-    8080 # aria
-  ];
-
-  # Nix
-  nix.gc = {
-    automatic = true;
-    options = "--delete-older-than 30d";
-  };
-
-  system = {
-    stateVersion = "21.11";
-    autoUpgrade.enable = true;
-  };
-}

shell.nix

@@ -0,0 +1,26 @@
+{ mkShell
+, sops-import-keys-hook
+, ssh-to-pgp
+, sops-init-gpg-key
+, sops
+, deploy-rs
+, nixpkgs-fmt
+, knot-dns
+, lefthook
+, python3
+}:
+
+mkShell {
+  sopsPGPKeyDirs = [ "./nixos/secrets/keys" ];
+  nativeBuildInputs = [
+    python3.pkgs.invoke
+    ssh-to-pgp
+    sops-import-keys-hook
+    sops-init-gpg-key
+    sops
+    deploy-rs
+    nixpkgs-fmt
+    lefthook
+    knot-dns
+  ];
+}

thinkman.nix

@@ -1,66 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  imports = [
-    ./backup.nix
-    ./core.nix
-    ./default.nix
-    ./disks.nix
-    ./disks-home.nix
-    ./sway.nix
-    ./extra/3d-design.nix
-    ./extra/android.nix
-    ./extra/avahi.nix
-    ./extra/bluetooth-audio.nix
-    ./extra/clean.nix
-    ./extra/compression.nix
-    ./extra/default.nix
-    ./extra/desktop-development.nix
-    ./extra/development.nix
-    ./extra/docker.nix
-    ./extra/filesystem.nix
-    ./extra/gaming.nix
-    ./extra/hardware-base.nix
-    ./extra/intel-video.nix
-    ./extra/intel.nix
-    ./extra/kvm.nix
-    ./extra/location.nix
-    ./extra/media.nix
-    ./extra/meeting.nix
-    ./extra/nix.nix
-    ./extra/power.nix
-    ./extra/presentation.nix
-    ./extra/printer.nix
-    ./extra/screen-sharing.nix
-    ./extra/sound.nix
-    ./extra/sync.nix
-    ./extra/systemd-user.nix
-    ./extra/systemduefi.nix
-    ./extra/tex.nix
-    ./extra/theme.nix
-    ./extra/thunderbolt.nix
-    ./extra/webcam.nix
-    ./hardware/t14.nix
-  ];
-
-  networking.hostName = "thinkman";
-
-  # Use latest kernel
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  # Nix
-  nix = {
-    autoOptimiseStore = true;
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 30d";
-    };
-    daemonCPUSchedPolicy = "idle";
-    daemonIOSchedPriority = 7;
-  };
-
-  system = {
-    stateVersion = "22.05";
-    autoUpgrade.enable = true;
-  };
-}