README.md

@@ -121,10 +121,11 @@ used flakes:
 
         ```bash
         nix run github:nix-community/nixos-anywhere -- \
+            --disko-mode disko \
             --disk-encryption-keys /tmp/disk.key /tmp/disk.key \
             --extra-files "$temp" \
             --flake .#<flake> \
-            --target-host root@<host>
+            root@<host>
         ```
 
 ## Inspired by

flake.lock

@@ -41,11 +41,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1775087534,
+        "lastModified": 1772408722,
-        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
+        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
+        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
         "type": "github"
       },
       "original": {
@@ -114,11 +114,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775585728,
+        "lastModified": 1774104215,
-        "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
+        "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "580633fa3fe5fc0379905986543fd7495481913d",
+        "rev": "f799ae951fde0627157f40aec28dec27b22076d0",
         "type": "github"
       },
       "original": {
@@ -222,27 +222,26 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1775232991,
+        "lastModified": 1774567711,
-        "narHash": "sha256-QkmL6kwmQXBN24FVOZSfFkNpUgu8jHfdYPoA2H8sA7k=",
+        "narHash": "sha256-uVlOHBvt6Vc/iYNJXLPa4c3cLXwMllOCVfAaLAcphIo=",
-        "owner": "Stunkymonkey",
+        "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "d6ee262f8d4db0815b08c76714becc09af11f962",
+        "rev": "3f6f874dfc34d386d10e434c48ad966c4832243e",
         "type": "github"
       },
       "original": {
-        "owner": "Stunkymonkey",
+        "owner": "NixOS",
-        "ref": "dell-precision-5820",
         "repo": "nixos-hardware",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1775811116,
+        "lastModified": 1774388614,
-        "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
+        "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
+        "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e",
         "type": "github"
       },
       "original": {
@@ -253,11 +252,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1774748309,
+        "lastModified": 1772328832,
-        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
+        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
+        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
         "type": "github"
       },
       "original": {
@@ -298,11 +297,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1775710090,
+        "lastModified": 1774386573,
-        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
+        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
+        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
         "type": "github"
       },
       "original": {
@@ -355,11 +354,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775971308,
+        "lastModified": 1774303811,
-        "narHash": "sha256-VKp9bhVSm0bT6JWctFy06ocqxGGnWHi1NfoE90IgIcY=",
+        "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "31ac5fe5d015f76b54058c69fcaebb66a55871a4",
+        "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
         "type": "github"
       },
       "original": {

flake.nix

@@ -11,8 +11,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
-    nixos-hardware.url = "github:Stunkymonkey/nixos-hardware/dell-precision-5820";
 
     nixinate = {
       url = "github:matthewcroughan/nixinate";

machines/.sops.yaml

@@ -5,7 +5,6 @@ keys:
   - &workman age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2
   - &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03
   - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4
-  - &playman age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
   - &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu
 creation_rules:
   - path_regex: workman/secrets.yaml$
@@ -28,8 +27,3 @@ creation_rules:
       - age:
           - *admin_felix
           - *serverle
-  - path_regex: playman/secrets.yaml$
-    key_groups:
-      - age:
-          - *admin_felix
-          - *playman

machines/configurations.nix

@@ -82,12 +82,5 @@ in
         ./serverle/configuration.nix
       ];
     };
-    playman = nixosSystem {
-      system = "x86_64-linux";
-      modules = defaultModules ++ [
-        nixos-hardware.nixosModules.dell-precision-5820
-        ./playman/configuration.nix
-      ];
-    };
   };
 }

machines/playman/boot.nix

@@ -1,17 +0,0 @@
-_: {
-  boot = {
-    loader = {
-      timeout = 0;
-      systemd-boot = {
-        enable = true;
-        configurationLimit = 10;
-        editor = true;
-      };
-      efi.canTouchEfiVariables = true;
-    };
-    initrd = {
-      systemd.enable = true; # for a nice password prompt
-      verbose = false;
-    };
-  };
-}

machines/playman/configuration.nix

@@ -1,29 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./boot.nix
-    ./disko-config.nix
-    ./hardware-configuration.nix
-    ./network.nix
-    ./nixinate.nix
-    ./profiles.nix
-    ./services.nix
-    ./system.nix
-  ];
-
-  networking.hostName = "playman";
-
-  sops = {
-    defaultSopsFile = ./secrets.yaml;
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    gnupg.sshKeyPaths = [ ];
-  };
-
-  # needed for cross-compilation
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  system = {
-    stateVersion = "25.11";
-    autoUpgrade.enable = true;
-  };
-}

machines/playman/disko-config.nix

@@ -1,72 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      vdb = {
-        type = "disk";
-        device = "/dev/disk/by-id/nvme-eui.ace42e817028d9c6";
-        content = {
-          type = "gpt";
-          partitions = {
-            boot = {
-              size = "1M";
-              type = "EF02"; # for grub MBR
-            };
-            ESP = {
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "defaults" ];
-              };
-            };
-            luks = {
-              size = "100%";
-              content = {
-                type = "luks";
-                name = "encrypted";
-                settings.allowDiscards = true;
-                passwordFile = "/tmp/disk.key";
-                content = {
-                  type = "lvm_pv";
-                  vg = "pool";
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100G";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-            };
-          };
-          home = {
-            size = "500G";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/home";
-            };
-          };
-          swap = {
-            size = "32GB";
-            content = {
-              type = "swap";
-              resumeDevice = true;
-            };
-          };
-        };
-      };
-    };
-  };
-}

machines/playman/hardware-configuration.nix

@@ -1,26 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-{
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  my.hardware = {
-    bluetooth.enable = true;
-    debug.enable = true;
-    drive-monitor = {
-      enable = true;
-      OnFailureMail = "server@buehler.rocks";
-    };
-    firmware = {
-      enable = true;
-      cpuFlavor = "intel";
-    };
-    graphics = {
-      enable = true;
-      gpuFlavor = "nvidia";
-    };
-    keychron.enable = true;
-    yubikey.enable = true;
-  };
-}

machines/playman/network.nix

@@ -1,6 +0,0 @@
-_: {
-  networking = {
-    domain = "buehler.rocks";
-    search = [ "buehler.rocks" ];
-  };
-}

machines/playman/nixinate.nix

@@ -1,8 +0,0 @@
-_: {
-  _module.args.nixinate = {
-    host = "playman.local";
-    sshUser = "felix";
-    buildOn = "remote";
-    substituteOnTarget = true;
-  };
-}

machines/playman/profiles.nix

@@ -1,11 +0,0 @@
-# enabled profiles
-_: {
-  my.profiles = {
-    clean.enable = true;
-    development.enable = true;
-    gaming.enable = true;
-    nix.enable = true;
-    sync.enable = true;
-    update.enable = true;
-  };
-}

machines/playman/secrets.yaml

@@ -1,30 +0,0 @@
-users:
-    felix:
-        password: ENC[AES256_GCM,data:MHiZkTDna6nz6JhCst0uQA7MKDLtXzIqZuJEYHPgC6dRmGckYBUR0mXqh+5lLlCOeqtGbyBFKQ7tv7hpgIOX2lVyX4V99IICzw==,iv:p9ZtVpL2u64iEQuo3TF+5kFaWLd0wHT16lT4Wx8QLyo=,tag:o9g2wKQfNQyv3078tL58Nw==,type:str]
-borgbackup:
-    password: ENC[AES256_GCM,data:bWZUeX09dxLjiHVsymKi3zArtxW4aEkVU/eLa3RbdvI=,iv:sRxy7Y0EggxXf6tGQZJdVfggcBbQD+1w2hvJgQCyr3Y=,tag:Up/opwQwl8+t1Yt26012GQ==,type:str]
-    ssh_key: ENC[AES256_GCM,data:k5gDazMB8sVwJANws8nORGvM8baxwx+kniFIlc50WaJplerbsk1ZspxRes5vnMeEM0UBawtBkHUXpcXVo5KXU/hXd1sDHQe3CFBhKjSFwls3b9LSmt81mBYjrlPeHMah5/PHOz5RDj5skpZ7rd5AzVOfu+aB4qUogl/gAP9aEMdtuIBx/uKXba3ER5590vLpd1Q4sxAuiWnkXi02rgW6Pzyx9RqcUU9KWLQuhfnyeEZ+PPjR4NHPJBr4TkUJ3DR2UziCtlOH1H0kKeDIj/pWqXKx8C5p7RRRkPxZ/qLmDqMtt3Cjs7MlDFUijvfnDSieKoa3JIZw9Kb9AlomkgfqrCOUEaNCBZEq/ovAj7SXm13t50SFGZfTRVul3AcToRxauzhrKXvoUbvKu0Qd4zSOPIXU4tnxodCrWraEbAXKJ+uqKH6N2RA8vxnT06Yqv9SY75hDbPIDvK/44+YWrQU5hNWYKZ+Afnadps2+huqNLbiih+/0AzTAAhtqUYsuQS+1ybTT5fsoakMssRf+wyi8,iv:vGaEIaeQGGOgLMu9oZwr/+N1/IzPPuOElMXczEZkwSw=,tag:VKzmy3Zy1C+VUgqAkscGfg==,type:str]
-sops:
-    age:
-        - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFblpKaTJIVTlVMHRjemZX
-            VWhmbU1vTzlxRDNQM1N3Y2tHb3ZZdUwvSFdFCnc4cTkyaWtxTEhEbUpXd0d3bnFJ
-            QkdaRHRvK2ZqazZGdGFoZFJwTUVCOUkKLS0tIGc4SUtZeGg3QXhwcW9NVk4zMVVo
-            andwd2Eydk5oRzBRTlNwdzFVQ1QwYmsK7Rn/P4JCjajb0seyzFRcnIxsz2WgkbYf
-            wF7wsXoBZrwGPu2otrn2G/4IYrXYn5Gf2K/sjKVo/PtsnHLRWEWgBw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4KzgwZzIrbVFFWE1OWWsr
-            ZElTQjhLOWgzZGRXcnV0dnpYejFhVWRXREhRCkxjU2NNQmdLQzY2Wm4yZjlSWWRu
-            OEpmcXcvblh1N0Exck1mMmRLZmd6VHcKLS0tIE5hUGV1eTRYUk51RXY3R2Q0ckVn
-            aHlUbExuSDlQZWN6TlEzdjAyNTBiaUUKM2w9fi0MJa4ujpkcrtyQqmjOYaTsbdBJ
-            wBDbuJ1EazT47T4g9ycilbFS6LvugfJxfrzN0mW3XEuiWkrsYIIsPw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-03T15:10:27Z"
-    mac: ENC[AES256_GCM,data:p3Ke6ZCuuBYOzrcLGtnC4Kk8Y8S+EM8WlyT0hNFyoA/Ds6aI+FtOuNKfZN4Znh2KbLZBOaz6UJ+jDaMrfaRPJY13HlklysuSGari9Y7YdxdkcMvfl/nlGfhE7A0Wgm/m7LF2N33BAd2NrPKpPF2Omu8moIMcQ+xy5GKzVb/hiHU=,iv:3Tq29JZkVmh0/L01+mlmW/5N1bXOecElsMwg+m9Kpq0=,tag:S0m79vu0ywsaj/t+mtLfQw==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.12.1

machines/playman/services.nix

@@ -1,34 +0,0 @@
-# Deployed services
-{ config, ... }:
-let
-  inherit (config.sops) secrets;
-in
-{
-  sops.secrets = {
-    "borgbackup/password" = { };
-    "borgbackup/ssh_key" = { };
-  };
-
-  # List services that you want to enable:
-  my.services = {
-    backup = {
-      enable = true;
-      OnFailureMail = "server@buehler.rocks";
-      passwordFile = secrets."borgbackup/password".path;
-      sshKeyFile = secrets."borgbackup/ssh_key".path;
-      paths = [ "/" ];
-    };
-    # remote build
-    remote-build.enable = true;
-
-    ssh-server = {
-      enable = true;
-    };
-    initrd-ssh = {
-      enable = true;
-    };
-    vpn = {
-      enable = true;
-    };
-  };
-}

machines/playman/system.nix

@@ -1,7 +0,0 @@
-# enabled system services
-_: {
-  my.system = {
-    avahi.enable = true;
-    podman.enable = true;
-  };
-}

machines/thinkman/hardware-configuration.nix

@@ -1,4 +1,8 @@
-_: {
+_:
+let
+  cpuFlavor = "intel";
+in
+{
   # video driver
   boot.initrd.kernelModules = [ "i915" ];
 
@@ -16,11 +20,11 @@ _: {
     drive-monitor.enable = true;
     firmware = {
       enable = true;
-      cpuFlavor = "intel";
+      inherit cpuFlavor;
     };
     graphics = {
       enable = true;
-      gpuFlavor = "intel";
+      inherit cpuFlavor;
     };
     id-card.enable = true;
     keychron.enable = true;

machines/workman/hardware-configuration.nix

@@ -2,6 +2,9 @@
   pkgs,
   ...
 }:
+let
+  cpuFlavor = "amd";
+in
 {
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
@@ -27,11 +30,11 @@
     drive-monitor.enable = true;
     firmware = {
       enable = true;
-      cpuFlavor = "amd";
+      inherit cpuFlavor;
     };
     graphics = {
       enable = true;
-      gpuFlavor = "amd";
+      inherit cpuFlavor;
     };
     id-card.enable = true;
     keychron.enable = true;

modules/hardware/graphics/default.nix

@@ -10,12 +10,11 @@ in
 {
   options.my.hardware.graphics = {
     enable = lib.mkEnableOption "graphics configuration";
-    gpuFlavor = lib.mkOption {
+    cpuFlavor = lib.mkOption {
       type = lib.types.nullOr (
         lib.types.enum [
           "amd"
           "intel"
-          "nvidia"
         ]
       );
       default = null;
@@ -30,7 +29,7 @@ in
         hardware.graphics.enable = true;
       }
       # Intel GPU
-      (lib.mkIf (cfg.gpuFlavor == "intel") {
+      (lib.mkIf (cfg.cpuFlavor == "intel") {
         nixpkgs.config.packageOverrides = pkgs: {
           intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
         };
@@ -42,9 +41,7 @@ in
         ];
       })
 
-      (lib.mkIf (cfg.gpuFlavor == "amd") {
+      (lib.mkIf (cfg.cpuFlavor == "amd") {
-      })
-      (lib.mkIf (cfg.gpuFlavor == "nvidia") {
       })
     ]
   );