god save me massive rewrite

2023-09-24 18:13:19 -06:00 · 2023-09-24 18:13:19 -06:00 · b8b4589dca
commit b8b4589dca
parent 888fba07f2
3 changed files with 484 additions and 428 deletions
--- a/workstation/configuration.org
+++ b/workstation/configuration.org
@ -1,4 +1,4 @@
-#+TITLE: JawZ NixOS workstation configuration
+#+TITLE: JawZ NixOS server configuration
 #+AUTHOR: Danilo Reyes
 #+PROPERTY: header-args :tangle configuration.nix
 #+auto_tangle: t
@ -16,26 +16,33 @@ times through the config file, such as the current version of NixOS,
 repositories and even some scripts that will be reused on systemd
 configurations.
-** VARIABLES
+- version: used by both NixOS and home-manager to dictate the state repository
- Global version number so NixOS and Home-Manager are in sync
+  from which to pull configurations, modules and packages.
- The unstable part allows me to build packages from the unstable channel by
+- myEmail myName: used by git and acme
-  prepending "unstable" to a package name.
+- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current
- The next part creates a simple build of some of my simple scripts, turning
+  CPU specifications.
-  them into binaries which then I can integrate into the nix-store as well as
+- home-manager: the channel containing the packages matching the NixOS state
-  declared systemd units.
+  version, with a commented out to the unstable master.
 - unstable: a sort of overlay that allows to prepend "unstable" to a package,
  to pull from the unstable channel rather than precompiled binaries on a case
  by case use.
 - jawz*: scripts that will be reused multiple times through the config, such as
  on systemd, and as such this feels like a safe way to compile them only once.
 #+begin_src nix
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
  version = "23.05";
  myEmail = "CaptainJawZ@outlook.com";
  myName = "Danilo Reyes";
-  home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
+  cpuArchitecture = "skylake";
  home-manager = builtins.fetchTarball
    # "https://github.com/nix-community/home-manager/archive/master.tar.gz";
    "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
  unstable = import
    (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
    config = config.nixpkgs.config;
  };
  sshKeyBattlestation = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation";
  jawzManageLibrary = pkgs.writeScriptBin
    "manage-library" (builtins.readFile ../scripts/manage-library.sh);
  jawzTasks = pkgs.writeScriptBin
@ -44,11 +51,13 @@ in
 { # Remember to close this bracket at the end of the document
 #+end_src
 ** IMPORTS
 These are files and modules which get loaded onto the configuration file, in the
 future I may segment this file into different modules once it becomes too
 cluttered, for example, I may create a module for systemd units.
 - agenix: an encryption system which cleans up the nix-configuration files from
 passwords and other secrets.
 #+begin_src nix
 imports = [
  ./hardware-configuration.nix
@ -61,20 +70,23 @@ imports = [
 * SYSTEM CONFIGURATION
 ** NETWORKING
-At the moment, I don't have a wireless card on this computer, however as I build
+Sets sensible networking options, such as setting up a hostname, and creating a
-a new system, such setting may come in handy.
+hosts file with the static IP and hostname of other devices on my network.
-Pick *ONLY ONE* of the below networking options.
+Also open ports on the firewall for LAN connectivity, and well keeping commented
- *wireless.enable* enables wireless support via wpa_supplicant.
+what each port does, I declared the firwewall ports with variables, because I
- *NetworkManager* it's the default of GNOME, and easiest to use and integrate.
+can not be bothered to figure out whether I need TCP or UDP so let's open both,
 and repetition is maddening.
 #+begin_src nix
 powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 networking = {
  useDHCP = lib.mkDefault true;
  enableIPv6 = false;
-  hostName = "workstation";
+  hostName = "server";
  networkmanager.enable = true;
  extraHosts = ''
-               192.168.1.64 battlestation
+               192.168.1.64 workstation
               '';
  firewall = let
    open_firewall_ports = [
@ -84,7 +96,8 @@ networking = {
      2049 # nfs
    ];
    open_firewall_port_ranges = [ ];
-    in {
+  in
    {
      enable = true;
      allowedTCPPorts = open_firewall_ports;
      allowedUDPPorts = open_firewall_ports;
@ -98,10 +111,10 @@ networking = {
 For some reason, useXkbConfig throws an error when building the system, either
 way it is an unnecessary setting as my keyboards are the default en_US, only
 locale set to Canadian out because I prefer how it displays the date.
 LC_MONETARY, it's also a personal preference.
 #+begin_src nix
 time.timeZone = "America/Mexico_City";
 i18n = {
  defaultLocale = "en_CA.UTF-8";
  extraLocaleSettings = {
@ -115,34 +128,94 @@ console = {
 };
 #+end_src
-* GNOME
+** SYSTEM/NIX CONFIGURATIONS
-At the time of writing this file, I require of X11, as the NVIDIA support for
+The first setting creates a copy the NixOS configuration file and link it from
-Wayland is not perfect yet.  At the time being, the ability to switch through
+the resulting system (/run/current-system/configuration.nix).  This is useful in
-GDM from Wayland to XORG, it's pretty handy, but in the future these settings
+case you accidentally delete configuration.nix.
 will require an update.
-Sets up GNOME as the default desktop environment, while excluding some
+The version value determines the NixOS release from which the default settings for
-undesirable packages from installing.
+stateful data, like file locations and database versions on your system.
 It‘s perfectly fine and recommended to leave this value at the release version
 of the first install of this system.
 Lastly I configure in here cachix repositories, which is a website that keeps a
 cache of nixbuilds for easy quick deployments without having to compile
 everything from scratch.
 - gc: automatically garbage-collects.
 - auto-optimise-store: hard-links binaries whenever possible.
 - system-features: features present on compiling time.
 #+begin_src nix
 system = {
  copySystemConfiguration = true;
  stateVersion = "${version}";
 };
 nix = let featuresList = [
      "nixos-test"
      "benchmark"
      "big-parallel"
      "kvm"
      "gccarch-${cpuArchitecture}"
      "gccarch-znver3"
    ];
      in {
  gc = {
    automatic = true;
    dates = "weekly";
  };
  # buildMachines = [ {
  #     hostName = "workstation";
  #     system = "x86_64-linux";
  #     sshUser = "nixremote";
  #     maxJobs = 4;
  #     speedFactor = 1;
  #     supportedFeatures = featuresList;
  # } ];
  distributedBuilds = true;
  settings = {
    cores = 6;
    auto-optimise-store = true;
    system-features = featuresList;
    substituters = [
      "https://nix-gaming.cachix.org"
      "https://nixpkgs-python.cachix.org"
      "https://devenv.cachix.org"
      "https://cuda-maintainers.cachix.org"
    ];
    trusted-public-keys = [
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
      "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
    ];
  };
 };
 #+end_src
 * DISPLAY MANAGER
 Rather than having the server be completely headless, temporarily I'm enabling
 xfce as a minimal display manager.
 #+begin_src nix
 services = {
  xserver = {
    enable = true;
    displayManager.defaultSession = "xfce";
    videoDrivers = [ "nvidia" ];
    desktopManager = {
      xfce.enable = true;
      xterm.enable = false;
    };
    layout = "us";
    libinput.enable = true; # Wacom required?
  };
 };
 #+end_src
 * SOUND
-In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/
+In order to avoid issues with PipeWire, the wiki recommends to disable
-This is a basic PipeWire configuration, in the future stuff like Bluetooth or
+pulseaudio.  This is a basic PipeWire configuration that can support alsa/pulse
-latency will require expanding these settings.
+backends.
 #+begin_src nix
 hardware.pulseaudio.enable = false;
@ -159,6 +232,10 @@ services.pipewire = {
 Disabled password in sudo for commodity, but this is obviously not recommended,
 regarding rkit, that setting enables pipewire to run with real-time
 capabilities.  And lastly, the acme settings are for signing certificates.
 The pam limits exists so NixOS can compile the entire system without running
 into "Too many files open" errors.
 #+begin_src nix
 security = {
  rtkit.enable = true;
@ -166,43 +243,61 @@ security = {
    enable = true;
    wheelNeedsPassword = false;
  };
-  acme = {
+  pam.loginLimits = [{
-    acceptTerms = true;
+    domain = "*";
-    defaults.email = "${myEmail}";
+    type = "soft";
-  };
+    item = "nofile";
    value = "8192";
  }];
 };
 #+end_src
-* NIXPKGS
+* NIXPKGS SETTINGS
 Allow non-free, sadly is a requirement for some of my drivers, besides that,
 here is a good place to declare some package overrides as well as permit unsafe
 packages.
 localSystem allows me to compile the entire operating system optimized to my CPU
 architecture and other build flags.
 =note= if using gcc.arch flags, comment out hostPlatform and viceversa.
 #+begin_src nix
-nixpkgs.config = {
+nixpkgs = {
-  allowUnfree = true;
+  hostPlatform = lib.mkDefault "x86_64-linux";
  config.allowUnfree = true;
  # localSystem = {
  #   gcc.arch = cpuArchitecture;
  #   gcc.tune = cpuArchitecture;
  #   system = "x86_64-linux";
  # };
 };
 #+end_src
 * NORMAL USERS
-Being part of the "wheel" group, means that the user has root privileges.
+Being part of the "wheel" group, means that the user has root privileges.  The
 piracy.gid is so I have read/write access permissions on all the hard drives
 split among my multiple systems, the rest of the groups are self explanatory.
 - nixremote: is a low-privilege user set exclusively with the intention to be a
  proxy to build the nix-store remotely.
 #+begin_src nix
-users.users.root.openssh.authorizedKeys.keys = [ sshKeyBattlestation ];
+users = {
-users.groups.nixremote = {
+  groups.nixremote = {
    name = "nixremote";
    gid = 555;
  };
-users.users.nixremote = {
+  users.nixremote = {
    isNormalUser = true;
    createHome = true;
    group = "nixremote";
    home = "/var/nixremote/";
    openssh.authorizedKeys.keys = [
-    sshKeyBattlestation
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@battlestation"
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyCBh8BmemoclUuTdmPsad/ROu15WlfyHtUrxU/+uAPwMvgniq0QzJg4ctHxFk+Fgg7YhHlf9vRVgtnrjXONf9XqSqUfA69rMsev8unNiJytOJ4J3X2YWYJQMZmJ33zudqxcTFjDXG7n4vC+Gfu9bKEeD/h+Vov47p8/DIBW+p/IYyICt8P5BRPGDDfmDIhslqUdxpq6F2TEtI33n68je4C8yiOBTSHGKNimK/NUpyEf8LtXPSuh/DXwigse1po+ft9nZ92mH/vHfsSU7a93xDhqPiyQbjqROa4YDt8D4tzpesTnYLDEvphJ5sS8wGe7PAtXnnXjQlVH0p1uC+AMu+U4RH8szK9/TukC5OWDn4uPrmLjfHi3jRCUpUT8ZMBaotzSpj9aitGnBtl8eNfJEP2FQuYNdVXJNiLGShCPqdRo0tpA8I77+oGF81RPT6HAugJWPfRvOyd+p0fJUM9tUShZTU873deFPIt4S0y27L+qI3fu6p1lrVc7l6aXHhvc= root@battlestation"
    ];
  };
 };
 users.users.jawz = {
  isNormalUser = true;
  extraGroups = [ "wheel" "networkmanager" "docker"
@ -212,7 +307,7 @@ users.users.jawz = {
  initialPassword = "password";
  openssh = {
    authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
-                            sshKeyBattlestation
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@workstation";
    ];
  };
 #+end_src
@ -222,23 +317,34 @@ want installed, attempting to group them as dependencies of others when
 necessary.
 * USER PACKAGES
 This section of the document categorizes and organizes all he packages that I
 want installed, attempting to group them as dependencies of others when
 necessary.
 Begin the block to install user packages.
 #+begin_src nix
 packages = (with pkgs; [
 #+end_src
 cli and tui packages, which on their own right are as or more powerful than the
 packages on the previous section.
 =note= exa is no longer maintained, and will soon be replaced by eza, a maintained
 fork.
 ** COMMAND-LINE PACKAGES
 #+begin_src nix
 unstable.yt-dlp # downloads videos from most video websites
 unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
 fd # modern find, faster searches
 fzf # fuzzy finder! super cool and useful
 gdu # disk-space utility, somewhat useful
 du-dust # rusty du
 exa # like ls but with colors
 trashy # oop! didn't meant to delete that
 unstable.eza # like ls but with colors
 rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
 tldr # man for retards
 tree-sitter # code parsing, required by Doom emacs
 #+end_src
 ** MY SCRIPTS
@ -256,18 +362,21 @@ jawzTasks
 #+end_src
 ** DEVELOPMENT PACKAGES
 Assorted development packages and libraries, categorized by languages.
 #+begin_src nix
-# required by doom emacs, but still are rather useful.
+# required (optionally) by doom emacs, but still are rather useful
-fd # modern find, faster searches
+tree-sitter # code parsing based on symbols and shit, I do not get it
 fzf # fuzzy finder! super cool and useful
 ripgrep # modern grep
 # languagetool # proofreader for English.  check if works without the service
 graphviz # graphs
 tetex
 # languagetool # proofreader for English
 # these two are for doom everywhere
 xorg.xwininfo
 xdotool
 xclip
 tldr # man for retards
 exercism # learn to code
 # SH
 bats # testing system, required by Exercism
@ -276,41 +385,26 @@ shellcheck # linting
 shfmt # a shell parser and formatter
 # NIX
 expect # keep color when nom'ing
 nix-output-monitor # autistic nix builds
 nixfmt # linting
 cachix # why spend time compiling?
 # PYTHON.
 python3 # base language
-# pipenv # python development workflow for humans
+pipenv # python development workflow for humans
 # poetry # dependency management made easy
 # C# & Rust
 # omnisharp-roslyn # c# linter and code formatter
 # HASKELL
 # cabal-install # haskell interface
 # JS
 nodejs # not as bad as I thought
 #+end_src
 ** HUNSPELL
 These dictionaries work with Firefox, Doom Emacs and LibreOffice.
 #+begin_src nix
 hunspell
 hunspellDicts.it_IT
 hunspellDicts.es_MX
 hunspellDicts.en_CA
 #+end_src
 ** CUSTOMIZATION PACKAGES
 Themes and other customization, making my DE look the way I want is one of the
 main draws of Linux for me.
 #+begin_src nix
 # Fonts
 (nerdfonts.override {
  fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
            "Ubuntu" "FiraCode" "Iosevka" ];
 })
 symbola
 #+end_src
 ** PYTHON
 #+begin_src nix
@ -359,28 +453,49 @@ symbola
  # })
 #+end_src
 ** BAT-EXTRAS
 #+begin_src nix
 ]) ++ (with pkgs.bat-extras; [
  batman # man pages
  batpipe # piping
  batgrep # ripgrep
  batdiff # this is getting crazy!
  batwatch # probably my next best friend
  prettybat # trans your sourcecode!
 #+end_src
 ** NODEJS PACKAGES
 Mostly language servers and linters.
 #+begin_src nix
 ]) ++ (with pkgs.nodePackages; [
-  dockerfile-language-server-nodejs # LSP
+  # Language servers
-  bash-language-server # LSP
+  dockerfile-language-server-nodejs
-  pyright # LSP
+  yaml-language-server
  bash-language-server
  vscode-json-languageserver
  pyright
  markdownlint-cli # Linter
  prettier # Linter
  pnpm # Package manager
 #+end_src
 ** HUNSPELL
 These dictionaries work with Firefox, Doom Emacs and LibreOffice.
 #+begin_src nix
 hunspell
 hunspellDicts.it_IT
 hunspellDicts.es_MX
 hunspellDicts.en_CA
 #+end_src
 ** CUSTOMIZATION PACKAGES
 Themes and other customization, making my DE look the way I want is one of the
 main draws of Linux for me.
 #+begin_src nix
 # Fonts
 (nerdfonts.override {
  fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
            "Ubuntu" "FiraCode" "Iosevka" ];
 })
 symbola
 #+end_src
 ** CLOSING USER PACKAGES
 #+begin_src nix
 ]); }; # <--- end of package list
 #+end_src
@ -390,27 +505,31 @@ These make it so packages install to '/etc' rather than the user home directory,
 also allow for upgrades when rebuilding the system.
 #+begin_src nix
-home-manager.useUserPackages = true;
+home-manager = {
-home-manager.useGlobalPkgs = true;
+  useUserPackages = true;
-home-manager.users.jawz = { config, pkgs, ... }:{
+  useGlobalPkgs = true;
  users.jawz = { config, pkgs, ... }:{
    home.stateVersion = "${version}";
 #+end_src
 ** DOTFILES
 I opted out of using home-manager to declare my package environment, and instead
 I use it exclusively for setting up my dotfiles.
 *** BASH
 Declares my .bashrc file, and sets up some environment and functions.
 #+begin_src nix
 programs.bash = {
  enable = true;
  historyFile = "\${XDG_STATE_HOME}/bash/history";
-  historyControl = [ "erasedups" ];
+  historyControl = [ "erasedups" "ignorespace" ];
  shellAliases = {
-    ls = "exa --icons --group-directories-first";
+    hh = "hstr";
    ls = "eza --icons --group-directories-first";
    edit = "emacsclient -t";
    comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
    gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
    open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
    unique-extensions = "fd -tf | rev | cut -d. -f1 | rev  | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
    cp = "cp -i";
    mv = "mv -i";
    mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit";
@ -427,12 +546,11 @@ programs.bash = {
    f = "fzf --multi --exact -i";
    sc = "systemctl --user";
    jc = "journalctl --user -xefu";
    open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
    unique-extensions = "fd -tf | rev | cut -d. -f1 | rev  | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
  };
  enableVteIntegration = true;
  initExtra = ''
 #+end_src
 #+begin_src bash
    $HOME/.local/bin/pokemon-colorscripts -r --no-title
    # Lists
    list_root="${config.xdg.configHome}"/jawz/lists/jawz
@ -441,9 +559,6 @@ export LI=$list_root/instant.txt
    export LC=$list_root/comic.txt
    export command_timeout=30
 # GPG_TTY=$(tty)
 # export GPG_TTY
    if command -v fzf-share >/dev/null; then
    source "$(fzf-share)/key-bindings.bash"
    source "$(fzf-share)/completion.bash"
@ -453,44 +568,13 @@ nixos-reload () {
        nixfmt /home/jawz/Development/NixOS/workstation/*.nix
        sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
    }
 #+end_src
 #+begin_src nix
  '';
 };
 #+end_src
 *** OTHER
 #+begin_src nix
 programs = {
  emacs = {
    enable = true;
  };
  direnv = {
    enable = true;
    enableBashIntegration = true;
    nix-direnv.enable = true;
  };
  bat = {
    enable = true;
    config = {
      pager = "less -FR";
      theme = "base16";
    };
  };
  git = {
    enable = true;
    userName  = "${myName}";
    userEmail = "${myEmail}";
  };
  htop = {
    enable = true;
    package = pkgs.htop-vim;
  };
 };
 #+end_src
 *** XDG
 Configurations for XDG directories, as well as installing dotfiles from the
 sub-directory on this repository.
 #+begin_src nix
 xdg = {
@ -516,7 +600,52 @@ xdg = {
 };
 #+end_src
-** USER-SERVICES
+** HOME-MANAGER PROGRAMS
 Program declarations that are exclusive to home-manager, declaring packages this
 way allows for extra configuration and integration beyond installing the
 packages on the user environment, it's the only exception I make to installing
 packages through home-manager.
 #+begin_src nix
 programs = {
  hstr.enable = true;
  emacs.enable = true;
  direnv = {
    enable = true;
    enableBashIntegration = true;
    nix-direnv.enable = true;
  };
  bat = {
    enable = true;
    config = {
      pager = "less -FR";
      theme = "base16";
    };
    extraPackages = with pkgs.bat-extras; [
      batman # man pages
      batpipe # piping
      batgrep # ripgrep
      batdiff # this is getting crazy!
      batwatch # probably my next best friend
      prettybat # trans your sourcecode!
    ];
  };
  git = {
    enable = true;
    userName  = "${myName}";
    userEmail = "${myEmail}";
  };
  htop = {
    enable = true;
    package = pkgs.htop-vim;
  };
 };
 #+end_src
 ** HOME-MANAGER USER-SERVICES
 Lorri helps optimize emacs compilations, and the declaring emacs as a service
 through home-manager fixes the bug where emacs loads so quickly that can not
 connect to a graphic environment unless restarting the systemd service.
 #+begin_src nix
 services = {
@ -532,25 +661,28 @@ services = {
 ** CLOSING HOME-MANAGER
 #+begin_src nix
-};
+}; };
 #+end_src
-* ENVIRONMENT PACKAGES
+* ENVIRONMENT
 These are a MUST to ensure the optimal function of nix, without these, recovery
 may be challenging.
 The environment.etc block allows for bluetooth devices to control volume, pause,
 and other things through the headset controls.
 Declare environment variables whose function is mostly to clear-up the $HOME
 directory from as much bloat as possible, as well as some minor graphical tweaks
 some applications use.
 #+begin_src nix
-environment.systemPackages = with pkgs; [
+environment = {
  systemPackages = with pkgs; [
    wget
    jellyfin-ffmpeg # coolest video converter!
    dlib
  ];
-#+end_src
+  variables = rec {
 * ENVIRONMENT VARIABLES
 #+begin_src nix
 environment.variables = rec {
    # PATH
    XDG_CACHE_HOME  = "\${HOME}/.cache";
    XDG_CONFIG_HOME = "\${HOME}/.config";
@ -559,37 +691,35 @@ environment.variables = rec {
    XDG_STATE_HOME  = "\${HOME}/.local/state";
    # DEV PATH
-  CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
+    CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
-  CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
+    CARGO_HOME = "${XDG_DATA_HOME}/cargo";
-  GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
+    GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
-  GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
+    GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
-  GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
+    GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
-  GOPATH = "\${XDG_DATA_HOME}/go";
+    GOPATH = "${XDG_DATA_HOME}/go";
-  NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
+    NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
-  PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
+    PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
-  PSQL_HISTORY="\${XDG_DATA_HOME}/psql_history";
+    PSQL_HISTORY="${XDG_DATA_HOME}/psql_history";
-  REDISCLI_HISTFILE="\${XDG_DATA_HOME}/redis/rediscli_history";
+    REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history";
-  WINEPREFIX="\${XDG_DATA_HOME}/wine";
+    WINEPREFIX="${XDG_DATA_HOME}/wine";
    # OPTIONS
-  HISTFILE = "\${XDG_STATE_HOME}/bash/history";
+    HISTFILE = "${XDG_STATE_HOME}/bash/history";
    LESSHISTFILE = "-";
    GHCUP_USE_XDG_DIRS = "true";
-  RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
+    RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
-  ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
+    ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
    VISUAL = "emacsclient -ca emacs";
-  WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
+    WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
-  XCOMPOSECACHE = "\${XDG_CACHE_HOME}/X11/xcompose";
+    XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
-  "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
+    "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
-  DOCKER_CONFIG="\${XDG_CONFIG_HOME}/docker";
+    DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker";
    # NVIDIA
-  CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
+    CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
  # WEBKIT_DISABLE_COMPOSITING_MODE = "1";
  # GBM_BACKEND = "nvidia-drm";
  # "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
    # Themes
    # WEBKIT_DISABLE_COMPOSITING_MODE = "1";
    CALIBRE_USE_SYSTEM_THEME = "1";
    PATH = [
@ -599,6 +729,7 @@ environment.variables = rec {
      "\${XDG_DATA_HOME}/pnpm"
    ];
  };
 };
 #+end_src
 * SNAPRAID
@ -679,6 +810,12 @@ programs = {
 * SERVICES
 Miscellaneous services, most of which are managed by systemd.
 - minidlna: allows me to watch my media on my tv.
 - avahi: allows to discover/connect to devices through their hostname on the
  same network.
 - fstrim/btrfs: file-system services.
 - psd: profile-sync-daemon, loads the chrome/firefox profile to ram.
 #+begin_src nix
 services = {
  minidlna = {
@ -688,6 +825,7 @@ services = {
      inotify = "yes";
      media_dir = [
        "/mnt/disk2/glue"
        "/mnt/seedbox/glue"
        "/mnt/disk1/multimedia/downloads"
      ];
    };
@ -825,10 +963,9 @@ systemd = {
 };
 #+end_src
-* MISC SETTINGS
+* FONTCONFIG
 ** ENABLE FONTCONFIG
 If enabled, a Fontconfig configuration file will point to a set of default
-fonts.  If you don't care about running X11 applications or any other program
+fonts.  If you don not care about running X11 applications or any other program
 that uses Fontconfig, you can turn this option off and prevent a dependency on
 all those fonts.
 =tip= once that Wayland is ready for deployment, I probably can remove this
@ -838,89 +975,29 @@ setting.
 fonts.fontconfig.enable = true;
 #+end_src
-** NFS
+* HARDWARE
 Computer-specific hardware settings.  The power management settings are
 defaulted to "performance".
 - nvidia: GPU drivers.
 - cpu.intel: microcode patches.
 #+begin_src nix
-fileSystems = {
+hardware = {
-  "/export/disk1" = {
+  nvidia = {
-    device = "/mnt/disk1";
+    modesetting.enable = true;
-    options = ["bind"];
+    powerManagement.enable = true;
  };
-  "/export/disk2" = {
+  cpu.intel.updateMicrocode = lib.mkDefault true;
-    device = "/mnt/disk2";
+  opengl = {
    options = ["bind"];
  };
  "/export/seedbox" = {
    device = "/mnt/seedbox";
    options = ["bind"];
  };
  "/export/jawz" = {
    device = "/home/jawz";
    options = ["bind"];
  };
 };
 services.nfs = {
  server = {
    enable = true;
-    exports = ''
+    driSupport = true;
-      /export         192.168.1.64(rw,fsid=0,no_subtree_check)
+    driSupport32Bit = true;
      /export/disk1   192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/disk2   192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/jawz    192.168.1.64(rw,nohide,insecure,no_subtree_check)
    '';
  };
 };
 #+end_src
-* FINAL SYSTEM CONFIGURATIONS
+* CLOSE SYSTEM
 The first setting creates a copy the NixOS configuration file and link it from
 the resulting system (/run/current-system/configuration.nix).  This is useful in
 case you accidentally delete configuration.nix.
 The version value determines the NixOS release from which the default settings for
 stateful data, like file locations and database versions on your system.
 It‘s perfectly fine and recommended to leave this value at the release version
 of the first install of this system.
 Lastly I configure in here Cachix repositories, which is a website that keeps a
 cache of nixbuilds for easy quick deployments without having to compile
 everything from scratch.
 #+begin_src nix
 system = {
  copySystemConfiguration = true;
  stateVersion = "${version}";
 };
 nix = {
  settings = {
    trusted-users = [ "nixremote" ];
    auto-optimise-store = true;
    system-features = [
      "nixos-test"
      "benchmark"
      "big-parallel"
      "kvm"
      "gccarch-znver3"
    ];
    substituters = [
      "https://nix-gaming.cachix.org"
      "https://nixpkgs-python.cachix.org"
      "https://devenv.cachix.org"
      "https://cuda-maintainers.cachix.org"
    ];
    trusted-public-keys = [
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
      "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
      "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
    ];
  };
  gc = {
    automatic = true;
    dates = "weekly";
  };
 };
 }
 #+end_src
 #  LocalWords:  useXkbConfig Wayland XORG NIXPKGS
--- a/workstation/hardware-configuration.nix
+++ b/workstation/hardware-configuration.nix
@ -56,7 +56,8 @@ in {
    };
  };
-  fileSystems."/" = {
+  fileSystems = {
    "/" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
      options = [
@ -70,8 +71,7 @@ in {
        "noatime"
      ];
    };
-
+    "/home" = {
  fileSystems."/home" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
      options = [
@ -84,61 +84,80 @@ in {
        "datacow"
      ];
    };
-  fileSystems."/mnt/disk1" = {
+    "/mnt/disk1" = {
      device = "/dev/mapper/disk1";
      fsType = "btrfs";
      options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
    };
-
+    "/var/lib/nextcloud/data" = {
  fileSystems."/var/lib/nextcloud/data" = {
      device = "/mnt/disk1/nextcloud";
      options = [ "bind" ];
    };
-
+    "/mnt/jellyfin/media" = {
  fileSystems."/mnt/jellyfin/media" = {
      device = "/mnt/disk1/multimedia/media";
      options = [ "bind" "ro" ];
    };
-
+    "/mnt/disk2" = {
  fileSystems."/mnt/disk2" = {
      device = "/dev/mapper/disk2";
      fsType = "btrfs";
      options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
    };
-
+    "/mnt/hnbox" = {
  fileSystems."/mnt/hnbox" = {
      device = "/dev/mapper/hnbox";
      fsType = "btrfs";
      options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
    };
-
+    "/mnt/seedbox" = {
  fileSystems."/mnt/seedbox" = {
      device = "/dev/mapper/seedbox";
      fsType = "btrfs";
      options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
    };
-
+    "/mnt/jellyfin/external" = {
  fileSystems."/mnt/jellyfin/external" = {
      device = "/mnt/seedbox/external";
      options = [ "bind" "ro" ];
    };
-
+    "/mnt/parity" = {
  fileSystems."/mnt/parity" = {
      device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
      fsType = "xfs";
      options = [ "defaults" ];
    };
-
+    "/boot" = {
  fileSystems."/boot" = {
      device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
      fsType = "ext4";
    };
-
+    "/boot/efi" = {
  fileSystems."/boot/efi" = {
      device = "/dev/disk/by-uuid/CBE7-5DEB";
      fsType = "vfat";
    };
-
+    "/export/disk1" = {
      device = "/mnt/disk1";
      options = [ "bind" ];
    };
    "/export/disk2" = {
      device = "/mnt/disk2";
      options = [ "bind" ];
    };
    "/export/seedbox" = {
      device = "/mnt/seedbox";
      options = [ "bind" ];
    };
    "/export/jawz" = {
      device = "/home/jawz";
      options = [ "bind" ];
    };
  };
  services.nfs = {
    server = {
      enable = true;
      exports = ''
        /export         192.168.1.64(rw,fsid=0,no_subtree_check)
        /export/disk1   192.168.1.64(rw,nohide,insecure,no_subtree_check)
        /export/disk2   192.168.1.64(rw,nohide,insecure,no_subtree_check)
        /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
        /export/jawz    192.168.1.64(rw,nohide,insecure,no_subtree_check)
      '';
    };
  };
  swapDevices = [{
    device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";
    randomEncryption = {
@ -148,45 +167,4 @@ in {
      sectorSize = 4096;
    };
  }];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  # nixpkgs.config.packageOverrides = pkgs: {
  #   vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
  # };
  nixpkgs.config = { allowUnfree = true; };
  virtualisation.docker.enableNvidia = true;
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware = {
    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
    };
    sane = {
      enable = true;
      extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ];
    };
    cpu.intel.updateMicrocode = lib.mkDefault true;
    bluetooth.enable = true;
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
      # extraPackages = with pkgs; [
      #   intel-media-driver # LIBVA_DRIVER_NAME=iHD
      #   vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
      #   vaapiVdpau
      #   libvdpau-va-gl
      # ];
    };
  };
 }
--- a/workstation/servers.nix
+++ b/workstation/servers.nix
@ -177,6 +177,7 @@ in {
  environment.systemPackages = with pkgs; [ docker-compose ];
  virtualisation.docker = {
    enable = true;
    enableNvidia = true;
    storageDriver = "btrfs";
  };
  systemd = {