too much shit idek anymore

2025-02-22 22:25:09 +00:00 · 2025-01-26 00:36:34 +02:00 · 2025-01-26 00:36:34 +02:00 · bc82345beb
commit bc82345beb
parent 14843ef945
63 changed files with 1759 additions and 346 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -11,10 +11,19 @@
    wezterm.url = "github:wez/wezterm?dir=nix";
    catppuccin.url = "github:catppuccin/nix";
    hyprland.url = "github:hyprwm/Hyprland";
+    lix-module = {
+      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    hydra = {
+      url = "https://git.lix.systems/lix-project/hydra/archive/main.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    haivim = {
      url = "github:blahai/haivim";
-      inputs = {nixpkgs.follows = "nixpkgs";};
+      inputs.nixpkgs.follows = "nixpkgs";
    };

    ags = {
@ -46,6 +55,11 @@
      url = "github:nix-systems/default";
    };

+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    flake-parts = {
      url = "github:hercules-ci/flake-parts";
      inputs.nixpkgs-lib.follows = "nixpkgs";
@ -56,7 +70,24 @@
    };

    easy-hosts = {
-      url = "github:isabelroses/easy-hosts";
+      url = "github:tgirlcloud/easy-hosts";
+    };
+
+    deploy-rs = {
+      url = "github:serokell/deploy-rs";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        utils.follows = "flake-utils";
+        flake-compat.follows = "";
+      };
+    };
+
+    git-hooks = {
+      url = "github:cachix/git-hooks.nix";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "";
+      };
    };

    home-manager = {
--- a/home/default.nix
+++ b/home/default.nix
@ -1 +1,45 @@
-{}
+{
+  lib,
+  self,
+  self',
+  config,
+  inputs,
+  inputs',
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+  inherit (lib.attrsets) genAttrs;
+  inherit (config.olympus.programs) defaults;
+in {
+  home-manager = {
+    verbose = true;
+    useUserPackages = true;
+    useGlobalPkgs = true;
+    backupFileExtension = "bak";
+
+    extraSpecialArgs = {
+      inherit
+        inputs
+        self
+        inputs'
+        self'
+        defaults
+        ;
+    };
+
+    users = genAttrs config.olympus.system.users (name: ./${name});
+
+    # we should define grauntied common modules here
+    sharedModules = [
+      {
+        home.stateVersion = config.system.stateVersion;
+
+        # reload system units when changing configs
+        systemd.user.startServices = mkDefault "sd-switch"; # or "legacy" if "sd-switch" breaks again
+
+        # let HM manage itself when in standalone mode
+        programs.home-manager.enable = true;
+      }
+    ];
+  };
+}
--- a/home/elissa/default.nix
+++ b/home/elissa/default.nix
@ -0,0 +1 @@
+{}
--- a/home/pingu/default.nix
+++ b/home/pingu/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./packages
+    ./system
+  ];
+}
--- a/home/pingu/packages/cli/default.nix
+++ b/home/pingu/packages/cli/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./shell
+  ];
+}
--- a/home/pingu/packages/cli/shell/default.nix
+++ b/home/pingu/packages/cli/shell/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./fish.nix
+  ];
+}
--- a/home/pingu/packages/cli/shell/fish.nix
+++ b/home/pingu/packages/cli/shell/fish.nix
@ -0,0 +1,96 @@
+{
+  osConfig,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+in {
+  home.packages = with pkgs; [
+    neofetch
+  ];
+  programs = mkIf osConfig.olympus.programs.fish.enable {
+    fish = {
+      enable = true;
+
+      interactiveShellInit = ''
+        function fish_greeting
+          if test -z $DEVSHELL_NIX;
+            echo The time is (set_color purple; date +%T; set_color purple)
+            if test -z $SSH_CLIENT;
+              fastfetch
+            else
+              neofetch
+            end
+          end
+        end
+      '';
+
+      shellAliases = {
+        "ls" = "eza -l -a --group-directories-first --icons";
+        "grep" = "rg -p";
+        "rg" = "rg -p";
+
+        "cp" = "cp -rv";
+
+        ":q" = "exit";
+        ":qa" = "pkill fish";
+        ".." = "z ..";
+        ".2" = "z ../..";
+        ".3" = "z ../../..";
+        ".4" = "z ../../../..";
+        ".5" = "z ../../../../..";
+        ".r" = "z /";
+        ".h" = "z ~";
+        ".c" = "z ~/.config/";
+        ".a" = "z ~/.config/ags/";
+        ".n" = "z ~/.config/nixos/";
+        ".d" = "z ~/Documents/";
+        ".C" = "z ~/Documents/code/";
+        ".D" = "z ~/Downloads/";
+        ".p" = "z ~/Pictures/";
+
+        # git
+        "gc" = "git clone";
+        "gp" = "git push";
+        "ga" = "git add";
+        "gan" = "git add -N .";
+        "gcm" = "git commit -m";
+
+        "fetch" = "clear ; fastfetch --logo ~/Downloads/gay.png --logo-width 32";
+        "hvim" = "z ~/.config/hypr/ ; nvim ; z";
+        "fvim" = "nvim ~/.config/fish/config.fish";
+        "se" = "sudoedit";
+        "vim" = "nvim";
+        "nvide" = "env -u WAYLAND_DISPLAY neovide --multigrid";
+        "transcat" = "queercat -b -f 1 -v 0.45 -h 0.45";
+        "clock" = "tty-clock -s -C 5 -D -c -b";
+      };
+
+      functions = {
+        os-age = ''
+          stat / | awk '/Birth: /{print $2 " " substr($3,1,5)}'
+        '';
+
+        build-iso = ''
+          cd ~/.config/nixos
+          nix build .#nixosConfigurations.epimetheus.config.system.build.isoImage
+        '';
+
+        # Credit for these 3
+        # https://www.reddit.com/r/linux/comments/1fq0za8/comment/lp1ybdn
+        disks = ''
+          lsblk -o NAME,MOUNTPOINT,FSTYPE,FSUSE%,SIZE
+        '';
+
+        gr = ''
+          set GROOT (git rev-parse --show-toplevel 2>/dev/null); and cd $GROOT; or return $argv
+        '';
+
+        mkcd = ''
+          mkdir -p -- $argv[1] && cd $argv; or return $status
+        '';
+      };
+    };
+  };
+}
--- a/home/pingu/packages/default.nix
+++ b/home/pingu/packages/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./cli
+    ./gui
+    ./misc
+  ];
+}
--- a/home/pingu/packages/gui/default.nix
+++ b/home/pingu/packages/gui/default.nix
@ -0,0 +1 @@
+{}
--- a/home/pingu/packages/misc/default.nix
+++ b/home/pingu/packages/misc/default.nix
@ -0,0 +1 @@
+{}
--- a/home/pingu/system/default.nix
+++ b/home/pingu/system/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./env.nix
+  ];
+}
--- a/home/pingu/system/env.nix
+++ b/home/pingu/system/env.nix
@ -0,0 +1 @@
+{}
--- a/home/user/default.nix
+++ b/home/user/default.nix
@ -0,0 +1 @@
+{}
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -1,5 +1,8 @@
 {
  imports = [
    ./nix
+    ./options
+    ./users
+    ./programs.nix
  ];
 }
--- a/modules/base/nix/default.nix
+++ b/modules/base/nix/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
    ./system.nix
+    ./nix.nix
  ];
 }
--- a/modules/base/nix/nix.nix
+++ b/modules/base/nix/nix.nix
@ -0,0 +1,134 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (lib.attrsets) filterAttrs mapAttrs;
+  inherit (lib.types) isType;
+
+  flakeInputs = filterAttrs (name: value: (isType "flake" value) && (name != "self")) inputs;
+
+  sudoers = "@wheel";
+in {
+  nix = {
+    # pin the registry to avoid downloading and evaluating a new nixpkgs version everytime
+    registry = mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+
+    # set up garbage collection to run <on the time frame specified per system>, and removing packages after 3 days
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 3d";
+    };
+
+    # https://docs.lix.systems/manual/lix/nightly/command-ref/conf-file.html
+    settings = {
+      # Free up to 20GiB whenever there is less than 5GB left.
+      # this setting is in bytes, so we multiply with 1024 by 3
+      min-free = 5 * 1024 * 1024 * 1024;
+      max-free = 20 * 1024 * 1024 * 1024;
+
+      # automatically optimise symlinks
+      # Disable auto-optimise-store because of this issue:
+      # https://github.com/NixOS/nix/issues/7273
+      auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
+
+      # users or groups which are allowed to do anything with the Nix daemon
+      allowed-users = [sudoers];
+      # users or groups which are allowed to manage the nix store
+      trusted-users = [sudoers];
+
+      # we don't want to track the registry, but we do want to allow the usage
+      # of the `flake:` references, so we need to enable use-registries
+      use-registries = true;
+      flake-registry = pkgs.writers.writeJSON "flakes-empty.json" {
+        flakes = [];
+        version = 2;
+      };
+
+      # let the system decide the number of max jobs
+      max-jobs = "auto";
+
+      # build inside sandboxed environments
+      # we only enable this on linux because it servirly breaks on darwin
+      sandbox = pkgs.stdenv.hostPlatform.isLinux;
+
+      # supported system features
+      system-features = [
+        "nixos-test"
+        "kvm"
+        "recursive-nix"
+        "big-parallel"
+      ];
+
+      # continue building derivations even if one fails
+      # this is important for keeping a nice cache of derivations, usually because I walk away
+      # from my PC when building and it would be annoying to deal with nothing saved
+      keep-going = true;
+
+      # show more log lines for failed builds, as this happens alot and is useful
+      log-lines = 30;
+
+      # https://docs.lix.systems/manual/lix/nightly/contributing/experimental-features.html
+      extra-experimental-features = [
+        # enables flakes, needed for this config
+        "flakes"
+
+        # enables the nix3 commands, a requirement for flakes
+        "nix-command"
+
+        # allow nix to call itself
+        "recursive-nix"
+
+        # allow nix to build and use content addressable derivations, these are nice beaccase
+        # they prevent rebuilds when changes to the derivation do not result in changes to the derivation's output
+        "ca-derivations"
+
+        # Allows Nix to automatically pick UIDs for builds, rather than creating nixbld* user accounts
+        # which is BEYOND annoying, which makes this a really nice feature to have
+        "auto-allocate-uids"
+
+        # allows Nix to execute builds inside cgroups
+        # remember you must also enable use-cgroups in the nix.conf or settings
+        "cgroups"
+
+        # allow passing installables to nix repl, making its interface consistent with the other experimental commands
+        "repl-flake"
+
+        # allow usage of the pipe operator in nix expressions
+        "pipe-operator"
+
+        # enable the use of the fetchClosure built-in function in the Nix language.
+        "fetch-closure"
+
+        # dependencies in derivations on the outputs of derivations that are themselves derivations outputs.
+        "dynamic-derivations"
+      ];
+
+      # don't warn me if the current working tree is dirty
+      # i don't need the warning because i'm working on it right now
+      warn-dirty = false;
+
+      # maximum number of parallel TCP connections used to fetch imports and binary caches, 0 means no limit
+      http-connections = 50;
+
+      # whether to accept nix configuration from a flake without prompting
+      # littrally a CVE waiting to happen <https://x.com/puckipedia/status/1693927716326703441>
+      accept-flake-config = false;
+
+      # build from source if the build fails from a binary source
+      # fallback = true;
+
+      # this defaults to true, however it slows down evaluation so maybe we should disable it
+      # some day, but we do need it for catppuccin/nix so maybe not too soon
+      allow-import-from-derivation = true;
+
+      # for direnv GC roots
+      keep-derivations = true;
+      keep-outputs = true;
+
+      # use xdg base directories for all the nix things
+      use-xdg-base-directories = true;
+    };
+  };
+}
--- a/modules/base/options/default.nix
+++ b/modules/base/options/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./device.nix
+    ./programs
+  ];
+}
--- a/modules/base/options/device.nix
+++ b/modules/base/options/device.nix
@ -0,0 +1,15 @@
+{lib, ...}: let
+  inherit (lib.types) enum;
+  inherit (lib.options) mkOption;
+in {
+  options.olympus.device.type = mkOption {
+    type = enum [
+      "laptop"
+      "desktop"
+      "server"
+      "hybrid"
+      "vm"
+    ];
+    default = "";
+  };
+}
--- a/modules/base/options/programs/default.nix
+++ b/modules/base/options/programs/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./shells.nix
+    ./defaults.nix
+  ];
+}
--- a/modules/base/options/programs/defaults.nix
+++ b/modules/base/options/programs/defaults.nix
@ -0,0 +1,93 @@
+{lib, ...}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.types) enum nullOr;
+in {
+  options.olympus.programs.defaults = {
+    shell = mkOption {
+      type = enum [
+        "bash"
+        "zsh"
+        "fish"
+      ];
+      default = "bash";
+    };
+
+    terminal = mkOption {
+      type = enum [
+        "alacritty"
+        "kitty"
+        "wezterm"
+        "foot"
+      ];
+      default = "wezterm";
+    };
+
+    fileManager = mkOption {
+      type = enum [
+        "cosmic-files"
+        "thunar"
+        "dolphin"
+        "nemo"
+      ];
+      default = "cosmic-files";
+    };
+
+    browser = mkOption {
+      type = enum [
+        "firefox"
+        "floorp"
+        "chromium"
+        "thorium"
+      ];
+      default = "floorp";
+    };
+
+    editor = mkOption {
+      type = enum [
+        "nvim"
+      ];
+      default = "nvim";
+    };
+
+    launcher = mkOption {
+      type = nullOr (enum [
+        "rofi"
+        "wofi"
+        "cosmic-launcher"
+      ]);
+      default = "wofi";
+    };
+
+    bar = mkOption {
+      type = nullOr (enum [
+        "waybar"
+        "ags"
+      ]);
+      default = "ags";
+    };
+
+    screenLocker = mkOption {
+      type = nullOr (enum [
+        "hyprlock"
+        "swaylock"
+        "gtklock"
+        "cosmic-greeter"
+      ]);
+      default = "hyprlock";
+      description = ''
+        The lockscreen module to be loaded by home-manager.
+      '';
+    };
+
+    noiseSuppressor = mkOption {
+      type = nullOr (enum [
+        "rnnoise"
+        "noisetorch"
+      ]);
+      default = "rnnoise";
+      description = ''
+        The noise suppressor to be used for desktop systems with sound enabled.
+      '';
+    };
+  };
+}
--- a/modules/base/options/programs/shells.nix
+++ b/modules/base/options/programs/shells.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.options) mkEnableOption mkPackageOption;
+  inherit (lib.attrsets) recursiveUpdate;
+
+  mkProgram = pkgs: name: extraConfig:
+    recursiveUpdate {
+      enable = mkEnableOption "Enable ${name}";
+      package = mkPackageOption pkgs name {};
+    }
+    extraConfig;
+in {
+  options.olympus.programs = {
+    bash = mkProgram pkgs "bash" {
+      enable.default = true;
+      package.default = pkgs.bashInteractive;
+    };
+
+    zsh = mkProgram pkgs "zsh" {};
+
+    fish = mkProgram pkgs "fish" {};
+  };
+}
--- a/modules/base/programs.nix
+++ b/modules/base/programs.nix
@ -0,0 +1,18 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.meta) getExe;
+
+  bashPrompt = ''
+    eval "$(${getExe pkgs.starship} init bash)"
+  '';
+in {
+  # home-manager is so strange and needs these declared multiple times
+  programs = {
+    fish.enable = config.olympus.programs.fish.enable;
+    zsh.enable = config.olympus.programs.zsh.enable;
+  };
+}
--- a/modules/base/users/default.nix
+++ b/modules/base/users/default.nix
@ -0,0 +1,8 @@
+{
+  imports = [
+    ./pingu.nix
+    ./options.nix
+    ./root.nix
+    ./mkuser.nix
+  ];
+}
--- a/modules/base/users/mkuser.nix
+++ b/modules/base/users/mkuser.nix
@ -0,0 +1,45 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+  inherit (lib.attrsets) genAttrs;
+  inherit (builtins) filter hasAttr;
+  ifTheyExist = config: groups: filter (group: hasAttr group config.users.groups) groups;
+in {
+  users.users = genAttrs config.olympus.system.users (
+    name: {
+      home = "/home/" + name;
+      shell = config.olympus.programs.${config.olympus.programs.defaults.shell}.package;
+
+      uid = mkDefault 1000;
+      isNormalUser = true;
+      initialPassword = mkDefault "changeme";
+
+      # only add groups that exist
+      extraGroups =
+        [
+          "wheel"
+          "nix"
+        ]
+        ++ ifTheyExist config [
+          "network"
+          "networkmanager"
+          "systemd-journal"
+          "audio"
+          "pipewire"
+          "video"
+          "input"
+          "plugdev"
+          "tss"
+          "power"
+          "mysql"
+          "docker"
+          "git"
+          "libvirtd"
+          "cloudflared"
+        ];
+    }
+  );
+}
--- a/modules/base/users/options.nix
+++ b/modules/base/users/options.nix
@ -0,0 +1,25 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.types) enum listOf str;
+in {
+  options.olympus.system = {
+    mainUser = mkOption {
+      type = enum config.olympus.system.users;
+      description = "The username of the main user for your system";
+      default = builtins.elemAt config.olympus.system.users 0;
+    };
+
+    users = mkOption {
+      type = listOf str;
+      default = ["pingu"];
+      description = ''
+        A list of users that you wish to declare as your non-system users. The first username
+        in the list will be treated as your main user unless {option}`olympus.system.mainUser` is set.
+      '';
+    };
+  };
+}
--- a/modules/base/users/pingu.nix
+++ b/modules/base/users/pingu.nix
@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (builtins) elem;
+  inherit (lib.modules) mkIf;
+in {
+  config = mkIf (elem "pingu" config.olympus.system.users) {
+    users.users.pingu.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+    ];
+  };
+}
--- a/modules/base/users/root.nix
+++ b/modules/base/users/root.nix
@ -0,0 +1,13 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  users.users.root = lib.modules.mkIf pkgs.stdenv.hostPlatform.isLinux {
+    initialPassword = "changeme";
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+    ];
+  };
+}
--- a/modules/flake/args.nix
+++ b/modules/flake/args.nix
@ -11,7 +11,9 @@
        allowUnfree = true;
        allowUnsupportedSystem = true;
      };
-      # overlays = [ inputs.nix-topology.overlays.default ];
+      overlays = [
+        # inputs.nix-topology.overlays.default
+      ];
    };
  };
 }
--- a/modules/flake/default.nix
+++ b/modules/flake/default.nix
@ -1,7 +1,9 @@
 {
  imports = [
    ../../systems
+    ./programs

    ./args.nix
+    ./overlays.nix
  ];
 }
--- a/modules/flake/overlays.nix
+++ b/modules/flake/overlays.nix
@ -0,0 +1,5 @@
+# this file creates an overlay based on the packgaes that out flake provides
+{self, ...}: {
+  # get a list of packages for the host system, and if none exist use an empty set
+  flake.overlays.default = _: prev: self.packages.${prev.stdenv.hostPlatform.system} or {};
+}
--- a/modules/flake/programs/default.nix
+++ b/modules/flake/programs/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./shell.nix
+    ./formatter.nix
+    # ./deploy.nix
+  ];
+}
--- a/modules/flake/programs/formatter.nix
+++ b/modules/flake/programs/formatter.nix
@ -0,0 +1,41 @@
+{inputs, ...}: {
+  imports = [inputs.treefmt-nix.flakeModule];
+
+  perSystem = {
+    pkgs,
+    config,
+    ...
+  }: {
+    formatter = config.treefmt.build.wrapper;
+
+    treefmt = {
+      projectRootFile = "flake.nix";
+
+      programs = {
+        shellcheck.enable = true;
+        taplo.enable = true;
+        # TODO: configure this to not be ugly
+        # yamlfmt.enable = true;
+
+        nixfmt = {
+          enable = true;
+          package = pkgs.alejandra;
+        };
+
+        prettier = {
+          enable = true;
+          package = pkgs.prettierd;
+          excludes = ["*.age"];
+          settings = {
+            editorconfig = true;
+          };
+        };
+
+        shfmt = {
+          enable = true;
+          indent_size = 2;
+        };
+      };
+    };
+  };
+}
--- a/modules/flake/programs/shell.nix
+++ b/modules/flake/programs/shell.nix
@ -0,0 +1,60 @@
+{
+  perSystem = {
+    lib,
+    pkgs,
+    self',
+    config,
+    inputs',
+    ...
+  }: {
+    devShells = {
+      default = pkgs.mkShellNoCC {
+        name = "dotfiles";
+        meta.description = "Development shell for this configuration";
+
+        # shellHook = config.pre-commit.installationScript;
+
+        DIRENV_LOG_FORMAT = "";
+
+        FLAKE = ".";
+        NH_FLAKE = ".";
+
+        packages =
+          [
+            pkgs.git # flakes require git
+            pkgs.just # quick and easy task runner
+            pkgs.cocogitto # git helpers
+            self'.formatter # nix formatter
+            pkgs.nix-output-monitor # get clean diff between generations
+            inputs'.agenix.packages.agenix # secrets
+          ]
+          ++ lib.lists.optionals pkgs.stdenv.hostPlatform.isLinux [
+            inputs'.deploy-rs.packages.deploy-rs # remote deployment
+          ];
+
+        inputsFrom = [config.treefmt.build.devShell];
+      };
+
+      nixpkgs = pkgs.mkShellNoCC {
+        packages = builtins.attrValues {
+          inherit
+            (pkgs)
+            # package creation helpers
+            nurl
+            nix-init
+            # nixpkgs dev stuff
+            hydra-check
+            nixpkgs-lint
+            nixpkgs-review
+            nixpkgs-hammering
+            # nix helpers
+            nix-melt
+            nix-tree
+            nix-inspect
+            nix-search-cli
+            ;
+        };
+      };
+    };
+  };
+}
--- a/modules/iso/boot.nix
+++ b/modules/iso/boot.nix
@ -0,0 +1,25 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce mkAfter;
+in {
+  boot = {
+    kernelParams = mkAfter [
+      "noquiet"
+      "toram"
+    ];
+
+    # have no need for systemd-boot
+    loader.systemd-boot.enable = mkForce false;
+    # we don't need to have any raid tools in our system
+    swraid.enable = mkForce false;
+
+    # https://github.com/NixOS/nixpkgs/issues/58959
+    supportedFilesystems = mkForce [
+      "btrfs"
+      "ext4"
+      "zfs"
+      "vfat"
+      "f2fs"
+      "xfs"
+    ];
+  };
+}
--- a/modules/iso/default.nix
+++ b/modules/iso/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./boot.nix
+    ./image.nix
+  ];
+}
--- a/modules/iso/image.nix
+++ b/modules/iso/image.nix
@ -0,0 +1,61 @@
+{
+  lib,
+  self,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkImageMediaOverride;
+  inherit (lib.sources) cleanSource;
+
+  # Get the hostname from our networking name provided in the mkNixosIso builder
+  # If none is set then default to "nixos"
+  hostname = config.networking.hostName or "nixos";
+
+  # We get the rev of the git tree here and if we don't have one that
+  # must mean we have made local changes so we call the git tree "dirty"
+  rev = self.shortRev or "dirty";
+
+  # Give all the isos a consistent name
+  # $hostname-$release-$rev-$arch
+  name = "${hostname}-${config.system.nixos.release}-${rev}-${pkgs.stdenv.hostPlatform.uname.processor}";
+in {
+  image = {
+    # From the name defined before we end up with: name.iso
+    baseName = mkImageMediaOverride name;
+
+    extension = "iso";
+  };
+
+  isoImage = {
+    # volumeID is used is used by stage 1 of the boot process, so it must be distintctive
+    volumeID = mkImageMediaOverride name;
+
+    # maximum compression, in exchange for build speed
+    squashfsCompression = "zstd -Xcompression-level 19";
+
+    # ISO image should be an EFI-bootable volume
+    makeEfiBootable = true;
+
+    # ISO image should be bootable from USB
+    makeUsbBootable = true;
+
+    # remove "-installer" boot menu label
+    appendToMenuLabel = "";
+
+    contents = [
+      {
+        # This should help for debugging if we ever get an unbootable system and have to
+        # prefrom some repairs on the system itself
+        source = pkgs.memtest86plus + "/memtest.bin";
+        target = "/boot/memtest.bin";
+      }
+      {
+        # we also provide our flake such that a user can easily rebuild without needing
+        # to clone the repo, which needlessly slows the install process
+        source = cleanSource self;
+        target = "/flake";
+      }
+    ];
+  };
+}
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -4,5 +4,8 @@
    ./environment
    ./hardware
    ./networking
+    ./services
+
+    ./remote-modules.nix
  ];
 }
--- a/modules/nixos/remote-modules.nix
+++ b/modules/nixos/remote-modules.nix
@ -0,0 +1,6 @@
+{inputs, ...}: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    inputs.lix-module.nixosModules.default
+  ];
+}
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    #./hosted
+    ./system
+  ];
+}
--- a/modules/nixos/services/hosted/caddy.nix
+++ b/modules/nixos/services/hosted/caddy.nix
@ -0,0 +1,19 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.services) mkServiceOption;
+
+  cfg = config.olympus.services.caddy;
+in {
+  options.olympus.services.caddy = mkServiceOption "caddy" {domain = "blahai.gay";};
+
+  config = mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+    };
+  };
+}
--- a/modules/nixos/services/hosted/default.nix
+++ b/modules/nixos/services/hosted/default.nix
@ -0,0 +1,10 @@
+{
+  imports = [
+    ./caddy.nix
+    ./forgejo.nix
+    ./redis.nix
+    ./searx.nix
+    ./uptime-kuma.nix
+    ./vaultwarden.nix
+  ];
+}
--- a/modules/nixos/services/hosted/forgejo.nix
+++ b/modules/nixos/services/hosted/forgejo.nix
@ -0,0 +1 @@
+{}
--- a/modules/nixos/services/hosted/redis.nix
+++ b/modules/nixos/services/hosted/redis.nix
@ -0,0 +1 @@
+{}
--- a/modules/nixos/services/hosted/searx.nix
+++ b/modules/nixos/services/hosted/searx.nix
@ -0,0 +1 @@
+{}
--- a/modules/nixos/services/hosted/uptime-kuma.nix
+++ b/modules/nixos/services/hosted/uptime-kuma.nix
@ -0,0 +1,31 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.services) mkServiceOption;
+
+  rdomain = config.networking.domain;
+  cfg = config.olympus.services.uptime-kuma;
+in {
+  options.olympus.services.uptime-kuma = mkServiceOption "uptime-kuma" {
+    port = 3001;
+    domain = "kuma.${rdomain}";
+  };
+
+  config = mkIf cfg.enable {
+    services.uptime-kuma = {
+      enable = true;
+
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      settings.PORT = toString cfg.port;
+    };
+
+    services.caddy.virtualHosts.${cfg.domain} = {
+      extraConfig = ''
+        reverse_proxy localhost:${cfg.port}
+      '';
+    };
+  };
+}
--- a/modules/nixos/services/hosted/vaultwarden.nix
+++ b/modules/nixos/services/hosted/vaultwarden.nix
@ -0,0 +1 @@
+{}
--- a/modules/nixos/services/system/default.nix
+++ b/modules/nixos/services/system/default.nix
@ -0,0 +1,9 @@
+{
+  imports = [
+    #./firmware.nix
+    #./logs.nix
+    #./monitoring.nix
+    #./oomd.nix
+    #./serial.nix
+  ];
+}
--- a/modules/profiles/headless/default.nix
+++ b/modules/profiles/headless/default.nix
@ -1 +1,10 @@
-{}
+{
+  imports = [
+    ./documentation.nix
+    ./environment.nix
+    ./fonts.nix
+    ./services.nix
+    ./systemd.nix
+    ./xdg.nix
+  ];
+}
--- a/modules/profiles/headless/documentation.nix
+++ b/modules/profiles/headless/documentation.nix
@ -0,0 +1,18 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  documentation = mapAttrs (_: mkForce) {
+    enable = false;
+    dev.enable = false;
+    doc.enable = false;
+    info.enable = false;
+    nixos.enable = false;
+    man = {
+      enable = false;
+      generateCaches = false;
+      man-db.enable = false;
+      mandoc.enable = false;
+    };
+  };
+}
--- a/modules/profiles/headless/environment.nix
+++ b/modules/profiles/headless/environment.nix
@ -0,0 +1,4 @@
+{
+  # print the URL instead on servers
+  environment.variables.BROWSER = "echo";
+}
--- a/modules/profiles/headless/fonts.nix
+++ b/modules/profiles/headless/fonts.nix
@ -0,0 +1,12 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  # we don't need fonts on a server
+  # since there are no fonts to be configured outside the console
+  fonts = mapAttrs (_: mkForce) {
+    packages = [];
+    fontDir.enable = false;
+    fontconfig.enable = false;
+  };
+}
--- a/modules/profiles/headless/services.nix
+++ b/modules/profiles/headless/services.nix
@ -0,0 +1,5 @@
+{lib, ...}: {
+  # a headless system should not mount any removable media
+  # without explicit user action
+  services.udisks2.enable = lib.modules.mkForce false;
+}
--- a/modules/profiles/headless/systemd.nix
+++ b/modules/profiles/headless/systemd.nix
@ -0,0 +1,29 @@
+{
+  # https://github.com/numtide/srvos/blob/main/nixos/server/default.nix
+  systemd = {
+    # given that our systems are headless, emergency mode is useless.
+    # we prefer the system to attempt to continue booting so
+    # that we can hopefully still access it remotely.
+    enableEmergencyMode = false;
+
+    # For more detail, see:
+    #   https://0pointer.de/blog/projects/watchdog.html
+    watchdog = {
+      # systemd will send a signal to the hardware watchdog at half
+      # the interval defined here, so every 10s.
+      # If the hardware watchdog does not get a signal for 20s,
+      # it will forcefully reboot the system.
+      runtimeTime = "20s";
+      # Forcefully reboot if the final stage of the reboot
+      # hangs without progress for more than 30s.
+      # For more info, see:
+      #   https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+      rebootTime = "30s";
+    };
+
+    sleep.extraConfig = ''
+      AllowSuspend=no
+      AllowHibernation=no
+    '';
+  };
+}
--- a/modules/profiles/headless/xdg.nix
+++ b/modules/profiles/headless/xdg.nix
@ -0,0 +1,12 @@
+{lib, ...}: let
+  inherit (lib.attrsets) mapAttrs;
+  inherit (lib.modules) mkForce;
+in {
+  xdg = mapAttrs (_: mkForce) {
+    sounds.enable = false;
+    mime.enable = false;
+    menus.enable = false;
+    icons.enable = false;
+    autostart.enable = false;
+  };
+}
--- a/modules/profiles/server/default.nix
+++ b/modules/profiles/server/default.nix
@ -1 +1,7 @@
-{}
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+in {
+  time.timeZone = mkForce "UTC";
+
+  olympus.device.type = "server";
+}
--- a/systems/aphrodite/default.nix
+++ b/systems/aphrodite/default.nix
@ -0,0 +1,21 @@
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  olympus = {
+    device = {
+      cpu = "amd";
+      gpu = "amd";
+    };
+    system = {
+      boot = {
+        loader = "systemd-boot";
+        loadRecommendedModules = true;
+        enableKernelTweaks = true;
+        initrd.enableTweaks = true;
+        plymouth.enable = false;
+      };
+    };
+  };
+}
--- a/systems/aphrodite/hardware.nix
+++ b/systems/aphrodite/hardware.nix
@ -0,0 +1,17 @@
+{
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/root";
+      fsType = "ext4";
+      options = ["auto"];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+  };
+
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
+}
--- a/systems/epimetheus/default.nix
+++ b/systems/epimetheus/default.nix
@ -0,0 +1 @@
+{}
--- a/systems/helios/default.nix
+++ b/systems/helios/default.nix
@ -0,0 +1,21 @@
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  olympus = {
+    device = {
+      cpu = "amd";
+      gpu = "amd";
+    };
+    system = {
+      boot = {
+        loader = "systemd-boot";
+        loadRecommendedModules = true;
+        enableKernelTweaks = true;
+        initrd.enableTweaks = true;
+        plymouth.enable = false;
+      };
+    };
+  };
+}
--- a/systems/helios/hardware.nix
+++ b/systems/helios/hardware.nix
@ -0,0 +1,17 @@
+{
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/root";
+      fsType = "ext4";
+      options = ["auto"];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+  };
+
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
+}
--- a/systems/nyx/default.nix
+++ b/systems/nyx/default.nix
@ -17,5 +17,8 @@
        plymouth.enable = false;
      };
    };
+    programs = {
+      fish.enable = true;
+    };
  };
 }
--- a/systems/theia/overrides.nix
+++ b/systems/theia/overrides.nix
@ -1,7 +1,6 @@
 {
  lib,
  pkgs,
-  config,
  modulesPath,
  ...
 }: let
@ -16,7 +15,7 @@ in {
    };
    systemd.services.qemu-guest-agent.path = [pkgs.shadow];

-    system.stateVersion = mkForce "25.04";
+    system.stateVersion = mkForce "25.05";

    boot = {
      kernelParams = ["net.ifnames=0"];