too much shit idek anymore

modules/base/default.nix

@@ -1,5 +1,8 @@
 {
   imports = [
     ./nix
+    ./options
+    ./users
+    ./programs.nix
   ];
 }

modules/base/nix/default.nix

@@ -1,5 +1,6 @@
 {
   imports = [
     ./system.nix
+    ./nix.nix
   ];
 }

modules/base/nix/nix.nix

@@ -0,0 +1,134 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (lib.attrsets) filterAttrs mapAttrs;
+  inherit (lib.types) isType;
+
+  flakeInputs = filterAttrs (name: value: (isType "flake" value) && (name != "self")) inputs;
+
+  sudoers = "@wheel";
+in {
+  nix = {
+    # pin the registry to avoid downloading and evaluating a new nixpkgs version everytime
+    registry = mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+
+    # set up garbage collection to run <on the time frame specified per system>, and removing packages after 3 days
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 3d";
+    };
+
+    # https://docs.lix.systems/manual/lix/nightly/command-ref/conf-file.html
+    settings = {
+      # Free up to 20GiB whenever there is less than 5GB left.
+      # this setting is in bytes, so we multiply with 1024 by 3
+      min-free = 5 * 1024 * 1024 * 1024;
+      max-free = 20 * 1024 * 1024 * 1024;
+
+      # automatically optimise symlinks
+      # Disable auto-optimise-store because of this issue:
+      # https://github.com/NixOS/nix/issues/7273
+      auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
+
+      # users or groups which are allowed to do anything with the Nix daemon
+      allowed-users = [sudoers];
+      # users or groups which are allowed to manage the nix store
+      trusted-users = [sudoers];
+
+      # we don't want to track the registry, but we do want to allow the usage
+      # of the `flake:` references, so we need to enable use-registries
+      use-registries = true;
+      flake-registry = pkgs.writers.writeJSON "flakes-empty.json" {
+        flakes = [];
+        version = 2;
+      };
+
+      # let the system decide the number of max jobs
+      max-jobs = "auto";
+
+      # build inside sandboxed environments
+      # we only enable this on linux because it servirly breaks on darwin
+      sandbox = pkgs.stdenv.hostPlatform.isLinux;
+
+      # supported system features
+      system-features = [
+        "nixos-test"
+        "kvm"
+        "recursive-nix"
+        "big-parallel"
+      ];
+
+      # continue building derivations even if one fails
+      # this is important for keeping a nice cache of derivations, usually because I walk away
+      # from my PC when building and it would be annoying to deal with nothing saved
+      keep-going = true;
+
+      # show more log lines for failed builds, as this happens alot and is useful
+      log-lines = 30;
+
+      # https://docs.lix.systems/manual/lix/nightly/contributing/experimental-features.html
+      extra-experimental-features = [
+        # enables flakes, needed for this config
+        "flakes"
+
+        # enables the nix3 commands, a requirement for flakes
+        "nix-command"
+
+        # allow nix to call itself
+        "recursive-nix"
+
+        # allow nix to build and use content addressable derivations, these are nice beaccase
+        # they prevent rebuilds when changes to the derivation do not result in changes to the derivation's output
+        "ca-derivations"
+
+        # Allows Nix to automatically pick UIDs for builds, rather than creating nixbld* user accounts
+        # which is BEYOND annoying, which makes this a really nice feature to have
+        "auto-allocate-uids"
+
+        # allows Nix to execute builds inside cgroups
+        # remember you must also enable use-cgroups in the nix.conf or settings
+        "cgroups"
+
+        # allow passing installables to nix repl, making its interface consistent with the other experimental commands
+        "repl-flake"
+
+        # allow usage of the pipe operator in nix expressions
+        "pipe-operator"
+
+        # enable the use of the fetchClosure built-in function in the Nix language.
+        "fetch-closure"
+
+        # dependencies in derivations on the outputs of derivations that are themselves derivations outputs.
+        "dynamic-derivations"
+      ];
+
+      # don't warn me if the current working tree is dirty
+      # i don't need the warning because i'm working on it right now
+      warn-dirty = false;
+
+      # maximum number of parallel TCP connections used to fetch imports and binary caches, 0 means no limit
+      http-connections = 50;
+
+      # whether to accept nix configuration from a flake without prompting
+      # littrally a CVE waiting to happen <https://x.com/puckipedia/status/1693927716326703441>
+      accept-flake-config = false;
+
+      # build from source if the build fails from a binary source
+      # fallback = true;
+
+      # this defaults to true, however it slows down evaluation so maybe we should disable it
+      # some day, but we do need it for catppuccin/nix so maybe not too soon
+      allow-import-from-derivation = true;
+
+      # for direnv GC roots
+      keep-derivations = true;
+      keep-outputs = true;
+
+      # use xdg base directories for all the nix things
+      use-xdg-base-directories = true;
+    };
+  };
+}

modules/base/options/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./device.nix
+    ./programs
+  ];
+}

modules/base/options/device.nix

@@ -0,0 +1,15 @@
+{lib, ...}: let
+  inherit (lib.types) enum;
+  inherit (lib.options) mkOption;
+in {
+  options.olympus.device.type = mkOption {
+    type = enum [
+      "laptop"
+      "desktop"
+      "server"
+      "hybrid"
+      "vm"
+    ];
+    default = "";
+  };
+}

modules/base/options/programs/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./shells.nix
+    ./defaults.nix
+  ];
+}

modules/base/options/programs/defaults.nix

@@ -0,0 +1,93 @@
+{lib, ...}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.types) enum nullOr;
+in {
+  options.olympus.programs.defaults = {
+    shell = mkOption {
+      type = enum [
+        "bash"
+        "zsh"
+        "fish"
+      ];
+      default = "bash";
+    };
+
+    terminal = mkOption {
+      type = enum [
+        "alacritty"
+        "kitty"
+        "wezterm"
+        "foot"
+      ];
+      default = "wezterm";
+    };
+
+    fileManager = mkOption {
+      type = enum [
+        "cosmic-files"
+        "thunar"
+        "dolphin"
+        "nemo"
+      ];
+      default = "cosmic-files";
+    };
+
+    browser = mkOption {
+      type = enum [
+        "firefox"
+        "floorp"
+        "chromium"
+        "thorium"
+      ];
+      default = "floorp";
+    };
+
+    editor = mkOption {
+      type = enum [
+        "nvim"
+      ];
+      default = "nvim";
+    };
+
+    launcher = mkOption {
+      type = nullOr (enum [
+        "rofi"
+        "wofi"
+        "cosmic-launcher"
+      ]);
+      default = "wofi";
+    };
+
+    bar = mkOption {
+      type = nullOr (enum [
+        "waybar"
+        "ags"
+      ]);
+      default = "ags";
+    };
+
+    screenLocker = mkOption {
+      type = nullOr (enum [
+        "hyprlock"
+        "swaylock"
+        "gtklock"
+        "cosmic-greeter"
+      ]);
+      default = "hyprlock";
+      description = ''
+        The lockscreen module to be loaded by home-manager.
+      '';
+    };
+
+    noiseSuppressor = mkOption {
+      type = nullOr (enum [
+        "rnnoise"
+        "noisetorch"
+      ]);
+      default = "rnnoise";
+      description = ''
+        The noise suppressor to be used for desktop systems with sound enabled.
+      '';
+    };
+  };
+}

modules/base/options/programs/shells.nix

@@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.options) mkEnableOption mkPackageOption;
+  inherit (lib.attrsets) recursiveUpdate;
+
+  mkProgram = pkgs: name: extraConfig:
+    recursiveUpdate {
+      enable = mkEnableOption "Enable ${name}";
+      package = mkPackageOption pkgs name {};
+    }
+    extraConfig;
+in {
+  options.olympus.programs = {
+    bash = mkProgram pkgs "bash" {
+      enable.default = true;
+      package.default = pkgs.bashInteractive;
+    };
+
+    zsh = mkProgram pkgs "zsh" {};
+
+    fish = mkProgram pkgs "fish" {};
+  };
+}

modules/base/programs.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.meta) getExe;
+
+  bashPrompt = ''
+    eval "$(${getExe pkgs.starship} init bash)"
+  '';
+in {
+  # home-manager is so strange and needs these declared multiple times
+  programs = {
+    fish.enable = config.olympus.programs.fish.enable;
+    zsh.enable = config.olympus.programs.zsh.enable;
+  };
+}

modules/base/users/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./pingu.nix
+    ./options.nix
+    ./root.nix
+    ./mkuser.nix
+  ];
+}

modules/base/users/mkuser.nix

@@ -0,0 +1,45 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+  inherit (lib.attrsets) genAttrs;
+  inherit (builtins) filter hasAttr;
+  ifTheyExist = config: groups: filter (group: hasAttr group config.users.groups) groups;
+in {
+  users.users = genAttrs config.olympus.system.users (
+    name: {
+      home = "/home/" + name;
+      shell = config.olympus.programs.${config.olympus.programs.defaults.shell}.package;
+
+      uid = mkDefault 1000;
+      isNormalUser = true;
+      initialPassword = mkDefault "changeme";
+
+      # only add groups that exist
+      extraGroups =
+        [
+          "wheel"
+          "nix"
+        ]
+        ++ ifTheyExist config [
+          "network"
+          "networkmanager"
+          "systemd-journal"
+          "audio"
+          "pipewire"
+          "video"
+          "input"
+          "plugdev"
+          "tss"
+          "power"
+          "mysql"
+          "docker"
+          "git"
+          "libvirtd"
+          "cloudflared"
+        ];
+    }
+  );
+}

modules/base/users/options.nix

@@ -0,0 +1,25 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.types) enum listOf str;
+in {
+  options.olympus.system = {
+    mainUser = mkOption {
+      type = enum config.olympus.system.users;
+      description = "The username of the main user for your system";
+      default = builtins.elemAt config.olympus.system.users 0;
+    };
+
+    users = mkOption {
+      type = listOf str;
+      default = ["pingu"];
+      description = ''
+        A list of users that you wish to declare as your non-system users. The first username
+        in the list will be treated as your main user unless {option}`olympus.system.mainUser` is set.
+      '';
+    };
+  };
+}

modules/base/users/pingu.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (builtins) elem;
+  inherit (lib.modules) mkIf;
+in {
+  config = mkIf (elem "pingu" config.olympus.system.users) {
+    users.users.pingu.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+    ];
+  };
+}

modules/base/users/root.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  users.users.root = lib.modules.mkIf pkgs.stdenv.hostPlatform.isLinux {
+    initialPassword = "changeme";
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+    ];
+  };
+}