add networking through secrets

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -1,2 +1,4 @@
 # Result is a symlink to the built iso
-result
+result
+# direnv binaries
+.direnv

.sops.yaml

@@ -1,14 +1,12 @@
-# This example uses YAML anchors which allows reuse of multiple keys
-# without having to repeat yourself.
-# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
-# for a more complex example.
 keys:
   - &remy_usb age1027e2vu808mvf95m4f0am3aeg88n8vgzt56s04ndpkgm7awzeajspxl6tu
-  - &remy_yoga age1t2stzdjfwrtekk23w43623fdvt9awdujth765f8l6mu9g6l4537q4gw8d0
+  - &remy_yoga ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX4zsiXSSWbE75C0wyBVwaHOw6Gsbh/WqQsgEhvPwT8 remy@nyx
-  # - &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl
+
+  - &host_yoga age1ckqer7nxzq7q58v9xaqy8ac9vx2va69a46t86wp9m78pj5dpuy3sq8xeaj
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - age:
       - *remy_usb
       - *remy_yoga
+      - *host_yoga

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760101617,
+        "lastModified": 1761420899,
-        "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
+        "narHash": "sha256-kxGCip6GNbcbNWKu4J2iKbNYfFTS8Zbjg9CWp0zmFoM=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
+        "rev": "62479232aae42c1ef09c2c027c8cfd91df060897",
         "type": "github"
       },
       "original": {
@@ -112,11 +112,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761744363,
+        "lastModified": 1762403774,
-        "narHash": "sha256-c+lu6aSPPeI9HnqFg4pyNYUWqLrRL2Yju3sFDu42q/w=",
+        "narHash": "sha256-CXgW0EEW+WV4jJ/5mxNluQeTgS6wyuuUlUcsZF84bKU=",
         "owner": "AvengeMedia",
         "repo": "DankMaterialShell",
-        "rev": "5e36b1454a7b2cec0c657fd4345a715736bbef19",
+        "rev": "c9ee856f916023563d9446483024a8aec2dce870",
         "type": "github"
       },
       "original": {
@@ -148,17 +148,16 @@
     },
     "dms-cli": {
       "inputs": {
-        "gomod2nix": "gomod2nix",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1761674192,
+        "lastModified": 1762404200,
-        "narHash": "sha256-KpQxBHiXjs1xFlM8mtVaY/XcKX0J5tCoqg8lXtIC9Pk=",
+        "narHash": "sha256-/GhnVY1AwcgxOVhSXdrejVQNbi27kXRNMD93C2nH5ho=",
         "owner": "AvengeMedia",
         "repo": "danklinux",
-        "rev": "477968d6b3e5dbb82f5e07feb0a1a7b2de9d948e",
+        "rev": "b94cc56f44e7fb987d293e4880871fa0845da8ed",
         "type": "github"
       },
       "original": {
@@ -220,24 +219,6 @@
         "type": "github"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -293,29 +274,6 @@
         "type": "github"
       }
     },
-    "gomod2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "dms-cli",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1756047880,
-        "narHash": "sha256-JeuGh9kA1SPL70fnvpLxkIkCWpTjtoPaus3jzvdna0k=",
-        "owner": "nix-community",
-        "repo": "gomod2nix",
-        "rev": "47d628dc3b506bd28632e47280c6b89d3496909d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "v1.7.0",
-        "repo": "gomod2nix",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -323,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761750844,
+        "lastModified": 1762367206,
-        "narHash": "sha256-ab6kNHAEP/oWz8qdblnDw7TIwetr4GnmnDyvya0aw/k=",
+        "narHash": "sha256-c/164YOPkV09BH8KIUdvVvJs3VF2LNIbE2piKGgXPxk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b8082c6803353456d45e6a8c0d4b36ad33fb7d6a",
+        "rev": "af119feb17cb242398e0fb97f92b867d25882522",
         "type": "github"
       },
       "original": {
@@ -344,11 +302,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752603129,
+        "lastModified": 1762351818,
-        "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
+        "narHash": "sha256-0ptUDbYwxv1kk/uzEX4+NJjY2e16MaAhtzAOJ6K0TG0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
+        "rev": "b959c67241cae17fc9e4ee7eaf13dfa8512477ea",
         "type": "github"
       },
       "original": {
@@ -427,15 +385,15 @@
         "hyprwayland-scanner": "hyprwayland-scanner",
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks": "pre-commit-hooks",
-        "systems": "systems_2",
+        "systems": "systems",
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1761742422,
+        "lastModified": 1762387591,
-        "narHash": "sha256-dke/JIFqles3r4nZwn+XPASGpIxIaKgeUp7NTBHpxgM=",
+        "narHash": "sha256-dbxpwgat8W/+P/cYnLXzoj5Gi8WKdtMgvqHuEzIU8fs=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "ff50dc36e912b6ad764802d51be838bc7f6ed323",
+        "rev": "c757fd375cce299e3da922190ddf1a0622ce807c",
         "type": "github"
       },
       "original": {
@@ -578,11 +536,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759619523,
+        "lastModified": 1762208756,
-        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
+        "narHash": "sha256-hC1jb4tdjFfEuU18KQiMgz5XPAO+d5SfbjAUS7haLl4=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
+        "rev": "164a30b3d8b3174a32ac7326782476f1188e6118",
         "type": "github"
       },
       "original": {
@@ -631,31 +589,34 @@
         "type": "github"
       }
     },
-    "nix-vscode-extensions": {
+    "nix4vscode": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1761726545,
+        "lastModified": 1762394598,
-        "narHash": "sha256-+Id4G/5NRpf8Lkdr5q4PBrQo6hvVFTbrN/J+0Q0KU6s=",
+        "narHash": "sha256-AbDS8JL8mXAP0gVAXQA1RIUwnH6rUHueCTPf/hxAooE=",
         "owner": "nix-community",
-        "repo": "nix-vscode-extensions",
+        "repo": "nix4vscode",
-        "rev": "daf7c5026b02623d17ad74548a791c387db438d8",
+        "rev": "4c90ca996c860583f8fc77fa8abd24610439f850",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "repo": "nix-vscode-extensions",
+        "repo": "nix4vscode",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1761114652,
+        "lastModified": 1762111121,
-        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
         "type": "github"
       },
       "original": {
@@ -667,11 +628,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1761373498,
+        "lastModified": 1762111121,
-        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
         "type": "github"
       },
       "original": {
@@ -683,27 +644,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1759770925,
+        "lastModified": 1762111121,
-        "narHash": "sha256-CZwkCtzTNclqlhuwDsVtGoRumTpqCUK0xSnFIMgd8ls=",
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "674c2b09c59a220204350ced584cadaacee30038",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "674c2b09c59a220204350ced584cadaacee30038",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1761373498,
-        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
         "type": "github"
       },
       "original": {
@@ -768,8 +713,8 @@
         "home-manager": "home-manager",
         "hyprland": "hyprland",
         "nix-flatpak": "nix-flatpak",
-        "nix-vscode-extensions": "nix-vscode-extensions",
+        "nix4vscode": "nix4vscode",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix",
         "stylix": "stylix",
@@ -818,11 +763,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1761666531,
+        "lastModified": 1762264356,
-        "narHash": "sha256-nKOOPeblDcebtYfBjHo+PHXHKNSNKuifn1EGcBEgKWs=",
+        "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
         "owner": "nix-community",
         "repo": "stylix",
-        "rev": "f8f4e3c3658ee962f8f332a56720c8dfc2836f7a",
+        "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
         "type": "github"
       },
       "original": {
@@ -832,21 +777,6 @@
       }
     },
     "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -861,6 +791,22 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "systems_3": {
       "locked": {
         "lastModified": 1681028828,
@@ -1006,11 +952,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760713634,
+        "lastModified": 1761431178,
-        "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
+        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
+        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
         "type": "github"
       },
       "original": {
@@ -1027,11 +973,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761712008,
+        "lastModified": 1762403216,
-        "narHash": "sha256-Nf2s59dLg6KDUV0omZqIlOGNUxw/Rl/KKXEXQGFCAlo=",
+        "narHash": "sha256-BPv/dC0S54hqsurgmxGxUbXb3kJMpK3KNKQDrdO4NRE=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "1383ed38745d12f3896c996848d24c451643db58",
+        "rev": "a3a22c5ad43f46f8ddad7eed8aa7f82ec649765f",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,6 +1,7 @@
 {
   description = "Nix config entry point";
-
+  # since secrets live in a submodule, enable submodules by default
+  inputs.self.submodules = true;
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
@@ -49,7 +50,10 @@
       inputs.dms-cli.follows = "dms-cli";
     };
 
-    nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
+    nix4vscode = {
+      url = "github:nix-community/nix4vscode";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
@@ -59,7 +63,7 @@
     home-manager,
     stylix,
     sops-nix,
-    nix-vscode-extensions,
+    nix4vscode,
     ...
   } @ inputs:
     let
@@ -112,11 +116,12 @@
             ./users/remy_yoga
             inputs.nix-flatpak.homeManagerModules.nix-flatpak
             inputs.dankMaterialShell.homeModules.dankMaterialShell.default
+
           ];
           extraModules = [
             inputs.stylix.nixosModules.stylix
             inputs.sops-nix.nixosModules.sops
-            { nixpkgs.overlays = [ inputs.nix-vscode-extensions.overlays.default ]; }
+            { nixpkgs.overlays = [ inputs.nix4vscode.overlays.default ]; }
           ];
         };
       };
@@ -160,5 +165,15 @@
   #       })
   #     ];
   #   };
+
+    # devshell for this configuration
+    devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
+      packages = [
+        pkgs.sops
+      ];
+
+      # tell sops where the public ssh key to "seed" the age key from is located
+      SOPS_AGE_SSH_PRIVATE_KEY_FILE = "/home/remy/.ssh/main_key";
+    };
   };
 }

hosts/yoga-7-pro/configuration.nix

@@ -5,17 +5,21 @@
 { config, lib, pkgs, ... }:
 
 {
-
   boot.loader = {
     systemd-boot.enable = true;
     timeout = 0;
     efi.canTouchEfiVariables = true;
   };
 
-  # cause it is so inconveniently located
+  services.logind.settings.Login = {
-  services.logind.powerKey = "ignore";
+    # because it is so inconveniently located
-  services.logind.lidSwitch = "sleep";
+    HandlePowerKey = "ignore";
-  services.logind.lidSwitchDocked = "ignore";
+
+    # handled by the dm instead
+    HandleLidSwitch = "ignore";
+    HandleLidSwitchDocked = "ignore";
+  };
+
 
   # requires too many shenanigans so I just install using --no-root-passwd
   # users.users.root.hashedPassword = "!";

hosts/yoga-7-pro/default.nix

@@ -26,6 +26,7 @@
         ../../modules/nixos/pipewire.nix
         ../../modules/nixos/podman.nix
         ../../modules/nixos/power.nix
+        ../../modules/nixos/sops.nix
         ../../modules/nixos/stylix.nix
         ../../modules/nixos/user.nix
 

modules/home-manager/code.nix

@@ -1,14 +1,14 @@
 {pkgs, ...}:
 let
-  baseExtensions = with pkgs.vscode-marketplace; [
+  baseExtensions = pkgs.nix4vscode.forVscode [
     # QOL
-    mhutchie.git-graph
+    "mhutchie.git-graph"
-    redhat.vscode-yaml
+    "redhat.vscode-yaml"
-    # github.copilot
+    "github.copilot"
-    # github.copilot-chat
+    "github.copilot-chat"
     # Nix environment selector
-    arrterian.nix-env-selector
+    "arrterian.nix-env-selector"
-    continue.continue
+    # continue.continue
   ];
 
 
@@ -102,21 +102,21 @@ in
     };
 
     profiles.development = {
-      extensions = baseExtensions ++ (with pkgs.vscode-marketplace; [
+      extensions = baseExtensions ++ pkgs.nix4vscode.forVscode [
         # python
-        ms-python.python
+        "ms-python.python"
-        ms-python.isort
+        "ms-python.isort"
-        ms-python.debugpy
+        "ms-python.debugpy"
-        ms-python.vscode-pylance
+        "ms-python.vscode-pylance"
 
         # nix language
-        jnoortheen.nix-ide
+        "jnoortheen.nix-ide"
 
         # Flutter and co
-        dart-code.flutter
+        "dart-code.flutter"
-        dart-code.dart-code
+        "dart-code.dart-code"
 
-      ]);
+      ];
 
       keybindings = baseKeybindings;
 
@@ -125,19 +125,19 @@ in
 
 
     profiles.science = {
-      extensions = baseExtensions ++ (with pkgs.vscode-marketplace; [
+      extensions = baseExtensions ++ pkgs.nix4vscode.forVscode [
         # python + jupyter
-        ms-python.python
+        "ms-python.python"
-        ms-python.isort
+        "ms-python.isort"
-        ms-python.debugpy
+        "ms-python.debugpy"
-        # ms-python.vscode-pylance
+        "ms-python.vscode-pylance"
-        ms-toolsai.vscode-jupyter-slideshow
+        "ms-toolsai.vscode-jupyter-slideshow"
-        ms-toolsai.jupyter
+        "ms-toolsai.jupyter"
-        ms-toolsai.jupyter-hub
+        "ms-toolsai.jupyter-hub"
-        ms-toolsai.jupyter-renderers
+        "ms-toolsai.jupyter-renderers"
         # Typst
-        myriad-dreamin.tinymist
+        "myriad-dreamin.tinymist"
-      ]);
+      ];
 
       keybindings = baseKeybindings ++ [
         # run code cell in jupyter

modules/home-manager/directories.nix

@@ -11,7 +11,7 @@
     createDirectories = true;
     documents = "${config.home.homeDirectory}/Documents";
     download = "${config.home.homeDirectory}/Downloads";
-    pictures = "${config.home.homeDirectory}/Pictures";#
+    pictures = "${config.home.homeDirectory}/Pictures";
     # do not create the following
     desktop = null;
     music = null;

modules/nixos/networking.nix

@@ -13,6 +13,11 @@ in
       type = lib.types.str;
       default = "nixos";
       };
+
+    nix-config.networking.vpn = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
   };
 
   config = {
@@ -30,6 +35,60 @@ in
     #   enable = false;
     # };
 
-  };
+    # # VPN setup
+    networking.networkmanager.ensureProfiles = {
+      environmentFiles = [ config.sops.secrets.vpnEnvironment.path ];
+      profiles.wg-home = {
+        connection = {
+          id = "wg-home";
+          type = "wireguard";
+          interface-name = "wgh";
+          autoconnect = false;
+        };
 
+        ipv4 = {
+          address = "10.0.0.2/32";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$HOME_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = {
+          endpoint = "$HOME_ENDPOINT";
+          allowed-ips = "192.168.1.0/16";
+        };
+      };
+
+
+
+      profiles.wg-fritzbox = {
+        connection = {
+          id = "wg-fritzbox";
+          type = "wireguard";
+          interface-name = "wgfb";
+          autoconnect = false;
+        };
+
+        ipv4 = {
+          address = "192.168.178.201/24";
+          dns = "192.168.178.1";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$FRITZBOX_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = {
+          endpoint = "$FRITZBOX_ENDPOINT";
+          allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64";
+          preshared-key = "$FRITZBOX_PRESHARED_KEY";
+        };
+      };
+    };
+  };
 }

modules/nixos/power.nix

@@ -23,42 +23,42 @@
 
   config = {
 
-    # services.tlp = {
+    services.tlp = {
-    #   enable = true;
+      enable = true;
-    #   settings = {
+      settings = {
-    #     # processor chooses frequencies itself but respects the limits set by the user
+        # processor chooses frequencies itself but respects the limits set by the user
-    #     CPU_DRIVER_OPMODE_ON_AC = "guided";
+        CPU_DRIVER_OPMODE_ON_AC = "guided";
-    #     CPU_DRIVER_OPMODE_ON_BAT = "guided";
+        CPU_DRIVER_OPMODE_ON_BAT = "guided";
 
-    #     # governor dictates global behavior of the CPU
+        # governor dictates global behavior of the CPU
-    #     CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-    #     CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
 
-    #     # energy performance policy (EPP) sets the energy/performance balance
+        # energy performance policy (EPP) sets the energy/performance balance
-    #     CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
-    #     CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
 
 
-    #     # clock speeds reported by `sudo tlp-stat`
+        # clock speeds reported by `sudo tlp-stat`
-    #     # 623377 [kHz] and 5090910 [kHz]
+        # 623377 [kHz] and 5090910 [kHz]
-    #     # CPU_SCALING_MIN_FREQ_ON_AC = 623377;
+        CPU_SCALING_MIN_FREQ_ON_AC = 623377;
-    #     # CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
+        CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
-    #     # CPU_SCALING_MIN_FREQ_ON_BAT = 0;
+        CPU_SCALING_MIN_FREQ_ON_BAT = 0;
-    #     # # reduce max frequency on battery to save power
+        # reduce max frequency on battery to save power
-    #     # CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
+        CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
 
-    #     # Allow the CPU to boost
+        # Allow the CPU to boost
-    #     CPU_BOOST_ON_AC = 1;
+        CPU_BOOST_ON_AC = 1;
-    #     CPU_BOOST_ON_BAT = 1;
+        CPU_BOOST_ON_BAT = 1;
 
 
-    #     RADEON_DPM_PERF_LEVEL_ON_AC = "high";
+        RADEON_DPM_PERF_LEVEL_ON_AC = "high";
-    #     WIFI_PWR_ON_BAT = "off";
+        # WIFI_PWR_ON_BAT = "off";
 
-    #     # enable battery charge thresholds on the default battery
+        # enable battery charge thresholds on the default battery
-    #     STOP_CHARGE_THRESH_BAT0 = 1;
+        STOP_CHARGE_THRESH_BAT0 = 1;
-    #   };
+      };
-    # };
+    };
 
 
 
@@ -69,15 +69,15 @@
       AllowSuspendThenHibernate=yes
     '';
 
-    services.watt = {
+    # services.watt = {
-      enable = true;
+    #   enable = true;
-      settings = {
+    #   settings = {
-        battery_charge_thresholds = [
+    #     battery_charge_thresholds = [
-          40
+    #       40
-          80
+    #       80
-        ];
+    #     ];
-      };
+    #   };
-    };
+    # };
 
     services.upower.enable = true;
 

modules/nixos/sops.nix

@@ -0,0 +1,12 @@
+{
+  inputs,
+  ...
+}:
+{
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.defaultSopsFile = ./../../secrets/vpn.env;
+  sops.secrets.vpnEnvironment = {
+    sopsFile = ./../../secrets/vpn.env;
+    format = "dotenv";
+  };
+}

users/remy.nix

@@ -12,8 +12,10 @@
   ## Utils relevant to this user only
   programs.git = {
     enable = true;
-    userName = "Remy Moll";
+    settings = {
-    userEmail = "me@moll.re";
+      user.name = "Remy Moll";
+      user.email = "me@moll.re";
+    };
   };
 
   ## XDG configuration
@@ -22,6 +24,7 @@
     mimeApps = {
       enable = true;
       defaultApplications = {
+        # TODO
         "inode/directory" = "org.gnome.Nautilus.desktop";
         "application/zip" = "org.gnome.FileRoller.desktop";
         "application/octet-stream" = "org.gnome.GHex.desktop";

users/remy_yoga/default.nix

@@ -31,7 +31,6 @@ with lib.hm.gvariant;
     ../../modules/home-manager/kitty.nix
     ../../modules/home-manager/kubectl.nix
     ../../modules/home-manager/launcher.nix
-    ../../modules/home-manager/notifications.nix
     ../../modules/home-manager/obsidian.nix
     ../../modules/home-manager/owncloud-client.nix
     ../../modules/home-manager/quickshell