initial commit

modules/core/boot.nix

@@ -0,0 +1,20 @@
+{ pkgs, pkgs-unstable, config, ... }:
+
+{
+  boot = {
+    # Use standard LTS kernel — lighter for older laptops than zen
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    # Appimage Support
+    binfmt.registrations.appimage = {
+      wrapInterpreterInShell = false;
+      interpreter = "${pkgs.appimage-run}/bin/appimage-run";
+      recognitionType = "magic";
+      offset = 0;
+      mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
+      magicOrExtension = ''\x7fELF....AI\x02'';
+    };
+    plymouth.enable = true;
+  };
+}

modules/core/default.nix

@@ -0,0 +1,34 @@
+{
+  inputs,
+  host,
+  ...
+}:
+let
+  vars = import ../../hosts/${host}/variables.nix;
+in
+{
+  imports = [
+    ./boot.nix
+    ./flatpak.nix
+    ./fonts.nix
+    ./hardware.nix
+    ./network.nix
+    ./nfs.nix
+    ./nh.nix
+    ./packages.nix
+    ./printing.nix
+    (if vars.displayManager == "tui" then ./greetd.nix else ./sddm.nix)
+    ./security.nix
+    ./services.nix
+    ./stylix.nix
+    ./syncthing.nix
+    ./system.nix
+    ./thunar.nix
+    ./user.nix
+    ./virtualisation.nix
+    ./wayland.nix
+    ./xserver.nix
+    (if vars.desktopEnvironment == "niri" then ./swaylock.nix else null)
+    inputs.stylix.nixosModules.stylix
+  ];
+}

modules/core/flatpak.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }: {
+  xdg.portal = {
+    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+  services = {
+    flatpak = {
+      enable = true;
+      packages = [ ];
+      update.onActivation = true;
+    };
+  };
+}

modules/core/fonts.nix

@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+{
+  fonts = {
+    packages = with pkgs; [
+      dejavu_fonts
+      fira-code
+      fira-code-symbols
+      font-awesome
+      ibm-plex
+      inter
+      jetbrains-mono
+      material-icons
+      maple-mono.NF
+      nerd-fonts.im-writing
+      nerd-fonts.blex-mono
+      noto-fonts
+      noto-fonts-color-emoji
+      noto-fonts-cjk-sans
+      powerline-fonts
+      roboto
+      roboto-mono
+      symbola
+      terminus_font
+    ];
+  };
+}

modules/core/greetd.nix

@@ -0,0 +1,12 @@
+{ pkgs, username, ... }: {
+  services.greetd = {
+    enable = true;
+    vt = 3;
+    settings = {
+      default_session = {
+        user = username;
+        command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
+      };
+    };
+  };
+}

modules/core/hardware.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  hardware = {
+    graphics.enable = true;
+    enableRedistributableFirmware = true;
+    bluetooth.enable = true;
+    bluetooth.powerOnBoot = true;
+  };
+  local.hardware-clock.enable = false;
+}

modules/core/network.nix

@@ -0,0 +1,37 @@
+{
+  pkgs,
+  host,
+  options,
+  ...
+}: let
+  inherit (import ../../hosts/${host}/variables.nix) hostId;
+in {
+  assertions = [
+    {
+      assertion = builtins.match "^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$" host != null;
+      message = "Invalid hostname '${host}'.";
+    }
+  ];
+
+  networking = {
+    hostName = "${host}";
+    hostId = hostId;
+    networkmanager.enable = true;
+    timeServers = options.networking.timeServers.default ++ ["pool.ntp.org"];
+    nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 80 443 8080 ];
+    };
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = ["~."];
+    fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
+    dnsovertls = "true";
+  };
+
+  environment.systemPackages = with pkgs; [networkmanagerapplet];
+}

modules/core/nfs.nix

@@ -0,0 +1,10 @@
+{ host, ... }:
+let
+  inherit (import ../../hosts/${host}/variables.nix) enableNFS;
+in
+{
+  services = {
+    rpcbind.enable = enableNFS;
+    nfs.server.enable = enableNFS;
+  };
+}

modules/core/nh.nix

@@ -0,0 +1,15 @@
+{ pkgs, username, ... }: {
+  programs.nh = {
+    enable = true;
+    clean = {
+      enable = true;
+      extraArgs = "--keep-since 7d --keep 5";
+    };
+    flake = "/home/${username}/zaneyos/SaugOS";
+  };
+
+  environment.systemPackages = with pkgs; [
+    nix-output-monitor
+    nvd
+  ];
+}

modules/core/packages.nix

@@ -0,0 +1,60 @@
+{
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  programs = {
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+    };
+    firefox.enable = false;
+    dconf.enable = true;
+    seahorse.enable = true;
+    fuse.userAllowOther = true;
+    mtr.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    appimage-run
+    brightnessctl
+    cliphist
+    docker-compose
+    duf
+    dysk
+    eza
+    ffmpeg
+    file-roller
+    gedit
+    greetd.tuigreet
+    htop
+    eog
+    inxi
+    killall
+    libnotify
+    lm_sensors
+    lshw
+    mesa-demos
+    ncdu
+    nixfmt-rfc-style
+    pavucontrol
+    pciutils
+    pkg-config
+    playerctl
+    ripgrep
+    socat
+    unrar
+    unzip
+    usbutils
+    uwsm
+    waypaper
+    wget
+  ];
+}

modules/core/printing.nix

@@ -0,0 +1,18 @@
+{ host, ... }:
+let
+  inherit (import ../../hosts/${host}/variables.nix) printEnable;
+in
+{
+  services = {
+    printing = {
+      enable = printEnable;
+      drivers = [ ];
+    };
+    avahi = {
+      enable = printEnable;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
+    ipp-usb.enable = printEnable;
+  };
+}

modules/core/sddm.nix

@@ -0,0 +1,44 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  foreground = config.stylix.base16Scheme.base00;
+  textColor = config.stylix.base16Scheme.base05;
+  sddm-astronaut = pkgs.sddm-astronaut.override {
+    embeddedTheme = "pixel_sakura";
+    themeConfig = {
+      FormPosition = "left";
+      Blur = "4.0";
+      Background = "${toString config.stylix.image}";
+      HeaderTextColor = "#${textColor}";
+      DateTextColor = "#${textColor}";
+      TimeTextColor = "#${textColor}";
+      LoginFieldTextColor = "#${textColor}";
+      PasswordFieldTextColor = "#${textColor}";
+      UserIconColor = "#${textColor}";
+      PasswordIconColor = "#${textColor}";
+      WarningColor = "#${textColor}";
+      LoginButtonBackgroundColor = "#${config.stylix.base16Scheme.base01}";
+      SystemButtonsIconsColor = "#${textColor}";
+      SessionButtonTextColor = "#${textColor}";
+      VirtualKeyboardButtonTextColor = "#${textColor}";
+      DropdownBackgroundColor = "#${config.stylix.base16Scheme.base01}";
+      HighlightBackgroundColor = "#${textColor}";
+      FormBackgroundColor = "#${config.stylix.base16Scheme.base01}";
+    };
+  };
+in {
+  services.displayManager = {
+    sddm = {
+      package = pkgs.kdePackages.sddm;
+      extraPackages = [sddm-astronaut];
+      enable = true;
+      wayland.enable = false;
+      theme = "sddm-astronaut-theme";
+    };
+  };
+
+  environment.systemPackages = [sddm-astronaut];
+}

modules/core/security.nix

@@ -0,0 +1,50 @@
+{ pkgs, username, ... }: {
+  security = {
+    rtkit.enable = true;
+    polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if ( subject.isInGroup("users") && (
+           action.id == "org.freedesktop.login1.reboot" ||
+           action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+           action.id == "org.freedesktop.login1.power-off" ||
+           action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+          ))
+          { return polkit.Result.YES; }
+        })
+      '';
+    };
+
+    pam.services = {
+      login.enableGnomeKeyring = true;
+      login.enableKwallet = true;
+    };
+
+    pam.services.hyprlock = {
+      text = ''
+        auth sufficient pam_unix.so try_first_pass nullok
+        auth required pam_deny.so
+      '';
+    };
+
+    pam.services.swaylock = {
+      text = ''
+        auth sufficient pam_unix.so try_first_pass nullok
+        auth required pam_deny.so
+      '';
+    };
+
+    sudo.extraRules = [
+      {
+        users = [ "${username}" ];
+        commands = [
+          {
+            command = "ALL";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+  };
+}

modules/core/services.nix

@@ -0,0 +1,49 @@
+{ profile, ... }: {
+  services = {
+    libinput.enable = true;
+    fstrim.enable = true;
+    gvfs.enable = true;
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = true;
+        KbdInteractiveAuthentication = true;
+      };
+      ports = [ 22 ];
+    };
+    blueman.enable = true;
+    tumbler.enable = true;
+    gnome.gnome-keyring.enable = true;
+    tailscale.enable = true;
+
+    smartd = {
+      enable =
+        if profile == "vm"
+        then false
+        else true;
+      autodetect = true;
+    };
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+    };
+
+    # TLP for laptop power management
+    tlp = {
+      enable = true;
+      settings = {
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+        START_CHARGE_THRESH_BAT0 = 40;
+        STOP_CHARGE_THRESH_BAT0 = 80;
+      };
+    };
+    thermald.enable = true;
+  };
+}

modules/core/stylix.nix

@@ -0,0 +1,55 @@
+{ pkgs, host, ... }:
+let
+  inherit (import ../../hosts/${host}/variables.nix) stylixImage;
+in
+{
+  stylix = {
+    enable = true;
+    image = stylixImage;
+    base16Scheme = {
+      base00 = "24273a"; # base
+      base01 = "1e2030"; # mantle
+      base02 = "363a4f"; # surface0
+      base03 = "494d64"; # surface1
+      base04 = "5b6078"; # surface2
+      base05 = "cad3f5"; # text
+      base06 = "f4dbd6"; # rosewater
+      base07 = "b7bdf8"; # lavender
+      base08 = "ed8796"; # red
+      base09 = "f5a97f"; # peach
+      base0A = "eed49f"; # yellow
+      base0B = "a6da95"; # green
+      base0C = "8bd5ca"; # teal
+      base0D = "8aadf4"; # blue
+      base0E = "c6a0f6"; # mauve
+      base0F = "f0c6c6"; # flamingo
+    };
+    polarity = "dark";
+    opacity.terminal = 1.0;
+    cursor = {
+      package = pkgs.bibata-cursors;
+      name = "Bibata-Modern-Ice";
+      size = 24;
+    };
+    fonts = {
+      monospace = {
+        package = pkgs.nerd-fonts.jetbrains-mono;
+        name = "JetBrains Mono";
+      };
+      sansSerif = {
+        package = pkgs.montserrat;
+        name = "Montserrat";
+      };
+      serif = {
+        package = pkgs.montserrat;
+        name = "Montserrat";
+      };
+      sizes = {
+        applications = 12;
+        terminal = 15;
+        desktop = 11;
+        popups = 12;
+      };
+    };
+  };
+}

modules/core/swaylock.nix

@@ -0,0 +1,13 @@
+{ config, pkgs, host, ... }:
+let
+  vars = import ../../../hosts/${host}/variables.nix;
+in
+{
+  services.udev.extraRules = "";
+
+  environment.etc."swaylock/config".text = ''
+    color=${config.lib.stylix.colors.base00}
+  '';
+
+  environment.systemPackages = [ pkgs.swaylock ];
+}

modules/core/syncthing.nix

@@ -0,0 +1,8 @@
+{ username, ... }: {
+  services.syncthing = {
+    enable = false;
+    user = "${username}";
+    dataDir = "/home/${username}";
+    configDir = "/home/${username}/.config/syncthing";
+  };
+}

modules/core/system.nix

@@ -0,0 +1,40 @@
+{ host, profile, ... }:
+let
+  inherit (import ../../hosts/${host}/variables.nix) consoleKeyMap;
+in
+{
+  nix = {
+    settings = {
+      download-buffer-size = 200000000;
+      auto-optimise-store = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      substituters = [ "https://niri.cachix.org" ];
+      trusted-public-keys = [ "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z+BN0JISU3WYj9E84=" ];
+    };
+  };
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+  environment.variables = {
+    NIXOS_OZONE_WL = "1";
+    SDL_VIDEO_MINIMIZE_ON_FOCUS_LOSS = "0";
+    SAUGOS_VERSION = "1.0";
+    SAUGOS = "true";
+  };
+  console.keyMap = "${consoleKeyMap}";
+
+  system.stateVersion = "23.11";
+}

modules/core/thunar.nix

@@ -0,0 +1,18 @@
+{ host, pkgs, ... }:
+let
+  inherit (import ../../hosts/${host}/variables.nix) thunarEnable;
+in
+{
+  programs = {
+    thunar = {
+      enable = thunarEnable;
+      plugins = with pkgs.xfce; [
+        thunar-archive-plugin
+        thunar-volman
+      ];
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    ffmpegthumbnailer
+  ];
+}

modules/core/user.nix

@@ -0,0 +1,45 @@
+{ pkgs
+, inputs
+, username
+, host
+, profile
+, pkgs-unstable
+, ...
+}:
+let
+  inherit (import ../../hosts/${host}/variables.nix) gitUsername;
+in
+{
+  imports = [ inputs.home-manager.nixosModules.home-manager ];
+  home-manager = {
+    useUserPackages = true;
+    useGlobalPkgs = false;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs username host profile pkgs-unstable; };
+    users.${username} = {
+      imports = [
+        ./../home
+      ];
+      home = {
+        username = "${username}";
+        homeDirectory = "/home/${username}";
+        stateVersion = "23.11";
+      };
+    };
+  };
+  users.mutableUsers = true;
+  users.users.${username} = {
+    isNormalUser = true;
+    description = "${gitUsername}";
+    extraGroups = [
+      "docker"
+      "libvirtd"
+      "lp"
+      "networkmanager"
+      "wheel"
+    ];
+    shell = pkgs.zsh;
+    ignoreShellProgramCheck = true;
+  };
+  nix.settings.allowed-users = [ "${username}" ];
+}

modules/core/virtualisation.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }: {
+  # Docker for container-based dev workflows
+  virtualisation = {
+    docker.enable = true;
+    podman.enable = false;
+    libvirtd.enable = false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    lazydocker
+    docker-client
+  ];
+}

modules/core/wayland.nix

@@ -0,0 +1,32 @@
+{ host, pkgs, inputs, ... }:
+let
+  vars = import ../../hosts/${host}/variables.nix;
+  desktopEnvironment = vars.desktopEnvironment or "niri";
+in
+{
+  programs.niri = {
+    enable = desktopEnvironment == "niri";
+    package = inputs.niri.packages.${pkgs.system}.niri-stable;
+  };
+
+  environment.systemPackages = with pkgs; [
+    xwayland
+    xdg-utils
+  ];
+
+  xdg.portal = {
+    enable = true;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk
+    ] ++ (if desktopEnvironment == "niri" then [
+      xdg-desktop-portal-gnome
+    ] else []);
+
+    config = if desktopEnvironment == "niri" then {
+      common.default = "*";
+      niri.default = [ "gnome" "gtk" ];
+    } else {};
+  };
+
+  security.polkit.enable = true;
+}

modules/core/xserver.nix

@@ -0,0 +1,16 @@
+{ host, ... }:
+let
+  vars = import ../../hosts/${host}/variables.nix;
+  keyboardLayout = vars.keyboardLayout or "us";
+  keyboardVariant = vars.keyboardVariant or "";
+  enableXServer = vars.displayManager == "sddm";
+in
+{
+  services.xserver = {
+    enable = enableXServer;
+    xkb = {
+      layout = "${keyboardLayout}";
+      variant = "${keyboardVariant}";
+    };
+  };
+}