Refactored into flake

.gitignore

@@ -1 +1,2 @@
 .env
+.DS_Store

configuration.nix

@@ -0,0 +1,85 @@
+{ config, pkgs, ... }:
+
+let
+  publicKey = pkgs.fetchurl {
+    url = "https://github.com/jamesepatrick.keys";
+    sha256 = "sha256-6NGBLNPcvsvCTa7UC3H3r9n8dKAHobINK5pxxm94nTM=";
+  };
+in
+{
+  # Allow Cleanup, nix, & flakes
+  nix = {
+    autoOptimiseStore = true;
+    allowedUsers = [ "@wheel" ];
+    gc = {
+      automatic = true;
+      dates = "daily";
+    };
+    package = pkgs.nixUnstable;
+    extraOptions = ''
+            experimental-features = nix-command flakes
+        '';
+  };
+
+  # Enable bootloader & clear /tmp on boot.
+  boot = {
+    cleanTmpDir = true;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  # Locale
+  time.timeZone = "America/New_York";
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users ={
+    root.initialPassword = "nixos";
+    james = {
+      description = "James Patrick";
+      extraGroups = [ "wheel" ];
+      initialPassword = "nixos";
+      isNormalUser = true;
+      openssh.authorizedKeys.keyFiles = [ publicKey ];
+      shell = pkgs.zsh;
+    };
+  };
+
+  # These are the most basic tools I need.
+  environment.systemPackages = with pkgs; [
+    git
+    gnumake
+    vim
+    zsh
+  ];
+
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 443 80 ];
+      allowedUDPPorts = [ 443 80 ];
+      allowPing = false;
+    };
+  };
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # Openssh settings for security
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+  };
+}

flake.lock

@@ -0,0 +1,81 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1637875789,
+        "narHash": "sha256-kwW26kGhqNsWpTz+prw/pAfqz673GojbxZuB0boc1eM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "579f2e8bebb954a103a96b905c27b10f15ef38c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1637831601,
+        "narHash": "sha256-axRY9AehHGXfU52RK3oqDNXd9F92Tm65vEBQir3tRLI=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "aad66afc1cac4a654223f6ba326899c731e57441",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1637841632,
+        "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "locked": {
+        "lastModified": 1637888015,
+        "narHash": "sha256-gkANNpE7kK3/2nb2ezE3dfyb6w+8T1/q0SiQHyy89A4=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "63ce681a0abe4e85449ef82a2a1b1bb73d0c3a5f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs",
+        "nur": "nur"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,52 @@
+{
+  description = "NixOS configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nur = {
+      url = "github:nix-community/NUR";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nixos-hardware = {
+      url = "github:NixOS/nixos-hardware/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  # All outputs for the system (configs)
+  outputs = { home-manager, nixpkgs, nur, nixos-hardware, ... }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs {
+        inherit system;
+        config = {allowUnfree = true;};
+      };
+      lib = nixpkgs.lib;
+    in {
+      nixosConfigurations = {
+        # Config is based on hostname
+        nil = lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            ./configuration.nix
+            nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
+            ./hosts/nil.nix
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.james = import ./home.nix;
+            }
+          ];
+        };
+
+      };
+    };
+}

home.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+{
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home.username = "james";
+  home.homeDirectory = "/home/james";
+
+  wayland.windowManager.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  home.packages = with pkgs; [
+    emacs
+    firefox
+    wofi
+    i3
+    zsh
+    kitty
+    tmux
+  ];
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "21.11";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}

hosts/nil.nix

@@ -0,0 +1,77 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    ../modules/zfs.nix
+    ../modules/profiles/laptop.nix
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  # This is required for the zfs module as well. Must be unique. Run the following
+  #   head -c4  /dev/urandom | od -A none -t x4
+  networking.hostId = "a7a1c3f5";
+  networking.hostName = "nil"; # Define your hostname.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.enp2s0f0.useDHCP = true;
+  networking.interfaces.enp5s0.useDHCP = true;
+  networking.interfaces.wlp3s0.useDHCP = true;
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "vfat"
+    "xhci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+    "cryptd"
+  ];
+
+  hardware.firmware = [
+    pkgs.rtw89-firmware
+  ];
+
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ];
+  boot.supportedFilesystems = ["zfs"];
+
+  boot.initrd.luks.devices."crypt" =
+    { device = "/dev/disk/by-partlabel/crypt";
+      preLVM = true;
+    };
+
+  fileSystems."/" =
+    { device = "rpool/root/nixos";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-partlabel/boot";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/partitions/swap"; }
+    ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+}

modules/profiles/graphical.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+{
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true; # so that gtk works properly
+    extraPackages = with pkgs; [
+      swaylock
+      swayidle
+      wl-clipboard
+      mako # notification daemon
+      alacritty # Alacritty is the default terminal in the config
+      dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native
+      wofi
+    ];
+  };
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+}

modules/profiles/laptop.nix

@@ -0,0 +1,9 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    ./graphical.nix
+  ];
+
+  networking.networkmanager.enable = true;
+  users.users.james.extraGroups = [ "networkmanager" ];
+}

modules/zfs.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+{
+
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    zfs = {
+      forceImportRoot = false;
+      forceImportAll = false;
+    };
+    # this was required for the initial setup of the zpool.
+    # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
+    # kernelParams = ["zfs_force=1"];
+  };
+
+  services.zfs = {
+    autoScrub.enable = true;
+    # enable default auto-snapshots
+    autoSnapshot = {
+      enable = true;
+      flags = "-k -p --utc";
+    };
+  };
+
+}

nixos/configuration.nix

@@ -1,114 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-      "${builtins.fetchGit { url = "https://github.com/NixOS/nixos-hardware.git"; }}/lenovo/thinkpad/t14/amd/"
-      ./hardware-configuration.nix
-      ./zfs.nix
-    ];
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # This is required for the zfs module as well. Must be unique. Run the following
-  #   head -c4  /dev/urandom | od -A none -t x4
-  networking.hostId = "a7a1c3f5";
-  networking.hostName = "nil"; # Define your hostname.
-  networking.wireless = {
-    enable = true;  # Enables wireless support via wpa_supplicant.
-    interfaces = ["wlp3s0"];  # Enables wireless support via wpa_supplicant.
-    userControlled.enable = true;
-  };
-
-  # Set your time zone.
-  time.timeZone = "America/New_York";
-
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.enp2s0f0.useDHCP = true;
-  networking.interfaces.enp5s0.useDHCP = true;
-  networking.interfaces.wlp3s0.useDHCP = true;
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    keyMap = "us";
-  };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-
-  # Configure keymap in X11
-  # services.xserver.layout = "us";
-  # services.xserver.xkbOptions = "eurosign:e";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.james = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  };
-
-  nix.allowedUsers = [ "@wheel" ];
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    git
-    gnumake
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    wget
-  #   firefox
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.05"; # Did you read the comment?
-
-}

nixos/hardware-configuration.nix

@@ -1,57 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ 
-    "nvme"
-    "vfat"
-    "xhci_pci"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-    "sdhci_pci"
-    "cryptd"
-   ];
-
-  # Wifi support
-  hardware.firmware = [ pkgs.rtw89-firmware ];
-
-  # For support of newer AMD GPUs, backlight and internal microphone
-  boot.kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "5.13") pkgs.linuxPackages_latest;
-
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ config.boot.kernelPackages.rtw89 ];
-  boot.supportedFilesystems = ["zfs"];
-
-  boot.initrd.luks.devices."crypt" = 
-    { device = "/dev/disk/by-partlabel/crypt";
-      preLVM = true;
-    };
-
-  fileSystems."/" =
-    { device = "rpool/root/nixos";
-      fsType = "zfs";
-    };
-
-  fileSystems."/home" =
-    { device = "rpool/home";
-      fsType = "zfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-partlabel/boot";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/partitions/swap"; }
-    ];
-
-}

nixos/zfs.nix

@@ -1,21 +0,0 @@
-# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix)
-# These are the options ZFS requires, but a normal system has, of course,
-#   more options (like a bootloader, or installed software).
-{ config, pkgs, ... }:
-{
-  # remove this after 1st boot
-  # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
-  boot.kernelParams = ["zfs_force=1"];
-
-  boot.zfs.forceImportRoot = false;
-  boot.zfs.forceImportAll = false;
-
-  boot.supportedFilesystems = [ "zfs" ];
-
-  services.zfs.autoScrub.enable = true;
-  # this enables the zfs-auto-snapshot
-  services.zfs.autoSnapshot = {
-    enable = true;
-    flags = "-k -p --utc";
-  };
-}