feat: add work laptop configuration

home/dogar/blueocean.nix

@@ -0,0 +1,42 @@
+{config, lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "direnv"
+      "firefox"
+      "fonts"
+      "ghostty"
+      "git"
+      "hyprland"
+      "kitty"
+      "misc-packages"
+      "nvim"
+      "ssh"
+      "starship"
+      "tmux"
+      "uv"
+      "zsh"
+    ])
+  ];
+
+  services.yubikey-touch-detector.enable = true;
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+      NIXOS_OZONE_WL = "1";
+    };
+    file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink
+      "${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
+  };
+}

home/dogar/common/core/default.nix

@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  hostSpec,
+  ...
+}: {
+  imports = lib.flatten [
+    (map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
+  ];
+
+  inherit hostSpec;
+
+  home = {
+    username = lib.mkDefault config.hostSpec.username;
+    homeDirectory = lib.mkDefault config.hostSpec.home;
+    stateVersion = lib.mkDefault "25.05";
+    sessionPath = ["$HOME/.local/bin"];
+    sessionVariables = {
+      FLAKE = "$HOME/src/nix/nix-config";
+      SHELL = "zsh";
+      VISUAL = "nvim";
+      EDITOR = "nvim";
+    };
+  };
+
+  nix = {
+    package = lib.mkDefault pkgs.nix;
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      warn-dirty = false;
+    };
+  };
+
+  programs.home-manager.enable = true;
+
+  # Nicely reload system units when changing configs
+  systemd.user.startServices = "sd-switch";
+}

home/dogar/common/optional/btop.nix

@@ -0,0 +1,3 @@
+{...}: {
+  programs.btop = {enable = true;};
+}

home/dogar/common/optional/direnv.nix

@@ -0,0 +1,8 @@
+{
+  programs.direnv = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    nix-direnv.enable = true;
+  };
+}

home/dogar/common/optional/firefox.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  programs.firefox = {
+    enable = true;
+    package = pkgs.firefox.override {
+      cfg = {
+        # Gnome shell native connector
+        enableGnomeExtensions = true;
+      };
+    };
+  };
+}

home/dogar/common/optional/fonts.nix

@@ -0,0 +1,4 @@
+{pkgs, ...}: {
+  fonts.fontconfig.enable = true;
+  home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
+}

home/dogar/common/optional/ghostty.nix

@@ -0,0 +1,12 @@
+{config, ...}: {
+  programs.ghostty = {
+    enable = true;
+
+    settings = {
+      theme = "catppuccin-mocha";
+      font-family = config.hostSpec.font;
+      font-size = 14;
+      initial-command = "tmux";
+    };
+  };
+}

home/dogar/common/optional/git.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+
+    settings = {
+      user = {
+        name = config.hostSpec.userFullName;
+        email = config.hostSpec.email.user;
+      };
+      gpg = {format = "ssh";};
+      "gpg \"ssh\"" = {
+        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
+      };
+      commit = {gpgsign = true;};
+      user = {signingKey = "~/.ssh/id_ed25519.pub";};
+      pull = {rebase = true;};
+      init = {defaultBranch = "main";};
+      lfs = {locksverify = true;};
+    };
+  };
+}

home/dogar/common/optional/hyprland.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  home = {
+    file = {
+      "${config.xdg.configHome}/hypr/hyprland.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprland.conf"}";
+      "${config.xdg.configHome}/hypr/hypridle.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hypridle.conf"}";
+      "${config.xdg.configHome}/hypr/hyprlock.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprlock.conf"}";
+      "${config.xdg.configHome}/waybar".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/waybar"}";
+      "${config.xdg.configHome}/wofi".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/wofi"}";
+      "${config.xdg.configHome}/mako".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/mako"}";
+    };
+
+    packages = with pkgs; [
+      hyprshot
+      hyprlock
+      hypridle
+      hyprpolkitagent
+      waybar
+      wofi
+      mako
+    ];
+  };
+}

home/dogar/common/optional/kitty.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  programs.kitty = {
+    enable = true;
+
+    shellIntegration.enableZshIntegration = true;
+    settings = {
+      font = config.hostSpec.font;
+      shell = "tmux";
+      font-size = 16.0;
+      active_border_color = "#44ffff";
+      single_window_margin_width = 0;
+    };
+  };
+}

home/dogar/common/optional/misc-packages.nix

@@ -0,0 +1,35 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    btop
+    zoxide
+    unzip
+    tmux
+    gcc
+    zig
+    gparted
+    gnupg
+    dig
+    bash
+    kdePackages.dolphin
+    font-awesome
+    tree
+    wl-clipboard-rs
+    brightnessctl
+    age
+    nerd-fonts.jetbrains-mono
+    lazygit
+    gh
+    dbeaver-bin
+    cloudflare-warp
+    protonmail-desktop
+    rpi-imager
+    kubectl
+    k9s
+    postgresql_17
+    kitty
+    waybar
+    obsidian
+    yq
+    jq
+  ];
+}

home/dogar/common/optional/nvim.nix

@@ -0,0 +1,13 @@
+{config, ...}: {
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+  };
+
+  # Create a symlink from ~/.config/nvim to the dotfiles directory
+  home.file.".config/nvim".source =
+    config.lib.file.mkOutOfStoreSymlink
+    "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
+}

home/dogar/common/optional/ssh.nix

@@ -0,0 +1,10 @@
+{...}: let
+  onePassPath = "~/.1password/agent.sock";
+in {
+  programs.ssh = {
+    enable = true;
+    enableDefaultConfig = false;
+    extraConfig = "IdentityAgent ${onePassPath}";
+    matchBlocks."*" = {};
+  };
+}

home/dogar/common/optional/starship.nix

@@ -0,0 +1 @@
+{...}: {programs.starship.enable = true;}

home/dogar/common/optional/tmux.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  home = {
+    file = {
+      "${config.xdg.configHome}/tmux".source =
+        lib.custom.relativeToRoot "dotfiles/tmux";
+    };
+
+    packages = with pkgs; [tmux];
+  };
+}

home/dogar/common/optional/uv.nix

@@ -0,0 +1,10 @@
+{
+  ...
+}: {
+  programs.uv = {
+    enable = true;
+    settings = {
+      pip.index-url = "https://pip.dogar.dev";
+    };
+  };
+}

home/dogar/common/optional/zsh.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    eza
+    ripgrep
+    rm-improved
+    dust
+    xcp
+    nh
+    zoxide
+  ];
+
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    autosuggestion.enable = true;
+    syntaxHighlighting.enable = true;
+
+    initContent = ''
+      eval "$(zoxide init zsh)"
+    '';
+
+    shellAliases = {
+      ".." = "cd ..";
+      ls = "exa";
+      vim = "nvim";
+      grep = "rg";
+      du = "dust";
+      rm = "rip";
+      cp = "xcp";
+      uo = "nh os switch ~/git/nix-config";
+      k = "kubectl";
+    };
+
+    history = {
+      size = 10000;
+      path = "${config.xdg.dataHome}/zsh/history";
+    };
+  };
+}

hosts/common/core/default.nix

@@ -16,9 +16,6 @@
   ];
 
   hostSpec = {
-    username = "shahab";
-    handle = "shahab96";
-    email = {user = "shahab@dogar.dev";};
     userFullName = "Shahab Dogar";
     networking.ports.tcp.ssh = 22;
   };
@@ -69,7 +66,7 @@
     enable = true;
     clean.enable = true;
     clean.extraArgs = "--keep-since 10d --keep 10";
-    flake = "/home/user/${config.hostSpec.home}/nix-config";
+    flake = "${config.hostSpec.home}/nix-config";
   };
 
   # ========= Sops =========

hosts/common/disks/blueocean.nix

@@ -0,0 +1,116 @@
+{
+  lib,
+  primary,
+  nix,
+  withSwap,
+  swapSize,
+  label,
+  ...
+}: {
+  disko = {
+    devices = {
+      disk = {
+        main = {
+          device = primary;
+
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              boot = {
+                name = "boot";
+                size = "1M";
+                type = "EF02";
+              };
+              esp = {
+                name = "ESP";
+                size = "500M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                };
+              };
+              luks = {
+                size = "100%";
+                content = {
+                  name = "crypted";
+                  type = "luks";
+                  passwordFile = "/tmp/secret.key";
+                  settings = {
+                    allowDiscards = true;
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                  };
+                  content = {
+                    type = "lvm_pv";
+                    vg = "crypt_vg";
+                  };
+                };
+              };
+            };
+          };
+        };
+        secondary = {
+          device = nix;
+
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              luks = {
+                size = "100%";
+                content = {
+                  name = "crypt-nix";
+                  type = "luks";
+                  passwordFile = "/tmp/secret.key";
+                  settings = {
+                    allowDiscards = true;
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                  };
+                  content = {
+                    type = "btrfs";
+                    extraArgs = ["-L nix -f"];
+                    subvolumes = {
+                      "@nix" = {
+                        mountpoint = "/nix";
+                        mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
+                      };
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+      lvm_vg = {
+        crypt_vg = {
+          type = "lvm_vg";
+          lvs = {
+            swap = lib.mkIf withSwap {
+              size = "${swapSize}G";
+              content = {
+                type = "swap";
+                resumeDevice = true;
+              };
+            };
+            main = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-L" label "-f"];
+                subvolumes = {
+                  "@root" = {
+                    mountpoint = "/";
+                    mountOptions = ["subvol=root" "compress=zstd" "noatime"];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/nixos/blueocean/default.nix

@@ -0,0 +1,95 @@
+{
+  inputs,
+  lib,
+  config,
+  ...
+}: {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-gpu-amd
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+    inputs.nixos-hardware.nixosModules.lenovo-legion-16ithg6
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/blueocean.nix")
+    {
+      _module.args = {
+        primary = "/dev/nvme0n1";
+        nix = "/dev/nvme1n1";
+        withSwap = true;
+        swapSize = "4";
+        label = "nixos";
+      };
+    }
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Optional Configs =========
+    #
+    (map (c: lib.custom.relativeToRoot "hosts/common/optional/${c}.nix") [
+      "1password"
+      "claude-code"
+      "dconf"
+      "docker"
+      "hyprland"
+      "nix-ld"
+      "secure-boot"
+      "yubikey"
+    ])
+
+    #
+    # ========= Optional Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "audio"
+        "bluetooth"
+        "firmware"
+        "greetd"
+        "openssh"
+        "printing"
+        "smart-card"
+        "vpn"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = "blueocean";
+    username = "dogar";
+    handle = "shadogar";
+    email = {user = "shahab.dogar@blueocean.ai";};
+  };
+
+  networking = {
+    networkmanager.enable = true;
+    enableIPv6 = false;
+  };
+
+  boot = {
+    loader = {
+      # Set this to true on first install. This must be false for secure boot.
+      systemd-boot = {
+        enable = lib.mkForce (!config.hostSpec.secureBoot);
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  security.rtkit.enable = true;
+  system.stateVersion = "25.05";
+}

hosts/nixos/blueocean/hardware-configuration.nix

@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "thunderbolt"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [];
+    };
+
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+    binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.amd.updateMicrocode =
+      lib.mkDefault config.hardware.enableRedistributableFirmware;
+    graphics = {
+      enable = true;
+    };
+  };
+}

hosts/nixos/rihla/default.nix

@@ -87,6 +87,9 @@
     secureBoot = false;
     persist = "/persist";
     impermanance = false;
+    username = "shahab";
+    handle = "shahab96";
+    email = {user = "shahab@dogar.dev";};
   };
 
   networking = {

hosts/nixos/rihla/hardware-configuration.nix

@@ -2,7 +2,6 @@
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
-  config,
   lib,
   modulesPath,
   ...
@@ -38,8 +37,6 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware = {
-    cpu.amd.updateMicrocode =
-      lib.mkDefault config.hardware.enableRedistributableFirmware;
     graphics = {
       enable = true;
     };