chore: formatter

dotfiles/hypr/hyprland.conf

@@ -25,7 +25,7 @@ monitor=,preferred,auto,auto
 # See https://wiki.hyprland.org/Configuring/Keywords/
 
 # Set programs that you use
-$terminal = ghostty
+$terminal = kitty
 $fileManager = dolphin
 $menu = wofi --show drun
 
@@ -186,11 +186,6 @@ input {
     }
 }
 
-# https://wiki.hyprland.org/Configuring/Variables/#gestures
-gestures {
-    workspace_swipe = false
-}
-
 # Example per-device config
 # See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
 device {

dotfiles/nvim/flake.nix

@@ -10,14 +10,17 @@
     };
   };
 
-  outputs = { self, nixpkgs, flake-utils, fenix }:
-    flake-utils.lib.eachDefaultSystem (system:
-      let
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+    fenix,
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
       pkgs = nixpkgs.legacyPackages.${system};
       fenixLib = fenix.packages.${system};
       rustToolchain = fenixLib.stable.toolchain;
-      in
-      {
+    in {
       devShells.default = pkgs.mkShell {
         buildInputs = with pkgs; [
           lua-language-server

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755946532,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "lastModified": 1760101617,
+        "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756733629,
-        "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
+        "lastModified": 1761899396,
+        "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
+        "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998",
         "type": "github"
       },
       "original": {
@@ -172,11 +172,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756903364,
-        "narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=",
+        "lastModified": 1761878381,
+        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6159629d05a0e92bb7fb7211e74106ae1d552401",
+        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
         "type": "github"
       },
       "original": {
@@ -230,11 +230,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755678602,
-        "narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=",
+        "lastModified": 1760445448,
+        "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "157cc52065a104fc3b8fa542ae648b992421d1c7",
+        "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
         "type": "github"
       },
       "original": {
@@ -259,11 +259,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1756811803,
-        "narHash": "sha256-03zmDvAU+VLPWHv5uxfGVR6bs/SnCYeZ8hbedK/Eb/M=",
+        "lastModified": 1761869718,
+        "narHash": "sha256-jLfwwlPGpnGRAtVDyoGj9FgH2D9hWwyEu0yHkflG2EI=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "127aab815908ecbd3db4d23f127d2e96b79855f9",
+        "rev": "8e9add2afda58d233a75e4c5ce8503b24fa59ceb",
         "type": "github"
       },
       "original": {
@@ -284,11 +284,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749046714,
-        "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=",
+        "lastModified": 1759610243,
+        "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330",
+        "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
         "type": "github"
       },
       "original": {
@@ -352,11 +352,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753819801,
-        "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
+        "lastModified": 1759080228,
+        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
         "owner": "hyprwm",
         "repo": "hyprland-qtutils",
-        "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
+        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
         "type": "github"
       },
       "original": {
@@ -381,11 +381,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753622892,
-        "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
+        "lastModified": 1758927902,
+        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
+        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
         "type": "github"
       },
       "original": {
@@ -406,11 +406,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756117388,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "lastModified": 1759619523,
+        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
         "type": "github"
       },
       "original": {
@@ -490,11 +490,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1756750488,
-        "narHash": "sha256-e4ZAu2sjOtGpvbdS5zo+Va5FUUkAnizl4wb0/JlIL2I=",
+        "lastModified": 1761933221,
+        "narHash": "sha256-rNHeoG3ZrA94jczyLSjxCtu67YYPYIlXXr0uhG3wNxM=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "47eb4856cfd01eaeaa7bb5944a0f27db8fb9b94a",
+        "rev": "7467f155fcba189eb088a7601f44fbef7688669b",
         "type": "github"
       },
       "original": {
@@ -505,11 +505,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756266583,
-        "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=",
+        "lastModified": 1761114652,
+        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2",
+        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
         "type": "github"
       },
       "original": {
@@ -537,11 +537,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1756787288,
-        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
+        "lastModified": 1761672384,
+        "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
+        "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
         "type": "github"
       },
       "original": {
@@ -561,11 +561,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755960406,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "lastModified": 1760663237,
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
         "type": "github"
       },
       "original": {
@@ -641,11 +641,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754988908,
-        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
         "type": "github"
       },
       "original": {
@@ -697,11 +697,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755354946,
-        "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
+        "lastModified": 1760713634,
+        "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
+        "rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
         "type": "github"
       },
       "original": {

flake.nix

@@ -40,8 +40,7 @@
     };
   };
 
-  outputs = { nixpkgs, ... }@inputs:
-    let
+  outputs = {nixpkgs, ...} @ inputs: let
     inherit (nixpkgs) lib;
     mkHost = host: {
       ${host} = nixpkgs.lib.nixosSystem {
@@ -64,10 +63,11 @@
   in {
     nixosConfigurations = mkHostConfigs (readHosts "nixos");
 
-      devShell.x86_64-linux = let
+    devShells.x86_64-linux.default = let
       pkgs = nixpkgs.legacyPackages.x86_64-linux;
-      in pkgs.mkShell {
-        buildInputs = with pkgs; [ nil lua-language-server ];
+    in
+      pkgs.mkShell {
+        buildInputs = with pkgs; [nil lua-language-server kubernetes-helm kubectl];
       };
   };
 }

home/shahab/aamil-1.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/aamil-2.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/aamil-3.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/common/core/default.nix

@@ -1,11 +1,12 @@
-{ config, lib, pkgs, hostSpec, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  hostSpec,
+  ...
+}: {
   imports = lib.flatten [
     (map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
-
-    ./ghostty.nix
-    ./direnv.nix
-    ./git.nix
-    ./fonts.nix
   ];
 
   inherit hostSpec;
@@ -23,32 +24,6 @@
     };
   };
 
-  home.packages = with pkgs; [
-    nh
-    btop
-    eza
-    ripgrep
-    rm-improved
-    dust
-    zoxide
-    xcp
-    unzip
-    tmux
-    gcc
-    zig
-    gparted
-    gnupg
-    dig
-    bash
-    kdePackages.dolphin
-    font-awesome
-    tree
-    wl-clipboard-rs
-    brightnessctl
-    age
-    nerd-fonts.jetbrains-mono
-  ];
-
   nix = {
     package = lib.mkDefault pkgs.nix;
     settings = {

home/shahab/common/core/fonts.nix

@@ -1,4 +0,0 @@
-{ pkgs, ... }: {
-  fonts.fontconfig.enable = true;
-  home.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
-}

home/shahab/common/core/git.nix

@@ -1,21 +0,0 @@
-{ lib, pkgs, config, ... }: {
-  programs.git = {
-    package = pkgs.gitAndTools.gitFull;
-    enable = true;
-    userName = config.hostSpec.userFullName;
-    userEmail = config.hostSpec.email.user;
-    lfs.enable = true;
-
-    extraConfig = {
-      gpg = { format = "ssh"; };
-      "gpg \"ssh\"" = {
-        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
-      };
-      commit = { gpgsign = true; };
-      user = { signingKey = "~/.ssh/id_rihla.pub"; };
-      pull = { rebase = true; };
-      init = { defaultBranch = "main"; };
-      lfs = { locksverify = true; };
-    };
-  };
-}

home/shahab/common/optional/btop.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.btop = {enable = true;};
 }

home/shahab/common/optional/fonts.nix

@@ -0,0 +1,4 @@
+{pkgs, ...}: {
+  fonts.fontconfig.enable = true;
+  home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
+}

home/shahab/common/optional/ghostty.nix

@@ -1,9 +1,4 @@
-{
-  config,
-  ...
-}:
-
-{
+{config, ...}: {
   programs.ghostty = {
     enable = true;
 

home/shahab/common/optional/git.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+
+    settings = {
+      user = {
+        name = config.hostSpec.userFullName;
+        email = config.hostSpec.email.user;
+      };
+      gpg = {format = "ssh";};
+      "gpg \"ssh\"" = {
+        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
+      };
+      commit = {gpgsign = true;};
+      user = {signingKey = "~/.ssh/id_rihla.pub";};
+      pull = {rebase = true;};
+      init = {defaultBranch = "main";};
+      lfs = {locksverify = true;};
+    };
+  };
+}

home/shahab/common/optional/hyprland.nix

@@ -1,16 +1,23 @@
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   home = {
     file = {
-      "${config.xdg.configHome}/hypr".source =
-        lib.custom.relativeToRoot "dotfiles/hypr";
+      "${config.xdg.configHome}/hypr/hyprland.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprland.conf"}";
+      "${config.xdg.configHome}/hypr/hypridle.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hypridle.conf"}";
+      "${config.xdg.configHome}/hypr/hyprlock.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprlock.conf"}";
       "${config.xdg.configHome}/waybar".source =
-        lib.custom.relativeToRoot "dotfiles/waybar";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/waybar"}";
       "${config.xdg.configHome}/wofi".source =
-        lib.custom.relativeToRoot "dotfiles/wofi";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/wofi"}";
       "${config.xdg.configHome}/mako".source =
-        lib.custom.relativeToRoot "dotfiles/mako";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/mako"}";
     };
 
     packages = with pkgs; [

home/shahab/common/optional/kitty.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  programs.kitty = {
+    enable = true;
+
+    shellIntegration.enableZshIntegration = true;
+    settings = {
+      font = config.hostSpec.font;
+      shell = "tmux";
+      font-size = 16.0;
+      active_border_color = "#44ffff";
+      single_window_margin_width = 0;
+    };
+  };
+}

home/shahab/common/optional/misc-packages.nix

@@ -1,7 +1,23 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   home.packages = with pkgs; [
+    uv
+    btop
+    zoxide
+    unzip
+    tmux
+    gcc
+    zig
+    gparted
+    gnupg
+    dig
+    bash
+    kdePackages.dolphin
+    font-awesome
+    tree
+    wl-clipboard-rs
+    brightnessctl
+    age
+    nerd-fonts.jetbrains-mono
     lazygit
     gh
     dbeaver-bin
@@ -14,5 +30,7 @@
     kitty
     waybar
     obsidian
+    yq
+    jq
   ];
 }

home/shahab/common/optional/nvim.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   programs.neovim = {
     enable = true;
     defaultEditor = true;
@@ -9,6 +7,7 @@
   };
 
   # Create a symlink from ~/.config/nvim to the dotfiles directory
-  home.file.".config/nvim".source = config.lib.file.mkOutOfStoreSymlink 
+  home.file.".config/nvim".source =
+    config.lib.file.mkOutOfStoreSymlink
     "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
 }

home/shahab/common/optional/ssh.nix

@@ -1,5 +1,5 @@
-{ ... }:
-let onePassPath = "~/.1password/agent.sock";
+{...}: let
+  onePassPath = "~/.1password/agent.sock";
 in {
   programs.ssh = {
     enable = true;

home/shahab/common/optional/tmux.nix

@@ -1,6 +1,9 @@
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   home = {
     file = {
       "${config.xdg.configHome}/tmux".source =

home/shahab/common/optional/zsh.nix

@@ -1,4 +1,18 @@
-{ config, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    eza
+    ripgrep
+    rm-improved
+    dust
+    xcp
+    nh
+    zoxide
+  ];
+
   programs.zsh = {
     enable = true;
     enableCompletion = true;

home/shahab/rihla.nix

@@ -10,8 +10,13 @@
     #
     (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
       "btop"
+      "direnv"
       "firefox"
+      "fonts"
+      "ghostty"
+      "git"
       "hyprland"
+      "kitty"
       "misc-packages"
       "nvim"
       "ssh"

home/shahab/specialisations/gaming.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   home.packages = with pkgs; [
     discord
     protonmail-desktop

hosts/common/core/default.nix

@@ -1,6 +1,10 @@
-{ pkgs, inputs, config, lib, ... }:
-
 {
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: {
   imports = lib.flatten [
     inputs.home-manager.nixosModules.home-manager
     inputs.sops-nix.nixosModules.sops
@@ -16,7 +20,6 @@
     handle = "shahab96";
     email = {user = "shahab@dogar.dev";};
     userFullName = "Shahab Dogar";
-    domain = "rihla";
     networking.ports.tcp.ssh = 22;
   };
 
@@ -52,7 +55,7 @@
       warn-dirty = false;
       trusted-users = ["@wheel"];
 
-      substituters = [ "https://hyprland.cachix.org" ];
+      substituters = ["https://hyprland.cachix.org" "https://nix.dogar.dev"];
       trusted-public-keys = [
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
       ];

hosts/common/disks/aamil.nix

@@ -0,0 +1,44 @@
+{
+  disko.devices = {
+    disk = {
+      vdb = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "128M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                name = "crypted";
+                type = "luks";
+                passwordFile = "/tmp/secret.key";
+                settings = {
+                  allowDiscards = true;
+                  crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                };
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/common/disks/rihla.nix

@@ -1,6 +1,12 @@
-{ lib, config, device, withSwap, swapSize, label, ... }:
-
 {
+  lib,
+  config,
+  device,
+  withSwap,
+  swapSize,
+  label,
+  ...
+}: {
   disko = {
     devices = {
       disk = {
@@ -34,8 +40,7 @@
                   passwordFile = "/tmp/secret.key";
                   settings = {
                     allowDiscards = true;
-                    crypttabExtraOpts =
-                      [ "fido2-device=auto" "token-timeout=10" ];
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
                   };
                   content = {
                     type = "lvm_pv";
@@ -70,8 +75,7 @@
                   };
                   "@persist" = {
                     mountpoint = config.hostSpec.persist;
-                    mountOptions =
-                      [ "subvol=persist" "compress=zstd" "noatime" ];
+                    mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
                   };
                   "@nix" = {
                     mountpoint = "/nix";

hosts/common/optional/1password.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   programs = {
     _1password.enable = true;
     _1password-gui = {

hosts/common/optional/claude-code.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [claude-code];
 }

hosts/common/optional/dconf.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.dconf.enable = true;
 }

hosts/common/optional/docker.nix

@@ -1,13 +1,13 @@
 {pkgs, ...}: {
   virtualisation = {
-    podman = {
+    docker = {
       enable = true;
-      dockerSocket.enable = true;
-      dockerCompat = true;
-
-      autoPrune = {
-        enable = true;
-        dates = "weekly";
+      daemon = {
+        settings = {
+          features = {
+            containerd-snapshotter = true;
+          };
+        };
       };
     };
 
@@ -17,11 +17,6 @@
       enable = true;
       qemu = {
         swtpm.enable = true;
-
-        ovmf = {
-          enable = true;
-          packages = with pkgs; [ OVMFFull.fd ];
-        };
       };
     };
 
@@ -34,7 +29,7 @@
     spice
     spice-gtk
     spice-protocol
-    win-virtio
+    virtio-win
     win-spice
   ];
 }

hosts/common/optional/hoppscotch.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [hoppscotch];
 }

hosts/common/optional/hyprland.nix

@@ -1,6 +1,8 @@
-{ inputs, pkgs, ... }:
-
 {
+  inputs,
+  pkgs,
+  ...
+}: {
   programs.hyprland = {
     enable = true;
     package =

hosts/common/optional/nix-ld.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.nix-ld.enable = true;
 }

hosts/common/optional/secure-boot.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [sbctl];
 }

hosts/common/optional/services/audio.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   services = {
     # Enable sound with pipewire.
     pulseaudio.enable = false;

hosts/common/optional/services/bluetooth.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.blueman.enable = true;
   hardware = {
     bluetooth.enable = true;

hosts/common/optional/services/firmware.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   services.fwupd.enable = true;
 }

hosts/common/optional/services/greetd.nix

@@ -1,12 +1,9 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   services.greetd = {
     enable = true;
     settings = {
       default_session = {
-        command =
-          "${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
+        command = "${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
         user = "greeter";
       };
     };

hosts/common/optional/services/k3s.nix

@@ -0,0 +1,14 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    k3s
+    cifs-utils
+    nfs-utils
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    token = "K10aad4485a9e2a872775c6560ab812ac1a05d2dc4c86f189fdf56e5fdc673dcc10::server:G7zhbpu7iSUYvM2e";
+    serverAddr = "https://rashid:6443";
+  };
+}

hosts/common/optional/services/openiscsi.nix

@@ -0,0 +1,8 @@
+{config, ...}: let
+  hostName = config.hostSpec.hostName;
+in {
+  services.openiscsi = {
+    enable = true;
+    name = "iqn.2016-04.com.open-iscsi:${hostName}";
+  };
+}

hosts/common/optional/services/openssh.nix

@@ -1,9 +1,17 @@
-{ config, ... }:
-let sshPort = config.hostSpec.networking.ports.tcp.ssh;
+{config, ...}: let
+  sshPort = config.hostSpec.networking.ports.tcp.ssh;
 in {
   services.openssh = {
     enable = true;
     ports = [sshPort];
+
+    settings = {
+      PermitRootLogin = "no";
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+    };
+
+    openFirewall = true;
   };
 
   networking.firewall.allowedTCPPorts = [sshPort];

hosts/common/optional/services/printing.nix

@@ -1,6 +1,4 @@
 # Reminder that CUPS cpanel defaults to localhost:631
-{ ... }:
-
-{
+{...}: {
   services.printing.enable = true;
 }

hosts/common/optional/services/smart-card.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   services.pcscd.enable = true;
 }

hosts/common/optional/yubikey.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   # yubikey login / sudo
   security.pam = {
     u2f = {

hosts/common/specialisations/gaming.nix

@@ -1,5 +1,9 @@
-{ pkgs, config, lib, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
   hostSpec = config.hostSpec;
 in {
   specialisation.gaming.configuration = {

hosts/common/users/primary/default.nix

@@ -1,5 +1,10 @@
-{ pkgs, config, lib, inputs, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}: let
   hostSpec = config.hostSpec;
   pubKeys = lib.filesystem.listFilesRecursive ./keys;
 in {
@@ -13,9 +18,8 @@ in {
       shell = pkgs.zsh;
       home = hostSpec.home;
       isNormalUser = true;
-      hashedPassword =
-        "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
-      extraGroups = [ "networkmanager" "wheel" "input" "libvirtd" ];
+      hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
+      extraGroups = ["networkmanager" "wheel" "input" "libvirtd" "docker"];
 
       # Read all keys in ./keys and add them to authorizedKeys.
       openssh.authorizedKeys.keys =

hosts/nixos/aamil-1/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-1";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-1/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 1;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/aamil-2/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-2";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-2/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/aamil-3/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-3";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-3/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/rihla/default.nix

@@ -1,6 +1,10 @@
-{ inputs, pkgs, lib, config, ... }:
-
 {
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
   imports = lib.flatten [
     #
     # ========= Hardware =========
@@ -92,11 +96,15 @@
   boot = {
     loader = {
       # Set this to true on first install. This must be false for secure boot.
-      systemd-boot.enable = lib.mkForce (!config.hostSpec.secureBoot);
+      systemd-boot = {
+        enable = lib.mkForce (!config.hostSpec.secureBoot);
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
       efi.canTouchEfiVariables = true;
     };
 
-    initrd.postResumeCommands = lib.mkIf config.hostSpec.impermanance
+    initrd.postResumeCommands =
+      lib.mkIf config.hostSpec.impermanance
       (lib.mkAfter ''
         mkdir /btrfs_tmp
         mount /dev/crypt_vg/root /btrfs_tmp

hosts/nixos/rihla/hardware-configuration.nix

@@ -1,7 +1,12 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ pkgs, config, lib, modulesPath, ... }: {
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
   imports = [(modulesPath + "/installer/scan/not-detected.nix")];
 
   boot = {
@@ -20,6 +25,7 @@
 
     kernelModules = ["kvm-amd"];
     extraModulePackages = [];
+    binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
   };
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -36,7 +42,6 @@
       lib.mkDefault config.hardware.enableRedistributableFirmware;
     graphics = {
       enable = true;
-      extraPackages = with pkgs; [ amdvlk ];
     };
   };
 }

lib/default.nix

@@ -1,5 +1,3 @@
-{ lib, ... }:
-
-{
+{lib, ...}: {
   relativeToRoot = lib.path.append ../.;
 }

modules/common/default.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   imports = [./host-spec.nix];
 }

modules/common/host-spec.nix

@@ -1,5 +1,9 @@
 # Specifications For Differentiating Hosts
-{ config, lib, ... }: {
+{
+  config,
+  lib,
+  ...
+}: {
   options.hostSpec = {
     username = lib.mkOption {
       type = lib.types.str;
@@ -40,6 +44,11 @@
       description = "Whether or not secure boot has been enabled";
       default = false;
     };
+    bootHistoryLimit = lib.mkOption {
+      type = lib.types.int;
+      description = "How many generations to keep bootable in history";
+      default = 3;
+    };
     impermanance = lib.mkOption {
       type = lib.types.bool;
       description = "Whether or not to enable impermenance";
@@ -63,8 +72,7 @@
     scaling = lib.mkOption {
       type = lib.types.str;
       default = "1";
-      description =
-        "Used to indicate what scaling to use. Floating point number";
+      description = "Used to indicate what scaling to use. Floating point number";
     };
     font = lib.mkOption {
       type = lib.types.str;

modules/home-manager/default.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   imports = [./yubikey-touch-detector.nix];
 }

modules/home-manager/yubikey-touch-detector.nix

@@ -1,11 +1,15 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let cfg = config.services.yubikey-touch-detector;
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.yubikey-touch-detector;
 in {
   options.services.yubikey-touch-detector = {
-    enable = mkEnableOption
+    enable =
+      mkEnableOption
       "a tool to detect when your YubiKey is waiting for a touch";
 
     package = mkOption {
@@ -37,8 +41,7 @@ in {
     # See https://github.com/maximbaz/yubikey-touch-detector/blob/c9fdff7163361d6323e2de0449026710cacbc08a/LICENSE
     # Author: Maxim Baz
     systemd.user.sockets.yubikey-touch-detector = mkIf cfg.socket.enable {
-      Unit.Description =
-        "Unix socket activation for YubiKey touch detector service";
+      Unit.Description = "Unix socket activation for YubiKey touch detector service";
       Socket = {
         ListenFIFO = "%t/yubikey-touch-detector.sock";
         RemoveOnStop = true;

secret.key

@@ -0,0 +1 @@
+kernel-hacker!