chore: flake update 12-2025

dotfiles/hypr/hyprland.conf

@@ -25,7 +25,7 @@ monitor=,preferred,auto,auto
 # See https://wiki.hyprland.org/Configuring/Keywords/
 
 # Set programs that you use
-$terminal = ghostty
+$terminal = kitty
 $fileManager = dolphin
 $menu = wofi --show drun
 
@@ -186,11 +186,6 @@ input {
     }
 }
 
-# https://wiki.hyprland.org/Configuring/Variables/#gestures
-gestures {
-    workspace_swipe = false
-}
-
 # Example per-device config
 # See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
 device {

dotfiles/npm/.npmrc

@@ -0,0 +1 @@
+; registry=https://npm.dogar.dev

dotfiles/nvim/flake.nix

@@ -10,14 +10,17 @@
     };
   };
 
-  outputs = { self, nixpkgs, flake-utils, fenix }:
-    flake-utils.lib.eachDefaultSystem (system:
-      let
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+    fenix,
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
       pkgs = nixpkgs.legacyPackages.${system};
       fenixLib = fenix.packages.${system};
       rustToolchain = fenixLib.stable.toolchain;
-      in
-      {
+    in {
       devShells.default = pkgs.mkShell {
         buildInputs = with pkgs; [
           lua-language-server

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755946532,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "lastModified": 1764370710,
+        "narHash": "sha256-7iZklFmziy6Vn5ZFy9mvTSuFopp3kJNuPxL5QAvtmFQ=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "561ae7fbe1ca15dfd908262ec815bf21a13eef63",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756733629,
-        "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
+        "lastModified": 1764627417,
+        "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
+        "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -172,11 +172,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756903364,
-        "narHash": "sha256-vZh/YH2D7oDFek10r0TbGn3qJrqGv69sSP+oF8PFDqQ=",
+        "lastModified": 1764839789,
+        "narHash": "sha256-QCgaXEj8036JlfyVM2e5fgKIxoF7IgGRcAi8LkehKvo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6159629d05a0e92bb7fb7211e74106ae1d552401",
+        "rev": "d441981b200305ebb8e2e2921395f51d207fded6",
         "type": "github"
       },
       "original": {
@@ -230,11 +230,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755678602,
-        "narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=",
+        "lastModified": 1763733840,
+        "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "157cc52065a104fc3b8fa542ae648b992421d1c7",
+        "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
         "type": "github"
       },
       "original": {
@@ -248,8 +248,8 @@
         "aquamarine": "aquamarine",
         "hyprcursor": "hyprcursor",
         "hyprgraphics": "hyprgraphics",
+        "hyprland-guiutils": "hyprland-guiutils",
         "hyprland-protocols": "hyprland-protocols",
-        "hyprland-qtutils": "hyprland-qtutils",
         "hyprlang": "hyprlang",
         "hyprutils": "hyprutils",
         "hyprwayland-scanner": "hyprwayland-scanner",
@@ -259,11 +259,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1756811803,
-        "narHash": "sha256-03zmDvAU+VLPWHv5uxfGVR6bs/SnCYeZ8hbedK/Eb/M=",
+        "lastModified": 1764801806,
+        "narHash": "sha256-AlEo8j1V9S20PJd23DXqR/tjwtUjxMcn87Euei9zFeA=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "127aab815908ecbd3db4d23f127d2e96b79855f9",
+        "rev": "9b1891e4765e2c5b84c8c61725e3973ca9940e05",
         "type": "github"
       },
       "original": {
@@ -272,6 +272,52 @@
         "type": "github"
       }
     },
+    "hyprland-guiutils": {
+      "inputs": {
+        "aquamarine": [
+          "hyprland",
+          "aquamarine"
+        ],
+        "hyprgraphics": [
+          "hyprland",
+          "hyprgraphics"
+        ],
+        "hyprlang": [
+          "hyprland",
+          "hyprlang"
+        ],
+        "hyprtoolkit": "hyprtoolkit",
+        "hyprutils": [
+          "hyprland",
+          "hyprutils"
+        ],
+        "hyprwayland-scanner": [
+          "hyprland",
+          "hyprwayland-scanner"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764616927,
+        "narHash": "sha256-wRT0MKkpPo11ijSX3KeMN+EQWnpSeUlRtyF3pFLtlRU=",
+        "owner": "hyprwm",
+        "repo": "hyprland-guiutils",
+        "rev": "25cedbfdc5b3ea391d8307c9a5bea315e5df3c52",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprland-guiutils",
+        "type": "github"
+      }
+    },
     "hyprland-protocols": {
       "inputs": {
         "nixpkgs": [
@@ -284,11 +330,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749046714,
-        "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=",
+        "lastModified": 1759610243,
+        "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330",
+        "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
         "type": "github"
       },
       "original": {
@@ -297,74 +343,6 @@
         "type": "github"
       }
     },
-    "hyprland-qt-support": {
-      "inputs": {
-        "hyprlang": [
-          "hyprland",
-          "hyprland-qtutils",
-          "hyprlang"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "hyprland-qtutils",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "hyprland-qtutils",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1749154592,
-        "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=",
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "type": "github"
-      }
-    },
-    "hyprland-qtutils": {
-      "inputs": {
-        "hyprland-qt-support": "hyprland-qt-support",
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "hyprutils": [
-          "hyprland",
-          "hyprland-qtutils",
-          "hyprlang",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1753819801,
-        "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
-        "owner": "hyprwm",
-        "repo": "hyprland-qtutils",
-        "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-qtutils",
-        "type": "github"
-      }
-    },
     "hyprlang": {
       "inputs": {
         "hyprutils": [
@@ -381,11 +359,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753622892,
-        "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
+        "lastModified": 1764612430,
+        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
+        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
         "type": "github"
       },
       "original": {
@@ -394,6 +372,58 @@
         "type": "github"
       }
     },
+    "hyprtoolkit": {
+      "inputs": {
+        "aquamarine": [
+          "hyprland",
+          "hyprland-guiutils",
+          "aquamarine"
+        ],
+        "hyprgraphics": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprgraphics"
+        ],
+        "hyprlang": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprlang"
+        ],
+        "hyprutils": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprutils"
+        ],
+        "hyprwayland-scanner": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprwayland-scanner"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "hyprland-guiutils",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "hyprland-guiutils",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764592794,
+        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "type": "github"
+      }
+    },
     "hyprutils": {
       "inputs": {
         "nixpkgs": [
@@ -406,11 +436,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756117388,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "lastModified": 1764637132,
+        "narHash": "sha256-vSyiKCzSY48kA3v39GFu6qgRfigjKCU/9k1KTK475gg=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "2f2413801beee37303913fc3c964bbe92252a963",
         "type": "github"
       },
       "original": {
@@ -431,11 +461,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755184602,
-        "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
+        "lastModified": 1763640274,
+        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
+        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
         "type": "github"
       },
       "original": {
@@ -490,11 +520,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1756750488,
-        "narHash": "sha256-e4ZAu2sjOtGpvbdS5zo+Va5FUUkAnizl4wb0/JlIL2I=",
+        "lastModified": 1764440730,
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "47eb4856cfd01eaeaa7bb5944a0f27db8fb9b94a",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
         "type": "github"
       },
       "original": {
@@ -505,11 +535,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756266583,
-        "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=",
+        "lastModified": 1764517877,
+        "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2",
+        "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
         "type": "github"
       },
       "original": {
@@ -537,11 +567,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1756787288,
-        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
+        "lastModified": 1764667669,
+        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
+        "rev": "418468ac9527e799809c900eda37cbff999199b6",
         "type": "github"
       },
       "original": {
@@ -561,11 +591,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755960406,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "lastModified": 1763988335,
+        "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
         "type": "github"
       },
       "original": {
@@ -641,11 +671,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754988908,
-        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
+        "lastModified": 1764483358,
+        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
+        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
         "type": "github"
       },
       "original": {
@@ -697,11 +727,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755354946,
-        "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
+        "lastModified": 1761431178,
+        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
+        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
         "type": "github"
       },
       "original": {

flake.nix

@@ -40,8 +40,7 @@
     };
   };
 
-  outputs = { nixpkgs, ... }@inputs:
-    let
+  outputs = {nixpkgs, ...} @ inputs: let
     inherit (nixpkgs) lib;
     mkHost = host: {
       ${host} = nixpkgs.lib.nixosSystem {
@@ -64,10 +63,11 @@
   in {
     nixosConfigurations = mkHostConfigs (readHosts "nixos");
 
-      devShell.x86_64-linux = let
+    devShells.x86_64-linux.default = let
       pkgs = nixpkgs.legacyPackages.x86_64-linux;
-      in pkgs.mkShell {
-        buildInputs = with pkgs; [ nil lua-language-server ];
+    in
+      pkgs.mkShell {
+        buildInputs = with pkgs; [nil lua-language-server kubernetes-helm kubectl];
       };
   };
 }

home/shahab/aamil-1.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/aamil-2.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/aamil-3.nix

@@ -0,0 +1,27 @@
+{lib, ...}: {
+  imports = lib.flatten [
+    #
+    # ========== Required Configs ==========
+    #
+    ./common/core
+
+    #
+    # ========== Host-specific Optional Configs ==========
+    #
+    (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
+      "btop"
+      "nvim"
+      "starship"
+      "tmux"
+      "zsh"
+    ])
+  ];
+
+  home = {
+    # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+    stateVersion = "25.05";
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+  };
+}

home/shahab/common/core/default.nix

@@ -1,11 +1,12 @@
-{ config, lib, pkgs, hostSpec, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  hostSpec,
+  ...
+}: {
   imports = lib.flatten [
     (map lib.custom.relativeToRoot ["modules/common" "modules/home-manager"])
-
-    ./ghostty.nix
-    ./direnv.nix
-    ./git.nix
-    ./fonts.nix
   ];
 
   inherit hostSpec;
@@ -23,32 +24,6 @@
     };
   };
 
-  home.packages = with pkgs; [
-    nh
-    btop
-    eza
-    ripgrep
-    rm-improved
-    dust
-    zoxide
-    xcp
-    unzip
-    tmux
-    gcc
-    zig
-    gparted
-    gnupg
-    dig
-    bash
-    kdePackages.dolphin
-    font-awesome
-    tree
-    wl-clipboard-rs
-    brightnessctl
-    age
-    nerd-fonts.jetbrains-mono
-  ];
-
   nix = {
     package = lib.mkDefault pkgs.nix;
     settings = {

home/shahab/common/core/fonts.nix

@@ -1,4 +0,0 @@
-{ pkgs, ... }: {
-  fonts.fontconfig.enable = true;
-  home.packages = with pkgs; [ nerd-fonts.jetbrains-mono ];
-}

home/shahab/common/core/git.nix

@@ -1,21 +0,0 @@
-{ lib, pkgs, config, ... }: {
-  programs.git = {
-    package = pkgs.gitAndTools.gitFull;
-    enable = true;
-    userName = config.hostSpec.userFullName;
-    userEmail = config.hostSpec.email.user;
-    lfs.enable = true;
-
-    extraConfig = {
-      gpg = { format = "ssh"; };
-      "gpg \"ssh\"" = {
-        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
-      };
-      commit = { gpgsign = true; };
-      user = { signingKey = "~/.ssh/id_rihla.pub"; };
-      pull = { rebase = true; };
-      init = { defaultBranch = "main"; };
-      lfs = { locksverify = true; };
-    };
-  };
-}

home/shahab/common/optional/btop.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.btop = {enable = true;};
 }

home/shahab/common/optional/fonts.nix

@@ -0,0 +1,4 @@
+{pkgs, ...}: {
+  fonts.fontconfig.enable = true;
+  home.packages = with pkgs; [nerd-fonts.jetbrains-mono];
+}

home/shahab/common/optional/ghostty.nix

@@ -1,9 +1,4 @@
-{
-  config,
-  ...
-}:
-
-{
+{config, ...}: {
   programs.ghostty = {
     enable = true;
 

home/shahab/common/optional/git.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+
+    settings = {
+      user = {
+        name = config.hostSpec.userFullName;
+        email = config.hostSpec.email.user;
+      };
+      gpg = {format = "ssh";};
+      "gpg \"ssh\"" = {
+        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
+      };
+      commit = {gpgsign = true;};
+      user = {signingKey = "~/.ssh/id_rihla.pub";};
+      pull = {rebase = true;};
+      init = {defaultBranch = "main";};
+      lfs = {locksverify = true;};
+    };
+  };
+}

home/shahab/common/optional/hyprland.nix

@@ -1,16 +1,23 @@
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   home = {
     file = {
-      "${config.xdg.configHome}/hypr".source =
-        lib.custom.relativeToRoot "dotfiles/hypr";
+      "${config.xdg.configHome}/hypr/hyprland.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprland.conf"}";
+      "${config.xdg.configHome}/hypr/hypridle.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hypridle.conf"}";
+      "${config.xdg.configHome}/hypr/hyprlock.conf".source =
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/hypr/hyprlock.conf"}";
       "${config.xdg.configHome}/waybar".source =
-        lib.custom.relativeToRoot "dotfiles/waybar";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/waybar"}";
       "${config.xdg.configHome}/wofi".source =
-        lib.custom.relativeToRoot "dotfiles/wofi";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/wofi"}";
       "${config.xdg.configHome}/mako".source =
-        lib.custom.relativeToRoot "dotfiles/mako";
+        config.lib.file.mkOutOfStoreSymlink "${lib.custom.relativeToRoot "dotfiles/mako"}";
     };
 
     packages = with pkgs; [

home/shahab/common/optional/kitty.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  programs.kitty = {
+    enable = true;
+
+    shellIntegration.enableZshIntegration = true;
+    settings = {
+      font = config.hostSpec.font;
+      shell = "tmux";
+      font-size = 16.0;
+      active_border_color = "#44ffff";
+      single_window_margin_width = 0;
+    };
+  };
+}

home/shahab/common/optional/misc-packages.nix

@@ -1,18 +1,35 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   home.packages = with pkgs; [
+    btop
+    zoxide
+    unzip
+    tmux
+    gcc
+    zig
+    gparted
+    gnupg
+    dig
+    bash
+    kdePackages.dolphin
+    font-awesome
+    tree
+    wl-clipboard-rs
+    brightnessctl
+    age
+    nerd-fonts.jetbrains-mono
     lazygit
     gh
     dbeaver-bin
     cloudflare-warp
     protonmail-desktop
-    protonvpn-gui
+    rpi-imager
     kubectl
     k9s
     postgresql_17
     kitty
     waybar
     obsidian
+    yq
+    jq
   ];
 }

home/shahab/common/optional/nvim.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   programs.neovim = {
     enable = true;
     defaultEditor = true;
@@ -9,6 +7,7 @@
   };
 
   # Create a symlink from ~/.config/nvim to the dotfiles directory
-  home.file.".config/nvim".source = config.lib.file.mkOutOfStoreSymlink 
+  home.file.".config/nvim".source =
+    config.lib.file.mkOutOfStoreSymlink
     "${config.home.homeDirectory}/git/nix-config/dotfiles/nvim";
 }

home/shahab/common/optional/ssh.nix

@@ -1,5 +1,5 @@
-{ ... }:
-let onePassPath = "~/.1password/agent.sock";
+{...}: let
+  onePassPath = "~/.1password/agent.sock";
 in {
   programs.ssh = {
     enable = true;

home/shahab/common/optional/tmux.nix

@@ -1,6 +1,9 @@
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   home = {
     file = {
       "${config.xdg.configHome}/tmux".source =

home/shahab/common/optional/uv.nix

@@ -0,0 +1,10 @@
+{
+  ...
+}: {
+  programs.uv = {
+    enable = true;
+    settings = {
+      pip.index-url = "https://pip.dogar.dev";
+    };
+  };
+}

home/shahab/common/optional/zsh.nix

@@ -1,4 +1,18 @@
-{ config, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    eza
+    ripgrep
+    rm-improved
+    dust
+    xcp
+    nh
+    zoxide
+  ];
+
   programs.zsh = {
     enable = true;
     enableCompletion = true;

home/shahab/rihla.nix

@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{config, lib, ...}: {
   imports = lib.flatten [
     #
     # ========== Required Configs ==========
@@ -10,13 +10,19 @@
     #
     (map (config: "${builtins.toString ./.}/common/optional/${config}.nix") [
       "btop"
+      "direnv"
       "firefox"
+      "fonts"
+      "ghostty"
+      "git"
       "hyprland"
+      "kitty"
       "misc-packages"
       "nvim"
       "ssh"
       "starship"
       "tmux"
+      "uv"
       "zsh"
     ])
   ];
@@ -30,5 +36,7 @@
       EDITOR = "nvim";
       NIXOS_OZONE_WL = "1";
     };
+    file.".npmrc".source = config.lib.file.mkOutOfStoreSymlink
+      "${config.home.homeDirectory}/git/nix-config/dotfiles/npm/.npmrc";
   };
 }

home/shahab/specialisations/gaming.nix

@@ -1,12 +1,6 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   home.packages = with pkgs; [
     discord
-    protonmail-desktop
-    protonvpn-gui
-    kitty
-    waybar
     prismlauncher
   ];
 }

hosts/common/core/default.nix

@@ -1,6 +1,10 @@
-{ pkgs, inputs, config, lib, ... }:
-
 {
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: {
   imports = lib.flatten [
     inputs.home-manager.nixosModules.home-manager
     inputs.sops-nix.nixosModules.sops
@@ -16,7 +20,6 @@
     handle = "shahab96";
     email = {user = "shahab@dogar.dev";};
     userFullName = "Shahab Dogar";
-    domain = "rihla";
     networking.ports.tcp.ssh = 22;
   };
 
@@ -52,7 +55,7 @@
       warn-dirty = false;
       trusted-users = ["@wheel"];
 
-      substituters = [ "https://hyprland.cachix.org" ];
+      substituters = ["https://hyprland.cachix.org" "https://nix.dogar.dev"];
       trusted-public-keys = [
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
       ];

hosts/common/disks/aamil.nix

@@ -0,0 +1,44 @@
+{
+  disko.devices = {
+    disk = {
+      vdb = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "128M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                name = "crypted";
+                type = "luks";
+                passwordFile = "/tmp/secret.key";
+                settings = {
+                  allowDiscards = true;
+                  crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
+                };
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/common/disks/rihla.nix

@@ -1,6 +1,12 @@
-{ lib, config, device, withSwap, swapSize, label, ... }:
-
 {
+  lib,
+  config,
+  device,
+  withSwap,
+  swapSize,
+  label,
+  ...
+}: {
   disko = {
     devices = {
       disk = {
@@ -34,8 +40,7 @@
                   passwordFile = "/tmp/secret.key";
                   settings = {
                     allowDiscards = true;
-                    crypttabExtraOpts =
-                      [ "fido2-device=auto" "token-timeout=10" ];
+                    crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
                   };
                   content = {
                     type = "lvm_pv";
@@ -70,8 +75,7 @@
                   };
                   "@persist" = {
                     mountpoint = config.hostSpec.persist;
-                    mountOptions =
-                      [ "subvol=persist" "compress=zstd" "noatime" ];
+                    mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
                   };
                   "@nix" = {
                     mountpoint = "/nix";

hosts/common/optional/1password.nix

@@ -1,6 +1,4 @@
-{ config, ... }:
-
-{
+{config, ...}: {
   programs = {
     _1password.enable = true;
     _1password-gui = {

hosts/common/optional/claude-code.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [claude-code];
 }

hosts/common/optional/dconf.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.dconf.enable = true;
 }

hosts/common/optional/docker.nix

@@ -1,13 +1,13 @@
 {pkgs, ...}: {
   virtualisation = {
-    podman = {
+    docker = {
       enable = true;
-      dockerSocket.enable = true;
-      dockerCompat = true;
-
-      autoPrune = {
-        enable = true;
-        dates = "weekly";
+      daemon = {
+        settings = {
+          features = {
+            containerd-snapshotter = true;
+          };
+        };
       };
     };
 
@@ -17,11 +17,6 @@
       enable = true;
       qemu = {
         swtpm.enable = true;
-
-        ovmf = {
-          enable = true;
-          packages = with pkgs; [ OVMFFull.fd ];
-        };
       };
     };
 
@@ -34,7 +29,7 @@
     spice
     spice-gtk
     spice-protocol
-    win-virtio
+    virtio-win
     win-spice
   ];
 }

hosts/common/optional/hoppscotch.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [hoppscotch];
 }

hosts/common/optional/hyprland.nix

@@ -1,6 +1,8 @@
-{ inputs, pkgs, ... }:
-
 {
+  inputs,
+  pkgs,
+  ...
+}: {
   programs.hyprland = {
     enable = true;
     package =

hosts/common/optional/nix-ld.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   programs.nix-ld.enable = true;
 }

hosts/common/optional/secure-boot.nix

@@ -1,5 +1,3 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [sbctl];
 }

hosts/common/optional/services/audio.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   services = {
     # Enable sound with pipewire.
     pulseaudio.enable = false;

hosts/common/optional/services/bluetooth.nix

@@ -1,6 +1,4 @@
-{ ... }:
-
-{
+{...}: {
   services.blueman.enable = true;
   hardware = {
     bluetooth.enable = true;

hosts/common/optional/services/firmware.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   services.fwupd.enable = true;
 }

hosts/common/optional/services/greetd.nix

@@ -1,12 +1,9 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   services.greetd = {
     enable = true;
     settings = {
       default_session = {
-        command =
-          "${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
+        command = "${pkgs.tuigreet}/bin/tuigreet --greeting 'Welcome to NixOS!' --asterisks --remember --remember-user-session --time --cmd ${pkgs.hyprland}/bin/Hyprland";
         user = "greeter";
       };
     };

hosts/common/optional/services/k3s.nix

@@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    k3s
+    cifs-utils
+    nfs-utils
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    # Add this before running
+    token = "";
+    serverAddr = "https://rashid:6443";
+  };
+}

hosts/common/optional/services/openiscsi.nix

@@ -0,0 +1,8 @@
+{config, ...}: let
+  hostName = config.hostSpec.hostName;
+in {
+  services.openiscsi = {
+    enable = true;
+    name = "iqn.2016-04.com.open-iscsi:${hostName}";
+  };
+}

hosts/common/optional/services/openssh.nix

@@ -1,9 +1,17 @@
-{ config, ... }:
-let sshPort = config.hostSpec.networking.ports.tcp.ssh;
+{config, ...}: let
+  sshPort = config.hostSpec.networking.ports.tcp.ssh;
 in {
   services.openssh = {
     enable = true;
     ports = [sshPort];
+
+    settings = {
+      PermitRootLogin = "no";
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+    };
+
+    openFirewall = true;
   };
 
   networking.firewall.allowedTCPPorts = [sshPort];

hosts/common/optional/services/printing.nix

@@ -1,6 +1,4 @@
 # Reminder that CUPS cpanel defaults to localhost:631
-{ ... }:
-
-{
+{...}: {
   services.printing.enable = true;
 }

hosts/common/optional/services/smart-card.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   services.pcscd.enable = true;
 }

hosts/common/optional/services/vpn.nix

@@ -0,0 +1,5 @@
+{ pkgs, ...}: {
+  services.netbird.enable = true;
+
+  environment.systemPackages = with pkgs; [ netbird-ui ];
+}

hosts/common/optional/yubikey.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   # yubikey login / sudo
   security.pam = {
     u2f = {

hosts/common/specialisations/gaming.nix

@@ -1,5 +1,9 @@
-{ pkgs, config, lib, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
   hostSpec = config.hostSpec;
 in {
   specialisation.gaming.configuration = {

hosts/common/users/primary/default.nix

@@ -1,5 +1,10 @@
-{ pkgs, config, lib, inputs, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}: let
   hostSpec = config.hostSpec;
   pubKeys = lib.filesystem.listFilesRecursive ./keys;
 in {
@@ -13,9 +18,8 @@ in {
       shell = pkgs.zsh;
       home = hostSpec.home;
       isNormalUser = true;
-      hashedPassword =
-        "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
-      extraGroups = [ "networkmanager" "wheel" "input" "libvirtd" ];
+      hashedPassword = "$y$j9T$pvjyL7hL5x2VBarGNTnMl1$mLA2UsWTbfp8Hgp/ug5l8224thi..Mo8.p7ME.tDZ.4";
+      extraGroups = ["networkmanager" "wheel" "input" "libvirtd" "docker"];
 
       # Read all keys in ./keys and add them to authorizedKeys.
       openssh.authorizedKeys.keys =

hosts/nixos/aamil-1/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-1";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-1/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 1;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/aamil-2/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-2";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-2/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/aamil-3/default.nix

@@ -0,0 +1,92 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: let
+  hostName = "aamil-3";
+in {
+  imports = lib.flatten [
+    #
+    # ========= Hardware =========
+    #
+    ./hardware-configuration.nix
+
+    #
+    # ========= Disk Layout =========
+    #
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/aamil.nix")
+
+    #
+    # ========= Required Configs =========
+    #
+    (map lib.custom.relativeToRoot ["hosts/common/core"])
+
+    #
+    # ========= Services =========
+    #
+    (map
+      (s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
+        "k3s"
+        "openiscsi"
+        "openssh"
+      ])
+  ];
+
+  #
+  # ========= Host specification =========
+  #
+  hostSpec = {
+    hostName = hostName;
+  };
+
+  networking = {
+    hostName = hostName;
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+
+  nix = {
+    settings = {
+      require-sigs = false;
+      experimental-features = ["nix-command" "flakes"];
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Asia/Karachi";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Fixes for longhorn
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+  virtualisation.docker.logDriver = "json-file";
+
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    git
+  ];
+
+  system.stateVersion = "25.05";
+}

hosts/nixos/aamil-3/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot = {
+        enable = true;
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = [];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/nixos/rihla/default.nix

@@ -1,6 +1,10 @@
-{ inputs, pkgs, lib, config, ... }:
-
 {
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
   imports = lib.flatten [
     #
     # ========= Hardware =========
@@ -62,6 +66,7 @@
         "openssh"
         "printing"
         "smart-card"
+        "vpn"
       ])
 
     #
@@ -92,11 +97,15 @@
   boot = {
     loader = {
       # Set this to true on first install. This must be false for secure boot.
-      systemd-boot.enable = lib.mkForce (!config.hostSpec.secureBoot);
+      systemd-boot = {
+        enable = lib.mkForce (!config.hostSpec.secureBoot);
+        configurationLimit = config.hostSpec.bootHistoryLimit;
+      };
       efi.canTouchEfiVariables = true;
     };
 
-    initrd.postResumeCommands = lib.mkIf config.hostSpec.impermanance
+    initrd.postResumeCommands =
+      lib.mkIf config.hostSpec.impermanance
       (lib.mkAfter ''
         mkdir /btrfs_tmp
         mount /dev/crypt_vg/root /btrfs_tmp

hosts/nixos/rihla/hardware-configuration.nix

@@ -1,7 +1,12 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ pkgs, config, lib, modulesPath, ... }: {
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
   imports = [(modulesPath + "/installer/scan/not-detected.nix")];
 
   boot = {
@@ -20,6 +25,7 @@
 
     kernelModules = ["kvm-amd"];
     extraModulePackages = [];
+    binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
   };
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -36,7 +42,6 @@
       lib.mkDefault config.hardware.enableRedistributableFirmware;
     graphics = {
       enable = true;
-      extraPackages = with pkgs; [ amdvlk ];
     };
   };
 }

lib/default.nix

@@ -1,5 +1,3 @@
-{ lib, ... }:
-
-{
+{lib, ...}: {
   relativeToRoot = lib.path.append ../.;
 }

modules/common/default.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   imports = [./host-spec.nix];
 }

modules/common/host-spec.nix

@@ -1,5 +1,9 @@
 # Specifications For Differentiating Hosts
-{ config, lib, ... }: {
+{
+  config,
+  lib,
+  ...
+}: {
   options.hostSpec = {
     username = lib.mkOption {
       type = lib.types.str;
@@ -40,6 +44,11 @@
       description = "Whether or not secure boot has been enabled";
       default = false;
     };
+    bootHistoryLimit = lib.mkOption {
+      type = lib.types.int;
+      description = "How many generations to keep bootable in history";
+      default = 3;
+    };
     impermanance = lib.mkOption {
       type = lib.types.bool;
       description = "Whether or not to enable impermenance";
@@ -63,8 +72,7 @@
     scaling = lib.mkOption {
       type = lib.types.str;
       default = "1";
-      description =
-        "Used to indicate what scaling to use. Floating point number";
+      description = "Used to indicate what scaling to use. Floating point number";
     };
     font = lib.mkOption {
       type = lib.types.str;

modules/home-manager/default.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
-{
+{...}: {
   imports = [./yubikey-touch-detector.nix];
 }

modules/home-manager/yubikey-touch-detector.nix

@@ -1,11 +1,15 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let cfg = config.services.yubikey-touch-detector;
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.yubikey-touch-detector;
 in {
   options.services.yubikey-touch-detector = {
-    enable = mkEnableOption
+    enable =
+      mkEnableOption
       "a tool to detect when your YubiKey is waiting for a touch";
 
     package = mkOption {
@@ -37,8 +41,7 @@ in {
     # See https://github.com/maximbaz/yubikey-touch-detector/blob/c9fdff7163361d6323e2de0449026710cacbc08a/LICENSE
     # Author: Maxim Baz
     systemd.user.sockets.yubikey-touch-detector = mkIf cfg.socket.enable {
-      Unit.Description =
-        "Unix socket activation for YubiKey touch detector service";
+      Unit.Description = "Unix socket activation for YubiKey touch detector service";
       Socket = {
         ListenFIFO = "%t/yubikey-touch-detector.sock";
         RemoveOnStop = true;

secret.key

@@ -0,0 +1 @@
+kernel-hacker!