refactoring for iServer and isWorkstation: part 1

2025-03-13 13:17:31 -03:00 · 2025-03-13 13:17:31 -03:00 · af1d9ac368
commit af1d9ac368
parent 94f540b2d0
37 changed files with 663 additions and 508 deletions
--- a/hosts/common/boot.nix
+++ b/hosts/common/boot.nix
@ -1,20 +0,0 @@
-{ ... }:
-
-{
-  boot = {
-    loader = {
-      timeout = 1;
-      efi.canTouchEfiVariables = true;
-      systemd-boot = {
-        enable = true;
-        editor = false;
-        consoleMode = "max";
-        sortKey = "aa";
-        netbootxyz = {
-          enable = true;
-          sortKey = "zz";
-        };
-      };
-    };
-  };
-}
--- a/hosts/common/console.nix
+++ b/hosts/common/console.nix
@ -1,8 +0,0 @@
-{ ... }:
-
-{
-  console = {
-    useXkbConfig = true;
-    earlySetup = true;
-  };
-}
--- a/hosts/common/environment.nix
+++ b/hosts/common/environment.nix
@ -1,10 +0,0 @@
-{ pkgs, ... }:
-
-{
-  environment.shellAliases = {
-    ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
-    neofetch = "fastfetch";
-    tree = "ls --tree";
-    syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot";
-  };
-}
--- a/hosts/common/locale.nix
+++ b/hosts/common/locale.nix
@ -1,20 +0,0 @@
-{ ... }:
-
-{
-  time.timeZone = "America/Bahia";
-
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    extraLocaleSettings = {
-      LC_ADDRESS = "pt_BR.utf8";
-      LC_IDENTIFICATION = "pt_BR.utf8";
-      LC_MEASUREMENT = "pt_BR.utf8";
-      LC_MONETARY = "pt_BR.utf8";
-      LC_NAME = "pt_BR.utf8";
-      LC_NUMERIC = "pt_BR.utf8";
-      LC_PAPER = "pt_BR.utf8";
-      LC_TELEPHONE = "pt_BR.utf8";
-      LC_TIME = "en_IE.utf8";
-    };
-  };
-}
--- a/hosts/common/networking.nix
+++ b/hosts/common/networking.nix
@ -1,8 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-}
--- a/hosts/common/nix.nix
+++ b/hosts/common/nix.nix
@ -1,28 +0,0 @@
-{ ... }:
-
-{
-  nix = {
-    settings = {
-      auto-optimise-store = true;
-      connect-timeout = 10;
-      log-lines = 25;
-      min-free = 128000000;
-      max-free = 1000000000;
-      trusted-users = [ "@wheel" ];
-    };
-    extraOptions = "experimental-features = nix-command flakes";
-    gc = {
-      automatic = true;
-      options = "--delete-older-than 8d";
-    };
-  };
-
-  nixpkgs.config = {
-    allowUnfree = true;
-    enableParallelBuilding = true;
-    buildManPages = false;
-    buildDocs = false;
-  };
-
-  system.stateVersion = "22.11";
-}
--- a/hosts/common/packages.nix
+++ b/hosts/common/packages.nix
@ -1,21 +0,0 @@
-{ pkgs, ... }:
-
-{
-  environment.systemPackages = with pkgs; [
-    agenix
-    bind
-    btop
-    fastfetch
-    git
-    helix
-    killall
-    sysz
-    tmux
-    wget
-  ];
-
-  programs = {
-    fish.enable = true;
-    command-not-found.enable = false;
-  };
-}
--- a/hosts/common/security.nix
+++ b/hosts/common/security.nix
@ -1,13 +0,0 @@
-{ ... }:
-
-{
-  security = {
-    unprivilegedUsernsClone = true; # Needed for rootless podman
-    sudo = {
-      wheelNeedsPassword = false;
-      extraConfig = ''
-        Defaults lecture = never
-      '';
-    };
-  };
-}
--- a/hosts/common/services.nix
+++ b/hosts/common/services.nix
@ -1,20 +0,0 @@
-{ ... }:
-
-{
-  services = {
-    fwupd.enable = true;
-    fstrim.enable = true;
-    tailscale = {
-      enable = true;
-      extraUpFlags = [ "--operator=user" ];
-    };
-    openssh.enable = true;
-    keyd = {
-      enable = true;
-      keyboards.all = {
-        ids = [ "*" ];
-        settings.main.capslock = "overload(meta, esc)";
-      };
-    };
-  };
-}
--- a/hosts/common/users.nix
+++ b/hosts/common/users.nix
@ -1,28 +0,0 @@
-{ pkgs, ... }:
-
-{
-  users.users = {
-    user = {
-      isNormalUser = true;
-      shell = pkgs.fish;
-      extraGroups = [
-        "networkmanager"
-        "docker"
-        "wheel"
-      ];
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
-      ];
-      hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
-    };
-    root = {
-      shell = pkgs.fish;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
-      ];
-      hashedPassword = "!";
-    };
-  };
-}
--- a/hosts/common/virtualisation.nix
+++ b/hosts/common/virtualisation.nix
@ -1,15 +0,0 @@
-{ pkgs, ... }:
-
-{
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = true;
-    autoPrune.enable = true;
-    extraPackages = [ pkgs.podman-compose ];
-  };
-
-  systemd = {
-    services.podman-auto-update.enable = true;
-    timers.podman-auto-update.enable = true;
-  };
-}
--- a/hosts/desktops/common/boot.nix
+++ b/hosts/desktops/common/boot.nix
@ -1,26 +0,0 @@
-{ pkgs, ... }:
-
-{
-  boot = {
-    plymouth.enable = true;
-    initrd.systemd.enable = true;
-    loader.efi.efiSysMountPoint = "/boot/efi";
-    kernelPackages = pkgs.linuxPackages_xanmod_latest;
-    extraModprobeConfig = ''
-      options bluetooth disable_ertm=1
-    '';
-    kernel.sysctl = {
-      "net.ipv4.tcp_mtu_probing" = 1;
-    };
-    kernelParams = [
-      "quiet"
-      "splash"
-      "i2c-dev"
-      "i2c-piix4"
-      "loglevel=3"
-      "udev.log_priority=3"
-      "rd.udev.log_level=3"
-      "rd.systemd.show_status=false"
-    ];
-  };
-}
--- a/hosts/desktops/common/default.nix
+++ b/hosts/desktops/common/default.nix
@ -2,15 +2,8 @@

 {
  imports = [
-    ./boot.nix
-    ./hardware.nix
    ./home-manager.nix
    ./impermanence.nix
-    ./nix.nix
-    ./packages.nix
-    ./services.nix
    ./stylix.nix
-    ./users.nix
-    ./virtualisation.nix
  ];
 }
--- a/hosts/desktops/common/hardware.nix
+++ b/hosts/desktops/common/hardware.nix
@ -1,13 +0,0 @@
-{ ... }:
-
-{
-  hardware = {
-    xpadneo.enable = true;
-    bluetooth.enable = true;
-    steam-hardware.enable = true; # Allow steam client to manage controllers
-    graphics.enable32Bit = true; # For OpenGL games
-    i2c.enable = true;
-  };
-
-  security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
-}
--- a/hosts/desktops/common/nix.nix
+++ b/hosts/desktops/common/nix.nix
@ -1,13 +0,0 @@
-{ inputs, ... }:
-
-{
-  environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
-
-  nix = {
-    registry.nixpkgs.flake = inputs.nixpkgs;
-    nixPath = [
-      "nixpkgs=${inputs.nixpkgs}"
-      "/nix/var/nix/profiles/per-user/root/channels"
-    ];
-  };
-}
--- a/hosts/desktops/common/packages.nix
+++ b/hosts/desktops/common/packages.nix
@ -1,137 +0,0 @@
-{ inputs, pkgs, ... }:
-let
-  kdepkgs = with pkgs.kdePackages; [
-    ark
-    dolphin-plugins
-    kolourpaint
-  ];
-  kwrite = pkgs.symlinkJoin {
-    name = "kwrite";
-    paths = [ pkgs.kdePackages.kate ];
-    postBuild = ''
-      rm -rf $out/bin/kate \
-             $out/bin/.kate-wrapped \
-             $out/share/applications/org.kde.kate.desktop \
-             $out/share/man \
-             $out/share/icons/hicolor/*/apps/kate.png \
-             $out/share/icons/hicolor/scalable/apps/kate.svg \
-             $out/share/appdata/org.kde.kate.appdata.xml
-    '';
-  };
-in
-{
-  environment.systemPackages =
-    with pkgs;
-    [
-      adwaita-icon-theme
-      aspell
-      aspellDicts.de
-      aspellDicts.en
-      aspellDicts.en-computers
-      aspellDicts.pt_BR
-      bat
-      bitwarden-desktop
-      clonehero
-      deploy-rs
-      distrobox
-      fd
-      firefox
-      freecad-wayland
-      fzf
-      gimp
-      heroic
-      inkscape
-      junction
-      kara
-      kde-rounded-corners
-      kwrite
-      libfido2
-      libreoffice-qt
-      # lilipod BROKEN
-      mangohud
-      microsoft-edge
-      mission-center
-      mpv
-      nextcloud-client
-      nixfmt-rfc-style
-      nixos-firewall-tool
-      nix-init
-      nix-output-monitor
-      obsidian
-      obs-studio
-      onlyoffice-desktopeditors
-      orca-slicer
-      p7zip
-      plasma-panel-colorizer
-      prismlauncher
-      protonup
-      quickemu
-      quickgui
-      qview
-      qbittorrent
-      ripgrep
-      rnote
-      steam-run
-      tor-browser
-      ungoogled-chromium
-      unrar
-      ventoy
-      vesktop
-    ]
-    ++ kdepkgs;
-
-  services.flatpak = {
-    enable = true;
-    packages = [
-      "com.github.k4zmu2a.spacecadetpinball"
-      "com.github.tchx84.Flatseal"
-      "com.steamgriddb.SGDBoop"
-      "app.zen_browser.zen"
-      "io.github.Foldex.AdwSteamGtk"
-      "io.itch.itch"
-      "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
-    ];
-    uninstallUnmanaged = true;
-    update.auto.enable = true;
-  };
-
-  programs = {
-    adb.enable = true;
-    steam.enable = true;
-    dconf.enable = true;
-    nix-ld.enable = true;
-    kdeconnect.enable = true;
-    partition-manager.enable = true;
-    gamemode.enable = true;
-    nix-index-database.comma.enable = true;
-    appimage = {
-      enable = true;
-      binfmt = true;
-    };
-    nh = {
-      enable = true;
-      flake = "/home/user/Projects/personal/nix-config";
-    };
-  };
-
-  fonts = {
-    fontDir.enable = true;
-    packages = with pkgs; [
-      corefonts
-      noto-fonts-cjk-sans
-      roboto
-    ];
-  };
-
-  environment.plasma6.excludePackages = (
-    with pkgs.kdePackages;
-    [
-      discover
-      elisa
-      gwenview
-      kate
-      khelpcenter
-      oxygen
-    ]
-  );
-}
--- a/hosts/desktops/common/services.nix
+++ b/hosts/desktops/common/services.nix
@ -1,67 +0,0 @@
-{
-  inputs,
-  pkgs,
-  ...
-}:
-
-{
-  services = {
-    printing.enable = true;
-    udev.packages = with pkgs; [ yubikey-personalization ];
-    displayManager.sddm = {
-      enable = true;
-      wayland = {
-        enable = true;
-        compositor = "kwin";
-      };
-    };
-    desktopManager.plasma6.enable = true;
-    tailscale.useRoutingFeatures = "client";
-    nginx = {
-      enable = true;
-      virtualHosts."localhost".root = inputs.homepage;
-    };
-    pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-      jack.enable = true;
-      wireplumber.enable = true;
-    };
-    # greetd = {
-    #   enable = true;
-    #   settings = {
-    #     default_session.command =
-    #       let
-    #         xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions";
-    #         wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions";
-    #       in
-    #       ''
-    #         ${pkgs.greetd.tuigreet}/bin/tuigreet \
-    #         --remember \
-    #         --asterisks \
-    #         --time \
-    #         --greeting "NixOS" \
-    #         --sessions ${xSessions}:${wlSessions}
-    #       '';
-    #     initial_session = {
-    #       command = ''
-    #         ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null
-    #       '';
-    #       user = "user";
-    #     };
-    #   };
-    # };
-  };
-
-  xdg.portal = {
-    enable = true;
-    xdgOpenUsePortal = true;
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-kde
-      xdg-desktop-portal-gtk
-      xdg-desktop-portal-gnome
-    ];
-  };
-}
--- a/hosts/desktops/common/users.nix
+++ b/hosts/desktops/common/users.nix
@ -1,29 +0,0 @@
-{ ... }:
-
-{
-  environment.sessionVariables = rec {
-    KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
-    NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
-  };
-
-  users.users = {
-    user = {
-      description = "William";
-      uid = 1000;
-      extraGroups = [
-        "uaccess" # Needed for HID dev
-        "dialout" # Needed for arduino dev
-        "libvirt"
-        "libvirtd"
-        "adbusers"
-        "i2c"
-      ];
-    };
-    ewans = {
-      description = "Ewans";
-      isNormalUser = true;
-      uid = 1001;
-      hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58";
-    };
-  };
-}
--- a/hosts/desktops/common/virtualisation.nix
+++ b/hosts/desktops/common/virtualisation.nix
@ -1,8 +0,0 @@
-{ ... }:
-
-{
-  virtualisation = {
-    libvirtd.enable = true;
-    lxd.enable = true;
-  };
-}
--- a/hosts/desktops/rotterdam.nix
+++ b/hosts/desktops/rotterdam.nix
@ -31,7 +31,7 @@ in
 {
  imports = [
    # Host-common imports
-    ../common
+    ../modules
    # Desktop-common imports
    ./common
    # Host-specific imports
--- a/hosts/modules/boot.nix
+++ b/hosts/modules/boot.nix
@ -0,0 +1,61 @@
+{
+  hostType,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      boot = {
+        loader = {
+          timeout = 1;
+          efi.canTouchEfiVariables = true;
+          systemd-boot = {
+            enable = true;
+            editor = false;
+            consoleMode = "max";
+            sortKey = "aa";
+            netbootxyz = {
+              enable = true;
+              sortKey = "zz";
+            };
+          };
+        };
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+      boot.kernelPackages = pkgs.linuxPackages_hardened;
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      boot = {
+        plymouth.enable = true;
+        initrd.systemd.enable = true;
+        loader.efi.efiSysMountPoint = "/boot/efi";
+        kernelPackages = pkgs.linuxPackages_xanmod_latest;
+        extraModprobeConfig = ''
+          options bluetooth disable_ertm=1
+        '';
+        kernel.sysctl = {
+          "net.ipv4.tcp_mtu_probing" = 1;
+        };
+        kernelParams = [
+          "quiet"
+          "splash"
+          "i2c-dev"
+          "i2c-piix4"
+          "loglevel=3"
+          "udev.log_priority=3"
+          "rd.udev.log_level=3"
+          "rd.systemd.show_status=false"
+        ];
+      };
+    })
+  ];
+}
--- a/hosts/modules/console.nix
+++ b/hosts/modules/console.nix
@ -0,0 +1,21 @@
+{ hostType, lib, ... }:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      console = {
+        useXkbConfig = true;
+        earlySetup = true;
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+    })
+  ];
+}
--- a/hosts/modules/default.nix
+++ b/hosts/modules/default.nix
@ -4,14 +4,14 @@
  imports = [
    ./boot.nix
    ./console.nix
+    ./desktop.nix
    ./locale.nix
    ./networking.nix
    ./nix.nix
-    ./packages.nix
+    ./programs.nix
    ./security.nix
    ./services.nix
    ./users.nix
    ./virtualisation.nix
-    ./environment.nix
  ];
 }
--- a/hosts/modules/desktop.nix
+++ b/hosts/modules/desktop.nix
@ -0,0 +1,67 @@
+{
+  hostType,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      services = {
+        displayManager.sddm = {
+          enable = true;
+          wayland = {
+            enable = true;
+            compositor = "kwin";
+          };
+        };
+        keyd = {
+          enable = true;
+          keyboards.all = {
+            ids = [ "*" ];
+            settings.main.capslock = "overload(meta, esc)";
+          };
+        };
+        desktopManager.plasma6.enable = true;
+        pipewire = {
+          enable = true;
+          alsa.enable = true;
+          alsa.support32Bit = true;
+          pulse.enable = true;
+          jack.enable = true;
+          wireplumber.enable = true;
+        };
+      };
+
+      hardware = {
+        xpadneo.enable = true;
+        bluetooth.enable = true;
+        steam-hardware.enable = true; # Allow steam client to manage controllers
+        graphics.enable32Bit = true; # For OpenGL games
+        i2c.enable = true;
+      };
+
+      security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
+
+      xdg.portal = {
+        enable = true;
+        xdgOpenUsePortal = true;
+        extraPortals = with pkgs; [
+          xdg-desktop-portal-kde
+          xdg-desktop-portal-gtk
+          xdg-desktop-portal-gnome
+        ];
+      };
+    })
+  ];
+}
--- a/hosts/modules/environment.nix
+++ b/hosts/modules/environment.nix
@ -0,0 +1,4 @@
+{ pkgs, ... }:
+
+{
+}
--- a/hosts/modules/locale.nix
+++ b/hosts/modules/locale.nix
@ -0,0 +1,33 @@
+{ hostType, lib, ... }:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      time.timeZone = "America/Bahia";
+
+      i18n = {
+        defaultLocale = "en_US.UTF-8";
+        extraLocaleSettings = {
+          LC_ADDRESS = "pt_BR.utf8";
+          LC_IDENTIFICATION = "pt_BR.utf8";
+          LC_MEASUREMENT = "pt_BR.utf8";
+          LC_MONETARY = "pt_BR.utf8";
+          LC_NAME = "pt_BR.utf8";
+          LC_NUMERIC = "pt_BR.utf8";
+          LC_PAPER = "pt_BR.utf8";
+          LC_TELEPHONE = "pt_BR.utf8";
+          LC_TIME = "en_IE.utf8";
+        };
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+    })
+  ];
+}
--- a/hosts/modules/networking.nix
+++ b/hosts/modules/networking.nix
@ -0,0 +1,45 @@
+{
+  hostType,
+  inputs,
+  lib,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      networking = {
+        networkmanager.enable = true;
+        firewall.enable = true;
+      };
+
+      services = {
+        tailscale = {
+          enable = true;
+          extraUpFlags = [ "--operator=user" ];
+        };
+        openssh.enable = true;
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+      services.tailscale = {
+        extraSetFlags = [ "--advertise-exit-node" ];
+        useRoutingFeatures = "server";
+      };
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      services = {
+        tailscale.useRoutingFeatures = "client";
+        nginx = {
+          enable = true;
+          virtualHosts."localhost".root = inputs.homepage;
+        };
+      };
+    })
+  ];
+}
--- a/hosts/modules/nix.nix
+++ b/hosts/modules/nix.nix
@ -0,0 +1,64 @@
+{
+  inputs,
+  lib,
+  hostType,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      nix = {
+        settings = {
+          auto-optimise-store = true;
+          connect-timeout = 10;
+          log-lines = 25;
+          min-free = 128000000;
+          max-free = 1000000000;
+          trusted-users = [ "@wheel" ];
+        };
+        extraOptions = "experimental-features = nix-command flakes";
+        gc = {
+          automatic = true;
+          options = "--delete-older-than 8d";
+        };
+      };
+
+      nixpkgs.config = {
+        allowUnfree = true;
+        enableParallelBuilding = true;
+        buildManPages = false;
+        buildDocs = false;
+      };
+
+      system.stateVersion = "22.11";
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+      environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
+
+      nix = {
+        registry.nixpkgs.flake = inputs.nixpkgs-stable;
+        nixPath = [
+          "nixpkgs=/etc/channels/nixpkgs"
+          "/nix/var/nix/profiles/per-user/root/channels"
+        ];
+      };
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
+
+      nix = {
+        registry.nixpkgs.flake = inputs.nixpkgs;
+        nixPath = [
+          "nixpkgs=${inputs.nixpkgs}"
+          "/nix/var/nix/profiles/per-user/root/channels"
+        ];
+      };
+    })
+  ];
+}
--- a/hosts/modules/programs.nix
+++ b/hosts/modules/programs.nix
@ -0,0 +1,188 @@
+{
+  hostType,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      environment.systemPackages = with pkgs; [
+        ### Dev Tools ###
+        agenix
+        git
+        helix
+        ### System Utilities ###
+        btop
+        fastfetch
+        nixos-firewall-tool
+        sysz
+        wget
+        tmux
+      ];
+
+      programs = {
+        fish.enable = true;
+        command-not-found.enable = false;
+      };
+
+      environment.shellAliases = {
+        ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
+        neofetch = "fastfetch";
+        tree = "ls --tree";
+        syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot";
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation (
+      let
+        kdepkgs = with pkgs.kdePackages; [
+          ark
+          dolphin-plugins
+          kolourpaint
+        ];
+        kwrite = pkgs.symlinkJoin {
+          name = "kwrite";
+          paths = [ pkgs.kdePackages.kate ];
+          postBuild = ''
+            rm -rf $out/bin/kate \
+                   $out/bin/.kate-wrapped \
+                   $out/share/applications/org.kde.kate.desktop \
+                   $out/share/man \
+                   $out/share/icons/hicolor/*/apps/kate.png \
+                   $out/share/icons/hicolor/scalable/apps/kate.svg \
+                   $out/share/appdata/org.kde.kate.appdata.xml
+          '';
+        };
+      in
+      {
+        environment.systemPackages =
+          with pkgs;
+          [
+            ### Dev Tools ###
+            bat
+            deploy-rs
+            fd
+            fzf
+            nixfmt-rfc-style
+            nix-init
+            nix-output-monitor
+            ripgrep
+            ### Internet Browsers & Communication ###
+            firefox
+            microsoft-edge
+            nextcloud-client
+            tor-browser
+            ungoogled-chromium
+            vesktop
+            ### Office & Productivity ###
+            aspell
+            aspellDicts.de
+            aspellDicts.en
+            aspellDicts.en-computers
+            aspellDicts.pt_BR
+            kwrite
+            libreoffice-qt
+            obsidian
+            onlyoffice-desktopeditors
+            rnote
+            ### Graphics & Design ###
+            freecad-wayland
+            gimp
+            inkscape
+            orca-slicer
+            ### Gaming & Entertainment ###
+            clonehero
+            heroic
+            mangohud
+            prismlauncher
+            protonup
+            ### System Utilities ###
+            adwaita-icon-theme
+            distrobox
+            junction
+            kara
+            kde-rounded-corners
+            libfido2
+            # lilipod BROKEN
+            mission-center
+            p7zip
+            plasma-panel-colorizer
+            qbittorrent
+            quickemu
+            quickgui
+            steam-run
+            unrar
+            ventoy
+            ### Media ###
+            mpv
+            obs-studio
+            qview
+          ]
+          ++ kdepkgs;
+
+        services.flatpak = {
+          enable = true;
+          packages = [
+            "com.github.k4zmu2a.spacecadetpinball"
+            "com.github.tchx84.Flatseal"
+            "com.steamgriddb.SGDBoop"
+            "app.zen_browser.zen"
+            "io.github.Foldex.AdwSteamGtk"
+            "io.itch.itch"
+            "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
+          ];
+          uninstallUnmanaged = true;
+          update.auto.enable = true;
+        };
+
+        programs = {
+          adb.enable = true;
+          steam.enable = true;
+          dconf.enable = true;
+          nix-ld.enable = true;
+          kdeconnect.enable = true;
+          partition-manager.enable = true;
+          gamemode.enable = true;
+          nix-index-database.comma.enable = true;
+          appimage = {
+            enable = true;
+            binfmt = true;
+          };
+          nh = {
+            enable = true;
+            flake = "/home/user/Projects/personal/nix-config";
+          };
+        };
+
+        fonts = {
+          fontDir.enable = true;
+          packages = with pkgs; [
+            corefonts
+            noto-fonts-cjk-sans
+            roboto
+          ];
+        };
+
+        environment.plasma6.excludePackages = (
+          with pkgs.kdePackages;
+          [
+            discover
+            elisa
+            gwenview
+            kate
+            khelpcenter
+            oxygen
+          ]
+        );
+      }
+    ))
+  ];
+}
--- a/hosts/modules/security.nix
+++ b/hosts/modules/security.nix
@ -0,0 +1,26 @@
+{ hostType, lib, ... }:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      security = {
+        unprivilegedUsernsClone = true; # Needed for rootless podman
+        sudo = {
+          wheelNeedsPassword = false;
+          extraConfig = ''
+            Defaults lecture = never
+          '';
+        };
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+    })
+  ];
+}
--- a/hosts/modules/services.nix
+++ b/hosts/modules/services.nix
@ -0,0 +1,30 @@
+{
+  hostType,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      services = {
+        fwupd.enable = true;
+        fstrim.enable = true;
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      services = {
+        printing.enable = true;
+        udev.packages = with pkgs; [ yubikey-personalization ];
+      };
+    })
+  ];
+}
--- a/hosts/modules/users.nix
+++ b/hosts/modules/users.nix
@ -0,0 +1,71 @@
+{
+  lib,
+  hostType,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      users.users = {
+        user = {
+          isNormalUser = true;
+          shell = pkgs.fish;
+          extraGroups = [
+            "networkmanager"
+            "docker"
+            "wheel"
+          ];
+          openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
+          ];
+          hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
+        };
+        root = {
+          shell = pkgs.fish;
+          openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
+          ];
+          hashedPassword = "!";
+        };
+      };
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      environment.sessionVariables = {
+        KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
+        NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
+      };
+
+      users.users = {
+        user = {
+          description = "William";
+          uid = 1000;
+          extraGroups = [
+            "uaccess" # Needed for HID dev
+            "dialout" # Needed for arduino dev
+            "libvirt"
+            "libvirtd"
+            "adbusers"
+            "i2c"
+          ];
+        };
+        ewans = {
+          description = "Ewans";
+          isNormalUser = true;
+          uid = 1001;
+          hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58";
+        };
+      };
+    })
+  ];
+}
--- a/hosts/modules/virtualisation.nix
+++ b/hosts/modules/virtualisation.nix
@ -0,0 +1,38 @@
+{
+  hostType,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = lib.mkMerge [
+    # Common configuration
+    {
+      virtualisation.podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune.enable = true;
+        extraPackages = [ pkgs.podman-compose ];
+      };
+
+      systemd = {
+        services.podman-auto-update.enable = true;
+        timers.podman-auto-update.enable = true;
+      };
+
+    }
+
+    # Server specific configuration
+    (lib.mkIf hostType.isServer {
+    })
+
+    # Workstation specific configuration
+    (lib.mkIf hostType.isWorkstation {
+      virtualisation = {
+        libvirtd.enable = true;
+        lxd.enable = true;
+      };
+    })
+  ];
+}
--- a/hosts/servers/common/boot.nix
+++ b/hosts/servers/common/boot.nix
@ -1,5 +1,4 @@
 { pkgs, ... }:

 {
-  boot.kernelPackages = pkgs.linuxPackages_hardened;
 }
--- a/hosts/servers/common/nix.nix
+++ b/hosts/servers/common/nix.nix
@ -1,13 +1,4 @@
 { inputs, ... }:

 {
-  environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
-
-  nix = {
-    registry.nixpkgs.flake = inputs.nixpkgs-stable;
-    nixPath = [
-      "nixpkgs=/etc/channels/nixpkgs"
-      "/nix/var/nix/profiles/per-user/root/channels"
-    ];
-  };
 }
--- a/hosts/servers/common/services.nix
+++ b/hosts/servers/common/services.nix
@ -1,8 +1,4 @@
 { ... }:

 {
-  services.tailscale = {
-    extraSetFlags = [ "--advertise-exit-node" ];
-    useRoutingFeatures = "server";
-  };
 }