added base configuration for ixion, applied system update, modified power mgmt readme

Reviewed-on: #2

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749744770,
-        "narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=",
+        "lastModified": 1757432263,
+        "narHash": "sha256-qHn+/0+IOz5cG68BZUwL9BV3EO/e9eNKCjH3+N7wMdI=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb",
+        "rev": "1fef4404de4d1596aa5ab2bd68078370e1b9dcdb",
         "type": "github"
       },
       "original": {
@@ -64,11 +64,11 @@
         "zon2nix": "zon2nix"
       },
       "locked": {
-        "lastModified": 1754941490,
-        "narHash": "sha256-2AJf0q4u1zakqjr0y4dCyqzdDSil8P5m2YpZxAAzJJw=",
+        "lastModified": 1759330332,
+        "narHash": "sha256-ZKyOgOOm9Itjbc5xi89xMtw+cnnOFfl79zndPMTzKpU=",
         "owner": "ghostty-org",
         "repo": "ghostty",
-        "rev": "5bf632e9cc0e77a578bad983b0cbdf0451ce87d4",
+        "rev": "a5aff0e347b0016e2735d4ec4b4cdca96b5438d1",
         "type": "github"
       },
       "original": {
@@ -84,11 +84,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753592768,
-        "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fc3add429f21450359369af74c2375cb34a2d204",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
@@ -129,11 +129,24 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1754767907,
-        "narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=",
+        "lastModified": 1758360447,
+        "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1759281824,
+        "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c5f08b62ed75415439d48152c2a784e36909b1bc",
+        "rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
         "type": "github"
       },
       "original": {
@@ -143,13 +156,29 @@
         "type": "github"
       }
     },
+    "quadlet-nix": {
+      "locked": {
+        "lastModified": 1758631655,
+        "narHash": "sha256-EGeZ963L7xsNAY7snvP1JHQe7LWLVCM6f49+PzWjhEE=",
+        "owner": "SEIAROTg",
+        "repo": "quadlet-nix",
+        "rev": "2ebe01b175e2e1e6de3f172d23f0c3b88713eec9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "SEIAROTg",
+        "repo": "quadlet-nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "darwin": "darwin",
         "ghostty": "ghostty",
         "home-manager": "home-manager",
         "nix-flatpak": "nix-flatpak",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3",
+        "quadlet-nix": "quadlet-nix"
       }
     },
     "systems": {
@@ -198,27 +227,20 @@
     },
     "zon2nix": {
       "inputs": {
-        "flake-utils": [
-          "ghostty",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "ghostty",
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1742104771,
-        "narHash": "sha256-LhidlyEA9MP8jGe1rEnyjGFCzLLgCdDpYeWggibayr0=",
+        "lastModified": 1758405547,
+        "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=",
         "owner": "jcollie",
         "repo": "zon2nix",
-        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
+        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
         "type": "github"
       },
       "original": {
         "owner": "jcollie",
         "repo": "zon2nix",
-        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
+        "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
         "type": "github"
       }
     }

flake.nix

@@ -12,6 +12,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     ghostty.url = "github:ghostty-org/ghostty";
+    quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
   };
 
   outputs = inputs @ {
@@ -21,12 +22,15 @@
     darwin,
     home-manager,
     ghostty,
+    quadlet-nix,
     ...
   }: let
     userName = "wyatt";
     userEmail = "wyatt@wyattjmiller.com";
-    extraSpecialArgs = {
-      inherit userName userEmail ghostty;
+
+    # use this variable to take inputs and use them as arguments in your modules, this will be the common one
+    customArgs = {
+      inherit userName userEmail ghostty quadlet-nix;
     };
   in {
     meta = import ./meta;
@@ -34,8 +38,7 @@
     # Primary laptop - MacBook Pro (2023, M3)
     darwinConfigurations."sephiroth" = darwin.lib.darwinSystem {
       system = "aarch64-darwin";
-      specialArgs = {
-        inherit userName userEmail ghostty;
+      specialArgs = customArgs // {
         hostname = "sephiroth";
         role = "devel";
       };
@@ -47,7 +50,9 @@
         {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.extraSpecialArgs = customArgs // {
+            inherit home-manager;
+          };
           home-manager.users.${userName} = import ./home;
         }
       ];
@@ -56,8 +61,7 @@
     # Primary desktop computer
     nixosConfigurations."cloud" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
-      specialArgs = {
-        inherit userName userEmail ghostty;
+      specialArgs = customArgs // {
         hostname = "cloud";
         role = "devel";
       };
@@ -70,7 +74,9 @@
         {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.extraSpecialArgs = customArgs // {
+            inherit home-manager;
+          };
           home-manager.users.${userName}.imports = [
             ./home
           ];
@@ -81,8 +87,7 @@
     # Apartment appliance server
     nixosConfigurations."valefor" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
-      specialArgs = {
-        inherit userName userEmail;
+      specialArgs = customArgs // {
         hostname = "valefor";
         role = "server";
       };
@@ -94,7 +99,9 @@
         {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.extraSpecialArgs = customArgs // {
+            inherit home-manager;
+          };
           home-manager.users.${userName}.imports = [
             ./home
           ];
@@ -105,29 +112,25 @@
     # Storage, status, game, and media server
     nixosConfigurations."ixion" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
-      specialArgs = {
-        inherit userName userEmail;
+      specialArgs = customArgs // {
         hostname = "ixion";
         role = "server";
       };
-      # modules = [
-      #   nix-flatpak.nixosModules.nix-flatpak
-      #   nix-ld.nixosModules.nix-ld
-      #   ./modules/nixos/hardware-configuration.nix
-      #   ./modules/nix-core.nix
-      #   ./modules/nixos/configuration.nix
-      #   ./modules/host-users.nix
-      #
-      #   home-manager.nixosModules.home-manager
-      #   {
-      #     home-manager.useGlobalPkgs = true;
-      #     home-manager.useUserPackages = true;
-      #     home-manager.extraSpecialArgs = extraSpecialArgs;
-      #     home-manager.users.${userName}.imports = [
-      #       ./home
-      #     ];
-      #   }
-      # ];
+      modules = [
+        quadlet-nix.nixosModules.quadlet
+        ./modules/common
+        ./modules/machine/ixion
+
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs = customArgs;
+          home-manager.users.${userName}.imports = [
+            ./home
+          ];
+        }
+      ];
     };
   };
 }

home/git.nix

@@ -15,7 +15,7 @@
     extraConfig = {
       init.defaultBranch = "master";
       push.autoSetupRemote = true;
-      pull.merge = true;
+      pull.rebase = false;
       merge.tool = "nvimdiff";
       mergetool.keepBackup = false;
     };

home/shell.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{pkgs, lib, ...}: {
   programs.fish = {
     enable = true;
     # initExtra = ''
@@ -52,6 +52,27 @@
         '';
         onEvent = "fish_greeting";
       };
+    } // lib.optionalAttrs pkgs.stdenv.isLinux {
+      block = {
+        body = ''
+          systemd-inhibit --what=sleep --who="$USER" --why="manual invocation" --mode=block sleep infinity &
+          set -g INHIBIT_PID $last_pid
+          echo "Sleep inhibited. PID: $INHIBIT_PID"
+        '';
+      };
+
+      unblock = {
+        body = ''
+          if set -q INHIBIT_PID
+            kill $INHIBIT_PID 2>/dev/null
+            and echo "Sleep inhibitor removed. PID: $INHIBIT_PID"
+            or echo "Failed to kill process or already terminated."
+            set -e INHIBIT_PID
+          else
+            echo "No active sleep inhibitor found."
+          end
+        '';
+      };
     };
   };
 

modules/common/environment.nix

@@ -1,20 +1,23 @@
 { lib, pkgs, ... }: {
-  # Common packages that every system will use
   environment.systemPackages = with pkgs; [
     git
     vim
     neovim
     usbutils
     coreutils
-    lshw
-    systemd
-    dmidecode
     pciutils
-    nix-ld
     patchelf
     htop
-  ];
+  ] ++ 
+  lib.optionals pkgs.stdenv.isLinux (with pkgs; [
+    systemd
+    lshw
+    dmidecode
+    nix-ld
+  ]) ++
+  lib.optionals pkgs.stdenv.isDarwin (with pkgs; [
+      # nothing here, yet ;)
+  ]);
 
-  # Common environment variables that every system will use
   environment.variables.EDITOR = "nvim";
 }

modules/common/users.nix

@@ -1,30 +1,23 @@
+{ lib, pkgs, userName, hostname, ... }:
+
 {
-  lib,
-  pkgs,
-  userName,
-  hostname,
-  ...
-} @ args: {
   networking.hostName = hostname;
+  
+  users.users."${userName}" = {
+    home = if pkgs.stdenv.isDarwin 
+           then "/Users/${userName}" 
+           else "/home/${userName}";
+    description = userName;
+  } // lib.optionalAttrs pkgs.stdenv.isLinux {
+    group = "${userName}";
+    isNormalUser = true;
+  };
+  
+  users.groups.wyatt = {};
+  nix.settings.trusted-users = [userName];
 
-  # Don't forget to set a password with ‘passwd’!
-  users.users."${userName}" = lib.mkMerge [
-    {
-      home =
-        if pkgs.stdenv.isDarwin
-        then "/Users/${userName}"
-        else "/home/${userName}";
-      description = userName;
-    }
-
-    (lib.mkIf (pkgs.stdenv.isLinux) {
-      group = "${userName}";
-      isNormalUser = true;
-    })
-  ];
-
-  security.sudo = {
-    extraRules = [
+  security = lib.optionalAttrs pkgs.stdenv.isLinux {
+    sudo.extraRules = [
       {
         groups = [ "wheel" ];
         commands = [
@@ -37,7 +30,9 @@
     ];
   };
 
-  users.groups.wyatt = {};
-
-  nix.settings.trusted-users = [userName];
+  environment = lib.optionalAttrs pkgs.stdenv.isDarwin {
+    etc."sudoers.d/wheel-nopasswd".text = ''
+      %wheel ALL=(ALL:ALL) NOPASSWD: SETENV: ALL
+    '';
+  };
 }

modules/machine/ixion/configuration.nix

@@ -0,0 +1,84 @@
+{
+  pkgs,
+  userName,
+  ...
+}: {
+  imports = [
+    ../../pwrMgmt
+    ../../networking/core.nix
+    ../../virtualization/podman.nix
+    ../../virtualization/quadlet.nix
+    ../../virtualization/hardware.nix
+  ];
+
+  # Enable flakes for NixOS
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Custom kernel/boot stuff
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  # Enable Polkit
+  security.polkit.enable = true;
+
+  # Make sure Bluetooth is off!
+  hardware.bluetooth.enable = false;
+
+  # Set your timezone
+  time.timeZone = "America/Detroit";
+
+  # Power management module
+  pwrMgmt = {
+    enable = true;
+    cpuFreqGovernor = "performance";
+    powertop.enable = false;
+  };
+
+  # Podman module (see ../../virtualization/podman.nix)
+  podman = {
+    enable = true;
+    extraPackages = with pkgs; [
+      docker-credential-helpers
+      toolbox
+      cosign
+      crane
+      podman-tui
+    ];
+  };
+
+  # Core networking module (see ../../networking/core.nix)
+  network = {
+    firewall.enable = true;
+    networkManager.enable = true;
+  };
+
+  programs = {
+    # Enable GnuPG
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+
+    # Enable SUID wrappers (some programs need them)
+    mtr.enable = true;
+  };
+
+  users.users.${userName}.extraGroups = ["wheel" "video" "podman" "network"];
+
+  services = {
+    # Enable OpenSSH
+    openssh.enable = true;
+  };
+
+  # Install packages to be installed system-wide
+  environment.systemPackages = with pkgs; [
+    wireguard-tools
+  ];
+
+  system.stateVersion = "25.05";
+}

modules/machine/ixion/default.nix

@@ -0,0 +1,6 @@
+{...}: {
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+}

modules/machine/ixion/hardware-configuration.nix

@@ -0,0 +1,46 @@
+# --- DO NOT USE ---
+#
+# this is copied from ../valefor/hardware-configuration.nix
+# generate a new hardware-configuration.nix before using this!
+#
+# ------------------
+# 
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ff89bde1-4b33-4277-b649-b92700b2406c";
+      fsType = "xfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3A4B-6866";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/pwrMgmt/README.md

@@ -1,12 +1,12 @@
 # Power management modules
 
-This directory houses my own custom defined power management settings. These are set in the machine-specific configurations (typically).
+This directory houses my own custom defined power management settings as NixOS modules. These are set in the machine-specific configurations (typically).
 
 ## Examples
 
 Given that this configuration is in the `machine/<hostname>` directory (where hostname is the name of the computer your configuring):
 
-### Desktop configuration
+### Desktop/server configuration
 
 ```nix
   imports = [

modules/security/sudo.nix

@@ -5,7 +5,7 @@
 }:
 with lib; {
   options = {
-    security.sudo = {
+    security.sudoers = {
       needsPassword = mkOption {
         type = types.bool;
         default = true;

modules/sound/focusrite.nix

@@ -8,7 +8,7 @@
 with lib; let
   cfg = config.sound.hardware.focusrite;
 in {
-  options.focusrite = {
+  options.sound.hardware.focusrite = {
     enable = mkEnableOption "Focusrite audio interface support";
     guiSupport = mkOption {
       type = types.bool;

modules/virtualization/README.md

@@ -40,7 +40,13 @@ Example:
   };
 ```
 
-To get a full, comprehensive list of what you can do with the podman module, please check out (podman.nix)[./podman.nix]!
+To get a full, comprehensive list of what you can do with the podman module, please check out [podman.nix](./podman.nix)!
+
+### Podman Quadlets
+
+This is a wrapper around a project called [`quadlet-nix`](https://github.com/SEIAROTg/quadlet-nix), a way of defining systemd services as containers with Nix! Since I have existing services running inside of containers and don't want to risk breaking _everything_ that I have running, I figured this would be a safe, transitionary approach to handle this.
+
+This is still a work-in-progress, check back soon on progress on this.
 
 ## Kubernetes
 

modules/virtualization/quadlet.nix

@@ -0,0 +1,47 @@
+# ----------------------
+# Wrapper for defining Quadlets in Nix via quadlet-nix
+#
+# Still WIP
+# ----------------------
+{
+  config,
+  lib,
+  ...
+}: 
+let
+  cfg = config.quadlet;
+in {
+  options = {
+    quadlet = {
+      enable = lib.mkEnableOption "Enable Podman's Quadlet systemd integration";
+      
+      autoUpdate = {
+        enable = lib.mkEnableOption "Enable the auto update mechanism";
+        
+        calendar = lib.mkOption {
+          type = lib.types.str;
+          default = "*-*-* 03:30:00";
+          description = "When the auto update mechanism is triggered, the calendar option will tell the auto update when to start";
+        };
+      };
+      
+      extraPackages = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [];
+        description = "Additional container-related packages to install (these likely will be installed with Podman though)";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.quadlet = {
+      enable = true;
+      autoUpdate = {
+        enable = cfg.autoUpdate.enable;
+        calendar = cfg.autoUpdate.calendar;
+      };
+    };
+    
+    environment.systemPackages = cfg.extraPackages;
+  };
+}