Big omen laptop migration

machines/fujin/disko-config.nix

@@ -0,0 +1,57 @@
+{ config, lib, pkgs, username, ... }:
+
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/nvme1n1";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/rootfs" = {
+                    mountpoint = "/";
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/home" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/home";
+                  };
+                  # Sub(sub)volume doesn't need a mountpoint as its parent is mounted
+                  "/home/${username}" = { };
+                  "/nix" = {
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                    mountpoint = "/nix";
+                  };
+                };
+
+                mountpoint = "/partition-root";
+                swap = {
+                  swapfile = {
+                    size = "32G";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

machines/fujin/hardware-configuration.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    loader.grub = {
+      enable = true;
+      useOSProber = true;
+    };
+
+    initrd = {
+      availableKernelModules =
+        [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-amd" ];
+
+    # allow perf as user | needed for intellij to run profiler
+    kernel.sysctl."kernel.perf_event_paranoid" = 1;
+    kernel.sysctl."kernel.kptr_restrict" = lib.mkForce 0;
+  };
+
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  hardware.nvidia.prime = {
+    amdgpuBusId = lib.mkForce "PCI:7:0:0";
+  };
+}

machines/fujin/main/.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
+  - &omen age1jggd0cqn7c3ajqphnd0tt7kud3tqdz6uv3mkghhkzdtf4f0xrp2qtuvsks
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+          - *primary
+          - *omen

machines/fujin/main/default.nix

@@ -0,0 +1,111 @@
+{ inputs, config, lib, pkgs, username, extraHomeModules, ... }:
+
+{
+  imports = [
+    ../../minimal.nix
+    ../hardware-configuration.nix
+    ../disko-config.nix
+
+    ./sops.nix
+  ];
+
+  users.users.${username} = {
+    description = "NixOS Omen Laptop";
+    hashedPassword =
+      "$6$5xuxfP8HapkkyDa5$qr2wkpibMaNSIiJIPojWC4CO1X31HNJZEfmYfReYrwOSoflf0rMrQk.EZj5uzh/K/NalQMnCiDcmvFBuf9a5p0";
+    packages = with pkgs; [
+      # thunar plugin to manager archives
+      xfce.thunar-archive-plugin
+    ];
+  };
+
+  programs = {
+    nix-ld.dev.enable = true;
+
+    light.enable = true;
+
+    nm-applet.enable = true;
+
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+
+  ###
+  # Thunar configurations
+  ###
+  programs.thunar.enable = true;
+  programs.xfconf.enable = true; # needed to save preferences
+  services.gvfs.enable = true; # Mount, trash, and other functionalities
+  services.tumbler.enable = true; # Thumbnail support for images
+  ###
+  ###
+
+  dov = {
+    development.emacs.enable = true;
+
+    virtualisation.docker.enable = true;
+  };
+
+  ###
+  # Home Manger configuration
+  ###
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs username; };
+
+    users."${username}" = { imports = [ ./home.nix ] ++ extraHomeModules; };
+  };
+
+  stylix = {
+    enable = true;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
+
+    fonts = {
+      serif = {
+        package = pkgs.dejavu_fonts;
+        name = "DejaVu Serif";
+      };
+
+      sansSerif = {
+        package = pkgs.dejavu_fonts;
+        name = "DejaVu Sans";
+      };
+
+      monospace = {
+        package = pkgs.dejavu_fonts;
+        name = "DejaVu Sans Mono";
+      };
+
+      emoji = {
+        package = pkgs.noto-fonts-emoji;
+        name = "Noto Color Emoji";
+      };
+    };
+  };
+
+  fonts.packages = with pkgs;
+    [
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-emoji
+      liberation_ttf
+      fira-code
+      fira
+      fira-code-symbols
+      mplus-outline-fonts.githubRelease
+      dina-font
+      proggyfonts
+      emacs-all-the-icons-fonts
+      emacsPackages.all-the-icons
+      font-awesome_5
+      source-code-pro
+    ] ++ builtins.filter lib.attrsets.isDerivation
+    (builtins.attrValues pkgs.nerd-fonts);
+
+  # DO NOT CHANGE AT ANY POINT!
+  system.stateVersion = "25.11";
+}

machines/fujin/main/home.nix

@@ -0,0 +1,116 @@
+{ config, lib, pkgs, username, ... }:
+
+{
+  home = {
+    stateVersion = "25.11";
+    username = username;
+    homeDirectory = "/home/${username}";
+  };
+
+  dov = {
+    shell = {
+      zsh = {
+        enable = true;
+        shellAliases = {
+          ll = "eza -al";
+          sc = "source $HOME/.zshrc";
+          psax = "ps ax | grep";
+          cp = "rsync -ah --progress";
+        };
+      };
+
+      addition.starship.enable = true;
+    };
+
+    browser.zen.enable = true;
+
+    #window-manager.hypr.enable = true;
+
+    bar.waybar.enable = true;
+
+    launcher.wofi.enable = true;
+
+    kanshi.enable = true;
+
+    terminal.alacritty.enable = true;
+  };
+
+  programs = {
+    home-manager.enable = true;
+
+    git = {
+      enable = true;
+      userName = "Alexander";
+      userEmail = "alexander0derevianko@gmail.com";
+
+      extraConfig = {
+        safe = {
+          directory = ["/home/${username}/nixos-dotfiles" "/home/${username}/.cache/nix"];
+        };
+      };
+    };
+  };
+
+  home.packages = with pkgs; [
+    eza
+
+    # if you enable gtk theames
+    # this is needed to fix "error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files"
+    dconf
+
+    # Video player
+    vlc
+
+    # social
+    telegram-desktop
+    thunderbird-latest
+    element-desktop
+    #teams-for-linux
+    #webcord
+    discord
+
+    # development
+    jetbrains.idea-ultimate
+    jetbrains.webstorm
+    #jetbrains.pycharm-community-src
+    direnv
+    semgrep
+    devpod
+    tmux
+    bottles
+
+    #torrent
+    qbittorrent
+
+    #kdePackages.kate
+    kdePackages.ark
+    keepassxc
+    #virt-manager
+    #vial #keyboard configurator
+    #qmk
+
+    #libreoffice
+    grim
+    slurp
+    wl-clipboard
+    #cloudflared
+    kdePackages.okular #pdf tool
+    #nextcloud-client
+
+    #music
+    #mpd
+    #mpv
+    #mpc-cli
+  ];
+
+  stylix = {
+    enable = true;
+    autoEnable = true;
+    targets = {
+      kde.enable = false;
+    };
+  };
+
+  # blutooth applet
+  services.blueman-applet.enable = true;
+}

machines/fujin/main/secrets/secrets.yaml

@@ -0,0 +1,30 @@
+omen-password: ENC[AES256_GCM,data:91HK7H+HRX7LMGaIt5dCzrjAlpLj1tx0p9uhvq5P/LBpuaHmRk1n2nb63wdqkOlkZY15Fe+VE4YF8tbX6XelfeFX9xd347/96A==,iv:j5QmvKK5BQxnwO2Z2cCd+skxK4dH7qIHOH7sX0q4VYs=,tag:RyTMZNMfCAmgfki9xYv61w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0LzBjYnZBbWZicGN1YlFK
+            bjR0aHkvL3N0RXpLcXFXbVpNY1ovV2xBU1FJCkFBZ1JVbk9ROEw5a2pIVVdabmla
+            REtLRUlHSjFUVVFET3orMkhaKzQ4YVEKLS0tIERXaTJzRWMyUWcwb3NUREszbG5j
+            R2dBRU1oY1RVQnQzSFREWW8rbmszU0EKliqft7wFfJT95O4akHvLx/dLGVVLkqlG
+            y0ClO2nT3FiA8Ajyrdz87pPsBiRNyIlNeER/FhY2IMMKcBP3fE/6dA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jggd0cqn7c3ajqphnd0tt7kud3tqdz6uv3mkghhkzdtf4f0xrp2qtuvsks
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQy9GRURacHhOM0h1bmFF
+            TXoyWGdabEYxYjFHaWdTRE9TWmtjdHZDZkNjCmtQZ29xenRJWGhUWmxtVTdZVGY1
+            VXFYbjZEVFlxQjRueHE2QytobkU0TGMKLS0tIGNxcHplS3k5WjMzdGI0YzljQ0FL
+            U0hyYmh6WVRoZU9BbXFCc3NCdXQ0VXMKnlqD0FWix3qBQN5VpIaY0EG9VELS25qI
+            yzygv1MENSA+FMQnRhNfk/lokvLaIJVQqZATxUBZF0aPmzCDisV7RQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-03T18:26:59Z"
+    mac: ENC[AES256_GCM,data:o/FchUUVE+iNrlirwcHBDspkxEAd/Udy15Fkj5aF8en1CfQfLzl94JTjPDbvzRIRxb6ToBMje1KMUew1rYP76o3MJfI76UfgsrJFdaBLL1ukxYOk7ZssFb/uas56QR+wabOO3QdNPqPVhqWMTE17+JqFLxuANJes8S2MvUfD6gY=,iv:82vLA5ywDQqN269Xm9RH8rblXU0qeA2cI+NmXlRXa2I=,tag:NsJGmnwkjLd4ztZT1TzC9g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

machines/fujin/main/sops.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    age = {
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      keyFile = "/var/lib/sops-nix/keys.txt";
+      generateKey = true;
+    };
+  };
+}

machines/fujin/minimal/default.nix

@@ -0,0 +1,32 @@
+{ inputs, config, lib, pkgs, username, extraHomeModules, ... }:
+
+{
+  imports = [
+    ../../minimal.nix
+    ../hardware-configuration.nix
+    ../disko-config.nix
+
+  ];
+
+  users.users.${username} = {
+    description = "NixOS Omen Laptop";
+    hashedPassword =
+      "$6$5xuxfP8HapkkyDa5$qr2wkpibMaNSIiJIPojWC4CO1X31HNJZEfmYfReYrwOSoflf0rMrQk.EZj5uzh/K/NalQMnCiDcmvFBuf9a5p0";
+    packages = with pkgs; [ ];
+  };
+
+  ###
+  # Home Manger configuration
+  ###
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs username; };
+
+    users."${username}" = { imports = [ ./home.nix ] ++ extraHomeModules; };
+  };
+
+  # DO NOT CHANGE AT ANY POINT!
+  system.stateVersion = "25.11";
+}

machines/fujin/minimal/home.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, username, ... }:
+
+{
+  home = {
+    stateVersion = "25.11";
+    username = username;
+    homeDirectory = "/home/${username}";
+  };
+
+  dov = {
+    shell = {
+      zsh = {
+        enable = true;
+        shellAliases = {
+          ll = "eza -al";
+          sc = "source $HOME/.zshrc";
+          psax = "ps ax | grep";
+          cp = "rsync -ah --progress";
+        };
+      };
+    };
+  };
+
+  programs.home-manager.enable = true;
+
+  home.packages = with pkgs; [
+    eza
+  ];
+}

machines/minimal.nix

@@ -0,0 +1,90 @@
+{ inputs, config, lib, pkgs, username, ... }:
+
+let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+in {
+
+  users.mutableUsers = false;
+
+  users.users.${username} = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com"
+    ];
+
+    shell = pkgs.zsh;
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    ripgrep
+  ];
+
+  programs = {
+    zsh.enable = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      # Opinionated: forbid root login through SSH.
+      PermitRootLogin = "no";
+      # Opinionated: use keys only.
+      # Remove if you want to SSH using passwords
+      PasswordAuthentication = false;
+    };
+  };
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [ ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Opinionated: disable global registry
+      flake-registry = "";
+
+      # Allow user to reubild nixos without sudo
+      trusted-users = [ "root" username ];
+    };
+    # Opinionated: disable channels
+    channel.enable = false;
+
+    # Opinionated: make flake registry and nix path match flake inputs
+    registry = lib.mkDefault (lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs);
+    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.useOSProber = true;
+
+  time.timeZone = "Europe/Warsaw";
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+
+    extraLocaleSettings = {
+      LC_ADDRESS = "en_GB.UTF-8";
+      LC_IDENTIFICATION = "en_GB.UTF-8";
+      LC_MEASUREMENT = "en_GB.UTF-8";
+      LC_MONETARY = "en_GB.UTF-8";
+      LC_NAME = "en_GB.UTF-8";
+      LC_NUMERIC = "en_GB.UTF-8";
+      LC_PAPER = "en_GB.UTF-8";
+      LC_TELEPHONE = "en_GB.UTF-8";
+      LC_TIME = "en_GB.UTF-8";
+    };
+  };
+
+  security.rtkit.enable = true;
+}

machines/susano/default.nix

@@ -132,7 +132,6 @@ in {
   ###
   # My Services
   ###
-
   dov = {
     # Reverse Proxy
     reverse-proxy = {