Fix everything.

host/default.nix

@@ -1,19 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./disko
-    ./hardware
-    ../modules/system
-  ];
-
-  networking = {
-    hostName = "rubble";
-    hostId = "e0b1fcef";
-  };
-
-  system = {
-    extlinux.enable = true;
-    wireless.enable = true;
-    stateVersion = "24.11";
-  };
-}

modules/system/accounts/users/custom/jules/default.nix

@@ -1,48 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  options.sysusers = lib.mkOption {
-    type = lib.types.attrs;
-  };
-
-  config = {
-    sysusers.main = "jimbo";
-
-    users.users."${config.sysusers.main}" = {
-      hashedPassword = config.secrets.mainAccPass;
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [
-        ../../../../../../hosts/tower/id_ed25519.pub
-
-        ../../../../../../hosts/envy/id_ed25519.pub
-        ../../../../../../hosts/redmond/id_ed25519.pub
-
-        ../../../../../../hosts/kitty/id_ed25519.pub
-        ../../../../../../hosts/midas/id_ed25519.pub
-        ../../../../../../hosts/prophet/id_ed25519.pub
-        ../../../../../../hosts/rubble/id_ed25519.pub
-      ];
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
-      ];
-      extraGroups = [
-        "wheel"
-        "audio"
-        "video"
-        "input"
-        "disk"
-        "dialout"
-        "rtkit"
-        "kvm"
-        "libvirtd"
-        "qemu-libvirtd"
-        "nginx"
-        "minecraft"
-        "nfsShare"
-      ];
-      uid = 1000;
-      shell = pkgs.zsh;
-    };
-
-    home-manager.users."${config.sysusers.main}" = import ../../../../../home;
-  };
-}

modules/system/accounts/users/custom/main/default.nix

@@ -1,38 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  options.sysusers = lib.mkOption {
-    type = lib.types.attrs;
-  };
-
-  config = {
-    sysusers.main = "jimbo";
-
-    users.users."${config.sysusers.main}" = {
-      hashedPassword = config.secrets.mainAccPass;
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
-	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
-      ];
-      extraGroups = [
-        "wheel"
-        "audio"
-        "video"
-        "input"
-        "disk"
-        "dialout"
-        "rtkit"
-        "kvm"
-        "libvirtd"
-        "qemu-libvirtd"
-        "nginx"
-        "nfsShare"
-      ];
-      uid = 1000;
-      shell = pkgs.zsh;
-    };
-
-    home-manager.users."${config.sysusers.main}" = import ../../../../../home;
-  };
-}

modules/system/default.nix

@@ -1,16 +0,0 @@
-{ lib, ... }:
-{
-  imports = [
-    ./accounts
-    ./devices
-    ./programs
-    ./secrets
-    ./services
-    ./settings
-  ];
-
-  options.system = with lib; {
-    desktop.enable = lib.mkEnableOption "Enable desktop apps and services";
-    server.enable = lib.mkEnableOption "Enable server apps and services";
-  };
-}

modules/system/devices/boot/extlinux/default.nix

@@ -1,10 +0,0 @@
-{ config, lib, ... }:
-{
-  options.system.extlinux.enable = lib.mkEnableOption "Enable extlinux";
-
-  config.boot.loader = lib.mkIf config.system.extlinux.enable {
-    grub.enable = false;
-    systemd-boot.enable = lib.mkForce false;
-    generic-extlinux-compatible.enable = true;
-  };
-}

modules/system/devices/disks/impermanence/main/default.nix

@@ -1,46 +0,0 @@
-{ config, ... }:
-{
-  environment.persistence."/persist" = {
-    hideMounts = true;
-    users.${config.sysusers.main} = {
-      directories = [
-        "Keepers"
-        "Documents"
-        "Pictures"
-        "Videos"
-        "Games"
-        "VMs"
-
-        ".snapshots"
-        ".mozilla"
-        ".thunderbird"
-
-        ".config/blender"
-        ".config/dconf"
-        ".config/vesktop"
-        ".config/sunshine"
-        ".config/heroic"
-        ".config/obs-studio"
-
-        ".local/share/mpd"
-        ".local/share/nvim/undo"
-        ".local/share/PrismLauncher"
-        ".local/share/Steam"
-        ".local/share/TelegramDesktop"
-
-        ".local/state/wireplumber"
-
-        ".cache/nix-index"
-
-        { directory = ".ssh"; mode = "0700"; }
-        { directory = ".gnupg"; mode = "0700"; }
-        { directory = ".local/share/keyrings"; mode = "0700"; }
-      ];
-      files = [
-        ".zsh_history"
-        ".local/state/lazygit/state.yml"
-        ".local/share/applications" # Create directory so nothing generates inside of it
-      ];
-    };
-  };
-}

modules/system/devices/networking/wireless/default.nix

@@ -1,13 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  options.system.wireless.enable = lib.mkEnableOption "Enable wireless stack";
-
-  config = lib.mkIf config.system.wireless.enable {
-    networking.wireless.iwd.enable = true;
-
-    environment = {
-      systemPackages = with pkgs; [ impala ];
-      persistence."/persist".directories = [ "/var/lib/iwd/" ];
-    };
-  };
-}

modules/system/secrets/default.nix

@@ -1,29 +0,0 @@
-{ config, lib, ... }:
-{
-  options.secrets = lib.mkOption {
-    type = lib.types.attrs;
-  };
-
-  config.secrets = {
-    # User passwords, generated with 'mkpasswd -m sha-512'
-    mainAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
-
-    # Initial password for apps that ask for it
-    initialPass = "changeme";
-
-    # Cloudflare API key
-    flareApiKey = "CLOUDFLARE_API_TOKEN=changeme";
-
-    # Matrix secrets
-    matrixSecret = "changeme";
-    coturnSecret = "changeme";
-
-    # Transmission credentials, plaintext
-    transmissionCredFile = ''
-      {
-        "rpc-username": "jimbo",
-        "rpc-password": "changeme"
-      }
-    '';
-  };
-}

modules/system/settings/security/default.nix

@@ -1,8 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./apparmor
-    ./polkit
-    ./privilege
-  ];
-}

modules/system/settings/security/polkit/default.nix

@@ -1,7 +0,0 @@
-{ config, lib, ... }:
-{
-  security = lib.mkIf config.system.desktop.enable {
-    polkit.enable = true;
-    rtkit.enable = true;
-  };
-}

system/accounts/users/custom/default.nix

@@ -1,7 +1,9 @@
 { home-manager, ... }:
 {
   imports = [
-    ./main
+    ./jules
+    ./jimbo
+
     home-manager.nixosModules.home-manager
   ];
 }

system/accounts/users/custom/jimbo/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+{
+  users.users.jimbo = {
+    hashedPassword = config.secrets.mainAccPass;
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
+    ];
+    extraGroups = [
+      "wheel"
+      "input"
+      "disk"
+      "dialout"
+      "kvm"
+      "libvirtd"
+      "qemu-libvirtd"
+      "nginx"
+      "nfsShare"
+    ];
+    uid = 1000;
+    shell = pkgs.zsh;
+  };
+
+  home-manager.users.jimbo = import ../../../../../home/jimbo;
+}

system/accounts/users/custom/jules/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+{
+  users.users.jules = {
+    hashedPassword = config.secrets.mainAccPass;
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwxJcAWuHkKy/Ar37aIoqg34CDcZu7/bh978nYkOgzj jules@jules-pc"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOszCNP+6rkIS75GyFVhn9o6QpUuGdx/J4rjzROrpSl jules@xeta"
+    ];
+    extraGroups = [
+      "wheel"
+      "input"
+      "disk"
+      "dialout"
+      "kvm"
+      "libvirtd"
+      "qemu-libvirtd"
+      "nginx"
+      "nfsShare"
+    ];
+    uid = 1001;
+    shell = pkgs.fish;
+  };
+
+  #home-manager.users.jimbo = import ../../../../../home/jimbo;
+}

system/default.nix

@@ -0,0 +1,24 @@
+{ lib, ... }:
+{
+  imports = [
+    ./accounts
+    ./devices
+    ./programs
+    ./secrets
+    ./services
+    ./settings
+  ];
+
+  options.system = with lib; {
+    server.enable = mkEnableOption "Enable server apps and services";
+  };
+
+  config = {
+    networking = {
+      hostName = "rubble";
+      hostId = "e0b1fcef";
+    };
+
+    system.stateVersion = "24.11";
+  };
+}

system/devices/boot/extlinux/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  boot.loader = {
+    grub.enable = false;
+    systemd-boot.enable = false;
+    generic-extlinux-compatible.enable = true;
+  };
+}

system/devices/default.nix

@@ -3,6 +3,7 @@
   imports = [
     ./boot
     ./disks
+    ./hardware
     ./networking
   ];
 }

system/devices/disks/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./disko
     ./filesystems
     ./immutable
     ./impermanence

system/devices/disks/disko/default.nix

@@ -68,8 +68,12 @@
                   mountOptions = [ "compress=zstd" "noatime" "ssd" ];
                 };
                 "/persist/.snapshots" = { };
-                "/persist/home/${config.sysusers.main}" = { };
+
-                "/persist/home/${config.sysusers.main}/.snapshots" = { };
+                "/persist/home/jules" = { };
+                "/persist/home/jules/.snapshots" = { };
+
+                "/persist/home/jimbo" = { };
+                "/persist/home/jimbo/.snapshots" = { };
               };
             };
           };

system/devices/disks/impermanence/default.nix

@@ -1,8 +1,10 @@
 { impermanence, ... }:
 {
   imports = [
-    ./main
+    ./jules
+    ./jimbo
     ./root
+
     impermanence.nixosModules.impermanence
   ];
 }

system/devices/disks/impermanence/jimbo/default.nix

@@ -0,0 +1,26 @@
+{ config, ... }:
+{
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    users.jimbo = {
+      directories = [
+        "Keepers"
+        "Documents"
+        "Pictures"
+        "Videos"
+        "Games"
+        "VMs"
+
+        ".snapshots"
+        ".cache/nix-index"
+
+        { directory = ".ssh"; mode = "0700"; }
+        { directory = ".gnupg"; mode = "0700"; }
+      ];
+      files = [
+        ".zsh_history"
+        ".local/state/lazygit/state.yml"
+      ];
+    };
+  };
+}

system/devices/disks/impermanence/jules/default.nix

@@ -0,0 +1,26 @@
+{ config, ... }:
+{
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    users.jules = {
+      directories = [
+        "Keepers"
+        "Documents"
+        "Pictures"
+        "Videos"
+        "Games"
+        "VMs"
+
+        ".snapshots"
+        ".cache/nix-index"
+
+        { directory = ".ssh"; mode = "0700"; }
+        { directory = ".gnupg"; mode = "0700"; }
+      ];
+      files = [
+        ".zsh_history"
+        ".local/state/lazygit/state.yml"
+      ];
+    };
+  };
+}

system/devices/disks/snapper/default.nix

@@ -1,7 +1,8 @@
 { ... }:
 {
   imports = [
-    ./main
+    ./jules
+    ./jimbo
     ./root
   ];
 

system/devices/disks/snapper/jimbo/default.nix

@@ -1,7 +1,7 @@
 { config, lib, ... }:
 {
-  services.snapper.configs.${config.sysusers.main} = lib.mkIf config.environment.persistence."/persist".enable {
+  services.snapper.configs.jimbo = lib.mkIf config.environment.persistence."/persist".enable {
-    SUBVOLUME = "/persist/home/${config.sysusers.main}";
+    SUBVOLUME = "/persist/home/jimbo";
     TIMELINE_CREATE = true;
     TIMELINE_CLEANUP = true;
     TIMELINE_LIMIT_DAILY = 1;

system/devices/disks/snapper/jules/default.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+{
+  services.snapper.configs.jules = lib.mkIf config.environment.persistence."/persist".enable {
+    SUBVOLUME = "/persist/home/jules";
+    TIMELINE_CREATE = true;
+    TIMELINE_CLEANUP = true;
+    TIMELINE_LIMIT_DAILY = 1;
+    TIMELINE_LIMIT_WEEKLY = 1;
+    TIMELINE_LIMIT_MONTHLY = 0;
+    TIMELINE_LIMIT_YEARLY = 0;
+  };
+}

system/devices/networking/default.nix

@@ -1,9 +1,10 @@
 { config, ... }:
 {
-  imports = [ ./wireless ];
-
   networking = {
-    wireless.enable = false;
+    wireless = {
+      enable = false;
+      iwd.enable = true;
+    };
     dhcpcd.enable = true;
     nftables.enable = true;
     firewall.allowPing = false;
@@ -21,4 +22,9 @@
     fallbackDns = config.networking.nameservers;
     dnsovertls = "true";
   };
+
+  environment = {
+    systemPackages = with pkgs; [ impala ];
+    persistence."/persist".directories = [ "/var/lib/iwd/" ];
+  };
 }

system/programs/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./doas
     ./git
     ./home-manager
     ./shells

system/programs/doas/default.nix

@@ -13,4 +13,6 @@
       ];
     };
   };
+
+  environment.systemPackages = with pkgs; [ doas-sudo-shim ];
 }

system/services/general/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./apparmor
     ./earlyoom
     ./libvirtd
     ./snowflake