Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options

modules/system/devices/disks/filesystems/btrfs/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  services.btrfs.autoScrub.enable = true;
-}

modules/system/devices/disks/filesystems/default.nix

@@ -1,12 +1,12 @@
 { lib, ... }:
 {
-  imports = [
-    ./btrfs
-    ./fstrim
-  ];
-
   boot.supportedFilesystems = {                             
     ntfs = true;
     zfs = lib.mkForce false;
   };
+
+  services = {
+    btrfs.autoScrub.enable = true;
+    fstrim.enable = true;
+  };
 }

modules/system/devices/disks/filesystems/fstrim/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  services.fstrim.enable = true;
-}

modules/system/devices/disks/immutable/default.nix

@@ -1,4 +1,5 @@
 { ... }:
 {
   system.etc.overlay.mutable = false;
+  boot.tmp.cleanOnBoot = true;
 }

modules/system/devices/udev/default.nix

@@ -1,7 +1,7 @@
 { ... }:
 {
   imports = [
-    ./pdp
     ./oculus
+    ./pdp
   ];
 }

modules/system/devices/video/nouveau/default.nix

@@ -1,11 +1,9 @@
 { lib, pkgs, config, ... }:
 {
-  options.system.video.nouveau = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable the open-source Nouveau driver";
-    };
+  options.system.video.nouveau.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Enable the open-source Nouveau driver";
   };
 
   config = lib.mkIf config.system.video.nouveau.enable {

modules/system/devices/video/nvidia/default.nix

@@ -1,11 +1,9 @@
 { lib, pkgs, config, ... }:
 {
-  options.system.video.nvidia = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable the proprietary Nvidia stack";
-    };
+  options.system.video.nvidia.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Enable the proprietary Nvidia stack";
   };
 
   config = lib.mkIf config.system.video.nvidia.enable {

modules/system/options/default.nix

@@ -1,17 +1,15 @@
 { lib, ... }:
 with lib; {
-  options = {
-    system = {
-      desktop.enable = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Enable desktop apps and services";
-      };
-      server.enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Enable server services";
-      };
+  options.system = {
+    desktop.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable desktop apps and services";
+    };
+    server.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable server services";
     };
   };
 }

modules/system/programs/appimage/default.nix

@@ -1,7 +0,0 @@
-{ config, ... }:
-{
-  programs.appimage = {
-    enable = config.system.desktop.enable;
-    binfmt = config.system.desktop.enable;
-  };
-}

modules/system/programs/default.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   imports = [
-    ./appimage
     ./backlights
     ./dconf
     ./gaming

modules/system/services/general/ssh/default.nix

@@ -9,6 +9,7 @@
       PrintLastLog = "no";
       PasswordAuthentication = false;
       UsePAM = false;
+      X11Forwarding = false;
     };
   };