Alright this ain't finished cause of the home stuff but I don't wanna lose what I've done. Impermanence, disko, lots of changes. TODO: add modularity to home.

modules/system/devices/audio/default.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+  services.pipewire = {
+    enable = true;
+    wireplumber = {
+      enable = true;
+      configPackages = [
+        (pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" ''
+          wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false }
+        '')
+      ];
+    };
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+    pulse.enable = true;
+    #jack.enable = true;
+  };
+}

modules/system/devices/default.nix

@@ -1,10 +1,11 @@
 { ... }:
 {
   imports = [
+    ./audio
     ./bluetooth
     ./filesystems
+    ./impermanence
     ./networking
-    ./pipewire
     ./printing
     ./udev
     ./video

modules/system/devices/impermanence/default.nix

@@ -0,0 +1,8 @@
+{ impermanence, ... }:
+{
+  imports = [
+    ./root
+    ./jimbo
+    impermanence.nixosModules.impermanence
+  ];
+}

modules/system/devices/impermanence/jimbo/default.nix

@@ -0,0 +1,37 @@
+{ ... }:
+{
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    users.jimbo = {
+      directories = [
+        "Downloads"
+        "Documents"
+        "Games"
+        "Pictures"
+        "Videos"
+        ".snapshots"
+        ".mozilla"
+        ".thunderbird"
+
+        ".config/blender"
+        ".config/vesktop"
+        ".config/sunshine"
+        ".config/heroic"
+        ".config/obs-studio"
+
+        ".local/share/nvim/undo"
+        ".local/share/fractal"
+        ".local/share/PrismLauncher"
+        ".local/share/Steam"
+
+        { directory = ".ssh"; mode = "0700"; }
+        { directory = ".gnupg"; mode = "0700"; }
+        { directory = ".local/share/keyrings"; mode = "0700"; }
+      ];
+      files = [
+        ".zsh_history"
+        ".local/share/clipman.json"
+      ];
+    };
+  };
+}

modules/system/devices/impermanence/root/default.nix

@@ -0,0 +1,24 @@
+{ ... }:
+{
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/etc/secureboot"
+
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/mpd"
+      "/var/lib/nixos"
+      "/var/lib/fail2ban"
+      "/var/lib/systemd/coredump"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+  };
+}

modules/system/devices/networking/default.nix

@@ -4,5 +4,9 @@
     wireless.enable = false;
     dhcpcd.enable = true;
     nftables.enable = true;
+    nameservers = [
+      "1.1.1.1"
+      "1.1.1.2"
+    ];
   };
 }

modules/system/devices/networking/wireguard/pc/default.nix

@@ -1,22 +1,22 @@
 { config, ... }:
 {
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ];
-  };
+  networking = {
+    firewall.allowedUDPPorts = [ 51820 ];
 
-  networking.wireguard.interfaces = {
-    "${config.ips.wgInt}" = {
-      # Define IP of client in per device config
-      listenPort = 51820;
-      privateKey = config.secrets.wgClientPriv;
-      peers = [
-        {
-          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-          allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.domains.jim1}:51820";
-          persistentKeepalive = 25;
-        }
-      ];
+    wireguard.interfaces = {
+      "${config.ips.wgInt}" = {
+        # Define IP of client in per device config
+        listenPort = 51820;
+        privateKey = config.secrets.wgClientPriv;
+        peers = [
+          { # NixOS Server
+            publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
+            allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
+            endpoint = "sv.${config.domains.jim1}:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
     };
   };
 }

modules/system/devices/networking/wireguard/server/default.nix

@@ -6,12 +6,10 @@
       externalInterface = "${config.ips.netInt}";
       internalInterfaces = [ "${config.ips.wgInt}" ];
     };
-    firewall.allowedUDPPorts = [ 51820 ];
-  };
 
-  networking.wireguard = {
-    enable = true;
-    interfaces = {
+    firewall.allowedUDPPorts = [ 51820 ];
+
+    wireguard.interfaces = {
       "${config.ips.wgInt}" = {
         ips = [ "${config.ips.wgSpan}.1/24" ];
         listenPort = 51820;

modules/system/devices/networking/wireless/default.nix

@@ -5,7 +5,5 @@
     enableB43Firmware = true;
   };
 
-  environment.systemPackages = with pkgs; [
-    unstable.impala
-  ];
+  environment.systemPackages = with pkgs; [ unstable.impala ];
 }

modules/system/devices/pipewire/default.nix

@@ -1,23 +0,0 @@
-{ pkgs, ... }:
-{
-  services = {
-    pipewire = {
-      enable = true;
-      audio.enable = true;
-      wireplumber = {
-        enable = true;
-        configPackages = [(
-	  pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" ''
-            wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false }
-          ''
-	)];
-      };
-      alsa = {
-        enable = true;
-        support32Bit = true;
-      };
-      pulse.enable = true;
-      #jack.enable = true;
-    };
-  };
-}

modules/system/devices/printing/default.nix

@@ -3,7 +3,7 @@
   services = {
     printing = {
       enable = true;
-      drivers = with pkgs; [hplip];
+      drivers = with pkgs; [ hplip ];
       webInterface = false;
     };
     avahi = {

modules/system/devices/udev/oculus/default.nix

@@ -7,8 +7,6 @@
       destination = "/etc/udev/rules.d/10-oculus.rules";
     };
   in {
-    packages = [
-      oculusRules
-    ];
+    packages = [ oculusRules ];
   };
 }

modules/system/devices/udev/pdp/default.nix

@@ -7,8 +7,6 @@
       destination = "/etc/udev/rules.d/10-pdp.rules";
     };
   in {
-    packages = [
-      pdpRules
-    ];
+    packages = [ pdpRules ];
   };
 }