More server changes and generalization of the waybar

modules/system/accounts/users/jimbo/default.nix

@@ -1,41 +1,39 @@
 { pkgs, config, ... }:
 {
-  users.users = {
-    jimbo = {
-      description = "Jimbo";
-      hashedPassword = config.secrets.jimboAccPass;
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        (builtins.readFile ../../../../../hosts/tower/id_ed25519.pub)
+  users.users.jimbo = {
+    description = "Jimbo";
+    hashedPassword = config.secrets.jimboAccPass;
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ../../../../../hosts/tower/id_ed25519.pub)
 
-        (builtins.readFile ../../../../../hosts/axolotl/id_ed25519.pub)
-        (builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub)
-        (builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/axolotl/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub)
 
-        (builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub)
-        (builtins.readFile ../../../../../hosts/xenia/id_ed25519.pub)
-        (builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/xenia/id_ed25519.pub)
+      (builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub)
 
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
-      ];
-      extraGroups = [
-        "wheel"
-        "audio"
-        "video"
-        "input"
-        "disk"
-        "dialout"
-        "rtkit"
-        "kvm"
-        "libvirtd"
-        "qemu-libvirtd"
-        "nginx"
-        "minecraft"
-        "nfsShare"
-      ];
-      uid = 1000;
-      shell = pkgs.zsh;
-    };
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
+    ];
+    extraGroups = [
+      "wheel"
+      "audio"
+      "video"
+      "input"
+      "disk"
+      "dialout"
+      "rtkit"
+      "kvm"
+      "libvirtd"
+      "qemu-libvirtd"
+      "nginx"
+      "minecraft"
+      "nfsShare"
+    ];
+    uid = 1000;
+    shell = pkgs.zsh;
   };
 
   home-manager.users.jimbo = import ../../../../home;

modules/system/devices/audio/default.nix

@@ -1,20 +1,22 @@
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 {
-  services.pipewire = {
-    enable = config.system.desktop.enable;
-    wireplumber = {
+  config = lib.mkIf config.system.desktop.enable {
+    services.pipewire = {
       enable = true;
-      configPackages = [
-        (pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" ''
-          wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false }
-        '')
-      ];
+      wireplumber = {
+        enable = true;
+        configPackages = [
+          (pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" ''
+            wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false }
+          '')
+        ];
+      };
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      pulse.enable = true;
+      #jack.enable = true;
     };
-    alsa = {
-      enable = true;
-      support32Bit = true;
-    };
-    pulse.enable = true;
-    #jack.enable = true;
   };
 }

modules/system/programs/backlights/default.nix

@@ -1,7 +1,9 @@
-{ config, ... }:
+{ lib, config, ... }:
 {
-  programs = {
-    light.enable = config.system.desktop.enable;
-    kbdlight.enable = config.system.desktop.enable;
+  config = lib.mkIf config.system.desktop.enable {
+    programs = {
+      light.enable = true;
+      kbdlight.enable = true;
+    };
   };
 }

modules/system/programs/desktops/default.nix

@@ -1,17 +1,19 @@
 { config, lib, ... }:
 {
-  programs = {
-    sway.enable = config.system.desktop.enable;
-    niri.enable = config.system.desktop.enable;
-    hyprland.enable = config.system.desktop.enable;
-    xwayland.enable = lib.mkForce true;
-  };
+  config = lib.mkIf config.system.desktop.enable {
+    programs = {
+      sway.enable = true;
+      niri.enable = true;
+      hyprland.enable = true;
+      xwayland.enable = lib.mkForce true;
+    };
 
-  environment.sessionVariables = {
-    WLR_RENDERER = "vulkan";
-    NIXOS_OZONE_WL = "1";
-  };
+    environment.sessionVariables = {
+      WLR_RENDERER = "vulkan";
+      NIXOS_OZONE_WL = "1";
+    };
 
-  services.dbus.enable = config.system.desktop.enable;
-  security.pam.services.swaylock = {};
+    services.dbus.enable = true;
+    security.pam.services.swaylock = {};
+  };
 }

modules/system/programs/gaming/default.nix

@@ -1,9 +1,11 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
-  programs.gamemode = {
-    enable = config.system.desktop.enable;
-    settings.general.renice = 10;
-  };
+  config = lib.mkIf config.system.desktop.enable {
+    programs.gamemode = {
+      enable = true;
+      settings.general.renice = 10;
+    };
 
-  hardware.steam-hardware.enable = config.system.desktop.enable;
+    hardware.steam-hardware.enable = config.system.desktop.enable;
+  };
 }

modules/system/services/general/displaymanager/default.nix

@@ -1,34 +1,36 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
-  services.greetd = {
-    enable = config.system.desktop.enable;
-    restart = true;
-    settings = {
-      terminal = {
-        vt = 2;
-        switch = true;
+  config = lib.mkIf config.system.desktop.enable {
+    services.greetd = {
+      enable = true;
+      restart = true;
+      settings = {
+        terminal = {
+          vt = 2;
+          switch = true;
+        };
+        default_session.command = ''
+          ${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --user-menu --asterisks --sessions /etc/greetd/environments
+        '';
       };
-      default_session.command = ''
-        ${pkgs.greetd.tuigreet}/bin/tuigreet --remember --remember-user-session --user-menu --asterisks --sessions /etc/greetd/environments
+    };
+
+    environment.etc = {
+      "greetd/environments/sway.desktop".text = ''
+        [Desktop Entry]
+        Name=Sway
+        Exec=sway --unsupported-gpu
+      '';
+      "greetd/environments/niri.desktop".text = ''
+        [Desktop Entry]
+        Name=Niri
+        Exec=niri-session
+      '';
+      "greetd/environments/hyprland.desktop".text = ''
+        [Desktop Entry]
+        Name=Hyprland
+        Exec=Hyprland
       '';
     };
   };
-
-  environment.etc = {
-    "greetd/environments/sway.desktop".text = ''
-      [Desktop Entry]
-      Name=Sway
-      Exec=sway --unsupported-gpu
-    '';
-    "greetd/environments/niri.desktop".text = ''
-      [Desktop Entry]
-      Name=Niri
-      Exec=niri-session
-    '';
-    "greetd/environments/hyprland.desktop".text = ''
-      [Desktop Entry]
-      Name=Hyprland
-      Exec=Hyprland
-    '';
-  };
 }

modules/system/services/general/gvfs/default.nix

@@ -1,7 +1,7 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
-  services = {
-    gvfs.enable = config.system.desktop.enable;
-    udisks2.enable = config.system.desktop.enable;
+  services = lib.mkIf config.system.desktop.enable {
+    gvfs.enable = true;
+    udisks2.enable = true;
   };
 }

modules/system/services/general/portals/default.nix

@@ -1,17 +1,19 @@
 { config, pkgs, lib, ... }:
 {
-  xdg.portal = {
-    wlr = {
-      enable = lib.mkForce config.system.desktop.enable;
-      settings.screencast = {
-        max_fps = 60;
-        chooser_type = "simple";
-        chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099";
+  config = lib.mkIf config.system.desktop.enable {
+    xdg.portal = {
+      wlr = {
+        enable = lib.mkForce true;
+        settings.screencast = {
+          max_fps = 60;
+          chooser_type = "simple";
+          chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099";
+        };
       };
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-gnome
+        xdg-desktop-portal-hyprland
+      ];
     };
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-gnome
-      xdg-desktop-portal-hyprland
-    ];
   };
 }

modules/system/services/general/tlp/default.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ ... }:
 {
   services.tlp.enable = true;
 }

modules/system/services/server/fileserver/local/samba/default.nix

@@ -20,7 +20,7 @@
 
     # Advertise to Windows
     samba-wsdd = {
-      enable = config.system.server.enable;
+      enable = config.services.samba.enable;
       openFirewall = true;
     };
   };

modules/system/services/server/fileserver/public/default.nix

@@ -1,7 +1,4 @@
 { ... }:
 {
-  imports = [
-    ./nextcloud
-    ./photoprism
-  ];
+  imports = [ ./nextcloud ];
 }

modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix

@@ -1,6 +1,6 @@
-{ config, ... }:
+{ lib, config, ... }:
 {
-  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+  services.nginx.virtualHosts."cloud.${config.domains.jim1}" = lib.mkIf config.services.nextcloud.enable {
     enableACME = true;
     addSSL = true;
     onlySSL = true;

modules/system/services/server/fileserver/public/photoprism/default.nix

@@ -1,22 +0,0 @@
-{ config, ... }:
-{
-  imports = [ ./nginx ];
-
-  services.photoprism = {
-    enable = config.system.server.enable;
-    port = 2342;
-    originalsPath = "/var/lib/private/photoprism/originals";
-    address = "0.0.0.0";
-    settings = {
-      PHOTOPRISM_ADMIN_USER = "jimbo";
-      PHOTOPRISM_ADMIN_PASSWORD = "${config.secrets.prismAdminPass}";
-      PHOTOPRISM_DEFAULT_LOCALE = "en";
-      PHOTOPRISM_DATABASE_DRIVER = "mysql";
-      PHOTOPRISM_DATABASE_NAME = "photoprism";
-      PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
-      PHOTOPRISM_DATABASE_USER = "photoprism";
-      PHOTOPRISM_SITE_URL = "https://gallery.${config.domains.jim1}";
-      PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
-    };
-  };
-}

modules/system/services/server/fileserver/public/photoprism/nginx/default.nix

@@ -1,11 +0,0 @@
-{ config, ... }:
-{
-  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:2342";
-      proxyWebsockets = true;
-    };
-  };
-}

modules/system/services/server/forgejo/default.nix

@@ -2,33 +2,33 @@
 {
   imports = [ ./nginx ];
 
-  services.forgejo = {
-    enable = config.system.server.enable;
-    settings = {
-      server = {
-        DOMAIN = "git.${config.domains.jim1}";
-        ROOT_URL = "https://git.${config.domains.jim1}:443";
-        HTTP_PORT = 3110;
-        SSH_PORT = 2299;
-        START_SSH_SERVER = true;
-      };
-      ui = {
-        DEFAULT_THEME = "forgejo-dark";
-      };
-      mailer = {
-        ENABLED = true;
-        SMTP_ADDR = "mx.${config.domains.jim1}";
-        FROM = "Jimbo's Git <noreply@${config.domains.jim1}>";
-        USER = "noreply@${config.domains.jim1}";
-        PASSWD = config.secrets.noreplyPassword;
-        PROTOCOL = "smtps";
-      };
-      service = {
-        REGISTER_EMAIL_CONFIRM = true;
-        DISABLE_REGISTRATION = true;
+  config = lib.mkIf config.system.server.enable {
+    services.forgejo = {
+      enable = true;
+      settings = {
+        server = {
+          DOMAIN = "git.${config.domains.jim1}";
+          ROOT_URL = "https://git.${config.domains.jim1}:443";
+          HTTP_PORT = 3110;
+          SSH_PORT = 2299;
+          START_SSH_SERVER = true;
+        };
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "mx.${config.domains.jim1}";
+          FROM = "Jimbo's Git <noreply@${config.domains.jim1}>";
+          USER = "noreply@${config.domains.jim1}";
+          PASSWD = config.secrets.noreplyPassword;
+          PROTOCOL = "smtps";
+        };
+        service = {
+          REGISTER_EMAIL_CONFIRM = true;
+          DISABLE_REGISTRATION = true;
+        };
+        ui.DEFAULT_THEME = "forgejo-dark";
       };
     };
-  };
 
-  networking.firewall.allowedTCPPorts = [ 2299 ];
+    networking.firewall.allowedTCPPorts = [ 2299 ];
+  };
 }

modules/system/services/server/forgejo/nginx/default.nix

@@ -1,6 +1,6 @@
-{ config, ... }:
+{ lib, config, ... }:
 {
-  services.nginx.virtualHosts."git.${config.domains.jim1}" =  {
+  services.nginx.virtualHosts."git.${config.domains.jim1}" = lib.mkIf config.services.forgejo.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {

modules/system/services/server/icecast/nginx/default.nix

@@ -1,6 +1,6 @@
-{ config, ... }:
+{ lib, config, ... }:
 {
-  services.nginx.virtualHosts."icecast.${config.domains.jim1}" =  {
+  services.nginx.virtualHosts."icecast.${config.domains.jim1}" = lib.mkIf services.icecast.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {

modules/system/services/server/mailserver/simplenix/default.nix

@@ -6,7 +6,7 @@
   ];
 
   mailserver = rec {
-    enable = config.system.mailserver.enable;
+    enable = true;
     domains = [
       "${config.domains.jim1}"
       "${config.domains.jim2}"

modules/system/services/server/snowflake/default.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  services.snowflake-proxy.enable = true;
+}

modules/system/settings/security/polkit/default.nix

@@ -1,7 +1,7 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
-  security = {
-    polkit.enable = config.system.desktop.enable;
-    rtkit.enable = config.system.desktop.enable;
+  security = lib.mkIf config.system.desktop.enable {
+    polkit.enable = true;
+    rtkit.enable = true;
   };
 }

modules/system/settings/security/rtprio/default.nix

@@ -1,6 +1,6 @@
-{ ... }:
+{ lib, config, ... }:
 {
-  security.pam.loginLimits = [
+  security.pam.loginLimits = lib.mkIf config.system.desktop.enable [
     {
       domain = "@users";
       item = "rtprio";