From 8659920787967ac467069c4325e272fa7ae0e21c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <toki@toph.so>
Date: Mon, 5 Jan 2026 12:53:27 +0100
Subject: [PATCH] endurance builds

---
 modules/flake/nix.nix                        | 24 +++++++++++++
 modules/generic/default.nix                  |  1 +
 modules/{common => generic}/nix.nix          | 23 ++++---------
 modules/generic/secrets.nix                  |  4 +--
 modules/nixos/profiles/default.nix           |  2 +-
 modules/nixos/profiles/graphical/audio.nix   |  7 ++--
 modules/nixos/profiles/graphical/default.nix |  8 +----
 modules/nixos/profiles/graphical/wm.nix      | 36 +++++++++++---------
 modules/nixos/users.nix                      |  2 +-
 9 files changed, 61 insertions(+), 46 deletions(-)
 create mode 100644 modules/flake/nix.nix
 rename modules/{common => generic}/nix.nix (56%)

diff --git a/modules/flake/nix.nix b/modules/flake/nix.nix
new file mode 100644
index 0000000..30db3f5
--- /dev/null
+++ b/modules/flake/nix.nix
@@ -0,0 +1,24 @@
+{inputs, ...}: {
+  systems = [
+    "x86_64-linux"
+    "x86_64-darwin"
+  ];
+
+  perSystem = {system, ...}: {
+    _module.args.pkgs = import inputs.nixpkgs {
+      inherit system;
+
+      config = {
+        allowUnfree = true;
+        permittedInsecurePackages = [
+          "nixos-config"
+          "electron-36.9.5"
+          "dotnet-sdk-6.0.428"
+          "olm-3.2.16"
+        ];
+      };
+
+      overlays = [];
+    };
+  };
+}
diff --git a/modules/generic/default.nix b/modules/generic/default.nix
index 9ac6ed1..119d1e6 100644
--- a/modules/generic/default.nix
+++ b/modules/generic/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./nix.nix
     ./profiles.nix
     ./secrets.nix
   ];
diff --git a/modules/common/nix.nix b/modules/generic/nix.nix
similarity index 56%
rename from modules/common/nix.nix
rename to modules/generic/nix.nix
index dd48095..87405a1 100644
--- a/modules/common/nix.nix
+++ b/modules/generic/nix.nix
@@ -1,15 +1,13 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
+{pkgs, ...}: {
   nix = {
     package = pkgs.lixPackageSets.stable.lix;
 
-    # Automatic cleanup
-    gc.automatic = true;
-    gc.dates = "weekly";
-    gc.options = "--delete-older-than 21d";
+    # automatic cleanup
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 21d";
+    };
 
     settings = {
       # builders-use-substitutes = true;
@@ -33,11 +31,4 @@
       "olm-3.2.16"
     ];
   };
-
-  environment.etc."current-system-packages".text = let
-    packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
-    sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
-    formatted = builtins.concatStringsSep "\n" sortedUnique;
-  in
-    formatted;
 }
diff --git a/modules/generic/secrets.nix b/modules/generic/secrets.nix
index b43130e..bda0098 100644
--- a/modules/generic/secrets.nix
+++ b/modules/generic/secrets.nix
@@ -1,6 +1,6 @@
 {
   config,
-  system,
+  inputs',
   inputs,
   pkgs,
   lib,
@@ -37,7 +37,7 @@ in {
   config = {
     environment.systemPackages = [
       pkgs.age-plugin-yubikey
-      inputs.agenix-rekey.packages.${system}.default
+      inputs'.agenix-rekey.packages.default
     ];
 
     age = {
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 7957890..f5e5198 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+{
   imports = [
     ./graphical
   ];
diff --git a/modules/nixos/profiles/graphical/audio.nix b/modules/nixos/profiles/graphical/audio.nix
index bcaa82b..cf21f56 100644
--- a/modules/nixos/profiles/graphical/audio.nix
+++ b/modules/nixos/profiles/graphical/audio.nix
@@ -1,15 +1,16 @@
 {
   inputs,
   lib,
+  config,
   ...
 }: let
-  inherit (lib) mkForce mkDefault;
+  inherit (lib) mkIf mkForce mkDefault;
 in {
   imports = [
     inputs.musnix.nixosModules.default
   ];
 
-  config = {
+  config = mkIf config.bosun.profiles.graphical.enable {
     musnix = {
       enable = mkDefault true;
       rtcqs.enable = true;
@@ -17,7 +18,7 @@ in {
 
     users.users.toph.extraGroups = ["audio"];
 
-    pipewire = {
+    services.pipewire = {
       enable = mkForce true;
       alsa.enable = true;
       jack.enable = true;
diff --git a/modules/nixos/profiles/graphical/default.nix b/modules/nixos/profiles/graphical/default.nix
index 73028d7..0c25db5 100644
--- a/modules/nixos/profiles/graphical/default.nix
+++ b/modules/nixos/profiles/graphical/default.nix
@@ -1,11 +1,5 @@
 {
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-in {
-  imports = mkIf config.bosun.profiles.graphical.enabled [
+  imports = [
     ./wm.nix
     ./audio.nix
   ];
diff --git a/modules/nixos/profiles/graphical/wm.nix b/modules/nixos/profiles/graphical/wm.nix
index def060a..e781213 100644
--- a/modules/nixos/profiles/graphical/wm.nix
+++ b/modules/nixos/profiles/graphical/wm.nix
@@ -1,13 +1,17 @@
 {
   inputs,
   pkgs,
+  lib,
+  config,
   ...
-}: {
+}: let
+  inherit (lib) mkIf;
+in {
   imports = [
-    inputs.niri.nixosModules.default
+    inputs.niri.nixosModules.niri
   ];
 
-  config = {
+  config = mkIf config.bosun.profiles.graphical.enable {
     environment.systemPackages = with pkgs; [
       wayland-utils
       wl-clipboard
@@ -32,19 +36,19 @@
           wayland.enable = true;
         };
       };
-
-      xdg.portal = {
-        enable = true;
-        xdgOpenUsePortal = true;
-        config.common.default = "gtk";
-
-        extraPortals = with pkgs; [
-          xdg-desktop-portal-gnome
-          xdg-desktop-portal-gtk
-        ];
-      };
-
-      security.polkit.enable = true;
     };
+
+    xdg.portal = {
+      enable = true;
+      xdgOpenUsePortal = true;
+      config.common.default = "gtk";
+
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-gnome
+        xdg-desktop-portal-gtk
+      ];
+    };
+
+    security.polkit.enable = true;
   };
 }
diff --git a/modules/nixos/users.nix b/modules/nixos/users.nix
index 25bc853..513ba63 100644
--- a/modules/nixos/users.nix
+++ b/modules/nixos/users.nix
@@ -26,7 +26,7 @@ in
       users = {
         users.toph = {
           isNormalUser = true;
-          passwordFile = config.age.secrets.tophPassword.path;
+          # hashedPasswordFile = config.age.secrets.tophPassword.path;
           shell = pkgs.fish;
 
           extraGroups = [