Format

common/constants.nix

@@ -12,6 +12,20 @@ with lib; {
         The domain for all devices.
       '';
     };
+    fullName = mkOption {
+      type = types.str;
+      default = "Sicheng Pan";
+      description = ''
+        The full name of the default user.
+      '';
+    };
+    gpgKeyId = mkOption {
+      type = types.str;
+      default = "0xCE969670FB4B4A56";
+      description = ''
+        The GPG key ID for signing.
+      '';
+    };
     homeDir = mkOption {
       type = types.str;
       default = "/home/${config.constants.userName}";
@@ -19,6 +33,20 @@ with lib; {
         The home directory for the default user.
       '';
     };
+    homeServer = mkOption {
+      type = types.str;
+      default = "nebula";
+      description = ''
+        The hostname of the home server.
+      '';
+    };
+    locale = mkOption {
+      type = types.str;
+      default = "zh_CN.UTF-8";
+      description = ''
+        The default locale for all devices.
+      '';
+    };
     localhost = mkOption {
       type = types.str;
       default = "127.0.0.1";
@@ -40,6 +68,7 @@ with lib; {
         prowlarr = 30784;
         radarr = 37196;
         sonarr = 32438;
+        tailscale = 62662;
         vault = 25487;
       };
       description = ''
@@ -79,6 +108,13 @@ with lib; {
         The secrets file for device.
       '';
     };
+    timeZone = mkOption {
+      type = types.str;
+      default = "America/Los_Angeles";
+      description = ''
+        The default timezone for all devices.
+      '';
+    };
     syncthingDevices = mkOption {
       type = types.attrsOf (types.attrsOf types.str);
       default = {
@@ -97,11 +133,37 @@ with lib; {
         The username across all devices.
       '';
     };
+    zfsPoolOptions = mkOption {
+      type = types.attrsOf types.str;
+      default = {
+        ashift = "12";
+        autotrim = "on";
+        listsnapshots = "on";
+      };
+      description = ''
+        The default options for ZFS pools.
+      '';
+    };
+    zfsRootFsOptions = mkOption {
+      type = types.attrsOf types.str;
+      default = {
+        acltype = "posix";
+        atime = "off";
+        compression = "zstd";
+        dnodesize = "auto";
+        mountpoint = "none";
+        normalization = "formD";
+        xattr = "sa";
+      };
+      description = ''
+        The default root filesystem options for ZFS pools.
+      '';
+    };
     wildcard = mkOption {
       type = types.str;
       default = "0.0.0.0";
       description = ''
-        The localhost address.
+        The wildcard address for binding to all interfaces.
       '';
     };
   };

common/default.nix

@@ -3,9 +3,10 @@
     home-manager.nixosModules.default
     sops-nix.nixosModules.default
     ./constants.nix
+    ./network.nix
+    ./nix.nix
     ./secrets.nix
     ./users.nix
-    ./nix.nix
   ];
 
   home-manager.sharedModules = [inputs.plasma-manager.homeModules.plasma-manager];

common/network.nix

@@ -0,0 +1,8 @@
+{config, ...}: {
+  networking.nftables.enable = true;
+
+  services.tailscale = {
+    enable = true;
+    port = config.constants.port.tailscale;
+  };
+}

common/nix.nix

@@ -1,4 +1,6 @@
 {config, ...}: {
+  boot.tmp.cleanOnBoot = true;
+
   nix = {
     gc = {
       automatic = true;

common/users.nix

@@ -1,5 +1,6 @@
 {
   config,
+  lib,
   pkgs,
   ...
 }:
@@ -212,7 +213,7 @@ in {
   };
 
   i18n = {
-    defaultLocale = "zh_CN.UTF-8";
+    defaultLocale = locale;
     supportedLocales = ["all"];
   };
 
@@ -239,7 +240,7 @@ in {
       };
     };
     resolved.enable = true;
-    syncthing = {
+    syncthing = lib.mkIf config.services.syncthing.enable {
       configDir = "${homeDir}/.config/syncthing";
       dataDir = "${homeDir}/.local/share/syncthing";
       openDefaultPorts = true;
@@ -252,12 +253,12 @@ in {
 
   sops.secrets.${usrPwdFile}.neededForUsers = true;
 
-  time.timeZone = "America/Los_Angeles";
+  time.timeZone = timeZone;
 
   users = {
     mutableUsers = false;
     users.${userName} = {
-      description = "Sicheng Pan";
+      description = fullName;
       extraGroups = [
         "audio"
         "dialout"

flake.lock

@@ -19,11 +19,11 @@
     "candy-icons": {
       "flake": false,
       "locked": {
-        "lastModified": 1769644786,
+        "lastModified": 1771031264,
-        "narHash": "sha256-XyFhC4I7Y1ppTfLs7em+hXmXx6jQ09rJxcf66EwoK7g=",
+        "narHash": "sha256-SzZMCNNTIctzFqx2qHwE4y4lioctpum39AyRrylurZA=",
         "ref": "refs/heads/master",
-        "rev": "ade95a235a50e5ea653a02fd3773c214ac43d425",
+        "rev": "b0a85a7414504191342b0c6d073c6f9233cb923a",
-        "revCount": 1361,
+        "revCount": 1363,
         "type": "git",
         "url": "https://github.com/EliverLara/candy-icons"
       },
@@ -102,24 +102,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -292,7 +274,7 @@
     "nix-custom": {
       "inputs": {
         "candy-icons": "candy-icons",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -304,11 +286,11 @@
         "yorha-sound-theme": "yorha-sound-theme"
       },
       "locked": {
-        "lastModified": 1770172667,
+        "lastModified": 1771303763,
-        "narHash": "sha256-eLYjm0L/eG5pvBrcRtf3Q2LQMsJyZcITubf9qywzAPQ=",
+        "narHash": "sha256-zx1XQR1IfcPSS1869Q4m9XlkZdACypLDEIgXnRYuUrI=",
         "ref": "refs/heads/main",
-        "rev": "e355f045a9b6b53b6f58cd4521a762e1147cdca2",
+        "rev": "7e351308706847a018407e5871c6cb869eb80399",
-        "revCount": 50,
+        "revCount": 51,
         "type": "git",
         "url": "https://forgejo.invariantspace.com/macronova/nix-custom"
       },
@@ -401,7 +383,6 @@
     "root": {
       "inputs": {
         "disko": "disko",
-        "flake-utils": "flake-utils",
         "hardware": "hardware",
         "home-manager": "home-manager",
         "jovian": "jovian",
@@ -436,11 +417,11 @@
     "sweet-ambar-blue": {
       "flake": false,
       "locked": {
-        "lastModified": 1769979298,
+        "lastModified": 1770763753,
-        "narHash": "sha256-FJwCsmp5XM4nYwwttHHlKhl5RVeoWfuY69fuh/+iMNE=",
+        "narHash": "sha256-X3w4vciP0JubTezbslLLi7gBuk7Bx4V6qklFbedKcqU=",
         "ref": "Ambar-Blue",
-        "rev": "a045584aee6e0bec19579ef304e482fee9093296",
+        "rev": "0c3d02ce438606719db854697aaea87f13a0272a",
-        "revCount": 356,
+        "revCount": 357,
         "type": "git",
         "url": "https://github.com/EliverLara/Sweet"
       },
@@ -453,11 +434,11 @@
     "sweet-ambar-blue-dark": {
       "flake": false,
       "locked": {
-        "lastModified": 1769979020,
+        "lastModified": 1770763766,
-        "narHash": "sha256-WGe6zkffqcZRkWStGUE1ozegLWaZsmAj0m+TF2Ypxqk=",
+        "narHash": "sha256-oYi00RU1bWl/7pEANdZTASTCazsC+a+ItogrNsHy1JQ=",
         "ref": "Ambar-Blue-Dark",
-        "rev": "d004b00508ae963f1e42269a5f86120c27b22fe3",
+        "rev": "3fe9cba71b5dbdfc442e2daa97f80115f530603b",
-        "revCount": 439,
+        "revCount": 440,
         "type": "git",
         "url": "https://github.com/EliverLara/Sweet"
       },
@@ -515,21 +496,6 @@
         "type": "github"
       }
     },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "yorha-grub-theme": {
       "flake": false,
       "locked": {

flake.nix

@@ -6,7 +6,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
       url = "github:nix-community/disko";
     };
-    flake-utils.url = "github:numtide/flake-utils";
     hardware.url = "github:nixos/nixos-hardware";
     home-manager = {
       inputs.nixpkgs.follows = "nixpkgs";
@@ -41,7 +40,6 @@
 
   outputs = inputs @ {
     self,
-    flake-utils,
     nixpkgs,
     nix-custom,
     pre-commit-hooks,
@@ -49,6 +47,7 @@
   }: let
     linuxCfgDir = ./linux;
     templateDir = ./template;
+    eachSystem = nixpkgs.lib.genAttrs ["x86_64-linux"];
   in
     {
       nixosConfigurations =
@@ -59,6 +58,7 @@
               # Import config from folder
               (linuxCfgDir + "/${instance}")
               # Common setups
+              ./common
               ({pkgs, ...}: {
                 networking.hostName = instance;
                 nixpkgs.overlays = [nix-custom.overlays.default];
@@ -75,21 +75,22 @@
         })
         (builtins.readDir templateDir);
     }
-    // (
+    // {
-      flake-utils.lib.eachDefaultSystem (system: let
+      checks = eachSystem (system: {
-        pkgs = nixpkgs.legacyPackages.${system};
+        pre-commit-check = pre-commit-hooks.lib.${system}.run {
-      in {
-        checks.pre-commit-check = pre-commit-hooks.lib.${system}.run {
           src = ./.;
           hooks.alejandra.enable = true;
         };
-        devShells.default = let
+      });
+      devShells = eachSystem (system: {
+        default = let
+          pkgs = nixpkgs.legacyPackages.${system};
           pre-commit = self.checks.${system}.pre-commit-check;
         in
           pkgs.mkShell {
             inherit (pre-commit) shellHook;
             buildInputs = pre-commit.enabledPackages;
           };
-      })
+      });
-    );
+    };
 }

linux/nebula/configuration.nix

@@ -3,12 +3,9 @@
 # and in the NixOS manual (accessible by running `nixos-help`).
 {...}: {
   # Configure boot loader
-  boot = {
+  boot.loader = {
-    loader = {
+    efi.canTouchEfiVariables = true;
-      efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
-      systemd-boot.enable = true;
-    };
-    tmp.cleanOnBoot = true;
   };
 
   # This value determines the NixOS release from which the default

linux/nebula/default.nix

@@ -1,9 +1,9 @@
+# Home media server — hosts Jellyfin, Forgejo, Matrix Conduit, and media management services
 {inputs, ...}: {
   imports = with inputs; [
     disko.nixosModules.default
     hardware.nixosModules.common-cpu-amd
     hardware.nixosModules.common-cpu-amd-pstate
-    ../../common
     ./conduit.nix
     ./configuration.nix
     ./disko.nix
@@ -12,7 +12,6 @@
     ./jellyfin.nix
     ./network.nix
     ./syncthing.nix
-    ./tailscale.nix
     ./zfs.nix
   ];
 }

linux/nebula/disko.nix

@@ -1,4 +1,4 @@
-{...}: {
+{config, ...}: {
   disko.devices = {
     # Partition the physical disk
     disk.storage = {
@@ -29,20 +29,8 @@
     # Construct the primary zfs pool for this system.
     zpool.zroot = {
       type = "zpool";
-      options = {
+      options = config.constants.zfsPoolOptions;
-        ashift = "12";
+      rootFsOptions = config.constants.zfsRootFsOptions;
-        autotrim = "on";
-        listsnapshots = "on";
-      };
-      rootFsOptions = {
-        acltype = "posix";
-        atime = "off";
-        compression = "zstd";
-        dnodesize = "auto";
-        mountpoint = "none";
-        normalization = "formD";
-        xattr = "sa";
-      };
       datasets = {
         # Encrypt main dataset
         main = {

linux/nebula/network.nix

@@ -6,8 +6,11 @@
       enable = true;
       wifi.backend = "iwd";
     };
-    nftables.enable = true;
     wireless.iwd.enable = true;
   };
-  services.openssh.enable = true;
+
+  services = {
+    openssh.enable = true;
+    tailscale.useRoutingFeatures = "both";
+  };
 }

linux/nebula/tailscale.nix

@@ -1,7 +0,0 @@
-{...}: {
-  services.tailscale = {
-    enable = true;
-    port = 25555;
-    useRoutingFeatures = "both";
-  };
-}

linux/nebula/zfs.nix

@@ -1,6 +1,4 @@
 {...}: {
-  boot.loader.grub.zfsSupport = true;
-
   services.zfs = {
     autoScrub.enable = true;
     trim.enable = true;

linux/protostar/configuration.nix

@@ -3,13 +3,9 @@
 # and in the NixOS manual (accessible by running `nixos-help`).
 {...}: {
   # Configuration boot
-  boot = {
+  boot.loader = {
-    loader = {
+    efi.canTouchEfiVariables = true;
-      efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
-      systemd-boot.enable = true;
-    };
-
-    tmp.cleanOnBoot = true;
   };
 
   # Change secrets file

linux/protostar/default.nix

@@ -1,14 +1,13 @@
+# Game console — Steam Deck running Jovian-NixOS with Steam and KDE Plasma
 {inputs, ...}: {
   imports = with inputs; [
     disko.nixosModules.default
     jovian.nixosModules.default
-    ../../common
     ./configuration.nix
     ./disko.nix
     ./gui.nix
     ./hardware-configuration.nix
     ./network.nix
     ./syncthing.nix
-    ./tailscale.nix
   ];
 }

linux/protostar/network.nix

@@ -6,7 +6,7 @@
       enable = true;
       wifi.backend = "iwd";
     };
-    nftables.enable = true;
   };
+
   services.openssh.enable = true;
 }

linux/protostar/tailscale.nix

@@ -1,7 +0,0 @@
-{...}: {
-  services.tailscale = {
-    enable = true;
-    port = 25172;
-    useRoutingFeatures = "client";
-  };
-}

linux/quasar/configuration.nix

@@ -23,7 +23,6 @@
       theme = "target_2";
       themePackages = [pkgs.adi1090x-plymouth-themes];
     };
-    tmp.cleanOnBoot = true;
   };
 
   # This option defines the first version of NixOS you have installed on this particular machine,

linux/quasar/default.nix

@@ -1,8 +1,8 @@
+# Home personal computer — primary desktop workstation with KDE Plasma, gaming, and development
 {inputs, ...}: {
   imports =
     [
       inputs.disko.nixosModules.default
-      ../../common
       ./configuration.nix
       ./device.nix
       ./disko.nix
@@ -10,7 +10,6 @@
       ./hardware-configuration.nix
       ./network.nix
       ./syncthing.nix
-      ./tailscale.nix
       ./zfs.nix
     ]
     ++ (with inputs.hardware.nixosModules; [

linux/quasar/disko.nix

@@ -1,4 +1,4 @@
-{...}: {
+{config, ...}: {
   disko.devices = {
     # Partition the physical disk
     disk = {
@@ -46,24 +46,12 @@
 
     # Declare zfs pools for this system.
     zpool = let
-      options = {
+      inherit (config.constants) zfsPoolOptions zfsRootFsOptions;
-        ashift = "12";
-        autotrim = "on";
-        listsnapshots = "on";
-      };
-      rootFsOptions = {
-        acltype = "posix";
-        atime = "off";
-        compression = "zstd";
-        dnodesize = "auto";
-        mountpoint = "none";
-        normalization = "formD";
-        xattr = "sa";
-      };
     in {
       zactive = {
         type = "zpool";
-        inherit options rootFsOptions;
+        options = zfsPoolOptions;
+        rootFsOptions = zfsRootFsOptions;
         datasets = {
           # Encrypt main dataset
           main = {
@@ -98,7 +86,8 @@
 
       zarchive = {
         type = "zpool";
-        inherit options rootFsOptions;
+        options = zfsPoolOptions;
+        rootFsOptions = zfsRootFsOptions;
         datasets = {
           snapshot.type = "zfs_fs";
           # Reserve space for performance

linux/quasar/gui.nix

@@ -31,7 +31,7 @@ in {
     ];
     programs = {
       git.signing = {
-        key = "0xCE969670FB4B4A56";
+        key = osConfig.constants.gpgKeyId;
         signByDefault = true;
       };
       gpg = {
@@ -53,43 +53,7 @@ in {
         ];
       };
       obs-studio.enable = true;
-      zathura = {
+      zathura.enable = true;
-        enable = true;
-        options = {
-          completion-bg = "#504945";
-          completion-fg = "#ebdbb2";
-          completion-group-bg = "#3c3836";
-          completion-group-fg = "#928374";
-          completion-highlight-bg = "#83a598";
-          completion-highlight-fg = "#504945";
-          default-bg = "#1d2021";
-          default-fg = "#ebdbb2";
-          highlight-active-color = "#fe8019";
-          highlight-color = "#fabd2f";
-          index-active-bg = "#83a598";
-          index-active-fg = "#504945";
-          index-bg = "#504945";
-          index-fg = "#ebdbb2";
-          inputbar-bg = "#1d2021";
-          inputbar-fg = "#ebdbb2";
-          notification-bg = "#1d2021";
-          notification-error-bg = "#1d2021";
-          notification-error-fg = "#fb4934";
-          notification-fg = "#b8bb26";
-          notification-warning-bg = "#1d2021";
-          notification-warning-fg = "#fabd2f";
-          recolor = "true";
-          recolor-darkcolor = "#ebdbb2";
-          recolor-keephue = "true";
-          recolor-lightcolor = "#1d2021";
-          render-loading = "true";
-          render-loading-bg = "#1d2021";
-          render-loading-fg = "#ebdbb2";
-          selection-clipboard = "clipboard";
-          statusbar-bg = "#504945";
-          statusbar-fg = "#ebdbb2";
-        };
-      };
     };
     services = {
       easyeffects.enable = true;

linux/quasar/network.nix

@@ -5,7 +5,6 @@
       enable = true;
       wifi.backend = "iwd";
     };
-    nftables.enable = true;
     wireless.iwd.enable = true;
   };
 }

linux/quasar/tailscale.nix

@@ -1,7 +0,0 @@
-{...}: {
-  services.tailscale = {
-    enable = true;
-    port = 62662;
-    useRoutingFeatures = "client";
-  };
-}

linux/singularity/caddy.nix

@@ -21,7 +21,7 @@ with config.constants; {
             };
           })
           fqdns);
-      homeSrv = s: "nebula:${portStr.${s}}";
+      homeSrv = s: "${homeServer}:${portStr.${s}}";
       localSrv = s: "${localhost}:${portStr.${s}}";
       mtfqdn = "matrix.${domain}";
       portStr = builtins.mapAttrs (n: v: toString v) port;

linux/singularity/configuration.nix

@@ -1,8 +1,5 @@
 {...}: {
-  boot = {
+  boot.loader.grub.device = "/dev/sda";
-    loader.grub.device = "/dev/sda";
-    tmp.cleanOnBoot = true;
-  };
 
   constants.sopsFile = ../../common/auths.yaml;
 

linux/singularity/default.nix

@@ -1,7 +1,7 @@
+# Public beacon — cloud VPS providing reverse proxy, mail server, Headscale VPN, and Vaultwarden
 {inputs, ...}: {
   imports = with inputs; [
     mailserver.nixosModules.default
-    ../../common
     ./caddy.nix
     ./configuration.nix
     ./hardware-configuration.nix

linux/singularity/headscale.nix

@@ -1,21 +1,14 @@
 {config, ...}: {
-  services = {
+  services.headscale = with config.constants; {
-    headscale = with config.constants; {
+    enable = true;
-      enable = true;
+    address = localhost;
-      address = localhost;
+    port = port.headscale;
-      port = port.headscale;
+    settings = {
-      settings = {
+      dns = {
-        dns = {
+        base_domain = "tailscale.${domain}";
-          base_domain = "tailscale.${domain}";
+        override_local_dns = false;
-          override_local_dns = false;
-        };
-        server_url = "https://headscale.${domain}";
       };
-    };
+      server_url = "https://headscale.${domain}";
-    tailscale = {
-      enable = true;
-      port = 27919;
-      useRoutingFeatures = "both";
     };
   };
 }

linux/singularity/network.nix

@@ -2,7 +2,6 @@
   networking = {
     firewall.allowedTCPPorts = with config.constants.port; [http https];
     hostId = "2cadb253";
-    nftables.enable = true;
   };
 
   services = {
@@ -12,6 +11,7 @@
       domains = builtins.attrNames config.services.caddy.virtualHosts;
     };
     openssh.enable = true;
+    tailscale.useRoutingFeatures = "both";
   };
 
   sops.secrets.cloudflare = {};

linux/singularity/vaultwarden.nix

@@ -1,5 +1,6 @@
 {config, ...}: let
   vaultEnvironment = "vaultwarden/environment";
+  vaultwardenAddr = "vaultwarden@${config.constants.domain}";
 in {
   services.vaultwarden = {
     enable = true;
@@ -11,10 +12,10 @@ in {
       # Disable signup
       SIGNUPS_ALLOWED = false;
       # SMTP config
-      SMTP_FROM = "vaultwarden@${domain}";
+      SMTP_FROM = vaultwardenAddr;
       SMTP_FROM_NAME = "vaultwarden";
-      SMTP_HOST = "mail.${domain}";
+      SMTP_HOST = config.mailserver.fqdn;
-      SMTP_USERNAME = "vaultwarden@${domain}";
+      SMTP_USERNAME = vaultwardenAddr;
       SMTP_PORT = 587;
       SMTP_SECURITY = "starttls";
     };