Update Makefile

Reviewed-on: #1

.gitignore

@@ -1,3 +1,2 @@
 # User-specific configuration (generated by make init)
-hardware-configuration.nix
 .DS_Store

Makefile

@@ -1,8 +1,9 @@
-.PHONY: init install link unlink rebuild update purge edit hw help
+.PHONY: init install link unlink build update purge edit hw help
 
 NIXOS_DIR := /etc/nixos
 REPO_DIR := $(shell pwd)
 SETTINGS := settings.nix
+HOSTNAME := $(shell grep 'hostname =' $(SETTINGS) | cut -d '"' -f 2)
 
 # Colors for output
 GREEN := \033[0;32m
@@ -11,12 +12,12 @@ RED := \033[0;31m
 NC := \033[0m # No Color
 
 help:
-	@echo "NixOS Config"
+	@echo "NixOS Config (Flake)"
 	@echo ""
 	@echo "  make init     - first time setup"
 	@echo "  make hw       - generate hardware-configuration.nix"
-	@echo "  make rebuild  - rebuild nixos"
-	@echo "  make update   - upgrade + rebuild"
+	@echo "  make build    - build nixos configuration"
+	@echo "  make update   - update flake inputs and rebuild"
 	@echo "  make purge    - garbage collect"
 	@echo "  make link     - symlink to /etc/nixos"
 	@echo "  make unlink   - remove symlink"
@@ -47,18 +48,24 @@ unlink:
 		echo "/etc/nixos is not a symlink"; \
 	fi
 
-rebuild:
-	sudo nixos-rebuild switch
+build:
+	@if [ -f hardware-configuration.nix ]; then \
+		git add -f -N hardware-configuration.nix; \
+	fi
+	@echo "Rebuilding system for $(HOSTNAME)..."
+	sudo nixos-rebuild switch --flake .#$(HOSTNAME)
 
 update:
-	sudo nixos-rebuild switch --upgrade
+	@echo "Updating flake inputs..."
+	nix flake update
+	@$(MAKE) --no-print-directory rebuild
 
 purge:
 	sudo nix-collect-garbage -d
 	sudo /run/current-system/bin/switch-to-configuration boot
 
 check:
-	nix-instantiate '<nixpkgs/nixos>' -A system --dry-run
+	nix flake check
 
 hw:
 	sudo nixos-generate-config --show-hardware-config > hardware-configuration.nix

README.md

@@ -1,4 +1,4 @@
-# Lavitz - My personal NixOS config named after Lavitz from the PS1 classic The Legend of Dragoon
+# Lavitz - My NixOS desktop configuration named after Lavitz from the PS1 classic The Legend of Dragoon
 
 - Nix Version: 25.11
 - DE: Gnome

common.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    # Import Modules
+    ./modules/boot.nix
+    ./modules/networking.nix
+    ./modules/locale.nix
+    ./modules/desktop.nix
+    ./modules/audio.nix
+    ./modules/users.nix
+    ./modules/programs.nix
+    ./modules/hardware.nix
+    ./modules/services.nix
+    ./modules/home.nix
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # xdg.portal.config.common.default = [ "cosmic" ];
+
+  system.stateVersion = "25.11";
+}

configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   imports = [
@@ -17,8 +17,10 @@
     ./modules/home.nix
   ];
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  # xdg.portal.config.common.default = [ "gnome" ];
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
 
   system.stateVersion = "25.11";
 }

flake.lock

@@ -0,0 +1,112 @@
+{
+  "nodes": {
+    "cosmic-manager": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1765831383,
+        "narHash": "sha256-P5F/VPjjGw7s0AOTPb3z3gxqtH0YkAnd/c9P6QdWrEU=",
+        "owner": "HeitorAugustoLN",
+        "repo": "cosmic-manager",
+        "rev": "819d4d21fb90460dd11416d81d2cff65a53b8a59",
+        "type": "github"
+      },
+      "original": {
+        "owner": "HeitorAugustoLN",
+        "repo": "cosmic-manager",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "cosmic-manager",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1759362264,
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772302941,
+        "narHash": "sha256-TL3+ckbOTILXrR0qSK3dJj2BJ0S5yz/YSsUF1oEgd9g=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "9b9142b5fe214c2adabe86257c33e022372b7c96",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-25.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1772047000,
+        "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1771848320,
+        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "cosmic-manager": "cosmic-manager",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,42 @@
+{
+  description = "Lavitz Configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    home-manager = {
+      url = "github:nix-community/home-manager/release-25.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    cosmic-manager = {
+      url = "github:HeitorAugustoLN/cosmic-manager";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        home-manager.follows = "home-manager";
+      };
+    };
+  };
+
+  outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs:
+    let
+      settings = import ./settings.nix;
+      system = "x86_64-linux";
+      overlay-unstable = final: prev: {
+        unstable = import nixpkgs-unstable {
+          inherit system;
+          config.allowUnfree = true;
+        };
+      };
+    in {
+    nixosConfigurations."${settings.hostname}" = nixpkgs.lib.nixosSystem {
+      inherit system;
+      specialArgs = { inherit inputs; };
+      modules = [
+        ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
+        ./configuration.nix
+        home-manager.nixosModules.home-manager
+      ];
+    };
+  };
+}

hardware-configuration.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1d9c0c94-23d1-4acf-8e68-39cec48dc75a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AE5D-3C23";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/59acaf1c-702d-4547-a118-d8b5b16009a8"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/audio.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   security.rtkit.enable = true;
@@ -12,22 +12,23 @@
     wireplumber.enable = true;
   };
 
-  # Main Pipewire graph configuration
-  services.pipewire.extraConfig.pipewire."92-low-latency" = {
-    "context.properties" = {
-      "default.clock.rate" = 48000;
-      "default.clock.quantum" = 1024;
-      "default.clock.min-quantum" = 32;
-      "default.clock.max-quantum" = 8192;
-    };
-  };
-
-  # PulseAudio protocol specific tweaks (Crucial for Steam/Proton)
-  services.pipewire.extraConfig.pipewire-pulse."92-pulse-tweaks" = {
-    "pulse.properties" = {
-      "pulse.min.req" = "1024/48000";
-      "pulse.min.quantum" = "1024/48000";
-    };
+  # Elgato makes shit products and they should feel bad :c
+  services.pipewire.wireplumber.extraConfig."51-wave3" = {
+    "monitor.alsa.rules" = [
+      {
+        matches = [
+          {
+            "node.name" = "~alsa_input.usb-Elgato_Systems_Elgato_Wave_3.*";
+          }
+        ];
+        actions = {
+          update-props = {
+            "session.suspend-timeout-seconds" = 0;
+            "node.pause-on-idle" = false;
+          };
+        };
+      }
+    ];
   };
 
   # DeepFilterNet noise reduction filter chain

modules/boot.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   boot.loader.systemd-boot = {
@@ -8,10 +8,15 @@
   };
   boot.loader.efi.canTouchEfiVariables = true;
 
+  boot.consoleLogLevel = 3;
   boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.kernelModules = [ "tcp_bbr" ];
   boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.kernelParams = [ "preempt=full" ];
+  boot.kernelParams = [
+    "preempt=full"
+    "quiet"
+    "udev.log_priority=3"
+  ];
 
   boot.tmp.useTmpfs = true;
   boot.tmp.tmpfsSize = "4G";

modules/desktop.nix

@@ -1,10 +1,14 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
-  services.displayManager.gdm.enable = true;
-  services.desktopManager.gnome.enable = true;
+  services.xserver.enable = true;
 
-  environment.gnome.excludePackages = with pkgs; [ gnome-tour gnome-user-docs gnome-console epiphany ];
+  services.desktopManager.gnome.enable = true;
+  services.displayManager.gdm.enable = true;
 
   services.printing.enable = true;
+
+  environment.gnome.excludePackages = with pkgs; [
+    epiphany
+  ];
 }

modules/hardware.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   hardware.graphics = {

modules/home.nix

@@ -1,9 +1,9 @@
-{ config, pkgs, ... }:
+{ inputs, ... }:
 
 let
-  home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz";
   settings = import ../settings.nix;
   homeModules = [
+    inputs.cosmic-manager.homeManagerModules.cosmic-manager
     ./home/session.nix
     ./home/packages.nix
     ./home/git.nix
@@ -12,14 +12,10 @@ let
     ./home/librewolf.nix
     ./home/zed.nix
     ./home/ghostty.nix
-    ./home/syncthing.nix
+    ./home/ssh.nix
   ];
 in
 {
-  imports = [
-    (import "${home-manager}/nixos")
-  ];
-
   home-manager.useGlobalPkgs = true;
   home-manager.useUserPackages = true;
 
@@ -29,8 +25,13 @@ in
     inherit settings;
   };
 
-  home-manager.users.${settings.username} = { ... }: {
-    imports = homeModules;
-    home.stateVersion = "25.11";
-  };
+  home-manager.users.${settings.username} =
+    { config, ... }:
+    {
+      imports = homeModules;
+      home.stateVersion = "25.11";
+      home.sessionVariables = {
+        SSH_AUTH_SOCK = "${config.home.homeDirectory}/.bitwarden-ssh-agent.sock";
+      };
+    };
 }

modules/home/cli.nix

@@ -1,15 +1,17 @@
-{ pkgs, ... }:
+{ ... }:
 
 {
   home.shellAliases = {
     # Nix Commands
-    "nix:rebuild" = "sudo nixos-rebuild switch";
-    "nix:update" = "sudo nixos-rebuild switch --upgrade";
-    "nix:purge" = "sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot";
+    "nix:build" = "sudo nixos-rebuild switch --flake /etc/nixos";
+    "nix:update" = "cd /etc/nixos && nix flake update && sudo nixos-rebuild switch --flake .";
+    "nix:purge" =
+      "sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot";
     "nix:edit" = "$EDITOR /etc/nixos";
     "nix:push" = "cd /etc/nixos && git add -A && git commit -m \"$(date -u +%s)\" && git push";
     "nix:pull" = "cd /etc/nixos && git pull";
-    "nix:hw" = "sudo nixos-generate-config --show-hardware-config > /etc/nixos/hardware-configuration.nix";
+    "nix:hw" =
+      "sudo nixos-generate-config --show-hardware-config > /etc/nixos/hardware-configuration.nix";
 
     # Utilities
     "fixaudio" = "systemctl --user restart pipewire pipewire-pulse wireplumber";

modules/home/gnome.nix

@@ -6,6 +6,8 @@
       color-scheme = "prefer-dark";
       accent-color = "pink";
       clock-show-weekday = true;
+      clock-show-date = true;
+      clock-format = "12h";
     };
 
     "org/gnome/system/location" = {

modules/home/librewolf.nix

@@ -10,6 +10,8 @@
       DisableFirefoxStudies = true;
       DisablePocket = true;
       DisableFirefoxAccounts = true;
+      OfferToSaveLogins = false;
+      EnableTrackingProtection = true;
 
       FirefoxHome = {
         Search = true;
@@ -23,12 +25,41 @@
       SanitizeOnShutdown = {
         Cache = true;
         Cookies = false;
-        History = true;
+        History = false;
         Sessions = true;
         SiteSettings = false;
         OfflineApps = true;
       };
 
+      SearchEngines = {
+        Default = "Searx Search";
+        Remove = [
+          "Google"
+          "Bing"
+          "Perplexity"
+          "Wikipedia (en)"
+        ];
+        Add = [
+          {
+            Name = "Searx Search";
+            URLTemplate = "https://search.atri.dad/search?q={searchTerms}";
+            Method = "GET";
+            IconURL = "https://search.atri.dad/favicon.ico";
+            Alias = "searx";
+            Description = "Searx (search.atri.dad)";
+          }
+          {
+            Name = "DuckDuckGo";
+            URLTemplate = "https://duckduckgo.com/?q={searchTerms}";
+            SuggestURLTemplate = "https://duckduckgo.com/ac/?q={searchTerms}&type=list";
+            Method = "GET";
+            IconURL = "https://duckduckgo.com/favicon.ico";
+            Alias = "ddg";
+            Description = "DuckDuckGo";
+          }
+        ];
+      };
+
       ExtensionSettings = {
         # Bitwarden
         "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
@@ -47,28 +78,46 @@
           install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
           installation_mode = "force_installed";
         };
-
-        # Catppuccin Theme
-        "{15cb5e64-94bd-41aa-91cf-751bb1a84972}" = {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/catppuccin-macchiato-lavender2/latest.xpi";
-          installation_mode = "force_installed";
-        };
       };
 
       Preferences = {
         "browser.startup.homepage" = "about:home";
         "extensions.autoDisableScopes" = 0;
-
         "browser.toolbars.bookmarks.visibility" = "always";
-
         "network.cookie.cookieBehavior" = 1;
-        "privacy.clearOnShutdown.cookies" = false;
-        "privacy.clearOnShutdown.history" = false;
+        "browser.safebrowsing.malware.enabled" = false;
+        "browser.safebrowsing.phishing.enabled" = false;
+        "browser.safebrowsing.blockedURIs.enabled" = false;
+        "browser.safebrowsing.downloads.enabled" = false;
+        "browser.safebrowsing.provider.google4.gethashURL" = "";
+        "browser.safebrowsing.provider.google4.updateURL" = "";
+        "browser.safebrowsing.provider.google.gethashURL" = "";
+        "browser.safebrowsing.provider.google.updateURL" = "";
+        "browser.newtabpage.activity-stream.newtabWallpapers.wallpaper" = "dark-mountain";
+
+        "extensions.activeThemeID" = {
+          Value = "firefox-alpenglow@mozilla.org";
+          Status = "locked";
+        };
+
+        "privacy.resistFingerprinting" = {
+          Value = true;
+          Status = "locked";
+        };
+
+        "browser.ml.chat.enabled" = {
+          Value = false;
+          Status = "locked";
+        };
+        "browser.ml.chat.sidebar" = {
+          Value = false;
+          Status = "locked";
+        };
+        "browser.tabs.groups.smart.userEnabled" = {
+          Value = false;
+          Status = "locked";
+        };
 
-        "sidebar.revamp" = true;
-        "sidebar.verticalTabs" = true;
-        "sidebar.main.tools" = "bookmarks,history,tabs";
-        "sidebar.visibility" = "always";
       };
     };
   };

modules/home/packages.nix

@@ -2,10 +2,6 @@
 
 {
   home.packages = with pkgs; [
-    # Browsers and comms
-    discord
-    signal-desktop
-
     # Development tools
     gnumake
     openssh
@@ -17,6 +13,12 @@
     pavucontrol
     texliveFull
     texlab
+    nil
+    nixd
+
+    # CLI
+    bitwarden-cli
+    tea
 
     # Desktop applications
     bitwarden-desktop
@@ -24,16 +26,17 @@
     streamrip
     cider-2
     zotero
-    prismlauncher
     lrcget
     impression
     streamcontroller
     onlyoffice-desktopeditors
+    gnome-keyring
     pinta
-
-    # GNOME Extensions
-    gnomeExtensions.appindicator
-    gnomeExtensions.gamemode-shell-extension
+    discord
+    signal-desktop
+    element-desktop
+    unstable.fastmail-desktop
+    supersonic
   ];
 
   programs.obs-studio.enable = true;

modules/home/session.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ ... }:
 
 {
   home.file."Assets" = {
@@ -6,8 +6,7 @@
     force = true;
   };
 
-  home.sessionVariables = {
+  systemd.user.sessionVariables = {
     BROWSER = "librewolf";
-    SSH_AUTH_SOCK = "${config.home.homeDirectory}/.bitwarden-ssh-agent.sock";
   };
 }

modules/home/ssh.nix

@@ -0,0 +1,34 @@
+{ ... }:
+
+{
+  programs.ssh = {
+    enable = true;
+    enableDefaultConfig = false;
+    matchBlocks = {
+      "*" = {
+        identityAgent = "~/.bitwarden-ssh-agent.sock";
+      };
+      "localhost" = {
+        extraOptions.UserKnownHostsFile = "/dev/null";
+      };
+      "tux" = {
+        hostname = "tuxworld.usask.ca";
+        user = "atl175";
+      };
+      "haschel" = {
+        hostname = "haschel";
+        user = "fedora";
+      };
+      "lloyd" = {
+        hostname = "lloyd";
+        user = "truenas_admin";
+      };
+    };
+  };
+
+  xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = ''
+    [Desktop Entry]
+    Type=Application
+    Hidden=true
+  '';
+}

modules/home/syncthing.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.syncthing = {
-    enable = true;
-  };
-}

modules/home/zed.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ ... }:
 
 {
   programs.zed-editor = {
@@ -44,7 +44,10 @@
 
       languages = {
         "Nix" = {
-          language_servers = [ "nil" "nixd" ];
+          language_servers = [
+            "nil"
+            "nixd"
+          ];
           format_on_save = "on";
         };
       };

modules/locale.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 let
   settings = import ../settings.nix;
@@ -9,4 +9,4 @@ in
 
   # Internationalization properties
   i18n.defaultLocale = settings.locale;
-} 
+}

modules/networking.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 let
   settings = import ../settings.nix;
@@ -17,19 +17,27 @@ in
     # Allowed ports
     allowedTCPPorts = [
       # SyncThing
-      8384 22000
+      8384
+      22000
     ];
     allowedUDPPorts = [
 
       # SyncThing
-      22000 21027
+      22000
+      21027
     ];
   };
 
-  networking.nameservers = [ "1.1.1.1" "9.9.9.9" ];
+  networking.nameservers = [
+    "1.1.1.1"
+    "9.9.9.9"
+  ];
   services.resolved = {
     enable = true;
     dnsovertls = "opportunistic";
-    fallbackDns = [ "1.0.0.1" "149.112.112.112" ];
+    fallbackDns = [
+      "1.0.0.1"
+      "149.112.112.112"
+    ];
   };
 }

modules/programs.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   # Enable unfree globally

modules/services.nix

@@ -1,10 +1,6 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
-let
-  settings = import ../settings.nix;
-in
 {
-  # Hardened OpenSSH
   services.openssh = {
     enable = true;
     ports = [ 22 ];
@@ -38,22 +34,22 @@ in
 
   # Sunshine
   services.sunshine = {
-      enable = true;
-      autoStart = true;
-      capSysAdmin = true;
-      openFirewall = true;
-      applications = {
-        apps = [
-          {
-            name = "Steam Big Picture";
-            cmd = "${pkgs.steam}/bin/steam -gamepadui";
-          }
-          {
-            name = "Desktop";
-            cmd = "${pkgs.coreutils}/bin/true";
-          }
-        ];
-      };
+    enable = true;
+    autoStart = true;
+    capSysAdmin = true;
+    openFirewall = true;
+    applications = {
+      apps = [
+        {
+          name = "Steam Big Picture";
+          cmd = "${pkgs.steam}/bin/steam -gamepadui";
+        }
+        {
+          name = "Desktop";
+          cmd = "${pkgs.coreutils}/bin/true";
+        }
+      ];
+    };
   };
 
   services.avahi.publish.enable = true;

modules/users.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 let
   settings = import ../settings.nix;