nix: Add host polder and refractor modules

nixcfgs/flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1760836749,
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "caelestia-cli": {
       "inputs": {
         "caelestia-shell": [
@@ -46,6 +67,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -69,7 +112,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -86,6 +129,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -142,6 +206,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1760872779,
         "narHash": "sha256-c5C907Raf9eY8f1NUXYeju9aUDlm227s/V0OptEbypA=",
@@ -157,7 +237,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1760878510,
         "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
@@ -173,7 +253,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1758690382,
         "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
@@ -192,7 +272,7 @@
     "nur": {
       "inputs": {
         "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
         "lastModified": 1760925195,
@@ -254,12 +334,13 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "caelestia-shell": "caelestia-shell",
         "flake-utils": "flake-utils",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "nix-darwin": "nix-darwin",
         "nix-flatpak": "nix-flatpak",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nur": "nur",
         "plasma-manager": "plasma-manager",
         "winboat": "winboat"
@@ -280,9 +361,24 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "winboat": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1760827883,

nixcfgs/flake.nix

@@ -25,6 +25,7 @@
       url = "github:caelestia-dots/shell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix.url = "github:ryantm/agenix";
   };
 
   outputs =
@@ -38,6 +39,7 @@
       nur,
       winboat,
       caelestia-shell,
+      agenix,
       ...
     }@inputs:
     let
@@ -59,6 +61,7 @@
         "zp"
         "zephyrus"
         "nixvirt"
+	"polder"
       ];
 
       mkNixosSystem =
@@ -67,6 +70,7 @@
           system = "x86_64-linux";
           inherit specialArgs;
           modules = [
+	    agenix.nixosModules.default
             ./hosts/${hostname}
             { nixpkgs.overlays = overlays; }
           ];

nixcfgs/hosts/polder/default.nix

@@ -0,0 +1,57 @@
+# ~/.config/nixcfgs/hosts/polder/default.nix
+{
+  config,
+  pkgs,
+  nix-flatpak,
+  ...
+}:
+{
+  imports = [
+    # impure build
+    /etc/nixos/hardware-configuration.nix
+    ../../modules/nixos
+  ];
+  system.stateVersion = "25.05";
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+  boot.kernelParams = [ "console=ttyS0,115200n8" "console=tty0" ];
+  boot.loader.grub.useOSProber = true;
+  services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;
+  time.timeZone = "Etc/UTC";
+
+  nixpkgs.config.allowUnfree = true;
+  networking.hostName = "polder";
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+    };
+  };
+
+  networking = {
+    usePredictableInterfaceNames = false;
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "158.220.98.103";
+        prefixLength = 20;
+      }
+    ];
+    defaultGateway = {
+      address = "158.220.96.1";
+      interface = "eth0";
+    };
+    nameservers = [
+      "1.1.1.1"
+      "8.8.8.8"
+      "2606:4700:4700::1111"
+      "2001:4860:4860::8888"
+    ];
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 ];
+    };
+  };
+}

nixcfgs/hosts/zephyrus/default.nix

@@ -2,29 +2,30 @@
 {...}: {
   imports = [
     ../../modules/nixos
-    ../../modules/nixos/host-machine.nix
-    ../../modules/nixos/waydroid.nix
-    ../../modules/nixos/laptop.nix
-    ../../modules/nixos/disable-nvidia.nix
-    ../../modules/nixos/additional-packages.nix
     ../../modules/nixos/libvirt.nix
     ../../modules/nixos/docker.nix
-    ../../modules/nixos/firefox.nix
-    ../../modules/nixos/steam.nix
-    ../../modules/nixos/chromium.nix
-    ../../modules/nixos/obs-studio.nix
-    ../../modules/nixos/wine.nix
     ../../modules/nixos/exp.nix
-    ../../modules/nixos/gnome-keyring.nix
+    ../../modules/nixos/desktop/host-machine.nix
+    ../../modules/nixos/desktop/laptop.nix
+    ../../modules/nixos/desktop/disable-nvidia.nix
+    ../../modules/nixos/additional-packages.nix
+    ../../modules/nixos/desktop
+    ../../modules/nixos/desktop/firefox.nix
+    ../../modules/nixos/desktop/steam.nix
+    ../../modules/nixos/desktop/chromium.nix
+    ../../modules/nixos/desktop/obs-studio.nix
+    ../../modules/nixos/desktop/wine.nix
+    ../../modules/nixos/desktop/gnome-keyring.nix
     ../../modules/nixos/udev/basys3.nix
-    ../../modules/nixos/desktop/kde.nix
+    ../../modules/nixos/desktop-environment/kde.nix
-    ../../modules/nixos/desktop/hyprland.nix
+    ../../modules/nixos/desktop-environment/hyprland.nix
     ../../modules/nixos/display-manager/sddm.nix
     ./hardware-configuration.nix
     ./keyd.nix
     ./packages.nix
   ];
 
+  boot.kernelPackages = pkgs.linuxPackages_latest;
   nixpkgs.config.allowUnfree = true;
   networking.hostName = "zephyrus";
   networking.modemmanager.enable = false;

nixcfgs/modules/nixos/configuration.nix

@@ -1,109 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  security.pam.services.login.enableGnomeKeyring = true;
-
-  # Use latest kernel.
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "Europe/London";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  i18n = {
-    defaultLocale = "en_GB.UTF-8";
-    # extraLocales = [
-    #   "en_GB.UTF-8/UTF-8"
-    # ];
-    extraLocaleSettings = {
-      # LC_CTYPE = "en_GB.UTF-8";
-      LC_ALL = "en_GB.UTF-8";
-    };
-  };
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkb.options in tty.
-  # };
-
-  # Configure keymap in X11
-  services.xserver.xkb.layout = "us";
-  # services.xserver.xkb.options = "eurosign:e,caps:escape";
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound.
-  # services.pulseaudio.enable = true;
-  # OR
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
-
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-  };
-
-  environment.shellAliases = {
-    nrs = "sudo nixos-rebuild switch --flake ~/.dotfiles/nixcfgs";
-  };
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    # enableSSHSupport = true;
-  };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  services.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.js0ny = {
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "docker"
-      "libvirtd"
-      "dialout"
-    ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-      tree
-    ];
-  };
-
-  services.flatpak.enable = true;
-}

nixcfgs/modules/nixos/core/configuration.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_GB.UTF-8";
+    extraLocales = [
+      "en_GB.UTF-8/UTF-8"
+    ];
+    extraLocaleSettings = {
+      # LC_CTYPE = "en_GB.UTF-8";
+      LC_ALL = "en_GB.UTF-8";
+    };
+  };
+
+  environment.shellAliases = {
+    nrs = "sudo nixos-rebuild switch --flake ~/.dotfiles/nixcfgs";
+  };
+
+  # system.copySystemConfiguration = true;
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.js0ny = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "docker"
+      "libvirtd"
+      "dialout"
+    ]; # Enable ‘sudo’ for the user.
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJToUo2jT3qt7eHIME9e1awabZZVmtKhbxwVz9BMSM2d js0ny@zephyrus"
+    ];
+  };
+  programs.command-not-found.enable = true;
+}

nixcfgs/modules/nixos/core/packages.nix

@@ -1,13 +1,11 @@
 # ~/.config/nix-config/common/packages-headless.nix
 {pkgs, ...}: {
-  #  nixpkgs.config.allowUnfree = true;
   environment.systemPackages = with pkgs; [
     vim
     wget
     curl
     git
     tmux
-    wl-clipboard
     nix-index
     file
     unzip

nixcfgs/modules/nixos/default.nix

@@ -1,8 +1,7 @@
 {pkgs, ...}: {
   imports = [
-    ./configuration.nix
+    ./core/configuration.nix
-    ./packages.nix
+    ./core/packages.nix
-    ./fonts.nix
-    ./rime.nix
   ];
 }
+

nixcfgs/modules/nixos/desktop/default.nix

@@ -0,0 +1,51 @@
+{...}: {
+
+  imports = [
+    ../rime.nix
+    ../fonts.nix
+  ];
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+  # Set your time zone.
+  time.timeZone = "Europe/London";
+
+  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "us";
+  # services.xserver.xkb.options = "eurosign:e,caps:escape";
+  security.pam.services.login.enableGnomeKeyring = true;
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkb.options in tty.
+  # };
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+  };
+  environment.systemPackages = with pkgs; [
+    wl-clipboard
+  ];
+}

nixcfgs/modules/nixos/desktop/laptop.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    powertop
+  ];
+}
+
+

nixcfgs/modules/nixos/guest.nix

@@ -1,25 +0,0 @@
-{pkgs, ...}: {
-  users.users.guest = {
-    isNormalUser = true;
-    description = "Guest user";
-    home = "/home/guest";
-    extraGroups = [""]; # 可选，是否允许 sudo
-    shell = pkgs.bash;
-    # hashedPassword = ""; # 空密码，意味着需要手动设置或禁用登录
-    # 或者直接禁止密码登录：
-    hashedPassword = null;
-  };
-
-  systemd.services."guest-reset-home" = {
-    description = "Reset guest home directory on boot";
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = ''
-        rm -rf /home/guest/*
-        cp -r /etc/skel/. /home/guest/
-        chown -R guest:guest /home/guest
-      '';
-    };
-  };
-}

nixcfgs/modules/nixos/laptop.nix

@@ -1,11 +0,0 @@
-# ~/.config/nix-config/common/packages-headless.nix
-{ pkgs, ... }:
-
-{
-#  nixpkgs.config.allowUnfree = true; 
-  environment.systemPackages = with pkgs; [
-    powertop
-  ];
-}
-
-

nixcfgs/modules/nixos/programs/packages.nix

@@ -1,6 +1,5 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [
-    chromium
     nil
     nixd
     libnotify