perf: Home-manager to module

feat: Optionise config
2025-02-02 14:57:36 +03:00
parent f2c215460b
commit ea39ab9992
97 changed files with 395 additions and 488 deletions
--- a/host/Eclipse/configuration.nix
+++ b/host/Eclipse/configuration.nix
@ -0,0 +1,26 @@
+{ config, pkgs, pkgs-stable, lib, inputs, ...}: {
+  imports = [
+    ./secrets/secrets.nix
+    ./modules/aagl.nix
+    ./modules/grub.nix
+    ./modules/zram.nix
+    ../modules/nvidia.nix
+
+    (import ../modules/common.nix {
+      inherit lib;
+      inherit inputs;
+      hostname = "Eclipse";
+    })
+
+    (import ../../user/common.nix {
+      inherit config;
+      inherit pkgs;
+      inherit pkgs-stable;
+      inherit lib;
+      inherit inputs;
+      name = "chest";
+    })
+  ];
+
+  programs.gamemode.enable = true;
+}
--- a/host/Eclipse/hardware-configuration.nix
+++ b/host/Eclipse/hardware-configuration.nix
@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/34e32809-6876-4361-95d8-70a479ea8e19";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2B65-0D2E";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+    fileSystems."/mnt/D" = {
+    device = "/dev/disk/by-uuid/E030A4DF30A4BDC2";
+    fsType = "ntfs";
+    options = ["umask=0022" "gid=100" "uid=1002"];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/host/Eclipse/modules/aagl.nix
+++ b/host/Eclipse/modules/aagl.nix
@ -0,0 +1,29 @@
+{ inputs, ... }: {
+  imports = [ inputs.aagl.nixosModules.default ];
+  nix.settings = inputs.aagl.nixConfig; # Set up Cachix
+  programs.honkers-railway-launcher.enable = true;
+  networking.hosts."0.0.0.0" = [
+    "overseauspider.yuanshen.com"
+    "log-upload-os.hoyoverse.com"
+    "log-upload-os.mihoyo.com"
+    "dump.gamesafe.qq.com"
+
+    "apm-log-upload-os.hoyoverse.com"
+    "zzz-log-upload-os.hoyoverse.com"
+
+    "log-upload.mihoyo.com"
+    "devlog-upload.mihoyo.com"
+    "uspider.yuanshen.com"
+    "sg-public-data-api.hoyoverse.com"
+    "hkrpg-log-upload-os.hoyoverse.com"
+    "public-data-api.mihoyo.com"
+
+    "prd-lender.cdp.internal.unity3d.com"
+    "thind-prd-knob.data.ie.unity3d.com"
+    "thind-gke-usc.prd.data.corp.unity3d.com"
+    "cdp.cloud.unity3d.com"
+    "remote-config-proxy-prd.uca.cloud.unity3d.com"
+
+    "pc.crashsight.wetest.net"
+  ];
+}
--- a/host/Eclipse/modules/grub.nix
+++ b/host/Eclipse/modules/grub.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }: let
+   theme = pkgs.fetchFromGitHub {
+    owner = "OliveThePuffin";
+    repo = "yorha-grub-theme";
+    rev = "4d9cd37baf56c4f5510cc4ff61be278f11077c81";
+    hash = "sha256-XVzYDwJM7Q9DvdF4ZOqayjiYpasUeMhAWWcXtnhJ0WQ=";
+   };
+in {
+  boot.loader.grub = {
+    gfxmodeEfi = "1920x1080";
+    theme = "${theme}/yorha-1920x1080";
+  };
+}
--- a/host/Eclipse/modules/zram.nix
+++ b/host/Eclipse/modules/zram.nix
@ -0,0 +1,8 @@
+{
+  zramSwap = {
+    enable = true;
+    algorithm = "lz4";
+    memoryPercent = 50;
+    priority = 999;
+  };
+}
--- a/host/Eclipse/secrets/secrets.nix
+++ b/host/Eclipse/secrets/secrets.nix
@ -0,0 +1,9 @@
+{
+  sops = {
+    age.keyFile = "/root/age.key";
+    secrets.vpn_bolt = {
+      format = "binary";
+      sopsFile = ./vpn_bolt.db;
+    };
+  };
+}
--- a/host/Eclipse/secrets/vpn_bolt.db
+++ b/host/Eclipse/secrets/vpn_bolt.db
--- a/host/Rias/configuration.nix
+++ b/host/Rias/configuration.nix
@ -0,0 +1,27 @@
+{ config, pkgs, pkgs-stable, lib, inputs, ...}: {
+  imports = [
+    ./secrets/secrets.nix
+    ./modules/grub.nix
+    ./modules/syncthing.nix
+    ../../modules/host/adb.nix
+    ../modules/nvidia.nix
+
+    (import ../modules/common.nix {
+      inherit lib;
+      inherit inputs;
+      hostname = "Rias";
+    })
+
+    (import ../../user/common.nix {
+      inherit config;
+      inherit pkgs;
+      inherit pkgs-stable;
+      inherit lib;
+      inherit inputs;
+      name = "sweetbread";
+      fullname = "Sweet Bread";
+    })
+  ];
+
+  programs.gamemode.enable = true;
+}
--- a/host/Rias/hardware-configuration.nix
+++ b/host/Rias/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NixOS";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0BE3-FC0E";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" "nofail" ];
+  };
+
+  fileSystems."/mnt/D" = {
+    device = "/dev/disk/by-label/Data";
+    fsType = "ntfs";
+    options = ["umask=0022" "gid=100" "uid=1000" "nofail" ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/host/Rias/modules/grub.nix
+++ b/host/Rias/modules/grub.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }: let
+   theme = pkgs.fetchFromGitHub {
+    owner = "OliveThePuffin";
+    repo = "yorha-grub-theme";
+    rev = "4d9cd37baf56c4f5510cc4ff61be278f11077c81";
+    hash = "sha256-XVzYDwJM7Q9DvdF4ZOqayjiYpasUeMhAWWcXtnhJ0WQ=";
+   };
+in {
+  boot.loader.grub = {
+    gfxmodeEfi = "3440x1440";
+    theme = "${theme}/yorha-2560x1440";
+  };
+}
--- a/host/Rias/modules/syncthing.nix
+++ b/host/Rias/modules/syncthing.nix
@ -0,0 +1,38 @@
+{ config, ... }: {
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+
+    user = "sweetbread";
+    dataDir = "/home/sweetbread/.config/syncthing";
+
+    key = config.sops.secrets.syncthing_key.path;
+    cert = config.sops.secrets.syncthing_cert.path;
+
+    settings = {
+      devices = {
+        Akeno = { id = "YVFVE2M-GSCKJBJ-AMC5JM3-AOMCVNP-RLFAWEZ-35VP4HP-DGP5QD2-6QWEZQW"; };
+        Koneko = { id = "PJFWQRY-ZFUBGDR-NV7KVBL-UBDQ4HT-KPTYP34-MUDFPJU-4EZUHTT-ZLYRMAB"; };
+      };
+
+      folders = {
+        "Books" = {
+          path = "/mnt/D/SyncThing/Books";
+          devices = [ "Akeno" "Koneko" ];
+        };
+
+        ".RPI" = {
+          path = "/mnt/D/SyncThing/.RPI";
+          devices = [ "Akeno" "Koneko" ];
+        };
+
+        "Music" = {
+          path = "/home/sweetbread/Music";
+          devices = [ "Akeno" "Koneko" ];
+        };
+      };
+    };
+  };
+
+  systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
+}
--- a/host/Rias/secrets/secrets.nix
+++ b/host/Rias/secrets/secrets.nix
@ -0,0 +1,20 @@
+{
+  sops = {
+    age.keyFile = "/root/age.key";
+    secrets = {
+      vpn_bolt = {
+        format = "binary";
+        sopsFile = ./vpn_bolt.db;
+      };
+
+      syncthing_cert = {
+        format = "binary";
+        sopsFile = ./syncthing_cert.pem;
+      };
+      syncthing_key = {
+        format = "binary";
+        sopsFile = ./syncthing_key.pem;
+      };
+    };
+  };
+}
--- a/host/Rias/secrets/syncthing_cert.pem
+++ b/host/Rias/secrets/syncthing_cert.pem
@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:FrQVoWDaUZUh8OfSjJ4f1TsPutY6PyMTIPYgWfG1wg/t8orJC52QsoZEabj46tIcLDSJaGSETf3lvCXnmesFAeqUuMK4axAcqPSBRd+kSoCSg/KzHdkQD5C4JiYWUWdIdvMYMUz086mFiHSyyzvbPYCAKrWYtQsQcJPEYmuvQl/0vFPjquR9Mla+/89MXebWBSGys43PKzQUfWjgrLmR7v2ac7lbRxnhBNP/eGayM4auzZVCtLV0UBs3TS5GTPSKAcQeAmmHbzdRJg8vVM1deKv9s/Tjy3ygRthqjCuVF2xcLetb2SDhYKMcgZRXT+AtnEyiV72wxqaExtWsUjJvR8b7COsFpBWbXT+AY+FkSKaGz00DaXncBKSP/zmiUYyaMplvQESFlIpduzF/DRuyQrq+KAwnJZql0rlvfzcEYgQKJENeQwHAq8Itu+HcHzmCEbY4d+LvEznEwlQ6eL6y3tNzoWzfhRQUz4Ki+54DPLGlGtOe9dTM8cWHtl/mZniNzY6FXNiEqbHrepzq7WEXSPi69Hj2OfdvSTQX4HMnp5Tw0i95zhfHDmzp62Kr6YLj0KYZsj6gsC3/6SYB0YNn5pMo1IpBonJxyKeAUz9NvrMcy1/7z/h9OOejPPM3xm48XJ4/7mMhOyB13VPYMZZMUajqUgu2qdGgDxl+DY140LAoQ8bRs3wvTwCwZuCA9Fj4gtn4+04EIil+lPjwEYH/2VIX4MmhxlyxZ2ECAqWf9LJgRy+3asvE8qPxmXNLSd1JqThAYoezJOZf6T5blzOwaXKzmom1hAtkptVjz+fvudwSZQcMOBnrSI1lkWeaeTFvQQOe4jUhaRB83NfbSpm6CFhqHJKjDorP6L5zwOx663YyJcZB2sAcotKGzDi3lQqfh8HGmrGLnc1+J+d9L7NbccgsfWYzfk04tqwv6WI+rpXqR0HlLyg+SDjtl49tuC1c6U9atNKPpyuqWHW2DiM8dgERmJfNz8OGjK2mnU7onGeUyrBvXrIcfe+z/fuymzJ5eHnU3VfMxz9Py97AK7M7KN/tRhR7Grx6Sqs=,iv:imkydsFKhiTrqyi1rXidCLCDGtL8RuY6ZiiiHyMFeAg=,tag:HwvqV4xt0nQZb1El+XrO+w==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TGk2MWdnZzc3UVZ2Ui9w\nVWgxcFJDUThhM0pDbVR1ZXd6U3BhLzM0U1ZNClJpaHlCdU9mTURKSzdSbE52SFR6\ncUdzVkJ2MElNUHg3UzJHc0tNb3dJamMKLS0tIGErZXJGOXFLUCt1SG93aW01aEEw\nTmNiN1VUUUp2TWlKTlpDWDVwVUk2VjgKpUD72/hlXLEzciW/kewu0hZanGA8+Gfh\ndCro8OOJaOe2INCrioOL9kMZvdpxq96fw+kir1FkkJBkepJgcdCTgA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-12-17T12:28:22Z",
+		"mac": "ENC[AES256_GCM,data:n4Bj/FaPaN+IyVXz8Bmu+tfuULxcJpDnAiYhGawMhbfFCL2tGFVi7G0WdnopdSrZV++9iZnb4z5a/al1WbmIIy/iJS7v2EKNzK08U9xdJDKgEQKXJms/df13f/FRDxV3nfCHX8UBtSJNdcXBY5O77o+VUUcjkpbzVrwWjAaMcOk=,iv:5z25Ereng1O47fk8w4OA52Gk4CAqW2Ot97Cp7UR0zqw=,tag:h9WL5ESZwd9BCa7bbUahOg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
--- a/host/Rias/secrets/syncthing_key.pem
+++ b/host/Rias/secrets/syncthing_key.pem
@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:6VJ1TgANh3bVkWEsPFQYFLjdrbsggQ3mCOpLWIo7Q9hCxsUeI0sL4npsXAVoEfTndWkv1zBgzVjzw+KcY8IDu27uTwguPrPk/R0T1aAa1Y8LEoOVmqZVw6GxiiqEYVcbOERkSi3kFSocynzFljDAqPnaYUVoAkB9mFPtO5KeXMjKXMtkJhcFjPkIzLzcHHBEeVUynn4utQaKspj6xVWc+NX/+G+Oh4kfm4RJyD/v5WEWQh2bFtiVwLhgRNiw210SuFZJqst8SoAXjG3LivpAJXapnn1xC3t8Vn4RXHC+JVl/7amDkGY+GOK+k68ou0TS+dWMAEZhiVWsOToeb4C5wPbvDADNRFx78HORsKprAcPgOvYkvaDX+A242KVz4w9j,iv:uD6GkozkTM4mP0jfQ9+oNN4o/kMiscYbggF0Lgum3Wk=,tag:CHO2KBgWnRQ9zvYC4br38A==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3di9JS0g0cUFxK1cwSkU3\nTmdHRW5NTjQzWWtSR2xYUnlEOG1va3BhY3k0CnRrZkRydGQ0SkczVTB0TkRDejVt\nS0NweDBuNDErNUVjazRTQ1RFYks4NWcKLS0tIGRPL1Z1aWNyS0FBSnZhZWFCWHBS\nVzhLYUdkNWhyVEx2aGtuWGZHM3J2Uk0KrZsGNRPlUB02xJvNeD3VFbRIVAL8bnei\nxS/mwnx6V2o+yJX7RHEj7D466L6zzm0CtDaz7PT4vyJxDBjpRuMBhg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-12-17T12:28:38Z",
+		"mac": "ENC[AES256_GCM,data:g/WhHfiukviJDExEsVFo4JOkVayeZEZpexmEvUn2IOGQ13qTD1rVakR/0cF/XowxsiCBwicn5Fc5FRFe696MBzIyetNNt75jWKC/tasWGk5khrQI6Jwj3kt1nmsQmdahQ4shmjfiLmeELy8fGBe7ASCvu+gZCEfg8OaZRRxmh/E=,iv:S1FlplJsJcsv4Cm8AOYfW15rFE7a5bcUBej7hp6tnNI=,tag:AdgkSbl5ikGnpvG9Z4D9Sg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
--- a/host/Rias/secrets/vpn_bolt.db
+++ b/host/Rias/secrets/vpn_bolt.db
--- a/host/Senko/configuration.nix
+++ b/host/Senko/configuration.nix
@ -0,0 +1,26 @@
+{ config, pkgs, pkgs-stable, lib, inputs, ...}: {
+  imports = [
+    ./secrets/secrets.nix
+    ./modules/grub.nix
+    ../modules/nvidia.nix
+
+    (import ../modules/common.nix {
+      inherit lib;
+      inherit inputs;
+      hostname = "Senko";
+    })
+
+    (import ../../user/common.nix {
+      inherit config;
+      inherit pkgs;
+      inherit pkgs-stable;
+      inherit lib;
+      inherit inputs;
+      name = "sweetbread";
+      fullname = "Sweet Bread";
+    })
+  ];
+
+  hardware.bluetooth.enable = true;
+  host.laptop = true;
+}
--- a/host/Senko/hardware-configuration.nix
+++ b/host/Senko/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NixOS";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D706-818C";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" "nofail" ];
+  };
+
+  fileSystems."/mnt/D" = {
+    device = "/dev/disk/by-label/Data";
+    fsType = "ntfs";
+    options = [ "umask=0022" "gid=100" "uid=1000" "nofail" ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/host/Senko/modules/grub.nix
+++ b/host/Senko/modules/grub.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }: let
+   theme = pkgs.fetchFromGitHub {
+    owner = "Patato777";
+    repo = "dotfiles";
+    rev = "cc363921707807d7ad3e36b462f0df793a0fe18a";
+    hash = "sha256-fpXGFNrzbV6K9hoZRX4tGieTLzhpPeGm6wn8CF4OGow=";
+   };
+in {
+  boot.loader.grub = {
+    gfxmodeEfi = "1920x1080";
+    theme = "${theme}/grub/themes/virtuaverse";
+  };
+}
--- a/host/Senko/secrets/secrets.nix
+++ b/host/Senko/secrets/secrets.nix
@ -0,0 +1,11 @@
+{
+  sops = {
+    age.keyFile = "/root/age.key";
+    secrets = {
+      vpn_bolt = {
+        format = "binary";
+        sopsFile = ./vpn_bolt.db;
+      };
+    };
+  };
+}
--- a/host/Senko/secrets/vpn_bolt.db
+++ b/host/Senko/secrets/vpn_bolt.db
@ -0,0 +1 @@
+../../Rias/secrets/vpn_bolt.db
--- a/host/modules/common.nix
+++ b/host/modules/common.nix
@ -0,0 +1,20 @@
+{ lib, inputs, hostname }: {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+    ../${hostname}/hardware-configuration.nix
+    ../../modules/host.nix
+    ./packages.nix
+  ];
+
+  options = {
+    host.laptop = lib.mkEnableOption "laptop mode";
+  };
+
+  config = {
+    networking.hostName = hostname;
+    time.timeZone = lib.mkDefault "Europe/Moscow";
+    i18n.defaultLocale = lib.mkDefault "ru_RU.UTF-8";
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+    system.stateVersion = "23.05";
+  };
+}
--- a/host/modules/nvidia.nix
+++ b/host/modules/nvidia.nix
@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }: {
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware = {
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [nvidia-vaapi-driver intel-media-driver];
+      extraPackages32 = with pkgs.pkgsi686Linux; [nvidia-vaapi-driver intel-media-driver];
+    };
+
+    nvidia = {
+      modesetting.enable = true;
+      powerManagement = {
+        enable = true;
+        finegrained = false;
+      };
+      open = false;
+      nvidiaSettings = true;
+      package = config.boot.kernelPackages.nvidiaPackages.beta;
+
+      prime = lib.optionalAttrs config.host.laptop {
+        intelBusId = "PCI:0:2:0";
+        nvidiaBusId = "PCI:1:0:0";
+      };
+    };
+  };
+}
--- a/host/modules/packages.nix
+++ b/host/modules/packages.nix
@ -0,0 +1,34 @@
+{ pkgs, inputs, ... }: {
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    file
+    tree
+    wget
+    git
+    (btop.override { cudaSupport = true; })
+    unzip
+    yazi
+    zip
+    lazygit
+    httpie
+    ncdu
+    tldr
+    helix
+  ];
+
+  fonts.packages = with pkgs; [
+    jetbrains-mono
+    noto-fonts
+    noto-fonts-emoji
+    noto-fonts-cjk-sans
+    twemoji-color-font
+    font-awesome
+    powerline-fonts
+    powerline-symbols
+    ubuntu_font_family
+    unifont
+    nerd-fonts.symbols-only
+    corefonts
+  ];
+}