update

backup-target.nix

@@ -0,0 +1,27 @@
+# configuration allowing this machine to be user as a backup server
+{ config, lib, pkgs, ... }:
+
+{
+  users.users.backup = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD''
+    #''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
+    ];
+
+    packages = [
+      pkgs.rsync
+      pkgs.rrsync
+    ];
+  };
+
+  fileSystems."/mnt/backup" =
+    { 
+      #depends = [ "/" ];
+      device = "BACKUP/backup";
+      fsType = "zfs";
+      options = [ "nofail" ];
+    };
+
+  networking.firewall.allowedTCPPorts = [ 22 ]; 
+}

configuration.nix

@@ -5,11 +5,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   nixpkgs.config.allowUnfree = true;
@@ -26,26 +21,6 @@
   };
   # leftover from the original config
   boot.loader.efi.canTouchEfiVariables = true;
-  
-  # mount network shares
-  fileSystems."/mnt/nas/private" = {
-    device = "dashboard.omv:/ShatteredMINT";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-
-  };
-  fileSystems."/mnt/nas/shared" = {
-    device = "dashboard.omv:/default-nas";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-
-  };
-
-  networking.hostName = "nix-desk"; # Define your hostname.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-  # required for ZFS
-  networking.hostId = "00000001";
-
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
@@ -73,11 +48,12 @@
 
   fonts = {
     packages = with pkgs; [
-      nerdfonts
+      # nerdfonts
 
       # TODO after 25.05
       # change to only install explicit fonts
-      # nerd-fonts.jetbrains-mono
+      nerd-fonts.jetbrains-mono
+      # does not exist
       # nerd-fonts.jetbrains
     ];
 
@@ -99,9 +75,6 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
-  # enable flatpak
-  services.flatpak.enable = true;
-
     # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
@@ -110,10 +83,6 @@
     htop
     ];
 
-  # allow specific users to affect system configuration
-  users.groups.nixos-admins = {};
-  users.users.root.extraGroups = [ "nixos-admins" ];
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
@@ -125,7 +94,18 @@
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = true;
+      KbdInteractiveAuthentication = false;
+      # AllowUsers = [ "backup" ];
+      # UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "no";
+    };
+  };
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];

devices/conv.nix

@@ -0,0 +1,70 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "NIX_CONV_POOL/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "NIX_CONV_POOL/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "NIX_CONV_POOL/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "NIX_CONV_POOL/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/334B-15CD";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
+    ];
+
+  networking.hostName = "nix-conv"; # Define your hostname.
+  networking.hostId = "00000002";
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # BLUETOOTH
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+
+    settings.General.Experimental = true;
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

devices/desk.nix

@@ -0,0 +1,61 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+##test
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" "sg" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "NIX_DESK_POOL/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "NIX_DESK_POOL/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "NIX_DESK_POOL/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "NIX_DESK_POOL/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E943-DA32";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/7e1ada61-7a9b-4d28-b608-23d1ac7f4e29"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  # networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  networking.hostName = "nix-desk"; # Define your hostname.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+  # required for ZFS
+  networking.hostId = "00000001";
+}

devices/nas.nix

@@ -0,0 +1,61 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "NIX_CONV_POOL/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "NIX_CONV_POOL/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "NIX_CONV_POOL/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "NIX_CONV_POOL/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/334B-15CD";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  #swapDevices =
+  #  [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
+  #  ];
+
+  networking.hostName = "nix-nas"; # Define your hostname.
+  networking.hostId = "00000003";
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

flake.lock

@@ -7,32 +7,31 @@
         ]
       },
       "locked": {
-        "lastModified": 1733572789,
+        "lastModified": 1759573136,
-        "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=",
+        "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d",
+        "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1733808091,
+        "lastModified": 1759381078,
-        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
         "owner": "NixOs",
         "repo": "nixpkgs",
-        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
         "type": "github"
       },
       "original": {
         "owner": "NixOs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,9 +2,9 @@
   description = "Flake to handle all my infrastructure";
 
   inputs = {
-    nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager";
 
       # follow defined nixpkgs to prevent version mismatch
       inputs.nixpkgs.follows = "nixpkgs";
@@ -20,9 +20,42 @@
         system = "x86_64-linux";
 	    specialArgs = inputs;
 	    modules = [
+          ./devices/desk.nix
+	      ./hardware/nvidia.nix
+
 	      ./configuration.nix 
-	  ./nvidia.nix
 	      ./plasma.nix
+          ./network-shares.nix
+
+          ./backup-target.nix
+
+	      ./users/shatteredmint.nix
+          ./qemu-bridges.nix
+	];
+      };
+
+      nix-conv = lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+
+        modules = [
+          ./devices/conv.nix
+
+          ./configuration.nix
+
+          ./plasma.nix
+          ./users/shatteredmint.nix
+          ./network-shares.nix
+        ];
+      };
+      nix-nas = lib.nixosSystem {
+        system = "aarch64-linux";
+        specialArgs = inputs;
+
+        modules = [
+          ./devices/nas.nix
+          
+          ./configuration.nix
 
           ./users/shatteredmint.nix
         ];

hardware/nvidia.nix

@@ -19,6 +19,6 @@
     nvidiaSettings = true;
 
     # set specific version
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    package = config.boot.kernelPackages.nvidiaPackages.latest;
   };
 }

network-shares.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{ 
+  # mount network shares
+  fileSystems."/mnt/nas/private" = {
+    device = "dashboard.omv:/ShatteredMINT";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+  fileSystems."/mnt/nas/shared" = {
+    device = "dashboard.omv:/default-nas";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+}

plasma.nix

@@ -12,7 +12,8 @@
     pkgs.kdePackages.elisa
   ];
 
-
+  # enable flatpak
+  services.flatpak.enable = true;
 
   # Enable sound.
   services.pipewire = {

qemu-bridges.nix

@@ -0,0 +1,18 @@
+{ config, libs, pkgs, ... }:
+{
+    networking.bridges.virtbr0.interfaces = [
+        "enp4s0"
+    ];
+
+    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
+    networking.interfaces.virtbr0 = {
+        useDHCP = true;
+    };
+
+    virtualisation.libvirtd = { 
+        enable = true;
+        allowedBridges = [ "virtbr0" ];
+        
+    };
+}

users/shatteredmint.nix

@@ -6,8 +6,11 @@
 
   users.users.shatteredmint = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "nixos-admins" ];
+    extraGroups = [ "wheel" "nixos-admins" "cdrom" ];
     shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT9u43WNMlu3gnu5z9Twt1vkdNdpf6REfEK/OT4qxjK shatteredmint"
+    ];
   };
 
   
@@ -30,7 +33,7 @@
         ignoreAllDups = true;
       };
 
-      initExtra = ''
+      initContent = ''
         bindkey '^?' backward-delete-char
         bindkey '\e[3~' delete-char
         autoload -Uz vcs_info
@@ -48,20 +51,30 @@
       userName = "ShatteredMINT";
       extraConfig = {
         init.defaultBranch = "main";
+        pull.rebase = true;
       };
     };
 
+    programs.neovim = {
+      enable = true;
+      extraPackages = with pkgs; [
+        wl-clipboard
+      ];
+    };
+
     home.packages = with pkgs; [
       thunderbird
       firefox
       lazygit
       veracrypt
       keepassxc
-      yakuake
+      kdePackages.yakuake
       cargo
       zig
       clang
       nil
+      wl-clipboard
+      makemkv
     ];
 
     home.sessionPath = [