add options to allow backing up to specific machine

backup-target.nix

@@ -5,23 +5,11 @@
   users.users.backup = {
     isNormalUser = true;
     openssh.authorizedKeys.keys = [
-    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD''
-    #''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
+    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup/",restrict sh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
     ];
 
     packages = [
       pkgs.rsync
-      pkgs.rrsync
     ];
   };
-
-  fileSystems."/mnt/backup" =
-    { 
-      #depends = [ "/" ];
-      device = "BACKUP/backup";
-      fsType = "zfs";
-      options = [ "nofail" ];
-    };
-
-  networking.firewall.allowedTCPPorts = [ 22 ]; 
 }

configuration.nix

@@ -11,7 +11,7 @@
 
   # Use the systemd-boot EFI boot loader.
   # changed to grub following the (ZFS tutorial)[https://nixos.wiki/wiki/ZFS]
-  boot.loader.grub = lib.mkDefault {
+  boot.loader.grub = {
     enable = true;
     zfsSupport = true;
     efiSupport = true;
@@ -21,6 +21,26 @@
   };
   # leftover from the original config
   boot.loader.efi.canTouchEfiVariables = true;
+  
+  # mount network shares
+  fileSystems."/mnt/nas/private" = {
+    device = "dashboard.omv:/ShatteredMINT";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+  fileSystems."/mnt/nas/shared" = {
+    device = "dashboard.omv:/default-nas";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+
+  };
+
+  networking.hostName = "nix-desk"; # Define your hostname.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+  # required for ZFS
+  networking.hostId = "00000001";
+
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
@@ -48,12 +68,11 @@
 
   fonts = {
     packages = with pkgs; [
-      # nerdfonts
+      nerdfonts
 
       # TODO after 25.05
       # change to only install explicit fonts
-      nerd-fonts.jetbrains-mono
-      # does not exist
+      # nerd-fonts.jetbrains-mono
       # nerd-fonts.jetbrains
     ];
 
@@ -75,7 +94,10 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
-    # List packages installed in system profile. To search, run:
+  # enable flatpak
+  services.flatpak.enable = true;
+
+  # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
     neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
@@ -83,6 +105,10 @@
     htop
     ];
 
+  # allow specific users to affect system configuration
+  users.groups.nixos-admins = {};
+  users.users.root.extraGroups = [ "nixos-admins" ];
+
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
@@ -94,18 +120,7 @@
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-    settings = {
-      PasswordAuthentication = true;
-      KbdInteractiveAuthentication = false;
-      # AllowUsers = [ "backup" ];
-      # UseDns = true;
-      X11Forwarding = false;
-      PermitRootLogin = "no";
-    };
-  };
+  # services.openssh.enable = true;
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
@@ -132,6 +147,5 @@
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
   system.stateVersion = "24.11"; # Did you read the comment?
 
-  nix.settings.trusted-users = [ "shatteredmint" ];
 }
 

devices/conv.nix

@@ -1,70 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd sg" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "NIX_CONV_POOL/root";
-      fsType = "zfs";
-    };
-
-  fileSystems."/nix" =
-    { device = "NIX_CONV_POOL/nix";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var" =
-    { device = "NIX_CONV_POOL/var";
-      fsType = "zfs";
-    };
-
-  fileSystems."/home" =
-    { device = "NIX_CONV_POOL/home";
-      fsType = "zfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/334B-15CD";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
-    ];
-
-  networking.hostName = "nix-conv"; # Define your hostname.
-  networking.hostId = "00000002";
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  # BLUETOOTH
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-
-    settings.General.Experimental = true;
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

devices/nas.nix

@@ -1,83 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-
-  boot.initrd.availableKernelModules = [ "nvme" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ ];    
-  boot.extraModulePackages = [ ];
-
-  security.sudo.wheelNeedsPassword = false;
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-  
-  fileSystems."/srv/docker" =
-   { device = "/dev/mapper/base--storage-Docker";
-     fsType = "ext4";
-   };
-
-  fileSystems."/srv/private" =
-   { device = "/dev/mapper/base--storage-ShatteredMINT";
-     fsType = "ext4";
-   };
-
-  fileSystems."/srv/shared" =
-   { device = "/dev/mapper/base--storage-NAS";
-     fsType = "ext4";
-   };
-
-  #fileSystems."/export/ShatteredMINT" =
-  #  { device = "/srv/dev-disk-by-uuid-18333f38-626c-4c22-af29-314a87282809";
-  #    fsType = "none";
-  #    options = [ "bind" ];
-  #  };
-
-  #fileSystems."/export/default-nas" =
-  #  { device = "/srv/dev-disk-by-uuid-98570615-8eda-4a45-8a20-3c58b50e3d79/default-nas";
-  #    fsType = "none";
-  #    options = [ "bind" ];
-  #  };
-
-  #fileSystems."/var/lib/docker/overlay2/52c3dbf89d5578b1cde892c0ccdad10293c8275870a047aff42b9ba2eb786d02/merged" =
-  #  { device = "overlay";
-  #    fsType = "overlay";
-  #  };
-
-  #fileSystems."/var/lib/docker/overlay2/f7163e8dd1916ab72fb37368f3799d89f07a203cd316448a7f107d8b2249bb7a/merged" =
-  #  { device = "overlay";
-  #    fsType = "overlay";
-  #  };
-
-  #fileSystems."/var/lib/docker/overlay2/9ff1324d7039ab0ea28895230b35432382bbf23d32c24e992525711b6f7c0bd8/merged" =
-  #  { device = "overlay";
-  #    fsType = "overlay";
-  #  };
-
-  swapDevices = [ ];
-
-  networking.hostName = "nix-nas"; # Define your hostname.
-  networking.hostId = "00000003";
-  # Pick only one of the below networking options.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  networking.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-
-  services.cron = {
-   enable = true;
-   systemCronJobs = [
-     "* 20 * * *     root rsync -Pav -e 'ssh -i /root/.ssh/backup' /srv backup@192.168.178.24:/ 1>> /root/backup.log 2>> /root/backup.err"
-   ];
-  };
-}

flake.lock

@@ -1,25 +1,5 @@
 {
   "nodes": {
-    "friendlyelecCM3588": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1771227633,
-        "narHash": "sha256-uUZMqpQ+Hv4CzwWSZeLpdPEth0W2+d0MlnZb073XjwY=",
-        "owner": "YayaADev",
-        "repo": "nixos-friendlyelec-cm3588",
-        "rev": "687a43f7a8961d7929e82494cfeb55c031638192",
-        "type": "github"
-      },
-      "original": {
-        "owner": "YayaADev",
-        "repo": "nixos-friendlyelec-cm3588",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -27,55 +7,39 @@
         ]
       },
       "locked": {
-        "lastModified": 1772845525,
-        "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
+        "lastModified": 1733572789,
+        "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
+        "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "nix-flatpak": {
-      "locked": {
-        "lastModified": 1768656715,
-        "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=",
-        "owner": "gmodena",
-        "repo": "nix-flatpak",
-        "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "gmodena",
-        "repo": "nix-flatpak",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1772773019,
-        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
+        "lastModified": 1733808091,
+        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
         "owner": "NixOs",
         "repo": "nixpkgs",
-        "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
+        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
         "type": "github"
       },
       "original": {
         "owner": "NixOs",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "root": {
       "inputs": {
-        "friendlyelecCM3588": "friendlyelecCM3588",
         "home-manager": "home-manager",
-        "nix-flatpak": "nix-flatpak",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -2,18 +2,13 @@
   description = "Flake to handle all my infrastructure";
 
   inputs = {
-    nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.11";
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-24.11";
 
       # follow defined nixpkgs to prevent version mismatch
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    friendlyelecCM3588 = {
-      url = "github:YayaADev/nixos-friendlyelec-cm3588";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    nix-flatpak.url = "github:gmodena/nix-flatpak";
   };
 
   outputs = {self, nixpkgs, home-manager, ... }@inputs: 
@@ -23,54 +18,17 @@
     nixosConfigurations = {
       nix-desk = lib.nixosSystem {
         system = "x86_64-linux";
-	    specialArgs = inputs;
-	    modules = [
-          ./devices/desk.nix
-	      ./hardware/nvidia.nix
-          ./hardware/scanner.nix
+	specialArgs = inputs;
+	modules = [
+      ./hardware/desk.nix
 
-	      ./configuration.nix 
-	      ./plasma.nix
-          ./software/default-graphical.nix
-          ./network-shares.nix
+	  ./configuration.nix 
+	  ./nvidia.nix
+	  ./plasma.nix
 
-          ./backup-target.nix
-
-	      ./users/shatteredmint.nix
-          # ./qemu-bridges.nix
+	  ./users/shatteredmint.nix
 	];
       };
-
-      nix-conv = lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = inputs;
-
-        modules = [
-          ./devices/conv.nix
-
-          ./configuration.nix
-
-          ./plasma.nix
-          ./software/default-graphical.nix
-          ./users/shatteredmint.nix
-          ./network-shares.nix
-        ];
-      };
-      nix-nas = lib.nixosSystem {
-        system = "aarch64-linux";
-        specialArgs = inputs;
-
-        modules = [
-          inputs.friendlyelecCM3588.nixosModules.cm3588  # board + kernel support
-          ./devices/nas.nix
-
-          ./configuration.nix
-
-          ./users/shatteredmint.nix
-          ./software/samba.nix
-          ./software/docker.nix
-        ];
-      };
     };
   };
 }

hardware/desk.nix

@@ -11,9 +11,8 @@
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "sg" ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   fileSystems."/" =
     { device = "NIX_DESK_POOL/root";
@@ -49,14 +48,9 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
-  networking.hostName = "nix-desk"; # Define your hostname.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-  # required for ZFS
-  networking.hostId = "00000001";
 }

hardware/scanner.nix

@@ -1,24 +0,0 @@
-
-{ config, lib, pkgs, ... }:
-{
-    hardware.sane = {
-        enable = true;
-        openFirewall = true;
-        extraBackends = [
-            pkgs.epsonscan2
-            pkgs.epkowa
-        ];
-    };
-
-    services.avahi = {
-      enable = true;
-      nssmdns4 = true;
-      publish.enable = true;
-      publish.addresses = true;
-      publish.userServices = true;
-    };
-    # pkgs.epsonscan2.override = {
-    #     withNonFreePlugins = true;
-    #     withGUI = false;
-    # };
-}

network-shares.nix

@@ -1,37 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{ 
-  environment.systemPackages = [ pkgs.cifs-utils ];
-  fileSystems."/mnt/share/private" = {
-    device = "//192.168.178.108/shatteredmint";
-    fsType = "cifs";
-    options = let
-      # this line prevents hanging on network split
-      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-
-    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
-  };
-  fileSystems."/mnt/share/shared" = {
-    device = "//192.168.178.108/shared";
-    fsType = "cifs";
-    options = let
-      # this line prevents hanging on network split
-      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-
-    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
-  };
-
-  # # mount network shares
-  # fileSystems."/mnt/nas/private" = {
-  #   device = "dashboard.omv:/ShatteredMINT";
-  #   fsType = "nfs";
-  #   options = [ "x-systemd.automount" "noauto" ];
-  #
-  # };
-  # fileSystems."/mnt/nas/shared" = {
-  #   device = "dashboard.omv:/default-nas";
-  #   fsType = "nfs";
-  #   options = [ "x-systemd.automount" "noauto" ];
-  #
-  # };
-}

nvidia.nix

@@ -19,6 +19,6 @@
     nvidiaSettings = true;
 
     # set specific version
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
   };
 }

plasma.nix

@@ -13,53 +13,10 @@
   ];
 
 
+
   # Enable sound.
   services.pipewire = {
     enable = true;
     pulse.enable = true;
   };
-
-  system.fsPackages = [ pkgs.bindfs ];
-  fileSystems = let
-    mkRoSymBind = path: {
-      device = path;
-      fsType = "fuse.bindfs";
-      options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
-    };
-    fontsPkgs = config.fonts.packages;
-    x11Fonts = pkgs.runCommand "X11-fonts"
-      {
-        preferLocalBuild = true;
-        nativeBuildInputs = with pkgs; [
-          gzip
-          mkfontscale
-          mkfontdir
-        ];
-      }
-      (''
-        mkdir -p "$out/share/fonts"
-        font_regexp='.*\.\(ttf\|ttc\|otb\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
-      ''
-      + (builtins.concatStringsSep "\n" (builtins.map (pkg: ''
-          find ${toString pkg} -regex "$font_regexp" \
-            -exec ln -sf -t "$out/share/fonts" '{}' \;
-        '') fontsPkgs
-        ))
-      + ''
-        cd "$out/share/fonts"
-        mkfontscale
-        mkfontdir
-        cat $(find ${pkgs.font-alias}/ -name fonts.alias) >fonts.alias
-      '');
-    aggregatedIcons = pkgs.buildEnv {
-      name = "system-icons";
-      paths = fontsPkgs;
-      pathsToLink = [
-        "/share/icons"
-      ];
-    };
-  in {
-    "/usr/share/icons" = mkRoSymBind (aggregatedIcons + "/share/icons");
-    "/usr/share/fonts" = mkRoSymBind (x11Fonts + "/share/fonts");
-  };
 }

qemu-bridges.nix

@@ -1,18 +0,0 @@
-{ config, libs, pkgs, ... }:
-{
-    networking.bridges.virtbr0.interfaces = [
-        "enp4s0"
-    ];
-
-    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-
-    networking.interfaces.virtbr0 = {
-        useDHCP = true;
-    };
-
-    virtualisation.libvirtd = { 
-        enable = true;
-        allowedBridges = [ "virtbr0" ];
-        
-    };
-}

software/default-graphical.nix

@@ -1,53 +0,0 @@
-
-{ config, lib, pkgs, home-manager, ... }@inputs:
-{
-  imports = [home-manager.nixosModules.home-manager];
-  home-manager.users.shatteredmint = {
-    home.packages = with pkgs; [
-      thunderbird
-      firefox
-      lazygit
-      veracrypt
-      keepassxc
-      kdePackages.yakuake
-      cargo
-      zig
-      clang
-      nil
-      wl-clipboard
-      makemkv
-    ];
-  };
-  # enable flatpak
-  services.flatpak.enable = true;
-  home-manager.users.shatteredmint.imports = [
-    inputs.nix-flatpak.homeManagerModules.nix-flatpak 
-    {
-        services.flatpak = {
-          update.onActivation = true;
-          packages = [
-            "com.atlauncher.ATLauncher"
-            "com.discordapp.Discord"
-            "com.github.k4zmu2a.spacecadetpinball"
-            "com.heroicgameslauncher.hgl"
-            "com.obsproject.Studio"
-            "com.revolutionarygamesstudio.ThriveLauncher"
-            "com.spotify.Client"
-            # "com.teamspeak.TeamSpeak"
-            # "com.teamspeak.TeamSpeak3"
-            "com.usebottles.bottles"
-            "com.valvesoftware.Steam"
-            # "md.obsidian.Obsidian"
-            "org.kde.neochat"
-            "org.kicad.KiCad"
-            "org.libreoffice.LibreOffice"
-            # "org.pipewire.Helvum"
-            # "org.rncbc.qpwgraph"
-            "org.telegram.desktop"
-          ];
-        };
-    }
-  ];
-
-
-}

software/docker.nix

@@ -1,8 +0,0 @@
-{config, pkgs, ...}@input: {
-    virtualisation.docker = {
-        enable = true;
-        daemon.settings = {
-            data-root = "/srv/docker";
-        };
-    };
-}

software/samba.nix

@@ -1,49 +0,0 @@
-{config, pkgs, ...} : {
-  services = {
-    samba = {
-      enable = true;
-      package = pkgs.samba4Full;
-      openFirewall = true;
-
-      settings = {
-        global = {
-          "server smb encrypt" = "required";
-          "server min protocol" = "SMB3_00";
-          "workgroup" = "WORKGROUP";
-          "security" = "user";
-          "browseable" = "yes";
-        };
-
-        # "private-shatteredmint" = {
-        #   "path" = "/srv/shatteredmint";
-        #   "writable" = "yes";
-        #   "comment" = "private share for shatteredmint";
-        #   "browseable" = "yes";
-        # };
-        "homes" = {
-          "path" = "/srv/private/%S";
-          "valid users" = "%S";
-          "writable" = "yes";
-          "comment" = "homes share";
-          "browseable" = "no";
-          "create mask" = "0700";
-          "directory mask" = "0700";
-        };
-
-        "shared" = {
-          "path" = "/srv/shared";
-          "writable" = "yes";
-          "comment" = "homes share";
-          "browseable" = "yes";
-          "create mask" = "0700";
-          "directory mask" = "0700";
-          "force user" = "shatteredmint";
-        };
-      };
-    };
-    samba-wsdd = {
-      enable = true;
-      openFirewall = true;
-    };
-  };
-}

users/shatteredmint.nix

@@ -6,36 +6,31 @@
 
   users.users.shatteredmint = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "nixos-admins" "cdrom" "scanner" "lp" "docker" ];
+    extraGroups = [ "wheel" "nixos-admins" ];
     shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT9u43WNMlu3gnu5z9Twt1vkdNdpf6REfEK/OT4qxjK shatteredmint"
-    ];
-    uid = 1000;
   };
 
   
-  home-manager.users.shatteredmint = {config, ...}: {
+  home-manager.users.shatteredmint = {
     home.stateVersion = "24.11";
 
     home.username = "shatteredmint";
     home.homeDirectory = "/home/shatteredmint";
 
     programs.zsh = {
-
-      dotDir = "${config.xdg.configHome}/zsh";
       enable = true;
       autosuggestion = {
         enable = true;
-	    highlight = "fg=white,bg=green,bold";
+	highlight = "fg=white,bg=green,bold";
       };
       defaultKeymap = "viins";
+      dotDir = ".config/zsh";
 
       history = {
         ignoreAllDups = true;
       };
 
-      initContent = ''
+      initExtra = ''
         bindkey '^?' backward-delete-char
         bindkey '\e[3~' delete-char
         autoload -Uz vcs_info
@@ -49,27 +44,28 @@
 
     programs.git = {
       enable = true;
-      settings = {
-        user = {
-          email = "shatteredmint@gmail.com";
-          name = "ShatteredMINT";
-        };
+      userEmail = "shatteredmint@gmail.com";
+      userName = "ShatteredMINT";
+      extraConfig = {
         init.defaultBranch = "main";
-        pull.rebase = true;
       };
     };
 
-    programs.neovim = {
-      enable = true;
-      extraPackages = with pkgs; [
-        wl-clipboard
-      ];
-    };
-
+    home.packages = with pkgs; [
+      thunderbird
+      firefox
+      lazygit
+      veracrypt
+      keepassxc
+      yakuake
+      cargo
+      zig
+      clang
+      nil
+    ];
 
     home.sessionPath = [
       "$HOME/scripts"
     ];
-
   };
 }