migrated

2026-04-24 23:59:07 +02:00 · 2026-03-03 23:06:45 +01:00
parent e3b903d010
commit dc14b13420
45 changed files with 611 additions and 0 deletions
--- a/modules/base/group-base.nix
+++ b/modules/base/group-base.nix
@@ -0,0 +1,24 @@
+{ inputs, config, ... }: {
+  flake.nixosModules.base-sys-group = {
+    imports = with inputs.self.nixosModules; [
+      base-sys-boot
+      base-sys-firmware
+      base-sys-hm
+      base-sys-locale
+      base-sys-network
+      base-sys-nix-settings
+      base-sys-rtkit
+      base-sys-shellapps
+      base-sys-sshd
+      base-sys-version
+      base-sys-zsh
+    ];
+  };
+
+  flake.homeModules.base-usr-group = { ... }: {
+    imports = with config.flake.homeModules; [
+      base-usr-git-all
+      base-usr-zsh-all
+    ];
+  };
+}
--- a/modules/base/sys/boot.nix
+++ b/modules/base/sys/boot.nix
@@ -0,0 +1,13 @@
+{ ... }: {
+  flake.nixosModules.base-sys-boot = {
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.consoleMode = "max";
+    boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.timeout = 1;
+    boot.consoleLogLevel = 0;
+    boot.initrd.verbose = false;
+    boot.initrd.enable = true;
+    boot.plymouth.enable = true;
+    boot.plymouth.theme = "bgrt";
+  };
+}
--- a/modules/base/sys/firmware.nix
+++ b/modules/base/sys/firmware.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  flake.nixosModules.base-sys-firmware = {
+    services.fwupd.enable = true;
+    hardware.enableAllFirmware = true;
+  };
+}
--- a/modules/base/sys/hm.nix
+++ b/modules/base/sys/hm.nix
@@ -0,0 +1,21 @@
+{ inputs, config, ... }:
+{
+  flake.nixosModules.base-sys-hm = {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+      (
+        { lib, ... }:
+        {
+          home-manager = {
+            verbose = true;
+            useUserPackages = true;
+            useGlobalPkgs = true;
+            backupFileExtension = "backup";
+            backupCommand = "rm";
+            overwriteBackup = true;
+          };
+        }
+      )
+    ];
+  };
+}
--- a/modules/base/sys/locale.nix
+++ b/modules/base/sys/locale.nix
@@ -0,0 +1,19 @@
+{ ... }: {
+  flake.nixosModules.base-sys-locale = {
+    time.timeZone = "Europe/Berlin";
+    i18n.defaultLocale = "de_DE.UTF-8";
+    console.keyMap = "de";
+    services.xserver.xkb.layout = "de";
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "de_DE.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+  };
+}
--- a/modules/base/sys/network.nix
+++ b/modules/base/sys/network.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+  flake.nixosModules.base-sys-network = {lib, host, ... }:{
+    networking.firewall.enable = true;
+    networking.networkmanager.enable = true;
+    networking.hostName = host;
+  };
+}
--- a/modules/base/sys/nix-settings.nix
+++ b/modules/base/sys/nix-settings.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  flake.nixosModules.base-sys-nix-settings = {
+    nixpkgs.config.allowUnfree = true;
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  };
+}
--- a/modules/base/sys/rtkit.nix
+++ b/modules/base/sys/rtkit.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.base-sys-rtkit = {
+    security.rtkit.enable = true;
+  };
+}
--- a/modules/base/sys/shellapps.nix
+++ b/modules/base/sys/shellapps.nix
@@ -0,0 +1,11 @@
+{ ... }: {
+  flake.nixosModules.base-sys-shellapps = { pkgs, ... }: {
+    environment.systemPackages = with pkgs; [
+      wget
+      git
+      nil
+      yaml-language-server
+      tree
+    ];
+  };
+}
--- a/modules/base/sys/sshd.nix
+++ b/modules/base/sys/sshd.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.base-sys-sshd = { config, ... }: {
+    services.openssh.enable = true;
+  };
+}
--- a/modules/base/sys/version.nix
+++ b/modules/base/sys/version.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.base-sys-version = {
+   system.stateVersion = "25.11";
+  };
+}
--- a/modules/base/sys/zsh.nix
+++ b/modules/base/sys/zsh.nix
@@ -0,0 +1,12 @@
+{ ... }: {
+  flake.nixosModules.base-sys-zsh = { pkgs, ... }: {
+    programs.zsh.enable = true;
+    programs.zsh.enableCompletion = true;
+    programs.zsh.syntaxHighlighting.enable = true;
+    programs.zsh.autosuggestions.enable = true;
+    programs.zsh.autosuggestions.async = true;
+    programs.zsh.ohMyZsh.enable = true;
+    programs.zsh.ohMyZsh.theme = "agnoster";
+    users.defaultUserShell = pkgs.zsh;
+  };
+}
--- a/modules/base/usr/dotfiles/zsh-config
+++ b/modules/base/usr/dotfiles/zsh-config
--- a/modules/base/usr/git-all.nix
+++ b/modules/base/usr/git-all.nix
@@ -0,0 +1,13 @@
+{ inputs, ... }: {
+  flake.homeModules.base-usr-git-all = { ... }: {
+    programs.git = {
+      enable = true;
+      settings.user.name = "Mohamed Chrayed";
+      settings.user.email = "mohamed@chrayed.de";
+      settings = {
+        init.defaultBranch = "main";
+        core.editor = "nano";
+      };
+    };
+  };
+}
--- a/modules/base/usr/zsh-all.nix
+++ b/modules/base/usr/zsh-all.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.homeModules.base-usr-zsh-all = { ... }: {
+    home.file.".zshrc".source = ./dotfiles/zsh-config;
+  };
+}
--- a/modules/desktop/group-desktop.nix
+++ b/modules/desktop/group-desktop.nix
@@ -0,0 +1,13 @@
+{ inputs, ... }: {
+  flake.nixosModules.desktop-sys-group = {
+    imports = with inputs.self.nixosModules; [
+      desktop-sys-bluetooth
+      desktop-sys-fonts
+      desktop-sys-gpu-amd
+      desktop-sys-input
+      desktop-sys-printing
+      desktop-sys-sound
+      desktop-sys-miscapps
+    ];
+  };
+}
--- a/modules/desktop/sys/bluetooth.nix
+++ b/modules/desktop/sys/bluetooth.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-bluetooth = {
+    hardware.bluetooth.enable = true;
+    hardware.bluetooth.powerOnBoot = true;
+  };
+}
--- a/modules/desktop/sys/fonts.nix
+++ b/modules/desktop/sys/fonts.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-fonts = { pkgs-unstable, ... }: {
+    environment.systemPackages = with pkgs-unstable; [
+      ibm-plex
+      adwaita-fonts
+    ];
+  };
+}
--- a/modules/desktop/sys/gpu-amd.nix
+++ b/modules/desktop/sys/gpu-amd.nix
@@ -0,0 +1,16 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-gpu-amd = { pkgs, ... }: {
+    boot.initrd.kernelModules = [ "amdgpu" ];
+    boot.kernelModules = [ "amdgpu" ];
+
+    hardware.amdgpu.initrd.enable = true;
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+
+    environment.systemPackages = with pkgs; [
+      vulkan-tools
+    ];
+  };
+}
--- a/modules/desktop/sys/input.nix
+++ b/modules/desktop/sys/input.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-input = {
+    services.libinput.enable = true;
+  };
+}
--- a/modules/desktop/sys/miscapps.nix
+++ b/modules/desktop/sys/miscapps.nix
@@ -0,0 +1,9 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-miscapps = { pkgs, ... }: {
+    environment.systemPackages = with pkgs; [
+      vesktop
+      pciutils
+      aha
+    ];
+  };
+}
--- a/modules/desktop/sys/printing.nix
+++ b/modules/desktop/sys/printing.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-printing = {
+    services.printing.enable = true;
+  };
+}
--- a/modules/desktop/sys/sound.nix
+++ b/modules/desktop/sys/sound.nix
@@ -0,0 +1,10 @@
+{ ... }: {
+  flake.nixosModules.desktop-sys-sound = { ... }: {
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+  };
+}
--- a/modules/disks/sys/singledisk.nix
+++ b/modules/disks/sys/singledisk.nix
@@ -0,0 +1,19 @@
+{ ... }: {
+  flake.nixosModules.disks-sys-singledisk = {
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/root";
+      fsType = "xfs";
+    };
+
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+    swapDevices = [{
+      device = "/var/lib/swapfile";
+      size = 16 * 1024;
+    }];
+  };
+}
--- a/modules/gaming/sys/controller.nix
+++ b/modules/gaming/sys/controller.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+  flake.nixosModules.gaming-sys-controller = { ... }: {
+    services.udev.extraRules = ''
+      ACTION=="add|change", KERNEL=="event[0-9]*", ATTRS{name}=="*Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
+    '';
+  };
+}
--- a/modules/gaming/sys/jovian.nix
+++ b/modules/gaming/sys/jovian.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  flake.nixosModules.gaming-sys-jovian = { ... }:{
+    jovian.steam.enable = true;
+    jovian.steam.autoStart = true;
+    jovian.steam.user = deck;
+    jovian.steam.desktopSession = "gnome";
+  };
+}
--- a/modules/gaming/sys/lact.nix
+++ b/modules/gaming/sys/lact.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  flake.nixosModules.gaming-sys-lact = {
+   services.lact.enable = true;
+   hardware.amdgpu.overdrive.enable = true;
+  };
+}
--- a/modules/gaming/sys/steam.nix
+++ b/modules/gaming/sys/steam.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  flake.nixosModules.gaming-sys-steam = { pkgs-unstable, ... }: {
+    programs.steam = {
+      enable = true;
+      extest.enable = true;
+      
+      extraCompatPackages = with pkgs-unstable; [
+        proton-ge-bin
+      ];
+
+      extraPackages = with pkgs-unstable; [
+        gamescope
+        mangohud
+      ];
+    };
+  };
+}
--- a/modules/gnome/sys/gdm-mo.nix
+++ b/modules/gnome/sys/gdm-mo.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  flake.nixosModules.gnome-sys-gdm-mo = { ... }:{
+    services.displayManager.autoLogin.enable = true;
+    services.displayManager.autoLogin.user = "mo";
+  };
+}
--- a/modules/gnome/sys/gdm.nix
+++ b/modules/gnome/sys/gdm.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  flake.nixosModules.gnome-sys-gdm = { ... }:{
+    services.displayManager.gdm.enable = true;
+  };
+}
--- a/modules/gnome/sys/gnome-apps.nix
+++ b/modules/gnome/sys/gnome-apps.nix
@@ -0,0 +1,16 @@
+{ ... }: {
+  flake.nixosModules.gnome-sys-gnome-apps = { pkgs-unstable, ...}:{
+     environment.systemPackages = with pkgs-unstable; [
+       adw-gtk3
+       refine
+       nautilus
+       nautilus-python
+       sushi
+       gnome-text-editor
+       gnome-console
+       loupe
+       cine
+       tsukimi
+   ];
+  };
+}
--- a/modules/gnome/sys/gnome.nix
+++ b/modules/gnome/sys/gnome.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  flake.nixosModules.gnome-sys-gnome = { pkgs, ... }: {
+    services.desktopManager.gnome.enable = true;
+    services.gnome.core-apps.enable = false;
+    services.gnome.core-developer-tools.enable = false;
+    services.gnome.games.enable = false;
+  };
+}
--- a/modules/gnome/usr/gnome-mo.nix
+++ b/modules/gnome/usr/gnome-mo.nix
@@ -0,0 +1,122 @@
+{ ... }: {
+  flake.homeModules.gnome-usr-gnome-mo = { ... }: {
+    dconf.settings = {
+      "org/gnome/shell/keybindings" = {
+        focus-active-notification = [];
+        open-new-window-application-1 = [];
+        open-new-window-application-2 = [];
+        open-new-window-application-3 = [];
+        open-new-window-application-4 = [];
+        open-new-window-application-5 = [];
+        open-new-window-application-6 = [];
+        open-new-window-application-7 = [];
+        open-new-window-application-8 = [];
+        open-new-window-application-9 = [];
+        toggle-message-tray = ["<Super>N"];
+      };
+      "org/gnome/settings-daemon/plugins/media-keys" = {
+        help = [];
+        home = ["<Super>E"];
+        screenreader = [];
+        magnifier = [];
+        magnifier-zoom-in = [];
+        magnifier-zoom-out = [];
+      };
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
+        command = ["kgx --tab"];
+        name = ["Console"];
+      };
+      "org/gnome/desktop/wm/keybindings" = {
+        activate-window-menu = [];
+        always-on-top = ["<Super>T"];
+        begin-move = ["<Super>M"];
+        begin-resize = ["<Super>R"];
+        close = ["<Super>Q"];
+        cycle-group = [];
+        cycle-group-backward = [];
+        cycle-panels = [];
+        cycle-panels-backward = [];
+        cycle-windows = [];
+        cycle-windows-backward = [];
+        lower = [];
+        maximize = [];
+        maximize-horizontally = [];
+        minimize = ["<Super>Down"];
+        move-to-monitor-down = [];
+        move-to-monitor-left = [];
+        move-to-monitor-right = [];
+        move-to-monitor-up = [];
+        move-to-workspace-1 = [];
+        move-to-workspace-down = [];
+        move-to-workspace-last = [];
+        move-to-workspace-left = [];
+        move-to-workspace-right = [];
+        move-to-workspace-up = [];
+        show-desktop = ["<Super>D"];
+        switch-applications = ["<Alt>Tab"];
+        switch-applications-backward = ["<Shift><Alt>Tab"];
+        switch-group = ["<Super>Tab"];
+        switch-group-backward = ["<Shift><Super>Tab"];
+        panel-run-dialog = ["<Alt>Space"];
+        switch-input-source = [];
+        switch-input-source-backward = [];
+        switch-panels = [];
+        switch-panels-backward = [];
+        switch-to-workspace-1 = [];
+        switch-to-workspace-down = [];
+        switch-to-workspace-last = [];
+        switch-to-workspace-left = [];
+        switch-to-workspace-right = [];
+        switch-to-workspace-up = [];
+        toggle-fullscreen = ["<Super>F"];
+        toggle-maximized = ["<Super>Up"];
+        toggle-on-all-workspaces = ["<Super>S"];
+        unmaximize = [];
+      };
+      "org/gnome/mutter" = {
+        experimental-features = ["variable-refresh-rate"];
+        center-new-windows = true;
+        edge-tiling = true;
+        dynamic-workspaces = true;
+      };
+      "org/gnome/desktop/interface" = {
+        font-name = "IBM Plex Sans 11";
+        document-font-name = "IBM Plex Sans 11";
+        monospace-font-name = "IBM Plex Mono 11";
+        gtk-theme = "adw-gtk3";
+        enable-hot-corners = false;
+        cursor-theme = "Adwaita";
+      };
+      "org/gnome/shell/extensions/rounded-window-corners-reborn" = {
+        border-width = -2;
+        skip-libadwaita-app = false;
+      };
+      "org/gnome/shell/extensions/clipboard-indicator" = {
+        toggle-menu = ["<Super>V"];
+      };
+      "org/gnome/shell/extensions/azwallpaper" = {
+        slideshow-use-absolute-time-for-duration = true;
+      };
+      "org/gnome/desktop/background" = {
+        color-shading-type = "solid";
+        picture-options = "zoom";
+      };
+      "org/gnome/shell/extensions/nightthemeswitcher/commands" = {
+        enabled = true;
+        sunrise = "gsettings set org.gnome.desktop.interface gtk-theme 'adw-gtk3' && gsettings set org.gnome.desktop.interface color-scheme 'default'";
+        sunset = "gsettings set org.gnome.desktop.interface gtk-theme 'adw-gtk3-dark' && gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'";
+      };
+      "org/gnome/shell" = {
+        enabled-extensions = [
+          "light-style@gnome-shell-extensions.gcampax.github.com"
+          "clipboard-indicator@tudmotu.com"
+          "AlphabeticalAppGrid@stuarthayhurst"
+          "rounded-window-corners@fxgn"
+          "appindicatorsupport@rgcjonas.gmail.com"
+          "nightthemeswitcher@romainvigier.fr"
+          "azwallpaper@azwallpaper.gitlab.com"
+        ];
+      };
+    };
+  };
+}
--- a/modules/hosts/computer-mo/hardware.nix
+++ b/modules/hosts/computer-mo/hardware.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  flake.nixosModules.computer-mo = { system, ... }: {
+    boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    boot.kernelParams = [ "quiet" "splash" "boot.shell_on_fail" "loglevel=3" "rd.systemd.show_status=false" "rd.udev.log_level=3" "udev.log_priority=3" ];
+    nixpkgs.hostPlatform = system;
+    hardware.cpu.amd.updateMicrocode = true;
+  };
+}
--- a/modules/hosts/computer-mo/imports.nix
+++ b/modules/hosts/computer-mo/imports.nix
@@ -0,0 +1,25 @@
+{ inputs, config, ... }: {
+  flake.nixosModules.computer-mo = { ... }: {
+    imports = with inputs.self.nixosModules; [
+      mo
+      base-sys-group
+      apps-sys-brave
+      gaming-sys-controller
+      desktop-sys-group
+      gnome-sys-gdm
+      gnome-sys-gdm-mo
+      gnome-sys-gnome
+      gnome-sys-gnome-apps
+      gaming-sys-lact
+      apps-sys-onepassword
+      security-sys-secureboot
+      disks-sys-singledisk
+      security-sys-sopsnix
+      gaming-sys-steam
+    ];
+    home-manager.users.mo.imports = with config.flake.homeModules; [
+      base-usr-group
+      gnome-usr-gnome-mo
+    ];
+  };
+}
--- a/modules/hosts/computer-mo/nixosConfigurations.nix
+++ b/modules/hosts/computer-mo/nixosConfigurations.nix
@@ -0,0 +1,6 @@
+{ inputs, ... }: {
+  flake.nixosConfigurations."computer-mo" = inputs.self.lib.mkHost {
+    system = "x86_64-linux";
+    host   = "computer-mo";
+  };
+}
--- a/modules/platform/flake-parts.nix
+++ b/modules/platform/flake-parts.nix
@@ -0,0 +1,5 @@
+{ inputs, ... }: {
+  imports = [
+    inputs.home-manager.flakeModules.home-manager
+  ];
+}
--- a/modules/platform/mkhost.nix
+++ b/modules/platform/mkhost.nix
@@ -0,0 +1,14 @@
+{ inputs, ... }: {
+  flake.lib.mkHost = { system, host, extraModules ? [] }:
+    inputs.nixpkgs.lib.nixosSystem {
+      inherit system;
+      specialArgs = {
+        inherit host system;
+        pkgs-unstable = import inputs.nixpkgs-unstable {
+          inherit system;
+          config.allowUnfree = true;
+        };
+      };
+      modules = [ inputs.self.nixosModules.${host} ] ++ extraModules;
+    };
+}
--- a/modules/platform/nixsettings.nix
+++ b/modules/platform/nixsettings.nix
@@ -0,0 +1,17 @@
+{ inputs, ... }: {
+  systems = [
+    "x86_64-linux"
+  ];
+
+  perSystem = { system, ... }: {
+    _module.args.pkgs = import inputs.nixpkgs {
+      inherit system;
+      config.allowUnfree = true;
+    };
+
+    _module.args.pkgs-unstable = import inputs.nixpkgs-unstable {
+      inherit system; 
+      config.allowUnfree = true;
+    };
+  };
+}
--- a/modules/security/sys/.sops.yaml
+++ b/modules/security/sys/.sops.yaml
@@ -0,0 +1,9 @@
+keys:
+  - &computer-mo age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x
+  - &mo age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *computer-mo
+      - *mo
--- a/modules/security/sys/secrets/secrets.yaml
+++ b/modules/security/sys/secrets/secrets.yaml
@@ -0,0 +1,32 @@
+users:
+    mo:
+        password: ENC[AES256_GCM,data:fMGtx/NHXyw+zEeedTwnWTsW7SsiheGWAix1kGhPugVn+i9jaa4XazvIRvy4/TKR7naKHUXdeXJtpRvnNIusfZi0vxC6OT82lA==,iv:EVKCYKOj2GOE4FznqNPFXO0vMFYgJSYvTc+7xoFvMaU=,tag:NsMd2OBP4XLynSdRofkpEA==,type:str]
+        intern:
+            public: ENC[AES256_GCM,data:jbuP/i/iK/baGnHrVsXY4OQy0FYiTfOCKSXLd+8DscvMC4gndUpJBH2Jz2JOjMo/W/T5ZLvLfcqzC+d8pe1BofDN7qglc2VIT5nS4+CXq9U=,iv:7tBQilMyisvsAzWh5nAzY7Nyd/ucngt4+Wzn/0Wa8Y8=,tag:QK//7g44v0q2tO8d6VcBrA==,type:str]
+        extern:
+            public: ENC[AES256_GCM,data:Z7WsJxQWrnhLi+Lim9RIZvteyath+Z+e/17fAtvQT+2IZ4D5C1XRpmRG7D0knAMueXciK2sRPgAmkOVNAo7msDFnAqybb879Oyd7ms1dd6I=,iv:cmNClicrACt1lyvTrZRMiZv1EjbGl62GtHK/I2DVgiE=,tag:tH6nnWXowfSrJc8S9gpi+w==,type:str]
+            private: ENC[AES256_GCM,data:GVoLC4n6NGYzHqY6MFPsnquJmrkpmWbrGvDvjmFr8Z1aCr9I1ltKZd2RrrrRJ33KFh/U3x+vwirmdpSOXB8cDynau4XaP9cS+Hgs6LlYHMmAsWiiT5axjTmRvihgNE4mgWpIBZkeI7vrUamdiMt2Bis2JS9qXdLORxyB0Fo9ieQ0B47H17Y75t9AACfpGIRWAd9TGXtycKqxZ5yYmpwmE+Psxhh1VZCk3FPCVt/hxcwd37qmUnbaJKvcyk0J3/fD/JTn6wiNHbLsBpOrk59WclVIosGMI/UWzq24uSEP0WPd4ULyY3jOTIQmh6krsWfjuS3ytTyDJCDocT9zcOJC2GFgTOLSzOzvuQC4LegMuwxchWq7/1jMdLg/DOXG6XuaiVspHhgdsQodJGjz74z7w1TkObNRSMdm9oqbBzt1HWUf/fIYZv57QIPLprMS3H7+qTYan+DjSR7vq0xizTFNzvoMDhhWwGkDkjLROrKCNIVJPHYKWD53p+8Q+wpSnrmAKoOfYKARtsV7vGt/6A5o8z0K2fvZm1FIk9BBbRHan2zbYuqTeMeWbPwuZec5KWyyhB24omY7yMNauuQ04TJEXIUsEEh5CskjsJPW8pr6b1STvkINNZCKSsUZW48xwGi/,iv:UWwcQhaF0KR+waF7wHLEA9T0+K53TYoghs+9LrU8/jo=,tag:l4ndlXfLqdHu/zNF5e+YOw==,type:str]
+sops:
+    age:
+        - recipient: age1yw3dt8myjpq3hek6gadzy8jd04l30ladgva7p74ktl7plfkwqs8qmk8c4x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMzF6WTZXRitScFpKdG1m
+            aHBnaThnTmkyanYrL0pIWGlSRXhlTUVzQ1RFCnJYZXBXeHBnN3dWSjFUbDdCb2tZ
+            NU5ZTE82VXltMVJLT3YzSVRIRWpUWkUKLS0tIHhtcno4WmJ6d0Y2NWkrOTZiWkNS
+            Y2xSUE0veVdCaERFUXpVeHdoVUd5V2MKV3DDB8WfAJkZ91MdWzz5Yi0D2u8ozeEi
+            AQY7by2kpV4oJWG96zu6grR1FU/jNqaC+qTCtIcb3/e7pK9pHdstow==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nkqrkx782x6hnn5l8trh2e4v5pgygkx2ql4w8m20pc9jzsq244zs8d44qw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTFcwZnB5RGNNZWQyY2JR
+            ekg1c05BSU9Qay9RYlkxT3pCWlB4T2VJd1VJCmpuc08yZlhZRS93cnpoS0lBeFVY
+            ME1xQUtIcDc0aHJqVmJjUy9BbjhCMG8KLS0tIHpsMGVLSlhKc3JUTlhnTE1HbVUv
+            RVVGdEM3UFg5Y0ZhQmlJTGg1eUQxU1UK0U3aR79JWeFyvQRDVVmyICh1UTDIIeai
+            6E87FDE9XRhAbneR5sHw4ujnZCSyX7njfDMpN23dpWX3smRRKVIsNQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-03T15:55:44Z"
+    mac: ENC[AES256_GCM,data:PLOC5V43pfPcAzE1ZHAFrRedhNkxU4KXO9NU4Hw6PyrYoy9UiTN8H4bJEle5k9YH70hoqk/mAO4rM7B5UZUuz17JktoSaW0AESqi1V9H9LlWPKtJVTXlLm/OeZ456ExdHbocfZ+wKTNRwM1jVhzqqUZfAskuflRQjpIS5sOuJJ8=,iv:E8KIP+WyRt0VmpkfPHKEszYzUwoZAn4/oSShisBMqL0=,tag:Yrfg4uaqnwPirD3E9J5uSg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1
--- a/modules/security/sys/secureboot.nix
+++ b/modules/security/sys/secureboot.nix
@@ -0,0 +1,16 @@
+{ inputs, ... }: {
+  flake.nixosModules.security-sys-secureboot = { pkgs, lib, ... }: {
+    imports = [
+      inputs.lanzaboote.nixosModules.lanzaboote
+    ];
+
+    environment.systemPackages = [ pkgs.sbctl ];
+
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+
+    boot.lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+    };
+  };
+}
--- a/modules/security/sys/sops-nix.nix
+++ b/modules/security/sys/sops-nix.nix
@@ -0,0 +1,9 @@
+{ inputs, ... }: {
+  flake.nixosModules.security-sys-sopsnix = { pkgs, ... }: {
+    imports = [ inputs.sops-nix.nixosModules.sops ];
+
+    environment.systemPackages = [ pkgs.age pkgs.sops ];
+
+    sops.defaultSopsFile = ./secrets/secrets.yaml;
+  };
+}
--- a/modules/security/sys/sopsnix.nix
+++ b/modules/security/sys/sopsnix.nix
@@ -0,0 +1,9 @@
+{ inputs, ... }: {
+  flake.nixosModules.security-sys-sopsnix = { pkgs, ... }: {
+    imports = [ inputs.sops-nix.nixosModules.sops ];
+
+    environment.systemPackages = [ pkgs.age pkgs.sops ];
+
+    sops.defaultSopsFile = ./secrets/secrets.yaml;
+  };
+}
--- a/modules/users/mo.nix
+++ b/modules/users/mo.nix
@@ -0,0 +1,23 @@
+{ inputs, ... }: {
+  flake.nixosModules.mo = { pkgs, config, ... }: {
+    home-manager.extraSpecialArgs = {};
+
+    sops.secrets."users/mo/password" = {
+      neededForUsers = true;
+    };
+    users.mutableUsers = false;     
+    users.users.mo = {
+      isNormalUser = true;
+      description = "Mohamed Chrayed";
+      extraGroups = [ "networkmanager" "wheel" "video" "audio" ];
+      shell = pkgs.zsh;
+      hashedPasswordFile = config.sops.secrets."users/mo/password".path;
+    };
+
+    home-manager.users.mo = {
+      home.username = "mo";
+      home.homeDirectory = "/home/mo";
+      home.stateVersion = "25.11";
+    };
+  };
+}