Let's hope WSL is not against company policy

If you are looking at this, you know who you are

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

flake.lock

@@ -80,19 +80,17 @@
       }
     },
     "flake-compat": {
-      "flake": false,
       "locked": {
-        "lastModified": 1747046372,
+        "lastModified": 1733328505,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
-        "owner": "edolstra",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
-        "repo": "flake-compat",
+        "revCount": 69,
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "tarball",
-        "type": "github"
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
       },
       "original": {
-        "owner": "edolstra",
+        "type": "tarball",
-        "repo": "flake-compat",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
-        "type": "github"
       }
     },
     "flake-input-patcher": {
@@ -201,7 +199,9 @@
     "lanzaboote": {
       "inputs": {
         "crane": "crane",
-        "flake-compat": "flake-compat",
+        "flake-compat": [
+          "flake-compat"
+        ],
         "flake-parts": [
           "flake-parts"
         ],
@@ -248,6 +248,30 @@
         "url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
       }
     },
+    "nixos-wsl": {
+      "inputs": {
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755261305,
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
+        "owner": "nix-community",
+        "repo": "NixOS-WSL",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "main",
+        "repo": "NixOS-WSL",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1755186698,
@@ -371,12 +395,14 @@
         "ags": "ags",
         "astal": "astal",
         "disko": "disko",
+        "flake-compat": "flake-compat",
         "flake-input-patcher": "flake-input-patcher",
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "lanzaboote": "lanzaboote",
         "lib": "lib",
+        "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
         "nvidia-patch": "nvidia-patch",

flake.nix

@@ -21,10 +21,19 @@
       url = "github:nix-community/lanzaboote";
       inputs = {
         nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "flake-compat";
         flake-parts.follows = "flake-parts";
       };
     };
 
+    nixos-wsl = {
+      url = "github:nix-community/NixOS-WSL/main";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "flake-compat";
+      };
+    };
+
     # FIXME: https://github.com/NixOS/nix/issues/12281
     lib = {
       url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
@@ -110,6 +119,8 @@
       url = "github:numtide/flake-utils";
       inputs.systems.follows = "systems";
     };
+
+    flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
   };
 
   outputs =

hosts/common/configs/system/dnsmasq/default.nix

@@ -1,22 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  networking.networkmanager.dns = "dnsmasq";
-
-  environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
-    (pkgs.formats.keyValue {
-      mkKeyValue =
-        name: value:
-        if value == true then
-          name
-        else if value == false then
-          ""
-        else
-          lib.generators.mkKeyValueDefault { } "=" name value;
-      listsAsDuplicateKeys = true;
-    }).generate
-      "10-bind-interfaces.conf"
-      {
-        bind-interfaces = true;
-        listen-address = [ "127.0.0.1" ];
-      };
-}

hosts/common/configs/system/gpg-agent/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.gnupg.agent.enable = true;
-}

hosts/common/configs/system/libvirt/default.nix

@@ -1,9 +1,4 @@
-{
+{ config, pkgs, ... }:
-  config,
-  lib,
-  pkgs,
-  ...
-}:
 {
   virtualisation = {
     libvirtd = {

hosts/common/configs/user/console/sops/default.nix

@@ -3,12 +3,18 @@
 {
   environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { };
 
-  home-manager.users.${user} = {
+  home-manager.users.${user} =
-    imports = [ inputs.sops-nix.homeManagerModules.sops ];
+    let
+      sopsKeyFile =
+        if config.environment.impermanence.enable then
+          config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source
+        else
+          "${home}/.config/sops-nix/key.txt";
+    in
+    {
+      imports = [ inputs.sops-nix.homeManagerModules.sops ];
 
-    sops.age.keyFile =
+      sops.age.keyFile = sopsKeyFile;
-      config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
+      home.sessionVariables.SOPS_AGE_KEY_FILE = sopsKeyFile;
-    home.sessionVariables.SOPS_AGE_KEY_FILE =
+    };
-      config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
-  };
 }

hosts/elara/README.md

@@ -4,7 +4,13 @@
 
 This host uses private SAS repositories. You can find the imports for these in:
 
-- [./default.nix](./default.nix)
+You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system.
-- [./users/nikara/default.nix](./users/nikara/default.nix)
 
-You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
+## Installation Instructions
+
+1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
+2. Copy the generated tarball to the Elara host
+3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
+4. `chown` your home directory to your user
+5. Restart WSL with `wsl --shutdown`
+6. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution

hosts/elara/build-tarball.nix

@@ -0,0 +1,92 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+# FIXME: https://github.com/nix-community/NixOS-WSL/issues/343
+# FIXME: https://github.com/nix-community/NixOS-WSL/issues/612
+{
+  system.build.tarballBuilder = lib.mkForce (
+    pkgs.writeShellApplication {
+      name = "nixos-wsl-tarball-builder";
+
+      runtimeInputs = [
+        config.nix.package
+        pkgs.coreutils
+        pkgs.e2fsprogs
+        pkgs.gnutar
+        pkgs.nixos-install-tools
+        pkgs.pigz
+      ];
+
+      text = ''
+        if ! [ "$EUID" -eq 0 ]; then
+          echo "This script must be run as root!"
+          exit 1
+        fi
+
+        out="nixos-wsl.tar.gz"
+        extra_files=""
+
+        positional=()
+        while [ $# -gt 0 ]; do
+          case "$1" in
+            --extra-files=*)
+              extra_files="''${1#*=}"
+              ;;
+            --extra-files)
+              shift
+              extra_files="$1"
+              ;;
+            -*)
+              echo "Unknown option: $1"
+              echo "Usage: $0 [--extra-files PATH] [output.tar.gz]"
+              exit 1
+              ;;
+            *)
+              positional+=("$1")
+              ;;
+          esac
+          shift
+        done
+
+        if [ ''${#positional[@]} -gt 0 ]; then
+          out="''${positional[0]}"
+        fi
+
+        root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
+        # FIXME: fails in CI for some reason, but we don't really care because it's CI
+        trap 'chattr -Rf -i "$root" || true && rm -rf "$root" || true' INT TERM EXIT
+
+        if [ -n "$extra_files" ]; then
+          echo "[NixOS-WSL] Copying extra files to $root..."
+          cp --verbose --archive --no-target-directory "$extra_files" "$root"
+        fi
+
+        chmod o+rx "$root"
+
+        echo "[NixOS-WSL] Installing..."
+        nixos-install \
+          --root "$root" \
+          --no-root-passwd \
+          --system ${config.system.build.toplevel} \
+          --substituters ""
+
+        echo "[NixOS-WSL] Adding channel..."
+        nixos-enter --root "$root" --command 'HOME=/root nix-channel --add https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz nixos-wsl'
+
+        echo "[NixOS-WSL] Compressing..."
+        tar -C "$root" \
+          -c \
+          --sort=name \
+          --mtime='@1' \
+          --owner=0 \
+          --group=0 \
+          --numeric-owner \
+          . \
+        | pigz > "$out"
+      '';
+    }
+  );
+}

hosts/elara/build-tarball.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+temp=$(mktemp -d)
+
+cleanup() {
+  rm -rf "$temp"
+}
+trap cleanup EXIT
+
+install -d -m 755 "$temp/etc/ssh"
+cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
+
+install -d -m 700 "$temp/home/nikara"
+install -d -m 755 "$temp/home/nikara/.config/sops-nix"
+cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
+
+sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- --extra-files "$temp"

hosts/elara/configs/podman/default.nix

@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
+}

hosts/elara/default.nix

@@ -1,4 +1,4 @@
-{ config, inputs, ... }:
+{ inputs, lib, ... }:
 {
   nixpkgs.overlays = [
     inputs.lib.overlays.default
@@ -8,51 +8,35 @@
   ];
 
   imports = [
-    ./options.nix
+    inputs.nixos-wsl.nixosModules.default
-
-    inputs.disko.nixosModules.disko
-    ./format.nix
-    ./hardware
-
     inputs.sas.nixosModules.default
 
+    ./hardware
+    ./build-tarball.nix
+    ./options.nix
+
     ../common/configs/system
 
-    ../common/configs/system/boot
-    ../common/configs/system/btrbk
-    ../common/configs/system/btrfs
-    ../common/configs/system/dnsmasq
     ../common/configs/system/documentation
-    ../common/configs/system/getty
     ../common/configs/system/git
-    ../common/configs/system/gpg-agent
     ../common/configs/system/impermanence
-    ../common/configs/system/libvirt
     ../common/configs/system/neovim
-    ../common/configs/system/networkmanager
     ../common/configs/system/nix
-    ../common/configs/system/nix-cleanup
-    ../common/configs/system/nix-install
     ../common/configs/system/nix-ld
     ../common/configs/system/nix-update
     ../common/configs/system/nixpkgs
-    ../common/configs/system/ntp
-    ../common/configs/system/pipewire
     ../common/configs/system/podman
-    ../common/configs/system/power
-    ../common/configs/system/printing
     ../common/configs/system/sops
     ../common/configs/system/ssh
     ../common/configs/system/sudo
     ../common/configs/system/system
-    ../common/configs/system/timezone
     ../common/configs/system/tmux
-    ../common/configs/system/upower
     ../common/configs/system/users
     ../common/configs/system/zsh
 
     ./configs/nix
     ./configs/pki
+    ./configs/podman
     ./configs/ssh
 
     ./users/nikara
@@ -62,6 +46,5 @@
 
   sas.build.private = true;
 
-  environment.impermanence.device =
+  environment.impermanence.enable = lib.mkForce false;
-    config.disko.devices.disk.main.content.partitions.root.content.device;
 }

hosts/elara/format.nix

@@ -1,79 +0,0 @@
-{
-  disko.devices = {
-    disk.main = {
-      device = "/dev/disk/by-id/scsi-3600224809f331210b85f07f3c5e9dacd";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "esp";
-            size = "512M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-              mountOptions = [ "umask=0077" ];
-            };
-          };
-          swap = {
-            name = "swap";
-            size = "32G";
-            content = {
-              type = "swap";
-              resumeDevice = true;
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "btrfs";
-              extraArgs = [ "-f" ];
-              subvolumes =
-                let
-                  mountOptions = [
-                    "compress=zstd:5"
-                    "noatime"
-                    "user_subvol_rm_allowed"
-                  ];
-                in
-                {
-                  "@" = {
-                    mountpoint = "/";
-                    inherit mountOptions;
-                  };
-                  "@persist" = {
-                    mountpoint = "/persist";
-                    inherit mountOptions;
-                  };
-                  "@persist/user" = {
-                    mountpoint = "/persist/user";
-                    inherit mountOptions;
-                  };
-                  "@persist/state" = {
-                    mountpoint = "/persist/state";
-                    inherit mountOptions;
-                  };
-                  "@persist/cache" = {
-                    mountpoint = "/persist/cache";
-                    inherit mountOptions;
-                  };
-                  "@nix" = {
-                    mountpoint = "/nix";
-                    inherit mountOptions;
-                  };
-                };
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/elara/hardware/default.nix

@@ -2,14 +2,9 @@
 {
   imports = [ ./display.nix ];
 
-  hardware = {
+  wsl = {
-    enableAllFirmware = true;
+    enable = true;
-
+    defaultUser = "nikara";
-    cpu = {
+    startMenuLaunchers = true;
-      cores = 12;
-      threads = 12;
-    };
   };
-
-  virtualisation.hypervGuest.enable = true;
 }

hosts/elara/hardware/display.nix

@@ -1,29 +1,6 @@
 { ... }:
 {
-  boot.kernelParams = [ "video=hyperv_fb:1920x1200@60" ];
-
   home-manager.sharedModules = [
-    {
+    { programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; }
-      wayland.windowManager.hyprland.settings = {
-        animation = "global, 0";
-
-        monitor = [ "Virtual-1, preferred, 0x0, 1" ];
-
-        workspace = [
-          "1, monitor:Virtual-1, layoutopt:orientation:left"
-          "2, monitor:Virtual-1, layoutopt:orientation:left"
-          "3, monitor:Virtual-1, layoutopt:orientation:left"
-          "4, monitor:Virtual-1, layoutopt:orientation:left"
-          "5, monitor:Virtual-1, layoutopt:orientation:left"
-          "6, monitor:Virtual-1, layoutopt:orientation:left"
-          "7, monitor:Virtual-1, layoutopt:orientation:left"
-          "8, monitor:Virtual-1, layoutopt:orientation:left"
-          "9, monitor:Virtual-1, layoutopt:orientation:left"
-          "10, monitor:Virtual-1, layoutopt:orientation:left"
-        ];
-      };
-
-      programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
-    }
   ];
 }

hosts/elara/users/nikara/configs/console/gpg/default.nix

@@ -1,5 +1,10 @@
 { user, home }:
-{ config, inputs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 let
   hmConfig = config.home-manager.users.${user};
 in
@@ -31,5 +36,8 @@ in
       "Personal GPG Passphrase".source = hmConfig.sops.secrets."gpg/personal/pass".path;
       "SAS GPG Passphrase".source = hmConfig.sops.secrets."gpg/sas/pass".path;
     };
+
+    home.packages = [ pkgs.gcr ];
+    services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
   };
 }

hosts/elara/users/nikara/configs/console/podman/default.nix

@@ -10,41 +10,45 @@ let
   hmConfig = config.home-manager.users.${user};
 in
 {
-  home-manager.users.${user}.sops = {
+  home-manager.users.${user} = {
-    secrets = {
+    sops = {
-      "registry/personal/git.karaolidis.com" = {
+      secrets = {
-        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+        "registry/personal/git.karaolidis.com" = {
-        key = "registry/git.karaolidis.com";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+          key = "registry/git.karaolidis.com";
+        };
+
+        "registry/personal/docker.io" = {
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+          key = "registry/docker.io";
+        };
+
+        "registry/sas/cr.sas.com" = {
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
+          key = "registry/cr.sas.com";
+        };
       };
 
-      "registry/personal/docker.io" = {
+      templates.containers-auth = {
-        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+        content = builtins.readFile (
-        key = "registry/docker.io";
+          (pkgs.formats.json { }).generate "auth.json" {
-      };
+            auths = {
-
+              "git.karaolidis.com" = {
-      "registry/sas/cr.sas.com" = {
+                auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
-        sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
+              };
-        key = "registry/cr.sas.com";
+              "docker.io" = {
+                auth = hmConfig.sops.placeholder."registry/personal/docker.io";
+              };
+              "cr.sas.com" = {
+                auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
+              };
+            };
+          }
+        );
+        path = "${home}/.config/containers/auth.json";
       };
     };
 
-    templates.containers-auth = {
+    services.podman.settings.storage.storage.driver = lib.mkForce "overlay";
-      content = builtins.readFile (
-        (pkgs.formats.json { }).generate "auth.json" {
-          auths = {
-            "git.karaolidis.com" = {
-              auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
-            };
-            "docker.io" = {
-              auth = hmConfig.sops.placeholder."registry/personal/docker.io";
-            };
-            "cr.sas.com" = {
-              auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
-            };
-          };
-        }
-      );
-      path = "${home}/.config/containers/auth.json";
-    };
   };
 }

hosts/elara/users/nikara/configs/console/wsl/default.nix

@@ -0,0 +1,5 @@
+{ user, home }:
+{ pkgs, ... }:
+{
+  home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
+}

hosts/elara/users/nikara/configs/gui/obsidian/default.nix

@@ -1,5 +0,0 @@
-{ user, home }:
-{ ... }:
-{
-  home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/sas/master".enable = true;
-}

hosts/elara/users/nikara/configs/gui/vscode/default.nix

@@ -1,26 +1,32 @@
 { user, home }:
-{ ... }:
+{ lib, ... }:
 {
-  home-manager.users.${user}.programs.vscode = {
+  home-manager.users.${user} = {
-    languages = {
+    programs.vscode = {
-      c.enable = true;
+      languages = {
-      go.enable = true;
+        c.enable = true;
-      hugo.enable = true;
+        go.enable = true;
-      java.enable = true;
+        hugo.enable = true;
-      jinja.enable = true;
+        java.enable = true;
-      lua.enable = true;
+        jinja.enable = true;
-      markdown.enable = true;
+        lua.enable = true;
-      nix.enable = true;
+        markdown.enable = true;
-      podman.enable = true;
+        nix.enable = true;
-      python.enable = true;
+        podman.enable = true;
-      rest.enable = true;
+        python.enable = true;
-      rust.enable = true;
+        rest.enable = true;
-      sas.enable = true;
+        rust.enable = true;
-      sops.enable = true;
+        sas.enable = true;
-      typescript.enable = true;
+        sops.enable = true;
-      yaml.enable = true;
+        typescript.enable = true;
+        yaml.enable = true;
+      };
+
+      copilot.enable = true;
+
+      profiles.default.userSettings."window.autoDetectColorScheme" = lib.mkForce false;
     };
 
-    copilot.enable = true;
+    home.sessionVariables.DONT_PROMPT_WSL_INSTALL = "1";
   };
 }

hosts/elara/users/nikara/default.nix

@@ -14,7 +14,6 @@ in
   imports = [
     (import ../../../common/configs/user { inherit user home; })
 
-    (import ../../../common/configs/user/console/android { inherit user home; })
     (import ../../../common/configs/user/console/btop { inherit user home; })
     (import ../../../common/configs/user/console/dive { inherit user home; })
     (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -26,18 +25,14 @@ in
     (import ../../../common/configs/user/console/ip { inherit user home; })
     (import ../../../common/configs/user/console/jq { inherit user home; })
     (import ../../../common/configs/user/console/kubernetes { inherit user home; })
-    (import ../../../common/configs/user/console/libvirt { inherit user home; })
     (import ../../../common/configs/user/console/lsof { inherit user home; })
     (import ../../../common/configs/user/console/mprocs { inherit user home; })
     (import ../../../common/configs/user/console/ncdu { inherit user home; })
-    (import ../../../common/configs/user/console/ncspot { inherit user home; })
     (import ../../../common/configs/user/console/neovim { inherit user home; })
     (import ../../../common/configs/user/console/nix { inherit user home; })
-    (import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
     (import ../../../common/configs/user/console/nix-develop { inherit user home; })
     (import ../../../common/configs/user/console/nix-direnv { inherit user home; })
     (import ../../../common/configs/user/console/ouch { inherit user home; })
-    (import ../../../common/configs/user/console/pipewire { inherit user home; })
     (import ../../../common/configs/user/console/podman { inherit user home; })
     (import ../../../common/configs/user/console/sops { inherit user home; })
     (import ../../../common/configs/user/console/ssh { inherit user home; })
@@ -47,48 +42,20 @@ in
     (import ../../../common/configs/user/console/wget { inherit user home; })
     (import ../../../common/configs/user/console/xdg { inherit user home; })
     (import ../../../common/configs/user/console/yazi { inherit user home; })
-    (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
     (import ../../../common/configs/user/console/zoxide { inherit user home; })
     (import ../../../common/configs/user/console/zsh { inherit user home; })
 
-    (import ../../../common/configs/user/gui/astal { inherit user home; })
-    (import ../../../common/configs/user/gui/bluetooth { inherit user home; })
-    (import ../../../common/configs/user/gui/btop { inherit user home; })
-    (import ../../../common/configs/user/gui/clipbook { inherit user home; })
-    (import ../../../common/configs/user/gui/cliphist { inherit user home; })
-    (import ../../../common/configs/user/gui/emoji { inherit user home; })
-    (import ../../../common/configs/user/gui/feh { inherit user home; })
-    (import ../../../common/configs/user/gui/firefox { inherit user home; })
-    (import ../../../common/configs/user/gui/gtk { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprland { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprshot { inherit user home; })
-    (import ../../../common/configs/user/gui/kitty { inherit user home; })
-    (import ../../../common/configs/user/gui/libreoffice { inherit user home; })
-    (import ../../../common/configs/user/gui/mpv { inherit user home; })
-    (import ../../../common/configs/user/gui/networkmanager { inherit user home; })
-    (import ../../../common/configs/user/gui/obs { inherit user home; })
-    (import ../../../common/configs/user/gui/obsidian { inherit user home; })
-    (import ../../../common/configs/user/gui/pipewire { inherit user home; })
-    (import ../../../common/configs/user/gui/qalculate { inherit user home; })
-    (import ../../../common/configs/user/gui/qt { inherit user home; })
-    (import ../../../common/configs/user/gui/rofi { inherit user home; })
-    (import ../../../common/configs/user/gui/rquickshare { inherit user home; })
-    (import ../../../common/configs/user/gui/swww { inherit user home; })
     (import ../../../common/configs/user/gui/theme { inherit user home; })
+    (import ../../../common/configs/user/gui/gtk { inherit user home; })
+    (import ../../../common/configs/user/gui/qt { inherit user home; })
     (import ../../../common/configs/user/gui/vscode { inherit user home; })
-    (import ../../../common/configs/user/gui/wev { inherit user home; })
-    (import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
-    (import ../../../common/configs/user/gui/x11 { inherit user home; })
-    (import ../../../common/configs/user/gui/xdg { inherit user home; })
 
     (import ./configs/console/gpg { inherit user home; })
     (import ./configs/console/podman { inherit user home; })
     (import ./configs/console/sas { inherit user home; })
     (import ./configs/console/ssh { inherit user home; })
-
-    (import ./configs/gui/obsidian { inherit user home; })
     (import ./configs/gui/vscode { inherit user home; })
+    (import ./configs/console/wsl { inherit user home; })
   ];
 
   # mkpasswd -s

hosts/himalia/default.nix

@@ -21,7 +21,6 @@
     ../common/configs/system/documentation
     ../common/configs/system/getty
     ../common/configs/system/git
-    ../common/configs/system/gpg-agent
     ../common/configs/system/impermanence
     ../common/configs/system/lanzaboote
     ../common/configs/system/libvirt

hosts/installer/default.nix

@@ -19,7 +19,6 @@
     ../common/configs/system/documentation
     ../common/configs/system/getty
     ../common/configs/system/git
-    ../common/configs/system/gpg-agent
     ../common/configs/system/impermanence
     ../common/configs/system/lanzaboote
     ../common/configs/system/neovim

hosts/jupiter-vps/README.md

@@ -2,7 +2,7 @@
 
 ## Installation Instructions
 
-1. Provision an OVHcloud VPS (ideally running Ubuntu).
+1. Provision an OVHcloud VPS (ideally running Ubuntu)
 2. Add personal public key
 3. Add a CNAME entry for `vps.karaolidis.com` pointing to the VPS IP/host
 4. Run `hosts/jupiter-vps/install.sh`

hosts/jupiter-vps/install.sh

@@ -12,6 +12,6 @@ cleanup() {
 trap cleanup EXIT
 
 install -d -m 755 "$temp/etc/ssh"
-cp ./secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
+cp ./submodules/secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
 
 nix run github:nix-community/nixos-anywhere -- --flake .#jupiter-vps --extra-files "$temp" --target-host ubuntu@vps.karaolidis.com -i ~/.ssh/ssh_personal_ed25519_key

packages/default.nix

@@ -89,5 +89,7 @@
   ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs; };
   ssh-known-hosts-gitlab = import ./ssh/known-hosts/gitlab { inherit pkgs; };
 
+  wsl-wl-clipboard = import ./wsl-wl-clipboard { inherit pkgs; };
+
   yazi-plugin-custom-shell = import ./yazi/plugins/custom-shell { inherit pkgs; };
 }

packages/wsl-wl-clipboard/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+# FIXME: https://github.com/nix-community/NixOS-WSL/issues/700
+let
+  wl-copy = pkgs.writeShellScriptBin "wl-copy" ''
+    printf '%s' "$(cat)" | ${pkgs.dos2unix}/bin/unix2dos | clip.exe
+  '';
+
+  wl-paste = pkgs.writeShellScriptBin "wl-paste" ''
+    powershell.exe -command Get-Clipboard | ${pkgs.dos2unix}/bin/dos2unix
+  '';
+in
+pkgs.stdenv.mkDerivation {
+  name = "wsl-wl-clipboard";
+  version = "1.0";
+
+  src = ./.;
+
+  buildInputs = [
+    wl-copy
+    wl-paste
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    ln -s ${wl-copy}/bin/wl-copy $out/bin/wl-copy
+    ln -s ${wl-paste}/bin/wl-paste $out/bin/wl-paste
+  '';
+}

scripts/add-host.sh

@@ -11,16 +11,16 @@ fi
 
 host="$1"
 
-mkdir -p "./secrets/hosts/$host"
+mkdir -p "./submodules/secrets/hosts/$host"
-ssh-keygen -t ed25519 -f "./secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
+ssh-keygen -t ed25519 -f "./submodules/secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
-age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
+age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
 
-cat <<EOF > "./secrets/hosts/$host/sops.yaml"
+cat <<EOF > "./submodules/secrets/hosts/$host/sops.yaml"
 keys:
   - hosts:
       - &$host $age_key
   - namespaces:
-      - &personal $(age-keygen -y ./secrets/domains/personal/key.txt | tr -d '\n')
+      - &personal $(age-keygen -y ./submodules/secrets/domains/personal/key.txt | tr -d '\n')
 
 creation_rules:
   - path_regex: .+\.(yaml|yml|json|env|ini|bin)
@@ -46,7 +46,7 @@ done
 
 machine_id=$(uuidgen -r | tr -d -)
 
-cat <<EOF > "./secrets/hosts/$host/.decrypted~secrets.yaml"
+cat <<EOF > "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
 luks: '$luks'
 machineId: $machine_id
 EOF
@@ -55,11 +55,11 @@ tmp_age_key="$(mktemp)"
 echo "$age_key" > "$tmp_age_key"
 export SOPS_AGE_KEY_FILE="$tmp_age_key"
 
-sops --config "./secrets/hosts/$host/sops.yaml" --encrypt "./secrets/hosts/$host/.decrypted~secrets.yaml" > "./secrets/hosts/$host/secrets.yaml"
+sops --config "./submodules/secrets/hosts/$host/sops.yaml" --encrypt "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml" > "./submodules/secrets/hosts/$host/secrets.yaml"
 
 unset SOPS_AGE_KEY_FILE
 rm -f "$tmp_age_key"
-rm -f "./secrets/hosts/$host/.decrypted~secrets.yaml"
+rm -f "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
 
 mkdir -p "./hosts/$host/hardware"
 

scripts/remove-host.sh

@@ -11,7 +11,7 @@ fi
 
 host="$1"
 
-age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
+age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
 
 find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
   sed -i "/      - &$host $age_key/d" "$sops_file"