Add himalia

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-05-21 00:39:38 +01:00
parent 8346e89b9f
commit d995375c16
30 changed files with 630 additions and 88 deletions
--- a/README.md
+++ b/README.md
@@ -42,3 +42,4 @@ Below is a table of all hosts, with links to their respective README files, whic
 | `installer` | [hosts/installer/README.md](./hosts/installer/README.md) |
 | `eirene`    | [hosts/eirene/README.md](./hosts/eirene/README.md)       |
 | `elara`     | [hosts/elara/README.md](./hosts/elara/README.md)         |
+| `himalia`   | [hosts/himalia/README.md](./hosts/himalia/README.md)     |
--- a/flake.lock
+++ b/flake.lock
@@ -31,11 +31,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745067202,
-        "narHash": "sha256-f7LaP9W4nnu8Qh6tjRDN0qzFV7FRLNiQYrEtP50mT38=",
+        "lastModified": 1747093850,
+        "narHash": "sha256-SaHAtzUyfm4urAcUEZlBFn7dWhoDqA6kaeFZ11CCTf8=",
        "owner": "aylur",
        "repo": "astal",
-        "rev": "c96126c7e261737270ad7ae35b27674c318648e6",
+        "rev": "4820a3e37cc8eb81db6ed991528fb23472a8e4de",
        "type": "github"
      },
      "original": {
@@ -52,11 +52,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745502102,
-        "narHash": "sha256-LqhRwzvIVPEjH0TaPgwzqpyhW6DtCrvz7FnUJDoUZh8=",
+        "lastModified": 1747742835,
+        "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ca27b88c88948d96feeee9ed814cbd34f53d0d70",
+        "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
        "type": "github"
      },
      "original": {
@@ -115,11 +115,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745580871,
-        "narHash": "sha256-SXA+9Y9gp1c0wRVV8QeZ0rQncrc4f6xGsyuPeD82mvc=",
+        "lastModified": 1747768928,
+        "narHash": "sha256-TSRnoDFz6miVb2ckIyhCUmSt8DWdbiGqLMK5Wt+4/v0=",
        "owner": "karaolidis",
        "repo": "home-manager",
-        "rev": "e3a65e6b3c5a8dba2c24b411bfe49c98bd24ec0e",
+        "rev": "b96cef5b56aaf494f6a557eedd1ba0a94a7b86b6",
        "type": "github"
      },
      "original": {
@@ -131,11 +131,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1745580757,
-        "narHash": "sha256-ifnIjyCqw9HtY5QukDIfFQVUXYkOngRMgKGRWJ8iJv4=",
+        "lastModified": 1747768041,
+        "narHash": "sha256-skXZQa351fQzshcbmxyqWVCeLSqOZrdC6itfgsMvDpE=",
        "owner": "karaolidis",
        "repo": "nixpkgs",
-        "rev": "12b9c9689ed5cfb8dfff3ad4743e88bbc23a9344",
+        "rev": "51b40f904f855257df397798692a8cc9936a61a6",
        "type": "github"
      },
      "original": {
@@ -156,11 +156,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745578191,
-        "narHash": "sha256-UEUn1DuOysq4/1Wqd7TSE0lw6iLo5l+TVazKGIBIDp4=",
+        "lastModified": 1747765646,
+        "narHash": "sha256-bgUJ1hjtv2XVNILla+fD77UlaCGeMEZhIQ7VFJ0Ba00=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "d1cf5ba24cde01c963554c5c3d01d22f06ef5845",
+        "rev": "cd42c67a4287c5c5a07d9241045b9b7962ea9e92",
        "type": "github"
      },
      "original": {
@@ -171,17 +171,12 @@
      }
    },
    "quadlet-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
      "locked": {
-        "lastModified": 1743361017,
-        "narHash": "sha256-RELV9YxfhwjuN4edtVmpupVvHUiWu/KuF4mqzU+neYE=",
+        "lastModified": 1747582804,
+        "narHash": "sha256-sJadLIakoomaU2+ciXtN1x2e+Fh0UAx/O0MwdZeos6E=",
        "owner": "SEIAROTg",
        "repo": "quadlet-nix",
-        "rev": "971479231c7dd2433954dd26c240e1bdc5bd9849",
+        "rev": "0d1f7f9571b4287f1ec38b29531ae457737bfcfd",
        "type": "github"
      },
      "original": {
@@ -214,11 +209,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745310711,
-        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
+        "lastModified": 1747603214,
+        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
+        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
        "type": "github"
      },
      "original": {
@@ -238,11 +233,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745151211,
-        "narHash": "sha256-qFXfTdO1yvW6DmUPfVLIJgDHfkSd5yimZWvBMrlP/ow=",
+        "lastModified": 1747607404,
+        "narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=",
        "owner": "Gerg-L",
        "repo": "spicetify-nix",
-        "rev": "1dd4328f82115887901a685ecd9fa6e1d1db2d0c",
+        "rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91",
        "type": "github"
      },
      "original": {
@@ -275,11 +270,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744961264,
-        "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=",
+        "lastModified": 1747469671,
+        "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "8d404a69efe76146368885110f29a2ca3700bee6",
+        "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -91,8 +91,6 @@
      owner = "SEIAROTg";
      repo = "quadlet-nix";
      ref = "main";
-
-      inputs.nixpkgs.follows = "nixpkgs";
    };

    astal = {
@@ -150,6 +148,12 @@
          modules = [ ./hosts/elara ];
          specialArgs = { inherit inputs system; };
        };
+
+        himalia = nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+          modules = [ ./hosts/himalia ];
+          specialArgs = { inherit inputs system; };
+        };
      };
    }
    // inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] (
--- a/hosts/common/configs/system/nix-install/install.sh
+++ b/hosts/common/configs/system/nix-install/install.sh
@@ -155,6 +155,7 @@ main() {
      prepare_disk "mount"
      copy_keys
      install
+      if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi
      if [[ "$reboot_flag" == "true" ]]; then finish; fi
      ;;
    *)
--- a/hosts/common/configs/system/ssh/default.nix
+++ b/hosts/common/configs/system/ssh/default.nix
@@ -4,5 +4,6 @@
    installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
    eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
    elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
+    himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub;
  };
 }
--- a/hosts/common/configs/user/gui/hyprland/default.nix
+++ b/hosts/common/configs/user/gui/hyprland/default.nix
@@ -124,6 +124,11 @@
        input.touchpad.natural_scroll = true;

        xwayland.force_zero_scaling = true;
+
+        ecosystem = {
+          no_update_news = true;
+          no_donation_nag = true;
+        };
      };

      extraConfig = "source = ./theme.conf";
--- a/hosts/common/configs/user/gui/steam/default.nix
+++ b/hosts/common/configs/user/gui/steam/default.nix
@@ -41,7 +41,7 @@
            pkgs.writeShellApplication {
              name = "steam-ln";
              runtimeInputs = with pkgs; [ coreutils ];
-              text = builtins.readFile ./scripts/steam-ln.sh;
+              text = builtins.readFile ./steam-ln.sh;
            }
          );
        in
--- a/hosts/common/configs/user/gui/steam/scripts/steam-ln.sh
+++ b/hosts/common/configs/user/gui/steam/scripts/steam-ln.sh
@@ -1,5 +1,7 @@
 # shellcheck shell=bash

+shopt -s nullglob
+
 STEAM="$HOME/.local/share/Steam/steamapps/common"
 GAMES="$HOME/Games"

--- a/hosts/eirene/README.md
+++ b/hosts/eirene/README.md
@@ -1,25 +1 @@
 # eirene
-
-## Post-Install Checklist
-
-### Networking
-
- [ ] Add NetworkManager connections
- [ ] Connect Bluetooth devices
- [ ] Add printers
-
-### Third-party Services
-
- [ ] Firefox
-
-  - [ ] Authenticate
-
- [ ] Spotify
-
-  - [ ] Authenticate
-  - [ ] Local Files
-
- [ ] Steam
-
-  - [ ] Authenticate
-  - [ ] `protonup`
--- a/hosts/eirene/hardware/default.nix
+++ b/hosts/eirene/hardware/default.nix
@@ -19,7 +19,6 @@

    nvidia = {
      open = true;
-      modesetting.enable = true;
      powerManagement.enable = true;
      dynamicBoost.enable = true;

@@ -94,11 +93,6 @@
        ];

        gestures.workspace_swipe_distance = 600;
-
-        # https://github.com/hyprwm/Hyprland/issues/6701
-        debug = {
-          damage_tracking = 0;
-        };
      };

      programs.zsh.loginExtra = lib.mkBefore (builtins.readFile ./card.sh);
--- a/hosts/elara/README.md
+++ b/hosts/elara/README.md
@@ -8,22 +8,3 @@ This host uses private SAS repositories. You can find the imports for these in:
 - [./users/nikara/default.nix](./users/nikara/default.nix)

 You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
-
-## Post-Install Checklist
-
-### Networking
-
- [ ] Add NetworkManager connections
- [ ] Connect Bluetooth devices
- [ ] Add printers
-
-### Third-party Services
-
- [ ] Firefox
-
-  - [ ] Authenticate
-
- [ ] Spotify
-
-  - [ ] Authenticate
-  - [ ] Local Files
--- a/hosts/himalia/README.md
+++ b/hosts/himalia/README.md
@@ -0,0 +1 @@
+# himalia
--- a/hosts/himalia/default.nix
+++ b/hosts/himalia/default.nix
@@ -0,0 +1,51 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    ./format.nix
+
+    ./hardware
+
+    ../common/configs/system/backup
+    ../common/configs/system/bluetooth
+    ../common/configs/system/boot
+    ../common/configs/system/brightnessctl
+    ../common/configs/system/btrfs
+    ../common/configs/system/cpu
+    ../common/configs/system/documentation
+    ../common/configs/system/getty
+    ../common/configs/system/git
+    ../common/configs/system/gpg-agent
+    ../common/configs/system/impermanence
+    ../common/configs/system/libvirt
+    ../common/configs/system/neovim
+    ../common/configs/system/networkmanager
+    ../common/configs/system/nix
+    ../common/configs/system/nix-cleanup
+    ../common/configs/system/nix-install
+    ../common/configs/system/nix-ld
+    ../common/configs/system/nix-update
+    ../common/configs/system/nixpkgs
+    ../common/configs/system/ntp
+    ../common/configs/system/pipewire
+    ../common/configs/system/podman
+    ../common/configs/system/powertop
+    ../common/configs/system/printing
+    ../common/configs/system/smartmontools
+    ../common/configs/system/sops
+    ../common/configs/system/ssh
+    ../common/configs/system/ssh-agent
+    ../common/configs/system/sudo
+    ../common/configs/system/system
+    ../common/configs/system/timezone
+    ../common/configs/system/tlp
+    ../common/configs/system/tmux
+    ../common/configs/system/tree
+    ../common/configs/system/users
+    ../common/configs/system/zsh
+
+    ./users/nick
+  ];
+
+  networking.hostName = "himalia";
+}
--- a/hosts/himalia/format.nix
+++ b/hosts/himalia/format.nix
@@ -0,0 +1,79 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/disk/by-id/nvme-MTFDKBA2T0QGN-1BN1AABGA_25094E64841E";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "esp";
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          swap = {
+            name = "swap";
+            size = "32G";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              name = "main";
+              type = "luks";
+              passwordFile = "/tmp/keyfile";
+              settings = {
+                allowDiscards = true;
+              };
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ];
+                subvolumes = {
+                  "@" = {
+                    mountpoint = "/";
+                  };
+                  "@persist" = {
+                    mountpoint = "/persist";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@cache" = {
+                    mountpoint = "/cache";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/himalia/hardware/default.nix
+++ b/hosts/himalia/hardware/default.nix
@@ -0,0 +1,86 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  imports = [ ./display.nix ];
+
+  hardware = {
+    enableAllFirmware = true;
+
+    cpu = {
+      cores = 16;
+      threads = 16;
+      intel.updateMicrocode = true;
+    };
+
+    nvidia = {
+      open = true;
+      powerManagement.enable = true;
+      # TODO
+      # dynamicBoost.enable = true;
+
+      prime = {
+        offload = {
+          enable = true;
+          enableOffloadCmd = true;
+        };
+        intelBusId = "PCI:0:2:0";
+        nvidiaBusId = "PCI:1:0:0";
+      };
+    };
+
+    graphics = {
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+        vaapiVdpau
+        intel-vaapi-driver
+        libvdpau-va-gl
+        intel-media-driver
+      ];
+    };
+
+    nvidia-container-toolkit.enable = (
+      config.virtualisation.containerd.enable
+      || config.virtualisation.docker.enable
+      || config.virtualisation.podman.enable
+    );
+  };
+
+  boot = {
+    kernelModules = [ "kvm-intel" ];
+    initrd.kernelModules = [
+      "i915"
+      "xhci_pci"
+      "thunderbolt"
+      "vmd"
+      "nvme"
+      "usbhid"
+      "sd_mod"
+    ];
+  };
+
+  nixpkgs.config.cudaSupport = true;
+
+  powerManagement.enable = true;
+
+  services = {
+    xserver.videoDrivers = [ "nvidia" ];
+    fstrim.enable = true;
+    tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1";
+    logind.lidSwitch = "ignore";
+    asusd = {
+      enable = true;
+      enableUserService = true;
+    };
+    supergfxd.enable = true;
+  };
+
+  programs.gamescope.env = {
+    __NV_PRIME_RENDER_OFFLOAD = "1";
+    __VK_LAYER_NV_optimus = "NVIDIA_only";
+    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+  };
+}
--- a/hosts/himalia/hardware/display.nix
+++ b/hosts/himalia/hardware/display.nix
@@ -0,0 +1,53 @@
+{ pkgs, ... }:
+{
+  boot.kernelParams = [ "video=eDP-1:2560x1600@240" ];
+
+  programs.steam.package = pkgs.steam.override { extraEnv.STEAM_FORCE_DESKTOPUI_SCALING = 1.25; };
+
+  home-manager.sharedModules = [
+    {
+      wayland.windowManager.hyprland.settings = {
+        monitor = [
+          "eDP-1, 2560x1600@240, 0x0, 1.25"
+          "HDMI-A-2, 5120x1440@144, -1536x-1440, 1"
+        ];
+
+        general = {
+          layout = "master";
+        };
+
+        master = {
+          slave_count_for_center_master = 0;
+          mfact = 0.5;
+        };
+
+        workspace = [
+          "1, monitor:eDP-1, layoutopt:orientation:left"
+          "2, monitor:eDP-1, layoutopt:orientation:left"
+          "3, monitor:eDP-1, layoutopt:orientation:left"
+          "4, monitor:eDP-1, layoutopt:orientation:left"
+          "5, monitor:eDP-1, layoutopt:orientation:left"
+          "6, monitor:eDP-1, layoutopt:orientation:left"
+          "7, monitor:eDP-1, layoutopt:orientation:left"
+          "8, monitor:eDP-1, layoutopt:orientation:left"
+          "9, monitor:eDP-1, layoutopt:orientation:left"
+          "10, monitor:eDP-1, layoutopt:orientation:left"
+          "11, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "12, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "13, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "14, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "15, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "16, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "17, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "18, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "19, monitor:HDMI-A-2, layoutopt:orientation:center"
+          "20, monitor:HDMI-A-2, layoutopt:orientation:center"
+        ];
+      };
+
+      programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
+
+      theme.cursor.size = 24;
+    }
+  ];
+}
--- a/hosts/himalia/secrets/ssh_host_ed25519_key.pub
+++ b/hosts/himalia/secrets/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgGmzh23q/ucuZRRkS4LdPfBdTDWJk0UrlUYVnC7j2b root@himalia
--- a/hosts/himalia/users/nick/configs/console/git/default.nix
+++ b/hosts/himalia/users/nick/configs/console/git/default.nix
@@ -0,0 +1,48 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{
+  config,
+  inputs,
+  lib,
+  system,
+  ...
+}:
+let
+  hmConfig = config.home-manager.users.${user};
+  selfPkgs = inputs.self.packages.${system};
+in
+{
+  home-manager.users.${user} = {
+    sops = {
+      secrets = {
+        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
+          ../../../../../../../secrets/personal/secrets.yaml;
+        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
+          ../../../../../../../secrets/personal/secrets.yaml;
+      };
+
+      templates."git/credentials" = {
+        content = ''
+          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
+          }@git.karaolidis.com
+        '';
+        path = "${home}/.config/git/credentials";
+      };
+    };
+
+    programs.ssh = {
+      matchBlocks = {
+        "github.com" = {
+          hostname = "github.com";
+          user = "git";
+          identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
+        };
+      };
+
+      userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-github ];
+    };
+  };
+}
--- a/hosts/himalia/users/nick/configs/console/gpg/default.nix
+++ b/hosts/himalia/users/nick/configs/console/gpg/default.nix
@@ -0,0 +1,18 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ config, ... }:
+let
+  hmConfig = config.home-manager.users.${user};
+in
+{
+  home-manager.users.${user} = {
+    sops.secrets = {
+      "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+      "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+    };
+
+    programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path;
+  };
+}
--- a/hosts/himalia/users/nick/configs/console/podman/default.nix
+++ b/hosts/himalia/users/nick/configs/console/podman/default.nix
@@ -0,0 +1,32 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ config, pkgs, ... }:
+let
+  hmConfig = config.home-manager.users.${user};
+in
+{
+  home-manager.users.${user}.sops = {
+    secrets = {
+      "registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+      "registry/registry.karaolidis.com".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+    };
+
+    templates."containers-auth.json" = {
+      content = builtins.readFile (
+        (pkgs.formats.json { }).generate "auth.json" {
+          auths = {
+            "docker.io" = {
+              auth = hmConfig.sops.placeholder."registry/docker.io";
+            };
+            "registry.karaolidis.com" = {
+              auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com";
+            };
+          };
+        }
+      );
+      path = "${home}/.config/containers/auth.json";
+    };
+  };
+}
--- a/hosts/himalia/users/nick/configs/console/ssh/default.nix
+++ b/hosts/himalia/users/nick/configs/console/ssh/default.nix
@@ -0,0 +1,22 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ config, ... }:
+let
+  hmConfig = config.home-manager.users.${user};
+in
+{
+  home-manager.users.${user} = {
+    sops.secrets = {
+      "ssh/key" = {
+        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+        path = "${home}/.ssh/ssh_personal_ed25519_key";
+      };
+
+      "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+    };
+
+    programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;
+  };
+}
--- a/hosts/himalia/users/nick/configs/console/syncthing/default.nix
+++ b/hosts/himalia/users/nick/configs/console/syncthing/default.nix
@@ -0,0 +1,17 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user}.services.syncthing.settings.folders = {
+    official = {
+      label = "Official";
+      path = "${home}/Documents/Official";
+      devices = [
+        "amalthea"
+        "ganymede"
+      ];
+    };
+  };
+}
--- a/hosts/himalia/users/nick/configs/gui/obsidian/default.nix
+++ b/hosts/himalia/users/nick/configs/gui/obsidian/default.nix
@@ -0,0 +1,23 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user} = {
+    programs.obsidian.vaults."Documents/Obsidian/master".enable = true;
+
+    services.syncthing.settings.folders.obsidian = {
+      label = "Obsidian";
+      path = "${home}/Documents/Obsidian";
+      devices = [
+        "amalthea"
+        "ganymede"
+      ];
+      maxConflicts = 0;
+    };
+
+    home.file."Documents/Obsidian/.stignore".source =
+      ../../../../../../common/configs/user/gui/obsidian/.stignore;
+  };
+}
--- a/hosts/himalia/users/nick/configs/gui/theme/default.nix
+++ b/hosts/himalia/users/nick/configs/gui/theme/default.nix
@@ -0,0 +1,11 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user}.theme = {
+    padding = 0;
+    radius = 0;
+  };
+}
--- a/hosts/himalia/users/nick/configs/gui/vscode/default.nix
+++ b/hosts/himalia/users/nick/configs/gui/vscode/default.nix
@@ -0,0 +1,21 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user}.programs.vscode.languages = {
+    c.enable = true;
+    go.enable = true;
+    java.enable = true;
+    lua.enable = true;
+    markdown.enable = true;
+    nix.enable = true;
+    python.enable = true;
+    rest.enable = true;
+    rust.enable = true;
+    sops.enable = true;
+    typescript.enable = true;
+    yaml.enable = true;
+  };
+}
--- a/hosts/himalia/users/nick/default.nix
+++ b/hosts/himalia/users/nick/default.nix
@@ -0,0 +1,120 @@
+{ config, lib, ... }:
+let
+  # FIXME: https://github.com/NixOS/nixpkgs/issues/24570
+  # FIXME: https://github.com/NixOS/nixpkgs/issues/305643
+  user = "nick";
+  home = "/home/nick";
+in
+{
+  imports = [
+    ../../../common/configs/user/options.nix
+
+    (import ../../../common/configs/user/console/android { inherit user home; })
+    (import ../../../common/configs/user/console/bashmount { inherit user home; })
+    (import ../../../common/configs/user/console/brightnessctl { inherit user home; })
+    (import ../../../common/configs/user/console/btop { inherit user home; })
+    (import ../../../common/configs/user/console/dive { inherit user home; })
+    (import ../../../common/configs/user/console/fastfetch { inherit user home; })
+    (import ../../../common/configs/user/console/ffmpeg { inherit user home; })
+    (import ../../../common/configs/user/console/git { inherit user home; })
+    (import ../../../common/configs/user/console/gpg-agent { inherit user home; })
+    (import ../../../common/configs/user/console/home-manager { inherit user home; })
+    (import ../../../common/configs/user/console/imagemagick { inherit user home; })
+    (import ../../../common/configs/user/console/ip { inherit user home; })
+    (import ../../../common/configs/user/console/jq { inherit user home; })
+    (import ../../../common/configs/user/console/libvirt { inherit user home; })
+    (import ../../../common/configs/user/console/lsof { inherit user home; })
+    (import ../../../common/configs/user/console/ncdu { inherit user home; })
+    (import ../../../common/configs/user/console/neovim { inherit user home; })
+    (import ../../../common/configs/user/console/nix { inherit user home; })
+    (import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
+    (import ../../../common/configs/user/console/nix-develop { inherit user home; })
+    (import ../../../common/configs/user/console/nix-direnv { inherit user home; })
+    (import ../../../common/configs/user/console/pipewire { inherit user home; })
+    (import ../../../common/configs/user/console/podman { inherit user home; })
+    (import ../../../common/configs/user/console/ranger { inherit user home; })
+    (import ../../../common/configs/user/console/sops { inherit user home; })
+    (import ../../../common/configs/user/console/ssh { inherit user home; })
+    (import ../../../common/configs/user/console/ssh-agent { inherit user home; })
+    (import ../../../common/configs/user/console/syncthing { inherit user home; })
+    (import ../../../common/configs/user/console/tmux { inherit user home; })
+    (import ../../../common/configs/user/console/tree { inherit user home; })
+    (import ../../../common/configs/user/console/unzip { inherit user home; })
+    (import ../../../common/configs/user/console/wget { inherit user home; })
+    (import ../../../common/configs/user/console/xdg { inherit user home; })
+    (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
+    (import ../../../common/configs/user/console/zsh { inherit user home; })
+
+    # TODO
+    # (import ../../../common/configs/user/gui/astal { inherit user home; })
+    (import ../../../common/configs/user/gui/bluetooth { inherit user home; })
+    (import ../../../common/configs/user/gui/brightnessctl { inherit user home; })
+    (import ../../../common/configs/user/gui/btop { inherit user home; })
+    (import ../../../common/configs/user/gui/chromium { inherit user home; })
+    (import ../../../common/configs/user/gui/clipbook { inherit user home; })
+    (import ../../../common/configs/user/gui/cliphist { inherit user home; })
+    (import ../../../common/configs/user/gui/darktable { inherit user home; })
+    (import ../../../common/configs/user/gui/discord { inherit user home; })
+    (import ../../../common/configs/user/gui/emoji { inherit user home; })
+    (import ../../../common/configs/user/gui/firefox { inherit user home; })
+    (import ../../../common/configs/user/gui/gtk { inherit user home; })
+    (import ../../../common/configs/user/gui/hyprland { inherit user home; })
+    (import ../../../common/configs/user/gui/hyprshot { inherit user home; })
+    (import ../../../common/configs/user/gui/kitty { inherit user home; })
+    (import ../../../common/configs/user/gui/libreoffice { inherit user home; })
+    (import ../../../common/configs/user/gui/networkmanager { inherit user home; })
+    (import ../../../common/configs/user/gui/obs { inherit user home; })
+    (import ../../../common/configs/user/gui/obsidian { inherit user home; })
+    (import ../../../common/configs/user/gui/pipewire { inherit user home; })
+    (import ../../../common/configs/user/gui/qalculate { inherit user home; })
+    (import ../../../common/configs/user/gui/qt { inherit user home; })
+    (import ../../../common/configs/user/gui/rofi { inherit user home; })
+    (import ../../../common/configs/user/gui/rquickshare { inherit user home; })
+    (import ../../../common/configs/user/gui/spicetify { inherit user home; })
+    (import ../../../common/configs/user/gui/steam { inherit user home; })
+    (import ../../../common/configs/user/gui/swww { inherit user home; })
+    (import ../../../common/configs/user/gui/theme { inherit user home; })
+    (import ../../../common/configs/user/gui/transmission { inherit user home; })
+    (import ../../../common/configs/user/gui/vscode { inherit user home; })
+    (import ../../../common/configs/user/gui/wev { inherit user home; })
+    (import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
+    (import ../../../common/configs/user/gui/x11 { inherit user home; })
+    (import ../../../common/configs/user/gui/xdg { inherit user home; })
+
+    (import ./configs/console/git { inherit user home; })
+    (import ./configs/console/gpg { inherit user home; })
+    (import ./configs/console/podman { inherit user home; })
+    (import ./configs/console/ssh { inherit user home; })
+    (import ./configs/console/syncthing { inherit user home; })
+
+    (import ./configs/gui/obsidian { inherit user home; })
+    (import ./configs/gui/theme { inherit user home; })
+    (import ./configs/gui/vscode { inherit user home; })
+  ];
+
+  # echo "password" | mkpasswd -s
+  sops.secrets."${user}-password" = {
+    sopsFile = ../../../../secrets/personal/secrets.yaml;
+    key = "password";
+    neededForUsers = true;
+  };
+
+  users.users.${user} = {
+    inherit home;
+    isNormalUser = true;
+    email = "nick@karaolidis.com";
+    fullName = "Nikolaos Karaolidis";
+    description = "Nikolaos Karaolidis";
+    hashedPasswordFile = config.sops.secrets."${user}-password".path;
+    extraGroups = [ "wheel" ];
+    linger = true;
+    uid = lib.strings.toInt (builtins.readFile ./uid);
+  };
+
+  services.getty.autologinUser = user;
+
+  home-manager.users.${user}.home = {
+    username = user;
+    homeDirectory = home;
+  };
+}
--- a/hosts/himalia/users/nick/uid
+++ b/hosts/himalia/users/nick/uid
@@ -0,0 +1 @@
+1000
--- a/lib/scripts/add-host.sh
+++ b/lib/scripts/add-host.sh
@@ -173,8 +173,6 @@ EOF

 cat <<EOF > "./hosts/$host/README.md"
 # $host
-
-## Post-Install Checklist
 EOF

 new_entry="| \`$host\` | [hosts/$host/README.md](./hosts/$host/README.md) |"
--- a/submodules/home-manager
+++ b/submodules/home-manager
--- a/submodules/nixpkgs
+++ b/submodules/nixpkgs
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgGmzh23q/ucuZRRkS4LdPfBdTDWJk0UrlUYVnC7j2b root@himalia`