cleanup nas I think or something

modules/home/programs/code/default.nix

@@ -6,7 +6,7 @@
   ...
 }:
 let
-  isArm = "aarch64-linux" == system;
+  isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
   x86_only = with pkgs; [
     vscode-extensions.redhat.vscode-xml
   ];

modules/nixos/boot/common/default.nix

@@ -26,7 +26,10 @@ in
     };
 
     supportedFilesystems = [ "bcachefs" ];
+
+    consoleLogLevel = lib.mkDefault 3;
+    bootspec.enable = (!isArm);
   };
 
-  zramSwap.enable = true;
+  zramSwap.enable = lib.mkDefault true;
 }

modules/nixos/boot/lanzaboote/default.nix

@@ -11,13 +11,21 @@ in
 {
   imports = [ ./options.nix ];
   config = mkIf cfg.enable {
-    boot.lanzaboote = {
-      enable = cfg.enable;
-      pkiBundle = "/etc/secureboot";
-      settings = {
-        console-mode = "max";
+    boot = {
+      loader = {
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+      lanzaboote = {
+        enable = cfg.enable;
+        pkiBundle = "/etc/secureboot";
+        settings = {
+          console-mode = "max";
+        };
+        configurationLimit = cfg.configLimit;
       };
-      configurationLimit = cfg.configLimit;
     };
   };
 }

modules/nixos/boot/systemd-boot/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, namespace, ... }:
+with lib;
+let
+  # inherit (lib.${namespace}) mkOpt;
+  cfg = config.${namespace}.boot.systemd-boot;
+in
+{
+  options.${namespace}.boot.systemd-boot = {
+    enable = mkEnableOption "enable systemd-boot";
+  };
+
+  config = mkIf cfg.enable {
+    boot = {
+      loader = {
+        systemd-boot = {
+          enable = mkDefault true;
+          configurationLimit = mkDefault 10;
+        };
+
+        efi = {
+          canTouchEfiVariables = mkDefault true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+    };
+  };
+}

modules/nixos/hardware/common/default.nix

@@ -5,7 +5,7 @@
   ...
 }:
 let
-  isArm = "aarch64-linux" == system;
+  isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
 in
 {
   hardware = {

modules/nixos/home/default.nix

@@ -8,7 +8,7 @@
   ...
 }:
 let
-  isArm = ("aarch64-linux" == system);
+  isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
 in
 {
 
@@ -48,6 +48,9 @@ in
       # Pass inputs so external modules can access them
       extraSpecialArgs = {
         inherit inputs;
+        overlays = with inputs; [
+          nix-vscode-extensions.overlays.default
+        ];
       };
 
       # Make ALL external HM modules available globally

modules/nixos/power/default.nix

@@ -0,0 +1,63 @@
+{ config, lib, namespace, ... }:
+with lib;
+let
+  inherit (lib.${namespace}) mkOpt;
+  cfg = config.${namespace}.power.ups;
+in
+{
+  options.${namespace}.power.ups = {
+    enable = mkEnableOption "Enable UPS support";
+
+    upsName = mkOpt types.str "nas-ups" "Name of the ups";
+    upsUser = mkOpt types.str "nas-admin" "Name of the ups user";
+
+    upsdPort = mkOpt types.int 3493 "Port for upsd";
+  };
+
+  config = mkIf cfg.enable {
+    power.ups = {
+      enable = true;
+      openFirewall = true;
+      mode = "netserver";
+
+      ups = {
+        "${cfg.upsName}" = {
+          description = "NAS UPS";
+          driver = "usbhid-ups";
+          port = "auto";
+        };
+      };
+
+      users."${cfg.upsUser}" = {
+        passwordFile = config.sops.secrets."jallen-nas/ups_password".path;
+        actions = [ "ALL" ];
+        instcmds = [ "ALL" ];
+        upsmon = "primary";
+      };
+
+      upsmon = {
+        enable = true;
+        monitor."${cfg.upsName}" = {
+          passwordFile = config.sops.secrets."jallen-nas/ups_password".path;
+          user = cfg.upsUser;
+        };
+      };
+
+      upsd = {
+        enable = true;
+        listen = [
+          {
+            address = "0.0.0.0";
+            port = 3493;
+          }
+        ];
+      };
+    };
+
+    services = {
+      apcupsd = {
+        enable = true;
+      };
+    };
+  };
+}

modules/nixos/security/tpm/default.nix

@@ -0,0 +1,33 @@
+{ config, lib, namespace, ... }:
+with lib;
+let
+  # inherit (lib.${namespace}) mkOpt;
+  cfg = config.${namespace}.security.tpm;
+in
+{
+  options.${namespace}.security.tpm = {
+    enable = mkEnableOption "enable tpm";
+  };
+
+  config = mkIf cfg.enable {
+
+    security.tpm2 = {
+      enable = lib.mkDefault true;
+    };
+
+    boot = {
+      initrd = {
+        kernelModules = [
+          "tpm"
+          "tpm_tis"
+          "tpm_crb"
+          "tpm_infineon"
+        ];
+        systemd = {
+          enable = lib.mkDefault true;
+          tpm2.enable = lib.mkDefault true;
+        };
+      };
+    };
+  };
+}

modules/nixos/services/samba/default.nix

@@ -1,7 +1,7 @@
-{ lib, config, ... }:
+{ lib, config, namespace, ... }:
 with lib;
 let
-  cfg = config.nas-samba;
+  cfg = config.${namespace}.samba;
   sambaShares =
     let
       make =

modules/nixos/services/samba/options.nix

@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, namespace, ... }:
 with lib;
 {
-  options.nas-samba = {
+  options.${namespace}.samba = {
     enable = mkEnableOption "nas samba service";
 
     autoStart = mkOption {

modules/nixos/user/default.nix

@@ -10,8 +10,6 @@ let
   inherit (lib.mjallen) mkOpt mkBoolOpt;
   cfg = config.${namespace}.user;
 
-  isRoot = (cfg.name == "root");
-
   # Common SSH keys used across systems
   commonSshKeys = [
     # MacBook
@@ -42,7 +40,11 @@ in
 
     enableCommonSshKeys = mkBoolOpt true "Whether to include common SSH keys used across systems.";
 
-    uid = mkOpt int (if isRoot then ids.uids.root else 1000) "The user ID for the user account.";
+    uid = mkOpt int 1000 "The user ID for the user account.";
+
+    group = mkOpt str "wheel" "Group of the user";
+
+    gid = mkOpt int 1000 "gid of the group";
 
     packages = mkOpt (listOf package) [ ] "List of packages to install for this user.";
 
@@ -60,50 +62,55 @@ in
   };
 
   config = {
-    users.mutableUsers = cfg.mutableUsers;
+    users = {
+      mutableUsers = cfg.mutableUsers;
+      groups.${cfg.group}.gid = lib.mkForce cfg.gid;
+      users.${cfg.name} = {
+        inherit (cfg)
+          name
+          uid
+          linger
+          packages
+          password
+          hashedPassword
+          hashedPasswordFile
+          ;
 
-    users.users.${cfg.name} = {
-      inherit (cfg)
-        name
-        uid
-        linger
-        packages
-        password
-        hashedPassword
-        hashedPasswordFile
-        ;
+        extraGroups = [
+          "wheel"
+          "keys"
+          "networkmanager"
+          "ratbagd"
+          "scanner"
+          "systemd-journal"
+          "mpd"
+          "audio"
+          "video"
+          "input"
+          "plugdev"
+          "lp"
+          "tss"
+          "power"
+          "nix"
+          "i2c"
+          "media"
+          "nscd"
+          "avahi"
+          "podman"
+          "libvirtd"
+        ]
+        ++ cfg.extraGroups;
 
-      extraGroups = [
-        "wheel"
-        "keys"
-        "networkmanager"
-        "ratbagd"
-        "scanner"
-        "systemd-journal"
-        "mpd"
-        "audio"
-        "video"
-        "input"
-        "plugdev"
-        "lp"
-        "tss"
-        "power"
-        "nix"
-        "i2c"
-      ]
-      ++ cfg.extraGroups;
-
-      group = "users";
-      home = "/home/${cfg.name}";
-      isNormalUser = (!isRoot);
-      isSystemUser = isRoot;
-      shell = lib.mkForce pkgs.zsh;
-
-      # SSH keys - combine user-specific and common keys
-      openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
-    }
-    // cfg.extraOptions;
+        group = cfg.group;
+        home = "/home/${cfg.name}";
+        isNormalUser = true;
+        shell = lib.mkForce pkgs.zsh;
 
+        # SSH keys - combine user-specific and common keys
+        openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
+      }
+      // cfg.extraOptions;
+    };
     assertions = [
       {
         assertion =