refactor: simplify apps.colmena

README.md

@@ -21,16 +21,7 @@ nix build -L '.#nixosConfigurations.vm.config.system.build.vmWithDisko'
 ./result/bin/disko-vm
 ```
 
-## deploy using colmena
+## docs
 
-```
+* [deploy using colmena](./deploy/README.md)
-colmena apply
+* [SD installer images](./images/README.md)
-```
-
-
-## SD installer images
-
-```
-nix build .#images.sd-image-orange-pi-aarch64
-nix build .#images.sd-image-raspberry-pi-aarch64
-```

deploy/colmena.nix

@@ -17,7 +17,7 @@ in
 inputs.colmena.lib.makeHive {
   meta = {
     nixpkgs = import inputs.nixpkgs {
-      system = "x86_64-linux";
+      localSystem = "x86_64-linux";
     };
 
     nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;

dots/.bashrc

@@ -103,13 +103,6 @@ if [[ -z "${SSH_CONNECTION}" ]]; then
 fi
 # }}}
 
-# pnpm
-export PNPM_HOME="/home/h/.local/share/pnpm"
-case ":$PATH:" in
-  *":$PNPM_HOME:"*) ;;
-  *) export PATH="$PNPM_HOME:$PATH" ;;
-esac
-# pnpm end
 
 # Codi
 # Usage: codi [filetype] [filename]

flake.lock

@@ -121,11 +121,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1771669320,
+        "lastModified": 1771732978,
-        "narHash": "sha256-LqmgIBpjpMQKkHKCSGJkluMVFFoBdkUhJnu+Cq+jgGc=",
+        "narHash": "sha256-o7gZh/eXFkEEmzwlBdIbgCJhmdlqQhOhVjudqgsIefg=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "496abb3aef244b896bf7cdd65e071cf624f16338",
+        "rev": "18226106e18bc40cce99d436ee741a946f1888f6",
         "type": "gitlab"
       },
       "original": {
@@ -284,11 +284,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770726378,
+        "lastModified": 1771857445,
-        "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
+        "narHash": "sha256-NCrhxU9wq5+4jQG1fvRbyTnH8GSbH6LovreVoH2fOL4=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
+        "rev": "3d7a52f678227930ab089f5d9b384f2d50f7d534",
         "type": "github"
       },
       "original": {
@@ -344,11 +344,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771683283,
+        "lastModified": 1771851181,
-        "narHash": "sha256-WxAEkAbo8dP7qiyPM6VN4ZGAxfuBVlNBNPkrqkrXVEc=",
+        "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c6ed3eab64d23520bcbb858aa53fe2b533725d4a",
+        "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c",
         "type": "github"
       },
       "original": {
@@ -667,11 +667,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771524872,
+        "lastModified": 1771735105,
-        "narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=",
+        "narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7",
+        "rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f",
         "type": "github"
       },
       "original": {
@@ -717,11 +717,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1771626923,
+        "lastModified": 1771787992,
-        "narHash": "sha256-Mn6oeKrY+Sw6kH0jK+hp5QQH4MTcqwBRQL/ScZDNcz8=",
+        "narHash": "sha256-Vg4bGwwenNYI8p3nJTl9FRyeIyrjATeZrZr+GyUSDrw=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "b09847414b50c65788936199918272377f70fb91",
+        "rev": "30054cca073b49b42a71289edec858f535b27fe9",
         "type": "github"
       },
       "original": {

flake.nix

@@ -55,7 +55,6 @@
       home-manager,
       nixgl,
       git-hooks,
-      colmena,
       ...
     }@inputs:
     let
@@ -78,8 +77,10 @@
         (lib.genAttrs hostDirNames (
           host:
           nixpkgs.lib.nixosSystem {
-            system = import ./hosts/${host}/system.nix;
+            modules = [
-            modules = [ ./hosts/${host} ];
+              ./hosts/${host}
+              { nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
+            ];
             specialArgs = {
               inherit inputs outputs dotsPath;
             };
@@ -87,14 +88,12 @@
         ))
         // {
           sd-image-orange-pi-aarch64 = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
             modules = [
               "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
               ./images/sd-image-orange-pi-aarch64.nix
               {
-                nixpkgs.crossSystem = {
+                nixpkgs.buildPlatform = "x86_64-linux";
-                  system = "aarch64-linux";
+                nixpkgs.hostPlatform = "aarch64-linux";
-                };
               }
             ];
             specialArgs = {
@@ -102,14 +101,12 @@
             };
           };
           sd-image-raspberry-pi-aarch64 = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
             modules = [
               "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
               ./images/sd-image-raspberry-pi-aarch64.nix
               {
-                nixpkgs.crossSystem = {
+                nixpkgs.buildPlatform = "x86_64-linux";
-                  system = "aarch64-linux";
+                nixpkgs.hostPlatform = "aarch64-linux";
-                };
               }
             ];
             specialArgs = {
@@ -132,7 +129,8 @@
       };
 
       apps.${system}.colmena = inputs.colmena.apps.${system}.default;
-      colmenaHive = import ./deploy/colmena.nix {
+
+      colmena = import ./deploy/colmena.nix {
         inherit
           self
           inputs
@@ -143,9 +141,11 @@
       formatter.${system} = gitHooks.formatter;
       devShells.${system} = gitHooks.devShells;
 
-      images.sd-image-orange-pi-aarch64 =
+      legacyPackages.${system} = {
-        self.nixosConfigurations.sd-image-orange-pi-aarch64.config.system.build.sdImage;
+        sd-image-orange-pi-aarch64 =
-      images.sd-image-raspberry-pi-aarch64 =
+          self.nixosConfigurations.sd-image-orange-pi-aarch64.config.system.build.sdImage;
-        self.nixosConfigurations.sd-image-raspberry-pi-aarch64.config.system.build.sdImage;
+        sd-image-raspberry-pi-aarch64 =
+          self.nixosConfigurations.sd-image-raspberry-pi-aarch64.config.system.build.sdImage;
+      };
     };
 }

git-hooks.nix

@@ -10,7 +10,10 @@ let
   pre-commit-check = git-hooks.lib.${system}.run {
     inherit src;
     hooks = {
-      nixfmt.enable = true;
+      nixfmt = {
+        enable = true;
+        package = pkgs.nixfmt;
+      };
       statix.enable = true;
       deadnix.enable = true;
     };

home/hosts/andromache/default.nix

@@ -23,6 +23,7 @@ in
     ../../modules/kitty.nix
     ../../modules/music
     ../../modules/nvim.nix
+    ../../modules/pandoc.nix
     ../../modules/ssh.nix
     ../../modules/taskwarrior.nix
     ../../modules/keepassxc.nix
@@ -46,6 +47,7 @@ in
   cloud.hetzner.enable = true;
   comms.signal.enable = true;
   github.enable = true;
+  pandoc.enable = true;
 
   shell.bash = {
     enable = true;

home/hosts/astyanax/default.nix

@@ -23,6 +23,7 @@ in
     ../../modules/music
     ../../modules/nfc
     ../../modules/nvim.nix
+    ../../modules/pandoc.nix
     ../../modules/ssh.nix
     ../../modules/taskwarrior.nix
     ../../modules/keepassxc.nix
@@ -45,6 +46,7 @@ in
   comms.signal.enable = true;
   github.enable = true;
   nfc.proxmark3.enable = true;
+  pandoc.enable = true;
 
   shell.bash = {
     enable = true;

home/hosts/packages.nix

@@ -6,17 +6,12 @@ with pkgs;
   entr
   feh
   fzf
-  haskellPackages.pandoc-crossref
   htop
   jq
-  nixfmt-rfc-style
   nmap
-  nodejs_24
   nvimpager
-  pandoc
   parallel
   pass
-  pnpm
   ripgrep
   silver-searcher
   sops

home/hosts/work/default.nix

@@ -13,24 +13,29 @@ in
     inputs.sops-nix.homeManagerModules.sops
     ../../modules
     ../../modules/stylix.nix
-    ../../modules/lib.nix
     ../../modules/ai-tools.nix
     ../../modules/cloud
     ../../modules/comms
+    ../../modules/desktop/niri
     ../../modules/dconf.nix
     ../../modules/direnv
     ../../modules/docker
     ../../modules/git
+    ../../modules/go
     ../../modules/k8s
     ../../modules/k8s/k9s.nix
     ../../modules/keepassxc.nix
     ../../modules/kitty.nix
     ../../modules/nvim.nix
+    ../../modules/pandoc.nix
     ../../modules/browser
     ../../modules/shell
     ../../modules/music
+    ../../modules/nodejs.nix
     ../../modules/taskwarrior.nix
     ../../modules/bruno.nix
+    ../../modules/pandoc.nix
+    ../../modules/vscode.nix
   ];
 
   sops = {
@@ -43,14 +48,29 @@ in
       taskwarrior_sync_encryption_secret = { };
       anki_sync_user = { };
       anki_sync_key = { };
+      opencode_api_key = { };
     };
 
-    templates."taskrc.d/sync" = {
+    templates = {
-      content = ''
+      "taskrc.d/sync" = {
-        sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
+        content = ''
-        sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
+          sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
-        sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
+          sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
-      '';
+          sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
+        '';
+      };
+
+      "opencode/auth.json" = {
+        path = "${config.home.homeDirectory}/.local/share/opencode/auth.json";
+        content = ''
+          {
+            "zai-coding-plan": {
+              "type": "api",
+              "key": "${config.sops.placeholder.opencode_api_key}"
+            }
+          }
+        '';
+      };
     };
   };
 
@@ -72,9 +92,13 @@ in
   cloud.azure.enable = true;
   comms.signal.enable = true;
   comms.teams.enable = true;
-  ai-tools.claude-code.enable = true;
+  ai-tools = {
+    claude-code.enable = true;
+    opencode.enable = true;
+  };
   github.enable = true;
   gitlab.enable = true;
+  pandoc.enable = true;
 
   shell.bash.enable = true;
   starship.enable = true;

home/modules/ai-tools.nix

@@ -82,6 +82,7 @@ in
             "~/.config/sops/age/keys.txt" = "deny";
           };
         };
+        plugin = [ "@mohak34/opencode-notifier@latest" ];
       };
     })
   ];

home/modules/browser/firefox-base.nix

@@ -26,7 +26,7 @@ in
       };
       extensions = {
         force = true;
-        packages = with inputs.firefox-addons.packages.${pkgs.system}; [
+        packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [
           duckduckgo-privacy-essentials
           firefox-color
           istilldontcareaboutcookies

home/modules/bruno.nix

@@ -1,19 +1,7 @@
 { config, pkgs, ... }:
 
-let
-  needsNixGL = config.lib ? nixGL;
-  bruno =
-    if needsNixGL then
-      pkgs.bruno.overrideAttrs (old: {
-        postInstall = (old.postInstall or "") + ''
-          wrapProgram $out/bin/bruno --add-flags "--no-sandbox"
-        '';
-      })
-    else
-      pkgs.bruno;
-in
 {
   config = {
-    home.packages = [ (config.nixgl.wrap bruno) ];
+    home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.bruno "--no-sandbox")) ];
   };
 }

home/modules/comms/signal.nix

@@ -4,8 +4,9 @@
   pkgs,
   ...
 }:
+
 {
   config = lib.mkIf config.comms.signal.enable {
-    home.packages = [ (config.nixgl.wrap pkgs.signal-desktop) ];
+    home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.signal-desktop "--no-sandbox")) ];
   };
 }

home/modules/comms/teams.nix

@@ -7,6 +7,6 @@
 
 {
   config = lib.mkIf config.comms.teams.enable {
-    home.packages = [ (config.nixgl.wrap pkgs.teams-for-linux) ];
+    home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.teams-for-linux "--no-sandbox")) ];
   };
 }

home/modules/default.nix

@@ -6,4 +6,19 @@
     default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
     readOnly = true;
   };
+
+  options.wrapApp = lib.mkOption {
+    type = lib.types.raw;
+    default =
+      pkg: flags:
+      if config.lib ? nixGL then
+        pkg.overrideAttrs (old: {
+          postInstall = (old.postInstall or "") + ''
+            wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
+          '';
+        })
+      else
+        pkg;
+    readOnly = true;
+  };
 }

home/modules/go/default.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.go = {
+    enable = lib.mkEnableOption "go language";
+  };
+
+  config = lib.mkIf config.go.enable {
+    home.packages = with pkgs; [
+      go
+      gopls
+    ];
+  };
+}

home/modules/nodejs.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  options.nodejs = {
+    enable = lib.mkEnableOption "nodejs (and related packages)";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.nodejs_24;
+    };
+  };
+
+  config = lib.mkIf config.nodejs.enable {
+    home.packages = with pkgs; [
+      config.nodejs.package
+      pnpm
+      yarn
+      biome
+      tsx
+    ];
+  };
+}

home/modules/nvim.nix

@@ -3,7 +3,7 @@
 {
   config = {
     home.packages = [
-      inputs.nvim.packages.${pkgs.system}.nvim
+      inputs.nvim.packages.${pkgs.stdenv.hostPlatform.system}.nvim
     ];
   };
 }

home/modules/pandoc.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.pandoc = {
+    enable = lib.mkEnableOption "pandoc";
+  };
+
+  config = lib.mkIf config.pandoc.enable {
+    home.packages = with pkgs; [
+      haskellPackages.pandoc-crossref
+      pandoc
+      texliveSmall
+    ];
+  };
+}

home/modules/vscode.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+  config = {
+    home.packages = [ (config.nixgl.wrap (config.wrapApp pkgs.vscode "--disable-gpu-sandbox")) ];
+  };
+}

hosts/andromache/default.nix

@@ -5,6 +5,7 @@
   pkgs,
   ...
 }:
+
 let
   username = "h";
   hostName = "andromache";
@@ -27,6 +28,7 @@ in
     ../../modules/desktops/niri
     ../../modules/backups
     ../../modules/bluetooth
+    ../../modules/gaming
     ../../modules/keyboard
     (import ../../modules/networking { inherit hostName; })
     ../../modules/users
@@ -34,10 +36,12 @@ in
     ../../modules/localization
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
+    ../../modules/storage
     ../../modules/stylix
     (import ../../modules/secrets { inherit lib inputs config; })
     ../../modules/docker
     ../../modules/syncthing
+    ../../modules/nvidia
   ];
 
   home-manager.users.${username} = import ../../home/hosts/andromache {
@@ -79,42 +83,26 @@ in
     };
   };
 
-  hardware = {
+  hardware.cpu.intel.updateMicrocode = true;
-    cpu.intel.updateMicrocode = true;
-    graphics.enable = true;
-    nvidia = {
-      modesetting.enable = true;
-      powerManagement.enable = true;
-      powerManagement.finegrained = false;
-      open = true;
-      nvidiaSettings = true;
-      package = config.boot.kernelPackages.nvidiaPackages.stable;
-    };
-  };
 
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   environment.systemPackages = [
-    inputs.colmena.packages.${pkgs.system}.colmena
+    inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
   ];
 
   services = {
-    xserver = {
+    locate = {
-      videoDrivers = [ "nvidia" ];
+      enable = true;
+      package = pkgs.plocate;
     };
 
     openssh = {
       enable = true;
       harden = true;
     };
-    locate = {
-      enable = true;
-      package = pkgs.plocate;
-    };
   };
 
-  my.syncthing.enable = true;
-
   networking = {
     # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
     hostId = "80eef97e";

hosts/astyanax/default.nix

@@ -35,10 +35,10 @@ in
     ../../modules/localization
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
+    ../../modules/storage
     ../../modules/stylix
     (import ../../modules/secrets { inherit lib inputs config; })
     ../../modules/docker
-    ../../modules/syncthing
     ../../modules/nfc
   ];
 
@@ -81,7 +81,7 @@ in
   };
 
   environment.systemPackages = [
-    inputs.colmena.packages.${pkgs.system}.colmena
+    inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
     (pkgs.writeShellApplication {
       name = "wol-andromache";
       runtimeInputs = [ pkgs.wakeonlan ];
@@ -108,7 +108,20 @@ in
       enable = true;
       package = pkgs.plocate;
     };
-  };
+    tlp = {
+      enable = true;
+      settings = {
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
 
-  my.syncthing.enable = true;
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+
+        CPU_MIN_PERF_ON_AC = 0;
+        CPU_MAX_PERF_ON_AC = 100;
+        CPU_MIN_PERF_ON_BAT = 0;
+        CPU_MAX_PERF_ON_BAT = 20;
+      };
+    };
+  };
 }

hosts/hecuba/default.nix

@@ -83,15 +83,4 @@ in
     enable = true;
     harden = true;
   };
-
-  nix.settings = {
-    trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "astyanax:JY2qJkZUFSax47R3c1nq53AZ8GnLfNqz6mSnJ60cLZ4="
-      "andromache:XM4VLrEw63RB/3v/56OxzH/Yw+kKXKMBLKCb7UGAXzo="
-    ];
-    auto-optimise-store = true;
-    keep-derivations = false;
-    keep-outputs = false;
-  };
 }

hosts/vm/default.nix

@@ -25,6 +25,7 @@ in
     ../../modules/x
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
+    ../../modules/storage
     (import ../../modules/secrets {
       inherit lib inputs config;
     })

images/sd-image-raspberry-pi-aarch64.nix

@@ -31,7 +31,7 @@ in
 
   hardware.enableRedistributableFirmware = true;
 
-  hardware.pulseaudio.enable = true;
+  services.pulseaudio.enable = true;
 
   networking.wireless.enable = true;
 

modules/audio/default.nix

@@ -1,6 +1,9 @@
-_:
-
 {
+  nixpkgs.allowedUnfree = [
+    "spotify"
+    "spotify-unwrapped"
+  ];
+
   security.rtkit.enable = true;
   services = {
     pulseaudio.enable = false;

modules/common/default.nix

@@ -1,58 +1,67 @@
-let
-  flakePath = "/home/h/nix";
-in
 {
   inputs,
   outputs,
   dotsPath,
+  config,
   ...
 }:
 
+let
+  inherit (inputs.nixpkgs) lib;
+in
 {
   imports = [
     inputs.home-manager.nixosModules.default
   ];
 
-  system.stateVersion = "25.05";
+  options.nixpkgs.allowedUnfree = lib.mkOption {
-
+    type = lib.types.listOf lib.types.str;
-  nix.settings.experimental-features = [
+    default = [ ];
-    "nix-command"
-    "flakes"
-  ];
-
-  nixpkgs.config.allowUnfree = true;
-
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {
-      inherit inputs outputs dotsPath;
-    };
   };
 
-  nix = {
+  config = {
-    optimise = {
+    system.stateVersion = "25.05";
-      automatic = true;
-      dates = [ "05:00" ];
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 30d";
-    };
-  };
 
-  system.autoUpgrade = {
+    nix = {
-    enable = true;
+      optimise = {
-    flake = flakePath;
+        automatic = true;
-    flags = [
+        dates = [ "05:00" ];
-      "--recreate-lock-file"
+      };
-      "--commit-lock-file"
+      gc = {
-      "--print-build-logs"
+        automatic = true;
-      "--refresh"
+        dates = "weekly";
-    ];
+        options = "--delete-older-than 30d";
-    dates = "05:00";
+      };
-    randomizedDelaySec = "45min";
+      settings.experimental-features = [
-    allowReboot = false;
+        "nix-command"
+        "flakes"
+      ];
+    };
+
+    system.autoUpgrade = {
+      enable = true;
+      flags = [
+        "--recreate-lock-file"
+        "--commit-lock-file"
+        "--print-build-logs"
+        "--refresh"
+      ];
+      dates = "05:00";
+      randomizedDelaySec = "45min";
+      allowReboot = false;
+    };
+
+    nixpkgs.config.allowUnfreePredicate =
+      pkg: builtins.elem (lib.getName pkg) config.nixpkgs.allowedUnfree;
+
+    environment.defaultPackages = lib.mkForce [ ];
+
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      extraSpecialArgs = {
+        inherit inputs outputs dotsPath;
+      };
+    };
   };
 }

modules/gaming/default.nix

@@ -0,0 +1,12 @@
+{
+  nixpkgs.allowedUnfree = [
+    "steam"
+    "steam-unwrapped"
+  ];
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = false;
+    dedicatedServer.openFirewall = false;
+  };
+}

modules/nvidia/default.nix

@@ -0,0 +1,22 @@
+{ config, ... }:
+
+{
+  nixpkgs.allowedUnfree = [
+    "nvidia-x11"
+    "nvidia-persistenced"
+    "nvidia-settings"
+  ];
+
+  hardware.graphics.enable = true;
+
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    powerManagement.finegrained = false;
+    open = true;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+}

modules/storage/default.nix

@@ -0,0 +1,3 @@
+{
+  services.udisks2.enable = true;
+}