Refactor.

suites/common.nix

@@ -0,0 +1,134 @@
+{
+  pkgs,
+  lib,
+  user,
+  ...
+}:
+with lib;
+{
+  # NixOS version.
+  system.stateVersion = "25.05";
+
+  # Enable flakes.
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # Allow unfree packages.
+  nixpkgs.config.allowUnfree = true;
+
+  # Enable redistributable firmware.
+  hardware.enableRedistributableFirmware = true;
+
+  # Set time zone.
+  time.timeZone = "Australia/Perth";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_AU.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_AU.UTF-8";
+    LC_IDENTIFICATION = "en_AU.UTF-8";
+    LC_MEASUREMENT = "en_AU.UTF-8";
+    LC_MONETARY = "en_AU.UTF-8";
+    LC_NAME = "en_AU.UTF-8";
+    LC_NUMERIC = "en_AU.UTF-8";
+    LC_PAPER = "en_AU.UTF-8";
+    LC_TELEPHONE = "en_AU.UTF-8";
+    LC_TIME = "en_AU.UTF-8";
+  };
+
+  # Configure keymap in X11.
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable networking.
+  networking.networkmanager.enable = true;
+
+  # Define a user account.
+  users.users.${user} = {
+    isNormalUser = true;
+    description = mkIf (user == "fern") "Fern Garden";
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+    ];
+  };
+
+  # Use fish shell
+  programs.fish = {
+    enable = true;
+    interactiveShellInit = ''
+      function n --wraps nnn --description 'support nnn quit and change directory'
+          if test -n "$NNNLVL" -a "$NNNLVL" -ge 1
+              echo "nnn is already running"
+              return
+          end
+
+          if test -n "$XDG_CONFIG_HOME"
+              set -x NNN_TMPFILE "$XDG_CONFIG_HOME/nnn/.lastd"
+          else
+              set -x NNN_TMPFILE "$HOME/.config/nnn/.lastd"
+          end
+
+          command ${pkgs.nnn}/bin/nnn $argv
+
+          if test -e $NNN_TMPFILE
+              source $NNN_TMPFILE
+              rm -- $NNN_TMPFILE
+          end
+      end
+    '';
+  };
+
+  programs.bash = {
+    interactiveShellInit = ''
+      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+      then
+        shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+      fi
+    '';
+  }; # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
+
+  # Install some packages.
+  programs.git.enable = true;
+
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true; # Use neovim as default terminal editor.
+    configure = {
+      customRC = ''
+        set expandtab
+        set shiftwidth=2
+        set tabstop=8
+        set softtabstop=2
+        set number
+        colorscheme kanagawa-dragon
+      '';
+      packages.myVimPackage = with pkgs.vimPlugins; {
+        start = [ kanagawa-nvim ];
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    aria2
+    btop
+    lynx
+    ncdu
+    nnn
+    rsync
+    tmux
+    trash-cli
+  ];
+
+  # Enable avahi hostname resolution.
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+  };
+}

suites/laptop.nix

@@ -0,0 +1,171 @@
+{
+  pkgs,
+  lib,
+  feishin0_17,
+  fluffychat2,
+  ...
+}:
+with lib;
+{
+  # Configure the bootloader.
+  boot = {
+    # Enable secure boot.
+    bootspec.enable = true;
+    initrd.systemd.enable = true;
+    loader.systemd-boot.enable = mkForce false;
+    loader.efi.canTouchEfiVariables = true;
+
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+      settings.timeout = 0;
+    };
+
+    # Enable quiet boot with splash
+    plymouth.enable = true;
+    consoleLogLevel = 3;
+    initrd.verbose = false;
+    kernelParams = [
+      "quiet"
+      "splash"
+      "boot.shell_on_fail"
+      "udev.log_priority=3"
+      "rd.systemd.show_status=auto"
+    ];
+  };
+
+  # Enable firmware updates.
+  services.fwupd.enable = true;
+
+  # Enable zRAM swap
+  zramSwap.enable = true;
+
+  # Enable smart card support (for YubiKey).
+  services.pcscd.enable = true;
+
+  # Encrypt user's home with fscrypt
+  security.pam.enableFscrypt = true;
+
+  # Enable the GNOME Desktop Environment.
+  services.xserver = {
+    enable = true;
+
+    excludePackages = with pkgs; [
+      xterm # Don't install xterm.
+    ];
+
+    displayManager.gdm.enable = true;
+
+    desktopManager.gnome = {
+      enable = true;
+      # Enable fractional scaling.
+      extraGSettingsOverridePackages = [ pkgs.mutter ];
+      extraGSettingsOverrides = ''
+        [org.gnome.mutter]
+        experimental-features=['scale-monitor-framebuffer']
+      '';
+    };
+  };
+
+  # Theme QT applications
+  qt = {
+    enable = true;
+    style = "adwaita-dark";
+  };
+
+  # Exclude some default gnome applications.
+  environment.gnome.excludePackages = (
+    with pkgs;
+    [
+      epiphany
+      gnome-connections
+      gnome-console
+      gnome-maps
+      gnome-music
+      gnome-tour
+      totem
+      yelp
+    ]
+  );
+
+  # Remove NixOS HTML manual
+  documentation.doc.enable = false;
+
+  # Use ghostty for the "open in terminal" option in file manager.
+  programs.nautilus-open-any-terminal = {
+    enable = true;
+    terminal = "ghostty";
+  };
+
+  # Run electron apps under wayland.
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  # Install some packages.
+  programs.steam.enable = true;
+  programs.firefox.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    adwsteamgtk
+    ansible
+    celluloid
+    discord
+    feishin0_17.feishin
+    ghostty
+    gimp3
+    glabels-qt
+    gnome-tweaks
+    gnomeExtensions.auto-move-windows
+    gnomeExtensions.rounded-window-corners-reborn
+    gnomeExtensions.smile-complementary-extension
+    jellyfin-media-player
+    libreoffice
+    nixd # nix language server
+    nixfmt-rfc-style # nix language formatter
+    obsidian
+    protonmail-desktop
+    signal-desktop
+    smile
+    vscodium
+    yubioath-flutter
+
+    # PrismLauncher with temurin jre.
+    (prismlauncher.override {
+      jdks = [
+        temurin-jre-bin
+      ];
+    })
+
+    # FluffyChat 2.0.0 with fixed desktop item.
+    (fluffychat2.fluffychat.overrideAttrs (
+      finalAttrs: previousAttrs: {
+        desktopItems = [
+          ((builtins.elemAt previousAttrs.desktopItems 0).override { startupWMClass = "fluffychat"; })
+        ];
+      }
+    ))
+  ];
+
+  # Enable gamemode service
+  programs.gamemode.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # If you don't set this Wireguard won't work.
+  networking.firewall.checkReversePath = false;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Enable CPU frequency scaling management.
+  services.power-profiles-daemon.enable = mkForce false; # enabled by gnome
+  services.tlp.enable = lib.mkForce false; # enabled by nixos-hardware
+  services.auto-cpufreq.enable = true;
+}

suites/lxc.nix

@@ -0,0 +1,10 @@
+{
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    ./server.nix
+  ];
+}

suites/server.nix

@@ -0,0 +1,23 @@
+{ user, lib, ... }:
+with lib;
+{
+  # Passwordless sudo
+  security.sudo.wheelNeedsPassword = false;
+
+  # Enable all terminfo (for ghostty)
+  environment.enableAllTerminfo = true;
+
+  # Enable SSH server
+  services.openssh.enable = true;
+
+  users.users.${user}.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren"
+    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC"
+  ];
+
+  # Enable docker.
+  virtualisation.docker.enable = mkIf (user == "docker") true;
+  users.users.${user}.extraGroups = mkIf (user == "docker") [ "docker" ];
+}

suites/vm.nix

@@ -0,0 +1,35 @@
+{
+  modulesPath,
+  lib,
+  ...
+}:
+with lib;
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./server.nix
+  ];
+
+  # Load kernel modules.
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+  ];
+
+  boot.kernelModules = [ "kvm-intel" ];
+
+  # Enable DHCP.
+  networking.useDHCP = mkDefault true;
+
+  # Configure the bootloader.
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+  };
+
+  # Enable QEMU guest agent
+  services.qemuGuest.enable = true;
+}