up

hosts/darwin/shared.nix

@@ -1,6 +1,5 @@
 {
   imports = [
-    ../../modules/base
-    ../../modules/darwin
+    ../../modules/platform/darwin
   ];
 }

hosts/nixos/tahani/default.nix

@@ -5,8 +5,7 @@
   ...
 }: {
   imports = [
-    ../../../modules/base
-    ../../../modules/nixos
+    ../../../modules/platform/nixos
   ];
 
   boot = {
@@ -51,13 +50,13 @@
     nameservers = ["1.1.1.1"];
   };
 
-  sops.secrets = {
-    tahani-syncthing-cert = {
-      sopsFile = "./secrets/tahani-syncthing-cert";
-      format = "binary";
-      path = "/home/${user}/.config/syncthing/cert.pem";
-    };
-  };
+  # sops.secrets = {
+  #   tahani-syncthing-cert = {
+  #     sopsFile = "./secrets/tahani-syncthing-cert";
+  #     format = "binary";
+  #     path = "/home/${user}/.config/syncthing/cert.pem";
+  #   };
+  # };
 
   services.syncthing = {
     enable = true;

modules/base/home-manager/default.nix

@@ -1,28 +0,0 @@
-{
-  imports = [
-    ./atuin.nix
-    ./bat.nix
-    ./eza.nix
-    ./fish.nix
-    ./git.nix
-    ./lazygit.nix
-    ./neovim
-    ./mise.nix
-    ./ssh.nix
-    ./starship.nix
-    ./zellij.nix
-    ./zoxide.nix
-    ./zsh.nix
-  ];
-
-  programs.home-manager.enable = true;
-  programs.direnv = {
-    enable = true;
-    nix-direnv.enable = true;
-  };
-
-  home.shellAliases = {
-    v = "nvim";
-    lg = "lazygit";
-  };
-}

modules/core/default.nix

@@ -1,11 +1,5 @@
-{
-  sops-nix,
-  pkgs,
-  user,
-  ...
-}: {
-  imports = [
-  ];
+{pkgs, ...}: {
+  programs.fish.enable = true;
 
   nixpkgs = {
     config = {
@@ -27,7 +21,6 @@
     settings = {
       trusted-users = [
         "@admin"
-        "${user}"
       ];
       substituters = [
         "https://nix-community.cachix.org"
@@ -43,12 +36,4 @@
       experimental-features = nix-command flakes
     '';
   };
-
-  programs.fish.enable = true;
-
-  services = {
-    tailscale = {
-      enable = true;
-    };
-  };
 }

modules/home-manager/base/default.nix

@@ -0,0 +1,24 @@
+{
+  imports = [
+    ./shell/aliases.nix
+    ./shell/fish.nix
+    ./shell/starship.nix
+    ./shell/zsh.nix
+    ./tools/atuin.nix
+    ./tools/bat.nix
+    ./tools/eza.nix
+    ./tools/git.nix
+    ./tools/lazygit.nix
+    ./tools/mise.nix
+    ./tools/ssh.nix
+    ./tools/zellij.nix
+    ./tools/zoxide.nix
+    ./editors/neovim
+  ];
+
+  programs.home-manager.enable = true;
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}

modules/home-manager/base/shell/aliases.nix

@@ -0,0 +1,6 @@
+{
+  home.shellAliases = {
+    v = "nvim";
+    lg = "lazygit";
+  };
+}

modules/home-manager/darwin/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./terminal/ghostty.nix
+  ];
+}

modules/home-manager/nixos/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./terminal/zellij.nix
+  ];
+}

modules/networking/firewall.nix

@@ -0,0 +1,6 @@
+{
+  networking.firewall = {
+    enable = true;
+    trustedInterfaces = ["eno1" "tailscale0"];
+  };
+}

modules/networking/ssh.nix

@@ -0,0 +1,9 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = false;
+    };
+  };
+}

modules/networking/tailscale.nix

@@ -0,0 +1,3 @@
+{
+  services.tailscale.enable = true;
+}

modules/nixos/default.nix

@@ -1,109 +0,0 @@
-{
-  pkgs,
-  nixvim,
-  user,
-  sops-nix,
-  ...
-}: let
-  sshKeys = import ../../shared/ssh-keys.nix;
-in {
-  imports = [
-    sops-nix.nixosModules.sops
-  ];
-
-  system.stateVersion = "25.11";
-  time.timeZone = "UTC";
-
-  nix = {
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 30d";
-    };
-    nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
-  };
-
-  networking.firewall = {
-    enable = true;
-    trustedInterfaces = ["eno1" "tailscale0"];
-  };
-
-  services = {
-    openssh = {
-      enable = true;
-      settings = {
-        PermitRootLogin = "yes";
-        PasswordAuthentication = false;
-      };
-    };
-    tailscale = {
-      enable = true;
-      port = 41641;
-      useRoutingFeatures = "server";
-      openFirewall = true;
-    };
-    adguardhome = {
-      enable = true;
-      port = 10000;
-      settings = {
-        dns = {
-          upstream_dns = [
-            "1.1.1.1"
-            "1.0.0.1"
-          ];
-        };
-        filtering = {
-          protection_enabled = true;
-          filtering_enabled = true;
-          safe_search = {
-            enabled = false;
-          };
-        };
-      };
-    };
-  };
-
-  users.users = {
-    ${user} = {
-      isNormalUser = true;
-      home = "/home/${user}";
-      extraGroups = [
-        "wheel"
-        "sudo"
-        "network"
-        "systemd-journal"
-        "docker"
-      ];
-      shell = pkgs.fish;
-      openssh.authorizedKeys.keys = sshKeys.keys;
-    };
-
-    root = {
-      openssh.authorizedKeys.keys = sshKeys.keys;
-    };
-  };
-
-  security.sudo = {
-    enable = true;
-  };
-
-  home-manager = {
-    users.${user} = {
-      pkgs,
-      config,
-      lib,
-      ...
-    }: {
-      _module.args = {inherit user;};
-      imports = [
-        nixvim.homeModules.nixvim
-        ../base/home-manager
-        ./home-manager/zellij.nix
-      ];
-      home = {
-        packages = pkgs.callPackage ../base/packages.nix {} ++ pkgs.callPackage ./packages.nix {};
-        stateVersion = "25.11";
-      };
-    };
-  };
-}

modules/packages/default.nix

@@ -1,7 +1,6 @@
 {pkgs}:
 with pkgs; [
   alejandra
-  sops
   delta
   docker
   docker-compose
@@ -22,6 +21,7 @@ with pkgs; [
   prettier
   python312
   ripgrep
+  sops
   sqlite
   tree
   tree-sitter

modules/platform/darwin/default.nix

@@ -6,6 +6,8 @@
   ...
 }: {
   imports = [
+    ../../core
+    ../../networking/tailscale.nix
     ./secrets.nix
     ./system.nix
     ./homebrew.nix
@@ -17,11 +19,14 @@
     stateVersion = 6;
   };
 
-  nix.gc.interval = {
+  nix = {
+    settings.trusted-users = ["@admin" "${user}"];
+    gc.interval = {
       Weekday = 0;
       Hour = 2;
       Minute = 0;
     };
+  };
 
   users.users.${user} = {
     name = "${user}";
@@ -40,12 +45,13 @@
       _module.args = {inherit user;};
       imports = [
         nixvim.homeModules.nixvim
-        ../base/home-manager
-        ./home-manager/ghostty.nix
+        ../../home-manager/base
+        ../../home-manager/darwin
       ];
       fonts.fontconfig.enable = true;
       home = {
-        packages = pkgs.callPackage ../base/packages.nix {} ++ pkgs.callPackage ./packages.nix {};
+        packages = pkgs.callPackage ../../packages {} 
+                ++ pkgs.callPackage ./packages.nix {};
         stateVersion = "25.11";
       };
     };

modules/platform/nixos/default.nix

@@ -0,0 +1,74 @@
+{
+  pkgs,
+  nixvim,
+  user,
+  sops-nix,
+  ...
+}: let
+  sshKeys = import ../../../shared/ssh-keys.nix;
+in {
+  imports = [
+    ../../core
+    ../../networking/firewall.nix
+    ../../networking/ssh.nix
+    ./tailscale.nix
+    ../../services/adguard.nix
+    sops-nix.nixosModules.sops
+  ];
+
+  security.sudo.enable = true;
+
+  system.stateVersion = "25.11";
+  time.timeZone = "UTC";
+
+  nix = {
+    settings.trusted-users = ["${user}"];
+    gc.dates = "weekly";
+    nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
+  };
+
+
+
+  users.users = {
+    ${user} = {
+      isNormalUser = true;
+      home = "/home/${user}";
+      extraGroups = [
+        "wheel"
+        "sudo"
+        "network"
+        "systemd-journal"
+        "docker"
+      ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = sshKeys.keys;
+    };
+
+    root = {
+      openssh.authorizedKeys.keys = sshKeys.keys;
+    };
+  };
+
+
+
+  home-manager = {
+    users.${user} = {
+      pkgs,
+      config,
+      lib,
+      ...
+    }: {
+      _module.args = {inherit user;};
+      imports = [
+        nixvim.homeModules.nixvim
+        ../../home-manager/base
+        ../../home-manager/nixos
+      ];
+      home = {
+        packages = pkgs.callPackage ../../packages {} 
+                ++ pkgs.callPackage ./packages.nix {};
+        stateVersion = "25.11";
+      };
+    };
+  };
+}

modules/platform/nixos/tailscale.nix

@@ -0,0 +1,8 @@
+{
+  services.tailscale = {
+    enable = true;
+    port = 41641;
+    useRoutingFeatures = "server";
+    openFirewall = true;
+  };
+}

modules/services/adguard.nix

@@ -0,0 +1,21 @@
+{
+  services.adguardhome = {
+    enable = true;
+    port = 10000;
+    settings = {
+      dns = {
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+        safe_search = {
+          enabled = false;
+        };
+      };
+    };
+  };
+}