📝 Update CI/CD section and fix typo

.github/actions/install-lix/action.yml

@@ -1,4 +1,4 @@
-# Taken from: https://github.com/isabelroses/dotfiles/blob/9335e5728eaaa9bdcb0d5c3130a5d7c8dddbb6e3/.github/actions/install-lix/action.yml :3
+# Derived from: https://github.com/isabelroses/dotfiles/blob/9335e5728eaaa9bdcb0d5c3130a5d7c8dddbb6e3/.github/actions/install-lix/action.yml :3
 name: Install Lix
 description: "Install Lix for the specified system"
 
@@ -13,5 +13,5 @@ runs:
         diagnostic-endpoint: ""
         extra-conf: |
           experimental-features = flakes nix-command
-          substituters = https://nix-community.cachix.org  https://catppuccin.cachix.org https://cache.nixos.org/
+          substituters = https://nix-community.cachix.org  https://catppuccin.cachix.org https://cache.nixos.org/ https://cache.tgirl.cloud/tgirlcloud
-          trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+          trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tgirlcloud:vcV9oxS9pLXyeu1dVnBabLalLlw0yJzu6PakQM372t0=

.github/workflows/build-modules.yml

@@ -1,37 +0,0 @@
-name: "Nix: build nixos-/home modules"
-
-on:
-  workflow_dispatch:
-  # push:
-  #   paths:
-  #     - "modules/**.nix"
-  #     - "**.lock"
-  #     - ".github/workflows/build-modules.yml"
-
-jobs:
-  check-flake:
-    name: Validate x86_64-linux
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        outputs: [nixosModules, homeModules]
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref_name }}
-          persist-credentials: false
-
-      - name: Install Lix
-        uses: ./.github/actions/install-lix
-
-      - name: Setup Attic cache
-        uses: ryanccn/attic-action@v0.3.2
-        with:
-          endpoint: https://cache.thevoid.cafe
-          cache: puzzlevision
-          token: ${{ secrets.ATTIC_TOKEN }}
-
-      - name: Buid flake
-        run: nix build .#nixosModules.puzzlevision

.github/workflows/check-leaks.yml

@@ -7,6 +7,8 @@ on:
     paths:
       - "**.nix"
       - ".github/workflows/check-leaks.yml"
+      - "**.yaml"
+      - "**.md"
 
 permissions:
   contents: read

.github/workflows/deadnix.yml

@@ -14,8 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main
-      
+
-      - name: Install lix
+      - name: Install Lix
         uses: ./.github/actions/install-lix
 
       - uses: phucleeuwu/deadnix-action@v1

.github/workflows/validate-lock.yml

@@ -0,0 +1,22 @@
+name: "Nix: validate flake.lock"
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - "**.lock"
+
+jobs:
+  check-flake:
+    name: Check Lockfile
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Lix
+        uses: ./.github/actions/install-lix
+
+      - name: Check flake.lock
+        run: nix run github:tgirlcloud/pkgs#locker

.github/workflows/validate.yml

@@ -16,11 +16,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref_name }}
-          persist-credentials: false
 
-      - name: Install Nix
+      - name: Install Lix
         uses: ./.github/actions/install-lix
 
       - name: Validate Flake

README.md

@@ -11,22 +11,18 @@
 </div>
 <br>
 
-## 🚧 State of development
+## 💡 Why the need for a second version?
-All the basic functionality of v2 should be working correctly, including:
+At its core, version 2 of my NixOS flake was aimed at improving the following regions of my previous setup:
 
-- The custom lib implementation at self.lib, recursively built from the contents of the `lib` directory.
+- Implementing my own custom library at self.lib, recursively built from the contents of the `lib` directory.
 - Loading of systems from the `systems` directory, using easy-hosts.
-  - A basic workstation archetype for desktop systems.
+  - Archetypes for various systems, as seen in [Jake Hamilton's](https://github.com/jakehamilton) flake.
-- Creating users in your systems through ${self.namespace}.users,
+- Creating users in my systems through a unified NixOS module, with automated home-manager setups derived from the `homes` directory.
-automatically maps home-manager configurations from the `homes` directory to their corresponding users.
 
-Since I am actively using this configuration on my main workstation, things are evolving quickly,
+Since I am actively using this configuration on my main workstation and Server, things have mostly stabilized,
-leftover issues are actively being resolved and the list of modules is ever-growing.
+leftover issues are sparse and the list of modules is nearing completion (for my purposes that is).
-Nonetheless, one should still consider this implementation experimental.
 
-My next goal is to setup an attic binary cache,
+As such, I personally consider this flake production ready.
-with a build/release workflow that runs in regular intervals.
-(similar to isabelroses's workflow setup)
 
 ## 🚀 Deployment
 To deploy a system run the following command in your terminal of choice.
@@ -77,7 +73,7 @@ nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
 ```
 
 ## 👷 CI/CD coverage
-Currently, this repository houses 2 workflows, which are executed when pushing to the v2 branch.
+Currently, this repository houses 4 workflows, which are executed when pushing to the v2 branch.
 
 #### ↪️ `Nix: check for unused code`
 This workflow can be found in `.github/workflows/deadnix.yml`,
@@ -97,15 +93,28 @@ To be specific, it does the following:
 2. Installs nix with some experimental features (flakes, nix-command, recursive-nix, pipe-operator)
 3. Runs `nix flake check` on the codebase
 
-## 📝 Goals and improvements
+#### ↪️ `Nix: validate flake.lock`
-The main goals of this rewritten flake are:
+This workflow can be found in `.github/workflows/validate-lock.yml`.
+It simply scans flake lockfiles for duplicate entries using `nix run github:tgirlcloud/pkgs#locker`.
+Under the hood it makes use of the locker lockfile linter, created by the [tgirlcloud](https://github.com/tgirlcloud) team (mostly [isabelroses](https://github.com/isabelroses)).
 
-- using flake-parts in place of Snowfall lib
+To be specific, it does the following:
-- significantly improving the re-usability of all modules
+1. Checks out current branch
-- avoiding anti-patterns, such as `with lib; with lib.${namespace};`
+2. Installs nix with some experimental features (flakes, nix-command)
-- improved secrets management
+3. Runs `nix run github:tgirlcloud/pkgs#locker` on the codebase
-- keeping external assets closer to their related nix file, e.g. wallpapers in
+
-the desktop modules folder
+#### ↪️ `Trufflehog: check for exposed secrets`
+This workflow can be found in `.github/workflows/check-leaks.yml`.
+It runs the Trufflehog security tools on the entire repository, and tries to detect any leaked credentials.
+This is a last barrier of defense to minimise damage, in case of an emergency.
+
+## 📝 Future goals and improvements (2025-07-28)
+Some of my future goals for this flake are:
+
+- Implementing an automated release workflow with semver versioning, e.g. 2.3.0.
+- Experimenting with various window-managers, especially Niri, though not set in stone yet.
+- Researching performance best-practices for hardware and implementing patches based on those.
+- Further refining my usage of the Nix language, through language best-practices and CLI dev tools.
 
 ## 🏗️ Structure
 The structure this flake aims to build on is relatively simple to grasp.
@@ -131,5 +140,6 @@ and documentations such as:
 
 - [flake-parts](https://flake.parts)
 - [NixOS and Flakes book](https://nixos-and-flakes.thiscute.world)
+- [The official NixOS wiki](https://wiki.nixos.org)
 
 many thanks to their hard work!

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753471400,
+        "lastModified": 1753702336,
-        "narHash": "sha256-HFoF82El1cjuiz5se+SeawMwWseUUtYBimq3Iu6G2D0=",
+        "narHash": "sha256-IVFUQV6egGQHnm+I183OT+4ct/ka1IWA5u/0A9I/YV4=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "bc6d2b7b57dd29389538f8c4465e408c07187404",
+        "rev": "b32de96c3c5384c83b0f4d741ec58a7f97c9ab11",
         "type": "github"
       },
       "original": {
@@ -69,24 +69,6 @@
         "type": "github"
       }
     },
-    "flake-parts_2": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
-      },
-      "locked": {
-        "lastModified": 1749398372,
-        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -94,11 +76,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753617834,
+        "lastModified": 1753732062,
-        "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=",
+        "narHash": "sha256-vojVM0SgFP8crFh1LDDXkzaI9/er/1cuRfbNPhfBHyc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "72cc1e3134a35005006f06640724319caa424737",
+        "rev": "f49e872f55e36e67ebcb906ff65f86c7a1538f7c",
         "type": "github"
       },
       "original": {
@@ -107,11 +89,35 @@
         "type": "github"
       }
     },
+    "minegrub-theme": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1752413064,
+        "narHash": "sha256-bcWxBAAvf5hp0TmMbYrwU4SlBxc5sB/T2VsIBdX1gDk=",
+        "owner": "Lxtharia",
+        "repo": "minegrub-theme",
+        "rev": "040b163268be6e7cf743ba990177525dc47ed944",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Lxtharia",
+        "repo": "minegrub-theme",
+        "type": "github"
+      }
+    },
     "nixcord": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts_2",
+        "flake-parts": [
-        "nixpkgs": "nixpkgs"
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1753581565,
@@ -129,42 +135,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1749494155,
+        "lastModified": 1753549186,
-        "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=",
+        "narHash": "sha256-Znl7rzuxKg/Mdm6AhimcKynM7V3YeNDIcLjBuoBcmNs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "88331c17ba434359491e8d5889cce872464052c2",
+        "rev": "17f6bd177404d6d43017595c5264756764444ab8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1748740939,
-        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1753429684,
-        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
         "type": "github"
       },
       "original": {
@@ -174,36 +149,23 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1744868846,
-        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "catppuccin": "catppuccin",
         "easy-hosts": "easy-hosts",
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
+        "minegrub-theme": "minegrub-theme",
         "nixcord": "nixcord",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
         "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1752544651,

flake.nix

@@ -21,7 +21,11 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     easy-hosts.url = "github:tgirlcloud/easy-hosts";
-    sops-nix.url = "github:Mic92/sops-nix";
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
@@ -40,6 +44,13 @@
 
     nixcord = {
       url = "github:kaylorben/nixcord";
+      inputs.flake-parts.follows = "flake-parts";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    minegrub-theme = {
+      url = "github:Lxtharia/minegrub-theme";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 

modules/flake/default.nix

@@ -3,9 +3,6 @@
     # Automagically imports libs from "/lib/lib-name" and exposes them to the `flake.lib` output.
     ./lib.nix
 
-    # Exposes nixosModules and homeModules on flake outputs.
-    ./modules.nix
-
     # Automagically imports systems from "/systems/arch-classname/system-name".
     ./systems.nix
   ];

modules/flake/modules.nix

@@ -1,15 +0,0 @@
-{ self, ... }:
-{
-  flake = {
-    # TODO: figure out why this isn't working correctly
-    nixosModules.puzzlevision = self.lib.mkModule {
-      class = "nixos";
-      modules = self.lib.dirToModuleList ../nixos;
-    };
-
-    homeModules.puzzlevision = self.lib.mkModule {
-      class = "home";
-      modules = self.lib.dirToModuleList ../home;
-    };
-  };
-}

modules/flake/systems.nix

@@ -18,6 +18,7 @@
         (lib.optionals (class == "nixos") [
           inputs.home-manager.nixosModules.default
           inputs.sops-nix.nixosModules.sops
+          inputs.minegrub-theme.nixosModules.default
         ])
         ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname.
     };

systems/x86_64-nixos/puzzlevision/default.nix

@@ -34,17 +34,13 @@
     archetypes.laptop.enable = true;
   };
 
-  networking.extraHosts = ''
-    127.0.0.1 dev.bl-projekte.de
-  '';
-
   # Configure 8GB SWAP partition
-  # swapDevices = [
+  swapDevices = [
-  #   {
+    {
-  #     device = "/swapfile";
+      device = "/swapfile";
-  #     size = 8 * 1024;
+      size = 8 * 1024;
-  #   }
+    }
-  # ];
+  ];
 
   boot = {
     # Configure additional kernel modules.
@@ -55,8 +51,19 @@
     blacklistedKernelModules = [
       "rtw88_8821ce" # Block the default network-card driver.
     ];
+
+    # Grub configuration
+    loader.grub = {
+      # Minecraft bootloader theme
+      minegrub-theme = {
+        enable = true;
+        splash = "100% Flakes!";
+        background = "background_options/1.18 - [Caves And Cliffs 2].png";
+        boot-options-count = 4;
+      };
+    };
   };
 
   networking.hostName = "puzzlevision";
-  system.stateVersion = "25.05";
+  system.stateVersion = "25.11";
 }