.github/actions/install-lix/action.yml

@@ -1,4 +1,4 @@
-# Derived from: https://github.com/isabelroses/dotfiles/blob/9335e5728eaaa9bdcb0d5c3130a5d7c8dddbb6e3/.github/actions/install-lix/action.yml :3
+# Taken from: https://github.com/isabelroses/dotfiles/blob/9335e5728eaaa9bdcb0d5c3130a5d7c8dddbb6e3/.github/actions/install-lix/action.yml :3
 name: Install Lix
 description: "Install Lix for the specified system"
 
@@ -13,5 +13,5 @@ runs:
         diagnostic-endpoint: ""
         extra-conf: |
           experimental-features = flakes nix-command
-          substituters = https://nix-community.cachix.org  https://catppuccin.cachix.org https://cache.nixos.org/ https://cache.tgirl.cloud/tgirlcloud
+          substituters = https://nix-community.cachix.org  https://catppuccin.cachix.org https://cache.nixos.org/
-          trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tgirlcloud:vcV9oxS9pLXyeu1dVnBabLalLlw0yJzu6PakQM372t0=
+          trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=

.github/workflows/build-modules.yml

@@ -0,0 +1,37 @@
+name: "Nix: build nixos-/home modules"
+
+on:
+  workflow_dispatch:
+  # push:
+  #   paths:
+  #     - "modules/**.nix"
+  #     - "**.lock"
+  #     - ".github/workflows/build-modules.yml"
+
+jobs:
+  check-flake:
+    name: Validate x86_64-linux
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        outputs: [nixosModules, homeModules]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          persist-credentials: false
+
+      - name: Install Lix
+        uses: ./.github/actions/install-lix
+
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0.3.2
+        with:
+          endpoint: https://cache.thevoid.cafe
+          cache: puzzlevision
+          token: ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Buid flake
+        run: nix build .#nixosModules.puzzlevision

.github/workflows/check-leaks.yml

@@ -7,8 +7,6 @@ on:
     paths:
       - "**.nix"
       - ".github/workflows/check-leaks.yml"
-      - "**.yaml"
-      - "**.md"
 
 permissions:
   contents: read

.github/workflows/deadnix.yml

@@ -14,8 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main
-
+      
-      - name: Install Lix
+      - name: Install lix
         uses: ./.github/actions/install-lix
 
       - uses: phucleeuwu/deadnix-action@v1

.github/workflows/validate-lock.yml

@@ -1,22 +0,0 @@
-name: "Nix: validate flake.lock"
-
-on:
-  workflow_dispatch:
-  push:
-    paths:
-      - "**.lock"
-
-jobs:
-  check-flake:
-    name: Check Lockfile
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install Lix
-        uses: ./.github/actions/install-lix
-
-      - name: Check flake.lock
-        run: nix run github:tgirlcloud/pkgs#locker

.github/workflows/validate.yml

@@ -16,8 +16,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          persist-credentials: false
 
-      - name: Install Lix
+      - name: Install Nix
         uses: ./.github/actions/install-lix
 
       - name: Validate Flake

README.md

@@ -11,18 +11,22 @@
 </div>
 <br>
 
-## 💡 Why the need for a second version?
+## 🚧 State of development
-At its core, version 2 of my NixOS flake was aimed at improving the following regions of my previous setup:
+All the basic functionality of v2 should be working correctly, including:
 
-- Implementing my own custom library at self.lib, recursively built from the contents of the `lib` directory.
+- The custom lib implementation at self.lib, recursively built from the contents of the `lib` directory.
 - Loading of systems from the `systems` directory, using easy-hosts.
-  - Archetypes for various systems, as seen in [Jake Hamilton's](https://github.com/jakehamilton) flake.
+  - A basic workstation archetype for desktop systems.
-- Creating users in my systems through a unified NixOS module, with automated home-manager setups derived from the `homes` directory.
+- Creating users in your systems through ${self.namespace}.users,
+automatically maps home-manager configurations from the `homes` directory to their corresponding users.
 
-Since I am actively using this configuration on my main workstation and Server, things have mostly stabilized,
+Since I am actively using this configuration on my main workstation, things are evolving quickly,
-leftover issues are sparse and the list of modules is nearing completion (for my purposes that is).
+leftover issues are actively being resolved and the list of modules is ever-growing.
+Nonetheless, one should still consider this implementation experimental.
 
-As such, I personally consider this flake production ready.
+My next goal is to setup an attic binary cache,
+with a build/release workflow that runs in regular intervals.
+(similar to isabelroses's workflow setup)
 
 ## 🚀 Deployment
 To deploy a system run the following command in your terminal of choice.
@@ -73,7 +77,7 @@ nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
 ```
 
 ## 👷 CI/CD coverage
-Currently, this repository houses 4 workflows, which are executed when pushing to the v2 branch.
+Currently, this repository houses 2 workflows, which are executed when pushing to the v2 branch.
 
 #### ↪️ `Nix: check for unused code`
 This workflow can be found in `.github/workflows/deadnix.yml`,
@@ -93,28 +97,15 @@ To be specific, it does the following:
 2. Installs nix with some experimental features (flakes, nix-command, recursive-nix, pipe-operator)
 3. Runs `nix flake check` on the codebase
 
-#### ↪️ `Nix: validate flake.lock`
+## 📝 Goals and improvements
-This workflow can be found in `.github/workflows/validate-lock.yml`.
+The main goals of this rewritten flake are:
-It simply scans flake lockfiles for duplicate entries using `nix run github:tgirlcloud/pkgs#locker`.
-Under the hood it makes use of the locker lockfile linter, created by the [tgirlcloud](https://github.com/tgirlcloud) team (mostly [isabelroses](https://github.com/isabelroses)).
 
-To be specific, it does the following:
+- using flake-parts in place of Snowfall lib
-1. Checks out current branch
+- significantly improving the re-usability of all modules
-2. Installs nix with some experimental features (flakes, nix-command)
+- avoiding anti-patterns, such as `with lib; with lib.${namespace};`
-3. Runs `nix run github:tgirlcloud/pkgs#locker` on the codebase
+- improved secrets management
-
+- keeping external assets closer to their related nix file, e.g. wallpapers in
-#### ↪️ `Trufflehog: check for exposed secrets`
+the desktop modules folder
-This workflow can be found in `.github/workflows/check-leaks.yml`.
-It runs the Trufflehog security tools on the entire repository, and tries to detect any leaked credentials.
-This is a last barrier of defense to minimise damage, in case of an emergency.
-
-## 📝 Future goals and improvements (2025-07-28)
-Some of my future goals for this flake are:
-
-- Implementing an automated release workflow with semver versioning, e.g. 2.3.0.
-- Experimenting with various window-managers, especially Niri, though not set in stone yet.
-- Researching performance best-practices for hardware and implementing patches based on those.
-- Further refining my usage of the Nix language, through language best-practices and CLI dev tools.
 
 ## 🏗️ Structure
 The structure this flake aims to build on is relatively simple to grasp.
@@ -140,6 +131,5 @@ and documentations such as:
 
 - [flake-parts](https://flake.parts)
 - [NixOS and Flakes book](https://nixos-and-flakes.thiscute.world)
-- [The official NixOS wiki](https://wiki.nixos.org)
 
 many thanks to their hard work!

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753702336,
+        "lastModified": 1753471400,
-        "narHash": "sha256-IVFUQV6egGQHnm+I183OT+4ct/ka1IWA5u/0A9I/YV4=",
+        "narHash": "sha256-HFoF82El1cjuiz5se+SeawMwWseUUtYBimq3Iu6G2D0=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "b32de96c3c5384c83b0f4d741ec58a7f97c9ab11",
+        "rev": "bc6d2b7b57dd29389538f8c4465e408c07187404",
         "type": "github"
       },
       "original": {
@@ -69,6 +69,24 @@
         "type": "github"
       }
     },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1749398372,
+        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -76,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753732062,
+        "lastModified": 1753617834,
-        "narHash": "sha256-vojVM0SgFP8crFh1LDDXkzaI9/er/1cuRfbNPhfBHyc=",
+        "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f49e872f55e36e67ebcb906ff65f86c7a1538f7c",
+        "rev": "72cc1e3134a35005006f06640724319caa424737",
         "type": "github"
       },
       "original": {
@@ -89,35 +107,11 @@
         "type": "github"
       }
     },
-    "minegrub-theme": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1752413064,
-        "narHash": "sha256-bcWxBAAvf5hp0TmMbYrwU4SlBxc5sB/T2VsIBdX1gDk=",
-        "owner": "Lxtharia",
-        "repo": "minegrub-theme",
-        "rev": "040b163268be6e7cf743ba990177525dc47ed944",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Lxtharia",
-        "repo": "minegrub-theme",
-        "type": "github"
-      }
-    },
     "nixcord": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-parts": [
+        "flake-parts": "flake-parts_2",
-          "flake-parts"
+        "nixpkgs": "nixpkgs"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
       },
       "locked": {
         "lastModified": 1753581565,
@@ -135,11 +129,42 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753549186,
+        "lastModified": 1749494155,
-        "narHash": "sha256-Znl7rzuxKg/Mdm6AhimcKynM7V3YeNDIcLjBuoBcmNs=",
+        "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "17f6bd177404d6d43017595c5264756764444ab8",
+        "rev": "88331c17ba434359491e8d5889cce872464052c2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1748740939,
+        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1753429684,
+        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
         "type": "github"
       },
       "original": {
@@ -149,23 +174,36 @@
         "type": "github"
       }
     },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1744868846,
+        "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "catppuccin": "catppuccin",
         "easy-hosts": "easy-hosts",
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
-        "minegrub-theme": "minegrub-theme",
         "nixcord": "nixcord",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_3"
-          "nixpkgs"
-        ]
       },
       "locked": {
         "lastModified": 1752544651,

flake.nix

@@ -21,11 +21,7 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     easy-hosts.url = "github:tgirlcloud/easy-hosts";
-
+    sops-nix.url = "github:Mic92/sops-nix";
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
 
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
@@ -44,13 +40,6 @@
 
     nixcord = {
       url = "github:kaylorben/nixcord";
-      inputs.flake-parts.follows = "flake-parts";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    minegrub-theme = {
-      url = "github:Lxtharia/minegrub-theme";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 

modules/flake/default.nix

@@ -3,6 +3,9 @@
     # Automagically imports libs from "/lib/lib-name" and exposes them to the `flake.lib` output.
     ./lib.nix
 
+    # Exposes nixosModules and homeModules on flake outputs.
+    ./modules.nix
+
     # Automagically imports systems from "/systems/arch-classname/system-name".
     ./systems.nix
   ];

modules/flake/modules.nix

@@ -0,0 +1,15 @@
+{ self, ... }:
+{
+  flake = {
+    # TODO: figure out why this isn't working correctly
+    nixosModules.puzzlevision = self.lib.mkModule {
+      class = "nixos";
+      modules = self.lib.dirToModuleList ../nixos;
+    };
+
+    homeModules.puzzlevision = self.lib.mkModule {
+      class = "home";
+      modules = self.lib.dirToModuleList ../home;
+    };
+  };
+}

modules/flake/systems.nix

@@ -18,7 +18,6 @@
         (lib.optionals (class == "nixos") [
           inputs.home-manager.nixosModules.default
           inputs.sops-nix.nixosModules.sops
-          inputs.minegrub-theme.nixosModules.default
         ])
         ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname.
     };

systems/x86_64-nixos/puzzlevision/default.nix

@@ -34,13 +34,17 @@
     archetypes.laptop.enable = true;
   };
 
+  networking.extraHosts = ''
+    127.0.0.1 dev.bl-projekte.de
+  '';
+
   # Configure 8GB SWAP partition
-  swapDevices = [
+  # swapDevices = [
-    {
+  #   {
-      device = "/swapfile";
+  #     device = "/swapfile";
-      size = 8 * 1024;
+  #     size = 8 * 1024;
-    }
+  #   }
-  ];
+  # ];
 
   boot = {
     # Configure additional kernel modules.
@@ -51,19 +55,8 @@
     blacklistedKernelModules = [
       "rtw88_8821ce" # Block the default network-card driver.
     ];
-
-    # Grub configuration
-    loader.grub = {
-      # Minecraft bootloader theme
-      minegrub-theme = {
-        enable = true;
-        splash = "100% Flakes!";
-        background = "background_options/1.18 - [Caves And Cliffs 2].png";
-        boot-options-count = 4;
-      };
-    };
   };
 
   networking.hostName = "puzzlevision";
-  system.stateVersion = "25.11";
+  system.stateVersion = "25.05";
 }