disko/GLaDOS/default.nix

@@ -1,9 +1,9 @@
 {
   disko.devices = {
     disk = {
-      main = {
+      sda1 = {
         type = "disk";
-        device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1";
+        device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6";
         content = {
           type = "gpt";
           partitions = {
@@ -14,45 +14,64 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = [ "umask=0077" ];
+                mountOptions = [
+                  "defaults"
+                ];
               };
             };
-            nvme_luks = {
+            luks = {
               size = "100%";
               content = {
                 type = "luks";
-                name = "nvme_crypted";
+                name = "crypted";
-                extraOpenArgs = [ ];
+                extraOpenArgs = [];
                 settings = {
                   # if you want to use the key for interactive login be sure there is no trailing newline
                   # for example use `echo -n "password" > /tmp/secret.key`
                   #keyFile = "/tmp/secret.key";
                   allowDiscards = true;
                 };
+                #additionalKeyFiles = ["/tmp/additionalSecret.key"];
                 content = {
                   type = "lvm_pv";
-                  vg = "nvme_pool";
+                  vg = "pool";
                 };
               };
             };
           };
         };
       };
+      #sdc = {
+        #device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2";
+        #type = "disk";
+        #content = {
+          #type = "gpt";
+          #partitions = {
+            #root = {
+              #size = "100%";
+              #content = {
+                #type = "filesystem";
+                #format = "ext4";
+                #mountpoint = "/media";
+              #};
+            #};
+          #};
+        #};
+      #};
     };
     lvm_vg = {
-      nvme_pool = {
+      pool = {
         type = "lvm_vg";
         lvs = {
-          nvme_swap = {
+          swap = {
-            size = "32G";
+            size = "16G";
             content = {
               type = "swap";
-              discardPolicy = "both";
               resumeDevice = true; # resume from hiberation from this device
             };
           };
-          nvme_root = {
+          root = {
-            size = "100%";
+            size = "100%FREE";
             content = {
               type = "filesystem";
               format = "ext4";
@@ -65,5 +84,13 @@
         };
       };
     };
+    nodev = {
+      "/home/lillian/Downloads" = {
+        fsType = "tmpfs";
+        mountOptions = [
+          "size=4G"
+        ];
+      };
+    };
   };
 }

flake.nix

@@ -180,18 +180,6 @@
     # NixOS configuration entrypoint
     # Available through 'nixos-rebuild --flake .#your-hostname'
     nixosConfigurations = {
-      nixIso = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = {inherit inputs outputs;};
-        modules =
-          sharedModules
-          ++ desktopModules
-          ++ [
-            ./nixos/hosts/iso/configuration.nix
-            "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
-          ];
-      };
-
       EDI = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         specialArgs = {inherit inputs outputs;};

home-manager/hosts/iso/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS

home-manager/hosts/iso/lillian.nix

@@ -11,11 +11,13 @@
 
     # You can also split up your configuration and import pieces of it here:
     # ./nvim.nix
+    ../../desktop
+    ../../shared
   ];
 
   home.packages = with pkgs; [
   ];
 
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  home.stateVersion = "25.11";
+  home.stateVersion = "25.05";
 }

nixos/desktop/default.nix

@@ -30,7 +30,7 @@
   };
 
   environment.systemPackages =
-    with pkgs; [
+    (with pkgs; [
       # Custom tools
       dvd
       dvt
@@ -85,17 +85,16 @@
       libportal
 
       # User tools
-      freetube
       noisetorch
       qjackctl
       wireplumber
       #rustdesk
-    ]
+    ])
-    # ++ (with pkgs-edge; [
+    ++ (with pkgs-edge; [
+      freetube
       # list of latest packages from nixpkgs master
       # Can be used to install latest version of some packages
-    # ])
+    ]);
-    ;
   sops = {
     secrets."nextcloud-password" = {
       mode = "0600";

nixos/hosts/GLaDOS/configuration.nix

@@ -31,7 +31,6 @@
   ];
 
   environment.systemPackages = with pkgs; [
-    gparted
   ];
 
   services.vpn-ip = {

nixos/hosts/iso/configuration.nix

@@ -10,20 +10,20 @@
     # outputs.homeManagerModules.example
     # outputs.nixosModules.contabo.wan
     inputs.home-manager.nixosModules.home-manager
-    outputs.nixosModules.vpn-ip
     # Or modules exported from other flakes (such as nix-colors):
     # inputs.nix-colors.homeManagerModules.defaults
 
     # Import shared settings
+    ../../shared
   ];
 
-  # programs.command-not-found.enable = lib.mkForce false;
+  programs.command-not-found.enable = lib.mkForce false;
-  # programs.nix-index.enable = true;
+  programs.nix-index.enable = true;
-  # programs.nix-index-database.comma.enable = true;
+  programs.nix-index-database.comma.enable = true;
 
-  # boot.tmp.cleanOnBoot = true;
+  boot.tmp.cleanOnBoot = true;
-  # zramSwap.enable = false;
+  zramSwap.enable = false;
-  # networking.domain = "";
+  networking.domain = "";
   services.openssh = {
     enable = true;
     # require public key authentication for better security
@@ -45,9 +45,7 @@
   #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
   sops.defaultSopsFile = ./secrets/sops.yaml;
 
-  services.vpn-ip.enable = false;
+  services.desktopManager.plasma6.enable = true;
-
-  # services.desktopManager.plasma6.enable = true;
 
   environment.systemPackages = with pkgs; [
     # Custom tools
@@ -67,6 +65,7 @@
     sbctl
     tpm2-tools
     tpm2-tss
+    waydroid
     zsh
 
     # KDE/QT
@@ -82,14 +81,13 @@
     kdePackages.plasma-pa
     kdePackages.sddm-kcm
     kdePackages.dolphin-plugins
+    libportal-qt5
     libportal
   ];
 
   # Enable networking
   networking.networkmanager.enable = true;
 
-  networking.hostName = "iso";
-
   # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
 
   networking.firewall.enable = true;
@@ -108,24 +106,24 @@
   # Enable bluetooth hardware
   hardware.bluetooth.enable = true;
 
-  # security.tpm2.enable = true;
+  security.tpm2.enable = true;
-  # security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+  security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
-  # security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
-  # users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
+  users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
 
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 
-  # programs.git = {
+  programs.git = {
-  #   enable = true;
+    enable = true;
-  # };
+  };
 
-  # programs.direnv = {
+  programs.direnv = {
-  #   enable = true;
+    enable = true;
-  # };
+  };
 
-  # # Enable completion of system packages by zsh
+  # Enable completion of system packages by zsh
-  # environment.pathsToLink = ["/share/zsh"];
+  environment.pathsToLink = ["/share/zsh"];
 
   # kde power settings do not turn off screen
   systemd = {
@@ -138,17 +136,17 @@
     };
   };
 
-  # home-manager = {
+  home-manager = {
-  #   extraSpecialArgs = {inherit inputs outputs;};
+    extraSpecialArgs = {inherit inputs outputs;};
-  #   users = {
+    users = {
-  #     # Import your home-manager configuration
+      # Import your home-manager configuration
-  #     lillian = import ../../../home-manager/hosts/iso;
+      lillian = import ../../../home-manager/hosts/iso;
-  #   };
+    };
-  # };
+  };
 
-  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
-  # boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
+  boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
 
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "25.11";
+  system.stateVersion = "24.11";
 }

nixos/hosts/iso/secrets/sops.yaml

@@ -1,8 +1,9 @@
 lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str]
-ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str]
-nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str]
-wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
     age:
         - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
           enc: |
@@ -13,7 +14,8 @@ sops:
             dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh
             yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-14T18:00:16Z"
+    lastmodified: "2024-03-20T18:17:48Z"
-    mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str]
+    mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str]
+    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.8.1

nixos/hosts/wheatley/configuration.nix

@@ -306,7 +306,7 @@
       # enable NAT
       enable = true;
       externalInterface = "end0";
-      internalInterfaces = ["wg1" "mullvad"];
+      internalInterfaces = ["wg1"];
     };
     firewall = {
       enable = true;