first commit

hosts/common/default.nix

@@ -0,0 +1,80 @@
+# Common configuration for all hosts
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  outputs,
+  system,
+  ...
+}: {
+  imports = [
+    ./extraServices
+    ./ports.nix
+    ./users
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  environment.pathsToLink = ["/share/xdg-desktop-portal" "/share/applications"];
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit inputs outputs system;
+      videoDrivers = config.services.xserver.videoDrivers or [];
+    };
+  };
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+      # Add overlays your own flake exports (from overlays and pkgs dir):
+      #outputs.overlays.additions
+      #outputs.overlays.modifications
+      outputs.overlays.stable-packages
+      # outputs.overlays.pinned-packages
+
+      inputs.m3ta-nixpkgs.overlays.default
+      inputs.m3ta-nixpkgs.overlays.modifications
+      (outputs.lib.mkLlmAgentsOverlay system)
+      # You can also add overlays exported from other flakes:
+      # neovim-nightly-overlay.overlays.default
+
+      # Or define it inline, for example:
+      # (final: prev: {
+      #   hi = final.hello.overrideAttrs (oldAttrs: {
+      #     patches = [ ./change-hello-to-hi.patch ];
+      #   });
+      # })
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    settings = {
+      experimental-features = "nix-command flakes";
+      cores = 2;
+      max-jobs = 8;
+      trusted-users = [
+        "root"
+        "sascha.koenig"
+      ]; # Set users that are allowed to use the flake command
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+    optimise.automatic = true;
+    registry =
+      (lib.mapAttrs (_: flake: {inherit flake;}))
+      ((lib.filterAttrs (_: lib.isType "flake")) inputs);
+    nixPath = ["/etc/nix/path"];
+  };
+  users.defaultUserShell = pkgs.nushell;
+}

hosts/common/extraServices/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./flatpak.nix
+    ./ollama.nix
+    ./podman.nix
+    ./virtualisation.nix
+  ];
+}

hosts/common/extraServices/flatpak.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.flatpak;
+in {
+  options.extraServices.flatpak.enable = mkEnableOption "enable flatpak";
+
+  config = mkIf cfg.enable {
+    services.flatpak.enable = true;
+    xdg.portal = {
+      # xdg desktop intergration (required for flatpak)
+      enable = true;
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-hyprland
+      ];
+      config.common.default = "*";
+    };
+  };
+}

hosts/common/extraServices/ollama.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.ollama;
+in {
+  options.extraServices.ollama.enable = mkEnableOption "enable ollama";
+
+  config = mkIf cfg.enable {
+    services.ollama = {
+      enable = true;
+      package = pkgs.ollama-vulkan;
+      host = "[::]";
+      openFirewall = true;
+      environmentVariables = {
+        OLLAMA_HOST = "0.0.0.0";
+      };
+    };
+    nixpkgs.config = {
+      rocmSupport = config.services.xserver.videoDrivers == ["amdgpu"];
+      cudaSupport = config.services.xserver.videoDrivers == ["nvidia"];
+    };
+  };
+}

hosts/common/extraServices/podman.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        dockerSocket.enable = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}

hosts/common/extraServices/virtualisation.nix

@@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.virtualisation;
+in {
+  options.extraServices.virtualisation.enable = mkEnableOption "enable virtualisation";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      libvirtd = {
+        enable = true;
+        qemu = {
+          package = pkgs.qemu_kvm;
+          runAsRoot = true;
+          swtpm.enable = true;
+        };
+      };
+    };
+    programs.virt-manager.enable = true;
+    environment = {
+      systemPackages = [pkgs.qemu];
+      etc = {
+        "ovmf/OVMF_CODE.fd" = {
+          source = "${(pkgs.OVMF.override {
+            secureBoot = true;
+            tpmSupport = true;
+          }).fd}/FV/OVMF_CODE.fd";
+        };
+        "ovmf/OVMF_VARS.fd" = {
+          source = "${(pkgs.OVMF.override {
+            secureBoot = true;
+            tpmSupport = true;
+          }).fd}/FV/OVMF_VARS.fd";
+        };
+      };
+    };
+  };
+}

hosts/common/ports.nix

@@ -0,0 +1,31 @@
+{config, ...}: {
+  m3ta.ports = {
+    enable = true;
+    definitions = {
+      # System services
+      ssh = 2022;
+
+      # Web & proxy services
+      traefik = 80;
+      traefik-ssl = 443;
+
+      # Databases
+      postgres = 5432;
+      mysql = 3306;
+      redis = 6379;
+    };
+
+    hostOverrides = {
+      # Host-specific overrides
+      AZ-LT-NIX = {
+        # Any custom port overrides for m3-ares
+      };
+    };
+  };
+  environment.etc."info/all-ports.json" = {
+    text = builtins.toJSON {
+      hostname = config.networking.hostName;
+      ports = config.m3ta.ports.all; # TODO should only return actually used ports
+    };
+  };
+}

hosts/common/users/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./jannik.mueller.nix
+    ./sascha.koenig.nix
+  ];
+}

hosts/common/users/jannik.mueller.nix

@@ -0,0 +1,25 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: {
+  users.users."jannik.mueller" = {
+    hashedPassword = "$y$j9T$09RgD3AU3PK9Oi6JGLe0V1$i8J2ZOD1h1b6Zpw28ub.kExujoDKHzokeXzkM23Tfd/";
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "libvirtd"
+      "flatpak"
+      "plugdev"
+      "input"
+      "kvm"
+      "qemu-libvirtd"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvZazSuIoWoRWhkAqQDMLeurxVUyy1MTllp1wfw1tzq"
+    ];
+    packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
+  };
+}

hosts/common/users/sascha.koenig.nix

@@ -0,0 +1,157 @@
+# hosts/common/users/m3tam3re.nix — Central user definition with m3ta-home integration.
+#
+# This module:
+#   1. Creates the m3tam3re NixOS user
+#   2. Loads the m3ta-home profile system via mkHome
+#   3. Sets per-host feature flags based on a host profile mapping
+#   4. Imports per-host home.nix overrides (monitors, HW-specific config)
+#
+# To add a new host:
+#   1. Add entry to hostProfiles below
+#   2. Add feature flags in the hostFlags section
+#   3. Create hosts/<hostname>/home.nix if the host needs overrides (monitors, etc.)
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  hostname = config.networking.hostName;
+
+  # ── Per-host profile mapping ──
+  # Determines which m3ta-home context and sets each host gets.
+  hostProfiles = {
+    # ── Desktop hosts ──
+    AZ-LT-NIX = {
+      context = "desktop";
+      sets = ["coding" "media"];
+    };
+  };
+
+  profile =
+    hostProfiles.${
+      hostname
+    } or {
+      context = "server";
+      sets = [];
+    };
+  m3ta-lib = inputs.m3ta-home.lib;
+
+  # Check if a per-host home.nix exists
+  hostHomeFile = ./../../${hostname}/home.nix;
+  hostHomeExists = builtins.pathExists hostHomeFile;
+
+  # ── Per-host feature flags ──
+  # These enable/disable specific m3ta-home modules per host.
+  hostFlags =
+    if hostname == "AZ-LT-NIX"
+    then {
+      # Full desktop workstation
+      base = {
+        shell = {
+          fish.enable = true;
+          nushell.enable = true;
+          starship.enable = true;
+        };
+        cliTools = {
+          fzf.enable = true;
+          nitch.enable = true;
+          television.enable = true;
+        };
+        secrets.enable = true;
+      };
+      desktop = {
+        wm = {
+          hyprland.enable = true;
+          rofi.enable = true;
+          wayland.enable = true;
+        };
+        apps = {
+          crypto.enable = false;
+          obsidian.enable = true;
+          office.enable = true;
+        };
+        theme = {
+          fonts.enable = true;
+          wallpapers.enable = true;
+        };
+      };
+      coding = {
+        editors = {
+          neovim.enable = true;
+          zed.enable = true;
+        };
+        lsp.enable = true;
+        packages.enable = true;
+        languages = {
+          python.enable = true;
+          javascript.enable = true;
+          rustToolchain.enable = true;
+          go.enable = true;
+          typescript.enable = true;
+        };
+      };
+      profiles.media = {
+        obs.enable = true;
+        ffmpeg.enable = true;
+        kdenlive.enable = true;
+        ytDlp.enable = true;
+      };
+    }
+    else {
+      # m3-helios, m3-hermes, m3-aether — minimal server
+      base = {
+        shell = {
+          fish.enable = true;
+          starship.enable = true;
+        };
+        cliTools = {
+          fzf.enable = true;
+          nitch.enable = true;
+        };
+      };
+    };
+in {
+  # ── NixOS user definition ──
+  users.users."sascha.koenig" = {
+    hashedPassword = "$y$j9T$ORX4btVZgs9Xjq2oIvzJm0$lXiPwaa0D6t.eMDIx1UBesEAMOkWXBoGwpeI7X0aS8D";
+    isNormalUser = true;
+    shell = pkgs.nushell;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "libvirtd"
+      "flatpak"
+      "plugdev"
+      "input"
+      "kvm"
+      "qemu-libvirtd"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZbg/Z9mnflXuLahGY8WOSBMqbgeqVIkIwRkquys1Ml sascha.koenig@azintec.com"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@MBP-Sascha.fritz.box"
+    ];
+    packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
+  };
+
+  # ── Home-Manager configuration via m3ta-home ──
+  home-manager.users."sascha.koenig" = {
+    imports =
+      [
+        # Load m3ta-home composition engine
+        (m3ta-lib.mkHome {
+          user = "m3tam3re";
+          identity = "work";
+          inherit (profile) context sets;
+        })
+        # Per-host feature flags
+        hostFlags
+      ]
+      # Per-host home.nix (Hyprland monitors, XDG/MIME, HW-specific overrides)
+      ++ (
+        if hostHomeExists
+        then [hostHomeFile]
+        else []
+      );
+  };
+}