![pipeline status](https://woodpecker.hailsatan.eu/api/badges/1/status.svg)


a new interation of xyno's nixos configurations
meow

## things to think about

- module imports
  - manual imo, just have a all-modules.nix or smth
  - otherwise unexpected stuff can be imported
  - or smth like /nixos-modules/$moduleName/default.nix
    - import all the default.nix es, and not more
- secret management
  - age is good, secrets should be completely host scoped tho
  - todo look into howeverthefuck the whole systemd secrets thing works
    - maybe build a out of band encryption scheme out of that (laptop has all secrets age encrypted with user host key, ssh to deploy all secrets with tpm)
    - systemd-creds + a deployment mechanism would be cool af
      - language to write that in: nushell?
- general folder structure
  - /hosts/$host/configuration.nix
    - /hosts/$host/default.nix for settings (system, imports)
  - /nixos-modules/
  - /hm-modules/
  - /apps
  - /lib
- what should be a module
  - configuration for an application
  - secrets should be parameters
  - reverse proxy conf sould be included
  - podman services are allowed
    - there should be a framework for podman services (creating networks and such)
    - quadlet nix wrapper
    - https://github.com/SEIAROTg/quadlet-nix
- a tagging system maybe
  - eg: tag a confugration with "laptop" and "gaming" so it has steam and powerprofilesctl installed
- tooling for remote building
- secureboot is a must
  - systemd init too
- CI
  - auto builds for all systems
  - auto issues for software updates
    - both nix and podman
  - nixpkgs fmt rfc style