restructure

common/default.nix

@@ -1,9 +1,12 @@
 { var, ... }:
 {
   imports = [
+    ../mod
+    ../desktop
     ./boot.nix
     ./locale.nix
     ./nix.nix
+    ./security.nix
     ./shell.nix
     ./users.nix
   ];

common/security.nix

@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  security = {
+    protectKernelImage = true;
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          groups = [ "wheel" ];
+          persist = true;
+          keepEnv = true;
+        }
+      ];
+    };
+  };
+}

common/shell.nix

@@ -6,18 +6,13 @@
   ];
 
   environment.systemPackages = with pkgs; [
-    bc
     docker-compose
     fd
-    gh
     htop
     killall
     ripgrep
-    starship
-    stow
     unzip
     wget
-    wl-clipboard
     colmena
     unison
     dnsutils
@@ -25,7 +20,6 @@
 
   programs = {
     fish.enable = true;
-    git.enable = true;
     tmux = {
       enable = true;
       clock24 = true;

desktop/audio.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.audio;
+  cfg = config.hd.desktop.audio;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.audio.enable = mkEnableOption "Audio";
+  options.hd.desktop.audio.enable = mkEnableOption "Audio";
 
   config = mkIf cfg.enable {
     environment.systemPackages = with pkgs; [

desktop/default.nix

@@ -6,7 +6,7 @@
   ...
 }:
 let
-  cfg = config.desktop;
+  cfg = config.hd.desktop;
   inherit (lib) mkEnableOption mkIf;
 in
 {
@@ -23,7 +23,7 @@ in
   ];
 
   options = {
-    desktop.enable = mkEnableOption "Desktop Configuration";
+    hd.desktop.enable = mkEnableOption "Desktop Configuration";
     home = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       default = { };
@@ -32,7 +32,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    desktop = {
+    hd.desktop = {
       audio.enable = true;
       fonts.enable = true;
       gpg.enable = true;

desktop/fonts.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.fonts;
+  cfg = config.hd.desktop.fonts;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.fonts.enable = mkEnableOption "Fonts";
+  options.hd.desktop.fonts.enable = mkEnableOption "Fonts";
   config = mkIf cfg.enable {
     fonts = {
       packages = with pkgs; [

desktop/gpg.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.gpg;
+  cfg = config.hd.desktop.gpg;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.gpg.enable = mkEnableOption "GPG";
+  options.hd.desktop.gpg.enable = mkEnableOption "GPG";
   config = mkIf cfg.enable {
     home = {
       home.packages = with pkgs; [

desktop/network.nix

@@ -6,11 +6,11 @@
   ...
 }:
 let
-  cfg = config.desktop.network;
+  cfg = config.hd.desktop.network;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.network = {
+  options.hd.desktop.network = {
     enable = mkEnableOption "All Network Options";
   };
 

desktop/security.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.hd.desktop.security;
+  inherit (lib) mkEnableOption mkIf;
+in
+{
+  options.hd.desktop.security.enable = mkEnableOption "Security";
+  config = mkIf cfg.enable {
+    security = {
+
+    };
+  };
+}

desktop/services.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.services;
+  cfg = config.hd.desktop.services;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.services.enable = mkEnableOption "Services";
+  options.hd.desktop.services.enable = mkEnableOption "Services";
 
   config = mkIf cfg.enable {
     services = {

desktop/software/default.nix

@@ -5,31 +5,35 @@
   ...
 }:
 let
-  cfg = config.desktop.software;
+  cfg = config.hd.desktop.software;
   inherit (lib) mkEnableOption mkIf;
 in
 {
   imports = [ ./development.nix ];
 
-  options.desktop.software.enable = mkEnableOption "Software";
+  options.hd.desktop.software.enable = mkEnableOption "Software";
 
   config = mkIf cfg.enable {
-    desktop.software.development.enable = true;
+    hd.desktop.software.development.enable = true;
 
     environment.systemPackages = with pkgs; [
       # vesktop
       bitwarden
       calibre
       element-desktop
+      gh
       kitty
       nil
       obsidian
       rclone
       signal-desktop
       spotify
+      starship
+      stow
       tor-browser
       vlc
       wireguard-tools
+      wl-clipboard
       zotero
       zulip
     ];
@@ -40,6 +44,7 @@ in
 
     programs = {
       firefox.enable = true;
+      git.enable = true;
       kdeconnect.enable = true;
     };
 

desktop/software/development.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.software.development;
+  cfg = config.hd.desktop.software.development;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.software.development.enable = mkEnableOption "Dev Software";
+  options.hd.desktop.software.development.enable = mkEnableOption "Dev Software";
 
   config = mkIf cfg.enable {
     documentation.dev.enable = true;

desktop/window-manager.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.wm;
+  cfg = config.hd.desktop.wm;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.wm.enable = mkEnableOption "Window Manager";
+  options.hd.desktop.wm.enable = mkEnableOption "Window Manager";
 
   config = mkIf cfg.enable {
     # Enable the KDE Plasma Desktop Environment.

flake.nix

@@ -45,9 +45,8 @@
           };
           modules = [
             ./host/solo
-            ./host
-            ./mod
-            ./mod-hm
+            ./home
+            ./common
             overlays
           ];
         };
@@ -59,9 +58,8 @@
           };
           modules = [
             ./host/c2
-            ./host
-            ./mod
-            ./mod-hm
+            ./home
+            ./common
             overlays
           ];
         };
@@ -81,8 +79,7 @@
           };
           imports = [
             ./host/roam
-            ./host
-            ./mod
+            ./common
             overlays
           ];
         };

home/default.nix

@@ -11,7 +11,7 @@
     inputs.home-manager.nixosModules.home-manager
   ];
 
-  config = lib.mkIf config.desktop.enable {
+  config = lib.mkIf config.hd.desktop.enable {
     home-manager.users."hd" = lib.mkAliasDefinitions options.home;
     # install to /etc/profiles, not ~/.nix-profile
     home-manager.useUserPackages = true;

host/c2/default.nix

@@ -17,7 +17,7 @@
     cpuFreqGovernor = "ondemand";
   };
 
-  desktop.enable = true;
+  hd.desktop.enable = true;
 
   nix = {
     buildMachines = [
@@ -43,6 +43,10 @@
       	'';
   };
 
+  networking.firewall = {
+    enable = true;
+  };
+
   # ====== DON'T CHANGE ======
   system.stateVersion = "25.05";
 }

host/solo/default.nix

@@ -13,11 +13,15 @@
     cpuFreqGovernor = "performance";
   };
 
-  desktop.enable = true;
+  hd.desktop.enable = true;
 
   networking.useDHCP = false;
   networking.interfaces.enp4s0.useDHCP = true;
 
+  networking.firewall = {
+    enable = true;
+  };
+
   # ====== DON'T CHANGE ======
   system.stateVersion = "25.05";
 }

mod/default.nix

@@ -2,6 +2,5 @@
 {
   imports = [
     ./nginx.nix
-    ./desktop
   ];
 }

mod/desktop/security.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.desktop.security;
-  inherit (lib) mkEnableOption mkIf;
-in
-{
-  options.desktop.security.enable = mkEnableOption "Security";
-  config = mkIf cfg.enable {
-    security.protectKernelImage = true;
-
-    security.sudo.enable = false;
-    security.doas = {
-      enable = true;
-      extraRules = [
-        {
-          groups = [ "wheel" ];
-          persist = true;
-          keepEnv = true;
-        }
-      ];
-    };
-  };
-}