flake.lock

@@ -337,21 +337,6 @@
         "type": "github"
       }
     },
-    "manifest": {
-      "locked": {
-        "lastModified": 1752588656,
-        "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=",
-        "owner": "rrvsh",
-        "repo": "manifest",
-        "rev": "365902fba994f30469298dee0c98a5fc0f41ec38",
-        "type": "github"
-      },
-      "original": {
-        "owner": "rrvsh",
-        "repo": "manifest",
-        "type": "github"
-      }
-    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -503,7 +488,6 @@
         "impermanence": "impermanence",
         "import-tree": "import-tree",
         "make-shell": "make-shell",
-        "manifest": "manifest",
         "nix-darwin": "nix-darwin",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs",

flake.nix

@@ -71,8 +71,6 @@
     files.url = "github:mightyiam/files";
     # text.nix lets us easily define markdown text to pass to files
     text.url = "github:rrvsh/text.nix";
-    # manifest lets us define all hosts in one file
-    manifest.url = "github:rrvsh/manifest";
     # make-shells.<name> creates devShells and checks
     make-shell = {
       url = "github:nicknovitski/make-shell";

nix/configurations.nix

@@ -10,15 +10,18 @@ let
   inherit (lib.lists) optional;
   inherit (lib.attrsets) mapAttrs;
   inherit (cfg.lib.modules) forAllUsers';
-  inherit (config.manifest) hosts;
   cfg = config.flake;
-  globalCfg = hostName: hostConfig: {
+  globalCfg = name: hostConfig: {
     useGlobalPkgs = true;
     useUserPackages = true;
-    extraSpecialArgs = { inherit hostName hostConfig; };
+    extraSpecialArgs = {
+      inherit hostConfig;
+      hostName = name;
+    };
     sharedModules = [ cfg.modules.homeManager.default ];
     users = forAllUsers' (name: _: cfg.modules.homeManager.${name});
   };
+  hosts = cfg.manifest.hosts or { };
   mkConfigurations =
     class: hosts:
     mapAttrs (
@@ -28,7 +31,6 @@ let
           specialArgs = {
             inherit (config.flake) self;
             hostName = name;
-            hostConfig = value;
           };
           modules = [
             cfg.modules.nixos.default
@@ -42,7 +44,6 @@ let
           specialArgs = {
             inherit (config.flake) self;
             hostName = name;
-            hostConfig = value;
           };
           modules = [
             cfg.modules.darwin.default

nix/files/readme.nix

@@ -24,8 +24,8 @@
     parts."Structure" = # markdown
       ''
         The system configurations are defined in [`flake.manifest`](nix/manifest.nix).
-        `manifest.owner` provides the attributes for the administrator user, including username and pubkey.
-        `manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations.
+        `flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey.
+        `flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations.
         `flake.modules.nixos.*` provide NixOS options and configurations.
         The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class.
         You can use it as seen [here](nix/modules/flake/home-manager.nix):

nix/flake-parts/debug.nix

@@ -0,0 +1,3 @@
+{
+  debug = true;
+}

nix/flake-parts/flake-parts.nix

@@ -1,10 +0,0 @@
-{ inputs, ... }:
-{
-  debug = true;
-  imports = [
-    inputs.make-shell.flakeModules.default
-    inputs.manifest.flakeModules.default
-    inputs.flake-parts.flakeModules.modules
-    inputs.text.flakeModules.default
-  ];
-}

nix/flake-parts/make-shell.nix

@@ -0,0 +1,5 @@
+{ inputs, ... }:
+{
+  #TODO: add to readme
+  imports = [ inputs.make-shell.flakeModules.default ];
+}

nix/flake-parts/modules.nix

@@ -0,0 +1,4 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.flake-parts.flakeModules.modules ];
+}

nix/flake-parts/text.nix

@@ -0,0 +1,4 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.text.flakeModules.default ];
+}

nix/homes/rafiq/_nvf/languages.nix

@@ -27,7 +27,6 @@
   };
   rust.enable = true;
   rust.crates.enable = true;
-  tailwind.enable = true;
   ts.enable = true;
   ts.extensions.ts-error-translator.enable = true;
   typst.enable = true;

nix/homes/rafiq/darwin.nix

@@ -1,21 +0,0 @@
-{ lib, ... }:
-let
-  inherit (lib.modules) mkIf;
-in
-{
-  flake.modules.homeManager.rafiq =
-    {
-      pkgs,
-      config,
-      hostName,
-      hostConfig,
-      ...
-    }:
-    mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") {
-      home.file."Library/Application Support/aichat/config.yaml".text = ''
-        model: gemini:gemini-2.0-flash
-        clients:
-        - type: gemini
-      '';
-    };
-}

nix/homes/rafiq/default.nix

@@ -45,7 +45,6 @@ in
         ];
       };
       programs = {
-        mise.enable = true;
         nvf.enable = true;
         nvf.settings.vim = {
           syntaxHighlighting = true;

nix/homes/rafiq/desktop/darwin.nix

@@ -1,37 +1,12 @@
 { config, ... }:
 let
-  inherit (config.manifest) admin;
+  cfg = config.flake;
 in
 {
   flake.modules.darwin.graphical.homebrew = {
     enable = true;
-    user = admin.username;
+    user = cfg.admin.username;
     onActivation.cleanup = "uninstall";
-    brews = [
-      "mise"
-      "docker"
-    ];
-    casks = [
-      "ghostty"
-      "slack"
-      "gitify"
-      "telegram"
-      "vial"
-      "linear-linear"
-      "chatgpt"
-    ];
-  };
-  flake.modules.homeManager.rafiq = {
-    # make sure brew is on the path for M1
-    programs.zsh.initContent = ''
-      if [[ $(uname -m) == 'arm64' ]]; then
-        eval "$(/opt/homebrew/bin/brew shellenv)"
-      fi
-    '';
-    programs.fish.shellInit = ''
-      if test (uname -m) = "arm64"
-        eval (/opt/homebrew/bin/brew shellenv)
-      end
-    '';
+    casks = [ "ghostty" ];
   };
 }

nix/homes/rafiq/desktop/nixos.nix

@@ -1,6 +1,6 @@
 { lib, config, ... }:
 let
-  inherit (config.manifest) admin;
+  cfg = config.flake;
 in
 {
   allowedUnfreePackages = [
@@ -13,7 +13,7 @@ in
     { config, pkgs, ... }:
     {
       fonts.packages = [ pkgs.font-awesome ];
-      services.getty.autologinUser = admin.username;
+      services.getty.autologinUser = cfg.admin.username;
       # Start Hyprland at boot only if not connecting through SSH
       environment.loginShellInit = # sh
         ''

nix/lib/modules.nix

@@ -1,5 +1,6 @@
 { lib, config, ... }:
 let
+  cfg = config.flake;
   inherit (builtins) foldl' attrNames;
   inherit (lib.attrsets) mapAttrs;
 in
@@ -34,7 +35,7 @@ in
 
       :::
     */
-    userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users);
+    userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames cfg.manifest.users);
     /**
       Return an attribute set for use with a option that needs to be used for all users.
 
@@ -64,7 +65,7 @@ in
 
       :::
     */
-    forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users;
+    forAllUsers = attrset: mapAttrs (_: _: attrset) cfg.manifest.users;
 
     /**
       Like forAllUsers, but passes in the name and value from the manifest.
@@ -95,6 +96,6 @@ in
 
       :::
     */
-    forAllUsers' = f: mapAttrs f config.manifest.users;
+    forAllUsers' = f: mapAttrs f cfg.manifest.users;
   };
 }

nix/manifest.nix

@@ -1,5 +1,5 @@
 {
-  manifest = {
+  flake.manifest = {
     users.rafiq = {
       primary = true;
       name = "Mohammad Rafiq";
@@ -33,10 +33,10 @@
             };
           };
           extraCfg = {
+            services.fwupd.enable = true; # FIXME: remove
             machine = {
               bluetooth.enable = true;
               usb.automount = true;
-              usb.qmk.enable = true;
               virtualisation = {
                 podman.enable = true;
                 podman.distrobox.enable = true;

nix/meta.nix

@@ -5,10 +5,54 @@
   ...
 }:
 let
-  inherit (lib.options) mkOption;
-  inherit (lib.types) path lazyAttrsOf raw;
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (cfg.lib.options) mkStrOption;
+  inherit (lib.types)
+    path
+    lazyAttrsOf
+    raw
+    deferredModule
+    submodule
+    ;
   inherit (inputs.flake-parts.lib) mkSubmoduleOptions;
+  inherit (cfg.lib.attrsets) firstAttrNameMatching;
   cfg = config.flake;
+  monitorOpts = submodule {
+    options = {
+      id = mkStrOption "";
+      resolution = mkStrOption "";
+      refresh-rate = mkStrOption "";
+      scale = mkStrOption "";
+    };
+  };
+  userOpts = submodule {
+    options = {
+      username = mkStrOption "";
+      primary = mkEnableOption "";
+      name = mkStrOption "";
+      email = mkStrOption "";
+      shell = mkStrOption "";
+      pubkey = mkStrOption "";
+    };
+  };
+  hostOpts = submodule {
+    options = {
+      graphical = mkEnableOption "";
+      machine = {
+        platform = mkStrOption "";
+        gpu = mkStrOption "";
+        root.drive = mkStrOption "";
+        monitors = mkOption {
+          type = lazyAttrsOf monitorOpts;
+          default = { };
+        };
+      };
+      extraCfg = mkOption {
+        type = deferredModule;
+        default = { };
+      };
+    };
+  };
 in
 {
   options.flake = mkSubmoduleOptions {
@@ -24,8 +68,38 @@ in
         readOnly = true;
       };
     };
+    manifest = mkOption {
+      type = submodule {
+        options = {
+          users = mkOption {
+            type = lazyAttrsOf userOpts;
+            default = { };
+          };
+          hosts.nixos = mkOption {
+            type = lazyAttrsOf hostOpts;
+            default = { };
+          };
+          hosts.darwin = mkOption {
+            type = lazyAttrsOf raw;
+            default = { };
+          };
+        };
+      };
+    };
+    # Helper Option
+    admin = mkOption {
+      type = userOpts;
+      default = { };
+    };
   };
-  config.flake = {
-    paths.secrets = cfg.paths.root + "/secrets";
-  };
+  config.flake =
+    let
+      username = firstAttrNameMatching (_: v: v.primary or false) cfg.manifest.users;
+    in
+    {
+      paths.secrets = cfg.paths.root + "/secrets";
+      admin = cfg.manifest.users.${username} // {
+        inherit username;
+      };
+    };
 }

nix/modules/cli/git.nix

@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  inherit (config.manifest) users;
+  inherit (config.flake) manifest;
 in
 {
   flake.modules.homeManager.default =
@@ -9,8 +9,8 @@ in
       home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
       programs.git = {
         enable = true;
-        userName = users.${config.home.username}.name;
-        userEmail = users.${config.home.username}.email;
+        userName = manifest.users.${config.home.username}.name;
+        userEmail = manifest.users.${config.home.username}.email;
         signing.key = "~/.ssh/id_ed25519.pub";
       };
     };

nix/modules/cli/shell.nix

@@ -1,7 +1,6 @@
 { config, lib, ... }:
 let
   cfg = config.flake;
-  inherit (config.manifest) users;
   inherit (cfg.lib.modules) forAllUsers';
   inherit (lib.attrsets) mapAttrs';
 in
@@ -13,7 +12,7 @@ in
         programs = mapAttrs' (name: value: {
           name = value.shell;
           value.enable = true;
-        }) users;
+        }) cfg.manifest.users;
         users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
       };
     darwin.default =
@@ -22,14 +21,14 @@ in
         programs = mapAttrs' (name: value: {
           name = value.shell;
           value.enable = true;
-        }) users;
+        }) cfg.manifest.users;
         users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
         environment.shells = [ pkgs.fish ];
       };
     homeManager.default =
       { config, ... }:
       {
-        programs.${users.${config.home.username}.shell}.enable = true;
+        programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true;
         home.shell.enableShellIntegration = true;
       };
   };

nix/modules/machine/default.nix

@@ -5,12 +5,7 @@ let
 in
 {
   flake.modules.nixos.default =
-    {
-      config,
-      modulesPath,
-      pkgs,
-      ...
-    }:
+    { config, modulesPath, ... }:
     let
       cfg = config.machine;
     in
@@ -19,7 +14,6 @@ in
       options.machine = {
         bluetooth.enable = mkEnableOption "";
         usb.automount = mkEnableOption "";
-        usb.qmk.enable = mkEnableOption "";
       };
       config = mkMerge [
         (mkIf cfg.usb.automount {
@@ -34,18 +28,6 @@ in
             }
           ];
         })
-        (mkIf cfg.usb.qmk.enable {
-          hardware.keyboard.qmk.enable = true;
-          services.udev = {
-            packages = with pkgs; [
-              vial
-              qmk
-              qmk-udev-rules
-              qmk_hid
-            ];
-          };
-
-        })
         (mkIf cfg.bluetooth.enable {
           persistDirs = [ "/var/lib/bluetooth" ];
           hardware.bluetooth = {

nix/modules/machine/gpu.nix

@@ -1,3 +1,7 @@
+{ config, ... }:
+let
+  cfg = config.flake;
+in
 {
   allowedUnfreePackages = [
     "nvidia-x11"
@@ -7,11 +11,11 @@
     {
       config,
       pkgs,
-      hostConfig,
+      hostName,
       ...
     }:
     let
-      inherit (hostConfig.machine) gpu;
+      gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or "";
     in
     if gpu == "nvidia" then
       {

nix/modules/machine/platform.nix

@@ -1,8 +1,9 @@
+{ config, ... }:
 {
   flake.modules.nixos.default =
-    { hostConfig, ... }:
+    { hostName, ... }:
     let
-      inherit (hostConfig.machine) platform;
+      inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform;
       arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64";
     in
     {
@@ -12,9 +13,9 @@
     };
 
   flake.modules.darwin.default =
-    { hostConfig, ... }:
+    { hostName, ... }:
     let
-      inherit (hostConfig.machine) platform;
+      inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform;
       arch = if platform == "intel" then "x86_64" else "aarch64";
     in
     {

nix/modules/machine/root.nix

@@ -1,12 +1,17 @@
-{ lib, inputs, ... }:
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
 let
   inherit (lib.modules) mkMerge mkIf mkAfter;
 in
 {
   flake.modules.nixos.default =
-    { hostConfig, ... }:
+    { hostName, ... }:
     let
-      inherit (hostConfig.machine) root;
+      inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root;
     in
     {
       imports = [ inputs.disko.nixosModules.disko ];
@@ -80,7 +85,7 @@ in
           };
         }
         # Ephemeral by default - assumes btrfs
-        (mkIf root.ephemeral {
+        (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) {
           boot.initrd.postDeviceCommands = mkAfter ''
             mkdir /btrfs_tmp
             mount /dev/root_vg/root /btrfs_tmp

nix/modules/networking/ssh.nix

@@ -1,7 +1,6 @@
 { config, lib, ... }:
 let
   cfg = config.flake;
-  inherit (config.manifest) admin;
   inherit (lib.modules) mkMerge;
   inherit (cfg.lib.modules) forAllUsers';
 in
@@ -17,7 +16,7 @@ in
         "/etc/ssh/ssh_host_rsa_key.pub"
       ];
     }
-    { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; }
+    { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; }
   ];
   flake.modules.homeManager.default = {
     persistDirs = [ ".ssh" ];

nix/modules/server/web-servers.nix

@@ -4,7 +4,7 @@ let
   inherit (config.flake.lib.options) mkStrOption mkPathOption;
   inherit (config.flake.lib.services) mkRootDomain;
   inherit (config.flake.paths) secrets;
-  inherit (config.manifest.admin) email;
+  inherit (config.flake.admin) email;
   inherit (lib.types) listOf submodule attrs;
   inherit (lib.options) mkOption mkEnableOption;
   inherit (lib.modules) mkMerge mkIf;

nix/modules/system/secrets.nix

@@ -6,48 +6,31 @@
 }:
 let
   cfg = config.flake;
-  inherit (cfg.paths) secrets;
   inherit (builtins) readFile;
   inherit (lib.meta) getExe;
   inherit (lib.strings) trim;
-  inherit (config.manifest.admin) username pubkey;
+  inherit (cfg.admin) username pubkey;
+  inherit (cfg.paths) secrets;
 in
 {
-  flake.modules = {
-    nixos.default =
-      { config, ... }:
-      {
-        imports = [ inputs.sops-nix.nixosModules.sops ];
-        config = {
-          sops = {
-            age.sshKeyPaths = [
-              "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
-            ];
-            secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
-          };
-          environment.shellInit = # sh
-            ''
-              export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
-            '';
+  flake.modules.nixos.default =
+    { config, ... }:
+    {
+      imports = [ inputs.sops-nix.nixosModules.sops ];
+      config = {
+        sops = {
+          age.sshKeyPaths = [
+            "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
+          ];
+          secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
         };
+        environment.shellInit = # sh
+          ''
+            export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
+          '';
       };
-    darwin.default =
-      { config, ... }:
-      {
-        imports = [ inputs.sops-nix.darwinModules.sops ];
-        config = {
-          sops = {
-            age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ];
-            secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
-          };
-          environment.shellInit = # sh
-            ''
-              export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
-            '';
-        };
-      };
-    homeManager.default.persistDirs = [ ".config/sops/age" ];
-  };
+    };
+  flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
   perSystem =
     { pkgs, ... }:
     {

nix/modules/system/sudo.nix

@@ -1,19 +1,11 @@
 { config, ... }:
 let
-  inherit (config.manifest) admin;
+  cfg = config.flake;
 in
 {
   flake.modules.nixos.default = {
     security.sudo.wheelNeedsPassword = false;
     nix.settings.trusted-users = [ "@wheel" ];
-    users.users.${admin.username}.extraGroups = [ "wheel" ];
-  };
-  flake.modules.darwin.default.security = {
-    sudo.extraConfig = "%admin          ALL = (ALL) NOPASSWD: ALL";
-    pam.services.sudo_local = {
-      enable = true;
-      reattach = true;
-      touchIdAuth = true;
-    };
+    users.users.${cfg.admin.username}.extraGroups = [ "wheel" ];
   };
 }

nix/modules/system/users.nix

@@ -1,7 +1,6 @@
 { config, lib, ... }:
 let
   cfg = config.flake;
-  inherit (config.manifest) users admin;
   inherit (cfg.lib.modules) userListToAttrs forAllUsers';
   inherit (lib.lists) findFirstIndex;
   inherit (builtins) attrNames;
@@ -37,12 +36,11 @@ in
   flake.modules.darwin.default =
     { config, ... }:
     {
-      system.primaryUser = admin.username;
-      users.knownUsers = attrNames users;
+      users.knownUsers = attrNames cfg.manifest.users;
       users.users = forAllUsers' (
         name: _: {
           home = "/Users/${name}";
-          uid = 501 + (findFirstIndex (x: x == name) null (attrNames users));
+          uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users));
         }
       );
       home-manager.users = forAllUsers' (