4 files changed, 93 insertions, 0 deletions

diff --git a/nix/modules/default.nix b/nix/modules/default.nix
new file mode 100644
index 0000000..b03d632
--- /dev/null
+++ b/nix/modules/default.nix
@@ -0,0 +1,6 @@
+{ lib, config, pkgs, ... }:
+{
+  imports = [
+    ./home/secrets.nix
+  ];
+}
diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix
new file mode 100644
index 0000000..64eab73
--- /dev/null
+++ b/nix/modules/home/secrets.nix
@@ -0,0 +1,19 @@
+{ lib, config, pkgs, inputs, ... }:
+{
+  imports = [
+    ../vars.nix
+  ];
+
+  options = {
+    secrets.enable = lib.mkEnableOption "enables encrypted secrets on system";
+  };
+
+  config = lib.mkIf config.secrets.enable {
+    home-manager = {
+      sharedModules = [
+        inputs.sops-nix.homeManagerModules.sops
+      ];
+      users."${user.user}" = {};
+    };
+  };
+}
diff --git a/nix/modules/secure-boot.nix b/nix/modules/secure-boot.nix
new file mode 100644
index 0000000..0785835
--- /dev/null
+++ b/nix/modules/secure-boot.nix
@@ -0,0 +1,20 @@
+{ pkgs, lib, config, inputs, ... }:
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  options = {
+    secure-boot.enable = lib.mkEnableOption "Enables secure boot on system";
+  };
+
+  config = lib.mkIf config.secure-boot.enable {
+    boot = {
+      loader.systemd-boot.enable = lib.mkForce false;
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+      };
+    };
+  };
+}
diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix
new file mode 100644
index 0000000..43e45ad
--- /dev/null
+++ b/nix/modules/vars.nix
@@ -0,0 +1,48 @@
+# Change the following variables
+{}:
+{
+  options = {
+    # set your host name.
+    hostName = "continuity";
+
+    user = {
+      userName = "preston";
+      fullName = "Preston Pan";
+      gpgKey = "AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1";
+    };
+
+    servers = {
+      # email used for `From` and also as your login email.
+      email = "ret2pop@gmail.com";
+      # IMAPS server. Must be encrypted.
+      imapsServer = "imap.gmail.com";
+      # SMTPS server. Must be encrypted.
+      smtpsServer = "smtp.gmail.com";
+
+      # Used for referencing the remote host in config. This mostly shouldn't matter if you are not
+      # using my website.
+      remoteHost = "nullring.xyz";
+    };
+
+    # Change to your timezone
+    timeZone = "America/Vancouver";
+
+    # After rebooting, use the command `hyprctl monitors` in order to check which monitor
+    # you are using. This is so that waybar knows which monitors to appear in.
+    monitors = [
+      "HDMI-A-1"
+      "eDP-1"
+      "DP-2"
+      "DP-3"
+      "LVDS-1"
+    ];
+
+    # enable video drivers based on your system.
+    # Example:
+    # videoDrivers = [
+    #   "nvidia"
+    #   "amdgpu"
+    # ]
+    videoDrivers = [];
+  };
+}