no flake error

flake.nix

@@ -93,38 +93,38 @@
       };
       lib = import ./lib { inherit (nixpkgs) lib; };
       formatter = forAllSystems (system: (makePkgs system).nixfmt-tree);
-      deploy.nodes.harmonica = {
-        hostname = "192.168.0.11";
-        profiles.system = {
-          user = "osbm";
-          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.harmonica;
-        };
-      };
-      packages = forAllSystems (
-        system:
-        let
-          makeNixosConfigWithSystemOverride =
-            configName:
-            nixpkgs.lib.nixosSystem {
-              specialArgs = { inherit inputs outputs; };
-              modules = [
-                ./hosts/nixos/${configName}/configuration.nix
-                { nixpkgs.hostPlatform = nixpkgs.lib.mkForce system; }
-              ];
-            };
-          dotfilesMachineNames = [
-            "ymir"
-            "pochita"
-            "tartarus"
-            "wallfacer"
-          ];
-        in
-        builtins.listToAttrs (
-          map (name: {
-            name = "${name}-dotfiles";
-            value = (makeNixosConfigWithSystemOverride name).config.home-manager.users.osbm.home-files;
-          }) dotfilesMachineNames
-        )
-      );
+      # deploy.nodes.harmonica = {
+      #   hostname = "192.168.0.11";
+      #   profiles.system = {
+      #     user = "osbm";
+      #     path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.harmonica;
+      #   };
+      # };
+      # packages = forAllSystems (
+      #   system:
+      #   let
+      #     makeNixosConfigWithSystemOverride =
+      #       configName:
+      #       nixpkgs.lib.nixosSystem {
+      #         specialArgs = { inherit inputs outputs; };
+      #         modules = [
+      #           ./hosts/nixos/${configName}/configuration.nix
+      #           { nixpkgs.hostPlatform = nixpkgs.lib.mkForce system; }
+      #         ];
+      #       };
+      #     dotfilesMachineNames = [
+      #       "ymir"
+      #       "pochita"
+      #       "tartarus"
+      #       "wallfacer"
+      #     ];
+      #   in
+      #   builtins.listToAttrs (
+      #     map (name: {
+      #       name = "${name}-dotfiles";
+      #       value = (makeNixosConfigWithSystemOverride name).config.home-manager.users.osbm.home-files;
+      #     }) dotfilesMachineNames
+      #   )
+      # );
     };
 }

hosts/nixos/apollo/configuration.nix

@@ -6,106 +6,68 @@
 {
   imports = [
     ./hardware-configuration.nix
-    ../../../modules/common-packages.nix
-    # ../../modules/services/tailscale.nix
-    # ../../modules/services/openssh.nix
-    ../../../modules/nix-settings.nix
+    ../../../modules/nixos
     inputs.disko.nixosModules.disko
     inputs.impermanence.nixosModules.impermanence
   ];
 
-  # osbmModules = {
-  #   enableKDE = false;
-  #   enableFonts = false;
-  #   blockYoutube = false;
-  #   blockTwitter = false;
-  # };
+  osbmModules = {
+    desktopEnvironment = "none";
+    machineType = "server";
+    users = [ "osbm" ];
+    defaultUser = "osbm";
 
-  i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method
+    nixSettings.enable = true;
+
+    programs = {
+      commandLine.enable = true;
+      neovim.enable = true;
+    };
+
+    services = {
+      openssh.enable = true;
+    };
+
+    hardware = {
+      sound.enable = false;
+      hibernation.enable = false;
+
+      # Disable disko module since we have manual disko config in hardware-configuration.nix
+      disko.enable = false;
+    };
+  };
+
+  i18n.inputMethod.enable = lib.mkForce false;
   system.stateVersion = "25.11";
   networking.hostName = "apollo";
+  networking.hostId = "0f7de22e";  # Required for ZFS
 
-  networking.hostId = "0f7de22e"; # Generate your own with: head -c 8 /etc/machine-id
+  # ZFS configuration
+  boot.zfs.requestEncryptionCredentials = true;
+  
+  # Initrd SSH for remote unlocking
+  boot.initrd.network.enable = true;
+  boot.initrd.availableKernelModules = [ "virtio_pci" ];
+  boot.initrd.network.ssh = {
+    enable = true;
+    port = 22;
+    shell = "/bin/cryptsetup-askpass";
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k"
+    ];
+    hostKeys = [ "/etc/ssh/initrd" ];
+  };
+  boot.initrd.secrets = {
+    "/etc/ssh/initrd" = "/etc/ssh/initrd";
+  };
 
   # Enable zram swap
   zramSwap.enable = true;
 
-  users.users.root.initialPassword = "changeme";
+  users.users.osbm.initialPassword = "changeme";
   users.mutableUsers = false;
 
-  # Persistence configuration
-  environment.persistence."/persist" = {
-    hideMounts = true;
-    files = [
-      "/etc/machine-id"
-    ];
-    directories = [
-      "/var/log"
-      "/var/lib/tailscale"
-      "/var/lib/borg"
-      "/var/lib/nixos"
-    ];
-  };
-
-  # Remote ZFS unlocking in initrd
-  boot = {
-    # Static IP in initrd - adjust these values for your network
-    kernelParams = [ "ip=152.53.152.129::152.53.152.1:255.255.252.0::ens3:none" ];
-
-    initrd = {
-      # Network driver for initrd - change to match your hardware
-      # Common options: "virtio_pci" (VMs), "e1000e", "igb", "r8169"
-      availableKernelModules = [ "virtio_pci" ];
-
-      network = {
-        enable = true;
-        ssh = {
-          enable = true;
-          port = 2222;
-          # Generate with: ssh-keygen -t ed25519 -N "" -f /persist/etc/ssh/ssh_host_ed25519_key_initrd
-          hostKeys = [ "/persist/etc/ssh/ssh_host_ed25519_key_initrd" ];
-          # Add your SSH public key here
-          authorizedKeys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k"
-          ];
-        };
-        # Auto-prompt for ZFS password on SSH login
-        postCommands = ''
-          cat <<EOF > /root/.profile
-          if pgrep -x "zfs" > /dev/null
-          then
-            zfs load-key -a
-            killall zfs
-          else
-            echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
-          fi
-          EOF
-        '';
-      };
-    };
-  };
-
-  # SSH host keys on persistent storage
-  services.openssh = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-    };
-    hostKeys = [
-      {
-        bits = 4096;
-        path = "/persist/etc/ssh/ssh_host_rsa_key";
-        type = "rsa";
-      }
-      {
-        path = "/persist/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-    ];
-  };
-
+  # Network configuration
   networking = {
     useDHCP = false;
     interfaces.ens3 = {
@@ -122,4 +84,7 @@
     defaultGateway = "152.53.152.1";
     defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
   };
+
+  # Override initrd kernel params for static IP
+  boot.kernelParams = [ "ip=152.53.152.129::152.53.152.1:255.255.252.0::ens3:none" ];
 }

hosts/nixos/harmonica-sd/configuration.nix

@@ -12,9 +12,9 @@
   ];
 
   osbmModules = {
-    enableKDE = false;
-    enableFonts = false;
-    enableTailscale = true;
+    desktopEnvironment = "none";
+    fonts.enable = false;
+    services.tailscale.enable = true;
   };
 
   i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method

hosts/nixos/harmonica/configuration.nix

@@ -10,8 +10,8 @@
   ];
 
   osbmModules = {
-    enableKDE = false;
-    enableFonts = false;
+    desktopEnvironment = "none";
+    fonts.enable = false;
   };
 
   i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method

hosts/nixos/pochita/configuration.nix

@@ -13,14 +13,14 @@
   ];
 
   osbmModules = {
-    enableKDE = false;
-    enableFonts = false;
-    enableForgejo = true;
-    # enableCaddy = true;
-    # enableCloudflareDyndns = true;
-    enableCloudflared = true;
-    enableVaultwarden = true;
-    enableGlance = true;
+    desktopEnvironment = "none";
+    fonts.enable = false;
+    services.forgejo.enable = true;
+    # services.caddy.enable = true;
+    # services.cloudflare-dyndns.enable = true;
+    services.cloudflared.enable = true;
+    services.vaultwarden.enable = true;
+    services.glance.enable = true;
   };
 
   services.wanikani-bypass-lessons.enable = true;

hosts/nixos/tartarus/configuration.nix

@@ -11,9 +11,9 @@
   ];
 
   osbmModules = {
-    enableKDE = true;
-    enableAarch64Emulation = true;
-    enableSound = true;
+    desktopEnvironment = "plasma";
+    emulation.aarch64.enable = true;
+    hardware.sound.enable = true;
   };
 
   # Bootloader.

hosts/nixos/wallfacer/configuration.nix

@@ -5,13 +5,13 @@
     ../../../modules/nixos
   ];
   osbmModules = {
-    enableKDE = false;
-    enableFonts = false;
-    enableNextcloud = true;
-    enableHydra = true;
-    # enableCaddy = true;
-    enableAttic = true;
-    enableCloudflared = true;
+    desktopEnvironment = "none";
+    fonts.enable = false;
+    services.nextcloud.enable = true;
+    services.hydra.enable = true;
+    # services.caddy.enable = true;
+    services.attic.enable = true;
+    services.cloudflared.enable = true;
   };
 
   boot.loader.systemd-boot.enable = true;

hosts/nixos/ymir/configuration.nix

@@ -10,15 +10,14 @@
   ];
 
   osbmModules = {
-    enableKDE = true;
-    enableJellyfin = true;
-    enableAarch64Emulation = true;
-    disableHibernation = true;
-    enableWakeOnLan = true;
-    enableSound = true;
-    enableADB = true;
-    enableOllama = true;
-    # enableMinegrubTheme = true;
+    desktopEnvironment = "plasma";
+    services.jellyfin.enable = true;
+    emulation.aarch64.enable = true;
+    hardware.hibernation.enable = false;
+    hardware.wakeOnLan.enable = true;
+    hardware.sound.enable = true;
+    programs.adbFastboot.enable = true;
+    services.ollama.enable = true;
   };
 
   # Bootloader.

modules/nixos/options.nix

@@ -332,7 +332,16 @@
       };
     };
 
-
+    # Emulation
+    emulation = {
+      aarch64 = {
+        enable = lib.mkOption {
+          type = lib.types.bool;
+          default = false;
+          description = "Enable aarch64 emulation via binfmt";
+        };
+      };
+    };
 
     # Internationalization
     i18n = {

modules/nixos/system/home-manager.nix

@@ -1,7 +1,7 @@
 { lib, config, inputs, ... }:
 
 {
-  imports = [
+  imports = lib.optionals (inputs ? home-manager) [
     inputs.home-manager.nixosModules.home-manager
   ];
 
@@ -13,8 +13,8 @@
       # Pass inputs and outputs to home-manager modules
       extraSpecialArgs = { inherit inputs; };
 
-      # Configure home-manager for each user
-      users = lib.genAttrs config.osbmModules.users (username: {
+      # Configure home-manager for each user (excluding root)
+      users = lib.genAttrs (builtins.filter (u: u != "root") config.osbmModules.users) (username: {
         home.stateVersion = lib.mkDefault "24.05";
         imports = [ ../../home-manager ];
       });

modules/nixos/system/users.nix

@@ -1,12 +1,14 @@
 { lib, config, ... }:
 let
   cfg = config.osbmModules;
+  # Filter out 'root' from the users list since it's a special system user
+  regularUsers = builtins.filter (u: u != "root") cfg.users;
 in
 {
   config = lib.mkIf (cfg.users != []) {
     users.users = lib.mkMerge [
-      # Create users based on the list
-      (lib.genAttrs cfg.users (username: {
+      # Create users based on the list (excluding root)
+      (lib.genAttrs regularUsers (username: {
         isNormalUser = true;
         description = username;
         extraGroups = [ "networkmanager" ]
@@ -15,7 +17,7 @@ in
           ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
       }))
 
-      # Additional configuration for default user
+      # Additional configuration for default user (including root if it's default)
       {
         ${cfg.defaultUser} = {
           openssh.authorizedKeys.keys = lib.mkDefault [