added some tweaks

flake-parts/lib/secrets.nix

@@ -12,6 +12,7 @@
   # overridden, the secret will be owned by root, and have mode 400.
   # The file argument is mandatory, and should be relative to
   # ${self}/secrets to find the secret.
+  # ${self} refers to the root directory of the flake.
   mkAgenixSecret = enableCondition: {
     file,
     owner ? "root",

homes/shared/programs/git.nix

@@ -3,8 +3,6 @@
   pkgs,
   ...
 }: let
-  inherit (osConfig) modules;
-
   gitPackage = pkgs.gitFull;
 in {
   config = {

homes/shared/shell/nushell.nix

@@ -6,10 +6,7 @@
   osConfig,
   lib,
   ...
-}: let
-  inherit (lib.modules) mkIf;
-  inherit (osConfig) modules;
-in {
+}: {
   config = {
     programs = {
       direnv = {

machines/milkyway/modules/system.nix

@@ -4,7 +4,7 @@
   ...
 }: {
   config = {
-    boot.loader.grub.enable = true;
+    boot.loader.systemd-boot.enable = true;
     boot.plymouth.enable = true;
     # services.seatd.enable = true;
     xdg.portal.enable = true;

modules/exclusive/nixos/default.nix

@@ -1,6 +1,6 @@
 {
   imports = [
-    # ./server
+    ./server
     ./shared
     ./workstation
   ];

modules/exclusive/nixos/server/default.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    ./bincache
+    ./networking
+    ./social
+
+    ./elasticsearch.nix
+    ./forgejo-runner.nix
+    ./forgejo.nix
+    ./invidious.nix
+    ./reposilite.nix
+    ./tor.nix
+  ];
+}

modules/exclusive/nixos/server/forgejo-runner.nix

@@ -6,8 +6,6 @@
 }: let
   inherit (lib) mkIf;
 
-  cfg = config.modules.system.services;
-
   # construct each runner using the mkRunner function
   # you can pass additional configuration options in the instance submodule
   # it'll be merged to the below configuration

modules/exclusive/nixos/server/networking/headscale/default.nix

@@ -6,9 +6,6 @@
   ...
 }: let
   inherit (lib) mkIf;
-
-  sys = config.modules.system;
-  cfg = sys.services;
 in {
   imports = [
     ./acls.nix

modules/exclusive/nixos/server/networking/wireguard/server.nix

@@ -1,13 +1,13 @@
+#
+# Wireguard Server Configuration
+#
 {
   config,
   lib,
   ...
 }: let
   inherit (lib) mkIf;
 
-  sys = config.modules.system;
-  cfg = sys.services;
-
   dev = config.modules.device;
   acceptedTypes = ["server" "hybrid"];
 in {

modules/exclusive/nixos/server/social/mastodon.nix

@@ -5,9 +5,6 @@
   ...
 }: let
   inherit (lib) mkIf;
-
-  sys = config.modules.system;
-  cfg = sys.services.social;
 in {
   config = mkIf config.services.mastodon.enable {
     modules.system.services = {

modules/exclusive/nixos/shared/hardware/bluetooth.nix

@@ -5,11 +5,13 @@
   ...
 }: let
   inherit (lib) mkIf;
+  dev = config.modules.device;
 in {
-  config = mkIf config.hardware.bluetooth.enable {
+  config = mkIf dev.hasSound {
     boot.kernelParams = ["btusb"];
 
     hardware.bluetooth = {
+      enable = true;
       package = pkgs.bluez5-experimental;
       #hsphfpd.enable = true;
       powerOnBoot = true;

modules/exclusive/nixos/shared/hardware/tpm.nix

@@ -4,9 +4,11 @@
   ...
 }: let
   inherit (lib) mkIf mkDefault;
+  dev = config.modules.device;
 in {
-  config = mkIf config.security.tpm2.enable {
+  config = mkIf dev.hasTPM {
     security.tpm2 = {
+      enable = true;
       # enable Trusted Platform Module 2 support
 
       # enable Trusted Platform 2 userspace resource manager daemon

modules/exclusive/nixos/workstation/default.nix

@@ -1,8 +1,8 @@
 {
   imports = [
+    ./gaming
     ./virtualization
     ./wayland
-    ./gaming
 
     ./encryption.nix
     ./hyprland.nix

modules/roles/laptop/power/default.nix

@@ -4,7 +4,7 @@
   pkgs,
   ...
 }: let
-  inherit (lib) mkIf mkDefault;
+  inherit (lib) mkDefault;
 in {
   imports = [./monitor.nix];
 

modules/roles/workstation/default.nix

@@ -4,5 +4,7 @@
     ./services
 
     ./fonts.nix
+    ./misc.nix
+    ./tcpcrypt.nix
   ];
 }

modules/roles/workstation/tcpcrypt.nix

@@ -3,9 +3,7 @@
   pkgs,
   lib,
   ...
-}: let
-  inherit (lib) mkIf;
-in {
+}: {
   # get rid of the tcpcrypt module provided by nixpkgs
   # it is unmaintained and I cannot be arsed to PR a fix
   disabledModules = ["services/networking/tcpcrypt.nix"];

modules/shared/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./environment
+    ./networking
     ./nix
     ./programs
     ./secrets

modules/shared/networking/network-manager.nix

@@ -4,7 +4,7 @@
   lib,
   ...
 }: let
-  inherit (lib.modules) mkIf mkForce;
+  inherit (lib.modules) mkForce;
 in {
   # we use networkmanager manage network devices locally
   environment.systemPackages = with pkgs; [networkmanagerapplet];

modules/shared/security/kernel.nix

@@ -26,9 +26,6 @@
     ++ [
       "mitigations=off" # Of course we don't want no mitigations
     ];
-
-  sys = config.modules.system;
-  cfg = sys.security;
 in {
   config = {
     security = {