- Install gruvbox wallpaper to /run/current-system/sw/share/backgrounds/jade/
- Split xinitrc into "Personal Configuration" and "jade Desktop Environment"
- Move wallpaper into jade/assets/ for flake extraction readiness
This makes jade fully repo-independent - the wallpaper is now part of jade's
system packages rather than referencing the nix-config repo. When extracted
as a flake, jade will be completely self-contained.
Import DISPLAY and XAUTHORITY into systemd user environment and restart
xdg-desktop-portal-gtk service in xinitrc. This fixes the issue where
portal backends fail to start with "cannot open display" error when using
startx instead of a display manager.
Without this, Thunar waits 25 seconds for org.freedesktop.portal.Desktop
to respond before timing out and displaying.
Rename xmonad/ to jade/ and restructure as a complete desktop environment
with hybrid NixOS and home-manager modules. This establishes jade as a
self-contained, gruvbox-themed DE that can eventually be extracted as a flake.
Changes:
- Create jade/ with NixOS module (WM, system packages, GTK theme)
- Create jade/home.nix for home-manager services (wezterm, picom, dunst)
- Move dmenu with gruvbox patches into jade/dmenu/
- Convert wezterm to pure Lua config with gruvbox-material colors
- Move xinitrc into jade/ directory
- Remove feh/scrot from global env (now in jade)
- Remove dmenu overlay from global overlays
- Simplify home-manager desktop features to just user apps
This follows the pattern of real DEs (GNOME, KDE) where system and user
configs are split across NixOS and home-manager modules.
Separated PipeWire audio configuration from bluetooth hardware settings for
better logical organization. Moved bluetooth config to hardware-configuration.nix
alongside kernel module workarounds (disable_ertm, iwlwifi power_save).
Also added documentation for permittedInsecurePackages in global config and
updated flake dependencies.
Add section headers and explanatory comments to clarify the purpose of each configuration block, with emphasis on the critical persistent path requirement for early boot secret decryption.
Fixes backup system authentication and hostname resolution issues.
Changes:
- Change PermitRootLogin from "no" to "prohibit-password" in global SSH config
(allows key-based root login for host-to-host backups while blocking passwords)
- Update fuchsia onsite backup to use viridian.home.arpa FQDN instead of shortname
- Update SSH knownHosts to use FQDNs (fuchsia.home.arpa, viridian.home.arpa)
(system-level config uses FQDNs, user shortcuts remain in home-manager)
This enables the complete 3-2-1 backup strategy with automated backups working
correctly between fuchsia and viridian, and fuchsia to BorgBase.
Restructures SSH trust relationships from global to host-specific configuration
for better locality of concern and principle of least privilege.
Changes:
- Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module)
- Move internal host trust (fuchsia/viridian) to per-host services/ssh/
- Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian)
- Add viridian SSH server config to accept backup connections from fuchsia
- Add fuchsia borgbackup passphrase for offsite backups
- Configure viridian to create /srv/borg-repo/fuchsia for remote backups
This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian
(onsite) and BorgBase (offsite) with proper SSH authentication.
Migrate from path-based persistence (/persist/var/lib/*) to dedicated
BTRFS subvolumes for better data isolation and snapshot capabilities.
- Move valuable user-facing services to /srv/* with srv-* subvolumes:
- forgejo: git repositories and database
- opengist: paste data
- minecraft: game world data
- lighttpd: static web content
- containers: OCI container volumes
- Update home directory to use hm-sajenim subvolume on viridian disk
- Remove jupyterhub service (no longer in use)
- Update borgbackup paths to match new service locations
- Follow upstream service defaults where possible for maintainability
Services kept on /persist (disposable state):
- traefik, crowdsec, murmur
Restructured systemPackages list with alphabetically sorted categories to improve
maintainability and reduce vertical space. Added descriptive comments for all
environment configuration sections.
Add comprehensive inline documentation to both NixOS and Home Manager
global configuration files, explaining the purpose of each section,
overlay usage, unfree package policy, and configuration settings.
Move all allowUnfreePredicate declarations to global configs to prevent
the "last definition wins" merging issue. Unfree packages are now managed
in two central locations:
- NixOS system packages: nixos/common/global/default.nix
- Home Manager packages: home-manager/sajenim/global/default.nix
Added the necessary configurations and dependencies to enable Flatpak in the Fuchsia module.
This includes enabling the xdg portal for default settings and adding the flatpak service.
- Removed `protonup-ng` from home-manager configuration for games, as it is no longer used.
- Added `unstable.proton-ge-bin` to Steam's compatibility packages in the NixOS user configuration.
