feat: initial NixOS home lab infrastructure setup

- Add modular flake-based NixOS configuration
- Implement GitOps foundation with CI/CD pipeline
- Create comprehensive documentation and branching strategy
- Add modular desktop environments (GNOME, Cosmic, Sway)
- Configure virtualization stack (Incus, Libvirt, Podman)
- Set up development tools and hardware-specific modules
- Establish user configuration with literate programming support

This commit represents the completion of Phase 1: Flakes Migration
with modular configuration, virtualization, and GitOps foundation.

modules/README.md

@@ -0,0 +1,85 @@
+# NixOS Modules Directory Structure
+
+This directory contains reusable NixOS modules organized by functional domain for the Home-lab infrastructure.
+
+## Directory Organization
+
+### `common/`
+Core modules shared across all machines in the home lab:
+- `base.nix` - Modern CLI tools, aliases, and essential packages
+- `tty.nix` - Console configuration and theming
+- `nix.nix` - Nix/flakes configuration and optimization settings
+- `ssh.nix` - SSH server and security configurations
+- `networking.nix` - Basic networking and firewall settings
+
+### `desktop/`
+Desktop environment configurations for workstation machines:
+- `gnome.nix` - GNOME desktop environment setup
+- `cosmic.nix` - System76 COSMIC desktop configuration  
+- `sway.nix` - Sway window manager and Wayland setup
+- `fonts.nix` - Font packages and configurations
+- `audio.nix` - PipeWire/audio system setup
+
+### `development/`
+Development tools and environments:
+- `editors.nix` - Text editors (Emacs, Neovim, VSCode)
+- `languages.nix` - Programming languages and runtimes
+- `tools.nix` - Development utilities and CLI tools
+- `containers.nix` - Development container tools
+- `git.nix` - Git configuration and tools
+
+### `virtualization/`
+Virtualization and containerization:
+- `podman.nix` - Podman container runtime
+- `libvirt.nix` - KVM/QEMU virtualization
+- `incus.nix` - System container management
+- `docker.nix` - Docker runtime (if needed)
+
+### `services/`
+Network services primarily for SleeperService file server:
+- `nfs.nix` - Network File System server
+- `samba.nix` - SMB/CIFS file sharing
+- `backup.nix` - Automated backup services
+- `monitoring.nix` - System monitoring and alerting
+- `storage.nix` - ZFS and storage management
+- `media.nix` - Media server services (Jellyfin/Plex)
+
+### `users/`
+User management and shared user configurations:
+- `common.nix` - Shared user settings across machines
+- `groups.nix` - System groups and permissions
+- `security.nix` - User security policies
+
+## Usage
+
+Modules are imported in machine configurations like:
+
+```nix
+imports = [
+  ../../modules/common/base.nix
+  ../../modules/desktop/gnome.nix
+  ../../modules/virtualization/podman.nix
+];
+```
+
+## Design Philosophy
+
+- **Modular**: Each module has a single, clear responsibility
+- **Reusable**: Modules work across different machine types
+- **Composable**: Mix and match modules for different machine roles
+- **Documented**: Each module includes usage examples and options
+- **Testable**: Modules can be tested independently
+
+## Machine Profiles
+
+### CongenitalOptimist (Workstation)
+- All desktop modules
+- Development tools
+- Virtualization stack
+- User-focused configurations
+
+### sleeper-service (File Server)
+- Common base only
+- Service modules (NFS, Samba, backup)
+- No desktop environment
+- Server-focused configurations

modules/common/base.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    tldr
+    eza
+    bat
+    ripgrep
+    du-dust
+    bottom
+    fd
+    fzf
+    zoxide
+    uutils-coreutils-noprefix
+  ];
+  environment.shellAliases = {
+    vi = "nvim";
+    vim = "nvim";
+    h = "tldr";
+    # oxidized
+    ls = "eza -l";
+    cat = "bat";
+    grep = "rg";
+    top = "btm";
+    du = "dust";
+    find = "fd";
+  };
+}

modules/common/nix.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Enable flakes and other experimental features
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+      trusted-users = [ "root" "@wheel" ];
+      substituters = [
+        "https://cache.nixos.org/"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+    
+    # Enable garbage collection
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
+    # Optimize store weekly
+    optimise = {
+      automatic = true;
+      dates = [ "03:45" ];
+    };
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+}

modules/common/tty.nix

@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+{
+  services.getty.greetingLine = ''\l'';
+
+  console = {
+    earlySetup = true;
+
+    # Joker palette
+    colors = [
+      "1b161f"
+      "ff5555"
+      "54c6b5"
+      "d5aa2a"
+      "bd93f9"
+      "ff79c6"
+      "8be9fd"
+      "bfbfbf"
+
+      "1b161f"
+      "ff6e67"
+      "5af78e"
+      "ffce50"
+      "caa9fa"
+      "ff92d0"
+      "9aedfe"
+      "e6e6e6"
+    ];
+  };
+}

modules/desktop/common.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, ... }: {
+  # Common desktop configuration shared across all environments
+  
+  # XDG Portal configuration for Wayland/X11 compatibility
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
+  # Display manager and session management
+  services.dbus.enable = true;
+  
+  # Common desktop packages
+  environment.systemPackages = with pkgs; [
+    # Basic desktop tools
+    firefox
+    alacritty
+    nautilus
+    
+    # Media and graphics
+    vlc
+    gimp
+    
+    # Utilities
+    gnome-tweaks
+    dconf-editor
+  ];
+}

modules/desktop/cosmic.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }: {
+  # Cosmic Desktop Environment (System76's new Rust-based DE)
+  services.desktopManager.cosmic.enable = true;
+  services.displayManager.cosmic-greeter.enable = true;
+  services.desktopManager.cosmic.xwayland.enable = true;
+  
+  # Cosmic-specific packages
+  environment.systemPackages = with pkgs; [
+    # Cosmic is still in development, most packages come with the DE
+  ];
+}

modules/desktop/gnome.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, ... }: {
+  # GNOME Desktop Environment
+  services.xserver = {
+    enable = true;
+    desktopManager.gnome.enable = true;
+    xkb.layout = "no";
+  };
+
+  # GNOME-specific packages
+  environment.systemPackages = with pkgs; [
+    gnome-extension-manager
+    gnome-shell-extensions
+    dconf-editor
+    gnome-tweaks
+  ];
+  
+  # GNOME services
+  services.gnome = {
+    gnome-keyring.enable = true;
+    glib-networking.enable = true;
+  };
+}

modules/desktop/sway.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, ... }: {
+  # Sway Window Manager (Wayland-based i3 replacement)
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  # Sway-specific packages
+  environment.systemPackages = with pkgs; [
+    # Core Sway tools
+    swaylock
+    swayidle
+    swaybg
+    
+    # Wayland utilities
+    waybar          # Status bar
+    fuzzel          # Application launcher
+    gammastep       # Blue light filter
+    mako            # Notification daemon
+    flameshot       # Screenshot tool
+    wl-clipboard    # Clipboard utilities
+    
+    # Additional Wayland tools
+    grim            # Screenshot utility
+    slurp           # Screen area selection
+    wf-recorder     # Screen recorder
+  ];
+}

modules/development/tools.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ... }: {
+  # Development editors and tools
+  environment.systemPackages = with pkgs; [
+    # Editors
+    zed-editor
+    neovim
+    emacs
+    vscode
+    vscodium-fhs
+
+    # Language servers
+    nixd
+    zls
+    alejandra
+    python3Packages.python-lsp-server
+    gopls
+    luajitPackages.lua-lsp
+    nodePackages.bash-language-server
+    vimPlugins.cmp-nvim-lsp
+    ccls
+    marksman
+
+    # Programming languages and tools
+    guile
+    rustup
+    gdb
+
+    # Development utilities
+    git
+    nix-direnv
+    gh
+    github-copilot-cli
+  ];
+
+  # System-wide Emacs daemon
+  services.emacs.enable = true;
+
+  # Enable ZSH system-wide for development
+  programs.zsh.enable = true;
+}

modules/hardware/amd-workstation.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, ... }: {
+  # AMD GPU configuration
+  hardware.amdgpu.initrd.enable = true;
+
+  # Firmware updates and proprietary firmware
+  services.fwupd.enable = true;
+  hardware.enableRedistributableFirmware = true;
+
+  # Bluetooth configuration
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+
+  # ZRAM swap configuration
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+  };
+
+  # Audio system (PipeWire)
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    pulse.enable = true;
+  };
+
+  # Gaming support
+  programs.steam.enable = true;
+}

modules/system/applications.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, ... }: {
+  # System applications and utilities
+  environment.systemPackages = with pkgs; [
+    # Terminal applications
+    kitty
+    terminator
+    rio
+    greetd.tuigreet
+
+    # System monitoring
+    glances
+    inxi
+    htop
+    bottom
+    systemctl-tui
+
+    # File and data tools
+    wget
+    curl
+    mc
+
+    # Desktop integration
+    dbus
+    wayland
+    xdg-utils
+  ];
+
+  # Flatpak support
+  services.flatpak.enable = true;
+}

modules/system/fonts.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }: {
+  # Font configuration
+  fonts.packages = with pkgs; [
+    # Base fonts
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-emoji
+    liberation_ttf
+    dina-font
+    proggyfonts
+    
+    # GitHub fonts
+    mona-sans
+    hubot-sans
+    inter-nerdfont
+
+    # Nerd Fonts (updated syntax for NixOS 25.05)
+    nerd-fonts.meslo-lg
+    nerd-fonts.jetbrains-mono
+    nerd-fonts.fira-code
+    nerd-fonts.droid-sans-mono
+    nerd-fonts.hack
+    nerd-fonts.iosevka
+    nerd-fonts.iosevka-term
+  ];
+
+  # Console configuration
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "no";
+  };
+
+  # Internationalization
+  i18n.defaultLocale = "en_US.UTF-8";
+  time.timeZone = "Europe/Oslo";
+}

modules/system/network.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, ... }: {
+  # Network configuration
+  networking = {
+    hostName = "congenital-optimist";
+    hostId = "8425e349";
+    networkmanager.enable = true;
+    nftables.enable = true;
+    
+    # Firewall configuration
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 ];
+      allowedUDPPorts = [ 22 ];
+    };
+  };
+
+  # VPN and remote access
+  services.tailscale.enable = true;
+  services.openssh.enable = true;
+
+  # ZFS services
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+}

modules/users/geir.nix

@@ -0,0 +1,44 @@
+{ config, pkgs, ... }: {
+  # User configuration for geir
+  users.users.geir = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" "libvirt" "incus-admin" "podman" ];
+    shell = pkgs.zsh;
+    packages = with pkgs; [
+      # Browsers
+      chromium
+      vivaldi
+      vivaldi-ffmpeg-codecs
+      nyxt
+      firefox
+
+      # Terminal and shell tools
+      starship
+      fastfetch
+      hyfetch
+      nerdfetch
+      zellij
+      neo-cowsay
+      fortune
+      clolcat
+
+      # Audio and system control
+      ncpamixer
+      pavucontrol
+
+      # Desktop applications
+      gimp
+      obs-studio
+      vesktop
+      koodo-reader
+      
+      # System management
+      virt-manager
+      gnome-tweaks
+      beauty-line-icon-theme
+
+      # Emacs integration
+      emacsPackages.vterm
+    ];
+  };
+}

modules/virtualization/incus.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+  virtualisation.incus = {
+    enable = true;
+    ui.enable = true;
+    package = pkgs.incus;
+  };
+
+  environment.systemPackages = with pkgs; [
+    incus
+    lxc
+  ];
+  users.users.geir = {
+    extraGroups = [ 
+      "incus-admin"
+    ];
+  };
+  networking.firewall.allowedTCPPorts = [ 8443 ];
+}

modules/virtualization/libvirt.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, ... }: {
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_kvm;
+      runAsRoot = true;
+      swtpm.enable = true;
+      ovmf = {
+        enable = true;
+        packages = [ pkgs.OVMFFull.fd ];
+      };
+    };
+  };
+  
+  environment.systemPackages = with pkgs; [
+    qemu_kvm
+    libvirt
+    virt-manager
+    virt-viewer
+  ];
+}

modules/virtualization/podman.nix

@@ -0,0 +1,18 @@
+{ pkgs, ... }: {
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    dockerSocket.enable = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    podman-tui
+    podman-compose
+    buildah
+    skopeo
+  ];
+  
+  # Enable container runtime for desktop integration
+  virtualisation.containers.enable = true;
+}