reorganization

modules/core/fs/fstrim.nix

@@ -0,0 +1,36 @@
+{ config, lib, ... }:
+
+with lib;
+{
+  # if lvm is enabled, then tell it to issue discards
+  # (this is good for SSDs and has almost no downsides on HDDs, so
+  # it's a good idea to enable it unconditionally)
+  environment.etc."lvm/lvm.conf".text = mkIf config.services.lvm.enable ''
+    devices {
+      issue_discards = 1
+    }
+  '';
+
+  # discard blocks that are not in use by the filesystem, good for SSDs
+  services.fstrim = {
+    # we may enable this unconditionally across all systems becuase it's performance
+    # impact is negligible on systems without a SSD - which means it's a no-op with
+    # almost no downsides aside from the service firing once per week
+    enable = true;
+
+    # the default value, good enough for average-load systems
+    interval = "weekly";
+  };
+
+  # tweak fstrim service to run only when on AC power
+  # and to be nice to other processes
+  # (this is a good idea for any service that runs periodically)
+  systemd.services.fstrim = {
+    unitConfig.ConditionACPower = true;
+
+    serviceConfig = {
+      Nice = 19;
+      IOSchedulingClass = "idle";
+    };
+  };
+}

modules/core/fs/lvm.nix

@@ -0,0 +1,7 @@
+{ config, lib, ... }:
+
+with lib;
+{
+  # i don't use lvm, can be disabled
+  services.lvm.enable = mkDefault false;
+}

modules/core/fs/scrub.nix

@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  supportedFilesystems = builtins.map (builtins.getAttr "fsType") (builtins.attrValues config.fileSystems);
+  mkScrubConfig = fsType: {
+    enable = builtins.elem fsType supportedFilesystems;
+    interval = "weekly";
+  };
+in {
+  services.btrfs.autoScrub = mkScrubConfig "btrfs";
+  services.zfs.autoScrub = mkScrubConfig "zfs";
+
+  # bcachefs exists but it was "ejected from the kernel" for "repeated violations of kernel dev. guidelines"
+  # linus "tech tips" torvalds said himself "nobody sane uses bcachefs and expects it to be stable" (https://en.wikipedia.org/wiki/Bcachefs#Stability)
+}

modules/core/locale.nix

@@ -0,0 +1,13 @@
+{ lib, pkgs, inputs, config, ... }:
+
+with lib;
+{
+  i18n.defaultLocale = mkDefault "en_US.UTF-8";
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "qwerty";
+  };
+  console = {
+    useXkbConfig = mkDefault true;
+  };
+}

modules/core/nix.nix

@@ -27,10 +27,17 @@
     };
   };
 
-  nix.optimise.automatic = true;
+  nix.optimise.automatic = true; # likely not needed w/ auto-optimise-store, comfy to keep though
   nix.gc = {
     automatic = true;
     dates = "weekly";
     options = "--delete-older-than 30d";
   };
+
+  # compat w/ non-nix programs
+  programs.nix-ld.enable = true;
+  programs.appimage = {
+    enable = true;
+    binfmt = true;
+  };
 }

modules/core/security.nix

@@ -2,9 +2,9 @@
 
 with lib;
 let
-  cfg = config.modules.security;
+  cfg = config.modules.core.security;
 in {
-  options.modules.security = {
+  options.modules.core.security = {
     useDoas = mkEnableOption "use opendoas instead of sudo";
   };
 
@@ -64,6 +64,7 @@ in {
       # while this is on by default, i am going to explicitly specify this
       networking.firewall.enable = true;
 
+      # stay up to date on firmware
       services.fwupd.enable = true;
     }
     (mkIf cfg.useDoas {

modules/hardware/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  config = {
+    hardware.enableRedistributableFirmware = true;
+  };
+}

modules/hardware/networking.nix

@@ -0,0 +1,19 @@
+{ pkgs, config, lib, ... }:
+
+with lib;
+let
+  cfg = config.modules.hardware.networking;
+in {
+  options.modules.hardware.networking = {
+    enable = mkEnableOption "Enable NetworkManager, a daemon for configuring network interfaces";
+  };
+
+  config = mkIf cfg.enable {
+    networking.networkmanager.enable = true;
+    networking.networkmanager.wifi.backend = "iwd";
+    networking.networkmanager.wifi.powersave = false;
+    networking.wireless.iwd.settings.Settings.AutoConnect = true;
+
+    systemd.services.NetworkManager-wait-online.enable = false;
+  };
+}