system changes

33 files changed, 593 insertions, 0 deletions

diff --git a/nixos/flake/flake.lock b/nixos/flake/flake.lock
new file mode 100644
index 0000000..1653154
--- /dev/null
+++ b/nixos/flake/flake.lock
@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1727383923,
+        "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "ffe2d07e771580a005e675108212597e5b367d2d",
+        "type": "github"
+      },
+      "original": {
+        "id": "home-manager",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1726937504,
+        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1727634051,
+        "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/nixos/flake/flake.nix.org b/nixos/flake/flake.nix.org
new file mode 100644
index 0000000..c8ee8dd
--- /dev/null
+++ b/nixos/flake/flake.nix.org
@@ -0,0 +1,34 @@
+#+title: Flake Root
+
+I use the unstable branch of =nixpkgs=. This file defines the outputs for my configuration (system and home).
+#+begin_src nix
+  {
+    description = "My NixOS Configuration";
+
+    inputs = {
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    };
+
+    outputs = {
+      self,
+      nixpkgs,
+      home-manager,
+      ...
+    }@inputs: {
+      nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./system/core.nix
+          home-manager.nixosModules.home-manager
+  	        {
+  	          home-manager.backupFileExtension = "bak";
+  	          home-manager.useGlobalPkgs = true;
+  	          home-manager.useUserPackages = true;
+  	          home-manager.users.jjanzen = import ./home/core.nix;
+  	        }
+        ];
+      };
+    };
+  }
+#+end_src
diff --git a/nixos/flake/home/.wallpaper b/nixos/flake/home/.wallpaper
new file mode 120000
index 0000000..316db81
--- /dev/null
+++ b/nixos/flake/home/.wallpaper
@@ -0,0 +1 @@
+../../../common/.wallpaper
\ No newline at end of file
diff --git a/nixos/flake/home/clang-format.nix.org b/nixos/flake/home/clang-format.nix.org
new file mode 120000
index 0000000..db7166a
--- /dev/null
+++ b/nixos/flake/home/clang-format.nix.org
@@ -0,0 +1 @@
+../../../common/.flake/home/clang-format.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/core.nix.org b/nixos/flake/home/core.nix.org
new file mode 100644
index 0000000..ec135d3
--- /dev/null
+++ b/nixos/flake/home/core.nix.org
@@ -0,0 +1,25 @@
+#+title: Core Home Configuration
+
+Set up home manager for my user account and import submodules.
+#+begin_src nix :tangle ~/.flake/home/core.nix :mkdirp yes
+  { config, pkgs, ... }:
+
+  {
+    imports = [
+      ./clang-format.nix
+      ./cursor.nix
+      ./fonts.nix
+      ./hyprland.nix
+      ./programs/core.nix
+      ./scripts.nix
+      ./services/core.nix
+    ];
+
+    home.username = "jjanzen";
+    home.homeDirectory = "/home/jjanzen";
+    home.file.".wallpaper".source = ./.wallpaper;
+
+    home.stateVersion = "24.05";
+    programs.home-manager.enable = true;
+  }
+#+end_src
diff --git a/nixos/flake/home/cursor.nix.org b/nixos/flake/home/cursor.nix.org
new file mode 120000
index 0000000..3d3d406
--- /dev/null
+++ b/nixos/flake/home/cursor.nix.org
@@ -0,0 +1 @@
+../../../common/.flake/home/cursor.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/fonts.nix.org b/nixos/flake/home/fonts.nix.org
new file mode 120000
index 0000000..53bec1c
--- /dev/null
+++ b/nixos/flake/home/fonts.nix.org
@@ -0,0 +1 @@
+../../../common/.flake/home/fonts.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/hyprland.nix.org b/nixos/flake/home/hyprland.nix.org
new file mode 120000
index 0000000..d2a0693
--- /dev/null
+++ b/nixos/flake/home/hyprland.nix.org
@@ -0,0 +1 @@
+../../../common/.flake/home/hyprland.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/core.nix.org b/nixos/flake/home/programs/core.nix.org
new file mode 100644
index 0000000..9557c8b
--- /dev/null
+++ b/nixos/flake/home/programs/core.nix.org
@@ -0,0 +1,52 @@
+#+title: Core Program Configuration
+
+This is the core of my program configuration. This file installs programs that do not require additional configuration. Note that Discord is not FOSS and that =prismlauncher= is a launcher for Minecraft.
+#+begin_src nix :tangle ~/.flake/home/programs/core.nix :mkdirp yes
+  { config, pkgs, ... }:
+
+  {
+    imports = [
+      ./emacs/core.nix
+      ./fastfetch.nix
+      ./foot.nix
+      ./git.nix
+      ./hyprlock.nix
+      ./ncmpcpp.nix
+      ./neovim.nix
+      ./ssh.nix
+      ./waybar.nix
+      ./zsh.nix
+    ];
+
+    home.packages = with pkgs; [
+      discord # not FOSS
+      clang-tools
+      eza
+      fuzzel
+      ispell
+      gcc
+      gzdoom
+      htop
+      hyfetch
+      hyprshot
+      lesspipe
+      mpc-cli
+      mpv
+      networkmanagerapplet
+      obs-studio
+      openresolv
+      openvpn
+      pavucontrol
+      prismlauncher # minecraft
+      python3
+      python312Packages.python-lsp-server
+      qbittorrent
+      retroarchFull
+      swaybg
+      texliveFull
+      unzip
+      zip
+      zotero
+    ];
+  }
+#+end_src
diff --git a/nixos/flake/home/programs/emacs b/nixos/flake/home/programs/emacs
new file mode 120000
index 0000000..39d7462
--- /dev/null
+++ b/nixos/flake/home/programs/emacs
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/emacs
\ No newline at end of file
diff --git a/nixos/flake/home/programs/fastfetch.nix.org b/nixos/flake/home/programs/fastfetch.nix.org
new file mode 120000
index 0000000..25e2716
--- /dev/null
+++ b/nixos/flake/home/programs/fastfetch.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/fastfetch.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/foot.nix.org b/nixos/flake/home/programs/foot.nix.org
new file mode 120000
index 0000000..6197c4a
--- /dev/null
+++ b/nixos/flake/home/programs/foot.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/foot.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/git.nix.org b/nixos/flake/home/programs/git.nix.org
new file mode 120000
index 0000000..e8ddd28
--- /dev/null
+++ b/nixos/flake/home/programs/git.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/git.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/hyprlock.nix.org b/nixos/flake/home/programs/hyprlock.nix.org
new file mode 120000
index 0000000..7a25ac8
--- /dev/null
+++ b/nixos/flake/home/programs/hyprlock.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/hyprlock.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/ncmpcpp.nix.org b/nixos/flake/home/programs/ncmpcpp.nix.org
new file mode 120000
index 0000000..f91dfd3
--- /dev/null
+++ b/nixos/flake/home/programs/ncmpcpp.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/ncmpcpp.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/neovim.nix.org b/nixos/flake/home/programs/neovim.nix.org
new file mode 120000
index 0000000..871eafa
--- /dev/null
+++ b/nixos/flake/home/programs/neovim.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/neovim.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/ssh.nix.org b/nixos/flake/home/programs/ssh.nix.org
new file mode 120000
index 0000000..363ead0
--- /dev/null
+++ b/nixos/flake/home/programs/ssh.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/ssh.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/waybar.nix.org b/nixos/flake/home/programs/waybar.nix.org
new file mode 120000
index 0000000..04d9dd3
--- /dev/null
+++ b/nixos/flake/home/programs/waybar.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/waybar.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/programs/zsh.nix.org b/nixos/flake/home/programs/zsh.nix.org
new file mode 120000
index 0000000..59d4ec7
--- /dev/null
+++ b/nixos/flake/home/programs/zsh.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/programs/zsh.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/scripts.nix.org b/nixos/flake/home/scripts.nix.org
new file mode 100644
index 0000000..b98b389
--- /dev/null
+++ b/nixos/flake/home/scripts.nix.org
@@ -0,0 +1,43 @@
+#+title: Custom Scripts
+
+Open script container.
+#+begin_src nix :tangle ~/.flake/home/scripts.nix :mkdirp yes
+  { config, pkgs, ... }:
+
+  {
+    home.file = {
+#+end_src
+
+Use =fuzzel= to open a menu to power off, reboot, or log out.
+#+begin_src nix :tangle ~/.flake/home/scripts.nix :mkdirp yes
+      ".local/bin/poweroptions.sh" = {
+        text = ''
+    #!/bin/sh
+
+    getoption () {
+        fuzzel --dmenu -l 3 -x 1 -r 10 << EOF
+            󰐥 power off
+            󰜉 restart
+            󰍃 logout
+    EOF
+    }
+
+    option=$(getoption | xargs)
+    case $option in
+        '󰐥 power off')
+            systemctl poweroff;;
+        '󰜉 restart')
+            systemctl reboot;;
+        '󰍃 logout')
+            hyprctl dispatch exit;;
+    esac
+        '';
+        executable = true;
+      };
+#+end_src
+
+Close script container.
+#+begin_src nix :tangle ~/.flake/home/scripts.nix :mkdirp yes
+    };
+  }
+#+end_src
diff --git a/nixos/flake/home/services/core.nix.org b/nixos/flake/home/services/core.nix.org
new file mode 100644
index 0000000..7fbc333
--- /dev/null
+++ b/nixos/flake/home/services/core.nix.org
@@ -0,0 +1,19 @@
+#+title: Core Service Configuration
+
+Import service configurations.
+#+begin_src nix :tangle ~/.flake/home/services/core.nix :mkdirp yes
+  { config, pkgs, ... }:
+
+  {
+    imports = [
+      ./emacs.nix
+      ./mako.nix
+      ./mpd.nix
+      ./syncthing.nix
+    ];
+
+    home.packages = with pkgs; [
+      mpdscribble
+    ];
+  }
+#+end_src
diff --git a/nixos/flake/home/services/emacs.nix.org b/nixos/flake/home/services/emacs.nix.org
new file mode 120000
index 0000000..45c44ee
--- /dev/null
+++ b/nixos/flake/home/services/emacs.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/services/emacs.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/services/mako.nix.org b/nixos/flake/home/services/mako.nix.org
new file mode 120000
index 0000000..b4d7e40
--- /dev/null
+++ b/nixos/flake/home/services/mako.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/services/mako.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/services/mpd.nix.org b/nixos/flake/home/services/mpd.nix.org
new file mode 120000
index 0000000..4b76825
--- /dev/null
+++ b/nixos/flake/home/services/mpd.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/services/mpd.nix.org
\ No newline at end of file
diff --git a/nixos/flake/home/services/syncthing.nix.org b/nixos/flake/home/services/syncthing.nix.org
new file mode 120000
index 0000000..8d42514
--- /dev/null
+++ b/nixos/flake/home/services/syncthing.nix.org
@@ -0,0 +1 @@
+../../../../common/.flake/home/services/syncthing.nix.org
\ No newline at end of file
diff --git a/nixos/flake/system/boot.nix.org b/nixos/flake/system/boot.nix.org
new file mode 100644
index 0000000..fe98542
--- /dev/null
+++ b/nixos/flake/system/boot.nix.org
@@ -0,0 +1,11 @@
+#+title: Boot Configuration
+
+Enable =systemd-boot= as my boot loader.
+#+begin_src nix :tangle ~/.flake/system/boot.nix :mkdirp yes
+{ config, lib, pkgs, ... }:
+
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}
+#+end_src
diff --git a/nixos/flake/system/core.nix.org b/nixos/flake/system/core.nix.org
new file mode 100644
index 0000000..e909198
--- /dev/null
+++ b/nixos/flake/system/core.nix.org
@@ -0,0 +1,21 @@
+#+title: System Core
+
+This file imports various system configuration components in addition to enabling flakes and defining the system version.
+#+begin_src nix :tangle ~/.flake/system/core.nix :mkdirp yes
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./boot.nix
+    ./desktop.nix
+    ./hardware-configuration.nix
+    ./locale.nix
+    ./network.nix
+    ./users.nix
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  system.stateVersion = "24.05";
+}
+#+end_src
diff --git a/nixos/flake/system/desktop.nix.org b/nixos/flake/system/desktop.nix.org
new file mode 100644
index 0000000..eef6eef
--- /dev/null
+++ b/nixos/flake/system/desktop.nix.org
@@ -0,0 +1,116 @@
+#+title: Desktop System Configuration
+
+Open the desktop configuration.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+  { config, lib, pkgs, ... }:
+
+  {
+#+end_src
+
+Allow unfree packages on this system.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    nixpkgs.config.allowUnfree = true;
+#+end_src
+
+Install necessary packages for the desktop.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    environment.systemPackages = with pkgs; [
+      dolphin
+      firefox
+      git
+      greetd.tuigreet
+      kitty
+      gnumake
+      neovim
+      python3
+      wget
+    ];
+#+end_src
+
+Install Steam.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+    localNetworkGameTransfers.openFirewall = true;
+  };
+#+end_src
+
+Use Neovim as my default editor.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+      environment.variables.EDITOR = "nvim";
+#+end_src
+
+Enable GPG agent globally.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    programs.gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+#+end_src
+
+Install =zsh= and set up completions.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    programs.zsh.enable = true;
+    environment.pathsToLink = [ "/share/zsh" ];
+#+end_src
+
+Use the =us= keyboard layout.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    services.xserver.xkb.layout = "us";
+#+end_src
+
+Install Hyprland as a window manager.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    services.xserver.enable = true;
+    xdg.portal.enable = true;
+    programs.hyprland.enable = true;
+    environment.sessionVariables.NIXOS_OZONE_WL = "1";
+#+end_src
+
+Enable =pam= support for Hyprlock.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    security.pam.services.hyprlock = {};
+#+end_src
+
+Enable =greetd= with =tuigreet= as my login manager.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    services.greetd = {
+      enable = true;
+      settings = {
+        default_session = {
+          command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --sessions ${pkgs.hyprland}/share/wayland-sessions --cmd \"dbus-run-session Hyprland\"";
+  	      user = "greeter";
+        };
+      };
+    };
+    systemd.services.greetd.serviceConfig = {
+      Type = "idle";
+      StandardInput = "tty";
+      StanardOutput = "tty";
+      StandardError = "journal";
+      TTYReset = true;
+      TTYVHangup = true;
+      TTYVTDisallocate = true;
+    };
+#+end_src
+
+Enable PipeWire.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+    services.pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+#+end_src
+
+Enable GNOME Keyring.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+#+end_src
+
+Close the desktop configuration.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+  }
+#+end_src
diff --git a/nixos/flake/system/hardware-configuration.nix b/nixos/flake/system/hardware-configuration.nix
new file mode 100644
index 0000000..74ef301
--- /dev/null
+++ b/nixos/flake/system/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1cf884d2-8691-4122-85e2-a4edd2d1609f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/ABCB-FAEC";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/675d8161-49c5-4348-9da5-4a7c8ada700f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/nixos/flake/system/locale.nix.org b/nixos/flake/system/locale.nix.org
new file mode 100644
index 0000000..63d05a0
--- /dev/null
+++ b/nixos/flake/system/locale.nix.org
@@ -0,0 +1,11 @@
+#+title: Locale Setup
+
+My timezone is Winnipeg, and I use Canadian English.
+#+begin_src nix :tangle ~/.flake/system/locale.nix :mkdirp yes
+  { config, lib, pkgs, ... }:
+
+  {
+    time.timeZone = "America/Winnipeg";
+    i18n.defaultLocale = "en_CA.UTF-8";
+  }
+#+end_src
diff --git a/nixos/flake/system/network.nix.org b/nixos/flake/system/network.nix.org
new file mode 100644
index 0000000..67a7721
--- /dev/null
+++ b/nixos/flake/system/network.nix.org
@@ -0,0 +1,55 @@
+#+title: Network Configuration
+
+Open the network configuration.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+  { config, lib, pkgs, ... }:
+
+  {
+#+end_src
+
+This system is called =nixos=.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+    networking.hostName = "nixos";
+#+end_src
+
+I use NetworkManager to configure my network.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+    networking.networkmanager.enable = true;
+#+end_src
+
+Enable Bluetooth at boot.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+    hardware.bluetooth.enable = true;
+    hardware.bluetooth.powerOnBoot = true;
+    services.blueman.enable = true;
+#+end_src
+
+Enable printing.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+    services.printing.enable = true;
+#+end_src
+
+Enable SSH.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+    services.openssh.enable = true;
+#+end_src
+
+Set up my firewall.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+  networking.firewall = {
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+  };
+
+  environment.etc = {
+    "openvpn/update-resolv-conf" = {
+      source = ./update-resolv-conf.sh;
+      mode = "0700";
+    };
+  };
+#+end_src
+
+Close the network configuration.
+#+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
+  }
+#+end_src
diff --git a/nixos/flake/system/update-resolv-conf.sh b/nixos/flake/system/update-resolv-conf.sh
new file mode 100644
index 0000000..16622a1
--- /dev/null
+++ b/nixos/flake/system/update-resolv-conf.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+#
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
+# and Chris Hanson
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
+# 07/2013 colin@daedrum.net Fixed intet name
+# 05/2006 chlauber@bnc.ch
+#
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
+
+## The 'type' builtins will look for file in $PATH variable, so we set the
+## PATH below. You might need to directly set the path to 'resolvconf'
+## manually if it still doesn't work, i.e.
+## RESOLVCONF=/usr/sbin/resolvconf
+export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
+RESOLVCONF=$(type -p resolvconf)
+
+case $script_type in
+
+up)
+  for optionname in ${!foreign_option_*} ; do
+    option="${!optionname}"
+    echo $option
+    part1=$(echo "$option" | cut -d " " -f 1)
+    if [ "$part1" == "dhcp-option" ] ; then
+      part2=$(echo "$option" | cut -d " " -f 2)
+      part3=$(echo "$option" | cut -d " " -f 3)
+      if [ "$part2" == "DNS" ] ; then
+        IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+      fi
+      if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
+        IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
+      fi
+    fi
+  done
+  R=""
+  if [ "$IF_DNS_SEARCH" ]; then
+    R="search "
+    for DS in $IF_DNS_SEARCH ; do
+      R="${R} $DS"
+    done
+  R="${R}
+"
+  fi
+
+  for NS in $IF_DNS_NAMESERVERS ; do
+    R="${R}nameserver $NS
+"
+  done
+  #echo -n "$R" | $RESOLVCONF -x -p -a "${dev}"
+  echo -n "$R" | $RESOLVCONF -x -a "${dev}.inet"
+  ;;
+down)
+  $RESOLVCONF -d "${dev}.inet"
+  ;;
+esac
+
+# Workaround / jm@epiclabs.io 
+# force exit with no errors. Due to an apparent conflict with the Network Manager
+# $RESOLVCONF sometimes exits with error code 6 even though it has performed the
+# action correctly and OpenVPN shuts down.
+exit 0
diff --git a/nixos/flake/system/users.nix.org b/nixos/flake/system/users.nix.org
new file mode 100644
index 0000000..e922d8e
--- /dev/null
+++ b/nixos/flake/system/users.nix.org
@@ -0,0 +1,14 @@
+#+title: User Configuration
+
+Set up my user account with =zsh= as default shell with =sudoers= and network management permissions.
+#+begin_src nix
+{ config, lib, pkgs, ... }:
+
+{
+  users.users.jjanzen = {
+    shell = pkgs.zsh;
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+}
+#+end_src