about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.lock159
-rw-r--r--flake.nix42
-rw-r--r--modules/nixfiles/aria2.nix3
-rw-r--r--modules/nixfiles/common/nix/default.nix1
-rw-r--r--modules/nixfiles/common/shell/default.nix8
-rw-r--r--modules/nixfiles/firefox/default.nix18
-rw-r--r--modules/nixfiles/mpv.nix4
-rw-r--r--modules/nixos/bluetooth.nix2
-rw-r--r--modules/nixos/common/ark.nix56
-rw-r--r--modules/nixos/common/default.nix1
-rw-r--r--modules/nixos/common/networking.nix8
-rw-r--r--modules/nixos/common/nix.nix4
-rw-r--r--modules/nixos/common/secrets.nix2
-rw-r--r--modules/nixos/common/security.nix12
-rw-r--r--modules/nixos/common/systemd.nix6
-rw-r--r--modules/nixos/common/users.nix3
-rw-r--r--modules/nixos/games/minecraft.nix64
-rw-r--r--modules/nixos/libvirtd.nix2
-rw-r--r--modules/nixos/openssh.nix27
-rw-r--r--modules/nixos/profiles/default.nix3
-rw-r--r--nixosConfigurations/eonwe/default.nix47
-rw-r--r--nixosConfigurations/varda/default.nix7
22 files changed, 317 insertions, 162 deletions
diff --git a/flake.lock b/flake.lock
index 17afe17..2a7560b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -262,11 +262,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1665870395,
-        "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
+        "lastModified": 1675021904,
+        "narHash": "sha256-jkg8ZwPi0aYKxtaGvGXzxz14kGkGxMrdJZj2gGxRo3E=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
+        "rev": "6d3a415637981b966f3bdb813aefcff405630a7f",
         "type": "github"
       },
       "original": {
@@ -299,11 +299,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672673185,
-        "narHash": "sha256-wnEJOjhwgoSHFnBQfGHkPefuUSvTegRYed6BUOguk9g=",
+        "lastModified": 1674385484,
+        "narHash": "sha256-sZ78pRCF5SXWq8/lIQ5bqED6wTQxY5waUBn+Jbu9J10=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "b46b140fe8631e4bc26f80d04477691df2d84af2",
+        "rev": "9e799c371416daf163a8a54829aef4c1ae85c7bc",
         "type": "github"
       },
       "original": {
@@ -353,11 +353,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672753581,
-        "narHash": "sha256-EIi2tqHoje5cE9WqH23ZghW28NOOWSUM7tcxKE1U9KI=",
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "3db1d870b04b13411f56ab1a50cd32b001f56433",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
         "type": "github"
       },
       "original": {
@@ -434,11 +434,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672852603,
-        "narHash": "sha256-i5QlHEHG/T4Pp150a6cZe76EcgW/IePPiaRGcIyTBrE=",
+        "lastModified": 1675015755,
+        "narHash": "sha256-4orQ2IM5xKueh3lV9HUdM0P/0DBRo6TZEAVo73/dZSk=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "ed0045366fc3bcc7ecd3dccdbf66c2cfa979fe18",
+        "rev": "1d2409effbdebad47fb887ff6305f3da1fea5965",
         "type": "github"
       },
       "original": {
@@ -547,11 +547,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1668681692,
-        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
         "type": "github"
       },
       "original": {
@@ -564,11 +564,11 @@
     "flake-registry": {
       "flake": false,
       "locked": {
-        "lastModified": 1661161594,
-        "narHash": "sha256-tu1KKNLw+v7ZOIUPGDE66tn9vEyhIAWiiJYZRGGev8E=",
+        "lastModified": 1674218164,
+        "narHash": "sha256-oLNWhwrV252kiy2tGQwwJNKFR+iG0fjsw0GSE/XVTR8=",
         "owner": "NixOS",
         "repo": "flake-registry",
-        "rev": "8634fb4e1db6c76ce037bc00ef80f9ebd2616476",
+        "rev": "507c028d8d189b6647592dfd10ee677578de45a1",
         "type": "github"
       },
       "original": {
@@ -642,11 +642,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672780900,
-        "narHash": "sha256-DxuSn6BdkZapIbg76xzYx1KhVPEZeBexMkt1q/sMVPA=",
+        "lastModified": 1674928308,
+        "narHash": "sha256-elVU4NUZEl11BdT4gC+lrpLYM8Ccxqxs19Ix84HTI9o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "54245e1820caabd8a0b53ce4d47e4d0fefe04cd4",
+        "rev": "08a778d80308353f4f65c9dcd3790b5da02d6306",
         "type": "github"
       },
       "original": {
@@ -656,6 +656,22 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1668668915,
+        "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "libnbtplusplus": {
       "flake": false,
       "locked": {
@@ -675,11 +691,11 @@
     "master": {
       "flake": false,
       "locked": {
-        "lastModified": 1670682948,
-        "narHash": "sha256-yFg8U4D+qD9UQXhpAXrl9Ksj16zrCLOgahMtT9QS2Y8=",
+        "lastModified": 1673196505,
+        "narHash": "sha256-YsQbH6bqp2I52meYf0X0DQpwLlDdu5pK9XHMT/9RqOg=",
         "owner": "arkenfox",
         "repo": "user.js",
-        "rev": "7135907b2fe13fa55eb8ebf162603037f83e353c",
+        "rev": "62a68f08147123b0c2c288ffdecc3f03e4ab1ae8",
         "type": "github"
       },
       "original": {
@@ -725,11 +741,11 @@
         "ws-butler": "ws-butler"
       },
       "locked": {
-        "lastModified": 1671758850,
-        "narHash": "sha256-B6us/CLIIPJRJgjn/hVp7N07j90kil4HmjUVj8TBhKE=",
+        "lastModified": 1674782939,
+        "narHash": "sha256-mf+RaqdCqqLraVVOQ5c8LRj+9ChnVzsUNlOjJSPdBbc=",
         "owner": "nix-community",
         "repo": "nix-doom-emacs",
-        "rev": "85a48dbec84e9c26785b58fecdefa1cfc580aea7",
+        "rev": "e92e5b6021b1ad4290e051111010ba51921507cd",
         "type": "github"
       },
       "original": {
@@ -739,6 +755,30 @@
         "type": "github"
       }
     },
+    "nix-minecraft": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1674956856,
+        "narHash": "sha256-u1DZQpUE3VepKxaEpcM6qz+bDCTb9muFPf0AcRdnuPI=",
+        "owner": "Infinidoge",
+        "repo": "nix-minecraft",
+        "rev": "0fe27d63d2801eb5fa430b534d6776d290450c6f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Infinidoge",
+        "ref": "master",
+        "repo": "nix-minecraft",
+        "type": "github"
+      }
+    },
     "nix-straight": {
       "flake": false,
       "locked": {
@@ -757,11 +797,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1672644464,
-        "narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=",
+        "lastModified": 1674550793,
+        "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26",
+        "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103",
         "type": "github"
       },
       "original": {
@@ -773,11 +813,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1672756850,
-        "narHash": "sha256-Smbq3+fitwA13qsTMeaaurv09/KVbZfW7m7lINwzDGA=",
+        "lastModified": 1674958881,
+        "narHash": "sha256-p1E20TGSgzs+EUhRPMe6fyZIxUV6CbcwilZEzy+XmAk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "298add347c2bbce14020fcb54051f517c391196b",
+        "rev": "a0feb36dc510bfa8f8809980a8230617fb9eb618",
         "type": "github"
       },
       "original": {
@@ -789,11 +829,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1672874841,
-        "narHash": "sha256-CKr3mOiSYm8H5bg7q1hb0TE9tDHSmqZPNzVAfNmmazE=",
+        "lastModified": 1675023360,
+        "narHash": "sha256-IGXCr47L9OQaZkzyogT/4SlljkueU/+on5u8VOeKQ78=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "62f7bf5a13149097694e84cff1e928a97a39741b",
+        "rev": "dc9441ccc34a5cb56d09ebbe82aa4225a2e3d91d",
         "type": "github"
       },
       "original": {
@@ -805,11 +845,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1672844754,
-        "narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=",
+        "lastModified": 1675018232,
+        "narHash": "sha256-sN98tnO63DXhDX1BAfrLu+7z1ZEW51jEsk3ErmMmUaI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e9ade2c8240e00a4784fac282a502efff2786bdc",
+        "rev": "a296508344909b1251442a1e38d9c4080c9bf7c0",
         "type": "github"
       },
       "original": {
@@ -871,11 +911,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1672875891,
-        "narHash": "sha256-5A4e/Uc6aWQmMsYnMOffLg766weMfCakxo2AnQXrJco=",
+        "lastModified": 1674999880,
+        "narHash": "sha256-mmALt2MFFLsJj0wddOxLqTg453wtPskS00U1TD120FA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "e14930ece703757a928cb62327d4157bb30a7a90",
+        "rev": "1955f5e2c384d156efcc0b4ce7a0f635c3ea0997",
         "type": "github"
       },
       "original": {
@@ -904,11 +944,11 @@
     "org": {
       "flake": false,
       "locked": {
-        "lastModified": 1670680538,
-        "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=",
+        "lastModified": 1673519709,
+        "narHash": "sha256-XtGk32Lw2iGDgH5Q4Rjhig0Iq5hpIM0EKQoptJ+nT3k=",
         "owner": "emacs-straight",
         "repo": "org-mode",
-        "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062",
+        "rev": "ecb62e2e317b1a4b5b8a6c0f111ed7ef18413040",
         "type": "github"
       },
       "original": {
@@ -1007,11 +1047,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672734157,
-        "narHash": "sha256-uwUBnv0bN1SO4QVIo8KUx/jxRYCy7cW8kzZa+Qsrw9k=",
+        "lastModified": 1674761200,
+        "narHash": "sha256-v0ypL0eDhFWmgd3f5nnbffaMA5BUoOnYUiEso7fk+q0=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "d0ce0a861260493c6c21f16f59d25076f73cb931",
+        "rev": "8539119ba0b17b15e60de60da0348d8c73bbfdf2",
         "type": "github"
       },
       "original": {
@@ -1024,11 +1064,11 @@
     "revealjs": {
       "flake": false,
       "locked": {
-        "lastModified": 1670408834,
-        "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=",
+        "lastModified": 1674652670,
+        "narHash": "sha256-ViqeZlOjQTlY0KM7YcOOjdgkxRLPMZrRKXTqtyc1I00=",
         "owner": "hakimel",
         "repo": "reveal.js",
-        "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75",
+        "rev": "b1a9842b2f4544a2fda546383db38cc7a81f6b74",
         "type": "github"
       },
       "original": {
@@ -1049,7 +1089,9 @@
         "flake-registry": "flake-registry",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "impermanence": "impermanence",
         "nix-doom-emacs": "nix-doom-emacs",
+        "nix-minecraft": "nix-minecraft",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-master": "nixpkgs-master",
@@ -1082,6 +1124,9 @@
     "simple-nixos-mailserver": {
       "inputs": {
         "blobs": "blobs",
+        "flake-compat": [
+          "flake-compat"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -1093,11 +1138,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1671659164,
-        "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
+        "lastModified": 1671738303,
+        "narHash": "sha256-PRgqtaWf2kMSYqVmcnmhTh+UsC0RmvXRTr+EOw5VZUA=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
+        "rev": "6d0d9fb966cc565a3df74d3b686f924c7615118c",
         "type": "gitlab"
       },
       "original": {
@@ -1126,11 +1171,11 @@
     "ts-fold": {
       "flake": false,
       "locked": {
-        "lastModified": 1671426601,
-        "narHash": "sha256-NrvSK+olbi4P+9q5KOomNHGgmrRtI9cW9ZqkdU4n0Sc=",
+        "lastModified": 1673328482,
+        "narHash": "sha256-6yQ35uJDAK531QNQZgloQaOQayRa8azOlOMbO8lXsHE=",
         "owner": "jcs-elpa",
         "repo": "ts-fold",
-        "rev": "a64f5252a66253852bef1c627cea9e39928e6392",
+        "rev": "75d6f9ed317b042b5bc7cb21503596d1c7a1b8c0",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index ba845a4..4f3eacb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,13 @@
       };
     };
 
+    impermanence = {
+      type = "github";
+      owner = "nix-community";
+      repo = "impermanence";
+      ref = "master";
+    };
+
     emacs-overlay = {
       type = "github";
       owner = "nix-community";
@@ -98,30 +105,16 @@
       };
     };
 
-    # nil = {
-    #   type = "github";
-    #   owner = "oxalica";
-    #   repo = "nil";
-    #   ref = "main";
-    #   inputs = {
-    #     flake-utils.follows = "flake-utils";
-    #     nixpkgs.follows = "nixpkgs";
-    #   };
-    # };
-
-    # NOTE This[1] is annoying.
-    #
-    # [1]: https://github.com/NixOS/nix/pull/6983#issuecomment-1234335417
-    # nix-minecraft-servers = {
-    #   type = "github";
-    #   owner = "jyooru";
-    #   repo = "nix-minecraft-servers";
-    #   ref = "main";
-    #   inputs = {
-    #     nixpkgs.follows = "nixpkgs";
-    #     utils.inputs.flake-utils.follows = "flake-utils";
-    #   };
-    # };
+    nix-minecraft = {
+      type = "github";
+      owner = "Infinidoge";
+      repo = "nix-minecraft";
+      ref = "master";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-utils.follows = "flake-utils";
+      };
+    };
 
     pollymc = {
       type = "github";
@@ -151,6 +144,7 @@
       repo = "nixos-mailserver";
       ref = "master";
       inputs = {
+        flake-compat.follows = "flake-compat";
         nixpkgs-22_11.follows = "nixpkgs-stable";
         nixpkgs.follows = "nixpkgs";
         utils.follows = "flake-utils";
diff --git a/modules/nixfiles/aria2.nix b/modules/nixfiles/aria2.nix
index 9e72176..f33acb9 100644
--- a/modules/nixfiles/aria2.nix
+++ b/modules/nixfiles/aria2.nix
@@ -7,8 +7,7 @@
 with lib; let
   cfg = config.nixfiles.modules.aria2;
 in {
-  options.nixfiles.modules.aria2.enable =
-    mkEnableOption "aria2";
+  options.nixfiles.modules.aria2.enable = mkEnableOption "aria2";
 
   config = mkIf cfg.enable {
     hm.programs.aria2 = {
diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix
index 436ce15..2cbb86a 100644
--- a/modules/nixfiles/common/nix/default.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -119,7 +119,6 @@ with lib; {
       }))
     emacs-overlay.overlay
     nur.overlay
-    # nil.overlays.default
   ];
 
   environment.systemPackages = with pkgs;
diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix
index 9425578..6ed8ff0 100644
--- a/modules/nixfiles/common/shell/default.nix
+++ b/modules/nixfiles/common/shell/default.nix
@@ -35,8 +35,8 @@ with lib; {
           GRC_ALIASES=true
           source ${pkgs.grc}/etc/profile.d/grc.sh
 
-          if [ -z $_PROFILE_SOURCED ] && [ -f $HOME/.profile ]; then
-            source $HOME/.profile
+          if [ -z "$_PROFILE_SOURCED" ] && [ -f "$HOME/.profile" ]; then
+            source "$HOME/.profile"
           fi
         '';
 
@@ -75,9 +75,7 @@ with lib; {
 
                 progressBar = optionalString this.isHeadful "--progress-bar";
               in [
-                (mkAlias {
-                  command = ["cp" "--interactive" "--recursive" progressBar];
-                })
+                (mkAlias {command = ["cp" "--interactive" "--recursive" progressBar];})
                 (mkAlias {command = ["mv" "--interactive" progressBar];})
                 (mkAlias {command = ["rm" "--interactive=once"];})
                 (mkAlias {command = ["ln" "--interactive"];})
diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix
index cd651a6..8b51db7 100644
--- a/modules/nixfiles/firefox/default.nix
+++ b/modules/nixfiles/firefox/default.nix
@@ -83,23 +83,7 @@ in {
                 };
               };
             };
-            "0200" = {
-              enable = true;
-              "0204" = {
-                enable = true;
-                "browser.search.region" = {
-                  enable = true;
-                  value = "US";
-                };
-              };
-              "0210" = {
-                enable = true;
-                "intl.accept_languages" = {
-                  enable = true;
-                  value = "en-US, en";
-                };
-              };
-            };
+            "0200".enable = true;
             "0300".enable = true;
             "0400" = {
               enable = false;
diff --git a/modules/nixfiles/mpv.nix b/modules/nixfiles/mpv.nix
index 2072bc6..afab1dd 100644
--- a/modules/nixfiles/mpv.nix
+++ b/modules/nixfiles/mpv.nix
@@ -14,8 +14,6 @@ in {
       mpv = {
         enable = true;
 
-        # This is so dumb. And people still wonder why NixOS is so inacessable
-        # to outsiders.
         package = with pkgs;
           wrapMpv mpv-unwrapped {
             scripts = with mpvScripts; [
@@ -74,7 +72,6 @@ in {
           cursor-autohide = 1000;
           force-seekable = "no";
           fullscreen = true;
-          load-unsafe-playlists = true;
           msg-color = true;
           msg-module = true;
           prefetch-playlist = true;
@@ -123,7 +120,6 @@ in {
 
           ytdl = true;
           ytdl-raw-options = ''sub-lang="${lang}",write-sub='';
-          ytdl-format = "(bestvideo[height<=?1080][fps<=?60][protocol!=http_dash_segments])+(bestaudio[acodec=opus]/bestaudio)/best";
         };
       };
 
diff --git a/modules/nixos/bluetooth.nix b/modules/nixos/bluetooth.nix
index 8347361..cf92179 100644
--- a/modules/nixos/bluetooth.nix
+++ b/modules/nixos/bluetooth.nix
@@ -11,6 +11,8 @@ in {
     mkEnableOption "Bluetooth support";
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/bluetooth"];
+
     hardware.bluetooth = {
       enable = true;
       settings.General.FastConnectable = true;
diff --git a/modules/nixos/common/ark.nix b/modules/nixos/common/ark.nix
new file mode 100644
index 0000000..3a12050
--- /dev/null
+++ b/modules/nixos/common/ark.nix
@@ -0,0 +1,56 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.ark;
+in {
+  imports = [
+    (mkAliasOptionModule ["ark"] ["nixfiles" "modules" "ark"])
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  options.nixfiles.modules.ark = let
+    mkListOfAnythingOption = mkOption {
+      type = with types; listOf anything; # Assumed to be matching with the upstream type.
+      default = [];
+    };
+  in {
+    enable = mkEnableOption "persistent storage support via impermanence";
+
+    path = mkOption {
+      type = types.str;
+      default = "/ark";
+    };
+
+    directories = mkListOfAnythingOption;
+    files = mkListOfAnythingOption;
+    # hm = {
+    #   directories = mkListOfAnythingOption;
+    #   files = mkListOfAnythingOption;
+    # };
+  };
+
+  config = mkIf cfg.enable {
+    environment.persistence.${cfg.path} = {
+      hideMounts = true;
+      enableDebugging = false;
+      inherit (cfg) directories files;
+    };
+
+    # NOTE We can't reliably[1] use this, so for the time being, this will stay
+    # commented out. Probably forever.
+    #
+    # [1]: https://github.com/nix-community/impermanence/issues/18
+    #
+    # hm = {
+    #   imports = [inputs.impermanence.nixosModules.home-manager.impermanence];
+    #   home.persistence."${cfg.path}/${config.my.home}" = {
+    #     allowOther = false;
+    #     inherit (cfg.hm) directories files;
+    #   };
+    # };
+  };
+}
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index 8724c8b..54f8f51 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -1,5 +1,6 @@
 _: {
   imports = [
+    ./ark.nix
     ./console.nix
     ./documentation.nix
     ./home-manager.nix
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix
index 0c44159..8d94a4e 100644
--- a/modules/nixos/common/networking.nix
+++ b/modules/nixos/common/networking.nix
@@ -12,6 +12,10 @@ in {
     mkEnableOption "custom networking settings";
 
   config = mkIf (!cfg.onlyDefault) {
+    ark.directories = with config.networking;
+      optional networkmanager.enable "/etc/NetworkManager/system-connections"
+      ++ optional wireless.iwd.enable "/var/lib/iwd";
+
     # TODO Support multiple interfaces and IP addresses.
     networking = mkMerge [
       {
@@ -20,8 +24,8 @@ in {
         hostName = this.hostname;
         hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
 
-        # Remove default hostname mappings. This is required at least by the current
-        # implementation of the montoring module.
+        # Remove default hostname mappings. This is required at least by the
+        # current implementation of the monitoring module.
         hosts = {
           "127.0.0.2" = mkForce [];
           "::1" = mkForce [];
diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix
index 71f62fd..48c52b3 100644
--- a/modules/nixos/common/nix.nix
+++ b/modules/nixos/common/nix.nix
@@ -21,10 +21,10 @@ in {
       config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages;
 
       overlays = with inputs; [
-        agenix.overlay
+        agenix.overlays.default
+        nix-minecraft.overlay
         pollymc.overlay
         xmonad-ng.overlays.default
-        # nix-minecraft-servers.overlays.default
       ];
     };
 
diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix
index 4fcdc61..c229882 100644
--- a/modules/nixos/common/secrets.nix
+++ b/modules/nixos/common/secrets.nix
@@ -8,7 +8,7 @@
 }:
 with lib; {
   imports = [
-    inputs.agenix.nixosModule
+    inputs.agenix.nixosModules.default
     (mkAliasOptionModule ["secrets"] ["age" "secrets"])
   ];
 
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 09c5da1..d146cee 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -9,17 +9,21 @@ with lib; {
       enable = true;
       execWheelOnly = true;
       wheelNeedsPassword = false;
-      # https://mwl.io/archives/1000
       extraConfig = ''
-        Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+        Defaults lecture=never
       '';
     };
 
     polkit = {
       enable = true;
-      # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
       extraConfig = ''
-        polkit.addRule(function (action, subject) {
+        /*
+         * Allow members of the wheel group to execute any actions
+         * without password authentication, similar to "sudo NOPASSWD:".
+         *
+         * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+         */
+        polkit.addRule(function(action, subject) {
           if (subject.isInGroup('wheel'))
             return polkit.Result.YES;
         });
diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix
index 5c7282d..c1b2539 100644
--- a/modules/nixos/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
@@ -1,4 +1,10 @@
 {pkgs, ...}: {
+  ark = {
+    # FIXME Enable on a fresh system!
+    # files = ["/etc/machine-id"];
+    directories = ["/var/lib/systemd/coredump"];
+  };
+
   hm.systemd.user.startServices = "sd-switch";
 
   services.journald.extraConfig = ''
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index 22e8023..400bf33 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -1,5 +1,8 @@
 {lib, ...}:
 with lib; {
+  # TODO Enable on a fresh system.
+  # ark.directories = [config.my.home];
+
   users = {
     mutableUsers = false;
 
diff --git a/modules/nixos/games/minecraft.nix b/modules/nixos/games/minecraft.nix
index 7b21195..09b9239 100644
--- a/modules/nixos/games/minecraft.nix
+++ b/modules/nixos/games/minecraft.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   pkgs,
   ...
@@ -7,11 +8,19 @@
 with lib; let
   cfg = config.nixfiles.modules.games.minecraft;
 in {
+  imports = [inputs.nix-minecraft.nixosModules.minecraft-servers];
+
   options.nixfiles.modules.games.minecraft = {
     client.enable = mkEnableOption "Minecraft client";
     server = {
       enable = mkEnableOption "Minecraft server";
 
+      port = mkOption {
+        description = "OpenSSH server port.";
+        type = types.port;
+        default = 50505; # Keeping 25565 as the default is a big security risk.
+      };
+
       memory = mkOption {
         description = "Amount of RAM to allocate.";
         type = types.str;
@@ -25,26 +34,53 @@ in {
       hm.home.packages = with pkgs; [prismlauncher];
     })
     (mkIf cfg.server.enable {
-      # Configurations, opslist, whitelist and plugins are managed imperatively.
-      # TODO Make it declarative.
-      services.minecraft-server = {
+      nixfiles.modules.common.nix.allowedUnfreePackages = ["minecraft-server"];
+
+      ark.directories = [config.services.minecraft-servers.dataDir];
+
+      services.minecraft-servers = {
         enable = true;
         eula = true;
 
-        package = pkgs.minecraftServers.purpur_1_19_3;
+        openFirewall = true;
+
+        servers.default = {
+          enable = true;
+          autoStart = true;
+
+          package = pkgs.paperServers.paper-1_19_3;
+
+          serverProperties = {
+            # motd = "";
+            # white-list = true;
+            allow-flight = true;
+            difficulty = "hard";
+            enable-command-block = true;
+            enforce-secure-profile = false;
+            enforce-whitelist = true;
+            gamemode = "survival";
+            level-name = "default";
+            max-players = 8;
+            online-mode = false;
+            previews-chat = false;
+            pvp = false;
+            server-port = cfg.server.port;
+            snooper-enabled = false;
+          };
+
+          whitelist = {}; # TODO Fill this.
 
-        # TODO Make a PR fixing trailing whitespace on this.
-        jvmOpts =
-          (concatStringsSep " " [
-            "-Xmx${cfg.server.memory}"
-            "-Xms${cfg.server.memory}"
-            "--add-modules=jdk.incubator.vector"
-          ])
-          + " ";
+          jvmOpts =
+            (concatStringsSep " " [
+              "-Xms${cfg.server.memory}"
+              "-Xmx${cfg.server.memory}"
+              "--add-modules=jdk.incubator.vector" # Required by some plugins.
+            ])
+            + " ";
+        };
       };
 
-      # Defined in /var/lib/minecraft/server.properties.
-      networking.firewall.allowedTCPPorts = [55565];
+      my.extraGroups = [config.services.minecraft-servers.group];
     })
   ];
 }
diff --git a/modules/nixos/libvirtd.nix b/modules/nixos/libvirtd.nix
index 58dfc50..a246c98 100644
--- a/modules/nixos/libvirtd.nix
+++ b/modules/nixos/libvirtd.nix
@@ -10,6 +10,8 @@ in {
   options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd";
 
   config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/libvirt"];
+
     hm.home.packages = with pkgs; [
       qemu-utils
       quickemu
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 36b85f8..0cd44bd 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -18,15 +18,36 @@ in {
   };
 
   config = mkIf cfg.server.enable {
+    # TODO Enable on a fresh system.
+    # ark = {
+    #   files = [
+    #     "/etc/ssh/ssh_host_ed25519_key"
+    #     "/etc/ssh/ssh_host_ed25519_key.pub"
+    #     "/etc/ssh/ssh_host_rsa_key"
+    #     "/etc/ssh/ssh_host_rsa_key.pub"
+    #   ];
+    #   directories = ["/etc/ssh/authorized_keys.d"];
+    # };
+
     programs.mosh.enable = true;
 
     services = {
       openssh = {
         enable = true;
         ports = [cfg.server.port];
-        logLevel = "VERBOSE"; # Required by fail2ban.
-        permitRootLogin = mkForce "no";
-        passwordAuthentication = false;
+        settings = {
+          AllowUsers = my.username;
+          ClientAliveCountMax = 3;
+          ClientAliveInterval = 60;
+          KbdInteractiveAuthentication = false;
+          LogLevel =
+            if config.nixfiles.modules.fail2ban.enable
+            then "VERBOSE"
+            else "ERROR";
+          MaxAuthTries = 3;
+          PasswordAuthentication = false;
+          PermitRootLogin = "no";
+        };
       };
 
       fail2ban.jails.sshd = ''
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index d5ab838..23eb455 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -15,6 +15,9 @@ in {
   ];
 
   config = mkIf cfg.enable {
+    # FIXME Enable on a fresh system!
+    # ark.directories = ["/var/log"];
+
     programs.less = {
       enable = true;
       envVariables.LESSHISTFILE = "-";
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index f07aad3..8889120 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -7,6 +7,8 @@
 }:
 with lib; {
   nixfiles.modules = {
+    ark.enable = true;
+
     wireguard.client.enable = true;
 
     syncthing.enable = true;
@@ -23,19 +25,24 @@ with lib; {
     discord.enable = true;
     libvirtd.enable = true;
     qutebrowser.enable = true;
+    mpd.enable = true;
   };
 
-  hm.programs = {
-    # NOTE This produces very poor performance even though RX 6750 XT should
-    # handle VA-API hardware decoding for all major formats (including AV1) just
-    # fine.
-    firefox.profiles.default.settings."media.ffmpeg.vaapi.enabled" = false;
+  hm = {
+    home.packages = with pkgs; [obs-studio];
+
+    programs = {
+      # NOTE This produces very poor performance even though RX 6750 XT should
+      # handle VA-API hardware decoding for all major formats (including AV1) just
+      # fine.
+      firefox.profiles.default.settings."media.ffmpeg.vaapi.enabled" = false;
 
-    # Mostly just placebo. :^)
-    mpv.config = {
-      hwdec = "vdpau";
-      vo = "gpu";
-      profile = "gpu-hq";
+      # Mostly just placebo. :^)
+      mpv.config = {
+        hwdec = "vdpau";
+        vo = "gpu";
+        profile = "gpu-hq";
+      };
     };
   };
 
@@ -49,6 +56,10 @@ with lib; {
   '';
 
   boot = {
+    # TODO Override Xanmod kernel to support ZFS. This probably will require
+    # some patching and whatnot.
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
     # Silence benign MCE errors:
     # ```
     # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
@@ -61,22 +72,6 @@ with lib; {
     initrd.kernelModules = ["nvme"];
   };
 
-  # TODO Immutable `/' shire on ZFS datasets and snapshots.
-  #
-  # Opt-in:
-  # - /etc/NetworkManager
-  # - /etc/ssh
-  # - /home
-  # - /var/lib/bluetooth
-  # - /var/lib/iwd
-  # - /var/lib/log
-  #
-  # Investigate:
-  # - /var/lib/NetworkManager
-  # - /var/lib/cni
-  # - /var/lib/containers
-  # - /var/lib/qemu
-
   fileSystems = {
     "/boot" = {
       device = "/dev/disk/by-uuid/FF1E-9CFD";
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index f08194e..e3a0d60 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -51,6 +51,13 @@ with lib; {
     }
   ];
 
+  # TODO
+  services.k3s = {
+    enable = false;
+    role = "server";
+    extraFlags = "--disable traefik";
+  };
+
   zramSwap = {
     enable = true;
     memoryPercent = 25;

Consider giving Nix/NixOS a try! <3