commit c900fa4e59fa7ad6e8c9ad115b5f9a5dfbf166d7
Author: 0xWheatyz <wyatt@leeworks.dev>
Date:   Tue Nov 11 18:00:52 2025 -0500

    refactor: moved all configs to one place

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..af862ee
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,204 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      <home-manager/nixos>
+    ];
+
+ ## Commented out as defined at the end of the page
+
+  # Bootloader. 
+#  boot.loader.systemd-boot.enable = true;
+#  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/New_York";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  # You can disable this if you're only using the Wayland session.
+  services.xserver.enable = true;
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Enable zsh
+  programs.zsh.enable = true;
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.l-wyatt = {
+    isNormalUser = true;
+    description = "Wyatt";
+    shell = pkgs.zsh;
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+  
+  home-manager.users.l-wyatt = import /home/l-wyatt/.config/home-manager/home.nix;
+  
+  nixpkgs.config.allowUnfree = true;
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    home-manager
+    firefox
+    docker
+    vmware-workstation
+    cacert
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+  
+  ### Start of self configuration
+  # Configure grub to provide ubuntu option
+  boot.loader.grub.enable = true;
+  boot.loader.grub.useOSProber = true;
+  boot.loader.grub.devices = [ "nodev" ];
+  boot.loader.grub.efiSupport = true;
+#  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  
+  # Enable fingerprint sensor
+  services.fprintd.enable = true;
+
+  # Enable bluetooth
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+
+  # Allow /etc/hosts to be modified without system rebuild
+  environment.etc.hosts.mode = "0700";
+
+  # Enable flakes and extras
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Enable docker
+  virtualisation.docker.rootless = {
+    enable = true;
+    setSocketVariable = true;
+  };
+  
+  virtualisation.vmware.host.enable = true; 
+
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "client";  # or "both" for subnet routing
+  };
+
+  # Open firewall for Tailscale
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
+  # Auto-connect tailscale on boot
+  #systemd.services.tailscale-autoconnect = {
+  #  description = "Automatic connection to Tailscale";
+  #  after = [ "network-pre.target" "tailscale.service" ];
+  #  wants = [ "network-pre.target" "tailscale.service" ];
+  #  wantedBy = [ "multi-user.target" ];
+#
+ #   serviceConfig.Type = "oneshot";
+ #   script = with pkgs; ''
+  #    sleep 2
+
+  #    status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+  #    if [ $status = "Running" ]; then
+  #      exit 0
+  #    fi
+
+  #    ${tailscale}/bin/tailscale up \
+  #      --login-server=https://headscale.leeworks.dev \
+  #     --authkey=d85e89d91521ca6bbbfeaa026f9de99265894095a4cab2a1 \
+  #      --accept-routes \
+	#      --exit-node=69.48.240.37 \
+  #      --exit-node-allow-lan-access
+  #  '';
+  #};
+
+#  security.pki.certificateFiles = [ /etc/nixos/certs/ipa-ca.crt ];
+
+
+}
diff --git a/home.nix b/home.nix
new file mode 100644
index 0000000..8700539
--- /dev/null
+++ b/home.nix
@@ -0,0 +1,129 @@
+{ config, pkgs, ... }:
+
+{
+  home.username = "l-wyatt";
+  home.homeDirectory = "/home/l-wyatt";
+  home.stateVersion = "25.05"; # Don't change after first setup
+
+  # Packages for this user
+  home.packages = with pkgs; [
+    kdePackages.kate
+#    nvim
+    firefox
+    git
+    zsh
+    python3
+    nmap
+    file
+  ];
+
+
+  # Set session variables
+  home.sessionVariables = {
+    NIX_BUILD_SHELL = "${pkgs.zsh}/bin/zsh";
+    ZELLIJ_DISABLE_HELP = "1";
+  };
+
+  # Enable Zsh and configure it
+  home.file.".zshrc".force = true;
+  programs.zsh = {
+    enable = true;
+    oh-my-zsh.enable = true;
+    oh-my-zsh.theme = "agnoster";
+    initContent = ''
+      # Only start Zellij if we're in an interactive terminal
+      if [ -z "$ZELLIJ" ] && [ "$TERM" != "linux" ]; then
+        exec zellij
+      fi
+    '';
+
+  };
+  # Manage your git configuration declaratively
+  programs.git = {
+    enable = true;
+    userName = "0xWheatyz";
+    userEmail = "wyatt@leeworks.dev";
+    extraConfig = {
+      init.defaultBranch = "master";
+    };
+  };
+  
+  # Enable zellij (terminal multiplexing)
+  programs.zellij = {
+    enable = true;
+
+    # Optional: write your own config to ~/.config/zellij/config.kdl
+    settings = {
+      theme = "default";
+      pane_frames = true;
+      default_layout = "compact";
+    };
+  };
+
+  # Neovim management
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+
+    # Load Lua config inline
+    extraLuaConfig = ''
+      vim.opt.number = true
+      vim.opt.tabstop = 2
+      vim.opt.shiftwidth = 2
+      vim.opt.expandtab = true
+      vim.opt.relativenumber = true
+
+      require("telescope").setup {}
+      require("nvim-treesitter.configs").setup { highlight = { enable = true } }
+    '';
+
+    plugins = with pkgs.vimPlugins; [
+      telescope-nvim
+      nvim-treesitter
+      nvim-lspconfig
+      gruvbox
+    ];
+  };
+
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      "vps" = {
+        hostname = "45.79.198.105";
+        user = "wyatt";
+        port = 22;
+      };
+
+      # No terminal access to this machine
+      "_JumpHost" = {
+        hostname = "localhost";
+        port = 2222;
+        user = "wyatt";
+        proxyJump = "vps";
+      };
+      "home" = {
+        hostname = "10.0.0.20";
+        port = 22;
+        user = "l-wyatt";
+      };
+      "git" = {
+        hostname = "10.0.0.9";
+        port = 122;
+        user = "git";
+      };
+    };
+    
+#    extraConfig = ''
+#      Host *
+#        ControlMaster auto
+#        ControlPersist 1m
+#        ControlPath /tmp/cm-%r@%h:%p
+#      '';
+
+  controlMaster = "auto";
+  controlPersist = "1m";
+  controlPath = "~/.ssh/cm-%r@%h:%p";
+  };
+
+}
+