I don't know what the heck im doing, but I reshuffled some stuff in my systems dir

system/common/global/default.nix

@@ -0,0 +1,26 @@
+{ inputs, outputs, ... }: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./nix.nix
+    ./fish.nix
+    ./locale.nix
+    ./security.nix
+    ./systemdboot.nix
+    ./pipewire.nix
+    ] ++ (builtins.attrValues outputs.nixosModules);
+
+  home-manager.extraSpecialArgs = { inherit inputs outputs; };
+  
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssl-1.1.1u"
+      ];
+    };
+  };
+    
+  hardware.enableRedistibutableFirmware = true;
+
+
+  }

system/common/global/fish.nix

@@ -0,0 +1,10 @@
+{
+  programs.fish = {
+    enable = true;
+    vendor = {
+      completions.enable = true;
+      config.enable = true;
+      functions.enable = true;
+    };
+  };
+}

system/common/global/locale.nix

@@ -0,0 +1,10 @@
+{ lib, ... }: {
+  i18n = {
+    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    };
+    supportedLocales = lib.mkDefault [
+      "en_US.UTF-8/UTF-8"
+    ];
+  };
+  time.timeZone = lib.mkDefault "Pacific/Auckland";
+}

system/common/global/nix.nix

@@ -0,0 +1,26 @@
+{ inputs, lib, ... }:
+{
+  nix = {
+    settings = {
+      trusted-users = [ "root" "@wheel" ];
+      auto-optimise-store = lib.mkDefault true;
+      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      warn-dirty = false;
+      system-features = [ "kvm" "big-parallel" "nixos-test" ];
+      flake-registry = "";
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 2d";
+    };
+
+    # Add each flake input as a registry
+    # To make nix3 commands consistent with the flake
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+    # Add nixpkgs input to NIX_PATH
+    # This lets nix2 commands still use <nixpkgs>
+    nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+  };
+}

system/common/global/pipewire.nix

@@ -0,0 +1,11 @@
+{
+  security.rtkit.enable = true;
+  hardware.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}

system/common/global/security.nix

@@ -0,0 +1,43 @@
+
+
+
+
+{ config, pkgs, ... }:
+
+
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  security = {
+    polkit = {
+      enable = true;
+    };
+    sudo = {
+      enable = true;
+      extraConfig = ''
+        ooks ALL=(ALL) NOPASSWD:ALL
+        '';
+    }
+  };
+
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+          Type = "simple";
+          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+          Restart = "on-failure";
+          RestartSec = 1;
+          TimeoutStopSec = 10;
+        };
+    };
+  };
+
+
+}

system/common/global/systemdboot.nix

@@ -0,0 +1,8 @@
+{
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+    };
+    efi.canTouchEfiVariables = true;
+  };
+}

system/common/user/ooks/default.nix

@@ -0,0 +1,24 @@
+{ pkgs, config, ... }:
+let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+  users.users.ooks = {
+    isNormalUser = true
+    shell = pkgs.fish;
+    extraGroups = [
+    "wheel"
+    "video"
+    "audio"
+    ] ++ ifTheyExist [
+    "git"
+    "network"
+    "libvirtd"
+    "deluge"
+    ];
+
+  packages = [ pkgs.home-manager ];
+  };
+
+  home-manager.users.ooks = import ../../../../home/ooks/${config.networking.hostName}
+
+}