Some documentation comments.

nodes/hosts/common/system/nixos.nix

@@ -12,5 +12,6 @@
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
+  # Use some of our RAM as swap space.
   zramSwap.enable = true;
 }

nodes/hosts/common/system/security.nix

@@ -10,10 +10,13 @@
       ];
     };
    
+    # For security reasons, we are disabling the use of regular sudo and...
     sudo = {
       enable = lib.mkForce false;
     };
   
+    # ...switching over to sudo-rs which is a Rust rewrite of sudo.
+    # See https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/.
     sudo-rs = {
       enable = true;
       wheelNeedsPassword = true;

nodes/hosts/common/system/sops.nix

@@ -1,4 +1,5 @@
 { ... }: {
+  # Setting up secrets, incomplete at the moment.
   sops = {
     #defaultSopsFile = ../../../../private/secrets.yaml;
     #secrets = {

nodes/hosts/common/system/users.nix

@@ -1,16 +1,22 @@
 { ... }: {
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # Let's setup our user accounts here.
+
   #sops.secrets = {
   #  jay_password_hash = { };
   #};
 
   users = {
+    # mutableUsers forces user passwords to stay as those defined in this file.
+    # With it set to false, you will not be able to change the password for users defined here.
     mutableUsers = false;
     users.jay = {
       isNormalUser = true;
       description = "jay";
       #hashedPasswordFile = config.sops.secrets.jay_password_hash.path;
       hashedPassword = "$y$j9T$oomgQFsMbc0odlNIUXEpq/$dhgLjElzaJuU3rF1wXGcSXFUWC/fP1g5mAPZizKUFQ4";
+
+      # Gamemode group allows gamemode to set cpu governor to performance when games launch.
+      # See https://nixos.wiki/wiki/Gamemode
       extraGroups = [ "networkmanager" "wheel" "gamemode" ];
     };
   };