Start migration to using flake-parts

Readme.org

@@ -1,7 +1,12 @@
 #+title: My dotfiles
 
-My dotfiles for which I am using =nix=.
+* Quick start for home-manger only (no need to pull this repo)
-The structure is managed by [[https://snowfall.org/guides/lib/quickstart/][Snowfall lib]]
+- Install nix using the https://github.com/DeterminateSystems/nix-installer
+- Then run
+ #+begin_src shell
+nix run nixpkgs#home-manager -- switch --flake git+https://gitlab.julian-mutter.de/julian/dotfiles.git#julian@quickstart
+ #+end_src 
+- Done
 
 * Machine selection
 =home-manager= automatically searches for =user= or =user@hostname= config in the flake, so specify one of those or you will have to manually specify them:

features-home-manager/emacs/default.nix

@@ -67,6 +67,27 @@ in {
       # neocmakelsp # cmake
 
       emacs-all-the-icons-fonts
+      frajul.typst-languagetool
+      ltex-ls-plus
+
+      (texlive.combine {
+        inherit
+          (texlive)
+          scheme-basic
+          # for rendering latex in inkscape
+          standalone
+          amsmath
+          preview
+          # needed for org mode preview
+          dvisvgm
+          dvipng # for preview and export as html
+          wrapfig
+          # amsmath
+          ulem
+          hyperref
+          capt-of
+          ;
+      })
     ]
     ++ lib.optional config.is-nixos emacs;
 

features-home-manager/fish/default.nix

@@ -27,6 +27,11 @@ with lib; {
     enableFishIntegration = true;
   };
 
+  programs.zoxide = {
+    enable = true;
+    enableFishIntegration = true;
+  };
+
   programs.fish = {
     enable = true;
 
@@ -38,14 +43,14 @@ with lib; {
         cd $argv
       '';
       run = ''
-        nix run nixpkgs#"$argv[1]" -- $argv[2..-1]
+        nix run --impure nixpkgs#"$argv[1]" -- $argv[2..-1]
       '';
       shell = ''
         set args
         for arg in $argv
             set args $args nixpkgs#$arg
         end
-        nix shell $args
+        nix shell --impure $args
       '';
       fish_user_key_bindings = ''
         bind ctrl-space 'zi; commandline -f repaint'

features-home-manager/fonts/default.nix

@@ -1,7 +1,6 @@
 {
   lib,
   pkgs,
-  config,
   ...
 }:
 with lib; {

features-home-manager/hyprland/default.nix

@@ -152,6 +152,37 @@ in {
       # hyprlandPlugins.hyprbars
     ];
 
+    submaps = {
+      "resize".settings = {
+        binde = [
+          ", right, resizeactive, 20"
+          ", left, resizeactive, -20 0"
+          ", up, resizeactive, 0 -20"
+          ", down, resizeactive, 0 20"
+          ", l, resizeactive, 20"
+          ", h, resizeactive, -20 0"
+          ", k, resizeactive, 0 -20"
+          ", j, resizeactive, 0 20"
+        ];
+
+        bind = [
+          ", q, submap, reset"
+          ", escape, submap, reset"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+      "open, reset".settings = {
+        bind = [
+          ", e, exec, emacs"
+          ", m, exec, open-messaging"
+          ", b, exec, firefox"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+    };
+
     settings = {
       "$mod" = "SUPER";
 
@@ -228,6 +259,10 @@ in {
         vfr = true; # power saving
       };
 
+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
       render = {
         # we do, in fact, want direct scanout
         direct_scanout = true;
@@ -246,6 +281,7 @@ in {
         "workspace 1, class:firefox"
         "workspace 8, class:Zotero"
         "workspace 9, class:nheko"
+        "workspace 9, class:Element"
         "workspace 9, class:discord"
         "workspace 9, class:org.telegram.desktop"
         "workspace 10, class:thunderbird"
@@ -276,12 +312,18 @@ in {
       bind =
         [
           # compositor commands
-          "$mod, Space, focuswindow, floating"
+          #
-          "$mod SHIFT, Space, togglefloating,"
+          #
+          "$mod, R, submap, resize"
+          "$mod, O, submap, open"
+          #
+
+          "$mod, SPACE, focuswindow, floating"
+          "$mod SHIFT, SPACE, togglefloating,"
           "$mod, F, fullscreen,"
           "$mod, X, killactive,"
 
-          "$mod, O, togglesplit," # dwindle
+          "$mod, -, togglesplit," # dwindle
 
           # opening applications
           "$mod, D, exec, wofi --show drun,run"

features-home-manager/neovim/default.nix

@@ -1,5 +1,4 @@
 {
-  lib,
   pkgs,
   inputs,
   ...
@@ -78,6 +77,7 @@
       neogit.enable = true; # like magit
       trouble.enable = true;
       web-devicons.enable = true;
+      orgmode.enable = true; # org-mode support
 
       # Shows file trees
       oil = {
@@ -90,7 +90,7 @@
       # Code formatting
       conform-nvim = {
         enable = true;
-        settings.formatters_by_ft = with pkgs; {
+        settings.formatters_by_ft = {
           lua = ["stylua"];
           python = ["black"];
           nix = ["nixfmt"];

features-home-manager/suites/cli/default.nix

@@ -19,7 +19,6 @@
     links2 # Tui web-browser
     lnav # log analyzing tool
     mc # Tui file browser
-    # nix-index
     nmap
     p7zip # unzip 7zip archives
     parted

features-home-manager/suites/desktop/default.nix

@@ -30,9 +30,9 @@
     telegram-desktop # telegram
     # schildichat-desktop # not updated regularly
     nheko
+    element-desktop
     evince # Simple pdf reader, good for focusing on document content
     firefox
-    vivaldi
     # geogebra
     cheese
     handbrake

features-home-manager/suites/development/default.nix

@@ -1,4 +1,9 @@
 {pkgs, ...}: {
+  programs.opencode = {
+    enable = true;
+    package = pkgs.unstable.opencode;
+  };
+
   home.packages = with pkgs; [
     watchexec # Run command when any file in current dir changes
     android-tools # adb
@@ -21,20 +26,20 @@
     unstable.zed-editor
     jdk
     julia-bin
-    (texlive.combine {
+    # (texlive.combine {
-      # for rendering latex in inkscape
+    #   # for rendering latex in inkscape
-      inherit
+    #   inherit
-        (texlive)
+    #     (texlive)
-        scheme-medium
+    #     scheme-medium
-        standalone
+    #     standalone
-        amsmath
+    #     amsmath
-        preview
+    #     preview
-        # needed for org mode export
+    #     # needed for org mode export
-        wrapfig
+    #     wrapfig
-        capt-of
+    #     capt-of
-        biblatex
+    #     biblatex
-        ;
+    #     ;
-    })
+    # })
     vagrant
     matlab # Using nix-matlab overlay defined in flake
     maven
@@ -63,7 +68,7 @@
 
     ## My scripts
     frajul.deploy-to-pianopi
-    frajul.rtklib
+    # frajul.rtklib
 
     (pkgs.writeShellScriptBin "matlab-rsp" ''
       matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl

features-home-manager/yazi/default.nix

@@ -3,9 +3,6 @@
   inputs,
   ...
 }: {
-  programs.zoxide.enable = true;
-  programs.zoxide.enableFishIntegration = true;
-
   home.packages = with pkgs; [
     exiftool
     unar # extract archives

features-nixos/base/auto-upgrade.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: {
+    system.hydraAutoUpgrade = {
+      # Only enable if not dirty
+      enable = inputs.self ? rev;
+      dates = "*:0/10"; # Every 10 minutes
+      instance = "http://hydra.julian-mutter.de";
+      project = "dotfiles";
+      jobset = "main";
+      job = "hosts.${config.networking.hostName}";
+      oldFlakeRef = "self";
+    };
+  };
+}

features-nixos/base/default.nix

@@ -0,0 +1,40 @@
+# Common config for all hosts
+{
+  flake.nixosModules.base = {
+    inputs,
+    outputs,
+    pkgs,
+    lib,
+    ...
+  }: {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+    ];
+
+    # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+    # Enables non-free firmware
+    hardware.enableRedistributableFirmware = true;
+
+    # Networking
+    networking.networkmanager = {
+      enable = true;
+      plugins = with pkgs; [
+        networkmanager-openconnect
+      ];
+    };
+    services.resolved.enable = false;
+    # MDNS Taken by avahi
+    # networking.networkmanager.dns = "none";
+    networking.nameservers = lib.mkDefault [
+      "1.1.1.1"
+      "8.8.8.8"
+    ];
+
+    # HM module
+    home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+    home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
+    home-manager.extraSpecialArgs = {
+      inherit inputs outputs;
+    };
+  };
+}

features-nixos/base/fish.nix

@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.base = {
+    programs.fish = {
+      enable = true;
+      vendor = {
+        completions.enable = true;
+        config.enable = true;
+        functions.enable = true;
+      };
+    };
+  };
+}

features-nixos/base/locale.nix

@@ -0,0 +1,28 @@
+{
+  flake.nixosModules.base = {
+    # Select internationalisation properties.
+    i18n.defaultLocale = "en_US.UTF-8";
+
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+
+    # Keymap
+    services.xserver.xkb = {
+      layout = "de";
+      variant = "";
+    };
+
+    console.keyMap = "de";
+
+    time.timeZone = "Europe/Berlin";
+  };
+}

features-nixos/base/nix.nix

@@ -0,0 +1,48 @@
+{
+  flake.nixosModules.base = {outputs, ...}: {
+    # Apply overlays
+    nixpkgs = {
+      # TODO: apply this to hm and nixos without duplicate code
+      overlays = builtins.attrValues outputs.overlays;
+      config = {
+        nvidia.acceptLicense = true;
+        allowUnfree = true;
+        allowUnfreePredicate = _: true; # TODO: what is this
+        warn-dirty = false;
+        permittedInsecurePackages = [
+          "olm-3.2.16"
+        ];
+      };
+    };
+
+    # optimize at every build, slows down builds
+    # better to do optimise.automatic for regular optimising
+    # nix.settings.auto-optimise-store = lib.mkDefault true;
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+    ];
+    # warn-dirty = false;
+
+    nix.gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+      persistent = true;
+    };
+    nix.optimise = {
+      automatic = true;
+      dates = ["weekly"]; # Optional; allows customizing optimisation schedule
+      persistent = true;
+    };
+
+    programs.nix-ld.enable = true;
+
+    # TODO: is this useful?, what does it do?
+    # nix.settings.flake-registry = ""; # Disable global flake registry
+    # Add each flake input as a registry and nix_path
+    # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+    # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+}

features-nixos/base/root.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.base = {pkgs, ...}: {
+    # Packages needed as root
+    environment.systemPackages = with pkgs; [
+      vim
+      htop
+      mc
+      gparted-xhost # needs to be installed as system package so it can be actually opened
+    ];
+  };
+}

features-nixos/base/sops/sops.nix

@@ -0,0 +1,24 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: let
+    isEd25519 = k: k.type == "ed25519";
+    getKeyPath = k: k.path;
+    keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+  in {
+    imports = [inputs.sops-nix.nixosModules.sops];
+
+    sops.age = {
+      sshKeyPaths = map getKeyPath keys;
+
+      # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
+      # keyFile = "/home/julian/.config/sops/age/keys.txt";
+      # Generate key if none of the above worked. With this, building will still work, just without secrets
+      generateKey = false; # TODO: building should not work without secrets!?
+    };
+
+    sops.defaultSopsFile = ./secrets.yaml;
+  };
+}

features-nixos/optional/authentication.nix

@@ -0,0 +1,31 @@
+{
+  flake.nixosModules.authentication = {
+    pkgs,
+    lib,
+    ...
+  }: {
+    # Make programs like nextcloud client access saved passwords
+    services.gnome.gnome-keyring.enable = true;
+
+    programs.seahorse.enable = true;
+    programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+
+    # Make authentication work for e.g. gparted
+    security.polkit.enable = true;
+    systemd = {
+      user.services.polkit-gnome-authentication-agent-1 = {
+        description = "polkit-gnome-authentication-agent-1";
+        wantedBy = ["graphical-session.target"];
+        wants = ["graphical-session.target"];
+        after = ["graphical-session.target"];
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+          Restart = "on-failure";
+          RestartSec = 1;
+          TimeoutStopSec = 10;
+        };
+      };
+    };
+  };
+}

features-nixos/optional/avahi.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.avahi = {
+    # MDNS on local network
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      nssmdns6 = true;
+      publish.enable = true;
+      publish.addresses = true;
+      ipv4 = true;
+      ipv6 = true;
+    };
+  };
+}

features-nixos/optional/binarycaches.nix

@@ -0,0 +1,33 @@
+{
+  flake.nixosModules.binarycaches = {
+    lib,
+    outputs,
+    ...
+  }: {
+    # Setup binary caches
+    nix.settings = {
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+        "https://hyprland.cachix.org"
+        "http://binarycache.julian-mutter.de"
+        "https://devenv.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+      ];
+
+      trusted-users = [
+        "root"
+        "@wheel"
+      ]; # needed for devenv to add custom caches
+
+      # Ensure we can still build when missing-server is not accessible
+      fallback = true;
+    };
+  };
+}

features-nixos/optional/boot-efi.nix

@@ -0,0 +1,19 @@
+{
+  flake.nixosModules.boot-efi = {
+    # Bootloader
+    # Use this for simple nix boot menu, if no dual boot required
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.configurationLimit = 10;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
+    boot.loader.systemd-boot.editor = false;
+
+    boot.supportedFilesystems = [
+      "btrfs"
+      "ntfs"
+      "nfs"
+      "cifs"
+    ];
+  };
+}

features-nixos/optional/docker.nix

@@ -0,0 +1,7 @@
+{
+  flake.nixosModules.docker = {
+    virtualisation.docker = {
+      enable = true;
+    };
+  };
+}

features-nixos/optional/flatpak.nix

@@ -0,0 +1,8 @@
+{
+  flake.nixosModules.flatpak = {pkgs, ...}: {
+    services.flatpak.enable = true;
+    xdg.portal.enable = true;
+    xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+    xdg.portal.config.common.default = "*"; # Use first portal implementation found
+  };
+}

features-nixos/optional/gamemode.nix

@@ -0,0 +1,23 @@
+{
+  flake.nixosModules.gamemode = {pkgs, ...}: {
+    programs.gamemode = {
+      enable = true;
+      settings = {
+        general = {
+          softrealtime = "auto";
+          inhibit_screensaver = 1;
+          renice = 5;
+        };
+        # gpu = {
+        #   apply_gpu_optimisations = "accept-responsibility";
+        #   gpu_device = 1;
+        #   amd_performance_level = "high";
+        # };
+        custom = {
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+        };
+      };
+    };
+  };
+}

features-nixos/optional/gdm.nix

@@ -0,0 +1,15 @@
+{
+  flake.nixosModules.gdm = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.displayManager.gdm = {
+      enable = true;
+    };
+
+    # unlock GPG keyring on login
+    security.pam.services.gdm.enableGnomeKeyring = true;
+  };
+}

features-nixos/optional/greetd.nix

@@ -0,0 +1,39 @@
+{
+  flake.nixosModules.greetd = {config, ...}: let
+    homeCfgs = config.home-manager.users;
+    julianCfg = homeCfgs.julian;
+  in {
+    users.extraUsers.greeter = {
+      # For caching
+      home = "/tmp/greeter-home";
+      createHome = true;
+    };
+
+    programs.regreet = {
+      enable = true;
+      iconTheme = julianCfg.gtk.iconTheme;
+      theme = julianCfg.gtk.theme;
+      # font = julianCfg.fontProfiles.regular; # TODO: do
+      cursorTheme = {
+        inherit (julianCfg.gtk.cursorTheme) name package;
+      };
+      cageArgs = [
+        "-s"
+        "-m"
+        "last"
+      ]; # multimonitor use last monitor
+      # settings.background = {
+      #   path = julianCfg.wallpaper;
+      #   fit = "Cover";
+      # }; # TODO: fix
+
+      # TODO: setting keyboard language does not work
+      # settings = {
+      #   env = {
+      #     XKB_DEFAULT_LAYOUT = "de";
+      #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+      #   };
+      # };
+    };
+  };
+}

features-nixos/optional/i3.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.i3 = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.windowManager.i3.enable = true;
+    services.xserver.windowManager.i3.package = pkgs.i3-gaps;
+    services.displayManager.defaultSession = "none+i3";
+
+    programs.xss-lock = {
+      # responds to "loginctl lock-session" via dbus
+      enable = true;
+      lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
+    };
+  };
+}

features-nixos/optional/kerberos.nix

@@ -0,0 +1,25 @@
+{
+  flake.nixosModules.kerberos = {
+    security.krb5.enable = true;
+    security.krb5.settings = {
+      # domain_realm = {
+      #   ".julian-mutter.de" = "julian-mutter.de";
+      #   "julian-mutter.de" = "julian-mutter.de";
+      # };
+      libdefaults = {
+        default_realm = "julian-mutter.de";
+        #   dns_lookup_realm = true;
+        #   dns_lookup_kdc = true;
+        #   ticket_lifetime = "24h";
+        #   renew_lifetime = "7d";
+      };
+      realms = {
+        "julian-mutter.de" = {
+          kdc = ["kerberos.julian-mutter.de"];
+          admin_server = "kerberos-admin.julian-mutter.de";
+          default_domain = "julian-mutter.de";
+        };
+      };
+    };
+  };
+}

features-nixos/optional/openssh.nix

@@ -0,0 +1,51 @@
+{
+  flake.nixosModules.openssh = {
+    outputs,
+    lib,
+    config,
+    ...
+  }: let
+    hosts = lib.attrNames outputs.nixosConfigurations;
+  in {
+    services.openssh = {
+      enable = true;
+      settings = {
+        # Harden
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+
+        # TODO: what does this do
+        # Let WAYLAND_DISPLAY be forwarded
+        AcceptEnv = "WAYLAND_DISPLAY";
+        X11Forwarding = true;
+      };
+
+      hostKeys = [
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    };
+
+    # TODO: is automatic known hosts file even necessary?
+    # programs.ssh = {
+    #   # Each hosts public key
+    #   knownHosts = lib.genAttrs hosts (hostname: {
+    #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
+    #     extraHostNames =
+    #       [
+    #         # "${hostname}.m7.rs"
+    #       ]
+    #       ++
+    #         # Alias for localhost if it's the same host
+    #         (lib.optional (hostname == config.networking.hostName) "localhost")
+    #       # Alias to m7.rs and git.m7.rs if it's alcyone
+    #       ++ (lib.optionals (hostname == "alcyone") [
+    #         "m7.rs"
+    #         "git.m7.rs"
+    #       ]);
+    #   });
+    # };
+  };
+}

features-nixos/optional/pcmanfm.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.pcmanfm = {pkgs, ...}: {
+    environment.systemPackages = with pkgs; [
+      shared-mime-info # extended mimetype support
+      lxmenu-data # open with "Installed Applications"
+      pcmanfm
+    ];
+
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+  };
+}

features-nixos/optional/pipewire.nix

@@ -0,0 +1,30 @@
+{
+  flake.nixosModules.pipewire = {
+    security.rtkit.enable = true;
+    services.pulseaudio.enable = false;
+    services.pipewire = {
+      enable = true;
+      wireplumber.enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+      extraConfig.pipewire = {
+        "99-no-bell" = {
+          # Disable bell sound
+          "context.properties" = {
+            "module.x11.bell" = false;
+          };
+        };
+        "10-increase-buffer" = {
+          "context.properties" = {
+            "default.clock.rate" = 48000;
+            "default.clock.quantum" = 1024;
+            "default.clock.min-quantum" = 1024;
+            "default.clock.max-quantum" = 2048;
+          };
+        };
+      };
+    };
+  };
+}

features-nixos/optional/podman.nix

@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.podman = {config, ...}: let
+    dockerEnabled = config.virtualisation.docker.enable;
+  in {
+    virtualisation.podman = {
+      enable = true;
+      dockerCompat = !dockerEnabled;
+      dockerSocket.enable = !dockerEnabled;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+}

features-nixos/optional/redshift.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.redshift = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    # Set location used by redshift
+    location.provider = "manual";
+    location.latitude = 47.92;
+    location.longitude = 10.12;
+    services.redshift.enable = true;
+  };
+}

features-nixos/optional/remote-builder.nix

@@ -0,0 +1,36 @@
+{
+  flake.nixosModules.remote-builder = {
+    nix.distributedBuilds = true;
+    nix.settings.builders-use-substitutes = true;
+
+    nix.buildMachines = [
+      {
+        hostName = "builder.julian-mutter.de";
+        protocol = "ssh";
+        sshUser = "nix";
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
+        maxJobs = 4;
+        speedFactor = 3;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
+        mandatoryFeatures = [];
+      }
+      # {
+      #   hostName = "localhost";
+      #   protocol = null;
+      #   systems = [
+      #     "x86_64-linux"
+      #   ];
+      #   maxJobs = 4;
+      #   speedFactor = 1;
+      # }
+    ];
+  };
+}

features-nixos/optional/thunar.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.thunar = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    programs.thunar.enable = true;
+    programs.xfconf.enable = true; # Persist saved preferences
+    programs.thunar.plugins = with pkgs.xfce; [
+      thunar-archive-plugin
+      thunar-volman
+      thunar-media-tags-plugin
+    ];
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+    services.tumbler.enable = true; # Thumbnail support for images
+  };
+}

features-nixos/optional/virtualbox.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.virtualbox = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    virtualisation.virtualbox.host.enable = true;
+    # virtualisation.virtualbox.host.enableExtensionPack = true;
+    # virtualisation.virtualbox.guest.enable = true;
+    # virtualisation.virtualbox.guest.x11 = true;
+    users.extraGroups.vboxusers.members = ["julian"];
+  };
+}

features-nixos/optional/wireguard.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.wireguard = {
+    networking.wg-quick.interfaces = {
+      julian = {
+        configFile = "/etc/wireguard/julian.conf";
+        autostart = true; # This interface is started on boot
+      };
+      comu = {
+        configFile = "/etc/wireguard/comu.conf";
+        autostart = false;
+      };
+    };
+  };
+}

features-nixos/optional/wireshark.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.wireshark = {
+    programs.wireshark = {
+      enable = true;
+      dumpcap.enable = true;
+      usbmon.enable = true;
+    };
+
+    users.users.julian.extraGroups = ["wireshark"];
+  };
+}

features-nixos/optional/xserver.nix

@@ -0,0 +1,8 @@
+{
+  flake.nixosModules.xserver = {
+    services.xserver = {
+      enable = true;
+      wacom.enable = true;
+    };
+  };
+}

features-nixos/users/julian/default.nix

@@ -0,0 +1,52 @@
+{
+  flake.nixosModules.users.julian = {
+    pkgs,
+    config,
+    lib,
+    ...
+  }: let
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  in {
+    users.mutableUsers = false;
+    users.users.julian = {
+      description = "Julian";
+      group = "julian";
+      isNormalUser = true;
+      uid = 1000;
+      shell = pkgs.fish;
+      extraGroups = ifTheyExist [
+        "networkmanager"
+        "wheel"
+        "audio"
+        "realtime"
+        "rtkit"
+        "network"
+        "video"
+        "podman"
+        "docker"
+        "git"
+        "gamemode"
+        "dialout"
+      ];
+
+      openssh.authorizedKeys.keys = lib.splitString "\n" (
+        builtins.readFile ../../../../homes/julian/ssh.pub
+      );
+      # hashedPasswordFile = config.sops.secrets.julian-password.path;
+      hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
+      packages = [pkgs.home-manager];
+    };
+    users.groups.julian = {
+      gid = 1000;
+    };
+
+    sops.secrets.julian-password = {
+      sopsFile = ../../secrets.yaml;
+      neededForUsers = true;
+    };
+
+    home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix;
+
+    security.pam.services.swaylock = {}; # Make swaylock unlocking work
+  };
+}

features-nixos/users/pob/default.nix

@@ -0,0 +1,30 @@
+{
+  flake.nixosModules.users.pob = {
+    pkgs,
+    config,
+    ...
+  }: let
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  in {
+    users.mutableUsers = false;
+    users.users.pob = {
+      description = "A helper user to use another profile for some applications";
+      group = "pob";
+      isNormalUser = true;
+      shell = pkgs.fish;
+      extraGroups = ifTheyExist [
+        "networkmanager"
+      ];
+      packages = with pkgs; [
+        firefox
+        wineWowPackages.stable # 32-bit and 64-bit wine
+        winetricks
+      ];
+    };
+    users.groups.pob = {};
+
+    security.sudo.extraConfig = ''
+      julian ALL=(pob) NOPASSWD: ALL
+    '';
+  };
+}

features-nixos/users/wolfi/default.nix

@@ -0,0 +1,32 @@
+{
+  flake.nixosModules.users.wolfi = {
+    pkgs,
+    config,
+    ...
+  }: let
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  in {
+    users.mutableUsers = false;
+    users.users.wolfi = {
+      description = "Wolfi";
+      group = "wolfi";
+      isNormalUser = true;
+      shell = pkgs.fish;
+      extraGroups = ifTheyExist [
+        "networkmanager"
+        "wheel"
+        "audio"
+        "network"
+        "video"
+        "podman"
+        "docker"
+        "git"
+        "gamemode"
+      ];
+
+      hashedPassword = "$y$j9T$ifzWjoZaRtPUOOfMYnbJ20$uFOO1EyDApL52vRUicZYgupaTA/a6sGNUj3imZ/lcb6";
+      packages = [pkgs.home-manager];
+    };
+    users.groups.wolfi = {};
+  };
+}

features-nixos/users/yukari/default.nix

@@ -0,0 +1,99 @@
+{
+  flake.nixosModules.users.yukari = {
+    pkgs,
+    config,
+    lib,
+    outputs,
+    ...
+  }: let
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  in {
+    users.mutableUsers = false;
+    users.users.yukari = {
+      description = "Yukari";
+      group = "yukari";
+      isNormalUser = true;
+      shell = pkgs.fish;
+      extraGroups = ifTheyExist [
+        "networkmanager"
+        "audio"
+        "network"
+        "video"
+        "podman"
+        "docker"
+        "git"
+        "gamemode"
+      ];
+
+      createHome = true;
+      hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
+      packages = [pkgs.home-manager];
+    };
+    users.groups.yukari = {};
+
+    home-manager.users.yukari = {
+      imports =
+        [
+          ../../../../homes/julian/features/fonts
+          ../../../../homes/julian/features/suites/cli
+        ]
+        ++ (builtins.attrValues outputs.homeManagerModules);
+
+      home = {
+        username = lib.mkDefault "yukari";
+        homeDirectory = lib.mkDefault "/home/${config.home.username}";
+        stateVersion = lib.mkDefault "23.11";
+
+        sessionPath = ["$HOME/.local/bin"];
+
+        packages = with pkgs; [
+          arandr
+          calibre # ebook manager and viewer
+          # digikam
+          discord
+          discord-ptb # in case discord updates take their time
+          # dvdisaster
+          # element-desktop
+          # rocketchat-desktop
+          thunderbird
+          telegram-desktop # telegram
+          # schildichat-desktop # not updated regularly
+          nheko
+          evince # Simple pdf reader, good for focusing on document content
+          firefox
+          vivaldi
+          # geogebra
+          cheese
+          handbrake
+          # kitty # Terminal, already available as feature
+          libnotify
+          libreoffice
+          mate.engrampa
+          nomacs # Image viewer
+          kdePackages.okular # Pdf reader with many features, good for commenting documents
+          pavucontrol
+          qalculate-gtk # Nice gui calculator
+          qpdfview
+          # qutebrowser
+          # realvnc-vnc-viewer
+          # rustdesk
+          tor-browser
+          # frajul.pob-dev-version # Path of Building
+          vlc
+          wineWowPackages.stable # 32-bit and 64-bit wine
+          winetricks
+          xclip # x11 clipboard access from terminal
+          xfce.mousepad # simple text editor
+          xournalpp # Edit pdf files
+          zoom-us # Video conferencing
+          zotero # Manage papers and other sources
+          pdfpc # Present slides in pdf form
+        ];
+      };
+      programs = {
+        home-manager.enable = true;
+        git.enable = true;
+      };
+    };
+  };
+}

flake.lock

@@ -38,11 +38,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1762286984,
+        "lastModified": 1770019181,
-        "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
+        "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
+        "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
         "type": "github"
       },
       "original": {
@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764627417,
+        "lastModified": 1769524058,
-        "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
         "type": "github"
       },
       "original": {
@@ -111,11 +111,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763759067,
+        "lastModified": 1768135262,
-        "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
+        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
+        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
         "type": "github"
       },
       "original": {
@@ -203,11 +203,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764866045,
+        "lastModified": 1770260404,
-        "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
+        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
+        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
         "type": "github"
       },
       "original": {
@@ -217,13 +217,38 @@
         "type": "github"
       }
     },
-    "impermanence": {
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "impermanence",
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1737831083,
+        "lastModified": 1768598210,
-        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "inputs": {
+        "home-manager": "home-manager_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1769548169,
+        "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
         "type": "github"
       },
       "original": {
@@ -284,7 +309,7 @@
     },
     "naersk": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
         "lastModified": 1736429655,
@@ -341,6 +366,26 @@
         "type": "github"
       }
     },
+    "nix-index-database": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1772945408,
+        "narHash": "sha256-PMt48sEQ8cgCeljQ9I/32uoBq/8t8y+7W/nAZhf72TQ=",
+        "owner": "nix-community",
+        "repo": "nix-index-database",
+        "rev": "1c1d8ea87b047788fd7567adf531418c5da321ec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-index-database",
+        "type": "github"
+      }
+    },
     "nix-matlab": {
       "inputs": {
         "flake-compat": "flake-compat_2",
@@ -385,11 +430,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764234087,
+        "lastModified": 1769813415,
-        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
+        "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
+        "rev": "8946737ff703382fda7623b9fab071d037e897d5",
         "type": "github"
       },
       "original": {
@@ -400,11 +445,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1764440730,
+        "lastModified": 1770882871,
-        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
+        "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
+        "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
         "type": "github"
       },
       "original": {
@@ -446,11 +491,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1764950072,
+        "lastModified": 1770841267,
-        "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
+        "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f61125a668a320878494449750330ca58b78c557",
+        "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
         "type": "github"
       },
       "original": {
@@ -461,6 +506,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1768564909,
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 0,
         "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
@@ -472,13 +533,13 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
-        "lastModified": 1764831616,
+        "lastModified": 1770770419,
-        "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=",
+        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4",
+        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
         "type": "github"
       },
       "original": {
@@ -498,11 +559,11 @@
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1764755396,
+        "lastModified": 1769049374,
-        "narHash": "sha256-f6UrlGdwg+TIxxyDjeq1M7WGNZH/vpbOm0yzPgkMy9c=",
+        "narHash": "sha256-h0Os2qqNyycDY1FyZgtbn28VF1ySP74/n0f+LDd8j+w=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "64d9e2616f4ee2acee380d61ccf1f3d610e7e969",
+        "rev": "b8f76bf5751835647538ef8784e4e6ee8deb8f95",
         "type": "github"
       },
       "original": {
@@ -522,11 +583,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761730856,
+        "lastModified": 1768249818,
-        "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=",
+        "narHash": "sha256-ANfn5OqIxq3HONPIXZ6zuI5sLzX1sS+2qcf/Pa0kQEc=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b",
+        "rev": "b6f77b88e9009bfde28e2130e218e5123dc66796",
         "type": "github"
       },
       "original": {
@@ -544,10 +605,11 @@
         "music-reader": "music-reader",
         "nix-colors": "nix-colors",
         "nix-gl": "nix-gl",
+        "nix-index-database": "nix-index-database",
         "nix-matlab": "nix-matlab",
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nixvim": "nixvim",
         "sheet-organizer": "sheet-organizer",
@@ -585,11 +647,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764483358,
+        "lastModified": 1770683991,
-        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
+        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
+        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
         "type": "github"
       },
       "original": {
@@ -724,11 +786,11 @@
     "yazi-flavors": {
       "flake": false,
       "locked": {
-        "lastModified": 1763969227,
+        "lastModified": 1770522883,
-        "narHash": "sha256-twgXHeIj52EfpMpLrhxjYmwaPnIYah3Zk/gqCNTb2SQ=",
+        "narHash": "sha256-tCAJXPV7s1akc+zHGdWjmdMPG4NpBE92vcO7LAvI5TI=",
         "owner": "yazi-rs",
         "repo": "flavors",
-        "rev": "3edeb49597e1080621a9b0b50d9f0a938b8f62bb",
+        "rev": "4c5753789ea535540e868e2764127be9230cef23",
         "type": "github"
       },
       "original": {

flake.nix

@@ -19,6 +19,10 @@
       url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -32,6 +36,9 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    import-tree.url = "github:vic/import-tree";
+
     # Various flakes
     yazi-flavors = {
       url = "github:yazi-rs/flavors";
@@ -57,146 +64,163 @@
     };
   };
 
-  outputs = {
+  outputs = inputs:
-    self,
+    inputs.flake-parts.lib.mkFlake {inherit inputs;} (inputs.import-tree
-    nixpkgs,
+      [
-    home-manager,
+        ./hosts
-    systems,
+        ./features-nixos
-    ...
+        ./homes
-  } @ inputs: let
+        ./features-home-manager
-    inherit (self) outputs;
+        # ./modules
-    lib = nixpkgs.lib // home-manager.lib;
+        # ./overlays
-    forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
+        # ./packages
-    pkgsFor = lib.genAttrs (import systems) (
+      ]);
-      system:
+  # let
-        import nixpkgs {
+  #   inherit (self) outputs;
-          inherit system;
+  #   lib = nixpkgs.lib // home-manager.lib;
-          config.allowUnfree = true;
+  #   forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
-          config.permittedInsecurePackages = [
+  #   pkgsFor = lib.genAttrs (import systems) (
-            "olm-3.2.16"
+  #     system:
-          ];
+  #       import nixpkgs {
-          warn-dirty = false;
+  #         inherit system;
-        }
+  #         config.allowUnfree = true;
-    );
+  #         config.permittedInsecurePackages = [
-  in {
+  #           "olm-3.2.16"
-    inherit lib;
+  #         ];
+  #         warn-dirty = false;
+  #       }
+  #   );
+  # in {
+  #   inherit lib;
 
-    nixosModules = import ./modules/nixos;
+  #   nixosModules = import ./modules/nixos;
-    homeManagerModules = import ./modules/home-manager;
+  #   homeManagerModules = import ./modules/home-manager;
 
-    overlays = import ./overlays {inherit inputs outputs;};
+  #   overlays = import ./overlays {inherit inputs outputs;};
-    # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here?
+  #   # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here?
 
-    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
+  #   packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
-    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
+  #   devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
+  #   formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
 
-    nixosConfigurations = {
+  #   nixosConfigurations = {
-      # Main laptop
+  #     # Main laptop
-      aspi = lib.nixosSystem {
+  #     aspi = lib.nixosSystem {
-        modules = [./hosts/aspi];
+  #       modules = [
-        specialArgs = {
+  #         ./hosts/aspi
-          inherit inputs outputs;
+  #       ];
-        };
+  #       specialArgs = {
-      };
+  #         inherit inputs outputs;
-      # Piano raspberry pi
+  #       };
-      pianonix = lib.nixosSystem {
+  #     };
-        modules = [./hosts/pianonix];
+  #     # Piano raspberry pi
-        specialArgs = {
+  #     # pianonix = lib.nixosSystem {
-          inherit inputs outputs;
+  #     #   modules = [./hosts/pianonix];
-        };
+  #     #   specialArgs = {
-      };
+  #     #     inherit inputs outputs;
-      kardorf = lib.nixosSystem {
+  #     #   };
-        modules = [./hosts/kardorf];
+  #     # };
-        specialArgs = {
+  #     kardorf = lib.nixosSystem {
-          inherit inputs outputs;
+  #       modules = [./hosts/kardorf];
-        };
+  #       specialArgs = {
-      };
+  #         inherit inputs outputs;
-      builder = lib.nixosSystem {
+  #       };
-        modules = [./hosts/builder];
+  #     };
-        specialArgs = {
+  #     builder = lib.nixosSystem {
-          inherit inputs outputs;
+  #       modules = [./hosts/builder];
-        };
+  #       specialArgs = {
-      };
+  #         inherit inputs outputs;
-    };
+  #       };
+  #     };
+  #   };
 
-    # Standalone HM
+  #   # Standalone HM
-    homeConfigurations = {
+  #   homeConfigurations = {
-      # Main laptop
+  #     # Main laptop
-      "julian@aspi" = lib.homeManagerConfiguration {
+  #     "julian@aspi" = lib.homeManagerConfiguration {
-        modules = [
+  #       modules = [
-          ./homes/julian/aspi.nix
+  #         ./homes/julian/aspi.nix
-          ./homes/julian/hm-standalone-config.nix
+  #         ./homes/julian/hm-standalone-config.nix
-        ];
+  #       ];
-        pkgs = pkgsFor.x86_64-linux;
+  #       pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {
+  #       extraSpecialArgs = {
-          inherit inputs outputs;
+  #         inherit inputs outputs;
-        };
+  #       };
-      };
+  #     };
-      # Media server (RPi)
+  #     # Media server (RPi)
-      "julian@pianonix" = lib.homeManagerConfiguration {
+  #     # "julian@pianonix" = lib.homeManagerConfiguration {
-        modules = [
+  #     #   modules = [
-          ./homes/julian/pianonix.nix
+  #     #     ./homes/julian/pianonix.nix
-          ./homes/julian/hm-standalone-config.nix
+  #     #     ./homes/julian/hm-standalone-config.nix
-        ];
+  #     #   ];
-        pkgs = pkgsFor.aarch64-linux;
+  #     #   pkgs = pkgsFor.aarch64-linux;
-        extraSpecialArgs = {
+  #     #   extraSpecialArgs = {
-          inherit inputs outputs;
+  #     #     inherit inputs outputs;
-        };
+  #     #   };
-      };
+  #     # };
-      "julian@kardorf" = lib.homeManagerConfiguration {
+  #     "julian@kardorf" = lib.homeManagerConfiguration {
-        modules = [
+  #       modules = [
-          ./homes/julian/kardorf.nix
+  #         ./homes/julian/kardorf.nix
-          ./homes/julian/hm-standalone-config.nix
+  #         ./homes/julian/hm-standalone-config.nix
-        ];
+  #       ];
-        pkgs = pkgsFor.x86_64-linux;
+  #       pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {
+  #       extraSpecialArgs = {
-          inherit inputs outputs;
+  #         inherit inputs outputs;
-        };
+  #       };
-      };
+  #     };
-      "julian@v3ms" = lib.homeManagerConfiguration {
+  #     "julian@v3ms" = lib.homeManagerConfiguration {
-        modules = [
+  #       modules = [
-          ./homes/julian/v3ms
+  #         ./homes/julian/v3ms
-          ./homes/julian/hm-standalone-config.nix
+  #         ./homes/julian/hm-standalone-config.nix
-        ];
+  #       ];
-        pkgs = pkgsFor.x86_64-linux;
+  #       pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {
+  #       extraSpecialArgs = {
-          inherit inputs outputs;
+  #         inherit inputs outputs;
-        };
+  #       };
-      };
+  #     };
-    };
+  #     "julian@quickstart" = lib.homeManagerConfiguration {
+  #       modules = [
+  #         ./homes/julian/quickstart.nix
+  #         ./homes/julian/hm-standalone-config.nix
+  #       ];
+  #       pkgs = pkgsFor.x86_64-linux;
+  #       extraSpecialArgs = {
+  #         inherit inputs outputs;
+  #       };
+  #     };
+  #   };
 
-    # deploy-rs node configuration
+  #   # deploy-rs node configuration
-    deploy.nodes = {
+  #   deploy.nodes = {
-      pianonix = {
+  #     # pianonix = {
-        hostname = "pianonix.local";
+  #     #   hostname = "pianonix.local";
-        profiles.system = {
+  #     #   profiles.system = {
-          sshUser = "root";
+  #     #     sshUser = "root";
-          user = "root";
+  #     #     user = "root";
-          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix;
+  #     #     path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix;
-          confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
+  #     #     confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
-        };
+  #     #   };
-      };
+  #     # };
 
-      builder = {
+  #     builder = {
-        hostname = "builder.julian-mutter.de";
+  #       hostname = "builder.julian-mutter.de";
-        profiles.system = {
+  #       profiles.system = {
-          sshUser = "root";
+  #         sshUser = "root";
-          user = "root";
+  #         user = "root";
-          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder;
+  #         path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder;
-          remoteBuild = true;
+  #         remoteBuild = true;
-        };
+  #       };
-      };
+  #     };
-    };
+  #   };
 
-    # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
+  #   # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
-    pianonix-image = inputs.nixos-generators.nixosGenerate {
+  #   pianonix-image = inputs.nixos-generators.nixosGenerate {
-      system = "aarch64-linux";
+  #     system = "aarch64-linux";
-      format = "sd-aarch64";
+  #     format = "sd-aarch64";
-      modules = [./hosts/pianonix];
+  #     modules = [./hosts/pianonix];
-      specialArgs = {
+  #     specialArgs = {
-        inherit inputs outputs;
+  #       inherit inputs outputs;
-      };
+  #     };
-    };
+  #   };
-  };
+  # };
 }

homes/julian/global/default.nix

@@ -2,6 +2,7 @@
   lib,
   pkgs,
   config,
+  inputs,
   outputs,
   ...
 }: {
@@ -9,6 +10,7 @@
     [
       ../features/fonts
       ../features/nix-helper
+      inputs.nix-index-database.homeModules.default # nix-locate
     ]
     ++ (builtins.attrValues outputs.homeManagerModules);
 
@@ -24,13 +26,28 @@
     };
   };
 
+  # To allow unfree with 'nix run'
+  xdg.configFile."nixpkgs/config.nix".text = ''
+    { allowUnfree = true; }
+  '';
+
   colorscheme.name = "catppuccin-mocha";
 
   # systemd.user.startServices = "sd-switch"; # TODO: what is this
 
+  # Expire old hm generations
+  hm-expire = {
+    enable = true;
+    dates = "weekly";
+    expire = "-30 days";
+  };
+
   programs = {
     home-manager.enable = true;
     git.enable = true;
+
+    nix-index.enable = true; # allows command-not-found
+    nix-index-database.comma.enable = true;
   };
 
   home = {

homes/julian/hm-standalone-config.nix

@@ -13,6 +13,20 @@
     };
   };
 
+  # Expire old hm generations
+  hm-expire = {
+    enable = true;
+    dates = "weekly";
+    expire = "-30 days";
+  };
+
+  # Remove unused packets
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    persistent = true;
+  };
+
   # Setup binary caches
   nix.settings = {
     substituters = [

homes/julian/kardorf.nix

@@ -8,11 +8,14 @@
     ./features/neovim
     ./features/ghostty
     ./features/wezterm
+    ./features/alacritty
     ./features/yazi
     ./features/emacs
 
-    # ./features/hyprland
+    ./features/tmux
-    ./features/i3
+    ./features/qt-distrobox
+    ./features/hyprland
+    # ./features/i3
 
     ./features/suites/cli
     ./features/suites/desktop
@@ -21,7 +24,7 @@
 
   hostName = "kardorf";
   is-nixos = true;
-  terminal = "ghostty";
+  terminal = "alacritty";
 
   #  ---------   ---------
   # | DVI-D-1 | | DVI-D-2 |