Start migration to using flake-parts

2026-03-23 20:34:48 +01:00
134 changed files with 2572 additions and 1748 deletions
@@ -1,15 +1,17 @@
 keys:
  - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
  - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
  - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
 creation_rules:
-  - path_regex: hosts/secrets-common.yaml$
+  - path_regex: hosts/common/secrets.yaml$
    key_groups:
    - age:
      - *primary
      - *aspi-ssh
      - *pianonix-ssh
      - *kardorf-ssh
  - path_regex: hosts/builder/secrets.yaml$
@@ -17,3 +19,9 @@ creation_rules:
    - age:
      - *primary
      - *builder-ssh
  - path_regex: hosts/pianonix/secrets*
    key_groups:
    - age:
      - *primary
      - *pianonix-ssh
@@ -2,6 +2,5 @@
  programs.direnv = {
    enable = true;
    nix-direnv.enable = true;
    mise.enable = true;
  };
 }
@@ -41,7 +41,7 @@ in {
      sqlite
      # Code formatters for use with doom emacs
-      nixfmt # nix
+      nixfmt-rfc-style # nix
      alejandra # nix
      nixd # nix lsp
@@ -5,7 +5,7 @@
 }:
 with lib; {
  home.file = {
-    # ".config/starship.toml".source = ./starship.toml;
+    ".config/starship.toml".source = ./starship.toml;
    ".config/fish/conf.d/last-working-dir.fish".source = ./last-working-dir.fish;
  };
@@ -7,8 +7,6 @@ with lib; {
  fonts.fontconfig.enable = true; # required to autoload fonts from packages
  home.packages = with pkgs; [
    nerd-fonts.fira-code
    nerd-fonts.jetbrains-mono
    font-awesome
    dejavu_fonts
    noto-fonts
@@ -18,7 +16,5 @@ with lib; {
    fira-code
    fira-code-symbols
    source-code-pro
    source-sans
    roboto
  ];
 }
@@ -0,0 +1,33 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }: let
  inherit (inputs.nix-colors.lib-contrib {inherit pkgs;}) gtkThemeFromScheme;
 in {
  # Do not make conditional, just toggle things on and off
  imports = [inputs.nix-colors.homeManagerModules.default]; # TODO: what does this do
  # home.sessionVariables.GTK_THEME = "Catppuccin-Mocha-Compact-Blue-dark";
  gtk = {
    enable = true;
    theme = {
      name = inputs.nix-colors.colorschemes.${config.colorscheme.name}.slug;
      package = gtkThemeFromScheme {
        scheme = inputs.nix-colors.colorschemes.${config.colorscheme.name};
      };
    };
    iconTheme = {
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
    cursorTheme = {
      package = pkgs.apple-cursor;
      name = "macOS";
      size = 24;
    };
  };
  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
 }
@@ -4,7 +4,12 @@
  config,
  lib,
  ...
-}: {
+}: let
  inherit
    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
    palette
    ;
 in {
  imports = [
    # inputs.hyprland.homeManagerModules.default
    ./waybar
@@ -114,8 +119,6 @@
    #   }
    # );
    configType = "lua";
    systemd = {
      enable = true;
      # Same as default, but stop graphical-session too
@@ -180,16 +183,6 @@
      };
    };
    # Disable animations for selection, fixes screenshots
    extraConfig = ''
      # layerrule {
      #   name = no_anim_for_selection
      #   no_anim = on
      #   match:namespace = selection
      # }
      layerrule = noanim, selection
    '';
    settings = {
      "$mod" = "SUPER";
@@ -211,6 +204,9 @@
        gaps_out = 5;
        layout = "dwindle";
        # "col.active_border" = "0xff${palette.base0C} 0xff${palette.base0D} 270deg";
        # "col.inactive_border" = "0xff${palette.base00}";
      };
      decoration = {
@@ -250,7 +246,7 @@
      };
      exec = [
-        # "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
        "correct-workspace-locations"
      ];
@@ -439,6 +435,18 @@
              "$mod SHIFT,W,exec,${makoctl} restore"
            ]
        );
      # plugin = {
      #   hyprbars = {
      #     bar_text_size = 10;
      #     bar_height = 16;
      #     bar_text_font = "Ubuntu Nerd Font";
      #     bar_precedence_over_border = true;
      #     bar_color = "rgb(${palette.base01})";
      #     hyprbars-button = [ "rgb(${palette.base03}), 14, 󰖭, hyprctl dispatch killactive" ];
      #   };
      # };
    };
  };
 }
@@ -0,0 +1,46 @@
 {
  options,
  config,
  lib,
  pkgs,
  inputs,
  ...
 }: let
  inherit
    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
    palette
    ;
 in {
  programs.hyprlock.enable = true;
  programs.hyprlock.settings = {
    general = {
      disable_loading_bar = true;
      hide_cursor = true;
      ignore_empty_input = true;
    };
    background = [
      {
        color = "#${palette.base00}";
        # path = "screenshot";
        # blur_passes = 3;
        # blur_size = 8;
      }
    ];
    input-field = [
      {
        size = "200, 50";
        position = "0, -80";
        monitor = "";
        dots_center = true;
        fade_on_empty = false;
        font_color = "#${palette.base0B}";
        inner_color = "#${palette.base01}";
        outer_color = "#${palette.base05}";
        outline_thickness = 5;
        placeholder_text = "Password...";
      }
    ];
  };
 }
@@ -0,0 +1,30 @@
 {
  options,
  config,
  lib,
  pkgs,
  inputs,
  ...
 }: let
  inherit
    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
    palette
    ;
 in {
  home.packages = with pkgs; [libnotify];
  services.mako = {
    enable = true;
    settings = {
      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
      backgroundColor = "#${palette.base00}";
      textColor = "#${palette.base05}";
      borderColor = "#${palette.base0D}";
      progressColor = "over #${palette.base02}";
      extraConfig = ''
          [urgency=high]
          border-color=#${palette.base09}
        # '';
    };
  };
 }
@@ -31,7 +31,7 @@
 in {
  services.swayidle = {
    enable = true;
-    systemdTargets = ["graphical-session.target"];
+    systemdTarget = "graphical-session.target";
    timeouts =
      # Lock screen
      [
@@ -1,7 +1,14 @@
 {
  config,
  pkgs,
  ...
 }: let
  inherit (config.colorscheme) colors;
 in {
  programs.swaylock = {
    enable = true;
    settings = {
      color = "000000";
      ignore-empty-password = true;
      indicator-idle-visible = false;
    };
@@ -0,0 +1,36 @@
 {
  options,
  config,
  pkgs,
  lib,
  inputs,
  ...
 }: let
  palette = (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name}).palette;
 in {
  programs.waybar = {
    enable = true;
    # systemd.enable = true;
    settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
  };
  xdg.configFile."waybar/style.css".source = ./style.css;
  xdg.configFile."waybar/theme.css".text = ''
    /*
    bg - background
    fg - foreground
    */
    /* Main Colors */
    @define-color background        #${palette.base00};
    @define-color foreground        #${palette.base05};
    /* Workspace Button Colors */
    @define-color hover-bg          #${palette.base01};
    @define-color hover-fg          #${palette.base05};
    @define-color active-bg         #${palette.base02};
    @define-color active-fg         #${palette.base0A};
    @define-color urgent-bg         #${palette.base08};
    @define-color urgent-fg         #${palette.base00};
  '';
 }
@@ -0,0 +1,39 @@
 {
  options,
  config,
  lib,
  pkgs,
  inputs,
  ...
 }: let
  inherit
    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
    palette
    ;
 in {
  home.packages = with pkgs; [wlogout];
  # xdg.configFile."wlogout/style.css".text = ''
  #    * {
  #      all: unset;
  #      font-family: JetBrains Mono Nerd Font;
  #    }
  #    window {
  #      background-color: #${palette.base00};
  #    }
  #    button {
  #      color: #${palette.base01};
  #      font-size: 64px;
  #      background-color: rgba(0,0,0,0);
  #      outline-style: none;
  #      margin: 5px;
  #   }
  #    button:focus, button:active, button:hover {
  #      color: #${palette.base0D};
  #      transition: ease 0.4s;
  #    }
  # '';
 }
@@ -0,0 +1,86 @@
 {
  options,
  config,
  lib,
  pkgs,
  inputs,
  ...
 }: let
  inherit
    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
    palette
    ;
 in {
  home.packages = with pkgs; [wofi];
  xdg.configFile."wofi/config".source = ./config;
  xdg.configFile."wofi/style.css".text = ''
    window {
        margin: 5px;
        border: 5px solid #181926;
        background-color: #${palette.base00};
        border-radius: 15px;
        font-family: "JetBrainsMono";
        font-size: 14px;
      }
      #input {
        all: unset;
        min-height: 36px;
        padding: 4px 10px;
        margin: 4px;
        border: none;
        color: #${palette.base05};
        font-weight: bold;
        background-color: #${palette.base01};
        outline: none;
        border-radius: 15px;
        margin: 10px;
        margin-bottom: 2px;
      }
      #inner-box {
        margin: 4px;
        padding: 10px;
        font-weight: bold;
        border-radius: 15px;
      }
      #outer-box {
        margin: 0px;
        padding: 3px;
        border: none;
        border-radius: 15px;
        border: 5px solid #${palette.base01};
      }
      #scroll {
        margin-top: 5px;
        border: none;
        border-radius: 15px;
        margin-bottom: 5px;
      }
      #text:selected {
        color: #${palette.base01};
        margin: 0px 0px;
        border: none;
        border-radius: 15px;
      }
      #entry {
        margin: 0px 0px;
        border: none;
        border-radius: 15px;
        background-color: transparent;
      }
      #entry:selected {
        margin: 0px 0px;
        border: none;
        border-radius: 15px;
        background: #${palette.base0D};
        background-size: 400% 400%;
      }
  '';
 }
@@ -22,9 +22,9 @@
  # Prevent screen from going blank (check these settings with `xset q`)
  # And disable bell sound (b)
  xsession.initExtra = ''
-    ${pkgs.xset}/bin/xset s off
+    ${pkgs.xorg.xset}/bin/xset s off
-    ${pkgs.xset}/bin/xset -dpms
+    ${pkgs.xorg.xset}/bin/xset -dpms
-    ${pkgs.xset}/bin/xset b off
+    ${pkgs.xorg.xset}/bin/xset b off
  '';
  xsession.windowManager.i3 = {
    enable = true;
@@ -18,7 +18,7 @@
    fd
    stylua
    black
-    nixfmt # nixfmt
+    nixfmt-rfc-style # nixfmt
  ];
  programs.nixvim = {
@@ -37,7 +37,7 @@
    usbutils # lsusb
    wget
    wireguard-tools # wg-quick
-    xkill
+    xorg.xkill
    zip
    dig
@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  imports = [./stylix.nix];
+  imports = [../../gtk];
  services.blueman-applet.enable = true;
  services.nextcloud-client.enable = true;
@@ -39,7 +39,7 @@
    # kitty # Terminal, already available as feature
    libnotify
    libreoffice
-    engrampa
+    mate.engrampa
    nomacs # Image viewer
    kdePackages.okular # Pdf reader with many features, good for commenting documents
    pavucontrol
@@ -52,11 +52,12 @@
    # rustdesk
    tor-browser
    rusty-path-of-building # Path of Building for poe1 and poe2
    # frajul.pob-dev-version # Path of Building
    vlc
-    wineWow64Packages.stable # 32-bit and 64-bit wine
+    wineWowPackages.stable # 32-bit and 64-bit wine
    winetricks
    xclip # x11 clipboard access from terminal
-    mousepad # simple text editor
+    xfce.mousepad # simple text editor
    xournalpp # Edit pdf files
    zoom-us # Video conferencing
    zotero # Manage papers and other sources
@@ -68,5 +69,6 @@
    ## My scripts
    frajul.open-messaging
    frajul.xwacomcalibrate
    frajul.pob2-frajul
  ];
 }
@@ -65,13 +65,9 @@
    sops
    pandoc # markdown preview
    docker-compose
    mise
    mise
    ## My scripts
    frajul.deploy-to-pianopi
    frajul.smath-studio
    # frajul.rtklib
    (pkgs.writeShellScriptBin "matlab-rsp" ''
@@ -16,8 +16,11 @@
    xclip
  ];
  home.shellAliases = {
    y = "yy"; # Yazi shell wrapper (cd on quit)
  };
  programs.yazi.enable = true;
  programs.yazi.shellWrapperName = "y";
  programs.yazi.enableFishIntegration = true;
  programs.yazi.settings.manager = {
    sort_by = "mtime";
@@ -3,9 +3,9 @@
  pkgs,
  ...
 }: {
-  # home.file = {
+  home.file = {
-  #   ".config/starship.toml".source = ./starship.toml;
+    ".config/starship.toml".source = ./starship.toml;
-  # };
+  };
  home.packages = with pkgs; [starship];
@@ -0,0 +1,18 @@
 {
  flake.nixosModules.base = {
    inputs,
    config,
    ...
  }: {
    system.hydraAutoUpgrade = {
      # Only enable if not dirty
      enable = inputs.self ? rev;
      dates = "*:0/10"; # Every 10 minutes
      instance = "http://hydra.julian-mutter.de";
      project = "dotfiles";
      jobset = "main";
      job = "hosts.${config.networking.hostName}";
      oldFlakeRef = "self";
    };
  };
 }
@@ -0,0 +1,40 @@
 # Common config for all hosts
 {
  flake.nixosModules.base = {
    inputs,
    outputs,
    pkgs,
    lib,
    ...
  }: {
    imports = [
      inputs.home-manager.nixosModules.home-manager
    ];
    # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
    # Enables non-free firmware
    hardware.enableRedistributableFirmware = true;
    # Networking
    networking.networkmanager = {
      enable = true;
      plugins = with pkgs; [
        networkmanager-openconnect
      ];
    };
    services.resolved.enable = false;
    # MDNS Taken by avahi
    # networking.networkmanager.dns = "none";
    networking.nameservers = lib.mkDefault [
      "1.1.1.1"
      "8.8.8.8"
    ];
    # HM module
    home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
    home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
    home-manager.extraSpecialArgs = {
      inherit inputs outputs;
    };
  };
 }
@@ -0,0 +1,12 @@
 {
  flake.nixosModules.base = {
    programs.fish = {
      enable = true;
      vendor = {
        completions.enable = true;
        config.enable = true;
        functions.enable = true;
      };
    };
  };
 }
@@ -0,0 +1,28 @@
 {
  flake.nixosModules.base = {
    # Select internationalisation properties.
    i18n.defaultLocale = "en_US.UTF-8";
    i18n.extraLocaleSettings = {
      LC_ADDRESS = "de_DE.UTF-8";
      LC_IDENTIFICATION = "de_DE.UTF-8";
      LC_MEASUREMENT = "de_DE.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
      LC_NAME = "de_DE.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "de_DE.UTF-8";
      LC_TELEPHONE = "de_DE.UTF-8";
      LC_TIME = "de_DE.UTF-8";
    };
    # Keymap
    services.xserver.xkb = {
      layout = "de";
      variant = "";
    };
    console.keyMap = "de";
    time.timeZone = "Europe/Berlin";
  };
 }
@@ -0,0 +1,48 @@
 {
  flake.nixosModules.base = {outputs, ...}: {
    # Apply overlays
    nixpkgs = {
      # TODO: apply this to hm and nixos without duplicate code
      overlays = builtins.attrValues outputs.overlays;
      config = {
        nvidia.acceptLicense = true;
        allowUnfree = true;
        allowUnfreePredicate = _: true; # TODO: what is this
        warn-dirty = false;
        permittedInsecurePackages = [
          "olm-3.2.16"
        ];
      };
    };
    # optimize at every build, slows down builds
    # better to do optimise.automatic for regular optimising
    # nix.settings.auto-optimise-store = lib.mkDefault true;
    nix.settings.experimental-features = [
      "nix-command"
      "flakes"
      "ca-derivations"
    ];
    # warn-dirty = false;
    nix.gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
      persistent = true;
    };
    nix.optimise = {
      automatic = true;
      dates = ["weekly"]; # Optional; allows customizing optimisation schedule
      persistent = true;
    };
    programs.nix-ld.enable = true;
    # TODO: is this useful?, what does it do?
    # nix.settings.flake-registry = ""; # Disable global flake registry
    # Add each flake input as a registry and nix_path
    # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
    # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
  };
 }
@@ -0,0 +1,11 @@
 {
  flake.nixosModules.base = {pkgs, ...}: {
    # Packages needed as root
    environment.systemPackages = with pkgs; [
      vim
      htop
      mc
      gparted-xhost # needs to be installed as system package so it can be actually opened
    ];
  };
 }
@@ -1,8 +1,14 @@
 #ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
 julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
 wifi:
    pianonix: ENC[AES256_GCM,data:Ty1wElfVj+CU9bTbpuYIk2dA4fgFm59PkQGqvODn51Q=,iv:bLomyTlOW2Z4rPbue7Klo6Jt5lR+44AuL+dIMFgDNAE=,tag:DuH2ayeb19dkPi9xmbAu3A==,type:str]
 syncthing:
    public-keys:
        aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
        pianonix: ENC[AES256_GCM,data:pUJPXH47VG363aIoxZwmbVe3uBoO7EO2TflK4f761C7PwD0tFNthZt9HRE6gQXAMQMF6qWzNK3CNGspSzKsE,iv:E89oz8BG5iQW/mRzdxSrYewGeVLiCrTcAF+c9ny6gPc=,tag:rLqwUmFDsaOMClR1tbE1sA==,type:str]
    pianonix:
        key: ENC[AES256_GCM,data:IaCXIRDMWCHj3lTKpkLg1Nd3pX4bktWg4WjZPGKgTBCLVkMi/SDtlaoNhDz+a+Vt6jYTXHS4exFnIVJ878nWSrA1sD2NHXmfsMh1kkLhub68qv0M33dBXvgX0vQ51Z1WMoti73yDUjJH8Ym5yF/SCg2+RbkVf+4pe2hSlAzwkGP6YC2rbCE5sZG31C55MkaGC6zwo2ZpZXdVhCW845SqAc11cF/OeEHb9B1FS3rd+El7rlJHrIEVQTkomNLshcspb13H0z3vNhtfu9pPkGxee8Hp/hEhFQ+waWBAg4w15yKihjHJmhzdjhDHCilvwYaceb7b5OwARuuiruQ+cJ40bdnStDpi2ouP8QJjEi7tmKWeplZ0X70PVZJFH/e/mTH5,iv:3hQMB4ka31w3chXXwjl/1IHF8ES/RobZVeugMC3ddlU=,tag:j8wwrNQUQbCEGtcriSpc4g==,type:str]
        cert: ENC[AES256_GCM,data:v9LO8qpeGDDV6I+AJU5iTYKKBV6qgr1ddwLvBVEOYyvmtPNeqaatYaK6vMBCabBIhxQu2NC96pREvWu1UHbxaMWvSCT1TzrIPrcFm+gKCH6PIPhqcnQpdGa3OYn01ohThpLp8hEmVUpJ0FO/AnE1QHK0VfPqJ3S0uHLjSCBJtxLmcBWNVvlcTU/P68QIQkrYAQRAtz9aDS+JNpUKhwCJBgjpY1Thj8Lj/fpc1t0qWo3BKIL3eW5iSlUW0iEriFS0bkMr4Bi9mNqpO26l1eZ3IXFJy/7pkqhmXXW83qOaF9AFXgg41p1Kjw4G6isB/obuhR7Z4oQ/AtkSU0wxHP4mF0AWrvC7/YGlrDG9aPYUEWOexTTBHkm89PhgEa69sekbzac7mYYFi/MIdU34ks4oc8ZIChWpT+V66mbo4f+3mn7raih5SLnyEMS7ENBes9cQC7SghSpB7D8c/2+q74A5aEZHUWRhqiDEx9IggP43SiWuNnb/HyZw16RUB7xnQKPs7LzAVlLC6M7ZETUmyEDEWWOsDY8+0Li4wuD3z4WXLAD9nP43TMx4GNoafjG+0Gu05hSR8fWv8strRCtIWjzK3wMaD9VT/cbt2oqOBkJcaqIW8+lM+ktk1WsD4Kc1DQ4q5O2oMrdPOWI9xZOs7DQTFshLHuvxutN05vgEUovI1vbMOl7SIzUW8YUY9PN0ofC7zwQlEJxfOdqT0nwv9vmqikSMP6V3jXgP5OnPb4KVx8G27X0oCjN++dJgDxdkh2JiLR9JaJHNmYPtLlP7hU4NsBpRpd9ObxRlv+uIbF2o0I8PGXMo3IVnRjrFDrRyoth2UJ+YUMGCVuonoS+nZLMCNz1xwRMaZBYjSEESmxc2Ilwdu3XTzd1KF282UvumBpRwcNxvsmPhI84v/XV8TJE8Z7YxyO3RYBQHD5+OuHOHKTtlajnKpSp/m0p0QR7rrGFoDuDKp+Z81MKz8wz3/8GG+sDh0pgniUfNyrmLroLPdT6nj0brvSVWYmOIJHDHKqM+6HZok5PyS+uHlb5dzwnmrd9OmhmwPVdkP5s=,iv:X9VNz2nsN4ywu3E0c+agwZCl43I4bt6jHz0jMoMFTJQ=,tag:RZUWa4h5JoIiZaDrYgcAeg==,type:str]
 sops:
    age:
        - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
@@ -41,7 +47,7 @@ sops:
            VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
            AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-23T19:37:41Z"
+    lastmodified: "2025-04-23T07:00:17Z"
-    mac: ENC[AES256_GCM,data:nd4HHv/KfoLj5qGINngvWZX9XdYqtmJnUREo0BOO2JZgYR3AVw0ppmGhj1RFy1bVKdfll/fMoD5tGNc3UQJPB0j2g/1pj47AF44V0d1J79RP6dwov30rr0QnsXVt7P9EOFL/W6TRugYO9J7LZs+tpsSALfwNPTfnulSJQtaJdG4=,iv:EKfq4eKyv1HeMy/zS+V3OKpdL9IVjE5mg8iuz8OPgso=,tag:W8+CZLnYuNbnKRS1kqhY0w==,type:str]
+    mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.1
@@ -0,0 +1,24 @@
 {
  flake.nixosModules.base = {
    inputs,
    config,
    ...
  }: let
    isEd25519 = k: k.type == "ed25519";
    getKeyPath = k: k.path;
    keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
  in {
    imports = [inputs.sops-nix.nixosModules.sops];
    sops.age = {
      sshKeyPaths = map getKeyPath keys;
      # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
      # keyFile = "/home/julian/.config/sops/age/keys.txt";
      # Generate key if none of the above worked. With this, building will still work, just without secrets
      generateKey = false; # TODO: building should not work without secrets!?
    };
    sops.defaultSopsFile = ./secrets.yaml;
  };
 }
@@ -1,16 +0,0 @@
 {
  inputs,
  config,
  ...
 }: {
  system.hydraAutoUpgrade = {
    # Only enable if not dirty
    enable = inputs.self ? rev;
    dates = "*:0/10"; # Every 10 minutes
    instance = "http://hydra.julian-mutter.de";
    project = "dotfiles";
    jobset = "main";
    job = "hosts.${config.networking.hostName}";
    oldFlakeRef = "self";
  };
 }
@@ -1,47 +0,0 @@
 # Common config for all hosts
 {
  inputs,
  outputs,
  pkgs,
  lib,
  ...
 }: {
  imports =
    [
      ./fish.nix # fish for admin
      ./locale.nix
      ./nix.nix
      ./sops.nix
      ./root.nix
    ]
    ++ [
      inputs.home-manager.nixosModules.home-manager
    ]
    ++ (builtins.attrValues outputs.nixosModules);
  # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
  # Enables non-free firmware
  hardware.enableRedistributableFirmware = true;
  # Networking
  networking.networkmanager = {
    enable = true;
    plugins = with pkgs; [
      networkmanager-openconnect
    ];
  };
  services.resolved.enable = false;
  # MDNS Taken by avahi
  # networking.networkmanager.dns = "none";
  networking.nameservers = lib.mkDefault [
    "1.1.1.1"
    "8.8.8.8"
  ];
  # HM module
  home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
  home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
  home-manager.extraSpecialArgs = {
    inherit inputs outputs;
  };
 }
@@ -1,10 +0,0 @@
 {
  programs.fish = {
    enable = true;
    vendor = {
      completions.enable = true;
      config.enable = true;
      functions.enable = true;
    };
  };
 }
@@ -1,26 +0,0 @@
 {
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };
  # Keymap
  services.xserver.xkb = {
    layout = "de";
    variant = "";
  };
  console.keyMap = "de";
  time.timeZone = "Europe/Berlin";
 }
@@ -1,46 +0,0 @@
 {outputs, ...}: {
  # Apply overlays
  nixpkgs = {
    # TODO: apply this to hm and nixos without duplicate code
    overlays = builtins.attrValues outputs.overlays;
    config = {
      nvidia.acceptLicense = true;
      allowUnfree = true;
      allowUnfreePredicate = _: true; # TODO: what is this
      warn-dirty = false;
      permittedInsecurePackages = [
        "olm-3.2.16"
      ];
    };
  };
  # optimize at every build, slows down builds
  # better to do optimise.automatic for regular optimising
  # nix.settings.auto-optimise-store = lib.mkDefault true;
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
    "ca-derivations"
  ];
  # warn-dirty = false;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
    persistent = true;
  };
  nix.optimise = {
    automatic = true;
    dates = ["weekly"]; # Optional; allows customizing optimisation schedule
    persistent = true;
  };
  programs.nix-ld.enable = true;
  # TODO: is this useful?, what does it do?
  # nix.settings.flake-registry = ""; # Disable global flake registry
  # Add each flake input as a registry and nix_path
  # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
  # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
 }
@@ -1,9 +0,0 @@
 {pkgs, ...}: {
  # Packages needed as root
  environment.systemPackages = with pkgs; [
    vim
    htop
    mc
    gparted-xhost # needs to be installed as system package so it can be actually opened
  ];
 }
@@ -1,23 +0,0 @@
 {
  pwd,
  inputs,
  config,
  ...
 }: let
  isEd25519 = k: k.type == "ed25519";
  getKeyPath = k: k.path;
  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
 in {
  imports = [inputs.sops-nix.nixosModules.sops];
  sops.age = {
    sshKeyPaths = map getKeyPath keys;
    # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
    # keyFile = "/home/julian/.config/sops/age/keys.txt";
    # Generate key if none of the above worked. With this, building will still work, just without secrets
    generateKey = false; # TODO: building should not work without secrets!?
  };
  sops.defaultSopsFile = "${pwd}/hosts/secrets-common.yaml";
 }
@@ -1,28 +1,30 @@
 {
-  pkgs,
+  flake.nixosModules.authentication = {
-  lib,
+    pkgs,
-  ...
+    lib,
-}: {
+    ...
-  # Make programs like nextcloud client access saved passwords
+  }: {
-  services.gnome.gnome-keyring.enable = true;
+    # Make programs like nextcloud client access saved passwords
    services.gnome.gnome-keyring.enable = true;
-  programs.seahorse.enable = true;
+    programs.seahorse.enable = true;
-  programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+    programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
-  # Make authentication work for e.g. gparted
+    # Make authentication work for e.g. gparted
-  security.polkit.enable = true;
+    security.polkit.enable = true;
-  systemd = {
+    systemd = {
-    user.services.polkit-gnome-authentication-agent-1 = {
+      user.services.polkit-gnome-authentication-agent-1 = {
-      description = "polkit-gnome-authentication-agent-1";
+        description = "polkit-gnome-authentication-agent-1";
-      wantedBy = ["graphical-session.target"];
+        wantedBy = ["graphical-session.target"];
-      wants = ["graphical-session.target"];
+        wants = ["graphical-session.target"];
-      after = ["graphical-session.target"];
+        after = ["graphical-session.target"];
-      serviceConfig = {
+        serviceConfig = {
-        Type = "simple";
+          Type = "simple";
-        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-        Restart = "on-failure";
+          Restart = "on-failure";
-        RestartSec = 1;
+          RestartSec = 1;
-        TimeoutStopSec = 10;
+          TimeoutStopSec = 10;
        };
      };
    };
  };
@@ -1,12 +1,14 @@
 {
-  # MDNS on local network
+  flake.nixosModules.avahi = {
-  services.avahi = {
+    # MDNS on local network
-    enable = true;
+    services.avahi = {
-    nssmdns4 = true;
+      enable = true;
-    nssmdns6 = true;
+      nssmdns4 = true;
-    publish.enable = true;
+      nssmdns6 = true;
-    publish.addresses = true;
+      publish.enable = true;
-    ipv4 = true;
+      publish.addresses = true;
-    ipv6 = true;
+      ipv4 = true;
      ipv6 = true;
    };
  };
 }
@@ -1,31 +1,33 @@
 {
-  lib,
+  flake.nixosModules.binarycaches = {
-  outputs,
+    lib,
-  ...
+    outputs,
-}: {
+    ...
-  # Setup binary caches
+  }: {
-  nix.settings = {
+    # Setup binary caches
-    substituters = [
+    nix.settings = {
-      "https://nix-community.cachix.org"
+      substituters = [
-      "https://cache.nixos.org/"
+        "https://nix-community.cachix.org"
-      "https://hyprland.cachix.org"
+        "https://cache.nixos.org/"
-      # "http://binarycache.julian-mutter.de"
+        "https://hyprland.cachix.org"
-      "https://devenv.cachix.org"
+        "http://binarycache.julian-mutter.de"
-    ];
+        "https://devenv.cachix.org"
-    trusted-public-keys = [
+      ];
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      trusted-public-keys = [
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
-      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-    ];
+        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
      ];
-    trusted-users = [
+      trusted-users = [
-      "root"
+        "root"
-      "@wheel"
+        "@wheel"
-    ]; # needed for devenv to add custom caches
+      ]; # needed for devenv to add custom caches
-    # Ensure we can still build when missing-server is not accessible
+      # Ensure we can still build when missing-server is not accessible
-    fallback = true;
+      fallback = true;
    };
  };
 }
@@ -1,17 +1,19 @@
 {
-  # Bootloader
+  flake.nixosModules.boot-efi = {
-  # Use this for simple nix boot menu, if no dual boot required
+    # Bootloader
-  boot.loader.systemd-boot.enable = true;
+    # Use this for simple nix boot menu, if no dual boot required
-  boot.loader.systemd-boot.configurationLimit = 10;
+    boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.systemd-boot.configurationLimit = 10;
    boot.loader.efi.canTouchEfiVariables = true;
-  # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
+    # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
-  boot.loader.systemd-boot.editor = false;
+    boot.loader.systemd-boot.editor = false;
-  boot.supportedFilesystems = [
+    boot.supportedFilesystems = [
-    "btrfs"
+      "btrfs"
-    "ntfs"
+      "ntfs"
-    "nfs"
+      "nfs"
-    "cifs"
+      "cifs"
-  ];
+    ];
  };
 }
@@ -1,5 +1,7 @@
 {
-  virtualisation.docker = {
+  flake.nixosModules.docker = {
-    enable = true;
+    virtualisation.docker = {
      enable = true;
    };
  };
 }
@@ -1,6 +1,8 @@
-{pkgs, ...}: {
+{
-  services.flatpak.enable = true;
+  flake.nixosModules.flatpak = {pkgs, ...}: {
-  xdg.portal.enable = true;
+    services.flatpak.enable = true;
-  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+    xdg.portal.enable = true;
-  xdg.portal.config.common.default = "*"; # Use first portal implementation found
+    xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
    xdg.portal.config.common.default = "*"; # Use first portal implementation found
  };
 }
@@ -1,20 +1,22 @@
-{pkgs, ...}: {
+{
-  programs.gamemode = {
+  flake.nixosModules.gamemode = {pkgs, ...}: {
-    enable = true;
+    programs.gamemode = {
-    settings = {
+      enable = true;
-      general = {
+      settings = {
-        softrealtime = "auto";
+        general = {
-        inhibit_screensaver = 1;
+          softrealtime = "auto";
-        renice = 5;
+          inhibit_screensaver = 1;
-      };
+          renice = 5;
-      # gpu = {
+        };
-      #   apply_gpu_optimisations = "accept-responsibility";
+        # gpu = {
-      #   gpu_device = 1;
+        #   apply_gpu_optimisations = "accept-responsibility";
-      #   amd_performance_level = "high";
+        #   gpu_device = 1;
-      # };
+        #   amd_performance_level = "high";
-      custom = {
+        # };
-        start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+        custom = {
-        end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
        };
      };
    };
  };
@@ -1,13 +1,15 @@
 {
-  config,
+  flake.nixosModules.gdm = {
-  lib,
+    config,
-  pkgs,
+    lib,
-  ...
+    pkgs,
-}: {
+    ...
-  services.xserver.displayManager.gdm = {
+  }: {
-    enable = true;
+    services.xserver.displayManager.gdm = {
-  };
+      enable = true;
    };
-  # unlock GPG keyring on login
+    # unlock GPG keyring on login
-  security.pam.services.gdm.enableGnomeKeyring = true;
+    security.pam.services.gdm.enableGnomeKeyring = true;
  };
 }
@@ -1,34 +1,39 @@
 {
-  users.extraUsers.greeter = {
+  flake.nixosModules.greetd = {config, ...}: let
-    # For caching
+    homeCfgs = config.home-manager.users;
-    home = "/tmp/greeter-home";
+    julianCfg = homeCfgs.julian;
-    createHome = true;
+  in {
-  };
+    users.extraUsers.greeter = {
      # For caching
      home = "/tmp/greeter-home";
      createHome = true;
    };
-  programs.regreet = {
+    programs.regreet = {
-    enable = true;
+      enable = true;
-    # iconTheme = julianCfg.gtk.iconTheme;
+      iconTheme = julianCfg.gtk.iconTheme;
-    # theme = julianCfg.gtk.theme;
+      theme = julianCfg.gtk.theme;
-    # # font = julianCfg.fontProfiles.regular; # TODO: do
+      # font = julianCfg.fontProfiles.regular; # TODO: do
-    # cursorTheme = {
+      cursorTheme = {
-    #   inherit (julianCfg.gtk.cursorTheme) name package;
+        inherit (julianCfg.gtk.cursorTheme) name package;
-    # };
+      };
-    cageArgs = [
+      cageArgs = [
-      "-s"
+        "-s"
-      "-m"
+        "-m"
-      "last"
+        "last"
-    ]; # multimonitor use last monitor
+      ]; # multimonitor use last monitor
-    # settings.background = {
+      # settings.background = {
-    #   path = julianCfg.wallpaper;
+      #   path = julianCfg.wallpaper;
-    #   fit = "Cover";
+      #   fit = "Cover";
-    # }; # TODO: fix
+      # }; # TODO: fix
-    # TODO: setting keyboard language does not work
+      # TODO: setting keyboard language does not work
-    # settings = {
+      # settings = {
-    #   env = {
+      #   env = {
-    #     XKB_DEFAULT_LAYOUT = "de";
+      #     XKB_DEFAULT_LAYOUT = "de";
-    #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+      #     # XKB_DEFAULT_VARIANT = "altgr-intl";
-    #   };
+      #   };
-    # };
+      # };
    };
  };
 }
@@ -1,16 +1,18 @@
 {
-  config,
+  flake.nixosModules.i3 = {
-  lib,
+    config,
-  pkgs,
+    lib,
-  ...
+    pkgs,
-}: {
+    ...
-  services.xserver.windowManager.i3.enable = true;
+  }: {
-  services.xserver.windowManager.i3.package = pkgs.i3-gaps;
+    services.xserver.windowManager.i3.enable = true;
-  services.displayManager.defaultSession = "none+i3";
+    services.xserver.windowManager.i3.package = pkgs.i3-gaps;
    services.displayManager.defaultSession = "none+i3";
-  programs.xss-lock = {
+    programs.xss-lock = {
-    # responds to "loginctl lock-session" via dbus
+      # responds to "loginctl lock-session" via dbus
-    enable = true;
+      enable = true;
-    lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
+      lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
    };
  };
 }
@@ -1,22 +1,24 @@
 {
-  security.krb5.enable = true;
+  flake.nixosModules.kerberos = {
-  security.krb5.settings = {
+    security.krb5.enable = true;
-    # domain_realm = {
+    security.krb5.settings = {
-    #   ".julian-mutter.de" = "julian-mutter.de";
+      # domain_realm = {
-    #   "julian-mutter.de" = "julian-mutter.de";
+      #   ".julian-mutter.de" = "julian-mutter.de";
-    # };
+      #   "julian-mutter.de" = "julian-mutter.de";
-    libdefaults = {
+      # };
-      default_realm = "julian-mutter.de";
+      libdefaults = {
-      #   dns_lookup_realm = true;
+        default_realm = "julian-mutter.de";
-      #   dns_lookup_kdc = true;
+        #   dns_lookup_realm = true;
-      #   ticket_lifetime = "24h";
+        #   dns_lookup_kdc = true;
-      #   renew_lifetime = "7d";
+        #   ticket_lifetime = "24h";
-    };
+        #   renew_lifetime = "7d";
-    realms = {
+      };
-      "julian-mutter.de" = {
+      realms = {
-        kdc = ["kerberos.julian-mutter.de"];
+        "julian-mutter.de" = {
-        admin_server = "kerberos-admin.julian-mutter.de";
+          kdc = ["kerberos.julian-mutter.de"];
-        default_domain = "julian-mutter.de";
+          admin_server = "kerberos-admin.julian-mutter.de";
          default_domain = "julian-mutter.de";
        };
      };
    };
  };
@@ -1,49 +1,51 @@
 {
-  outputs,
+  flake.nixosModules.openssh = {
-  lib,
+    outputs,
-  config,
+    lib,
-  ...
+    config,
-}: let
+    ...
-  hosts = lib.attrNames outputs.nixosConfigurations;
+  }: let
-in {
+    hosts = lib.attrNames outputs.nixosConfigurations;
-  services.openssh = {
+  in {
-    enable = true;
+    services.openssh = {
-    settings = {
+      enable = true;
-      # Harden
+      settings = {
-      PasswordAuthentication = false;
+        # Harden
-      PermitRootLogin = "no";
+        PasswordAuthentication = false;
        PermitRootLogin = "no";
-      # TODO: what does this do
+        # TODO: what does this do
-      # Let WAYLAND_DISPLAY be forwarded
+        # Let WAYLAND_DISPLAY be forwarded
-      # AcceptEnv = "WAYLAND_DISPLAY";
+        AcceptEnv = "WAYLAND_DISPLAY";
-      X11Forwarding = true;
+        X11Forwarding = true;
      };
      hostKeys = [
        {
          path = "/etc/ssh/ssh_host_ed25519_key";
          type = "ed25519";
        }
      ];
    };
-    hostKeys = [
+    # TODO: is automatic known hosts file even necessary?
-      {
+    # programs.ssh = {
-        path = "/etc/ssh/ssh_host_ed25519_key";
+    #   # Each hosts public key
-        type = "ed25519";
+    #   knownHosts = lib.genAttrs hosts (hostname: {
-      }
+    #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
-    ];
+    #     extraHostNames =
    #       [
    #         # "${hostname}.m7.rs"
    #       ]
    #       ++
    #         # Alias for localhost if it's the same host
    #         (lib.optional (hostname == config.networking.hostName) "localhost")
    #       # Alias to m7.rs and git.m7.rs if it's alcyone
    #       ++ (lib.optionals (hostname == "alcyone") [
    #         "m7.rs"
    #         "git.m7.rs"
    #       ]);
    #   });
    # };
  };
  # TODO: is automatic known hosts file even necessary?
  # programs.ssh = {
  #   # Each hosts public key
  #   knownHosts = lib.genAttrs hosts (hostname: {
  #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
  #     extraHostNames =
  #       [
  #         # "${hostname}.m7.rs"
  #       ]
  #       ++
  #         # Alias for localhost if it's the same host
  #         (lib.optional (hostname == config.networking.hostName) "localhost")
  #       # Alias to m7.rs and git.m7.rs if it's alcyone
  #       ++ (lib.optionals (hostname == "alcyone") [
  #         "m7.rs"
  #         "git.m7.rs"
  #       ]);
  #   });
  # };
 }
@@ -1,9 +1,11 @@
-{pkgs, ...}: {
+{
-  environment.systemPackages = with pkgs; [
+  flake.nixosModules.pcmanfm = {pkgs, ...}: {
-    shared-mime-info # extended mimetype support
+    environment.systemPackages = with pkgs; [
-    lxmenu-data # open with "Installed Applications"
+      shared-mime-info # extended mimetype support
-    pcmanfm
+      lxmenu-data # open with "Installed Applications"
-  ];
+      pcmanfm
    ];
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
  };
 }
@@ -1,26 +1,28 @@
 {
-  security.rtkit.enable = true;
+  flake.nixosModules.pipewire = {
-  services.pulseaudio.enable = false;
+    security.rtkit.enable = true;
-  services.pipewire = {
+    services.pulseaudio.enable = false;
-    enable = true;
+    services.pipewire = {
-    wireplumber.enable = true;
+      enable = true;
-    alsa.enable = true;
+      wireplumber.enable = true;
-    alsa.support32Bit = true;
+      alsa.enable = true;
-    pulse.enable = true;
+      alsa.support32Bit = true;
-    jack.enable = true;
+      pulse.enable = true;
-    extraConfig.pipewire = {
+      jack.enable = true;
-      "99-no-bell" = {
+      extraConfig.pipewire = {
-        # Disable bell sound
+        "99-no-bell" = {
-        "context.properties" = {
+          # Disable bell sound
-          "module.x11.bell" = false;
+          "context.properties" = {
            "module.x11.bell" = false;
          };
        };
-      };
+        "10-increase-buffer" = {
-      "10-increase-buffer" = {
+          "context.properties" = {
-        "context.properties" = {
+            "default.clock.rate" = 48000;
-          "default.clock.rate" = 48000;
+            "default.clock.quantum" = 1024;
-          "default.clock.quantum" = 1024;
+            "default.clock.min-quantum" = 1024;
-          "default.clock.min-quantum" = 1024;
+            "default.clock.max-quantum" = 2048;
-          "default.clock.max-quantum" = 2048;
+          };
        };
      };
    };
@@ -1,10 +1,12 @@
-{config, ...}: let
+{
-  dockerEnabled = config.virtualisation.docker.enable;
+  flake.nixosModules.podman = {config, ...}: let
-in {
+    dockerEnabled = config.virtualisation.docker.enable;
-  virtualisation.podman = {
+  in {
-    enable = true;
+    virtualisation.podman = {
-    dockerCompat = !dockerEnabled;
+      enable = true;
-    dockerSocket.enable = !dockerEnabled;
+      dockerCompat = !dockerEnabled;
-    defaultNetwork.settings.dns_enabled = true;
+      dockerSocket.enable = !dockerEnabled;
      defaultNetwork.settings.dns_enabled = true;
    };
  };
 }
@@ -1,12 +1,14 @@
 {
-  config,
+  flake.nixosModules.redshift = {
-  lib,
+    config,
-  pkgs,
+    lib,
-  ...
+    pkgs,
-}: {
+    ...
-  # Set location used by redshift
+  }: {
-  location.provider = "manual";
+    # Set location used by redshift
-  location.latitude = 47.92;
+    location.provider = "manual";
-  location.longitude = 10.12;
+    location.latitude = 47.92;
-  services.redshift.enable = true;
+    location.longitude = 10.12;
    services.redshift.enable = true;
  };
 }
@@ -1,34 +1,36 @@
 {
-  nix.distributedBuilds = true;
+  flake.nixosModules.remote-builder = {
-  nix.settings.builders-use-substitutes = true;
+    nix.distributedBuilds = true;
    nix.settings.builders-use-substitutes = true;
-  nix.buildMachines = [
+    nix.buildMachines = [
-    {
+      {
-      hostName = "builder.julian-mutter.de";
+        hostName = "builder.julian-mutter.de";
-      protocol = "ssh";
+        protocol = "ssh";
-      sshUser = "nix";
+        sshUser = "nix";
-      systems = [
+        systems = [
-        "x86_64-linux"
+          "x86_64-linux"
-        "aarch64-linux"
+          "aarch64-linux"
-      ];
+        ];
-      maxJobs = 4;
+        maxJobs = 4;
-      speedFactor = 3;
+        speedFactor = 3;
-      supportedFeatures = [
+        supportedFeatures = [
-        "nixos-test"
+          "nixos-test"
-        "benchmark"
+          "benchmark"
-        "big-parallel"
+          "big-parallel"
-        "kvm"
+          "kvm"
-      ];
+        ];
-      mandatoryFeatures = [];
+        mandatoryFeatures = [];
-    }
+      }
-    # {
+      # {
-    #   hostName = "localhost";
+      #   hostName = "localhost";
-    #   protocol = null;
+      #   protocol = null;
-    #   systems = [
+      #   systems = [
-    #     "x86_64-linux"
+      #     "x86_64-linux"
-    #   ];
+      #   ];
-    #   maxJobs = 4;
+      #   maxJobs = 4;
-    #   speedFactor = 1;
+      #   speedFactor = 1;
-    # }
+      # }
-  ];
+    ];
  };
 }
@@ -1,16 +1,18 @@
 {
-  config,
+  flake.nixosModules.thunar = {
-  lib,
+    config,
-  pkgs,
+    lib,
-  ...
+    pkgs,
-}: {
+    ...
-  programs.thunar.enable = true;
+  }: {
-  programs.xfconf.enable = true; # Persist saved preferences
+    programs.thunar.enable = true;
-  programs.thunar.plugins = with pkgs.xfce; [
+    programs.xfconf.enable = true; # Persist saved preferences
-    thunar-archive-plugin
+    programs.thunar.plugins = with pkgs.xfce; [
-    thunar-volman
+      thunar-archive-plugin
-    thunar-media-tags-plugin
+      thunar-volman
-  ];
+      thunar-media-tags-plugin
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
+    ];
-  services.tumbler.enable = true; # Thumbnail support for images
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
    services.tumbler.enable = true; # Thumbnail support for images
  };
 }
@@ -1,12 +1,14 @@
 {
-  config,
+  flake.nixosModules.virtualbox = {
-  lib,
+    config,
-  pkgs,
+    lib,
-  ...
+    pkgs,
-}: {
+    ...
-  virtualisation.virtualbox.host.enable = true;
+  }: {
-  # virtualisation.virtualbox.host.enableExtensionPack = true;
+    virtualisation.virtualbox.host.enable = true;
-  # virtualisation.virtualbox.guest.enable = true;
+    # virtualisation.virtualbox.host.enableExtensionPack = true;
-  # virtualisation.virtualbox.guest.x11 = true;
+    # virtualisation.virtualbox.guest.enable = true;
-  users.extraGroups.vboxusers.members = ["julian"];
+    # virtualisation.virtualbox.guest.x11 = true;
    users.extraGroups.vboxusers.members = ["julian"];
  };
 }
@@ -1,12 +1,14 @@
 {
-  networking.wg-quick.interfaces = {
+  flake.nixosModules.wireguard = {
-    julian = {
+    networking.wg-quick.interfaces = {
-      configFile = "/etc/wireguard/julian.conf";
+      julian = {
-      autostart = true; # This interface is started on boot
+        configFile = "/etc/wireguard/julian.conf";
-    };
+        autostart = true; # This interface is started on boot
-    comu = {
+      };
-      configFile = "/etc/wireguard/comu.conf";
+      comu = {
-      autostart = false;
+        configFile = "/etc/wireguard/comu.conf";
        autostart = false;
      };
    };
  };
 }
@@ -1,9 +1,11 @@
 {
-  programs.wireshark = {
+  flake.nixosModules.wireshark = {
-    enable = true;
+    programs.wireshark = {
-    dumpcap.enable = true;
+      enable = true;
-    usbmon.enable = true;
+      dumpcap.enable = true;
-  };
+      usbmon.enable = true;
    };
-  users.users.julian.extraGroups = ["wireshark"];
+    users.users.julian.extraGroups = ["wireshark"];
  };
 }
@@ -1,6 +1,8 @@
 {
-  services.xserver = {
+  flake.nixosModules.xserver = {
-    enable = true;
+    services.xserver = {
-    wacom.enable = true;
+      enable = true;
      wacom.enable = true;
    };
  };
 }
@@ -1,51 +1,52 @@
 {
-  pwd,
+  flake.nixosModules.users.julian = {
-  pkgs,
+    pkgs,
-  config,
+    config,
-  lib,
+    lib,
-  ...
+    ...
-}: let
+  }: let
-  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in {
+  in {
-  users.mutableUsers = false;
+    users.mutableUsers = false;
-  users.users.julian = {
+    users.users.julian = {
-    description = "Julian";
+      description = "Julian";
-    group = "julian";
+      group = "julian";
-    isNormalUser = true;
+      isNormalUser = true;
-    uid = 1000;
+      uid = 1000;
-    shell = pkgs.fish;
+      shell = pkgs.fish;
-    extraGroups = ifTheyExist [
+      extraGroups = ifTheyExist [
-      "networkmanager"
+        "networkmanager"
-      "wheel"
+        "wheel"
-      "audio"
+        "audio"
-      "realtime"
+        "realtime"
-      "rtkit"
+        "rtkit"
-      "network"
+        "network"
-      "video"
+        "video"
-      "podman"
+        "podman"
-      "docker"
+        "docker"
-      "git"
+        "git"
-      "gamemode"
+        "gamemode"
-      "dialout"
+        "dialout"
-    ];
+      ];
-    openssh.authorizedKeys.keys = lib.splitString "\n" (
+      openssh.authorizedKeys.keys = lib.splitString "\n" (
-      builtins.readFile ./ssh.pub
+        builtins.readFile ../../../../homes/julian/ssh.pub
-    );
+      );
-    # hashedPasswordFile = config.sops.secrets.julian-password.path;
+      # hashedPasswordFile = config.sops.secrets.julian-password.path;
-    hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
+      hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
-    packages = [pkgs.home-manager];
+      packages = [pkgs.home-manager];
    };
    users.groups.julian = {
      gid = 1000;
    };
    sops.secrets.julian-password = {
      sopsFile = ../../secrets.yaml;
      neededForUsers = true;
    };
    home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix;
    security.pam.services.swaylock = {}; # Make swaylock unlocking work
  };
  users.groups.julian = {
    gid = 1000;
  };
  sops.secrets.julian-password = {
    sopsFile = "${pwd}/hosts/secrets-common.yaml";
    neededForUsers = true;
  };
  home-manager.users.julian = import "${pwd}/homes/julian/${config.networking.hostName}.nix";
  security.pam.services.swaylock = {}; # Make swaylock unlocking work
 }
@@ -0,0 +1,30 @@
 {
  flake.nixosModules.users.pob = {
    pkgs,
    config,
    ...
  }: let
    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
  in {
    users.mutableUsers = false;
    users.users.pob = {
      description = "A helper user to use another profile for some applications";
      group = "pob";
      isNormalUser = true;
      shell = pkgs.fish;
      extraGroups = ifTheyExist [
        "networkmanager"
      ];
      packages = with pkgs; [
        firefox
        wineWowPackages.stable # 32-bit and 64-bit wine
        winetricks
      ];
    };
    users.groups.pob = {};
    security.sudo.extraConfig = ''
      julian ALL=(pob) NOPASSWD: ALL
    '';
  };
 }
--- a/Show More
+++ b/Show More