Update flake.lock 2025-04-28

Normally I wont have VPN access on standalone

.dotter/global.toml

@@ -1,61 +0,0 @@
-[helpers]
-
-[default]
-depends = []
-
-[manjaro.files]
-manjaro = "~"
-
-[mc.files]
-mc = "~/.config/mc"
-
-[vim.files]
-# type symbolic prevents interpreting '{{' as template
-"vim/.vimrc" = { target = "~/.vimrc", type = "symbolic" }
-
-[nvim.files]
-"vim/init.vim" = { target = "~/.config/nvim/init.vim", type = "symbolic" }
-
-[i3.files]
-"i3/i3" = "~/.config/i3"
-"i3/i3blocks" = { target = "~/.config/i3blocks", type = "symbolic" }
-"i3/rofi" = "~/.config/rofi"
-"i3/i3-scrot.conf" = "~/.config/i3-scrot.conf"
-"i3/i3status-rust" = "~/.config/i3status-rust"
-"i3/.profile" = "~/.profile"
-
-[i3.variables]
-monitor-primary = "not-specified"
-monitor-secondary = "not-specified"
-screenlayout-script = "echo screenlayout-script not specified"
-bar-font-size = 15
-tray-output = "tray_output primary"
-
-[emacs.files]
-"emacs/doom" = "~/.config/doom"
-# "emacs/spacemacs/.spacemacs" = "~/.spacemacs"
-# "emacs/chemacs/.emacs-profiles.el" = "~/.emacs-profiles.el"
-
-[alacritty.files]
-alacritty = "~/.config/alacritty"
-
-[starship.files]
-starship = "~/.config/"
-
-[zsh.files]
-"zsh/.zshrc" = "~/.zshrc"
-"zsh/custom-plugins" = "~/.oh-my-zsh/custom"
-
-[polybar.files]
-polybar = "~/.config/polybar"
-
-[leftwm.files]
-leftwm = "~/.config/leftwm"
-
-[xmonad.files]
-xmonad = "~/.xmonad"
-
-[nix.files]
-"direnvrc" = "~/.config/direnv/direnvrc"
-"nix/configuration.nix" = "/etc/nixos/configuration.nix"
-"nix/flake.nix" = "/etc/nixos/flake.nix"

.dotter/kardorf.toml

@@ -1,6 +0,0 @@
-[i3.variables]
-monitor-primary = "DVI-D-0"
-monitor-secondary = "DVI-D-1"
-screenlayout-script = "~/.screenlayout/2desktop-dvi.sh"
-bar-font-size = 15
-tray-output = "tray_output DVI-D-1"

.dotter/laptop-at-home.toml

@@ -1,4 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-screenlayout-script = "~/.screenlayout/laptop-at-home.sh"

.dotter/laptop.toml

@@ -1,5 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-tray-output = "tray_output eDP-1"
-screenlayout-script = "$scripts/display-layoutpicker"

.dotter/local.kardorf.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/kardorf.toml"]
-packages = ["i3", "emacs", "alacritty", "zsh", "starship", "nix"]

.dotter/local.laptop.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/laptop.toml"]
-packages = []

.envrc

@@ -0,0 +1 @@
+use flake

.gitea/workflows/update-flake.yaml

@@ -0,0 +1,58 @@
+name: Update Nix Flake
+
+on:
+  schedule:
+    - cron: "30 0 * * *" # daily run
+  workflow_dispatch: {}
+
+jobs:
+  update-flake:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: "${{ gitea.token }}"
+          fetch-depth: 0
+          ref: flake-updates
+
+      - name: Git config
+        shell: bash
+        run: |
+          git config user.name "Gitea Actions"
+          git config user.email "actions@gitea.local"
+
+      - name: Rebase from master branch
+        shell: bash
+        run: |
+            git fetch origin master
+            commits_ahead=$(git rev-list --count HEAD..origin/master)
+            echo "Commits ahead: $commits_ahead"
+            git log --oneline -5
+            echo "----------"
+            git log --oneline -5 origin/master
+            echo .
+
+            if [ $commits_ahead -ne 0 ]
+            then
+              git rebase -X theirs origin/master
+              git push --force-with-lease origin flake-updates
+            else
+              echo "Rebase not necessary"
+            fi
+
+      - name: Set up Nix
+        uses: cachix/install-nix-action@v31
+
+      - name: Update Flake
+        run: nix flake update
+
+      - name: Commit and push changes
+        shell: bash
+        run: |
+          git add flake.lock
+          git status
+          git diff --cached --quiet && echo "No changes to commit." && exit 0
+
+          git commit -m "Update flake.lock $(date -I)"
+          git push --force-with-lease origin flake-updates

.gitignore

@@ -1,5 +1,3 @@
-.dotter/cache.toml
+.direnv
-.dotter/cache
+result*
-.dotter/local.toml
+*.qcow2
-
-nix/result

.sops.yaml

@@ -1,18 +1,27 @@
 keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-  - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
-creation_rules:
+  - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
-  - path_regex: secrets/secrets.yaml$
+  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
-    key_groups:
-    - age:
-      - *primary
-      - *aspi-ssh
-      - *pianonix-ssh
 
-  - path_regex: secrets/.+
+creation_rules:
+  - path_regex: hosts/common/secrets.yaml$
     key_groups:
     - age:
       - *primary
       - *aspi-ssh
       - *pianonix-ssh
+      - *kardorf-ssh
+
+  - path_regex: hosts/builder/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
+      - *builder-ssh
+
+  - path_regex: hosts/pianonix/secrets*
+    key_groups:
+    - age:
+      - *primary
+      - *pianonix-ssh

Readme.org

@@ -12,3 +12,22 @@ The structure is managed by [[https://snowfall.org/guides/lib/quickstart/][Snowf
 and [[file:flake.nix]] was symlinked to file:~/.config/home-manager/flake.nix
 
 For deployment!!
+
+* Secrets management with sops
+Full documentation here: https://github.com/Mic92/sops-nix
+
+** Edit secrets
+#+begin_src sh
+sops edit secrets/secrets.yaml
+#+end_src
+
+** Authorize new device
+- Generate public key from ssh -> Private age key generation not needed
+#+begin_src sh
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
+#+end_src
+- Add age public key to file:.sops.yaml
+- Update keys
+#+begin_src sh
+sops updatekeys secrets/*
+#+end_src

flake.nix

@@ -1,167 +1,202 @@
 {
   description = "Home Manager configuration of julian";
 
-  inputs = rec {
+  inputs = {
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
-    nixpkgs = nixpkgs-stable;
+    systems.url = "github:nix-systems/default-linux";
-
+    nixos-hardware.url = "github:nixos/nixos-hardware";
+    impermanence.url = "github:nix-community/impermanence";
+    nix-colors.url = "github:misterio77/nix-colors";
     deploy-rs.url = "github:serokell/deploy-rs";
 
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
+    sops-nix = {
-    snowfall-lib = {
+      url = "github:Mic92/sops-nix";
-      url = "github:snowfallorg/lib";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-gl = {
+      url = "github:nix-community/nixgl";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
     disko = {
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    alacritty-theme = {
+    # Various flakes
-      url = "github:alacritty/alacritty-theme";
-      flake = false;
-    };
-
     yazi-flavors = {
       url = "github:yazi-rs/flavors";
       flake = false;
     };
-
     nixvim = {
-      url = "github:nix-community/nixvim/nixos-24.11";
+      url = "github:nix-community/nixvim/nixos-25.11";
-      # If using a stable channel you can use `url = "github:nix-community/nixvim/nixos-<version>"`
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-matlab = {
+      url = "gitlab:doronbehar/nix-matlab";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-matlab.url = "gitlab:doronbehar/nix-matlab";
+    # My projects
-    nix-matlab.inputs.nixpkgs.follows = "nixpkgs";
+    sheet-organizer = {
-
+      url = "git+https://gitlab.julian-mutter.de/julian/sheet-organizer";
-    sops-nix.url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
-    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    };
-
+    music-reader = {
-    hyprland.url = "github:hyprwm/Hyprland?submodules=1";
+      url = "git+https://gitlab.julian-mutter.de/julian/music-reader";
-    # hyprland.inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-
-    hyprland-plugins = {
-      url = "github:hyprwm/hyprland-plugins";
-      inputs.hyprland.follows = "hyprland";
     };
-
-    nix-colors.url = "github:Misterio77/nix-colors";
-
-    nix-topology.url = "github:oddlama/nix-topology";
-    nix-topology.inputs.nixpkgs.follows = "nixpkgs";
-
-    nix-ld.url = "github:Mic92/nix-ld";
-    nix-ld.inputs.nixpkgs.follows = "nixpkgs";
-
-    ## My projects
-    sheet-organizer.url = "git+https://gitlab.julian-mutter.de/julian/sheet-organizer";
-    sheet-organizer.inputs.nixpkgs.follows = "nixpkgs";
-
-    music-reader.url = "git+https://gitlab.julian-mutter.de/julian/music-reader";
-    music-reader.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs =
+  outputs = {
-    inputs:
+    self,
-    let
+    nixpkgs,
-      snowfallOutputs = inputs.snowfall-lib.mkFlake {
+    home-manager,
-        inherit inputs;
+    systems,
-        # Must always be ./.
+    ...
-        src = ./.;
+  } @ inputs: let
+    inherit (self) outputs;
+    lib = nixpkgs.lib // home-manager.lib;
+    forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
+    pkgsFor = lib.genAttrs (import systems) (
+      system:
+        import nixpkgs {
+          inherit system;
+          config.allowUnfree = true;
+          config.permittedInsecurePackages = [
+            "olm-3.2.16"
+          ];
+          warn-dirty = false;
+        }
+    );
+  in {
+    inherit lib;
 
-        # Add overlays for the `nixpkgs` channel.
+    nixosModules = import ./modules/nixos;
-        overlays = with inputs; [
+    homeManagerModules = import ./modules/home-manager;
-          nix-matlab.overlay
-          nix-topology.overlays.default
-        ];
 
-        snowfall = {
+    overlays = import ./overlays {inherit inputs outputs;};
-          # The root of the snowfall config
+    # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here?
-          root = ./.;
-          # lib, package and overlay namespace
-          namespace = "frajul"; # defaults to "internal"
 
-          meta = {
+    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
-            name = "Julian's dotfiles";
+    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-            title = "Julian's dotfiles";
+    formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
-          };
+
+    nixosConfigurations = {
+      # Main laptop
+      aspi = lib.nixosSystem {
+        modules = [./hosts/aspi];
+        specialArgs = {
+          inherit inputs outputs;
         };
-
-        # The attribute set specified here will be passed directly to NixPkgs when
-        # instantiating the package set.
-        channels-config = {
-          # Allow unfree packages.
-          allowUnfree = true;
-          nvidia.acceptLicense = true;
-
-          # Allow certain insecure packages
-          permittedInsecurePackages = [ "olm-3.2.16" ];
-        };
-
-        systems.modules.nixos = with inputs; [
-          nix-topology.nixosModules.default
-          sops-nix.nixosModules.sops
-          disko.nixosModules.disko
-        ];
-        systems.hosts.pianonix.modules = with inputs; [ nixos-hardware.nixosModules.raspberry-pi-4 ];
-
-        # topology =
-        #   with inputs;
-        #   let
-        #     host = self.nixosConfigurations.${builtins.head (builtins.attrNames self.nixosConfigurations)};
-        #   in
-        #   import nix-topology {
-        #     inherit (host) pkgs; # Only this package set must include nix-topology.overlays.default
-        #     modules = [
-        #       (import ./topology { inherit (host) config; })
-        #       { inherit (self) nixosConfigurations; }
-        #     ];
-        #   };
       };
-    in
+      # Piano raspberry pi
-    {
+      pianonix = lib.nixosSystem {
-      # deploy-rs node configuration
+        modules = [./hosts/pianonix];
-      deploy.nodes.pianonix = {
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      kardorf = lib.nixosSystem {
+        modules = [./hosts/kardorf];
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      builder = lib.nixosSystem {
+        modules = [./hosts/builder];
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+    };
+
+    # Standalone HM
+    homeConfigurations = {
+      # Main laptop
+      "julian@aspi" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/aspi.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      # Media server (RPi)
+      "julian@pianonix" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/pianonix.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.aarch64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      "julian@kardorf" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/kardorf.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      "julian@v3ms" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/v3ms
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+    };
+
+    # deploy-rs node configuration
+    deploy.nodes = {
+      pianonix = {
         hostname = "pianonix.local";
         profiles.system = {
           sshUser = "root";
           user = "root";
-          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pianonix;
+          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix;
           confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
         };
       };
 
-      deploy.nodes.builder = {
+      builder = {
         hostname = "builder.julian-mutter.de";
         profiles.system = {
           sshUser = "root";
           user = "root";
-          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.builder;
+          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder;
           remoteBuild = true;
         };
       };
+    };
 
-      hydraJobs = {
+    # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
-        x86_64-linux = {
+    pianonix-image = inputs.nixos-generators.nixosGenerate {
-          aspi = snowfallOutputs.nixosConfigurations.aspi.config.system.build.toplevel;
+      system = "aarch64-linux";
-          builder = snowfallOutputs.nixosConfigurations.builder.config.system.build.toplevel;
+      format = "sd-aarch64";
-          kardorf = snowfallOutputs.nixosConfigurations.kardorf.config.system.build.toplevel;
+      modules = [./hosts/pianonix];
-        };
+      specialArgs = {
-        aarch64-linux = {
+        inherit inputs outputs;
-          pianonix = snowfallOutputs.nixosConfigurations.pianonix.config.system.build.toplevel;
-        };
       };
-    }
+    };
-    // snowfallOutputs;
+  };
 }

homes/julian/aspi.nix

@@ -0,0 +1,58 @@
+{
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/direnv
+    ./features/topgrade
+    ./features/neovim
+    ./features/ghostty
+    ./features/wezterm
+    ./features/alacritty
+    ./features/yazi
+    ./features/emacs
+    ./features/tmux
+    ./features/qt-distrobox
+
+    ./features/hyprland
+
+    ./features/suites/cli
+    ./features/suites/desktop
+    ./features/suites/development
+  ];
+
+  hostName = "aspi";
+  is-nixos = true;
+  terminal = "alacritty";
+
+  #  -------   ----------
+  # | eDP-1 | | HDMI-A-1 |
+  #  -------   ----------
+  monitors = [
+    {
+      name = "HDMI-A-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "eDP-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
+}

homes/julian/features/alacritty/default.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.alacritty = {
+    enable = true;
+    settings = {};
+    theme = "smoooooth";
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";
+}

homes/julian/features/direnv/default.nix

@@ -0,0 +1,6 @@
+{
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}

homes/julian/features/emacs/default.nix

@@ -0,0 +1,81 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  doomRepoUrl = "https://github.com/doomemacs/doomemacs";
+  configRepoUrl = "https://gitlab.julian-mutter.de/julian/emacs-config";
+in {
+  home.sessionPath = ["/home/julian/.config/emacs/bin"];
+
+  home.packages = with pkgs;
+    [
+      binutils # native-comp needs 'as', provided by this
+
+      ## Doom dependencies
+      git
+      (ripgrep.override {withPCRE2 = true;})
+
+      ## Optional dependencies
+      fd # faster projectile indexing
+      imagemagick # for image-dired
+      zstd # for undo-fu-session/undo-tree compression
+
+      ## Module dependencies
+      (aspellWithDicts (
+        ds:
+          with ds; [
+            en
+            en-computers
+            en-science
+            de
+          ]
+      ))
+
+      hunspell
+      hunspellDicts.de_DE
+      hunspellDicts.en_US
+
+      sqlite
+
+      # Code formatters for use with doom emacs
+      nixfmt-rfc-style # nix
+      alejandra # nix
+
+      nixd # nix lsp
+      dockfmt # docker
+      google-java-format # java
+      black # python
+      rustfmt # rust
+      shfmt
+      pyright
+      clang-tools # c++ lsp etc
+      ccls # alternative c++ lsp
+      cmake
+      bear
+      cmake-language-server
+
+      # qt6.full # qt tools and libs including lsp
+      tinymist # typst lsp
+
+      ltex-ls # latex languagetool
+
+      graphviz
+      # Lsps for use with doom emacs
+      # neocmakelsp # cmake
+
+      emacs-all-the-icons-fonts
+    ]
+    ++ lib.optional config.is-nixos emacs;
+
+  home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
+    if [ ! -d "/home/julian/.config/emacs" ]; then
+       $DRY_RUN_CMD ${pkgs.git}/bin/git clone --depth=1 --single-branch "${doomRepoUrl}" "/home/julian/.config/emacs"
+    fi
+    if [ ! -d "/home/julian/.config/doom" ]; then
+       $DRY_RUN_CMD ${pkgs.git}/bin/git clone "${configRepoUrl}" "/home/julian/.config/doom"
+    fi
+  '';
+}

homes/julian/features/fish/default.nix

@@ -0,0 +1,56 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  home.file = {
+    ".config/starship.toml".source = ./starship.toml;
+    ".config/fish/conf.d/last-working-dir.fish".source = ./last-working-dir.fish;
+  };
+
+  home.packages = with pkgs; [
+    starship
+    lazygit
+  ];
+
+  home.shellAliases = {
+    g = "lazygit";
+    ls = "ls --color";
+    la = "ls -Alh --color";
+    grep = "grep --color";
+    conf = "edit-config";
+  };
+
+  programs.starship = {
+    enable = true;
+    enableFishIntegration = true;
+  };
+
+  programs.fish = {
+    enable = true;
+
+    interactiveShellInit = "set fish_greeting"; # Disable default greeting
+
+    functions = {
+      mkcd = ''
+        mkdir $argv
+        cd $argv
+      '';
+      run = ''
+        nix run nixpkgs#"$argv[1]" -- $argv[2..-1]
+      '';
+      shell = ''
+        set args
+        for arg in $argv
+            set args $args nixpkgs#$arg
+        end
+        nix shell $args
+      '';
+      fish_user_key_bindings = ''
+        bind ctrl-space 'zi; commandline -f repaint'
+        bind -M insert ctrl-space 'zi; commandline -f repaint'
+      '';
+    };
+  };
+}

homes/julian/features/fonts/default.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  fonts.fontconfig.enable = true; # required to autoload fonts from packages
+  home.packages = with pkgs; [
+    nerd-fonts.fira-code
+    font-awesome
+    dejavu_fonts
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-color-emoji
+    liberation_ttf
+    fira-code
+    fira-code-symbols
+    source-code-pro
+  ];
+}

homes/julian/features/gammastep/default.nix

@@ -0,0 +1,13 @@
+{
+  services.gammastep = {
+    enable = true;
+    provider = "geoclue2";
+    temperature = {
+      day = 6000;
+      night = 4600;
+    };
+    settings = {
+      general.adjustment-method = "wayland";
+    };
+  };
+}

homes/julian/features/ghostty/default.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      theme = "catppuccin-mocha";
+      font-size = 12;
+    };
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
+}

homes/julian/features/gtk/default.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (inputs.nix-colors.lib-contrib {inherit pkgs;}) gtkThemeFromScheme;
+in {
+  # Do not make conditional, just toggle things on and off
+  imports = [inputs.nix-colors.homeManagerModules.default]; # TODO: what does this do
+
+  # home.sessionVariables.GTK_THEME = "Catppuccin-Mocha-Compact-Blue-dark";
+  gtk = {
+    enable = true;
+    theme = {
+      name = inputs.nix-colors.colorschemes.${config.colorscheme.name}.slug;
+      package = gtkThemeFromScheme {
+        scheme = inputs.nix-colors.colorschemes.${config.colorscheme.name};
+      };
+    };
+    iconTheme = {
+      name = "Papirus-Dark";
+      package = pkgs.papirus-icon-theme;
+    };
+    cursorTheme = {
+      package = pkgs.apple-cursor;
+      name = "macOS";
+      size = 24;
+    };
+  };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+}

homes/julian/features/hyprland/default.nix

@@ -0,0 +1,414 @@
+{
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  imports = [
+    # inputs.hyprland.homeManagerModules.default
+    ./waybar
+    ./wofi
+    ./mako
+    # ./hyprlock
+    ./wlogout
+    ../gammastep
+
+    ./swayidle.nix
+    ./swaylock.nix
+    ./zathura.nix
+    ./waypipe.nix
+
+    # ./hyprbars.nix
+  ];
+
+  xdg.portal = {
+    extraPortals = [pkgs.xdg-desktop-portal-wlr];
+    config.hyprland = {
+      default = [
+        "wlr"
+        "gtk"
+      ];
+    };
+  };
+
+  programs.imv.enable = true; # TODO: what is that
+
+  home.packages = with pkgs; [
+    hyprpicker
+    brightnessctl
+    frajul.hyprshot-gui
+    frajul.wl-ocr
+
+    wf-recorder
+    wl-clipboard
+
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))
+
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
+        builtins.concatLists (
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
+        )
+      )
+    ))
+  ];
+
+  services.cliphist = {
+    enable = true;
+  };
+
+  home.sessionVariables = {
+    MOZ_ENABLE_WAYLAND = 1;
+    QT_QPA_PLATFORM = "wayland";
+    LIBSEAT_BACKEND = "logind";
+  };
+
+  # services.hypridle = {
+  #   enable = true;
+  #   settings = {
+  #     general = {
+  #       after_sleep_cmd = "hyprctl dispatch dpms on";
+  #       ignore_dbus_inhibit = false;
+  #       lock_cmd = "hyprlock";
+  #     };
+
+  #     listener = [
+  #       {
+  #         timeout = 300; # 5min
+  #         on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+  #         on-resume = "brightnessctl -r"; # monitor backlight restore.
+  #       }
+
+  #       {
+  #         timeout = 360; # 6min
+  #         on-timeout = "hyprlock"; # lock screen when timeout has passed
+  #       }
+
+  #       {
+  #         timeout = 600; # 10min
+  #         on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
+  #         on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
+  #       }
+  #     ];
+  #   };
+  # };
+
+  # services.hypridle.enable = true; # can be configured
+
+  services.network-manager-applet.enable = true;
+
+  wayland.windowManager.hyprland = {
+    # Whether to enable Hyprland wayland compositor
+    enable = true;
+    # package = config.lib.nixGL.wrap (
+    #   pkgs.hyprland.override {
+    #     # nixgl needed?
+    #     wrapRuntimeDeps = false;
+    #   }
+    # );
+
+    systemd = {
+      enable = true;
+      # Same as default, but stop graphical-session too
+      extraCommands = lib.mkBefore [
+        "systemctl --user stop graphical-session.target"
+        "systemctl --user start hyprland-session.target"
+      ];
+      variables = [
+        "DISPLAY"
+        "HYPRLAND_INSTANCE_SIGNATURE"
+        "WAYLAND_DISPLAY"
+        "XDG_CURRENT_DESKTOP"
+      ];
+    };
+
+    # package = inputs.hyprland.packages."${pkgs.system}".hyprland; # does only work with nixos-unstable
+
+    # The hyprland package to use (simplifies use of plugins)
+    # package = inputs.hyprland.packages.${pkgs.system}.hyprland;
+    # Whether to enable XWayland
+    xwayland.enable = true;
+
+    # Optional
+    # Whether to enable hyprland-session.target on hyprland startup
+    # systemd.enable = true;
+    # Make PATH available to systemd services
+    # systemd.variables = [ "--all" ];
+
+    plugins = [
+      # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # does only work with nixos-unstable
+      # hyprlandPlugins.hyprbars
+    ];
+
+    settings = {
+      "$mod" = "SUPER";
+
+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
+      # Monitors
+      monitor = ",preferred,auto,1";
+
+      # Autostart
+      exec-once = [
+        (lib.getExe pkgs.firefox)
+        (lib.getExe pkgs.waybar)
+      ];
+
+      # Look and Feel
+      general = {
+        gaps_in = 5;
+        gaps_out = 5;
+
+        layout = "dwindle";
+
+        # "col.active_border" = "0xff${palette.base0C} 0xff${palette.base0D} 270deg";
+        # "col.inactive_border" = "0xff${palette.base00}";
+      };
+
+      decoration = {
+        # power saving
+        blur.enabled = false;
+        # power saving
+        shadow.enabled = false;
+      };
+
+      # Dwindle layout
+      dwindle = {
+        pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
+        preserve_split = true; # You probably want this
+        smart_split = false;
+        smart_resizing = false;
+        force_split = 2;
+        # no_gaps_when_only = 2; # with border
+      };
+
+      # Master layout
+      master = {
+        new_status = "slave";
+        # no_gaps_when_only = 2; # with border
+        mfact = 0.5; # Do not make master bigger
+      };
+
+      animations = {
+        enabled = true;
+
+        animation = [
+          "windows,1,3,default,slide"
+          "fade,1,3,default"
+          "layers,1,3,default,slide"
+          "border,1,3,default"
+          "workspaces,1,3,default,slide"
+        ];
+      };
+
+      exec = [
+        "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "correct-workspace-locations"
+      ];
+
+      misc = {
+        # disable auto polling for config file changes
+        disable_autoreload = true;
+
+        force_default_wallpaper = 0;
+
+        vfr = true; # power saving
+      };
+
+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
+      render = {
+        # we do, in fact, want direct scanout
+        direct_scanout = true;
+      };
+
+      # Input
+      input = {
+        kb_layout = "de";
+        natural_scroll = false;
+        follow_mouse = 1;
+      };
+
+      # Window rules
+      windowrulev2 = [
+        "suppressevent maximize, class:.*"
+        "workspace 1, class:firefox"
+        "workspace 8, class:Zotero"
+        "workspace 9, class:nheko"
+        "workspace 9, class:discord"
+        "workspace 9, class:org.telegram.desktop"
+        "workspace 10, class:thunderbird"
+        "float, class:qalculate-gtk"
+        "tile, class:MATLAB, title:MATLAB"
+      ];
+
+      # Workspace rules
+      workspace =
+        [
+          # smart gaps (none when only one window in workspace)
+          "w[t1], gapsin:0, gapsout:0, border:1"
+          "w[tg1], gapsin:0, gapsout:0, border:1"
+          "f[1], gapsin:0, gapsout:0, border:1"
+        ]
+        # builds like "1, e-DP1" "2, HDMI-1" etc.
+        ++ builtins.concatLists (
+          map (monitor: map (ws: "${ws}, monitor:${monitor.name}") monitor.workspaces) config.monitors
+        );
+
+      # Mouse binds
+      bindm = [
+        "$mod, mouse:272, movewindow" # leftclick
+        "$mod, mouse:273, resizewindow" # rightclick
+      ];
+
+      # binds
+      bind =
+        [
+          # compositor commands
+          "$mod, Space, focuswindow, floating"
+          "$mod SHIFT, Space, togglefloating,"
+          "$mod, F, fullscreen,"
+          "$mod, X, killactive,"
+
+          "$mod, O, togglesplit," # dwindle
+
+          # opening applications
+          "$mod, D, exec, wofi --show drun,run"
+          "$mod, E, exec, pcmanfm"
+          "$mod, Return, exec, ${config.terminal}"
+          "$mod, B, exec, firefox"
+          "$mod, C, exec, qalculate-gtk"
+
+          # other commands
+          "$mod SHIFT, E, exec, wlogout -p layer-shell"
+          "$mod, Escape, exec, wlogout -p layer-shell"
+          "$mod SHIFT, R, exec, hyprctl reload"
+          "$mod, Print, exec, hyprshot-gui"
+          ", Print, exec, hyprshot-gui"
+          "$mod, P, exec, toggle-screen-mirroring; correct-workspace-locations"
+
+          # "$mod SHIFT, E, exec, pkill Hyprland"
+          # "$mod, G, togglegroup,"
+          # "$mod SHIFT, N, changegroupactive, f"
+          # "$mod SHIFT, P, changegroupactive, b"
+          # "$mod ALT, ,resizeactive,"
+
+          # media keys
+          ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
+          ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
+          ", XF86AudioPlay, exec, playerctl play-pause"
+          ", XF86AudioPause, exec, playerctl pause"
+          ", XF86AudioStop, exec, playerctl stop"
+          ", XF86AudioNext, exec, playerctl next"
+          ", XF86AudioPrev, exec, playerctl previous"
+          ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+          ", XF86MonBrightnessUp, exec, brightnessctl --class backlight set 5%+"
+          ", XF86MonBrightnessDown, exec, brightnessctl --class backlight set 5%-"
+
+          # move focus
+          "$mod, left, movefocus, l"
+          "$mod, H, movefocus, l"
+          "$mod, right, movefocus, r"
+          "$mod, L, movefocus, r"
+          "$mod, up, movefocus, u"
+          "$mod, K, movefocus, u"
+          "$mod, down, movefocus, d"
+          "$mod, J, movefocus, d"
+
+          # move window
+          "$mod SHIFT, left, movewindow, l"
+          "$mod SHIFT, H, movewindow, l"
+          "$mod SHIFT, right, movewindow, r"
+          "$mod SHIFT, L, movewindow, r"
+          "$mod SHIFT, up, movewindow, u"
+          "$mod SHIFT, K, movewindow, u"
+          "$mod SHIFT, down, movewindow, d"
+          "$mod SHIFT, J, movewindow, d"
+
+          # Switch workspaces with mainMod + [0-9]
+          "$mod, 1, workspace, 1"
+          "$mod, 2, workspace, 2"
+          "$mod, 3, workspace, 3"
+          "$mod, 4, workspace, 4"
+          "$mod, 5, workspace, 5"
+          "$mod, 6, workspace, 6"
+          "$mod, 7, workspace, 7"
+          "$mod, 8, workspace, 8"
+          "$mod, 9, workspace, 9"
+          "$mod, 0, workspace, 10"
+
+          # Move active window to a workspace with mainMod + SHIFT + [0-9]
+          "$mod SHIFT, 1, movetoworkspace, 1"
+          "$mod SHIFT, 2, movetoworkspace, 2"
+          "$mod SHIFT, 3, movetoworkspace, 3"
+          "$mod SHIFT, 4, movetoworkspace, 4"
+          "$mod SHIFT, 5, movetoworkspace, 5"
+          "$mod SHIFT, 6, movetoworkspace, 6"
+          "$mod SHIFT, 7, movetoworkspace, 7"
+          "$mod SHIFT, 8, movetoworkspace, 8"
+          "$mod SHIFT, 9, movetoworkspace, 9"
+          "$mod SHIFT, 0, movetoworkspace, 10"
+
+          # Move active window to a workspace without following with mainMod + CTRL + [0-9]
+          "$mod CTRL, 1, movetoworkspacesilent, 1"
+          "$mod CTRL, 2, movetoworkspacesilent, 2"
+          "$mod CTRL, 3, movetoworkspacesilent, 3"
+          "$mod CTRL, 4, movetoworkspacesilent, 4"
+          "$mod CTRL, 5, movetoworkspacesilent, 5"
+          "$mod CTRL, 6, movetoworkspacesilent, 6"
+          "$mod CTRL, 7, movetoworkspacesilent, 7"
+          "$mod CTRL, 8, movetoworkspacesilent, 8"
+          "$mod CTRL, 9, movetoworkspacesilent, 9"
+          "$mod CTRL, 0, movetoworkspacesilent, 10"
+        ]
+        ++
+        # Screen lock
+        (
+          let
+            swaylock = lib.getExe config.programs.swaylock.package;
+          in
+            lib.optionals config.programs.swaylock.enable [
+              "$mod,TAB,exec,${swaylock} --daemonize"
+            ]
+        )
+        ++
+        # Notification manager
+        (
+          let
+            makoctl = lib.getExe' config.services.mako.package "makoctl";
+          in
+            lib.optionals config.services.mako.enable [
+              "$mod,w,exec,${makoctl} dismiss"
+              "$mod SHIFT,W,exec,${makoctl} restore"
+            ]
+        );
+
+      # plugin = {
+      #   hyprbars = {
+      #     bar_text_size = 10;
+      #     bar_height = 16;
+      #     bar_text_font = "Ubuntu Nerd Font";
+      #     bar_precedence_over_border = true;
+      #     bar_color = "rgb(${palette.base01})";
+
+      #     hyprbars-button = [ "rgb(${palette.base03}), 14, 󰖭, hyprctl dispatch killactive" ];
+      #   };
+      # };
+    };
+  };
+}

homes/julian/features/hyprland/hyprbars.nix

@@ -0,0 +1,76 @@
+{
+  config,
+  pkgs,
+  lib,
+  outputs,
+  ...
+}: let
+  getHostname = x: lib.last (lib.splitString "@" x);
+  # remoteColorschemes = lib.mapAttrs' (n: v: {
+  #   name = getHostname n;
+  #   value = v.config.colorscheme.rawColorscheme.colors.${config.colorscheme.mode};
+  # }) outputs.homeConfigurations;
+  rgb = color: "rgb(${lib.removePrefix "#" color})";
+  rgba = color: alpha: "rgba(${lib.removePrefix "#" color}${alpha})";
+
+  hyprbars =
+    (pkgs.hyprlandPlugins.hyprbars.override {
+      # Make sure it's using the same hyprland package as we are
+      hyprland = config.wayland.windowManager.hyprland.package;
+    }).overrideAttrs
+    (old: {
+      # Yeet the initialization notification (I hate it)
+      postPatch =
+        (old.postPatch or "")
+        + ''
+          ${lib.getExe pkgs.gnused} -i '/Initialized successfully/d' main.cpp
+        '';
+    });
+in {
+  wayland.windowManager.hyprland = {
+    plugins = [hyprbars];
+    settings = {
+      "plugin:hyprbars" = {
+        bar_height = 25;
+        # bar_color = rgba config.colorscheme.colors.surface "dd";
+        # "col.text" = rgb config.colorscheme.colors.primary;
+        # bar_text_font = config.fontProfiles.regular.name;
+        # bar_text_size = config.fontProfiles.regular.size;
+        bar_part_of_window = true;
+        bar_precedence_over_border = true;
+        hyprbars-button = let
+          closeAction = "hyprctl dispatch killactive";
+
+          isOnSpecial = ''hyprctl activewindow -j | jq -re 'select(.workspace.name == "special")' >/dev/null'';
+          moveToSpecial = "hyprctl dispatch movetoworkspacesilent special";
+          moveToActive = "hyprctl dispatch movetoworkspacesilent name:$(hyprctl -j activeworkspace | jq -re '.name')";
+          minimizeAction = "${isOnSpecial} && ${moveToActive} || ${moveToSpecial}";
+
+          maximizeAction = "hyprctl dispatch fullscreen 1";
+        in [
+          # Red close button
+          # "${rgb config.colorscheme.colors.red},12,,${closeAction}"
+          # # Yellow "minimize" (send to special workspace) button
+          # "${rgb config.colorscheme.colors.yellow},12,,${minimizeAction}"
+          # # Green "maximize" (fullscreen) button
+          # "${rgb config.colorscheme.colors.green},12,,${maximizeAction}"
+        ];
+      };
+
+      # windowrulev2 =
+      #   [
+      #     "plugin:hyprbars:bar_color ${rgba config.colorscheme.colors.primary "ee"}, focus:1"
+      #     "plugin:hyprbars:title_color ${rgb config.colorscheme.colors.on_primary}, focus:1"
+      #   ]
+      #   ++ (lib.flatten (
+      #     lib.mapAttrsToList (name: colors: [
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary_container "dd"}, title:\\[${name}\\].*"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary_container}, title:\\[${name}\\].*"
+
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary "ee"}, title:\\[${name}\\].*, focus:1"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary}, title:\\[${name}\\].*, focus:1"
+      #     ]) remoteColorschemes
+      #   ));
+    };
+  };
+}

homes/julian/features/hyprland/hyprlock/default.nix

@@ -0,0 +1,46 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  programs.hyprlock.enable = true;
+  programs.hyprlock.settings = {
+    general = {
+      disable_loading_bar = true;
+      hide_cursor = true;
+      ignore_empty_input = true;
+    };
+
+    background = [
+      {
+        color = "#${palette.base00}";
+        # path = "screenshot";
+        # blur_passes = 3;
+        # blur_size = 8;
+      }
+    ];
+
+    input-field = [
+      {
+        size = "200, 50";
+        position = "0, -80";
+        monitor = "";
+        dots_center = true;
+        fade_on_empty = false;
+        font_color = "#${palette.base0B}";
+        inner_color = "#${palette.base01}";
+        outer_color = "#${palette.base05}";
+        outline_thickness = 5;
+        placeholder_text = "Password...";
+      }
+    ];
+  };
+}

homes/julian/features/hyprland/mako/default.nix

@@ -0,0 +1,30 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [libnotify];
+
+  services.mako = {
+    enable = true;
+    settings = {
+      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
+      backgroundColor = "#${palette.base00}";
+      textColor = "#${palette.base05}";
+      borderColor = "#${palette.base0D}";
+      progressColor = "over #${palette.base02}";
+      extraConfig = ''
+          [urgency=high]
+          border-color=#${palette.base09}
+        # '';
+    };
+  };
+}

homes/julian/features/hyprland/swayidle.nix

@@ -0,0 +1,58 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  swaylock = "${config.programs.swaylock.package}/bin/swaylock";
+  pgrep = "${pkgs.procps}/bin/pgrep";
+  pactl = "${pkgs.pulseaudio}/bin/pactl";
+  hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl";
+  swaymsg = "${config.wayland.windowManager.sway.package}/bin/swaymsg";
+
+  isLocked = "${pgrep} -x ${swaylock}";
+  lockTime = 4 * 60; # TODO: configurable desktop (10 min)/laptop (4 min)
+
+  # Makes two timeouts: one for when the screen is not locked (lockTime+timeout) and one for when it is.
+  afterLockTimeout = {
+    timeout,
+    command,
+    resumeCommand ? null,
+  }: [
+    {
+      timeout = lockTime + timeout;
+      inherit command resumeCommand;
+    }
+    {
+      command = "${isLocked} && ${command}";
+      inherit resumeCommand timeout;
+    }
+  ];
+in {
+  services.swayidle = {
+    enable = true;
+    systemdTarget = "graphical-session.target";
+    timeouts =
+      # Lock screen
+      [
+        {
+          timeout = lockTime;
+          command = "${swaylock} --daemonize --grace 15";
+        }
+      ]
+      ++
+      # Turn off displays (hyprland)
+      (lib.optionals config.wayland.windowManager.hyprland.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${hyprctl} dispatch dpms off";
+        resumeCommand = "${hyprctl} dispatch dpms on";
+      }))
+      ++
+      # Turn off displays (sway)
+      (lib.optionals config.wayland.windowManager.sway.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${swaymsg} 'output * dpms off'";
+        resumeCommand = "${swaymsg} 'output * dpms on'";
+      }));
+  };
+}

homes/julian/features/hyprland/swaylock.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.swaylock = {
+    enable = true;
+    settings = {
+      color = "000000";
+      ignore-empty-password = true;
+      indicator-idle-visible = false;
+    };
+  };
+}

homes/julian/features/hyprland/toggle-screen-mirroring.sh

@@ -0,0 +1,67 @@
+#! /usr/bin/env sh
+
+# A hyprland script for a laptop-external-monitor setup, toggling between which is in use
+
+# Launch at startup to make hyprland disable the internal monitor if an external monitor is detected and enabled
+# Additionally it's called with a keybind to switch between a laptop monitor and an external display
+# Ideally the conditional monitor behaviour was instead done directly in hyprland.conf, but I'm not sure whether that's possible
+#
+# Relevant info:
+# - hyprctl monitors: identifies currently enabled monitors
+# - hyprctl monitors all: identifies ALL connected monitors - including those not in use
+#
+# Suggested use:
+# Add this line somewhere after the regular monitor configuration in hyprland.conf:
+# exec = /path/to/hyprland-monitors-toggle.sh
+# Add a keybind to run this script on demand:
+# bind =,SomeKeyHere, exec, /path/to/hyprland-monitors-toggle.sh
+
+#move_all_workspaces_to_monitor() {
+#  TARGET_MONITOR="$1"
+
+#  hyprctl workspaces | grep ^workspace | cut --delimiter ' ' --fields 3 | xargs -I '{}' hyprctl dispatch moveworkspacetomonitor '{}' "$TARGET_MONITOR"
+
+#  # Previous approach
+#  #hyprctl swapactiveworkspaces $EXTERNAL_MONITOR $INTERNAL_MONITOR
+#}
+
+# TODO: Detect these instead of hardcoding them
+INTERNAL_MONITOR="eDP-1"
+EXTERNAL_MONITOR="HDMI-A-1"
+
+# NUM_MONITORS=$(hyprctl monitors all | grep --count Monitor)
+# NUM_MONITORS_ACTIVE=$(hyprctl monitors | grep --count Monitor)
+
+# Make sure all
+# if [ "$NUM_MONITORS_ACTIVE" -eq 1 ]; then
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     exit
+# fi
+
+MIRROR_SETTING=$(hyprctl monitors all -j | jq -r '.[] | select(.name == "HDMI-A-1") | .mirrorOf')
+
+# # For dynamically toggling which monitor is active later via a keybind
+# if [ "$NUM_MONITORS" -gt 1 ]; then # Handling multiple monitors
+#   if hyprctl monitors | cut --delimiter ' ' --fields 2 | grep --quiet ^$EXTERNAL_MONITOR; then
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     hyprctl keyword monitor "$EXTERNAL_MONITOR, disable"
+#   else
+#     hyprctl keyword monitor $EXTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $EXTERNAL_MONITOR
+#     hyprctl keyword monitor "$INTERNAL_MONITOR, disable"
+#   fi
+# else  # If the external monitor is disconnected without running this script first, it might become the case that no monitor is on - therefore turn on the laptop monitor!
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+# fi
+
+echo setting:
+echo $MIRROR_SETTING
+if [ "$MIRROR_SETTING" = "none" ]; then
+    echo "mirroring..."
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1, mirror, $INTERNAL_MONITOR"
+else
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, disable" # shortly disable monitor so waybar recognizes the new monitor again # TODO: find better solution
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1"
+fi

homes/julian/features/hyprland/waybar/config.json

@@ -12,7 +12,14 @@
 
     "modules-center": [],
 
-    "modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+    "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+
+    "custom/nixos-update": {
+        "exec": "frajul-auto-upgrade-status",
+        "return-type": "json",
+        "interval": 2,
+        "on-click-right": "frajul-auto-upgrade-toggle"
+    },
 
     "hyprland/workspaces": {
         "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
     },
 
     "idle_inhibitor": {
+        "start-activated": true,
         "format": "{icon}",
         "format-icons": {
             "activated": "",
@@ -75,9 +83,9 @@
             "warning": 30,
             "critical": 15
         },
-        "format": "{icon}  {capacity}% ({time})",
+        "format": "{icon}  {capacity}%",
-        "format-charging": "  {capacity}% ({time})",
+        "format-charging": "  {capacity}%",
-        "format-plugged": "  {capacity}% ({time})",
+        "format-plugged": "  {capacity}%",
         "format-full": "{icon} ",
         "format-icons": ["", "", "", "", ""]
     },

homes/julian/features/hyprland/waybar/default.nix

@@ -0,0 +1,36 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}: let
+  palette = (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name}).palette;
+in {
+  programs.waybar = {
+    enable = true;
+    # systemd.enable = true;
+    settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
+  };
+
+  xdg.configFile."waybar/style.css".source = ./style.css;
+  xdg.configFile."waybar/theme.css".text = ''
+    /*
+    bg - background
+    fg - foreground
+    */
+
+    /* Main Colors */
+    @define-color background        #${palette.base00};
+    @define-color foreground        #${palette.base05};
+
+    /* Workspace Button Colors */
+    @define-color hover-bg          #${palette.base01};
+    @define-color hover-fg          #${palette.base05};
+    @define-color active-bg         #${palette.base02};
+    @define-color active-fg         #${palette.base0A};
+    @define-color urgent-bg         #${palette.base08};
+    @define-color urgent-fg         #${palette.base00};
+  '';
+}

homes/julian/features/hyprland/waypipe.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  home.packages = [pkgs.waypipe];
+  systemd.user.services = {
+    waypipe-client = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/client.sock client";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/client.sock";
+      };
+      Install.WantedBy = ["graphical-session.target"];
+    };
+    waypipe-server = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        Type = "simple";
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/server.sock %t/wayland-waypipe";
+      };
+      Install.WantedBy = ["default.target"];
+    };
+  };
+}

homes/julian/features/hyprland/wlogout/default.nix

@@ -0,0 +1,39 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wlogout];
+
+  # xdg.configFile."wlogout/style.css".text = ''
+  #    * {
+  #      all: unset;
+  #      font-family: JetBrains Mono Nerd Font;
+  #    }
+
+  #    window {
+  #      background-color: #${palette.base00};
+  #    }
+
+  #    button {
+  #      color: #${palette.base01};
+  #      font-size: 64px;
+  #      background-color: rgba(0,0,0,0);
+  #      outline-style: none;
+  #      margin: 5px;
+  #   }
+
+  #    button:focus, button:active, button:hover {
+  #      color: #${palette.base0D};
+  #      transition: ease 0.4s;
+  #    }
+  # '';
+}

homes/julian/features/hyprland/wofi/default.nix

@@ -0,0 +1,86 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wofi];
+
+  xdg.configFile."wofi/config".source = ./config;
+  xdg.configFile."wofi/style.css".text = ''
+    window {
+        margin: 5px;
+        border: 5px solid #181926;
+        background-color: #${palette.base00};
+        border-radius: 15px;
+        font-family: "JetBrainsMono";
+        font-size: 14px;
+      }
+
+      #input {
+        all: unset;
+        min-height: 36px;
+        padding: 4px 10px;
+        margin: 4px;
+        border: none;
+        color: #${palette.base05};
+        font-weight: bold;
+        background-color: #${palette.base01};
+        outline: none;
+        border-radius: 15px;
+        margin: 10px;
+        margin-bottom: 2px;
+      }
+
+      #inner-box {
+        margin: 4px;
+        padding: 10px;
+        font-weight: bold;
+        border-radius: 15px;
+      }
+
+      #outer-box {
+        margin: 0px;
+        padding: 3px;
+        border: none;
+        border-radius: 15px;
+        border: 5px solid #${palette.base01};
+      }
+
+      #scroll {
+        margin-top: 5px;
+        border: none;
+        border-radius: 15px;
+        margin-bottom: 5px;
+      }
+
+      #text:selected {
+        color: #${palette.base01};
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+      }
+
+      #entry {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background-color: transparent;
+      }
+
+      #entry:selected {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background: #${palette.base0D};
+        background-size: 400% 400%;
+      }
+  '';
+}

homes/julian/features/hyprland/zathura.nix

@@ -0,0 +1,33 @@
+{config, ...}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.zathura = {
+    enable = true;
+    options = {
+      selection-clipboard = "clipboard";
+      # TODO fix
+      # font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}";
+      # recolor = true;
+      # default-bg = "${colors.surface}";
+      # default-fg = "${colors.surface_bright}";
+      # statusbar-bg = "${colors.surface_container}";
+      # statusbar-fg = "${colors.on_surface_variant}";
+      # inputbar-bg = "${colors.surface}";
+      # inputbar-fg = "${colors.on_secondary}";
+      # notification-bg = "${colors.surface}";
+      # notification-fg = "${colors.on_secondary}";
+      # notification-error-bg = "${colors.error}";
+      # notification-error-fg = "${colors.on_error}";
+      # notification-warning-bg = "${colors.error}";
+      # notification-warning-fg = "${colors.on_error}";
+      # highlight-color = "${colors.tertiary}";
+      # highlight-active-color = "${colors.secondary}";
+      # completion-bg = "${colors.surface_bright}";
+      # completion-fg = "${colors.on_surface}";
+      # completions-highlight-bg = "${colors.secondary}";
+      # completions-highlight-fg = "${colors.on_secondary}";
+      # recolor-lightcolor = "${colors.surface}";
+      # recolor-darkcolor = "${colors.inverse_surface}";
+    };
+  };
+}

homes/julian/features/i3/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  imports = [../rofi];
+
+  services.dunst.enable = true;
+
+  programs = {
+    i3status-rust = {
+      enable = true;
+    };
+  };
+  home.packages = with pkgs; [
+    nitrogen
+    xfce.xfce4-screenshooter
+    pulseaudio # For pactl commands
+  ];
+  xsession.enable = true; # Give gui programs access to sessionVariables
+  # Prevent screen from going blank (check these settings with `xset q`)
+  # And disable bell sound (b)
+  xsession.initExtra = ''
+    ${pkgs.xorg.xset}/bin/xset s off
+    ${pkgs.xorg.xset}/bin/xset -dpms
+    ${pkgs.xorg.xset}/bin/xset b off
+  '';
+  xsession.windowManager.i3 = {
+    enable = true;
+    package = pkgs.i3-gaps;
+  };
+
+  xsession.importedVariables = [];
+
+  # Overwrite default home-manager config file
+  xdg.configFile."i3/config".source = lib.mkForce (
+    if config.hostName == "kardorf"
+    then ./i3/config-kardorf
+    else ./i3/config
+  );
+
+  home.file = {
+    ".config/i3/scripts" = {
+      source = ./i3/scripts;
+      recursive = true;
+    };
+    ".config/i3/workspace-messaging.json".source = ./i3/workspace-chat-element-tele.json;
+    ".config/i3status-rust/config.toml".source = ./i3status-rust/config.toml;
+  };
+
+  home.sessionPath = ["/home/julian/.config/i3/scripts"];
+}

homes/julian/features/i3/i3/config-kardorf

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
 
 # Monitor config
-set $monitor_left "DVI-D-0"
+set $monitor_left "DVI-D-1"
-set $monitor_right "DVI-D-1"
+set $monitor_right "DVI-D-2"
 
 workspace $ws1 output $monitor_left
 workspace $ws2 output $monitor_left

homes/julian/features/kitty/default.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.kitty = {
+    enable = true;
+    shellIntegration.enableFishIntegration = true;
+    themeFile = "gruvbox-dark";
+    settings = {
+      enable_audio_bell = false;
+      confirm_os_window_close = 0; # no ask on quit
+    };
+    font = {
+      package = pkgs.dejavu_fonts;
+      name = "DejaVu Sans";
+      size = 12;
+    };
+  };
+
+  # home.shellAliases = {
+  #   ssh = "kitten ssh"; # Copy kitten terminfo to remote
+  # };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "kitty") "kitty";
+}

homes/julian/features/neovim/default.nix

@@ -0,0 +1,166 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  imports = [ inputs.nixvim.homeModules.nixvim ];
+
+  home.sessionVariables = {
+    EDITOR = "nvim";
+    VISUAL = "nvim";
+  };
+
+  home.packages = with pkgs; [
+    git
+    gnumake
+    gcc
+    ripgrep
+    fd
+    stylua
+    black
+    nixfmt-rfc-style # nixfmt
+  ];
+
+  programs.nixvim = {
+    enable = true;
+    viAlias = true;
+    vimAlias = true;
+
+    colorschemes.catppuccin = {
+      enable = true;
+      settings.flavour = "mocha";
+    };
+
+    globals.mapleader = " ";
+    opts = {
+      number = false;
+      relativenumber = false;
+      ignorecase = true;
+      smartcase = true;
+    };
+    clipboard.register = "unnamedplus"; # Use system clipboard
+
+    keymaps = [
+      {
+        action = "<cmd>Telescope live_grep<cr>";
+        key = "<leader>/";
+      }
+      {
+        action = "<cmd>Telescope find_files<cr>";
+        key = "<leader><space>";
+      }
+      {
+        action = "<cmd>Telescope file_browser path=%:p:h<cr>";
+        key = "<leader>.";
+      }
+      {
+        action = "<cmd>Neogit<cr>";
+        key = "<leader>gg";
+      }
+      {
+        key = "<C-s>";
+        action = "<esc><cmd>lua require('conform').format()<cr><cmd>write<cr>";
+        mode = [
+          "i"
+          "x"
+          "n"
+          "s"
+        ];
+      }
+    ];
+
+    plugins = {
+      lualine.enable = true;
+      commentary.enable = true;
+      which-key.enable = true;
+      treesitter.enable = true; # enables all grammar packages
+      neogit.enable = true; # like magit
+      trouble.enable = true;
+      web-devicons.enable = true;
+      orgmode.enable = true; # org-mode support
+
+      # Shows file trees
+      oil = {
+        enable = true;
+        settings = {
+          view_options.show_hidden = true;
+        };
+      };
+
+      # Code formatting
+      conform-nvim = {
+        enable = true;
+        settings.formatters_by_ft = with pkgs; {
+          lua = [ "stylua" ];
+          python = [ "black" ];
+          nix = [ "nixfmt" ];
+        };
+        # extraOptions = {
+        #   default_format_opts.lsp_format = "fallback";
+        # };
+      };
+
+      # autocomplete
+      cmp = {
+        enable = true;
+        autoEnableSources = true;
+        settings.sources = [
+          { name = "nvim_lsp"; }
+          { name = "path"; }
+          { name = "buffer"; }
+        ];
+        settings.mapping = {
+          "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
+          "<C-j>" = "cmp.mapping.select_next_item()";
+          "<C-k>" = "cmp.mapping.select_prev_item()";
+          "<C-e>" = "cmp.mapping.abort()";
+          "<CR>" = "cmp.mapping.confirm({ select = true })";
+        };
+      };
+
+      # Fuzzy finder
+      telescope = {
+        enable = true;
+        settings.defaults.mappings = {
+          i = {
+            "<C-j>".__raw = "require('telescope.actions').move_selection_next";
+            "<C-k>".__raw = "require('telescope.actions').move_selection_previous";
+            "<tab>".__raw = "require('telescope.actions').select_default";
+          };
+        };
+        extensions = {
+          fzf-native.enable = true;
+          file-browser = {
+            enable = true;
+            settings = {
+              hidden = true; # show hidden files
+              follow_symlinks = true;
+              no_ignore = true;
+            };
+          };
+        };
+      };
+
+      lsp = {
+        enable = true; # includes lsp-config, default settings for the lsps
+        servers = {
+          rust_analyzer = {
+            enable = true;
+            installCargo = true;
+            installRustc = true;
+          };
+          nixd.enable = true; # nix
+          pyright.enable = true; # python
+          dockerls.enable = true; # docker
+          lua_ls.enable = true; # lua
+          clangd.enable = true; # c, c++
+          dartls.enable = true; # dart, flutter
+          digestif.enable = true; # latex
+          tinymist.enable = true; # typst
+        };
+      };
+    };
+  };
+}

homes/julian/features/nix-helper/default.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  home.sessionVariables = {
+    NH_FLAKE = "/home/julian/.dotfiles";
+  };
+
+  home.shellAliases = {
+    "os" = "nh os switch";
+    "hs" = "nh home switch";
+  };
+
+  home.packages = with pkgs; [nh];
+}

homes/julian/features/qt-distrobox/default.nix

@@ -0,0 +1,22 @@
+{
+  programs.distrobox = {
+    enable = true;
+    containers."qt-distrobox" = {
+      image = "debian:12.2";
+      exported_apps = "qtcreator";
+      enableSystemdUnit = false; # fails in creating and does not recreate. Do distrobox-assemble create --replace --file ~/.config/distrobox/containers.ini instead
+      additional_packages = [
+        "qtcreator"
+        "qt6-base-dev"
+        "qt6-wayland"
+        "qt6-tools-dev-tools"
+        "qt6-tools-dev"
+        "qt6-serialbus-dev"
+        "qt6-websockets-dev"
+        "libgl1-mesa-dev"
+        "build-essential"
+        "cmake"
+      ];
+    };
+  };
+}

homes/julian/features/rofi/default.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  # this would need you to config rofi using home-manager
+  # programs.rofi = { enable = true; };
+
+  home.packages = with pkgs; [rofi];
+
+  home.file = {
+    ".config/rofi/config.rasi".source = ./config.rasi;
+  };
+}

homes/julian/features/suites/cli/default.nix

@@ -0,0 +1,50 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    bat
+    dust # Like du tree but better
+    fd # better find
+    fdupes # find and delete duplicate files
+    ffmpeg
+    findutils # locate
+    fzf # Fuzzy finder
+    ghostscript # needed for imagemagick with pdfs
+    imagemagick
+    git
+    gnupg
+    htop
+    jq # Command line JSON processor
+    killall
+    languagetool # Grammar checker
+    lazygit # Git client
+    links2 # Tui web-browser
+    lnav # log analyzing tool
+    mc # Tui file browser
+    # nix-index
+    nmap
+    p7zip # unzip 7zip archives
+    parted
+    pciutils # lspci
+    poppler-utils # Pdf utils including pdfimages
+    libqalculate # Nice tui calculator (qalc)
+    ripgrep # better grep
+    rnr # renaming tool
+    sage # Maths notebooks
+    tealdeer # tldr
+    topgrade # System update
+    tree
+    unetbootin # TODO
+    unixtools.procps # TODO
+    unzip
+    usbutils # lsusb
+    wget
+    wireguard-tools # wg-quick
+    xorg.xkill
+    zip
+    dig
+
+    ## My scripts
+    frajul.edit-config
+    frajul.lntocp
+    frajul.sos
+  ];
+}

homes/julian/features/suites/desktop/default.nix

@@ -0,0 +1,74 @@
+{pkgs, ...}: {
+  imports = [../../gtk];
+
+  services.blueman-applet.enable = true;
+  services.nextcloud-client.enable = true;
+  services.nextcloud-client.startInBackground = true;
+  services.network-manager-applet.enable = true;
+
+  services.syncthing.tray.enable = true;
+  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      # Tampermonkey
+      {id = "dhdgffkkebhmkfjojejmpbldmpobfkfo";}
+    ];
+  };
+
+  home.packages = with pkgs; [
+    arandr
+    calibre # ebook manager and viewer
+    # digikam
+    discord
+    discord-ptb # in case discord updates take their time
+    # dvdisaster
+    # element-desktop
+    # rocketchat-desktop
+    thunderbird
+    telegram-desktop # telegram
+    # schildichat-desktop # not updated regularly
+    nheko
+    evince # Simple pdf reader, good for focusing on document content
+    firefox
+    vivaldi
+    # geogebra
+    cheese
+    handbrake
+    # kitty # Terminal, already available as feature
+    libnotify
+    libreoffice
+    mate.engrampa
+    nomacs # Image viewer
+    kdePackages.okular # Pdf reader with many features, good for commenting documents
+    pavucontrol
+    pdfsam-basic # Split, merge, etc for pdfs
+    qalculate-gtk # Nice gui calculator
+    qpdfview
+    # qutebrowser
+    # realvnc-vnc-viewer
+    # rpi-imager # make isos
+    # rustdesk
+    tor-browser
+    rusty-path-of-building # Path of Building for poe1 and poe2
+    # frajul.pob-dev-version # Path of Building
+    vlc
+    wineWowPackages.stable # 32-bit and 64-bit wine
+    winetricks
+    xclip # x11 clipboard access from terminal
+    xfce.mousepad # simple text editor
+    xournalpp # Edit pdf files
+    zoom-us # Video conferencing
+    zotero # Manage papers and other sources
+    pdfpc # Present slides in pdf form
+
+    networkmanager-openvpn
+    keepassxc
+
+    ## My scripts
+    frajul.open-messaging
+    frajul.xwacomcalibrate
+    frajul.pob2-frajul
+  ];
+}

homes/julian/features/suites/development/default.nix

@@ -0,0 +1,86 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    watchexec # Run command when any file in current dir changes
+    android-tools # adb
+    # shellcheck # Check bash scripts for common errors
+    sqlite
+    scrcpy # Mirror android screen to pc
+    cargo
+    clippy
+    cntr # nix debugger
+    conda
+    # micromamba # a better, faster conda
+    devcontainer # development container
+    devenv # devbox alternative
+    dbeaver-bin
+    devbox # dev environments using nix
+    distrobox # run commands inside docker containers
+    gcc
+    gradle
+    hexedit
+    unstable.zed-editor
+    jdk
+    julia-bin
+    # (texlive.combine {
+    #   # for rendering latex in inkscape
+    #   inherit
+    #     (texlive)
+    #     scheme-medium
+    #     standalone
+    #     amsmath
+    #     preview
+    #     # needed for org mode export
+    #     wrapfig
+    #     capt-of
+    #     biblatex
+    #     ;
+    # })
+    vagrant
+    matlab # Using nix-matlab overlay defined in flake
+    maven
+    nodejs
+    pkg-config # Often needed to build something
+    # pwndbg # improved gdb (debugger)
+    python3
+    rust-analyzer
+    rustc
+    rustfmt
+    # (pkgs.inkscape-with-extensions.override {
+    #   inkscapeExtensions = [ pkgs.inkscape-extensions.textext ];
+    # })
+    # inkscape-with-extensions
+    # inkscape-extensions.textext
+    inkscape
+    gcolor3 # Color picker
+    gimp
+    drawio
+    audacity
+
+    deploy-rs
+    sops
+    pandoc # markdown preview
+    docker-compose
+
+    ## My scripts
+    frajul.deploy-to-pianopi
+    frajul.rtklib
+
+    (pkgs.writeShellScriptBin "matlab-rsp" ''
+      matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl
+    '')
+
+    (pkgs.writeShellScriptBin "matlab-paper" ''
+      matlab -desktop -sd "/home/julian/dev/phdthesis/Phase B/mainSimulation" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "matlab-robotik" ''
+      matlab -desktop -sd "/home/julian/nas-sync/Studium/Vorlesungen-Master/ss24/Robotik2" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "matlab-gram" ''
+      export GTK_PATH=/usr/lib/gtk-3.0
+      nix shell nixpkgs#gcc11 --command matlab -desktop -sd "/home/julian/dev/matlab-gram" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "expenses-tracker" ''
+      java -jar /home/julian/dev/expensestracker/app/build/libs/app.jar
+    '')
+  ];
+}

homes/julian/features/tmux/default.nix

@@ -0,0 +1,10 @@
+{
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    keyMode = "vi";
+    customPaneNavigationAndResize = true; # use hjkl
+    mouse = true;
+    prefix = "C-Space"; # use instead of C-b
+  };
+}

homes/julian/features/topgrade/default.nix

@@ -0,0 +1,28 @@
+{
+  programs.topgrade = {
+    enable = true;
+    settings = {
+      misc.no_self_update = true;
+      misc.pre_sudo = true; # Cache sudo password for 5 more minutes
+      misc.assume_yes = true;
+      misc.no_retry = true;
+
+      # pre_commands."Update flake" = "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
+
+      linux.nix_arguments = "--flake /home/julian/.dotfiles";
+      linux.home_manager_arguments = [
+        "--flake"
+        "/home/julian/.dotfiles"
+      ];
+
+      git = {
+        # Additional git repositories to pull
+        repos = [
+          "~/.dotfiles"
+          "~/dev/*"
+          "~/.config/doom"
+        ];
+      };
+    };
+  };
+}

homes/julian/features/wezterm/default.nix

@@ -0,0 +1,34 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.wezterm = {
+    enable = true;
+    extraConfig = ''
+      local wezterm = require 'wezterm'
+      local config = {}
+
+      config.color_scheme = 'Catppuccin Mocha'
+      -- config.font = wezterm.font 'JetBrains Mono'
+      -- config.font_size = 12.0
+      config.hide_tab_bar_if_only_one_tab = true
+      config.audible_bell = 'Disabled'
+      config.enable_wayland = false -- Somehow only works for wayland if this is set to false
+
+      config.window_close_confirmation = 'NeverPrompt'
+
+      return config
+    '';
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "wezterm") "wezterm-start-here";
+
+  # Otherwise wezterm does not start in directory of parent process
+  home.packages = [
+    (pkgs.writeShellScriptBin "wezterm-start-here" ''
+      wezterm start --cwd "$PWD"
+    '')
+  ];
+}

homes/julian/features/yazi/default.nix

@@ -0,0 +1,90 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  programs.zoxide.enable = true;
+  programs.zoxide.enableFishIntegration = true;
+
+  home.packages = with pkgs; [
+    exiftool
+    unar # extract archives
+    dragon-drop # dragndrop
+    poppler-utils # pdf preview
+    fd
+    ripgrep
+    fzf
+    jq # json preview
+    ffmpegthumbnailer
+    xclip
+  ];
+
+  home.shellAliases = {
+    y = "yy"; # Yazi shell wrapper (cd on quit)
+  };
+
+  programs.yazi.enable = true;
+  programs.yazi.enableFishIntegration = true;
+  programs.yazi.settings.manager = {
+    sort_by = "mtime";
+    sort_reverse = true;
+    show_hidden = true;
+  };
+
+  programs.yazi.keymap = {
+    manager.prepend_keymap = [
+      # Override defaults
+      {
+        on = ["e"];
+        run = ''shell --orphan --confirm "pcmanfm &"'';
+        desc = "Open gui file manager";
+      }
+      {
+        on = ["<C-o>"];
+        run = ''shell "$SHELL" --block --confirm'';
+        desc = "Open shell here";
+      }
+      {
+        on = ["<C-n>"];
+        run = ''shell 'dragon -x -i -T "$1"' --confirm'';
+        desc = "Dragndrop via dragon";
+      }
+      {
+        on = ["<Enter>"];
+        run = "plugin --sync smart-enter";
+        desc = "Enter the child directory, or open the file";
+      }
+    ];
+    input.prepend_keymap = [
+      {
+        on = ["<Esc>"];
+        run = "close";
+        desc = "Cancel input";
+      }
+    ];
+  };
+
+  programs.yazi.settings.opener = {
+    play = [
+      {
+        run = ''vlc "$1"'';
+        orphan = true;
+      }
+    ];
+  };
+
+  xdg.configFile."yazi/flavors" = {
+    source = "${inputs.yazi-flavors}";
+  };
+  xdg.configFile."yazi/plugins/smart-enter.yazi/init.lua".text = ''
+    return {
+      entry = function()
+        local h = cx.active.current.hovered
+        ya.manager_emit(h and h.cha.is_dir and "enter" or "open", { hovered = true })
+      end,
+    }
+  '';
+  programs.yazi.theme = {
+    flavor.use = "catppuccin-mocha";
+  };
+}

homes/julian/features/zsh/default.nix

@@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  home.file = {
+    ".config/starship.toml".source = ./starship.toml;
+  };
+
+  home.packages = with pkgs; [starship];
+
+  programs.starship = {
+    enable = true;
+    enableZshIntegration = true;
+  };
+
+  programs.zsh = {
+    enable = true;
+
+    initExtra =
+      builtins.readFile ./key-bindings.zsh
+      + builtins.readFile ./functions.zsh
+      + builtins.readFile ./last-working-dir.zsh
+      + builtins.readFile ./dir-navigation.zsh;
+
+    zplug = {
+      enable = true;
+      plugins = [
+        # list of plugins: https://github.com/unixorn/awesome-zsh-plugins
+        {name = "agkozak/zsh-z";}
+        {
+          name = "zsh-users/zsh-completions";
+        }
+
+        # make it behave like fish
+        {name = "zsh-users/zsh-autosuggestions";}
+        {name = "zsh-users/zsh-history-substring-search";}
+        {
+          name = "zsh-users/zsh-syntax-highlighting";
+        } # must be last sourced plugin
+      ];
+    };
+  };
+}

homes/julian/global/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  pkgs,
+  config,
+  outputs,
+  ...
+}: {
+  imports =
+    [
+      ../features/fonts
+      ../features/nix-helper
+    ]
+    ++ (builtins.attrValues outputs.homeManagerModules);
+
+  nix = {
+    package = lib.mkDefault pkgs.nix;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "ca-derivations"
+      ];
+      warn-dirty = false; # TODO: do I want it? also for systems
+    };
+  };
+
+  colorscheme.name = "catppuccin-mocha";
+
+  # systemd.user.startServices = "sd-switch"; # TODO: what is this
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    username = lib.mkDefault "julian";
+    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    stateVersion = lib.mkDefault "23.11";
+
+    sessionPath = ["$HOME/.local/bin"];
+  };
+
+  # TODO: colorscheme
+  # colorscheme.mode = lib.mkOverride 1499 "dark";
+  # specialisation = {
+  #   dark.configuration.colorscheme.mode = lib.mkOverride 1498 "dark";
+  #   light.configuration.colorscheme.mode = lib.mkOverride 1498 "light";
+  # };
+  # home.file = {
+  #   ".colorscheme.json".text = builtins.toJSON config.colorscheme;
+  # };
+}

homes/julian/global/mimeapps.nix

@@ -6,9 +6,11 @@
 #   inherit pkgs;
 #   inherit lib;
 # };
-
+{
-{ lib, pkgs, ... }:
+  lib,
-let
+  pkgs,
+  ...
+}: let
   package-names = with pkgs; {
     "x-scheme-handler/tg" = telegram-desktop;
     "x-scheme-handler/mailto" = thunderbird;
@@ -40,6 +42,7 @@ let
     "inode/directory" = pcmanfm;
   };
 in
-lib.mapAttrs (mimeType: package: [
+  lib.mapAttrs (mimeType: package: [
-  "${package}/share/applications/${package.pname}.desktop"
+    "${package}/share/applications/${package.pname}.desktop"
-]) package-names
+  ])
+  package-names

homes/julian/hm-standalone-config.nix

@@ -0,0 +1,47 @@
+# Only apply this to home-manager standalone
+{outputs, ...}: {
+  # Apply overlays
+  nixpkgs = {
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = _: true; # TODO: what is this
+      permittedInsecurePackages = [
+        "olm-3.2.16"
+      ];
+      warn-dirty = false;
+    };
+  };
+
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+    ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+
+    experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+    ];
+
+    # nix.settings. # warn-dirty = false; # TODO: do I want this
+    #
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
+  };
+}

homes/julian/kardorf.nix

@@ -0,0 +1,59 @@
+{
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/direnv
+    ./features/topgrade
+    ./features/neovim
+    ./features/ghostty
+    ./features/wezterm
+    ./features/alacritty
+    ./features/yazi
+    ./features/emacs
+
+    ./features/tmux
+    ./features/qt-distrobox
+    ./features/hyprland
+    # ./features/i3
+
+    ./features/suites/cli
+    ./features/suites/desktop
+    ./features/suites/development
+  ];
+
+  hostName = "kardorf";
+  is-nixos = true;
+  terminal = "alacritty";
+
+  #  ---------   ---------
+  # | DVI-D-1 | | DVI-D-2 |
+  #  ---------   ---------
+  monitors = [
+    {
+      name = "DVI-D-1";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "DVI-D-2";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
+}

homes/julian/pianonix.nix

@@ -0,0 +1,62 @@
+{pkgs, ...}: {
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/topgrade
+    ./features/neovim
+    ./features/wezterm
+    ./features/yazi
+    ./features/gtk
+  ];
+
+  hostName = "pianonix";
+  is-nixos = true;
+  terminal = "wezterm";
+
+  # services.syncthing.tray.enable = true;
+  # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+
+  home.packages = with pkgs; [
+    music-reader
+    sheet-organizer
+
+    xournalpp
+    musescore
+
+    onboard
+  ];
+
+  programs.firefox = {
+    enable = true;
+
+    profiles.default = {
+      isDefault = true;
+
+      settings = {
+        "browser.startup.homepage" = "https://sheets.julian-mutter.de";
+        "browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
+      };
+    };
+  };
+
+  programs.chromium = {
+    enable = true;
+
+    # commandLineArgs = [
+    #   "--homepage=https://sheets.julian-mutter.de"
+    #   "--no-first-run"
+    # ];
+  };
+
+  # Autostart link
+  home.file = {
+    # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
+    ".config/autostart/onboard.desktop".source = "${pkgs.onboard}/share/applications/onboard.desktop";
+    # ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
+    ".config/sheet-organizer/config.toml".text = ''
+      working_directory = "/home/julian/Klavier"
+    '';
+  };
+}

homes/julian/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H

homes/julian/v3ms/default.nix

@@ -0,0 +1,31 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../global
+
+    ../features/fish
+    ../features/direnv
+    ../features/topgrade
+    ../features/neovim
+    ../features/yazi
+    ../features/emacs
+    ../features/nix-helper
+    ../features/qt-distrobox
+  ];
+
+  hostName = "aspi";
+  is-nixos = false;
+  # terminal = "kitty";
+
+  home.sessionPath = ["/snap/bin"];
+
+  home.packages =
+    lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})
+    [
+      ./fonts.nix
+      ./packages.nix
+    ];
+}

homes/julian/v3ms/fonts.nix

@@ -1,13 +1,11 @@
-{ pkgs, ... }:
+{pkgs, ...}:
-
+with pkgs; [
-with pkgs;
+  nerd-fonts.fira-code
-[
-  (nerdfonts.override { fonts = [ "FiraCode" ]; })
   font-awesome
   dejavu_fonts
   noto-fonts
   noto-fonts-cjk-sans
-  noto-fonts-emoji
+  noto-fonts-color-emoji
   liberation_ttf
   fira-code
   fira-code-symbols

homes/julian/v3ms/packages.nix

@@ -1,7 +1,5 @@
-{ pkgs, ... }:
+{pkgs, ...}:
-
+with pkgs; [
-with pkgs;
-[
   # Rust setup
   rustc
   rustfmt
@@ -33,10 +31,12 @@ with pkgs;
   ffmpeg
   julia-bin
 
-  poppler_utils # Pdf utils including pdfimages
+  poppler-utils # Pdf utils including pdfimages
   sage
 
   pkg-config # Often needed to build something
 
+  devbox # reproducible dev envs based on nix
+
   mysql80
 ]

homes/x86_64-linux/julian@aspi/default.nix

@@ -1,71 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-    shell = {
-      # zsh.enable = true;
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    kitty = {
-      enable = true;
-      mkDefault = true;
-    };
-    wezterm = {
-      enable = true;
-      mkDefault = false;
-    };
-    alacritty = {
-      enable = true;
-      mkDefault = false;
-    };
-    yazi.enable = true;
-    emacs.enable = true;
-
-    i3.enable = true;
-
-    # hyprland.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-
-    suites = {
-      cli.enable = true;
-      desktop.enable = true;
-      development.enable = true;
-    };
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@kardorf/default.nix

@@ -1,57 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-    shell = {
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    # alacritty.enable = true;
-    kitty.enable = true;
-    yazi.enable = true;
-    emacs.enable = true;
-    i3.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-
-    suites = {
-      cli.enable = true;
-      desktop.enable = true;
-      development.enable = true;
-    };
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@pianonix/default.nix

@@ -1,64 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home,
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}@arguments:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-
-    shell = {
-      fish.enable = true;
-    };
-    yazi.enable = true;
-    topgrade.enable = true;
-    neovim.enable = true;
-    wezterm.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-  };
-
-  services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
-
-  home.packages = with pkgs; [
-    music-reader
-    sheet-organizer
-  ];
-
-  # Autostart link
-  home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
-    ".config/sheet-organizer/config.toml".text = ''
-      working_directory = "/home/julian/Klavier"
-    '';
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@v3ms/default.nix

@@ -1,53 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = false;
-    shell = {
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    yazi.enable = true;
-    emacs.enable = true;
-
-    nix-helper.enable = true;
-  };
-
-  home.packages =
-    lib.lists.concatMap (packages-list-file: import packages-list-file { inherit pkgs; })
-      [
-        ./fonts.nix
-        ./packages.nix
-      ];
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

hosts/aspi/default.nix

@@ -0,0 +1,61 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global
+    ../common/users/julian
+    ../common/users/yukari
+    ../common/users/pob
+    ../common/optional/binarycaches.nix
+
+    ../common/optional/remote-builder.nix
+    ../common/optional/boot-efi.nix
+
+    ../common/optional/greetd.nix
+    ../common/optional/authentication.nix
+    ../common/optional/pcmanfm.nix
+    ../common/optional/pipewire.nix
+
+    ../common/optional/gamemode.nix
+    ../common/optional/virtualbox.nix
+
+    ../common/optional/podman.nix
+    ../common/optional/wireguard.nix
+    ../common/optional/flatpak.nix
+
+    ../common/optional/avahi.nix
+  ];
+
+  networking.hostName = "aspi";
+  system.stateVersion = "24.05";
+
+  # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work
+
+  modules = {
+    syncthing = {
+      enable = true;
+      overrideSettings = false;
+    };
+    frajulAutoUpgrade = {
+      enable = true;
+      flakePath = "/home/julian/.dotfiles";
+    };
+  };
+
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  services.blueman.enable = true;
+  services.upower.enable = true;
+
+  programs.steam.enable = true;
+
+  # TODO: not working
+  # services.logind.lidSwitch = "lock";
+  # services.logind.lidSwitchDocked = "lock";
+
+  programs.kdeconnect.enable = true;
+
+  # Enable touchpad support
+  services.libinput.enable = true;
+}

hosts/aspi/hardware-configuration.nix

@@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  boot.initrd.availableKernelModules = [
+    "vmd"
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+  boot.blacklistedKernelModules = ["pcspkr"]; # Disables "beep"
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+
+  boot.initrd.luks.devices = {
+    root = {
+      device = "/dev/disk/by-uuid/a4dc9a2c-725b-4252-8fbb-093a271c31ba";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7040-F37C";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.nvidia.open = false;
+}

hosts/aspi/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZH4AYoERGx5t8gXXmrZetSchwzps8UYwkz8E6SI8D

hosts/builder/default.nix

@@ -0,0 +1,345 @@
+# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
+# or
+# deploy .#builder
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global/fish.nix # fish for admin
+    ../common/global/locale.nix
+    ../common/global/nix.nix
+    ../common/global/sops.nix
+    ../common/global/root.nix
+  ];
+
+  networking.hostName = "builder";
+  system.stateVersion = "23.11";
+
+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "192.168.3.252"
+    "172.30.20.10"
+    "1.1.1.1"
+  ];
+
+  users.mutableUsers = false;
+  users.users.nix = {
+    isNormalUser = true;
+    description = "Nix";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "docker"
+    ];
+  };
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+    ];
+
+    trusted-users = ["nix"];
+    max-jobs = "auto";
+    cores = 0;
+
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
+  };
+
+  # system.autoUpgrade = {
+  #   enable = true;
+  #   flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
+  #   flags = [
+  #     "--recreate-lock-file" # update lock file
+  #   ];
+  #   dates = "02:13";
+  # };
+
+  # optimize store by hardlinking store files
+  nix.optimise.automatic = true;
+  nix.optimise.dates = ["03:15"];
+
+  # nix.gc.automatic = true;
+  # nix.gc.dates = "daily";
+  # nix.gc.options = "--delete-old";
+
+  # nix.settings.keep-derivations = false;
+  # nix.settings.keep-outputs = true;
+
+  # Garbage collect up to 100 GiB when only 20 GiB storage left
+  nix.extraOptions = ''
+    min-free = ${toString (20 * 1024 * 1024 * 1024)}
+    max-free = ${toString (100 * 1024 * 1024 * 1024)}
+  '';
+
+  nix.nrBuildUsers = 64;
+
+  # prevent memory to get filled
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  };
+
+  # Ollama used by open-webui as llm backend
+  # services.ollama = {
+  #   enable = true;
+  #   # acceleration = "rocm";
+  # };
+  # services.open-webui = {
+  #   enable = true;
+  #   port = 8080;
+  #   openFirewall = true;
+  #   host = "builder.julian-mutter.de";
+  # };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "yes";
+    # Add older algorithms for jenkins ssh-agents-plugin to be compatible
+    settings.Macs = [
+      "hmac-sha2-512-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+      "umac-128-etm@openssh.com"
+      "hmac-sha2-512"
+      "hmac-sha2-256"
+      "umac-128@openssh.com"
+    ];
+    settings.KexAlgorithms = [
+      "diffie-hellman-group-exchange-sha1"
+      "diffie-hellman-group14-sha1"
+      "mlkem768x25519-sha256"
+      "sntrup761x25519-sha512"
+      "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      "diffie-hellman-group-exchange-sha256"
+    ];
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFcS+3d1tNgHmYCjueymCV9Bd2LcJcKGhVobrDe3r0s julian@kardorf"
+  ];
+  users.users."nix".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIQ+qMuXvyoxO1DuCR3/x+IQRfSA2WyMuzuotWZjCye root@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnfLJnS2SKUs47J0qpLTkk0LQA5quOuAhnxE6yppUDm root@kardorf"
+  ];
+
+  # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL
+    port = 3000;
+    notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service
+    # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
+    # buildMachinesFiles = [ ];
+    # you will probably also want, otherwise *everything* will be built from scratch
+    useSubstitutes = true;
+
+    minimumDiskFree = 5; # in GB
+    minimumDiskFreeEvaluator = 4; # in GB
+  };
+
+  # add builder itself as build machine so system emulation is properly supported
+  # nix.distributedBuilds = true;
+  nix.buildMachines = [
+    {
+      hostName = "localhost";
+      protocol = null;
+      # sshUser = "nix";
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+      maxJobs = 4;
+      speedFactor = 3;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+    }
+  ];
+
+  # Uris allowed as flake inputs, otherwise hydra does not fetch them
+  nix.settings.allowed-uris = [
+    "github:"
+    "gitlab:"
+    "git+https://github.com/hyprwm/Hyprland"
+    "https://github.com/hyprwm/Hyprland"
+    "https://github"
+    "https://gitlab"
+    "https://gitlab.julian-mutter.de"
+    "git+https://gitlab.julian-mutter.de"
+  ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    # recommendedTlsSettings = true;
+    # other Nginx options
+    virtualHosts."hydra.julian-mutter.de" = {
+      # enableACME = true;
+      # forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        # extraConfig =
+        #   # required when the target is also TLS server with multiple hosts
+        #   "proxy_ssl_server_name on;" +
+        #   # required when the server wants to use HTTP Authentication
+        #   "proxy_pass_header Authorization;"
+        #   ;
+      };
+    };
+
+    virtualHosts."binarycache.julian-mutter.de" = {
+      locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+    };
+
+    clientMaxBodySize = "2G";
+    virtualHosts."cache.julian-mutter.de" = {
+      locations."/".proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+
+  # =========== Gitea actions ==========
+  services.gitea-actions-runner.instances."builder" = {
+    enable = true;
+    url = "https://gitlab.julian-mutter.de";
+    name = "builder";
+    tokenFile = config.sops.secrets."gitea_token".path;
+    labels = [
+      # provide a debian base with nodejs for actions
+      "debian-latest:docker://node:18-bullseye"
+      # fake the ubuntu name, because node provides no ubuntu builds
+      "ubuntu-latest:docker://node:18-bullseye"
+      # devenv
+      "devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
+      # provide native execution on the host
+      "nixos:host"
+    ];
+  };
+
+  virtualisation.docker.enable = true;
+
+  # TODO: podman fails with: "cannot resolve hostname"
+  # virtualisation.podman = {
+  #   enable = true;
+  #   dockerCompat = true;
+  #   defaultNetwork.settings.dns_enabled = true;
+  # };
+
+  sops.secrets."gitea_token" = {
+    owner = config.users.users.nix.name;
+    sopsFile = ./secrets.yaml;
+  };
+
+  # =========== Binary Cache ==========
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = "/var/cache-priv-key.pem";
+  };
+
+  # =========== Binary Cache with attic ==========
+  sops.secrets."attic_token".sopsFile = ./secrets.yaml;
+
+  services.atticd = {
+    enable = true;
+    environmentFile = config.sops.secrets."attic_token".path;
+    settings = {
+      listen = "[::]:8080";
+
+      jwt = {};
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
+  services.gitlab-runner.enable = true;
+  # runner for everything else
+  #
+  sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
+  services.gitlab-runner.services.default = {
+    # File should contain at least these two variables:
+    authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
+    dockerImage = "alpine:latest";
+    dockerVolumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+
+  ### Jenkins node
+  users.users.jenkins = {
+    createHome = true;
+    home = "/var/lib/jenkins";
+    group = "jenkins";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
+    ];
+    packages = with pkgs; [
+      git
+      devenv
+    ];
+    extraGroups = [
+      "docker"
+    ];
+  };
+
+  users.groups.jenkins = {};
+  programs.java = {
+    enable = true;
+    package = pkgs.jdk21; # Same as jenkins version on home
+  };
+}

hosts/builder/hardware-configuration.nix

@@ -1,17 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+{lib, ...}: {
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
   boot.initrd.availableKernelModules = [
     "ata_piix"
     "uhci_hcd"
@@ -21,16 +8,14 @@
     "sr_mod"
   ];
   # boot.initrd.kernelModules = [ "amdgpu" ]; # GPU support
-  boot.kernelModules = [ ];
+  boot.kernelModules = [];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/f088fe8e-bf3d-4a89-98bd-ead9852d381f";
     fsType = "ext4";
   };
 
-  swapDevices = [ { device = "/dev/disk/by-uuid/ab60b5f0-caaa-4a7e-803f-c4c1a6a076dd"; } ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
@@ -39,4 +24,27 @@
   # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  # hardware.graphics = {
+  #   enable = true;
+  #   extraPackages = with pkgs; [
+  #     rocmPackages.clr.icd
+  #     linuxPackages.amdgpu-pro
+  #   ];
+  # };
+
+  # boot.kernelParams = [
+  #   "radeon.si_support=0"
+  #   "radeon.cik_support=1"
+  #   "amdgpu.si_support=0"
+  #   "amdgpu.cik_support=1"
+  # ];
+  # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ];
+  # boot.blacklistedKernelModules = [ "radeon" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  # Emulated systems used as alternative to cross-compiling
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
 }

hosts/common/global/auto-upgrade.nix

@@ -0,0 +1,16 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  system.hydraAutoUpgrade = {
+    # Only enable if not dirty
+    enable = inputs.self ? rev;
+    dates = "*:0/10"; # Every 10 minutes
+    instance = "http://hydra.julian-mutter.de";
+    project = "dotfiles";
+    jobset = "main";
+    job = "hosts.${config.networking.hostName}";
+    oldFlakeRef = "self";
+  };
+}

hosts/common/global/default.nix

@@ -0,0 +1,50 @@
+# Common config for all hosts
+{
+  inputs,
+  outputs,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports =
+    [
+      ./fish.nix # fish for admin
+      ./locale.nix
+      ./nix.nix
+      ./sops.nix
+      ./root.nix
+    ]
+    ++ [
+      inputs.home-manager.nixosModules.home-manager
+    ]
+    ++ (builtins.attrValues outputs.nixosModules);
+
+  # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+  # Enables non-free firmware
+  hardware.enableRedistributableFirmware = true;
+
+  # Networking
+  networking.networkmanager = {
+    enable = true;
+    plugins = with pkgs; [
+      networkmanager-openconnect
+    ];
+  };
+  services.resolved.enable = true;
+  # MDNS Taken by avahi
+  services.resolved.extraConfig = ''
+    MulticastDNS=false
+  '';
+
+  networking.nameservers = lib.mkDefault [
+    "1.1.1.1"
+    "8.8.8.8"
+  ];
+
+  # HM module
+  home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+  home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
+  home-manager.extraSpecialArgs = {
+    inherit inputs outputs;
+  };
+}

hosts/common/global/fish.nix

@@ -0,0 +1,10 @@
+{
+  programs.fish = {
+    enable = true;
+    vendor = {
+      completions.enable = true;
+      config.enable = true;
+      functions.enable = true;
+    };
+  };
+}

hosts/common/global/locale.nix

@@ -0,0 +1,26 @@
+{
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Keymap
+  services.xserver.xkb = {
+    layout = "de";
+    variant = "";
+  };
+
+  console.keyMap = "de";
+
+  time.timeZone = "Europe/Berlin";
+}

hosts/common/global/nix.nix

@@ -0,0 +1,49 @@
+{
+  lib,
+  outputs,
+  ...
+}:
+{
+  # Apply overlays
+  nixpkgs = {
+    # TODO: apply this to hm and nixos without duplicate code
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      nvidia.acceptLicense = true;
+      allowUnfree = true;
+      allowUnfreePredicate = _: true; # TODO: what is this
+      warn-dirty = false;
+      permittedInsecurePackages = [
+        "olm-3.2.16"
+      ];
+    };
+  };
+
+  # optimize at every build, slows down builds
+  # better to do optimise.automatic for regular optimising
+  # nix.settings.auto-optimise-store = lib.mkDefault true;
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+    "ca-derivations"
+  ];
+  # warn-dirty = false;
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = [ "weekly" ]; # Optional; allows customizing optimisation schedule
+  };
+
+  programs.nix-ld.enable = true;
+
+  # TODO: is this useful?, what does it do?
+  # nix.settings.flake-registry = ""; # Disable global flake registry
+  # Add each flake input as a registry and nix_path
+  # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+  # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+}

hosts/common/global/root.nix

@@ -0,0 +1,9 @@
+{pkgs, ...}: {
+  # Packages needed as root
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    mc
+    gparted-xhost # needs to be installed as system package so it can be actually opened
+  ];
+}

hosts/common/global/sops.nix

@@ -0,0 +1,22 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [inputs.sops-nix.nixosModules.sops];
+
+  sops.age = {
+    sshKeyPaths = map getKeyPath keys;
+
+    # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
+    # keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # Generate key if none of the above worked. With this, building will still work, just without secrets
+    generateKey = false; # TODO: building should not work without secrets!?
+  };
+
+  sops.defaultSopsFile = ../secrets.yaml;
+}