Start migration to using flake-parts

Normally I wont have VPN access on standalone

.dotter/global.toml

@@ -1,61 +0,0 @@
-[helpers]
-
-[default]
-depends = []
-
-[manjaro.files]
-manjaro = "~"
-
-[mc.files]
-mc = "~/.config/mc"
-
-[vim.files]
-# type symbolic prevents interpreting '{{' as template
-"vim/.vimrc" = { target = "~/.vimrc", type = "symbolic" }
-
-[nvim.files]
-"vim/init.vim" = { target = "~/.config/nvim/init.vim", type = "symbolic" }
-
-[i3.files]
-"i3/i3" = "~/.config/i3"
-"i3/i3blocks" = { target = "~/.config/i3blocks", type = "symbolic" }
-"i3/rofi" = "~/.config/rofi"
-"i3/i3-scrot.conf" = "~/.config/i3-scrot.conf"
-"i3/i3status-rust" = "~/.config/i3status-rust"
-"i3/.profile" = "~/.profile"
-
-[i3.variables]
-monitor-primary = "not-specified"
-monitor-secondary = "not-specified"
-screenlayout-script = "echo screenlayout-script not specified"
-bar-font-size = 15
-tray-output = "tray_output primary"
-
-[emacs.files]
-"emacs/doom" = "~/.config/doom"
-# "emacs/spacemacs/.spacemacs" = "~/.spacemacs"
-# "emacs/chemacs/.emacs-profiles.el" = "~/.emacs-profiles.el"
-
-[alacritty.files]
-alacritty = "~/.config/alacritty"
-
-[starship.files]
-starship = "~/.config/"
-
-[zsh.files]
-"zsh/.zshrc" = "~/.zshrc"
-"zsh/custom-plugins" = "~/.oh-my-zsh/custom"
-
-[polybar.files]
-polybar = "~/.config/polybar"
-
-[leftwm.files]
-leftwm = "~/.config/leftwm"
-
-[xmonad.files]
-xmonad = "~/.xmonad"
-
-[nix.files]
-"direnvrc" = "~/.config/direnv/direnvrc"
-"nix/configuration.nix" = "/etc/nixos/configuration.nix"
-"nix/flake.nix" = "/etc/nixos/flake.nix"

.dotter/kardorf.toml

@@ -1,6 +0,0 @@
-[i3.variables]
-monitor-primary = "DVI-D-0"
-monitor-secondary = "DVI-D-1"
-screenlayout-script = "~/.screenlayout/2desktop-dvi.sh"
-bar-font-size = 15
-tray-output = "tray_output DVI-D-1"

.dotter/laptop-at-home.toml

@@ -1,4 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-screenlayout-script = "~/.screenlayout/laptop-at-home.sh"

.dotter/laptop.toml

@@ -1,5 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-tray-output = "tray_output eDP-1"
-screenlayout-script = "$scripts/display-layoutpicker"

.dotter/local.kardorf.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/kardorf.toml"]
-packages = ["i3", "emacs", "alacritty", "zsh", "starship", "nix"]

.dotter/local.laptop.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/laptop.toml"]
-packages = []

.gitea/workflows/update-flake.yaml

@@ -25,6 +25,7 @@ jobs:
       - name: Rebase from master branch
         shell: bash
         run: |
+            git fetch origin master
             commits_ahead=$(git rev-list --count HEAD..origin/master)
             echo "Commits ahead: $commits_ahead"
             git log --oneline -5

.sops.yaml

@@ -1,25 +1,27 @@
 keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-  - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
   - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+
 creation_rules:
-  - path_regex: secrets/secrets.yaml$
+  - path_regex: hosts/common/secrets.yaml$
     key_groups:
     - age:
       - *primary
       - *aspi-ssh
       - *pianonix-ssh
+      - *kardorf-ssh
 
-  - path_regex: secrets/secrets-builder.yaml$
+  - path_regex: hosts/builder/secrets.yaml$
     key_groups:
     - age:
       - *primary
       - *builder-ssh
 
-  - path_regex: secrets/.+
+  - path_regex: hosts/pianonix/secrets*
     key_groups:
     - age:
       - *primary
-      - *aspi-ssh
       - *pianonix-ssh

Readme.org

@@ -1,7 +1,12 @@
 #+title: My dotfiles
 
-My dotfiles for which I am using =nix=.
-The structure is managed by [[https://snowfall.org/guides/lib/quickstart/][Snowfall lib]]
+* Quick start for home-manger only (no need to pull this repo)
+- Install nix using the https://github.com/DeterminateSystems/nix-installer
+- Then run
+ #+begin_src shell
+nix run nixpkgs#home-manager -- switch --flake git+https://gitlab.julian-mutter.de/julian/dotfiles.git#julian@quickstart
+ #+end_src 
+- Done
 
 * Machine selection
 =home-manager= automatically searches for =user= or =user@hostname= config in the flake, so specify one of those or you will have to manually specify them:
@@ -24,7 +29,7 @@ sops edit secrets/secrets.yaml
 ** Authorize new device
 - Generate public key from ssh -> Private age key generation not needed
 #+begin_src sh
-ssh-to-age < /etc/ssh/ssh_host_ed25519_key
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
 #+end_src
 - Add age public key to file:.sops.yaml
 - Update keys

features-home-manager/alacritty/default.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.alacritty = {
+    enable = true;
+    settings = {};
+    theme = "smoooooth";
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";
+}

features-home-manager/emacs/default.nix

@@ -4,24 +4,19 @@
   config,
   ...
 }:
-
-with lib;
-
-let
+with lib; let
   doomRepoUrl = "https://github.com/doomemacs/doomemacs";
   configRepoUrl = "https://gitlab.julian-mutter.de/julian/emacs-config";
-in
-{
-  home.sessionPath = [ "/home/julian/.config/emacs/bin" ];
+in {
+  home.sessionPath = ["/home/julian/.config/emacs/bin"];
 
-  home.packages =
-    with pkgs;
+  home.packages = with pkgs;
     [
       binutils # native-comp needs 'as', provided by this
 
       ## Doom dependencies
       git
-      (ripgrep.override { withPCRE2 = true; })
+      (ripgrep.override {withPCRE2 = true;})
 
       ## Optional dependencies
       fd # faster projectile indexing
@@ -30,12 +25,13 @@ in
 
       ## Module dependencies
       (aspellWithDicts (
-        ds: with ds; [
-          en
-          en-computers
-          en-science
-          de
-        ]
+        ds:
+          with ds; [
+            en
+            en-computers
+            en-science
+            de
+          ]
       ))
 
       hunspell
@@ -46,6 +42,8 @@ in
 
       # Code formatters for use with doom emacs
       nixfmt-rfc-style # nix
+      alejandra # nix
+
       nixd # nix lsp
       dockfmt # docker
       google-java-format # java
@@ -54,6 +52,14 @@ in
       shfmt
       pyright
       clang-tools # c++ lsp etc
+      ccls # alternative c++ lsp
+      cmake
+      bear
+      cmake-language-server
+
+      # qt6.full # qt tools and libs including lsp
+      tinymist # typst lsp
+
       ltex-ls # latex languagetool
 
       graphviz
@@ -61,10 +67,31 @@ in
       # neocmakelsp # cmake
 
       emacs-all-the-icons-fonts
-    ]
-    ++ lib.optional config.modules.non-nixos.is-nixos emacs;
+      frajul.typst-languagetool
+      ltex-ls-plus
 
-  home.activation.installDoomEmacs = lib.home-manager.hm.dag.entryAfter [ "writeBoundary" ] ''
+      (texlive.combine {
+        inherit
+          (texlive)
+          scheme-basic
+          # for rendering latex in inkscape
+          standalone
+          amsmath
+          preview
+          # needed for org mode preview
+          dvisvgm
+          dvipng # for preview and export as html
+          wrapfig
+          # amsmath
+          ulem
+          hyperref
+          capt-of
+          ;
+      })
+    ]
+    ++ lib.optional config.is-nixos emacs;
+
+  home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
     if [ ! -d "/home/julian/.config/emacs" ]; then
        $DRY_RUN_CMD ${pkgs.git}/bin/git clone --depth=1 --single-branch "${doomRepoUrl}" "/home/julian/.config/emacs"
     fi

features-home-manager/fish/default.nix

@@ -3,10 +3,7 @@
   pkgs,
   ...
 }:
-
-with lib;
-
-{
+with lib; {
   home.file = {
     ".config/starship.toml".source = ./starship.toml;
     ".config/fish/conf.d/last-working-dir.fish".source = ./last-working-dir.fish;
@@ -30,6 +27,11 @@ with lib;
     enableFishIntegration = true;
   };
 
+  programs.zoxide = {
+    enable = true;
+    enableFishIntegration = true;
+  };
+
   programs.fish = {
     enable = true;
 
@@ -41,14 +43,18 @@ with lib;
         cd $argv
       '';
       run = ''
-        nix run nixpkgs#"$argv[1]" -- $argv[2..-1]
+        nix run --impure nixpkgs#"$argv[1]" -- $argv[2..-1]
       '';
       shell = ''
         set args
         for arg in $argv
             set args $args nixpkgs#$arg
         end
-        nix shell $args
+        nix shell --impure $args
+      '';
+      fish_user_key_bindings = ''
+        bind ctrl-space 'zi; commandline -f repaint'
+        bind -M insert ctrl-space 'zi; commandline -f repaint'
       '';
     };
   };

features-home-manager/fonts/default.nix

@@ -1,21 +1,17 @@
 {
   lib,
   pkgs,
-  config,
   ...
 }:
-
-with lib;
-
-{
+with lib; {
   fonts.fontconfig.enable = true; # required to autoload fonts from packages
   home.packages = with pkgs; [
-    (nerdfonts.override { fonts = [ "FiraCode" ]; })
+    nerd-fonts.fira-code
     font-awesome
     dejavu_fonts
     noto-fonts
     noto-fonts-cjk-sans
-    noto-fonts-emoji
+    noto-fonts-color-emoji
     liberation_ttf
     fira-code
     fira-code-symbols

features-home-manager/gammastep/default.nix

@@ -0,0 +1,13 @@
+{
+  services.gammastep = {
+    enable = true;
+    provider = "geoclue2";
+    temperature = {
+      day = 6000;
+      night = 4600;
+    };
+    settings = {
+      general.adjustment-method = "wayland";
+    };
+  };
+}

features-home-manager/ghostty/default.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      theme = "catppuccin-mocha";
+      font-size = 12;
+    };
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
+}

features-home-manager/gtk/default.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (inputs.nix-colors.lib-contrib {inherit pkgs;}) gtkThemeFromScheme;
+in {
+  # Do not make conditional, just toggle things on and off
+  imports = [inputs.nix-colors.homeManagerModules.default]; # TODO: what does this do
+
+  # home.sessionVariables.GTK_THEME = "Catppuccin-Mocha-Compact-Blue-dark";
+  gtk = {
+    enable = true;
+    theme = {
+      name = inputs.nix-colors.colorschemes.${config.colorscheme.name}.slug;
+      package = gtkThemeFromScheme {
+        scheme = inputs.nix-colors.colorschemes.${config.colorscheme.name};
+      };
+    };
+    iconTheme = {
+      name = "Papirus-Dark";
+      package = pkgs.papirus-icon-theme;
+    };
+    cursorTheme = {
+      package = pkgs.apple-cursor;
+      name = "macOS";
+      size = 24;
+    };
+  };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+}

features-home-manager/hyprland/default.nix

@@ -0,0 +1,452 @@
+{
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  imports = [
+    # inputs.hyprland.homeManagerModules.default
+    ./waybar
+    ./wofi
+    ./mako
+    # ./hyprlock
+    ./wlogout
+    ../gammastep
+
+    ./swayidle.nix
+    ./swaylock.nix
+    ./zathura.nix
+    ./waypipe.nix
+
+    # ./hyprbars.nix
+  ];
+
+  xdg.portal = {
+    extraPortals = [pkgs.xdg-desktop-portal-wlr];
+    config.hyprland = {
+      default = [
+        "wlr"
+        "gtk"
+      ];
+    };
+  };
+
+  programs.imv.enable = true; # TODO: what is that
+
+  home.packages = with pkgs; [
+    hyprpicker
+    brightnessctl
+    frajul.hyprshot-gui
+    frajul.wl-ocr
+
+    wf-recorder
+    wl-clipboard
+
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))
+
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
+        builtins.concatLists (
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
+        )
+      )
+    ))
+  ];
+
+  services.cliphist = {
+    enable = true;
+  };
+
+  home.sessionVariables = {
+    MOZ_ENABLE_WAYLAND = 1;
+    QT_QPA_PLATFORM = "wayland";
+    LIBSEAT_BACKEND = "logind";
+  };
+
+  # services.hypridle = {
+  #   enable = true;
+  #   settings = {
+  #     general = {
+  #       after_sleep_cmd = "hyprctl dispatch dpms on";
+  #       ignore_dbus_inhibit = false;
+  #       lock_cmd = "hyprlock";
+  #     };
+
+  #     listener = [
+  #       {
+  #         timeout = 300; # 5min
+  #         on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+  #         on-resume = "brightnessctl -r"; # monitor backlight restore.
+  #       }
+
+  #       {
+  #         timeout = 360; # 6min
+  #         on-timeout = "hyprlock"; # lock screen when timeout has passed
+  #       }
+
+  #       {
+  #         timeout = 600; # 10min
+  #         on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
+  #         on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
+  #       }
+  #     ];
+  #   };
+  # };
+
+  # services.hypridle.enable = true; # can be configured
+
+  services.network-manager-applet.enable = true;
+
+  wayland.windowManager.hyprland = {
+    # Whether to enable Hyprland wayland compositor
+    enable = true;
+    # package = config.lib.nixGL.wrap (
+    #   pkgs.hyprland.override {
+    #     # nixgl needed?
+    #     wrapRuntimeDeps = false;
+    #   }
+    # );
+
+    systemd = {
+      enable = true;
+      # Same as default, but stop graphical-session too
+      extraCommands = lib.mkBefore [
+        "systemctl --user stop graphical-session.target"
+        "systemctl --user start hyprland-session.target"
+      ];
+      variables = [
+        "DISPLAY"
+        "HYPRLAND_INSTANCE_SIGNATURE"
+        "WAYLAND_DISPLAY"
+        "XDG_CURRENT_DESKTOP"
+      ];
+    };
+
+    # package = inputs.hyprland.packages."${pkgs.system}".hyprland; # does only work with nixos-unstable
+
+    # The hyprland package to use (simplifies use of plugins)
+    # package = inputs.hyprland.packages.${pkgs.system}.hyprland;
+    # Whether to enable XWayland
+    xwayland.enable = true;
+
+    # Optional
+    # Whether to enable hyprland-session.target on hyprland startup
+    # systemd.enable = true;
+    # Make PATH available to systemd services
+    # systemd.variables = [ "--all" ];
+
+    plugins = [
+      # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # does only work with nixos-unstable
+      # hyprlandPlugins.hyprbars
+    ];
+
+    submaps = {
+      "resize".settings = {
+        binde = [
+          ", right, resizeactive, 20"
+          ", left, resizeactive, -20 0"
+          ", up, resizeactive, 0 -20"
+          ", down, resizeactive, 0 20"
+          ", l, resizeactive, 20"
+          ", h, resizeactive, -20 0"
+          ", k, resizeactive, 0 -20"
+          ", j, resizeactive, 0 20"
+        ];
+
+        bind = [
+          ", q, submap, reset"
+          ", escape, submap, reset"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+      "open, reset".settings = {
+        bind = [
+          ", e, exec, emacs"
+          ", m, exec, open-messaging"
+          ", b, exec, firefox"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+    };
+
+    settings = {
+      "$mod" = "SUPER";
+
+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
+      # Monitors
+      monitor = ",preferred,auto,1";
+
+      # Autostart
+      exec-once = [
+        (lib.getExe pkgs.firefox)
+        (lib.getExe pkgs.waybar)
+      ];
+
+      # Look and Feel
+      general = {
+        gaps_in = 5;
+        gaps_out = 5;
+
+        layout = "dwindle";
+
+        # "col.active_border" = "0xff${palette.base0C} 0xff${palette.base0D} 270deg";
+        # "col.inactive_border" = "0xff${palette.base00}";
+      };
+
+      decoration = {
+        # power saving
+        blur.enabled = false;
+        # power saving
+        shadow.enabled = false;
+      };
+
+      # Dwindle layout
+      dwindle = {
+        pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
+        preserve_split = true; # You probably want this
+        smart_split = false;
+        smart_resizing = false;
+        force_split = 2;
+        # no_gaps_when_only = 2; # with border
+      };
+
+      # Master layout
+      master = {
+        new_status = "slave";
+        # no_gaps_when_only = 2; # with border
+        mfact = 0.5; # Do not make master bigger
+      };
+
+      animations = {
+        enabled = true;
+
+        animation = [
+          "windows,1,3,default,slide"
+          "fade,1,3,default"
+          "layers,1,3,default,slide"
+          "border,1,3,default"
+          "workspaces,1,3,default,slide"
+        ];
+      };
+
+      exec = [
+        "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "correct-workspace-locations"
+      ];
+
+      misc = {
+        # disable auto polling for config file changes
+        disable_autoreload = true;
+
+        force_default_wallpaper = 0;
+
+        vfr = true; # power saving
+      };
+
+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
+      render = {
+        # we do, in fact, want direct scanout
+        direct_scanout = true;
+      };
+
+      # Input
+      input = {
+        kb_layout = "de";
+        natural_scroll = false;
+        follow_mouse = 1;
+      };
+
+      # Window rules
+      windowrulev2 = [
+        "suppressevent maximize, class:.*"
+        "workspace 1, class:firefox"
+        "workspace 8, class:Zotero"
+        "workspace 9, class:nheko"
+        "workspace 9, class:Element"
+        "workspace 9, class:discord"
+        "workspace 9, class:org.telegram.desktop"
+        "workspace 10, class:thunderbird"
+        "float, class:qalculate-gtk"
+        "tile, class:MATLAB, title:MATLAB"
+      ];
+
+      # Workspace rules
+      workspace =
+        [
+          # smart gaps (none when only one window in workspace)
+          "w[t1], gapsin:0, gapsout:0, border:1"
+          "w[tg1], gapsin:0, gapsout:0, border:1"
+          "f[1], gapsin:0, gapsout:0, border:1"
+        ]
+        # builds like "1, e-DP1" "2, HDMI-1" etc.
+        ++ builtins.concatLists (
+          map (monitor: map (ws: "${ws}, monitor:${monitor.name}") monitor.workspaces) config.monitors
+        );
+
+      # Mouse binds
+      bindm = [
+        "$mod, mouse:272, movewindow" # leftclick
+        "$mod, mouse:273, resizewindow" # rightclick
+      ];
+
+      # binds
+      bind =
+        [
+          # compositor commands
+          #
+          #
+          "$mod, R, submap, resize"
+          "$mod, O, submap, open"
+          #
+
+          "$mod, SPACE, focuswindow, floating"
+          "$mod SHIFT, SPACE, togglefloating,"
+          "$mod, F, fullscreen,"
+          "$mod, X, killactive,"
+
+          "$mod, -, togglesplit," # dwindle
+
+          # opening applications
+          "$mod, D, exec, wofi --show drun,run"
+          "$mod, E, exec, pcmanfm"
+          "$mod, Return, exec, ${config.terminal}"
+          "$mod, B, exec, firefox"
+          "$mod, C, exec, qalculate-gtk"
+
+          # other commands
+          "$mod SHIFT, E, exec, wlogout -p layer-shell"
+          "$mod, Escape, exec, wlogout -p layer-shell"
+          "$mod SHIFT, R, exec, hyprctl reload"
+          "$mod, Print, exec, hyprshot-gui"
+          ", Print, exec, hyprshot-gui"
+          "$mod, P, exec, toggle-screen-mirroring; correct-workspace-locations"
+
+          # "$mod SHIFT, E, exec, pkill Hyprland"
+          # "$mod, G, togglegroup,"
+          # "$mod SHIFT, N, changegroupactive, f"
+          # "$mod SHIFT, P, changegroupactive, b"
+          # "$mod ALT, ,resizeactive,"
+
+          # media keys
+          ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
+          ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
+          ", XF86AudioPlay, exec, playerctl play-pause"
+          ", XF86AudioPause, exec, playerctl pause"
+          ", XF86AudioStop, exec, playerctl stop"
+          ", XF86AudioNext, exec, playerctl next"
+          ", XF86AudioPrev, exec, playerctl previous"
+          ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+          ", XF86MonBrightnessUp, exec, brightnessctl --class backlight set 5%+"
+          ", XF86MonBrightnessDown, exec, brightnessctl --class backlight set 5%-"
+
+          # move focus
+          "$mod, left, movefocus, l"
+          "$mod, H, movefocus, l"
+          "$mod, right, movefocus, r"
+          "$mod, L, movefocus, r"
+          "$mod, up, movefocus, u"
+          "$mod, K, movefocus, u"
+          "$mod, down, movefocus, d"
+          "$mod, J, movefocus, d"
+
+          # move window
+          "$mod SHIFT, left, movewindow, l"
+          "$mod SHIFT, H, movewindow, l"
+          "$mod SHIFT, right, movewindow, r"
+          "$mod SHIFT, L, movewindow, r"
+          "$mod SHIFT, up, movewindow, u"
+          "$mod SHIFT, K, movewindow, u"
+          "$mod SHIFT, down, movewindow, d"
+          "$mod SHIFT, J, movewindow, d"
+
+          # Switch workspaces with mainMod + [0-9]
+          "$mod, 1, workspace, 1"
+          "$mod, 2, workspace, 2"
+          "$mod, 3, workspace, 3"
+          "$mod, 4, workspace, 4"
+          "$mod, 5, workspace, 5"
+          "$mod, 6, workspace, 6"
+          "$mod, 7, workspace, 7"
+          "$mod, 8, workspace, 8"
+          "$mod, 9, workspace, 9"
+          "$mod, 0, workspace, 10"
+
+          # Move active window to a workspace with mainMod + SHIFT + [0-9]
+          "$mod SHIFT, 1, movetoworkspace, 1"
+          "$mod SHIFT, 2, movetoworkspace, 2"
+          "$mod SHIFT, 3, movetoworkspace, 3"
+          "$mod SHIFT, 4, movetoworkspace, 4"
+          "$mod SHIFT, 5, movetoworkspace, 5"
+          "$mod SHIFT, 6, movetoworkspace, 6"
+          "$mod SHIFT, 7, movetoworkspace, 7"
+          "$mod SHIFT, 8, movetoworkspace, 8"
+          "$mod SHIFT, 9, movetoworkspace, 9"
+          "$mod SHIFT, 0, movetoworkspace, 10"
+
+          # Move active window to a workspace without following with mainMod + CTRL + [0-9]
+          "$mod CTRL, 1, movetoworkspacesilent, 1"
+          "$mod CTRL, 2, movetoworkspacesilent, 2"
+          "$mod CTRL, 3, movetoworkspacesilent, 3"
+          "$mod CTRL, 4, movetoworkspacesilent, 4"
+          "$mod CTRL, 5, movetoworkspacesilent, 5"
+          "$mod CTRL, 6, movetoworkspacesilent, 6"
+          "$mod CTRL, 7, movetoworkspacesilent, 7"
+          "$mod CTRL, 8, movetoworkspacesilent, 8"
+          "$mod CTRL, 9, movetoworkspacesilent, 9"
+          "$mod CTRL, 0, movetoworkspacesilent, 10"
+        ]
+        ++
+        # Screen lock
+        (
+          let
+            swaylock = lib.getExe config.programs.swaylock.package;
+          in
+            lib.optionals config.programs.swaylock.enable [
+              "$mod,TAB,exec,${swaylock} --daemonize"
+            ]
+        )
+        ++
+        # Notification manager
+        (
+          let
+            makoctl = lib.getExe' config.services.mako.package "makoctl";
+          in
+            lib.optionals config.services.mako.enable [
+              "$mod,w,exec,${makoctl} dismiss"
+              "$mod SHIFT,W,exec,${makoctl} restore"
+            ]
+        );
+
+      # plugin = {
+      #   hyprbars = {
+      #     bar_text_size = 10;
+      #     bar_height = 16;
+      #     bar_text_font = "Ubuntu Nerd Font";
+      #     bar_precedence_over_border = true;
+      #     bar_color = "rgb(${palette.base01})";
+
+      #     hyprbars-button = [ "rgb(${palette.base03}), 14, 󰖭, hyprctl dispatch killactive" ];
+      #   };
+      # };
+    };
+  };
+}

features-home-manager/hyprland/hyprbars.nix

@@ -0,0 +1,76 @@
+{
+  config,
+  pkgs,
+  lib,
+  outputs,
+  ...
+}: let
+  getHostname = x: lib.last (lib.splitString "@" x);
+  # remoteColorschemes = lib.mapAttrs' (n: v: {
+  #   name = getHostname n;
+  #   value = v.config.colorscheme.rawColorscheme.colors.${config.colorscheme.mode};
+  # }) outputs.homeConfigurations;
+  rgb = color: "rgb(${lib.removePrefix "#" color})";
+  rgba = color: alpha: "rgba(${lib.removePrefix "#" color}${alpha})";
+
+  hyprbars =
+    (pkgs.hyprlandPlugins.hyprbars.override {
+      # Make sure it's using the same hyprland package as we are
+      hyprland = config.wayland.windowManager.hyprland.package;
+    }).overrideAttrs
+    (old: {
+      # Yeet the initialization notification (I hate it)
+      postPatch =
+        (old.postPatch or "")
+        + ''
+          ${lib.getExe pkgs.gnused} -i '/Initialized successfully/d' main.cpp
+        '';
+    });
+in {
+  wayland.windowManager.hyprland = {
+    plugins = [hyprbars];
+    settings = {
+      "plugin:hyprbars" = {
+        bar_height = 25;
+        # bar_color = rgba config.colorscheme.colors.surface "dd";
+        # "col.text" = rgb config.colorscheme.colors.primary;
+        # bar_text_font = config.fontProfiles.regular.name;
+        # bar_text_size = config.fontProfiles.regular.size;
+        bar_part_of_window = true;
+        bar_precedence_over_border = true;
+        hyprbars-button = let
+          closeAction = "hyprctl dispatch killactive";
+
+          isOnSpecial = ''hyprctl activewindow -j | jq -re 'select(.workspace.name == "special")' >/dev/null'';
+          moveToSpecial = "hyprctl dispatch movetoworkspacesilent special";
+          moveToActive = "hyprctl dispatch movetoworkspacesilent name:$(hyprctl -j activeworkspace | jq -re '.name')";
+          minimizeAction = "${isOnSpecial} && ${moveToActive} || ${moveToSpecial}";
+
+          maximizeAction = "hyprctl dispatch fullscreen 1";
+        in [
+          # Red close button
+          # "${rgb config.colorscheme.colors.red},12,,${closeAction}"
+          # # Yellow "minimize" (send to special workspace) button
+          # "${rgb config.colorscheme.colors.yellow},12,,${minimizeAction}"
+          # # Green "maximize" (fullscreen) button
+          # "${rgb config.colorscheme.colors.green},12,,${maximizeAction}"
+        ];
+      };
+
+      # windowrulev2 =
+      #   [
+      #     "plugin:hyprbars:bar_color ${rgba config.colorscheme.colors.primary "ee"}, focus:1"
+      #     "plugin:hyprbars:title_color ${rgb config.colorscheme.colors.on_primary}, focus:1"
+      #   ]
+      #   ++ (lib.flatten (
+      #     lib.mapAttrsToList (name: colors: [
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary_container "dd"}, title:\\[${name}\\].*"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary_container}, title:\\[${name}\\].*"
+
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary "ee"}, title:\\[${name}\\].*, focus:1"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary}, title:\\[${name}\\].*, focus:1"
+      #     ]) remoteColorschemes
+      #   ));
+    };
+  };
+}

features-home-manager/hyprland/hyprlock/default.nix

@@ -5,13 +5,12 @@
   pkgs,
   inputs,
   ...
-}:
-let
-  inherit (inputs.nix-colors.colorschemes.${builtins.toString config.modules.desktop.colorscheme})
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
     palette
     ;
-in
-{
+in {
   programs.hyprlock.enable = true;
   programs.hyprlock.settings = {
     general = {

features-home-manager/hyprland/mako/default.nix

@@ -0,0 +1,30 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [libnotify];
+
+  services.mako = {
+    enable = true;
+    settings = {
+      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
+      backgroundColor = "#${palette.base00}";
+      textColor = "#${palette.base05}";
+      borderColor = "#${palette.base0D}";
+      progressColor = "over #${palette.base02}";
+      extraConfig = ''
+          [urgency=high]
+          border-color=#${palette.base09}
+        # '';
+    };
+  };
+}

features-home-manager/hyprland/swayidle.nix

@@ -0,0 +1,58 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  swaylock = "${config.programs.swaylock.package}/bin/swaylock";
+  pgrep = "${pkgs.procps}/bin/pgrep";
+  pactl = "${pkgs.pulseaudio}/bin/pactl";
+  hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl";
+  swaymsg = "${config.wayland.windowManager.sway.package}/bin/swaymsg";
+
+  isLocked = "${pgrep} -x ${swaylock}";
+  lockTime = 4 * 60; # TODO: configurable desktop (10 min)/laptop (4 min)
+
+  # Makes two timeouts: one for when the screen is not locked (lockTime+timeout) and one for when it is.
+  afterLockTimeout = {
+    timeout,
+    command,
+    resumeCommand ? null,
+  }: [
+    {
+      timeout = lockTime + timeout;
+      inherit command resumeCommand;
+    }
+    {
+      command = "${isLocked} && ${command}";
+      inherit resumeCommand timeout;
+    }
+  ];
+in {
+  services.swayidle = {
+    enable = true;
+    systemdTarget = "graphical-session.target";
+    timeouts =
+      # Lock screen
+      [
+        {
+          timeout = lockTime;
+          command = "${swaylock} --daemonize --grace 15";
+        }
+      ]
+      ++
+      # Turn off displays (hyprland)
+      (lib.optionals config.wayland.windowManager.hyprland.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${hyprctl} dispatch dpms off";
+        resumeCommand = "${hyprctl} dispatch dpms on";
+      }))
+      ++
+      # Turn off displays (sway)
+      (lib.optionals config.wayland.windowManager.sway.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${swaymsg} 'output * dpms off'";
+        resumeCommand = "${swaymsg} 'output * dpms on'";
+      }));
+  };
+}

features-home-manager/hyprland/swaylock.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.swaylock = {
+    enable = true;
+    settings = {
+      color = "000000";
+      ignore-empty-password = true;
+      indicator-idle-visible = false;
+    };
+  };
+}

features-home-manager/hyprland/toggle-screen-mirroring.sh

@@ -0,0 +1,67 @@
+#! /usr/bin/env sh
+
+# A hyprland script for a laptop-external-monitor setup, toggling between which is in use
+
+# Launch at startup to make hyprland disable the internal monitor if an external monitor is detected and enabled
+# Additionally it's called with a keybind to switch between a laptop monitor and an external display
+# Ideally the conditional monitor behaviour was instead done directly in hyprland.conf, but I'm not sure whether that's possible
+#
+# Relevant info:
+# - hyprctl monitors: identifies currently enabled monitors
+# - hyprctl monitors all: identifies ALL connected monitors - including those not in use
+#
+# Suggested use:
+# Add this line somewhere after the regular monitor configuration in hyprland.conf:
+# exec = /path/to/hyprland-monitors-toggle.sh
+# Add a keybind to run this script on demand:
+# bind =,SomeKeyHere, exec, /path/to/hyprland-monitors-toggle.sh
+
+#move_all_workspaces_to_monitor() {
+#  TARGET_MONITOR="$1"
+
+#  hyprctl workspaces | grep ^workspace | cut --delimiter ' ' --fields 3 | xargs -I '{}' hyprctl dispatch moveworkspacetomonitor '{}' "$TARGET_MONITOR"
+
+#  # Previous approach
+#  #hyprctl swapactiveworkspaces $EXTERNAL_MONITOR $INTERNAL_MONITOR
+#}
+
+# TODO: Detect these instead of hardcoding them
+INTERNAL_MONITOR="eDP-1"
+EXTERNAL_MONITOR="HDMI-A-1"
+
+# NUM_MONITORS=$(hyprctl monitors all | grep --count Monitor)
+# NUM_MONITORS_ACTIVE=$(hyprctl monitors | grep --count Monitor)
+
+# Make sure all
+# if [ "$NUM_MONITORS_ACTIVE" -eq 1 ]; then
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     exit
+# fi
+
+MIRROR_SETTING=$(hyprctl monitors all -j | jq -r '.[] | select(.name == "HDMI-A-1") | .mirrorOf')
+
+# # For dynamically toggling which monitor is active later via a keybind
+# if [ "$NUM_MONITORS" -gt 1 ]; then # Handling multiple monitors
+#   if hyprctl monitors | cut --delimiter ' ' --fields 2 | grep --quiet ^$EXTERNAL_MONITOR; then
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     hyprctl keyword monitor "$EXTERNAL_MONITOR, disable"
+#   else
+#     hyprctl keyword monitor $EXTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $EXTERNAL_MONITOR
+#     hyprctl keyword monitor "$INTERNAL_MONITOR, disable"
+#   fi
+# else  # If the external monitor is disconnected without running this script first, it might become the case that no monitor is on - therefore turn on the laptop monitor!
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+# fi
+
+echo setting:
+echo $MIRROR_SETTING
+if [ "$MIRROR_SETTING" = "none" ]; then
+    echo "mirroring..."
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1, mirror, $INTERNAL_MONITOR"
+else
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, disable" # shortly disable monitor so waybar recognizes the new monitor again # TODO: find better solution
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1"
+fi

features-home-manager/hyprland/waybar/config.json

@@ -12,7 +12,14 @@
 
     "modules-center": [],
 
-    "modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+    "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+
+    "custom/nixos-update": {
+        "exec": "frajul-auto-upgrade-status",
+        "return-type": "json",
+        "interval": 2,
+        "on-click-right": "frajul-auto-upgrade-toggle"
+    },
 
     "hyprland/workspaces": {
         "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
     },
 
     "idle_inhibitor": {
+        "start-activated": true,
         "format": "{icon}",
         "format-icons": {
             "activated": "",
@@ -75,9 +83,9 @@
             "warning": 30,
             "critical": 15
         },
-        "format": "{icon}  {capacity}% ({time})",
-        "format-charging": "  {capacity}% ({time})",
-        "format-plugged": "  {capacity}% ({time})",
+        "format": "{icon}  {capacity}%",
+        "format-charging": "  {capacity}%",
+        "format-plugged": "  {capacity}%",
         "format-full": "{icon} ",
         "format-icons": ["", "", "", "", ""]
     },

features-home-manager/hyprland/waybar/default.nix

@@ -5,16 +5,12 @@
   lib,
   inputs,
   ...
-}:
-let
-  inherit (inputs.nix-colors.colorschemes.${builtins.toString config.modules.desktop.colorscheme})
-    palette
-    ;
-in
-{
+}: let
+  palette = (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name}).palette;
+in {
   programs.waybar = {
     enable = true;
-    systemd.enable = true;
+    # systemd.enable = true;
     settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
   };
 

features-home-manager/hyprland/waypipe.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  home.packages = [pkgs.waypipe];
+  systemd.user.services = {
+    waypipe-client = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/client.sock client";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/client.sock";
+      };
+      Install.WantedBy = ["graphical-session.target"];
+    };
+    waypipe-server = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        Type = "simple";
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/server.sock %t/wayland-waypipe";
+      };
+      Install.WantedBy = ["default.target"];
+    };
+  };
+}

features-home-manager/hyprland/wlogout/default.nix

@@ -5,14 +5,13 @@
   pkgs,
   inputs,
   ...
-}:
-let
-  inherit (inputs.nix-colors.colorschemes.${builtins.toString config.modules.desktop.colorscheme})
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
     palette
     ;
-in
-{
-  home.packages = with pkgs; [ wlogout ];
+in {
+  home.packages = with pkgs; [wlogout];
 
   # xdg.configFile."wlogout/style.css".text = ''
   #    * {

features-home-manager/hyprland/wofi/default.nix

@@ -5,14 +5,13 @@
   pkgs,
   inputs,
   ...
-}:
-let
-  inherit (inputs.nix-colors.colorschemes.${builtins.toString config.modules.desktop.colorscheme})
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
     palette
     ;
-in
-{
-  home.packages = with pkgs; [ wofi ];
+in {
+  home.packages = with pkgs; [wofi];
 
   xdg.configFile."wofi/config".source = ./config;
   xdg.configFile."wofi/style.css".text = ''

features-home-manager/hyprland/zathura.nix

@@ -0,0 +1,33 @@
+{config, ...}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.zathura = {
+    enable = true;
+    options = {
+      selection-clipboard = "clipboard";
+      # TODO fix
+      # font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}";
+      # recolor = true;
+      # default-bg = "${colors.surface}";
+      # default-fg = "${colors.surface_bright}";
+      # statusbar-bg = "${colors.surface_container}";
+      # statusbar-fg = "${colors.on_surface_variant}";
+      # inputbar-bg = "${colors.surface}";
+      # inputbar-fg = "${colors.on_secondary}";
+      # notification-bg = "${colors.surface}";
+      # notification-fg = "${colors.on_secondary}";
+      # notification-error-bg = "${colors.error}";
+      # notification-error-fg = "${colors.on_error}";
+      # notification-warning-bg = "${colors.error}";
+      # notification-warning-fg = "${colors.on_error}";
+      # highlight-color = "${colors.tertiary}";
+      # highlight-active-color = "${colors.secondary}";
+      # completion-bg = "${colors.surface_bright}";
+      # completion-fg = "${colors.on_surface}";
+      # completions-highlight-bg = "${colors.secondary}";
+      # completions-highlight-fg = "${colors.on_secondary}";
+      # recolor-lightcolor = "${colors.surface}";
+      # recolor-darkcolor = "${colors.inverse_surface}";
+    };
+  };
+}

features-home-manager/i3/default.nix

@@ -1,11 +1,10 @@
 {
   lib,
   pkgs,
-  host,
+  config,
   ...
-}:
-{
-  modules.rofi.enable = true;
+}: {
+  imports = [../rofi];
 
   services.dunst.enable = true;
 
@@ -32,11 +31,13 @@
     package = pkgs.i3-gaps;
   };
 
-  xsession.importedVariables = [ ];
+  xsession.importedVariables = [];
 
   # Overwrite default home-manager config file
   xdg.configFile."i3/config".source = lib.mkForce (
-    if host == "kardorf" then ./i3/config-kardorf else ./i3/config
+    if config.hostName == "kardorf"
+    then ./i3/config-kardorf
+    else ./i3/config
   );
 
   home.file = {
@@ -48,5 +49,5 @@
     ".config/i3status-rust/config.toml".source = ./i3status-rust/config.toml;
   };
 
-  home.sessionPath = [ "/home/julian/.config/i3/scripts" ];
+  home.sessionPath = ["/home/julian/.config/i3/scripts"];
 }

features-home-manager/i3/i3/config-kardorf

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
 
 # Monitor config
-set $monitor_left "DVI-D-0"
-set $monitor_right "DVI-D-1"
+set $monitor_left "DVI-D-1"
+set $monitor_right "DVI-D-2"
 
 workspace $ws1 output $monitor_left
 workspace $ws2 output $monitor_left

features-home-manager/kitty/default.nix

@@ -3,9 +3,7 @@
   pkgs,
   config,
   ...
-}:
-
-{
+}: {
   programs.kitty = {
     enable = true;
     shellIntegration.enableFishIntegration = true;

features-home-manager/neovim/default.nix

@@ -1,13 +1,9 @@
 {
-  lib,
   pkgs,
   inputs,
   ...
-}:
-
-{
-
-  imports = [ inputs.nixvim.homeManagerModules.nixvim ];
+}: {
+  imports = [inputs.nixvim.homeModules.nixvim];
 
   home.sessionVariables = {
     EDITOR = "nvim";
@@ -39,7 +35,8 @@
     opts = {
       number = false;
       relativenumber = false;
-
+      ignorecase = true;
+      smartcase = true;
     };
     clipboard.register = "unnamedplus"; # Use system clipboard
 
@@ -53,7 +50,7 @@
         key = "<leader><space>";
       }
       {
-        action = "<cmd>Telescope file_browser<cr>";
+        action = "<cmd>Telescope file_browser path=%:p:h<cr>";
         key = "<leader>.";
       }
       {
@@ -80,6 +77,7 @@
       neogit.enable = true; # like magit
       trouble.enable = true;
       web-devicons.enable = true;
+      orgmode.enable = true; # org-mode support
 
       # Shows file trees
       oil = {
@@ -92,10 +90,10 @@
       # Code formatting
       conform-nvim = {
         enable = true;
-        settings.formatters_by_ft = with pkgs; {
-          lua = [ "stylua" ];
-          python = [ "black" ];
-          nix = [ "nixfmt" ];
+        settings.formatters_by_ft = {
+          lua = ["stylua"];
+          python = ["black"];
+          nix = ["nixfmt"];
         };
         # extraOptions = {
         #   default_format_opts.lsp_format = "fallback";
@@ -107,9 +105,9 @@
         enable = true;
         autoEnableSources = true;
         settings.sources = [
-          { name = "nvim_lsp"; }
-          { name = "path"; }
-          { name = "buffer"; }
+          {name = "nvim_lsp";}
+          {name = "path";}
+          {name = "buffer";}
         ];
         settings.mapping = {
           "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
@@ -144,21 +142,23 @@
       };
 
       lsp = {
-        enable = true;
+        enable = true; # includes lsp-config, default settings for the lsps
         servers = {
           rust_analyzer = {
             enable = true;
             installCargo = true;
             installRustc = true;
           };
-          nixd.enable = true;
-          pyright.enable = true;
-          dockerls.enable = true;
-          lua_ls.enable = true;
+          nixd.enable = true; # nix
+          pyright.enable = true; # python
+          dockerls.enable = true; # docker
+          lua_ls.enable = true; # lua
+          clangd.enable = true; # c, c++
+          dartls.enable = true; # dart, flutter
+          digestif.enable = true; # latex
+          tinymist.enable = true; # typst
         };
       };
-
     };
-
   };
 }

features-home-manager/nix-helper/default.nix

@@ -1,12 +1,6 @@
-{
-  lib,
-  pkgs,
-  ...
-}:
-
-{
+{pkgs, ...}: {
   home.sessionVariables = {
-    FLAKE = "/home/julian/.dotfiles";
+    NH_FLAKE = "/home/julian/.dotfiles";
   };
 
   home.shellAliases = {
@@ -14,5 +8,5 @@
     "hs" = "nh home switch";
   };
 
-  home.packages = with pkgs; [ nh ];
+  home.packages = with pkgs; [nh];
 }

features-home-manager/qt-distrobox/default.nix

@@ -0,0 +1,22 @@
+{
+  programs.distrobox = {
+    enable = true;
+    containers."qt-distrobox" = {
+      image = "debian:12.2";
+      exported_apps = "qtcreator";
+      enableSystemdUnit = false; # fails in creating and does not recreate. Do distrobox-assemble create --replace --file ~/.config/distrobox/containers.ini instead
+      additional_packages = [
+        "qtcreator"
+        "qt6-base-dev"
+        "qt6-wayland"
+        "qt6-tools-dev-tools"
+        "qt6-tools-dev"
+        "qt6-serialbus-dev"
+        "qt6-websockets-dev"
+        "libgl1-mesa-dev"
+        "build-essential"
+        "cmake"
+      ];
+    };
+  };
+}

features-home-manager/rofi/default.nix

@@ -2,13 +2,11 @@
   lib,
   pkgs,
   ...
-}:
-
-{
+}: {
   # this would need you to config rofi using home-manager
   # programs.rofi = { enable = true; };
 
-  home.packages = with pkgs; [ rofi ];
+  home.packages = with pkgs; [rofi];
 
   home.file = {
     ".config/rofi/config.rasi".source = ./config.rasi;

features-home-manager/suites/cli/default.nix

@@ -1,12 +1,7 @@
-{
-  pkgs,
-  ...
-}:
-
-{
+{pkgs, ...}: {
   home.packages = with pkgs; [
     bat
-    du-dust # Like du tree but better
+    dust # Like du tree but better
     fd # better find
     fdupes # find and delete duplicate files
     ffmpeg
@@ -24,12 +19,11 @@
     links2 # Tui web-browser
     lnav # log analyzing tool
     mc # Tui file browser
-    # nix-index
     nmap
     p7zip # unzip 7zip archives
     parted
     pciutils # lspci
-    poppler_utils # Pdf utils including pdfimages
+    poppler-utils # Pdf utils including pdfimages
     libqalculate # Nice tui calculator (qalc)
     ripgrep # better grep
     rnr # renaming tool
@@ -45,6 +39,7 @@
     wireguard-tools # wg-quick
     xorg.xkill
     zip
+    dig
 
     ## My scripts
     frajul.edit-config

features-home-manager/suites/desktop/default.nix

@@ -1,10 +1,6 @@
-{
-  lib,
-  pkgs,
-  ...
-}:
+{pkgs, ...}: {
+  imports = [../../gtk];
 
-{
   services.blueman-applet.enable = true;
   services.nextcloud-client.enable = true;
   services.nextcloud-client.startInBackground = true;
@@ -17,43 +13,45 @@
     enable = true;
     extensions = [
       # Tampermonkey
-      { id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; }
+      {id = "dhdgffkkebhmkfjojejmpbldmpobfkfo";}
     ];
   };
 
   home.packages = with pkgs; [
     arandr
     calibre # ebook manager and viewer
-    digikam
+    # digikam
     discord
+    discord-ptb # in case discord updates take their time
     # dvdisaster
     # element-desktop
     # rocketchat-desktop
     thunderbird
-    tdesktop # telegram
+    telegram-desktop # telegram
     # schildichat-desktop # not updated regularly
     nheko
+    element-desktop
     evince # Simple pdf reader, good for focusing on document content
     firefox
     # geogebra
     cheese
     handbrake
-    kitty # Terminal
+    # kitty # Terminal, already available as feature
     libnotify
     libreoffice
     mate.engrampa
     nomacs # Image viewer
-    okular # Pdf reader with many features, good for commenting documents
+    kdePackages.okular # Pdf reader with many features, good for commenting documents
     pavucontrol
     pdfsam-basic # Split, merge, etc for pdfs
     qalculate-gtk # Nice gui calculator
     qpdfview
     # qutebrowser
     # realvnc-vnc-viewer
-    rpi-imager # make isos
+    # rpi-imager # make isos
     # rustdesk
     tor-browser
-    unstable.path-of-building # Path of Building
+    rusty-path-of-building # Path of Building for poe1 and poe2
     # frajul.pob-dev-version # Path of Building
     vlc
     wineWowPackages.stable # 32-bit and 64-bit wine
@@ -65,8 +63,12 @@
     zotero # Manage papers and other sources
     pdfpc # Present slides in pdf form
 
+    networkmanager-openvpn
+    keepassxc
+
     ## My scripts
     frajul.open-messaging
     frajul.xwacomcalibrate
+    frajul.pob2-frajul
   ];
 }

features-home-manager/suites/development/default.nix

@@ -1,9 +1,8 @@
-{
-  pkgs,
-  ...
-}:
-
-{
+{pkgs, ...}: {
+  programs.opencode = {
+    enable = true;
+    package = pkgs.unstable.opencode;
+  };
 
   home.packages = with pkgs; [
     watchexec # Run command when any file in current dir changes
@@ -15,7 +14,7 @@
     clippy
     cntr # nix debugger
     conda
-    micromamba # a better, faster conda
+    # micromamba # a better, faster conda
     devcontainer # development container
     devenv # devbox alternative
     dbeaver-bin
@@ -27,20 +26,26 @@
     unstable.zed-editor
     jdk
     julia-bin
-    (texlive.combine {
-      # for rendering latex in inkscape
-      inherit (texlive)
-        scheme-medium
-        standalone
-        amsmath
-        preview
-        ;
-    })
+    # (texlive.combine {
+    #   # for rendering latex in inkscape
+    #   inherit
+    #     (texlive)
+    #     scheme-medium
+    #     standalone
+    #     amsmath
+    #     preview
+    #     # needed for org mode export
+    #     wrapfig
+    #     capt-of
+    #     biblatex
+    #     ;
+    # })
+    vagrant
     matlab # Using nix-matlab overlay defined in flake
     maven
     nodejs
     pkg-config # Often needed to build something
-    pwndbg # improved gdb (debugger)
+    # pwndbg # improved gdb (debugger)
     python3
     rust-analyzer
     rustc
@@ -63,6 +68,7 @@
 
     ## My scripts
     frajul.deploy-to-pianopi
+    # frajul.rtklib
 
     (pkgs.writeShellScriptBin "matlab-rsp" ''
       matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl

features-home-manager/tmux/default.nix

@@ -0,0 +1,10 @@
+{
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    keyMode = "vi";
+    customPaneNavigationAndResize = true; # use hjkl
+    mouse = true;
+    prefix = "C-Space"; # use instead of C-b
+  };
+}

features-home-manager/topgrade/default.nix

@@ -7,8 +7,7 @@
       misc.assume_yes = true;
       misc.no_retry = true;
 
-      pre_commands."Update flake" =
-        "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
+      # pre_commands."Update flake" = "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
 
       linux.nix_arguments = "--flake /home/julian/.dotfiles";
       linux.home_manager_arguments = [

features-home-manager/wezterm/default.nix

@@ -3,9 +3,7 @@
   pkgs,
   config,
   ...
-}:
-
-{
+}: {
   programs.wezterm = {
     enable = true;
     extraConfig = ''

features-home-manager/yazi/default.nix

@@ -2,16 +2,12 @@
   pkgs,
   inputs,
   ...
-}:
-{
-  programs.zoxide.enable = true;
-  programs.zoxide.enableFishIntegration = true;
-
+}: {
   home.packages = with pkgs; [
     exiftool
     unar # extract archives
-    xdragon # dragndrop
-    poppler_utils # pdf preview
+    dragon-drop # dragndrop
+    poppler-utils # pdf preview
     fd
     ripgrep
     fzf
@@ -27,7 +23,7 @@
   programs.yazi.enable = true;
   programs.yazi.enableFishIntegration = true;
   programs.yazi.settings.manager = {
-    sort_by = "modified";
+    sort_by = "mtime";
     sort_reverse = true;
     show_hidden = true;
   };
@@ -36,29 +32,29 @@
     manager.prepend_keymap = [
       # Override defaults
       {
-        on = [ "e" ];
+        on = ["e"];
         run = ''shell --orphan --confirm "pcmanfm &"'';
         desc = "Open gui file manager";
       }
       {
-        on = [ "<C-o>" ];
+        on = ["<C-o>"];
         run = ''shell "$SHELL" --block --confirm'';
         desc = "Open shell here";
       }
       {
-        on = [ "<C-n>" ];
+        on = ["<C-n>"];
         run = ''shell 'dragon -x -i -T "$1"' --confirm'';
         desc = "Dragndrop via dragon";
       }
       {
-        on = [ "<Enter>" ];
+        on = ["<Enter>"];
         run = "plugin --sync smart-enter";
         desc = "Enter the child directory, or open the file";
       }
     ];
     input.prepend_keymap = [
       {
-        on = [ "<Esc>" ];
+        on = ["<Esc>"];
         run = "close";
         desc = "Cancel input";
       }

features-home-manager/zsh/default.nix

@@ -2,13 +2,12 @@
   lib,
   pkgs,
   ...
-}:
-{
+}: {
   home.file = {
     ".config/starship.toml".source = ./starship.toml;
   };
 
-  home.packages = with pkgs; [ starship ];
+  home.packages = with pkgs; [starship];
 
   programs.starship = {
     enable = true;
@@ -28,14 +27,14 @@
       enable = true;
       plugins = [
         # list of plugins: https://github.com/unixorn/awesome-zsh-plugins
-        { name = "agkozak/zsh-z"; }
+        {name = "agkozak/zsh-z";}
         {
           name = "zsh-users/zsh-completions";
         }
 
         # make it behave like fish
-        { name = "zsh-users/zsh-autosuggestions"; }
-        { name = "zsh-users/zsh-history-substring-search"; }
+        {name = "zsh-users/zsh-autosuggestions";}
+        {name = "zsh-users/zsh-history-substring-search";}
         {
           name = "zsh-users/zsh-syntax-highlighting";
         } # must be last sourced plugin

features-nixos/base/auto-upgrade.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: {
+    system.hydraAutoUpgrade = {
+      # Only enable if not dirty
+      enable = inputs.self ? rev;
+      dates = "*:0/10"; # Every 10 minutes
+      instance = "http://hydra.julian-mutter.de";
+      project = "dotfiles";
+      jobset = "main";
+      job = "hosts.${config.networking.hostName}";
+      oldFlakeRef = "self";
+    };
+  };
+}

features-nixos/base/default.nix

@@ -0,0 +1,40 @@
+# Common config for all hosts
+{
+  flake.nixosModules.base = {
+    inputs,
+    outputs,
+    pkgs,
+    lib,
+    ...
+  }: {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+    ];
+
+    # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+    # Enables non-free firmware
+    hardware.enableRedistributableFirmware = true;
+
+    # Networking
+    networking.networkmanager = {
+      enable = true;
+      plugins = with pkgs; [
+        networkmanager-openconnect
+      ];
+    };
+    services.resolved.enable = false;
+    # MDNS Taken by avahi
+    # networking.networkmanager.dns = "none";
+    networking.nameservers = lib.mkDefault [
+      "1.1.1.1"
+      "8.8.8.8"
+    ];
+
+    # HM module
+    home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+    home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
+    home-manager.extraSpecialArgs = {
+      inherit inputs outputs;
+    };
+  };
+}

features-nixos/base/fish.nix

@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.base = {
+    programs.fish = {
+      enable = true;
+      vendor = {
+        completions.enable = true;
+        config.enable = true;
+        functions.enable = true;
+      };
+    };
+  };
+}

features-nixos/base/locale.nix

@@ -0,0 +1,28 @@
+{
+  flake.nixosModules.base = {
+    # Select internationalisation properties.
+    i18n.defaultLocale = "en_US.UTF-8";
+
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+
+    # Keymap
+    services.xserver.xkb = {
+      layout = "de";
+      variant = "";
+    };
+
+    console.keyMap = "de";
+
+    time.timeZone = "Europe/Berlin";
+  };
+}

features-nixos/base/nix.nix

@@ -0,0 +1,48 @@
+{
+  flake.nixosModules.base = {outputs, ...}: {
+    # Apply overlays
+    nixpkgs = {
+      # TODO: apply this to hm and nixos without duplicate code
+      overlays = builtins.attrValues outputs.overlays;
+      config = {
+        nvidia.acceptLicense = true;
+        allowUnfree = true;
+        allowUnfreePredicate = _: true; # TODO: what is this
+        warn-dirty = false;
+        permittedInsecurePackages = [
+          "olm-3.2.16"
+        ];
+      };
+    };
+
+    # optimize at every build, slows down builds
+    # better to do optimise.automatic for regular optimising
+    # nix.settings.auto-optimise-store = lib.mkDefault true;
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+    ];
+    # warn-dirty = false;
+
+    nix.gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+      persistent = true;
+    };
+    nix.optimise = {
+      automatic = true;
+      dates = ["weekly"]; # Optional; allows customizing optimisation schedule
+      persistent = true;
+    };
+
+    programs.nix-ld.enable = true;
+
+    # TODO: is this useful?, what does it do?
+    # nix.settings.flake-registry = ""; # Disable global flake registry
+    # Add each flake input as a registry and nix_path
+    # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+    # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+}

features-nixos/base/root.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.base = {pkgs, ...}: {
+    # Packages needed as root
+    environment.systemPackages = with pkgs; [
+      vim
+      htop
+      mc
+      gparted-xhost # needs to be installed as system package so it can be actually opened
+    ];
+  };
+}

features-nixos/base/sops/secrets.yaml

@@ -1,9 +1,7 @@
 #ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
+julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
 wifi:
     pianonix: ENC[AES256_GCM,data:Ty1wElfVj+CU9bTbpuYIk2dA4fgFm59PkQGqvODn51Q=,iv:bLomyTlOW2Z4rPbue7Klo6Jt5lR+44AuL+dIMFgDNAE=,tag:DuH2ayeb19dkPi9xmbAu3A==,type:str]
-password:
-    aspi: ENC[AES256_GCM,data:vh7eCsrz2VSn/DLLSG7p3Qn/OGWkVo4+54GpkukOwJ4G+jaE4wrIsKBGxON1uIxWLcR1LkR7g4vZc/sY1D+4JvDlvBfjzGKPkw==,iv:Jwk2THv0V3jsFbEIBJnGMlSOR89yaVKOW97fpgfAWcM=,tag:1WQMM9i3yL20hUJ+VvCTIA==,type:str]
-    pianonix: ENC[AES256_GCM,data:BWTSuDE2YozRKuK4PW0vhIzojTCi0qb0dChiiNvjv/D+71TsnZ8NuWlasY/2OBfv1VgID4xFWDqBvD7BgVh+/rvVnE544UzaiQ==,iv:On1J//kCuVvpPyj+NyWu7lyMzr7I/ouWGzL9xDbT+wo=,tag:RO87P4YgMjmD8TzgGJvwrw==,type:str]
 syncthing:
     public-keys:
         aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
@@ -12,40 +10,44 @@ syncthing:
         key: ENC[AES256_GCM,data:IaCXIRDMWCHj3lTKpkLg1Nd3pX4bktWg4WjZPGKgTBCLVkMi/SDtlaoNhDz+a+Vt6jYTXHS4exFnIVJ878nWSrA1sD2NHXmfsMh1kkLhub68qv0M33dBXvgX0vQ51Z1WMoti73yDUjJH8Ym5yF/SCg2+RbkVf+4pe2hSlAzwkGP6YC2rbCE5sZG31C55MkaGC6zwo2ZpZXdVhCW845SqAc11cF/OeEHb9B1FS3rd+El7rlJHrIEVQTkomNLshcspb13H0z3vNhtfu9pPkGxee8Hp/hEhFQ+waWBAg4w15yKihjHJmhzdjhDHCilvwYaceb7b5OwARuuiruQ+cJ40bdnStDpi2ouP8QJjEi7tmKWeplZ0X70PVZJFH/e/mTH5,iv:3hQMB4ka31w3chXXwjl/1IHF8ES/RobZVeugMC3ddlU=,tag:j8wwrNQUQbCEGtcriSpc4g==,type:str]
         cert: ENC[AES256_GCM,data:v9LO8qpeGDDV6I+AJU5iTYKKBV6qgr1ddwLvBVEOYyvmtPNeqaatYaK6vMBCabBIhxQu2NC96pREvWu1UHbxaMWvSCT1TzrIPrcFm+gKCH6PIPhqcnQpdGa3OYn01ohThpLp8hEmVUpJ0FO/AnE1QHK0VfPqJ3S0uHLjSCBJtxLmcBWNVvlcTU/P68QIQkrYAQRAtz9aDS+JNpUKhwCJBgjpY1Thj8Lj/fpc1t0qWo3BKIL3eW5iSlUW0iEriFS0bkMr4Bi9mNqpO26l1eZ3IXFJy/7pkqhmXXW83qOaF9AFXgg41p1Kjw4G6isB/obuhR7Z4oQ/AtkSU0wxHP4mF0AWrvC7/YGlrDG9aPYUEWOexTTBHkm89PhgEa69sekbzac7mYYFi/MIdU34ks4oc8ZIChWpT+V66mbo4f+3mn7raih5SLnyEMS7ENBes9cQC7SghSpB7D8c/2+q74A5aEZHUWRhqiDEx9IggP43SiWuNnb/HyZw16RUB7xnQKPs7LzAVlLC6M7ZETUmyEDEWWOsDY8+0Li4wuD3z4WXLAD9nP43TMx4GNoafjG+0Gu05hSR8fWv8strRCtIWjzK3wMaD9VT/cbt2oqOBkJcaqIW8+lM+ktk1WsD4Kc1DQ4q5O2oMrdPOWI9xZOs7DQTFshLHuvxutN05vgEUovI1vbMOl7SIzUW8YUY9PN0ofC7zwQlEJxfOdqT0nwv9vmqikSMP6V3jXgP5OnPb4KVx8G27X0oCjN++dJgDxdkh2JiLR9JaJHNmYPtLlP7hU4NsBpRpd9ObxRlv+uIbF2o0I8PGXMo3IVnRjrFDrRyoth2UJ+YUMGCVuonoS+nZLMCNz1xwRMaZBYjSEESmxc2Ilwdu3XTzd1KF282UvumBpRwcNxvsmPhI84v/XV8TJE8Z7YxyO3RYBQHD5+OuHOHKTtlajnKpSp/m0p0QR7rrGFoDuDKp+Z81MKz8wz3/8GG+sDh0pgniUfNyrmLroLPdT6nj0brvSVWYmOIJHDHKqM+6HZok5PyS+uHlb5dzwnmrd9OmhmwPVdkP5s=,iv:X9VNz2nsN4ywu3E0c+agwZCl43I4bt6jHz0jMoMFTJQ=,tag:RZUWa4h5JoIiZaDrYgcAeg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY3lFZlIyRnZOMzNQdnJ2
-            Z0xQQnY1eHFYekVMV3M0UE5hK2xkbStveFRnCncwVVduSEFFQkpwME5XQzF2Z0tK
-            MnhFQ3ZZMk51aGJHUmJFbHA4d1dmdkEKLS0tIHBkVEhaZEY5ZGtYcXRkZzREa0xR
-            eUNsNjE2VS9MTjNtYWluUjJhYXVuTmcKq175s9vx1tPVS+voO+HSkyaT+GbjC/Z+
-            PyKVKyqFAJCRcNP2byaFgAHjXtDFZdipt/0lbw+4UfHrZGpn+9B59Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
+            WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
+            bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
+            WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
+            52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRmxCNUE4MTdZNWlOcmxX
-            RmhDS2NpQ0hoWG83SDlIeVhXaFdxNE4yTUVzCkRxS3M5aU5mdWZkYnpNeC9YR3BX
-            N1NEdzlyTm9YT3NQSnowWTZUc1FvYWsKLS0tICs2OVo2djNjUW0yOG41ZTJQeFFB
-            djFENU5USG1QSnRVdlErN1h5bXJhYzQKPDvAHIMR/vT47zbeK3NsS+jSl4HSFRIA
-            NbSKwTbEGn963metTh4HJItdWBAOyiCc3l1Ye49ms9JhYM8n4wHLRQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
+            akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
+            M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
+            aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
+            86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+        - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeHJ3NmMzaTh0Zm13Vm1r
-            RmNtMi9FYmJGUmxXeEppM3Fnazl1NTl3ajJjCjFrbXM4WGdOV05qckhkbjlSODZR
-            a0VuakllVTdOc2Uxd3BqRmtsN3NJdHcKLS0tIHRRMXFEcWNZOFE4dFJycGdGTzdP
-            WittUTFFNU5kUWdGcncwdWRQSi9STTgK3GuwolsItCEt3Dh5Lycb8TjfaHTuV/JB
-            P2KSuVsbgjYuCJSknYmSZ+9gdTYC8cVqDnKo7HYFNrCDHZ0P4QwGSg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
+            WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
+            MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
+            ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
+            zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-25T10:20:02Z"
-    mac: ENC[AES256_GCM,data:5bw+S6T99ZxY9jWtlfShtQLwgl5OusHU1tXQ88iVW3EmWAiGLEr8/45S0DtQfjz9rmaEpMwa0ZC7kyXgubE7RopxirG7p5w6h/S0G8nJk0SPPKL/mvTL0cfdeOEGSNfVZNcScCVXZ/if3TZzVZQ+dsNkUWXN7bDYqrJO3dfVk30=,iv:1xm9L708K1Q6WzfZKNlJavLK24lsoBzU1qTRLg9APjs=,tag:GWwNBSiNl9EUYOt1Vn10/g==,type:str]
-    pgp: []
+        - recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
+            TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
+            UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
+            VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
+            AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-04-23T07:00:17Z"
+    mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.10.1

features-nixos/base/sops/sops.nix

@@ -0,0 +1,24 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: let
+    isEd25519 = k: k.type == "ed25519";
+    getKeyPath = k: k.path;
+    keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+  in {
+    imports = [inputs.sops-nix.nixosModules.sops];
+
+    sops.age = {
+      sshKeyPaths = map getKeyPath keys;
+
+      # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
+      # keyFile = "/home/julian/.config/sops/age/keys.txt";
+      # Generate key if none of the above worked. With this, building will still work, just without secrets
+      generateKey = false; # TODO: building should not work without secrets!?
+    };
+
+    sops.defaultSopsFile = ./secrets.yaml;
+  };
+}

features-nixos/optional/authentication.nix

@@ -0,0 +1,31 @@
+{
+  flake.nixosModules.authentication = {
+    pkgs,
+    lib,
+    ...
+  }: {
+    # Make programs like nextcloud client access saved passwords
+    services.gnome.gnome-keyring.enable = true;
+
+    programs.seahorse.enable = true;
+    programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+
+    # Make authentication work for e.g. gparted
+    security.polkit.enable = true;
+    systemd = {
+      user.services.polkit-gnome-authentication-agent-1 = {
+        description = "polkit-gnome-authentication-agent-1";
+        wantedBy = ["graphical-session.target"];
+        wants = ["graphical-session.target"];
+        after = ["graphical-session.target"];
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+          Restart = "on-failure";
+          RestartSec = 1;
+          TimeoutStopSec = 10;
+        };
+      };
+    };
+  };
+}

features-nixos/optional/avahi.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.avahi = {
+    # MDNS on local network
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      nssmdns6 = true;
+      publish.enable = true;
+      publish.addresses = true;
+      ipv4 = true;
+      ipv6 = true;
+    };
+  };
+}

features-nixos/optional/binarycaches.nix

@@ -0,0 +1,33 @@
+{
+  flake.nixosModules.binarycaches = {
+    lib,
+    outputs,
+    ...
+  }: {
+    # Setup binary caches
+    nix.settings = {
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+        "https://hyprland.cachix.org"
+        "http://binarycache.julian-mutter.de"
+        "https://devenv.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+      ];
+
+      trusted-users = [
+        "root"
+        "@wheel"
+      ]; # needed for devenv to add custom caches
+
+      # Ensure we can still build when missing-server is not accessible
+      fallback = true;
+    };
+  };
+}

features-nixos/optional/boot-efi.nix

@@ -0,0 +1,19 @@
+{
+  flake.nixosModules.boot-efi = {
+    # Bootloader
+    # Use this for simple nix boot menu, if no dual boot required
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.configurationLimit = 10;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
+    boot.loader.systemd-boot.editor = false;
+
+    boot.supportedFilesystems = [
+      "btrfs"
+      "ntfs"
+      "nfs"
+      "cifs"
+    ];
+  };
+}

features-nixos/optional/docker.nix

@@ -0,0 +1,7 @@
+{
+  flake.nixosModules.docker = {
+    virtualisation.docker = {
+      enable = true;
+    };
+  };
+}

features-nixos/optional/flatpak.nix

@@ -0,0 +1,8 @@
+{
+  flake.nixosModules.flatpak = {pkgs, ...}: {
+    services.flatpak.enable = true;
+    xdg.portal.enable = true;
+    xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+    xdg.portal.config.common.default = "*"; # Use first portal implementation found
+  };
+}

features-nixos/optional/gamemode.nix

@@ -0,0 +1,23 @@
+{
+  flake.nixosModules.gamemode = {pkgs, ...}: {
+    programs.gamemode = {
+      enable = true;
+      settings = {
+        general = {
+          softrealtime = "auto";
+          inhibit_screensaver = 1;
+          renice = 5;
+        };
+        # gpu = {
+        #   apply_gpu_optimisations = "accept-responsibility";
+        #   gpu_device = 1;
+        #   amd_performance_level = "high";
+        # };
+        custom = {
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+        };
+      };
+    };
+  };
+}

features-nixos/optional/gdm.nix

@@ -0,0 +1,15 @@
+{
+  flake.nixosModules.gdm = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.displayManager.gdm = {
+      enable = true;
+    };
+
+    # unlock GPG keyring on login
+    security.pam.services.gdm.enableGnomeKeyring = true;
+  };
+}

features-nixos/optional/greetd.nix

@@ -0,0 +1,39 @@
+{
+  flake.nixosModules.greetd = {config, ...}: let
+    homeCfgs = config.home-manager.users;
+    julianCfg = homeCfgs.julian;
+  in {
+    users.extraUsers.greeter = {
+      # For caching
+      home = "/tmp/greeter-home";
+      createHome = true;
+    };
+
+    programs.regreet = {
+      enable = true;
+      iconTheme = julianCfg.gtk.iconTheme;
+      theme = julianCfg.gtk.theme;
+      # font = julianCfg.fontProfiles.regular; # TODO: do
+      cursorTheme = {
+        inherit (julianCfg.gtk.cursorTheme) name package;
+      };
+      cageArgs = [
+        "-s"
+        "-m"
+        "last"
+      ]; # multimonitor use last monitor
+      # settings.background = {
+      #   path = julianCfg.wallpaper;
+      #   fit = "Cover";
+      # }; # TODO: fix
+
+      # TODO: setting keyboard language does not work
+      # settings = {
+      #   env = {
+      #     XKB_DEFAULT_LAYOUT = "de";
+      #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+      #   };
+      # };
+    };
+  };
+}

features-nixos/optional/i3.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.i3 = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.windowManager.i3.enable = true;
+    services.xserver.windowManager.i3.package = pkgs.i3-gaps;
+    services.displayManager.defaultSession = "none+i3";
+
+    programs.xss-lock = {
+      # responds to "loginctl lock-session" via dbus
+      enable = true;
+      lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
+    };
+  };
+}

features-nixos/optional/kerberos.nix

@@ -0,0 +1,25 @@
+{
+  flake.nixosModules.kerberos = {
+    security.krb5.enable = true;
+    security.krb5.settings = {
+      # domain_realm = {
+      #   ".julian-mutter.de" = "julian-mutter.de";
+      #   "julian-mutter.de" = "julian-mutter.de";
+      # };
+      libdefaults = {
+        default_realm = "julian-mutter.de";
+        #   dns_lookup_realm = true;
+        #   dns_lookup_kdc = true;
+        #   ticket_lifetime = "24h";
+        #   renew_lifetime = "7d";
+      };
+      realms = {
+        "julian-mutter.de" = {
+          kdc = ["kerberos.julian-mutter.de"];
+          admin_server = "kerberos-admin.julian-mutter.de";
+          default_domain = "julian-mutter.de";
+        };
+      };
+    };
+  };
+}

features-nixos/optional/openssh.nix

@@ -0,0 +1,51 @@
+{
+  flake.nixosModules.openssh = {
+    outputs,
+    lib,
+    config,
+    ...
+  }: let
+    hosts = lib.attrNames outputs.nixosConfigurations;
+  in {
+    services.openssh = {
+      enable = true;
+      settings = {
+        # Harden
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+
+        # TODO: what does this do
+        # Let WAYLAND_DISPLAY be forwarded
+        AcceptEnv = "WAYLAND_DISPLAY";
+        X11Forwarding = true;
+      };
+
+      hostKeys = [
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    };
+
+    # TODO: is automatic known hosts file even necessary?
+    # programs.ssh = {
+    #   # Each hosts public key
+    #   knownHosts = lib.genAttrs hosts (hostname: {
+    #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
+    #     extraHostNames =
+    #       [
+    #         # "${hostname}.m7.rs"
+    #       ]
+    #       ++
+    #         # Alias for localhost if it's the same host
+    #         (lib.optional (hostname == config.networking.hostName) "localhost")
+    #       # Alias to m7.rs and git.m7.rs if it's alcyone
+    #       ++ (lib.optionals (hostname == "alcyone") [
+    #         "m7.rs"
+    #         "git.m7.rs"
+    #       ]);
+    #   });
+    # };
+  };
+}

features-nixos/optional/pcmanfm.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.pcmanfm = {pkgs, ...}: {
+    environment.systemPackages = with pkgs; [
+      shared-mime-info # extended mimetype support
+      lxmenu-data # open with "Installed Applications"
+      pcmanfm
+    ];
+
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+  };
+}

features-nixos/optional/pipewire.nix

@@ -0,0 +1,30 @@
+{
+  flake.nixosModules.pipewire = {
+    security.rtkit.enable = true;
+    services.pulseaudio.enable = false;
+    services.pipewire = {
+      enable = true;
+      wireplumber.enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+      extraConfig.pipewire = {
+        "99-no-bell" = {
+          # Disable bell sound
+          "context.properties" = {
+            "module.x11.bell" = false;
+          };
+        };
+        "10-increase-buffer" = {
+          "context.properties" = {
+            "default.clock.rate" = 48000;
+            "default.clock.quantum" = 1024;
+            "default.clock.min-quantum" = 1024;
+            "default.clock.max-quantum" = 2048;
+          };
+        };
+      };
+    };
+  };
+}

features-nixos/optional/podman.nix

@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.podman = {config, ...}: let
+    dockerEnabled = config.virtualisation.docker.enable;
+  in {
+    virtualisation.podman = {
+      enable = true;
+      dockerCompat = !dockerEnabled;
+      dockerSocket.enable = !dockerEnabled;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+}

features-nixos/optional/redshift.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.redshift = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    # Set location used by redshift
+    location.provider = "manual";
+    location.latitude = 47.92;
+    location.longitude = 10.12;
+    services.redshift.enable = true;
+  };
+}

features-nixos/optional/remote-builder.nix

@@ -0,0 +1,36 @@
+{
+  flake.nixosModules.remote-builder = {
+    nix.distributedBuilds = true;
+    nix.settings.builders-use-substitutes = true;
+
+    nix.buildMachines = [
+      {
+        hostName = "builder.julian-mutter.de";
+        protocol = "ssh";
+        sshUser = "nix";
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
+        maxJobs = 4;
+        speedFactor = 3;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
+        mandatoryFeatures = [];
+      }
+      # {
+      #   hostName = "localhost";
+      #   protocol = null;
+      #   systems = [
+      #     "x86_64-linux"
+      #   ];
+      #   maxJobs = 4;
+      #   speedFactor = 1;
+      # }
+    ];
+  };
+}

features-nixos/optional/thunar.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.thunar = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    programs.thunar.enable = true;
+    programs.xfconf.enable = true; # Persist saved preferences
+    programs.thunar.plugins = with pkgs.xfce; [
+      thunar-archive-plugin
+      thunar-volman
+      thunar-media-tags-plugin
+    ];
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+    services.tumbler.enable = true; # Thumbnail support for images
+  };
+}

features-nixos/optional/virtualbox.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.virtualbox = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    virtualisation.virtualbox.host.enable = true;
+    # virtualisation.virtualbox.host.enableExtensionPack = true;
+    # virtualisation.virtualbox.guest.enable = true;
+    # virtualisation.virtualbox.guest.x11 = true;
+    users.extraGroups.vboxusers.members = ["julian"];
+  };
+}

features-nixos/optional/wireguard.nix

@@ -0,0 +1,14 @@
+{
+  flake.nixosModules.wireguard = {
+    networking.wg-quick.interfaces = {
+      julian = {
+        configFile = "/etc/wireguard/julian.conf";
+        autostart = true; # This interface is started on boot
+      };
+      comu = {
+        configFile = "/etc/wireguard/comu.conf";
+        autostart = false;
+      };
+    };
+  };
+}

features-nixos/optional/wireshark.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.wireshark = {
+    programs.wireshark = {
+      enable = true;
+      dumpcap.enable = true;
+      usbmon.enable = true;
+    };
+
+    users.users.julian.extraGroups = ["wireshark"];
+  };
+}

features-nixos/optional/xserver.nix

@@ -0,0 +1,8 @@
+{
+  flake.nixosModules.xserver = {
+    services.xserver = {
+      enable = true;
+      wacom.enable = true;
+    };
+  };
+}

features-nixos/users/julian/default.nix

@@ -0,0 +1,52 @@
+{
+  flake.nixosModules.users.julian = {
+    pkgs,
+    config,
+    lib,
+    ...
+  }: let
+    ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  in {
+    users.mutableUsers = false;
+    users.users.julian = {
+      description = "Julian";
+      group = "julian";
+      isNormalUser = true;
+      uid = 1000;
+      shell = pkgs.fish;
+      extraGroups = ifTheyExist [
+        "networkmanager"
+        "wheel"
+        "audio"
+        "realtime"
+        "rtkit"
+        "network"
+        "video"
+        "podman"
+        "docker"
+        "git"
+        "gamemode"
+        "dialout"
+      ];
+
+      openssh.authorizedKeys.keys = lib.splitString "\n" (
+        builtins.readFile ../../../../homes/julian/ssh.pub
+      );
+      # hashedPasswordFile = config.sops.secrets.julian-password.path;
+      hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
+      packages = [pkgs.home-manager];
+    };
+    users.groups.julian = {
+      gid = 1000;
+    };
+
+    sops.secrets.julian-password = {
+      sopsFile = ../../secrets.yaml;
+      neededForUsers = true;
+    };
+
+    home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix;
+
+    security.pam.services.swaylock = {}; # Make swaylock unlocking work
+  };
+}