Update flake.lock 2025-04-28

Normally I wont have VPN access on standalone

.dotter/global.toml

@@ -1,61 +0,0 @@
-[helpers]
-
-[default]
-depends = []
-
-[manjaro.files]
-manjaro = "~"
-
-[mc.files]
-mc = "~/.config/mc"
-
-[vim.files]
-# type symbolic prevents interpreting '{{' as template
-"vim/.vimrc" = { target = "~/.vimrc", type = "symbolic" }
-
-[nvim.files]
-"vim/init.vim" = { target = "~/.config/nvim/init.vim", type = "symbolic" }
-
-[i3.files]
-"i3/i3" = "~/.config/i3"
-"i3/i3blocks" = { target = "~/.config/i3blocks", type = "symbolic" }
-"i3/rofi" = "~/.config/rofi"
-"i3/i3-scrot.conf" = "~/.config/i3-scrot.conf"
-"i3/i3status-rust" = "~/.config/i3status-rust"
-"i3/.profile" = "~/.profile"
-
-[i3.variables]
-monitor-primary = "not-specified"
-monitor-secondary = "not-specified"
-screenlayout-script = "echo screenlayout-script not specified"
-bar-font-size = 15
-tray-output = "tray_output primary"
-
-[emacs.files]
-"emacs/doom" = "~/.config/doom"
-# "emacs/spacemacs/.spacemacs" = "~/.spacemacs"
-# "emacs/chemacs/.emacs-profiles.el" = "~/.emacs-profiles.el"
-
-[alacritty.files]
-alacritty = "~/.config/alacritty"
-
-[starship.files]
-starship = "~/.config/"
-
-[zsh.files]
-"zsh/.zshrc" = "~/.zshrc"
-"zsh/custom-plugins" = "~/.oh-my-zsh/custom"
-
-[polybar.files]
-polybar = "~/.config/polybar"
-
-[leftwm.files]
-leftwm = "~/.config/leftwm"
-
-[xmonad.files]
-xmonad = "~/.xmonad"
-
-[nix.files]
-"direnvrc" = "~/.config/direnv/direnvrc"
-"nix/configuration.nix" = "/etc/nixos/configuration.nix"
-"nix/flake.nix" = "/etc/nixos/flake.nix"

.dotter/kardorf.toml

@@ -1,6 +0,0 @@
-[i3.variables]
-monitor-primary = "DVI-D-0"
-monitor-secondary = "DVI-D-1"
-screenlayout-script = "~/.screenlayout/2desktop-dvi.sh"
-bar-font-size = 15
-tray-output = "tray_output DVI-D-1"

.dotter/laptop-at-home.toml

@@ -1,4 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-screenlayout-script = "~/.screenlayout/laptop-at-home.sh"

.dotter/laptop.toml

@@ -1,5 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-tray-output = "tray_output eDP-1"
-screenlayout-script = "$scripts/display-layoutpicker"

.dotter/local.kardorf.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/kardorf.toml"]
-packages = ["i3", "emacs", "alacritty", "zsh", "starship", "nix"]

.dotter/local.laptop.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/laptop.toml"]
-packages = []

.gitea/workflows/update-flake.yaml

@@ -25,6 +25,7 @@ jobs:
       - name: Rebase from master branch
         shell: bash
         run: |
+            git fetch origin master
             commits_ahead=$(git rev-list --count HEAD..origin/master)
             echo "Commits ahead: $commits_ahead"
             git log --oneline -5

.sops.yaml

@@ -1,8 +1,10 @@
 keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-  - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
   - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+
 creation_rules:
   - path_regex: hosts/common/secrets.yaml$
     key_groups:
@@ -10,6 +12,7 @@ creation_rules:
       - *primary
       - *aspi-ssh
       - *pianonix-ssh
+      - *kardorf-ssh
 
   - path_regex: hosts/builder/secrets.yaml$
     key_groups:
@@ -17,7 +20,7 @@ creation_rules:
       - *primary
       - *builder-ssh
 
-  - path_regex: hosts/pianonix/secrets.yaml$
+  - path_regex: hosts/pianonix/secrets*
     key_groups:
     - age:
       - *primary

Readme.org

@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
 ** Authorize new device
 - Generate public key from ssh -> Private age key generation not needed
 #+begin_src sh
-ssh-to-age < /etc/ssh/ssh_host_ed25519_key
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
 #+end_src
 - Add age public key to file:.sops.yaml
 - Update keys

flake.nix

@@ -2,16 +2,21 @@
   description = "Home Manager configuration of julian";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
     systems.url = "github:nix-systems/default-linux";
     nixos-hardware.url = "github:nixos/nixos-hardware";
     impermanence.url = "github:nix-community/impermanence";
     nix-colors.url = "github:misterio77/nix-colors";
     deploy-rs.url = "github:serokell/deploy-rs";
 
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     sops-nix = {
@@ -28,16 +33,12 @@
     };
 
     # Various flakes
-    alacritty-theme = {
-      url = "github:alacritty/alacritty-theme";
-      flake = false;
-    };
     yazi-flavors = {
       url = "github:yazi-rs/flavors";
       flake = false;
     };
     nixvim = {
-      url = "github:nix-community/nixvim";
+      url = "github:nix-community/nixvim/nixos-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-matlab = {
@@ -88,7 +89,7 @@
 
     packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
     devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+    formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
 
     nixosConfigurations = {
       # Main laptop
@@ -106,7 +107,13 @@
         };
       };
       kardorf = lib.nixosSystem {
-        modules = [./hosts/pianonix];
+        modules = [./hosts/kardorf];
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      builder = lib.nixosSystem {
+        modules = [./hosts/builder];
         specialArgs = {
           inherit inputs outputs;
         };
@@ -142,7 +149,7 @@
           ./homes/julian/kardorf.nix
           ./homes/julian/hm-standalone-config.nix
         ];
-        pkgs = pkgsFor.aarch64-linux;
+        pkgs = pkgsFor.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
         };
@@ -152,7 +159,7 @@
           ./homes/julian/v3ms
           ./homes/julian/hm-standalone-config.nix
         ];
-        pkgs = pkgsFor.aarch64-linux;
+        pkgs = pkgsFor.x86_64-linux;
         extraSpecialArgs = {
           inherit inputs outputs;
         };
@@ -181,5 +188,15 @@
         };
       };
     };
+
+    # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
+    pianonix-image = inputs.nixos-generators.nixosGenerate {
+      system = "aarch64-linux";
+      format = "sd-aarch64";
+      modules = [./hosts/pianonix];
+      specialArgs = {
+        inherit inputs outputs;
+      };
+    };
   };
 }

homes/julian/aspi.nix

@@ -1,22 +1,21 @@
 {
   imports = [
     ./global
+
     ./features/fish
     ./features/direnv
     ./features/topgrade
     ./features/neovim
-    ./features/kitty
+    ./features/ghostty
     ./features/wezterm
     ./features/alacritty
     ./features/yazi
     ./features/emacs
-    # ./features/i3
+    ./features/tmux
+    ./features/qt-distrobox
 
     ./features/hyprland
 
-    ./features/nix-helper
-    ./features/desktop
-
     ./features/suites/cli
     ./features/suites/desktop
     ./features/suites/development
@@ -24,5 +23,36 @@
 
   hostName = "aspi";
   is-nixos = true;
-  terminal = "kitty";
+  terminal = "alacritty";
+
+  #  -------   ----------
+  # | eDP-1 | | HDMI-A-1 |
+  #  -------   ----------
+  monitors = [
+    {
+      name = "HDMI-A-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "eDP-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
 }

homes/julian/features/alacritty/alacritty.toml

@@ -1,3 +0,0 @@
-import = [
-    "~/.config/alacritty/theme/themes/smoooooth.toml"
-]

homes/julian/features/alacritty/default.nix

@@ -1,15 +1,12 @@
 {
   lib,
-  pkgs,
-  inputs,
   config,
   ...
 }: {
-  home.packages = with pkgs; [alacritty];
-
-  home.file = {
-    ".config/alacritty/theme".source = "${inputs.alacritty-theme}";
-    ".config/alacritty/alacritty.toml".source = ./alacritty.toml;
+  programs.alacritty = {
+    enable = true;
+    settings = {};
+    theme = "smoooooth";
   };
 
   home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";

homes/julian/features/emacs/default.nix

@@ -52,6 +52,14 @@ in {
       shfmt
       pyright
       clang-tools # c++ lsp etc
+      ccls # alternative c++ lsp
+      cmake
+      bear
+      cmake-language-server
+
+      # qt6.full # qt tools and libs including lsp
+      tinymist # typst lsp
+
       ltex-ls # latex languagetool
 
       graphviz

homes/julian/features/fish/default.nix

@@ -47,6 +47,10 @@ with lib; {
         end
         nix shell $args
       '';
+      fish_user_key_bindings = ''
+        bind ctrl-space 'zi; commandline -f repaint'
+        bind -M insert ctrl-space 'zi; commandline -f repaint'
+      '';
     };
   };
 }

homes/julian/features/fonts/default.nix

@@ -12,7 +12,7 @@ with lib; {
     dejavu_fonts
     noto-fonts
     noto-fonts-cjk-sans
-    noto-fonts-emoji
+    noto-fonts-color-emoji
     liberation_ttf
     fira-code
     fira-code-symbols

homes/julian/features/ghostty/default.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      theme = "catppuccin-mocha";
+      font-size = 12;
+    };
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
+}

homes/julian/features/gtk/default.nix

@@ -24,8 +24,10 @@ in {
     };
     cursorTheme = {
       package = pkgs.apple-cursor;
-      name = "macOS-BigSur";
+      name = "macOS";
       size = 24;
     };
   };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
 }

homes/julian/features/hyprland/default.nix

@@ -24,7 +24,7 @@ in {
     ./zathura.nix
     ./waypipe.nix
 
-    ./hyprbars.nix
+    # ./hyprbars.nix
   ];
 
   xdg.portal = {
@@ -40,15 +40,29 @@ in {
   programs.imv.enable = true; # TODO: what is that
 
   home.packages = with pkgs; [
-    # hyprpicker # TODO
-    # hyprcursor # TODO
+    hyprpicker
     brightnessctl
-    # grimblast
     frajul.hyprshot-gui
     frajul.wl-ocr
 
     wf-recorder
     wl-clipboard
+
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))
+
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
+        builtins.concatLists (
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
+        )
+      )
+    ))
   ];
 
   services.cliphist = {
@@ -141,11 +155,17 @@ in {
     settings = {
       "$mod" = "SUPER";
 
+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
       # Monitors
-      monitor = ",preferred,auto,auto";
+      monitor = ",preferred,auto,1";
 
       # Autostart
-      exec-once = ["firefox"];
+      exec-once = [
+        (lib.getExe pkgs.firefox)
+        (lib.getExe pkgs.waybar)
+      ];
 
       # Look and Feel
       general = {
@@ -196,6 +216,7 @@ in {
 
       exec = [
         "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "correct-workspace-locations"
       ];
 
       misc = {
@@ -207,6 +228,10 @@ in {
         vfr = true; # power saving
       };
 
+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
       render = {
         # we do, in fact, want direct scanout
         direct_scanout = true;
@@ -223,7 +248,9 @@ in {
       windowrulev2 = [
         "suppressevent maximize, class:.*"
         "workspace 1, class:firefox"
+        "workspace 8, class:Zotero"
         "workspace 9, class:nheko"
+        "workspace 9, class:discord"
         "workspace 9, class:org.telegram.desktop"
         "workspace 10, class:thunderbird"
         "float, class:qalculate-gtk"
@@ -231,23 +258,17 @@ in {
       ];
 
       # Workspace rules
-      workspace = [
-        "1, monitor:HDMI-A-1"
-        "2, monitor:HDMI-A-1"
-        "3, monitor:HDMI-A-1"
-        "4, monitor:HDMI-A-1"
-        "5, monitor:HDMI-A-1"
-        "6, monitor:eDP-1"
-        "7, monitor:eDP-1"
-        "8, monitor:eDP-1"
-        "9, monitor:eDP-1"
-        "10, monitor:eDP-1"
-
-        # smart gaps (none when only one window in workspace)
-        "w[t1], gapsin:0, gapsout:0, border:1"
-        "w[tg1], gapsin:0, gapsout:0, border:1"
-        "f[1], gapsin:0, gapsout:0, border:1"
-      ];
+      workspace =
+        [
+          # smart gaps (none when only one window in workspace)
+          "w[t1], gapsin:0, gapsout:0, border:1"
+          "w[tg1], gapsin:0, gapsout:0, border:1"
+          "f[1], gapsin:0, gapsout:0, border:1"
+        ]
+        # builds like "1, e-DP1" "2, HDMI-1" etc.
+        ++ builtins.concatLists (
+          map (monitor: map (ws: "${ws}, monitor:${monitor.name}") monitor.workspaces) config.monitors
+        );
 
       # Mouse binds
       bindm = [
@@ -269,7 +290,7 @@ in {
           # opening applications
           "$mod, D, exec, wofi --show drun,run"
           "$mod, E, exec, pcmanfm"
-          "$mod, Return, exec, kitty"
+          "$mod, Return, exec, ${config.terminal}"
           "$mod, B, exec, firefox"
           "$mod, C, exec, qalculate-gtk"
 
@@ -277,7 +298,9 @@ in {
           "$mod SHIFT, E, exec, wlogout -p layer-shell"
           "$mod, Escape, exec, wlogout -p layer-shell"
           "$mod SHIFT, R, exec, hyprctl reload"
+          "$mod, Print, exec, hyprshot-gui"
           ", Print, exec, hyprshot-gui"
+          "$mod, P, exec, toggle-screen-mirroring; correct-workspace-locations"
 
           # "$mod SHIFT, E, exec, pkill Hyprland"
           # "$mod, G, togglegroup,"

homes/julian/features/hyprland/mako/default.nix

@@ -15,14 +15,16 @@ in {
 
   services.mako = {
     enable = true;
-    defaultTimeout = 5000; # milliseconds, can be overwritten by notification sender
-    # backgroundColor = "#${palette.base00}"; TODO fix
-    # textColor = "#${palette.base05}";
-    # borderColor = "#${palette.base0D}";
-    # progressColor = "over #${palette.base02}";
-    # extraConfig = ''
-    #   [urgency=high]
-    #   border-color=#${palette.base09}
-    # '';
+    settings = {
+      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
+      backgroundColor = "#${palette.base00}";
+      textColor = "#${palette.base05}";
+      borderColor = "#${palette.base0D}";
+      progressColor = "over #${palette.base02}";
+      extraConfig = ''
+          [urgency=high]
+          border-color=#${palette.base09}
+        # '';
+    };
   };
 }

homes/julian/features/hyprland/toggle-screen-mirroring.sh

@@ -0,0 +1,67 @@
+#! /usr/bin/env sh
+
+# A hyprland script for a laptop-external-monitor setup, toggling between which is in use
+
+# Launch at startup to make hyprland disable the internal monitor if an external monitor is detected and enabled
+# Additionally it's called with a keybind to switch between a laptop monitor and an external display
+# Ideally the conditional monitor behaviour was instead done directly in hyprland.conf, but I'm not sure whether that's possible
+#
+# Relevant info:
+# - hyprctl monitors: identifies currently enabled monitors
+# - hyprctl monitors all: identifies ALL connected monitors - including those not in use
+#
+# Suggested use:
+# Add this line somewhere after the regular monitor configuration in hyprland.conf:
+# exec = /path/to/hyprland-monitors-toggle.sh
+# Add a keybind to run this script on demand:
+# bind =,SomeKeyHere, exec, /path/to/hyprland-monitors-toggle.sh
+
+#move_all_workspaces_to_monitor() {
+#  TARGET_MONITOR="$1"
+
+#  hyprctl workspaces | grep ^workspace | cut --delimiter ' ' --fields 3 | xargs -I '{}' hyprctl dispatch moveworkspacetomonitor '{}' "$TARGET_MONITOR"
+
+#  # Previous approach
+#  #hyprctl swapactiveworkspaces $EXTERNAL_MONITOR $INTERNAL_MONITOR
+#}
+
+# TODO: Detect these instead of hardcoding them
+INTERNAL_MONITOR="eDP-1"
+EXTERNAL_MONITOR="HDMI-A-1"
+
+# NUM_MONITORS=$(hyprctl monitors all | grep --count Monitor)
+# NUM_MONITORS_ACTIVE=$(hyprctl monitors | grep --count Monitor)
+
+# Make sure all
+# if [ "$NUM_MONITORS_ACTIVE" -eq 1 ]; then
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     exit
+# fi
+
+MIRROR_SETTING=$(hyprctl monitors all -j | jq -r '.[] | select(.name == "HDMI-A-1") | .mirrorOf')
+
+# # For dynamically toggling which monitor is active later via a keybind
+# if [ "$NUM_MONITORS" -gt 1 ]; then # Handling multiple monitors
+#   if hyprctl monitors | cut --delimiter ' ' --fields 2 | grep --quiet ^$EXTERNAL_MONITOR; then
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     hyprctl keyword monitor "$EXTERNAL_MONITOR, disable"
+#   else
+#     hyprctl keyword monitor $EXTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $EXTERNAL_MONITOR
+#     hyprctl keyword monitor "$INTERNAL_MONITOR, disable"
+#   fi
+# else  # If the external monitor is disconnected without running this script first, it might become the case that no monitor is on - therefore turn on the laptop monitor!
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+# fi
+
+echo setting:
+echo $MIRROR_SETTING
+if [ "$MIRROR_SETTING" = "none" ]; then
+    echo "mirroring..."
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1, mirror, $INTERNAL_MONITOR"
+else
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, disable" # shortly disable monitor so waybar recognizes the new monitor again # TODO: find better solution
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1"
+fi

homes/julian/features/hyprland/waybar/config.json

@@ -12,7 +12,14 @@
 
     "modules-center": [],
 
-    "modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+    "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+
+    "custom/nixos-update": {
+        "exec": "frajul-auto-upgrade-status",
+        "return-type": "json",
+        "interval": 2,
+        "on-click-right": "frajul-auto-upgrade-toggle"
+    },
 
     "hyprland/workspaces": {
         "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
     },
 
     "idle_inhibitor": {
+        "start-activated": true,
         "format": "{icon}",
         "format-icons": {
             "activated": "",

homes/julian/features/hyprland/waybar/default.nix

@@ -10,7 +10,7 @@
 in {
   programs.waybar = {
     enable = true;
-    systemd.enable = true;
+    # systemd.enable = true;
     settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
   };
 

homes/julian/features/i3/i3/config-kardorf

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
 
 # Monitor config
-set $monitor_left "DVI-D-0"
-set $monitor_right "DVI-D-1"
+set $monitor_left "DVI-D-1"
+set $monitor_right "DVI-D-2"
 
 workspace $ws1 output $monitor_left
 workspace $ws2 output $monitor_left

homes/julian/features/i3/i3/scripts/open-messaging

@@ -1,27 +0,0 @@
-#!/bin/sh
-
-start_if_not_running()
-{
-    program=$1
-    pidof -sq $program
-    if [ "$?" -eq "1" ]; then
-        start_program $1
-    else
-        echo "$program is already running"
-    fi
-}
-
-start_program()
-{
-    program=$1
-    echo "Starting $program..."
-    $program & > /dev/null
-}
-
-i3-msg 'workspace 9; append_layout ~/.config/i3/workspace-messaging.json'
-start_program nheko
-sleep 0.1
-start_program telegram-desktop
-sleep 0.1
-start_program thunderbird
-sleep 0.1

homes/julian/features/i3/i3/scripts/pulse_popup

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-HDMI_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp_3__sink"
-LAPTOP_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp__sink"
-
-HDMI_ICON=$(pactl info | grep -q $HDMI_SINK && echo "checkbox")
-LAPTOP_ICON=$(pactl info | grep -q $LAPTOP_SINK && echo "checkbox")
-
-HDMI_VOLUME=$(pactl get-sink-volume $HDMI_SINK | head -n 1 | awk '{print $5}')
-LAPTOP_VOLUME=$(pactl get-sink-volume $LAPTOP_SINK | head -n 1 | awk '{print $5}')
-
-read -r -d '' CONF <<EOF
-Open Pavucontrol,pavucontrol,pavucontrol
-
-^sep()
-HDMI - $HDMI_VOLUME,pactl set-default-sink $HDMI_SINK,$HDMI_ICON
-Laptop - $LAPTOP_VOLUME,pactl set-default-sink $LAPTOP_SINK,$LAPTOP_ICON
-EOF
-
-echo "$CONF" | jgmenu --simple

homes/julian/features/neovim/default.nix

@@ -3,8 +3,9 @@
   pkgs,
   inputs,
   ...
-}: {
-  imports = [inputs.nixvim.homeManagerModules.nixvim];
+}:
+{
+  imports = [ inputs.nixvim.homeModules.nixvim ];
 
   home.sessionVariables = {
     EDITOR = "nvim";
@@ -36,6 +37,8 @@
     opts = {
       number = false;
       relativenumber = false;
+      ignorecase = true;
+      smartcase = true;
     };
     clipboard.register = "unnamedplus"; # Use system clipboard
 
@@ -49,7 +52,7 @@
         key = "<leader><space>";
       }
       {
-        action = "<cmd>Telescope file_browser<cr>";
+        action = "<cmd>Telescope file_browser path=%:p:h<cr>";
         key = "<leader>.";
       }
       {
@@ -76,6 +79,7 @@
       neogit.enable = true; # like magit
       trouble.enable = true;
       web-devicons.enable = true;
+      orgmode.enable = true; # org-mode support
 
       # Shows file trees
       oil = {
@@ -89,9 +93,9 @@
       conform-nvim = {
         enable = true;
         settings.formatters_by_ft = with pkgs; {
-          lua = ["stylua"];
-          python = ["black"];
-          nix = ["nixfmt"];
+          lua = [ "stylua" ];
+          python = [ "black" ];
+          nix = [ "nixfmt" ];
         };
         # extraOptions = {
         #   default_format_opts.lsp_format = "fallback";
@@ -103,9 +107,9 @@
         enable = true;
         autoEnableSources = true;
         settings.sources = [
-          {name = "nvim_lsp";}
-          {name = "path";}
-          {name = "buffer";}
+          { name = "nvim_lsp"; }
+          { name = "path"; }
+          { name = "buffer"; }
         ];
         settings.mapping = {
           "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
@@ -140,17 +144,21 @@
       };
 
       lsp = {
-        enable = true;
+        enable = true; # includes lsp-config, default settings for the lsps
         servers = {
           rust_analyzer = {
             enable = true;
             installCargo = true;
             installRustc = true;
           };
-          nixd.enable = true;
-          pyright.enable = true;
-          dockerls.enable = true;
-          lua_ls.enable = true;
+          nixd.enable = true; # nix
+          pyright.enable = true; # python
+          dockerls.enable = true; # docker
+          lua_ls.enable = true; # lua
+          clangd.enable = true; # c, c++
+          dartls.enable = true; # dart, flutter
+          digestif.enable = true; # latex
+          tinymist.enable = true; # typst
         };
       };
     };

homes/julian/features/nix-helper/default.nix

@@ -1,10 +1,6 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
   home.sessionVariables = {
-    FLAKE = "/home/julian/.dotfiles";
+    NH_FLAKE = "/home/julian/.dotfiles";
   };
 
   home.shellAliases = {

homes/julian/features/qt-distrobox/default.nix

@@ -0,0 +1,22 @@
+{
+  programs.distrobox = {
+    enable = true;
+    containers."qt-distrobox" = {
+      image = "debian:12.2";
+      exported_apps = "qtcreator";
+      enableSystemdUnit = false; # fails in creating and does not recreate. Do distrobox-assemble create --replace --file ~/.config/distrobox/containers.ini instead
+      additional_packages = [
+        "qtcreator"
+        "qt6-base-dev"
+        "qt6-wayland"
+        "qt6-tools-dev-tools"
+        "qt6-tools-dev"
+        "qt6-serialbus-dev"
+        "qt6-websockets-dev"
+        "libgl1-mesa-dev"
+        "build-essential"
+        "cmake"
+      ];
+    };
+  };
+}

homes/julian/features/suites/cli/default.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   home.packages = with pkgs; [
     bat
-    du-dust # Like du tree but better
+    dust # Like du tree but better
     fd # better find
     fdupes # find and delete duplicate files
     ffmpeg
@@ -24,7 +24,7 @@
     p7zip # unzip 7zip archives
     parted
     pciutils # lspci
-    poppler_utils # Pdf utils including pdfimages
+    poppler-utils # Pdf utils including pdfimages
     libqalculate # Nice tui calculator (qalc)
     ripgrep # better grep
     rnr # renaming tool
@@ -40,6 +40,7 @@
     wireguard-tools # wg-quick
     xorg.xkill
     zip
+    dig
 
     ## My scripts
     frajul.edit-config

homes/julian/features/suites/desktop/default.nix

@@ -1,8 +1,6 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
+  imports = [../../gtk];
+
   services.blueman-applet.enable = true;
   services.nextcloud-client.enable = true;
   services.nextcloud-client.startInBackground = true;
@@ -24,19 +22,21 @@
     calibre # ebook manager and viewer
     # digikam
     discord
+    discord-ptb # in case discord updates take their time
     # dvdisaster
     # element-desktop
     # rocketchat-desktop
     thunderbird
-    tdesktop # telegram
+    telegram-desktop # telegram
     # schildichat-desktop # not updated regularly
     nheko
     evince # Simple pdf reader, good for focusing on document content
     firefox
+    vivaldi
     # geogebra
     cheese
     handbrake
-    kitty # Terminal
+    # kitty # Terminal, already available as feature
     libnotify
     libreoffice
     mate.engrampa
@@ -48,10 +48,10 @@
     qpdfview
     # qutebrowser
     # realvnc-vnc-viewer
-    rpi-imager # make isos
+    # rpi-imager # make isos
     # rustdesk
     tor-browser
-    unstable.path-of-building # Path of Building
+    rusty-path-of-building # Path of Building for poe1 and poe2
     # frajul.pob-dev-version # Path of Building
     vlc
     wineWowPackages.stable # 32-bit and 64-bit wine
@@ -63,8 +63,12 @@
     zotero # Manage papers and other sources
     pdfpc # Present slides in pdf form
 
+    networkmanager-openvpn
+    keepassxc
+
     ## My scripts
     frajul.open-messaging
     frajul.xwacomcalibrate
+    frajul.pob2-frajul
   ];
 }

homes/julian/features/suites/development/default.nix

@@ -9,7 +9,7 @@
     clippy
     cntr # nix debugger
     conda
-    micromamba # a better, faster conda
+    # micromamba # a better, faster conda
     devcontainer # development container
     devenv # devbox alternative
     dbeaver-bin
@@ -21,16 +21,21 @@
     unstable.zed-editor
     jdk
     julia-bin
-    (texlive.combine {
-      # for rendering latex in inkscape
-      inherit
-        (texlive)
-        scheme-medium
-        standalone
-        amsmath
-        preview
-        ;
-    })
+    # (texlive.combine {
+    #   # for rendering latex in inkscape
+    #   inherit
+    #     (texlive)
+    #     scheme-medium
+    #     standalone
+    #     amsmath
+    #     preview
+    #     # needed for org mode export
+    #     wrapfig
+    #     capt-of
+    #     biblatex
+    #     ;
+    # })
+    vagrant
     matlab # Using nix-matlab overlay defined in flake
     maven
     nodejs
@@ -58,6 +63,7 @@
 
     ## My scripts
     frajul.deploy-to-pianopi
+    frajul.rtklib
 
     (pkgs.writeShellScriptBin "matlab-rsp" ''
       matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl

homes/julian/features/tmux/default.nix

@@ -0,0 +1,10 @@
+{
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    keyMode = "vi";
+    customPaneNavigationAndResize = true; # use hjkl
+    mouse = true;
+    prefix = "C-Space"; # use instead of C-b
+  };
+}

homes/julian/features/topgrade/default.nix

@@ -7,7 +7,7 @@
       misc.assume_yes = true;
       misc.no_retry = true;
 
-      pre_commands."Update flake" = "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
+      # pre_commands."Update flake" = "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
 
       linux.nix_arguments = "--flake /home/julian/.dotfiles";
       linux.home_manager_arguments = [

homes/julian/features/yazi/default.nix

@@ -9,8 +9,8 @@
   home.packages = with pkgs; [
     exiftool
     unar # extract archives
-    xdragon # dragndrop
-    poppler_utils # pdf preview
+    dragon-drop # dragndrop
+    poppler-utils # pdf preview
     fd
     ripgrep
     fzf
@@ -26,7 +26,7 @@
   programs.yazi.enable = true;
   programs.yazi.enableFishIntegration = true;
   programs.yazi.settings.manager = {
-    sort_by = "modified";
+    sort_by = "mtime";
     sort_reverse = true;
     show_hidden = true;
   };

homes/julian/global/default.nix

@@ -1,5 +1,4 @@
 {
-  inputs,
   lib,
   pkgs,
   config,
@@ -9,8 +8,7 @@
   imports =
     [
       ../features/fonts
-      # ../features/cli
-      # ../features/helix
+      ../features/nix-helper
     ]
     ++ (builtins.attrValues outputs.homeManagerModules);
 
@@ -22,7 +20,7 @@
         "flakes"
         "ca-derivations"
       ];
-      # warn-dirty = false; # TODO: do I want it? also for systems
+      warn-dirty = false; # TODO: do I want it? also for systems
     };
   };
 

homes/julian/hm-standalone-config.nix

@@ -19,12 +19,13 @@
       "https://nix-community.cachix.org"
       "https://cache.nixos.org/"
       "https://hyprland.cachix.org"
-      "http://binarycache.julian-mutter.de"
+      "https://devenv.cachix.org"
     ];
     trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
     ];
 
     trusted-users = [
@@ -39,5 +40,8 @@
     ];
 
     # nix.settings. # warn-dirty = false; # TODO: do I want this
+    #
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
   };
 }

homes/julian/kardorf.nix

@@ -6,13 +6,16 @@
     ./features/direnv
     ./features/topgrade
     ./features/neovim
-    ./features/kitty
+    ./features/ghostty
     ./features/wezterm
+    ./features/alacritty
     ./features/yazi
     ./features/emacs
-    ./features/i3
-    ./features/nix-helper
-    ./features/desktop
+
+    ./features/tmux
+    ./features/qt-distrobox
+    ./features/hyprland
+    # ./features/i3
 
     ./features/suites/cli
     ./features/suites/desktop
@@ -21,5 +24,36 @@
 
   hostName = "kardorf";
   is-nixos = true;
-  terminal = "kitty";
+  terminal = "alacritty";
+
+  #  ---------   ---------
+  # | DVI-D-1 | | DVI-D-2 |
+  #  ---------   ---------
+  monitors = [
+    {
+      name = "DVI-D-1";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "DVI-D-2";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
 }

homes/julian/pianonix.nix

@@ -7,16 +7,15 @@
     ./features/neovim
     ./features/wezterm
     ./features/yazi
-    ./features/nix-helper
-    ./features/desktop
+    ./features/gtk
   ];
 
   hostName = "pianonix";
   is-nixos = true;
   terminal = "wezterm";
 
-  services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+  # services.syncthing.tray.enable = true;
+  # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
 
   home.packages = with pkgs; [
     music-reader
@@ -28,9 +27,34 @@
     onboard
   ];
 
+  programs.firefox = {
+    enable = true;
+
+    profiles.default = {
+      isDefault = true;
+
+      settings = {
+        "browser.startup.homepage" = "https://sheets.julian-mutter.de";
+        "browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
+      };
+    };
+  };
+
+  programs.chromium = {
+    enable = true;
+
+    # commandLineArgs = [
+    #   "--homepage=https://sheets.julian-mutter.de"
+    #   "--no-first-run"
+    # ];
+  };
+
   # Autostart link
   home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
+    ".config/autostart/onboard.desktop".source = "${pkgs.onboard}/share/applications/onboard.desktop";
+    # ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
     ".config/sheet-organizer/config.toml".text = ''
       working_directory = "/home/julian/Klavier"
     '';

homes/julian/v3ms/default.nix

@@ -13,12 +13,15 @@
     ../features/yazi
     ../features/emacs
     ../features/nix-helper
+    ../features/qt-distrobox
   ];
 
   hostName = "aspi";
   is-nixos = false;
   # terminal = "kitty";
 
+  home.sessionPath = ["/snap/bin"];
+
   home.packages =
     lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})
     [

homes/julian/v3ms/fonts.nix

@@ -5,7 +5,7 @@ with pkgs; [
   dejavu_fonts
   noto-fonts
   noto-fonts-cjk-sans
-  noto-fonts-emoji
+  noto-fonts-color-emoji
   liberation_ttf
   fira-code
   fira-code-symbols

homes/julian/v3ms/packages.nix

@@ -31,7 +31,7 @@ with pkgs; [
   ffmpeg
   julia-bin
 
-  poppler_utils # Pdf utils including pdfimages
+  poppler-utils # Pdf utils including pdfimages
   sage
 
   pkg-config # Often needed to build something

hosts/aspi/default.nix

@@ -4,6 +4,9 @@
 
     ../common/global
     ../common/users/julian
+    ../common/users/yukari
+    ../common/users/pob
+    ../common/optional/binarycaches.nix
 
     ../common/optional/remote-builder.nix
     ../common/optional/boot-efi.nix
@@ -26,21 +29,30 @@
   networking.hostName = "aspi";
   system.stateVersion = "24.05";
 
+  # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work
+
   modules = {
     syncthing = {
       enable = true;
       overrideSettings = false;
     };
+    frajulAutoUpgrade = {
+      enable = true;
+      flakePath = "/home/julian/.dotfiles";
+    };
   };
 
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
   services.blueman.enable = true;
   services.upower.enable = true;
 
   programs.steam.enable = true;
 
   # TODO: not working
-  services.logind.lidSwitch = "lock";
-  services.logind.lidSwitchDocked = "lock";
+  # services.logind.lidSwitch = "lock";
+  # services.logind.lidSwitchDocked = "lock";
 
   programs.kdeconnect.enable = true;
 

hosts/builder/default.nix

@@ -9,46 +9,31 @@
   imports = [
     ./hardware-configuration.nix
 
-    ../common/global
+    ../common/global/fish.nix # fish for admin
+    ../common/global/locale.nix
+    ../common/global/nix.nix
+    ../common/global/sops.nix
+    ../common/global/root.nix
   ];
 
-  # hardware.graphics = {
-  #   enable = true;
-  #   extraPackages = with pkgs; [
-  #     rocmPackages.clr.icd
-  #     linuxPackages.amdgpu-pro
-  #   ];
-  # };
-
-  # boot.kernelParams = [
-  #   "radeon.si_support=0"
-  #   "radeon.cik_support=1"
-  #   "amdgpu.si_support=0"
-  #   "amdgpu.cik_support=1"
-  # ];
-  # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ];
-  # boot.blacklistedKernelModules = [ "radeon" ];
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-
-  # Emulated systems used as alternative to cross-compiling
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
-
   networking.hostName = "builder";
+  system.stateVersion = "23.11";
 
-  modules = {
-    keymap.enable = true;
-    locales.enable = true;
-    sops.enable = true;
-  };
+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "192.168.3.252"
+    "172.30.20.10"
+    "1.1.1.1"
+  ];
 
+  users.mutableUsers = false;
   users.users.nix = {
     isNormalUser = true;
     description = "Nix";
     extraGroups = [
       "networkmanager"
       "wheel"
+      "docker"
     ];
   };
 
@@ -62,14 +47,33 @@
     substituters = [
       "https://nix-community.cachix.org"
       "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
     ];
-    trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
 
     trusted-users = ["nix"];
     max-jobs = "auto";
     cores = 0;
+
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
   };
 
+  # system.autoUpgrade = {
+  #   enable = true;
+  #   flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
+  #   flags = [
+  #     "--recreate-lock-file" # update lock file
+  #   ];
+  #   dates = "02:13";
+  # };
+
   # optimize store by hardlinking store files
   nix.optimise.automatic = true;
   nix.optimise.dates = ["03:15"];
@@ -87,17 +91,6 @@
     max-free = ${toString (100 * 1024 * 1024 * 1024)}
   '';
 
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    mc
-
-    # # AMD GPU tools
-    # pciutils
-    # nvtopPackages.amd
-    # linuxPackages.amdgpu-pro
-  ];
-
   nix.nrBuildUsers = 64;
 
   # prevent memory to get filled
@@ -126,9 +119,28 @@
   services.openssh = {
     enable = true;
     # require public key authentication for better security
-    settings.PasswordAuthentication = true;
+    settings.PasswordAuthentication = false;
     settings.KbdInteractiveAuthentication = false;
     settings.PermitRootLogin = "yes";
+    # Add older algorithms for jenkins ssh-agents-plugin to be compatible
+    settings.Macs = [
+      "hmac-sha2-512-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+      "umac-128-etm@openssh.com"
+      "hmac-sha2-512"
+      "hmac-sha2-256"
+      "umac-128@openssh.com"
+    ];
+    settings.KexAlgorithms = [
+      "diffie-hellman-group-exchange-sha1"
+      "diffie-hellman-group14-sha1"
+      "mlkem768x25519-sha256"
+      "sntrup761x25519-sha512"
+      "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      "diffie-hellman-group-exchange-sha256"
+    ];
   };
   users.users."root".openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
@@ -226,7 +238,16 @@
     url = "https://gitlab.julian-mutter.de";
     name = "builder";
     tokenFile = config.sops.secrets."gitea_token".path;
-    labels = []; # use default labels
+    labels = [
+      # provide a debian base with nodejs for actions
+      "debian-latest:docker://node:18-bullseye"
+      # fake the ubuntu name, because node provides no ubuntu builds
+      "ubuntu-latest:docker://node:18-bullseye"
+      # devenv
+      "devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
+      # provide native execution on the host
+      "nixos:host"
+    ];
   };
 
   virtualisation.docker.enable = true;
@@ -240,7 +261,7 @@
 
   sops.secrets."gitea_token" = {
     owner = config.users.users.nix.name;
-    sopsFile = ../../../secrets/secrets-builder.yaml;
+    sopsFile = ./secrets.yaml;
   };
 
   # =========== Binary Cache ==========
@@ -250,7 +271,7 @@
   };
 
   # =========== Binary Cache with attic ==========
-  sops.secrets."attic_token".sopsFile = ../../../secrets/secrets-builder.yaml;
+  sops.secrets."attic_token".sopsFile = ./secrets.yaml;
 
   services.atticd = {
     enable = true;
@@ -285,7 +306,40 @@
     };
   };
 
-  # ======================== DO NOT CHANGE THIS ========================
-  system.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
+  services.gitlab-runner.enable = true;
+  # runner for everything else
+  #
+  sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
+  services.gitlab-runner.services.default = {
+    # File should contain at least these two variables:
+    authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
+    dockerImage = "alpine:latest";
+    dockerVolumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+
+  ### Jenkins node
+  users.users.jenkins = {
+    createHome = true;
+    home = "/var/lib/jenkins";
+    group = "jenkins";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
+    ];
+    packages = with pkgs; [
+      git
+      devenv
+    ];
+    extraGroups = [
+      "docker"
+    ];
+  };
+
+  users.groups.jenkins = {};
+  programs.java = {
+    enable = true;
+    package = pkgs.jdk21; # Same as jenkins version on home
+  };
 }

hosts/builder/hardware-configuration.nix

@@ -1,15 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
-
+{lib, ...}: {
   boot.initrd.availableKernelModules = [
     "ata_piix"
     "uhci_hcd"
@@ -35,4 +24,27 @@
   # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  # hardware.graphics = {
+  #   enable = true;
+  #   extraPackages = with pkgs; [
+  #     rocmPackages.clr.icd
+  #     linuxPackages.amdgpu-pro
+  #   ];
+  # };
+
+  # boot.kernelParams = [
+  #   "radeon.si_support=0"
+  #   "radeon.cik_support=1"
+  #   "amdgpu.si_support=0"
+  #   "amdgpu.cik_support=1"
+  # ];
+  # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ];
+  # boot.blacklistedKernelModules = [ "radeon" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  # Emulated systems used as alternative to cross-compiling
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
 }

hosts/common/global/auto-upgrade.nix

@@ -0,0 +1,16 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  system.hydraAutoUpgrade = {
+    # Only enable if not dirty
+    enable = inputs.self ? rev;
+    dates = "*:0/10"; # Every 10 minutes
+    instance = "http://hydra.julian-mutter.de";
+    project = "dotfiles";
+    jobset = "main";
+    job = "hosts.${config.networking.hostName}";
+    oldFlakeRef = "self";
+  };
+}

hosts/common/global/default.nix

@@ -2,6 +2,8 @@
 {
   inputs,
   outputs,
+  pkgs,
+  lib,
   ...
 }: {
   imports =
@@ -22,13 +24,26 @@
   hardware.enableRedistributableFirmware = true;
 
   # Networking
-  networking.networkmanager.enable = true;
+  networking.networkmanager = {
+    enable = true;
+    plugins = with pkgs; [
+      networkmanager-openconnect
+    ];
+  };
   services.resolved.enable = true;
+  # MDNS Taken by avahi
+  services.resolved.extraConfig = ''
+    MulticastDNS=false
+  '';
 
-  programs.dconf.enable = true;
+  networking.nameservers = lib.mkDefault [
+    "1.1.1.1"
+    "8.8.8.8"
+  ];
 
-  # HM
-  home-manager.useGlobalPkgs = true;
+  # HM module
+  home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+  home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
   home-manager.extraSpecialArgs = {
     inherit inputs outputs;
   };

hosts/common/global/nix.nix

@@ -2,12 +2,14 @@
   lib,
   outputs,
   ...
-}: {
+}:
+{
   # Apply overlays
   nixpkgs = {
     # TODO: apply this to hm and nixos without duplicate code
     overlays = builtins.attrValues outputs.overlays;
     config = {
+      nvidia.acceptLicense = true;
       allowUnfree = true;
       allowUnfreePredicate = _: true; # TODO: what is this
       warn-dirty = false;
@@ -17,7 +19,9 @@
     };
   };
 
-  nix.settings.auto-optimise-store = lib.mkDefault true;
+  # optimize at every build, slows down builds
+  # better to do optimise.automatic for regular optimising
+  # nix.settings.auto-optimise-store = lib.mkDefault true;
   nix.settings.experimental-features = [
     "nix-command"
     "flakes"
@@ -25,31 +29,14 @@
   ];
   # warn-dirty = false;
 
-  # Setup binary caches
-  nix.settings = {
-    substituters = [
-      "https://nix-community.cachix.org"
-      "https://cache.nixos.org/"
-      "https://hyprland.cachix.org"
-      "http://binarycache.julian-mutter.de"
-    ];
-    trusted-public-keys = [
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
-    ];
-
-    trusted-users = [
-      "root"
-      "@wheel"
-    ]; # needed for devenv to add custom caches
-  };
-
   nix.gc = {
     automatic = true;
     dates = "weekly";
-    # Keep the last 3 generations
-    options = "--delete-older-than +3";
+    options = "--delete-older-than 30d";
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = [ "weekly" ]; # Optional; allows customizing optimisation schedule
   };
 
   programs.nix-ld.enable = true;

hosts/common/global/sops.nix

@@ -13,9 +13,9 @@ in {
     sshKeyPaths = map getKeyPath keys;
 
     # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
-    keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # keyFile = "/home/julian/.config/sops/age/keys.txt";
     # Generate key if none of the above worked. With this, building will still work, just without secrets
-    generateKey = true;
+    generateKey = false; # TODO: building should not work without secrets!?
   };
 
   sops.defaultSopsFile = ../secrets.yaml;

hosts/common/optional/authentication.nix

@@ -1,8 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: {
   # Make programs like nextcloud client access saved passwords
-  programs.seahorse.enable = true;
   services.gnome.gnome-keyring.enable = true;
 
+  programs.seahorse.enable = true;
+  programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+
   # Make authentication work for e.g. gparted
   security.polkit.enable = true;
   systemd = {

hosts/common/optional/avahi.nix

@@ -3,7 +3,10 @@
   services.avahi = {
     enable = true;
     nssmdns4 = true;
+    nssmdns6 = true;
     publish.enable = true;
     publish.addresses = true;
+    ipv4 = true;
+    ipv6 = true;
   };
 }

hosts/common/optional/binarycaches.nix

@@ -0,0 +1,31 @@
+{
+  lib,
+  outputs,
+  ...
+}: {
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "http://binarycache.julian-mutter.de"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+    ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ]; # needed for devenv to add custom caches
+
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
+  };
+}

hosts/common/optional/greetd.nix

@@ -1,26 +1,9 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
+{config, ...}: let
   homeCfgs = config.home-manager.users;
-  homeSharePaths = lib.mapAttrsToList (_: v: "${v.home.path}/share") homeCfgs;
-  vars = ''XDG_DATA_DIRS="$XDG_DATA_DIRS:${lib.concatStringsSep ":" homeSharePaths}" GTK_USE_PORTAL=0'';
-
   julianCfg = homeCfgs.julian;
-
-  sway-kiosk = command: "${lib.getExe pkgs.sway} --unsupported-gpu --config ${pkgs.writeText "kiosk.config" ''
-    output * bg #000000 solid_color
-    xwayland disable
-    input "type:touchpad" {
-      tap enabled
-    }
-    exec '${vars} ${command}; ${pkgs.sway}/bin/swaymsg exit'
-  ''}";
 in {
   users.extraUsers.greeter = {
-    # For caching and such
+    # For caching
     home = "/tmp/greeter-home";
     createHome = true;
   };
@@ -33,13 +16,22 @@ in {
     cursorTheme = {
       inherit (julianCfg.gtk.cursorTheme) name package;
     };
+    cageArgs = [
+      "-s"
+      "-m"
+      "last"
+    ]; # multimonitor use last monitor
     # settings.background = {
     #   path = julianCfg.wallpaper;
     #   fit = "Cover";
     # }; # TODO: fix
-  };
-  services.greetd = {
-    enable = true;
-    settings.default_session.command = sway-kiosk (lib.getExe config.programs.regreet.package);
+
+    # TODO: setting keyboard language does not work
+    # settings = {
+    #   env = {
+    #     XKB_DEFAULT_LAYOUT = "de";
+    #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+    #   };
+    # };
   };
 }

hosts/common/optional/hyprland.nix

@@ -1,13 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}: {
-  programs.hyprland.enable = true;
-  programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.hyprland; # does only work with nixos-unstable
-  programs.hyprland.xwayland.enable = true;
-  security.pam.services.hyprlock = {};
-  services.displayManager.defaultSession = "hyprland";
-}

hosts/common/optional/openssh.nix

@@ -13,7 +13,7 @@ in {
       PasswordAuthentication = false;
       PermitRootLogin = "no";
 
-      # TODO: what does this d
+      # TODO: what does this do
       # Let WAYLAND_DISPLAY be forwarded
       AcceptEnv = "WAYLAND_DISPLAY";
       X11Forwarding = true;
@@ -34,7 +34,7 @@ in {
   #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
   #     extraHostNames =
   #       [
-  #         "${hostname}.m7.rs"
+  #         # "${hostname}.m7.rs"
   #       ]
   #       ++
   #         # Alias for localhost if it's the same host

hosts/common/optional/pcmanfm.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [
     shared-mime-info # extended mimetype support
-    lxde.lxmenu-data # open with "Installed Applications"
+    lxmenu-data # open with "Installed Applications"
     pcmanfm
   ];
 

hosts/common/optional/pipewire.nix

@@ -3,6 +3,7 @@
   services.pulseaudio.enable = false;
   services.pipewire = {
     enable = true;
+    wireplumber.enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
@@ -14,6 +15,14 @@
           "module.x11.bell" = false;
         };
       };
+      "10-increase-buffer" = {
+        "context.properties" = {
+          "default.clock.rate" = 48000;
+          "default.clock.quantum" = 1024;
+          "default.clock.min-quantum" = 1024;
+          "default.clock.max-quantum" = 2048;
+        };
+      };
     };
   };
 }

hosts/common/optional/wireguard.nix

@@ -6,6 +6,7 @@
     };
     comu = {
       configFile = "/etc/wireguard/comu.conf";
+      autostart = false;
     };
   };
 }

hosts/common/secrets.yaml

@@ -14,29 +14,38 @@ sops:
         - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY3lFZlIyRnZOMzNQdnJ2
-            Z0xQQnY1eHFYekVMV3M0UE5hK2xkbStveFRnCncwVVduSEFFQkpwME5XQzF2Z0tK
-            MnhFQ3ZZMk51aGJHUmJFbHA4d1dmdkEKLS0tIHBkVEhaZEY5ZGtYcXRkZzREa0xR
-            eUNsNjE2VS9MTjNtYWluUjJhYXVuTmcKq175s9vx1tPVS+voO+HSkyaT+GbjC/Z+
-            PyKVKyqFAJCRcNP2byaFgAHjXtDFZdipt/0lbw+4UfHrZGpn+9B59Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
+            WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
+            bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
+            WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
+            52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRmxCNUE4MTdZNWlOcmxX
-            RmhDS2NpQ0hoWG83SDlIeVhXaFdxNE4yTUVzCkRxS3M5aU5mdWZkYnpNeC9YR3BX
-            N1NEdzlyTm9YT3NQSnowWTZUc1FvYWsKLS0tICs2OVo2djNjUW0yOG41ZTJQeFFB
-            djFENU5USG1QSnRVdlErN1h5bXJhYzQKPDvAHIMR/vT47zbeK3NsS+jSl4HSFRIA
-            NbSKwTbEGn963metTh4HJItdWBAOyiCc3l1Ye49ms9JhYM8n4wHLRQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
+            akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
+            M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
+            aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
+            86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+        - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeHJ3NmMzaTh0Zm13Vm1r
-            RmNtMi9FYmJGUmxXeEppM3Fnazl1NTl3ajJjCjFrbXM4WGdOV05qckhkbjlSODZR
-            a0VuakllVTdOc2Uxd3BqRmtsN3NJdHcKLS0tIHRRMXFEcWNZOFE4dFJycGdGTzdP
-            WittUTFFNU5kUWdGcncwdWRQSi9STTgK3GuwolsItCEt3Dh5Lycb8TjfaHTuV/JB
-            P2KSuVsbgjYuCJSknYmSZ+9gdTYC8cVqDnKo7HYFNrCDHZ0P4QwGSg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
+            WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
+            MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
+            ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
+            zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
+            TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
+            UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
+            VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
+            AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-04-23T07:00:17Z"
     mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]

hosts/common/users/julian/default.nix

@@ -17,18 +17,22 @@ in {
       "networkmanager"
       "wheel"
       "audio"
+      "realtime"
+      "rtkit"
       "network"
       "video"
       "podman"
       "docker"
       "git"
       "gamemode"
+      "dialout"
     ];
 
     openssh.authorizedKeys.keys = lib.splitString "\n" (
       builtins.readFile ../../../../homes/julian/ssh.pub
     );
-    hashedPasswordFile = config.sops.secrets.julian-password.path;
+    # hashedPasswordFile = config.sops.secrets.julian-password.path;
+    hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
     packages = [pkgs.home-manager];
   };
   users.groups.julian = {

hosts/common/users/pob/default.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.pob = {
+    description = "A helper user to use another profile for some applications";
+    group = "pob";
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "networkmanager"
+    ];
+    packages = with pkgs; [
+      firefox
+      wineWowPackages.stable # 32-bit and 64-bit wine
+      winetricks
+    ];
+  };
+  users.groups.pob = {};
+
+  security.sudo.extraConfig = ''
+    julian ALL=(pob) NOPASSWD: ALL
+  '';
+}

hosts/common/users/wolfi/default.nix

@@ -0,0 +1,30 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.wolfi = {
+    description = "Wolfi";
+    group = "wolfi";
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "networkmanager"
+      "wheel"
+      "audio"
+      "network"
+      "video"
+      "podman"
+      "docker"
+      "git"
+      "gamemode"
+    ];
+
+    hashedPassword = "$y$j9T$ifzWjoZaRtPUOOfMYnbJ20$uFOO1EyDApL52vRUicZYgupaTA/a6sGNUj3imZ/lcb6";
+    packages = [pkgs.home-manager];
+  };
+  users.groups.wolfi = {};
+}

hosts/common/users/yukari/default.nix

@@ -0,0 +1,97 @@
+{
+  pkgs,
+  config,
+  lib,
+  outputs,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.yukari = {
+    description = "Yukari";
+    group = "yukari";
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "networkmanager"
+      "audio"
+      "network"
+      "video"
+      "podman"
+      "docker"
+      "git"
+      "gamemode"
+    ];
+
+    createHome = true;
+    hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
+    packages = [pkgs.home-manager];
+  };
+  users.groups.yukari = {};
+
+  home-manager.users.yukari = {
+    imports =
+      [
+        ../../../../homes/julian/features/fonts
+        ../../../../homes/julian/features/suites/cli
+      ]
+      ++ (builtins.attrValues outputs.homeManagerModules);
+
+    home = {
+      username = lib.mkDefault "yukari";
+      homeDirectory = lib.mkDefault "/home/${config.home.username}";
+      stateVersion = lib.mkDefault "23.11";
+
+      sessionPath = ["$HOME/.local/bin"];
+
+      packages = with pkgs; [
+        arandr
+        calibre # ebook manager and viewer
+        # digikam
+        discord
+        discord-ptb # in case discord updates take their time
+        # dvdisaster
+        # element-desktop
+        # rocketchat-desktop
+        thunderbird
+        telegram-desktop # telegram
+        # schildichat-desktop # not updated regularly
+        nheko
+        evince # Simple pdf reader, good for focusing on document content
+        firefox
+        vivaldi
+        # geogebra
+        cheese
+        handbrake
+        # kitty # Terminal, already available as feature
+        libnotify
+        libreoffice
+        mate.engrampa
+        nomacs # Image viewer
+        kdePackages.okular # Pdf reader with many features, good for commenting documents
+        pavucontrol
+        qalculate-gtk # Nice gui calculator
+        qpdfview
+        # qutebrowser
+        # realvnc-vnc-viewer
+        # rustdesk
+        tor-browser
+        # frajul.pob-dev-version # Path of Building
+        vlc
+        wineWowPackages.stable # 32-bit and 64-bit wine
+        winetricks
+        xclip # x11 clipboard access from terminal
+        xfce.mousepad # simple text editor
+        xournalpp # Edit pdf files
+        zoom-us # Video conferencing
+        zotero # Manage papers and other sources
+        pdfpc # Present slides in pdf form
+      ];
+    };
+    programs = {
+      home-manager.enable = true;
+      git.enable = true;
+    };
+  };
+}

hosts/kardorf/default.nix

@@ -1,10 +1,14 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   imports = [
     ./hardware-configuration.nix
 
     ../common/global
     ../common/users/julian
+    ../common/users/wolfi
+    ../common/optional/binarycaches.nix
 
+    # ../common/optional/xserver.nix
     ../common/optional/remote-builder.nix
     ../common/optional/boot-efi.nix
 
@@ -13,6 +17,13 @@
     ../common/optional/pcmanfm.nix
     ../common/optional/pipewire.nix
 
+    ../common/optional/virtualbox.nix
+
+    # ../common/optional/gdm.nix
+    # ../common/optional/i3.nix
+
+    ../common/optional/openssh.nix
+
     ../common/optional/podman.nix
     ../common/optional/flatpak.nix
   ];
@@ -20,12 +31,20 @@
   networking.hostName = "kardorf";
   system.stateVersion = "22.11";
 
-  services.xserver.videoDrivers = ["nvidia"];
+  # Not using the drivers leads to way better results
+  # services.xserver.videoDrivers = [ "nvidia" ];
+
+  networking.networkmanager.insertNameservers = [ "192.168.3.252" ];
 
   programs.kdeconnect.enable = true;
 
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
   # Enable CUPS to print documents.
   services.printing.enable = true;
   services.printing.browsing = true;
-  services.printing.drivers = with pkgs; [gutenprint];
+  services.printing.drivers = with pkgs; [ gutenprint ];
+
+  services.libinput.enable = true;
 }