update flake

.sops.yaml

@@ -1,7 +1,7 @@
 keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-  - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
   - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
   - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
 
@@ -20,7 +20,7 @@ creation_rules:
       - *primary
       - *builder-ssh
 
-  - path_regex: hosts/pianonix/secrets.yaml$
+  - path_regex: hosts/pianonix/secrets*
     key_groups:
     - age:
       - *primary

Readme.org

@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
 ** Authorize new device
 - Generate public key from ssh -> Private age key generation not needed
 #+begin_src sh
-ssh-to-age < /etc/ssh/ssh_host_ed25519_key
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
 #+end_src
 - Add age public key to file:.sops.yaml
 - Update keys

flake.lock

@@ -38,11 +38,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1749105467,
+        "lastModified": 1756719547,
-        "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=",
+        "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "6bc76b872374845ba9d645a2f012b764fecd765f",
+        "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2",
         "type": "github"
       },
       "original": {
@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753140376,
+        "lastModified": 1760701190,
-        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
+        "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
+        "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
         "type": "github"
       },
       "original": {
@@ -111,11 +111,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753121425,
+        "lastModified": 1759362264,
-        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
         "type": "github"
       },
       "original": {
@@ -203,15 +203,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1753470191,
+        "lastModified": 1758463745,
-        "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=",
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -245,16 +246,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1748294338,
+        "lastModified": 1754860581,
-        "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
+        "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
         "owner": "NuschtOS",
         "repo": "ixx",
-        "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
+        "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
         "type": "github"
       },
       "original": {
         "owner": "NuschtOS",
-        "ref": "v0.0.8",
+        "ref": "v0.1.1",
         "repo": "ixx",
         "type": "github"
       }
@@ -348,11 +349,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753455814,
+        "lastModified": 1754476755,
-        "narHash": "sha256-c78Dm4hxF9z1grjKbkKPvkOccIIxIl+optGRL0UDnf4=",
+        "narHash": "sha256-vSF0VMEmPMzwNkrXIZwkhOSYmKES9BaDK/LlEe7/q8E=",
         "owner": "doronbehar",
         "repo": "nix-matlab",
-        "rev": "550d8ad0c21c63991e873bf4dcfe3d69adc1a2f1",
+        "rev": "0e9c9fb660f9e1a1e4d59fd083e0212a15b513e2",
         "type": "gitlab"
       },
       "original": {
@@ -361,13 +362,49 @@
         "type": "gitlab"
       }
     },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1751903740,
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1753122741,
+        "lastModified": 1760958188,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
         "type": "github"
       },
       "original": {
@@ -407,18 +444,18 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
+    "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1751274312,
+        "lastModified": 1760878510,
-        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
+        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
+        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.11",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -437,16 +474,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1753250450,
+        "lastModified": 1760862643,
-        "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
+        "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
+        "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -461,15 +498,16 @@
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1753487377,
+        "lastModified": 1760795571,
-        "narHash": "sha256-dEr3pYtC4/1PhP5ADIV8Fjjmxv6WC6UisQAUqtwdews=",
+        "narHash": "sha256-gi+tWWAknKuTNso3yMeKsT9nj0jx+tuYF7g7nmLUWT8=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "3d09c8eaceb7a78ef9f5568024da1616f00c33e3",
+        "rev": "6c945865ba5de87fa2d0dd8a0e66ca572ddf9043",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "nixos-25.05",
         "repo": "nixvim",
         "type": "github"
       }
@@ -484,11 +522,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753385846,
+        "lastModified": 1760652422,
-        "narHash": "sha256-XDu9T2o6Rxe0acpchwQ2aXaRfE/uEYALpVbf+9QDEO4=",
+        "narHash": "sha256-C88Pgz38QIl9JxQceexqL2G7sw9vodHWx1Uaq+NRJrw=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "5c7e4eff303cba8447ffb443522b3c72bc47a9ba",
+        "rev": "3ebeebe8b6a49dfb11f771f761e0310f7c48d726",
         "type": "github"
       },
       "original": {
@@ -507,9 +545,10 @@
         "nix-colors": "nix-colors",
         "nix-gl": "nix-gl",
         "nix-matlab": "nix-matlab",
+        "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
-        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "nixvim": "nixvim",
         "sheet-organizer": "sheet-organizer",
         "sops-nix": "sops-nix",
@@ -546,11 +585,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752544651,
+        "lastModified": 1760998189,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
         "type": "github"
       },
       "original": {
@@ -685,11 +724,11 @@
     "yazi-flavors": {
       "flake": false,
       "locked": {
-        "lastModified": 1751970029,
+        "lastModified": 1761030755,
-        "narHash": "sha256-RtunaCs1RUfzjefFLFu5qLRASbyk5RUILWTdavThRkc=",
+        "narHash": "sha256-0CZrJ1f5lDY75XF5eR6m4hbg973pTZoAxzJKMCv+hag=",
         "owner": "yazi-rs",
         "repo": "flavors",
-        "rev": "d3fd3a5d774b48b3f88845f4f0ae1b82f106d331",
+        "rev": "f9ae9f271812628191c67f3f6801c52bce5a96d0",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,16 +2,21 @@
   description = "Home Manager configuration of julian";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
     systems.url = "github:nix-systems/default-linux";
     nixos-hardware.url = "github:nixos/nixos-hardware";
     impermanence.url = "github:nix-community/impermanence";
     nix-colors.url = "github:misterio77/nix-colors";
     deploy-rs.url = "github:serokell/deploy-rs";
 
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     sops-nix = {
@@ -33,7 +38,7 @@
       flake = false;
     };
     nixvim = {
-      url = "github:nix-community/nixvim";
+      url = "github:nix-community/nixvim/nixos-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-matlab = {
@@ -84,7 +89,7 @@
 
     packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
     devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+    formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
 
     nixosConfigurations = {
       # Main laptop
@@ -183,5 +188,15 @@
         };
       };
     };
+
+    # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
+    pianonix-image = inputs.nixos-generators.nixosGenerate {
+      system = "aarch64-linux";
+      format = "sd-aarch64";
+      modules = [./hosts/pianonix];
+      specialArgs = {
+        inherit inputs outputs;
+      };
+    };
   };
 }

homes/julian/features/hyprland/default.nix

@@ -24,7 +24,7 @@ in {
     ./zathura.nix
     ./waypipe.nix
 
-    ./hyprbars.nix
+    # ./hyprbars.nix
   ];
 
   xdg.portal = {

homes/julian/features/neovim/default.nix

@@ -36,6 +36,8 @@
     opts = {
       number = false;
       relativenumber = false;
+      ignorecase = true;
+      smartcase = true;
     };
     clipboard.register = "unnamedplus"; # Use system clipboard
 

homes/julian/features/suites/desktop/default.nix

@@ -22,6 +22,7 @@
     calibre # ebook manager and viewer
     # digikam
     discord
+    discord-ptb # in case discord updates take their time
     # dvdisaster
     # element-desktop
     # rocketchat-desktop
@@ -31,6 +32,7 @@
     nheko
     evince # Simple pdf reader, good for focusing on document content
     firefox
+    vivaldi
     # geogebra
     cheese
     handbrake
@@ -61,8 +63,12 @@
     zotero # Manage papers and other sources
     pdfpc # Present slides in pdf form
 
+    networkmanager-openvpn
+    keepassxc
+
     ## My scripts
     frajul.open-messaging
     frajul.xwacomcalibrate
+    frajul.pob2-frajul
   ];
 }

homes/julian/pianonix.nix

@@ -14,8 +14,8 @@
   is-nixos = true;
   terminal = "wezterm";
 
-  services.syncthing.tray.enable = true;
+  # services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+  # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
 
   home.packages = with pkgs; [
     music-reader
@@ -27,9 +27,33 @@
     onboard
   ];
 
+  programs.firefox = {
+    enable = true;
+
+    profiles.default = {
+      isDefault = true;
+
+      settings = {
+        "browser.startup.homepage" = "https://sheets.julian-mutter.de";
+        "browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
+      };
+    };
+  };
+
+  programs.chromium = {
+    enable = true;
+
+    # commandLineArgs = [
+    #   "--homepage=https://sheets.julian-mutter.de"
+    #   "--no-first-run"
+    # ];
+  };
+
   # Autostart link
   home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    # ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
+    ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
     ".config/sheet-organizer/config.toml".text = ''
       working_directory = "/home/julian/Klavier"
     '';

hosts/aspi/default.nix

@@ -5,6 +5,7 @@
     ../common/global
     ../common/users/julian
     ../common/users/yukari
+    ../common/users/pob
     ../common/optional/binarycaches.nix
 
     ../common/optional/remote-builder.nix
@@ -19,7 +20,7 @@
     ../common/optional/virtualbox.nix
 
     ../common/optional/podman.nix
-    ../common/optional/wireguard.nix
+    # ../common/optional/wireguard.nix
     ../common/optional/flatpak.nix
 
     ../common/optional/avahi.nix

hosts/builder/default.nix

@@ -1,16 +1,32 @@
 # sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
 # or
 # deploy .#builder
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ./hardware-configuration.nix
 
-    ../common/global
+    ../common/global/fish.nix # fish for admin
+    ../common/global/locale.nix
+    ../common/global/nix.nix
+    ../common/global/sops.nix
+    ../common/global/root.nix
   ];
 
   networking.hostName = "builder";
   system.stateVersion = "23.11";
 
+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "192.168.3.252"
+    "172.30.20.10"
+    "1.1.1.1"
+  ];
+
+  users.mutableUsers = false;
   users.users.nix = {
     isNormalUser = true;
     description = "Nix";
@@ -32,10 +48,13 @@
       "https://nix-community.cachix.org"
       "https://cache.nixos.org/"
       "https://hyprland.cachix.org"
+      "https://devenv.cachix.org"
     ];
     trusted-public-keys = [
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
     ];
 
     trusted-users = ["nix"];
@@ -46,14 +65,14 @@
     fallback = true;
   };
 
-  system.autoUpgrade = {
+  # system.autoUpgrade = {
-    enable = true;
+  #   enable = true;
-    flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
+  #   flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
-    flags = [
+  #   flags = [
-      "--recreate-lock-file" # update lock file
+  #     "--recreate-lock-file" # update lock file
-    ];
+  #   ];
-    dates = "02:13";
+  #   dates = "02:13";
-  };
+  # };
 
   # optimize store by hardlinking store files
   nix.optimise.automatic = true;
@@ -100,9 +119,28 @@
   services.openssh = {
     enable = true;
     # require public key authentication for better security
-    settings.PasswordAuthentication = true;
+    settings.PasswordAuthentication = false;
     settings.KbdInteractiveAuthentication = false;
     settings.PermitRootLogin = "yes";
+    # Add older algorithms for jenkins ssh-agents-plugin to be compatible
+    settings.Macs = [
+      "hmac-sha2-512-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+      "umac-128-etm@openssh.com"
+      "hmac-sha2-512"
+      "hmac-sha2-256"
+      "umac-128@openssh.com"
+    ];
+    settings.KexAlgorithms = [
+      "diffie-hellman-group-exchange-sha1"
+      "diffie-hellman-group14-sha1"
+      "mlkem768x25519-sha256"
+      "sntrup761x25519-sha512"
+      "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      "diffie-hellman-group-exchange-sha256"
+    ];
   };
   users.users."root".openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
@@ -200,7 +238,16 @@
     url = "https://gitlab.julian-mutter.de";
     name = "builder";
     tokenFile = config.sops.secrets."gitea_token".path;
-    labels = []; # use default labels
+    labels = [
+      # provide a debian base with nodejs for actions
+      "debian-latest:docker://node:18-bullseye"
+      # fake the ubuntu name, because node provides no ubuntu builds
+      "ubuntu-latest:docker://node:18-bullseye"
+      # devenv
+      "devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
+      # provide native execution on the host
+      "nixos:host"
+    ];
   };
 
   virtualisation.docker.enable = true;
@@ -271,4 +318,28 @@
       "/var/run/docker.sock:/var/run/docker.sock"
     ];
   };
+
+  ### Jenkins node
+  users.users.jenkins = {
+    createHome = true;
+    home = "/var/lib/jenkins";
+    group = "jenkins";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
+    ];
+    packages = with pkgs; [
+      git
+      devenv
+    ];
+    extraGroups = [
+      "docker"
+    ];
+  };
+
+  users.groups.jenkins = {};
+  programs.java = {
+    enable = true;
+    package = pkgs.jdk21; # Same as jenkins version on home
+  };
 }

hosts/common/global/default.nix

@@ -3,6 +3,7 @@
   inputs,
   outputs,
   pkgs,
+  lib,
   ...
 }: {
   imports =
@@ -31,7 +32,10 @@
   };
   services.resolved.enable = true;
 
-  programs.dconf.enable = true;
+  networking.nameservers = lib.mkDefault [
+    "1.1.1.1"
+    "8.8.8.8"
+  ];
 
   # HM
   home-manager.useGlobalPkgs = true;

hosts/common/optional/binarycaches.nix

@@ -10,11 +10,14 @@
       "https://cache.nixos.org/"
       "https://hyprland.cachix.org"
       "http://binarycache.julian-mutter.de"
+      "https://devenv.cachix.org"
     ];
     trusted-public-keys = [
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
       "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
     ];
 
     trusted-users = [

hosts/common/optional/pipewire.nix

@@ -3,6 +3,7 @@
   services.pulseaudio.enable = false;
   services.pipewire = {
     enable = true;
+    wireplumber.enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
@@ -14,6 +15,14 @@
           "module.x11.bell" = false;
         };
       };
+      "10-increase-buffer" = {
+        "context.properties" = {
+          "default.clock.rate" = 48000;
+          "default.clock.quantum" = 1024;
+          "default.clock.min-quantum" = 1024;
+          "default.clock.max-quantum" = 2048;
+        };
+      };
     };
   };
 }

hosts/common/secrets.yaml

@@ -14,38 +14,38 @@ sops:
         - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxV2IzcEZ6eGYxbXAvaEta
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
-            c3RLbmZubnVEL1EwSlNNY3ZNbkVSUXN5ZDBZClRTYWwzbHhDK1VsMzVVL0VMVzZF
+            WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
-            SEQ0ZHVMdytrY0xXUEppQkpNZEZ3VFkKLS0tIG95ZkJLWTZBWWpIOEQ4bHpBNWEx
+            bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
-            QXVpMTNSNzU1dTBPYjlsc1BvNHZ3dDgKMHrT9DCC5W6UwC1Mfq6YCwkvZtDs3I7j
+            WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
-            vKlnanFp8hMMyYONRVlkvh+vOGQdbgXco4Z5nr02LQDu6Rwm4jSp9g==
+            52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpqclVmVHR3M1ZvMDZ0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
-            eEtrbnhpTW5uZlhOYWFxbktxcTJ3bXZISkhzClpud2tNVzUvT2N2SkRadWk5aVpE
+            akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
-            S2VkTFlIVUhFclA0WEh5cEp0Qjg3ejgKLS0tIDNXY0lpKys4Q3NBRFcya2RoSG1F
+            M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
-            YW0raHlNekdWT3p0WHpGMk9xMmgzWFUKCue4GvgmH3nJBa7ny7rqft5MuSWHqAsP
+            aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
-            5HnaAudL+rh2j1swm635QUrf9UnpUznE5NSOGrQDmA6RCBypNM4rsw==
+            86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+        - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESlZOeHY0T01ra0gwMS8z
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
-            R3c1eW45WVkyeTBuRlFMRngrb2NFL1hkcmhRCitwZ3lweXM0di9EdEdQZmF4ZUZr
+            WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
-            M1hqNkM3Q1Jrb09Kb2M0ZkhTcFZPYkkKLS0tIHpCTEFCV0JlRzQwK3hndDJ4aHVC
+            MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
-            S1o0QVlXSVl0dmlpWUQ3ZXdqUU5maTgKY4UJPx37CU5OUgkqYWlz9+0rA+dQkrH9
+            ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
-            +/kTT/2qZ2Op67WKtlas7arC7BjU8uygM208q+nr48Lic5n1fMtnXA==
+            zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYkdwSy9vc0lEWXJIdWRw
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
-            VmJ2NStaZDVxaG1LNU1NQlErdElPdkQvY3pjCkJyL1BRR2w1dmpqYnk5Tys3eHpX
+            TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
-            c0FJdzA1bU5GWWhrUWhOK1Jqa2lTaU0KLS0tIDMzMEQwL3I0ckVyYWFubU9VNlAr
+            UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
-            NlBud3VHczNnMm5wOGhHdEoxTG5CNDgK4s7cFGvUCeztjjIAWtMW7TUqFP+YEQIg
+            VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
-            So5A7DGxVsUcqarTUPazpIBBlO4n9zj79Qe+eQd6ti0EZG6sYX6+2Q==
+            AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-04-23T07:00:17Z"
     mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]

hosts/common/users/pob/default.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.pob = {
+    description = "A helper user to use another profile for some applications";
+    group = "pob";
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "networkmanager"
+    ];
+    packages = with pkgs; [
+      firefox
+      wineWowPackages.stable # 32-bit and 64-bit wine
+      winetricks
+    ];
+  };
+  users.groups.pob = {};
+
+  security.sudo.extraConfig = ''
+    julian ALL=(pob) NOPASSWD: ALL
+  '';
+}

hosts/pianonix/default.nix

@@ -22,21 +22,44 @@
     ../common/optional/pcmanfm.nix
     ../common/optional/redshift.nix
     ../common/optional/authentication.nix
+
+    ../common/optional/avahi.nix
   ];
 
   # disko.devices.disk.main.device = "/dev/mmcblk1";
 
-  # networking.wireless.enable = true;
+  # enabled by fish, disabling speeds up builds
-  # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
+  documentation.man.generateCaches = false;
-  # networking.wireless.networks = {
+
-  #   "@SSID@".psk = "@PSK@";
+  networking.enableIPv6 = false; # This only leads to issues with avahi
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true; # bluetooth gui
+  # raspberry pi specific
+  # systemd.services.btattach = {
+  #   before = [ "bluetooth.service" ];
+  #   after = [ "dev-ttyAMA0.device" ];
+  #   wantedBy = [ "multi-user.target" ];
+  #   serviceConfig = {
+  #     ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
+  #   };
   # };
+  # networking.wireless.enable = true;
+  # networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
+  # networking.wireless.networks = {
+  #   "SMARTments".pskRaw = "ext:PSK";
+  # };
+
+  # networking.networkmanager.enable = lib.mkForce false;
+
+  services.gnome.at-spi2-core.enable = true; # for onboard
+
   networking.hostName = "pianonix";
   system.stateVersion = "22.11";
 
   sops.secrets."vnc-passwd" = {
     owner = config.users.users.julian.name;
-    sopsFile = ./vnc-passwd;
+    sopsFile = ./secrets-vnc-passwd.bin;
     format = "binary";
   };
   sops.secrets."wifi/pianonix" = {};
@@ -45,6 +68,18 @@
   # sops.secrets."syncthing/public-keys/aspi-nix" = { };
   # sops.secrets."syncthing/public-keys/pianonix" = { };
 
+  sops.secrets."wg-config" = {
+    sopsFile = ./secrets-wg-config.bin;
+    format = "binary";
+  };
+
+  networking.wg-quick.interfaces = {
+    home = {
+      configFile = config.sops.secrets."wg-config".path;
+      autostart = true; # This interface is started on boot
+    };
+  };
+
   modules = {
     syncthing = {
       enable = true;
@@ -54,6 +89,7 @@
 
   # Enable the Desktop Environment.
   # services.xserver.displayManager.lightdm.enable = true;
+  services.displayManager.defaultSession = "xfce";
   services.displayManager.autoLogin = {
     enable = true;
     user = "julian";
@@ -73,10 +109,11 @@
     };
   };
 
-  boot.loader.timeout = 1; # Set boot loader timeout to 1s
+  boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
 
   # De-facto disable network manager, which is enabled by gnome
   # networking.networkmanager.unmanaged = [ "*" ];
+  services.xserver.enable = true;
   services.xserver.desktopManager = {
     xfce = {
       enable = true;

hosts/pianonix/hardware-configuration.nix

@@ -14,9 +14,15 @@
   boot.initrd.kernelModules = [];
   boot.kernelModules = [];
   boot.extraModulePackages = [];
+  boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
+  boot.supportedFilesystems = lib.mkForce [
+    # remove zfs, since its incompatible with latest kernel
+    "vfat"
+    "ext4"
+  ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    device = "/dev/disk/by-label/NIXOS_SD";
     fsType = "ext4";
   };
 

hosts/pianonix/secrets-vnc-passwd.bin

@@ -0,0 +1,19 @@
+{
+	"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEFYNThYQkpuTW10MjNM\nU3pWYmE5UnBPUzhQSTltc3hXdk9EWkg5czI0CmxnK3FuYitGci9ndnRCZms4a0lD\nOWh4alF1MEtJUis5YVNyYXRLbVppNnMKLS0tIEQ5WVVIMzlIV0pnc2ZWMnc5bjE4\nR3lpbzJiRmljcWI4SWlOS2svZVBSYnMKYIfhDjNZPDxmws3Z3P55K7V/NHiukQ0u\n00Kk603U+1JhgfJBk0Y3tMo//vKCHQj87wtZoqDLEN7Gu+ZtHhkhow==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVpBR1NPY0svSWNWYzFC\nZE1uTjZTRm9XM24wcXByajVDYUJ4Y3FmNUc0CkJMMXRtUE5mSjYwU25MYy9xNFlP\ndUNmYmJ5RVF0dG5LYjA4L1NnNEtCMVEKLS0tIFl0Slovd2NiWjg1VXJ1VDJwTWJQ\nTWFZeW1ZYisvenVycWYwZ1lkOXBaVVUKqGu6Q8IbiUAzazLKN95uAtmXJMPzx02u\nr/R8q7ugG8lX5pWX3H3P7vtBz57Oo3rWlRpUhN/4+PpijkJNUyr3XQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-12-01T16:14:57Z",
+		"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}

hosts/pianonix/secrets-wg-config.bin

@@ -0,0 +1,19 @@
+{
+	"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYTFjRnpPVDAvQ0ZHZU0v\neEduOTVockFoZGhuMmZNd0w3bVFCVUQzUlI4CmZTaktOQWxrTDNpYXlPTm9SdlZZ\nN0dURmlHVFlHSjZpbkpGb09lTmVzWm8KLS0tIDhMWlFIRWFkQjcya0hjeUdUSklB\nbWlqNlVoR1BnWG9TM0RhWnI4a0J4YUEKGWIX77EVXYFVyA2u6CkF1cGfwd4Gq0Vb\nNqrlMUYEDZ5nO/eLWsAt2kj1/YFjkGw0iI02HLRHdxQ59vFyl3CS1Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlZGdktzSGp0bzIyUjlR\nUU9LSXRrZTgxcEZwczhidWVOdGRnRFYrOVZZCmx3VzM4V2dsWmZpUWxNUG82MzU2\nT3dmQjRwdmRJbTJxVm9vQjJKU3JXSncKLS0tIFlhYy9uQW5aa1E0K3Q1RUFSQkZP\nR29sY3RCYVg5bGdqMU1uc0E3Szhmb0kKFzKHUVNDdHWfycb7xWeAyIVlC4ab7ivR\nVlfmbPAXq2THw/s4zk/ckfE5RP82a1aX4++XRa7fm5KXpI8vExjJ5A==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-10-14T06:56:31Z",
+		"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.11.0"
+	}
+}

hosts/pianonix/vnc-passwd

@@ -1,28 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-12-01T16:14:57Z",
-		"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}

modules/nixos/hydra-auto-upgrade.nix

@@ -11,7 +11,10 @@ in {
     system.hydraAutoUpgrade = {
       enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
       operation = lib.mkOption {
-        type = lib.types.enum ["switch" "boot"];
+        type = lib.types.enum [
+          "switch"
+          "boot"
+        ];
         default = "switch";
       };
       dates = lib.mkOption {

overlays/default.nix

@@ -25,11 +25,11 @@
   my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
 
   nixpkgs-stable-unstable = final: prev: {
-    unstable = import inputs.nixpkgs {
+    unstable = import inputs.nixpkgs-unstable {
       system = prev.system;
       config.allowUnfree = true;
     };
-    stable = import inputs.nixpkgs-stable {
+    stable = import inputs.nixpkgs {
       system = prev.system;
       config.allowUnfree = true;
     };

pkgs/default.nix

@@ -13,4 +13,5 @@
   pob2 = pkgs.callPackage ./pob2 {};
   wl-ocr = pkgs.callPackage ./wl-ocr {};
   rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
+  pob2-frajul = pkgs.callPackage ./pob2-frajul {};
 }

pkgs/pob2-frajul/default.nix

@@ -0,0 +1,16 @@
+{
+  writeShellApplication,
+  xhost,
+}:
+writeShellApplication {
+  name = "pob2-frajul";
+
+  runtimeInputs = [
+    xhost
+  ];
+
+  text = ''
+    xhost +
+    sudo -u pob -i sh /home/pob/pob2.sh
+  '';
+}

shell.nix

@@ -3,6 +3,9 @@
     NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
     nativeBuildInputs = with pkgs; [
       nix
+      deploy-rs # for deploy
+      nixos-generators # for nixos-generate -f iso --flake .#host
+      nh # nix helper for nice interfaces
       home-manager
       git