Start migration to using flake-parts

.sops.yaml

@@ -1,15 +1,17 @@
 keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
+  - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
   - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
   - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
 
 creation_rules:
-  - path_regex: hosts/secrets-common.yaml$
+  - path_regex: hosts/common/secrets.yaml$
     key_groups:
     - age:
       - *primary
       - *aspi-ssh
+      - *pianonix-ssh
       - *kardorf-ssh
 
   - path_regex: hosts/builder/secrets.yaml$
@@ -18,9 +20,8 @@ creation_rules:
       - *primary
       - *builder-ssh
 
-  - path_regex: features-nixos/optional/k9s/kubeconfig.secret.yaml$
+  - path_regex: hosts/pianonix/secrets*
     key_groups:
     - age:
       - *primary
-      - *aspi-ssh
-      - *kardorf-ssh
+      - *pianonix-ssh

features-home-manager/direnv/default.nix

@@ -2,6 +2,5 @@
   programs.direnv = {
     enable = true;
     nix-direnv.enable = true;
-    mise.enable = true;
   };
 }

features-home-manager/emacs/default.nix

@@ -41,7 +41,7 @@ in {
       sqlite
 
       # Code formatters for use with doom emacs
-      nixfmt # nix
+      nixfmt-rfc-style # nix
       alejandra # nix
 
       nixd # nix lsp

features-home-manager/fish/default.nix

@@ -5,7 +5,7 @@
 }:
 with lib; {
   home.file = {
-    # ".config/starship.toml".source = ./starship.toml;
+    ".config/starship.toml".source = ./starship.toml;
     ".config/fish/conf.d/last-working-dir.fish".source = ./last-working-dir.fish;
   };
 

features-home-manager/fonts/default.nix

@@ -7,8 +7,6 @@ with lib; {
   fonts.fontconfig.enable = true; # required to autoload fonts from packages
   home.packages = with pkgs; [
     nerd-fonts.fira-code
-    nerd-fonts.jetbrains-mono
-
     font-awesome
     dejavu_fonts
     noto-fonts
@@ -18,7 +16,5 @@ with lib; {
     fira-code
     fira-code-symbols
     source-code-pro
-    source-sans
-    roboto
   ];
 }

features-home-manager/ghostty/default.nix

@@ -7,7 +7,7 @@
     enable = true;
     enableFishIntegration = true;
     settings = {
-      # theme = "catppuccin-mocha";
+      theme = "catppuccin-mocha";
       font-size = 12;
     };
   };

features-home-manager/gtk/default.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (inputs.nix-colors.lib-contrib {inherit pkgs;}) gtkThemeFromScheme;
+in {
+  # Do not make conditional, just toggle things on and off
+  imports = [inputs.nix-colors.homeManagerModules.default]; # TODO: what does this do
+
+  # home.sessionVariables.GTK_THEME = "Catppuccin-Mocha-Compact-Blue-dark";
+  gtk = {
+    enable = true;
+    theme = {
+      name = inputs.nix-colors.colorschemes.${config.colorscheme.name}.slug;
+      package = gtkThemeFromScheme {
+        scheme = inputs.nix-colors.colorschemes.${config.colorscheme.name};
+      };
+    };
+    iconTheme = {
+      name = "Papirus-Dark";
+      package = pkgs.papirus-icon-theme;
+    };
+    cursorTheme = {
+      package = pkgs.apple-cursor;
+      name = "macOS";
+      size = 24;
+    };
+  };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+}

features-home-manager/hyprland/default.nix

@@ -0,0 +1,452 @@
+{
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  imports = [
+    # inputs.hyprland.homeManagerModules.default
+    ./waybar
+    ./wofi
+    ./mako
+    # ./hyprlock
+    ./wlogout
+    ../gammastep
+
+    ./swayidle.nix
+    ./swaylock.nix
+    ./zathura.nix
+    ./waypipe.nix
+
+    # ./hyprbars.nix
+  ];
+
+  xdg.portal = {
+    extraPortals = [pkgs.xdg-desktop-portal-wlr];
+    config.hyprland = {
+      default = [
+        "wlr"
+        "gtk"
+      ];
+    };
+  };
+
+  programs.imv.enable = true; # TODO: what is that
+
+  home.packages = with pkgs; [
+    hyprpicker
+    brightnessctl
+    frajul.hyprshot-gui
+    frajul.wl-ocr
+
+    wf-recorder
+    wl-clipboard
+
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))
+
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
+        builtins.concatLists (
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
+        )
+      )
+    ))
+  ];
+
+  services.cliphist = {
+    enable = true;
+  };
+
+  home.sessionVariables = {
+    MOZ_ENABLE_WAYLAND = 1;
+    QT_QPA_PLATFORM = "wayland";
+    LIBSEAT_BACKEND = "logind";
+  };
+
+  # services.hypridle = {
+  #   enable = true;
+  #   settings = {
+  #     general = {
+  #       after_sleep_cmd = "hyprctl dispatch dpms on";
+  #       ignore_dbus_inhibit = false;
+  #       lock_cmd = "hyprlock";
+  #     };
+
+  #     listener = [
+  #       {
+  #         timeout = 300; # 5min
+  #         on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+  #         on-resume = "brightnessctl -r"; # monitor backlight restore.
+  #       }
+
+  #       {
+  #         timeout = 360; # 6min
+  #         on-timeout = "hyprlock"; # lock screen when timeout has passed
+  #       }
+
+  #       {
+  #         timeout = 600; # 10min
+  #         on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
+  #         on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
+  #       }
+  #     ];
+  #   };
+  # };
+
+  # services.hypridle.enable = true; # can be configured
+
+  services.network-manager-applet.enable = true;
+
+  wayland.windowManager.hyprland = {
+    # Whether to enable Hyprland wayland compositor
+    enable = true;
+    # package = config.lib.nixGL.wrap (
+    #   pkgs.hyprland.override {
+    #     # nixgl needed?
+    #     wrapRuntimeDeps = false;
+    #   }
+    # );
+
+    systemd = {
+      enable = true;
+      # Same as default, but stop graphical-session too
+      extraCommands = lib.mkBefore [
+        "systemctl --user stop graphical-session.target"
+        "systemctl --user start hyprland-session.target"
+      ];
+      variables = [
+        "DISPLAY"
+        "HYPRLAND_INSTANCE_SIGNATURE"
+        "WAYLAND_DISPLAY"
+        "XDG_CURRENT_DESKTOP"
+      ];
+    };
+
+    # package = inputs.hyprland.packages."${pkgs.system}".hyprland; # does only work with nixos-unstable
+
+    # The hyprland package to use (simplifies use of plugins)
+    # package = inputs.hyprland.packages.${pkgs.system}.hyprland;
+    # Whether to enable XWayland
+    xwayland.enable = true;
+
+    # Optional
+    # Whether to enable hyprland-session.target on hyprland startup
+    # systemd.enable = true;
+    # Make PATH available to systemd services
+    # systemd.variables = [ "--all" ];
+
+    plugins = [
+      # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # does only work with nixos-unstable
+      # hyprlandPlugins.hyprbars
+    ];
+
+    submaps = {
+      "resize".settings = {
+        binde = [
+          ", right, resizeactive, 20"
+          ", left, resizeactive, -20 0"
+          ", up, resizeactive, 0 -20"
+          ", down, resizeactive, 0 20"
+          ", l, resizeactive, 20"
+          ", h, resizeactive, -20 0"
+          ", k, resizeactive, 0 -20"
+          ", j, resizeactive, 0 20"
+        ];
+
+        bind = [
+          ", q, submap, reset"
+          ", escape, submap, reset"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+      "open, reset".settings = {
+        bind = [
+          ", e, exec, emacs"
+          ", m, exec, open-messaging"
+          ", b, exec, firefox"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+    };
+
+    settings = {
+      "$mod" = "SUPER";
+
+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
+      # Monitors
+      monitor = ",preferred,auto,1";
+
+      # Autostart
+      exec-once = [
+        (lib.getExe pkgs.firefox)
+        (lib.getExe pkgs.waybar)
+      ];
+
+      # Look and Feel
+      general = {
+        gaps_in = 5;
+        gaps_out = 5;
+
+        layout = "dwindle";
+
+        # "col.active_border" = "0xff${palette.base0C} 0xff${palette.base0D} 270deg";
+        # "col.inactive_border" = "0xff${palette.base00}";
+      };
+
+      decoration = {
+        # power saving
+        blur.enabled = false;
+        # power saving
+        shadow.enabled = false;
+      };
+
+      # Dwindle layout
+      dwindle = {
+        pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
+        preserve_split = true; # You probably want this
+        smart_split = false;
+        smart_resizing = false;
+        force_split = 2;
+        # no_gaps_when_only = 2; # with border
+      };
+
+      # Master layout
+      master = {
+        new_status = "slave";
+        # no_gaps_when_only = 2; # with border
+        mfact = 0.5; # Do not make master bigger
+      };
+
+      animations = {
+        enabled = true;
+
+        animation = [
+          "windows,1,3,default,slide"
+          "fade,1,3,default"
+          "layers,1,3,default,slide"
+          "border,1,3,default"
+          "workspaces,1,3,default,slide"
+        ];
+      };
+
+      exec = [
+        "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "correct-workspace-locations"
+      ];
+
+      misc = {
+        # disable auto polling for config file changes
+        disable_autoreload = true;
+
+        force_default_wallpaper = 0;
+
+        vfr = true; # power saving
+      };
+
+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
+      render = {
+        # we do, in fact, want direct scanout
+        direct_scanout = true;
+      };
+
+      # Input
+      input = {
+        kb_layout = "de";
+        natural_scroll = false;
+        follow_mouse = 1;
+      };
+
+      # Window rules
+      windowrulev2 = [
+        "suppressevent maximize, class:.*"
+        "workspace 1, class:firefox"
+        "workspace 8, class:Zotero"
+        "workspace 9, class:nheko"
+        "workspace 9, class:Element"
+        "workspace 9, class:discord"
+        "workspace 9, class:org.telegram.desktop"
+        "workspace 10, class:thunderbird"
+        "float, class:qalculate-gtk"
+        "tile, class:MATLAB, title:MATLAB"
+      ];
+
+      # Workspace rules
+      workspace =
+        [
+          # smart gaps (none when only one window in workspace)
+          "w[t1], gapsin:0, gapsout:0, border:1"
+          "w[tg1], gapsin:0, gapsout:0, border:1"
+          "f[1], gapsin:0, gapsout:0, border:1"
+        ]
+        # builds like "1, e-DP1" "2, HDMI-1" etc.
+        ++ builtins.concatLists (
+          map (monitor: map (ws: "${ws}, monitor:${monitor.name}") monitor.workspaces) config.monitors
+        );
+
+      # Mouse binds
+      bindm = [
+        "$mod, mouse:272, movewindow" # leftclick
+        "$mod, mouse:273, resizewindow" # rightclick
+      ];
+
+      # binds
+      bind =
+        [
+          # compositor commands
+          #
+          #
+          "$mod, R, submap, resize"
+          "$mod, O, submap, open"
+          #
+
+          "$mod, SPACE, focuswindow, floating"
+          "$mod SHIFT, SPACE, togglefloating,"
+          "$mod, F, fullscreen,"
+          "$mod, X, killactive,"
+
+          "$mod, -, togglesplit," # dwindle
+
+          # opening applications
+          "$mod, D, exec, wofi --show drun,run"
+          "$mod, E, exec, pcmanfm"
+          "$mod, Return, exec, ${config.terminal}"
+          "$mod, B, exec, firefox"
+          "$mod, C, exec, qalculate-gtk"
+
+          # other commands
+          "$mod SHIFT, E, exec, wlogout -p layer-shell"
+          "$mod, Escape, exec, wlogout -p layer-shell"
+          "$mod SHIFT, R, exec, hyprctl reload"
+          "$mod, Print, exec, hyprshot-gui"
+          ", Print, exec, hyprshot-gui"
+          "$mod, P, exec, toggle-screen-mirroring; correct-workspace-locations"
+
+          # "$mod SHIFT, E, exec, pkill Hyprland"
+          # "$mod, G, togglegroup,"
+          # "$mod SHIFT, N, changegroupactive, f"
+          # "$mod SHIFT, P, changegroupactive, b"
+          # "$mod ALT, ,resizeactive,"
+
+          # media keys
+          ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
+          ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
+          ", XF86AudioPlay, exec, playerctl play-pause"
+          ", XF86AudioPause, exec, playerctl pause"
+          ", XF86AudioStop, exec, playerctl stop"
+          ", XF86AudioNext, exec, playerctl next"
+          ", XF86AudioPrev, exec, playerctl previous"
+          ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+          ", XF86MonBrightnessUp, exec, brightnessctl --class backlight set 5%+"
+          ", XF86MonBrightnessDown, exec, brightnessctl --class backlight set 5%-"
+
+          # move focus
+          "$mod, left, movefocus, l"
+          "$mod, H, movefocus, l"
+          "$mod, right, movefocus, r"
+          "$mod, L, movefocus, r"
+          "$mod, up, movefocus, u"
+          "$mod, K, movefocus, u"
+          "$mod, down, movefocus, d"
+          "$mod, J, movefocus, d"
+
+          # move window
+          "$mod SHIFT, left, movewindow, l"
+          "$mod SHIFT, H, movewindow, l"
+          "$mod SHIFT, right, movewindow, r"
+          "$mod SHIFT, L, movewindow, r"
+          "$mod SHIFT, up, movewindow, u"
+          "$mod SHIFT, K, movewindow, u"
+          "$mod SHIFT, down, movewindow, d"
+          "$mod SHIFT, J, movewindow, d"
+
+          # Switch workspaces with mainMod + [0-9]
+          "$mod, 1, workspace, 1"
+          "$mod, 2, workspace, 2"
+          "$mod, 3, workspace, 3"
+          "$mod, 4, workspace, 4"
+          "$mod, 5, workspace, 5"
+          "$mod, 6, workspace, 6"
+          "$mod, 7, workspace, 7"
+          "$mod, 8, workspace, 8"
+          "$mod, 9, workspace, 9"
+          "$mod, 0, workspace, 10"
+
+          # Move active window to a workspace with mainMod + SHIFT + [0-9]
+          "$mod SHIFT, 1, movetoworkspace, 1"
+          "$mod SHIFT, 2, movetoworkspace, 2"
+          "$mod SHIFT, 3, movetoworkspace, 3"
+          "$mod SHIFT, 4, movetoworkspace, 4"
+          "$mod SHIFT, 5, movetoworkspace, 5"
+          "$mod SHIFT, 6, movetoworkspace, 6"
+          "$mod SHIFT, 7, movetoworkspace, 7"
+          "$mod SHIFT, 8, movetoworkspace, 8"
+          "$mod SHIFT, 9, movetoworkspace, 9"
+          "$mod SHIFT, 0, movetoworkspace, 10"
+
+          # Move active window to a workspace without following with mainMod + CTRL + [0-9]
+          "$mod CTRL, 1, movetoworkspacesilent, 1"
+          "$mod CTRL, 2, movetoworkspacesilent, 2"
+          "$mod CTRL, 3, movetoworkspacesilent, 3"
+          "$mod CTRL, 4, movetoworkspacesilent, 4"
+          "$mod CTRL, 5, movetoworkspacesilent, 5"
+          "$mod CTRL, 6, movetoworkspacesilent, 6"
+          "$mod CTRL, 7, movetoworkspacesilent, 7"
+          "$mod CTRL, 8, movetoworkspacesilent, 8"
+          "$mod CTRL, 9, movetoworkspacesilent, 9"
+          "$mod CTRL, 0, movetoworkspacesilent, 10"
+        ]
+        ++
+        # Screen lock
+        (
+          let
+            swaylock = lib.getExe config.programs.swaylock.package;
+          in
+            lib.optionals config.programs.swaylock.enable [
+              "$mod,TAB,exec,${swaylock} --daemonize"
+            ]
+        )
+        ++
+        # Notification manager
+        (
+          let
+            makoctl = lib.getExe' config.services.mako.package "makoctl";
+          in
+            lib.optionals config.services.mako.enable [
+              "$mod,w,exec,${makoctl} dismiss"
+              "$mod SHIFT,W,exec,${makoctl} restore"
+            ]
+        );
+
+      # plugin = {
+      #   hyprbars = {
+      #     bar_text_size = 10;
+      #     bar_height = 16;
+      #     bar_text_font = "Ubuntu Nerd Font";
+      #     bar_precedence_over_border = true;
+      #     bar_color = "rgb(${palette.base01})";
+
+      #     hyprbars-button = [ "rgb(${palette.base03}), 14, 󰖭, hyprctl dispatch killactive" ];
+      #   };
+      # };
+    };
+  };
+}

features-home-manager/hyprland/hyprlock/default.nix

@@ -0,0 +1,46 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  programs.hyprlock.enable = true;
+  programs.hyprlock.settings = {
+    general = {
+      disable_loading_bar = true;
+      hide_cursor = true;
+      ignore_empty_input = true;
+    };
+
+    background = [
+      {
+        color = "#${palette.base00}";
+        # path = "screenshot";
+        # blur_passes = 3;
+        # blur_size = 8;
+      }
+    ];
+
+    input-field = [
+      {
+        size = "200, 50";
+        position = "0, -80";
+        monitor = "";
+        dots_center = true;
+        fade_on_empty = false;
+        font_color = "#${palette.base0B}";
+        inner_color = "#${palette.base01}";
+        outer_color = "#${palette.base05}";
+        outline_thickness = 5;
+        placeholder_text = "Password...";
+      }
+    ];
+  };
+}

features-home-manager/hyprland/mako/default.nix

@@ -0,0 +1,30 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [libnotify];
+
+  services.mako = {
+    enable = true;
+    settings = {
+      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
+      backgroundColor = "#${palette.base00}";
+      textColor = "#${palette.base05}";
+      borderColor = "#${palette.base0D}";
+      progressColor = "over #${palette.base02}";
+      extraConfig = ''
+          [urgency=high]
+          border-color=#${palette.base09}
+        # '';
+    };
+  };
+}

features-home-manager/hyprland/swayidle.nix

@@ -31,7 +31,7 @@
 in {
   services.swayidle = {
     enable = true;
-    systemdTargets = ["graphical-session.target"];
+    systemdTarget = "graphical-session.target";
     timeouts =
       # Lock screen
       [

features-home-manager/hyprland/swaylock.nix

@@ -1,7 +1,14 @@
 {
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (config.colorscheme) colors;
+in {
   programs.swaylock = {
     enable = true;
     settings = {
+      color = "000000";
       ignore-empty-password = true;
       indicator-idle-visible = false;
     };

features-home-manager/hyprland/toggle-screen-mirroring.sh

@@ -0,0 +1,67 @@
+#! /usr/bin/env sh
+
+# A hyprland script for a laptop-external-monitor setup, toggling between which is in use
+
+# Launch at startup to make hyprland disable the internal monitor if an external monitor is detected and enabled
+# Additionally it's called with a keybind to switch between a laptop monitor and an external display
+# Ideally the conditional monitor behaviour was instead done directly in hyprland.conf, but I'm not sure whether that's possible
+#
+# Relevant info:
+# - hyprctl monitors: identifies currently enabled monitors
+# - hyprctl monitors all: identifies ALL connected monitors - including those not in use
+#
+# Suggested use:
+# Add this line somewhere after the regular monitor configuration in hyprland.conf:
+# exec = /path/to/hyprland-monitors-toggle.sh
+# Add a keybind to run this script on demand:
+# bind =,SomeKeyHere, exec, /path/to/hyprland-monitors-toggle.sh
+
+#move_all_workspaces_to_monitor() {
+#  TARGET_MONITOR="$1"
+
+#  hyprctl workspaces | grep ^workspace | cut --delimiter ' ' --fields 3 | xargs -I '{}' hyprctl dispatch moveworkspacetomonitor '{}' "$TARGET_MONITOR"
+
+#  # Previous approach
+#  #hyprctl swapactiveworkspaces $EXTERNAL_MONITOR $INTERNAL_MONITOR
+#}
+
+# TODO: Detect these instead of hardcoding them
+INTERNAL_MONITOR="eDP-1"
+EXTERNAL_MONITOR="HDMI-A-1"
+
+# NUM_MONITORS=$(hyprctl monitors all | grep --count Monitor)
+# NUM_MONITORS_ACTIVE=$(hyprctl monitors | grep --count Monitor)
+
+# Make sure all
+# if [ "$NUM_MONITORS_ACTIVE" -eq 1 ]; then
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     exit
+# fi
+
+MIRROR_SETTING=$(hyprctl monitors all -j | jq -r '.[] | select(.name == "HDMI-A-1") | .mirrorOf')
+
+# # For dynamically toggling which monitor is active later via a keybind
+# if [ "$NUM_MONITORS" -gt 1 ]; then # Handling multiple monitors
+#   if hyprctl monitors | cut --delimiter ' ' --fields 2 | grep --quiet ^$EXTERNAL_MONITOR; then
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     hyprctl keyword monitor "$EXTERNAL_MONITOR, disable"
+#   else
+#     hyprctl keyword monitor $EXTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $EXTERNAL_MONITOR
+#     hyprctl keyword monitor "$INTERNAL_MONITOR, disable"
+#   fi
+# else  # If the external monitor is disconnected without running this script first, it might become the case that no monitor is on - therefore turn on the laptop monitor!
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+# fi
+
+echo setting:
+echo $MIRROR_SETTING
+if [ "$MIRROR_SETTING" = "none" ]; then
+    echo "mirroring..."
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1, mirror, $INTERNAL_MONITOR"
+else
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, disable" # shortly disable monitor so waybar recognizes the new monitor again # TODO: find better solution
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1"
+fi

features-home-manager/hyprland/waybar/default.nix

@@ -1,8 +1,13 @@
-{config, ...}: let
-  palette = config.lib.stylix.colors;
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}: let
+  palette = (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name}).palette;
 in {
-  stylix.targets.waybar.enable = false;
-
   programs.waybar = {
     enable = true;
     # systemd.enable = true;

features-home-manager/hyprland/wlogout/default.nix

@@ -0,0 +1,39 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wlogout];
+
+  # xdg.configFile."wlogout/style.css".text = ''
+  #    * {
+  #      all: unset;
+  #      font-family: JetBrains Mono Nerd Font;
+  #    }
+
+  #    window {
+  #      background-color: #${palette.base00};
+  #    }
+
+  #    button {
+  #      color: #${palette.base01};
+  #      font-size: 64px;
+  #      background-color: rgba(0,0,0,0);
+  #      outline-style: none;
+  #      margin: 5px;
+  #   }
+
+  #    button:focus, button:active, button:hover {
+  #      color: #${palette.base0D};
+  #      transition: ease 0.4s;
+  #    }
+  # '';
+}

features-home-manager/hyprland/wofi/default.nix

@@ -0,0 +1,86 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wofi];
+
+  xdg.configFile."wofi/config".source = ./config;
+  xdg.configFile."wofi/style.css".text = ''
+    window {
+        margin: 5px;
+        border: 5px solid #181926;
+        background-color: #${palette.base00};
+        border-radius: 15px;
+        font-family: "JetBrainsMono";
+        font-size: 14px;
+      }
+
+      #input {
+        all: unset;
+        min-height: 36px;
+        padding: 4px 10px;
+        margin: 4px;
+        border: none;
+        color: #${palette.base05};
+        font-weight: bold;
+        background-color: #${palette.base01};
+        outline: none;
+        border-radius: 15px;
+        margin: 10px;
+        margin-bottom: 2px;
+      }
+
+      #inner-box {
+        margin: 4px;
+        padding: 10px;
+        font-weight: bold;
+        border-radius: 15px;
+      }
+
+      #outer-box {
+        margin: 0px;
+        padding: 3px;
+        border: none;
+        border-radius: 15px;
+        border: 5px solid #${palette.base01};
+      }
+
+      #scroll {
+        margin-top: 5px;
+        border: none;
+        border-radius: 15px;
+        margin-bottom: 5px;
+      }
+
+      #text:selected {
+        color: #${palette.base01};
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+      }
+
+      #entry {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background-color: transparent;
+      }
+
+      #entry:selected {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background: #${palette.base0D};
+        background-size: 400% 400%;
+      }
+  '';
+}

features-home-manager/hyprland/zathura.nix

@@ -0,0 +1,33 @@
+{config, ...}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.zathura = {
+    enable = true;
+    options = {
+      selection-clipboard = "clipboard";
+      # TODO fix
+      # font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}";
+      # recolor = true;
+      # default-bg = "${colors.surface}";
+      # default-fg = "${colors.surface_bright}";
+      # statusbar-bg = "${colors.surface_container}";
+      # statusbar-fg = "${colors.on_surface_variant}";
+      # inputbar-bg = "${colors.surface}";
+      # inputbar-fg = "${colors.on_secondary}";
+      # notification-bg = "${colors.surface}";
+      # notification-fg = "${colors.on_secondary}";
+      # notification-error-bg = "${colors.error}";
+      # notification-error-fg = "${colors.on_error}";
+      # notification-warning-bg = "${colors.error}";
+      # notification-warning-fg = "${colors.on_error}";
+      # highlight-color = "${colors.tertiary}";
+      # highlight-active-color = "${colors.secondary}";
+      # completion-bg = "${colors.surface_bright}";
+      # completion-fg = "${colors.on_surface}";
+      # completions-highlight-bg = "${colors.secondary}";
+      # completions-highlight-fg = "${colors.on_secondary}";
+      # recolor-lightcolor = "${colors.surface}";
+      # recolor-darkcolor = "${colors.inverse_surface}";
+    };
+  };
+}

features-home-manager/i3/default.nix

@@ -22,9 +22,9 @@
   # Prevent screen from going blank (check these settings with `xset q`)
   # And disable bell sound (b)
   xsession.initExtra = ''
-    ${pkgs.xset}/bin/xset s off
-    ${pkgs.xset}/bin/xset -dpms
-    ${pkgs.xset}/bin/xset b off
+    ${pkgs.xorg.xset}/bin/xset s off
+    ${pkgs.xorg.xset}/bin/xset -dpms
+    ${pkgs.xorg.xset}/bin/xset b off
   '';
   xsession.windowManager.i3 = {
     enable = true;

features-home-manager/neovim/default.nix

@@ -18,7 +18,7 @@
     fd
     stylua
     black
-    nixfmt # nixfmt
+    nixfmt-rfc-style # nixfmt
   ];
 
   programs.nixvim = {

features-home-manager/suites/cli/default.nix

@@ -37,7 +37,7 @@
     usbutils # lsusb
     wget
     wireguard-tools # wg-quick
-    xkill
+    xorg.xkill
     zip
     dig
 

features-home-manager/suites/desktop/default.nix

@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  # imports = [./stylix.nix];
+  imports = [../../gtk];
 
   services.blueman-applet.enable = true;
   services.nextcloud-client.enable = true;
@@ -9,8 +9,6 @@
   services.syncthing.tray.enable = true;
   services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
 
-  gtk.gtk4.theme = null; # Fix evaluation warning since using old home manager version
-
   programs.chromium = {
     enable = true;
     extensions = [
@@ -41,7 +39,7 @@
     # kitty # Terminal, already available as feature
     libnotify
     libreoffice
-    engrampa
+    mate.engrampa
     nomacs # Image viewer
     kdePackages.okular # Pdf reader with many features, good for commenting documents
     pavucontrol
@@ -54,11 +52,12 @@
     # rustdesk
     tor-browser
     rusty-path-of-building # Path of Building for poe1 and poe2
+    # frajul.pob-dev-version # Path of Building
     vlc
-    wineWow64Packages.stable # 32-bit and 64-bit wine
+    wineWowPackages.stable # 32-bit and 64-bit wine
     winetricks
     xclip # x11 clipboard access from terminal
-    mousepad # simple text editor
+    xfce.mousepad # simple text editor
     xournalpp # Edit pdf files
     zoom-us # Video conferencing
     zotero # Manage papers and other sources
@@ -70,5 +69,6 @@
     ## My scripts
     frajul.open-messaging
     frajul.xwacomcalibrate
+    frajul.pob2-frajul
   ];
 }

features-home-manager/suites/development/default.nix

@@ -65,13 +65,9 @@
     sops
     pandoc # markdown preview
     docker-compose
-    mise
-
-    mise
 
     ## My scripts
     frajul.deploy-to-pianopi
-    frajul.smath-studio
     # frajul.rtklib
 
     (pkgs.writeShellScriptBin "matlab-rsp" ''

features-home-manager/yazi/default.nix

@@ -16,8 +16,11 @@
     xclip
   ];
 
+  home.shellAliases = {
+    y = "yy"; # Yazi shell wrapper (cd on quit)
+  };
+
   programs.yazi.enable = true;
-  programs.yazi.shellWrapperName = "y";
   programs.yazi.enableFishIntegration = true;
   programs.yazi.settings.manager = {
     sort_by = "mtime";

features-home-manager/zsh/default.nix

@@ -3,9 +3,9 @@
   pkgs,
   ...
 }: {
-  # home.file = {
-  #   ".config/starship.toml".source = ./starship.toml;
-  # };
+  home.file = {
+    ".config/starship.toml".source = ./starship.toml;
+  };
 
   home.packages = with pkgs; [starship];
 

features-nixos/base/auto-upgrade.nix

@@ -0,0 +1,18 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: {
+    system.hydraAutoUpgrade = {
+      # Only enable if not dirty
+      enable = inputs.self ? rev;
+      dates = "*:0/10"; # Every 10 minutes
+      instance = "http://hydra.julian-mutter.de";
+      project = "dotfiles";
+      jobset = "main";
+      job = "hosts.${config.networking.hostName}";
+      oldFlakeRef = "self";
+    };
+  };
+}

features-nixos/base/default.nix

@@ -0,0 +1,40 @@
+# Common config for all hosts
+{
+  flake.nixosModules.base = {
+    inputs,
+    outputs,
+    pkgs,
+    lib,
+    ...
+  }: {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+    ];
+
+    # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+    # Enables non-free firmware
+    hardware.enableRedistributableFirmware = true;
+
+    # Networking
+    networking.networkmanager = {
+      enable = true;
+      plugins = with pkgs; [
+        networkmanager-openconnect
+      ];
+    };
+    services.resolved.enable = false;
+    # MDNS Taken by avahi
+    # networking.networkmanager.dns = "none";
+    networking.nameservers = lib.mkDefault [
+      "1.1.1.1"
+      "8.8.8.8"
+    ];
+
+    # HM module
+    home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+    home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
+    home-manager.extraSpecialArgs = {
+      inherit inputs outputs;
+    };
+  };
+}

features-nixos/base/fish.nix

@@ -0,0 +1,12 @@
+{
+  flake.nixosModules.base = {
+    programs.fish = {
+      enable = true;
+      vendor = {
+        completions.enable = true;
+        config.enable = true;
+        functions.enable = true;
+      };
+    };
+  };
+}

features-nixos/base/locale.nix

@@ -0,0 +1,28 @@
+{
+  flake.nixosModules.base = {
+    # Select internationalisation properties.
+    i18n.defaultLocale = "en_US.UTF-8";
+
+    i18n.extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+
+    # Keymap
+    services.xserver.xkb = {
+      layout = "de";
+      variant = "";
+    };
+
+    console.keyMap = "de";
+
+    time.timeZone = "Europe/Berlin";
+  };
+}

features-nixos/base/nix.nix

@@ -0,0 +1,48 @@
+{
+  flake.nixosModules.base = {outputs, ...}: {
+    # Apply overlays
+    nixpkgs = {
+      # TODO: apply this to hm and nixos without duplicate code
+      overlays = builtins.attrValues outputs.overlays;
+      config = {
+        nvidia.acceptLicense = true;
+        allowUnfree = true;
+        allowUnfreePredicate = _: true; # TODO: what is this
+        warn-dirty = false;
+        permittedInsecurePackages = [
+          "olm-3.2.16"
+        ];
+      };
+    };
+
+    # optimize at every build, slows down builds
+    # better to do optimise.automatic for regular optimising
+    # nix.settings.auto-optimise-store = lib.mkDefault true;
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+    ];
+    # warn-dirty = false;
+
+    nix.gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+      persistent = true;
+    };
+    nix.optimise = {
+      automatic = true;
+      dates = ["weekly"]; # Optional; allows customizing optimisation schedule
+      persistent = true;
+    };
+
+    programs.nix-ld.enable = true;
+
+    # TODO: is this useful?, what does it do?
+    # nix.settings.flake-registry = ""; # Disable global flake registry
+    # Add each flake input as a registry and nix_path
+    # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+    # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+}

features-nixos/base/root.nix

@@ -0,0 +1,11 @@
+{
+  flake.nixosModules.base = {pkgs, ...}: {
+    # Packages needed as root
+    environment.systemPackages = with pkgs; [
+      vim
+      htop
+      mc
+      gparted-xhost # needs to be installed as system package so it can be actually opened
+    ];
+  };
+}

features-nixos/base/sops/secrets.yaml

@@ -1,8 +1,14 @@
 #ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
 julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
+wifi:
+    pianonix: ENC[AES256_GCM,data:Ty1wElfVj+CU9bTbpuYIk2dA4fgFm59PkQGqvODn51Q=,iv:bLomyTlOW2Z4rPbue7Klo6Jt5lR+44AuL+dIMFgDNAE=,tag:DuH2ayeb19dkPi9xmbAu3A==,type:str]
 syncthing:
     public-keys:
         aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
+        pianonix: ENC[AES256_GCM,data:pUJPXH47VG363aIoxZwmbVe3uBoO7EO2TflK4f761C7PwD0tFNthZt9HRE6gQXAMQMF6qWzNK3CNGspSzKsE,iv:E89oz8BG5iQW/mRzdxSrYewGeVLiCrTcAF+c9ny6gPc=,tag:rLqwUmFDsaOMClR1tbE1sA==,type:str]
+    pianonix:
+        key: ENC[AES256_GCM,data:IaCXIRDMWCHj3lTKpkLg1Nd3pX4bktWg4WjZPGKgTBCLVkMi/SDtlaoNhDz+a+Vt6jYTXHS4exFnIVJ878nWSrA1sD2NHXmfsMh1kkLhub68qv0M33dBXvgX0vQ51Z1WMoti73yDUjJH8Ym5yF/SCg2+RbkVf+4pe2hSlAzwkGP6YC2rbCE5sZG31C55MkaGC6zwo2ZpZXdVhCW845SqAc11cF/OeEHb9B1FS3rd+El7rlJHrIEVQTkomNLshcspb13H0z3vNhtfu9pPkGxee8Hp/hEhFQ+waWBAg4w15yKihjHJmhzdjhDHCilvwYaceb7b5OwARuuiruQ+cJ40bdnStDpi2ouP8QJjEi7tmKWeplZ0X70PVZJFH/e/mTH5,iv:3hQMB4ka31w3chXXwjl/1IHF8ES/RobZVeugMC3ddlU=,tag:j8wwrNQUQbCEGtcriSpc4g==,type:str]
+        cert: ENC[AES256_GCM,data:v9LO8qpeGDDV6I+AJU5iTYKKBV6qgr1ddwLvBVEOYyvmtPNeqaatYaK6vMBCabBIhxQu2NC96pREvWu1UHbxaMWvSCT1TzrIPrcFm+gKCH6PIPhqcnQpdGa3OYn01ohThpLp8hEmVUpJ0FO/AnE1QHK0VfPqJ3S0uHLjSCBJtxLmcBWNVvlcTU/P68QIQkrYAQRAtz9aDS+JNpUKhwCJBgjpY1Thj8Lj/fpc1t0qWo3BKIL3eW5iSlUW0iEriFS0bkMr4Bi9mNqpO26l1eZ3IXFJy/7pkqhmXXW83qOaF9AFXgg41p1Kjw4G6isB/obuhR7Z4oQ/AtkSU0wxHP4mF0AWrvC7/YGlrDG9aPYUEWOexTTBHkm89PhgEa69sekbzac7mYYFi/MIdU34ks4oc8ZIChWpT+V66mbo4f+3mn7raih5SLnyEMS7ENBes9cQC7SghSpB7D8c/2+q74A5aEZHUWRhqiDEx9IggP43SiWuNnb/HyZw16RUB7xnQKPs7LzAVlLC6M7ZETUmyEDEWWOsDY8+0Li4wuD3z4WXLAD9nP43TMx4GNoafjG+0Gu05hSR8fWv8strRCtIWjzK3wMaD9VT/cbt2oqOBkJcaqIW8+lM+ktk1WsD4Kc1DQ4q5O2oMrdPOWI9xZOs7DQTFshLHuvxutN05vgEUovI1vbMOl7SIzUW8YUY9PN0ofC7zwQlEJxfOdqT0nwv9vmqikSMP6V3jXgP5OnPb4KVx8G27X0oCjN++dJgDxdkh2JiLR9JaJHNmYPtLlP7hU4NsBpRpd9ObxRlv+uIbF2o0I8PGXMo3IVnRjrFDrRyoth2UJ+YUMGCVuonoS+nZLMCNz1xwRMaZBYjSEESmxc2Ilwdu3XTzd1KF282UvumBpRwcNxvsmPhI84v/XV8TJE8Z7YxyO3RYBQHD5+OuHOHKTtlajnKpSp/m0p0QR7rrGFoDuDKp+Z81MKz8wz3/8GG+sDh0pgniUfNyrmLroLPdT6nj0brvSVWYmOIJHDHKqM+6HZok5PyS+uHlb5dzwnmrd9OmhmwPVdkP5s=,iv:X9VNz2nsN4ywu3E0c+agwZCl43I4bt6jHz0jMoMFTJQ=,tag:RZUWa4h5JoIiZaDrYgcAeg==,type:str]
 sops:
     age:
         - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
@@ -41,7 +47,7 @@ sops:
             VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
             AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-23T19:37:41Z"
-    mac: ENC[AES256_GCM,data:nd4HHv/KfoLj5qGINngvWZX9XdYqtmJnUREo0BOO2JZgYR3AVw0ppmGhj1RFy1bVKdfll/fMoD5tGNc3UQJPB0j2g/1pj47AF44V0d1J79RP6dwov30rr0QnsXVt7P9EOFL/W6TRugYO9J7LZs+tpsSALfwNPTfnulSJQtaJdG4=,iv:EKfq4eKyv1HeMy/zS+V3OKpdL9IVjE5mg8iuz8OPgso=,tag:W8+CZLnYuNbnKRS1kqhY0w==,type:str]
+    lastmodified: "2025-04-23T07:00:17Z"
+    mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.1

features-nixos/base/sops/sops.nix

@@ -0,0 +1,24 @@
+{
+  flake.nixosModules.base = {
+    inputs,
+    config,
+    ...
+  }: let
+    isEd25519 = k: k.type == "ed25519";
+    getKeyPath = k: k.path;
+    keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+  in {
+    imports = [inputs.sops-nix.nixosModules.sops];
+
+    sops.age = {
+      sshKeyPaths = map getKeyPath keys;
+
+      # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
+      # keyFile = "/home/julian/.config/sops/age/keys.txt";
+      # Generate key if none of the above worked. With this, building will still work, just without secrets
+      generateKey = false; # TODO: building should not work without secrets!?
+    };
+
+    sops.defaultSopsFile = ./secrets.yaml;
+  };
+}

features-nixos/global/auto-upgrade.nix

@@ -1,16 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}: {
-  system.hydraAutoUpgrade = {
-    # Only enable if not dirty
-    enable = inputs.self ? rev;
-    dates = "*:0/10"; # Every 10 minutes
-    instance = "http://hydra.julian-mutter.de";
-    project = "dotfiles";
-    jobset = "main";
-    job = "hosts.${config.networking.hostName}";
-    oldFlakeRef = "self";
-  };
-}

features-nixos/global/default.nix

@@ -1,48 +0,0 @@
-# Common config for all hosts
-{
-  inputs,
-  outputs,
-  pkgs,
-  lib,
-  ...
-}: {
-  imports =
-    [
-      ./fish.nix # fish for admin
-      ./locale.nix
-      ./nix.nix
-      ./sops.nix
-      ./root.nix
-      ./stylix.nix
-    ]
-    ++ [
-      inputs.home-manager.nixosModules.home-manager
-    ]
-    ++ (builtins.attrValues outputs.nixosModules);
-
-  # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
-  # Enables non-free firmware
-  hardware.enableRedistributableFirmware = true;
-
-  # Networking
-  networking.networkmanager = {
-    enable = true;
-    plugins = with pkgs; [
-      networkmanager-openconnect
-    ];
-  };
-  services.resolved.enable = false;
-  # MDNS Taken by avahi
-  # networking.networkmanager.dns = "none";
-  networking.nameservers = lib.mkDefault [
-    "1.1.1.1"
-    "8.8.8.8"
-  ];
-
-  # HM module
-  home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
-  home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
-  home-manager.extraSpecialArgs = {
-    inherit inputs outputs;
-  };
-}

features-nixos/global/fish.nix

@@ -1,10 +0,0 @@
-{
-  programs.fish = {
-    enable = true;
-    vendor = {
-      completions.enable = true;
-      config.enable = true;
-      functions.enable = true;
-    };
-  };
-}

features-nixos/global/locale.nix

@@ -1,26 +0,0 @@
-{
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
-  };
-
-  # Keymap
-  services.xserver.xkb = {
-    layout = "de";
-    variant = "";
-  };
-
-  console.keyMap = "de";
-
-  time.timeZone = "Europe/Berlin";
-}

features-nixos/global/nix.nix

@@ -1,45 +0,0 @@
-{outputs, ...}: {
-  # Apply overlays
-  nixpkgs = {
-    overlays = builtins.attrValues outputs.overlays;
-    config = {
-      nvidia.acceptLicense = true;
-      allowUnfree = true;
-      allowUnfreePredicate = _: true; # TODO: what is this
-      warn-dirty = false;
-      permittedInsecurePackages = [
-        "olm-3.2.16"
-      ];
-    };
-  };
-
-  # optimize at every build, slows down builds
-  # better to do optimise.automatic for regular optimising
-  # nix.settings.auto-optimise-store = lib.mkDefault true;
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-    "ca-derivations"
-  ];
-  # warn-dirty = false;
-
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
-    persistent = true;
-  };
-  nix.optimise = {
-    automatic = true;
-    dates = ["weekly"]; # Optional; allows customizing optimisation schedule
-    persistent = true;
-  };
-
-  programs.nix-ld.enable = true;
-
-  # TODO: is this useful?, what does it do?
-  # nix.settings.flake-registry = ""; # Disable global flake registry
-  # Add each flake input as a registry and nix_path
-  # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
-  # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
-}

features-nixos/global/root.nix

@@ -1,9 +0,0 @@
-{pkgs, ...}: {
-  # Packages needed as root
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    mc
-    gparted-xhost # needs to be installed as system package so it can be actually opened
-  ];
-}

features-nixos/global/sops.nix

@@ -1,23 +0,0 @@
-{
-  pwd,
-  inputs,
-  config,
-  ...
-}: let
-  isEd25519 = k: k.type == "ed25519";
-  getKeyPath = k: k.path;
-  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
-in {
-  imports = [inputs.sops-nix.nixosModules.sops];
-
-  sops.age = {
-    sshKeyPaths = map getKeyPath keys;
-
-    # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
-    # keyFile = "/home/julian/.config/sops/age/keys.txt";
-    # Generate key if none of the above worked. With this, building will still work, just without secrets
-    generateKey = false; # TODO: building should not work without secrets!?
-  };
-
-  sops.defaultSopsFile = "${pwd}/hosts/secrets-common.yaml";
-}

features-nixos/global/stylix.nix

@@ -1,32 +0,0 @@
-{
-  pkgs,
-  inputs,
-  ...
-}: {
-  imports = [inputs.stylix.nixosModules.stylix];
-
-  stylix.enable = true;
-  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
-
-  stylix.fonts = {
-    serif = {
-      package = pkgs.dejavu_fonts;
-      name = "DejaVu Serif";
-    };
-
-    sansSerif = {
-      package = pkgs.dejavu_fonts;
-      name = "DejaVu Sans";
-    };
-
-    monospace = {
-      package = pkgs.dejavu_fonts;
-      name = "DejaVu Sans Mono";
-    };
-
-    emoji = {
-      package = pkgs.noto-fonts-color-emoji;
-      name = "Noto Color Emoji";
-    };
-  };
-}

features-nixos/optional/authentication.nix

@@ -1,28 +1,30 @@
 {
-  pkgs,
-  lib,
-  ...
-}: {
-  # Make programs like nextcloud client access saved passwords
-  services.gnome.gnome-keyring.enable = true;
+  flake.nixosModules.authentication = {
+    pkgs,
+    lib,
+    ...
+  }: {
+    # Make programs like nextcloud client access saved passwords
+    services.gnome.gnome-keyring.enable = true;
 
-  programs.seahorse.enable = true;
-  programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+    programs.seahorse.enable = true;
+    programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
 
-  # Make authentication work for e.g. gparted
-  security.polkit.enable = true;
-  systemd = {
-    user.services.polkit-gnome-authentication-agent-1 = {
-      description = "polkit-gnome-authentication-agent-1";
-      wantedBy = ["graphical-session.target"];
-      wants = ["graphical-session.target"];
-      after = ["graphical-session.target"];
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-        Restart = "on-failure";
-        RestartSec = 1;
-        TimeoutStopSec = 10;
+    # Make authentication work for e.g. gparted
+    security.polkit.enable = true;
+    systemd = {
+      user.services.polkit-gnome-authentication-agent-1 = {
+        description = "polkit-gnome-authentication-agent-1";
+        wantedBy = ["graphical-session.target"];
+        wants = ["graphical-session.target"];
+        after = ["graphical-session.target"];
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+          Restart = "on-failure";
+          RestartSec = 1;
+          TimeoutStopSec = 10;
+        };
       };
     };
   };

features-nixos/optional/avahi.nix

@@ -1,12 +1,14 @@
 {
-  # MDNS on local network
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-    nssmdns6 = true;
-    publish.enable = true;
-    publish.addresses = true;
-    ipv4 = true;
-    ipv6 = true;
+  flake.nixosModules.avahi = {
+    # MDNS on local network
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      nssmdns6 = true;
+      publish.enable = true;
+      publish.addresses = true;
+      ipv4 = true;
+      ipv6 = true;
+    };
   };
 }

features-nixos/optional/binarycaches.nix

@@ -1,33 +1,33 @@
 {
-  lib,
-  outputs,
-  ...
-}: {
-  # Setup binary caches
-  nix.settings = {
-    substituters = [
-      "https://nix-community.cachix.org"
-      "https://cache.nixos.org/"
-      "https://hyprland.cachix.org"
-      # "http://binarycache.julian-mutter.de"
-      "https://devenv.cachix.org"
-      "https://noctalia.cachix.org"
-    ];
-    trusted-public-keys = [
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
-      "noctalia.cachix.org-1:pCOR47nnMEo5thcxNDtzWpOxNFQsBRglJzxWPp3dkU4="
-    ];
+  flake.nixosModules.binarycaches = {
+    lib,
+    outputs,
+    ...
+  }: {
+    # Setup binary caches
+    nix.settings = {
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+        "https://hyprland.cachix.org"
+        "http://binarycache.julian-mutter.de"
+        "https://devenv.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+      ];
 
-    trusted-users = [
-      "root"
-      "@wheel"
-    ]; # needed for devenv to add custom caches
+      trusted-users = [
+        "root"
+        "@wheel"
+      ]; # needed for devenv to add custom caches
 
-    # Ensure we can still build when missing-server is not accessible
-    fallback = true;
+      # Ensure we can still build when missing-server is not accessible
+      fallback = true;
+    };
   };
 }

features-nixos/optional/boot-efi.nix

@@ -1,17 +1,19 @@
 {
-  # Bootloader
-  # Use this for simple nix boot menu, if no dual boot required
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.configurationLimit = 10;
-  boot.loader.efi.canTouchEfiVariables = true;
+  flake.nixosModules.boot-efi = {
+    # Bootloader
+    # Use this for simple nix boot menu, if no dual boot required
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.configurationLimit = 10;
+    boot.loader.efi.canTouchEfiVariables = true;
 
-  # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
-  boot.loader.systemd-boot.editor = false;
+    # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
+    boot.loader.systemd-boot.editor = false;
 
-  boot.supportedFilesystems = [
-    "btrfs"
-    "ntfs"
-    "nfs"
-    "cifs"
-  ];
+    boot.supportedFilesystems = [
+      "btrfs"
+      "ntfs"
+      "nfs"
+      "cifs"
+    ];
+  };
 }

features-nixos/optional/docker.nix

@@ -1,5 +1,7 @@
 {
-  virtualisation.docker = {
-    enable = true;
+  flake.nixosModules.docker = {
+    virtualisation.docker = {
+      enable = true;
+    };
   };
 }

features-nixos/optional/flatpak.nix

@@ -1,6 +1,8 @@
-{pkgs, ...}: {
-  services.flatpak.enable = true;
-  xdg.portal.enable = true;
-  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
-  xdg.portal.config.common.default = "*"; # Use first portal implementation found
+{
+  flake.nixosModules.flatpak = {pkgs, ...}: {
+    services.flatpak.enable = true;
+    xdg.portal.enable = true;
+    xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+    xdg.portal.config.common.default = "*"; # Use first portal implementation found
+  };
 }

features-nixos/optional/gamemode.nix

@@ -1,20 +1,22 @@
-{pkgs, ...}: {
-  programs.gamemode = {
-    enable = true;
-    settings = {
-      general = {
-        softrealtime = "auto";
-        inhibit_screensaver = 1;
-        renice = 5;
-      };
-      # gpu = {
-      #   apply_gpu_optimisations = "accept-responsibility";
-      #   gpu_device = 1;
-      #   amd_performance_level = "high";
-      # };
-      custom = {
-        start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
-        end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+{
+  flake.nixosModules.gamemode = {pkgs, ...}: {
+    programs.gamemode = {
+      enable = true;
+      settings = {
+        general = {
+          softrealtime = "auto";
+          inhibit_screensaver = 1;
+          renice = 5;
+        };
+        # gpu = {
+        #   apply_gpu_optimisations = "accept-responsibility";
+        #   gpu_device = 1;
+        #   amd_performance_level = "high";
+        # };
+        custom = {
+          start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
+          end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+        };
       };
     };
   };

features-nixos/optional/gdm.nix

@@ -1,13 +1,15 @@
 {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  services.xserver.displayManager.gdm = {
-    enable = true;
-  };
+  flake.nixosModules.gdm = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.displayManager.gdm = {
+      enable = true;
+    };
 
-  # unlock GPG keyring on login
-  security.pam.services.gdm.enableGnomeKeyring = true;
+    # unlock GPG keyring on login
+    security.pam.services.gdm.enableGnomeKeyring = true;
+  };
 }

features-nixos/optional/greetd.nix

@@ -1,16 +1,39 @@
 {
-  users.extraUsers.greeter = {
-    # For caching
-    home = "/tmp/greeter-home";
-    createHome = true;
-  };
+  flake.nixosModules.greetd = {config, ...}: let
+    homeCfgs = config.home-manager.users;
+    julianCfg = homeCfgs.julian;
+  in {
+    users.extraUsers.greeter = {
+      # For caching
+      home = "/tmp/greeter-home";
+      createHome = true;
+    };
 
-  programs.regreet = {
-    enable = true;
-    cageArgs = [
-      "-s"
-      "-m"
-      "last"
-    ]; # multimonitor use last monitor
+    programs.regreet = {
+      enable = true;
+      iconTheme = julianCfg.gtk.iconTheme;
+      theme = julianCfg.gtk.theme;
+      # font = julianCfg.fontProfiles.regular; # TODO: do
+      cursorTheme = {
+        inherit (julianCfg.gtk.cursorTheme) name package;
+      };
+      cageArgs = [
+        "-s"
+        "-m"
+        "last"
+      ]; # multimonitor use last monitor
+      # settings.background = {
+      #   path = julianCfg.wallpaper;
+      #   fit = "Cover";
+      # }; # TODO: fix
+
+      # TODO: setting keyboard language does not work
+      # settings = {
+      #   env = {
+      #     XKB_DEFAULT_LAYOUT = "de";
+      #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+      #   };
+      # };
+    };
   };
 }

features-nixos/optional/i3.nix

@@ -1,16 +1,18 @@
 {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  services.xserver.windowManager.i3.enable = true;
-  services.xserver.windowManager.i3.package = pkgs.i3-gaps;
-  services.displayManager.defaultSession = "none+i3";
+  flake.nixosModules.i3 = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    services.xserver.windowManager.i3.enable = true;
+    services.xserver.windowManager.i3.package = pkgs.i3-gaps;
+    services.displayManager.defaultSession = "none+i3";
 
-  programs.xss-lock = {
-    # responds to "loginctl lock-session" via dbus
-    enable = true;
-    lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
+    programs.xss-lock = {
+      # responds to "loginctl lock-session" via dbus
+      enable = true;
+      lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000";
+    };
   };
 }

features-nixos/optional/k9s/default.nix

@@ -1,18 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  environment.systemPackages = with pkgs; [
-    kubectl
-    k9s
-  ];
-
-  sops.secrets.kubeconfig = {
-    sopsFile = ./kubeconfig.secret.yaml;
-    format = "binary";
-    owner = config.users.users.julian.name;
-    group = config.users.users.julian.group;
-  };
-  environment.variables.KUBECONFIG = config.sops.secrets."kubeconfig".path;
-}

features-nixos/optional/k9s/kubeconfig.secret.yaml

@@ -1,22 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:nq2czkXqOhjRECF9kASPiBCiz1I7LQLljTV+LkrBp4+BH92YTV6ywRyerNoTDmaBmnY+fuhdnPkN7Q9jjT1SNGLIxBG4b6gOpzgr3amhfNAW3MAUUcPuqNsk0EZ4ZJiUluPCvRtAKHyXsrQpN8P04Rg0OjHoxCrOgKjmODr14QNiQH4RAONSai76dRgRBMQs0PIzcAiMSkwKc0OgBYTccSspV7DlulA3ngv0LuUavKS6QoJ4DuCnFgOu5KHGLQS0ww+Ijp1wAx/4/tq8Iimdn968uvzFjrZATb3bHVjHSR/cbNRCJn6GrpqFCNdpI5OPw3P9f9rodXZKai/bESu2aC8Dlya2by29lCPHkg5lp6atZA8ksnj9brYsFUb6xKPUAPGDElBaUEf+LidsZlI6hAz98/uf3bwyqq22+gMkfKUM1pX1YOtyTq+5eMSn0kBuSVupvEDJaO/G/YlTUDvJL0CzwO0hLzzotLrGcqhvYqjHCr2XhIER+YgYA7D22iml5YOLRxp5RQd3sj74hUGWJkGq1p/uhniaOvrjF0zmQsqHFC4+jUNBKVMVVTLBX/AdL45Lv+HDM4jYCvtNIKAGtTGT71cplhBI2xP1s607NiIbUsSY+2qayh3INOP7qGWwpYquYe/xAk6KZMu1/UuvneVqOjqlcJFOpLqydPnP0oQRy1dtCcJsvT5nv0QEI+Tr24Dbn3tX8fmc8EzZwpmEyHto7nYzHFicgvmYavmTHkmbzySDMI03ktZ7EdM0unlNe9EmR8YyGeg7tmG4bKx9K+7qs0Piqq03gHwN9L92O80J8jiKu8MDURWywYPYHUmCKYbkHh5en1qvyFTU7dDI7L+gdp9+VSqJrkQqPbWAouMBlLE0664lTpzmYQOXWo8riwjYPllkd8EqCaKxrMMHp4Y46X69lsZS1mImuHac3xJV57r6A+mMJajGW92KI13416rwG9sXS1ynNdBTi9+P/1f3Sy8B6ypYa1BP/6+tHqghNAuz5aaKZJnsCWYMAk6y5AuFaZ2ZkO1ruSfdPmyjKoMcp/qO5nmHxF+0h+teSuvLeCb7KrL80IlKElgDINlPYHDVtaoYVv4sZAWhSNJSOUWRbue3bJaqhKz3xOdq5lJy7H3P+MQF8YFgoY7Po4EcXqTP8Upm3tIehPr7BJXNIv6beDPwpMZrvVKqVIgsXD85DqyA1Mh7k5gQpB4uAhZfRUQ8T4reVumjOnGakXh+1DcFPYJumScCP1/68btIYGYJiPJTJhL7/U+12siGzzXXZeaJ7NpCzpvpgmFvoMfV+gFgrAUkb2+eSeEI6BNRjfXWc5NM03RQqotqW4E3Ui+gYbwU0D9/8b5UsRc4IiujnZFSKbCZGGHm79Yrm8IhtTuVyQV67/NeuRfIcJuPPmYGS8nnX8v7pymlagm/43sFHpupsrgeVStsLl1asKJanA6Njus/YA3zrdmgKb1kMK6ALBc73WaT9S+4aZeKB8A6jA5PD2GAgW/T5jaHxi0VPisg0eChKtJfhJVFoZFE+U2fx2YrTeC/joSdS4jqTKaqwDgJ19d5Wvs8ZDQDjHo5I8uUArWODTW/H8An9zp8jsEN6bS1mBeta8qhkz2v9diBUFwmDvmGNX5REirrm3bkqWF2xx6NEiDARTUVAf+fh9VQaQQKK2sQ35zjaAbI4aXmDTI9vy8aFs+6MvJ/iiIwKkjVgZYmyiUVtHy6ZRGwdzgpuOAcoYRxGHaDYIEL33nDQclLmgUwWAfbc0bTI1rvaIzZ25nZ6n4aFFtpANJHTtYeMrAAl1Sho0dio6clM7/k4XST5GA4BqDlRs/Oze4yNjjQb5WoYrBCFEuVcypvRBmLEbM3XOK1sHdQAEAqey/ZfhfNhAVeapVw3ir4E2jsX9pAqlTjH4YkrIURhG05yPb2D3+WMKGAoC4yyusd7siz6tJ4uXvFXkTeOjXMM/Xo/dBnm2J1FPHr9msELIxhtG046/m+I/MEaF6Hg9XC2CZrlxi5OsH61PGBOLLNVFiQ8NaPChHRppQEH1y1GSN+5FinxTK0R5GS3PxN15NZXjmMsj+ixYmbWjkJJXn2bDM7Muv7PRetpcMhU0UIr75+6MWbwPy6v62IsDoQCOslnQVbGc/oHY47EoZ7lKbuulP0ZvQOQxGNvcOtbVc0dJHdFUTgrPxpkCyOQ4NGSLSah1qzDP5j4Fq4ag+OdITPQpDdX6TkiufGfFqq7C5GNHDK8olYKGwH3D0GCGT8o9pFx+FIeRapaWJHkcPibDMyu3KumRy04HF1ih2Z6IoWFHa532pgsK9FlAMGHeqtL/LXWZKtLONR6wNU8DxfbIhV+lUlvbbs27VMj0VHXMXdYnbvGvXOPkb4iP4Pm+HQU4AF3ROA7rtWtrL401Qpdbln5qLEWz9hKCXbM1MbvpGvNvHKckKAWpKmCsVWY8oPCNOqqWAZF5sfrlLb4fULOXg0YQCeobo3O9DZjPf/D/ki6OX5KEgYlqikKdd9hR1d5koyt0bunuFHty2guh8oaUsPjJbcuSCLz80HND9j12msuG13qFWvf77rUiE3WZ5aTSGWh7VB/lUofuEn+aTaGBK7iLAj2PU+/YQUmEFAWaIXOdq7fumHgVdsBRThXvqf7RHD+ZkpMq3D0wsnCwIgCGvxH76ah1wZzPm0lg/tecL294e8ICDuQw+pyOVj96vMdiNF31ADd1BZCO505Y7jsEFdJCJvCGXNNvTr+ir4Vh9RdwBOXxxpX9DcQaaruVQ9nCty/ikBJ04Qok6ZVV8XXbN+HNu8iGVpLNrj1E1rRAJmeqfKiDuiG6ABqLDtq9beMS9K2xhKvwjG/z+AD3v6djipkdYjjlDOV6WNxWWv74LlzjSC9Se9ERATZfCj5U06LHO1yg8y+uIvRyoWIEaAFG7aFrEvfDH6OfzbhutGDMoxBThzKhxPDq9pm/N4cBcoRwGKgrlYmjLIl5Full/ArbLN1C6EXABn9Bu6lL7VrhwSj+HC0sp1vJb3ECmvtD7lzZsqejf4p6P/FPKLHUBNVr6sTJ9fHtOaYFi7DxQONqM/yoPBLB/TeZnB0KFFfKkCNM7YDOZjQ/UZscOZxztcYc7TeQ8dA0ZUfto=,iv:ZgZWZAQZmYUs0EqZuoTCTWQ52CnuSTS+zdIuIA1UNOM=,tag:vbI3RDpvU+X1xQo+lT7WbA==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVNBZDd4VndET2pMVjVr\nNkw4aW9HckJXYU0yREoyZ09oZ3JKSVlsQ3c4CkFRWURVN2tmOXNTZHhOdS91QW5a\nRlhhSDI3c2dHVVlTLzB3NjA4c1J2UncKLS0tIHFaL21rRWNpeGlqd0pIaXU5WFRP\neTZSOHpBTTE3ZjFIbXRuSnJjdlEwSXcKqWIxCnWJvE058ojm2RrwzXkTWQLZbE7L\nXPisgwudwY+vFaTziubbPp/U9P3LXs3oFhPSqgiuCkDNLETFkpw1ng==\n-----END AGE ENCRYPTED FILE-----\n",
-				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg"
-			},
-			{
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZHc0TzJKNzBUSG9GajVr\nazFWSS96Z3VXdDZOM2hPdVB4QTRhOEtVNDNRCmJkWm1TUGRwb0hpS1BBWm5WcURx\nQ21idzVZZzR5U0o3eDM1NmwySFpGQzAKLS0tIG51ZndsSDI1N2M4b280SW53eEF0\nMStNSU9odzRhY05SL05RYWlpaUlFQUkKoxVqeqZ9xAR4+JMcJXdEq0cq2CkZz63/\nSjwNDdCHjePc62yj5Qyw15zLrL2t7jvLUG44kPUbDuOIVwMH2KV2hQ==\n-----END AGE ENCRYPTED FILE-----\n",
-				"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4"
-			},
-			{
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYd1ZJTUtLbzY4d1hSRDA1\ndHdRQnhhUHVFMDJVOUQ0VFZCeW40S0lFODBJCmFvRSsyRkI3MDFGeDdkeGRSTVh5\nTEdwQTBWVVlwSjZHWXpoN0xzb0tuR1kKLS0tIEpvVU0rVTRWQUxLNW9zMFo3cVBr\ncGYxemF6MHlBS1dqSXM3aXRTZmdHQWMKjEcJJXRKCber6afB11j1VmWM3dObm45u\nkZ+E3bK1zd/L6YoLr1jF7GP9b62GjTG9Qv1M/JdKM4qlY//GmW6IIQ==\n-----END AGE ENCRYPTED FILE-----\n",
-				"recipient": "age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5"
-			}
-		],
-		"lastmodified": "2026-06-18T18:37:59Z",
-		"mac": "ENC[AES256_GCM,data:UXFXrUrbmyp+MnBNDKKr4FP0WFhWH97W68KXlE/UzEvBVpeHste92UPzdX4FMk2rEd7ldsMcTV9hmRavWI5v/Y/y/hzuhdCkqsYfnixS15Z9PrfuFX6YjrpeoJ84s1itmhjimKe4mmXt/aND8DLJ49rQ/A1hebJ2UndBlsRIGmc=,iv:YJPVWuajQ0tzhuoIBcWw8Wy5IBy+HC0JcR69gelGzGM=,tag:YW0STCsswNaqjKBta1OwyQ==,type:str]",
-		"version": "3.13.1"
-	}
-}

features-nixos/optional/kerberos.nix

@@ -1,22 +1,24 @@
 {
-  security.krb5.enable = true;
-  security.krb5.settings = {
-    # domain_realm = {
-    #   ".julian-mutter.de" = "julian-mutter.de";
-    #   "julian-mutter.de" = "julian-mutter.de";
-    # };
-    libdefaults = {
-      default_realm = "julian-mutter.de";
-      #   dns_lookup_realm = true;
-      #   dns_lookup_kdc = true;
-      #   ticket_lifetime = "24h";
-      #   renew_lifetime = "7d";
-    };
-    realms = {
-      "julian-mutter.de" = {
-        kdc = ["kerberos.julian-mutter.de"];
-        admin_server = "kerberos-admin.julian-mutter.de";
-        default_domain = "julian-mutter.de";
+  flake.nixosModules.kerberos = {
+    security.krb5.enable = true;
+    security.krb5.settings = {
+      # domain_realm = {
+      #   ".julian-mutter.de" = "julian-mutter.de";
+      #   "julian-mutter.de" = "julian-mutter.de";
+      # };
+      libdefaults = {
+        default_realm = "julian-mutter.de";
+        #   dns_lookup_realm = true;
+        #   dns_lookup_kdc = true;
+        #   ticket_lifetime = "24h";
+        #   renew_lifetime = "7d";
+      };
+      realms = {
+        "julian-mutter.de" = {
+          kdc = ["kerberos.julian-mutter.de"];
+          admin_server = "kerberos-admin.julian-mutter.de";
+          default_domain = "julian-mutter.de";
+        };
       };
     };
   };

features-nixos/optional/openssh.nix

@@ -1,49 +1,51 @@
 {
-  outputs,
-  lib,
-  config,
-  ...
-}: let
-  hosts = lib.attrNames outputs.nixosConfigurations;
-in {
-  services.openssh = {
-    enable = true;
-    settings = {
-      # Harden
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
+  flake.nixosModules.openssh = {
+    outputs,
+    lib,
+    config,
+    ...
+  }: let
+    hosts = lib.attrNames outputs.nixosConfigurations;
+  in {
+    services.openssh = {
+      enable = true;
+      settings = {
+        # Harden
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
 
-      # TODO: what does this do
-      # Let WAYLAND_DISPLAY be forwarded
-      # AcceptEnv = "WAYLAND_DISPLAY";
-      X11Forwarding = true;
+        # TODO: what does this do
+        # Let WAYLAND_DISPLAY be forwarded
+        AcceptEnv = "WAYLAND_DISPLAY";
+        X11Forwarding = true;
+      };
+
+      hostKeys = [
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
     };
 
-    hostKeys = [
-      {
-        path = "/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-    ];
+    # TODO: is automatic known hosts file even necessary?
+    # programs.ssh = {
+    #   # Each hosts public key
+    #   knownHosts = lib.genAttrs hosts (hostname: {
+    #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
+    #     extraHostNames =
+    #       [
+    #         # "${hostname}.m7.rs"
+    #       ]
+    #       ++
+    #         # Alias for localhost if it's the same host
+    #         (lib.optional (hostname == config.networking.hostName) "localhost")
+    #       # Alias to m7.rs and git.m7.rs if it's alcyone
+    #       ++ (lib.optionals (hostname == "alcyone") [
+    #         "m7.rs"
+    #         "git.m7.rs"
+    #       ]);
+    #   });
+    # };
   };
-
-  # TODO: is automatic known hosts file even necessary?
-  # programs.ssh = {
-  #   # Each hosts public key
-  #   knownHosts = lib.genAttrs hosts (hostname: {
-  #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
-  #     extraHostNames =
-  #       [
-  #         # "${hostname}.m7.rs"
-  #       ]
-  #       ++
-  #         # Alias for localhost if it's the same host
-  #         (lib.optional (hostname == config.networking.hostName) "localhost")
-  #       # Alias to m7.rs and git.m7.rs if it's alcyone
-  #       ++ (lib.optionals (hostname == "alcyone") [
-  #         "m7.rs"
-  #         "git.m7.rs"
-  #       ]);
-  #   });
-  # };
 }

features-nixos/optional/pcmanfm.nix

@@ -1,9 +1,11 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    shared-mime-info # extended mimetype support
-    lxmenu-data # open with "Installed Applications"
-    pcmanfm
-  ];
+{
+  flake.nixosModules.pcmanfm = {pkgs, ...}: {
+    environment.systemPackages = with pkgs; [
+      shared-mime-info # extended mimetype support
+      lxmenu-data # open with "Installed Applications"
+      pcmanfm
+    ];
 
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+  };
 }

features-nixos/optional/pipewire.nix

@@ -1,26 +1,28 @@
 {
-  security.rtkit.enable = true;
-  services.pulseaudio.enable = false;
-  services.pipewire = {
-    enable = true;
-    wireplumber.enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    jack.enable = true;
-    extraConfig.pipewire = {
-      "99-no-bell" = {
-        # Disable bell sound
-        "context.properties" = {
-          "module.x11.bell" = false;
+  flake.nixosModules.pipewire = {
+    security.rtkit.enable = true;
+    services.pulseaudio.enable = false;
+    services.pipewire = {
+      enable = true;
+      wireplumber.enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+      extraConfig.pipewire = {
+        "99-no-bell" = {
+          # Disable bell sound
+          "context.properties" = {
+            "module.x11.bell" = false;
+          };
         };
-      };
-      "10-increase-buffer" = {
-        "context.properties" = {
-          "default.clock.rate" = 48000;
-          "default.clock.quantum" = 1024;
-          "default.clock.min-quantum" = 1024;
-          "default.clock.max-quantum" = 2048;
+        "10-increase-buffer" = {
+          "context.properties" = {
+            "default.clock.rate" = 48000;
+            "default.clock.quantum" = 1024;
+            "default.clock.min-quantum" = 1024;
+            "default.clock.max-quantum" = 2048;
+          };
         };
       };
     };

features-nixos/optional/podman.nix

@@ -1,10 +1,12 @@
-{config, ...}: let
-  dockerEnabled = config.virtualisation.docker.enable;
-in {
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = !dockerEnabled;
-    dockerSocket.enable = !dockerEnabled;
-    defaultNetwork.settings.dns_enabled = true;
+{
+  flake.nixosModules.podman = {config, ...}: let
+    dockerEnabled = config.virtualisation.docker.enable;
+  in {
+    virtualisation.podman = {
+      enable = true;
+      dockerCompat = !dockerEnabled;
+      dockerSocket.enable = !dockerEnabled;
+      defaultNetwork.settings.dns_enabled = true;
+    };
   };
 }

features-nixos/optional/redshift.nix

@@ -1,12 +1,14 @@
 {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  # Set location used by redshift
-  location.provider = "manual";
-  location.latitude = 47.92;
-  location.longitude = 10.12;
-  services.redshift.enable = true;
+  flake.nixosModules.redshift = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    # Set location used by redshift
+    location.provider = "manual";
+    location.latitude = 47.92;
+    location.longitude = 10.12;
+    services.redshift.enable = true;
+  };
 }

features-nixos/optional/remote-builder.nix

@@ -1,34 +1,36 @@
 {
-  nix.distributedBuilds = true;
-  nix.settings.builders-use-substitutes = true;
+  flake.nixosModules.remote-builder = {
+    nix.distributedBuilds = true;
+    nix.settings.builders-use-substitutes = true;
 
-  nix.buildMachines = [
-    {
-      hostName = "builder.julian-mutter.de";
-      protocol = "ssh";
-      sshUser = "nix";
-      systems = [
-        "x86_64-linux"
-        "aarch64-linux"
-      ];
-      maxJobs = 4;
-      speedFactor = 3;
-      supportedFeatures = [
-        "nixos-test"
-        "benchmark"
-        "big-parallel"
-        "kvm"
-      ];
-      mandatoryFeatures = [];
-    }
-    # {
-    #   hostName = "localhost";
-    #   protocol = null;
-    #   systems = [
-    #     "x86_64-linux"
-    #   ];
-    #   maxJobs = 4;
-    #   speedFactor = 1;
-    # }
-  ];
+    nix.buildMachines = [
+      {
+        hostName = "builder.julian-mutter.de";
+        protocol = "ssh";
+        sshUser = "nix";
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
+        maxJobs = 4;
+        speedFactor = 3;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
+        mandatoryFeatures = [];
+      }
+      # {
+      #   hostName = "localhost";
+      #   protocol = null;
+      #   systems = [
+      #     "x86_64-linux"
+      #   ];
+      #   maxJobs = 4;
+      #   speedFactor = 1;
+      # }
+    ];
+  };
 }

features-nixos/optional/thunar.nix

@@ -1,16 +1,18 @@
 {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  programs.thunar.enable = true;
-  programs.xfconf.enable = true; # Persist saved preferences
-  programs.thunar.plugins = with pkgs.xfce; [
-    thunar-archive-plugin
-    thunar-volman
-    thunar-media-tags-plugin
-  ];
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
-  services.tumbler.enable = true; # Thumbnail support for images
+  flake.nixosModules.thunar = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    programs.thunar.enable = true;
+    programs.xfconf.enable = true; # Persist saved preferences
+    programs.thunar.plugins = with pkgs.xfce; [
+      thunar-archive-plugin
+      thunar-volman
+      thunar-media-tags-plugin
+    ];
+    services.gvfs.enable = true; # Mount, trash, and other functionalities
+    services.tumbler.enable = true; # Thumbnail support for images
+  };
 }

features-nixos/optional/virtualbox.nix

@@ -1,12 +1,14 @@
 {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  virtualisation.virtualbox.host.enable = true;
-  # virtualisation.virtualbox.host.enableExtensionPack = true;
-  # virtualisation.virtualbox.guest.enable = true;
-  # virtualisation.virtualbox.guest.x11 = true;
-  users.extraGroups.vboxusers.members = ["julian"];
+  flake.nixosModules.virtualbox = {
+    config,
+    lib,
+    pkgs,
+    ...
+  }: {
+    virtualisation.virtualbox.host.enable = true;
+    # virtualisation.virtualbox.host.enableExtensionPack = true;
+    # virtualisation.virtualbox.guest.enable = true;
+    # virtualisation.virtualbox.guest.x11 = true;
+    users.extraGroups.vboxusers.members = ["julian"];
+  };
 }

features-nixos/optional/wireguard.nix

@@ -1,12 +1,14 @@
 {
-  networking.wg-quick.interfaces = {
-    julian = {
-      configFile = "/etc/wireguard/julian.conf";
-      autostart = true; # This interface is started on boot
-    };
-    comu = {
-      configFile = "/etc/wireguard/comu.conf";
-      autostart = false;
+  flake.nixosModules.wireguard = {
+    networking.wg-quick.interfaces = {
+      julian = {
+        configFile = "/etc/wireguard/julian.conf";
+        autostart = true; # This interface is started on boot
+      };
+      comu = {
+        configFile = "/etc/wireguard/comu.conf";
+        autostart = false;
+      };
     };
   };
 }

features-nixos/optional/wireshark.nix

@@ -1,9 +1,11 @@
 {
-  programs.wireshark = {
-    enable = true;
-    dumpcap.enable = true;
-    usbmon.enable = true;
-  };
+  flake.nixosModules.wireshark = {
+    programs.wireshark = {
+      enable = true;
+      dumpcap.enable = true;
+      usbmon.enable = true;
+    };
 
-  users.users.julian.extraGroups = ["wireshark"];
+    users.users.julian.extraGroups = ["wireshark"];
+  };
 }