Add openconnect plugin to networkmanager

This uses the remote builder as nix store, so the build dependencies for
the new system do not have to be present locally.
Therefore, if hydra built the system it should be possible to just
download the output derivation.

.dotter/global.toml

@@ -1,61 +0,0 @@
-[helpers]
-
-[default]
-depends = []
-
-[manjaro.files]
-manjaro = "~"
-
-[mc.files]
-mc = "~/.config/mc"
-
-[vim.files]
-# type symbolic prevents interpreting '{{' as template
-"vim/.vimrc" = { target = "~/.vimrc", type = "symbolic" }
-
-[nvim.files]
-"vim/init.vim" = { target = "~/.config/nvim/init.vim", type = "symbolic" }
-
-[i3.files]
-"i3/i3" = "~/.config/i3"
-"i3/i3blocks" = { target = "~/.config/i3blocks", type = "symbolic" }
-"i3/rofi" = "~/.config/rofi"
-"i3/i3-scrot.conf" = "~/.config/i3-scrot.conf"
-"i3/i3status-rust" = "~/.config/i3status-rust"
-"i3/.profile" = "~/.profile"
-
-[i3.variables]
-monitor-primary = "not-specified"
-monitor-secondary = "not-specified"
-screenlayout-script = "echo screenlayout-script not specified"
-bar-font-size = 15
-tray-output = "tray_output primary"
-
-[emacs.files]
-"emacs/doom" = "~/.config/doom"
-# "emacs/spacemacs/.spacemacs" = "~/.spacemacs"
-# "emacs/chemacs/.emacs-profiles.el" = "~/.emacs-profiles.el"
-
-[alacritty.files]
-alacritty = "~/.config/alacritty"
-
-[starship.files]
-starship = "~/.config/"
-
-[zsh.files]
-"zsh/.zshrc" = "~/.zshrc"
-"zsh/custom-plugins" = "~/.oh-my-zsh/custom"
-
-[polybar.files]
-polybar = "~/.config/polybar"
-
-[leftwm.files]
-leftwm = "~/.config/leftwm"
-
-[xmonad.files]
-xmonad = "~/.xmonad"
-
-[nix.files]
-"direnvrc" = "~/.config/direnv/direnvrc"
-"nix/configuration.nix" = "/etc/nixos/configuration.nix"
-"nix/flake.nix" = "/etc/nixos/flake.nix"

.dotter/kardorf.toml

@@ -1,6 +0,0 @@
-[i3.variables]
-monitor-primary = "DVI-D-0"
-monitor-secondary = "DVI-D-1"
-screenlayout-script = "~/.screenlayout/2desktop-dvi.sh"
-bar-font-size = 15
-tray-output = "tray_output DVI-D-1"

.dotter/laptop-at-home.toml

@@ -1,4 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-screenlayout-script = "~/.screenlayout/laptop-at-home.sh"

.dotter/laptop.toml

@@ -1,5 +0,0 @@
-[i3.variables]
-monitor-primary = "HDMI-1"
-monitor-secondary = "eDP-1"
-tray-output = "tray_output eDP-1"
-screenlayout-script = "$scripts/display-layoutpicker"

.dotter/local.kardorf.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/kardorf.toml"]
-packages = ["i3", "emacs", "alacritty", "zsh", "starship", "nix"]

.dotter/local.laptop.toml

@@ -1,2 +0,0 @@
-includes = [".dotter/laptop.toml"]
-packages = []

.envrc

@@ -0,0 +1 @@
+use flake

.gitea/workflows/update-flake.yaml

@@ -0,0 +1,58 @@
+name: Update Nix Flake
+
+on:
+  schedule:
+    - cron: "30 0 * * *" # daily run
+  workflow_dispatch: {}
+
+jobs:
+  update-flake:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: "${{ gitea.token }}"
+          fetch-depth: 0
+          ref: flake-updates
+
+      - name: Git config
+        shell: bash
+        run: |
+          git config user.name "Gitea Actions"
+          git config user.email "actions@gitea.local"
+
+      - name: Rebase from master branch
+        shell: bash
+        run: |
+            git fetch origin master
+            commits_ahead=$(git rev-list --count HEAD..origin/master)
+            echo "Commits ahead: $commits_ahead"
+            git log --oneline -5
+            echo "----------"
+            git log --oneline -5 origin/master
+            echo .
+
+            if [ $commits_ahead -ne 0 ]
+            then
+              git rebase -X theirs origin/master
+              git push --force-with-lease origin flake-updates
+            else
+              echo "Rebase not necessary"
+            fi
+
+      - name: Set up Nix
+        uses: cachix/install-nix-action@v31
+
+      - name: Update Flake
+        run: nix flake update
+
+      - name: Commit and push changes
+        shell: bash
+        run: |
+          git add flake.lock
+          git status
+          git diff --cached --quiet && echo "No changes to commit." && exit 0
+
+          git commit -m "Update flake.lock $(date -I)"
+          git push --force-with-lease origin flake-updates

.gitignore

@@ -1,5 +1,3 @@
-.dotter/cache.toml
-.dotter/cache
-.dotter/local.toml
-
-nix/result
+.direnv
+result*
+*.qcow2

.sops.yaml

@@ -2,10 +2,26 @@ keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
   - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+
 creation_rules:
-  - path_regex: secrets/secrets.yaml$
+  - path_regex: hosts/common/secrets.yaml$
     key_groups:
     - age:
       - *primary
       - *aspi-ssh
       - *pianonix-ssh
+      - *kardorf-ssh
+
+  - path_regex: hosts/builder/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
+      - *builder-ssh
+
+  - path_regex: hosts/pianonix/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
+      - *pianonix-ssh

Readme.org

@@ -12,3 +12,22 @@ The structure is managed by [[https://snowfall.org/guides/lib/quickstart/][Snowf
 and [[file:flake.nix]] was symlinked to file:~/.config/home-manager/flake.nix
 
 For deployment!!
+
+* Secrets management with sops
+Full documentation here: https://github.com/Mic92/sops-nix
+
+** Edit secrets
+#+begin_src sh
+sops edit secrets/secrets.yaml
+#+end_src
+
+** Authorize new device
+- Generate public key from ssh -> Private age key generation not needed
+#+begin_src sh
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key
+#+end_src
+- Add age public key to file:.sops.yaml
+- Update keys
+#+begin_src sh
+sops updatekeys secrets/*
+#+end_src

flake.nix

@@ -1,152 +1,187 @@
 {
   description = "Home Manager configuration of julian";
 
-  inputs = rec {
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-
-    nixpkgs = nixpkgs-stable;
-
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    systems.url = "github:nix-systems/default-linux";
+    nixos-hardware.url = "github:nixos/nixos-hardware";
+    impermanence.url = "github:nix-community/impermanence";
+    nix-colors.url = "github:misterio77/nix-colors";
     deploy-rs.url = "github:serokell/deploy-rs";
 
-    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    snowfall-lib = {
-      url = "github:snowfallorg/lib";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-gl = {
+      url = "github:nix-community/nixgl";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
     disko = {
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    alacritty-theme = {
-      url = "github:alacritty/alacritty-theme";
-      flake = false;
-    };
-
+    # Various flakes
     yazi-flavors = {
       url = "github:yazi-rs/flavors";
       flake = false;
     };
-
     nixvim = {
-      url = "github:nix-community/nixvim/nixos-24.05";
-      # If using a stable channel you can use `url = "github:nix-community/nixvim/nixos-<version>"`
+      url = "github:nix-community/nixvim";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-matlab = {
+      url = "gitlab:doronbehar/nix-matlab";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-matlab.url = "gitlab:doronbehar/nix-matlab";
-    nix-matlab.inputs.nixpkgs.follows = "nixpkgs";
-
-    sops-nix.url = "github:Mic92/sops-nix";
-    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
-
-    hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
-    # hyprland.inputs.nixpkgs.follows = "nixpkgs";
-
-    hyprland-plugins = {
-      url = "github:hyprwm/hyprland-plugins";
-      inputs.hyprland.follows = "hyprland";
+    # My projects
+    sheet-organizer = {
+      url = "git+https://gitlab.julian-mutter.de/julian/sheet-organizer";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    music-reader = {
+      url = "git+https://gitlab.julian-mutter.de/julian/music-reader";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    nix-colors.url = "github:Misterio77/nix-colors";
-
-    nix-topology.url = "github:oddlama/nix-topology";
-    nix-topology.inputs.nixpkgs.follows = "nixpkgs";
-
-    nix-ld.url = "github:Mic92/nix-ld";
-    nix-ld.inputs.nixpkgs.follows = "nixpkgs";
-
-    ## My projects
-    sheet-organizer.url = "git+https://gitlab.julian-mutter.de/julian/sheet-organizer";
-    sheet-organizer.inputs.nixpkgs.follows = "nixpkgs";
-
-    music-reader.url = "git+https://gitlab.julian-mutter.de/julian/music-reader";
-    music-reader.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs =
-    inputs:
-    inputs.snowfall-lib.mkFlake {
-      inherit inputs;
-      # Must always be ./.
-      src = ./.;
+  outputs = {
+    self,
+    nixpkgs,
+    home-manager,
+    systems,
+    ...
+  } @ inputs: let
+    inherit (self) outputs;
+    lib = nixpkgs.lib // home-manager.lib;
+    forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
+    pkgsFor = lib.genAttrs (import systems) (
+      system:
+        import nixpkgs {
+          inherit system;
+          config.allowUnfree = true;
+          config.permittedInsecurePackages = [
+            "olm-3.2.16"
+          ];
+          warn-dirty = false;
+        }
+    );
+  in {
+    inherit lib;
 
-      # Add overlays for the `nixpkgs` channel.
-      overlays = with inputs; [
-        nix-matlab.overlay
-        nix-topology.overlays.default
-      ];
+    nixosModules = import ./modules/nixos;
+    homeManagerModules = import ./modules/home-manager;
 
-      snowfall = {
-        # The root of the snowfall config
-        root = ./.;
-        # lib, package and overlay namespace
-        namespace = "frajul"; # defaults to "internal"
+    overlays = import ./overlays {inherit inputs outputs;};
+    # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here?
 
-        meta = {
-          name = "Julian's dotfiles";
-          title = "Julian's dotfiles";
+    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
+    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
+    formatter = forEachSystem (pkgs: pkgs.alejandra);
+
+    nixosConfigurations = {
+      # Main laptop
+      aspi = lib.nixosSystem {
+        modules = [./hosts/aspi];
+        specialArgs = {
+          inherit inputs outputs;
         };
       };
-
-      # The attribute set specified here will be passed directly to NixPkgs when
-      # instantiating the package set.
-      channels-config = {
-        # Allow unfree packages.
-        allowUnfree = true;
-        nvidia.acceptLicense = true;
-
-        # Allow certain insecure packages
-        permittedInsecurePackages = [ "olm-3.2.16" ];
+      # Piano raspberry pi
+      pianonix = lib.nixosSystem {
+        modules = [./hosts/pianonix];
+        specialArgs = {
+          inherit inputs outputs;
+        };
       };
+      kardorf = lib.nixosSystem {
+        modules = [./hosts/kardorf];
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      builder = lib.nixosSystem {
+        modules = [./hosts/builder];
+        specialArgs = {
+          inherit inputs outputs;
+        };
+      };
+    };
 
-      systems.modules.nixos = with inputs; [
-        nix-topology.nixosModules.default
-        sops-nix.nixosModules.sops
-        disko.nixosModules.disko
-      ];
-      systems.hosts.pianonix.modules = with inputs; [ nixos-hardware.nixosModules.raspberry-pi-4 ];
+    # Standalone HM
+    homeConfigurations = {
+      # Main laptop
+      "julian@aspi" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/aspi.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      # Media server (RPi)
+      "julian@pianonix" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/pianonix.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.aarch64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      "julian@kardorf" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/kardorf.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+      "julian@v3ms" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/v3ms
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+      };
+    };
 
-      # topology =
-      #   with inputs;
-      #   let
-      #     host = self.nixosConfigurations.${builtins.head (builtins.attrNames self.nixosConfigurations)};
-      #   in
-      #   import nix-topology {
-      #     inherit (host) pkgs; # Only this package set must include nix-topology.overlays.default
-      #     modules = [
-      #       (import ./topology { inherit (host) config; })
-      #       { inherit (self) nixosConfigurations; }
-      #     ];
-      #   };
-
-      # deploy-rs node configuration
-      deploy.nodes.pianonix = {
+    # deploy-rs node configuration
+    deploy.nodes = {
+      pianonix = {
         hostname = "pianonix.local";
         profiles.system = {
           sshUser = "root";
           user = "root";
-          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pianonix;
+          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix;
           confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
         };
       };
 
-      deploy.nodes.builder = {
+      builder = {
         hostname = "builder.julian-mutter.de";
         profiles.system = {
           sshUser = "root";
           user = "root";
-          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.builder;
-          # confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
+          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder;
+          remoteBuild = true;
         };
       };
     };
+  };
 }

homes/julian/aspi.nix

@@ -0,0 +1,56 @@
+{
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/direnv
+    ./features/topgrade
+    ./features/neovim
+    ./features/ghostty
+    ./features/wezterm
+    ./features/alacritty
+    ./features/yazi
+    ./features/emacs
+
+    ./features/hyprland
+
+    ./features/suites/cli
+    ./features/suites/desktop
+    ./features/suites/development
+  ];
+
+  hostName = "aspi";
+  is-nixos = true;
+  terminal = "alacritty";
+
+  #  -------   ----------
+  # | eDP-1 | | HDMI-A-1 |
+  #  -------   ----------
+  monitors = [
+    {
+      name = "HDMI-A-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "eDP-1";
+      # width = 1680;
+      # height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
+}

homes/julian/features/alacritty/default.nix

@@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.alacritty = {
+    enable = true;
+    settings = {};
+    theme = "smoooooth";
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";
+}

homes/julian/features/direnv/default.nix

@@ -0,0 +1,6 @@
+{
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}

homes/julian/features/emacs/default.nix

@@ -0,0 +1,73 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  doomRepoUrl = "https://github.com/doomemacs/doomemacs";
+  configRepoUrl = "https://gitlab.julian-mutter.de/julian/emacs-config";
+in {
+  home.sessionPath = ["/home/julian/.config/emacs/bin"];
+
+  home.packages = with pkgs;
+    [
+      binutils # native-comp needs 'as', provided by this
+
+      ## Doom dependencies
+      git
+      (ripgrep.override {withPCRE2 = true;})
+
+      ## Optional dependencies
+      fd # faster projectile indexing
+      imagemagick # for image-dired
+      zstd # for undo-fu-session/undo-tree compression
+
+      ## Module dependencies
+      (aspellWithDicts (
+        ds:
+          with ds; [
+            en
+            en-computers
+            en-science
+            de
+          ]
+      ))
+
+      hunspell
+      hunspellDicts.de_DE
+      hunspellDicts.en_US
+
+      sqlite
+
+      # Code formatters for use with doom emacs
+      nixfmt-rfc-style # nix
+      alejandra # nix
+
+      nixd # nix lsp
+      dockfmt # docker
+      google-java-format # java
+      black # python
+      rustfmt # rust
+      shfmt
+      pyright
+      clang-tools # c++ lsp etc
+      ltex-ls # latex languagetool
+
+      graphviz
+      # Lsps for use with doom emacs
+      # neocmakelsp # cmake
+
+      emacs-all-the-icons-fonts
+    ]
+    ++ lib.optional config.is-nixos emacs;
+
+  home.activation.installDoomEmacs = lib.hm.dag.entryAfter ["writeBoundary"] ''
+    if [ ! -d "/home/julian/.config/emacs" ]; then
+       $DRY_RUN_CMD ${pkgs.git}/bin/git clone --depth=1 --single-branch "${doomRepoUrl}" "/home/julian/.config/emacs"
+    fi
+    if [ ! -d "/home/julian/.config/doom" ]; then
+       $DRY_RUN_CMD ${pkgs.git}/bin/git clone "${configRepoUrl}" "/home/julian/.config/doom"
+    fi
+  '';
+}

homes/julian/features/fish/default.nix

@@ -0,0 +1,52 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  home.file = {
+    ".config/starship.toml".source = ./starship.toml;
+    ".config/fish/conf.d/last-working-dir.fish".source = ./last-working-dir.fish;
+  };
+
+  home.packages = with pkgs; [
+    starship
+    lazygit
+  ];
+
+  home.shellAliases = {
+    g = "lazygit";
+    ls = "ls --color";
+    la = "ls -Alh --color";
+    grep = "grep --color";
+    conf = "edit-config";
+  };
+
+  programs.starship = {
+    enable = true;
+    enableFishIntegration = true;
+  };
+
+  programs.fish = {
+    enable = true;
+
+    interactiveShellInit = "set fish_greeting"; # Disable default greeting
+
+    functions = {
+      mkcd = ''
+        mkdir $argv
+        cd $argv
+      '';
+      run = ''
+        nix run nixpkgs#"$argv[1]" -- $argv[2..-1]
+      '';
+      shell = ''
+        set args
+        for arg in $argv
+            set args $args nixpkgs#$arg
+        end
+        nix shell $args
+      '';
+    };
+  };
+}

homes/julian/features/fonts/default.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  fonts.fontconfig.enable = true; # required to autoload fonts from packages
+  home.packages = with pkgs; [
+    nerd-fonts.fira-code
+    font-awesome
+    dejavu_fonts
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-emoji
+    liberation_ttf
+    fira-code
+    fira-code-symbols
+    source-code-pro
+  ];
+}

homes/julian/features/gammastep/default.nix

@@ -0,0 +1,13 @@
+{
+  services.gammastep = {
+    enable = true;
+    provider = "geoclue2";
+    temperature = {
+      day = 6000;
+      night = 4600;
+    };
+    settings = {
+      general.adjustment-method = "wayland";
+    };
+  };
+}

homes/julian/features/ghostty/default.nix

@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      theme = "catppuccin-mocha";
+      font-size = 12;
+    };
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
+}

homes/julian/features/gtk/default.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit (inputs.nix-colors.lib-contrib {inherit pkgs;}) gtkThemeFromScheme;
+in {
+  # Do not make conditional, just toggle things on and off
+  imports = [inputs.nix-colors.homeManagerModules.default]; # TODO: what does this do
+
+  # home.sessionVariables.GTK_THEME = "Catppuccin-Mocha-Compact-Blue-dark";
+  gtk = {
+    enable = true;
+    theme = {
+      name = inputs.nix-colors.colorschemes.${config.colorscheme.name}.slug;
+      package = gtkThemeFromScheme {
+        scheme = inputs.nix-colors.colorschemes.${config.colorscheme.name};
+      };
+    };
+    iconTheme = {
+      name = "Papirus-Dark";
+      package = pkgs.papirus-icon-theme;
+    };
+    cursorTheme = {
+      package = pkgs.apple-cursor;
+      name = "macOS";
+      size = 24;
+    };
+  };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+}

homes/julian/features/hyprland/default.nix

@@ -0,0 +1,405 @@
+{
+  pkgs,
+  inputs,
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  imports = [
+    # inputs.hyprland.homeManagerModules.default
+    ./waybar
+    ./wofi
+    ./mako
+    # ./hyprlock
+    ./wlogout
+    ../gammastep
+
+    ./swayidle.nix
+    ./swaylock.nix
+    ./zathura.nix
+    ./waypipe.nix
+
+    ./hyprbars.nix
+  ];
+
+  xdg.portal = {
+    extraPortals = [pkgs.xdg-desktop-portal-wlr];
+    config.hyprland = {
+      default = [
+        "wlr"
+        "gtk"
+      ];
+    };
+  };
+
+  programs.imv.enable = true; # TODO: what is that
+
+  home.packages = with pkgs; [
+    hyprpicker
+    brightnessctl
+    frajul.hyprshot-gui
+    frajul.wl-ocr
+
+    wf-recorder
+    wl-clipboard
+
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))
+
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
+        builtins.concatLists (
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
+        )
+      )
+    ))
+  ];
+
+  services.cliphist = {
+    enable = true;
+  };
+
+  home.sessionVariables = {
+    MOZ_ENABLE_WAYLAND = 1;
+    QT_QPA_PLATFORM = "wayland";
+    LIBSEAT_BACKEND = "logind";
+  };
+
+  # services.hypridle = {
+  #   enable = true;
+  #   settings = {
+  #     general = {
+  #       after_sleep_cmd = "hyprctl dispatch dpms on";
+  #       ignore_dbus_inhibit = false;
+  #       lock_cmd = "hyprlock";
+  #     };
+
+  #     listener = [
+  #       {
+  #         timeout = 300; # 5min
+  #         on-timeout = "brightnessctl -s set 10"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
+  #         on-resume = "brightnessctl -r"; # monitor backlight restore.
+  #       }
+
+  #       {
+  #         timeout = 360; # 6min
+  #         on-timeout = "hyprlock"; # lock screen when timeout has passed
+  #       }
+
+  #       {
+  #         timeout = 600; # 10min
+  #         on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
+  #         on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
+  #       }
+  #     ];
+  #   };
+  # };
+
+  # services.hypridle.enable = true; # can be configured
+
+  services.network-manager-applet.enable = true;
+
+  wayland.windowManager.hyprland = {
+    # Whether to enable Hyprland wayland compositor
+    enable = true;
+    # package = config.lib.nixGL.wrap (
+    #   pkgs.hyprland.override {
+    #     # nixgl needed?
+    #     wrapRuntimeDeps = false;
+    #   }
+    # );
+
+    systemd = {
+      enable = true;
+      # Same as default, but stop graphical-session too
+      extraCommands = lib.mkBefore [
+        "systemctl --user stop graphical-session.target"
+        "systemctl --user start hyprland-session.target"
+      ];
+      variables = [
+        "DISPLAY"
+        "HYPRLAND_INSTANCE_SIGNATURE"
+        "WAYLAND_DISPLAY"
+        "XDG_CURRENT_DESKTOP"
+      ];
+    };
+
+    # package = inputs.hyprland.packages."${pkgs.system}".hyprland; # does only work with nixos-unstable
+
+    # The hyprland package to use (simplifies use of plugins)
+    # package = inputs.hyprland.packages.${pkgs.system}.hyprland;
+    # Whether to enable XWayland
+    xwayland.enable = true;
+
+    # Optional
+    # Whether to enable hyprland-session.target on hyprland startup
+    # systemd.enable = true;
+    # Make PATH available to systemd services
+    # systemd.variables = [ "--all" ];
+
+    plugins = [
+      # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars # does only work with nixos-unstable
+      # hyprlandPlugins.hyprbars
+    ];
+
+    settings = {
+      "$mod" = "SUPER";
+
+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
+      # Monitors
+      monitor = ",preferred,auto,1";
+
+      # Autostart
+      exec-once = ["firefox"];
+
+      # Look and Feel
+      general = {
+        gaps_in = 5;
+        gaps_out = 5;
+
+        layout = "dwindle";
+
+        # "col.active_border" = "0xff${palette.base0C} 0xff${palette.base0D} 270deg";
+        # "col.inactive_border" = "0xff${palette.base00}";
+      };
+
+      decoration = {
+        # power saving
+        blur.enabled = false;
+        # power saving
+        shadow.enabled = false;
+      };
+
+      # Dwindle layout
+      dwindle = {
+        pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
+        preserve_split = true; # You probably want this
+        smart_split = false;
+        smart_resizing = false;
+        force_split = 2;
+        # no_gaps_when_only = 2; # with border
+      };
+
+      # Master layout
+      master = {
+        new_status = "slave";
+        # no_gaps_when_only = 2; # with border
+        mfact = 0.5; # Do not make master bigger
+      };
+
+      animations = {
+        enabled = true;
+
+        animation = [
+          "windows,1,3,default,slide"
+          "fade,1,3,default"
+          "layers,1,3,default,slide"
+          "border,1,3,default"
+          "workspaces,1,3,default,slide"
+        ];
+      };
+
+      exec = [
+        "hyprctl setcursor ${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"
+        "correct-workspace-locations"
+      ];
+
+      misc = {
+        # disable auto polling for config file changes
+        disable_autoreload = true;
+
+        force_default_wallpaper = 0;
+
+        vfr = true; # power saving
+      };
+
+      render = {
+        # we do, in fact, want direct scanout
+        direct_scanout = true;
+      };
+
+      # Input
+      input = {
+        kb_layout = "de";
+        natural_scroll = false;
+        follow_mouse = 1;
+      };
+
+      # Window rules
+      windowrulev2 = [
+        "suppressevent maximize, class:.*"
+        "workspace 1, class:firefox"
+        "workspace 9, class:nheko"
+        "workspace 9, class:org.telegram.desktop"
+        "workspace 10, class:thunderbird"
+        "float, class:qalculate-gtk"
+        "tile, class:MATLAB, title:MATLAB"
+      ];
+
+      # Workspace rules
+      workspace =
+        [
+          # smart gaps (none when only one window in workspace)
+          "w[t1], gapsin:0, gapsout:0, border:1"
+          "w[tg1], gapsin:0, gapsout:0, border:1"
+          "f[1], gapsin:0, gapsout:0, border:1"
+        ]
+        # builds like "1, e-DP1" "2, HDMI-1" etc.
+        ++ builtins.concatLists (
+          map (monitor: map (ws: "${ws}, monitor:${monitor.name}") monitor.workspaces) config.monitors
+        );
+
+      # Mouse binds
+      bindm = [
+        "$mod, mouse:272, movewindow" # leftclick
+        "$mod, mouse:273, resizewindow" # rightclick
+      ];
+
+      # binds
+      bind =
+        [
+          # compositor commands
+          "$mod, Space, focuswindow, floating"
+          "$mod SHIFT, Space, togglefloating,"
+          "$mod, F, fullscreen,"
+          "$mod, X, killactive,"
+
+          "$mod, O, togglesplit," # dwindle
+
+          # opening applications
+          "$mod, D, exec, wofi --show drun,run"
+          "$mod, E, exec, pcmanfm"
+          "$mod, Return, exec, ${config.terminal}"
+          "$mod, B, exec, firefox"
+          "$mod, C, exec, qalculate-gtk"
+
+          # other commands
+          "$mod SHIFT, E, exec, wlogout -p layer-shell"
+          "$mod, Escape, exec, wlogout -p layer-shell"
+          "$mod SHIFT, R, exec, hyprctl reload"
+          "$mod, Print, exec, hyprshot-gui"
+          ", Print, exec, hyprshot-gui"
+          "$mod, P, exec, toggle-screen-mirroring; correct-workspace-locations"
+
+          # "$mod SHIFT, E, exec, pkill Hyprland"
+          # "$mod, G, togglegroup,"
+          # "$mod SHIFT, N, changegroupactive, f"
+          # "$mod SHIFT, P, changegroupactive, b"
+          # "$mod ALT, ,resizeactive,"
+
+          # media keys
+          ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
+          ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
+          ", XF86AudioPlay, exec, playerctl play-pause"
+          ", XF86AudioPause, exec, playerctl pause"
+          ", XF86AudioStop, exec, playerctl stop"
+          ", XF86AudioNext, exec, playerctl next"
+          ", XF86AudioPrev, exec, playerctl previous"
+          ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+          ", XF86MonBrightnessUp, exec, brightnessctl --class backlight set 5%+"
+          ", XF86MonBrightnessDown, exec, brightnessctl --class backlight set 5%-"
+
+          # move focus
+          "$mod, left, movefocus, l"
+          "$mod, H, movefocus, l"
+          "$mod, right, movefocus, r"
+          "$mod, L, movefocus, r"
+          "$mod, up, movefocus, u"
+          "$mod, K, movefocus, u"
+          "$mod, down, movefocus, d"
+          "$mod, J, movefocus, d"
+
+          # move window
+          "$mod SHIFT, left, movewindow, l"
+          "$mod SHIFT, H, movewindow, l"
+          "$mod SHIFT, right, movewindow, r"
+          "$mod SHIFT, L, movewindow, r"
+          "$mod SHIFT, up, movewindow, u"
+          "$mod SHIFT, K, movewindow, u"
+          "$mod SHIFT, down, movewindow, d"
+          "$mod SHIFT, J, movewindow, d"
+
+          # Switch workspaces with mainMod + [0-9]
+          "$mod, 1, workspace, 1"
+          "$mod, 2, workspace, 2"
+          "$mod, 3, workspace, 3"
+          "$mod, 4, workspace, 4"
+          "$mod, 5, workspace, 5"
+          "$mod, 6, workspace, 6"
+          "$mod, 7, workspace, 7"
+          "$mod, 8, workspace, 8"
+          "$mod, 9, workspace, 9"
+          "$mod, 0, workspace, 10"
+
+          # Move active window to a workspace with mainMod + SHIFT + [0-9]
+          "$mod SHIFT, 1, movetoworkspace, 1"
+          "$mod SHIFT, 2, movetoworkspace, 2"
+          "$mod SHIFT, 3, movetoworkspace, 3"
+          "$mod SHIFT, 4, movetoworkspace, 4"
+          "$mod SHIFT, 5, movetoworkspace, 5"
+          "$mod SHIFT, 6, movetoworkspace, 6"
+          "$mod SHIFT, 7, movetoworkspace, 7"
+          "$mod SHIFT, 8, movetoworkspace, 8"
+          "$mod SHIFT, 9, movetoworkspace, 9"
+          "$mod SHIFT, 0, movetoworkspace, 10"
+
+          # Move active window to a workspace without following with mainMod + CTRL + [0-9]
+          "$mod CTRL, 1, movetoworkspacesilent, 1"
+          "$mod CTRL, 2, movetoworkspacesilent, 2"
+          "$mod CTRL, 3, movetoworkspacesilent, 3"
+          "$mod CTRL, 4, movetoworkspacesilent, 4"
+          "$mod CTRL, 5, movetoworkspacesilent, 5"
+          "$mod CTRL, 6, movetoworkspacesilent, 6"
+          "$mod CTRL, 7, movetoworkspacesilent, 7"
+          "$mod CTRL, 8, movetoworkspacesilent, 8"
+          "$mod CTRL, 9, movetoworkspacesilent, 9"
+          "$mod CTRL, 0, movetoworkspacesilent, 10"
+        ]
+        ++
+        # Screen lock
+        (
+          let
+            swaylock = lib.getExe config.programs.swaylock.package;
+          in
+            lib.optionals config.programs.swaylock.enable [
+              "$mod,TAB,exec,${swaylock} --daemonize"
+            ]
+        )
+        ++
+        # Notification manager
+        (
+          let
+            makoctl = lib.getExe' config.services.mako.package "makoctl";
+          in
+            lib.optionals config.services.mako.enable [
+              "$mod,w,exec,${makoctl} dismiss"
+              "$mod SHIFT,W,exec,${makoctl} restore"
+            ]
+        );
+
+      # plugin = {
+      #   hyprbars = {
+      #     bar_text_size = 10;
+      #     bar_height = 16;
+      #     bar_text_font = "Ubuntu Nerd Font";
+      #     bar_precedence_over_border = true;
+      #     bar_color = "rgb(${palette.base01})";
+
+      #     hyprbars-button = [ "rgb(${palette.base03}), 14, 󰖭, hyprctl dispatch killactive" ];
+      #   };
+      # };
+    };
+  };
+}

homes/julian/features/hyprland/hyprbars.nix

@@ -0,0 +1,76 @@
+{
+  config,
+  pkgs,
+  lib,
+  outputs,
+  ...
+}: let
+  getHostname = x: lib.last (lib.splitString "@" x);
+  # remoteColorschemes = lib.mapAttrs' (n: v: {
+  #   name = getHostname n;
+  #   value = v.config.colorscheme.rawColorscheme.colors.${config.colorscheme.mode};
+  # }) outputs.homeConfigurations;
+  rgb = color: "rgb(${lib.removePrefix "#" color})";
+  rgba = color: alpha: "rgba(${lib.removePrefix "#" color}${alpha})";
+
+  hyprbars =
+    (pkgs.hyprlandPlugins.hyprbars.override {
+      # Make sure it's using the same hyprland package as we are
+      hyprland = config.wayland.windowManager.hyprland.package;
+    }).overrideAttrs
+    (old: {
+      # Yeet the initialization notification (I hate it)
+      postPatch =
+        (old.postPatch or "")
+        + ''
+          ${lib.getExe pkgs.gnused} -i '/Initialized successfully/d' main.cpp
+        '';
+    });
+in {
+  wayland.windowManager.hyprland = {
+    plugins = [hyprbars];
+    settings = {
+      "plugin:hyprbars" = {
+        bar_height = 25;
+        # bar_color = rgba config.colorscheme.colors.surface "dd";
+        # "col.text" = rgb config.colorscheme.colors.primary;
+        # bar_text_font = config.fontProfiles.regular.name;
+        # bar_text_size = config.fontProfiles.regular.size;
+        bar_part_of_window = true;
+        bar_precedence_over_border = true;
+        hyprbars-button = let
+          closeAction = "hyprctl dispatch killactive";
+
+          isOnSpecial = ''hyprctl activewindow -j | jq -re 'select(.workspace.name == "special")' >/dev/null'';
+          moveToSpecial = "hyprctl dispatch movetoworkspacesilent special";
+          moveToActive = "hyprctl dispatch movetoworkspacesilent name:$(hyprctl -j activeworkspace | jq -re '.name')";
+          minimizeAction = "${isOnSpecial} && ${moveToActive} || ${moveToSpecial}";
+
+          maximizeAction = "hyprctl dispatch fullscreen 1";
+        in [
+          # Red close button
+          # "${rgb config.colorscheme.colors.red},12,,${closeAction}"
+          # # Yellow "minimize" (send to special workspace) button
+          # "${rgb config.colorscheme.colors.yellow},12,,${minimizeAction}"
+          # # Green "maximize" (fullscreen) button
+          # "${rgb config.colorscheme.colors.green},12,,${maximizeAction}"
+        ];
+      };
+
+      # windowrulev2 =
+      #   [
+      #     "plugin:hyprbars:bar_color ${rgba config.colorscheme.colors.primary "ee"}, focus:1"
+      #     "plugin:hyprbars:title_color ${rgb config.colorscheme.colors.on_primary}, focus:1"
+      #   ]
+      #   ++ (lib.flatten (
+      #     lib.mapAttrsToList (name: colors: [
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary_container "dd"}, title:\\[${name}\\].*"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary_container}, title:\\[${name}\\].*"
+
+      #       "plugin:hyprbars:bar_color ${rgba colors.primary "ee"}, title:\\[${name}\\].*, focus:1"
+      #       "plugin:hyprbars:title_color ${rgb colors.on_primary}, title:\\[${name}\\].*, focus:1"
+      #     ]) remoteColorschemes
+      #   ));
+    };
+  };
+}

homes/julian/features/hyprland/hyprlock/default.nix

@@ -0,0 +1,46 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  programs.hyprlock.enable = true;
+  programs.hyprlock.settings = {
+    general = {
+      disable_loading_bar = true;
+      hide_cursor = true;
+      ignore_empty_input = true;
+    };
+
+    background = [
+      {
+        color = "#${palette.base00}";
+        # path = "screenshot";
+        # blur_passes = 3;
+        # blur_size = 8;
+      }
+    ];
+
+    input-field = [
+      {
+        size = "200, 50";
+        position = "0, -80";
+        monitor = "";
+        dots_center = true;
+        fade_on_empty = false;
+        font_color = "#${palette.base0B}";
+        inner_color = "#${palette.base01}";
+        outer_color = "#${palette.base05}";
+        outline_thickness = 5;
+        placeholder_text = "Password...";
+      }
+    ];
+  };
+}

homes/julian/features/hyprland/mako/default.nix

@@ -0,0 +1,30 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [libnotify];
+
+  services.mako = {
+    enable = true;
+    settings = {
+      defaultTimeout = "5000"; # milliseconds, can be overwritten by notification sender
+      backgroundColor = "#${palette.base00}";
+      textColor = "#${palette.base05}";
+      borderColor = "#${palette.base0D}";
+      progressColor = "over #${palette.base02}";
+      extraConfig = ''
+          [urgency=high]
+          border-color=#${palette.base09}
+        # '';
+    };
+  };
+}

homes/julian/features/hyprland/swayidle.nix

@@ -0,0 +1,58 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  swaylock = "${config.programs.swaylock.package}/bin/swaylock";
+  pgrep = "${pkgs.procps}/bin/pgrep";
+  pactl = "${pkgs.pulseaudio}/bin/pactl";
+  hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl";
+  swaymsg = "${config.wayland.windowManager.sway.package}/bin/swaymsg";
+
+  isLocked = "${pgrep} -x ${swaylock}";
+  lockTime = 4 * 60; # TODO: configurable desktop (10 min)/laptop (4 min)
+
+  # Makes two timeouts: one for when the screen is not locked (lockTime+timeout) and one for when it is.
+  afterLockTimeout = {
+    timeout,
+    command,
+    resumeCommand ? null,
+  }: [
+    {
+      timeout = lockTime + timeout;
+      inherit command resumeCommand;
+    }
+    {
+      command = "${isLocked} && ${command}";
+      inherit resumeCommand timeout;
+    }
+  ];
+in {
+  services.swayidle = {
+    enable = true;
+    systemdTarget = "graphical-session.target";
+    timeouts =
+      # Lock screen
+      [
+        {
+          timeout = lockTime;
+          command = "${swaylock} --daemonize --grace 15";
+        }
+      ]
+      ++
+      # Turn off displays (hyprland)
+      (lib.optionals config.wayland.windowManager.hyprland.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${hyprctl} dispatch dpms off";
+        resumeCommand = "${hyprctl} dispatch dpms on";
+      }))
+      ++
+      # Turn off displays (sway)
+      (lib.optionals config.wayland.windowManager.sway.enable (afterLockTimeout {
+        timeout = 300;
+        command = "${swaymsg} 'output * dpms off'";
+        resumeCommand = "${swaymsg} 'output * dpms on'";
+      }));
+  };
+}

homes/julian/features/hyprland/swaylock.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.swaylock = {
+    enable = true;
+    settings = {
+      color = "000000";
+      ignore-empty-password = true;
+      indicator-idle-visible = false;
+    };
+  };
+}

homes/julian/features/hyprland/toggle-screen-mirroring.sh

@@ -0,0 +1,67 @@
+#! /usr/bin/env sh
+
+# A hyprland script for a laptop-external-monitor setup, toggling between which is in use
+
+# Launch at startup to make hyprland disable the internal monitor if an external monitor is detected and enabled
+# Additionally it's called with a keybind to switch between a laptop monitor and an external display
+# Ideally the conditional monitor behaviour was instead done directly in hyprland.conf, but I'm not sure whether that's possible
+#
+# Relevant info:
+# - hyprctl monitors: identifies currently enabled monitors
+# - hyprctl monitors all: identifies ALL connected monitors - including those not in use
+#
+# Suggested use:
+# Add this line somewhere after the regular monitor configuration in hyprland.conf:
+# exec = /path/to/hyprland-monitors-toggle.sh
+# Add a keybind to run this script on demand:
+# bind =,SomeKeyHere, exec, /path/to/hyprland-monitors-toggle.sh
+
+#move_all_workspaces_to_monitor() {
+#  TARGET_MONITOR="$1"
+
+#  hyprctl workspaces | grep ^workspace | cut --delimiter ' ' --fields 3 | xargs -I '{}' hyprctl dispatch moveworkspacetomonitor '{}' "$TARGET_MONITOR"
+
+#  # Previous approach
+#  #hyprctl swapactiveworkspaces $EXTERNAL_MONITOR $INTERNAL_MONITOR
+#}
+
+# TODO: Detect these instead of hardcoding them
+INTERNAL_MONITOR="eDP-1"
+EXTERNAL_MONITOR="HDMI-A-1"
+
+# NUM_MONITORS=$(hyprctl monitors all | grep --count Monitor)
+# NUM_MONITORS_ACTIVE=$(hyprctl monitors | grep --count Monitor)
+
+# Make sure all
+# if [ "$NUM_MONITORS_ACTIVE" -eq 1 ]; then
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     exit
+# fi
+
+MIRROR_SETTING=$(hyprctl monitors all -j | jq -r '.[] | select(.name == "HDMI-A-1") | .mirrorOf')
+
+# # For dynamically toggling which monitor is active later via a keybind
+# if [ "$NUM_MONITORS" -gt 1 ]; then # Handling multiple monitors
+#   if hyprctl monitors | cut --delimiter ' ' --fields 2 | grep --quiet ^$EXTERNAL_MONITOR; then
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+#     hyprctl keyword monitor "$EXTERNAL_MONITOR, disable"
+#   else
+#     hyprctl keyword monitor $EXTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $EXTERNAL_MONITOR
+#     hyprctl keyword monitor "$INTERNAL_MONITOR, disable"
+#   fi
+# else  # If the external monitor is disconnected without running this script first, it might become the case that no monitor is on - therefore turn on the laptop monitor!
+#     hyprctl keyword monitor $INTERNAL_MONITOR,preferred,0x0,1
+#     move_all_workspaces_to_monitor $INTERNAL_MONITOR
+# fi
+
+echo setting:
+echo $MIRROR_SETTING
+if [ "$MIRROR_SETTING" = "none" ]; then
+    echo "mirroring..."
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1, mirror, $INTERNAL_MONITOR"
+else
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, disable" # shortly disable monitor so waybar recognizes the new monitor again # TODO: find better solution
+    hyprctl keyword monitor "$EXTERNAL_MONITOR, preferred, auto, 1"
+fi

homes/julian/features/hyprland/waybar/config.json

@@ -75,9 +75,9 @@
             "warning": 30,
             "critical": 15
         },
-        "format": "{icon}  {capacity}% ({time})",
-        "format-charging": "  {capacity}% ({time})",
-        "format-plugged": "  {capacity}% ({time})",
+        "format": "{icon}  {capacity}%",
+        "format-charging": "  {capacity}%",
+        "format-plugged": "  {capacity}%",
         "format-full": "{icon} ",
         "format-icons": ["", "", "", "", ""]
     },

homes/julian/features/hyprland/waybar/default.nix

@@ -0,0 +1,36 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}: let
+  palette = (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name}).palette;
+in {
+  programs.waybar = {
+    enable = true;
+    systemd.enable = true;
+    settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
+  };
+
+  xdg.configFile."waybar/style.css".source = ./style.css;
+  xdg.configFile."waybar/theme.css".text = ''
+    /*
+    bg - background
+    fg - foreground
+    */
+
+    /* Main Colors */
+    @define-color background        #${palette.base00};
+    @define-color foreground        #${palette.base05};
+
+    /* Workspace Button Colors */
+    @define-color hover-bg          #${palette.base01};
+    @define-color hover-fg          #${palette.base05};
+    @define-color active-bg         #${palette.base02};
+    @define-color active-fg         #${palette.base0A};
+    @define-color urgent-bg         #${palette.base08};
+    @define-color urgent-fg         #${palette.base00};
+  '';
+}

homes/julian/features/hyprland/waypipe.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  home.packages = [pkgs.waypipe];
+  systemd.user.services = {
+    waypipe-client = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/client.sock client";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/client.sock";
+      };
+      Install.WantedBy = ["graphical-session.target"];
+    };
+    waypipe-server = {
+      Unit.Description = "Runs waypipe on startup to support SSH forwarding";
+      Service = {
+        Type = "simple";
+        ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
+        ExecStart = "${lib.getExe (config.lib.nixGL.wrap pkgs.waypipe)} --socket %h/.waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity";
+        ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.waypipe/server.sock %t/wayland-waypipe";
+      };
+      Install.WantedBy = ["default.target"];
+    };
+  };
+}

homes/julian/features/hyprland/wlogout/default.nix

@@ -0,0 +1,39 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wlogout];
+
+  # xdg.configFile."wlogout/style.css".text = ''
+  #    * {
+  #      all: unset;
+  #      font-family: JetBrains Mono Nerd Font;
+  #    }
+
+  #    window {
+  #      background-color: #${palette.base00};
+  #    }
+
+  #    button {
+  #      color: #${palette.base01};
+  #      font-size: 64px;
+  #      background-color: rgba(0,0,0,0);
+  #      outline-style: none;
+  #      margin: 5px;
+  #   }
+
+  #    button:focus, button:active, button:hover {
+  #      color: #${palette.base0D};
+  #      transition: ease 0.4s;
+  #    }
+  # '';
+}

homes/julian/features/hyprland/wofi/default.nix

@@ -0,0 +1,86 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: let
+  inherit
+    (inputs.nix-colors.colorschemes.${builtins.toString config.colorscheme.name})
+    palette
+    ;
+in {
+  home.packages = with pkgs; [wofi];
+
+  xdg.configFile."wofi/config".source = ./config;
+  xdg.configFile."wofi/style.css".text = ''
+    window {
+        margin: 5px;
+        border: 5px solid #181926;
+        background-color: #${palette.base00};
+        border-radius: 15px;
+        font-family: "JetBrainsMono";
+        font-size: 14px;
+      }
+
+      #input {
+        all: unset;
+        min-height: 36px;
+        padding: 4px 10px;
+        margin: 4px;
+        border: none;
+        color: #${palette.base05};
+        font-weight: bold;
+        background-color: #${palette.base01};
+        outline: none;
+        border-radius: 15px;
+        margin: 10px;
+        margin-bottom: 2px;
+      }
+
+      #inner-box {
+        margin: 4px;
+        padding: 10px;
+        font-weight: bold;
+        border-radius: 15px;
+      }
+
+      #outer-box {
+        margin: 0px;
+        padding: 3px;
+        border: none;
+        border-radius: 15px;
+        border: 5px solid #${palette.base01};
+      }
+
+      #scroll {
+        margin-top: 5px;
+        border: none;
+        border-radius: 15px;
+        margin-bottom: 5px;
+      }
+
+      #text:selected {
+        color: #${palette.base01};
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+      }
+
+      #entry {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background-color: transparent;
+      }
+
+      #entry:selected {
+        margin: 0px 0px;
+        border: none;
+        border-radius: 15px;
+        background: #${palette.base0D};
+        background-size: 400% 400%;
+      }
+  '';
+}

homes/julian/features/hyprland/zathura.nix

@@ -0,0 +1,33 @@
+{config, ...}: let
+  inherit (config.colorscheme) colors;
+in {
+  programs.zathura = {
+    enable = true;
+    options = {
+      selection-clipboard = "clipboard";
+      # TODO fix
+      # font = "${config.fontProfiles.regular.name} ${toString config.fontProfiles.regular.size}";
+      # recolor = true;
+      # default-bg = "${colors.surface}";
+      # default-fg = "${colors.surface_bright}";
+      # statusbar-bg = "${colors.surface_container}";
+      # statusbar-fg = "${colors.on_surface_variant}";
+      # inputbar-bg = "${colors.surface}";
+      # inputbar-fg = "${colors.on_secondary}";
+      # notification-bg = "${colors.surface}";
+      # notification-fg = "${colors.on_secondary}";
+      # notification-error-bg = "${colors.error}";
+      # notification-error-fg = "${colors.on_error}";
+      # notification-warning-bg = "${colors.error}";
+      # notification-warning-fg = "${colors.on_error}";
+      # highlight-color = "${colors.tertiary}";
+      # highlight-active-color = "${colors.secondary}";
+      # completion-bg = "${colors.surface_bright}";
+      # completion-fg = "${colors.on_surface}";
+      # completions-highlight-bg = "${colors.secondary}";
+      # completions-highlight-fg = "${colors.on_secondary}";
+      # recolor-lightcolor = "${colors.surface}";
+      # recolor-darkcolor = "${colors.inverse_surface}";
+    };
+  };
+}

homes/julian/features/i3/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  imports = [../rofi];
+
+  services.dunst.enable = true;
+
+  programs = {
+    i3status-rust = {
+      enable = true;
+    };
+  };
+  home.packages = with pkgs; [
+    nitrogen
+    xfce.xfce4-screenshooter
+    pulseaudio # For pactl commands
+  ];
+  xsession.enable = true; # Give gui programs access to sessionVariables
+  # Prevent screen from going blank (check these settings with `xset q`)
+  # And disable bell sound (b)
+  xsession.initExtra = ''
+    ${pkgs.xorg.xset}/bin/xset s off
+    ${pkgs.xorg.xset}/bin/xset -dpms
+    ${pkgs.xorg.xset}/bin/xset b off
+  '';
+  xsession.windowManager.i3 = {
+    enable = true;
+    package = pkgs.i3-gaps;
+  };
+
+  xsession.importedVariables = [];
+
+  # Overwrite default home-manager config file
+  xdg.configFile."i3/config".source = lib.mkForce (
+    if config.hostName == "kardorf"
+    then ./i3/config-kardorf
+    else ./i3/config
+  );
+
+  home.file = {
+    ".config/i3/scripts" = {
+      source = ./i3/scripts;
+      recursive = true;
+    };
+    ".config/i3/workspace-messaging.json".source = ./i3/workspace-chat-element-tele.json;
+    ".config/i3status-rust/config.toml".source = ./i3status-rust/config.toml;
+  };
+
+  home.sessionPath = ["/home/julian/.config/i3/scripts"];
+}

homes/julian/features/i3/i3/config-kardorf

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
 
 # Monitor config
-set $monitor_left "DVI-D-0"
-set $monitor_right "DVI-D-1"
+set $monitor_left "DVI-D-1"
+set $monitor_right "DVI-D-2"
 
 workspace $ws1 output $monitor_left
 workspace $ws2 output $monitor_left

homes/julian/features/kitty/default.nix

@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.kitty = {
+    enable = true;
+    shellIntegration.enableFishIntegration = true;
+    themeFile = "gruvbox-dark";
+    settings = {
+      enable_audio_bell = false;
+      confirm_os_window_close = 0; # no ask on quit
+    };
+    font = {
+      package = pkgs.dejavu_fonts;
+      name = "DejaVu Sans";
+      size = 12;
+    };
+  };
+
+  # home.shellAliases = {
+  #   ssh = "kitten ssh"; # Copy kitten terminfo to remote
+  # };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "kitty") "kitty";
+}

homes/julian/features/neovim/default.nix

@@ -0,0 +1,159 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [inputs.nixvim.homeManagerModules.nixvim];
+
+  home.sessionVariables = {
+    EDITOR = "nvim";
+    VISUAL = "nvim";
+  };
+
+  home.packages = with pkgs; [
+    git
+    gnumake
+    gcc
+    ripgrep
+    fd
+    stylua
+    black
+    nixfmt-rfc-style # nixfmt
+  ];
+
+  programs.nixvim = {
+    enable = true;
+    viAlias = true;
+    vimAlias = true;
+
+    colorschemes.catppuccin = {
+      enable = true;
+      settings.flavour = "mocha";
+    };
+
+    globals.mapleader = " ";
+    opts = {
+      number = false;
+      relativenumber = false;
+    };
+    clipboard.register = "unnamedplus"; # Use system clipboard
+
+    keymaps = [
+      {
+        action = "<cmd>Telescope live_grep<cr>";
+        key = "<leader>/";
+      }
+      {
+        action = "<cmd>Telescope find_files<cr>";
+        key = "<leader><space>";
+      }
+      {
+        action = "<cmd>Telescope file_browser<cr>";
+        key = "<leader>.";
+      }
+      {
+        action = "<cmd>Neogit<cr>";
+        key = "<leader>gg";
+      }
+      {
+        key = "<C-s>";
+        action = "<esc><cmd>lua require('conform').format()<cr><cmd>write<cr>";
+        mode = [
+          "i"
+          "x"
+          "n"
+          "s"
+        ];
+      }
+    ];
+
+    plugins = {
+      lualine.enable = true;
+      commentary.enable = true;
+      which-key.enable = true;
+      treesitter.enable = true; # enables all grammar packages
+      neogit.enable = true; # like magit
+      trouble.enable = true;
+      web-devicons.enable = true;
+
+      # Shows file trees
+      oil = {
+        enable = true;
+        settings = {
+          view_options.show_hidden = true;
+        };
+      };
+
+      # Code formatting
+      conform-nvim = {
+        enable = true;
+        settings.formatters_by_ft = with pkgs; {
+          lua = ["stylua"];
+          python = ["black"];
+          nix = ["nixfmt"];
+        };
+        # extraOptions = {
+        #   default_format_opts.lsp_format = "fallback";
+        # };
+      };
+
+      # autocomplete
+      cmp = {
+        enable = true;
+        autoEnableSources = true;
+        settings.sources = [
+          {name = "nvim_lsp";}
+          {name = "path";}
+          {name = "buffer";}
+        ];
+        settings.mapping = {
+          "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
+          "<C-j>" = "cmp.mapping.select_next_item()";
+          "<C-k>" = "cmp.mapping.select_prev_item()";
+          "<C-e>" = "cmp.mapping.abort()";
+          "<CR>" = "cmp.mapping.confirm({ select = true })";
+        };
+      };
+
+      # Fuzzy finder
+      telescope = {
+        enable = true;
+        settings.defaults.mappings = {
+          i = {
+            "<C-j>".__raw = "require('telescope.actions').move_selection_next";
+            "<C-k>".__raw = "require('telescope.actions').move_selection_previous";
+            "<tab>".__raw = "require('telescope.actions').select_default";
+          };
+        };
+        extensions = {
+          fzf-native.enable = true;
+          file-browser = {
+            enable = true;
+            settings = {
+              hidden = true; # show hidden files
+              follow_symlinks = true;
+              no_ignore = true;
+            };
+          };
+        };
+      };
+
+      lsp = {
+        enable = true;
+        servers = {
+          rust_analyzer = {
+            enable = true;
+            installCargo = true;
+            installRustc = true;
+          };
+          nixd.enable = true;
+          pyright.enable = true;
+          dockerls.enable = true;
+          lua_ls.enable = true;
+          clangd.enable = true;
+        };
+      };
+    };
+  };
+}

homes/julian/features/nix-helper/default.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  home.sessionVariables = {
+    NH_FLAKE = "/home/julian/.dotfiles";
+  };
+
+  home.shellAliases = {
+    "os" = "nh os switch";
+    "hs" = "nh home switch";
+  };
+
+  home.packages = with pkgs; [nh];
+}

homes/julian/features/rofi/default.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  # this would need you to config rofi using home-manager
+  # programs.rofi = { enable = true; };
+
+  home.packages = with pkgs; [rofi];
+
+  home.file = {
+    ".config/rofi/config.rasi".source = ./config.rasi;
+  };
+}

homes/julian/features/suites/cli/default.nix

@@ -0,0 +1,49 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    bat
+    du-dust # Like du tree but better
+    fd # better find
+    fdupes # find and delete duplicate files
+    ffmpeg
+    findutils # locate
+    fzf # Fuzzy finder
+    ghostscript # needed for imagemagick with pdfs
+    imagemagick
+    git
+    gnupg
+    htop
+    jq # Command line JSON processor
+    killall
+    languagetool # Grammar checker
+    lazygit # Git client
+    links2 # Tui web-browser
+    lnav # log analyzing tool
+    mc # Tui file browser
+    # nix-index
+    nmap
+    p7zip # unzip 7zip archives
+    parted
+    pciutils # lspci
+    poppler_utils # Pdf utils including pdfimages
+    libqalculate # Nice tui calculator (qalc)
+    ripgrep # better grep
+    rnr # renaming tool
+    sage # Maths notebooks
+    tealdeer # tldr
+    topgrade # System update
+    tree
+    unetbootin # TODO
+    unixtools.procps # TODO
+    unzip
+    usbutils # lsusb
+    wget
+    wireguard-tools # wg-quick
+    xorg.xkill
+    zip
+
+    ## My scripts
+    frajul.edit-config
+    frajul.lntocp
+    frajul.sos
+  ];
+}

homes/julian/features/suites/desktop/default.nix

@@ -0,0 +1,68 @@
+{pkgs, ...}: {
+  imports = [../../gtk];
+
+  services.blueman-applet.enable = true;
+  services.nextcloud-client.enable = true;
+  services.nextcloud-client.startInBackground = true;
+  services.network-manager-applet.enable = true;
+
+  services.syncthing.tray.enable = true;
+  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      # Tampermonkey
+      {id = "dhdgffkkebhmkfjojejmpbldmpobfkfo";}
+    ];
+  };
+
+  home.packages = with pkgs; [
+    arandr
+    calibre # ebook manager and viewer
+    # digikam
+    discord
+    # dvdisaster
+    # element-desktop
+    # rocketchat-desktop
+    thunderbird
+    tdesktop # telegram
+    # schildichat-desktop # not updated regularly
+    nheko
+    evince # Simple pdf reader, good for focusing on document content
+    firefox
+    # geogebra
+    cheese
+    handbrake
+    # kitty # Terminal, already available as feature
+    libnotify
+    libreoffice
+    mate.engrampa
+    nomacs # Image viewer
+    kdePackages.okular # Pdf reader with many features, good for commenting documents
+    pavucontrol
+    pdfsam-basic # Split, merge, etc for pdfs
+    qalculate-gtk # Nice gui calculator
+    qpdfview
+    # qutebrowser
+    # realvnc-vnc-viewer
+    rpi-imager # make isos
+    # rustdesk
+    tor-browser
+    unstable.path-of-building # Path of Building
+    # frajul.pob-dev-version # Path of Building
+    vlc
+    wineWowPackages.stable # 32-bit and 64-bit wine
+    winetricks
+    xclip # x11 clipboard access from terminal
+    xfce.mousepad # simple text editor
+    xournalpp # Edit pdf files
+    zoom-us # Video conferencing
+    zotero # Manage papers and other sources
+    pdfpc # Present slides in pdf form
+
+    ## My scripts
+    frajul.open-messaging
+    frajul.xwacomcalibrate
+  ];
+}

homes/julian/features/suites/development/default.nix

@@ -0,0 +1,85 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    watchexec # Run command when any file in current dir changes
+    android-tools # adb
+    # shellcheck # Check bash scripts for common errors
+    sqlite
+    scrcpy # Mirror android screen to pc
+    cargo
+    clippy
+    cntr # nix debugger
+    conda
+    micromamba # a better, faster conda
+    devcontainer # development container
+    devenv # devbox alternative
+    dbeaver-bin
+    devbox # dev environments using nix
+    distrobox # run commands inside docker containers
+    gcc
+    gradle
+    hexedit
+    unstable.zed-editor
+    jdk
+    julia-bin
+    (texlive.combine {
+      # for rendering latex in inkscape
+      inherit
+        (texlive)
+        scheme-medium
+        standalone
+        amsmath
+        preview
+        # needed for org mode export
+        wrapfig
+        capt-of
+        biblatex
+        ;
+    })
+    matlab # Using nix-matlab overlay defined in flake
+    maven
+    nodejs
+    pkg-config # Often needed to build something
+    # pwndbg # improved gdb (debugger)
+    python3
+    rust-analyzer
+    rustc
+    rustfmt
+    # (pkgs.inkscape-with-extensions.override {
+    #   inkscapeExtensions = [ pkgs.inkscape-extensions.textext ];
+    # })
+    # inkscape-with-extensions
+    # inkscape-extensions.textext
+    inkscape
+    gcolor3 # Color picker
+    gimp
+    drawio
+    audacity
+
+    deploy-rs
+    sops
+    pandoc # markdown preview
+    docker-compose
+
+    ## My scripts
+    frajul.deploy-to-pianopi
+    frajul.rtklib
+
+    (pkgs.writeShellScriptBin "matlab-rsp" ''
+      matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl
+    '')
+
+    (pkgs.writeShellScriptBin "matlab-paper" ''
+      matlab -desktop -sd "/home/julian/dev/phdthesis/Phase B/mainSimulation" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "matlab-robotik" ''
+      matlab -desktop -sd "/home/julian/nas-sync/Studium/Vorlesungen-Master/ss24/Robotik2" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "matlab-gram" ''
+      export GTK_PATH=/usr/lib/gtk-3.0
+      nix shell nixpkgs#gcc11 --command matlab -desktop -sd "/home/julian/dev/matlab-gram" -softwareopengl
+    '')
+    (pkgs.writeShellScriptBin "expenses-tracker" ''
+      java -jar /home/julian/dev/expensestracker/app/build/libs/app.jar
+    '')
+  ];
+}

homes/julian/features/topgrade/default.nix

@@ -0,0 +1,28 @@
+{
+  programs.topgrade = {
+    enable = true;
+    settings = {
+      misc.no_self_update = true;
+      misc.pre_sudo = true; # Cache sudo password for 5 more minutes
+      misc.assume_yes = true;
+      misc.no_retry = true;
+
+      # pre_commands."Update flake" = "git -C /home/julian/.dotfiles checkout origin/flake-updates -- flake.lock";
+
+      linux.nix_arguments = "--flake /home/julian/.dotfiles";
+      linux.home_manager_arguments = [
+        "--flake"
+        "/home/julian/.dotfiles"
+      ];
+
+      git = {
+        # Additional git repositories to pull
+        repos = [
+          "~/.dotfiles"
+          "~/dev/*"
+          "~/.config/doom"
+        ];
+      };
+    };
+  };
+}

homes/julian/features/wezterm/default.nix

@@ -0,0 +1,34 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  programs.wezterm = {
+    enable = true;
+    extraConfig = ''
+      local wezterm = require 'wezterm'
+      local config = {}
+
+      config.color_scheme = 'Catppuccin Mocha'
+      -- config.font = wezterm.font 'JetBrains Mono'
+      -- config.font_size = 12.0
+      config.hide_tab_bar_if_only_one_tab = true
+      config.audible_bell = 'Disabled'
+      config.enable_wayland = false -- Somehow only works for wayland if this is set to false
+
+      config.window_close_confirmation = 'NeverPrompt'
+
+      return config
+    '';
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "wezterm") "wezterm-start-here";
+
+  # Otherwise wezterm does not start in directory of parent process
+  home.packages = [
+    (pkgs.writeShellScriptBin "wezterm-start-here" ''
+      wezterm start --cwd "$PWD"
+    '')
+  ];
+}

homes/julian/features/yazi/default.nix

@@ -0,0 +1,90 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  programs.zoxide.enable = true;
+  programs.zoxide.enableFishIntegration = true;
+
+  home.packages = with pkgs; [
+    exiftool
+    unar # extract archives
+    xdragon # dragndrop
+    poppler_utils # pdf preview
+    fd
+    ripgrep
+    fzf
+    jq # json preview
+    ffmpegthumbnailer
+    xclip
+  ];
+
+  home.shellAliases = {
+    y = "yy"; # Yazi shell wrapper (cd on quit)
+  };
+
+  programs.yazi.enable = true;
+  programs.yazi.enableFishIntegration = true;
+  programs.yazi.settings.manager = {
+    sort_by = "mtime";
+    sort_reverse = true;
+    show_hidden = true;
+  };
+
+  programs.yazi.keymap = {
+    manager.prepend_keymap = [
+      # Override defaults
+      {
+        on = ["e"];
+        run = ''shell --orphan --confirm "pcmanfm &"'';
+        desc = "Open gui file manager";
+      }
+      {
+        on = ["<C-o>"];
+        run = ''shell "$SHELL" --block --confirm'';
+        desc = "Open shell here";
+      }
+      {
+        on = ["<C-n>"];
+        run = ''shell 'dragon -x -i -T "$1"' --confirm'';
+        desc = "Dragndrop via dragon";
+      }
+      {
+        on = ["<Enter>"];
+        run = "plugin --sync smart-enter";
+        desc = "Enter the child directory, or open the file";
+      }
+    ];
+    input.prepend_keymap = [
+      {
+        on = ["<Esc>"];
+        run = "close";
+        desc = "Cancel input";
+      }
+    ];
+  };
+
+  programs.yazi.settings.opener = {
+    play = [
+      {
+        run = ''vlc "$1"'';
+        orphan = true;
+      }
+    ];
+  };
+
+  xdg.configFile."yazi/flavors" = {
+    source = "${inputs.yazi-flavors}";
+  };
+  xdg.configFile."yazi/plugins/smart-enter.yazi/init.lua".text = ''
+    return {
+      entry = function()
+        local h = cx.active.current.hovered
+        ya.manager_emit(h and h.cha.is_dir and "enter" or "open", { hovered = true })
+      end,
+    }
+  '';
+  programs.yazi.theme = {
+    flavor.use = "catppuccin-mocha";
+  };
+}

homes/julian/features/zsh/default.nix

@@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  home.file = {
+    ".config/starship.toml".source = ./starship.toml;
+  };
+
+  home.packages = with pkgs; [starship];
+
+  programs.starship = {
+    enable = true;
+    enableZshIntegration = true;
+  };
+
+  programs.zsh = {
+    enable = true;
+
+    initExtra =
+      builtins.readFile ./key-bindings.zsh
+      + builtins.readFile ./functions.zsh
+      + builtins.readFile ./last-working-dir.zsh
+      + builtins.readFile ./dir-navigation.zsh;
+
+    zplug = {
+      enable = true;
+      plugins = [
+        # list of plugins: https://github.com/unixorn/awesome-zsh-plugins
+        {name = "agkozak/zsh-z";}
+        {
+          name = "zsh-users/zsh-completions";
+        }
+
+        # make it behave like fish
+        {name = "zsh-users/zsh-autosuggestions";}
+        {name = "zsh-users/zsh-history-substring-search";}
+        {
+          name = "zsh-users/zsh-syntax-highlighting";
+        } # must be last sourced plugin
+      ];
+    };
+  };
+}

homes/julian/global/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  pkgs,
+  config,
+  outputs,
+  ...
+}: {
+  imports =
+    [
+      ../features/fonts
+      ../features/nix-helper
+    ]
+    ++ (builtins.attrValues outputs.homeManagerModules);
+
+  nix = {
+    package = lib.mkDefault pkgs.nix;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "ca-derivations"
+      ];
+      # warn-dirty = false; # TODO: do I want it? also for systems
+    };
+  };
+
+  colorscheme.name = "catppuccin-mocha";
+
+  # systemd.user.startServices = "sd-switch"; # TODO: what is this
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    username = lib.mkDefault "julian";
+    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    stateVersion = lib.mkDefault "23.11";
+
+    sessionPath = ["$HOME/.local/bin"];
+  };
+
+  # TODO: colorscheme
+  # colorscheme.mode = lib.mkOverride 1499 "dark";
+  # specialisation = {
+  #   dark.configuration.colorscheme.mode = lib.mkOverride 1498 "dark";
+  #   light.configuration.colorscheme.mode = lib.mkOverride 1498 "light";
+  # };
+  # home.file = {
+  #   ".colorscheme.json".text = builtins.toJSON config.colorscheme;
+  # };
+}

homes/julian/global/mimeapps.nix

@@ -6,9 +6,11 @@
 #   inherit pkgs;
 #   inherit lib;
 # };
-
-{ lib, pkgs, ... }:
-let
+{
+  lib,
+  pkgs,
+  ...
+}: let
   package-names = with pkgs; {
     "x-scheme-handler/tg" = telegram-desktop;
     "x-scheme-handler/mailto" = thunderbird;
@@ -40,6 +42,7 @@ let
     "inode/directory" = pcmanfm;
   };
 in
-lib.mapAttrs (mimeType: package: [
-  "${package}/share/applications/${package.pname}.desktop"
-]) package-names
+  lib.mapAttrs (mimeType: package: [
+    "${package}/share/applications/${package.pname}.desktop"
+  ])
+  package-names

homes/julian/hm-standalone-config.nix

@@ -0,0 +1,43 @@
+# Only apply this to home-manager standalone
+{outputs, ...}: {
+  # Apply overlays
+  nixpkgs = {
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = _: true; # TODO: what is this
+      permittedInsecurePackages = [
+        "olm-3.2.16"
+      ];
+      warn-dirty = false;
+    };
+  };
+
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "http://binarycache.julian-mutter.de"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+    ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+
+    experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+    ];
+
+    # nix.settings. # warn-dirty = false; # TODO: do I want this
+  };
+}

homes/julian/kardorf.nix

@@ -0,0 +1,56 @@
+{
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/direnv
+    ./features/topgrade
+    ./features/neovim
+    ./features/ghostty
+    ./features/wezterm
+    ./features/yazi
+    ./features/emacs
+
+    # ./features/hyprland
+    ./features/i3
+
+    ./features/suites/cli
+    ./features/suites/desktop
+    ./features/suites/development
+  ];
+
+  hostName = "kardorf";
+  is-nixos = true;
+  terminal = "ghostty";
+
+  #  ---------   ---------
+  # | DVI-D-1 | | DVI-D-2 |
+  #  ---------   ---------
+  monitors = [
+    {
+      name = "DVI-D-1";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "1"
+        "2"
+        "3"
+        "4"
+        "5"
+      ];
+      primary = true;
+    }
+    {
+      name = "DVI-D-2";
+      width = 1680;
+      height = 1050;
+      workspaces = [
+        "6"
+        "7"
+        "8"
+        "9"
+        "10"
+      ];
+    }
+  ];
+}

homes/julian/pianonix.nix

@@ -0,0 +1,37 @@
+{pkgs, ...}: {
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/topgrade
+    ./features/neovim
+    ./features/wezterm
+    ./features/yazi
+    ./features/gtk
+  ];
+
+  hostName = "pianonix";
+  is-nixos = true;
+  terminal = "wezterm";
+
+  services.syncthing.tray.enable = true;
+  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+
+  home.packages = with pkgs; [
+    music-reader
+    sheet-organizer
+
+    xournalpp
+    musescore
+
+    onboard
+  ];
+
+  # Autostart link
+  home.file = {
+    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    ".config/sheet-organizer/config.toml".text = ''
+      working_directory = "/home/julian/Klavier"
+    '';
+  };
+}

homes/julian/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H

homes/julian/v3ms/default.nix

@@ -0,0 +1,30 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../global
+
+    ../features/fish
+    ../features/direnv
+    ../features/topgrade
+    ../features/neovim
+    ../features/yazi
+    ../features/emacs
+    ../features/nix-helper
+  ];
+
+  hostName = "aspi";
+  is-nixos = false;
+  # terminal = "kitty";
+
+  home.sessionPath = ["/snap/bin"];
+
+  home.packages =
+    lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})
+    [
+      ./fonts.nix
+      ./packages.nix
+    ];
+}

homes/julian/v3ms/fonts.nix

@@ -1,12 +1,10 @@
-{ pkgs, ... }:
-
-with pkgs;
-[
-  (nerdfonts.override { fonts = [ "FiraCode" ]; })
+{pkgs, ...}:
+with pkgs; [
+  nerd-fonts.fira-code
   font-awesome
   dejavu_fonts
   noto-fonts
-  noto-fonts-cjk
+  noto-fonts-cjk-sans
   noto-fonts-emoji
   liberation_ttf
   fira-code

homes/julian/v3ms/packages.nix

@@ -1,7 +1,5 @@
-{ pkgs, ... }:
-
-with pkgs;
-[
+{pkgs, ...}:
+with pkgs; [
   # Rust setup
   rustc
   rustfmt
@@ -37,4 +35,8 @@ with pkgs;
   sage
 
   pkg-config # Often needed to build something
+
+  devbox # reproducible dev envs based on nix
+
+  mysql80
 ]

homes/x86_64-linux/julian@aspi/default.nix

@@ -1,61 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-    shell = {
-      # zsh.enable = true;
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    # kitty.enable = true;
-    wezterm.enable = true;
-    yazi.enable = true;
-    emacs.enable = true;
-
-    i3.enable = true;
-
-    # hyprland.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-
-    suites = {
-      cli.enable = true;
-      desktop.enable = true;
-      development.enable = true;
-    };
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@kardorf/default.nix

@@ -1,57 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-    shell = {
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    # alacritty.enable = true;
-    kitty.enable = true;
-    yazi.enable = true;
-    emacs.enable = true;
-    i3.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-
-    suites = {
-      cli.enable = true;
-      desktop.enable = true;
-      development.enable = true;
-    };
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@pianonix/default.nix

@@ -1,72 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home,
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}@arguments:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = true;
-
-    shell = {
-      fish.enable = true;
-    };
-    yazi.enable = true;
-    topgrade.enable = true;
-    neovim.enable = true;
-    wezterm.enable = true;
-    nix-helper.enable = true;
-
-    desktop.enable = true;
-    fonts.enable = true;
-  };
-
-  # Prevent screen from going blank (check these settings with `xset q`)
-  # And disable bell sound (b)
-  xsession.initExtra = ''
-    ${pkgs.xorg.xset}/bin/xset s off
-    ${pkgs.xorg.xset}/bin/xset -dpms
-    ${pkgs.xorg.xset}/bin/xset b off
-  '';
-
-  services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
-
-  home.packages = with pkgs; [
-    music-reader
-    sheet-organizer
-  ];
-
-  # Autostart link
-  home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
-    ".config/sheet-organizer/config.toml".text = ''
-      working_directory = "/home/julian/Klavier"
-    '';
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

homes/x86_64-linux/julian@v3ms/default.nix

@@ -1,53 +0,0 @@
-{
-  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
-  # as well as the libraries available from your flake's inputs.
-  lib,
-  # An instance of `pkgs` with your overlays and packages applied is also available.
-  pkgs,
-  # You also have access to your flake's inputs.
-  inputs,
-
-  # Additional metadata is provided by Snowfall Lib.
-  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
-  home, # The home architecture for this host (eg. `x86_64-linux`).
-  target, # The Snowfall Lib target for this home (eg. `x86_64-home`).
-  format, # A normalized name for the home target (eg. `home`).
-  virtual, # A boolean to determine whether this home is a virtual target using nixos-generators.
-  host, # The host name for this home.
-
-  # All other arguments come from the home home.
-  config,
-  ...
-}:
-{
-  home.username = "julian";
-  home.homeDirectory = "/home/julian";
-
-  modules = {
-    non-nixos.is-nixos = false;
-    shell = {
-      fish.enable = true;
-      direnv.enable = true;
-    };
-    topgrade.enable = true;
-    neovim.enable = true;
-    yazi.enable = true;
-    emacs.enable = true;
-
-    nix-helper.enable = true;
-  };
-
-  home.packages =
-    lib.lists.concatMap (packages-list-file: import packages-list-file { inherit pkgs; })
-      [
-        ./fonts.nix
-        ./packages.nix
-      ];
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  # ======================== DO NOT CHANGE THIS ========================
-  home.stateVersion = "23.11";
-  # ======================== DO NOT CHANGE THIS ========================
-}

hosts/aspi/default.nix

@@ -0,0 +1,50 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global
+    ../common/users/julian
+    ../common/optional/binarycaches.nix
+
+    ../common/optional/remote-builder.nix
+    ../common/optional/boot-efi.nix
+
+    ../common/optional/greetd.nix
+    ../common/optional/authentication.nix
+    ../common/optional/pcmanfm.nix
+    ../common/optional/pipewire.nix
+
+    ../common/optional/gamemode.nix
+    ../common/optional/virtualbox.nix
+
+    ../common/optional/podman.nix
+    ../common/optional/wireguard.nix
+    ../common/optional/flatpak.nix
+
+    ../common/optional/avahi.nix
+  ];
+
+  networking.hostName = "aspi";
+  system.stateVersion = "24.05";
+
+  modules = {
+    syncthing = {
+      enable = true;
+      overrideSettings = false;
+    };
+  };
+
+  services.blueman.enable = true;
+  services.upower.enable = true;
+
+  programs.steam.enable = true;
+
+  # TODO: not working
+  services.logind.lidSwitch = "lock";
+  services.logind.lidSwitchDocked = "lock";
+
+  programs.kdeconnect.enable = true;
+
+  # Enable touchpad support
+  services.libinput.enable = true;
+}

hosts/aspi/hardware-configuration.nix

@@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  boot.initrd.availableKernelModules = [
+    "vmd"
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+  boot.blacklistedKernelModules = ["pcspkr"]; # Disables "beep"
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+
+  boot.initrd.luks.devices = {
+    root = {
+      device = "/dev/disk/by-uuid/a4dc9a2c-725b-4252-8fbb-093a271c31ba";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=root"
+      "compress=zstd"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=home"
+      "compress=zstd"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
+    fsType = "btrfs";
+    options = [
+      "subvol=nix"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7040-F37C";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.nvidia.open = false;
+}

hosts/aspi/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZH4AYoERGx5t8gXXmrZetSchwzps8UYwkz8E6SI8D

hosts/builder/default.nix

@@ -0,0 +1,262 @@
+# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
+# or
+# deploy .#builder
+{config, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+
+    ../common/global
+  ];
+
+  networking.hostName = "builder";
+  system.stateVersion = "23.11";
+
+  users.users.nix = {
+    isNormalUser = true;
+    description = "Nix";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "docker"
+    ];
+  };
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+    ];
+
+    trusted-users = ["nix"];
+    max-jobs = "auto";
+    cores = 0;
+  };
+
+  # optimize store by hardlinking store files
+  nix.optimise.automatic = true;
+  nix.optimise.dates = ["03:15"];
+
+  # nix.gc.automatic = true;
+  # nix.gc.dates = "daily";
+  # nix.gc.options = "--delete-old";
+
+  # nix.settings.keep-derivations = false;
+  # nix.settings.keep-outputs = true;
+
+  # Garbage collect up to 100 GiB when only 20 GiB storage left
+  nix.extraOptions = ''
+    min-free = ${toString (20 * 1024 * 1024 * 1024)}
+    max-free = ${toString (100 * 1024 * 1024 * 1024)}
+  '';
+
+  nix.nrBuildUsers = 64;
+
+  # prevent memory to get filled
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  };
+
+  # Ollama used by open-webui as llm backend
+  # services.ollama = {
+  #   enable = true;
+  #   # acceleration = "rocm";
+  # };
+  # services.open-webui = {
+  #   enable = true;
+  #   port = 8080;
+  #   openFirewall = true;
+  #   host = "builder.julian-mutter.de";
+  # };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = true;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFcS+3d1tNgHmYCjueymCV9Bd2LcJcKGhVobrDe3r0s julian@kardorf"
+  ];
+  users.users."nix".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIQ+qMuXvyoxO1DuCR3/x+IQRfSA2WyMuzuotWZjCye root@aspi"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnfLJnS2SKUs47J0qpLTkk0LQA5quOuAhnxE6yppUDm root@kardorf"
+  ];
+
+  # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL
+    port = 3000;
+    notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service
+    # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
+    # buildMachinesFiles = [ ];
+    # you will probably also want, otherwise *everything* will be built from scratch
+    useSubstitutes = true;
+
+    minimumDiskFree = 5; # in GB
+    minimumDiskFreeEvaluator = 4; # in GB
+  };
+
+  # add builder itself as build machine so system emulation is properly supported
+  # nix.distributedBuilds = true;
+  nix.buildMachines = [
+    {
+      hostName = "localhost";
+      protocol = null;
+      # sshUser = "nix";
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+      maxJobs = 4;
+      speedFactor = 3;
+      supportedFeatures = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+      ];
+    }
+  ];
+
+  # Uris allowed as flake inputs, otherwise hydra does not fetch them
+  nix.settings.allowed-uris = [
+    "github:"
+    "gitlab:"
+    "git+https://github.com/hyprwm/Hyprland"
+    "https://github.com/hyprwm/Hyprland"
+    "https://github"
+    "https://gitlab"
+    "https://gitlab.julian-mutter.de"
+    "git+https://gitlab.julian-mutter.de"
+  ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    # recommendedTlsSettings = true;
+    # other Nginx options
+    virtualHosts."hydra.julian-mutter.de" = {
+      # enableACME = true;
+      # forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        # extraConfig =
+        #   # required when the target is also TLS server with multiple hosts
+        #   "proxy_ssl_server_name on;" +
+        #   # required when the server wants to use HTTP Authentication
+        #   "proxy_pass_header Authorization;"
+        #   ;
+      };
+    };
+
+    virtualHosts."binarycache.julian-mutter.de" = {
+      locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+    };
+
+    clientMaxBodySize = "2G";
+    virtualHosts."cache.julian-mutter.de" = {
+      locations."/".proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+
+  # =========== Gitea actions ==========
+  services.gitea-actions-runner.instances."builder" = {
+    enable = true;
+    url = "https://gitlab.julian-mutter.de";
+    name = "builder";
+    tokenFile = config.sops.secrets."gitea_token".path;
+    labels = []; # use default labels
+  };
+
+  virtualisation.docker.enable = true;
+
+  # TODO: podman fails with: "cannot resolve hostname"
+  # virtualisation.podman = {
+  #   enable = true;
+  #   dockerCompat = true;
+  #   defaultNetwork.settings.dns_enabled = true;
+  # };
+
+  sops.secrets."gitea_token" = {
+    owner = config.users.users.nix.name;
+    sopsFile = ./secrets.yaml;
+  };
+
+  # =========== Binary Cache ==========
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = "/var/cache-priv-key.pem";
+  };
+
+  # =========== Binary Cache with attic ==========
+  sops.secrets."attic_token".sopsFile = ./secrets.yaml;
+
+  services.atticd = {
+    enable = true;
+    environmentFile = config.sops.secrets."attic_token".path;
+    settings = {
+      listen = "[::]:8080";
+
+      jwt = {};
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
+  services.gitlab-runner.enable = true;
+  # runner for everything else
+  #
+  sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
+  services.gitlab-runner.services.default = {
+    # File should contain at least these two variables:
+    authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
+    dockerImage = "alpine:latest";
+    dockerVolumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+}

hosts/builder/hardware-configuration.nix

@@ -0,0 +1,50 @@
+{lib, ...}: {
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  # boot.initrd.kernelModules = [ "amdgpu" ]; # GPU support
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f088fe8e-bf3d-4a89-98bd-ead9852d381f";
+    fsType = "ext4";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  # hardware.graphics = {
+  #   enable = true;
+  #   extraPackages = with pkgs; [
+  #     rocmPackages.clr.icd
+  #     linuxPackages.amdgpu-pro
+  #   ];
+  # };
+
+  # boot.kernelParams = [
+  #   "radeon.si_support=0"
+  #   "radeon.cik_support=1"
+  #   "amdgpu.si_support=0"
+  #   "amdgpu.cik_support=1"
+  # ];
+  # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ];
+  # boot.blacklistedKernelModules = [ "radeon" ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  # Emulated systems used as alternative to cross-compiling
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+}

hosts/common/global/auto-upgrade.nix

@@ -0,0 +1,16 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  system.hydraAutoUpgrade = {
+    # Only enable if not dirty
+    enable = inputs.self ? rev;
+    dates = "*:0/10"; # Every 10 minutes
+    instance = "http://hydra.julian-mutter.de";
+    project = "dotfiles";
+    jobset = "main";
+    job = "hosts.${config.networking.hostName}";
+    oldFlakeRef = "self";
+  };
+}

hosts/common/global/default.nix

@@ -0,0 +1,41 @@
+# Common config for all hosts
+{
+  inputs,
+  outputs,
+  pkgs,
+  ...
+}: {
+  imports =
+    [
+      ./fish.nix # fish for admin
+      ./locale.nix
+      ./nix.nix
+      ./sops.nix
+      ./root.nix
+    ]
+    ++ [
+      inputs.home-manager.nixosModules.home-manager
+    ]
+    ++ (builtins.attrValues outputs.nixosModules);
+
+  # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
+  # Enables non-free firmware
+  hardware.enableRedistributableFirmware = true;
+
+  # Networking
+  networking.networkmanager = {
+    enable = true;
+    plugins = with pkgs; [
+      networkmanager-openconnect
+    ];
+  };
+  services.resolved.enable = true;
+
+  programs.dconf.enable = true;
+
+  # HM
+  home-manager.useGlobalPkgs = true;
+  home-manager.extraSpecialArgs = {
+    inherit inputs outputs;
+  };
+}

hosts/common/global/fish.nix

@@ -0,0 +1,10 @@
+{
+  programs.fish = {
+    enable = true;
+    vendor = {
+      completions.enable = true;
+      config.enable = true;
+      functions.enable = true;
+    };
+  };
+}

hosts/common/global/locale.nix

@@ -0,0 +1,26 @@
+{
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Keymap
+  services.xserver.xkb = {
+    layout = "de";
+    variant = "";
+  };
+
+  console.keyMap = "de";
+
+  time.timeZone = "Europe/Berlin";
+}

hosts/common/global/nix.nix

@@ -0,0 +1,43 @@
+{
+  lib,
+  outputs,
+  ...
+}: {
+  # Apply overlays
+  nixpkgs = {
+    # TODO: apply this to hm and nixos without duplicate code
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      nvidia.acceptLicense = true;
+      allowUnfree = true;
+      allowUnfreePredicate = _: true; # TODO: what is this
+      warn-dirty = false;
+      permittedInsecurePackages = [
+        "olm-3.2.16"
+      ];
+    };
+  };
+
+  nix.settings.auto-optimise-store = lib.mkDefault true;
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+    "ca-derivations"
+  ];
+  # warn-dirty = false;
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    # Keep the last 3 generations
+    options = "--delete-older-than +3";
+  };
+
+  programs.nix-ld.enable = true;
+
+  # TODO: is this useful?, what does it do?
+  # nix.settings.flake-registry = ""; # Disable global flake registry
+  # Add each flake input as a registry and nix_path
+  # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+  # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+}

hosts/common/global/root.nix

@@ -0,0 +1,9 @@
+{pkgs, ...}: {
+  # Packages needed as root
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    mc
+    gparted-xhost # needs to be installed as system package so it can be actually opened
+  ];
+}

hosts/common/global/sops.nix

@@ -0,0 +1,22 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [inputs.sops-nix.nixosModules.sops];
+
+  sops.age = {
+    sshKeyPaths = map getKeyPath keys;
+
+    # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
+    keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # Generate key if none of the above worked. With this, building will still work, just without secrets
+    generateKey = false; # TODO: building should not work without secrets!?
+  };
+
+  sops.defaultSopsFile = ../secrets.yaml;
+}

hosts/common/optional/authentication.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Make programs like nextcloud client access saved passwords
+  services.gnome.gnome-keyring.enable = true;
+
+  programs.seahorse.enable = true;
+  programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+
+  # Make authentication work for e.g. gparted
+  security.polkit.enable = true;
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = ["graphical-session.target"];
+      wants = ["graphical-session.target"];
+      after = ["graphical-session.target"];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+      };
+    };
+  };
+}

hosts/common/optional/avahi.nix

@@ -0,0 +1,9 @@
+{
+  # MDNS on local network
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish.enable = true;
+    publish.addresses = true;
+  };
+}