Update flake.lock 2025-04-28

Update flake.lock 2025-04-27
Update flake.lock 2025-04-26
2026-04-25 00:30:42 +00:00 · 2026-04-25 00:30:42 +00:00 · 2026-04-25 00:30:42 +00:00 · 2026-04-25 00:30:42 +00:00 · 2026-04-25 00:30:42 +00:00 · 2026-04-25 00:30:42 +00:00
106 changed files with 2294 additions and 857 deletions
@@ -1,17 +1,15 @@
 keys:
  - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
  - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-  - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
  - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
  - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5

 creation_rules:
-  - path_regex: hosts/common/secrets.yaml$
+  - path_regex: hosts/secrets-common.yaml$
    key_groups:
    - age:
      - *primary
      - *aspi-ssh
-      - *pianonix-ssh
      - *kardorf-ssh

  - path_regex: hosts/builder/secrets.yaml$
@@ -19,9 +17,3 @@ creation_rules:
    - age:
      - *primary
      - *builder-ssh
-
-  - path_regex: hosts/pianonix/secrets.yaml$
-    key_groups:
-    - age:
-      - *primary
-      - *pianonix-ssh
@@ -1,7 +1,12 @@
 #+title: My dotfiles

-My dotfiles for which I am using =nix=.
-The structure is managed by [[https://snowfall.org/guides/lib/quickstart/][Snowfall lib]]
+* Quick start for home-manger only (no need to pull this repo)
+- Install nix using the https://github.com/DeterminateSystems/nix-installer
+- Then run
+ #+begin_src shell
+nix run nixpkgs#home-manager -- switch --flake git+https://gitlab.julian-mutter.de/julian/dotfiles.git#julian@quickstart
+ #+end_src 
+- Done

 * Machine selection
 =home-manager= automatically searches for =user= or =user@hostname= config in the flake, so specify one of those or you will have to manually specify them:
@@ -24,7 +29,7 @@ sops edit secrets/secrets.yaml
 ** Authorize new device
 - Generate public key from ssh -> Private age key generation not needed
 #+begin_src sh
-ssh-to-age < /etc/ssh/ssh_host_ed25519_key
+ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
 #+end_src
 - Add age public key to file:.sops.yaml
 - Update keys
@@ -0,0 +1,16 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  system.hydraAutoUpgrade = {
+    # Only enable if not dirty
+    enable = inputs.self ? rev;
+    dates = "*:0/10"; # Every 10 minutes
+    instance = "http://hydra.julian-mutter.de";
+    project = "dotfiles";
+    jobset = "main";
+    job = "hosts.${config.networking.hostName}";
+    oldFlakeRef = "self";
+  };
+}
@@ -2,6 +2,8 @@
 {
  inputs,
  outputs,
+  pkgs,
+  lib,
  ...
 }: {
  imports =
@@ -22,13 +24,23 @@
  hardware.enableRedistributableFirmware = true;

  # Networking
-  networking.networkmanager.enable = true;
-  services.resolved.enable = true;
+  networking.networkmanager = {
+    enable = true;
+    plugins = with pkgs; [
+      networkmanager-openconnect
+    ];
+  };
+  services.resolved.enable = false;
+  # MDNS Taken by avahi
+  # networking.networkmanager.dns = "none";
+  networking.nameservers = lib.mkDefault [
+    "1.1.1.1"
+    "8.8.8.8"
+  ];

-  programs.dconf.enable = true;
-
-  # HM
-  home-manager.useGlobalPkgs = true;
+  # HM module
+  home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
+  home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
  home-manager.extraSpecialArgs = {
    inherit inputs outputs;
  };
@@ -1,8 +1,4 @@
-{
-  lib,
-  outputs,
-  ...
-}: {
+{outputs, ...}: {
  # Apply overlays
  nixpkgs = {
    # TODO: apply this to hm and nixos without duplicate code
@@ -18,7 +14,9 @@
    };
  };

-  nix.settings.auto-optimise-store = lib.mkDefault true;
+  # optimize at every build, slows down builds
+  # better to do optimise.automatic for regular optimising
+  # nix.settings.auto-optimise-store = lib.mkDefault true;
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
@@ -26,31 +24,16 @@
  ];
  # warn-dirty = false;

-  # Setup binary caches
-  nix.settings = {
-    substituters = [
-      "https://nix-community.cachix.org"
-      "https://cache.nixos.org/"
-      "https://hyprland.cachix.org"
-      "http://binarycache.julian-mutter.de"
-    ];
-    trusted-public-keys = [
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
-    ];
-
-    trusted-users = [
-      "root"
-      "@wheel"
-    ]; # needed for devenv to add custom caches
-  };
-
  nix.gc = {
    automatic = true;
    dates = "weekly";
-    # Keep the last 3 generations
-    options = "--delete-older-than +3";
+    options = "--delete-older-than 30d";
+    persistent = true;
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = ["weekly"]; # Optional; allows customizing optimisation schedule
+    persistent = true;
  };

  programs.nix-ld.enable = true;
@@ -1,4 +1,5 @@
 {
+  pwd,
  inputs,
  config,
  ...
@@ -13,10 +14,10 @@ in {
    sshKeyPaths = map getKeyPath keys;

    # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
-    keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # keyFile = "/home/julian/.config/sops/age/keys.txt";
    # Generate key if none of the above worked. With this, building will still work, just without secrets
    generateKey = false; # TODO: building should not work without secrets!?
  };

-  sops.defaultSopsFile = ../secrets.yaml;
+  sops.defaultSopsFile = "${pwd}/hosts/secrets-common.yaml";
 }
@@ -1,8 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: {
  # Make programs like nextcloud client access saved passwords
-  programs.seahorse.enable = true;
  services.gnome.gnome-keyring.enable = true;

+  programs.seahorse.enable = true;
+  programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
+
  # Make authentication work for e.g. gparted
  security.polkit.enable = true;
  systemd = {
@@ -3,7 +3,10 @@
  services.avahi = {
    enable = true;
    nssmdns4 = true;
+    nssmdns6 = true;
    publish.enable = true;
    publish.addresses = true;
+    ipv4 = true;
+    ipv6 = true;
  };
 }
@@ -0,0 +1,31 @@
+{
+  lib,
+  outputs,
+  ...
+}: {
+  # Setup binary caches
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "http://binarycache.julian-mutter.de"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+    ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ]; # needed for devenv to add custom caches
+
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
+  };
+}
@@ -0,0 +1,37 @@
+{config, ...}: let
+  homeCfgs = config.home-manager.users;
+  julianCfg = homeCfgs.julian;
+in {
+  users.extraUsers.greeter = {
+    # For caching
+    home = "/tmp/greeter-home";
+    createHome = true;
+  };
+
+  programs.regreet = {
+    enable = true;
+    iconTheme = julianCfg.gtk.iconTheme;
+    theme = julianCfg.gtk.theme;
+    # font = julianCfg.fontProfiles.regular; # TODO: do
+    cursorTheme = {
+      inherit (julianCfg.gtk.cursorTheme) name package;
+    };
+    cageArgs = [
+      "-s"
+      "-m"
+      "last"
+    ]; # multimonitor use last monitor
+    # settings.background = {
+    #   path = julianCfg.wallpaper;
+    #   fit = "Cover";
+    # }; # TODO: fix
+
+    # TODO: setting keyboard language does not work
+    # settings = {
+    #   env = {
+    #     XKB_DEFAULT_LAYOUT = "de";
+    #     # XKB_DEFAULT_VARIANT = "altgr-intl";
+    #   };
+    # };
+  };
+}
@@ -13,7 +13,7 @@ in {
      PasswordAuthentication = false;
      PermitRootLogin = "no";

-      # TODO: what does this d
+      # TODO: what does this do
      # Let WAYLAND_DISPLAY be forwarded
      AcceptEnv = "WAYLAND_DISPLAY";
      X11Forwarding = true;
@@ -34,7 +34,7 @@ in {
  #     publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
  #     extraHostNames =
  #       [
-  #         "${hostname}.m7.rs"
+  #         # "${hostname}.m7.rs"
  #       ]
  #       ++
  #         # Alias for localhost if it's the same host
@@ -1,7 +1,7 @@
 {pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    shared-mime-info # extended mimetype support
-    lxde.lxmenu-data # open with "Installed Applications"
+    lxmenu-data # open with "Installed Applications"
    pcmanfm
  ];

@@ -3,6 +3,7 @@
  services.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
+    wireplumber.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
@@ -14,6 +15,14 @@
          "module.x11.bell" = false;
        };
      };
+      "10-increase-buffer" = {
+        "context.properties" = {
+          "default.clock.rate" = 48000;
+          "default.clock.quantum" = 1024;
+          "default.clock.min-quantum" = 1024;
+          "default.clock.max-quantum" = 2048;
+        };
+      };
    };
  };
 }
@@ -0,0 +1,9 @@
+{
+  programs.wireshark = {
+    enable = true;
+    dumpcap.enable = true;
+    usbmon.enable = true;
+  };
+
+  users.users.julian.extraGroups = ["wireshark"];
+}
@@ -1,4 +1,5 @@
 {
+  pwd,
  pkgs,
  config,
  lib,
@@ -17,16 +18,19 @@ in {
      "networkmanager"
      "wheel"
      "audio"
+      "realtime"
+      "rtkit"
      "network"
      "video"
      "podman"
      "docker"
      "git"
      "gamemode"
+      "dialout"
    ];

    openssh.authorizedKeys.keys = lib.splitString "\n" (
-      builtins.readFile ../../../../homes/julian/ssh.pub
+      builtins.readFile ./ssh.pub
    );
    # hashedPasswordFile = config.sops.secrets.julian-password.path;
    hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A";
@@ -37,11 +41,11 @@ in {
  };

  sops.secrets.julian-password = {
-    sopsFile = ../../secrets.yaml;
+    sopsFile = "${pwd}/hosts/secrets-common.yaml";
    neededForUsers = true;
  };

-  home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix;
+  home-manager.users.julian = import "${pwd}/homes/julian/${config.networking.hostName}.nix";

  security.pam.services.swaylock = {}; # Make swaylock unlocking work
 }
@@ -2,16 +2,25 @@
  description = "Home Manager configuration of julian";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    systems.url = "github:nix-systems/default-linux";
    nixos-hardware.url = "github:nixos/nixos-hardware";
    impermanence.url = "github:nix-community/impermanence";
    nix-colors.url = "github:misterio77/nix-colors";
    deploy-rs.url = "github:serokell/deploy-rs";

+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
@@ -28,16 +37,12 @@
    };

    # Various flakes
-    alacritty-theme = {
-      url = "github:alacritty/alacritty-theme";
-      flake = false;
-    };
    yazi-flavors = {
      url = "github:yazi-rs/flavors";
      flake = false;
    };
    nixvim = {
-      url = "github:nix-community/nixvim";
+      url = "github:nix-community/nixvim/nixos-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-matlab = {
@@ -71,10 +76,6 @@
        import nixpkgs {
          inherit system;
          config.allowUnfree = true;
-          config.permittedInsecurePackages = [
-            "olm-3.2.16"
-          ];
-          warn-dirty = false;
        }
    );
  in {
@@ -84,75 +85,40 @@
    homeManagerModules = import ./modules/home-manager;

    overlays = import ./overlays {inherit inputs outputs;};
-    # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here?

-    packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
+    packages = forEachSystem (pkgs: import ./packages {inherit pkgs;});
    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+    formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *

    nixosConfigurations = {
      # Main laptop
      aspi = lib.nixosSystem {
-        modules = [./hosts/aspi];
-        specialArgs = {
-          inherit inputs outputs;
-        };
-      };
-      # Piano raspberry pi
-      pianonix = lib.nixosSystem {
-        modules = [./hosts/pianonix];
+        modules = [
+          ./hosts/aspi
+        ];
        specialArgs = {
          inherit inputs outputs;
+          pwd = "${self}";
        };
      };
      kardorf = lib.nixosSystem {
        modules = [./hosts/kardorf];
        specialArgs = {
          inherit inputs outputs;
+          pwd = "${self}";
        };
      };
      builder = lib.nixosSystem {
        modules = [./hosts/builder];
        specialArgs = {
          inherit inputs outputs;
+          pwd = "${self}";
        };
      };
    };

    # Standalone HM
    homeConfigurations = {
-      # Main laptop
-      "julian@aspi" = lib.homeManagerConfiguration {
-        modules = [
-          ./homes/julian/aspi.nix
-          ./homes/julian/hm-standalone-config.nix
-        ];
-        pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
-      };
-      # Media server (RPi)
-      "julian@pianonix" = lib.homeManagerConfiguration {
-        modules = [
-          ./homes/julian/pianonix.nix
-          ./homes/julian/hm-standalone-config.nix
-        ];
-        pkgs = pkgsFor.aarch64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
-      };
-      "julian@kardorf" = lib.homeManagerConfiguration {
-        modules = [
-          ./homes/julian/kardorf.nix
-          ./homes/julian/hm-standalone-config.nix
-        ];
-        pkgs = pkgsFor.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
-      };
      "julian@v3ms" = lib.homeManagerConfiguration {
        modules = [
          ./homes/julian/v3ms
@@ -161,22 +127,24 @@
        pkgs = pkgsFor.x86_64-linux;
        extraSpecialArgs = {
          inherit inputs outputs;
+          pwd = "${self}";
+        };
+      };
+      "julian@quickstart" = lib.homeManagerConfiguration {
+        modules = [
+          ./homes/julian/quickstart.nix
+          ./homes/julian/hm-standalone-config.nix
+        ];
+        pkgs = pkgsFor.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+          pwd = "${self}";
        };
      };
    };

    # deploy-rs node configuration
    deploy.nodes = {
-      pianonix = {
-        hostname = "pianonix.local";
-        profiles.system = {
-          sshUser = "root";
-          user = "root";
-          path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix;
-          confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
-        };
-      };
-
      builder = {
        hostname = "builder.julian-mutter.de";
        profiles.system = {
@@ -6,10 +6,13 @@
    ./features/direnv
    ./features/topgrade
    ./features/neovim
-    ./features/kitty
+    ./features/ghostty
    ./features/wezterm
+    ./features/alacritty
    ./features/yazi
    ./features/emacs
+    ./features/tmux
+    ./features/qt-distrobox

    ./features/hyprland

@@ -20,7 +23,7 @@

  hostName = "aspi";
  is-nixos = true;
-  terminal = "kitty";
+  terminal = "alacritty";

  #  -------   ----------
  # | eDP-1 | | HDMI-A-1 |
@@ -1,3 +0,0 @@
-import = [
-    "~/.config/alacritty/theme/themes/smoooooth.toml"
-]
@@ -1,15 +1,12 @@
 {
  lib,
-  pkgs,
-  inputs,
  config,
  ...
 }: {
-  home.packages = with pkgs; [alacritty];
-
-  home.file = {
-    ".config/alacritty/theme".source = "${inputs.alacritty-theme}";
-    ".config/alacritty/alacritty.toml".source = ./alacritty.toml;
+  programs.alacritty = {
+    enable = true;
+    settings = {};
+    theme = "smoooooth";
  };

  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";
@@ -52,6 +52,14 @@ in {
      shfmt
      pyright
      clang-tools # c++ lsp etc
+      ccls # alternative c++ lsp
+      cmake
+      bear
+      cmake-language-server
+
+      # qt6.full # qt tools and libs including lsp
+      tinymist # typst lsp
+
      ltex-ls # latex languagetool

      graphviz
@@ -59,6 +67,27 @@ in {
      # neocmakelsp # cmake

      emacs-all-the-icons-fonts
+      frajul.typst-languagetool
+      ltex-ls-plus
+
+      (texlive.combine {
+        inherit
+          (texlive)
+          scheme-basic
+          # for rendering latex in inkscape
+          standalone
+          amsmath
+          preview
+          # needed for org mode preview
+          dvisvgm
+          dvipng # for preview and export as html
+          wrapfig
+          # amsmath
+          ulem
+          hyperref
+          capt-of
+          ;
+      })
    ]
    ++ lib.optional config.is-nixos emacs;

@@ -27,6 +27,11 @@ with lib; {
    enableFishIntegration = true;
  };

+  programs.zoxide = {
+    enable = true;
+    enableFishIntegration = true;
+  };
+
  programs.fish = {
    enable = true;

@@ -38,14 +43,18 @@ with lib; {
        cd $argv
      '';
      run = ''
-        nix run nixpkgs#"$argv[1]" -- $argv[2..-1]
+        nix run --impure nixpkgs#"$argv[1]" -- $argv[2..-1]
      '';
      shell = ''
        set args
        for arg in $argv
            set args $args nixpkgs#$arg
        end
-        nix shell $args
+        nix shell --impure $args
+      '';
+      fish_user_key_bindings = ''
+        bind ctrl-space 'zi; commandline -f repaint'
+        bind -M insert ctrl-space 'zi; commandline -f repaint'
      '';
    };
  };
@@ -1,7 +1,6 @@
 {
  lib,
  pkgs,
-  config,
  ...
 }:
 with lib; {
@@ -12,7 +11,7 @@ with lib; {
    dejavu_fonts
    noto-fonts
    noto-fonts-cjk-sans
-    noto-fonts-emoji
+    noto-fonts-color-emoji
    liberation_ttf
    fira-code
    fira-code-symbols
@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      theme = "catppuccin-mocha";
+      font-size = 12;
+    };
+  };
+
+  home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
+}
@@ -24,7 +24,7 @@ in {
    ./zathura.nix
    ./waypipe.nix

-    ./hyprbars.nix
+    # ./hyprbars.nix
  ];

  xdg.portal = {
@@ -48,23 +48,21 @@ in {
    wf-recorder
    wl-clipboard

-    (pkgs.writeShellScriptBin
-      "toggle-screen-mirroring"
-      (builtins.readFile
-        ./toggle-screen-mirroring.sh))
+    (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
+      builtins.readFile ./toggle-screen-mirroring.sh
+    ))

-    (
-      pkgs.writeShellScriptBin
-      "correct-workspace-locations"
-      (
-        lib.concatStringsSep "\n"
-        (
+    (pkgs.writeShellScriptBin "correct-workspace-locations" (
+      lib.concatStringsSep "\n" (
        builtins.concatLists (
-            map (monitor: map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces) config.monitors
-          )
-        )
+          map (
+            monitor:
+              map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
+          )
+          config.monitors
        )
      )
+    ))
  ];

  services.cliphist = {
@@ -154,14 +152,61 @@ in {
      # hyprlandPlugins.hyprbars
    ];

+    submaps = {
+      "resize".settings = {
+        binde = [
+          ", right, resizeactive, 20"
+          ", left, resizeactive, -20 0"
+          ", up, resizeactive, 0 -20"
+          ", down, resizeactive, 0 20"
+          ", l, resizeactive, 20"
+          ", h, resizeactive, -20 0"
+          ", k, resizeactive, 0 -20"
+          ", j, resizeactive, 0 20"
+        ];
+
+        bind = [
+          ", q, submap, reset"
+          ", escape, submap, reset"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+      "open, reset".settings = {
+        bind = [
+          ", e, exec, emacs"
+          ", m, exec, open-messaging"
+          ", b, exec, firefox"
+
+          ", catchall, submap, reset" # make any other keypress cancel the submap
+        ];
+      };
+    };
+
+    # Disable animations for selection, fixes screenshots
+    extraConfig = ''
+      # layerrule {
+      #   name = no_anim_for_selection
+      #   no_anim = on
+      #   match:namespace = selection
+      # }
+      layerrule = noanim, selection
+    '';
+
    settings = {
      "$mod" = "SUPER";

+      # Environment variables programs like emacs have access to
+      env = "TERMINAL,${config.terminal}";
+
      # Monitors
      monitor = ",preferred,auto,1";

      # Autostart
-      exec-once = ["firefox"];
+      exec-once = [
+        (lib.getExe pkgs.firefox)
+        (lib.getExe pkgs.waybar)
+      ];

      # Look and Feel
      general = {
@@ -224,6 +269,10 @@ in {
        vfr = true; # power saving
      };

+      cursor = {
+        no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
+      };
+
      render = {
        # we do, in fact, want direct scanout
        direct_scanout = true;
@@ -240,7 +289,10 @@ in {
      windowrulev2 = [
        "suppressevent maximize, class:.*"
        "workspace 1, class:firefox"
+        "workspace 8, class:Zotero"
        "workspace 9, class:nheko"
+        "workspace 9, class:Element"
+        "workspace 9, class:discord"
        "workspace 9, class:org.telegram.desktop"
        "workspace 10, class:thunderbird"
        "float, class:qalculate-gtk"
@@ -270,17 +322,23 @@ in {
      bind =
        [
          # compositor commands
-          "$mod, Space, focuswindow, floating"
-          "$mod SHIFT, Space, togglefloating,"
+          #
+          #
+          "$mod, R, submap, resize"
+          "$mod, O, submap, open"
+          #
+
+          "$mod, SPACE, focuswindow, floating"
+          "$mod SHIFT, SPACE, togglefloating,"
          "$mod, F, fullscreen,"
          "$mod, X, killactive,"

-          "$mod, O, togglesplit," # dwindle
+          "$mod, -, togglesplit," # dwindle

          # opening applications
          "$mod, D, exec, wofi --show drun,run"
          "$mod, E, exec, pcmanfm"
-          "$mod, Return, exec, kitty"
+          "$mod, Return, exec, ${config.terminal}"
          "$mod, B, exec, firefox"
          "$mod, C, exec, qalculate-gtk"

@@ -12,7 +12,14 @@

    "modules-center": [],

-    "modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+    "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
+
+    "custom/nixos-update": {
+        "exec": "frajul-auto-upgrade-status",
+        "return-type": "json",
+        "interval": 2,
+        "on-click-right": "frajul-auto-upgrade-toggle"
+    },

    "hyprland/workspaces": {
        "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
    },

    "idle_inhibitor": {
+        "start-activated": true,
        "format": "{icon}",
        "format-icons": {
            "activated": "",
@@ -10,7 +10,7 @@
 in {
  programs.waybar = {
    enable = true;
-    systemd.enable = true;
+    # systemd.enable = true;
    settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
  };

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10

 # Monitor config
-set $monitor_left "DVI-D-0"
-set $monitor_right "DVI-D-1"
+set $monitor_left "DVI-D-1"
+set $monitor_right "DVI-D-2"

 workspace $ws1 output $monitor_left
 workspace $ws2 output $monitor_left
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-start_if_not_running()
-{
-    program=$1
-    pidof -sq $program
-    if [ "$?" -eq "1" ]; then
-        start_program $1
-    else
-        echo "$program is already running"
-    fi
-}
-
-start_program()
-{
-    program=$1
-    echo "Starting $program..."
-    $program & > /dev/null
-}
-
-i3-msg 'workspace 9; append_layout ~/.config/i3/workspace-messaging.json'
-start_program nheko
-sleep 0.1
-start_program telegram-desktop
-sleep 0.1
-start_program thunderbird
-sleep 0.1
@@ -1,20 +0,0 @@
-#!/bin/sh
-
-HDMI_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp_3__sink"
-LAPTOP_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp__sink"
-
-HDMI_ICON=$(pactl info | grep -q $HDMI_SINK && echo "checkbox")
-LAPTOP_ICON=$(pactl info | grep -q $LAPTOP_SINK && echo "checkbox")
-
-HDMI_VOLUME=$(pactl get-sink-volume $HDMI_SINK | head -n 1 | awk '{print $5}')
-LAPTOP_VOLUME=$(pactl get-sink-volume $LAPTOP_SINK | head -n 1 | awk '{print $5}')
-
-read -r -d '' CONF <<EOF
-Open Pavucontrol,pavucontrol,pavucontrol
-
-^sep()
-HDMI - $HDMI_VOLUME,pactl set-default-sink $HDMI_SINK,$HDMI_ICON
-Laptop - $LAPTOP_VOLUME,pactl set-default-sink $LAPTOP_SINK,$LAPTOP_ICON
-EOF
-
-echo "$CONF" | jgmenu --simple
@@ -1,10 +1,9 @@
 {
-  lib,
  pkgs,
  inputs,
  ...
 }: {
-  imports = [inputs.nixvim.homeManagerModules.nixvim];
+  imports = [inputs.nixvim.homeModules.nixvim];

  home.sessionVariables = {
    EDITOR = "nvim";
@@ -36,6 +35,8 @@
    opts = {
      number = false;
      relativenumber = false;
+      ignorecase = true;
+      smartcase = true;
    };
    clipboard.register = "unnamedplus"; # Use system clipboard

@@ -49,7 +50,7 @@
        key = "<leader><space>";
      }
      {
-        action = "<cmd>Telescope file_browser<cr>";
+        action = "<cmd>Telescope file_browser path=%:p:h<cr>";
        key = "<leader>.";
      }
      {
@@ -76,6 +77,7 @@
      neogit.enable = true; # like magit
      trouble.enable = true;
      web-devicons.enable = true;
+      orgmode.enable = true; # org-mode support

      # Shows file trees
      oil = {
@@ -88,7 +90,7 @@
      # Code formatting
      conform-nvim = {
        enable = true;
-        settings.formatters_by_ft = with pkgs; {
+        settings.formatters_by_ft = {
          lua = ["stylua"];
          python = ["black"];
          nix = ["nixfmt"];
@@ -140,17 +142,21 @@
      };

      lsp = {
-        enable = true;
+        enable = true; # includes lsp-config, default settings for the lsps
        servers = {
          rust_analyzer = {
            enable = true;
            installCargo = true;
            installRustc = true;
          };
-          nixd.enable = true;
-          pyright.enable = true;
-          dockerls.enable = true;
-          lua_ls.enable = true;
+          nixd.enable = true; # nix
+          pyright.enable = true; # python
+          dockerls.enable = true; # docker
+          lua_ls.enable = true; # lua
+          clangd.enable = true; # c, c++
+          dartls.enable = true; # dart, flutter
+          digestif.enable = true; # latex
+          tinymist.enable = true; # typst
        };
      };
    };
@@ -0,0 +1,22 @@
+{
+  programs.distrobox = {
+    enable = true;
+    containers."qt-distrobox" = {
+      image = "debian:12.2";
+      exported_apps = "qtcreator";
+      enableSystemdUnit = false; # fails in creating and does not recreate. Do distrobox-assemble create --replace --file ~/.config/distrobox/containers.ini instead
+      additional_packages = [
+        "qtcreator"
+        "qt6-base-dev"
+        "qt6-wayland"
+        "qt6-tools-dev-tools"
+        "qt6-tools-dev"
+        "qt6-serialbus-dev"
+        "qt6-websockets-dev"
+        "libgl1-mesa-dev"
+        "build-essential"
+        "cmake"
+      ];
+    };
+  };
+}
@@ -1,7 +1,7 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
    bat
-    du-dust # Like du tree but better
+    dust # Like du tree but better
    fd # better find
    fdupes # find and delete duplicate files
    ffmpeg
@@ -19,12 +19,11 @@
    links2 # Tui web-browser
    lnav # log analyzing tool
    mc # Tui file browser
-    # nix-index
    nmap
    p7zip # unzip 7zip archives
    parted
    pciutils # lspci
-    poppler_utils # Pdf utils including pdfimages
+    poppler-utils # Pdf utils including pdfimages
    libqalculate # Nice tui calculator (qalc)
    ripgrep # better grep
    rnr # renaming tool
@@ -40,6 +39,7 @@
    wireguard-tools # wg-quick
    xorg.xkill
    zip
+    dig

    ## My scripts
    frajul.edit-config
@@ -22,19 +22,21 @@
    calibre # ebook manager and viewer
    # digikam
    discord
+    discord-ptb # in case discord updates take their time
    # dvdisaster
    # element-desktop
    # rocketchat-desktop
    thunderbird
-    tdesktop # telegram
+    telegram-desktop # telegram
    # schildichat-desktop # not updated regularly
    nheko
+    element-desktop
    evince # Simple pdf reader, good for focusing on document content
    firefox
    # geogebra
    cheese
    handbrake
-    kitty # Terminal
+    # kitty # Terminal, already available as feature
    libnotify
    libreoffice
    mate.engrampa
@@ -46,11 +48,10 @@
    qpdfview
    # qutebrowser
    # realvnc-vnc-viewer
-    rpi-imager # make isos
+    # rpi-imager # make isos
    # rustdesk
    tor-browser
-    unstable.path-of-building # Path of Building
-    # frajul.pob-dev-version # Path of Building
+    rusty-path-of-building # Path of Building for poe1 and poe2
    vlc
    wineWowPackages.stable # 32-bit and 64-bit wine
    winetricks
@@ -61,6 +62,9 @@
    zotero # Manage papers and other sources
    pdfpc # Present slides in pdf form

+    networkmanager-openvpn
+    keepassxc
+
    ## My scripts
    frajul.open-messaging
    frajul.xwacomcalibrate
@@ -1,4 +1,9 @@
 {pkgs, ...}: {
+  programs.opencode = {
+    enable = true;
+    package = pkgs.unstable.opencode;
+  };
+
  home.packages = with pkgs; [
    watchexec # Run command when any file in current dir changes
    android-tools # adb
@@ -9,7 +14,7 @@
    clippy
    cntr # nix debugger
    conda
-    micromamba # a better, faster conda
+    # micromamba # a better, faster conda
    devcontainer # development container
    devenv # devbox alternative
    dbeaver-bin
@@ -21,16 +26,21 @@
    unstable.zed-editor
    jdk
    julia-bin
-    (texlive.combine {
-      # for rendering latex in inkscape
-      inherit
-        (texlive)
-        scheme-medium
-        standalone
-        amsmath
-        preview
-        ;
-    })
+    # (texlive.combine {
+    #   # for rendering latex in inkscape
+    #   inherit
+    #     (texlive)
+    #     scheme-medium
+    #     standalone
+    #     amsmath
+    #     preview
+    #     # needed for org mode export
+    #     wrapfig
+    #     capt-of
+    #     biblatex
+    #     ;
+    # })
+    vagrant
    matlab # Using nix-matlab overlay defined in flake
    maven
    nodejs
@@ -58,6 +68,8 @@

    ## My scripts
    frajul.deploy-to-pianopi
+    frajul.smath-studio
+    # frajul.rtklib

    (pkgs.writeShellScriptBin "matlab-rsp" ''
      matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl
@@ -0,0 +1,10 @@
+{
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    keyMode = "vi";
+    customPaneNavigationAndResize = true; # use hjkl
+    mouse = true;
+    prefix = "C-Space"; # use instead of C-b
+  };
+}
@@ -3,14 +3,11 @@
  inputs,
  ...
 }: {
-  programs.zoxide.enable = true;
-  programs.zoxide.enableFishIntegration = true;
-
  home.packages = with pkgs; [
    exiftool
    unar # extract archives
-    xdragon # dragndrop
-    poppler_utils # pdf preview
+    dragon-drop # dragndrop
+    poppler-utils # pdf preview
    fd
    ripgrep
    fzf
@@ -26,7 +23,7 @@
  programs.yazi.enable = true;
  programs.yazi.enableFishIntegration = true;
  programs.yazi.settings.manager = {
-    sort_by = "modified";
+    sort_by = "mtime";
    sort_reverse = true;
    show_hidden = true;
  };
@@ -2,6 +2,7 @@
  lib,
  pkgs,
  config,
+  inputs,
  outputs,
  ...
 }: {
@@ -9,6 +10,7 @@
    [
      ../features/fonts
      ../features/nix-helper
+      inputs.nix-index-database.homeModules.default # nix-locate
    ]
    ++ (builtins.attrValues outputs.homeManagerModules);

@@ -20,17 +22,32 @@
        "flakes"
        "ca-derivations"
      ];
-      # warn-dirty = false; # TODO: do I want it? also for systems
+      warn-dirty = false; # TODO: do I want it? also for systems
    };
  };

+  # To allow unfree with 'nix run'
+  xdg.configFile."nixpkgs/config.nix".text = ''
+    { allowUnfree = true; }
+  '';
+
  colorscheme.name = "catppuccin-mocha";

  # systemd.user.startServices = "sd-switch"; # TODO: what is this

+  # Expire old hm generations
+  hm-expire = {
+    enable = true;
+    dates = "weekly";
+    expire = "-30 days";
+  };
+
  programs = {
    home-manager.enable = true;
    git.enable = true;
+
+    nix-index.enable = true; # allows command-not-found
+    nix-index-database.comma.enable = true;
  };

  home = {
@@ -13,18 +13,33 @@
    };
  };

+  # Expire old hm generations
+  hm-expire = {
+    enable = true;
+    dates = "weekly";
+    expire = "-30 days";
+  };
+
+  # Remove unused packets
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    persistent = true;
+  };
+
  # Setup binary caches
  nix.settings = {
    substituters = [
      "https://nix-community.cachix.org"
      "https://cache.nixos.org/"
      "https://hyprland.cachix.org"
-      "http://binarycache.julian-mutter.de"
+      "https://devenv.cachix.org"
    ];
    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
    ];

    trusted-users = [
@@ -39,5 +54,8 @@
    ];

    # nix.settings. # warn-dirty = false; # TODO: do I want this
+    #
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
  };
 }
@@ -6,11 +6,14 @@
    ./features/direnv
    ./features/topgrade
    ./features/neovim
-    ./features/kitty
+    ./features/ghostty
    ./features/wezterm
+    ./features/alacritty
    ./features/yazi
    ./features/emacs

+    ./features/tmux
+    ./features/qt-distrobox
    ./features/hyprland
    # ./features/i3

@@ -21,7 +24,7 @@

  hostName = "kardorf";
  is-nixos = true;
-  terminal = "kitty";
+  terminal = "alacritty";

  #  ---------   ---------
  # | DVI-D-1 | | DVI-D-2 |
@@ -1,37 +0,0 @@
-{pkgs, ...}: {
-  imports = [
-    ./global
-
-    ./features/fish
-    ./features/topgrade
-    ./features/neovim
-    ./features/wezterm
-    ./features/yazi
-    ./features/gtk
-  ];
-
-  hostName = "pianonix";
-  is-nixos = true;
-  terminal = "wezterm";
-
-  services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
-
-  home.packages = with pkgs; [
-    music-reader
-    sheet-organizer
-
-    xournalpp
-    musescore
-
-    onboard
-  ];
-
-  # Autostart link
-  home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
-    ".config/sheet-organizer/config.toml".text = ''
-      working_directory = "/home/julian/Klavier"
-    '';
-  };
-}
@@ -0,0 +1,32 @@
+# Quick configuration for setting up basic things on a standalone home-manager device
+# If you want to adapt it to a specific device, copy this file with the correct hostname
+{pkgs, ...}: {
+  imports = [
+    ./global
+
+    ./features/fish
+    ./features/direnv
+    ./features/neovim
+    ./features/yazi
+    ./features/emacs
+    ./features/nix-helper
+    ./features/tmux
+  ];
+
+  is-nixos = false;
+
+  home.sessionPath = ["/snap/bin"];
+
+  # Essential packages
+  home.packages = with pkgs; [
+    bat
+    dust
+    fd
+    ripgrep
+    fzf
+    lazygit
+    mc
+    tree
+    wget
+  ];
+}
@@ -13,6 +13,8 @@
    ../features/yazi
    ../features/emacs
    ../features/nix-helper
+    ../features/qt-distrobox
+    ../features/tmux
  ];

  hostName = "aspi";
@@ -5,7 +5,7 @@ with pkgs; [
  dejavu_fonts
  noto-fonts
  noto-fonts-cjk-sans
-  noto-fonts-emoji
+  noto-fonts-color-emoji
  liberation_ttf
  fira-code
  fira-code-symbols
@@ -31,7 +31,7 @@ with pkgs; [
  ffmpeg
  julia-bin

-  poppler_utils # Pdf utils including pdfimages
+  poppler-utils # Pdf utils including pdfimages
  sage

  pkg-config # Often needed to build something
@@ -39,4 +39,5 @@ with pkgs; [
  devbox # reproducible dev envs based on nix

  mysql80
+  devenv
 ]
@@ -1,37 +1,48 @@
-{
+{pwd, ...}: {
  imports = [
    ./hardware-configuration.nix

-    ../common/global
-    ../common/users/julian
+    "${pwd}/features-nixos/global"
+    "${pwd}/features-nixos/users/julian"
+    "${pwd}/features-nixos/optional/binarycaches.nix"

-    ../common/optional/remote-builder.nix
-    ../common/optional/boot-efi.nix
+    "${pwd}/features-nixos/optional/remote-builder.nix"
+    "${pwd}/features-nixos/optional/boot-efi.nix"

-    ../common/optional/greetd.nix
-    ../common/optional/authentication.nix
-    ../common/optional/pcmanfm.nix
-    ../common/optional/pipewire.nix
+    "${pwd}/features-nixos/optional/greetd.nix"
+    "${pwd}/features-nixos/optional/authentication.nix"
+    "${pwd}/features-nixos/optional/pcmanfm.nix"
+    "${pwd}/features-nixos/optional/pipewire.nix"

-    ../common/optional/gamemode.nix
-    ../common/optional/virtualbox.nix
+    "${pwd}/features-nixos/optional/gamemode.nix"
+    "${pwd}/features-nixos/optional/virtualbox.nix"

-    ../common/optional/podman.nix
-    ../common/optional/wireguard.nix
-    ../common/optional/flatpak.nix
+    "${pwd}/features-nixos/optional/podman.nix"
+    "${pwd}/features-nixos/optional/wireguard.nix"
+    "${pwd}/features-nixos/optional/wireshark.nix"
+    "${pwd}/features-nixos/optional/flatpak.nix"

-    ../common/optional/avahi.nix
+    "${pwd}/features-nixos/optional/avahi.nix"
  ];

  networking.hostName = "aspi";
  system.stateVersion = "24.05";

+  # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work
+
  modules = {
    syncthing = {
      enable = true;
      overrideSettings = false;
    };
+    frajulAutoUpgrade = {
+      enable = true;
+      flakePath = "/home/julian/.dotfiles";
    };
+  };
+
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;

  services.blueman.enable = true;
  services.upower.enable = true;
@@ -39,8 +50,8 @@
  programs.steam.enable = true;

  # TODO: not working
-  services.logind.lidSwitch = "lock";
-  services.logind.lidSwitchDocked = "lock";
+  # services.logind.lidSwitch = "lock";
+  # services.logind.lidSwitchDocked = "lock";

  programs.kdeconnect.enable = true;

@@ -1,22 +1,40 @@
 # sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
 # or
 # deploy .#builder
-{config, ...}: {
+{
+  pwd,
+  config,
+  pkgs,
+  ...
+}: {
  imports = [
    ./hardware-configuration.nix

-    ../common/global
+    "${pwd}/features-nixos/global/fish.nix" # fish for admin
+    "${pwd}/features-nixos/global/locale.nix"
+    "${pwd}/features-nixos/global/nix.nix"
+    "${pwd}/features-nixos/global/sops.nix"
+    "${pwd}/features-nixos/global/root.nix"
  ];

  networking.hostName = "builder";
  system.stateVersion = "23.11";

+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "192.168.3.252"
+    "172.30.20.10"
+    "1.1.1.1"
+  ];
+
+  users.mutableUsers = false;
  users.users.nix = {
    isNormalUser = true;
    description = "Nix";
    extraGroups = [
      "networkmanager"
      "wheel"
+      "docker"
    ];
  };

@@ -30,14 +48,33 @@
    substituters = [
      "https://nix-community.cachix.org"
      "https://cache.nixos.org/"
+      "https://hyprland.cachix.org"
+      "https://devenv.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
    ];
-    trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];

    trusted-users = ["nix"];
    max-jobs = "auto";
    cores = 0;
+
+    # Ensure we can still build when missing-server is not accessible
+    fallback = true;
  };

+  # system.autoUpgrade = {
+  #   enable = true;
+  #   flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
+  #   flags = [
+  #     "--recreate-lock-file" # update lock file
+  #   ];
+  #   dates = "02:13";
+  # };
+
  # optimize store by hardlinking store files
  nix.optimise.automatic = true;
  nix.optimise.dates = ["03:15"];
@@ -65,10 +102,17 @@
  };

  # Ollama used by open-webui as llm backend
-  # services.ollama = {
-  #   enable = true;
-  #   # acceleration = "rocm";
-  # };
+  services.ollama = {
+    enable = true;
+    # acceleration = "rocm";
+    openFirewall = true;
+  };
+
+  services.nextjs-ollama-llm-ui = {
+    enable = true;
+    hostname = "192.168.3.118";
+    port = 3001;
+  };
  # services.open-webui = {
  #   enable = true;
  #   port = 8080;
@@ -78,14 +122,34 @@

  networking.firewall.allowedTCPPorts = [
    80
+    3001 # ollama-ui
  ];

  services.openssh = {
    enable = true;
    # require public key authentication for better security
-    settings.PasswordAuthentication = true;
+    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "yes";
+    # Add older algorithms for jenkins ssh-agents-plugin to be compatible
+    settings.Macs = [
+      "hmac-sha2-512-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+      "umac-128-etm@openssh.com"
+      "hmac-sha2-512"
+      "hmac-sha2-256"
+      "umac-128@openssh.com"
+    ];
+    settings.KexAlgorithms = [
+      "diffie-hellman-group-exchange-sha1"
+      "diffie-hellman-group14-sha1"
+      "mlkem768x25519-sha256"
+      "sntrup761x25519-sha512"
+      "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      "diffie-hellman-group-exchange-sha256"
+    ];
  };
  users.users."root".openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
@@ -113,7 +177,7 @@
    minimumDiskFreeEvaluator = 4; # in GB
  };

-  # add builder itself as build machine so system emulation is properly supported
+  # add builder itpwd as build machine so system emulation is properly supported
  # nix.distributedBuilds = true;
  nix.buildMachines = [
    {
@@ -183,7 +247,16 @@
    url = "https://gitlab.julian-mutter.de";
    name = "builder";
    tokenFile = config.sops.secrets."gitea_token".path;
-    labels = []; # use default labels
+    labels = [
+      # provide a debian base with nodejs for actions
+      "debian-latest:docker://node:18-bullseye"
+      # fake the ubuntu name, because node provides no ubuntu builds
+      "ubuntu-latest:docker://node:18-bullseye"
+      # devenv
+      "devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
+      # provide native execution on the host
+      "nixos:host"
+    ];
  };

  virtualisation.docker.enable = true;
@@ -241,4 +314,41 @@
      };
    };
  };
+
+  services.gitlab-runner.enable = true;
+  # runner for everything else
+  #
+  sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
+  services.gitlab-runner.services.default = {
+    # File should contain at least these two variables:
+    authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
+    dockerImage = "alpine:latest";
+    dockerVolumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+
+  ### Jenkins node
+  users.users.jenkins = {
+    createHome = true;
+    home = "/var/lib/jenkins";
+    group = "jenkins";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
+    ];
+    packages = with pkgs; [
+      git
+      devenv
+    ];
+    extraGroups = [
+      "docker"
+    ];
+  };
+
+  users.groups.jenkins = {};
+  programs.java = {
+    enable = true;
+    package = pkgs.jdk21; # Same as jenkins version on home
+  };
 }
@@ -1,45 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  homeCfgs = config.home-manager.users;
-  homeSharePaths = lib.mapAttrsToList (_: v: "${v.home.path}/share") homeCfgs;
-  vars = ''XDG_DATA_DIRS="$XDG_DATA_DIRS:${lib.concatStringsSep ":" homeSharePaths}" GTK_USE_PORTAL=0'';
-
-  julianCfg = homeCfgs.julian;
-
-  sway-kiosk = command: "${lib.getExe pkgs.sway} --unsupported-gpu --config ${pkgs.writeText "kiosk.config" ''
-    output * bg #000000 solid_color
-    xwayland disable
-    input "type:touchpad" {
-      tap enabled
-    }
-    exec '${vars} ${command}; ${pkgs.sway}/bin/swaymsg exit'
-  ''}";
-in {
-  users.extraUsers.greeter = {
-    # For caching and such
-    home = "/tmp/greeter-home";
-    createHome = true;
-  };
-
-  programs.regreet = {
-    enable = true;
-    iconTheme = julianCfg.gtk.iconTheme;
-    theme = julianCfg.gtk.theme;
-    # font = julianCfg.fontProfiles.regular; # TODO: do
-    cursorTheme = {
-      inherit (julianCfg.gtk.cursorTheme) name package;
-    };
-    # settings.background = {
-    #   path = julianCfg.wallpaper;
-    #   fit = "Cover";
-    # }; # TODO: fix
-  };
-  services.greetd = {
-    enable = true;
-    settings.default_session.command = sway-kiosk (lib.getExe config.programs.regreet.package);
-  };
-}
@@ -1,44 +0,0 @@
-#ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
-julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
-wifi:
-    pianonix: ENC[AES256_GCM,data:Ty1wElfVj+CU9bTbpuYIk2dA4fgFm59PkQGqvODn51Q=,iv:bLomyTlOW2Z4rPbue7Klo6Jt5lR+44AuL+dIMFgDNAE=,tag:DuH2ayeb19dkPi9xmbAu3A==,type:str]
-syncthing:
-    public-keys:
-        aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
-        pianonix: ENC[AES256_GCM,data:pUJPXH47VG363aIoxZwmbVe3uBoO7EO2TflK4f761C7PwD0tFNthZt9HRE6gQXAMQMF6qWzNK3CNGspSzKsE,iv:E89oz8BG5iQW/mRzdxSrYewGeVLiCrTcAF+c9ny6gPc=,tag:rLqwUmFDsaOMClR1tbE1sA==,type:str]
-    pianonix:
-        key: ENC[AES256_GCM,data:IaCXIRDMWCHj3lTKpkLg1Nd3pX4bktWg4WjZPGKgTBCLVkMi/SDtlaoNhDz+a+Vt6jYTXHS4exFnIVJ878nWSrA1sD2NHXmfsMh1kkLhub68qv0M33dBXvgX0vQ51Z1WMoti73yDUjJH8Ym5yF/SCg2+RbkVf+4pe2hSlAzwkGP6YC2rbCE5sZG31C55MkaGC6zwo2ZpZXdVhCW845SqAc11cF/OeEHb9B1FS3rd+El7rlJHrIEVQTkomNLshcspb13H0z3vNhtfu9pPkGxee8Hp/hEhFQ+waWBAg4w15yKihjHJmhzdjhDHCilvwYaceb7b5OwARuuiruQ+cJ40bdnStDpi2ouP8QJjEi7tmKWeplZ0X70PVZJFH/e/mTH5,iv:3hQMB4ka31w3chXXwjl/1IHF8ES/RobZVeugMC3ddlU=,tag:j8wwrNQUQbCEGtcriSpc4g==,type:str]
-        cert: ENC[AES256_GCM,data:v9LO8qpeGDDV6I+AJU5iTYKKBV6qgr1ddwLvBVEOYyvmtPNeqaatYaK6vMBCabBIhxQu2NC96pREvWu1UHbxaMWvSCT1TzrIPrcFm+gKCH6PIPhqcnQpdGa3OYn01ohThpLp8hEmVUpJ0FO/AnE1QHK0VfPqJ3S0uHLjSCBJtxLmcBWNVvlcTU/P68QIQkrYAQRAtz9aDS+JNpUKhwCJBgjpY1Thj8Lj/fpc1t0qWo3BKIL3eW5iSlUW0iEriFS0bkMr4Bi9mNqpO26l1eZ3IXFJy/7pkqhmXXW83qOaF9AFXgg41p1Kjw4G6isB/obuhR7Z4oQ/AtkSU0wxHP4mF0AWrvC7/YGlrDG9aPYUEWOexTTBHkm89PhgEa69sekbzac7mYYFi/MIdU34ks4oc8ZIChWpT+V66mbo4f+3mn7raih5SLnyEMS7ENBes9cQC7SghSpB7D8c/2+q74A5aEZHUWRhqiDEx9IggP43SiWuNnb/HyZw16RUB7xnQKPs7LzAVlLC6M7ZETUmyEDEWWOsDY8+0Li4wuD3z4WXLAD9nP43TMx4GNoafjG+0Gu05hSR8fWv8strRCtIWjzK3wMaD9VT/cbt2oqOBkJcaqIW8+lM+ktk1WsD4Kc1DQ4q5O2oMrdPOWI9xZOs7DQTFshLHuvxutN05vgEUovI1vbMOl7SIzUW8YUY9PN0ofC7zwQlEJxfOdqT0nwv9vmqikSMP6V3jXgP5OnPb4KVx8G27X0oCjN++dJgDxdkh2JiLR9JaJHNmYPtLlP7hU4NsBpRpd9ObxRlv+uIbF2o0I8PGXMo3IVnRjrFDrRyoth2UJ+YUMGCVuonoS+nZLMCNz1xwRMaZBYjSEESmxc2Ilwdu3XTzd1KF282UvumBpRwcNxvsmPhI84v/XV8TJE8Z7YxyO3RYBQHD5+OuHOHKTtlajnKpSp/m0p0QR7rrGFoDuDKp+Z81MKz8wz3/8GG+sDh0pgniUfNyrmLroLPdT6nj0brvSVWYmOIJHDHKqM+6HZok5PyS+uHlb5dzwnmrd9OmhmwPVdkP5s=,iv:X9VNz2nsN4ywu3E0c+agwZCl43I4bt6jHz0jMoMFTJQ=,tag:RZUWa4h5JoIiZaDrYgcAeg==,type:str]
-sops:
-    age:
-        - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY3lFZlIyRnZOMzNQdnJ2
-            Z0xQQnY1eHFYekVMV3M0UE5hK2xkbStveFRnCncwVVduSEFFQkpwME5XQzF2Z0tK
-            MnhFQ3ZZMk51aGJHUmJFbHA4d1dmdkEKLS0tIHBkVEhaZEY5ZGtYcXRkZzREa0xR
-            eUNsNjE2VS9MTjNtYWluUjJhYXVuTmcKq175s9vx1tPVS+voO+HSkyaT+GbjC/Z+
-            PyKVKyqFAJCRcNP2byaFgAHjXtDFZdipt/0lbw+4UfHrZGpn+9B59Q==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRmxCNUE4MTdZNWlOcmxX
-            RmhDS2NpQ0hoWG83SDlIeVhXaFdxNE4yTUVzCkRxS3M5aU5mdWZkYnpNeC9YR3BX
-            N1NEdzlyTm9YT3NQSnowWTZUc1FvYWsKLS0tICs2OVo2djNjUW0yOG41ZTJQeFFB
-            djFENU5USG1QSnRVdlErN1h5bXJhYzQKPDvAHIMR/vT47zbeK3NsS+jSl4HSFRIA
-            NbSKwTbEGn963metTh4HJItdWBAOyiCc3l1Ye49ms9JhYM8n4wHLRQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeHJ3NmMzaTh0Zm13Vm1r
-            RmNtMi9FYmJGUmxXeEppM3Fnazl1NTl3ajJjCjFrbXM4WGdOV05qckhkbjlSODZR
-            a0VuakllVTdOc2Uxd3BqRmtsN3NJdHcKLS0tIHRRMXFEcWNZOFE4dFJycGdGTzdP
-            WittUTFFNU5kUWdGcncwdWRQSi9STTgK3GuwolsItCEt3Dh5Lycb8TjfaHTuV/JB
-            P2KSuVsbgjYuCJSknYmSZ+9gdTYC8cVqDnKo7HYFNrCDHZ0P4QwGSg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-23T07:00:17Z"
-    mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.10.1
@@ -1,24 +1,31 @@
-{pkgs, ...}: {
+{
+  pwd,
+  pkgs,
+  ...
+}: {
  imports = [
    ./hardware-configuration.nix

-    ../common/global
-    ../common/users/julian
-    ../common/users/wolfi
+    "${pwd}/features-nixos/global"
+    "${pwd}/features-nixos/users/julian"
+    "${pwd}/features-nixos/users/wolfi"
+    "${pwd}/features-nixos/optional/binarycaches.nix"

-    ../common/optional/remote-builder.nix
-    ../common/optional/boot-efi.nix
+    "${pwd}/features-nixos/optional/remote-builder.nix"
+    "${pwd}/features-nixos/optional/boot-efi.nix"

-    ../common/optional/greetd.nix
-    # ../common/optional/gdm.nix
-    # ../common/optional/i3.nix
+    "${pwd}/features-nixos/optional/greetd.nix"
+    "${pwd}/features-nixos/optional/authentication.nix"
+    "${pwd}/features-nixos/optional/pcmanfm.nix"
+    "${pwd}/features-nixos/optional/pipewire.nix"

-    ../common/optional/authentication.nix
-    ../common/optional/pcmanfm.nix
-    ../common/optional/pipewire.nix
+    "${pwd}/features-nixos/optional/openssh.nix"

-    ../common/optional/podman.nix
-    ../common/optional/flatpak.nix
+    "${pwd}/features-nixos/optional/virtualbox.nix"
+
+    "${pwd}/features-nixos/optional/podman.nix"
+    "${pwd}/features-nixos/optional/wireshark.nix"
+    "${pwd}/features-nixos/optional/flatpak.nix"
  ];

  networking.hostName = "kardorf";
@@ -27,10 +34,13 @@
  # Not using the drivers leads to way better results
  # services.xserver.videoDrivers = [ "nvidia" ];

-  programs.kdeconnect.enable = true;
+  networking.networkmanager.insertNameservers = ["192.168.3.252"];

-  # services.xserver.desktopManager.xfce.enable = true;
-  services.xserver.desktopManager.plasma6.enable = true;
+  programs.kdeconnect.enable = true;
+  programs.steam.enable = true;
+
+  programs.hyprland.enable = true;
+  services.desktopManager.plasma6.enable = true;

  # Enable CUPS to print documents.
  services.printing.enable = true;
@@ -80,9 +80,10 @@

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
-  # hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start
+  # Use latest version of driver
+  # hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
+  hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start

-  # hardware.nvidia.nvidiaSettings = true;
+  hardware.nvidia.nvidiaSettings = true;
  hardware.nvidia.open = false;
 }
@@ -1,158 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-{
-  lib,
-  inputs,
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    inputs.nixos-hardware.nixosModules.raspberry-pi-4
-
-    ./hardware-configuration.nix
-
-    ../common/global
-    ../common/users/julian
-
-    ../common/optional/pipewire.nix
-    ../common/optional/remote-builder.nix
-    ../common/optional/pcmanfm.nix
-    ../common/optional/redshift.nix
-    ../common/optional/authentication.nix
-  ];
-
-  # disko.devices.disk.main.device = "/dev/mmcblk1";
-
-  # networking.wireless.enable = true;
-  # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
-  # networking.wireless.networks = {
-  #   "@SSID@".psk = "@PSK@";
-  # };
-  networking.hostName = "pianonix";
-  system.stateVersion = "22.11";
-
-  sops.secrets."vnc-passwd" = {
-    owner = config.users.users.julian.name;
-    sopsFile = ./vnc-passwd;
-    format = "binary";
-  };
-  sops.secrets."wifi/pianonix" = {};
-  sops.secrets."syncthing/pianonix/key" = {};
-  sops.secrets."syncthing/pianonix/cert" = {};
-  # sops.secrets."syncthing/public-keys/aspi-nix" = { };
-  # sops.secrets."syncthing/public-keys/pianonix" = { };
-
-  modules = {
-    syncthing = {
-      enable = true;
-      overrideSettings = true;
-    };
-  };
-
-  # Enable the Desktop Environment.
-  # services.xserver.displayManager.lightdm.enable = true;
-  services.displayManager.autoLogin = {
-    enable = true;
-    user = "julian";
-  };
-
-  systemd.services.x11vnc = {
-    description = "Run x11vnc server";
-    after = ["display-manager.service"];
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
-        config.sops.secrets."vnc-passwd".path
-      } -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
-      User = config.users.users.julian.name;
-      Restart = "on-failure";
-      Environment = "DISPLAY=:0";
-    };
-  };
-
-  boot.loader.timeout = 1; # Set boot loader timeout to 1s
-
-  # De-facto disable network manager, which is enabled by gnome
-  # networking.networkmanager.unmanaged = [ "*" ];
-  services.xserver.desktopManager = {
-    xfce = {
-      enable = true;
-    };
-  };
-
-  services.xserver.displayManager.sessionCommands = ''
-    # Prevent screen from going blank or turning off (values in min)
-    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
-    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
-    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
-  '';
-
-  services.xserver.xautolock.enable = false;
-  services.xserver.desktopManager.xfce.enableScreensaver = false;
-
-  # xdg.portal.lxqt.enable = true;
-
-  services.openssh = {
-    enable = true;
-    # require public key authentication for better security
-    settings.PasswordAuthentication = false;
-    settings.KbdInteractiveAuthentication = false;
-    settings.PermitRootLogin = "yes";
-  };
-  users.users."root".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
-  ];
-
-  services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
-  services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
-  services.syncthing.settings = {
-    devices = {
-      "aspi-nix" = {
-        id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
-      };
-      "pianonix" = {
-        id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
-      };
-    };
-    folders = {
-      "Klavier" = {
-        path = "/home/julian/Klavier";
-        id = "flc3m-q4gp2";
-        devices = [
-          "aspi-nix"
-          "pianonix"
-        ];
-      };
-    };
-  };
-
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
-    5900 # for vnc
-  ];
-
-  # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
-  # If no user is logged in, the machine will power down after 20 minutes.
-  systemd.targets.sleep.enable = false;
-  systemd.targets.suspend.enable = false;
-  systemd.targets.hibernate.enable = false;
-  systemd.targets.hybrid-sleep.enable = false;
-
-  ## Raspberry pi specific config
-  # hardware.raspberry-pi."4" = {
-  #   fkms-3d.enable = true;
-  #   touch-ft5406.enable = true;
-  # };
-  # Prevent host becoming unreachable on wifi after some time (for raspberry pi)
-  networking.networkmanager.wifi.powersave = false;
-  # Enable audio devices on raspberry pi
-  # boot.kernelParams = [
-  #   "snd_bcm2835.enable_hdmi=1"
-  #   "snd_bcm2835.enable_headphones=1"
-  # ];
-  # boot.loader.raspberryPi.firmwareConfig = ''
-  #   dtparam=audio=on
-  # '';
-}
@@ -1,34 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
-
-  boot.initrd.availableKernelModules = ["xhci_pci"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-    fsType = "ext4";
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}
@@ -1,28 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-12-01T16:14:57Z",
-		"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}
@@ -0,0 +1,47 @@
+#ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
+julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
+syncthing:
+    public-keys:
+        aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
+sops:
+    age:
+        - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
+            WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
+            bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
+            WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
+            52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
+            akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
+            M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
+            aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
+            86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
+            WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
+            MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
+            ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
+            zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
+            TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
+            UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
+            VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
+            AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-23T19:37:41Z"
+    mac: ENC[AES256_GCM,data:nd4HHv/KfoLj5qGINngvWZX9XdYqtmJnUREo0BOO2JZgYR3AVw0ppmGhj1RFy1bVKdfll/fMoD5tGNc3UQJPB0j2g/1pj47AF44V0d1J79RP6dwov30rr0QnsXVt7P9EOFL/W6TRugYO9J7LZs+tpsSALfwNPTfnulSJQtaJdG4=,iv:EKfq4eKyv1HeMy/zS+V3OKpdL9IVjE5mg8iuz8OPgso=,tag:W8+CZLnYuNbnKRS1kqhY0w==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
@@ -5,4 +5,5 @@
  colors = import ./colors.nix;
  hostname = import ./hostname.nix;
  non-nixos = import ./non-nixos.nix;
+  hm-expire = import ./hm-expire.nix;
 }
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.hm-expire;
+in {
+  options.hm-expire = {
+    enable = lib.mkEnableOption "Whether to enable hm-expire";
+    dates = lib.mkOption {
+      type = lib.types.str;
+      default = "weekly";
+    };
+    expire = lib.mkOption {
+      type = lib.types.str;
+      default = "-30 days";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # This creates a user-level systemd service
+    systemd.user.services.cleanup-home-manager = {
+      Unit = {
+        Description = "Cleanup old Home Manager generations";
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.home-manager}/bin/home-manager expire-generations \"${cfg.expire}\"'";
+      };
+    };
+
+    systemd.user.timers.cleanup-home-manager = {
+      Unit = {
+        Description = "Weekly cleanup of Home Manager generations";
+      };
+      Timer = {
+        OnCalendar = cfg.dates;
+        Persistent = true;
+      };
+      Install = {
+        WantedBy = ["timers.target"];
+      };
+    };
+  };
+}
@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
+{lib, ...}: {
  options.terminal = lib.mkOption {
    type = lib.types.str;
    example = "alacritty";
@@ -1,4 +1,6 @@
 {
  # hydra-auto-upgrade = import ./hydra-auto-upgrade.nix;
  syncthing = import ./syncthing.nix;
+  frajulAutoUpgrade = import ./frajul-auto-upgrade.nix;
+  pianoLEDVisualizer = import ./piano-led-visualizer.nix;
 }
@@ -0,0 +1,182 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.modules.frajulAutoUpgrade;
+
+  flagFile = "/var/lib/frajul-auto-upgrade/flag";
+  lockFile = "/var/lib/frajul-auto-upgrade/lock";
+  lastStatusFile = "/var/lib/frajul-auto-upgrade/last-status";
+  lastAttemptFile = "/var/lib/frajul-auto-upgrade/last-attempt";
+in {
+  options.modules.frajulAutoUpgrade = {
+    enable = lib.mkEnableOption "NixOS auto-upgrade on boot";
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "root";
+      description = "User account to run the upgrade service as.";
+    };
+
+    flakePath = lib.mkOption {
+      type = lib.types.path;
+      description = "The path to your flake";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.sudo.extraConfig = ''
+      root ALL=(julian) NOPASSWD: ${pkgs.git}/bin/git -C "${cfg.flakePath}" commit -m *
+    '';
+
+    # Ensure the flag directory exists
+    systemd.tmpfiles.rules = [
+      "d /var/lib/frajul-auto-upgrade 0755 root root -"
+      "f ${flagFile} 0766 root root -"
+      "f ${lastStatusFile} 0644 root root -"
+      "f ${lastAttemptFile} 0644 root root -"
+    ];
+
+    environment.systemPackages = [
+      (pkgs.writeShellScriptBin "frajul-auto-upgrade" ''
+        #!/bin/sh
+        FLAG_FILE="${flagFile}"
+        LOCK_FILE="${lockFile}"
+        LAST_STATUS_FILE="${lastStatusFile}"
+        LAST_ATTEMPT_FILE="${lastAttemptFile}"
+
+        TODAY=$(date +%Y-%m-%d)
+
+        if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
+          echo "Auto upgrade disabled. Exiting."
+          exit 0
+        fi
+
+        # Check if already attempted today
+        if [ -f "$LAST_ATTEMPT_FILE" ]; then
+          LAST_ATTEMPT_DATE=$(cut -d' ' -f1 "$LAST_ATTEMPT_FILE")
+          if [ "$LAST_ATTEMPT_DATE" = "$TODAY" ]; then
+            echo "Update already attempted today. Skipping."
+            exit 0
+          fi
+        fi
+
+        if [ -f "$LOCK_FILE" ]; then
+          echo "Already running"
+          exit 1
+        fi
+
+        echo $$ > "$LOCK_FILE"
+        trap 'rm -f "$LOCK_FILE"' EXIT
+
+        # Back up flake.lock
+        cp -f "${cfg.flakePath}/flake.lock" /var/lib/frajul-auto-upgrade/flake.lock.bak
+
+        # Try updating
+        if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}" && ${pkgs.sudo}/bin/sudo -u julian git -C "${cfg.flakePath}" commit -m "Auto-update flake.lock" -- flake.lock; then
+            echo "success" > "$LAST_STATUS_FILE"
+        else
+            echo "failure" > "$LAST_STATUS_FILE"
+            # Restore flake.lock
+            cp -f /var/lib/frajul-auto-upgrade/flake.lock.bak "${cfg.flakePath}/flake.lock"
+        fi
+
+        # Write full timestamp
+        date '+%Y-%m-%d %H:%M:%S' > "$LAST_ATTEMPT_FILE"
+      '')
+
+      (pkgs.writeShellScriptBin "frajul-auto-upgrade-status" ''
+        #!/bin/sh
+        FLAG_FILE="${flagFile}"
+        LOCK_FILE="${lockFile}"
+        LAST_STATUS_FILE="${lastStatusFile}"
+        LAST_ATTEMPT_FILE="${lastAttemptFile}"
+
+        if [ -f "$LOCK_FILE" ]; then
+          ICON=" "
+          STATUS="running"
+        elif [ -f "$FLAG_FILE" ] && [ "$(cat "$FLAG_FILE")" == "enabled" ]; then
+          LAST_STATUS="unknown"
+          LAST_ATTEMPT="never"
+          if [ -f "$LAST_STATUS_FILE" ]; then
+            LAST_STATUS=$(cat "$LAST_STATUS_FILE")
+          fi
+
+          if [ -f "$LAST_ATTEMPT_FILE" ]; then
+            LAST_ATTEMPT=$(cat "$LAST_ATTEMPT_FILE")
+          fi
+
+          if [ "$LAST_STATUS" = "success" ]; then
+            ICON=""
+          elif [ "$LAST_STATUS" = "failure" ]; then
+            ICON=""
+          else
+            ICON=""
+          fi
+
+          STATUS="enabled (last attempt: $LAST_ATTEMPT, $LAST_STATUS)"
+        else
+          ICON=" "
+          STATUS="disabled"
+        fi
+
+        echo "{\"text\": \"$ICON\", \"tooltip\": \"NixOS Auto Update: $STATUS\"}"
+      '')
+
+      (pkgs.writeShellScriptBin "frajul-auto-upgrade-toggle" ''
+        #!/bin/sh
+        FLAG_FILE="${flagFile}"
+        LOCK_FILE="${lockFile}"
+
+        if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
+          echo "enabled" > "$FLAG_FILE"
+        else
+          echo "disabled" > "$FLAG_FILE"
+          if [ -f "$LOCK_FILE" ]; then
+            kill -TERM "$(cat "$LOCK_FILE")"
+          fi
+        fi
+      '')
+    ];
+
+    # Fixes error: repository path '...' is not owned by current user
+    environment.etc."root/.gitconfig".text = ''
+      [safe]
+        directory = ${cfg.flakePath}
+    '';
+
+    systemd.services.frajul-auto-upgrade = {
+      description = "Frajul's NixOS Auto Upgrade";
+      after = ["network-online.target"];
+      wants = ["network-online.target"];
+      restartIfChanged = false; # Do not start service on nixos switch
+
+      path = with pkgs; [
+        coreutils
+        gnutar
+        xz.bin
+        gzip
+        gitMinimal
+        config.nix.package.out
+        config.programs.ssh.package
+      ];
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.user;
+        ExecStart = "/run/current-system/sw/bin/frajul-auto-upgrade";
+      };
+    };
+    systemd.timers.frajul-auto-upgrade = {
+      description = "Run Frajul's NixOS Auto Upgrade at boot";
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnBootSec = "1min";
+        AccuracySec = "10s";
+        Unit = "frajul-auto-upgrade.service";
+      };
+    };
+  };
+}
@@ -0,0 +1,132 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.system.hydraAutoUpgrade;
+in {
+  # Taken from Misterio
+  options = {
+    system.hydraAutoUpgrade = {
+      enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
+      operation = lib.mkOption {
+        type = lib.types.enum [
+          "switch"
+          "boot"
+        ];
+        default = "switch";
+      };
+      dates = lib.mkOption {
+        type = lib.types.str;
+        default = "04:40";
+        example = "daily";
+      };
+
+      instance = lib.mkOption {
+        type = lib.types.str;
+        example = "http://hydra.julian-mutter.de";
+      };
+      project = lib.mkOption {
+        type = lib.types.str;
+        example = "dotfiles";
+      };
+      jobset = lib.mkOption {
+        type = lib.types.str;
+        example = "main";
+      };
+      job = lib.mkOption {
+        type = lib.types.str;
+        default = config.networking.hostName;
+      };
+
+      oldFlakeRef = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        description = ''
+          Current system's flake reference
+
+          If non-null, the service will only upgrade if the new config is newer
+          than this one's.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.system.autoUpgrade.enable;
+        message = ''
+          hydraAutoUpgrade and autoUpgrade are mutually exclusive.
+        '';
+      }
+    ];
+    systemd.services.nixos-upgrade = {
+      description = "NixOS Upgrade";
+      restartIfChanged = false;
+      unitConfig.X-StopOnRemoval = false;
+      serviceConfig.Type = "oneshot";
+
+      path = with pkgs; [
+        config.nix.package.out
+        config.programs.ssh.package
+        coreutils
+        curl
+        gitMinimal
+        gnutar
+        gzip
+        jq
+        nvd
+      ];
+
+      script = let
+        buildUrl = "${cfg.instance}/job/${cfg.project}/${cfg.jobset}/${cfg.job}/latest";
+      in
+        (lib.optionalString (cfg.oldFlakeRef != null) ''
+          eval="$(curl -sLH 'accept: application/json' "${buildUrl}" | jq -r '.jobsetevals[0]')"
+          flake="$(curl -sLH 'accept: application/json' "${cfg.instance}/eval/$eval" | jq -r '.flake')"
+          echo "New flake: $flake" >&2
+          new="$(nix flake metadata "$flake" --json | jq -r '.lastModified')"
+          echo "Modified at: $(date -d @$new)" >&2
+
+          echo "Current flake: ${cfg.oldFlakeRef}" >&2
+          current="$(nix flake metadata "${cfg.oldFlakeRef}" --json | jq -r '.lastModified')"
+          echo "Modified at: $(date -d @$current)" >&2
+
+          if [ "$new" -le "$current" ]; then
+            echo "Skipping upgrade, not newer" >&2
+            exit 0
+          fi
+        '')
+        + ''
+          profile="/nix/var/nix/profiles/system"
+          path="$(curl -sLH 'accept: application/json' ${buildUrl} | jq -r '.buildoutputs.out.path')"
+
+          if [ "$(readlink -f "$profile")" = "$path" ]; then
+            echo "Already up to date" >&2
+            exit 0
+          fi
+
+          echo "Building $path" >&2
+          nix build --no-link "$path"
+
+          echo "Comparing changes" >&2
+          nvd --color=always diff "$profile" "$path"
+
+          echo "Activating configuration" >&2
+          "$path/bin/switch-to-configuration" test
+
+          echo "Setting profile" >&2
+          nix build --no-link --profile "$profile" "$path"
+
+          echo "Adding to bootloader" >&2
+          "$path/bin/switch-to-configuration" boot
+        '';
+
+      startAt = cfg.dates;
+      after = ["network-online.target"];
+      wants = ["network-online.target"];
+    };
+  };
+}
@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.services.piano-led-visualizer;
+in {
+  options.services.piano-led-visualizer = {
+    enable = lib.mkEnableOption "Enable Piano LED Visualizer";
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "plv";
+      description = "User to run the Piano LED Visualizer service.";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "plv";
+      description = "Group to run the Piano LED Visualizer service.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.group;
+      createHome = true;
+      home = "/home/${cfg.user}";
+      extraGroups = ["wheel" "gpio"];
+    };
+    users.groups.${cfg.group} = {};
+
+    systemd.services.piano-led-visualizer = {
+      description = "Piano LED Visualizer";
+      after = ["network-online.target"];
+      wants = ["network-online.target"];
+      wantedBy = ["multi-user.target"];
+
+      serviceConfig = {
+        WorkingDirectory = "/home/${cfg.user}/Piano-LED-Visualizer";
+        ExecStart = "${pkgs.frajul.piano-led-visualizer}/bin/piano-led-visualizer";
+        Restart = "always";
+        Type = "simple";
+        # User = cfg.user;
+        # Group = cfg.group;
+      };
+    };
+  };
+}
@@ -2,19 +2,19 @@
  # For every flake input, aliases 'pkgs.inputs.${flake}' to
  # 'inputs.${flake}.packages.${pkgs.system}' or
  # 'inputs.${flake}.legacyPackages.${pkgs.system}'
-  flake-inputs = final: _: {
-    inputs =
-      builtins.mapAttrs (
-        _: flake: let
-          legacyPackages = (flake.legacyPackages or {}).${final.system} or {};
-          packages = (flake.packages or {}).${final.system} or {};
-        in
-          if legacyPackages != {}
-          then legacyPackages
-          else packages
-      )
-      inputs;
-  };
+  # flake-inputs = final: _: {
+  #   inputs =
+  #     builtins.mapAttrs (
+  #       _: flake: let
+  #         legacyPackages = (flake.legacyPackages or {}).${final.system} or {};
+  #         packages = (flake.packages or {}).${final.system} or {};
+  #       in
+  #         if legacyPackages != {}
+  #         then legacyPackages
+  #         else packages
+  #     )
+  #     inputs;
+  # };

  input-flake-packages = final: prev: {
    sheet-organizer = inputs.sheet-organizer.packages.${prev.system}.default; # TODO: change sheet-organizer package output
@@ -22,15 +22,15 @@
  };

  # Adds my custom packages, available as pkgs.frajul.xyz
-  my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
+  frajul-pkgs = final: prev: {frajul = import ../packages {pkgs = final;};};

  nixpkgs-stable-unstable = final: prev: {
-    unstable = import inputs.nixpkgs {
-      system = prev.system;
+    unstable = import inputs.nixpkgs-unstable {
+      system = prev.stdenv.hostPlatform.system;
      config.allowUnfree = true;
    };
-    stable = import inputs.nixpkgs-stable {
-      system = prev.system;
+    stable = import inputs.nixpkgs {
+      system = prev.stdenv.hostPlatform.system;
      config.allowUnfree = true;
    };
  };
@@ -10,6 +10,11 @@
  sos = pkgs.callPackage ./sos {};
  xwacomcalibrate = pkgs.callPackage ./xwacomcalibrate {};
  acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {};
-  pob2 = pkgs.callPackage ./pob2 {};
  wl-ocr = pkgs.callPackage ./wl-ocr {};
+  rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
+  typst-languagetool = pkgs.callPackage ./typst-languagetool {};
+  smath-studio = pkgs.callPackage ./smath-studio.nix {};
+
+  # rpi-ws281x-python = pkgs.callPackage ./rpi-ws281x-python {};
+  # piano-led-visualizer = pkgs.callPackage ./piano-led-visualizer {};
 }
@@ -1,15 +1,15 @@
 {
  writeShellApplication,
-  nheko,
+  element-desktop,
  telegram-desktop,
  thunderbird,
-  discord,
+  discord, # TODO: discord not available for aarch64, this leads to flake evaluation for this arch fail.
 }:
 writeShellApplication {
  name = "open-messaging";

  runtimeInputs = [
-    nheko
+    element-desktop
    telegram-desktop
    thunderbird
    discord
@@ -18,9 +18,9 @@ writeShellApplication {
  text = ''
    thunderbird &
    sleep 0.1
-    nheko &
+    element-desktop &
    sleep 0.1
-    telegram-desktop &
+    Telegram &
    sleep 0.1
    discord &
  '';
@@ -0,0 +1,63 @@
+{
+  lib,
+  python3,
+  callPackage,
+  fetchFromGitHub,
+  ...
+}: let
+  pythonPackages = python3.pkgs;
+  rpi-ws281x-python = callPackage ../rpi-ws281x-python {inherit python3;};
+in
+  pythonPackages.buildPythonApplication rec {
+    pname = "piano-led-visualizer";
+    version = "1.6";
+
+    src = fetchFromGitHub {
+      owner = "onlaj";
+      repo = "Piano-LED-Visualizer";
+      rev = "v${version}";
+      sha256 = "sha256-SkNNu2pqVG40HBZZYJMCCKiRj1h1QdkteaPR3Ek2P7I=";
+    };
+
+    patches = [
+      ./fix-log-dir.patch
+    ];
+
+    propagatedBuildInputs = with pythonPackages; [
+      setuptools
+
+      numpy
+      pillow
+      flask
+      rpi-gpio
+      webcolors
+      psutil
+      mido
+      rtmidi-python
+      spidev
+      waitress
+      websockets
+      werkzeug
+
+      rpi-ws281x-python
+    ];
+
+    format = "setuptools";
+
+    preBuild = ''
+      cp ${./setup.py} setup.py
+      sed -i 's/PLACEHOLDER_VERSION/${version}/' setup.py
+    '';
+
+    postInstall = ''
+      mv -v $out/bin/visualizer.py $out/bin/piano-led-visualizer
+    '';
+
+    meta = with lib; {
+      description = "Piano LED Visualizer for Raspberry Pi";
+      homepage = "https://github.com/onlaj/Piano-LED-Visualizer";
+      license = licenses.gpl3;
+      maintainers = [];
+      platforms = platforms.linux;
+    };
+  }
@@ -0,0 +1,24 @@
+diff --git a/lib/log_setup.py b/lib/log_setup.py
+index 34f9156..e164d14 100644
+--- a/lib/log_setup.py
+++ b/lib/log_setup.py
+@@ -1,6 +1,7 @@
+ import logging
+ from logging.handlers import RotatingFileHandler
+ import sys
+import os
+ 
+ # Create a custom logger
+ logger = logging.getLogger("my_app")
+@@ -10,7 +11,10 @@ logger.setLevel(logging.DEBUG)
+ 
+ # Create handlers
+ console_handler = logging.StreamHandler()
+-file_handler = RotatingFileHandler('/home/Piano-LED-Visualizer/visualizer.log', maxBytes=500000, backupCount=10)
+
+log_path = os.path.expanduser('~/Piano-LED-Visualizer/visualizer.log')
+os.makedirs(os.path.dirname(log_path), exist_ok=True)
+file_handler = RotatingFileHandler(log_path, maxBytes=500000, backupCount=10)
+ 
+ 
+ # Set the level for handlers
@@ -0,0 +1,24 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="piano_led_visualizer",
+    version="PLACEHOLDER_VERSION",
+    py_modules=["visualizer"],
+    packages=find_packages(),  # includes all packages with __init__.py
+    install_requires=[
+        "numpy",
+        "pillow",
+        "flask",
+        "rpi-gpio",
+        "webcolors",
+        "psutil",
+        "mido",
+        "rtmidi",
+        "spidev",
+        "waitress",
+        "websockets",
+        "werkzeug",
+        "rpi_ws281x",
+    ],
+    scripts=["visualizer.py"],
+)
@@ -0,0 +1,37 @@
+{
+  lib,
+  python3,
+  fetchFromGitHub,
+  pkgs,
+}:
+python3.pkgs.buildPythonPackage rec {
+  pname = "rpi-ws281x";
+  version = "5.0.0";
+
+  src = fetchFromGitHub {
+    owner = "rpi-ws281x";
+    repo = "rpi-ws281x-python";
+    rev = "v${version}";
+    sha256 = "sha256-CVPibDs1QLeXhtoEBw3JplKIIUpzahjgJKy8GVy99Wk=";
+    fetchSubmodules = true;
+  };
+
+  format = "setuptools";
+
+  propagatedBuildInputs = with python3.pkgs; [
+    setuptools
+    wheel
+  ];
+
+  postUnpack = ''
+    sourceRoot="$sourceRoot/library"
+  '';
+
+  meta = with lib; {
+    description = "Python bindings for the rpi_ws281x C library";
+    homepage = "https://github.com/rpi-ws281x/rpi-ws281x-python";
+    license = licenses.mit;
+    maintainers = [];
+    platforms = platforms.linux;
+  };
+}
@@ -0,0 +1,40 @@
+{
+  stdenv,
+  fetchFromGitHub,
+  cmake,
+  pkg-config,
+  qtbase,
+  wrapQtAppsHook,
+  qtserialport,
+  qttools,
+  ...
+}:
+stdenv.mkDerivation rec {
+  pname = "RTKLIB";
+  version = "b34L";
+
+  src = fetchFromGitHub {
+    owner = "rtklibexplorer";
+    repo = "${pname}";
+    rev = "${version}";
+    hash = "sha256-bQcia3aRQNcZ55fvJViAxpo2Ev276HFTZ28SEXJD5Ds=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+    wrapQtAppsHook
+  ];
+
+  buildInputs = [
+    qtbase
+    qtserialport
+    qttools
+  ];
+
+  cmakeFlags = [
+    "-DCMAKE_INSTALL_DATAROOTDIR=share"
+  ];
+
+  doCheck = true;
+}
@@ -0,0 +1,35 @@
+{
+  appimageTools,
+  fetchurl,
+  libgdiplus,
+}: let
+  pname = "smath-studio";
+  version = "1.3.0.9126";
+
+  src = fetchurl {
+    url = "https://smath.com/en-US/files/Download/cqSek/SMathStudioDesktop.1_3_0_9126.x86_64.ubuntu-22_04.glibc2.35.AppImage";
+    hash = "sha256-4FpdFGPFaPDK6WWSJHVtxcC8auaNkGmHyUtbegij6cQ=";
+  };
+
+  appimageContents = appimageTools.extractType2 {
+    inherit pname version src;
+  };
+in
+  appimageTools.wrapType2 {
+    inherit pname version src;
+
+    extraPkgs = pkgs:
+      with pkgs; [
+        gtk2
+      ];
+
+    profile = ''
+      export LD_PRELOAD="${libgdiplus}/lib/libgdiplus.so.0"
+    '';
+
+    extraInstallCommands = ''
+      install -m 444 -D ${appimageContents}/*.desktop -t $out/share/applications
+      sed -i "s|^Exec=.*|Exec=smath-studio %U|" $out/share/applications/*.desktop
+      cp -r ${appimageContents}/usr/share/icons $out/share
+    '';
+  }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gitea Actions	b77e7643dd	Update flake.lock 2025-04-28	2026-04-25 00:30:42 +00:00
Gitea Actions	b0fb9073b1	Update flake.lock 2025-04-27	2026-04-25 00:30:42 +00:00
Gitea Actions	751fd0d470	Update flake.lock 2025-04-26	2026-04-25 00:30:42 +00:00
Gitea Actions	45cab9d0c8	Update flake.lock 2025-04-25	2026-04-25 00:30:42 +00:00
Gitea Actions	9fedb8c107	Update flake.lock 2025-04-24	2026-04-25 00:30:42 +00:00
Gitea Actions	483deacf79	Update flake.lock 2025-04-23	2026-04-25 00:30:42 +00:00
Gitea Actions	905c19e9cf	Update flake.lock 2025-04-22	2026-04-25 00:30:42 +00:00
Gitea Actions	5b2fd3472f	Update flake.lock 2025-04-21	2026-04-25 00:30:42 +00:00
Gitea Actions	0f560c3596	Update flake.lock 2025-04-20	2026-04-25 00:30:42 +00:00
Gitea Actions	6bc74facae	Update flake.lock 2025-04-19	2026-04-25 00:30:42 +00:00
Gitea Actions	0c2e43a514	Update flake.lock 2025-04-18	2026-04-25 00:30:42 +00:00
Gitea Actions	6686cab532	Update flake.lock 2025-04-17	2026-04-25 00:30:42 +00:00
Gitea Actions	d4ad09d0cd	Update flake.lock 2025-04-16	2026-04-25 00:30:42 +00:00
Gitea Actions	04577ea081	Update flake.lock 2025-04-15	2026-04-25 00:30:42 +00:00
Gitea Actions	2ab45885c3	Update flake.lock 2025-04-14	2026-04-25 00:30:42 +00:00
Gitea Actions	53e1fc155f	Update flake.lock 2025-04-13	2026-04-25 00:30:42 +00:00
Gitea Actions	6d556885c4	Update flake.lock 2025-04-12	2026-04-25 00:30:42 +00:00
Gitea Actions	2b8c5004d9	Update flake.lock 2025-04-11	2026-04-25 00:30:42 +00:00
Gitea Actions	8aa917a190	Update flake.lock 2025-04-10	2026-04-25 00:30:42 +00:00
Gitea Actions	a827cd772f	Update flake.lock 2025-04-09	2026-04-25 00:30:42 +00:00
Gitea Actions	53f8c2a744	Update flake.lock 2025-04-08	2026-04-25 00:30:42 +00:00
Gitea Actions	ab23d15420	Update flake.lock 2025-04-07	2026-04-25 00:30:42 +00:00
Gitea Actions	e921a6f96b	Update flake.lock 2025-04-06	2026-04-25 00:30:42 +00:00
Gitea Actions	020961cc0d	Update flake.lock 2025-04-05	2026-04-25 00:30:42 +00:00
Gitea Actions	b2d6c552e0	Update flake.lock 2025-04-04	2026-04-25 00:30:42 +00:00
Gitea Actions	5384b399d7	Update flake.lock 2025-04-03	2026-04-25 00:30:42 +00:00
Gitea Actions	ff5d552eb1	Update flake.lock 2025-04-02	2026-04-25 00:30:42 +00:00
Gitea Actions	c64667d571	Update flake.lock 2025-04-01	2026-04-25 00:30:42 +00:00
Gitea Actions	88591998c8	Update flake.lock 2025-03-31	2026-04-25 00:30:42 +00:00
Gitea Actions	9fe6af74ec	Update flake.lock 2025-03-30	2026-04-25 00:30:42 +00:00
Gitea Actions	9a7352686c	Update flake.lock 2025-03-29	2026-04-25 00:30:42 +00:00
Gitea Actions	552a15dede	Update flake.lock 2025-03-28	2026-04-25 00:30:42 +00:00
Gitea Actions	307b8a3b51	Update flake.lock 2025-03-27	2026-04-25 00:30:42 +00:00
Gitea Actions	e83e0bf430	Update flake.lock 2025-03-26	2026-04-25 00:30:42 +00:00
Gitea Actions	0935360f08	Update flake.lock 2025-03-25	2026-04-25 00:30:42 +00:00
Gitea Actions	bccdc24099	Update flake.lock 2025-03-24	2026-04-25 00:30:42 +00:00
Gitea Actions	4e4677519b	Update flake.lock 2025-03-23	2026-04-25 00:30:42 +00:00
julian	831f49e8bd	Update flake	2026-04-24 11:53:22 +02:00
julian	8acb99770c	Add devenv to v3ms	2026-04-24 11:52:20 +02:00
julian	7488da102e	Add tmux to v3ms	2026-04-24 11:52:20 +02:00
julian	be5e9cce07	Fix screenshots on hyprland Update Nix Flake / update-flake (push) Failing after 12s Details	2026-04-13 08:25:30 +02:00
julian	0eddfbef58	Install .desktop file for smath-studio Update Nix Flake / update-flake (push) Failing after 19s Details	2026-03-26 09:02:32 +01:00
julian	bdb85b6161	Add smath-studio packet	2026-03-26 08:50:33 +01:00
julian	64392b695e	Fix recursion on self Update Nix Flake / update-flake (push) Failing after 22s Details	2026-03-23 21:57:18 +01:00
julian	8896788bfd	Delete unneeded standalone hm configs	2026-03-23 20:58:19 +01:00
julian	eec600d1d0	Move common host features to features-nixos folder	2026-03-23 20:57:12 +01:00
julian	b31791b9ef	Rename pkgs to packages	2026-03-23 20:43:11 +01:00
julian	8de280d7e5	Remove my own trys for pob wrapper	2026-03-23 20:39:47 +01:00
julian	8c8a6121bc	Remove unused users	2026-03-23 20:38:38 +01:00
julian	f1296e7675	Remove unused pianonix config	2026-03-23 20:37:54 +01:00
julian	ba56618049	Fix hm standalone config	2026-03-23 08:15:03 +01:00
julian	349181f35b	Add wireshark config Update Nix Flake / update-flake (push) Failing after 14s Details	2026-03-15 09:54:11 +01:00
julian	0b8b7564a1	Make nix gc explicitly persistent Update Nix Flake / update-flake (push) Failing after 15s Details	2026-03-13 08:14:07 +01:00
julian	54e0f94af5	Add garbage-collect for home-manager	2026-03-13 07:51:57 +01:00
julian	977aa539a3	Update flake Update Nix Flake / update-flake (push) Failing after 15s Details	2026-03-12 07:35:43 +01:00
julian	d56605e37a	Add nix-index-database and comma	2026-03-12 07:34:13 +01:00
julian	7d013c83bc	Uninstall rtklib Update Nix Flake / update-flake (push) Failing after 11s Details	2026-02-14 06:40:39 +01:00
julian	d42f38531d	Update flake	2026-02-14 06:40:33 +01:00
julian	af54219f5f	Install element-desktop too Update Nix Flake / update-flake (push) Failing after 11s Details	2026-01-24 16:37:09 +01:00
julian	b6f59055d8	Fix quickstart.nix	2026-01-24 16:36:04 +01:00
julian	cb990c0cd4	Switch to element-desktop	2026-01-24 16:35:54 +01:00
julian	c896e02bf1	Allow unfree packages with "run" and "shell" commands Update Nix Flake / update-flake (push) Failing after 16s Details	2026-01-22 06:56:06 +01:00
julian	c1e031efa9	Fix "systems deprecated" warning Update Nix Flake / update-flake (push) Failing after 49s Details	2026-01-20 21:01:05 +01:00
julian	19f213ca8c	development: install opencode	2026-01-20 20:40:09 +01:00
julian	a0ebb3f259	builder: add ollama and ui	2026-01-20 20:39:32 +01:00
julian	3a994a3b8d	Add more packages to quickstart configuration	2026-01-20 20:39:03 +01:00
julian	3b4c0e4a63	Clean up configs	2026-01-20 20:38:53 +01:00
julian	b15dd4ce86	move zoxide from yazi to fish config	2026-01-20 20:38:32 +01:00
julian	db5514062c	Update readme	2026-01-20 20:24:25 +01:00
julian	7b500ee994	Make v3ms07 a generic quickstart configuration	2026-01-20 20:24:06 +01:00
julian	07eb4664f9	Update flake	2026-01-20 20:04:32 +01:00
julian	872f80e92c	Remove non-working packages	2026-01-20 20:02:48 +01:00
julian	562f873f97	hyprland: adapt keyboard shortcuts	2026-01-20 20:02:32 +01:00
julian	2f5868fcca	Add config for v3ms07	2026-01-20 20:02:01 +01:00
julian	e1c1f6e104	emacs: install latex for org mode previews Update Nix Flake / update-flake (push) Failing after 14s Details	2026-01-06 12:10:16 +01:00
julian	3bdf73557b	desktop: remove vivaldi	2026-01-06 12:04:16 +01:00
julian	bb9988245a	hyprland: add submaps for common open commands	2026-01-06 12:04:05 +01:00
julian	713f5bfe8c	update flake	2026-01-06 12:03:55 +01:00
julian	c26f4ccd9a	kardorf: install steam Update Nix Flake / update-flake (push) Failing after 14s Details	2025-12-29 06:21:10 +01:00
julian	d84bfd4628	use network manager dns instead of resolved Update Nix Flake / update-flake (push) Failing after 12s Details	2025-12-24 06:48:22 +01:00
julian	fb6ac408e1	format code	2025-12-24 06:47:56 +01:00
julian	f01b079931	emacs: add ltex-ls-plus language server	2025-12-24 06:47:43 +01:00
julian	78990e6414	fix typst-languagetool installation typo Update Nix Flake / update-flake (push) Failing after 12s Details	2025-12-18 10:37:10 +01:00
julian	cef602d758	update flake	2025-12-18 10:37:00 +01:00
julian	368e741211	add typst-languagetool package	2025-12-18 10:36:21 +01:00
julian	fec13e08b9	dev suite: remove latex Update Nix Flake / update-flake (push) Failing after 13s Details	2025-12-13 07:59:44 +01:00
julian	a540ca622d	kardorf: switch to hyprland	2025-12-13 07:59:35 +01:00
julian	7fb0bcdac0	nixvim: add orgmode support	2025-12-13 07:59:20 +01:00
julian	b7726fce94	hyprland: fix cursor tearing	2025-12-13 07:58:54 +01:00
julian	30c987bd9b	hm: remove my binarycache for hm-standalone Update Nix Flake / update-flake (push) Failing after 12s Details Normally I wont have VPN access on standalone	2025-12-08 17:12:10 +01:00
julian	539e9a0b8e	v3ms: add qt-distrobox	2025-12-08 17:09:45 +01:00
julian	1e4593ea17	home: add qt-distrobox config	2025-12-08 17:09:14 +01:00
julian	ec8a71de95	open-messaging: update name of telegram binary Update Nix Flake / update-flake (push) Failing after 14s Details	2025-12-06 11:30:42 +01:00
julian	0c39388b21	gc: change to older than 30 the old +3 did not seem to work	2025-12-06 11:28:02 +01:00
julian	ebb043b589	format code	2025-12-06 11:24:15 +01:00
julian	fcfc9f6450	hm: make it backup conflicting files	2025-12-06 11:24:08 +01:00
julian	fe3cd057cd	fix regreet with hyprland	2025-12-06 11:23:41 +01:00
julian	b9cdb9299e	auto-upgrade: commit flake.lock if upgrading worked	2025-12-06 09:22:21 +01:00
julian	8b6ba76848	pianonix: add rpi-ws281x package	2025-12-06 09:22:02 +01:00
julian	2e79bd9e00	nix: do not optimise store on build, but regularly	2025-12-06 09:21:30 +01:00
julian	cfdc9f7001	aspi: activate wireguard	2025-12-06 09:21:17 +01:00
julian	a12b50edfa	pianonix: try getting piano-led-visualizer to run Still did not work, using raspberrypi os	2025-12-06 09:20:52 +01:00
julian	194d4bcec0	tmux: use vim bindings and better prefix	2025-12-06 09:20:00 +01:00
julian	5badb000be	install vagrant and qtcreator	2025-12-06 09:19:38 +01:00
julian	08b3f2c194	emacs: add more tools for c++ and typst development	2025-12-06 09:19:20 +01:00
julian	5f9a110464	update to nixos 25.11	2025-12-06 09:19:06 +01:00
julian	bcd041484d	Auto-update flake.lock	2025-12-05 14:03:59 +01:00
julian	fd3b9f20f0	update flake, add tmux Update Nix Flake / update-flake (push) Failing after 14s Details	2025-11-25 20:13:12 +01:00
julian	bc160af26a	fix open-messaging and workspace assignments Update Nix Flake / update-flake (push) Failing after 15s Details	2025-11-17 07:05:41 +01:00
julian	a34abd0f05	fix broken programs Update Nix Flake / update-flake (push) Failing after 14s Details	2025-11-16 12:24:15 +01:00
julian	2fd1f5ee53	update flake	2025-11-16 12:24:09 +01:00
julian	88547dc82c	pianonix: small fixes to make it compile Update Nix Flake / update-flake (push) Failing after 13s Details	2025-11-11 10:06:37 +01:00
julian	ccf38c2da2	remove broken packages after update	2025-11-11 09:55:54 +01:00
julian	b1107ae904	update flake	2025-11-11 09:55:49 +01:00
julian	48f53b3884	first setup of piano-visualizer on pianonix	2025-11-11 09:55:32 +01:00
julian	9bcca96597	aspi firefwall: reactivate checkReversePath Update Nix Flake / update-flake (push) Failing after 12s Details	2025-10-28 09:09:03 +01:00
julian	78e219a6cb	sops: do not use keyfile makes ssh keys work	2025-10-28 09:09:03 +01:00
julian	8b958d6a56	mdns: try fixes for bug with pianonix	2025-10-28 09:09:03 +01:00
julian	1a1aa20690	pianonix: add bluetooth, fix firefox autostart	2025-10-28 09:09:03 +01:00
julian	54952923f3	fish: add ctrl-space shortcut for zi	2025-10-28 09:09:03 +01:00
julian	ca20fa6c35	hm-standalone: add official nix to trusted keys Update Nix Flake / update-flake (push) Failing after 17s Details	2025-10-27 11:19:12 +01:00
julian	c1b2b51d13	update flake Update Nix Flake / update-flake (push) Failing after 11s Details	2025-10-21 20:04:02 +02:00
julian	28f78bb67e	flake: add nixos-generators for output pianonix-image	2025-10-21 20:03:46 +02:00
julian	114647aa96	pianonix: update commented wireless networking config	2025-10-21 20:03:25 +02:00
julian	64ae389f27	pianonix: update secrets for new installation	2025-10-21 20:03:12 +02:00
julian	fd39dbfcd4	readme: update ssh-to-age command	2025-10-21 20:02:18 +02:00
julian	b13cca7173	shell: add nix helper programs Update Nix Flake / update-flake (push) Failing after 20s Details	2025-10-20 19:37:44 +02:00
julian	7807091b83	builder: use networkmanager again	2025-10-20 19:37:16 +02:00
julian	d3026afb97	update flake	2025-10-20 19:37:05 +02:00
julian	152daf1230	pianonix: multiple improvements, improve secrets, add wireguard, use sheetless in browser	2025-10-20 19:36:24 +02:00
julian	ffda398f8d	builder: disable autoupgrade Update Nix Flake / update-flake (push) Failing after 13s Details	2025-10-09 21:29:40 +02:00
julian	3e179960de	builder: simplify network config by using static dns list	2025-10-09 21:28:34 +02:00
julian	93e655ed27	aspi: use wireguard via networkmanager	2025-10-09 21:28:14 +02:00
julian	710c1dedb8	install additional software Update Nix Flake / update-flake (push) Failing after 13s Details	2025-10-05 15:36:37 +02:00
julian	28ec5c73d4	format code	2025-10-05 15:36:26 +02:00
julian	fc7285bd5c	setup pob user for running pob2-frajul	2025-10-05 15:36:06 +02:00
julian	11ee156b29	pipewire: try fixing video conference freeze	2025-10-05 15:34:21 +02:00
julian	2dba549787	builder: setup as jenkins node	2025-10-05 15:33:58 +02:00
julian	d28c7d870c	add caches to substituters	2025-10-05 15:32:52 +02:00
julian	8bf17e74ef	use stable nixos-25.05 instead of unstable	2025-10-05 15:30:41 +02:00
julian	08cf457aa3	neovim: use smartcase search	2025-09-11 08:04:03 +02:00
julian	448002ebf4	update config syntax	2025-09-11 08:03:22 +02:00
julian	9735d3f0c0	frajul-auto-upgrade: restore flake.lock if update failed	2025-09-09 21:47:35 +02:00
julian	8f1b0ade4d	user: add to rtkit groups to maybe fix audio	2025-09-09 21:47:08 +02:00
julian	db05024dc6	builder: add fallback to substituters	2025-09-09 21:46:36 +02:00
julian	21053dac8c	install dig	2025-09-09 21:46:19 +02:00
julian	1ab0bf54fa	neovim: fix telescope file_browser, add lsps	2025-09-09 21:46:13 +02:00
julian	5070d4dbfc	Add yukari user	2025-09-01 17:24:27 +02:00
julian	12466b4426	frajul-auto-upgrade: re-add lock file usage Update Nix Flake / update-flake (push) Failing after 11s Details	2025-08-03 16:05:46 +02:00
julian	23155d57b7	update flake Update Nix Flake / update-flake (push) Failing after 18s Details	2025-07-26 08:13:42 +02:00
julian	a9e30bd84b	Set fallback for binary caches This makes builds not fail when my own binary cache is offline for some reason	2025-07-26 08:13:02 +02:00
julian	e62f6e9dce	Fix frajul-auto-upgrade git permission issue	2025-07-26 08:12:43 +02:00
julian	c543bc13ea	hm: disable warn-dirty Update Nix Flake / update-flake (push) Failing after 16s Details	2025-07-12 15:52:17 +02:00
julian	b4d1681b99	hyprland: fix waybar by running it with exec-once	2025-07-12 15:51:43 +02:00
julian	6c32ffbe94	frajul-auto-upgrade: only run once a day Update Nix Flake / update-flake (push) Failing after 14s Details	2025-07-11 16:22:17 +02:00
julian	6787243414	flake: update	2025-07-11 13:15:42 +02:00
julian	d350807e8c	builder: do enable auto-upgrades	2025-07-11 13:15:25 +02:00
julian	f872c8db0c	aspi: enable frajul auto upgrade module and integrate into waybar	2025-07-11 13:15:02 +02:00
julian	8c53c66c4d	Add frajul-auto-upgrade module	2025-07-11 13:14:48 +02:00
julian	0f07029660	Add openconnect plugin to networkmanager Update Nix Flake / update-flake (push) Failing after 17s Details	2025-07-10 17:50:34 +02:00
julian	8010d771a1	builder: add gitlab-runner Update Nix Flake / update-flake (push) Failing after 17s Details	2025-07-09 21:34:52 +02:00
julian	7f4c41429e	update flake Update Nix Flake / update-flake (push) Failing after 15s Details	2025-07-04 14:44:51 +02:00
julian	6d21fe4262	format code	2025-07-04 14:44:31 +02:00
julian	c081f95aaf	open-messaging: adapt to new telegram program name	2025-07-04 14:44:01 +02:00
julian	452a34c7e8	Neovim: add clangd	2025-07-04 14:43:51 +02:00
julian	15c4616b91	Fix emacs not having TERMINAL env var	2025-07-04 14:43:45 +02:00
julian	07274a0364	Update alacritty config, use as default	2025-07-04 14:41:58 +02:00
julian	3bb8db1349	Fix builder using itself as remote subsituter	2025-07-04 14:40:58 +02:00
julian	65a3dcdc08	Use ghostty as primary terminal Update Nix Flake / update-flake (push) Failing after 16s Details	2025-06-30 08:37:24 +02:00
julian	9fe40bfd13	package rtklib	2025-05-26 21:51:07 +02:00
julian	07943d4f95	format file Update Nix Flake / update-flake (push) Failing after 12s Details	2025-05-23 09:59:30 +02:00
julian	815a79ff41	kardorf: fix seahorse and plasma6 config conflict	2025-05-23 09:58:59 +02:00
julian	32ddceba8f	kardorf: use i3 instead of hyprland	2025-05-23 09:58:38 +02:00
julian	55ba4125d6	add latex packages to fix org mode exporting Update Nix Flake / update-flake (push) Failing after 11s Details	2025-05-21 23:01:09 +02:00
julian	b9274f546f	update flake	2025-05-21 23:01:03 +02:00
julian	fd246d7daf	Add hydra-auto-upgrade module, still wip Update Nix Flake / update-flake (push) Failing after 16s Details	2025-05-16 13:13:47 +02:00
julian	edae0d2bb0	Delete i3 scripts also available in my nix pkgs	2025-05-16 12:56:22 +02:00
julian	1cb23dd0a4	Add todo	2025-05-16 12:53:20 +02:00
julian	ab1052193a	rename deprecated options	2025-05-16 12:12:22 +02:00
julian	6dadb2008c	kardorf: enable ssh access	2025-05-16 12:11:45 +02:00
julian	18f9cc3fa8	Add user julian to dialout for serial port access	2025-05-16 08:27:45 +02:00
julian	9295ad7010	add kardorf ssh key to common secrets.yaml	2025-05-16 08:27:45 +02:00
julian	e3cf2379ab	yazi: update config to new version	2025-05-16 08:27:45 +02:00
julian	f6c3f676b2	update flake	2025-05-16 08:27:45 +02:00