refactor: move fully away from modules & profiles distinction

2023-10-07 16:45:42 +02:00 · 2023-10-07 16:45:42 +02:00 · 93bcf469ab
parent 078e738a31
commit 93bcf469ab
108 changed files with 957 additions and 1732 deletions
--- a/hosts/biolimo/configuration.nix
+++ b/hosts/biolimo/configuration.nix
@ -8,35 +8,28 @@ with lib; let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
  pub-solar.graphical.enable = true;
  pub-solar.sway.enable = true;
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.plymouth.enable = true;
-  pub-solar.paranoia.enable = true;
+  pub-solar.core.hibernation.enable = true;
  pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
  pub-solar.core.hibernation.resumeOffset = 15296512;
-  pub-solar.audio.bluetooth.enable = true;
+  pub-solar.terminal-life.full = true;
  hardware.cpu.intel.updateMicrocode = true;
  networking.hostName = "biolimo";
-  networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
+  networking.networkmanager.wifi.backend = "wpa_supplicant";
-  home-manager = with pkgs;
+  home-manager.users."${psCfg.user.name}" = {
-    pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+    xdg.configFile = {
      xdg.configFile = mkIf psCfg.sway.enable {
      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
      "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
    };
      home.packages = [
        inkscape
      ];
  };
  # For OpenProject development with https
--- a/hosts/chocolatebar/configuration.nix
+++ b/hosts/chocolatebar/configuration.nix
@ -9,10 +9,6 @@ with lib; let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
  pub-solar.graphical.enable = true;
  pub-solar.sway.enable = true;
  pub-solar.virtualisation.enable = true;
  hardware.cpu.amd.updateMicrocode = true;
  hardware.opengl.extraPackages = with pkgs; [
@ -23,62 +19,30 @@ in {
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.plymouth.enable = true;
-  pub-solar.paranoia.enable = true;
+  pub-solar.core.hibernation.enable = true;
  pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
  pub-solar.core.hibernation.resumeOffset = 115075072;
-  pub-solar.paperless.sync.masterNode = true;
+  pub-solar.terminal-life.full = true;
  age.secrets."drone-runner-exec-config" = {
    file = "${flake.self}/secrets/drone-runner-exec-config";
    mode = "400";
    owner = psCfg.user.name;
  };
  pub-solar.docker-ci-runner = {
    enable = true;
    runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
  };
  pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
  services.openssh.openFirewall = true;
  networking.hostName = "chocolatebar";
  networking.firewall.allowedTCPPorts =
    [443]
    ++ (
      if psCfg.sway.vnc.enable
      then [5901]
      else []
    );
  networking.firewall.allowedUDPPorts = [43050];
  environment.systemPackages = with pkgs; [
    wayvnc
    drone-docker-runner
    stdenv.cc.cc.lib
    pkgs.hplip
  ];
  age.secrets."vnc-key.pem" = {
    file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
    mode = "400";
    owner = psCfg.user.name;
  };
  age.secrets."vnc-cert.pem" = {
    file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
    mode = "400";
    owner = psCfg.user.name;
  };
  pub-solar.sway.vnc.enable = true;
  services.udev.extraRules = ''
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
  '';
  home-manager.users."${psCfg.user.name}" = {
-    xdg.configFile = mkIf psCfg.sway.enable {
+    xdg.configFile = {
      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
--- a/hosts/chocolatebar/virtualisation/default.nix
+++ b/hosts/chocolatebar/virtualisation/default.nix
@ -17,7 +17,6 @@ with lib; let
  isolateAnyGPU = isolateGPU != null;
 in {
  config = mkIf psCfg.virtualisation.enable {
  boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
    "softdep amdgpu pre: vfio vfio_pci"
    (
@ -78,5 +77,4 @@ in {
      };
    };
  };
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -8,6 +8,12 @@
          self.nixosModules.base
          ./biolimo
          self.nixosModules.b12f
          self.nixosModules.audio
          self.nixosModules.bluetooth
          self.nixosModules.docker
          self.nixosModules.graphical
          self.nixosModules.nextcloud
          self.nixosModules.office
        ];
      };
@ -17,6 +23,14 @@
          self.nixosModules.base
          ./chocolatebar
          self.nixosModules.b12f
          self.nixosModules.audio
          self.nixosModules.virtualisation
          self.nixosModules.docker
          self.nixosModules.gaming
          self.nixosModules.graphical
          self.nixosModules.nextcloud
          self.nixosModules.office
          self.nixosModules.virtualisation
        ];
      };
@ -37,6 +51,7 @@
          ./pie
          self.nixosModules.yule
          self.nixosModules.printing
          self.nixosModules.paperless
        ];
      };
--- a/hosts/droppie/configuration.nix
+++ b/hosts/droppie/configuration.nix
@ -9,6 +9,8 @@ with lib; let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
  pub-solar.core.disk-encryption-active = false;
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub = {
    enable = true;
@ -21,9 +23,6 @@ in {
  networking.hostName = "droppie";
  pub-solar.core.disk-encryption-active = false;
  pub-solar.core.lite = true;
  security.sudo.extraRules = [
    {
      users = ["${psCfg.user.name}"];
--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@ -27,7 +27,6 @@ in {
  boot.kernelPackages = pkgs.linuxPackages_6_1;
  pub-solar.core.disk-encryption-active = false;
  pub-solar.core.lite = true;
  networking.hostName = "pie";
  networking.defaultGateway = {
--- a/lib/default.nix
+++ b/lib/default.nix
@ -11,8 +11,8 @@
      ## In configs, they can be used under "lib.our"
      deploy = import ./deploy.nix { inherit inputs lib; };
      addLocalHostname = callLibs ./add-local-hostname.nix;
      recursiveMerge = callLibs ./recursive-merge.nix;
    };
  };
 }
--- a/lib/recursive-merge.nix
+++ b/lib/recursive-merge.nix
@ -0,0 +1,16 @@
 { lib }:
 attrList:
 let
  f = attrPath:
    zipAttrsWith (
      n: values:
        if tail values == []
        then head values
        else if all isList values
        then unique (concatLists values)
        else if all isAttrs values
        then f (attrPath ++ [n]) values
        else last values
    );
 in
  f [] attrList;
--- a/modules/adb/default.nix
+++ b/modules/adb/default.nix
@ -0,0 +1,15 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
 in {
  programs.adb.enable = true;
  users.users."${psCfg.user.name}" = {
    extraGroups = ["adbusers"];
  };
 }
--- a/modules/arduino/default.nix
+++ b/modules/arduino/default.nix
@ -6,22 +6,12 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.arduino;
 in {
-  options.pub-solar.arduino = {
+  users.users."${psCfg.user.name}" = {
    enable = mkEnableOption "Life with home automation";
  };
  config = mkIf cfg.enable {
    users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
    extraGroups = ["dialout"];
-    };
+    packages = with pkgs; [
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
      arduino
      arduino-cli
    ];
  };
  };
 }
--- a/modules/audio/default.nix
+++ b/modules/audio/default.nix
@ -6,31 +6,11 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.audio;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
-  options.pub-solar.audio = {
+  users.users."${psCfg.user.name}" = {
    enable = mkEnableOption "Life in highs and lows";
    mopidy.enable = mkEnableOption "Life with mopidy";
    spotify.enable = mkEnableOption "Life in DRM";
    spotify.username = mkOption {
      description = "Spotify login username or email";
      type = types.str;
      example = "yourname@example.com";
      default = "";
    };
    bluetooth.enable = mkEnableOption "Life with bluetooth";
  };
  config = mkIf cfg.enable {
    users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
    extraGroups = ["audio"];
-    };
+    packages = with pkgs; [
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages =
          [
      # easyeffects, e.g. for microphone noise filtering
      easyeffects
      mu
@ -40,20 +20,19 @@ in {
      # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
      pulseaudio
      vimpc
-          ]
+      spotify-tui
-          ++ (
+    ];
-            if cfg.spotify.enable
+  };
-            then [pkgs.spotify-tui]
+
-            else []
+  home-manager.users."${psCfg.user.name}" = {
          );
    xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
    systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
-        services.spotifyd = mkIf cfg.spotify.enable {
+    services.spotifyd = {
      enable = true;
      settings = {
        global = {
-              username = cfg.spotify.username;
+          username = "spotify@benjaminbaedorf.eu";
          password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password";
          bitrate = 320;
          volume_normalisation = true;
@ -75,57 +54,4 @@ in {
    # If you want to use JACK applications, uncomment this
    jack.enable = true;
  };
    # Enable bluetooth
    hardware.bluetooth = mkIf cfg.bluetooth.enable {
      enable = true;
      # Disable bluetooth on startup to save battery
      powerOnBoot = false;
      # Disable useless SIM Access Profile plugin
      disabledPlugins = [
        "sap"
      ];
      settings = {
        General = {
          # Enables experimental features and interfaces.
          # Makes BlueZ Battery Provider available
          Experimental = true;
        };
      };
    };
    services.blueman.enable = mkIf cfg.bluetooth.enable true;
    environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = mkIf cfg.bluetooth.enable {
      text = ''
        bluez_monitor.properties = {
          ["bluez5.enable-sbc-xq"] = true,
          ["bluez5.enable-msbc"] = true,
          ["bluez5.enable-hw-volume"] = true,
          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
        }
      '';
    };
    # Enable audio server & client
    services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
    # Make pulseaudio listen on port 4713 for mopidy, extending the default
    # config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in
    environment.etc."pipewire/pipewire-pulse.conf.d/99-custom.conf" = mkIf cfg.mopidy.enable {
      text = ''
        {
          "context.modules": [
            {
              "name": "libpipewire-module-protocol-pulse",
              "args": {
                "server.address": ["unix:native", "tcp:4713"],
                "vm.overrides": {
                  "pulse.min.quantum": "1024/48000"
                }
              }
            }
          ]
        }
      '';
      };
    };
 }
--- a/modules/bluetooth/default.nix
+++ b/modules/bluetooth/default.nix
@ -0,0 +1,35 @@
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  hardware.bluetooth = {
    enable = true;
    # Disable bluetooth on startup to save battery
    powerOnBoot = false;
    # Disable useless SIM Access Profile plugin
    disabledPlugins = [
      "sap"
    ];
    settings = {
      General = {
        # Enables experimental features and interfaces.
        # Makes BlueZ Battery Provider available
        Experimental = true;
      };
    };
  };
  services.blueman.enable = true;
  environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
    text = ''
      bluez_monitor.properties = {
        ["bluez5.enable-sbc-xq"] = true,
        ["bluez5.enable-msbc"] = true,
        ["bluez5.enable-hw-volume"] = true,
        ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
      }
    '';
  };
 }
--- a/modules/ci-runner/default.nix
+++ b/modules/ci-runner/default.nix
@ -1,45 +0,0 @@
 {
  lib,
  config,
  pkgs,
  flake,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.ci-runner;
 in {
  options.pub-solar.ci-runner = {
    enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
  };
  config = mkIf cfg.enable {
    systemd.user.services.ci-runner = {
      enable = true;
      description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
      serviceConfig = {
        Type = "simple";
        Restart = "always";
      };
      path = [
        pkgs.git
        pkgs.nix
        pkgs.libvirt
      ];
      wantedBy = ["multi-user.target"];
      after = ["network.target" "libvirtd.service"];
      script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
    };
    age.secrets."drone-runner-exec-config" = {
      file = "${flake.self}/secrets/drone-runner-exec-config";
      mode = "700";
      owner = psCfg.user.name;
    };
  };
 }
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@ -7,12 +7,6 @@
 with lib; let
  cfg = config.pub-solar.core;
 in {
  options.pub-solar.core.iso-options.enable = mkOption {
    type = types.bool;
    default = false;
    description = "Feature flag for iso builds";
  };
  options.pub-solar.core.disk-encryption-active = mkOption {
    type = types.bool;
    default = true;
@ -21,13 +15,10 @@ in {
  config = {
    boot = {
      # Enable plymouth for better experience of booting
      plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
      # Mount / luks device in initrd
      # Allow fstrim to work on it.
      # The ! makes this enabled by default
-      initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
+      initrd = mkIf cfg.disk-encryption-active {
        luks.devices."cryptroot" = {
          allowDiscards = true;
        };
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@ -9,33 +9,29 @@ in {
  imports = [
    ./boot.nix
    ./hibernation.nix
    ./fonts.nix
    ./i18n.nix
    ./networking.nix
    ./packages.nix
    ./services.nix
  ];
-  options.pub-solar.core = {
+  # Service that makes Out of Memory Killer more effective
-    lite = mkOption {
+  services.earlyoom.enable = true;
-      description = ''
+
-        Enable a lite edition of core with less default modules and a reduced package set.
+  services.logind.lidSwitch = "hibernate";
-      '';
+
-      default = false;
+  services.tor.settings = {
-      type = types.bool;
+    UseBridges = true;
    };
  };
-  config = {
+  # The options below are directly taken from or inspired by
-    pub-solar = {
+  # https://xeiaso.net/blog/paranoid-nixos-2021-07-18
      audio.enable = mkIf (!cfg.lite) (mkDefault true);
      crypto.enable = mkIf (!cfg.lite) (mkDefault true);
      devops.enable = mkIf (!cfg.lite) (mkDefault true);
-      terminal-life = {
+  # Limit the use of sudo to the group wheel
-        enable = mkDefault true;
+  security.sudo.execWheelOnly = true;
-        lite = cfg.lite;
+
-      };
+  # Remove the complete default environment of packages like
-    };
+  # nano, perl and rsync
-  };
+  environment.defaultPackages = lib.mkForce [];
  # fileSystems."/".options = [ "noexec" ];
 }
--- a/modules/core/fonts.nix
+++ b/modules/core/fonts.nix
@ -1,14 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  fonts = {
    fonts = with pkgs; [powerline-fonts dejavu_fonts];
    fontconfig.defaultFonts = {
      monospace = ["DejaVu Sans Mono for Powerline"];
      sansSerif = ["DejaVu Sans"];
    };
  };
 }
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@ -1,34 +1,10 @@
 {
  flake,
  config,
  pkgs,
  lib,
  ...
-}:
+}: {
 with lib; let
  cfg = config.pub-solar.core;
 in {
  options.pub-solar.core = {
    enableCaddy = mkOption {
      type = types.bool;
      default = !cfg.lite;
    };
    enableHelp = mkOption {
      type = types.bool;
      default = !cfg.lite;
    };
    binaryCaches = mkOption {
      type = types.listOf types.str;
      default = [];
      description = "Binary caches to use.";
    };
    publicKeys = mkOption {
      type = types.listOf types.str;
      default = [];
      description = "Public keys of binary caches.";
    };
  };
  config = {
  # disable NetworkManager and systemd-networkd -wait-online by default
  systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
  systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
@ -36,9 +12,40 @@ in {
  networking.networkmanager = {
    # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
    enable = true;
-      wifi.backend = "iwd";
+    wifi.backend = lib.mkDefault "iwd";
  };
  networking.firewall.enable = true;
  networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
  # Caddy reverse proxy for local services like cups
  services.caddy = {
    enable = true;
    globalConfig = ''
      default_bind 127.0.0.1
      auto_https off
    '';
  };
  # For rage encryption, all hosts need a ssh key pair
  services.openssh = {
    enable = true;
    allowSFTP = false;
    # If you don't want the host to have SSH actually opened up to the net,
    # set `services.openssh.openFirewall` to false in your config.
    openFirewall = true;
    settings.PasswordAuthentication = lib.mkDefault false;
    settings.KbdInteractiveAuthentication = false;
    extraConfig = ''
      AllowTcpForwarding yes
      X11Forwarding no
      AllowAgentForwarding no
      AllowStreamLocalForwarding no
      AuthenticationMethods publickey
    '';
  };
 }
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@ -8,9 +8,7 @@ with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.core;
 in {
-  environment = {
+  environment.systemPackages = with pkgs; [
    systemPackages = with pkgs;
      [
    # Core unix utility packages
    coreutils-full
    dnsutils
@ -18,62 +16,10 @@ in {
    progress
    pciutils
    usbutils
        wget
        openssl
        openssh
        curl
        htop
        btop
        lsof
        psmisc
        file
        # zippit
        zip
        unzip
        # Modern modern utilities
        p7zip
        croc
        jq
      ]
      ++ lib.optionals (!cfg.lite) [
        mtr
        gitFull
        git-lfs
        git-bug
        xdg-utils
        sysfsutils
        renameutils
        nfs-utils
        moreutils
        mailutils
        keyutils
        input-utils
        elfutils
        binutils
        dateutils
    diffutils
    findutils
    exfat
-        # Nix specific utilities
+    gitFull
        alejandra
        niv
        manix
        nix-index
        nix-tree
        nixpkgs-review
        # Build broken, python2.7-PyJWT-2.0.1.drv' failed
        #nixops
        psos
        nvd
        # Fun
        neofetch
  ];
  };
 }
--- a/modules/core/services.nix
+++ b/modules/core/services.nix
@ -1,18 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  # For rage encryption, all hosts need a ssh key pair
  services.openssh = {
    enable = true;
    # If you don't want the host to have SSH actually opened up to the net,
    # set `services.openssh.openFirewall` to false in your config.
    openFirewall = lib.mkDefault true;
    settings.PasswordAuthentication = lib.mkDefault false;
  };
  # Service that makes Out of Memory Killer more effective
  services.earlyoom.enable = true;
 }
--- a/modules/crypto/default.nix
+++ b/modules/crypto/default.nix
@ -6,21 +6,20 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.crypto;
 in {
  options.pub-solar.crypto = {
    enable = mkEnableOption "Life in private";
  };
  config = mkIf cfg.enable {
  services.udev.packages = [pkgs.yubikey-personalization];
  services.dbus.packages = [pkgs.gcr];
  services.pcscd.enable = true;
  services.gnome.gnome-keyring.enable = true;
-    home-manager = with pkgs;
+  users.users."${psCfg.user.name}".packages = with pkgs; [
-      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+    gnome.seahorse
    keepassxc
    libsecret
  ];
  home-manager.users."${psCfg.user.name}" = {
    systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
    services.gpg-agent = {
@ -32,14 +31,5 @@ in {
    programs.gpg = {
      enable = true;
    };
        home.packages = [
          gnome.seahorse
          keepassxc
          libsecret
          qMasterPassword
          restic
        ];
      };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -8,25 +8,19 @@
    nixosModules = rec {
      arduino = import ./arduino;
      audio = import ./audio;
-      ci-runner = import ./ci-runner;
+      bluetooth = import ./bluetooth;
      core = import ./core;
      crypto = import ./crypto;
      devops = import ./devops;
      docker = import ./docker;
      docker-ci-runner = import ./docker-ci-runner;
      email = import ./email;
      gaming = import ./gaming;
      graphical = import ./graphical;
-      mobile = import ./mobile;
+      adb = import ./adb;
      nix = import ./nix;
      nextcloud = import ./nextcloud;
      office = import ./office;
      paperless = import ./paperless;
      paranoia = import ./paranoia;
      printing = import ./printing;
      proxy = import ./proxy;
      social = import ./social;
      sway = import ./sway;
      terminal-life = import ./terminal-life;
      uhk = import ./uhk;
      user = import ./user;
@ -66,33 +60,13 @@
          ];
        })
        self.nixosModules.arduino
        self.nixosModules.audio
        self.nixosModules.ci-runner
        self.nixosModules.core
        self.nixosModules.crypto
        self.nixosModules.devops
        self.nixosModules.docker
        self.nixosModules.docker-ci-runner
        self.nixosModules.email
        self.nixosModules.gaming
        self.nixosModules.graphical
        self.nixosModules.mobile
        self.nixosModules.nix
        self.nixosModules.nextcloud
        self.nixosModules.office
        self.nixosModules.paperless
        self.nixosModules.paranoia
        # self.nixosModules.printing
        self.nixosModules.proxy
        self.nixosModules.social
        self.nixosModules.sway
        self.nixosModules.terminal-life
        self.nixosModules.uhk
        self.nixosModules.user
        self.nixosModules.virtualisation
        self.nixosModules.root
        self.nixosModules.user
      ];
    };
  };
--- a/modules/devops/default.nix
+++ b/modules/devops/default.nix
@ -1,32 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.devops;
 in {
  options.pub-solar.devops = {
    enable = mkEnableOption "Life automated";
  };
  config = mkIf cfg.enable {
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
          croc
          drone-cli
          nmap
          pgcli
          ansible
          ansible-lint
          restic
          shellcheck
          terraform
          tea
        ];
      };
  };
 }
--- a/modules/docker-ci-runner/default.nix
+++ b/modules/docker-ci-runner/default.nix
@ -1,113 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  bootstrap = pkgs.writeScript "bootstrap.sh" ''
    #!/usr/bin/env bash
    set -e
    apt update
    apt install --yes curl git sudo xz-utils
    adduser --system --uid 999 build
    chown build /nix
    sudo -u build curl -L https://nixos.org/nix/install > install
    sudo -u build sh install
    echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
    mkdir /etc/nix
    echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
    export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
    mkdir -p $(dirname \\$nix_user_config_file)
    echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
    chown -R build /home/build/
    curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
    sudo install -t /usr/local/bin drone-runner-exec
    if [ ! -f /run/vars ]; then
      exit 1
    fi
    cp -a /run/vars /run/runtime-vars
    env | grep "DRONE" >> /run/runtime-vars
    su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
  '';
  psCfg = config.pub-solar;
  cfg = config.pub-solar.docker-ci-runner;
 in {
  options.pub-solar.docker-ci-runner = {
    enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
    enableKvm = lib.mkOption {
      description = ''
        Enable kvm support.
      '';
      default = true;
      type = types.bool;
    };
    nixCacheLocation = lib.mkOption {
      description = ''
        Location of nix cache that is shared between builds
      '';
      default = "/var/lib/docker-ci-runner";
      type = types.path;
    };
    runnerEnvironment = lib.mkOption {
      description = ''
        Additional environment vars added to the vars file on container runtime
      '';
      default = {};
    };
    runnerVarsFile = lib.mkOption {
      description = ''
        Location of vars file passed to drone runner
      '';
      type = types.path;
    };
  };
  config = lib.mkIf cfg.enable {
    virtualisation = {
      docker = {
        enable = true; # sadly podman is not supported rightnow
      };
      oci-containers = {
        backend = "docker";
        containers."drone-exec-runner" = {
          image = "debian";
          autoStart = true;
          entrypoint = "bash";
          cmd = ["/bootstrap.sh"];
          volumes = [
            "${cfg.runnerVarsFile}:/run/vars"
            "${cfg.nixCacheLocation}:/nix"
            "${bootstrap}:/bootstrap.sh"
          ];
          environment = cfg.runnerEnvironment;
          extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
        };
      };
    };
    # Fix container not stopping correctly and holding the system 120s upon
    # shutdown / reboot
    systemd.services.docker-drone-exec-runner.preStop = ''
      docker stop drone-exec-runner
    '';
  };
 }
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@ -6,21 +6,14 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.docker;
 in {
  options.pub-solar.docker = {
    enable = mkEnableOption "Life in metal boxes";
  };
  config = mkIf cfg.enable {
  virtualisation.docker.enable = true;
-    users.users = with pkgs;
+
-      pkgs.lib.setAttrByPath [psCfg.user.name] {
+  users.users."${psCfg.user.name}" = {
    extraGroups = ["docker"];
  };
  environment.systemPackages = with pkgs; [
    docker-compose
  ];
  };
 }
--- a/modules/email/.config/msmtp/config
+++ b/modules/email/.config/msmtp/config
--- a/modules/email/.config/mutt/admins@pub.solar.muttrc
+++ b/modules/email/.config/mutt/admins@pub.solar.muttrc
--- a/modules/email/.config/mutt/admins@pub.solar.signature
+++ b/modules/email/.config/mutt/admins@pub.solar.signature
--- a/modules/email/.config/mutt/b.baedorf@openproject.com.muttrc
+++ b/modules/email/.config/mutt/b.baedorf@openproject.com.muttrc
--- a/modules/email/.config/mutt/b.baedorf@openproject.com.signature
+++ b/modules/email/.config/mutt/b.baedorf@openproject.com.signature
--- a/modules/email/.config/mutt/base16.muttrc
+++ b/modules/email/.config/mutt/base16.muttrc
--- a/modules/email/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
+++ b/modules/email/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
--- a/modules/email/.config/mutt/byb@miom.space.muttrc
+++ b/modules/email/.config/mutt/byb@miom.space.muttrc
--- a/modules/email/.config/mutt/byb@miom.space.signature
+++ b/modules/email/.config/mutt/byb@miom.space.signature
--- a/modules/email/.config/mutt/crew@pub.solar.muttrc
+++ b/modules/email/.config/mutt/crew@pub.solar.muttrc
--- a/modules/email/.config/mutt/crew@pub.solar.signature
+++ b/modules/email/.config/mutt/crew@pub.solar.signature
--- a/modules/email/.config/mutt/hello@benjaminbaedorf.eu.muttrc
+++ b/modules/email/.config/mutt/hello@benjaminbaedorf.eu.muttrc
--- a/modules/email/.config/mutt/hello@benjaminbaedorf.eu.signature
+++ b/modules/email/.config/mutt/hello@benjaminbaedorf.eu.signature
--- a/modules/email/.config/mutt/mail@b12f.io.muttrc
+++ b/modules/email/.config/mutt/mail@b12f.io.muttrc
--- a/modules/email/.config/mutt/mail@b12f.io.signature
+++ b/modules/email/.config/mutt/mail@b12f.io.signature
--- a/modules/email/.config/mutt/mailcap
+++ b/modules/email/.config/mutt/mailcap
--- a/modules/email/.config/mutt/muttrc
+++ b/modules/email/.config/mutt/muttrc
--- a/modules/email/.config/offlineimap/config
+++ b/modules/email/.config/offlineimap/config
--- a/modules/email/.config/offlineimap/functions.py
+++ b/modules/email/.config/offlineimap/functions.py
--- a/modules/email/default.nix
+++ b/modules/email/default.nix
@ -6,16 +6,8 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.email;
 in {
-  options.pub-solar.email = {
+  users.users."${psCfg.user.name}".packages = with pkgs; [
    enable = mkEnableOption "Life in headers";
  };
  config = mkIf cfg.enable {
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
    w3m
    urlscan
    neomutt
@ -24,10 +16,42 @@ in {
    mailto-mutt
  ];
  home-manager.users."${psCfg.user.name}" = {
    programs.offlineimap = {
      enable = true;
      pythonFile = builtins.readFile ./offlineimap.py;
    };
-      };
+
    xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
    xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
    xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
    xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
    xdg.configFile."mutt/accounts.muttrc".text = ''
      source ./hello@benjaminbaedorf.eu.muttrc
      macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
      macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
      macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
      macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
      macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
      macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
      macro index <f7> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
    '';
    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
    xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
    xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
    xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
    xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
    xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
    xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
    xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
    xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
    xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
    xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
    xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
    xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
  };
 }
--- a/modules/gaming/default.nix
+++ b/modules/gaming/default.nix
@ -6,25 +6,16 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.gaming;
 in {
  options.pub-solar.gaming = {
    enable = mkEnableOption "Life in shooters";
  };
  config = mkIf cfg.enable {
  programs.steam.enable = true;
  nixpkgs.config.packageOverrides = pkgs: {
    steam = pkgs.steam.override {};
  };
-    home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
+  users.users."${psCfg.user.name}".packages = with pkgs; [
      home.packages = with pkgs; [
    playonlinux
    godot
    obs-studio
    obs-studio-plugins.wlrobs
  ];
    };
  };
 }
--- a/modules/graphical/.config/libinput-gestures.conf
+++ b/modules/graphical/.config/libinput-gestures.conf
--- a/modules/graphical/.config/mako/config
+++ b/modules/graphical/.config/mako/config
--- a/modules/graphical/.config/user-dirs.dirs
+++ b/modules/graphical/.config/user-dirs.dirs
--- a/modules/graphical/.config/user-dirs.locale
+++ b/modules/graphical/.config/user-dirs.locale
--- a/modules/graphical/.config/waybar/colorscheme.css
+++ b/modules/graphical/.config/waybar/colorscheme.css
--- a/modules/graphical/.config/waybar/config
+++ b/modules/graphical/.config/waybar/config
--- a/modules/graphical/.config/waybar/style.css
+++ b/modules/graphical/.config/waybar/style.css
--- a/modules/graphical/.config/xmodmap
+++ b/modules/graphical/.config/xmodmap
--- a/modules/graphical/.config/xsettingsd/xsettingsd.conf
+++ b/modules/graphical/.config/xsettingsd/xsettingsd.conf
--- a/modules/graphical/.xinitrc
+++ b/modules/graphical/.xinitrc
--- a/modules/graphical/assets/wallpaper.jpg
+++ b/modules/graphical/assets/wallpaper.jpg
--- a/modules/graphical/default.nix
+++ b/modules/graphical/default.nix
@ -6,36 +6,22 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.graphical;
  yamlFormat = pkgs.formats.yaml {};
-  recursiveMerge = attrList: let
+  sessionVariables = {
-    f = attrPath:
+    WLR_RENDERER =
-      zipAttrsWith (
+      if psCfg.graphical.wayland.software-renderer.enable
-        n: values:
+      then "pixman"
-          if tail values == []
+      else "gles2";
-          then head values
+    # Fix KeepassXC rendering issue
-          else if all isList values
+    # https://github.com/void-linux/void-packages/issues/23517
-          then unique (concatLists values)
+    QT_AUTO_SCREEN_SCALE_FACTOR = "0";
-          else if all isAttrs values
+  };
          then f (attrPath ++ [n]) values
          else last values
      );
  in
    f [] attrList;
 in {
  imports = [
    ./sway
  ];
  options.pub-solar.graphical = {
    enable = mkEnableOption "Life in color";
    alacritty = {
      settings = mkOption {
        type = yamlFormat.type;
        default = {};
      };
    };
    autologin.enable = mkOption {
      type = types.bool;
      default = true;
      description = "Feature flag enabling autologin after boot.";
    };
    wayland.software-renderer.enable = mkOption {
      type = types.bool;
      default = false;
@ -43,8 +29,11 @@ in {
    };
  };
-  config = mkIf cfg.enable {
+  config = {
    hardware.opengl.enable = true;
    # Needed for the udev rules for solaar
    hardware.logitech.wireless.enable = true;
    environment = {
      systemPackages = with pkgs; [
        gtk-engine-murrine
@ -55,16 +44,20 @@ in {
        papirus-maia-icon-theme
        glib
        xdg-utils
      ];
      etc = {
        "xdg/PubSolar.conf".text = ''
          [Qt]
          style=GTK+
        '';
      };
      variables = sessionVariables;
    };
-    services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}");
+    services.getty.autologinUser = psCfg.user.name;
    qt = {
      enable = true;
@ -79,9 +72,11 @@ in {
    services.gnome.sushi.enable = true;
    # Enable GVfs, a userspace virtual filesystem
    services.gvfs.enable = true;
    services.yubikey-agent.enable = true;
-    fonts.enableDefaultFonts = true;
+    fonts = {
-    fonts.fonts = with pkgs; [
+      fonts = with pkgs; [
        dejavu_fonts
        fira-code
        fira-code-symbols
        google-fonts
@ -94,15 +89,18 @@ in {
        powerline-fonts
        source-sans-pro
      ];
      enableDefaultFonts = true;
      fontconfig.enable = true;
      fontconfig.defaultFonts = {
        monospace = ["DejaVu Sans Mono for Powerline"];
        sansSerif = ["DejaVu Sans"];
      };
    };
-    home-manager = with pkgs;
+    users.users."${psCfg.user.name}".packages = with pkgs; [
      setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
      alacritty
          foot
      ungoogled-chromium
      firefox-wayland
      flameshot
      libnotify
      gnome.adwaita-icon-theme
@ -110,21 +108,26 @@ in {
      gnome.nautilus
      gnome.yelp
      hicolor-icon-theme
      wine
      toggle-kbd-layout
      wcwd
      vlc
      gimp
    ];
-        xdg.configFile."alacritty/alacritty.yml" = {
+    home-manager.users."${psCfg.user.name}" = {
-          source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]);
+      home.file."xinitrc".source = ./.xinitrc;
-        };
+      xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
      xdg.configFile."xmodmap".source = ./.config/xmodmap;
      xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
      xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
      xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
      xdg.configFile."mako/config".source = ./.config/mako/config;
      xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
      xdg.configFile."waybar/config".source = ./.config/waybar/config;
      xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
      xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
      xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
      gtk = {
        enable = true;
@ -147,13 +150,12 @@ in {
        };
      };
        # Fix KeepassXC rendering issue
        # https://github.com/void-linux/void-packages/issues/23517
        systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0";
      xresources.extraConfig = builtins.readFile ./.Xdefaults;
      systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
      home.sessionVariables = sessionVariables;
      systemd.user.sessionVariables = sessionVariables;
    };
  };
 }
--- a/modules/graphical/sway/config/config.d/applications.conf
+++ b/modules/graphical/sway/config/config.d/applications.conf
--- a/modules/graphical/sway/config/config.d/colorscheme.conf
+++ b/modules/graphical/sway/config/config.d/colorscheme.conf
--- a/modules/graphical/sway/config/config.d/custom-keybindings.conf
+++ b/modules/graphical/sway/config/config.d/custom-keybindings.conf
--- a/modules/graphical/sway/config/config.d/gaps.conf
+++ b/modules/graphical/sway/config/config.d/gaps.conf
--- a/modules/graphical/sway/config/config.d/mode_system.conf.nix
+++ b/modules/graphical/sway/config/config.d/mode_system.conf.nix
@ -0,0 +1,39 @@
 {
  pkgs,
  psCfg,
  ...
 }:
 ''
  # Set shut down, restart and locking features
 ''
 + (
  if psCfg.core.hibernation.enable
  then ''
    set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
  ''
  else ''
    set $mode_system (e)xit, (r)eboot, (Shift+s)hutdown
  ''
 )
 + ''
  bindsym $mod+0 mode "$mode_system"
  mode "$mode_system" {
    bindsym e exec swaymsg exit, mode "default"
 ''
 + (
  if psCfg.core.hibernation.enable
  then ''
    bindsym h exec systemctl hibernate, mode "default"
  ''
  else ""
 )
 + ''
    bindsym r exec systemctl reboot, mode "default"
    bindsym Shift+s exec systemctl poweroff, mode "default"
    # exit system mode: "Enter" or "Escape"
    bindsym Return mode "default"
    bindsym Escape mode "default"
 }
 ''
--- a/modules/graphical/sway/config/config.d/systemd.conf
+++ b/modules/graphical/sway/config/config.d/systemd.conf
--- a/modules/graphical/sway/config/config.d/theme.conf
+++ b/modules/graphical/sway/config/config.d/theme.conf
--- a/modules/graphical/sway/config/config.nix
+++ b/modules/graphical/sway/config/config.nix
@ -19,7 +19,7 @@
  set $up i
  set $right l
  # Your preferred terminal emulator
-  set $term ${config.pub-solar.sway.terminal}
+  set $term ${pkgs.alacritty}
  # Your preferred application launcher
  # Note: pass the final command to swaymsg so that the resulting window can be opened
  # on the original workspace that the command was run on.
--- a/modules/graphical/sway/config/wayvnc/config.nix
+++ b/modules/graphical/sway/config/wayvnc/config.nix
--- a/modules/graphical/sway/default.nix
+++ b/modules/graphical/sway/default.nix
@ -0,0 +1,98 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
 in {
  options.pub-solar.graphical = {
    v4l2loopback.enable = mkOption {
      type = types.bool;
      default = true;
      description = "WebCam streaming tool";
    };
  };
  config = {
    boot = mkIf psCfg.graphical.v4l2loopback.enable {
      extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
      kernelModules = ["v4l2loopback"];
      extraModprobeConfig = ''
        options v4l2loopback exclusive_caps=1 devices=3
      '';
    };
    environment.systemPackages = with pkgs; [
      linuxPackages.v4l2loopback
    ];
    programs.sway.enable = true;
    xdg.portal = {
      enable = true;
      wlr = {
        enable = true;
        settings = {
          screencast = {
            max_fps = 30;
            chooser_type = "simple";
            chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
          };
        };
      };
      extraPortals = with pkgs; [xdg-desktop-portal-gtk];
    };
    services.pipewire.enable = true;
    users.users."${psCfg.user.name}".packages = with pkgs; [
      sway
      grim
      kanshi
      mako
      slurp
      swayidle
      swaybg
      xwayland
      libappindicator-gtk3
      wl-clipboard
      wf-recorder
      brightnessctl
      gammastep
      geoclue2
      xsettingsd
      ydotool
      sway-launcher
      record-screen
      import-gtk-settings
      s
      wcwd
    ];
    home-manager.users."${psCfg.user.name}" = {
      programs.waybar.enable = true;
      #programs.waybar.systemd.enable = true;
      systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
      systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
      systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
      systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
      systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
      systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
      xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
      xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
      xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
      xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
      xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
      xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
      xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
      xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
    };
  };
 }
--- a/modules/graphical/sway/gammastep.service.nix
+++ b/modules/graphical/sway/gammastep.service.nix
--- a/modules/graphical/sway/libinput-gestures.service.nix
+++ b/modules/graphical/sway/libinput-gestures.service.nix
--- a/modules/graphical/sway/mako.service.nix
+++ b/modules/graphical/sway/mako.service.nix
--- a/modules/graphical/sway/sway-session.target.nix
+++ b/modules/graphical/sway/sway-session.target.nix
--- a/modules/graphical/sway/sway.service.nix
+++ b/modules/graphical/sway/sway.service.nix
--- a/modules/graphical/sway/swayidle.service.nix
+++ b/modules/graphical/sway/swayidle.service.nix
@ -0,0 +1,26 @@
 {
  pkgs,
  psCfg,
  ...
 }: {
  Unit = {
    Description = "Idle manager for Wayland";
    Documentation = ["man:swayidle(1)"];
    BindsTo = ["graphical-session.target"];
    Wants = ["graphical-session-pre.target"];
    After = ["graphical-session-pre.target"];
  };
  Service = {
    Type = "simple";
    Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swayidle}/bin";
    ExecStart = ''
      swayidle -w \
      before-sleep 'systemctl hibernate'
      timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
      timeout 150 'systemctl hibernate'
    '';
  };
  Install = {
    WantedBy = ["sway-session.target"];
  };
 }
--- a/modules/graphical/sway/waybar.service.nix
+++ b/modules/graphical/sway/waybar.service.nix
--- a/modules/graphical/sway/xsettingsd.service.nix
+++ b/modules/graphical/sway/xsettingsd.service.nix
--- a/modules/graphical/sway/ydotool.service.nix
+++ b/modules/graphical/sway/ydotool.service.nix
--- a/modules/mobile/default.nix
+++ b/modules/mobile/default.nix
@ -1,23 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.mobile;
 in {
  options.pub-solar.mobile = {
    enable = mkEnableOption "Add android adb and tooling";
  };
  config = mkIf cfg.enable {
    programs.adb.enable = true;
    users.users = with pkgs;
      lib.setAttrByPath [psCfg.user.name] {
        extraGroups = ["adbusers"];
      };
  };
 }
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@ -6,16 +6,8 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.nextcloud;
 in {
-  options.pub-solar.nextcloud = {
+  home-manager.users."${psCfg.user.name}" = {
    enable = mkEnableOption "Life in sync";
  };
  config = mkIf cfg.enable {
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
    systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
  };
  };
 }
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -5,6 +5,12 @@
  flake,
  ...
 }: {
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "steam"
    "steam-original"
    "steam-run"
  ];
  nix = {
    # Use default version alias for nix package
    package = pkgs.nix;
--- a/modules/office/default.nix
+++ b/modules/office/default.nix
@ -6,18 +6,10 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.office;
 in {
  options.pub-solar.office = {
    enable = mkEnableOption "Install office programs, also enables printing server";
  };
  config = mkIf cfg.enable {
    # Gnome PDF viewer
  programs.evince.enable = true;
-    home-manager = with pkgs;
+
-      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  users.users."${psCfg.user.name}".packages = with pkgs; [
        home.packages = [
    libreoffice-fresh
    gnome.simple-scan
    # Tools like pdfunite
@ -25,6 +17,4 @@ in {
    # tool for annotating PDFs
    xournalpp
  ];
      };
  };
 }
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -1,4 +1,5 @@
 {
  flake,
  lib,
  config,
  pkgs,
@ -6,141 +7,48 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.paperless;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  dataDir = "${xdg.dataHome}/Paperless";
  consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
  scannerDefaultDevice = "hp3900:libusb:005:004";
 in {
  options.pub-solar.paperless = {
    enable = mkEnableOption "All you need to go paperless";
    ocrLanguage = mkOption {
      description = "OCR language";
      type = types.str;
      example = "eng+deu";
      default = "eng";
    };
    dataDir = mkOption {
      description = "Directory to save data in";
      type = types.str;
      example = "/home/pub_solar/Paperless";
      default = "${xdg.dataHome}/Paperless";
    };
    consumptionDir = mkOption {
      description = "Directory to be watched";
      type = types.str;
      example = "/var/lib/paperless/consume";
      default = "/var/lib/paperless/consume";
    };
    sync = {
      enable = mkEnableOption ''
          You can use this option to sync several paperless instances, for example via nextcloud.
          It will sync the media directory and database, automatically merging sqlite dbs via dump and import.
          Logs, the classification model, and other files are left unsynced.
        '';
      masterNode = mkEnableOption "If this node is the master node, it will only export paperless data, otherwise it will only import";
      directory = mkOption {
        description = "Directory to sync with.";
        type = types.str;
        example = "/home/pub_solar/Nextcloud/Paperless";
        default = "/home/${psCfg.user.name}/Nextcloud/Paperless";
      };
    };
    scannerDefaultDevice = mkOption {
      description = ''
        The scanner device. To find this, use `scanimage -L`.
        For example, your output might be the following:
        ```
        device `v4l:/dev/video3' is a Noname Logitech StreamCam virtual device
        device `hp3900:libusb:005:002' is a Hewlett-Packard Scanjet G3010 flatbed scanner
        ```
        Here, the scannerDevice is `hp3900:libusb:005:002`.
      '';
      type = types.str;
      example = "hp3900:libusb:005:002";
      default = "";
    };
  };
  config = mkIf cfg.enable {
  services.paperless = {
    enable = true;
    user = psCfg.user.name;
-      consumptionDir = cfg.consumptionDir;
+    consumptionDir = consumptionDir;
-      dataDir = cfg.dataDir;
+    dataDir = dataDir;
    address = "paperless.local";
    extraConfig = {
-        PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
+      PAPERLESS_OCR_LANGUAGE = "nld+deu";
      PAPERLESS_ADMIN_USER = psCfg.user.name;
      PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
      PAPERLESS_URL = "http://paperless.local";
    };
  };
-    home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  users.users."${psCfg.user.name}".packages = with pkgs; [
      home.packages = with pkgs; [
    scan2paperless
    sane-backends
    python310Packages.img2pdf
  ];
  home-manager.users."${psCfg.user.name}" = {
    home.sessionVariables = {
-        SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
+      SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
-        SCANNER_OUTPUT_DIR = cfg.consumptionDir;
+      SCANNER_OUTPUT_DIR = consumptionDir;
    };
    systemd.user.sessionVariables = {
-        SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
+      SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
-        SCANNER_OUTPUT_DIR = cfg.consumptionDir;
+      SCANNER_OUTPUT_DIR = consumptionDir;
    };
  };
-    systemd = let
+  networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
-      copy-out = pkgs.writeShellScriptBin "copy-out" ''
+  services.caddy.extraConfig = ''
-        ${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
+    paperless.local:80 {
-        cp -r ${cfg.dataDir}/media ${cfg.sync.directory}/
+      request_header Host localhost:${builtins.toString config.services.paperless.port}
-        cp ${cfg.dataDir}/db.sqlite3 ${cfg.sync.directory}/db.sqlite3
+      reverse_proxy localhost:${builtins.toString config.services.paperless.port}
-        cp ${cfg.dataDir}/celerybeat-schedule.db ${cfg.sync.directory}/celerybeat-schedule.db
+    }
-        cp ${cfg.dataDir}/classification_model.pickle ${cfg.sync.directory}/classification_model.pickle
+  '';
        cp ${cfg.dataDir}/src-version ${cfg.sync.directory}/src-version
        chown -R ${psCfg.user.name}:users ${cfg.sync.directory}
        ${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
      '';
      copy-in = pkgs.writeShellScriptBin "copy-in" ''
        ${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
        cp -r ${cfg.sync.directory}/media ${cfg.dataDir}/
        cp ${cfg.sync.directory}/db.sqlite3 ${cfg.dataDir}/db.sqlite3
        cp ${cfg.sync.directory}/celerybeat-schedule.db ${cfg.dataDir}/celerybeat-schedule.db
        cp ${cfg.sync.directory}/classification_model.pickle ${cfg.dataDir}/classification_model.pickle
        cp ${cfg.sync.directory}/src-version ${cfg.dataDir}/src-version
        ${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
      '';
    in mkIf cfg.sync.enable {
      services.nextcloud-paperless-autosync = {
        unitConfig = {
          Description = "Auto sync paperless to or from Nextcloud";
          After = "network-online.target";
        };
        serviceConfig = {
          Type = "simple";
          ExecStart= if cfg.sync.masterNode then "${copy-out}/bin/copy-out" else "${copy-in}/bin/copy-in";
          TimeoutStopSec = "180";
          KillMode = "process";
          KillSignal = "SIGINT";
        };
        wantedBy = ["multi-user.target"];
      };
      timers.nextcloud-paperless-autosync = {
        unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 30 minutes";
        timerConfig.OnUnitActiveSec = "30min";
        wantedBy = ["multi-user.target" "timers.target"];
      };
    };
  };
 }
--- a/modules/paranoia/default.nix
+++ b/modules/paranoia/default.nix
@ -1,57 +0,0 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.paranoia;
 in {
  options.pub-solar.paranoia = {
    enable = mkOption {
      description = ''
        Only offer hibernation instead of screen locking and sleeping. This only makes sense
        if your hard drive is encrypted, and ensures that the contents of your drive are
        encrypted if you are not actively using the device.
      '';
      default = false;
      type = types.bool;
    };
  };
  config = mkIf cfg.enable {
    pub-solar.core.hibernation.enable = true;
    services.logind.lidSwitch = "hibernate";
    services.tor.settings = {
      UseBridges = true;
    };
    # The options below are directly taken from or inspired by
    # https://xeiaso.net/blog/paranoid-nixos-2021-07-18
    # Don't set this if you need sftp
    services.openssh.allowSFTP = false;
    # services.openssh.openFirewall = false; # Lock yourself out
    # Limit the use of sudo to the group wheel
    security.sudo.execWheelOnly = true;
    # Remove the complete default environment of packages like
    # nano, perl and rsync
    environment.defaultPackages = lib.mkForce [];
    # fileSystems."/".options = [ "noexec" ];
    services.openssh = {
      settings.KbdInteractiveAuthentication = false;
      extraConfig = ''
        AllowTcpForwarding yes
        X11Forwarding no
        AllowAgentForwarding no
        AllowStreamLocalForwarding no
        AuthenticationMethods publickey
      '';
    };
  };
 }
--- a/modules/proxy/default.nix
+++ b/modules/proxy/default.nix
@ -1,28 +0,0 @@
 {
  flake,
  config,
  pkgs,
  lib,
  ...
 }: {
  networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
  # Caddy reverse proxy for local services like cups
  services.caddy = {
    enable = true;
    globalConfig = ''
      default_bind 127.0.0.1
      auto_https off
    '';
    extraConfig = (lib.concatStringsSep "\n" [
      (lib.optionalString
        config.pub-solar.paperless.enable
        ''
          paperless.local:80 {
            request_header Host localhost:${builtins.toString config.services.paperless.port}
            reverse_proxy localhost:${builtins.toString config.services.paperless.port}
          }
        '')
    ]);
  };
 }
--- a/modules/social/default.nix
+++ b/modules/social/default.nix
@ -1,26 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.social;
 in {
  options.pub-solar.social = {
    enable = mkEnableOption "Life with others";
  };
  config = mkIf cfg.enable {
    home-manager = with pkgs;
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
          signal-desktop
          tdesktop
          element-desktop
          irssi
        ];
      };
  };
 }
--- a/modules/sway/config/config.d/mode_system.conf.nix
+++ b/modules/sway/config/config.d/mode_system.conf.nix
@ -1,50 +0,0 @@
 {
  pkgs,
  psCfg,
  ...
 }:
 ''
  # Set shut down, restart and locking features
 ''
 + (
  if psCfg.core.hibernation.enable && !psCfg.paranoia.enable
  then ''
    set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
  ''
  else if psCfg.paranoia.enable
  then ''
    set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
  ''
  else ''
    set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
  ''
 )
 + ''
  bindsym $mod+0 mode "$mode_system"
  mode "$mode_system" {
      bindsym e exec swaymsg exit, mode "default"
 ''
 + (
  if psCfg.core.hibernation.enable
  then ''
    bindsym h exec systemctl hibernate, mode "default"
  ''
  else ""
 )
 + (
  if !psCfg.paranoia.enable
  then ''
    bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
    bindsym s exec systemctl suspend, mode "default"
  ''
  else ""
 )
 + ''
      bindsym r exec systemctl reboot, mode "default"
      bindsym Shift+s exec systemctl poweroff, mode "default"
      # exit system mode: "Enter" or "Escape"
      bindsym Return mode "default"
      bindsym Escape mode "default"
  }
 ''
--- a/modules/sway/default.nix
+++ b/modules/sway/default.nix
@ -1,118 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  psCfg = config.pub-solar;
 in {
  options.pub-solar.sway = {
    enable = mkEnableOption "Life in boxes";
    terminal = mkOption {
      type = types.nullOr types.str;
      default = "alacritty";
      description = "Choose sway's default terminal";
    };
    vnc.enable = mkEnableOption "Enable vnc service";
    v4l2loopback.enable = mkOption {
      type = types.bool;
      default = true;
      description = "WebCam streaming tool";
    };
  };
  config = mkIf psCfg.sway.enable (mkMerge [
    (mkIf (psCfg.sway.v4l2loopback.enable) {
      boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
      boot.kernelModules = ["v4l2loopback"];
      boot.extraModprobeConfig = ''
        options v4l2loopback exclusive_caps=1 devices=3
      '';
    })
    {
      environment.systemPackages = with pkgs; [
        linuxPackages.v4l2loopback
      ];
      programs.sway.enable = true;
      xdg.portal = {
        enable = true;
        wlr = {
          enable = true;
          settings = {
            screencast = {
              max_fps = 30;
              chooser_type = "simple";
              chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
            };
          };
        };
        extraPortals = with pkgs; [xdg-desktop-portal-gtk];
      };
      services.pipewire.enable = true;
      home-manager = with pkgs;
        pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
          home.packages = with pkgs; [
            sway
            grim
            kanshi
            mako
            slurp
            swayidle
            swaylock
            swaybg
            xwayland
            libappindicator-gtk3
            wl-clipboard
            wf-recorder
            brightnessctl
            gammastep
            geoclue2
            xsettingsd
            ydotool
            sway-launcher
            record-screen
            import-gtk-settings
            s
            wcwd
          ];
          programs.waybar.enable = true;
          #programs.waybar.systemd.enable = true;
          systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
          systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
          systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
          systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
          systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
          systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
          systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
          xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix {
            inherit psCfg;
            inherit pkgs;
          };
          xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
          xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
          xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
          xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
          xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
          xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
          xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
          xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
        };
    }
  ]);
 }
--- a/modules/sway/swayidle.service.nix
+++ b/modules/sway/swayidle.service.nix
@ -1,35 +0,0 @@
 {
  pkgs,
  psCfg,
  ...
 }: {
  Unit = {
    Description = "Idle manager for Wayland";
    Documentation = ["man:swayidle(1)"];
    BindsTo = ["graphical-session.target"];
    Wants = ["graphical-session-pre.target"];
    After = ["graphical-session-pre.target"];
  };
  Service = {
    Type = "simple";
    Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
    ExecStart =
      ''        swayidle -w \
                after-resume 'swaymsg "output * dpms on"' \
                before-sleep 'swaylock-bg' ''
      + (
        if psCfg.paranoia.enable
        then ''          \
                timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
                timeout 150 'systemctl hibernate'
        ''
        else ''          \
                timeout 600 'swaylock-bg' \
                timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
        ''
      );
  };
  Install = {
    WantedBy = ["sway-session.target"];
  };
 }
--- a/modules/sway/wayvnc.service.nix
+++ b/modules/sway/wayvnc.service.nix
@ -1,18 +0,0 @@
 pkgs: {
  Unit = {
    Description = "A VNC server for wlroots based Wayland compositors ";
    Documentation = "https://github.com/any1/wayvnc";
    BindsTo = ["sway-session.target"];
    After = ["graphical-session-pre.target" "network-online.target"];
    Wants = ["graphical-session-pre.target" "network-online.target"];
  };
  Service = {
    Type = "simple";
    ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
  };
  Install = {
    WantedBy = ["sway-session.target"];
  };
 }
--- a/modules/terminal-life/.config/git/config.nix
+++ b/modules/terminal-life/.config/git/config.nix
--- a/modules/terminal-life/.config/git/gitmessage.nix
+++ b/modules/terminal-life/.config/git/gitmessage.nix
--- a/modules/terminal-life/.config/git/global_gitignore.nix
+++ b/modules/terminal-life/.config/git/global_gitignore.nix
--- a/modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json
+++ b/modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json
--- a/modules/terminal-life/.local/share/scripts/base16.sh
+++ b/modules/terminal-life/.local/share/scripts/base16.sh
--- a/modules/terminal-life/default.nix
+++ b/modules/terminal-life/default.nix
@ -9,31 +9,25 @@ with lib; let
  cfg = config.pub-solar.terminal-life;
 in {
  options.pub-solar.terminal-life = {
-    enable = mkEnableOption "Life in black and white";
+    full = mkOption {
    lite = mkOption {
      description = ''
-        Enable a lite edition of terminal-life with less modules and a reduced package set.
+        Enable a full version
      '';
-      default = false;
+      default = true;
      type = types.bool;
    };
  };
-  config = mkIf cfg.enable {
+  config = {
    programs.command-not-found.enable = false;
-    home-manager = with pkgs;
+    users.users."${psCfg.user.name}".packages = with pkgs; [
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
        home.packages = [
      ack
      asciinema
      bat
      blesh
      exa
      fd
          gh
          glow
      jump
      (nnn.overrideAttrs (o: {
        patches =
@ -48,6 +42,19 @@ in {
      watson
    ];
    home-manager.users."${psCfg.user.name}" = {
      xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
      programs.less = {
        enable = true;
        keys = ''
          k forw-line
          i back-line
          K forw-scroll
          I back-scroll
        '';
      };
      # Starship is a fast and featureful shell prompt
      # starship.toml has sane defaults that can be changed there
      programs.starship = {
@ -71,8 +78,29 @@ in {
        inherit pkgs;
        inherit lib;
      };
      # Ensure nvim backup directory gets created
      # Workaround for E510: Can't make backup file (add ! to override)
      xdg.dataFile."nvim/backup/.keep".text = "";
      xdg.dataFile."nvim/json-schemas/.keep".text = "";
      # Generated with:
      # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
      xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
      xdg.dataFile."nvim/templates/.keep".text = "";
      programs.git = import ./git {};
      xdg.configFile."git/config".text = import ./.config/git/config.nix {
        inherit config;
        inherit pkgs;
      };
      xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
        inherit config;
        inherit pkgs;
      };
      xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
        inherit config;
        inherit pkgs;
      };
      programs.direnv = import ./direnv {};
    };
  };
--- a/modules/terminal-life/nvim/default.nix
+++ b/modules/terminal-life/nvim/default.nix
@ -21,7 +21,7 @@ in {
  withPython3 = true;
  extraPackages = with pkgs;
-    lib.mkIf (!cfg.lite) [
+    lib.mkIf (cfg.full) [
      ansible-language-server
      ccls
      gopls
@ -44,9 +44,7 @@ in {
      universal-ctags
    ];
-  plugins = with pkgs.vimPlugins;
+  plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
    []
    ++ lib.optionals (!cfg.lite) [
    (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
      p.ini
      p.json
--- a/modules/uhk/default.nix
+++ b/modules/uhk/default.nix
@ -6,14 +6,8 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.uhk;
 in {
-  options.pub-solar.uhk = {
+  users.users."${psCfg.user.name}".packages = with pkgs; [
    enable = mkEnableOption "Ultimate Hacking Keyboard";
  };
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
    uhk-agent
  ];
@ -22,10 +16,10 @@ in {
  services.udev.packages = with pkgs; [
    uhk-agent
  ];
  services.udev.extraRules = ''
    SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
    KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
  '';
  };
 }
--- a/modules/user/default.nix
+++ b/modules/user/default.nix
@ -55,8 +55,7 @@ with lib; {
    users = {
      mutableUsers = false;
-      users = with pkgs;
+      users."${psCfg.user.name}" = {
        pkgs.lib.setAttrByPath [psCfg.user.name] {
        # Indicates whether this is an account for a “real” user.
        # This automatically sets group to users, createHome to true,
        # home to /home/username, useDefaultShell to true, and isSystemUser to false.
--- a/modules/user/home.nix
+++ b/modules/user/home.nix
@ -12,7 +12,7 @@ in {
    ./session-variables.nix
  ];
-  home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
+  home-manager.users."${psCfg.user.name}" = {
    # Let Home Manager install and manage itself.
    programs.home-manager.enable = true;
@ -22,66 +22,14 @@ in {
    home.homeDirectory = "/home/${psCfg.user.name}";
    home.stateVersion = "22.11";
    home.packages = with pkgs; [];
    fonts.fontconfig.enable = mkForce true;
    programs.dircolors.enable = true;
    programs.less = {
      enable = true;
      keys = ''
        k forw-line
        i back-line
        K forw-scroll
        I back-scroll
      '';
    };
    home.file."xinitrc".source = ./.xinitrc;
    xdg.enable = true;
    xdg.mime.enable = true;
    xdg.mimeApps = import ./mimeapps.nix;
    xdg.configFile."git/config".text = import ./.config/git/config.nix {
      inherit config;
      inherit pkgs;
    };
    xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
      inherit config;
      inherit pkgs;
    };
    xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
      inherit config;
      inherit pkgs;
    };
    xdg.configFile."dircolors".source = ./.config/dircolors;
    xdg.configFile."xmodmap".source = ./.config/xmodmap;
    xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
    xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
    xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
    xdg.configFile."mako/config".source = ./.config/mako/config;
    xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
    xdg.configFile."waybar/config".source = ./.config/waybar/config;
    xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
    xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
    xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
    xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
    xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
    xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
    xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
    # Ensure nvim backup directory gets created
    # Workaround for E510: Can't make backup file (add ! to override)
    xdg.dataFile."nvim/backup/.keep".text = "";
    xdg.dataFile."nvim/json-schemas/.keep".text = "";
    # Generated with:
    # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
    xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
    xdg.dataFile."nvim/templates/.keep".text = "";
    xdg.dataFile."scripts/.keep".text = "";
    xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
    xdg.dataFile."shell.nix.tmpl" = {
      text = ''
        let
--- a/modules/user/session-variables.nix
+++ b/modules/user/session-variables.nix
@ -5,7 +5,6 @@
  ...
 }: let
  psCfg = config.pub-solar;
  wlroots = psCfg.graphical.wayland;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
  variables = {
    XDG_CONFIG_HOME = xdg.configHome;
@ -20,10 +19,6 @@
    ECORE_EVAS_ENGINE = "wayland_egl";
    ELM_ENGINE = "wayland_egl";
    SDL_VIDEODRIVER = "wayland";
    WLR_RENDERER =
      if wlroots.software-renderer.enable
      then "pixman"
      else "gles2";
    EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
    VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation/default.nix
@ -6,18 +6,7 @@
 }:
 with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.virtualisation;
  doesGaming = config.pub-solar.gaming.enable;
  extraObsPlugins =
    if doesGaming
    then [pkgs.obs-studio-plugins.looking-glass-obs]
    else [];
 in {
  options.pub-solar.virtualisation = {
    enable = mkEnableOption "Life in libvirt";
  };
  config = mkIf cfg.enable {
  boot.kernelParams = [
    "amd_iommu=on"
    "intel_iommu=on"
@ -28,13 +17,11 @@ in {
    enable = true;
    qemu.ovmf.enable = true;
  };
-    users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
+  users.users."${psCfg.user.name}" = {
    extraGroups = ["libvirtd"];
  };
  environment.systemPackages = with pkgs; [
      coreutils-full
      usbutils
    libvirt
    libvirt-glib
    qemu
@ -48,10 +35,9 @@ in {
    lgcl
  ];
-    home-manager = with pkgs;
+  home-manager.users."${psCfg.user.name}" = {
      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
    xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
-        home.packages = extraObsPlugins;
+    home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
  };
  systemd.tmpfiles.rules = [
@ -66,5 +52,4 @@ in {
      }
    ];
  };
  };
 }
--- a/Show more
+++ b/Show more