Fix CI runner, get secrets from file

CI Runner
Barebones ci-runner module
2022-08-13 22:03:08 +02:00 · 2022-08-13 21:23:07 +02:00 · 2022-08-13 20:38:41 +02:00 · 2022-08-13 12:14:16 +02:00 · 2022-08-10 22:43:54 +02:00 · 2022-08-10 22:43:31 +02:00
79 changed files with 1680 additions and 66 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -24,6 +24,14 @@ charset = unset
 indent_style = unset
 indent_size = unset

+[*.rom]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+charset = unset
+indent_style = unset
+indent_size = unset
+
 [*.py]
 indent_size = 4

--- a/.gitignore
+++ b/.gitignore
@ -7,7 +7,7 @@ vm
 iso
 doi

-pkgs/_sources/.shake*
-
+# PubSolarOS
 tags
 /owners
+pkgs/_sources/.shake*
--- a/doc/book.toml
+++ b/doc/book.toml
@ -3,4 +3,4 @@ authors = ["Timothy DeHerrera"]
 language = "en"
 multilingual = false
 src = "."
-title = "devos docs"
+title = "PubSolarOS documentation"
--- a/flake.lock
+++ b/flake.lock
@ -145,7 +145,7 @@
    },
    "devshell": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "digga",
          "nixpkgs"
@ -266,7 +266,7 @@
    },
    "flake-utils-plus": {
      "inputs": {
-        "flake-utils": "flake-utils_3"
+        "flake-utils": "flake-utils_4"
      },
      "locked": {
        "lastModified": 1654029967,
@ -284,6 +284,21 @@
      }
    },
    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1649676176,
+        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
      "locked": {
        "lastModified": 1642700792,
        "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@ -298,7 +313,7 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "flake-utils_4": {
      "locked": {
        "lastModified": 1644229661,
        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
@ -313,7 +328,7 @@
        "type": "github"
      }
    },
-    "flake-utils_4": {
+    "flake-utils_5": {
      "locked": {
        "lastModified": 1656928814,
        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
@ -328,7 +343,7 @@
        "type": "github"
      }
    },
-    "flake-utils_5": {
+    "flake-utils_6": {
      "locked": {
        "lastModified": 1649676176,
        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
@ -418,7 +433,7 @@
    },
    "nix-dram": {
      "inputs": {
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_5",
        "nixpkgs": [
          "latest"
        ]
@ -471,7 +486,7 @@
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1657748715,
@ -535,6 +550,21 @@
      }
    },
    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1651340061,
+        "narHash": "sha256-/+4FmvMfUw2IQXiVyMJMNdhf6mEodFRQRHIwUeVEZmk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d510b23805c37a5b11b86dc3ba8723fcaa6f4539",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1637186689,
        "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
@ -565,7 +595,7 @@
    "nvfetcher": {
      "inputs": {
        "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_6",
        "nixpkgs": [
          "nixos"
        ]
@ -586,16 +616,8 @@
    },
    "poetry2nix": {
      "inputs": {
-        "flake-utils": [
-          "bud",
-          "beautysh",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "bud",
-          "beautysh",
-          "nixpkgs"
-        ]
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1633382856,
@ -611,6 +633,22 @@
        "type": "github"
      }
    },
+    "pub-solar": {
+      "locked": {
+        "lastModified": 1654369474,
+        "narHash": "sha256-omGF0Ws0l/HE+S08hDObnNptPwM+dVhnA8ya+TAKBHI=",
+        "owner": "pub-solar",
+        "repo": "nixpkgs",
+        "rev": "0b509c42845cea8389e02dcb589eec1c8a165f10",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pub-solar",
+        "ref": "fix/use-latest-unstable-yubikey-agent",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "agenix": "agenix",
@ -626,7 +664,8 @@
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nur": "nur",
-        "nvfetcher": "nvfetcher"
+        "nvfetcher": "nvfetcher",
+        "pub-solar": "pub-solar"
      }
    },
    "utils": {
--- a/flake.nix
+++ b/flake.nix
@ -10,6 +10,7 @@
      # Track channels with commits tested and built by hydra
      nixos.url = "github:nixos/nixpkgs/nixos-22.05";
      latest.url = "github:nixos/nixpkgs/nixos-unstable";
+      pub-solar.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";

      digga.url = "github:divnix/digga";
      digga.inputs.nixpkgs.follows = "nixos";
@ -122,6 +123,10 @@
              iso = base ++ [ base-user graphical pub-solar-iso ];
              pubsolaros = [ core full-install base-user users.root ];
              anonymous = [ pubsolaros users.pub-solar ];
+
+              b12f = pubsolaros ++ [ users.ben social gaming mobile ];
+              biolimo = b12f ++ [ graphical ];
+              chocolatebar = b12f ++ [ graphical virtualisation ];
            };
          };
        };
@ -132,11 +137,12 @@
          importables = rec {
            profiles = digga.lib.rakeLeaves ./users/profiles;
            suites = with profiles; rec {
-              base = [ direnv git ];
+              base = [ direnv ];
            };
          };
          users = {
            pub-solar = { suites, ... }: { imports = suites.base; };
+            ben = { suites, ... }: { imports = suites.base; };
          }; # digga.lib.importers.rakeLeaves ./users/hm;
        };

--- a/hosts/biolimo/.config/sway/config.d/autostart.conf
+++ b/hosts/biolimo/.config/sway/config.d/autostart.conf
@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc
--- a/hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
+++ b/hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
--- a/hosts/biolimo/.config/sway/config.d/input-defaults.conf
+++ b/hosts/biolimo/.config/sway/config.d/input-defaults.conf
@ -0,0 +1,9 @@
+input "1739:0:Synaptics_TM3288-011" {
+  dwt enabled
+  tap enabled
+  middle_emulation enabled
+}
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}
--- a/hosts/biolimo/.config/sway/config.d/screens.conf
+++ b/hosts/biolimo/.config/sway/config.d/screens.conf
@ -0,0 +1,20 @@
+set $internal eDP-1
+set $middle "Hewlett Packard HP E231 3CQ4290S5J"
+set $standup "Hewlett Packard HP E231 3CQ4251F33"
+
+output $internal {
+  scale 1
+  pos 1080 1080
+}
+
+output $middle {
+  scale 1
+
+  pos 1080 0
+}
+
+output $standup {
+  scale 1
+  transform 90
+  pos 0 0
+}
--- a/hosts/biolimo/biolimo.nix
+++ b/hosts/biolimo/biolimo.nix
@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+  ];
+
+  config = {
+    hardware.cpu.intel.updateMicrocode = true;
+
+    networking.firewall.allowedTCPPorts = [ 5000 ];
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+    };
+  };
+}
--- a/hosts/biolimo/configuration.nix
+++ b/hosts/biolimo/configuration.nix
@ -0,0 +1,26 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
+
--- a/hosts/biolimo/default.nix
+++ b/hosts/biolimo/default.nix
@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./biolimo.nix
+  ] ++ suites.biolimo;
+}
--- a/hosts/biolimo/hardware-configuration.nix
+++ b/hosts/biolimo/hardware-configuration.nix
@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/3B67-0CAB";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 18 * 1024;  # 18 GB
+    }
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
--- a/hosts/chocolatebar/.config/sway/config.d/autostart.conf
+++ b/hosts/chocolatebar/.config/sway/config.d/autostart.conf
@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc
--- a/hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
+++ b/hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
--- a/hosts/chocolatebar/.config/sway/config.d/input-defaults.conf
+++ b/hosts/chocolatebar/.config/sway/config.d/input-defaults.conf
@ -0,0 +1,4 @@
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}
--- a/hosts/chocolatebar/.config/sway/config.d/screens.conf
+++ b/hosts/chocolatebar/.config/sway/config.d/screens.conf
@ -0,0 +1,18 @@
+set $left DP-3
+set $middle DP-1
+set $right HDMI-A-1
+
+output $left {
+  scale 1
+  pos 0 0
+}
+
+output $middle {
+  scale 1
+  pos 1920 0
+}
+
+output $right {
+  scale 1
+  pos 3840 0
+}
--- a/hosts/chocolatebar/chocolatebar.nix
+++ b/hosts/chocolatebar/chocolatebar.nix
@ -0,0 +1,48 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+    ./virtualisation
+  ];
+
+  config = {
+    hardware.cpu.amd.updateMicrocode = true;
+
+    hardware.opengl.extraPackages = with pkgs; [
+      rocm-opencl-icd
+      rocm-opencl-runtime
+    ];
+
+    services.openssh.openFirewall = true;
+    networking.firewall.allowedTCPPorts = mkIf psCfg.sway.vnc.enable [ 5901 ];
+
+    environment.systemPackages = with pkgs; [
+      wayvnc
+      drone-docker-runner
+    ];
+
+    age.secrets."vnc-key.pem" = {
+      file = "${self}/secrets/vnc-key-chocolatebar.pem";
+      mode = "700";
+      owner = psCfg.user.name;
+    };
+    age.secrets."vnc-cert.pem" = {
+      file = "${self}/secrets/vnc-cert-chocolatebar.pem";
+      mode = "700";
+      owner = psCfg.user.name;
+    };
+    pub-solar.sway.vnc.enable = true;
+    pub-solar.ci-runner.enable = true;
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+  };
+}
--- a/hosts/chocolatebar/configuration.nix
+++ b/hosts/chocolatebar/configuration.nix
@ -0,0 +1,25 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
--- a/hosts/chocolatebar/default.nix
+++ b/hosts/chocolatebar/default.nix
@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./chocolatebar.nix
+  ] ++ suites.chocolatebar;
+}
--- a/hosts/chocolatebar/hardware-configuration.nix
+++ b/hosts/chocolatebar/hardware-configuration.nix
@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbcore" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/a3a74208-b244-4268-b374-e58265810fce";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/afcde41f-9811-4ac8-bb7b-a683844acc5c";
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/12FD-62A8";
+      fsType = "vfat";
+    };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 68 * 1024; # 68 GB
+    }
+  ];
+
+}
--- a/hosts/chocolatebar/virtualisation/create-service.nix
+++ b/hosts/chocolatebar/virtualisation/create-service.nix
@ -0,0 +1,96 @@
+{ config, pkgs, lib, vm, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
+  generateXML = import ./guest-xml.nix;
+in
+{
+  serviceConfig = {
+    Type = "oneshot";
+    RemainAfterExit = "yes";
+    Restart = "no";
+  };
+
+  script =
+    let
+      networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
+      machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
+    in
+    ''
+      echo "Checking if ${vm.name} is already running"
+      STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
+      if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
+        echo "Domain ${vm.name} is already running or in an inconsistent state:"
+        ${pkgs.libvirt}/bin/virsh list --all
+        exit 0
+      fi
+
+      echo "Creating network XML"
+      NET_TMP_FILE="/tmp/network.xml"
+
+      NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
+      (sed "s/UUID/$NETUUID/" '${networkXML}') > "$NET_TMP_FILE"
+
+      echo "Defining and starting network"
+      ${pkgs.libvirt}/bin/virsh net-define "$NET_TMP_FILE"
+      ${pkgs.libvirt}/bin/virsh net-start 'default' || true
+
+      VARS_FILE=${varsFile}
+      if [ ! -f "$VARS_FILE" ]; then
+        echo "Copying vars filej"
+        cp /run/libvirt/nix-ovmf/OVMF_VARS.fd "$VARS_FILE"
+      fi
+
+      echo "Replacing USB device IDs in the XML"
+      # Load the template contents into a tmp file
+      TMP_FILE="/tmp/${vm.name}.xml"
+      cat "${machineXML}" > "$TMP_FILE"
+
+      # Set VM UUID
+      UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
+      sed -i "s/UUID/''${UUID}/" "$TMP_FILE"
+
+      ${if vm.handOverUSBDevices then ''
+        # Hand over mouse
+        USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
+        LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
+        sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" "$TMP_FILE"
+
+        # Hand over keyboard
+        USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
+        USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
+        LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
+        sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" "$TMP_FILE"
+      '' else ""}
+
+      # TODO: Set correct pci address for the GPU too
+
+      # Setup looking glass shm file
+      echo "Setting up looking glass shm file"
+      ${pkgs.coreutils-full}/bin/truncate -s 0 /dev/shm/looking-glass
+      ${pkgs.coreutils-full}/bin/dd if=/dev/zero of=/dev/shm/looking-glass bs=1M count=32
+
+      # Load and start the xml definition
+      echo "Loading and starting the VM XML definition"
+      ${pkgs.libvirt}/bin/virsh define "$TMP_FILE"
+      ${pkgs.libvirt}/bin/virsh start '${vm.name}'
+    '';
+
+  preStop =
+    ''
+      ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
+      let "timeout = $(date +%s) + 10"
+      while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
+        if [ "$(date +%s)" -ge "$timeout" ]; then
+          # Meh, we warned it...
+          ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
+        else
+          # The machine is still running, let's give it some time to shut down
+          sleep 0.5
+        fi
+      done
+
+      ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
+    '';
+}
--- a/hosts/chocolatebar/virtualisation/default.nix
+++ b/hosts/chocolatebar/virtualisation/default.nix
@ -0,0 +1,54 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  createService = import ./create-service.nix;
+
+  isolateGPU = "rx550x";
+  handOverUSBDevices = true;
+
+  isolateAnyGPU = isolateGPU != null;
+in
+{
+  config = mkIf psCfg.virtualisation.enable {
+    boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
+      "softdep amdgpu pre: vfio vfio_pci"
+      (if isolateGPU == "rx5700xt"
+      then "options vfio-pci ids=1002:731f,1002:ab38"
+      else "options vfio-pci ids=1002:699f,1002:aae0"
+      )
+    ]);
+
+    systemd.user.services = {
+      vm-windows = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "windows";
+          disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
+          id = "http://microsoft.com/win/10";
+          gpu = true;
+          mountHome = false;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = handOverUSBDevices;
+        };
+      };
+      vm-manjaro = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "manjaro";
+          disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
+          id = "https://manjaro.org/download/#i3";
+          gpu = true;
+          mountHome = true;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = handOverUSBDevices;
+        };
+      };
+    };
+  };
+}
--- a/hosts/chocolatebar/virtualisation/guest-xml.nix
+++ b/hosts/chocolatebar/virtualisation/guest-xml.nix
@ -0,0 +1,246 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+  <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+    <name>${vm.name}</name>
+    <uuid>UUID</uuid>
+    <metadata>
+      <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+        <libosinfo:os id="${vm.id}"/>
+      </libosinfo:libosinfo>
+    </metadata>
+    <memory unit='KiB'>33554432</memory>
+    <currentMemory unit='KiB'>33554432</currentMemory>
+    <vcpu placement='static'>12</vcpu>
+    <cputune>
+      <vcpupin vcpu='0' cpuset='6'/>
+      <vcpupin vcpu='1' cpuset='7'/>
+      <vcpupin vcpu='2' cpuset='8'/>
+      <vcpupin vcpu='3' cpuset='9'/>
+      <vcpupin vcpu='4' cpuset='10'/>
+      <vcpupin vcpu='5' cpuset='11'/>
+      <vcpupin vcpu='6' cpuset='18'/>
+      <vcpupin vcpu='7' cpuset='19'/>
+      <vcpupin vcpu='8' cpuset='20'/>
+      <vcpupin vcpu='9' cpuset='21'/>
+      <vcpupin vcpu='10' cpuset='22'/>
+      <vcpupin vcpu='11' cpuset='23'/>
+    </cputune>
+    <resource>
+      <partition>/machine</partition>
+    </resource>
+    <os>
+      <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
+      <loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
+      <nvram>${varsFile}</nvram>
+      <boot dev='hd'/>
+    </os>
+    <features>
+      <acpi/>
+      <apic/>
+      <hyperv>
+        <relaxed state='on'/>
+        <vapic state='on'/>
+        <spinlocks state='on' retries='8191'/>
+        <vendor_id state='on' value='wahtever'/>
+      </hyperv>
+      <kvm>
+        <hidden state='on'/>
+      </kvm>
+      <vmport state='off'/>
+    </features>
+    <cpu mode='custom' match='exact' check='full'>
+      <model fallback='forbid'>EPYC-IBPB</model>
+      <vendor>AMD</vendor>
+      <topology sockets='1' dies='1' cores='6' threads='2'/>
+      <feature policy='require' name='x2apic'/>
+      <feature policy='require' name='tsc-deadline'/>
+      <feature policy='require' name='hypervisor'/>
+      <feature policy='require' name='tsc_adjust'/>
+      <feature policy='require' name='clwb'/>
+      <feature policy='require' name='umip'/>
+      <feature policy='require' name='stibp'/>
+      <feature policy='require' name='arch-capabilities'/>
+      <feature policy='require' name='ssbd'/>
+      <feature policy='require' name='xsaves'/>
+      <feature policy='require' name='cmp_legacy'/>
+      <feature policy='require' name='perfctr_core'/>
+      <feature policy='require' name='clzero'/>
+      <feature policy='require' name='wbnoinvd'/>
+      <feature policy='require' name='amd-ssbd'/>
+      <feature policy='require' name='virt-ssbd'/>
+      <feature policy='require' name='rdctl-no'/>
+      <feature policy='require' name='skip-l1dfl-vmentry'/>
+      <feature policy='require' name='mds-no'/>
+      <feature policy='require' name='pschange-mc-no'/>
+      <feature policy='disable' name='monitor'/>
+      <feature policy='disable' name='svm'/>
+      <feature policy='require' name='topoext'/>
+    </cpu>
+    <clock offset='utc'>
+      <timer name='rtc' tickpolicy='catchup'/>
+      <timer name='pit' tickpolicy='delay'/>
+      <timer name='hpet' present='no'/>
+    </clock>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    <pm>
+      <suspend-to-mem enabled='no'/>
+      <suspend-to-disk enabled='no'/>
+    </pm>
+    <devices>
+      <emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
+      <disk type='block' device='disk'>
+        <driver name='qemu' type='raw' cache='none' discard='unmap' />
+        <source dev='${vm.disk}'/>
+        <backingStore/>
+        <target dev='vdb' bus='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+      </disk>
+      <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+        <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='sata' index='0'>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+      </controller>
+      <controller type='pci' index='0' model='pcie-root'/>
+      <controller type='pci' index='1' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='1' port='0x10'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+      </controller>
+      <controller type='pci' index='2' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='2' port='0x11'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+      </controller>
+      <controller type='pci' index='3' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='3' port='0x12'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+      </controller>
+      <controller type='pci' index='4' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='4' port='0x13'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+      </controller>
+      <controller type='pci' index='5' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='5' port='0x14'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+      </controller>
+      <controller type='pci' index='6' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='6' port='0x15'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+      </controller>
+      <controller type='pci' index='7' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='7' port='0x16'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+      </controller>
+      <controller type='pci' index='8' model='pcie-to-pci-bridge'>
+        <model name='pcie-pci-bridge'/>
+        <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='pci' index='9' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='9' port='0x17'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+      </controller>
+      <controller type='virtio-serial' index='0'>
+        <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+      </controller>
+      ${if vm.mountHome then ''
+        <filesystem type='mount' accessmode='mapped'>
+          <source dir='/home/${psCfg.user.name}'/>
+          <target dir='/media/home'/>
+          <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
+        </filesystem>
+      '' else ""}
+      <interface type='network'>
+        <mac address='52:54:00:44:cd:ac'/>
+        <source network='default'/>
+        <model type='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
+      </interface>
+      <console type='pty'>
+        <target type='serial' port='0'/>
+      </console>
+      <input type='tablet' bus='usb'>
+        <address type='usb' bus='0' port='1'/>
+      </input>
+      <input type='mouse' bus='virtio'/>
+      <input type='keyboard' bus='virtio'/>
+      <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+        <listen type='address' address='127.0.0.1'/>
+        <image compression='off'/>
+      </graphics>
+      <video>
+        <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+      </video>
+      ${if vm.handOverUSBDevices then ''
+        <hostdev mode='subsystem' type='usb' managed='yes'>
+          <source>
+            <vendor id='0x046d'/>
+            <product id='0xc328'/>
+            <address bus='1' device='2'/>
+          </source>
+          <address type='usb' bus='0' port='4'/>
+        </hostdev>
+        <hostdev mode='subsystem' type='usb' managed='yes'>
+          <source>
+            <vendor id='0x046d'/>
+            <product id='0xc52b'/>
+            <address bus='1' device='3'/>
+          </source>
+          <address type='usb' bus='0' port='5'/>
+        </hostdev>
+      '' else ""}
+      ${if vm.gpu && vm.isolateGPU != null then ''
+        <hostdev mode='subsystem' type='pci' managed='yes'>
+          <driver name='vfio'/>
+          <source>
+            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
+          </source>
+          <rom bar='on' file='/etc/nixos/hosts/chocolatebar/virtualisation/${vm.isolateGPU}.rom'/>
+          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
+        </hostdev>
+        <hostdev mode='subsystem' type='pci' managed='yes'>
+          <driver name='vfio'/>
+          <source>
+            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
+          </source>
+          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
+        </hostdev>
+      '' else ""}
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='2'/>
+      </redirdev>
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='3'/>
+      </redirdev>
+      <memballoon model='virtio'>
+        <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+      </memballoon>
+      <shmem name='looking-glass'>
+        <model type='ivshmem-plain'/>
+        <size unit='M'>32</size>
+      </shmem>
+    </devices>
+    <qemu:commandline>
+      <qemu:arg value='-device'/>
+      <qemu:arg value='ich9-intel-hda,bus=pcie.0,addr=0x1b'/>
+      <qemu:arg value='-device'/>
+      <qemu:arg value='hda-micro,audiodev=hda'/>
+      <qemu:arg value='-audiodev'/>
+      <qemu:arg value='pa,id=hda,server=unix:/run/user/1001/pulse/native'/>
+    </qemu:commandline>
+  </domain>
+''
--- a/hosts/chocolatebar/virtualisation/network-xml.nix
+++ b/hosts/chocolatebar/virtualisation/network-xml.nix
@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+''
+  <network>
+    <name>default</name>
+    <uuid>UUID</uuid>
+    <forward mode='nat'>
+      <nat>
+        <port start='1024' end='65535'/>
+      </nat>
+    </forward>
+    <bridge name='virbr0' stp='on' delay='0'/>
+    <mac address='52:54:00:bd:a0:73'/>
+    <ip address='192.168.122.1' netmask='255.255.255.0'>
+      <dhcp>
+        <range start='192.168.122.2' end='192.168.122.254'/>
+      </dhcp>
+    </ip>
+  </network>
+''
--- a/hosts/chocolatebar/virtualisation/rx550x.rom
+++ b/hosts/chocolatebar/virtualisation/rx550x.rom
--- a/hosts/chocolatebar/virtualisation/rx5700xt.rom
+++ b/hosts/chocolatebar/virtualisation/rx5700xt.rom
--- a/modules/audio/mopidy.nix
+++ b/modules/audio/mopidy.nix
@ -5,7 +5,7 @@ pkgs: {
    mopidy-soundcloud
    mopidy-youtube
    mopidy-local
-    mopidy-jellyfin
+    # mopidy-jellyfin
  ];

  configuration = ''
--- a/modules/ci-runner/default.nix
+++ b/modules/ci-runner/default.nix
@ -0,0 +1,35 @@
+{ lib, config, pkgs, self, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.ci-runner;
+in
+{
+  options.pub-solar.ci-runner = {
+    enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.ci-runner = {
+      enable = true;
+
+      description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+      };
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "libvirtd.service" ];
+
+      script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
+    };
+
+    age.secrets."drone-runner-exec-config" = {
+      file = "${self}/secrets/drone-runner-exec-config";
+      mode = "700";
+      owner = "root";
+    };
+  };
+}
--- a/modules/devops/default.nix
+++ b/modules/devops/default.nix
@ -12,6 +12,7 @@ in
  config = mkIf cfg.enable {
    home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
      home.packages = [
+        croc
        drone-cli
        nmap
        pgcli
@ -20,6 +21,7 @@ in
        restic
        shellcheck
        terraform_0_15
+        tea
      ];
    };
  };
--- a/modules/mobile/default.nix
+++ b/modules/mobile/default.nix
@ -0,0 +1,19 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.mobile;
+in
+{
+  options.pub-solar.mobile = {
+    enable = mkEnableOption "Add android adb and tooling";
+  };
+
+  config = mkIf cfg.enable {
+    programs.adb.enable = true;
+
+    users.users = with pkgs; lib.setAttrByPath [ psCfg.user.name ] {
+      extraGroups = [ "adbusers" ];
+    };
+  };
+}
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -0,0 +1,37 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.paperless;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  options.pub-solar.paperless = {
+    enable = mkEnableOption "All you need to go paperless";
+    ocrLanguage = mkOption {
+      description = "OCR language";
+      type = types.str;
+      example = "eng+deu";
+      default = "eng";
+    };
+    consumptionDir = mkOption {
+      description = "Directory to be watched";
+      type = types.str;
+      example = "/var/lib/paperless/consume";
+      default = "/home/${psCfg.user.name}/Documents";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.paperless-ng = {
+      enable = true;
+      consumptionDir = cfg.consumptionDir;
+      extraConfig = {
+        PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
+      };
+    };
+    environment.systemPackages = [
+      pkgs.hplip
+    ];
+  };
+}
--- a/modules/printing/default.nix
+++ b/modules/printing/default.nix
@ -29,6 +29,7 @@ in
    hardware.sane = {
      enable = true;
      brscan4.enable = true;
+      extraBackends = [ pkgs.hplipWithPlugin ];
    };
  };
 }
--- a/modules/sway/config/config.d/applications.conf
+++ b/modules/sway/config/config.d/applications.conf
@ -14,8 +14,9 @@ assign [app_id="telegramdesktop"] $ws4
 # Launcher
 for_window [app_id="launcher" title="Alacritty"] floating enable, border pixel 10, sticky enable

+for_window [app_id="pavucontrol"] floating enable, border pixel 10, sticky enable
+
 # Floating menus
-for_window [app_id="pavucontrol"] floating enable
 for_window [app_id="blueman-manager"] floating enable

 # Open specific applications in floating mode
@ -60,10 +61,14 @@ for_window [window_type="dialog"] floating enable
 for_window [window_type="menu"] floating enable
 for_window [title="About Mozilla Firefox"] floating enable
 for_window [title="Password Required - Mozilla Firefox"] floating enable
-for_window [title="Firefox — Sharing Indicator"] move to workspace $ws7, floating enable
-no_focus   [title="Firefox — Sharing Indicator"]
 for_window [title="Extension: (Open in Browser)*"] floating enable

+# Technical media stuff happens on ws7
+for_window [app_id="screen-recorder" title="Alacritty"] move to workspace $ws7, floating disable
+no_focus   [app_id="screen-recorder"]
+for_window [title="Firefox — Sharing Indicator"] move to workspace $ws7, floating disable
+no_focus   [title="Firefox — Sharing Indicator"]
+
 # qMasterPassword floating menu
 for_window [title="qMasterPassword"] focus
 for_window [title="qMasterPassword"] floating enable
--- a/modules/sway/config/config.d/custom-keybindings.conf
+++ b/modules/sway/config/config.d/custom-keybindings.conf
@ -13,21 +13,26 @@ bindsym $mod+Ctrl+m exec pavucontrol
 ################################################################################################

 # Quickstart application shortcuts
-bindsym $mod+F1 exec qMasterPassword
+bindsym $mod+F1 exec psos help
+bindsym $mod+Shift+h exec psos help
+
 bindsym $mod+F2 exec firefox
+
 bindsym $mod+F3 exec $term -e vifm
 bindsym $mod+Shift+F3 exec gksu $term -e vifm
+
 bindsym $mod+F4 exec nautilus -w
 bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
-bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config'
-bindsym $mod+Shift+m exec mu
-bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf

-# Screenshofts
+bindsym $mod+Shift+m exec qMasterPassword
+
+# Screenshots and screen recordings
 bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
 bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
 bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )"

+bindsym $mod+Ctrl+r exec record-screen
+
 # Launcher
 set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
 bindsym $mod+Space exec $menu
@ -47,3 +52,11 @@ mode "$mode_system" {
    bindsym Return mode "default"
    bindsym Escape mode "default"
 }
+
+set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
+bindsym $mod+Num_Lock mode "$mode_vncclient"
+bindsym $mod+Shift+Escape mode "$mode_vncclient"
+mode "$mode_vncclient" {
+    bindsym $mod+Num_Lock mode "default"
+    bindsym $mod+Shift+Escape mode "default"
+}
--- a/modules/sway/config/config.nix
+++ b/modules/sway/config/config.nix
@ -50,7 +50,7 @@
      floating_modifier $mod normal

      # Reload the configuration file
-      bindsym $mod+Ctrl+r reload
+      bindsym $mod+F5 reload

  #
  # Moving around:
--- a/modules/sway/config/wayvnc/config.nix
+++ b/modules/sway/config/wayvnc/config.nix
@ -0,0 +1,8 @@
+{ psCfg, pkgs }: "
+address=0.0.0.0
+enable_auth=true
+username=${psCfg.user.name}
+password=testtest
+private_key_file=/run/agenix/vnc-key.pem
+certificate_file=/run/agenix/vnc-cert.pem
+"
--- a/modules/sway/default.nix
+++ b/modules/sway/default.nix
@ -7,17 +7,21 @@ in
 {
  options.pub-solar.sway = {
    enable = mkEnableOption "Life in boxes";
-  };
-  options.pub-solar.sway.terminal = mkOption {
+
+    terminal = mkOption {
      type = types.nullOr types.str;
      default = "alacritty";
      description = "Choose sway's default terminal";
    };
-  options.pub-solar.sway.v4l2loopback.enable = mkOption {
+
+    vnc.enable = mkEnableOption "Enable vnc service";
+
+    v4l2loopback.enable = mkOption {
      type = types.bool;
      default = true;
      description = "WebCam streaming tool";
    };
+  };

  config = mkIf cfg.enable (mkMerge [
    (mkIf (cfg.v4l2loopback.enable) {
@ -77,6 +81,7 @@ in

          swaylock-bg
          sway-launcher
+          record-screen
          import-gtk-settings
          s
          wcwd
@ -92,6 +97,8 @@ in
        systemd.user.services.waybar = import ./waybar.service.nix pkgs;
        systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs;

+        systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs);
+
        xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
        xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
        xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
@ -99,6 +106,7 @@ in
        xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
        xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
        xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
+        xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
      };
    })
  ]);
--- a/modules/sway/wayvnc.service.nix
+++ b/modules/sway/wayvnc.service.nix
@ -0,0 +1,19 @@
+pkgs:
+{
+  Unit = {
+    Description = "A VNC server for wlroots based Wayland compositors ";
+    Documentation = "https://github.com/any1/wayvnc";
+    BindsTo = [ "sway-session.target" ];
+    After = [ "graphical-session-pre.target" "network-online.target" ];
+    Wants = [ "graphical-session-pre.target" "network-online.target" ];
+  };
+
+  Service = {
+    Type = "simple";
+    ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
+  };
+
+  Install = {
+    WantedBy = [ "sway-session.target" ];
+  };
+}
--- a/modules/terminal-life/nvim/default.nix
+++ b/modules/terminal-life/nvim/default.nix
@ -35,6 +35,16 @@ let
    };
  };

+  vim-mdx-js = pkgs.vimUtils.buildVimPlugin {
+    name = "vim-mdx-js";
+    src = pkgs.fetchFromGitHub {
+      owner = "jxnblk";
+      repo = "vim-mdx-js";
+      rev = "17179d7f2a73172af5f9a8d65b01a3acf12ddd50";
+      sha256 = "wfYCvw9JVGG8p8PQhRPT6CeGGf2OVz9SR2KQM0LjQhY=";
+    };
+  };
+
  apprentice = pkgs.vimUtils.buildVimPlugin {
    name = "vim-apprentice";
    src = pkgs.fetchFromGitHub {
@ -69,13 +79,13 @@ in
    nodePackages.vue-language-server
    nodePackages.vscode-langservers-extracted
    nodePackages.yaml-language-server
+    vscode-extensions.angular.ng-template
    python39Packages.python-lsp-server
    python3Full
    solargraph
    rnix-lsp
    rust-analyzer
    terraform-ls
-    universal-ctags
  ];

  plugins = with pkgs.vimPlugins; [
@ -96,7 +106,6 @@ in
    quick-scope
    suda-vim
    syntastic
-    vim-gutentags
    vim-vinegar
    workspace

@ -133,6 +142,7 @@ in
    vim-toml
    vim-vue
    yats-vim
+    vim-mdx-js
  ];

  extraConfig = builtins.concatStringsSep "\n" [
--- a/modules/terminal-life/nvim/lsp.vim
+++ b/modules/terminal-life/nvim/lsp.vim
@ -74,7 +74,8 @@ lua <<EOF

  -- Add additional capabilities supported by nvim-cmp
  local capabilities = vim.lsp.protocol.make_client_capabilities()
-  capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities)
+  -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
+  capabilities.textDocument.completion.completionItem.snippetSupport = true

  -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
  capabilities.textDocument.completion.completionItem.snippetSupport = true
@ -162,6 +163,13 @@ lua <<EOF
    end
  end -- ‡

+  -- configure floating diagnostics appearance, symbols
+  local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
+  for type, icon in pairs(signs) do
+    local hl = "DiagnosticSign" .. type
+    vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
+  end
+
  -- Set completeopt to have a better completion experience
  vim.o.completeopt = 'menuone,noselect'

--- a/modules/terminal-life/zsh/default.nix
+++ b/modules/terminal-life/zsh/default.nix
@ -106,6 +106,5 @@ in
    source ${pkgs.fzf}/share/fzf/completion.zsh
    source ${pkgs.git-bug}/share/zsh/site-functions/git-bug
    eval "$(direnv hook zsh)"
-  ''
-  + builtins.readFile ./fzf.zsh;
+  '';
 }
--- a/modules/x-os/boot.nix
+++ b/modules/x-os/boot.nix
@ -1,8 +1,8 @@
 { config, pkgs, lib, ... }:
-with lib;
 let
  cfg = config.pub-solar.x-os;
 in
+with lib;
 {
  options.pub-solar.x-os.iso-options.enable = mkOption {
    type = types.bool;
--- a/modules/x-os/networking.nix
+++ b/modules/x-os/networking.nix
@ -19,7 +19,7 @@ in
    iwdConfig = mkOption {
      type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ])));
      default = null;
-      description = "Configuratoin of iNet Wireless Daemon.";
+      description = "Configuration of iNet Wireless Daemon.";
    };
  };
  config = {
@ -34,20 +34,26 @@ in

    # These entries get added to /etc/hosts
    networking.hosts = {
-      "127.0.0.1" = [ "cups.local" ];
+      "127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ];
    };

    # Caddy reverse proxy for local services like cups
    services.caddy = {
      enable = true;
      globalConfig = ''
+        default_bind 127.0.0.1
        auto_https off
      '';
      extraConfig = ''
-        cups.local:80
-        bind 127.0.0.1
+        cups.local:80 {
          request_header Host localhost:631
          reverse_proxy unix//run/cups/cups.sock
+        }
+
+        help.local:80 {
+          root * ${pkgs.psos-docs}/lib/html
+          file_server
+        }
      '';
    };
  };
--- a/overlays/overrides.nix
+++ b/overlays/overrides.nix
@ -4,6 +4,8 @@ channels: final: prev: {

  inherit (channels.latest)
    cachix
+    docker
+    docker-compose
    dhall
    discord
    element-desktop
@ -19,6 +21,10 @@ channels: final: prev: {
    arduino-cli
    ;

+  inherit (channels.pub-solar)
+    yubikey-agent
+    ;
+

  haskellPackages = prev.haskellPackages.override
    (old: {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -9,6 +9,7 @@ with final; {
  mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
  mu = writeShellScriptBin "mu" (import ./mu.nix final);
  psos = writeShellScriptBin "psos" (import ./psos.nix final);
+  psos-docs = import ./psos-docs.nix final;
  s = writeShellScriptBin "s" (import ./s.nix final);
  sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
  sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
@ -16,7 +17,10 @@ with final; {
  toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
  uhk-agent = import ./uhk-agent.nix final;
  wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
-  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
+  record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);

  # ps-fixes
+
+  scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
+  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
 }
--- a/pkgs/drone-docker-runner.nix
+++ b/pkgs/drone-docker-runner.nix
@ -8,7 +8,7 @@ self: with self; ''
        --env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \
        --env=DRONE_RUNNER_CAPACITY=4 \
        --env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \
-        --publish=3000:3000 \
+        --publish=30010:30010 \
        --restart=always \
        --name=drone-runner \
        drone/drone-runner-docker:1
--- a/pkgs/psos-docs.nix
+++ b/pkgs/psos-docs.nix
@ -0,0 +1,26 @@
+self: with self;
+stdenv.mkDerivation rec {
+  pname = "psos-docs";
+  version = "0.0.1";
+  buildInputs = [
+    mdbook
+    mdbook-pdf
+  ];
+
+  src = ../docs/..; # wut
+
+  phases = [ "buildPhase" "installPhase" ];
+
+  buildPhase = ''
+    cp -r $src/doc ./doc
+    cp $src/README.md ./README.md
+    chmod ug+w -R .
+    ls -la .
+    mdbook build doc
+  '';
+
+  installPhase = ''
+    mkdir -p $out/lib/
+    cp -r doc/book $out/lib/html
+  '';
+}
--- a/pkgs/psos.nix
+++ b/pkgs/psos.nix
@ -14,6 +14,10 @@ self: with self; ''
      shift;
      exec nixos-option -I nixpkgs=/etc/nixos/lib/compat $@
      ;;
+    help)
+      shift;
+      exec xdg-open http://help.local/
+      ;;
    *)
      if [[ "$@" != "" ]]; then
        echo "Unknown command: psos $@"
--- a/pkgs/record-screen.nix
+++ b/pkgs/record-screen.nix
@ -0,0 +1,10 @@
+self: with self; ''
+  mkdir -p "$HOME/Videos/Screenrecordings"
+  GEOMETRY="$(slurp -d -b \#ffffff11)"
+  RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')"
+  FILE_LOCATION="$HOME/Videos/Screenrecordings/$(${coreutils}/bin/date +%Y%m%d_%Hh%Mm%Ss)_$RESOLUTION.mp4"
+  echo "Recording $GEOMETRY into $FILE_LOCATION"
+  ${alacritty}/bin/alacritty \
+    --class screen-recorder \
+    -e ${wf-recorder}/bin/wf-recorder -g "$GEOMETRY" -f "$FILE_LOCATION"
+''
--- a/pkgs/scan2paperless.nix
+++ b/pkgs/scan2paperless.nix
@ -0,0 +1,3 @@
+self: with self; ''
+  export PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.sane-frontends pkgs.sane-backends pkgs.ghostscript pkgs.imagemagick ]}
+''
--- a/profiles/base-user/home.nix
+++ b/profiles/base-user/home.nix
@ -9,7 +9,7 @@ in
    ./session-variables.nix
  ];

-  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+  home-manager.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
    # Let Home Manager install and manage itself.
    programs.home-manager.enable = true;

--- a/profiles/gaming/default.nix
+++ b/profiles/gaming/default.nix
@ -3,7 +3,4 @@ let inherit (lib) fileContents;
 in
 {
  pub-solar.gaming.enable = true;
-  pub-solar.docker.enable = true;
-  pub-solar.docker.enable = true;
-  pub-solar.docker.enable = true;
-};
+}
--- a/profiles/mobile/default.nix
+++ b/profiles/mobile/default.nix
@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.mobile.enable = true;
+}
--- a/profiles/virtualisation/default.nix
+++ b/profiles/virtualisation/default.nix
@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.virtualisation.enable = true;
+}
--- a/secrets/crypto_keyfile-chocolatebar.bin
+++ b/secrets/crypto_keyfile-chocolatebar.bin
--- a/secrets/hdd_keyfile-chocolatebar.bin
+++ b/secrets/hdd_keyfile-chocolatebar.bin
--- a/secrets/keyfile-biolimo.bin
+++ b/secrets/keyfile-biolimo.bin
--- a/secrets/keyfile-chocolatebar.bin
+++ b/secrets/keyfile-chocolatebar.bin
--- a/secrets/mopidy.conf
+++ b/secrets/mopidy.conf
@ -0,0 +1,44 @@
+age-encryption.org/v1
+-> ssh-rsa kFDS0A
+pgJUXnYT0UgB7h8dWOBCIO6OuXwpjmBuQpJBXnI2Zh5X2fiGQVyrrcrm8VSWLHOd
+za9SME+PxcGXDGgwaGpCl8tOh93WRUC0RtNTBmoiyzrfkbQtm9gfnt51JpHscuTc
+wzZ9cxMvtKSNGsCuK5oeX9ZxVgXH5QFomwvADXoy14HacgEOzLTPU6vrPrOonGAG
+kDqYDzf87V2BfPttzONoScsVsFV26EQntxDx5/8Hja4ceOvgBwm2GczUzpgfIRCA
+To+az2B1Y0h/BWMqzRAhobuN/UIQcZAKro4uf8SbpKqPQrON+k1tAE+lrMUFLx1A
+2ZayulT/Partcm6L8Yb0JAn24eXFla52XQ6JyukSbtoqZxEQIcjbM34+KFKMftIA
+M8taZIG2JWyFdHBPO4RAMyGbNpQN5hsDvJWGIJePj4bAxW7GX9JJiT7gg1iCKce3
+SINdaBt4O3RJ49wTGqJtMSJSlfzLf7s4zHx5oaozAEt84h97A2Yt/8Lg1Wmc2Aji
+Q4XG6w8OQ/Fk8E/EeSZ27udMHF94TfQ9mzbKdMJRclLDlKKlxeYA6gea4QYb6GLi
+8tY6qnDpF9jwV7ehehM9KYhJcCLw7MYNwGI6oPmTagZCRhXDYULbmK5gfkspcrZ1
+zZn5yOCwt+MA3U2NfpxNOMs0LvaGU7HOruzyD9DLp+4
+-> ssh-ed25519 TnSWKQ SWZZJeUCYeSkYwIKmrsMa/MUkNK7xIn+213hy6X51Uk
+FDzM+HzDh+5+9RI+gjTPKNT74DPSvxA+CKJpHXSMX5c
+-> ssh-rsa 8daibg
+XthUstyN7tDd/vAw3y6knQWNI1M2GEKGDzvmOXFMgwxUcBUNPZmPnZvTfmUXY81Z
+iF13Lruwid0/4Pb9dcYyyifzoqnNb6SvnzczoUSpqQc6m+6BLX4kSTIN1Pulwt8A
+kWrOekvKy9J7Z2QsW6QKfxB4xaAc+BA9kHOgWWpLTyx2GOm0ksLjUnsd3Zo/xXsc
+JpjuSNcsUM9mCP00RjamX1SwrAc/tRnoOSOD6jmED5M0Xfb7bE2AORUQ3Em8B4iG
+CgaTEXFppZN96+BHOumOP1wAbH7uI0EdQP/SvR+qelCH35C0pSWZ4AuyvT5kvoYL
+CyK6GQ8rVnDrBaWQIj4TPhpB1xVxKd01AZX9ITdhPdTATJFwCcVxoWgCTtjNGaIc
+4GldFh0+nXUUV9spzxFbAhiJwy+PHfNfuJ1gyYMrgLY4mQPhA6ntPeWqZOb20cYZ
+ABl7eHN9AAQnibw6EufkgH/U9v81HlWjbLWedAHNPGAldDF5uNrY+FRiqXWT2Ivb
+9CkU/pUFAAcZs7GwEHTVz2dWsuxthS/P/DhN1YshDmY17gTBEf+40SUATsD1wBV0
+tdmbU3i79djbfXXvazR+hi7qDtKo+zJKCDORSq66J70njl0pwN/QIKGQnKt5sYCm
+3kPTZHrR6ys82MhTFk/C1G4aJjQScTz4buA5UH+0hsE
+-> ssh-ed25519 2Ca8Kg eqyr8Yr3rrWlhCd+TmKsnywFdp1mwt3jZwuJzO0TwzM
+mcfYZGTAebrZY9Ool8sPn25wPiwe6StBUzdVAyEErAE
+-> ssh-rsa 2ggJWw
+h00c7evck2bHux9EhMjLQa1f3O3tReLd65LDJB28jH7SbpT6t8Gxfk9tamGFHg4Z
+lGxkzZjK9xnroBpZv5ikuP+tD7A6A2saDXDnnAw+wHUGv0UO5yzr0HPIvwE1bVR5
+GOW1iqPMHKB2v6NeTaBG1g5TohSYEDDINkQv+Q4NyPhdpX9bGd3biWiBAa1gy3Xp
+XmDwtUfBg9IN+EeQTpC/tc4C1pLd3k7E+5pZDQebfTlvXZ83SH05BpBnpakPWNty
+Pf3s/iMwWBiJ+8GiwQ7c6FjTrr9ImJe8nD6mknWGpsMEQ9wB4Bd9l5RTjpTW9wCo
+DNtN8Mo0SGgFXjj/5XO0kMDhDike/GLr6wfD0HVgRP9MtcatvEaezp4RY6NIknjy
+F49KFsZWhzqwU2c4VX3ayFGJHcn/TT6o2QL3qZoI6x23ZFHQlXtQjXfhTkXk2qJt
+565cgrWzLYV7y+DB5fwaG/+Twlnr8rMQOPwyEnrWylh+AY3H/2/M1qQz2b2UQapl
+
+-> }L0d&,o-grease QVMP gPkF4&,`
+YaavYxfymQIl4xRnz1AZxLAY7+r2R9Mftt9AIk11bEymVtCWhsWtSbnhsq9q+fjm
+yYwVUyIh4eeH4oOdz3ssnmB3gg
+--- 5VOiRneXGtTtik3m0OJY8zV8Sboh18DIB4eM07M+1Lo
+ö™:üŠØþI{ˆzþ)ƒô½-tÈ«½©jT»0rE™ÚYæg4wFA³SÖ÷9RÐ…çëQ¡5<C2A1>c{ºÈz–j…lÁRAØãàÛH”L	y£ø²W•6¢¢l>¸–ßª}m¤Ý¿óÆbÑ±“ô6*ÎËg"ßãÈè}Xˆí>W¬œÛÇ<C39B>ÕTÉÞ™é¼Ì#
mÍi@êiö:°zõæ„²jbc(Æ¦Ÿýìùô{ô™¨ª¯©âwã(ÖÎ¸ÈäyÔ§`iÌó_ïC-`ŽP‘ô³²e«¶ç<C2B6>CÈ»tSÆ5Ž·e÷Zp%þQ´B¿Êh4yžC°dY¿«<C2BF>—Lˆ<Nw½µýÆ<>„ÊVñ4ù/ð:•+Ÿãx5ÚÞÁ8_V F6ð½)a>….
}É‘^h¿óÖ®îÍ<C3AE>ø.Ÿ’<C5B8>»ËË¿GÑà”›ÿ~ÝŒd¢EoZ=|×C•O
ö”x7›,Nƒ•ïú¹PÖä¥ˆ%*I%®kÎ[<5B>ØÐ|-<2D>ÈžT¦úe~3¥6ËÞ!C"Öai/kDmÃ¬]<5D>íJ÷Û>ü¬n^»OýÚ—MãÌíü‚SÁ°7„¼»<C2BC>1P\ý€ú?x\;B¸#u”BŽ$hÑµ:¶Ë
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,9 +1,46 @@
 let
  # set ssh public keys here for your system and user
-  system = "";
-  user = "";
-  allKeys = [ system user ];
+  bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
+
+  biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
+  biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo";
+
+  chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
+  chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
+
+  allKeys = [
+    bbcom
+
+    biolimo-host
+    biolimo-user
+
+    chocolatebar-host
+    chocolatebar-user
+  ];
+
+  biolimoKeys = [
+    bbcom
+
+    biolimo-host
+    biolimo-user
+  ];
+
+  chocolatebarKeys = [
+    bbcom
+
+    chocolatebar-host
+    chocolatebar-user
+  ];
 in
 {
-  "secret.age".publicKeys = allKeys;
+  "keyfile-biolimo.bin".publicKeys = biolimoKeys;
+
+  "keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+  "crypto_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+  "hdd_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+
+  "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
+  "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
+
+  "mopidy.conf".publicKeys = allKeys;
 }
--- a/secrets/vnc-cert-chocolatebar.pem
+++ b/secrets/vnc-cert-chocolatebar.pem
--- a/secrets/vnc-key-chocolatebar.pem
+++ b/secrets/vnc-key-chocolatebar.pem
--- a/users/ben/.config/msmtp/config
+++ b/users/ben/.config/msmtp/config
@ -0,0 +1,62 @@
+account hello@benjaminbaedorf.eu
+  host mail.hosting.de
+  port 587
+  protocol smtp
+  auth on
+  from hello@benjaminbaedorf.eu
+  user hello@benjaminbaedorf.eu
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account benjamin.baedorf@rwth-aachen.de
+  host mail.rwth-aachen.de
+  port 587
+  protocol smtp
+  auth on
+  from benjamin.baedorf@rwth-aachen.de
+  user bb564306@rwth-aachen.de
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account b.baedorf@openproject.com
+  host smtp.mailbox.org
+  port 587
+  protocol smtp
+  auth on
+  from b.baedorf@openproject.com
+  user b.baedorf@openproject.com
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account byb@miom.space
+  host mail.hosting.de
+  port 587
+  protocol smtp
+  auth on
+  from byb@miom.space
+  user byb@miom.space
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account admins@pub.solar
+  host mail.greenbaum.cloud
+  port 587
+  protocol smtp
+  auth on
+  from admins@pub.solar
+  user admins@pub.solar
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account mail@b12f.io
+  host mail.b12f.io
+  port 587
+  protocol smtp
+  auth on
+  from mail@b12f.io
+  user mail@b12f.io
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+
+account default : hello@benjaminbaedorf.eu
--- a/users/ben/.config/mutt/admins@pub.solar.muttrc
+++ b/users/ben/.config/mutt/admins@pub.solar.muttrc
@ -0,0 +1,19 @@
+# vim: filetype=muttrc
+
+set from = "pub.solar Admins <admins@pub.solar>"
+set sendmail = "msmtp -a admins@pub.solar"
+set signature = "~/.config/mutt/admins@pub.solar.signature"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+admins\@pub.solar/INBOX"
+set postponed   = "+admins\@pub.solar/Drafts"
+set record      = "+admins\@pub.solar/Sent"
+set trash       = "+admins\@pub.solar/Trash"
+mbox-hook   = "+admins\@pub.solar/Archive"
+unmailboxes *
+mailboxes +admins\@pub.solar/INBOX \
+          +admins\@pub.solar/Drafts \
+          +admins\@pub.solar/Sent \
+          +admins\@pub.solar/Archive \
+          +admins\@pub.solar/Trash
--- a/users/ben/.config/mutt/admins@pub.solar.signature
+++ b/users/ben/.config/mutt/admins@pub.solar.signature
@ -0,0 +1,9 @@
+
+--
+
+pub.solar Admins (they/them)
+
+MAIL: admins@pub.solar
+GIT: git.b12f.io/pub-solar
+MATRIX: #general:pub.solar
+WEB: pub.solar
--- a/users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
+++ b/users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
@ -0,0 +1,24 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <b.baedorf@openproject.com>"
+set sendmail = "msmtp -a b.baedorf@openproject.com"
+set signature = "~/.config/mutt/b.baedorf@openproject.com.signature"
+
+set pgp_default_key="DB94333951EC9A362B33FBA5069CA2D117AB5CCF"
+
+set imap_user = b.baedorf@openproject.com
+set imap_pass = `secret-tool lookup service smtp host smtp.mailbox.org user b.baedorf@openproject.com`
+
+set folder      = imaps://imap.mailbox.org:993
+
+set spoolfile   = "+INBOX"
+set postponed   = "+Drafts"
+set record      = "+Sent"
+set trash       = "+Trash"
+mbox-hook   = "+Archive"
+unmailboxes *
+mailboxes +INBOX \
+          +Drafts \
+          +Sent \
+          +Archive \
+          +Trash
--- a/users/ben/.config/mutt/b.baedorf@openproject.com.signature
+++ b/users/ben/.config/mutt/b.baedorf@openproject.com.signature
@ -0,0 +1,19 @@
+--
+
+Benjamin Bädorf
+Senior Frontend Engineer
+
+OpenProject GmbH
+Krausenstraße 9
+10117 Berlin
+
+E: b.baedorf@openproject.com
+GPG: DB94 3339 51EC 9A36 2B33  FBA5 069C A2D1 17AB 5CC
+
+T: +49 9599 899 22
+M: +49 151 2266 2777
+I: www.openproject.org
+
+Amtsgericht Berlin-Charlottenburg HRB 117935
+Geschäftsführer Niels Lindenthal
+UStID DE211309779
--- a/users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
+++ b/users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <benjamin.baedorf@rwth-aachen.de>"
+set sendmail = "msmtp -a benjamin.baedorf@rwth-aachen.de"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+benjamin.baedorf\@rwth-aachen.de/INBOX"
+set postponed   = "+benjamin.baedorf\@rwth-aachen.de/Drafts"
+set record      = "+benjamin.baedorf\@rwth-aachen.de/Sent"
+set trash       = "+benjamin.baedorf\@rwth-aachen.de/Trash"
+mbox-hook   = "+benjamin.baedorf\@rwth-aachen.de/Journal"
+unmailboxes *
+mailboxes +benjamin.baedorf\@rwth-aachen.de/INBOX \
+          +benjamin.baedorf\@rwth-aachen.de/Drafts \
+          +benjamin.baedorf\@rwth-aachen.de/Sent \
+          +benjamin.baedorf\@rwth-aachen.de/Journal \
+          +benjamin.baedorf\@rwth-aachen.de/Trash
--- a/users/ben/.config/mutt/byb@miom.space.muttrc
+++ b/users/ben/.config/mutt/byb@miom.space.muttrc
@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <byb@miom.space>"
+set sendmail = "msmtp -a byb@miom.space"
+set signature = "~/.config/mutt/byb@miom.space.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+byb\@miom.space/INBOX"
+set postponed   = "+byb\@miom.space/Drafts"
+set record      = "+byb\@miom.space/Sent"
+set trash       = "+byb\@miom.space/Trash"
+mbox-hook   = "+byb\@miom.space/Archive"
+unmailboxes *
+mailboxes +byb\@miom.space/INBOX \
+          +byb\@miom.space/Drafts \
+          +byb\@miom.space/Sent \
+          +byb\@miom.space/Archive \
+          +byb\@miom.space/Trash
--- a/users/ben/.config/mutt/byb@miom.space.signature
+++ b/users/ben/.config/mutt/byb@miom.space.signature
@ -0,0 +1,12 @@
+
+--
+
+Benjamin Bädorf (he/him)
+Software Engineer at MiOM 202
+
+MAIL: byb@miom.space
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C  366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
--- a/users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
+++ b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <hello@benjaminbaedorf.eu>"
+set sendmail = "msmtp -a hello@benjaminbaedorf.eu"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+hello\@benjaminbaedorf.eu/INBOX"
+set postponed   = "+hello\@benjaminbaedorf.eu/Drafts"
+set record      = "+hello\@benjaminbaedorf.eu/Sent"
+set trash       = "+hello\@benjaminbaedorf.eu/Trash"
+mbox-hook   = "+hello\@benjaminbaedorf.eu/Archive"
+unmailboxes *
+mailboxes +hello\@benjaminbaedorf.eu/INBOX \
+          +hello\@benjaminbaedorf.eu/Drafts \
+          +hello\@benjaminbaedorf.eu/Sent \
+          +hello\@benjaminbaedorf.eu/Archive \
+          +hello\@benjaminbaedorf.eu/Trash
--- a/users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
+++ b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
@ -0,0 +1,12 @@
+
+--
+
+Benjamin Bädorf (he/him)
+Software Engineer
+
+MAIL: hello@benjaminbaedorf.eu
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C  366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
--- a/users/ben/.config/mutt/mail@b12f.io.muttrc
+++ b/users/ben/.config/mutt/mail@b12f.io.muttrc
@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <mail@b12f.io>"
+set sendmail = "msmtp -a mail@b12f.io"
+set signature = "~/.config/mutt/mail@b12f.io.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+mail\@b12f.io/INBOX"
+set postponed   = "+mail\@b12f.io/Drafts"
+set record      = "+mail\@b12f.io/Sent"
+set trash       = "+mail\@b12f.io/Trash"
+mbox-hook   = "+mail\@b12f.io/Archive"
+unmailboxes *
+mailboxes +mail\@b12f.io/INBOX \
+          +mail\@b12f.io/Drafts \
+          +mail\@b12f.io/Sent \
+          +mail\@b12f.io/Archive \
+          +mail\@b12f.io/Trash
--- a/users/ben/.config/mutt/mail@b12f.io.signature
+++ b/users/ben/.config/mutt/mail@b12f.io.signature
@ -0,0 +1,12 @@
+
+--
+
+Benjamin Bädorf (he/him)
+Software Engineer
+
+MAIL: mail@b12f.io
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C  366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
--- a/users/ben/.config/offlineimap/config
+++ b/users/ben/.config/offlineimap/config
@ -0,0 +1,94 @@
+[general]
+pythonfile = $XDG_CONFIG_HOME/offlineimap/functions.py
+metadata = $XDG_DATA_HOME/offlineimap
+accounts = BBEU, MiOM, PubSolar, b12f, RWTH
+
+[Account BBEU]
+localrepository = LocalBBEU
+remoterepository = RemoteBBEU
+
+[Repository LocalBBEU]
+type = Maildir
+localfolders = ~/Mail/hello@benjaminbaedorf.eu
+
+[Repository RemoteBBEU]
+type = IMAP
+remotehost = mail.hosting.de
+remoteuser = hello@benjaminbaedorf.eu
+remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "hello@benjaminbaedorf.eu")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account OPGmail]
+localrepository = LocalOPGmail
+remoterepository = RemoteOPGmail
+
+[Repository LocalOPGmail]
+type = Maildir
+localfolders = ~/Mail/b.baedorf@openproject.com
+
+[Repository RemoteOPGmail]
+type = IMAP
+remotehost = imap.gmail.com
+remoteuser = b.baedorf@openproject.com
+remotepasseval = get_secret("service", "smtp", "host", "smtp.gmail.com", "user", "b.baedorf@openproject.com")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account MiOM]
+localrepository = LocalMiOM
+remoterepository = RemoteMiOM
+
+[Repository LocalMiOM]
+type = Maildir
+localfolders = ~/Mail/byb@miom.space
+
+[Repository RemoteMiOM]
+type = IMAP
+remotehost = mail.hosting.de
+remoteuser = byb@miom.space
+remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "byb@miom.space")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account PubSolar]
+localrepository = LocalPubSolar
+remoterepository = RemotePubSolar
+
+[Repository LocalPubSolar]
+type = Maildir
+localfolders = ~/Mail/byb@miom.space
+
+[Repository RemotePubSolar]
+type = IMAP
+remotehost = mail.greenbaum.cloud
+remoteuser = admins@pub.solar
+remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "admins@pub.solar")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account b12f]
+localrepository = Localb12f
+remoterepository = Remoteb12f
+
+[Repository Localb12f]
+type = Maildir
+localfolders = ~/Mail/mail@b12f.io
+
+[Repository Remoteb12f]
+type = IMAP
+remotehost = mail.b12f.io
+remoteuser = mail@b12f.io
+remotepasseval = get_secret("service", "smtp", "host", "mail.b12f.io", "user", "mail@b12f.io")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account RWTH]
+localrepository = LocalRWTH
+remoterepository = RemoteRWTH
+
+[Repository LocalRWTH]
+type = Maildir
+localfolders = ~/Mail/benjamin.baedorf@rwth-aachen.de
+
+[Repository RemoteRWTH]
+type = IMAP
+remotehost = mail.rwth-aachen.de
+remoteuser = bb564306@rwth-aachen.de
+remotepasseval = get_secret("service", "smtp", "host", "mail.rwth-aachen.de", "user", "bb564306@rwth-aachen.de")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
--- a/users/ben/default.nix
+++ b/users/ben/default.nix
@ -0,0 +1,50 @@
+{ config, hmUsers, pkgs, lib, ... }:
+let
+  psCfg = config.pub-solar;
+in
+{
+  imports = [
+    ./home.nix
+  ];
+
+  config = {
+    home-manager.users = { inherit (hmUsers) ben; };
+
+    services.yubikey-agent.enable = true;
+
+    pub-solar = {
+      # These are your personal settings
+      # The only required settings are `name` and `password`,
+      # The rest is used for programs like git
+      user = {
+        name = "ben";
+        description = "b12f";
+        password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
+        fullName = "Benjamin Bädorf";
+        email = "hello@benjaminbaedorf.eu";
+        gpgKeyId = "4406E80E13CD656C";
+        #publicKeys = [
+        #  "ssh-rsa AAAhAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com"
+        #  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie"
+        #  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"
+        #  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo"
+        #];
+      };
+
+      paperless.enable = true;
+      arduino.enable = true;
+      email.enable = true;
+      uhk.enable = true;
+      audio.spotify.enable = true;
+      audio.spotify.username = "spotify@benjaminbaedorf.eu";
+    };
+
+    networking.hosts = {
+      "127.0.0.1" = [
+        "openproject.local"
+        "saas-1.openproject.local"
+        "transmission.local"
+      ];
+    };
+  };
+}
--- a/users/ben/home.nix
+++ b/users/ben/home.nix
@ -0,0 +1,105 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./session-variables.nix
+  ];
+
+  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+    home.packages = with pkgs; [
+      tigervnc
+      dogecoin
+      nodejs
+      itch
+    ];
+
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        "git.b12f.io" = {
+          hostname = "git.b12f.io";
+          user = "git";
+          port = 2222;
+        };
+
+        "aur.archlinux.org" = {
+          user = "aur";
+        };
+
+        "leavieler.art" = {
+          hostname = "web5svsvy.wh.hosting.zone";
+          user = "web5svsvy_cgzqa3";
+          port = 2244;
+        };
+
+        "benjaminbaedorf.eu" = {
+          hostname = "web5svsvy.wh.hosting.zone";
+          user = "web5svsvy_cgzqa3";
+          port = 2244;
+        };
+
+        "miom.space" = {
+          hostname = "web7dgkba.wh.hosting.zone";
+          user = "web7dgkba_c9em8f";
+          port = 2244;
+        };
+
+        "latenight.blue" = {
+          hostname = "latenight.blue";
+          user = "lnb";
+          extraOptions = {
+            MACs = "hmac-sha2-512-etm@openssh.com";
+          };
+        };
+
+        "blacktea.io" = {
+          hostname = "latenight.blue";
+          user = "lnb";
+          extraOptions = {
+            MACs = "hmac-sha2-512-etm@openssh.com";
+          };
+        };
+      };
+    };
+
+    xdg.configFile."mutt/accounts.muttrc".text = ''
+      source ./hello@benjaminbaedorf.eu.muttrc
+
+      macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
+      macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
+      macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
+      macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
+      macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
+      macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
+    '';
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
+    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
+    xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
+    xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
+    xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
+    xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
+    xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
+    xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
+    xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
+    xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
+    xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
+    xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
+    # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
+  };
+
+  age.secrets."mopidy.conf" = {
+    file = "${self}/secrets/mopidy.conf";
+    mode = "700";
+    owner = "mopidy";
+  };
+  services.mopidy.extraConfigFiles = [ "/run/secrets/mopidy.conf" ];
+
+  programs.ssh.extraConfig = "
+    PubkeyAcceptedKeyTypes +ssh-rsa
+  ";
+}
--- a/users/ben/session-variables.nix
+++ b/users/ben/session-variables.nix
@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  DRONE_RPC_PROTO = "https";
+  DRONE_RPC_HOST = "ci.b12f.io";
+in
+{
+  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+    home.sessionVariables = {
+      inherit DRONE_RPC_HOST;
+      inherit DRONE_RPC_PROTO;
+      DRONE_SERVER = DRONE_RPC_PROTO + "://" + DRONE_RPC_HOST;
+
+      RESTIC_REPOSITORY = "sftp:root@backup.b12f.io:/media/internal/backups";
+      RESTIC_PASSWORD_COMMAND = "secret-tool lookup restic repository-password";
+    };
+  };
+}
Author	SHA1	Message	Date
Benjamin Bädorf	7542014d33	Fix CI runner, get secrets from file	2022-08-13 22:03:08 +02:00
Benjamin Bädorf	f4eb615954	CI Runner	2022-08-13 21:23:07 +02:00
Benjamin Bädorf	19303496b3	Barebones ci-runner module	2022-08-13 20:38:41 +02:00
Benjamin Bädorf	2dda411388	Merge branch 'main' into b12f	2022-08-13 12:14:16 +02:00
Benjamin Bädorf	c2227ed013	Add Arduino module This adds a small arduino development module that installs development tooling and adds the user to the `dialout` group.	2022-08-10 22:43:54 +02:00
Benjamin Bädorf	0e8a2a4468	Enable spotify for user ben	2022-08-10 22:43:31 +02:00
Benjamin Bädorf	c2bc749beb	Add spotify as an audio option Adds a `config.pub-solar.audio.spotify` option that when enabled installs and configures `spotifyd` as a systemd daemon and `spotify-tui` as the terminal-based UI. After enabling, run `spt` in the terminal to open the UI.	2022-08-10 22:42:14 +02:00
Benjamin Bädorf	fd50ecf445	Improve help and screen recording keybindings in sway This commit shuffles around some sway keybindings and improves the screen recording experience by adding a small wrapper around `slurp` and `wf-recorder` conveniently called `record-screen`. * `$mod+F5` now reload the sway configuration, * `$mod+Ctrl+r` starts a screen recording (to stop it, go to workspace 7 and kill the process), * `record-screen` and the firefox sharing indicator are both on workspace 7 now, making it the "trash" workspace, * `$mod+F1` and `$mod+Shift+h` now open Firefox with the docs of our repository availabe under `help.local`. * To not infuriate `qMasterPassword` users, that is now available under `$mod+Shift+m` instead of `$mod+F1`.	2022-08-10 22:32:27 +02:00
Benjamin Bädorf	4d2ac57dab	Add more logging to VM service script	2022-07-23 17:00:43 +02:00
Benjamin Bädorf	2b0a804b4e	Merge branch 'main' into b12f	2022-07-22 14:34:58 +02:00
Benjamin Bädorf	f7b0efb6bc	Remove gutentags from nvim ctags got an update and is currently drawing more than 60GB of RAM trying to analyze e.g. the openproject repository. Removing it fixes the issue for now.	2022-07-22 14:31:18 +02:00
Benjamin Bädorf	aeed1af298	Move failing RWTH offlineimap config to the last place	2022-07-22 14:31:05 +02:00
Benjamin Bädorf	ca6843ab44	Use override for yubikey-agent	2022-06-04 22:11:46 +02:00
Benjamin Bädorf	10a70d46c7	Make sure we're all successful	2022-06-04 19:32:12 +02:00
Benjamin Bädorf	34cc7d40f2	Add denols to nvim In Deno projects `tsserver` is less than ideal. This PR starts `denols` instead of `tsserver` if `nvim` finds the `NVIM_USE_DENOLS` variable when reading the lsp config.	2022-06-04 16:49:07 +02:00
Benjamin Bädorf	4c7fed14f0	Remove unused scream pulse service file	2022-06-04 16:45:33 +02:00
Benjamin Bädorf	efc52114f3	Merge branch 'main' into b12f	2022-06-04 02:59:32 +02:00
Benjamin Bädorf	4110655ac6	Fix duplicated lien	2022-05-25 11:21:34 +02:00
Benjamin Bädorf	854b0222a0	Add mail@b12f.io Add configuration for offlineimap, mutt, and msmtp for mail@b12f.io. This is a catch-all inbox, but it can send out via mail@ as well. Secrets will have to be added to the secret-tool manually.	2022-05-25 11:16:26 +02:00
Benjamin Bädorf	fdb79aa95f	Merge branch 'main' into b12f	2022-05-09 11:40:56 +02:00
Benjamin Bädorf	58f05a2618	Update mailbox.org smtp port config	2022-05-05 20:30:12 +02:00
Benjamin Bädorf	403893ed56	Merge branch 'main' into b12f	2022-05-05 09:12:35 +02:00
Benjamin Bädorf	ef0755ef57	Change the port for the drone runner Port 3000 is often taken, so we'll default to 30010	2022-05-03 11:23:21 +02:00
Benjamin Bädorf	88be4b7afa	Add socials to b12f module	2022-05-03 00:04:52 +02:00
Benjamin Bädorf	5bbb3eca66	Add drone-docker-runner to chocolatebar	2022-05-02 23:49:08 +02:00
Benjamin Bädorf	e3f7f43338	Add docker drone runner wrapper Adds a small sh wrapper around a drone runner docker container. The `stop` and `logs` functionality is barely better than using straight up docker, but at least it saves you from having to know any of the implementation details.	2022-05-02 23:44:31 +02:00
Benjamin Bädorf	59c1a23660	Merge branch 'main' into b12f	2022-05-02 15:01:30 +02:00
Benjamin Bädorf	b648055b60	Merge branch 'main' into b12f	2022-05-01 21:00:50 +02:00
Benjamin Bädorf	39e2c7c1ee	Add swapfiles	2022-04-30 23:07:18 +02:00
Benjamin Bädorf	4de8f625fc	Merge branch 'main' into b12f	2022-04-30 21:45:23 +02:00
Benjamin Bädorf	304371b855	Show notification when changing keyboard layouts	2022-04-30 21:41:43 +02:00
Benjamin Bädorf	e012a528e0	Add gitmessage template to global git config	2022-04-30 21:25:38 +02:00
Benjamin Bädorf	caa730f665	Fix build	2022-04-30 20:01:31 +02:00
Benjamin Bädorf	d85a796259	Merge branch 'main' into b12f	2022-04-30 19:58:06 +02:00
Benjamin Bädorf	167cd2fc32	Improve terminal pwd title by shortening home to ~	2022-04-30 18:27:42 +02:00
Benjamin Bädorf	b204dd5363	Merge branch 'main' into b12f	2022-04-30 18:01:33 +02:00
Benjamin Bädorf	e0f5640801	Change terminal title to cwd	2022-04-30 17:51:41 +02:00
Benjamin Bädorf	d6974e1dfd	Open vnc port	2022-04-30 17:08:58 +02:00
Benjamin Bädorf	4911e5c91e	Change port of wayvnc	2022-04-30 17:08:48 +02:00
Benjamin Bädorf	fa2079ee1d	Remove useless device setting from chocolatebar sway config	2022-04-30 13:48:52 +02:00
Benjamin Bädorf	53f5ab731e	Add VNCClient mode for sway	2022-04-30 13:48:38 +02:00
Benjamin Bädorf	9c9188d006	Allow outside vnc access, render a cursor in vnc	2022-04-28 23:47:11 +02:00
Benjamin Bädorf	8f8923203b	Add vnc keyfiles and config	2022-04-28 23:24:33 +02:00
Benjamin Bädorf	ad313173ad	Add wayvnc option for sway This change allows you to start wayvnc anytime your sway session starts. For hosts where you want to enable this, you'll need to generate the certificate and keys, see: https://github.com/any1/wayvnc#encryption--authentication You can then add these to your secrets via agenix, and load them as `vnc-key.pem` and `vnc-cert.pem` into `/run/secrets`. Enable the wayvnc server via the option `pub-solar.sway.vnc.enable`. At the time of writing, `tigervnc` appears to be a good vnc client to use. ```	2022-04-28 23:20:18 +02:00
Benjamin Bädorf	9852d4a8cd	Update flake lock	2022-04-28 23:17:47 +02:00
Benjamin Bädorf	2f54c4e25c	Merge branch 'main' into b12f	2022-04-27 15:24:22 +02:00
Benjamin Bädorf	7ff9efa51c	Add wayvnc	2022-04-27 15:21:40 +02:00
Benjamin Bädorf	001f05dbfc	Fix LSP infos	2022-04-18 13:12:02 +02:00
Benjamin Bädorf	c2b6ec5acc	Merge branch 'main' into b12f	2022-04-10 14:02:28 +02:00
Benjamin Bädorf	f87429c378	Add SSH keys	2022-04-08 21:00:53 +02:00
Benjamin Bädorf	a68e0ad878	Update flake lock	2022-03-29 21:56:29 +02:00
Benjamin Bädorf	09bc8d5295	Merge branch 'main' into b12f	2022-03-29 19:33:06 +02:00
Benjamin Bädorf	334daff82e	Fix latenight.blue ssh	2022-03-24 21:07:11 +01:00
Benjamin Bädorf	a699e42eb7	Merge branch 'main' into b12f	2022-03-23 11:02:57 +01:00
Benjamin Bädorf	f0bd4f978f	Merge branch 'main' into b12f	2022-03-21 12:34:50 +01:00
Benjamin Bädorf	33f03b3f0d	Add paperless, up guest VM RAM to 48GB	2022-03-10 21:32:21 +01:00
Benjamin Bädorf	d047a4aac0	Merge branch 'main' into b12f	2022-03-09 13:37:26 +01:00
Benjamin Bädorf	e3ff8c5441	Merge branch 'main' into b12f	2022-02-14 10:54:00 +01:00
Benjamin Bädorf	f7cf825579	Fix build	2022-02-14 10:50:34 +01:00
Benjamin Bädorf	fb821aa722	Update virtualisation	2022-02-14 10:50:26 +01:00
Benjamin Bädorf	16d7ccee0d	Update flake lock	2022-02-14 10:50:02 +01:00
Benjamin Bädorf	e6e2267f5a	Add paperless module	2022-02-14 10:49:49 +01:00
Benjamin Bädorf	8fdd290c10	Fix admins@pub.solar macro	2022-01-21 16:53:57 +01:00
Benjamin Bädorf	183d8efded	Add admins@pub.solar	2022-01-16 16:27:36 +01:00
Benjamin Bädorf	115f41466b	Merge branch 'main' into b12f	2022-01-06 14:14:57 +01:00
Benjamin Bädorf	87e48217d0	Merge branch 'main' into b12f	2022-01-06 14:14:13 +01:00
Benjamin Bädorf	bcb5fd2d67	Share keyboard and mouse via looking glass client	2022-01-04 13:41:32 +01:00
Benjamin Bädorf	8b71991dba	Update chocolatebar screen configuration	2022-01-04 13:40:59 +01:00
Benjamin Bädorf	923f41e700	Fix merge issue	2022-01-04 13:40:39 +01:00
Benjamin Bädorf	0ec6d23551	Add hp scanner driver module	2022-01-04 13:40:03 +01:00
Benjamin Bädorf	21edcdf915	Create looking glass client wrapper	2022-01-04 13:38:20 +01:00
Benjamin Bädorf	1b760a2c9e	Merge remote-tracking branch 'origin/main' into b12f	2021-12-13 00:27:18 +00:00
Benjamin Bädorf	4057c68bb7	Merge branch 'b12f' of git.b12f.io:pub-solar/os into b12f	2021-12-11 21:09:28 +01:00
Benjamin Bädorf	f53c21f3e0	Update chocolatebar VMs; make USB handover optional, enable looking glass	2021-12-11 21:09:22 +01:00
Benjamin Bädorf	15c0412080	Add looking glass for VMs, switch from scream-ivshmem to qemu-pulse	2021-12-11 21:08:20 +01:00
Benjamin Bädorf	a934ef4a21	Merge remote-tracking branch 'origin/main' into b12f	2021-12-03 00:27:11 +00:00
Benjamin Bädorf	7069fb2a62	Cleanup nvim config, add instant.nvim	2021-12-02 12:19:37 +01:00
Benjamin Bädorf	0b61f2808e	Merge remote-tracking branch 'origin/main' into b12f	2021-12-01 00:27:16 +00:00
Benjamin Bädorf	f9156a4976	Fix build	2021-11-29 19:09:49 +01:00
Benjamin Bädorf	65620a8bfc	Merge branch 'main' into b12f	2021-11-29 19:08:32 +01:00
Benjamin Bädorf	6e2c227969	Merge branch 'main' into b12f	2021-11-29 17:25:30 +01:00
Benjamin Bädorf	5c46477e44	Add obs	2021-11-18 20:12:24 +01:00
Benjamin Bädorf	43d421bcac	Update user description	2021-11-17 19:12:41 +01:00
Benjamin Bädorf	59f441e425	Change user description for ben	2021-11-17 12:05:59 +01:00
Benjamin Bädorf	cfe5d77f9e	Allow changing the user description	2021-11-17 12:05:50 +01:00
Benjamin Bädorf	6c9ab61065	Use fixed telegram-desktop from unstable	2021-11-15 11:39:24 +01:00
Benjamin Bädorf	fbdd35283e	Fix java session variable	2021-11-15 11:37:56 +01:00
Benjamin Bädorf	decf354138	Merge remote-tracking branch 'origin/main' into b12f	2021-11-08 00:07:14 +00:00
Benjamin Bädorf	7cb8b30fe4	Merge branch 'main' into b12f	2021-11-05 23:49:38 +01:00
Benjamin Bädorf	79517658b3	Update vm rom location	2021-11-02 16:45:05 +01:00
Benjamin Bädorf	61e87ee30b	Merge branch 'b12f' of git.b12f.io:pub-solar/os into b12f	2021-11-01 10:11:14 +01:00
Benjamin Bädorf	3dc7ffd3a4	Update email signature for OP	2021-11-01 10:11:07 +01:00
Benjamin Bädorf	64e1a4583f	Add ssh hosts	2021-10-31 01:06:50 +02:00
Benjamin Bädorf	097d89d2b2	Remove git crypt form biolimo	2021-10-29 20:21:13 +02:00
Benjamin Bädorf	5a18a7c3c1	Merge branch 'main' into b12f	2021-10-29 18:47:33 +02:00
Benjamin Bädorf	5a6ec0d6ff	Merge remote-tracking branch 'origin/main' into b12f	2021-10-27 00:07:29 +00:00
Benjamin Bädorf	2724982a4f	Merge remote-tracking branch 'origin/main' into b12f	2021-10-26 00:07:47 +00:00
Benjamin Bädorf	bcd191b291	Don't scale laptop screen, sway + firefox is broken then	2021-10-25 23:10:18 +02:00
Benjamin Bädorf	0015849858	Merge remote-tracking branch 'origin/main' into b12f	2021-10-25 00:07:45 +00:00
Benjamin Bädorf	d064b27393	Fix build	2021-10-24 23:42:13 +02:00
teutat3s	8a848a789b	overrides: try out docker-compose v2, xdg-desktop-portal from latest	2021-10-24 23:36:57 +02:00
Benjamin Bädorf	ab19dea908	Fix mopidy ownership	2021-10-24 17:30:24 +02:00
Benjamin Bädorf	415223a778	Move biolimo to systemd-boot	2021-10-24 17:30:15 +02:00
Benjamin Bädorf	067ce16246	Remove git crypt Start move to /boot kernel mount x-os: prepare booting from unencrypted /boot partition Move to systemd-boot Remove all unencrypted secrets	2021-10-24 17:13:16 +02:00
Benjamin Bädorf	132042220e	Double encrypt ??	2021-10-23 14:49:36 +02:00
Benjamin Bädorf	a44b506724	Merge branch 'b12f' of git.b12f.io:pub-solar/os into b12f	2021-10-23 13:24:28 +02:00
Benjamin Bädorf	87a9d94d0a	secrets via agenix	2021-10-23 13:24:22 +02:00
Benjamin Bädorf	4c3ddff217	Add 1 git-crypt collaborator New collaborators: 13CD656C Benjamin Bädorf (gitea) <gitea@benjaminbaedorf.eu>	2021-10-22 12:30:39 +02:00
Benjamin Bädorf	cd5e19b10e	Fix byb@miom.space	2021-10-21 23:51:25 +02:00
Benjamin Bädorf	7569a75e65	Add byb@miom.space, update signature	2021-10-21 22:21:05 +02:00
Benjamin Bädorf	814f567fd7	Merge branch 'main' into b12f	2021-10-21 19:48:35 +02:00
Benjamin Bädorf	298f50ba95	Merge branch 'main' into b12f	2021-10-21 19:25:59 +02:00
Benjamin Bädorf	231abe6af4	Merge branch 'main' into b12f	2021-10-13 19:27:04 +02:00
Benjamin Bädorf	3cec4a51f2	Add mobile profile to ben user	2021-09-27 14:52:21 +02:00
Benjamin Bädorf	6dce415552	Add android mobile option	2021-09-27 14:52:13 +02:00
Benjamin Bädorf	6039a73b04	Merge remote-tracking branch 'origin/master' into b12f	2021-09-22 00:22:37 +00:00
Benjamin Bädorf	2e6fe672d2	Fix direnv cache	2021-09-21 22:21:29 +02:00
Benjamin Bädorf	af4b2fb8f1	Fix missing element desktop	2021-09-14 10:51:19 +02:00
drone	23137a0764	Merge remote-tracking branch 'origin/master' into b12f	2021-09-11 00:22:09 +00:00
drone	73e7571487	Merge remote-tracking branch 'origin/master' into b12f	2021-09-09 00:22:05 +00:00
teutat3s	761b671549	b12f-to-master (#16 ) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/16 Co-authored-by: teutat3s <teutates@mailbox.org> Co-committed-by: teutat3s <teutates@mailbox.org>	2021-09-08 22:00:03 +00:00
Benjamin Bädorf	3dcc90fc24	feat(chocolatebar): enable virtualisation	2021-09-05 22:18:08 +02:00
Benjamin Bädorf	e29ad5c23f	Enable the gaming suit for b12f	2021-09-05 00:47:56 +02:00
Benjamin Bädorf	9009fa4a52	Merge branch 'b12f-master' into b12f	2021-09-04 16:00:32 +02:00
Benjamin Bädorf	f89384cbf0	Works for chocolatebar	2021-09-04 15:56:44 +02:00
teutat3s	12fafd7f97	docker-compose fix?	2021-09-02 21:17:19 +02:00
teutat3s	34ca8aadb9	fix biolimo host?	2021-09-02 20:55:17 +02:00
Benjamin Bädorf	d132638c8e	Fix flake lock imports	2021-09-02 20:00:22 +02:00
Benjamin Bädorf	2293e703cc	Fix suites	2021-09-02 19:16:05 +02:00
teutat3s	3f4d3cf240	Merge branch 'b12f' into b12f-master	2021-09-01 19:12:50 +02:00
Benjamin Bädorf	72d089797b	Merge remote-tracking branch 'origin/core' into b12f	2021-07-24 00:25:02 +00:00
Benjamin Bädorf	6025d489ac	New vim	2021-07-14 18:59:27 +02:00
drone	05836bcdf4	Merge remote-tracking branch 'origin/core' into b12f	2021-07-14 00:24:51 +00:00
teutat3s	99597d1b30	Merge branch 'core' into b12f	2021-07-13 18:45:59 +02:00
teutat3s	f7901d94e8	Merge branch 'core' into b12f	2021-07-07 19:53:22 +02:00
Benjamin Bädorf	3cfbaba8e5	Add nodejs to home packages	2021-06-28 17:53:06 +02:00
Benjamin Bädorf	63750e6536	Add mdxjs support for nvim	2021-06-28 17:52:55 +02:00
Benjamin Bädorf	6280a04af5	Merge branch 'core' into b12f	2021-06-15 01:33:46 +02:00
Benjamin Bädorf	a9e025c4f9	fix: Make chocolatebar work with the new config	2021-06-14 23:23:30 +02:00
Benjamin Bädorf	17a2833a89	feat: Add tea gitea cli	2021-06-14 21:03:41 +02:00
Benjamin Bädorf	bf28a630c9	Merge branch 'core' into b12f	2021-06-14 19:50:35 +02:00
Benjamin Bädorf	83333fa0d6	Merge branch 'b12f' of git.b12f.io:pub-solar/os into b12f	2021-06-14 19:49:32 +02:00
Benjamin Bädorf	e437f7fca6	Merge branch 'core' into b12f	2021-06-14 19:45:03 +02:00
Benjamin Bädorf	fc23fbc05b	Merge upstream	2021-06-09 18:46:29 +02:00
Benjamin Bädorf	8d5db4dfb2	Add chocolatebar	2021-06-01 10:55:02 +02:00
Benjamin Bädorf	9d1991d6b8	Move fonts into separate flake	2021-05-31 19:57:17 +02:00
Benjamin Bädorf	a577bd7333	Encrypt futura	2021-05-30 22:35:18 +02:00
Benjamin Bädorf	bc76999a00	Add Futura	2021-05-30 22:01:17 +02:00
Benjamin Bädorf	91c8e77d25	Initial b12f commit	2021-05-30 21:33:09 +02:00