chore: bump flake lock, fix triton-vmtools repo URL

• Updated input 'latest':
    'github:nixos/nixpkgs/ef99fa5c5ed624460217c31ac4271cfb5cb2502c' (2023-07-25)
  → 'github:nixos/nixpkgs/5a8e9243812ba528000995b294292d3b5e120947' (2023-08-07)
• Updated input 'nixos':
    'github:nixos/nixpkgs/f3fbbc36b4e179a5985b9ab12624e9dfe7989341' (2023-07-26)
  → 'github:nixos/nixpkgs/61676e4dcfeeb058f255294bcb08ea7f3bc3ce56' (2023-08-06)

flake.lock

@@ -30,11 +30,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1688307440,
-        "narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=",
+        "lastModified": 1692248770,
+        "narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047",
+        "rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b",
         "type": "github"
       },
       "original": {
@@ -89,6 +89,25 @@
         "type": "github"
       }
     },
+    "devshell_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1695973661,
+        "narHash": "sha256-BP2H4c42GThPIhERtTpV1yCtwQHYHEKdRu7pjrmQAwo=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "cd4e2fda3150dd2f689caeac07b7f47df5197c31",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
     "digga": {
       "inputs": {
         "darwin": [
@@ -197,6 +216,55 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "locked": {
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "fork": {
+      "locked": {
+        "lastModified": 1692960587,
+        "narHash": "sha256-39SKGdhn8jKKkdqhULbCvQOpdUPE9NNJpy5HTB++Jvg=",
+        "owner": "teutat3s",
+        "repo": "nixpkgs",
+        "rev": "312709dd70684f52496580e533d58645526b1c90",
+        "type": "github"
+      },
+      "original": {
+        "owner": "teutat3s",
+        "ref": "nvfetcher-fix",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "home": {
       "inputs": {
         "nixpkgs": [
@@ -204,11 +272,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687871164,
-        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "lastModified": 1693208669,
+        "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
         "type": "github"
       },
       "original": {
@@ -220,11 +288,11 @@
     },
     "latest": {
       "locked": {
-        "lastModified": 1689850295,
-        "narHash": "sha256-fUYf6WdQlhd2H+3aR8jST5dhFH1d0eE22aes8fNIfyk=",
+        "lastModified": 1698134075,
+        "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5df4d78d54f7a34e9ea1f84a22b4fd9baebc68d0",
+        "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4",
         "type": "github"
       },
       "original": {
@@ -234,13 +302,29 @@
         "type": "github"
       }
     },
-    "nixos": {
+    "master": {
       "locked": {
-        "lastModified": 1689680872,
-        "narHash": "sha256-brNix2+ihJSzCiKwLafbyejrHJZUP0Fy6z5+xMOC27M=",
+        "lastModified": 1686841982,
+        "narHash": "sha256-ic9o7z8VOF9jqxAC1UN9gmymbgtix6OR8guYkHxowXw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "08700de174bc6235043cb4263b643b721d936bdb",
+        "rev": "8a3054c4f31ffa22ad4cca22a8aa271c59ccc91d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos": {
+      "locked": {
+        "lastModified": 1698288402,
+        "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344",
         "type": "github"
       },
       "original": {
@@ -250,13 +334,29 @@
         "type": "github"
       }
     },
+    "nixos-22-05": {
+      "locked": {
+        "lastModified": 1682600000,
+        "narHash": "sha256-ha4BehR1dh8EnXSoE1m/wyyYVvHI9txjW4w5/oxsW5Y=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "50fc86b75d2744e1ab3837ef74b53f103a9b55a0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1686838567,
-        "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
+        "lastModified": 1693718952,
+        "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
+        "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35",
         "type": "github"
       },
       "original": {
@@ -265,6 +365,22 @@
         "type": "github"
       }
     },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1677383253,
+        "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1672791794,
@@ -288,10 +404,92 @@
         "deploy": "deploy",
         "digga": "digga",
         "flake-compat": "flake-compat",
+        "fork": "fork",
         "home": "home",
         "latest": "latest",
+        "master": "master",
         "nixos": "nixos",
-        "nixos-hardware": "nixos-hardware"
+        "nixos-22-05": "nixos-22-05",
+        "nixos-hardware": "nixos-hardware",
+        "triton-vmtools": "triton-vmtools",
+        "tritonshell": "tritonshell"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "triton-vmtools": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "latest"
+        ]
+      },
+      "locked": {
+        "dir": "vmtools",
+        "lastModified": 1698443513,
+        "narHash": "sha256-wX2JIJ3JmJn6MAurdyjwZU+FZjLCwBArMrVSeeCb/ZU=",
+        "ref": "main",
+        "rev": "0d039dcf06afb8cbddd7ac54bae4d0d185f3e88e",
+        "revCount": 85,
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/infra-vintage?dir=vmtools"
+      },
+      "original": {
+        "dir": "vmtools",
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pub.solar/pub-solar/infra-vintage?dir=vmtools"
+      }
+    },
+    "tritonshell": {
+      "inputs": {
+        "devshell": "devshell_2",
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": [
+          "latest"
+        ]
+      },
+      "locked": {
+        "lastModified": 1696877082,
+        "narHash": "sha256-Ypwpia97WjyT9I6smXo0F4nLbuTncpffzuT462/tRtM=",
+        "ref": "main",
+        "rev": "2c82d5281091c6edc65ced21274d0206c30bdc58",
+        "revCount": 64,
+        "type": "git",
+        "url": "https://git.greenbaum.cloud/dev/tritonshell"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.greenbaum.cloud/dev/tritonshell"
       }
     },
     "utils": {

flake.nix

@@ -5,8 +5,12 @@
 
   inputs = {
     # Track channels with commits tested and built by hydra
+    nixos-22-05.url = "github:nixos/nixpkgs/nixos-22.05";
     nixos.url = "github:nixos/nixpkgs/nixos-23.05";
     latest.url = "github:nixos/nixpkgs/nixos-unstable";
+    master.url = "github:nixos/nixpkgs/master";
+
+    fork.url = "github:teutat3s/nixpkgs/nvfetcher-fix";
 
     flake-compat.url = "github:edolstra/flake-compat";
     flake-compat.flake = false;
@@ -34,6 +38,13 @@
     agenix.inputs.darwin.follows = "darwin";
 
     nixos-hardware.url = "github:nixos/nixos-hardware";
+
+    # PubSolarOS additions
+    triton-vmtools.url = "git+https://git.pub.solar/pub-solar/infra-vintage?ref=main&dir=vmtools";
+    triton-vmtools.inputs.nixpkgs.follows = "latest";
+
+    tritonshell.url = "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main";
+    tritonshell.inputs.nixpkgs.follows = "latest";
   };
 
   outputs = {
@@ -44,6 +55,7 @@
     nixos-hardware,
     agenix,
     deploy,
+    tritonshell,
     ...
   } @ inputs:
     digga.lib.mkFlake
@@ -51,7 +63,7 @@
       inherit self inputs;
 
       channelsConfig = {
-        # allowUnfree = true;
+        allowUnfree = true;
       };
 
       supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"];
@@ -68,7 +80,10 @@
             })
           ];
         };
+        nixos-22-05 = {};
         latest = {};
+        master = {};
+        fork = {};
       };
 
       lib = import ./lib {lib = digga.lib // nixos.lib;};
@@ -118,6 +133,12 @@
               #})
             ];
           };
+          fae = {
+            system = "aarch64-linux";
+          };
+          powder = {
+            system = "x86_64-linux";
+          };
         };
         importables = rec {
           profiles =
@@ -130,6 +151,9 @@
             iso = base ++ [base-user graphical pub-solar-iso];
             pubsolaros = [full-install base-user users.root];
             anonymous = [pubsolaros users.pub-solar];
+            teutat3s = pubsolaros ++ [users.teutat3s];
+            dumpyourvms = teutat3s ++ [graphical];
+            ryzensun = teutat3s ++ [graphical];
           };
         };
       };
@@ -140,13 +164,18 @@
         importables = rec {
           profiles = digga.lib.rakeLeaves ./users/profiles;
           suites = with profiles; rec {
-            base = [direnv git];
+            base = [direnv];
           };
         };
         users = {
           pub-solar = {suites, ...}: {
             imports = suites.base;
 
+            home.stateVersion = "21.03";
+          };
+          teutat3s = {suites, ...}: {
+            imports = suites.base;
+
             home.stateVersion = "21.03";
           };
         }; # digga.lib.importers.rakeLeaves ./users/hm;
@@ -167,6 +196,25 @@
         #    path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
         #  };
         #};
+        fae = {
+          hostname = "fae.fritz.box:22";
+          sshUser = "pub-solar";
+          fastConnect = true;
+          profilesOrder = ["system" "direnv"];
+          profiles.direnv = {
+            user = "pub-solar";
+            path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;
+          };
+        };
+        powder = {
+          hostname = "80.71.153.194";
+          sshUser = "root";
+          profilesOrder = ["system" "direnv"];
+          profiles.direnv = {
+            user = "pub-solar";
+            path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.pub-solar;
+          };
+        };
       };
     };
 }

hosts/dumpyourvms/.config/sway/config.d/applications.conf

@@ -0,0 +1,14 @@
+assign [app_id="firefox"] $ws2
+
+# seahorse
+for_window [title="seahorse"] floating enabled
+
+# NetworkManager
+for_window [app_id="nm-connection-editor"] floating enabled
+
+# thunderbird
+for_window [title="New Task:*"] floating enabled
+for_window [title="Edit Task:*"] floating enabled
+for_window [title="New Event:*"] floating enabled
+for_window [title="Edit Event:*"] floating enabled
+

hosts/dumpyourvms/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec qMasterPassword

hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,3 @@
+# switch keyboard input language
+bindsym $mod+tab exec swaymsg input "1452:628:Apple_Inc._Apple_Internal_Keyboard_/_Trackpad" xkb_switch_layout next
+

hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,35 @@
+### Input configuration
+#
+# You can get the names of your inputs by running: swaymsg -t get_inputs
+# Read `man 5 sway-input` for more information about this section.
+
+input "type:keyboard" {
+  xkb_layout us(intl),de
+  xkb_model pc105
+  xkb_options ctrl:nocaps
+}
+
+input "type:touchpad" {
+  tap enabled
+  natural_scroll enabled
+}
+
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d acpi_video0 set +10%"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d acpi_video0 set 10%-"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/dumpyourvms/.config/sway/config.d/screens.conf

@@ -0,0 +1,41 @@
+### Output configuration
+#
+# Example configuration:
+#
+#   output HDMI-A-1 resolution 1920x1080 position 1920,0
+#
+# You can get the names of your outputs by running: swaymsg -t get_outputs
+
+set $main_screen eDP-1
+set $displayport DP-1
+set $hmdi HDMI-A-1
+
+output $main_screen scale 2
+output $displayport scale 2
+output $hdmi scale 1
+
+output $main_screen pos 0 0
+output $displayport pos 0 -1080
+output $hdmi pos 1440 0
+
+#bindswitch lid:on output $main_screen disable
+#bindswitch lid:off output $main_screen enable
+bindsym $mod+Shift+x output $main_screen toggle
+
+# TODO when using more monitors
+## Manual management of external displays
+# Set the shortcuts and what they do
+#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
+#mode "$mode_display" {
+#    bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
+#    bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
+#    bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+#    bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+#    bindsym o output HDMI-A-1 disable, mode "default"
+#
+#    # back to normal: Enter or Escape
+#    bindsym Return mode "default"
+#    bindsym Escape mode "default"
+#}
+## Declare here the shortcut to bring the display selection menu
+#bindsym $mod+x mode "$mode_display"

hosts/dumpyourvms/consul-agent-ca.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbzCCAxSgAwIBAgIRAMK20/fFF0YVThq8xm/YvBswCgYIKoZIzj0EAwIwgbkx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
+bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
+FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
+IDI1ODgxOTUyODQyOTMwNjIxMjY4NDgwMTUxODE3OTM2NjUxNzc4NzAeFw0xOTEx
+MDYwMDI3MzVaFw0yNDExMDQwMDI3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
+bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
+Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyNTg4MTk1Mjg0MjkzMDYyMTI2
+ODQ4MDE1MTgxNzkzNjY1MTc3ODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQE
+SZ2kc9rKUNX3czze+rFR/bZdLx3JEYrpcSXKkpv1wr68E1Jqhi/8Dm8b62Ei/Bc6
+ZhoJvtB2Shtl+6LbjccUo4H6MIH3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
+BTADAQH/MGgGA1UdDgRhBF9hZjo4MzoyZTpiOToyZTozMzo5MDplOTpkMjpiNzpj
+NjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4YzozMDo0Mjo3OTo4
+ZDo0ZDpmZDozMjo2NzpiYjBqBgNVHSMEYzBhgF9hZjo4MzoyZTpiOToyZTozMzo5
+MDplOTpkMjpiNzpjNjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4
+YzozMDo0Mjo3OTo4ZDo0ZDpmZDozMjo2NzpiYjAKBggqhkjOPQQDAgNJADBGAiEA
+zKCV25P6HqFEa1iUVQnsNAp/WHUwxNlR0OctZSdiuIkCIQDiRK03ZYSK/hmY9kXV
+42nj6kO8MexfiYN4IE4URmzYnA==
+-----END CERTIFICATE-----

hosts/dumpyourvms/default.nix

@@ -0,0 +1,7 @@
+{suites, ...}: {
+  imports =
+    [
+      ./dumpyourvms.nix
+    ]
+    ++ suites.dumpyourvms;
+}

hosts/dumpyourvms/dumpyourvms.nix

@@ -0,0 +1,197 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    age.secrets.environment-secrets = {
+      file = "${self}/secrets/environment-secrets.age";
+      mode = "700";
+      owner = "teutat3s";
+    };
+
+    age.secrets.github-api-token = {
+      file = "${self}/secrets/github-api-token.age";
+      mode = "600";
+      owner = "teutat3s";
+      path = "/home/${psCfg.user.name}/.local/share/github/api-token";
+    };
+
+    pub-solar = {
+      audio.mopidy.enable = lib.mkForce false;
+      core.hibernation = {
+        enable = true;
+        resumeDevice = "/dev/mapper/cryptroot";
+        resumeOffset = 47366144;
+      };
+      virtualisation.enable = true;
+    };
+
+    # Fix backlight for keyboard and brightness, adjust function key binding,
+    # intel_pstate for cpu schedutil
+    # For now, the radeon driver seems to work better than amdgpu with Radeon R9 M370X
+    # Explicitly set amdgpu support in place of radeon
+    # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
+    # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
+    boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"];
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # Fix for Error switching console mode to 1: unsupported on startup
+    boot.loader.systemd-boot.consoleMode = mkForce "0";
+
+    boot.binfmt.emulatedSystems = ["aarch64-linux"];
+
+    systemd.sleep.extraConfig = ''
+      HibernateMode=shutdown
+    '';
+
+    hardware = {
+      cpu.intel.updateMicrocode = true;
+      facetimehd.enable = true;
+      opengl = {
+        extraPackages = with pkgs; [intel-media-driver];
+      };
+    };
+
+    services.resolved = {
+      enable = true;
+      # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
+      # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
+      extraConfig = ''
+        DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net
+        FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
+        Domains=~.
+        DNSOverTLS=yes
+        DNSSEC=false
+      '';
+    };
+    networking = import ./networking.nix;
+    services.tailscale.enable = true;
+
+    security.pki.certificateFiles = [./consul-agent-ca.pem];
+
+    # Power off dedicated GPU, use only integrated Intel GPU to save battery
+    # https://github.com/NixOS/nixpkgs/pull/33915
+    # https://ubuntuforums.org/showthread.php?t=2409856
+    systemd.services."amd-hybrid-graphics-power-save" = {
+      path = [pkgs.bash];
+      description = "Power Off dedicated AMD Card to reduce power usage";
+      requires = ["sys-kernel-debug.mount"];
+      enable = true;
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'";
+        ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
+      };
+      wantedBy = ["multi-user.target"];
+    };
+
+    # Increase console font size for HiDPI display
+    console = {
+      earlySetup = true;
+      font = lib.mkForce "ter-i32b";
+      packages = [pkgs.terminus_font];
+    };
+
+    # Thunderbolt tools
+    services.hardware.bolt.enable = true;
+
+    # Enable udev rules for gnupg smart cards
+    hardware.gpgSmartcards.enable = true;
+
+    powerManagement = {
+      # Use new schedutil govenor
+      # https://github.com/NixOS/nixpkgs/pull/42330
+      # https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil
+      cpuFreqGovernor = lib.mkDefault "schedutil";
+
+      # brcmfmac being loaded during hibernation would inhibit a successful resume
+      # https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116.
+      # Also brcmfmac could randomly crash on resume from sleep.
+      # To hibernate successfully using the amdgpu driver, the dedicated GPU needs
+      # to be powered on.
+      powerUpCommands = lib.mkBefore (
+        "${pkgs.kmod}/bin/modprobe brcmfmac"
+        + lib.optionalString
+        (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
+      );
+      powerDownCommands = lib.mkBefore (
+        lib.optionalString
+        (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2")
+        "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
+        + ''
+          ${pkgs.kmod}/bin/rmmod brcmfmac
+          ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service
+        ''
+      );
+      resumeCommands =
+        if config.systemd.services."amd-hybrid-graphics-power-save".enable == true
+        then ''
+          ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service
+        ''
+        else "";
+    };
+
+    # Change lid switch behaviour
+    services.logind.lidSwitch = "hibernate";
+
+    # TLP for power management
+    services.tlp = {
+      enable = true;
+      settings = {
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        CPU_SCALING_GOVERNOR_ON_BAT = "schedutil";
+        CPU_BOOST_ON_AC = 1;
+        CPU_BOOST_ON_BAT = 0;
+      };
+    };
+
+    services.udev.extraRules =
+      # Disable XHC1 wakeup signal to avoid resume getting triggered some time
+      # after suspend. Reboot required for this to take effect.
+      lib.optionalString
+      (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
+      ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
+
+    services.printing.enable = true;
+
+    home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+      # Custom device sway configs
+      xdg.configFile = mkIf psCfg.sway.enable {
+        "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
+        "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+        "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+        "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+        "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+      };
+    };
+
+    # WLAN frequency compliance (e.g. check for radar with DFS)
+    hardware.firmware = with pkgs; [wireless-regdb];
+    boot.extraModprobeConfig = ''
+      options cfg80211 ieee80211_regdom="DE"
+
+      # Enable the integrated GPU (iGPU) Intel i915 by default if present
+      options apple-gmux force_igd=y
+    '';
+
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "21.05"; # Did you read the comment?
+  };
+}

hosts/dumpyourvms/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    #(modulesPath + "/hardware/network/broadcom-43xx.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c100b9a7-99d7-44d9-b7c2-3892a5f233c4";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/06B8-5414";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 18432;
+    }
+  ];
+}

hosts/dumpyourvms/networking.nix

@@ -0,0 +1,112 @@
+{
+  networkmanager.dns = "systemd-resolved";
+
+  # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
+  # https://github.com/NixOS/nixpkgs/commit/68e514ed1cf55451901e8d0edd3e8ee5102d3565
+  #firewall.checkReversePath = "loose";
+
+  hosts = {
+    "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
+    "10.0.0.66" = ["consul.service.cgn-1.consul"];
+    "10.0.1.9" = ["consul.service.lev-1.consul"];
+    "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
+    "10.0.0.200" = ["headnode.cgn-1"];
+    "10.0.0.201" = ["cn01.cgn-1"];
+    "10.0.0.202" = ["cn02.cgn-1"];
+    "10.0.0.205" = ["cn05.cgn-1"];
+    "10.0.0.206" = ["cn06.cgn-1"];
+    "10.0.0.207" = ["cn07.cgn-1"];
+    "10.0.0.208" = ["cn08.cgn-1"];
+    "10.0.1.200" = ["headnode.lev-1"];
+    "10.0.1.201" = ["cn01.lev-1"];
+    "10.0.1.202" = ["cn02.lev-1"];
+    "10.0.1.203" = ["cn03.lev-1"];
+    "10.0.1.204" = ["cn04.lev-1"];
+    "10.0.1.205" = ["cn05.lev-1"];
+    "10.0.1.206" = ["cn00.lev-1"];
+    "10.0.1.207" = ["cn06.lev-1"];
+    "10.0.1.208" = ["cn07.lev-1"];
+    "10.101.64.10" = ["wifi.bahn.de"];
+  };
+
+  wireguard.enable = true;
+  wg-quick.interfaces = {
+    wg0 = {
+      address = ["10.8.8.6/32"];
+      privateKeyFile = "/etc/wireguard/wg0.privatekey";
+
+      peers = [
+        {
+          publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
+          allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
+          endpoint = "85.88.23.16:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+    wg1 = {
+      address = ["192.168.188.203/24"];
+      privateKeyFile = "/etc/wireguard/wg1.privatekey";
+
+      peers = [
+        {
+          publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
+          allowedIPs = ["192.168.188.0/24"];
+          presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
+          #endpoint = "85.214.70.91:50163";
+          #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
+          endpoint = "[2a00:6020:1000:47::2ded]:50163";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+    wg2 = {
+      address = ["10.6.6.4/32"];
+      privateKeyFile = "/etc/wireguard/wg2.privatekey";
+
+      peers = [
+        {
+          publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
+          presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
+          allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"];
+          endpoint = "85.88.23.127:51820";
+          persistentKeepalive = 16;
+        }
+      ];
+    };
+    wg3 = {
+      address = ["10.11.11.2/32"];
+      privateKeyFile = "/etc/wireguard/wg3.privatekey";
+      mtu = 1300;
+
+      peers = [
+        {
+          publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
+          presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
+          allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
+          endpoint = "80.71.153.1:51820";
+          persistentKeepalive = 16;
+        }
+      ];
+    };
+    wg4 = {
+      address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"];
+      privateKeyFile = "/etc/wireguard/wg4.privatekey";
+      postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
+      preDown = "resolvectl revert wg4";
+      #dns = [
+      #  "fdaa:1:3234::3, internal"
+      #];
+
+      peers = [
+        {
+          publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
+          allowedIPs = ["fdaa:1:3234::/48"];
+          #endpoint = "ams1.gateway.6pn.dev:51820";
+          endpoint = "176.58.93.206:51820";
+          persistentKeepalive = 15;
+        }
+      ];
+    };
+  };
+}

hosts/dumpyourvms/unbound.nix

@@ -0,0 +1,52 @@
+{
+  enable = false;
+  localControlSocketPath = "/run/unbound/unbound.ctl";
+  settings = {
+    server = {
+      cache-max-ttl = 14400;
+      cache-min-ttl = 1200;
+      aggressive-nsec = true;
+      prefetch = false;
+      rrset-roundrobin = true;
+      use-caps-for-id = true;
+      do-ip6 = false;
+      hide-identity = true;
+      hide-version = true;
+      do-not-query-localhost = false;
+      tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
+    };
+
+    # fritz.box stub zone
+    stub-zone = {
+      name = "fritz.box";
+      stub-addr = "192.168.13.1";
+    };
+
+    # DNS over DLS forwarding
+    forward-zone = {
+      name = ".";
+      forward-tls-upstream = true;
+
+      forward-addr = [
+        "5.1.66.255@853#dot.ffmuc.net"
+        "185.150.99.255@853#dot.ffmuc.net"
+        "89.233.43.71@853#unicast.censurfridns.dk"
+        "94.130.110.185@853#ns1.dnsprivacy.at"
+
+        "2001:678:e68:f000::@853#dot.ffmuc.net"
+        "2001:678:ed0:f000::@853#dot.ffmuc.net"
+        "2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
+        "2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
+        "2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"
+
+        "2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com"
+        "2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com"
+        "2a04:b900:0:100::38@853#getdnsapi.net"
+
+        "145.100.185.15@853#dnsovertls.sinodun.com"
+        "145.100.185.16@853#dnsovertls1.sinodun.com"
+        "185.49.141.37@853#getdnsapi.net"
+      ];
+    };
+  };
+}

hosts/fae.nix

@@ -0,0 +1,100 @@
+{
+  config,
+  lib,
+  pkgs,
+  profiles,
+  ...
+}: {
+  imports = [
+    # profiles.networking
+    #profiles.core
+    "${
+      fetchTarball {
+        url = "https://github.com/NixOS/nixos-hardware/archive/8f1bf828d8606fe38a02df312cf14546ae200a72.tar.gz";
+        sha256 = "11milap153g3f63fcrcv4777vd64f7wlfkk9p3kpxi6dqd2sxvh4";
+      }
+    }/raspberry-pi/4"
+    profiles.users.root # make sure to configure ssh keys
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.pub-solar-iso
+  ];
+
+  config = {
+    pub-solar.core.iso-options.enable = true;
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-label/NIXOS_SD";
+        fsType = "ext4";
+        options = ["noatime"];
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      (kodi-gbm.withPackages (p: with p; [jellyfin netflix youtube]))
+    ];
+
+    services.openssh.enable = true;
+
+    networking.firewall = {
+      allowedTCPPorts = [8080];
+      allowedUDPPorts = [8080];
+    };
+
+    security.sudo.extraConfig = lib.mkAfter ''
+      %wheel    ALL=(ALL) NOPASSWD:ALL
+    '';
+
+    nix = {
+      autoOptimiseStore = true;
+
+      gc.automatic = true;
+
+      optimise.automatic = true;
+
+      useSandbox = true;
+
+      allowedUsers = ["@wheel"];
+
+      trustedUsers = ["root" "@wheel"];
+
+      extraOptions = ''
+        min-free = 536870912
+        keep-outputs = true
+        keep-derivations = true
+        fallback = true
+      '';
+    };
+
+    # Enable GPU acceleration
+    hardware.raspberry-pi."4".fkms-3d.enable = true;
+
+    # Define a user account for kodi
+    users.extraUsers.kodi.isNormalUser = true;
+
+    services.xserver = {
+      enable = true;
+      desktopManager.kodi.enable = true;
+      desktopManager.kodi.package = pkgs.kodi-gbm;
+      displayManager = {
+        autoLogin.enable = true;
+        autoLogin.user = "kodi";
+      };
+    };
+
+    hardware.pulseaudio.enable = true;
+
+    # custom raspi boot loader is already present
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+    boot.kernelPackages = lib.mkForce pkgs.linuxPackages_rpi4;
+
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "21.05"; # Did you read the comment?
+  };
+}

hosts/powder/default.nix

@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./powder.nix
+  ];
+}

hosts/powder/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [];
+
+  boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  fileSystems."/data" = {
+    device = "/dev/disk/by-label/ephemeral0";
+    fsType = "ext4";
+    options = [
+      "defaults"
+      "nofail"
+    ];
+  };
+
+  swapDevices = [];
+
+  networking.useDHCP = lib.mkDefault false;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/powder/powder.nix

@@ -0,0 +1,88 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  profiles,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+
+    profiles.users.root # make sure to configure ssh keys
+    profiles.users.pub-solar
+    profiles.base-user
+  ];
+
+  config = {
+    pub-solar.core.iso-options.enable = true;
+
+    # Use the systemd-boot EFI boot loader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # Force getting the hostname from cloud-init
+    networking.hostName = lib.mkDefault "";
+
+    # Set your time zone.
+    # time.timeZone = "Europe/Amsterdam";
+
+    # Select internationalisation properties.
+    console = {
+      font = "Lat2-Terminus16";
+      keyMap = "us";
+    };
+
+    # List packages installed in system profile. To search, run:
+    # $ nix search wget
+    environment.systemPackages = with pkgs; [
+      git
+      vim
+      wget
+      caddy
+      # triton tools for retrieving metadata inside zones, e.g. mdata-get
+      inputs.triton-vmtools
+    ];
+
+    # Some programs need SUID wrappers, can be configured further or are
+    # started in user sessions.
+    # programs.mtr.enable = true;
+    # programs.gnupg.agent = {
+    #   enable = true;
+    #   enableSSHSupport = true;
+    # };
+
+    # List services that you want to enable:
+    services.cloud-init.enable = true;
+    services.cloud-init.ext4.enable = true;
+    services.cloud-init.network.enable = true;
+    # use the default NixOS cloud-init config, but add some SmartOS customization to it
+    environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = ''
+      datasource_list: [ SmartOS ]
+
+      # Do not create the centos/ubuntu/debian user
+      users: [ ]
+
+      # mount second disk with label ephemeral0, gets formated by cloud-init
+      # this will fail to get added to /etc/fstab as it's read-only, but should
+      # mount at boot anyway
+      mounts:
+      - [ vdb, /data, auto, "defaults,nofail" ]
+    '';
+
+    # Enable the OpenSSH daemon.
+    services.openssh.enable = true;
+
+    # Triton manages firewall rules via the triton fwrule subcommand
+    networking.firewall.enable = false;
+
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "22.05"; # Did you read the comment?
+  };
+}

hosts/ryzensun/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec qMasterPassword

hosts/ryzensun/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,2 @@
+# switch keyboard input language
+bindsym $mod+tab exec swaymsg input "1118:1896:Microsoft_Microsoft___SiderWinderTM_X4_Keyboard_Consumer_Control" xkb_switch_layout next

hosts/ryzensun/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,33 @@
+### Input configuration
+#
+# You can get the names of your inputs by running: swaymsg -t get_inputs
+# Read `man 5 sway-input` for more information about this section.
+
+input "type:keyboard" {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}
+
+input "type:touchpad" {
+  natural_scroll enabled
+}
+
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/ryzensun/.config/sway/config.d/screens.conf

@@ -0,0 +1,33 @@
+### Output configuration
+#
+# Example configuration:
+#
+#   output HDMI-A-1 resolution 1920x1080 position 1920,0
+#
+# You can get the names of your outputs by running: swaymsg -t get_outputs
+
+set $main_screen HDMI-A-1
+
+output $main_screen scale 2
+
+#bindswitch lid:on output $main_screen disable
+#bindswitch lid:off output $main_screen enable
+bindsym $mod+Shift+x output $main_screen toggle
+
+# TODO when using more monitors
+## Manual management of external displays
+# Set the shortcuts and what they do
+#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
+#mode "$mode_display" {
+#    bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
+#    bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
+#    bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+#    bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+#    bindsym o output HDMI-A-1 disable, mode "default"
+#
+#    # back to normal: Enter or Escape
+#    bindsym Return mode "default"
+#    bindsym Escape mode "default"
+#}
+## Declare here the shortcut to bring the display selection menu
+#bindsym $mod+x mode "$mode_display"

hosts/ryzensun/default.nix

@@ -0,0 +1,7 @@
+{suites, ...}: {
+  imports =
+    [
+      ./ryzensun.nix
+    ]
+    ++ suites.ryzensun;
+}

hosts/ryzensun/hardware-configuration.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/bad2e49e-c8e7-4516-a6f8-77db999d12b0";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ef6c5bb0-0bcf-4af4-bbc9-02c849999e54";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/2C62-C8B5";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+}

hosts/ryzensun/networking.nix

@@ -0,0 +1,84 @@
+{
+  hosts = {
+    "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
+    "10.0.0.66" = ["consul.service.cgn-1.consul"];
+    "10.0.1.9" = ["consul.service.lev-1.consul"];
+    "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
+    "10.0.0.200" = ["headnode.cgn-1"];
+    "10.0.0.201" = ["cn01.cgn-1"];
+    "10.0.0.202" = ["cn02.cgn-1"];
+    "10.0.0.205" = ["cn05.cgn-1"];
+    "10.0.0.206" = ["cn06.cgn-1"];
+    "10.0.0.207" = ["cn07.cgn-1"];
+    "10.0.0.208" = ["cn08.cgn-1"];
+    "10.0.1.200" = ["headnode.lev-1"];
+    "10.0.1.201" = ["cn01.lev-1"];
+    "10.0.1.202" = ["cn02.lev-1"];
+    "10.0.1.203" = ["cn03.lev-1"];
+    "10.0.1.204" = ["cn04.lev-1"];
+    "10.0.1.205" = ["cn05.lev-1"];
+    "10.0.1.206" = ["cn00.lev-1"];
+    "10.0.1.207" = ["cn06.lev-1"];
+    "10.0.1.208" = ["cn07.lev-1"];
+  };
+
+  wireguard.enable = true;
+  wg-quick.interfaces = {
+    wg0 = {
+      address = ["10.8.8.7/32"];
+      privateKeyFile = "/etc/wireguard/wg0.privatekey";
+
+      peers = [
+        {
+          publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
+          allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
+          endpoint = "85.88.23.16:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+    wg1 = {
+      address = ["10.11.11.6/32"];
+      privateKeyFile = "/etc/wireguard/wg1.privatekey";
+      mtu = 1300;
+
+      peers = [
+        {
+          publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
+          presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
+          allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
+          endpoint = "80.71.153.1:51820";
+          #persistentKeepalive = 16;
+        }
+      ];
+    };
+    #wg1 = {
+    #  address = [ "10.13.0.1/32" ];
+    #  privateKeyFile = "/etc/wireguard/wg1.privatekey";
+    #  mtu = 1412;
+
+    #  peers = [
+    #    {
+    #      publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
+    #      allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
+    #      endpoint = "[2a00:6020:48ad:dd00:dea6:32ff:fe85:3306]:51820";
+    #      persistentKeepalive = 25;
+    #    }
+    #  ];
+    #};
+    #wg2 = {
+    #  address = [ "10.6.6.4/32" ];
+    #  privateKeyFile = "/etc/wireguard/wg2.privatekey";
+
+    #  peers = [
+    #    {
+    #      publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
+    #      presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
+    #      allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
+    #      endpoint = "85.88.23.127:51820";
+    #      persistentKeepalive = 16;
+    #    }
+    #  ];
+    #};
+  };
+}

hosts/ryzensun/ryzensun.nix

@@ -0,0 +1,66 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    age.secrets.environment-secrets = {
+      file = "${self}/secrets/environment-secrets.age";
+      mode = "700";
+      owner = "teutat3s";
+    };
+    age.secrets.docker-ci-runner-secrets = {
+      file = "${self}/secrets/docker-ci-runner-secrets.age";
+      mode = "700";
+      owner = "999";
+    };
+
+    pub-solar.nextcloud.enable = mkForce false;
+    pub-solar.docker.enable = true;
+    pub-solar.virtualisation.enable = true;
+    pub-solar.docker-ci-runner = {
+      enable = false;
+      runnerEnvironment = {
+        DRONE_RUNNER_CAPACITY = "1";
+        DRONE_RUNNER_LABELS = "hosttype:baremetal";
+      };
+      runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path;
+    };
+
+    pub-solar.audio.mopidy.enable = mkForce false;
+
+    networking = import ./networking.nix;
+
+    # Increase console font size for HiDPI display
+    console = {
+      earlySetup = true;
+      font = lib.mkForce "ter-i32b";
+      packages = [pkgs.terminus_font];
+    };
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+      "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "21.05"; # Did you read the comment?
+  };
+}

modules/core/boot.nix

@@ -35,8 +35,8 @@ in {
 
       loader.systemd-boot.enable = lib.mkDefault true;
 
-      # Use latest LTS linux kernel by default
-      kernelPackages = lib.mkDefault pkgs.linuxPackages_6_1;
+      # Use latest linux kernel by default
+      kernelPackages = lib.mkDefault pkgs.linuxPackages_6_5;
 
       # Support ntfs drives
       supportedFilesystems = ["ntfs"];

modules/core/networking.nix

@@ -36,7 +36,8 @@ in {
     networking.networkmanager = {
       # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
       enable = true;
-      wifi.backend = "iwd";
+      # not as stable as wpa_supplicant yet, also more trouble with 5 GHz networks
+      #wifi.backend = "iwd";
     };
 
     networking.firewall.enable = true;
@@ -56,12 +57,12 @@ in {
 
     # Caddy reverse proxy for local services like cups
     services.caddy = {
-      enable = lib.mkDefault cfg.enableCaddy;
-      globalConfig = lib.mkDefault ''
+      enable = lib.mkForce cfg.enableCaddy;
+      globalConfig = lib.mkForce ''
         default_bind 127.0.0.1
         auto_https off
       '';
-      extraConfig = lib.mkDefault (concatStringsSep "\n" [
+      extraConfig = lib.mkForce (concatStringsSep "\n" [
         (lib.optionalString
           config.pub-solar.printing.enable
           ''
@@ -76,6 +77,9 @@ in {
           ''
             help.local:80 {
               root * ${pkgs.psos-docs}/lib/html
+              # Caddy builds the etag with only the file size & latest modified
+              # date, which is always 1970-01-01 in the Nix store
+              header -ETag
               file_server
             }
           '')

modules/devops/default.nix

@@ -16,6 +16,8 @@ in {
     home-manager = with pkgs;
       pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
         home.packages = [
+          fwknop
+          croc
           drone-cli
           nmap
           pgcli
@@ -24,6 +26,8 @@ in {
           restic
           shellcheck
           terraform
+          flyctl
+          tea
         ];
       };
   };

modules/docker/default.nix

@@ -14,6 +14,7 @@ in {
 
   config = mkIf cfg.enable {
     virtualisation.docker.enable = true;
+    virtualisation.docker.package = pkgs.docker_24;
     users.users = with pkgs;
       pkgs.lib.setAttrByPath [psCfg.user.name] {
         extraGroups = ["docker"];

modules/graphical/default.nix

@@ -72,6 +72,8 @@ in {
       style = "gtk2";
     };
 
+    gtk.iconCache.enable = true;
+
     # Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME
     programs.dconf.enable = true;
     services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon];

modules/printing/default.nix

@@ -22,8 +22,13 @@ in {
     services.printing.listenAddresses = ["localhost:631"];
     services.printing.allowFrom = ["all"];
     services.printing.defaultShared = false;
-    services.printing.drivers = [
-      pkgs.gutenprint
+    services.printing.drivers = with pkgs; [
+      gutenprint
+      brgenml1lpr
+      brgenml1cupswrapper
+      brlaser
+      cnijfilter2
+      cups-brother-hl3140cw
     ];
     hardware.sane = {
       enable = true;

modules/social/default.nix

@@ -16,6 +16,7 @@ in {
     home-manager = with pkgs;
       pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
         home.packages = [
+          gurk-rs
           signal-desktop
           tdesktop
           element-desktop

modules/sway/config/config.d/custom-keybindings.conf

@@ -2,7 +2,7 @@
 bindsym $mod+z exec --no-startup-id morc_menu
 
 # switch keyboard input language
-bindsym $mod+tab exec toggle-kbd-layout
+#bindsym $mod+tab exec toggle-kbd-layout
 
 ################################################################################################
 ## sound-section -  ##
@@ -21,6 +21,10 @@ bindsym $mod+F2 exec firefox
 bindsym $mod+F4 exec nautilus -w
 bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
 
+# Notifications with swaynotificationcenter
+# Toggle control center
+bindsym $mod+Shift+n exec swaync-client -t -sw
+
 bindsym $mod+Shift+m exec qMasterPassword
 
 # Screenshots and screen recordings

modules/sway/default.nix

@@ -64,6 +64,7 @@ in {
             kanshi
             mako
             slurp
+            swaynotificationcenter
             swayidle
             swaylock
             swaybg
@@ -89,7 +90,7 @@ in {
           programs.waybar.enable = true;
           #programs.waybar.systemd.enable = true;
 
-          systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
+          systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs;
           systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
           systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
           systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};

modules/sway/mako.service.nix

@@ -1,18 +0,0 @@
-{pkgs, ...}: {
-  Unit = {
-    Description = "Lightweight Wayland notification daemon";
-    Documentation = ["man:mako(1)"];
-    BindsTo = ["sway-session.target"];
-    After = ["sway-session.target"];
-    ConditionEnvironment = ["WAYLAND_DISPLAY"];
-  };
-  Service = {
-    Type = "dbus";
-    BusName = "org.freedesktop.Notifications";
-    ExecStart = "${pkgs.mako}/bin/mako";
-    ExecReload = "${pkgs.mako}/bin/makoctl reload";
-  };
-  Install = {
-    WantedBy = ["sway-session.target"];
-  };
-}

modules/sway/swayidle.service.nix

@@ -14,7 +14,7 @@
     Type = "simple";
     Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
     ExecStart =
-      ''        swayidle -w \
+      ''        ${pkgs.swayidle}/bin/swayidle -w \
                 after-resume 'swaymsg "output * dpms on"' \
                 before-sleep 'swaylock-bg' ''
       + (

modules/sway/swaynotificationcenter.service.nix

@@ -0,0 +1,21 @@
+pkgs: {
+  Unit = {
+    Description = "Swaync notification daemon";
+    Documentation = "https://github.com/ErikReider/SwayNotificationCenter";
+    BindsTo = ["sway-session.target"];
+    After = ["sway-session.target"];
+    Requisite = ["graphical-session.target"];
+    # ConditionEnvironment requires systemd v247 to work correctly
+    ConditionEnvironment = ["WAYLAND_DISPLAY"];
+  };
+  Service = {
+    Type = "dbus";
+    BusName = "org.freedesktop.Notifications";
+    ExecStart = "${pkgs.swaynotificationcenter}/bin/swaync";
+    ExecReload = "${pkgs.swaynotificationcenter}/bin/swaync-client --reload-config ; ${pkgs.swaynotificationcenter}/bin/swaync-client --reload-css";
+    Restart = "on-failure";
+  };
+  Install = {
+    WantedBy = ["sway-session.target"];
+  };
+}

modules/sway/waybar.service.nix

@@ -10,7 +10,7 @@
 
   Service = {
     Type = "dbus";
-    Environment = "PATH=${pkgs.bash}/bin:${pkgs.pavucontrol}/bin";
+    Environment = "PATH=${pkgs.bash}/bin:${pkgs.pavucontrol}/bin:${pkgs.swaynotificationcenter}/bin";
     BusName = "fr.arouillard.waybar";
     ExecStart = "${pkgs.waybar}/bin/waybar";
   };

modules/terminal-life/bash/default.nix

@@ -85,6 +85,7 @@ in {
     fi
 
     # end of .bashrc
+
     # Somehow we need to ensure starship starts later than ble.sh
     # (possible packaging issue?)
     # https://github.com/akinomyoga/ble.sh/issues/333

modules/terminal-life/default.nix

@@ -47,6 +47,7 @@ in {
           gh
           glow
           jump
+          mdbook-multilang
           (nnn.overrideAttrs (o: {
             patches =
               (o.patches or [])
@@ -54,9 +55,12 @@ in {
                 ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
               ];
           }))
+          notes
           powerline
+          python-wiki-fetch
           silver-searcher
           watson
+          tree
         ];
 
         programs.bash = import ./bash {

modules/terminal-life/nvim/default.nix

@@ -171,6 +171,9 @@ in {
       emmet-vim
       # Caddyfile syntax support for Vim
       vim-caddyfile-nvfetcher
+
+      # Fix TOFU hashes when writing nix derivations without leaving neovim
+      vim-nixhash
     ];
 
   extraConfig = builtins.concatStringsSep "\n" [

modules/terminal-life/nvim/lsp.vim

@@ -146,6 +146,7 @@ lua <<EOF
             ['settings'] = {
                 ['yaml'] = {
                     ['schemas'] = {
+                        ["https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/v1.18.1-standalone-strict/all.json"] = ".sensu/*.{yml,yaml}",
                         ['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}',
                         ['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
                         ['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',

modules/terminal-life/nvim/ui.vim

@@ -1,18 +1,18 @@
-let g:base16_shell_path = $XDG_DATA_HOME . "/scripts/base16.sh"
-let base16colorspace = 256
+"let g:base16_shell_path = $XDG_DATA_HOME . "/scripts/base16.sh"
+"let base16colorspace = 256
 set termguicolors
-let g:sonokai_style = 'shusia'
-let g:sonokai_enable_italic = 1
-let g:sonokai_disable_italic_comment = 1
-let g:sonokai_transparent_background = 1
-colorscheme sonokai
+"let g:sonokai_style = 'shusia'
+"let g:sonokai_enable_italic = 1
+"let g:sonokai_disable_italic_comment = 1
+"let g:sonokai_transparent_background = 1
 set background=dark
+colorscheme apprentice
 
 let g:airline#extensions#tabline#enabled = 1 " Enable the list of buffers
 let g:airline#extensions#tabline#fnamemod = ':t' " Show just the filename
 let g:airline#extensions#tabline#formatter = 'unique_tail_improved'
 let g:airline_powerline_fonts = 1 " Use powerline fonts
-let g:airline_theme = 'sonokai'
+let g:airline_theme = 'apprentice'
 
 " Customize fzf colors to match your color scheme
 " - fzf#wrap translates this to a set of `--color` options

modules/virtualisation/default.nix

@@ -38,6 +38,7 @@ in {
       libvirt
       libvirt-glib
       qemu
+      vagrant
       virt-manager
       python3Packages.libvirt
       gvfs
@@ -57,14 +58,14 @@ in {
     systemd.tmpfiles.rules = [
       "f  /dev/shm/looking-glass  0660  ${psCfg.user.name}  kvm"
     ];
-    networking.bridges.virbr1.interfaces = [];
-    networking.interfaces.virbr1 = {
-      ipv4.addresses = [
-        {
-          address = "192.168.123.1";
-          prefixLength = 24;
-        }
-      ];
-    };
+    #networking.bridges.virbr1.interfaces = [];
+    #networking.interfaces.virbr1 = {
+    #  ipv4.addresses = [
+    #    {
+    #      address = "192.168.123.1";
+    #      prefixLength = 24;
+    #    }
+    #  ];
+    #};
   };
 }

overlays/element-desktop.nix

@@ -0,0 +1,5 @@
+final: prev: {
+  element-desktop = prev.element-desktop.override {
+    electron = prev.electron_26;
+  };
+}

overlays/mdbook-multilang.nix

@@ -0,0 +1,20 @@
+channels: final: prev: {
+  mdbook-multilang = channels.nixos-22-05.mdbook.overrideAttrs (oldAttrs: rec {
+    pname = "mdbook";
+
+    version = "pr1306";
+
+    src = prev.fetchFromGitHub {
+      owner = "Ruin0x11";
+      repo = "mdBook";
+      rev = "9d8147c52dd9d50047ba5b29e4af99f92577806e";
+      sha256 = "sha256-gJnQKHssO2ChiT4d037Lncd7hiOa5uh756p8TzPzbgQ=";
+    };
+
+    cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const {
+      name = "${pname}-vendor.tar.gz";
+      inherit src;
+      outputHash = "sha256-QCEyl5FZqECYYb5eRm8mn+R6owt+CLQwCq/AMMPygE0=";
+    });
+  });
+}

overlays/overrides.nix

@@ -3,10 +3,29 @@ channels: final: prev: {
 
   inherit
     (channels.latest)
+    _1password
+    _1password-gui
     nixd
+    thunderbird
+    docker_24
+    flyctl
+    slack
+    ;
+
+  inherit
+    (channels.fork)
     nvfetcher
     ;
 
+  inherit
+    (channels.master)
+    ;
+
+  inherit
+    (channels.nixos-22-05)
+    terraform
+    ;
+
   haskellPackages =
     prev.haskellPackages.override
     (old: {
@@ -22,4 +41,7 @@ channels: final: prev: {
     });
 
   vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;};
+
+  # Example to override node package
+  # nodePackages = prev.nodePackages // { inherit (channels.latest.nodePackages) manta; };
 }

overlays/prr-remote-origin-trailing-slash.patch

@@ -0,0 +1,13 @@
+diff --git a/lib/prr.js b/lib/prr.js
+index f654142..c1b0e41 100755
+--- a/lib/prr.js
++++ b/lib/prr.js
+@@ -133,7 +133,7 @@ function determineGitRepo(args, cb) {
+             return;
+         }
+ 
+-        var url = stdout.replace(/\n/, '');
++        var url = stdout.replace(/\/?\n/, '');
+         var gitUser = '';
+         var gitRepoName = '';
+

overlays/prr.nix

@@ -0,0 +1,32 @@
+final: prev: {
+  prr = prev.buildNpmPackage {
+    pname = "prr";
+    version = "unstable-2022-06-05";
+
+    src = prev.fetchFromGitHub {
+      owner = "TritonDataCenter";
+      repo = "prr";
+      rev = "bfbce27d955b6b75729ef647cec9f81dc04fea3c";
+      hash = "sha256-Z5sKddpHmSJxzacMOuDOxMxBpjApS7FWCWRelHMi/4g=";
+    };
+
+    npmDepsHash = "sha256-wVh3WCuUn9l/gILx25tgxTwtwH0Q19lpXTU8gOHWsCg=";
+
+    patches = [./prr-remote-origin-trailing-slash.patch];
+
+    dontBuild = true;
+    installPhase = ''
+      npmInstallHook
+
+      mkdir -p $out/bin
+      ln -s $out/lib/node_modules/prr/bin/prr $out/bin/prr
+    '';
+
+    meta = with prev.lib; {
+      homepage = "https://github.com/TritonDataCenter/prr";
+      description = "Tooling to assist with GitHub pull requests";
+      platforms = ["x86_64-linux"];
+      maintainers = with maintainers; [teutat3s];
+    };
+  };
+}

overlays/python-wik.nix

@@ -0,0 +1,25 @@
+final: prev:
+with prev.python3Packages; {
+  python-wiki-fetch = buildPythonPackage rec {
+    inherit (prev.sources.wik) pname version src;
+
+    checkPhase = ''
+      cd test
+      ${python.interpreter} test.py
+    '';
+
+    format = "flit";
+
+    propagatedBuildInputs = [
+      beautifulsoup4
+      requests
+    ];
+
+    meta = with prev.lib; {
+      description = "wik is a tool to view wikipedia pages from your terminal";
+      homepage = "https://github.com/yashsinghcodes/wik";
+      license = licenses.mit;
+      maintainers = with maintainers; [teutat3s];
+    };
+  };
+}

overlays/signal-desktop.nix

@@ -0,0 +1,19 @@
+final: prev: {
+  signal-desktop = prev.signal-desktop.overrideAttrs (oldAttrs: rec {
+    inherit (oldAttrs) pname;
+    dir = "Signal";
+
+    preFixup = ''
+      gappsWrapperArgs+=(
+        --prefix LD_LIBRARY_PATH : "${prev.lib.makeLibraryPath [prev.stdenv.cc.cc]}"
+        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}"
+        --suffix PATH : ${prev.lib.makeBinPath [prev.xdg-utils]}
+      )
+      # Fix the desktop link
+      substituteInPlace $out/share/applications/${pname}.desktop \
+        --replace "/opt/${dir}/${pname}" $out/bin/${pname}
+      autoPatchelf --no-recurse -- "$out/lib/${dir}/"
+      patchelf --add-needed ${prev.libpulseaudio}/lib/libpulse.so "$out/lib/${dir}/resources/app.asar.unpacked/node_modules/@signalapp/ringrtc/build/linux/libringrtc-x64.node"
+    '';
+  });
+}

pkgs/_sources/generated.nix

@@ -111,4 +111,16 @@
     };
     date = "2022-07-03";
   };
+  wik = {
+    pname = "wik";
+    version = "37207e7cf2955c494a55701cb81d388cc349b6ea";
+    src = fetchFromGitHub {
+      owner = "yashsinghcodes";
+      repo = "wik";
+      rev = "37207e7cf2955c494a55701cb81d388cc349b6ea";
+      fetchSubmodules = false;
+      sha256 = "sha256-oSHL3jYFuvJY1W7N9/CvFClFakz9f35RHg77AbMRfsI=";
+    };
+    date = "2023-03-16";
+  };
 }

pkgs/cockroach.nix

@@ -0,0 +1,24 @@
+self:
+with self;
+  stdenv.mkDerivation rec {
+    pname = "cockroachdb";
+    version = "22.2.7";
+
+    src = fetchurl {
+      url = "https://binaries.cockroachdb.com/cockroach-v${version}.linux-amd64.tgz";
+      sha256 = "sha256-do426BaZdPqXcc/aQnRAgVTBCJ/OiNbSuCpwVTM2m0I=";
+    };
+    buildInputs = [stdenv.cc.cc];
+    nativeBuildInputs = [autoPatchelfHook];
+
+    installPhase = ''
+      install -D -m755 cockroach $out/bin/cockroach
+      cp -r lib $out/lib
+    '';
+    meta = with lib; {
+      homepage = "https://www.cockroachlabs.com";
+      description = "A scalable, survivable, strongly-consistent SQL database";
+      platforms = ["x86_64-linux"];
+      maintainers = with maintainers; [mic92];
+    };
+  }

pkgs/default.nix

@@ -3,11 +3,13 @@ with final; {
   # keep sources this first
   sources = prev.callPackage (import ./_sources/generated.nix) {};
   # then, call packages with `final.callPackage`
+  gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final);
   import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
   lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);
   mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);
   mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
   mu = writeShellScriptBin "mu" (import ./mu.nix final);
+  notes = writeShellScriptBin "notes" (import ./notes.nix final);
   psos = writeShellScriptBin "psos" (import ./psos.nix final);
   psos-docs = import ./psos-docs.nix final;
   s = writeShellScriptBin "s" (import ./s.nix final);
@@ -19,6 +21,7 @@ with final; {
   wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
   drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
   record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
+  cockroach-bin = import ./cockroach.nix final;
 
   # ps-fixes
 }

pkgs/gpu-switch.nix

@@ -0,0 +1,70 @@
+self:
+with self; ''
+  # Copyright (c) 2014-2015 Bruno Bierbaumer, Andreas Heider
+
+  readonly sysfs_efi_vars='/sys/firmware/efi/efivars'
+  readonly efi_gpu='gpu-power-prefs-fa4ce28d-b62f-4c99-9cc3-6815686e30f9'
+
+  usage(){
+    cat <<EOF
+  Usage:
+    $(basename $0) --integrated   # Switch to the integrated GPU
+    $(basename $0) --dedicated    # Switch to the dedicated GPU
+    $(basename $0) --help         # Show this message
+
+  Switches between the integrated and dedicated graphics cards of a dual-GPU
+  MacBook Pro for the next reboot.
+
+  Arguments:
+    -i, --integrated
+    -d, --dedicated
+    -h, --help
+
+  Tested hardware:
+    MacBook Pro 5,2  (Early 2009, Non-Retina)
+    MacBook Pro 5,3  (Mid   2009, Non-Retina)
+    MacBook Pro 8,2  (Late  2011, Non-Retina)
+    MacBook Pro 9,1  (Mid   2012, Non-Retina)
+    MacBook Pro 10,1 (Mid   2012, Retina)
+    MacBook Pro 11,3 (Late  2013, Retina)
+    MacBook Pro 11,5 (Mid   2015, Retina)
+  EOF
+  }
+
+  switch_gpu(){
+    if ! [ -d /sys/firmware/efi ]; then
+      printf "Fatal: $(basename $0) has to be run in EFI mode.\n" 1>&2
+      exit 1
+    fi
+
+    if ! mount | grep -q $sysfs_efi_vars; then
+      if ! mount -t efivarfs none $sysfs_efi_vars; then
+        printf "Fatal: Couldn't mount ''${sysfs_efi_vars}.\n" 1>&2
+        exit 1
+      fi
+    fi
+    chattr -i "''${sysfs_efi_vars}/''${efi_gpu}" 2> /dev/null
+    printf "\x07\x00\x00\x00\x''${1}\x00\x00\x00" > "''${sysfs_efi_vars}/''${efi_gpu}"
+  }
+
+  if [ $# -ne 1 ]; then
+    usage 1>&2
+    exit 1
+  fi
+
+  case "$1" in
+    -i|--integrated)
+      switch_gpu 1
+    ;;
+    -d|--dedicated)
+      switch_gpu 0
+    ;;
+    -h|--help)
+      usage
+    ;;
+    *)
+      usage 1>&2
+      exit 1
+    ;;
+  esac
+''

pkgs/notes.nix

@@ -0,0 +1,20 @@
+self:
+with self; ''
+  #
+  # ack recursively through notes
+  #
+  # uses ack: https://beyondgrep.com
+
+  NOTESDIR=~/pub.solar-nc/Notes
+  ACK_PREFIX="ack --files-with-matches"
+  cd $NOTESDIR || exit
+  file="$(
+      FZF_DEFAULT_COMMAND="$ACK_PREFIX '$1'" \
+      fzf --sort --preview="[[ ! -z {} ]] && ack --colour --context 5 {q} {}" \
+          --phony -q "$1" \
+          --bind "change:reload:$ACK_PREFIX {q}" \
+          --preview-window="70%:wrap"
+  )" &&
+  echo "opening $file" &&
+  bat --theme=TwoDark "$file"
+''

pkgs/sources.toml

@@ -3,6 +3,10 @@
 src.git = "https://github.com/mlvzk/manix"
 fetch.github = "mlvzk/manix"
 
+[wik]
+src.git = "https://github.com/yashsinghcodes/wik"
+fetch.github = "yashsinghcodes/wik"
+
 [rnix-lsp-nvfetcher]
 src.git = "https://github.com/nix-community/rnix-lsp"
 fetch.github = "nix-community/rnix-lsp"

profiles/base-user/.config/swaync/config.json

@@ -0,0 +1,12 @@
+{
+  "positionX": "right",
+  "positionY": "top",
+  "timeout": 10,
+  "timeout-low": 5,
+  "timeout-critical": 0,
+  "notification-window-width": 500,
+  "keyboard-shortcuts": true,
+  "image-visibility": "always",
+  "transition-time": 200,
+  "hide-on-clear": false
+}

profiles/base-user/.config/swaync/style.css

@@ -0,0 +1,149 @@
+/*
+ * vim: ft=less
+ */
+
+@define-color border-color rgb(7, 7, 7);
+@define-color bg rgb(58, 58, 58);
+@define-color bg-hover rgb(68, 68, 68);
+@define-color bg-focus rgba(68, 68, 68, 0.6);
+@define-color bg-selected rgb(0, 128, 255);
+
+.notification-row {
+  outline: none;
+}
+.notification-row:focus,
+.notification-row:hover {
+  background: @bg-focus;
+}
+
+.notification {
+  border-radius: 10px;
+  margin: 6px 12px;
+  box-shadow: 0px 2px 4px 2px rgba(0, 0, 0, 0.3);
+  padding: 0;
+}
+
+.notification-content {
+  background: transparent;
+  padding: 6px;
+  border-radius: 10px;
+}
+
+.close-button {
+  background: black;
+  color: white;
+  text-shadow: none;
+  padding: 0 2px;
+  box-shadow: 0px 2px 4px 2px rgba(0, 0, 0, 0.3);
+  border-radius: 100%;
+}
+.close-button:hover {
+  background: rgb(30, 30, 30);
+  transition: all 0.15s ease-in-out;
+}
+
+.notification-default-action,
+.notification-action {
+  padding: 4px;
+  margin: 0;
+  box-shadow: none;
+  background: @bg;
+  border: 1px solid @border-color;
+}
+
+.notification-default-action:hover,
+.notification-action:hover {
+  background: @bg-hover;
+}
+
+.notification-default-action {
+  border-radius: 10px;
+}
+
+/* When alternative actions are visible */
+.notification-default-action:not(:only-child) {
+  border-bottom-left-radius: 0px;
+  border-bottom-right-radius: 0px;
+}
+
+.notification-action {
+  border-radius: 0px;
+  border-top: none;
+  border-right: none;
+}
+
+/* add bottom border radius to eliminate clipping */
+.notification-action:first-child {
+  border-bottom-left-radius: 10px;
+}
+.notification-action:last-child {
+  border-bottom-right-radius: 10px;
+  border-right: 1px solid @border-color;
+}
+
+.image {
+}
+
+.body-image {
+  margin-top: 6px;
+  background-color: white;
+  border-radius: 10px;
+}
+
+.summary {
+  color: white;
+  text-shadow: none;
+}
+
+.time {
+  color: white;
+  text-shadow: none;
+}
+
+.body {
+  background: transparent;
+  color: white;
+  text-shadow: none;
+}
+
+.top-action-title {
+  color: white;
+  text-shadow: none;
+}
+
+.control-center-clear-all {
+  color: white;
+  text-shadow: none;
+  background: @bg;
+  border: 1px solid @border-color;
+  box-shadow: none;
+  border-radius: 10px;
+}
+.control-center-clear-all:hover {
+  background: @bg-hover;
+}
+
+.control-center-dnd {
+  border-radius: 10px;
+  background: @bg;
+  border: 1px solid @border-color;
+  box-shadow: none;
+}
+
+.control-center-dnd:checked {
+  background: @bg-selected;
+}
+.control-center-dnd slider {
+  background: @bg-hover;
+}
+
+.control-center {
+  background: rgba(0, 0, 0, 0.7);
+}
+.control-center-list {
+  background: transparent;
+}
+
+.floating-notifications {
+  background: transparent;
+}

profiles/base-user/.config/waybar/config

@@ -4,30 +4,40 @@
 
   "height": 26, // Waybar height
   "modules-left": ["sway/workspaces", "sway/mode"],
-  //"modules-center": ["mpd"],
-  "modules-right": ["sway/language", "pulseaudio", "network", "idle_inhibitor", "battery", "clock", "tray"],
+  "modules-center": ["network"],
+  "modules-right": [
+    "sway/language",
+    "backlight",
+    "custom/notification",
+    "pulseaudio",
+    "idle_inhibitor",
+    "battery",
+    "clock",
+    "tray"
+  ],
   "sway/workspaces": {
-    "disable-scroll": true
+      "disable-scroll": true
   },
   "sway/mode": {
   "tooltip": false,
-    "format": "{}"
+      "format": "{}"
   },
   "sway/window": {
-    "tooltip": false,
-    "max-length": 96
+  "tooltip": false,
+      "max-length": 96
   },
   "sway/language": {
-    "format": "{}",
-    "max-length": 50
+  "format": "{}",
+  "max-length": 50
   },
   "tray": {
-    "icon-size": 21,
-    "spacing": 10
+      "icon-size": 21,
+      "spacing": 10
   },
   "clock": {
       "tooltip-format": "<tt><small>{calendar}</small></tt>",
-      "format-alt": "{:%a %d. %h %H:%M}",
+      "format": "{:%H:%M} ",
+      "format-alt": "{:%a %d. %h %H:%M} ",
       //"on-scroll": {
       //    "calendar": 1
       //}
@@ -42,64 +52,69 @@
               "today":      "<span color='#ff6699'><b><u>{}</u></b></span>"
           },
       },
+      "actions":  {
+          "on-click-right": "mode",
+          "on-click-forward": "tz_up",
+          "on-click-backward": "tz_down",
+          "on-scroll-up": "shift_up",
+          "on-scroll-down": "shift_down"
+      }
   },
   "backlight": {
-    // "device": "acpi_video1",
-    "tooltip": true,
-    "tooltip-format": "Brightness: <big>{percent}%</big>",
-    "format": "<span font='10'>{icon}</span>",
-    "format-icons": ["", ""]
+      "device": "acpi_video0",
+      "format": "<span font='10'> {percent}%</span> {icon}",
+      "format-icons": ["", ""]
   },
   "cpu": {
-    "format": "{}% "
+      "format": "{}% "
   },
   "memory": {
-    "format": "{}% "
+      "format": "{}% "
   },
   "idle_inhibitor": {
-    "format": "<span font='10'>{icon} </span>",
-    "format-icons": {
-      "activated": "",
-      "deactivated": ""
-    }
+      "format": "{icon} ",
+      "format-icons": {
+          "activated": "",
+          "deactivated": ""
+      }
   },
   "battery": {
-    "tooltip": false,
-    "states": {
-      "critical": 25
-    },
-    "full-at": 84,
-    "format": "<span font='10'>{icon}</span> {capacity}%",
-    "format-full": "<span font='10'>{icon}</span>",
-    "format-icons": ["", "", "", "", ""],
+      "tooltip": false,
+      "states": {
+          "critical": 25
+      },
+      //"full-at": 84,
+      "format": "{icon}<span font='10'> {capacity}%</span>",
+      "format-full": "{icon}",
+      "format-icons": ["", "", "", "", ""],
   },
   "network": {
-    "interval": 3,
-    "tooltip": true,
-    //"interface": "wlp4s0", // (Optional) To force the use of this interface          \uF2E7,
-    "format-wifi": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
-    "format-ethernet": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
-    "format-disconnected": "",
-    "tooltip-format-wifi": "{essid} ({signalStrength}%)  {ipaddr}",
-    "tooltip-format-ethernet": "{ifname}  {ipaddr}"
+      "interval": 3,
+      "tooltip": true,
+      //"interface": "wlp4s0", // (Optional) To force the use of this interface          \uF2E7,
+      "format-wifi": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
+      "format-ethernet": "<span font='10'></span> \uf062 {bandwidthUpBits} | \uf063 {bandwidthDownBits}",
+      "format-disconnected": "",
+      "tooltip-format-wifi": "{essid} ({signalStrength}%)  {ipaddr}",
+      "tooltip-format-ethernet": "{ifname}  {ipaddr}"
   },
   //\ue04f{volume}%
   "pulseaudio": {
-    "tooltip": false,
-    "format": "{volume}% <span font='10'>{icon}</span>",
-    "format-bluetooth": "{volume}% <span font='10'>{icon}</span>",
-    "format-muted": "",
-    "on-click": "pavucontrol",
-    "format-alt": "{volume}% <span font='10'>{icon}</span>",
-    "format-icons": {
-      "headphones": "",
-      "handsfree": "",
-      "headset": "",
-      "phone": "",
-      "portable": "",
-      "car": "",
-      "default": ["","", ""]
-    }
+      "tooltip": false,
+      "format": "<span font='10'>{volume}%</span> {icon}",
+      "format-bluetooth": "{volume}% <span font='10'>{icon}</span>",
+      "format-muted": "",
+      "on-click": "pavucontrol",
+      "format-alt": "{volume}% <span font='10'>{icon}</span>",
+      "format-icons": {
+          "headphones": "",
+          "handsfree": "",
+          "headset": "",
+          "phone": "",
+          "portable": "",
+          "car": "",
+          "default": ["","", ""]
+      }
   },
   "mpd": {
     "format": "{artist} - {title} <span color=\"#999999\">[<span color=\"#ffffff\">{elapsedTime:%M:%S}</span> / {totalTime:%M:%S}]</span>",
@@ -112,5 +127,21 @@
     },
     "tooltip-format": "MPD (connected)",
     "tooltip-format-disconnected": "MPD (disconnected)"
-  }
+  },
+  "custom/notification": {
+    "tooltip": false,
+    "format": " {icon}",
+    "format-icons": {
+      "notification": "<span foreground='red'><sup></sup></span>",
+      "none": "",
+      "dnd-notification": "<span foreground='red'><sup></sup></span>",
+      "dnd-none": ""
+    },
+    "return-type": "json",
+    "exec-if": "which swaync-client",
+    "exec": "swaync-client -swb",
+    "on-click": "swaync-client -t -sw",
+    "on-click-right": "swaync-client -d -sw",
+    "escape": true
+  },
 }

profiles/base-user/.config/waybar/style.css

@@ -1,19 +1,18 @@
 @import "./colorscheme.css";
 
-* {
-    min-height: 0;
-    border: none;
-}
-
 window#waybar {
     font-family: Hack, FontAwesome;
     font-weight: 500;
     font-size: 14px;
-    background: rgba(11, 12, 13, 0.90);
+    /*background: rgba(11, 12, 13, 0.90);*/
+    background-color: rgba(0, 0, 0, 0);
     border-bottom: 1px solid  rgba(0, 0, 2, 0.53);
     color: @base04;
 }
 
+window#waybar.hidden {
+    opacity: 0.2;
+}
 
 #workspaces button {
     font-size: 14px;
@@ -23,7 +22,6 @@ window#waybar {
     color: @base04;
 }
 
-
 #workspaces button.focused {
     color: #f85e84;
     color: @base07;
@@ -47,32 +45,36 @@ window#waybar {
 }
 
 #battery {
-  font-size: 12px;
+    font-size: 12px;
 }
 
 #battery.critical {
-  color: @base07;
+    color: @base07;
 }
+
 #battery.charging {
     color: @base0B;
 }
+
 #battery.full {
     margin: 0px 0px 0px 0px;
 }
 
-
 #network {
     border-top: 1px solid transparent;
+    color: rgba(255,255,255,0.3);
 }
+
 #network.disconnected {
     margin: 0px 0px 0px 0px;
     color: rgba(75, 81, 98, 0);
 }
 
-
 #pulseaudio.muted {
     margin: 0px 0px 0px 0px;
     color: rgba(75, 81, 98, 0);
 }
 
-
+#custom-notification {
+  font-family: "NotoSansMono Nerd Font";
+}

profiles/base-user/home.nix

@@ -62,6 +62,8 @@ in {
     xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
     xdg.configFile."mako/config".source = ./.config/mako/config;
     xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
+    xdg.configFile."swaync/config.json".source = ./.config/swaync/config.json;
+    xdg.configFile."swaync/style.css".source = ./.config/swaync/style.css;
     xdg.configFile."waybar/config".source = ./.config/waybar/config;
     xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
     xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;

profiles/base-user/mimeapps.nix

@@ -22,6 +22,6 @@
     "x-scheme-handler/https" = ["firefox.desktop"];
     "x-scheme-handler/mailto" = ["userapp-Thunderbird.desktop"];
     "x-scheme-handler/msteams" = ["teams.desktop"];
-    "x-scheme-handler/tg" = ["userapp-Telegram Desktop-JBKFU0.desktop"];
+    "x-scheme-handler/tg" = ["userapp-Telegram Desktop-1RE3J1.desktop"];
   };
 }

profiles/gaming/default.nix

@@ -1,12 +0,0 @@
-{
-  self,
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) fileContents;
-in {
-  pub-solar.gaming.enable = true;
-  pub-solar.docker.enable = true;
-}

secrets/example-secret.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 Wp/X/Q rilMAu0gNVmM5kzkfI6LHy8LYpqu6OJ68lnf+/IFuQA
+7VAOcxVWeIfix5Imuz9IACxHSL/Lfpj4xUmGBTrSs+E
+-> ssh-ed25519 8U1+ng yHW9NoLk8yIn7q5jzi4cB2TcOMJMjdr0KX9nmhgsVU4
+mVB5vqHmlyRQwcTil3owI+VZ0gvUqpD3PCh7fdVakmA
+-> ssh-ed25519 BVsyTA oGjMX1pyf0xHml4uZJr4mPfGCCB7TV1iX3bMLmLM+SU
+75mURQZr8mVqgAitknaqIOdgfnHqUUItq4JYYaslidM
+-> piv-p256 xGzyzw AjcLhwpsbCCjjDkdVjLsb7tf3oJe0FoBgkC+jUZzLwcm
+/GqKWJL1qiVwz9E47rSb4rZEZ+P6fvvTgU4DTnpPGAE
+-> _NBk)?2K-grease H
+AntIeBKXk4SPMRdzlsvVp/bdRe6rk0uGHDlECTl8rRoR3/XHDbuYeg8EAyAPc1jQ
+yh2mQYhV3ztro8ermvxuyYvzjaT22Ox/
+--- 3qLt8D2zH6sWWqPToa+NQH35jGrTjbB8BxwExrtkZCo
+]v‚ÍÑÞ¿ëExü¥ìQ<å#¨#Ãì;Q<0E>š—×Í	‘*õõ]w<>,çr

secrets/github-api-token.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 Wp/X/Q CO4vIjn5gn0a8UIGQ8pTtd3bLimnlvXXFVHrIdvhhzE
+vZT3aoWvnK4aPMR+yZn8hJ63F/1Ga7xx6Nq8UN4bsIM
+-> ssh-ed25519 8U1+ng Nu+OuQ0jipmVBhUL5aJzgRYIP711yH9A/UwNxDCt8i0
+YW38h5abfi8EKnTrE4sLUAd5i+u4+qNno/Wzy9CReHM
+-> ssh-ed25519 BVsyTA +um+6g0wccymBjOdKJs2FR58ReTClufGPFyHgQwR/RA
+/Cv2hCYaV1E4dgzXY2oFyXhQt/m/u4KUaBByIv8Wfn8
+-> piv-p256 xGzyzw Ar9I/qIkystt/yiYJHut4D94ERTP1ZTh3WRBpV1cvZ1r
+UjUpz3egN/5N4n/xabKy3DE/8rLWDsYGWgB4IE5BFxk
+-> 7-grease aAc9hT yzd(M6l 1j> @y>y
+iNZSjN0
+--- 2dlb9E0gTnsnkTNEK45p5/bSHDhp53Ni+J86mJYgRnY
+3rÞ$šAüw,3WzLÅ<4C>ä66<36>H²é e¸ØRÙíX~†Ûð¤xª)g¨"ÝûÝ'òŠ{­ö‡4#ÂÑig¸ñìoëQ

secrets/identities/age-yubikey-identity-c46cf2cf.txt

@@ -0,0 +1,7 @@
+#       Serial: 10593996, Slot: 1
+#         Name: age-id-0
+#      Created: Mon, 24 Oct 2022 14:47:23 +0000
+#   PIN policy: Once   (A PIN is required once per session, if set)
+# Touch policy: Never  (A physical touch is NOT required to decrypt)
+#    Recipient: age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf
+AGE-PLUGIN-YUBIKEY-1EJN2ZQYZC3K09NCU47TDH

secrets/identities/personal-5-nfc.txt

@@ -0,0 +1 @@
+AGE-PLUGIN-YUBIKEY-1EJN2ZQYZC3K09NCU47TDH

secrets/secrets.nix

@@ -1,8 +1,22 @@
 let
   # set ssh public keys here for your system and user
-  system = "";
-  user = "";
-  allKeys = [system user];
+  machines = {
+    dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms";
+    ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX root@ryzensun";
+  };
+  users = {
+    teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
+    teutat3s-5-nfc = "age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf";
+  };
+  allKeys = [machines.dumpyourvms machines.ryzensun users.teutat3s users.teutat3s-5-nfc];
 in {
-  "secret.age".publicKeys = allKeys;
+  "example-secret.age".publicKeys = allKeys;
+  "environment-secrets.age".publicKeys = allKeys;
+  "github-api-token.age".publicKeys = allKeys;
+  "fwknoprc.age".publicKeys = allKeys;
+  "cat-testenv.ovpn.age".publicKeys = allKeys;
+  "mnx-bonanza-pf1.ovpn.age".publicKeys = allKeys;
+  "mnx-bonanza-pf1.p12.age".publicKeys = allKeys;
+  "docker-ci-runner-secrets.age".publicKeys = allKeys;
+  "test-secret.age".publicKeys = [users.teutat3s-5-nfc];
 }

secrets/test-secret.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> piv-p256 xGzyzw A/HuCNXXxY5cxn2SSdo8Vxec/fjRtyHs1635LSlX0Jif
+D4JxFia0qmBZ4Tbk930rWyqynlv6gLL2FPAaAHAN9II
+-> :Mvm-grease v] *~hy9uI2
+ukmMu/ex7QHQIImtAi6H7plG2RGy1HbsTRFr5mSn8eZgnRwU2J188VW3PL0T5jul
+BLsY/Q1yhtQ
+--- KtbJqPbJH5uHkxmmuRe0HgawfcSZ6dHwFKKII24kGk8
+ n:êþæ#ÅÇþ
¯I*Î`+Š¢ÈRÇ£3)þÛ|ÊÖÒ‚g<E2809A>[Ïï<C38F>ÔÈ!

users/pub-solar/default.nix

@@ -12,7 +12,9 @@
       password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
       fullName = "Pub Solar";
       email = "iso@pub.solar";
-      publicKeys = [];
+      publicKeys = [
+        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a"
+      ];
     };
   };
 }

users/teutat3s/.config/git/config.nix

@@ -0,0 +1,34 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+in
+  pkgs.lib.mkAfter ''    [sendemail]
+      smtpserver = smtp.mailbox.org
+      smtpuser = jhonas@mailbox.org
+      smtpencryption = tls
+      smtpserverport = 587
+
+    [lfs]
+      repositoryformatversion = 0
+    [filter "lfs"]
+      clean = git-lfs clean -- %f
+      smudge = git-lfs smudge -- %f
+      process = git-lfs filter-process
+      required = true
+
+    [includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"]
+      path = ~/.config/git/config_greenbaum.cloud
+
+    [includeIf "gitdir:~/CodeRoom/github.com/TritonDataCenter/"]
+      path = ~/.config/git/config_mnx
+    [includeIf "gitdir:~/CodeRoom/github.com/mnx-solutions/"]
+      path = ~/.config/git/config_mnx
+
+    [includeIf "gitdir:~/CodeRoom/git.b12f.io/"]
+      path = ~/.config/git/config_git.b12f.io
+    [includeIf "gitdir:~/CodeRoom/git.pub.solar/"]
+      path = ~/.config/git/config_git.b12f.io
+    [includeIf "gitdir:~/CodeRoom/codeberg.org/"]
+      path = ~/.config/git/config_git.b12f.io''

users/teutat3s/.config/git/config_git.b12f.io.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+let
+in
+''[user]
+  name = teutat3s
+  email = teutates@mailbox.org
+  signingkey = 4FA1D3FA524F22C1''

users/teutat3s/.config/git/config_greenbaum.cloud.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+let
+in
+''[user]
+  name = jhonas
+  email = wernery@greenbaum.cloud
+  signingkey = 924889A86D0B0FEB''

users/teutat3s/.config/git/config_mnx.nix

@@ -0,0 +1,9 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+in ''  [user]
+    name = Jhonas Wernery
+    email = jhonas.wernery@mnxsolutions.com
+    signingkey = 9C1D348ACDAFB311''

users/teutat3s/.config/watson/config.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+let
+in
+''# Watson configuration
+# showing defaults commented out
+
+# not implemented yet as of 2.0.1
+#[backend]
+#url = https://api.crick.fr
+#token = yourapitoken
+
+[options]
+#options.confirm_new_project = false
+#options.confirm_new_tag = false
+date_format = %d.%m.%Y
+#log_current = false
+pager = false
+#report_current = false
+#reverse_log = true
+stop_on_start = true
+#stop_on_restart = false
+time_format = %H:%M%z
+#week_start = monday
+
+#[default_tags]
+#project-name = tag1 tag2
+#python101 = teaching python
+#voyager2 = nasa 'space mission'
+''

users/teutat3s/concepts-and-training.nix

@@ -0,0 +1,48 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  age.secrets."cat-testenv.ovpn" = {
+    file = "${self}/secrets/cat-testenv.ovpn.age";
+    mode = "600";
+    owner = psCfg.user.name;
+  };
+
+  age.secrets."fwknoprc" = {
+    file = "${self}/secrets/fwknoprc.age";
+    path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc";
+    mode = "600";
+    owner = psCfg.user.name;
+  };
+
+  services.openvpn.servers = {
+    catVPN = {
+      config = ''config ${config.age.secrets."cat-testenv.ovpn".path}'';
+      autoStart = false;
+    };
+  };
+
+  #home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+  #  programs.ssh = {
+  #    matchBlocks = {
+  #      "salt.base.test" = {
+  #        hostname = "10.0.0.2";
+  #        user = "bbaedorf";
+  #      };
+
+  #      "salt.gateway.test" = {
+  #        hostname = "10.0.0.3";
+  #        user = "root";
+  #        proxyJump = "salt.base.test";
+  #      };
+  #    };
+  #  };
+  #};
+}

users/teutat3s/default.nix

@@ -0,0 +1,35 @@
+{
+  config,
+  hmUsers,
+  lib,
+  pkgs,
+  ...
+}: let
+  psCfg = config.pub-solar;
+in {
+  imports = [
+    ./home.nix
+  ];
+
+  config = {
+    home-manager.users = {inherit (hmUsers) teutat3s;};
+
+    pub-solar = {
+      # These are your personal settings
+      # The only required settings are `name` and `password`,
+      # The rest is used for programs like git
+      user = {
+        name = "teutat3s";
+        fullName = "teutat3s";
+        email = "10206665+teutat3s@users.noreply.github.com";
+        gpgKeyId = "18DAE600A6BBE705";
+        password = "$6$guLp1v0G0TxGThXX$y7YeEcYjFpN6gutLCbvAkqppOVLYZjfo4DxofrMm6a9MIjVoKKaY20UzityJsHbQU4THIFfj8gLWVOjyjL.P2.";
+        publicKeys = [
+          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a"
+        ];
+      };
+
+      sway.v4l2loopback.enable = false;
+    };
+  };
+}

users/teutat3s/home.nix

@@ -0,0 +1,96 @@
+{
+  config,
+  home-manager,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  tritonshell = inputs.tritonshell;
+in {
+  imports = [
+    ./session-variables.nix
+    ./concepts-and-training.nix
+    ./mnx.nix
+  ];
+
+  config = {
+    pub-solar.social.enable = true;
+
+    pub-solar.graphical.alacritty.settings.font.size = 12;
+    pub-solar.graphical.alacritty.settings.key_bindings = [
+      {
+        key = "V";
+        mods = "Control|Super";
+        action = "Paste";
+      }
+      {
+        key = "C";
+        mods = "Control|Super";
+        action = "Copy";
+      }
+    ];
+    #services.kbfs.enable = true;
+    #services.keybase.enable = true;
+    services.yubikey-agent.enable = true;
+    home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+      xdg.configFile."git/config".text = import ./.config/git/config.nix {
+        inherit config;
+        inherit pkgs;
+      };
+      xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix {
+        inherit config;
+        inherit pkgs;
+      };
+      xdg.configFile."git/config_mnx".text = import ./.config/git/config_mnx.nix {
+        inherit config;
+        inherit pkgs;
+      };
+      xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix {
+        inherit config;
+        inherit pkgs;
+      };
+      xdg.configFile."watson/config".text = import ./.config/watson/config.nix {
+        inherit config;
+        inherit pkgs;
+      };
+
+      home.packages = with pkgs; [
+        AusweisApp2
+        consul
+        drone-docker-runner
+        gpu-switch
+        ifmetric
+        ipmitool
+        keybase-gui
+        nomad_1_4
+        thunderbird
+        vault
+        veracrypt
+        waypoint
+        yubikey-agent
+        age-plugin-yubikey
+        cockroach-bin
+        obs-studio
+      ];
+      programs.bash.initExtra = ''
+        source ${config.age.secrets.environment-secrets.path}
+        source ${inputs.tritonshell.packages.${pkgs.system}.triton-utils}/bin/ttp.sh
+
+        complete -C ${pkgs.consul}/bin/consul consul
+        complete -C ${pkgs.nomad_1_4}/bin/nomad nomad
+        complete -C ${pkgs.vault}/bin/vault vault
+        complete -C ${pkgs.terraform}/bin/terraform terraform
+        complete -C ${pkgs.waypoint}/bin/waypoint waypoint
+        complete -C '${pkgs.awscli2}/bin/aws_completer' ${pkgs.awscli2}/bin/aws
+      '';
+
+      # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
+    };
+
+    #services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ../../secrets/mopidy.conf);
+  };
+}

users/teutat3s/mnx.nix

@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  config = {
+    age.secrets."mnx-bonanza-pf1.ovpn" = {
+      file = "${self}/secrets/mnx-bonanza-pf1.ovpn.age";
+      mode = "600";
+      owner = psCfg.user.name;
+    };
+
+    environment = {
+      systemPackages = with pkgs; [
+        networkmanager-fortisslvpn
+        networkmanager-openconnect
+      ];
+    };
+
+    services.openvpn.servers = {
+      bonanzaVPN = {
+        config = ''config ${config.age.secrets."mnx-bonanza-pf1.ovpn".path}'';
+        autoStart = false;
+      };
+    };
+
+    programs._1password-gui = {
+      enable = true;
+      polkitPolicyOwners = ["teutat3s"];
+    };
+    programs._1password.enable = true;
+
+    home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+      home.packages = with pkgs; [
+        zoom-us
+        slack
+        prr
+      ];
+    };
+  };
+}

users/teutat3s/session-variables.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+    home.sessionVariables = {
+      DRONE_SERVER = "https://ci.pub.solar";
+      GOPATH = "/home/${psCfg.user.name}/CodeRoom/go";
+    };
+  };
+}