Add changed vi keybindings

* move tunnel for nextcloud-web into separate file
* add script to check for running backups and shutdown server otherwise

.drone.yml

@@ -15,8 +15,6 @@ steps:
     commands:
       - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
       - nix $$NIX_FLAGS develop --command nix flake show
-      - nix $$NIX_FLAGS develop --command treefmt --fail-on-change
-      - nix $$NIX_FLAGS develop --command editorconfig-checker
       - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
 
 ---
@@ -113,8 +111,9 @@ steps:
       - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
 
   - name: "Publish ISO"
-    # https://github.com/appleboy/drone-scp/pull/141 got merged, yay
-    image: appleboy/drone-scp:1.6.5-linux-amd64
+    # custom drone-scp image, source: https://git.b12f.io/pub-solar/drone-scp/
+    # docker build --tag registry.greenbaum.cloud/library/drone-scp:v1.6.5 --file ./docker/Dockerfile.linux.amd64 .
+    image: registry.greenbaum.cloud/library/drone-scp:v1.6.5
     volumes:
       - name: file-exchange
         path: /var/nix/iso-cache
@@ -127,7 +126,7 @@ steps:
         from_secret: iso_web_ssh_port
       key:
         from_secret: iso_web_ssh_key
-      target: /data/srv/www/os/download
+      target: /srv/www/os/download
       source:
         - /var/nix/iso-cache/*.iso
         - /var/nix/iso-cache/*.iso.sha256
@@ -149,6 +148,6 @@ volumes:
 
 ---
 kind: signature
-hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67
+hmac: 0c0994f0878cdb49172772f78c9a772f5c75830b49c1c22bd15db385fe857e17
 
 ...

.drone/setup_ssh.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+set -e
+
+# Setup ssh inside container
+mkdir -p ~/.ssh
+echo "$GITEA_SSH_KEY" > ~/.ssh/id_rsa
+echo "[git.b12f.io]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4uaREL7acSSCNAX+voDYl1Kj7JipP62fR5x1UyGP9u" >> ~/.ssh/known_hosts
+echo "Host git.b12f.io" >> ~/.ssh/config
+echo "  Port 2222" >> ~/.ssh/config
+chmod -R 600 ~/.ssh

.drone/upstream-branch.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh
+
+set -e
+set -u
+
+LOCAL="$DRONE_BRANCH"
+[ "$LOCAL" = "main" ] && UPSTREAM=origin/devos || UPSTREAM=origin/main
+
+git fetch --all
+git checkout "$LOCAL"
+git merge "$UPSTREAM"
+git push origin "$LOCAL"

.editorconfig

@@ -15,11 +15,16 @@ end_of_line = unset
 insert_final_newline = unset
 trim_trailing_whitespace = unset
 indent_size = unset
+
+[{.*,secrets}/**]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
 charset = unset
 indent_style = unset
 indent_size = unset
 
-[{.*,secrets}/**]
+[*.rom]
 end_of_line = unset
 insert_final_newline = unset
 trim_trailing_whitespace = unset

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help improve
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+Your issue may already be reported!
+Please search on the [issue tracker](../) before creating one.
+
+## Expected Behavior
+<!--- What should happen? -->
+<!--- How it should work? -->
+
+## Current Behavior
+<!--- What happens instead of the expected behavior? -->
+
+## Possible Solution
+<!--- Not obligatory, but suggest a fix/reason for the bug, -->
+<!--- or ideas how to implement the addition or change -->
+
+## Steps to Reproduce
+<!--- An unambiguous set of steps to reproduce this bug. -->
+<!--- Linked fork or gist if needed. -->
+1.
+2.
+3.
+4.
+
+## Context
+<!--- How has this issue affected you? What are you trying to accomplish? -->
+<!--- Providing context helps us come up with a solution that is most useful in the real world. -->
+
+## Your Environment
+<!--- Include relevant details about the environment you experienced the bug in. -->
+<!--- If you have run `bud update`, for example, post the flake.lock file. -->

.github/ISSUE_TEMPLATE/community_request.md

@@ -0,0 +1,22 @@
+---
+name: Commuity Request
+about: inspire contribution to the `community` branch
+title: ''
+labels: 'community'
+assignees: ''
+
+---
+
+Your issue may already be reported!
+Please search on the [issue tracker](../) before creating one.
+
+## Ideas
+<!--- The `community` branch is meant to provide various preconfigured system options, -->
+<!--- useful to all kinds of users. -->
+
+<!--- The point is to engage the community for what it thinks are -->
+<!--- sane defaults for various tools. -->
+
+## Requests
+<!--- Have a tool that you'd like to see a system profile for? -->
+<!--- Feel free to request it here. -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest an idea
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+Your issue may already be reported!
+Please search on the [issue tracker](../) before creating one.
+
+## Would your feature fix an existing issue?
+<!--- If your idea is related to, or resolves other issues, please mention. -->
+
+## Describe the solution you'd like
+<!--- What you want to happen. -->
+
+## Describe alternatives you've considered
+<!--- Any alternative solutions or features you've considered? -->
+
+## Additional context
+<!--- Is this feature only useful for a particular usecase? -->
+<!--- Please elaborate. -->

.github/ISSUE_TEMPLATE/upstream_notice.md

@@ -0,0 +1,16 @@
+---
+name: Upstream notice (Issues or Changes)
+about: Create an upstream notice to help our research
+title: '[ <put the upstream project> ]: <topic>'
+labels: 'upstream'
+assignees: ''
+
+---
+
+## Link
+<!-- just place a link to the upstream issue, or PR -->
+
+
+## Context
+<!-- We want to make this as cheap for you as possible.
+Context is not required but helpful -->

.github/workflows/check.yml

@@ -0,0 +1,29 @@
+name: "Check & Cachix"
+on:
+  push:
+    branches:
+      - main
+      - trying
+      - staging
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - uses: cachix/install-nix-action@v13
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210415_76980a1/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          system-features = nixos-test benchmark big-parallel kvm recursive-nix
+          substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org
+          trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+    - uses: cachix/cachix-action@v10
+      with:
+        name: nrdxp
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - run: nix -Lv flake check
+    - run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel"
+    - run: nix -Lv develop -c echo OK
+    - run: nix -Lv develop --command bud --help

.github/workflows/mdbook_docs.yml

@@ -0,0 +1,27 @@
+name: Deploy Docs to GitHub Pages
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup mdBook
+        uses: peaceiris/actions-mdbook@v1
+        with:
+          mdbook-version: 'latest'
+
+      - run: mdbook build doc
+
+      - name: Deploy
+        uses: peaceiris/actions-gh-pages@v3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_branch: gh-pages
+          publish_dir: ./doc/book
+          cname: devos.divnix.com

.github/workflows/release.yml

@@ -0,0 +1,71 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  changelog:
+    name: Update Changelog
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get version from tag
+        env:
+          GITHUB_REF: ${{ github.ref }}
+        run: |
+          export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
+          echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          ref: main
+      - name: Update Changelog
+        uses: heinrichreimer/github-changelog-generator-action@v2.1.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issues: false
+          issuesWoLabels: false
+          pullRequests: true
+          prWoLabels: true
+          addSections: '{"documentation":{"prefix":"**Documentation:**","labels":["documentation"]}}'
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: Update Changelog for tag ${{ env.CURRENT_VERSION }}
+          file_pattern: CHANGELOG.md
+
+  release_notes:
+    name: Create Release Notes
+    runs-on: ubuntu-latest
+    needs: changelog
+    steps:
+      - name: Get version from tag
+        env:
+          GITHUB_REF: ${{ github.ref }}
+        run: |
+          export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
+          echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          ref: main
+
+      - name: Get Changelog Entry
+        id: changelog_reader
+        uses: mindsers/changelog-reader-action@v1
+        with:
+          version: ${{ env.CURRENT_VERSION }}
+          path: ./CHANGELOG.md
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          body: ${{ steps.changelog_reader.outputs.log_entry }}
+          draft: false
+          prerelease: false

.gitignore

@@ -7,7 +7,7 @@ vm
 iso
 doi
 
-pkgs/_sources/.shake*
-
+# PubSolarOS
 tags
 /owners
+pkgs/_sources/.shake*

CONTRIBUTING.md

@@ -1,33 +0,0 @@
-# Quick branch overview
-
-We work with several branches in this repo. This document aims to explain how
-to contribute changes to the existing branches.
-
-### `main` branch
-
-- Changes to `modules` and `profiles` should go [the main branch](https://git.pub.solar/pub-solar/os/src/branch/main)
-- Changes can get accepted via: Pull Request
-- Branch protected from direct `git push`
-
-### `infra` branch
-
-- Changes to the [pub.solar](https://pub.solar) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/infra)
-- Changes can get accepted via: Pull Request
-- Branch protected from direct `git push`
-
-### `momo/main` branch
-
-- Changes to the [Momo](https://momo.koeln) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/momo/main)
-- Changes can get accepted via: Pull Request
-- Deployment of changes is [automatic via CI pipeline](https://git.pub.solar/pub-solar/os/src/commit/43bd7421509f7cc9ba06d7c740f3f536a4a2af76/.drone.yml#L20-L38)
-- Branch protected from direct `git push`
-
-### `$USER` branches
-
-- User's custom hosts and changes can be worked on in these branches
-- Direct `git push` possible
-- Examples:
-  - [hensoko](https://git.pub.solar/pub-solar/os/src/branch/hensoko)
-  - [b12f](https://git.pub.solar/pub-solar/os/src/branch/b12f)
-  - [axeman](https://git.pub.solar/pub-solar/os/src/branch/axeman)
-  - [teutat3s](https://git.pub.solar/pub-solar/os/src/branch/teutat3s)

README.md

@@ -38,7 +38,7 @@ _PubSolarOS_:
   as much non-free software as you like.
 - Automation is better. The reproducibility of nix feels so much more
   powerful once you're deploying your new configuration from your laptop
-  to all your other devices with one command. [We have an automated CI using drone](https://ci.pub.solar/pub-solar/os).
+  to all your other devices with one command. [We have an automated CI using drone](https://ci.b12f.io/pub-solar/os).
 - Community is important. We just like working on this together, and it
   feels really good to see our progress at the end of a
   [hakken.irl](https://pub.solar/hakken) session.

default.nix

@@ -5,6 +5,7 @@ let
 
   ciSystems = [
     "aarch64-linux"
+    "i686-linux"
     "x86_64-linux"
   ];
 

doc/api-reference.md

@@ -59,5 +59,5 @@ list of strings
 _*Default*_
 
 ```
-["aarch64-linux","aarch64-darwin","x86_64-darwin","x86_64-linux"]
+["aarch64-linux","aarch64-darwin","i686-linux","x86_64-darwin","x86_64-linux"]
 ```

doc/book.toml

@@ -1,9 +1,5 @@
 [book]
-authors = [
-  "Timothy DeHerrera",
-  "Parthiv Seetharaman",
-  "David Arnold",
-]
+authors = ["Timothy DeHerrera"]
 language = "en"
 multilingual = false
 src = "."

doc/concepts/users.md

@@ -9,7 +9,8 @@
 Users are a special case of [profiles](profiles.md) that define system
 users and [home-manager][home-manager] configurations. For your convenience,
 home manager is wired in by default so all you have to worry about is declaring
-your users.
+your users. For a fully fleshed out example, check out the developers personal
+[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix).
 
 ## Basic Usage
 
@@ -59,6 +60,18 @@ using the `homeConfigurations` flake output.
 This is great for keeping your environment consistent across Unix-like systems,
 including macOS.
 
+### From within the projects devshell:
+
+```sh
+# builds the pub-solar user defined in the PubSolarOS host
+nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage'
+
+# build and activate
+nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' && ./result/activate && unlink result
+```
+
+### Manually from outside the project:
+
 ```sh
 # build
 nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
@@ -68,5 +81,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
 ```
 
 [home-manager]: https://nix-community.github.io/home-manager
-[modules-list]: https://github.com/divnix/digga/tree/main/users/modules/module-list.nix
+[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix
 [portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers

doc/start/index.md

@@ -4,8 +4,7 @@ The only dependency is nix, so make sure you have it [installed][install-nix].
 
 ## Get the Template
 
-If you currently don't have flakes setup, you can utilize the digga shell to
-pull the template:
+If you currently don't have flakes setup, you can utilize the digga shell to pull the template:
 
 ```sh
 nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
@@ -23,26 +22,37 @@ Then make sure to create the git repository:
 ```sh
 git init
 git add .
-git commit
+git commit -m init
 ```
 
-Finally, run `nix-shell` to get to an interactive shell with all the
-dependencies, including the unstable nix version required. You can run `menu` to
-confirm that you are using digga (expected output includes [docs], [general
-commands], [linter], etc.).
+To drop into a nix-shell, if you don't have flakes setup, use the digga shell to create a `flake.lock`:
+
+```sh
+nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
+  --run "nix flake lock"
+```
+
+Or if you do have flakes support, just run:
+
+```sh
+nix flake lock
+```
+
+Finally, run `nix-shell` to get to an interactive shell with all the dependencies, including the unstable nix
+version required. You can run `menu` to confirm that you are using digga (expected output includes [docs], [general commands], [linter], etc.).
 
 In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
 
-> # _Notes:_
+> ##### _Notes:_
 >
 > - Flakes ignore files that have not been added to git, so be sure to stage new
 >   files before building the system.
 > - You can choose to simply clone the repo with git if you want to follow
 >   upstream changes.
-> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work you
->   can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
+> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work
+>   you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
 
-## Next Steps
+## Next Steps:
 
 - [Make installable ISO](./iso.md)
 

doc/tests.md

@@ -14,21 +14,12 @@ be built during CI.
 
 ## Integration Tests
 
-All your profiles defined in suites can be tested against an individual host.
-Simply use digga's pre-baked `digga.lib.allProfilesTest` like so:
-
-```nix
-{
-  hosts = {
-    Morty.tests = [ allProfilesTest ];
-  };
-}
-```
+All your profiles defined in suites will be tested in a NixOS VM.
 
 You can write integration tests for one or more NixOS VMs that can,
 optionally, be networked together, and yes, it's as awesome as it sounds!
 
-Be sure to use the `mkTest` function from Digga, `digga.lib.mkTest`
+Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest`
 which wraps the official [testing-python][testing-python] function to ensure
 that the system is setup exactly as it is for a bare DevOS system. There are
 already great resources for learning how to use these tests effectively,
@@ -37,7 +28,7 @@ and the examples in [nixpkgs][nixos-tests].
 
 [test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
 [test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html
-[default]: https://github.com/divnix/devos/tree/core/tests/default.nix
+[default]: https://github.com/divnix/devos/tree/main/tests/default.nix
 [run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166
 [nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests
 [testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix

flake.lock

@@ -10,11 +10,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682101079,
-        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
+        "lastModified": 1675176355,
+        "narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
+        "rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
         "type": "github"
       },
       "original": {
@@ -30,11 +30,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1696360011,
-        "narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
         "type": "github"
       },
       "original": {
@@ -54,11 +54,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1695052866,
-        "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
+        "lastModified": 1674127017,
+        "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
+        "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
         "type": "github"
       },
       "original": {
@@ -197,50 +197,35 @@
         "type": "github"
       }
     },
-    "fork": {
-      "locked": {
-        "lastModified": 1692960587,
-        "narHash": "sha256-39SKGdhn8jKKkdqhULbCvQOpdUPE9NNJpy5HTB++Jvg=",
-        "owner": "teutat3s",
-        "repo": "nixpkgs",
-        "rev": "312709dd70684f52496580e533d58645526b1c90",
-        "type": "github"
-      },
-      "original": {
-        "owner": "teutat3s",
-        "ref": "nvfetcher-fix",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "home": {
       "inputs": {
         "nixpkgs": [
           "nixos"
-        ]
+        ],
+        "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1695108154,
-        "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
+        "lastModified": 1674440933,
+        "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "07682fff75d41f18327a871088d20af2710d4744",
+        "rev": "65c47ced082e3353113614f77b1bc18822dc731f",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-22.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "latest": {
       "locked": {
-        "lastModified": 1696604326,
-        "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
+        "lastModified": 1675115703,
+        "narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
+        "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
         "type": "github"
       },
       "original": {
@@ -250,29 +235,79 @@
         "type": "github"
       }
     },
-    "nixos": {
+    "master": {
       "locked": {
-        "lastModified": 1696697597,
-        "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=",
+        "lastModified": 1675254005,
+        "narHash": "sha256-n1qq2Qcz7DvPiB6emdRk/dx4uUgaFy0ojgKg3NBIwTU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5a237aecb57296f67276ac9ab296a41c23981f56",
+        "rev": "1efc432d4f72c0e3146c1dd2e8a3ffa705be8a04",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.05",
+        "ref": "master",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1636849918,
+        "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos": {
+      "locked": {
+        "lastModified": 1675154384,
+        "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1674666581,
+        "narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1696614066,
-        "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
+        "lastModified": 1674550793,
+        "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
+        "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103",
         "type": "github"
       },
       "original": {
@@ -281,6 +316,22 @@
         "type": "github"
       }
     },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1637186689,
+        "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1672791794,
@@ -297,6 +348,34 @@
         "type": "github"
       }
     },
+    "nur": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=",
+        "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nur",
+        "type": "indirect"
+      }
+    },
+    "pub-solar": {
+      "locked": {
+        "lastModified": 1654372286,
+        "narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
+        "owner": "pub-solar",
+        "repo": "nixpkgs",
+        "rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pub-solar",
+        "ref": "fix/use-latest-unstable-yubikey-agent",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -304,11 +383,14 @@
         "deploy": "deploy",
         "digga": "digga",
         "flake-compat": "flake-compat",
-        "fork": "fork",
         "home": "home",
         "latest": "latest",
+        "master": "master",
         "nixos": "nixos",
-        "nixos-hardware": "nixos-hardware"
+        "nixos-generators": "nixos-generators",
+        "nixos-hardware": "nixos-hardware",
+        "nur": "nur",
+        "pub-solar": "pub-solar"
       }
     },
     "utils": {
@@ -325,6 +407,21 @@
         "repo": "flake-utils",
         "type": "github"
       }
+    },
+    "utils_2": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -2,14 +2,14 @@
   description = "A highly structured configuration database.";
 
   nixConfig.extra-experimental-features = "nix-command flakes";
+  nixConfig.extra-substituters = "https://nix-dram.cachix.org https://dram.cachix.org  https://nrdxp.cachix.org https://nix-community.cachix.org";
+  nixConfig.extra-trusted-public-keys = "nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
 
   inputs = {
     # Track channels with commits tested and built by hydra
-    nixos.url = "github:nixos/nixpkgs/nixos-23.05";
+    nixos.url = "github:nixos/nixpkgs/nixos-22.11";
     latest.url = "github:nixos/nixpkgs/nixos-unstable";
 
-    fork.url = "github:teutat3s/nixpkgs/nvfetcher-fix";
-
     flake-compat.url = "github:edolstra/flake-compat";
     flake-compat.flake = false;
 
@@ -21,7 +21,7 @@
     digga.inputs.darwin.follows = "darwin";
     digga.inputs.flake-compat.follows = "flake-compat";
 
-    home.url = "github:nix-community/home-manager/release-23.05";
+    home.url = "github:nix-community/home-manager/release-22.11";
     home.inputs.nixpkgs.follows = "nixos";
 
     darwin.url = "github:LnL7/nix-darwin";
@@ -36,6 +36,11 @@
     agenix.inputs.darwin.follows = "darwin";
 
     nixos-hardware.url = "github:nixos/nixos-hardware";
+
+    nixos-generators.url = "github:nix-community/nixos-generators";
+
+    master.url = "github:nixos/nixpkgs/master";
+    pub-solar.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
   };
 
   outputs = {
@@ -44,6 +49,7 @@
     nixos,
     home,
     nixos-hardware,
+    nur,
     agenix,
     deploy,
     ...
@@ -53,25 +59,17 @@
       inherit self inputs;
 
       channelsConfig = {
-        # allowUnfree = true;
+        allowUnfree = true;
       };
 
-      supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"];
+      supportedSystems = ["x86_64-linux" "aarch64-linux"];
 
       channels = {
         nixos = {
           imports = [(digga.lib.importOverlays ./overlays)];
-          overlays = [
-            (self: super: {
-              deploy-rs = {
-                inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs;
-                lib = inputs.deploy.lib.x86_64-linux;
-              };
-            })
-          ];
+          overlays = [];
         };
         latest = {};
-        fork = {};
       };
 
       lib = import ./lib {lib = digga.lib // nixos.lib;};
@@ -83,6 +81,7 @@
             our = self.lib;
           });
         })
+        nur.overlay
         agenix.overlays.default
 
         (import ./pkgs)
@@ -107,7 +106,9 @@
 
         imports = [(digga.lib.importHosts ./hosts)];
         hosts = {
-          # Set host-specific properties here
+          /*
+          set host specific properties here
+          */
           bootstrap = {
             modules = [
               digga.nixosModules.bootstrapIso
@@ -115,10 +116,10 @@
           };
           PubSolarOS = {
             tests = [
-              #(import ./tests/first-test.nix {
-              #  pkgs = nixos.legacyPackages.x86_64-linux;
-              #  lib = nixos.lib;
-              #})
+              (import ./tests/first-test.nix {
+                pkgs = nixos.legacyPackages.x86_64-linux;
+                lib = nixos.lib;
+              })
             ];
           };
         };
@@ -128,11 +129,19 @@
             // {
               users = digga.lib.rakeLeaves ./users;
             };
+
           suites = with profiles; rec {
             base = [users.pub-solar users.root];
             iso = base ++ [base-user graphical pub-solar-iso];
             pubsolaros = [full-install base-user users.root];
             anonymous = [pubsolaros users.pub-solar];
+
+            b12f = pubsolaros ++ [users.ben social gaming mobile];
+            biolimo = b12f ++ [graphical];
+            chocolatebar = b12f ++ [graphical virtualisation];
+
+            yule = pubsolaros ++ [users.yule];
+            droppie = yule ++ [];
           };
         };
       };
@@ -146,13 +155,16 @@
             base = [direnv git];
           };
         };
-        users = {
-          pub-solar = {suites, ...}: {
+        users = let
+          default = {suites, ...}: {
             imports = suites.base;
-
             home.stateVersion = "21.03";
           };
-        }; # digga.lib.importers.rakeLeaves ./users/hm;
+        in {
+          pub-solar = default;
+          ben = default;
+          yule = default;
+        };
       };
 
       devshell = ./shell;
@@ -160,16 +172,9 @@
       homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
 
       deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
-        #example = {
-        #  hostname = "example.com:22";
-        #  sshUser = "bartender";
-        #  fastConnect = true;
-        #  profilesOrder = ["system" "direnv"];
-        #  profiles.direnv = {
-        #    user = "bartender";
-        #    path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
-        #  };
-        #};
+        droppie = {
+          sshUser = "yule";
+        };
       };
     };
 }

hosts/biolimo/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc

hosts/biolimo/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/biolimo/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,9 @@
+input "1739:0:Synaptics_TM3288-011" {
+  dwt enabled
+  tap enabled
+  middle_emulation enabled
+}
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}

hosts/biolimo/.config/sway/config.d/screens.conf

@@ -0,0 +1,20 @@
+set $internal eDP-1
+set $middle "Hewlett Packard HP E231 3CQ4290S5J"
+set $standup "Hewlett Packard HP E231 3CQ4251F33"
+
+output $internal {
+  scale 1
+  pos 1080 1080
+}
+
+output $middle {
+  scale 1
+
+  pos 1080 0
+}
+
+output $standup {
+  scale 1
+  transform 90
+  pos 0 0
+}

hosts/biolimo/biolimo.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  imports = [
+    ./configuration.nix
+  ];
+
+  config = {
+    pub-solar.paranoia.enable = true;
+    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+    pub-solar.core.hibernation.resumeOffset = 15296512;
+
+    hardware.cpu.intel.updateMicrocode = true;
+
+    networking.firewall.allowedTCPPorts = [5000];
+
+    networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
+
+    home-manager = with pkgs;
+      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+        xdg.configFile = mkIf psCfg.sway.enable {
+          "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+          "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+          "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+          "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+        };
+
+        home.packages = [
+          inkscape
+        ];
+      };
+  };
+}

hosts/biolimo/configuration.nix

@@ -0,0 +1,25 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}

hosts/biolimo/default.nix

@@ -0,0 +1,7 @@
+{suites, ...}: {
+  imports =
+    [
+      ./biolimo.nix
+    ]
+    ++ suites.biolimo;
+}

hosts/biolimo/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/3B67-0CAB";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 18 * 1024; # 18 GB
+    }
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}

hosts/chocolatebar/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc

hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/chocolatebar/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,4 @@
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}

hosts/chocolatebar/.config/sway/config.d/screens.conf

@@ -0,0 +1,18 @@
+set $left DP-3
+set $middle DP-1
+set $right HDMI-A-1
+
+output $left {
+  scale 1
+  pos 0 0
+}
+
+output $middle {
+  scale 1
+  pos 1920 0
+}
+
+output $right {
+  scale 1
+  pos 3840 0
+}

hosts/chocolatebar/chocolatebar.nix

@@ -0,0 +1,86 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  imports = [
+    ./configuration.nix
+    ./virtualisation
+    ./factorio
+  ];
+
+  config = {
+    hardware.cpu.amd.updateMicrocode = true;
+
+    hardware.opengl.extraPackages = with pkgs; [
+      rocm-opencl-icd
+      rocm-opencl-runtime
+    ];
+
+    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+    pub-solar.core.hibernation.resumeOffset = 115075072;
+
+    age.secrets."drone-runner-exec-config" = {
+      file = "${self}/secrets/drone-runner-exec-config";
+      mode = "400";
+      owner = psCfg.user.name;
+    };
+
+    pub-solar.docker-ci-runner = {
+      enable = true;
+      runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
+    };
+
+    services.openssh.openFirewall = true;
+    networking.firewall.allowedTCPPorts =
+      [443]
+      ++ (
+        if psCfg.sway.vnc.enable
+        then [5901]
+        else []
+      );
+    networking.firewall.allowedUDPPorts = [43050];
+
+    environment.systemPackages = with pkgs; [
+      wayvnc
+      drone-docker-runner
+      stdenv.cc.cc.lib
+      pkgs.hplip
+    ];
+
+    age.secrets."vnc-key.pem" = {
+      file = "${self}/secrets/vnc-key-chocolatebar.pem";
+      mode = "400";
+      owner = psCfg.user.name;
+    };
+    age.secrets."vnc-cert.pem" = {
+      file = "${self}/secrets/vnc-cert-chocolatebar.pem";
+      mode = "400";
+      owner = psCfg.user.name;
+    };
+    pub-solar.sway.vnc.enable = true;
+
+    home-manager.users."${psCfg.user.name}" = {
+      xdg.configFile = mkIf psCfg.sway.enable {
+        "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+        "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+        "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+      };
+
+      home.sessionVariables = {
+        NIX_CC = "${pkgs.stdenv.cc}";
+      };
+    };
+
+    # For OpenProject development with https
+    security.pki.certificates = [
+      (builtins.readFile ./step-roots.pem)
+    ];
+  };
+}

hosts/chocolatebar/configuration.nix

@@ -0,0 +1,25 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}

hosts/chocolatebar/default.nix

@@ -0,0 +1,7 @@
+{suites, ...}: {
+  imports =
+    [
+      ./chocolatebar.nix
+    ]
+    ++ suites.chocolatebar;
+}

hosts/chocolatebar/factorio/default.nix

@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+
+  far-reach = pkgs.stdenv.mkDerivation rec {
+    pname = "factorio-far-reach";
+    version = "1.1.2";
+    src = ./far-reach_1.1.2.zip;
+    phases = ["installPhase"];
+    deps = [];
+    installPhase = ''
+      mkdir -p $out
+      cp $src far-reach_1.1.2.zip
+    '';
+  };
+in {
+  config = {
+    services.factorio = {
+      enable = true;
+      port = 34197; # The default, but make it explicit
+      lan = true;
+      game-password = "pls-dont-grief";
+      admins = [
+        "doubtwriter"
+        "kattykat"
+      ];
+      openFirewall = true;
+      autosave-interval = 3;
+      game-name = "Babes plays v2";
+      requireUserVerification = false;
+      bind = "::";
+      mods = [
+        far-reach
+      ];
+    };
+
+    networking.firewall.allowedUDPPorts = [34197];
+    networking.firewall.allowedTCPPorts = [34197];
+  };
+}

hosts/chocolatebar/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbcore" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a3a74208-b244-4268-b374-e58265810fce";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/afcde41f-9811-4ac8-bb7b-a683844acc5c";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/12FD-62A8";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 68 * 1024; # 68 GB
+    }
+  ];
+}

hosts/chocolatebar/step-roots.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAY2gAwIBAgIQD4Q4blCl/ZrTIRU2QpqEOTAKBggqhkjOPQQDAjBSMSMw
+IQYDVQQKExpPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQTErMCkGA1UEAxMiT3Bl
+blByb2plY3QgRGV2ZWxvcG1lbnQgQ0EgUm9vdCBDQTAeFw0yMjEwMTgxMTE1NDBa
+Fw0zMjEwMTUxMTE1NDBaMFIxIzAhBgNVBAoTGk9wZW5Qcm9qZWN0IERldmVsb3Bt
+ZW50IENBMSswKQYDVQQDEyJPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQSBSb290
+IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu4rN0lOtgxoC83UKONMy2Ns7
+tI0/u6qPp/Cw92xhaTdh/X9ZWKqIhp2VGj2HUJOOfQXrFew7jbLGOvvoXib0Y6NF
+MEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
+FPjV1zK2GZu8x4uR0QDotk5kNinEMAoGCCqGSM49BAMCA0kAMEYCIQDS2OpCnHM7
+RV7fFHT3KsG3q4lA3dJUKGighQaQ2qOwNwIhAOMmWGWd3EaD87q4RROyVt3h7vIN
+nMJRu7L9il84hFF2
+-----END CERTIFICATE-----

hosts/chocolatebar/virtualisation/create-service.nix

@@ -0,0 +1,112 @@
+{
+  config,
+  pkgs,
+  lib,
+  vm,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
+  generateXML = import ./guest-xml.nix;
+in {
+  serviceConfig = {
+    Type = "oneshot";
+    RemainAfterExit = "yes";
+    Restart = "no";
+  };
+
+  script = let
+    networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix {
+      inherit config;
+      inherit pkgs;
+      inherit lib;
+    });
+    machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML {
+      inherit config;
+      inherit pkgs;
+      inherit lib;
+      inherit vm;
+      varsFile = varsFile;
+    });
+  in ''
+    echo "Checking if ${vm.name} is already running"
+    STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
+    if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
+      echo "Domain ${vm.name} is already running or in an inconsistent state:"
+      ${pkgs.libvirt}/bin/virsh list --all
+      exit 0
+    fi
+
+    echo "Creating network XML"
+    NET_TMP_FILE="/tmp/network.xml"
+
+    NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
+    (sed "s/UUID/$NETUUID/" '${networkXML}') > "$NET_TMP_FILE"
+
+    echo "Defining and starting network"
+    ${pkgs.libvirt}/bin/virsh net-define "$NET_TMP_FILE"
+    ${pkgs.libvirt}/bin/virsh net-start 'default' || true
+
+    VARS_FILE=${varsFile}
+    if [ ! -f "$VARS_FILE" ]; then
+      echo "Copying vars filej"
+      cp /run/libvirt/nix-ovmf/OVMF_VARS.fd "$VARS_FILE"
+    fi
+
+    echo "Replacing USB device IDs in the XML"
+    # Load the template contents into a tmp file
+    TMP_FILE="/tmp/${vm.name}.xml"
+    cat "${machineXML}" > "$TMP_FILE"
+
+    # Set VM UUID
+    UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
+    sed -i "s/UUID/''${UUID}/" "$TMP_FILE"
+
+    ${
+      if vm.handOverUSBDevices
+      then ''
+        # Hand over mouse
+        USB_BUS=3
+        USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep "Bus 00''${USB_BUS}" | cut -b 18)
+        LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
+        sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" "$TMP_FILE"
+
+        # Hand over keyboard
+        USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
+        USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
+        LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
+        sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" "$TMP_FILE"
+      ''
+      else ""
+    }
+
+    # TODO: Set correct pci address for the GPU too
+
+    # Setup looking glass shm file
+    echo "Setting up looking glass shm file"
+    ${pkgs.coreutils-full}/bin/truncate -s 0 /dev/shm/looking-glass
+    ${pkgs.coreutils-full}/bin/dd if=/dev/zero of=/dev/shm/looking-glass bs=1M count=32
+
+    # Load and start the xml definition
+    echo "Loading and starting the VM XML definition"
+    ${pkgs.libvirt}/bin/virsh define "$TMP_FILE"
+    ${pkgs.libvirt}/bin/virsh start '${vm.name}'
+  '';
+
+  preStop = ''
+    ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
+    let "timeout = $(date +%s) + 10"
+    while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
+      if [ "$(date +%s)" -ge "$timeout" ]; then
+        # Meh, we warned it...
+        ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
+      else
+        # The machine is still running, let's give it some time to shut down
+        sleep 0.5
+      fi
+    done
+
+    ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
+  '';
+}

hosts/chocolatebar/virtualisation/default.nix

@@ -0,0 +1,82 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  createService = import ./create-service.nix;
+  generateXML = import ./guest-xml.nix;
+  generateTailsXML = import ./tails-xml.nix;
+
+  isolateGPU = "rx550x";
+  memory = 48; # in GB
+  handOverUSBDevices = false;
+
+  isolateAnyGPU = isolateGPU != null;
+in {
+  config = mkIf psCfg.virtualisation.enable {
+    boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
+      "softdep amdgpu pre: vfio vfio_pci"
+      (
+        if isolateGPU == "rx5700xt"
+        then "options vfio-pci ids=1002:731f,1002:ab38"
+        else "options vfio-pci ids=1002:699f,1002:aae0"
+      )
+    ]);
+
+    systemd.user.services = {
+      vm-windows = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "windows";
+          disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
+          id = "http://microsoft.com/win/10";
+          gpu = true;
+          mountHome = false;
+          memory = memory;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = handOverUSBDevices;
+          generateXML = generateXML;
+        };
+      };
+      vm-manjaro = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "manjaro";
+          disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
+          id = "https://manjaro.org/download/#i3";
+          gpu = true;
+          mountHome = true;
+          memory = memory;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = handOverUSBDevices;
+          generateXML = generateXML;
+        };
+      };
+      vm-tails = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "tails";
+          disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
+          # disk = "/var/lib/vms/nixos/nixos-minimal.iso";
+          id = "https://tails.boum.org/install/index.en.html";
+          gpu = false;
+          mountHome = false;
+          memory = 16;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = false;
+          generateXML = generateTailsXML;
+        };
+      };
+    };
+  };
+}

hosts/chocolatebar/virtualisation/guest-xml.nix

@@ -0,0 +1,263 @@
+{
+  config,
+  pkgs,
+  lib,
+  vm,
+  varsFile,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  home = config.home-manager.users."${psCfg.user.name}".home;
+in ''
+  <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+    <name>${vm.name}</name>
+    <uuid>UUID</uuid>
+    <metadata>
+      <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+        <libosinfo:os id="${vm.id}"/>
+      </libosinfo:libosinfo>
+    </metadata>
+    <memory unit='GB'>${toString vm.memory}</memory>
+    <currentMemory unit='GB'>${toString vm.memory}</currentMemory>
+    <vcpu placement='static'>12</vcpu>
+    <cputune>
+      <vcpupin vcpu='0' cpuset='6'/>
+      <vcpupin vcpu='1' cpuset='7'/>
+      <vcpupin vcpu='2' cpuset='8'/>
+      <vcpupin vcpu='3' cpuset='9'/>
+      <vcpupin vcpu='4' cpuset='10'/>
+      <vcpupin vcpu='5' cpuset='11'/>
+      <vcpupin vcpu='6' cpuset='18'/>
+      <vcpupin vcpu='7' cpuset='19'/>
+      <vcpupin vcpu='8' cpuset='20'/>
+      <vcpupin vcpu='9' cpuset='21'/>
+      <vcpupin vcpu='10' cpuset='22'/>
+      <vcpupin vcpu='11' cpuset='23'/>
+    </cputune>
+    <resource>
+      <partition>/machine</partition>
+    </resource>
+    <os>
+      <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
+      <loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
+      <nvram>${varsFile}</nvram>
+      <boot dev='hd'/>
+    </os>
+    <features>
+      <acpi/>
+      <apic/>
+      <hyperv>
+        <relaxed state='on'/>
+        <vapic state='on'/>
+        <spinlocks state='on' retries='8191'/>
+        <vendor_id state='on' value='wahtever'/>
+      </hyperv>
+      <kvm>
+        <hidden state='on'/>
+      </kvm>
+      <vmport state='off'/>
+    </features>
+    <cpu mode='custom' match='exact' check='full'>
+      <model fallback='forbid'>EPYC-IBPB</model>
+      <vendor>AMD</vendor>
+      <topology sockets='1' dies='1' cores='6' threads='2'/>
+      <feature policy='require' name='x2apic'/>
+      <feature policy='require' name='tsc-deadline'/>
+      <feature policy='require' name='hypervisor'/>
+      <feature policy='require' name='tsc_adjust'/>
+      <feature policy='require' name='clwb'/>
+      <feature policy='require' name='umip'/>
+      <feature policy='require' name='stibp'/>
+      <feature policy='require' name='arch-capabilities'/>
+      <feature policy='require' name='ssbd'/>
+      <feature policy='require' name='xsaves'/>
+      <feature policy='require' name='cmp_legacy'/>
+      <feature policy='require' name='perfctr_core'/>
+      <feature policy='require' name='clzero'/>
+      <feature policy='require' name='wbnoinvd'/>
+      <feature policy='require' name='amd-ssbd'/>
+      <feature policy='require' name='virt-ssbd'/>
+      <feature policy='require' name='rdctl-no'/>
+      <feature policy='require' name='skip-l1dfl-vmentry'/>
+      <feature policy='require' name='mds-no'/>
+      <feature policy='require' name='pschange-mc-no'/>
+      <feature policy='disable' name='monitor'/>
+      <feature policy='disable' name='svm'/>
+      <feature policy='require' name='topoext'/>
+    </cpu>
+    <clock offset='utc'>
+      <timer name='rtc' tickpolicy='catchup'/>
+      <timer name='pit' tickpolicy='delay'/>
+      <timer name='hpet' present='no'/>
+    </clock>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    <pm>
+      <suspend-to-mem enabled='no'/>
+      <suspend-to-disk enabled='no'/>
+    </pm>
+    <devices>
+      <emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
+      <disk type='block' device='disk'>
+        <driver name='qemu' type='raw' cache='none' discard='unmap' />
+        <source dev='${vm.disk}'/>
+        <backingStore/>
+        <target dev='vdb' bus='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+      </disk>
+      <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+        <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='sata' index='0'>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+      </controller>
+      <controller type='pci' index='0' model='pcie-root'/>
+      <controller type='pci' index='1' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='1' port='0x10'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+      </controller>
+      <controller type='pci' index='2' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='2' port='0x11'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+      </controller>
+      <controller type='pci' index='3' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='3' port='0x12'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+      </controller>
+      <controller type='pci' index='4' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='4' port='0x13'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+      </controller>
+      <controller type='pci' index='5' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='5' port='0x14'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+      </controller>
+      <controller type='pci' index='6' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='6' port='0x15'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+      </controller>
+      <controller type='pci' index='7' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='7' port='0x16'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+      </controller>
+      <controller type='pci' index='8' model='pcie-to-pci-bridge'>
+        <model name='pcie-pci-bridge'/>
+        <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='pci' index='9' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='9' port='0x17'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+      </controller>
+      <controller type='virtio-serial' index='0'>
+        <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+      </controller>
+      ${
+    if vm.mountHome
+    then ''
+      <filesystem type='mount' accessmode='mapped'>
+        <source dir='/home/${psCfg.user.name}'/>
+        <target dir='/media/home'/>
+        <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
+      </filesystem>
+    ''
+    else ""
+  }
+      <interface type='network'>
+        <mac address='52:54:00:44:cd:ac'/>
+        <source network='default'/>
+        <model type='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
+      </interface>
+      <console type='pty'>
+        <target type='serial' port='0'/>
+      </console>
+      <input type='tablet' bus='usb'>
+        <address type='usb' bus='0' port='1'/>
+      </input>
+      <input type='mouse' bus='virtio'/>
+      <input type='keyboard' bus='virtio'/>
+      <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+        <listen type='address' address='127.0.0.1'/>
+        <image compression='off'/>
+      </graphics>
+      <video>
+        <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+      </video>
+      ${
+    if vm.handOverUSBDevices
+    then ''
+      <hostdev mode='subsystem' type='usb' managed='yes'>
+        <source>
+          <vendor id='0x046d'/>
+          <product id='0xc328'/>
+          <address bus='1' device='1'/>
+        </source>
+        <address type='usb' bus='0' port='4'/>
+      </hostdev>
+      <hostdev mode='subsystem' type='usb' managed='yes'>
+        <source>
+          <vendor id='0x046d'/>
+          <product id='0xc52b'/>
+          <address bus='1' device='1'/>
+        </source>
+        <address type='usb' bus='0' port='5'/>
+      </hostdev>
+    ''
+    else ""
+  }
+      ${
+    if vm.gpu && vm.isolateGPU != null
+    then ''
+      <hostdev mode='subsystem' type='pci' managed='yes'>
+        <driver name='vfio'/>
+        <source>
+          <address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
+        </source>
+        <rom bar='on' file='/etc/nixos/hosts/chocolatebar/virtualisation/${vm.isolateGPU}.rom'/>
+        <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
+      </hostdev>
+      <hostdev mode='subsystem' type='pci' managed='yes'>
+        <driver name='vfio'/>
+        <source>
+          <address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
+        </source>
+        <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
+      </hostdev>
+    ''
+    else ""
+  }
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='2'/>
+      </redirdev>
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='3'/>
+      </redirdev>
+      <memballoon model='virtio'>
+        <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+      </memballoon>
+      <shmem name='looking-glass'>
+        <model type='ivshmem-plain'/>
+        <size unit='M'>32</size>
+      </shmem>
+    </devices>
+    <qemu:commandline>
+      <qemu:arg value='-device'/>
+      <qemu:arg value='ich9-intel-hda,bus=pcie.0,addr=0x1b'/>
+      <qemu:arg value='-device'/>
+      <qemu:arg value='hda-micro,audiodev=hda'/>
+      <qemu:arg value='-audiodev'/>
+      <qemu:arg value='pa,id=hda,server=unix:/run/user/1001/pulse/native'/>
+    </qemu:commandline>
+  </domain>
+''

hosts/chocolatebar/virtualisation/network-xml.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: ''
+  <network>
+    <name>default</name>
+    <uuid>UUID</uuid>
+    <forward mode='nat'>
+      <nat>
+        <port start='1024' end='65535'/>
+      </nat>
+    </forward>
+    <bridge name='virbr0' stp='on' delay='0'/>
+    <mac address='52:54:00:bd:a0:73'/>
+    <ip address='192.168.122.1' netmask='255.255.255.0'>
+      <dhcp>
+        <range start='192.168.122.2' end='192.168.122.254'/>
+      </dhcp>
+    </ip>
+  </network>
+''

hosts/chocolatebar/virtualisation/tails-xml.nix

@@ -0,0 +1,188 @@
+{
+  config,
+  pkgs,
+  lib,
+  vm,
+  varsFile,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  home = config.home-manager.users."${psCfg.user.name}".home;
+in ''
+    <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+      <name>${vm.name}</name>
+      <uuid>UUID</uuid>
+      <metadata>
+        <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+          <libosinfo:os id="${vm.id}"/>
+        </libosinfo:libosinfo>
+      </metadata>
+      <memory unit='GB'>${toString vm.memory}</memory>
+      <currentMemory unit='GB'>${toString vm.memory}</currentMemory>
+    <vcpu placement="static">8</vcpu>
+    <os>
+      <type arch="x86_64" machine="pc-q35-7.0">hvm</type>
+      <boot dev="cdrom"/>
+    </os>
+    <features>
+      <acpi/>
+      <apic/>
+      <vmport state="off"/>
+    </features>
+    <cpu mode="host-passthrough" check="none" migratable="on"/>
+    <clock offset="utc">
+      <timer name="rtc" tickpolicy="catchup"/>
+      <timer name="pit" tickpolicy="delay"/>
+      <timer name="hpet" present="no"/>
+    </clock>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    <pm>
+      <suspend-to-mem enabled="no"/>
+      <suspend-to-disk enabled="no"/>
+    </pm>
+    <devices>
+      <emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
+      <disk type="file" device="cdrom">
+        <driver name="qemu" type="raw"/>
+        <source file="${vm.disk}"/>
+        <target dev="sda" bus="sata"/>
+        <readonly/>
+        <address type="drive" controller="0" bus="0" target="0" unit="0"/>
+      </disk>
+      <controller type="usb" index="0" model="qemu-xhci" ports="15">
+        <address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
+      </controller>
+      <controller type="pci" index="0" model="pcie-root"/>
+      <controller type="pci" index="1" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="1" port="0x10"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
+      </controller>
+      <controller type="pci" index="2" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="2" port="0x11"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
+      </controller>
+      <controller type="pci" index="3" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="3" port="0x12"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
+      </controller>
+      <controller type="pci" index="4" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="4" port="0x13"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
+      </controller>
+      <controller type="pci" index="5" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="5" port="0x14"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
+      </controller>
+      <controller type="pci" index="6" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="6" port="0x15"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
+      </controller>
+      <controller type="pci" index="7" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="7" port="0x16"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
+      </controller>
+      <controller type="pci" index="8" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="8" port="0x17"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
+      </controller>
+      <controller type="pci" index="9" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="9" port="0x18"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
+      </controller>
+      <controller type="pci" index="10" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="10" port="0x19"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
+      </controller>
+      <controller type="pci" index="11" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="11" port="0x1a"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
+      </controller>
+      <controller type="pci" index="12" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="12" port="0x1b"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
+      </controller>
+      <controller type="pci" index="13" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="13" port="0x1c"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
+      </controller>
+      <controller type="pci" index="14" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="14" port="0x1d"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
+      </controller>
+      <controller type="sata" index="0">
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
+      </controller>
+      <controller type="virtio-serial" index="0">
+        <address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
+      </controller>
+      <interface type="network">
+        <mac address="52:54:00:58:5e:36"/>
+        <source network="default"/>
+        <model type="virtio"/>
+        <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
+      </interface>
+      <serial type="pty">
+        <target type="isa-serial" port="0">
+          <model name="isa-serial"/>
+        </target>
+      </serial>
+      <console type="pty">
+        <target type="serial" port="0"/>
+      </console>
+      <channel type="unix">
+        <target type="virtio" name="org.qemu.guest_agent.0"/>
+        <address type="virtio-serial" controller="0" bus="0" port="1"/>
+      </channel>
+      <channel type="spicevmc">
+        <target type="virtio" name="com.redhat.spice.0"/>
+        <address type="virtio-serial" controller="0" bus="0" port="2"/>
+      </channel>
+      <input type="tablet" bus="usb">
+        <address type="usb" bus="0" port="1"/>
+      </input>
+      <input type="mouse" bus="ps2"/>
+      <input type="keyboard" bus="ps2"/>
+      <graphics type="spice" autoport="yes">
+        <listen type="address"/>
+        <image compression="off"/>
+      </graphics>
+      <sound model="ich9">
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
+      </sound>
+      <audio id="1" type="spice"/>
+      <video>
+        <model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
+      </video>
+      <redirdev bus="usb" type="spicevmc">
+        <address type="usb" bus="0" port="2"/>
+      </redirdev>
+      <redirdev bus="usb" type="spicevmc">
+        <address type="usb" bus="0" port="3"/>
+      </redirdev>
+      <memballoon model="virtio">
+        <address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
+      </memballoon>
+      <rng model="virtio">
+        <backend model="random">/dev/urandom</backend>
+        <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
+      </rng>
+    </devices>
+  </domain>''

hosts/droppie/configuration.nix

@@ -0,0 +1,30 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    device = "nodev";
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+}

hosts/droppie/default.nix

@@ -0,0 +1,7 @@
+{suites, ...}: {
+  imports =
+    [
+      ./droppie.nix
+    ]
+    ++ suites.droppie;
+}

hosts/droppie/droppie.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  imports = [
+    ./configuration.nix
+    ./nextcloud-web-tunnel.nix
+    ./restic-backup.nix
+  ];
+
+  config = {
+    hardware.cpu.intel.updateMicrocode = true;
+
+    pub-solar.core.disk-encryption-active = false;
+    pub-solar.core.lite = true;
+
+    security.sudo.extraRules = [
+      {
+        users = ["${psCfg.user.name}"];
+        commands = [
+          {
+            command = "ALL";
+            options = ["NOPASSWD"];
+          }
+        ];
+      }
+    ];
+
+    services.ddclient = {
+      enable = true;
+      ipv6 = true;
+      domains = ["backup.b12f.io"];
+      server = "ddns.hosting.de";
+      username = "b12f";
+      use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
+      passwordFile = "/run/agenix/dyndns-droppie.key";
+    };
+
+    age.secrets."dyndns-droppie.key" = {
+      file = "${self}/secrets/dyndns-droppie.key";
+      mode = "400";
+      owner = "root";
+    };
+  };
+}

hosts/droppie/hardware-configuration.nix

@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["ahci" "usbhid" "uas"];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/1dca9d02-555c-4b23-9450-8f3413fa7694";
+    fsType = "xfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A24C-F252";
+    fsType = "vfat";
+  };
+
+  fileSystems."/media/internal" = {
+    device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff";
+    fsType = "ext4";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/2ef980f1-1f27-4d2a-9789-00f45e791fcc";
+    fsType = "xfs";
+  };
+
+  swapDevices = [{device = "/dev/disk/by-uuid/0203b641-280f-4a3d-971d-fd32a666c852";}];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
+  networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/droppie/nextcloud-web-tunnel.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  psCfg = config.pub-solar;
+in {
+  config = {
+    services.openssh.knownHosts = {
+      "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
+    };
+
+    systemd.services.ssh-tunnel-cloud-pub-solar = {
+      unitConfig = {
+        Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
+        After = ["network.target"];
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
+        User = psCfg.user.name;
+        Group = "users";
+        Restart = "always";
+        RestartSec = "5s";
+      };
+      wantedBy = ["default.target"];
+    };
+  };
+}

hosts/droppie/restic-backup.nix

@@ -0,0 +1,50 @@
+{pkgs, ...}: let
+  shutdownWaitMinutes = 15;
+  shutdownScript = pkgs.writeShellScriptBin "shutdown-wait" ''
+    STATUS_FILES="/media/internal/backups-pub-solar/status"
+
+    running=""
+
+    for f in $STATUS_FILES; do
+      declare started
+      declare finished
+
+      started=$(source $f ; echo ''${BACKUP_STARTED})
+      finished=$(source $f ; echo ''${BACKUP_FINISHED})
+
+      if [ -z "''${finished}" ]; then
+        echo "backup $(dirname $f) still running"
+        running="yes"
+        break
+      fi
+    done
+
+    if [ -n "''${running}" ] && [ "''${running}" = "yes" ]; then
+      echo "backups are still running"
+      exit 1
+    fi
+
+    echo "WARNING: System will be shut down within the next 15 minutes" | wall
+
+    sleep 10
+
+    shutdown -P +${builtins.toString shutdownWaitMinutes}
+  '';
+in {
+  systemd.services."shutdown-after-backup" = {
+    enable = true;
+    serviceConfig = {
+      ExecStart = "${shutdownScript}/bin/shutdown-wait";
+      Type = "oneshot";
+    };
+  };
+
+  systemd.timers."shutdown-after-backup" = {
+    enable = true;
+    timerConfig = {
+      OnCalendar = "3..9:* Etc/UTC";
+    };
+    wantedBy = ["timers.target"];
+    partOf = ["shutdown-after-backup.service"];
+  };
+}

lib/default.nix

@@ -1,10 +1,2 @@
 {lib}:
-lib.makeExtensible (self: let
-  callLibs = file: import file {lib = self;};
-in rec {
-  ## Define your own library functions here!
-  #id = x: x;
-  ## Or in files, containing functions that take {lib}
-  #foo = callLibs ./foo.nix;
-  ## In configs, they can be used under "lib.our"
-})
+lib.makeExtensible (self: {})

modules/audio/default.nix

@@ -66,52 +66,37 @@ in {
 
     # rtkit is optional but recommended
     security.rtkit.enable = true;
-    # Enable sound using pipewire-pulse, default config:
-    # https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire.conf.in
+    # Enable sound using pipewire-pulse
     services.pipewire = {
       enable = true;
       alsa.enable = true;
       alsa.support32Bit = true;
       pulse.enable = true;
+
+      config.pipewire = {
+        context.default.clock = {
+          allowed-rates = [44100 48000 88200 96000];
+          rate = 44100;
+        };
+      };
+      config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);
     };
 
-    # Make pulseaudio listen on port 4713 for mopidy, extending the default
-    # config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in
-    environment.etc = mkIf cfg.mopidy.enable {
-      "pipewire/pipewire-pulse.conf.d/99-custom.conf".text = ''
-        {
-          "context.modules": [
-            {
-              "name": "libpipewire-module-protocol-pulse",
-              "args": {
-                "server.address": ["unix:native", "tcp:4713"],
-                "vm.overrides": {
-                  "pulse.min.quantum": "1024/48000"
-                }
-              }
-            }
-          ]
+    # Bluetooth configuration using wireplumber
+    # https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration
+    environment.etc = mkIf cfg.bluetooth.enable {
+      "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+        bluez_monitor.properties = {
+          ["bluez5.enable-sbc-xq"] = true,
+          ["bluez5.enable-msbc"] = true,
+          ["bluez5.enable-hw-volume"] = true,
+          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
         }
       '';
     };
 
     # Enable bluetooth
-    hardware.bluetooth = mkIf cfg.bluetooth.enable {
-      enable = true;
-      # Disable bluetooth on startup to save battery
-      powerOnBoot = false;
-      # Disable useless SIM Access Profile plugin
-      disabledPlugins = [
-        "sap"
-      ];
-      settings = {
-        General = {
-          # Enables experimental features and interfaces.
-          # Makes BlueZ Battery Provider available
-          Experimental = true;
-        };
-      };
-    };
+    hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
     services.blueman.enable = mkIf cfg.bluetooth.enable true;
 
     # Enable audio server & client

modules/audio/mopidy.nix

@@ -5,7 +5,7 @@ pkgs: {
     mopidy-soundcloud
     mopidy-youtube
     mopidy-local
-    mopidy-jellyfin
+    # mopidy-jellyfin
   ];
 
   configuration = ''

modules/audio/pipewire-pulse.conf.json

@@ -0,0 +1,36 @@
+{
+  "context.properties": {},
+  "context.spa-libs": {
+    "audio.convert.*": "audioconvert/libspa-audioconvert",
+    "support.*": "support/libspa-support"
+  },
+  "context.modules": [
+    {
+      "name": "libpipewire-module-rtkit",
+      "args": {},
+      "flags": ["ifexists", "nofail"]
+    },
+    {
+      "name": "libpipewire-module-protocol-native"
+    },
+    {
+      "name": "libpipewire-module-client-node"
+    },
+    {
+      "name": "libpipewire-module-adapter"
+    },
+    {
+      "name": "libpipewire-module-metadata"
+    },
+    {
+      "name": "libpipewire-module-protocol-pulse",
+      "args": {
+        "server.address": ["unix:native", "tcp:4713"],
+        "vm.overrides": {
+          "pulse.min.quantum": "1024/48000"
+        }
+      }
+    }
+  ],
+  "stream.properties": {}
+}

modules/compat/default.nix

@@ -0,0 +1,12 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; {
+  # Both things below are for
+  # https://github.com/NixOS/nixpkgs/issues/124215
+  documentation.info.enable = lib.mkForce false;
+  nix.settings.extra-sandbox-paths = ["/bin/sh=${pkgs.bash}/bin/sh"];
+}

modules/core/boot.nix

@@ -33,10 +33,10 @@ in {
         };
       };
 
-      loader.systemd-boot.enable = lib.mkDefault true;
+      loader.systemd-boot.enable = true;
 
       # Use latest LTS linux kernel by default
-      kernelPackages = lib.mkDefault pkgs.linuxPackages_6_1;
+      kernelPackages = pkgs.linuxPackages_5_15;
 
       # Support ntfs drives
       supportedFilesystems = ["ntfs"];

modules/core/hibernation.nix

@@ -15,8 +15,8 @@ in {
     };
 
     resumeDevice = mkOption {
-      type = types.nullOr types.str;
-      default = null;
+      type = types.str;
+      default = "/dev/sda1";
       description = "The location of the hibernation resume swap file.";
     };
 
@@ -29,7 +29,7 @@ in {
 
   config = {
     boot = mkIf cfg.enable {
-      resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice;
+      resumeDevice = cfg.resumeDevice;
       kernelParams = mkIf (cfg.resumeOffset != null) ["resume_offset=${builtins.toString cfg.resumeOffset}"];
     };
   };

modules/core/networking.nix

@@ -46,22 +46,26 @@ in {
     nix.settings.trusted-public-keys = cfg.publicKeys;
 
     # These entries get added to /etc/hosts
-    networking.hosts = {
-      "127.0.0.1" =
+    networking.hosts = let
+      hostnames =
         []
         ++ lib.optionals cfg.enableCaddy ["caddy.local"]
         ++ lib.optionals config.pub-solar.printing.enable ["cups.local"]
+        ++ lib.optionals config.pub-solar.paperless.enable ["paperless.local"]
         ++ lib.optionals cfg.enableHelp ["help.local"];
+    in {
+      "127.0.0.1" = hostnames;
+      "::1" = hostnames;
     };
 
     # Caddy reverse proxy for local services like cups
     services.caddy = {
-      enable = lib.mkDefault cfg.enableCaddy;
-      globalConfig = lib.mkDefault ''
+      enable = cfg.enableCaddy;
+      globalConfig = ''
         default_bind 127.0.0.1
         auto_https off
       '';
-      extraConfig = lib.mkDefault (concatStringsSep "\n" [
+      extraConfig = concatStringsSep "\n" [
         (lib.optionalString
           config.pub-solar.printing.enable
           ''
@@ -71,6 +75,15 @@ in {
             }
           '')
 
+        (lib.optionalString
+          config.pub-solar.paperless.enable
+          ''
+            paperless.local:80 {
+              request_header Host localhost:28981
+              reverse_proxy localhost:28981
+            }
+          '')
+
         (lib.optionalString
           cfg.enableHelp
           ''
@@ -79,7 +92,7 @@ in {
               file_server
             }
           '')
-      ]);
+      ];
     };
   };
 }

modules/core/nix.nix

@@ -15,14 +15,13 @@
       auto-optimise-store = true;
       # Prevents impurities in builds
       sandbox = true;
-      # Give root and @wheel special privileges with nix
+      # give root and @wheel special privileges with nix
       trusted-users = ["root" "@wheel"];
-      # Allow only group wheel to connect to the nix daemon
-      allowed-users = ["@wheel"];
+      # This is just a representation of the nix default
+      system-features = ["nixos-test" "benchmark" "big-parallel" "kvm"];
     };
     # Generally useful nix option defaults
-    extraOptions = lib.mkForce ''
-      experimental-features = flakes nix-command
+    extraOptions = ''
       min-free = 536870912
       keep-outputs = true
       keep-derivations = true

modules/core/packages.nix

@@ -24,7 +24,6 @@ in {
         openssh
         curl
         htop
-        btop
         lsof
         psmisc
         file

modules/core/services.nix

@@ -10,7 +10,7 @@
     # If you don't want the host to have SSH actually opened up to the net,
     # set `services.openssh.openFirewall` to false in your config.
     openFirewall = lib.mkDefault true;
-    settings.PasswordAuthentication = lib.mkDefault false;
+    passwordAuthentication = false;
   };
 
   # Service that makes Out of Memory Killer more effective

modules/devops/default.nix

@@ -16,6 +16,7 @@ in {
     home-manager = with pkgs;
       pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
         home.packages = [
+          croc
           drone-cli
           nmap
           pgcli
@@ -24,6 +25,7 @@ in {
           restic
           shellcheck
           terraform
+          tea
         ];
       };
   };

modules/docker-ci-runner/default.nix

@@ -1,11 +1,7 @@
-{
-  lib,
-  config,
-  pkgs,
-  self,
-  ...
-}:
-with lib; let
+{ lib, config, pkgs, self, ... }:
+
+with lib;
+let
   bootstrap = pkgs.writeScript "bootstrap.sh" ''
     #!/usr/bin/env bash
 
@@ -27,7 +23,7 @@ with lib; let
 
     export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
     mkdir -p $(dirname \\$nix_user_config_file)
-    echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
+    echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org  https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
     chown -R build /home/build/
 
     curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
@@ -44,7 +40,8 @@ with lib; let
   '';
   psCfg = config.pub-solar;
   cfg = config.pub-solar.docker-ci-runner;
-in {
+in
+{
   options.pub-solar.docker-ci-runner = {
     enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
 
@@ -105,10 +102,5 @@ in {
         };
       };
     };
-    # Fix container not stopping correctly and holding the system 120s upon
-    # shutdown / reboot
-    systemd.services.docker-drone-exec-runner.preStop = ''
-      docker stop drone-exec-runner
-    '';
   };
 }

modules/docker/default.nix

@@ -14,7 +14,6 @@ in {
 
   config = mkIf cfg.enable {
     virtualisation.docker.enable = true;
-    virtualisation.docker.package = pkgs.docker_24;
     users.users = with pkgs;
       pkgs.lib.setAttrByPath [psCfg.user.name] {
         extraGroups = ["docker"];

modules/gaming/default.nix

@@ -18,9 +18,8 @@ in {
       steam = pkgs.steam.override {};
     };
 
-    home-manager = with pkgs;
-      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
-        home.packages = [
+    home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
+      home.packages = with pkgs; [
         playonlinux
         godot
         obs-studio

modules/graphical/default.nix

@@ -66,7 +66,7 @@ in {
 
     services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}");
 
-    qt = {
+    qt5 = {
       enable = true;
       platformTheme = "gtk2";
       style = "gtk2";
@@ -100,7 +100,7 @@ in {
         home.packages = [
           alacritty
           foot
-          ungoogled-chromium
+          chromium
           firefox-wayland
 
           flameshot

modules/graphical/network-manager-applet.service.nix

@@ -1,6 +1,6 @@
 pkgs: {
   Unit = {
-    Description = "Network Manager applet";
+    Description = "Lightweight Wayland notification daemon";
     BindsTo = ["sway-session.target"];
     After = ["sway-session.target"];
     # ConditionEnvironment requires systemd v247 to work correctly

modules/mobile/default.nix

@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.mobile;
+in {
+  options.pub-solar.mobile = {
+    enable = mkEnableOption "Add android adb and tooling";
+  };
+
+  config = mkIf cfg.enable {
+    programs.adb.enable = true;
+
+    users.users = with pkgs;
+      lib.setAttrByPath [psCfg.user.name] {
+        extraGroups = ["adbusers"];
+      };
+  };
+}

modules/paperless/default.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.paperless;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  options.pub-solar.paperless = {
+    enable = mkEnableOption "All you need to go paperless";
+    ocrLanguage = mkOption {
+      description = "OCR language";
+      type = types.str;
+      example = "eng+deu";
+      default = "eng";
+    };
+    consumptionDir = mkOption {
+      description = "Directory to be watched";
+      type = types.str;
+      example = "/var/lib/paperless/consume";
+      default = "/home/${psCfg.user.name}/Documents";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.paperless = {
+      enable = true;
+      user = psCfg.user.name;
+      consumptionDir = cfg.consumptionDir;
+      extraConfig = {
+        PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
+        PAPERLESS_ADMIN_USER = psCfg.user.name;
+        PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
+      };
+    };
+  };
+}

modules/paranoia/default.nix

@@ -23,6 +23,10 @@ in {
     pub-solar.core.hibernation.enable = true;
     services.logind.lidSwitch = "hibernate";
 
+    services.tor.settings = {
+      UseBridges = true;
+    };
+
     # The options below are directly taken from or inspired by
     # https://xeiaso.net/blog/paranoid-nixos-2021-07-18
 

modules/printing/default.nix

@@ -28,6 +28,7 @@ in {
     hardware.sane = {
       enable = true;
       brscan4.enable = true;
+      extraBackends = [pkgs.hplipWithPlugin];
     };
   };
 }

modules/sway/config/config.d/custom-keybindings.conf

@@ -18,6 +18,9 @@ bindsym $mod+Shift+h exec psos help
 
 bindsym $mod+F2 exec firefox
 
+bindsym $mod+F3 exec $term -e vifm
+bindsym $mod+Shift+F3 exec gksu $term -e vifm
+
 bindsym $mod+F4 exec nautilus -w
 bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
 
@@ -33,3 +36,11 @@ bindsym $mod+Ctrl+r exec record-screen
 # Launcher
 set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
 bindsym $mod+Space exec $menu
+
+set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
+bindsym $mod+Num_Lock mode "$mode_vncclient"
+bindsym $mod+Shift+Escape mode "$mode_vncclient"
+mode "$mode_vncclient" {
+    bindsym $mod+Num_Lock mode "default"
+    bindsym $mod+Shift+Escape mode "default"
+}

modules/sway/config/wayvnc/config.nix

@@ -0,0 +1,11 @@
+{
+  psCfg,
+  pkgs,
+}: "
+address=0.0.0.0
+enable_auth=true
+username=${psCfg.user.name}
+password=testtest
+private_key_file=/run/agenix/vnc-key.pem
+certificate_file=/run/agenix/vnc-cert.pem
+"

modules/sway/default.nix

@@ -16,6 +16,8 @@ in {
       description = "Choose sway's default terminal";
     };
 
+    vnc.enable = mkEnableOption "Enable vnc service";
+
     v4l2loopback.enable = mkOption {
       type = types.bool;
       default = true;
@@ -96,6 +98,12 @@ in {
           systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
           systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
 
+          systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
+          xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix {
+            inherit psCfg;
+            inherit pkgs;
+          };
+
           xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
           xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
           xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;

modules/sway/sway.service.nix

@@ -8,10 +8,10 @@
   };
   Service = {
     Type = "simple";
-    ExecStartPre = "${pkgs.systemd}/bin/systemctl --user unset-environment WAYLAND_DISPLAY DISPLAY";
     ExecStart = "${pkgs.sway}/bin/sway";
     Restart = "on-failure";
     RestartSec = "1";
     TimeoutStopSec = "10";
+    ExecStopPost = "${pkgs.systemd}/bin/systemctl --user unset-environment SWAYSOCK DISPLAY I3SOCK WAYLAND_DISPLAY";
   };
 }

modules/sway/wayvnc.service.nix

@@ -0,0 +1,18 @@
+pkgs: {
+  Unit = {
+    Description = "A VNC server for wlroots based Wayland compositors ";
+    Documentation = "https://github.com/any1/wayvnc";
+    BindsTo = ["sway-session.target"];
+    After = ["graphical-session-pre.target" "network-online.target"];
+    Wants = ["graphical-session-pre.target" "network-online.target"];
+  };
+
+  Service = {
+    Type = "simple";
+    ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
+  };
+
+  Install = {
+    WantedBy = ["sway-session.target"];
+  };
+}

modules/terminal-life/bash/default.nix

@@ -18,9 +18,6 @@ in {
 
   # Run when initializing an interactive shell
   initExtra = ''
-    # Show current directory at the top in Alacritty
-    PROMPT_COMMAND='echo -e -n "\e]2;$(basename "$PWD" | sed "s/${psCfg.user.name}/~/")\e\\"'
-
     # If a command is not found, show me where it is
     source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
 
@@ -30,41 +27,33 @@ in {
 
     eval "$(${pkgs.direnv}/bin/direnv hook bash)"
 
-    bind 'set show-all-if-ambiguous on'
-
     # Syntax highlighting, auto suggestions, vim modes, etc.
     # https://github.com/akinomyoga/ble.sh/wiki/Manual-A1-Installation#user-content-nixpkgs
-    source "$(blesh-share)"/ble.sh --attach=none
+    source "$(blesh-share)" --attach=none
     # ctrl + space to accept autocomplete suggestion
     ble-bind -m 'auto_complete' -f 'C-@' 'auto_complete/insert-on-end'
     # Meta (Alt) + Backspace to delete a word
-    ble-bind -m 'vi_imap' -f 'M-C-?' 'kill-backward-cword'
+    ble-bind -m 'emacs' -f 'M-C-?' 'kill-backward-cword'
     # Meta (Alt) + p to jump one word backwards
-    ble-bind -m 'vi_imap' -f M-p '@nomarked backward-uword'
-    ble-bind -m 'vi_imap' -f M-left '@nomarked backward-uword'
+    ble-bind -m 'emacs' -f M-p '@nomarked backward-cword'
     # Meta (Alt) + n to jump one word forwards
-    ble-bind -m 'vi_imap' -f M-n '@nomarked forward-uword'
-    ble-bind -m 'vi_imap' -f M-right '@nomarked forward-uword'
+    ble-bind -m 'emacs' -f M-n '@nomarked forward-cword'
     # Arrow up and Ctrl + p searches history for entered input
-    ble-bind -m 'vi_imap' -f up 'history-search-backward hide-status:immediate-accept:empty=emulate-readline:point=end'
-    ble-bind -m 'vi_imap' -f C-p 'history-search-backward hide-status:immediate-accept:empty=emulate-readline:point=end'
+    ble-bind -f up 'history-search-backward hide-status:immediate-accept:empty=emulate-readline:point=end'
+    ble-bind -f C-p 'history-search-backward hide-status:immediate-accept:empty=emulate-readline:point=end'
     # Arrow down and Ctrl + n searches history for entered input
-    ble-bind -m 'vi_imap' -f down 'history-search-forward hide-status:immediate-accept:empty=emulate-readline:point=end'
-    ble-bind -m 'vi_imap' -f C-n 'history-search-forward hide-status:immediate-accept:empty=emulate-readline:point=end'
-
-    ble-face region_insert='fg=black,bg=navy'
+    ble-bind -f down 'history-search-forward hide-status:immediate-accept:empty=emulate-readline:point=end'
+    ble-bind -f C-n 'history-search-forward hide-status:immediate-accept:empty=emulate-readline:point=end'
 
     function my/complete-load-hook {
-      bleopt complete_auto_delay=250
+      bleopt complete_auto_delay=300
     }
     blehook/eval-after-load complete my/complete-load-hook
 
-    bleopt exec_elapsed_mark=
     bleopt exec_errexit_mark=
+    bleopt history_share=1
     bleopt filename_ls_colors="$LS_COLORS"
 
-    bleopt complete_menu_style=desc
-
     # Bash vim mode keybindings
     if [[ $- == *i* ]]; then # in interactive session
       set -o vi
@@ -80,16 +69,9 @@ in {
       ble-bind -m vi_nmap -f 'j' 'vi-command/backward-char'
       ble-bind -m vi_nmap -f 'k' 'vi-command/forward-line'
       ble-bind -m vi_nmap -f 'l' 'vi-command/forward-char'
-
-      ble-bind -m vi_imap -f 'C-c' discard-line
     fi
 
     # end of .bashrc
-    # Somehow we need to ensure starship starts later than ble.sh
-    # (possible packaging issue?)
-    # https://github.com/akinomyoga/ble.sh/issues/333
-    eval "$(${pkgs.starship}/bin/starship init bash)"
-
     [[ ''${BLE_VERSION-} ]] && ble-attach
   '';
 
@@ -100,6 +82,8 @@ in {
     mutt = "neomutt";
     ls = "exa";
     la = "exa --group-directories-first -lag";
+    fm = "vifm .";
+    vifm = "vifm .";
     wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
     irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
     drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
@@ -107,6 +91,5 @@ in {
     # fix nixos-option
     nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
     myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
-    nnn = "nnn -d -e -H -r";
   };
 }

modules/terminal-life/default.nix

@@ -47,15 +47,10 @@ in {
           gh
           glow
           jump
-          (nnn.overrideAttrs (o: {
-            patches =
-              (o.patches or [])
-              ++ [
-                ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
-              ];
-          }))
+          nnn
           powerline
           silver-searcher
+          vifm
           watson
         ];
 
@@ -71,7 +66,6 @@ in {
         programs.neovim = import ./nvim {
           inherit config;
           inherit pkgs;
-          inherit lib;
         };
       };
   };

modules/terminal-life/nnn/0001-feat-use-wasd-keybindings-for-jkli.patch

@@ -1,38 +0,0 @@
-From a81ee68923412c0fb8fab46f2f918a7ec865b384 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
-Date: Sun, 9 Jul 2023 04:19:51 +0200
-Subject: [PATCH] feat: use wasd keybindings for jkli
-
----
- src/nnn.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/nnn.h b/src/nnn.h
-index d476ddd2..5f106987 100644
---- a/src/nnn.h
-+++ b/src/nnn.h
-@@ -131,7 +131,7 @@ struct key {
- static struct key bindings[] = {
- 	/* Back */
- 	{ KEY_LEFT,       SEL_BACK },
--	{ 'h',            SEL_BACK },
-+	{ 'j',            SEL_BACK },
- 	/* Inside or select */
- 	{ KEY_ENTER,      SEL_OPEN },
- 	{ '\r',           SEL_OPEN },
-@@ -139,10 +139,10 @@ static struct key bindings[] = {
- 	{ KEY_RIGHT,      SEL_NAV_IN },
- 	{ 'l',            SEL_NAV_IN },
- 	/* Next */
--	{ 'j',            SEL_NEXT },
-+	{ 'k',            SEL_NEXT },
- 	{ KEY_DOWN,       SEL_NEXT },
- 	/* Previous */
--	{ 'k',            SEL_PREV },
-+	{ 'i',            SEL_PREV },
- 	{ KEY_UP,         SEL_PREV },
- 	/* Page down */
- 	{ KEY_NPAGE,      SEL_PGDN },
--- 
-2.40.1
-

modules/terminal-life/nvim/clipboard.vim

@@ -5,8 +5,8 @@
 let g:clipboard = {
       \   'name': 'wayland-strip-carriage',
       \   'copy': {
-      \      '+': 'wl-copy --foreground --type text/plain --trim-newline',
-      \      '*': 'wl-copy --foreground --type text/plain --primary --trim-newline',
+      \      '+': 'wl-copy --foreground --type text/plain',
+      \      '*': 'wl-copy --foreground --type text/plain --primary',
       \    },
       \   'paste': {
       \      '+': {-> systemlist('wl-paste --no-newline | tr -d "\r"')},

modules/terminal-life/nvim/default.nix

@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  lib,
   ...
 }: let
   psCfg = config.pub-solar;
@@ -22,10 +21,8 @@ in {
 
   extraPackages = with pkgs;
     lib.mkIf (!cfg.lite) [
-      ansible-language-server
       ccls
       gopls
-      nixd
       nodejs
       nodePackages.bash-language-server
       nodePackages.dockerfile-language-server-nodejs
@@ -36,141 +33,71 @@ in {
       nodePackages.vue-language-server
       nodePackages.vscode-langservers-extracted
       nodePackages.yaml-language-server
-      python3Packages.python-lsp-server
+      python39Packages.python-lsp-server
       python3Full
-      rust-analyzer
       solargraph
+      rnix-lsp
+      rust-analyzer
       terraform-ls
       universal-ctags
     ];
 
-  plugins = with pkgs.vimPlugins;
-    []
-    ++ lib.optionals (!cfg.lite) [
-      (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
-        p.ini
-        p.json
-        p.json5
-        p.markdown
-        p.nix
-        p.toml
-        p.yaml
-
-        p.css
-        p.graphql
-        p.html
-        p.javascript
-        p.scss
-        p.tsx
-        p.typescript
-        p.vue
-
-        p.c
-        p.cpp
-        p.go
-        p.gomod
-        p.gosum
-        p.haskell
-        p.lua
-        p.php
-        p.python
-        p.ruby
-        p.rust
-
-        p.vim
-        p.vimdoc
-
-        p.passwd
-        p.sql
-
-        p.diff
-        p.gitcommit
-        p.gitignore
-        p.git_config
-        p.gitattributes
-        p.git_rebase
-
-        p.bash
-        p.dockerfile
-        p.make
-        p.ninja
-        p.terraform
-      ]))
-
-      # Dependencies for nvim-lspconfig
+  plugins = with pkgs.vimPlugins; [
     nvim-cmp
     cmp-nvim-lsp
     cmp_luasnip
     luasnip
 
-      # Quickstart configs for neovim LSP
     lsp_extensions-nvim
     nvim-lspconfig
 
-      # Collaborative editing in Neovim using built-in capabilities
     instant-nvim-nvfetcher
 
-      # Search functionality behind :Ack
     ack-vim
-
-      # The status bar in the bottom of the screen with the mode indication and file location
     vim-airline
-
-      # Automatically load editorconfig files in repos to configure nvim settings
     editorconfig-vim
-
-      # File browser. Use <leader>n to access
     nnn-vim
-
-      # Highlight characters when using f, F, t, and T
     quick-scope
-
-      # Get sudo in vim; :SudaWrite <optional filename>
     suda-vim
-
-      # Undo history etc. per project
+    syntastic
+    vim-vinegar
     vim-workspace-nvfetcher
 
-      # JSON schemas
-      SchemaStore-nvim
-
-      # Work with tags files
-      vim-gutentags
-
-      # Neovim colorschemes / themes
     sonokai
     vim-hybrid-material
     vim-airline-themes
     vim-apprentice-nvfetcher
 
-      # Git integrations
-      # A Git wrapper so awesome, it should be illegal
     fugitive
-      # Shows git diff markers in the sign column
     vim-gitgutter
-      # GitHub extension for fugitive
     vim-rhubarb
-      # Ease your git workflow within Vim
     vimagit-nvfetcher
 
-      # FZF fuzzy finder
     fzf-vim
     fzfWrapper
-      # Make the yanked region apparent
     vim-highlightedyank
 
-      # :Beautify Code beautifier
     vim-beautify-nvfetcher
+    vim-surround
 
-      # Unload, delete or wipe a buffer without closing the window
     vim-bufkill
-      # Defaults everyone can agree on
     vim-sensible
 
-      # emmet for vim: http://emmet.io/
+    ansible-vim
     emmet-vim
-      # Caddyfile syntax support for Vim
+    rust-vim
     vim-caddyfile-nvfetcher
+    vim-go
+    vim-javascript
+    vim-json
+    SchemaStore-nvim
+    vim-markdown
+    vim-nix
+    vim-nixhash
+    vim-ruby
+    vim-toml
+    vim-vue
+    yats-vim
   ];
 
   extraConfig = builtins.concatStringsSep "\n" [

modules/terminal-life/nvim/init.vim

@@ -101,6 +101,3 @@ if has("autocmd")
   au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
 endif
 
-nmap - :NnnPicker %<CR>
-nmap <leader>n :NnnPicker %<CR>
-nmap <leader>N :NnnPicker<CR>

modules/terminal-life/nvim/lsp.vim

@@ -74,6 +74,8 @@ lua <<EOF
 
   -- Add additional capabilities supported by nvim-cmp
   local capabilities = require('cmp_nvim_lsp').default_capabilities()
+  -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
+  capabilities.textDocument.completion.completionItem.snippetSupport = true
 
   -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
   capabilities.textDocument.completion.completionItem.snippetSupport = true
@@ -81,7 +83,6 @@ lua <<EOF
   local use_denols_for_typescript = not(os.getenv('NVIM_USE_DENOLS') == nil)
 
   for lsp_key, lsp_settings in pairs({
-        'ansiblels', ---------------------------- Ansible
         'bashls', ------------------------------- Bash
         'ccls', --------------------------------- C / C++ / Objective-C
         'cssls', -------------------------------- CSS / SCSS / LESS
@@ -122,9 +123,9 @@ lua <<EOF
                 }
             }
         },
-        'nixd', --------------------------------- Nix
         'phpactor', ----------------------------- PHP
         'pylsp', -------------------------------- Python
+        'rnix', --------------------------------- Nix
         'solargraph', --------------------------- Ruby
         'rust_analyzer', ------------------------ Rust
         ['sqlls'] = {
@@ -148,6 +149,7 @@ lua <<EOF
                     ['schemas'] = {
                         ['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}',
                         ['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
+                        ['https://json.schemastore.org/ansible-stable-2.9'] = 'roles/tasks/*.{yml,yaml}',
                         ['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',
                         ['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}',
                     }
@@ -172,6 +174,13 @@ lua <<EOF
     end
   end -- ‡
 
+  -- configure floating diagnostics appearance, symbols
+  local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
+  for type, icon in pairs(signs) do
+    local hl = "DiagnosticSign" .. type
+    vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
+  end
+
   -- Set completeopt to have a better completion experience
   vim.o.completeopt = 'menuone,noselect'
 

modules/terminal-life/nvim/plugins.vim

@@ -83,5 +83,3 @@ if executable('ag')
   let g:ackprg = 'ag --vimgrep'
 endif
 
-" nnn
-let g:nnn#command = 'nnn -d -e -H -r'

modules/terminal-life/nvim/preview-file.nix

@@ -31,6 +31,6 @@ with self; ''
     --style="''${BAT_STYLE:-numbers}" \
     --color=always \
     --pager=never \
-    --file-name="''$FILE" \
+    --file-name=''$FILE \
     --highlight-line=$CENTER
 ''

modules/terminal-life/nvim/ui.vim

@@ -1,4 +1,4 @@
-let g:base16_shell_path = $XDG_DATA_HOME . "/scripts/base16.sh"
+let g:base16_shell_path = $XDG_CONFIG_HOME . "/zsh/base16.sh"
 let base16colorspace = 256
 set termguicolors
 let g:sonokai_style = 'shusia'

modules/terminal-life/starship.toml.nix

@@ -1,22 +1,16 @@
 {
-  format = "$username$hostname$directory($git_branch$git_commit$git_state$git_status)($c$deno$golang$haskell$nodejs$php$python$ruby$rust$terraform[](fg:#F85E84 bg:#000000))($docker_context[](fg:#06969A))($container)$fill(\${custom.triton})$nix_shell$status[ |](fg:#F85E84)$line_break$character";
+  format = "$directory($git_branch$git_commit$git_state$git_status)($c$deno$golang$haskell$nodejs$php$python$ruby$rust$terraform[](fg:#86BBD8 bg:#06969A))($docker_context[](fg:#06969A))($container)$fill(\${custom.triton})$nix_shell$status[ |](fg:#F85E84)$line_break$character";
 
   # Disable the blank line at the start of the prompt
   add_newline = false;
 
   # You can also replace your username with a neat symbol like  to save some space
-  username = {
-    style_user = "bg:#000000 fg:#F85E84";
-    style_root = "bg:#F85E84 fg:#000000";
-    format = ''[$user ]($style)'';
-  };
-
-  hostname = {
-    ssh_symbol = "";
-    trim_at = "";
-    style = "bg:#000000 fg:#F85E84";
-  };
-
+  #username = {
+  #  show_always = true;
+  #  style_user = "bg:#9A348E";
+  #  style_root = "bg:#9A348E";
+  #  format = ''[$user ]($style)'';
+  #};
   character = {
     success_symbol = "[❯](bold purple)";
     error_symbol = "[✗](#FF4B00)";
@@ -84,7 +78,6 @@
   git_branch = {
     style = "#E5C463";
     format = "[](fg:black bg:$style)[ $symbol$branch](fg:black bg:$style)[](fg:$style)";
-    symbol = " ";
   };
 
   git_commit = {
@@ -105,16 +98,16 @@
   git_status = {
     style = "#E5C463";
     format = "([ ](bg:$style fg:black)$conflicted$staged$modified$renamed$deleted$untracked$stashed$ahead_behind[](fg:$style))";
-    conflicted = "[ ](bold fg:88 bg:#E5C463)[  \${count} ](fg:black bg:#E5C463)";
+    conflicted = "[ ](bold fg:88 bg:#E5C463)[  \${count} ](fg:black bg:#E5C463)";
     staged = "[ $count ](fg:black bg:#E5C463)";
-    modified = "[ \${count} ](fg:black bg:#E5C463)";
+    modified = "[ \${count} ](fg:black bg:#E5C463)";
     renamed = "[ \${count} ](fg:black bg:#E5C463)";
     deleted = "[ \${count} ](fg:black bg:#E5C463)";
     untracked = "[?\${count} ](fg:black bg:#E5C463)";
     stashed = "[ \${count} ](fg:black bg:#E5C463)";
     ahead = "[ \${count} ](fg:#523333 bg:#E5C463)";
     behind = "[ \${count} ](fg:black bg:#E5C463)";
-    diverged = "[ ](fg:88 bg:#E5C463)[  ](fg:black bg:#E5C463)[ \${ahead_count} ](fg:black bg:#E5C463)[ \${behind_count} ](fg:black bg:#E5C463)";
+    diverged = "[ ](fg:88 bg:#E5C463)[ נּ ](fg:black bg:#E5C463)[ \${ahead_count} ](fg:black bg:#E5C463)[ \${behind_count} ](fg:black bg:#E5C463)";
   };
 
   golang = {

modules/terminal-life/zsh/default.nix

@@ -0,0 +1,123 @@
+{
+  config,
+  pkgs,
+  self,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  enable = true;
+  enableAutosuggestions = true;
+  enableCompletion = true;
+  dotDir = ".config/zsh";
+
+  history = {
+    ignoreDups = true;
+    expireDuplicatesFirst = true;
+    ignoreSpace = true;
+    path = "$HOME/.local/share/zsh/zsh_history";
+    save = 10000;
+    size = 10000;
+  };
+
+  loginExtra = ''
+    [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.sway-service}/bin/sway-service
+  '';
+
+  shellAliases = {
+    nano = "nvim";
+    vi = "nvim";
+    vim = "nvim";
+    mutt = "neomutt";
+    ls = "exa";
+    la = "exa --group-directories-first -lag";
+    fm = "vifm .";
+    vifm = "vifm .";
+    wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
+    irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
+    drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
+    no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
+    # fix nixos-option
+    nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
+    myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
+  };
+  plugins = [
+    # src gets fetched by nvfetcher, see: ./pkgs/sources.toml
+    {
+      # will source ohmyzsh/plugins/z/
+      name = "zsh-plugins-z";
+      file = "plugins/z/z.plugin.zsh";
+      src = pkgs.sources.ohmyzsh.src;
+    }
+    {
+      name = "zsh-powerlevel10k";
+      file = "powerlevel10k.zsh-theme";
+      src = pkgs.sources.powerlevel10k.src;
+    }
+    {
+      name = "zsh-fast-syntax-highlighting";
+      file = "F-Sy-H.plugin.zsh";
+      src = pkgs.sources.F-Sy-H.src;
+    }
+    {
+      name = "zsh-nix-shell";
+      file = "nix-shell.plugin.zsh";
+      src = pkgs.sources.zsh-nix-shell.src;
+    }
+  ];
+
+  initExtra =
+    ''
+      bindkey -v
+      bindkey -v 'jj' vi-cmd-mode
+      bindkey -a 'i' up-line
+      bindkey -a 'k' down-line
+      bindkey -a 'j' backward-char
+      bindkey -a 'h' vi-insert
+      bindkey '^[[H' beginning-of-line
+      bindkey '^[[F' end-of-line
+      bindkey '^R' history-incremental-pattern-search-backward
+      bindkey '^ ' autosuggest-accept
+      bindkey '^q' push-line-or-edit
+
+      bindkey '^R' fzf-history-widget
+
+      # ArrowUp/Down start searching history with current input
+      autoload -U up-line-or-beginning-search
+      autoload -U down-line-or-beginning-search
+      zle -N up-line-or-beginning-search
+      zle -N down-line-or-beginning-search
+      bindkey "^[[A" up-line-or-beginning-search
+      bindkey "^[[B" down-line-or-beginning-search
+      bindkey "^P" up-line-or-beginning-search
+      bindkey "^N" down-line-or-beginning-search
+
+      # MAKE CTRL+S WORK IN VIM
+      stty -ixon
+      stty erase '^?'
+
+      precmd () {
+        DIR_NAME=$(pwd | sed "s|^$HOME|~|g")
+        echo -e -n "\e]2;$DIR_NAME\e\\"
+
+        if [ $(date +%d%m) = '0104' ]; then
+          if [ $? -eq 0 ]; then
+            echo "Success! That was a great command! I can't wait to see what amazing stuff you'll be up to next."
+          fi
+        fi
+      }
+
+      # If a command is not found, show me where it is
+      source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
+    ''
+    + builtins.readFile ./base16.zsh
+    + builtins.readFile ./p10k.zsh
+    + ''
+      source ${pkgs.fzf}/share/fzf/key-bindings.zsh
+      source ${pkgs.fzf}/share/fzf/completion.zsh
+      source ${pkgs.git-bug}/share/zsh/site-functions/git-bug
+      eval "$(direnv hook zsh)"
+    ''
+    + builtins.readFile ./fzf.zsh;
+}

modules/terminal-life/zsh/fzf.zsh

@@ -0,0 +1,58 @@
+# Use ~~ as the trigger sequence instead of the default **
+export FZF_COMPLETION_TRIGGER='~~'
+
+# Options to fzf command
+export FZF_COMPLETION_OPTS='--border --info=inline'
+
+__fzfcmd() {
+  echo "fzf"
+}
+
+# ctrl+r - Paste the selected command from history into the command line
+fzf-history-widget() {
+  local selected num
+  setopt localoptions noglobsubst noposixbuiltins pipefail HIST_FIND_NO_DUPS 2> /dev/null
+
+  selected=( $(fc -rl 1 |
+    FZF_DEFAULT_OPTS="--height ${FZF_TMUX_HEIGHT:-40%} $FZF_DEFAULT_OPTS -n2..,.. --tiebreak=index --bind=ctrl-r:toggle-sort $FZF_CTRL_R_OPTS --query=${(qqq)LBUFFER} +m" $(__fzfcmd)) )
+  local ret=$?
+  if [ -n "$selected" ]; then
+    num=$selected[1]
+    if [ -n "$num" ]; then
+      zle vi-fetch-history -n $num
+    fi
+  fi
+  zle redisplay
+  typeset -f zle-line-init >/dev/null && zle zle-line-init
+  return $ret
+}
+zle     -N   fzf-history-widget
+bindkey '^R' fzf-history-widget
+
+# Use fd (https://github.com/sharkdp/fd) instead of the default find
+# command for listing path candidates.
+# - The first argument to the function ($1) is the base path to start traversal
+# - See the source code (completion.{bash,zsh}) for the details.
+_fzf_compgen_path() {
+  fd --hidden --follow --exclude ".git" . "$1"
+}
+
+# Use fd to generate the list for directory completion
+_fzf_compgen_dir() {
+  fd --type d --hidden --follow --exclude ".git" . "$1"
+}
+
+# (EXPERIMENTAL) Advanced customization of fzf options via _fzf_comprun function
+# - The first argument to the function is the name of the command.
+# - You should make sure to pass the rest of the arguments to fzf.
+_fzf_comprun() {
+  local command=$1
+  shift
+
+  case "$command" in
+    cd)           fzf "$@" --preview 'tree -C {} | head -200' ;;
+    export|unset) fzf "$@" --preview "eval 'echo \$'{}" ;;
+    ssh)          fzf "$@" --preview 'dig {}' ;;
+    *)            fzf "$@" ;;
+  esac
+}

modules/terminal-life/zsh/p10k.zsh

@@ -0,0 +1,943 @@
+# Generated by Powerlevel10k configuration wizard on 2020-04-18 at 01:15 CEST.
+# Based on romkatv/powerlevel10k/config/p10k-classic.zsh, checksum 30399.
+# Wizard options: powerline, classic, unicode, darkest, 24h time, angled separators,
+# sharp heads, sharp tails, 1 line, compact, concise, transient_prompt,
+# instant_prompt=verbose.
+# Type `p10k configure` to generate another config.
+#
+# Config for Powerlevel10k with classic powerline prompt style. Type `p10k configure` to generate
+# your own config based on it.
+#
+# Tip: Looking for a nice color? Here's a one-liner to print colormap.
+#
+#   for i in {0..255}; do print -Pn "%K{$i}  %k%F{$i}${(l:3::0:)i}%f " ${${(M)$((i%6)):#3}:+$'\n'}; done
+
+# Temporarily change options.
+'builtin' 'local' '-a' 'p10k_config_opts'
+[[ ! -o 'aliases'         ]] || p10k_config_opts+=('aliases')
+[[ ! -o 'sh_glob'         ]] || p10k_config_opts+=('sh_glob')
+[[ ! -o 'no_brace_expand' ]] || p10k_config_opts+=('no_brace_expand')
+'builtin' 'setopt' 'no_aliases' 'no_sh_glob' 'brace_expand'
+
+() {
+  emulate -L zsh -o extended_glob
+
+  # Unset all configuration options. This allows you to apply configuration changes without
+  # restarting zsh. Edit ~/.p10k.zsh and type `source ~/.p10k.zsh`.
+  unset -m 'POWERLEVEL9K_*'
+
+  # Zsh >= 5.1 is required.
+  autoload -Uz is-at-least && is-at-least 5.1 || return
+
+  # The list of segments shown on the left. Fill it with the most important segments.
+  typeset -g POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(
+    ssh
+    context
+    dir                     # current directory
+    vcs                     # git status
+    # prompt_char           # prompt symbol
+  )
+
+  # The list of segments shown on the right. Fill it with less important segments.
+  # Right prompt on the last prompt line (where you are typing your commands) gets
+  # automatically hidden when the input line reaches it. Right prompt above the
+  # last prompt line gets hidden if it would overlap with left prompt.
+  typeset -g POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=(
+    vi_mode                 # vi mode (you don't need this if you've enabled prompt_char)
+    status                  # exit code of the last command
+    command_execution_time  # duration of the last command
+    background_jobs         # presence of background jobs
+    direnv                  # direnv status (https://direnv.net/)
+    vim_shell               # vim shell indicator (:sh)
+    triton                  # show the current triton profile
+    nix_shell               # nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html)
+    watson
+    # kubecontext             # current kubernetes context (https://kubernetes.io/)
+    # terraform               # terraform workspace (https://www.terraform.io)
+    # aws                     # aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html)
+    # aws_eb_env              # aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/)
+    # azure                   # azure account name (https://docs.microsoft.com/en-us/cli/azure)
+    # gcloud                  # google cloud cli account and project (https://cloud.google.com/)
+    # google_app_cred         # google application credentials (https://cloud.google.com/docs/authentication/production)
+    # context                 # user@hostname
+    # ranger                  # ranger shell (https://github.com/ranger/ranger)
+    # nnn                     # nnn shell (https://github.com/jarun/nnn)
+    # midnight_commander      # midnight commander shell (https://midnight-commander.org/)
+    # vpn_ip                # virtual private network indicator
+    # load                  # CPU load
+    # disk_usage            # disk usage
+    # ram                   # free RAM
+    # swap                  # used swap
+    # todo                    # todo items (https://github.com/todotxt/todo.txt-cli)
+    # timewarrior             # timewarrior tracking status (https://timewarrior.net/)
+    # taskwarrior             # taskwarrior task count (https://taskwarrior.org/)
+    # time                    # current time
+    # ip                    # ip address and bandwidth usage for a specified network interface
+    # public_ip             # public IP address
+    # proxy                 # system-wide http/https/ftp proxy
+    # battery               # internal battery
+    # wifi                  # wifi speed
+    # example               # example user-defined segment (see prompt_example function below)
+  )
+
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FOREGROUND="black"
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_BACKGROUND="yellow"
+  typeset -g POWERLEVEL9K_VI_INSERT_MODE_STRING=""
+  typeset -g POWERLEVEL9K_VI_COMMAND_MODE_STRING="CMD"
+
+  # Defines character set used by powerlevel10k. It's best to let `p10k configure` set it for you.
+  typeset -g POWERLEVEL9K_MODE=powerline
+  # When set to `moderate`, some icons will have an extra space after them. This is meant to avoid
+  # icon overlap when using non-monospace fonts. When set to `none`, spaces are not added.
+  typeset -g POWERLEVEL9K_ICON_PADDING=none
+
+  # When set to true, icons appear before content on both sides of the prompt. When set
+  # to false, icons go after content. If empty or not set, icons go before content in the left
+  # prompt and after content in the right prompt.
+  #
+  # You can also override it for a specific segment:
+  #
+  #   POWERLEVEL9K_STATUS_ICON_BEFORE_CONTENT=false
+  #
+  # Or for a specific segment in specific state:
+  #
+  #   POWERLEVEL9K_DIR_NOT_WRITABLE_ICON_BEFORE_CONTENT=false
+  typeset -g POWERLEVEL9K_ICON_BEFORE_CONTENT=
+
+  # Add an empty line before each prompt.
+  typeset -g POWERLEVEL9K_PROMPT_ON_NEWLINE=true
+  typeset -g POWERLEVEL9K_RPROMPT_ON_NEWLINE=false
+
+  # Connect left prompt lines with these symbols. You'll probably want to use the same color
+  # as POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND below.
+  typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_PREFIX=''
+  typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_PREFIX='%238F'
+  typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_PREFIX='%238F❯ '
+  # Connect right prompt lines with these symbols.
+  typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_SUFFIX='%238F'
+  typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_SUFFIX='%238F'
+  typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_SUFFIX='%238F'
+
+  # Filler between left and right prompt on the first prompt line. You can set it to ' ', '·' or
+  # '─'. The last two make it easier to see the alignment between left and right prompt and to
+  # separate prompt from command output. You might want to set POWERLEVEL9K_PROMPT_ADD_NEWLINE=false
+  # for more compact prompt if using using this option.
+  typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR=' '
+  typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_BACKGROUND=
+  if [[ $POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR != ' ' ]]; then
+    # The color of the filler. You'll probably want to match the color of POWERLEVEL9K_MULTILINE
+    # ornaments defined above.
+    typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND=238
+    # Start filler from the edge of the screen if there are no left segments on the first line.
+    typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_FIRST_SEGMENT_END_SYMBOL='%{%}'
+    # End filler on the edge of the screen if there are no right segments on the first line.
+    typeset -g POWERLEVEL9K_EMPTY_LINE_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='%{%}'
+  fi
+
+  # Default background color.
+  typeset -g POWERLEVEL9K_BACKGROUND=none
+
+  # Separator between same-color segments on the left.
+  typeset -g POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR='%242F\uE0B1'
+  # Separator between same-color segments on the right.
+  typeset -g POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR='%242F\uE0B3'
+  # Separator between different-color segments on the left.
+  typeset -g POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR='\uE0B0'
+  # Separator between different-color segments on the right.
+  typeset -g POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR='\uE0B2'
+  # The right end of left prompt.
+  typeset -g POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B0'
+  # The left end of right prompt.
+  typeset -g POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B2'
+  # The left end of left prompt.
+  typeset -g POWERLEVEL9K_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B2'
+  # The right end of right prompt.
+  typeset -g POWERLEVEL9K_RIGHT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B0'
+  # Left prompt terminator for lines without any segments.
+  typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL=
+
+  #################################[ os_icon: os identifier ]##################################
+  # OS identifier color.
+  typeset -g POWERLEVEL9K_OS_ICON_FOREGROUND=255
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_OS_ICON_CONTENT_EXPANSION='⭐'
+
+  ################################[ prompt_char: prompt symbol ]################################
+  # Transparent background.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_BACKGROUND=
+  # Green prompt symbol if the last command succeeded.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_OK_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=1
+  # Red prompt symbol if the last command failed.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_ERROR_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=17
+  # Default prompt symbol.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIINS_CONTENT_EXPANSION='❯'
+  # Prompt symbol in command vi mode.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VICMD_CONTENT_EXPANSION='❮'
+  # Prompt symbol in visual vi mode.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIVIS_CONTENT_EXPANSION='Ⅴ'
+  # Prompt symbol in overwrite vi mode.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIOWR_CONTENT_EXPANSION='▶'
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE=true
+  # No line terminator if prompt_char is the last segment.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL=
+  # No line introducer if prompt_char is the first segment.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL=
+  # No surrounding whitespace.
+  typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_{LEFT,RIGHT}_WHITESPACE=
+
+  ##################################[ dir: current directory ]##################################
+  typeset -g POWERLEVEL9K_{ETC,FOLDER,HOME,HOME_SUB}_ICON=
+  typeset -g POWERLEVEL9K_DIR_{ETC,HOME,HOME_SUBFOLDER,DEFAULT,NOT_WRITABLE}_BACKGROUND=1
+  typeset -g POWERLEVEL9K_DIR_{ETC,HOME,HOME_SUBFOLDER,DEFAULT,NOT_WRITABLE}_FOREGROUND=0
+  typeset -g POWERLEVEL9K_DIR_WRITABLE_FORBIDDEN_VISUAL_IDENTIFIER_COLOR=17
+
+  typeset -g POWERLEVEL9K_DIR_{ETC,DEFAULT}_BACKGROUND=15
+  typeset -g POWERLEVEL9K_DIR_{HOME,HOME_SUBFOLDER}_BACKGROUND=1
+  typeset -g POWERLEVEL9K_DIR_NOT_WRITABLE_BACKGROUND=1
+
+  # If directory is too long, shorten some of its segments to the shortest possible unique
+  # prefix. The shortened directory can be tab-completed to the original.
+  typeset -g POWERLEVEL9K_SHORTEN_STRATEGY=truncate_to_unique
+  # Color of the shortened directory segments.
+  typeset -g POWERLEVEL9K_DIR_SHORTENED_FOREGROUND=0
+  # Color of the anchor directory segments. Anchor segments are never shortened. The first
+  # segment is always an anchor.
+  typeset -g POWERLEVEL9K_DIR_ANCHOR_FOREGROUND=0
+  # Display anchor directory segments in bold.
+  typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=false
+  # Don't shorten directories that contain any of these files. They are anchors.
+  local anchor_files=(
+    .bzr
+    .citc
+    .git
+    .hg
+    .node-version
+    .python-version
+    .go-version
+    .ruby-version
+    .lua-version
+    .java-version
+    .perl-version
+    .php-version
+    .tool-version
+    .shorten_folder_marker
+    .svn
+    .terraform
+    CVS
+    Cargo.toml
+    composer.json
+    go.mod
+    package.json
+    stack.yaml
+  )
+  typeset -g POWERLEVEL9K_SHORTEN_FOLDER_MARKER="(${(j:|:)anchor_files})"
+  # If set to true, remove everything before the last (deepest) subdirectory that contains files
+  # matching $POWERLEVEL9K_SHORTEN_FOLDER_MARKER. For example, when the current directory is
+  # /foo/bar/git_repo/baz, prompt will display git_repo/baz. This assumes that /foo/bar/git_repo
+  # contains a marker (.git) and other directories don't.
+  typeset -g POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER=false
+  # Don't shorten this many last directory segments. They are anchors.
+  typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=1
+  # Shorten directory if it's longer than this even if there is space for it. The value can
+  # be either absolute (e.g., '80') or a percentage of terminal width (e.g, '50%'). If empty,
+  # directory will be shortened only when prompt doesn't fit or when other parameters demand it
+  # (see POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS and POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT below).
+  # If set to `0`, directory will always be shortened to its minimum length.
+  typeset -g POWERLEVEL9K_DIR_MAX_LENGTH=80
+  # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least this
+  # many columns for typing commands.
+  typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS=40
+  # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least
+  # COLUMNS * POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT * 0.01 columns for typing commands.
+  typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT=50
+  # If set to true, embed a hyperlink into the directory. Useful for quickly
+  # opening a directory in the file manager simply by clicking the link.
+  # Can also be handy when the directory is shortened, as it allows you to see
+  # the full directory that was used in previous commands.
+  typeset -g POWERLEVEL9K_DIR_HYPERLINK=false
+
+  # Enable special styling for non-writable directories.
+  typeset -g POWERLEVEL9K_DIR_SHOW_WRITABLE=true
+  # Show this icon when the current directory is not writable. POWERLEVEL9K_DIR_SHOW_WRITABLE
+  # above must be set to true for this parameter to have effect.
+  typeset -g POWERLEVEL9K_DIR_NOT_WRITABLE_VISUAL_IDENTIFIER_EXPANSION='∅'
+
+  #####################################[ vcs: git status ]######################################
+  # Branch icon. Set this parameter to '\uF126 ' for the popular Powerline branch icon.
+  typeset -g POWERLEVEL9K_VCS_BRANCH_ICON=
+
+  # Untracked files icon. It's really a question mark, your font isn't broken.
+  # Change the value of this parameter to show a different icon.
+  typeset -g POWERLEVEL9K_VCS_UNTRACKED_ICON='?'
+
+  # Formatter for Git status.
+  #
+  # Example output: master ⇣42⇡42 *42 merge ~42 +42 !42 ?42.
+  #
+  # You can edit the function to customize how Git status looks.
+  #
+  # VCS_STATUS_* parameters are set by gitstatus plugin. See reference:
+  # https://github.com/romkatv/gitstatus/blob/master/gitstatus.plugin.zsh.
+  function my_git_formatter() {
+    emulate -L zsh
+
+    if [[ -n $P9K_CONTENT ]]; then
+      # If P9K_CONTENT is not empty, use it. It's either "loading" or from vcs_info (not from
+      # gitstatus plugin). VCS_STATUS_* parameters are not available in this case.
+      typeset -g my_git_format=$P9K_CONTENT
+      return
+    fi
+
+    if (( $1 )); then
+      # Styling for up-to-date Git status.
+      local       meta='%0F'  # grey foreground
+      local      clean='%0F'   # green foreground
+      local   modified='%0F'  # yellow foreground
+      local  untracked='%0F'   # blue foreground
+      local conflicted='%0F'  # red foreground
+    else
+      # Styling for incomplete and stale Git status.
+      local       meta='%0F'  # grey foreground
+      local      clean='%0F'  # grey foreground
+      local   modified='%0F'  # grey foreground
+      local  untracked='%0F'  # grey foreground
+      local conflicted='%0F'  # grey foreground
+    fi
+
+    local res
+    local where  # branch or tag
+    if [[ -n $VCS_STATUS_LOCAL_BRANCH ]]; then
+      res+="${clean}${(g::)POWERLEVEL9K_VCS_BRANCH_ICON}"
+      where=${(V)VCS_STATUS_LOCAL_BRANCH}
+    elif [[ -n $VCS_STATUS_TAG ]]; then
+      res+="${meta}#"
+      where=${(V)VCS_STATUS_TAG}
+    fi
+
+    # If local branch name or tag is at most 32 characters long, show it in full.
+    # Otherwise show the first 12 … the last 12.
+    # Tip: To always show local branch name in full without truncation, delete the next line.
+    (( $#where > 32 )) && where[13,-13]="…"
+    res+="${clean}${where//\%/%%}"  # escape %
+
+    # Display the current Git commit if there is no branch or tag.
+    # Tip: To always display the current Git commit, remove `[[ -z $where ]] &&` from the next line.
+    [[ -z $where ]] && res+="${meta}@${clean}${VCS_STATUS_COMMIT[1,8]}"
+
+    # Show tracking branch name if it differs from local branch.
+    if [[ -n ${VCS_STATUS_REMOTE_BRANCH:#$VCS_STATUS_LOCAL_BRANCH} ]]; then
+      res+="${meta}:${clean}${(V)VCS_STATUS_REMOTE_BRANCH//\%/%%}"  # escape %
+    fi
+
+    # ⇣42 if behind the remote.
+    (( VCS_STATUS_COMMITS_BEHIND )) && res+=" ${clean}⇣${VCS_STATUS_COMMITS_BEHIND}"
+    # ⇡42 if ahead of the remote; no leading space if also behind the remote: ⇣42⇡42.
+    (( VCS_STATUS_COMMITS_AHEAD && !VCS_STATUS_COMMITS_BEHIND )) && res+=" "
+    (( VCS_STATUS_COMMITS_AHEAD  )) && res+="${clean}⇡${VCS_STATUS_COMMITS_AHEAD}"
+    # ⇠42 if behind the push remote.
+    (( VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" ${clean}⇠${VCS_STATUS_PUSH_COMMITS_BEHIND}"
+    (( VCS_STATUS_PUSH_COMMITS_AHEAD && !VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" "
+    # ⇢42 if ahead of the push remote; no leading space if also behind: ⇠42⇢42.
+    (( VCS_STATUS_PUSH_COMMITS_AHEAD  )) && res+="${clean}⇢${VCS_STATUS_PUSH_COMMITS_AHEAD}"
+    # *42 if have stashes.
+    (( VCS_STATUS_STASHES        )) && res+=" ${clean}*${VCS_STATUS_STASHES}"
+    # 'merge' if the repo is in an unusual state.
+    [[ -n $VCS_STATUS_ACTION     ]] && res+=" ${conflicted}${VCS_STATUS_ACTION}"
+    # ~42 if have merge conflicts.
+    (( VCS_STATUS_NUM_CONFLICTED )) && res+=" ${conflicted}~${VCS_STATUS_NUM_CONFLICTED}"
+    # +42 if have staged changes.
+    (( VCS_STATUS_NUM_STAGED     )) && res+=" ${modified}+${VCS_STATUS_NUM_STAGED}"
+    # !42 if have unstaged changes.
+    (( VCS_STATUS_NUM_UNSTAGED   )) && res+=" ${modified}!${VCS_STATUS_NUM_UNSTAGED}"
+    # ?42 if have untracked files. It's really a question mark, your font isn't broken.
+    # See POWERLEVEL9K_VCS_UNTRACKED_ICON above if you want to use a different icon.
+    # Remove the next line if you don't want to see untracked files at all.
+    (( VCS_STATUS_NUM_UNTRACKED  )) && res+=" ${untracked}${(g::)POWERLEVEL9K_VCS_UNTRACKED_ICON}${VCS_STATUS_NUM_UNTRACKED}"
+    # "─" if the number of unstaged files is unknown. This can happen due to
+    # POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY (see below) being set to a non-negative number lower
+    # than the number of files in the Git index, or due to bash.showDirtyState being set to false
+    # in the repository config. The number of staged and untracked files may also be unknown
+    # in this case.
+    (( VCS_STATUS_HAS_UNSTAGED == -1 )) && res+=" ${modified}─"
+
+    typeset -g my_git_format=$res
+  }
+  functions -M my_git_formatter 2>/dev/null
+
+  # Don't count the number of unstaged, untracked and conflicted files in Git repositories with
+  # more than this many files in the index. Negative value means infinity.
+  #
+  # If you are working in Git repositories with tens of millions of files and seeing performance
+  # sagging, try setting POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY to a number lower than the output
+  # of `git ls-files | wc -l`. Alternatively, add `bash.showDirtyState = false` to the repository's
+  # config: `git config bash.showDirtyState false`.
+  typeset -g POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY=-1
+
+  # Don't show Git status in prompt for repositories whose workdir matches this pattern.
+  # For example, if set to '~', the Git repository at $HOME/.git will be ignored.
+  # Multiple patterns can be combined with '|': '~|~/some/dir'.
+  typeset -g POWERLEVEL9K_VCS_DISABLED_WORKDIR_PATTERN='~'
+
+  # Disable the default Git status formatting.
+  typeset -g POWERLEVEL9K_VCS_DISABLE_GITSTATUS_FORMATTING=true
+  # Install our own Git status formatter.
+  typeset -g POWERLEVEL9K_VCS_CONTENT_EXPANSION='${$((my_git_formatter(1)))+${my_git_format}}'
+  typeset -g POWERLEVEL9K_VCS_LOADING_CONTENT_EXPANSION='${$((my_git_formatter(0)))+${my_git_format}}'
+  # Enable counters for staged, unstaged, etc.
+  typeset -g POWERLEVEL9K_VCS_{STAGED,UNSTAGED,UNTRACKED,CONFLICTED,COMMITS_AHEAD,COMMITS_BEHIND}_MAX_NUM=-1
+
+  # Icon color.
+  typeset -g POWERLEVEL9K_VCS_VISUAL_IDENTIFIER_COLOR=4
+  typeset -g POWERLEVEL9K_VCS_LOADING_VISUAL_IDENTIFIER_COLOR=4
+  # Custom icon.
+  typeset -g POWERLEVEL9K_VCS_VISUAL_IDENTIFIER_EXPANSION=
+  # Custom prefix.
+  # typeset -g POWERLEVEL9K_VCS_PREFIX='%244Fon '
+
+  # Show status of repositories of these types. You can add svn and/or hg if you are
+  # using them. If you do, your prompt may become slow even when your current directory
+  # isn't in an svn or hg reposotiry.
+  typeset -g POWERLEVEL9K_VCS_BACKENDS=(git)
+
+  # These settings are used for respositories other than Git or when gitstatusd fails and
+  # Powerlevel10k has to fall back to using vcs_info.
+  typeset -g POWERLEVEL9K_VCS_CLEAN_FOREGROUND=0
+  typeset -g POWERLEVEL9K_VCS_CLEAN_BACKGROUND=2
+  typeset -g POWERLEVEL9K_VCS_UNTRACKED_FOREGROUND=0
+  typeset -g POWERLEVEL9K_VCS_UNTRACKED_BACKGROUND=3
+  typeset -g POWERLEVEL9K_VCS_MODIFIED_FOREGROUND=0
+  typeset -g POWERLEVEL9K_VCS_MODIFIED_BACKGROUND=3
+
+  ##########################[ status: exit code of the last command ]###########################
+  # Enable OK_PIPE, ERROR_PIPE and ERROR_SIGNAL status states to allow us to enable, disable and
+  # style them independently from the regular OK and ERROR state.
+  typeset -g POWERLEVEL9K_STATUS_EXTENDED_STATES=true
+
+  # Status on success. No content, just an icon. No need to show it if prompt_char is enabled as
+  # it will signify success by turning green.
+  typeset -g POWERLEVEL9K_STATUS_OK=true
+  typeset -g POWERLEVEL9K_STATUS_OK_FOREGROUND=70
+  typeset -g POWERLEVEL9K_STATUS_OK_VISUAL_IDENTIFIER_EXPANSION='✔'
+
+  # Status when some part of a pipe command fails but the overall exit status is zero. It may look
+  # like this: 1|0.
+  typeset -g POWERLEVEL9K_STATUS_OK_PIPE=true
+  typeset -g POWERLEVEL9K_STATUS_OK_PIPE_FOREGROUND=70
+  typeset -g POWERLEVEL9K_STATUS_OK_PIPE_VISUAL_IDENTIFIER_EXPANSION='✔'
+
+  # Status when it's just an error code (e.g., '1'). No need to show it if prompt_char is enabled as
+  # it will signify error by turning red.
+  typeset -g POWERLEVEL9K_STATUS_ERROR=true
+  typeset -g POWERLEVEL9K_STATUS_ERROR_FOREGROUND=160
+  typeset -g POWERLEVEL9K_STATUS_ERROR_VISUAL_IDENTIFIER_EXPANSION='✘'
+
+  # Status when the last command was terminated by a signal.
+  typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL=true
+  typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_FOREGROUND=160
+  # Use terse signal names: "INT" instead of "SIGINT(2)".
+  typeset -g POWERLEVEL9K_STATUS_VERBOSE_SIGNAME=false
+  typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_VISUAL_IDENTIFIER_EXPANSION='✘'
+
+  # Status when some part of a pipe command fails and the overall exit status is also non-zero.
+  # It may look like this: 1|0.
+  typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE=true
+  typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_FOREGROUND=160
+  typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_VISUAL_IDENTIFIER_EXPANSION='✘'
+
+  ###################[ command_execution_time: duration of the last command ]###################
+  # Show duration of the last command if takes longer than this many seconds.
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_THRESHOLD=3
+  # Show this many fractional digits. Zero means round to seconds.
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PRECISION=0
+  # Execution time color.
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FOREGROUND=0
+  # Duration format: 1d 2h 3m 4s.
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FORMAT='d h m s'
+  # Custom icon.
+  typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_VISUAL_IDENTIFIER_EXPANSION=
+  # Custom prefix.
+  # typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PREFIX='%244Ftook '
+
+  #######################[ background_jobs: presence of background jobs ]#######################
+  # Don't show the number of background jobs.
+  typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VERBOSE=false
+  # Background jobs color.
+  typeset -g POWERLEVEL9K_BACKGROUND_JOBS_FOREGROUND=37
+  # Custom icon.
+  typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VISUAL_IDENTIFIER_EXPANSION='≡'
+
+  #######################[ direnv: direnv status (https://direnv.net/) ]########################
+  # Direnv color.
+  typeset -g POWERLEVEL9K_DIRENV_FOREGROUND=178
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_DIRENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###############[ asdf: asdf version manager (https://github.com/asdf-vm/asdf) ]###############
+  # Default asdf color. Only used to display tools for which there is no color override (see below).
+  typeset -g POWERLEVEL9K_ASDF_FOREGROUND=66
+
+  # There are four parameters that can be used to hide asdf tools. Each parameter describes
+  # conditions under which a tool gets hidden. Parameters can hide tools but not unhide them. If at
+  # least one parameter decides to hide a tool, that tool gets hidden. If no parameter decides to
+  # hide a tool, it gets shown.
+  #
+  # Special note on the difference between POWERLEVEL9K_ASDF_SOURCES and
+  # POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW. Consider the effect of the following commands:
+  #
+  #   asdf local  python 3.8.1
+  #   asdf global python 3.8.1
+  #
+  # After running both commands the current python version is 3.8.1 and its source is "local" as
+  # it takes precedence over "global". If POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW is set to false,
+  # it'll hide python version in this case because 3.8.1 is the same as the global version.
+  # POWERLEVEL9K_ASDF_SOURCES will hide python version only if the value of this parameter doesn't
+  # contain "local".
+
+  # Hide tool versions that don't come from one of these sources.
+  #
+  # Available sources:
+  #
+  # - shell   `asdf current` says "set by ASDF_${TOOL}_VERSION environment variable"
+  # - local   `asdf current` says "set by /some/not/home/directory/file"
+  # - global  `asdf current` says "set by /home/username/file"
+  #
+  # Note: If this parameter is set to (shell local global), it won't hide tools.
+  # Tip:  Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SOURCES.
+  typeset -g POWERLEVEL9K_ASDF_SOURCES=(shell local global)
+
+  # If set to false, hide tool versions that are the same as global.
+  #
+  # Note: The name of this parameter doesn't reflect its meaning at all.
+  # Note: If this parameter is set to true, it won't hide tools.
+  # Tip:  Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_PROMPT_ALWAYS_SHOW.
+  typeset -g POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW=false
+
+  # If set to false, hide tool versions that are equal to "system".
+  #
+  # Note: If this parameter is set to true, it won't hide tools.
+  # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_SYSTEM.
+  typeset -g POWERLEVEL9K_ASDF_SHOW_SYSTEM=true
+
+  # If set to non-empty value, hide tools unless there is a file matching the specified file pattern
+  # in the current directory, or its parent diretory, or its grandparent directory, and so on.
+  #
+  # Note: If this parameter is set to empty value, it won't hide tools.
+  # Note: SHOW_ON_UPGLOB isn't specific to asdf. It works with all prompt segments.
+  # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_ON_UPGLOB.
+  #
+  # Example: Hide nodejs version when there is no package.json and no *.js files in the current
+  # directory, in `..`, in `../..` and so on.
+  #
+  #   typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.js|package.json'
+  typeset -g POWERLEVEL9K_ASDF_SHOW_ON_UPGLOB=
+
+  # Ruby version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_RUBY_FOREGROUND=168
+  # typeset -g POWERLEVEL9K_ASDF_RUBY_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_RUBY_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Python version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_PYTHON_FOREGROUND=37
+  # typeset -g POWERLEVEL9K_ASDF_PYTHON_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_PYTHON_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Go version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_GOLANG_FOREGROUND=37
+  # typeset -g POWERLEVEL9K_ASDF_GOLANG_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_GOLANG_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Node.js version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_NODEJS_FOREGROUND=70
+  # typeset -g POWERLEVEL9K_ASDF_NODEJS_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Rust version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_RUST_FOREGROUND=37
+  # typeset -g POWERLEVEL9K_ASDF_RUST_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_RUST_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # .NET Core version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_FOREGROUND=134
+  # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Flutter version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_FLUTTER_FOREGROUND=38
+  # typeset -g POWERLEVEL9K_ASDF_FLUTTER_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_FLUTTER_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Lua version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_LUA_FOREGROUND=32
+  # typeset -g POWERLEVEL9K_ASDF_LUA_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_LUA_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Java version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_JAVA_FOREGROUND=32
+  # typeset -g POWERLEVEL9K_ASDF_JAVA_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_JAVA_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Perl version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_PERL_FOREGROUND=67
+  # typeset -g POWERLEVEL9K_ASDF_PERL_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_PERL_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Erlang version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_ERLANG_FOREGROUND=125
+  # typeset -g POWERLEVEL9K_ASDF_ERLANG_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_ERLANG_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Elixir version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_ELIXIR_FOREGROUND=129
+  # typeset -g POWERLEVEL9K_ASDF_ELIXIR_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_ELIXIR_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Postgres version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_POSTGRES_FOREGROUND=31
+  # typeset -g POWERLEVEL9K_ASDF_POSTGRES_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_POSTGRES_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # PHP version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_PHP_FOREGROUND=99
+  # typeset -g POWERLEVEL9K_ASDF_PHP_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_PHP_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  # Haskell version from asdf.
+  typeset -g POWERLEVEL9K_ASDF_HASKELL_FOREGROUND=172
+  # typeset -g POWERLEVEL9K_ASDF_HASKELL_VISUAL_IDENTIFIER_EXPANSION='⭐'
+  # typeset -g POWERLEVEL9K_ASDF_HASKELL_SHOW_ON_UPGLOB='*.foo|*.bar'
+
+  ###########[ nix_shell ]###########
+  #  # Nix shell color.
+  typeset -g POWERLEVEL9K_NIX_SHELL_FOREGROUND=74
+
+  # Tip: If you want to see just the icon without "pure" and "impure", uncomment the next line.
+  typeset -g POWERLEVEL9K_NIX_SHELL_CONTENT_EXPANSION=''
+
+  # Custom icon.
+  typeset -g POWERLEVEL9K_NIX_SHELL_VISUAL_IDENTIFIER_EXPANSION='nix'
+
+  ###########[ vi_mode: vi mode (you don't need this if you've enabled prompt_char) ]###########
+  # Text and color for normal (a.k.a. command) vi mode.
+  typeset -g POWERLEVEL9K_VI_COMMAND_MODE_STRING=CMD
+  typeset -g POWERLEVEL9K_VI_MODE_NORMAL_FOREGROUND=4
+  # Text and color for visual vi mode.
+  typeset -g POWERLEVEL9K_VI_VISUAL_MODE_STRING=VIS
+  typeset -g POWERLEVEL9K_VI_MODE_VISUAL_FOREGROUND=3
+  # Text and color for overtype (a.k.a. overwrite and replace) vi mode.
+  typeset -g POWERLEVEL9K_VI_OVERWRITE_MODE_STRING=OVR
+  typeset -g POWERLEVEL9K_VI_MODE_OVERWRITE_FOREGROUND=2
+  # Text and color for insert vi mode.
+  typeset -g POWERLEVEL9K_VI_INSERT_MODE_STRING=
+  typeset -g POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND=7
+
+  ##################################[ context: user@hostname ]##################################
+  typeset -g POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND=17
+  # Context color in SSH without privileges.
+  typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_FOREGROUND=7
+  # Default context color (no privileges, no SSH).
+  typeset -g POWERLEVEL9K_CONTEXT_FOREGROUND=7
+
+  # Context format when running with privileges: bold user@hostname.
+  typeset -g POWERLEVEL9K_CONTEXT_ROOT_TEMPLATE='%B%n@%m'
+  # Context format when in SSH without privileges: user@hostname.
+  typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE='%n@%m'
+  # Default context format (no privileges, no SSH): user@hostname.
+  typeset -g POWERLEVEL9K_CONTEXT_TEMPLATE='%n@%m'
+
+  ###[ virtualenv: python virtual environment (https://docs.python.org/3/library/venv.html) ]###
+  # Python virtual environment color.
+  typeset -g POWERLEVEL9K_VIRTUALENV_FOREGROUND=37
+  # Don't show Python version next to the virtual environment name.
+  typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_PYTHON_VERSION=false
+  # Separate environment name from Python version only with a space.
+  typeset -g POWERLEVEL9K_VIRTUALENV_{LEFT,RIGHT}_DELIMITER=
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_VIRTUALENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #####################[ anaconda: conda environment (https://conda.io/) ]######################
+  # Anaconda environment color.
+  typeset -g POWERLEVEL9K_ANACONDA_FOREGROUND=37
+  # Don't show Python version next to the anaconda environment name.
+  typeset -g POWERLEVEL9K_ANACONDA_SHOW_PYTHON_VERSION=false
+  # Separate environment name from Python version only with a space.
+  typeset -g POWERLEVEL9K_ANACONDA_{LEFT,RIGHT}_DELIMITER=
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_ANACONDA_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ################[ pyenv: python environment (https://github.com/pyenv/pyenv) ]################
+  # Pyenv color.
+  typeset -g POWERLEVEL9K_PYENV_FOREGROUND=37
+  # Hide python version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_PYENV_SOURCES=(shell local global)
+  # If set to false, hide python version if it's the same as global:
+  # $(pyenv version-name) == $(pyenv global).
+  typeset -g POWERLEVEL9K_PYENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide python version if it's equal to "system".
+  typeset -g POWERLEVEL9K_PYENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_PYENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ################[ goenv: go environment (https://github.com/syndbg/goenv) ]################
+  # Goenv color.
+  typeset -g POWERLEVEL9K_GOENV_FOREGROUND=37
+  # Hide go version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_GOENV_SOURCES=(shell local global)
+  # If set to false, hide go version if it's the same as global:
+  # $(goenv version-name) == $(goenv global).
+  typeset -g POWERLEVEL9K_GOENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide go version if it's equal to "system".
+  typeset -g POWERLEVEL9K_GOENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_GOENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##########[ nodenv: node.js version from nodenv (https://github.com/nodenv/nodenv) ]##########
+  # Nodenv color.
+  typeset -g POWERLEVEL9K_NODENV_FOREGROUND=70
+  # Hide node version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_NODENV_SOURCES=(shell local global)
+  # If set to false, hide node version if it's the same as global:
+  # $(nodenv version-name) == $(nodenv global).
+  typeset -g POWERLEVEL9K_NODENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide node version if it's equal to "system".
+  typeset -g POWERLEVEL9K_NODENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_NODENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##############[ nvm: node.js version from nvm (https://github.com/nvm-sh/nvm) ]###############
+  # Nvm color.
+  typeset -g POWERLEVEL9K_NVM_FOREGROUND=70
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_NVM_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ############[ nodeenv: node.js environment (https://github.com/ekalinin/nodeenv) ]############
+  # Nodeenv color.
+  typeset -g POWERLEVEL9K_NODEENV_FOREGROUND=70
+  # Don't show Node version next to the environment name.
+  typeset -g POWERLEVEL9K_NODEENV_SHOW_NODE_VERSION=false
+  # Separate environment name from Node version only with a space.
+  typeset -g POWERLEVEL9K_NODEENV_{LEFT,RIGHT}_DELIMITER=
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_NODEENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##############################[ node_version: node.js version ]###############################
+  # Node version color.
+  typeset -g POWERLEVEL9K_NODE_VERSION_FOREGROUND=70
+  # Show node version only when in a directory tree containing package.json.
+  typeset -g POWERLEVEL9K_NODE_VERSION_PROJECT_ONLY=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_NODE_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #######################[ go_version: go version (https://golang.org) ]########################
+  # Go version color.
+  typeset -g POWERLEVEL9K_GO_VERSION_FOREGROUND=37
+  # Show go version only when in a go project subdirectory.
+  typeset -g POWERLEVEL9K_GO_VERSION_PROJECT_ONLY=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_GO_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #################[ rust_version: rustc version (https://www.rust-lang.org) ]##################
+  # Rust version color.
+  typeset -g POWERLEVEL9K_RUST_VERSION_FOREGROUND=37
+  # Show rust version only when in a rust project subdirectory.
+  typeset -g POWERLEVEL9K_RUST_VERSION_PROJECT_ONLY=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_RUST_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###############[ dotnet_version: .NET version (https://dotnet.microsoft.com) ]################
+  # .NET version color.
+  typeset -g POWERLEVEL9K_DOTNET_VERSION_FOREGROUND=134
+  # Show .NET version only when in a .NET project subdirectory.
+  typeset -g POWERLEVEL9K_DOTNET_VERSION_PROJECT_ONLY=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_DOTNET_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #####################[ php_version: php version (https://www.php.net/) ]######################
+  # PHP version color.
+  typeset -g POWERLEVEL9K_PHP_VERSION_FOREGROUND=99
+  # Show PHP version only when in a PHP project subdirectory.
+  typeset -g POWERLEVEL9K_PHP_VERSION_PROJECT_ONLY=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_PHP_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##########[ laravel_version: laravel php framework version (https://laravel.com/) ]###########
+  # Laravel version color.
+  typeset -g POWERLEVEL9K_LARAVEL_VERSION_FOREGROUND=161
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_LARAVEL_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ####################[ java_version: java version (https://www.java.com/) ]####################
+  # Java version color.
+  typeset -g POWERLEVEL9K_JAVA_VERSION_FOREGROUND=32
+  # Show java version only when in a java project subdirectory.
+  typeset -g POWERLEVEL9K_JAVA_VERSION_PROJECT_ONLY=true
+  # Show brief version.
+  typeset -g POWERLEVEL9K_JAVA_VERSION_FULL=false
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_JAVA_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###[ package: name@version from package.json (https://docs.npmjs.com/files/package.json) ]####
+  # Package color.
+  typeset -g POWERLEVEL9K_PACKAGE_FOREGROUND=117
+  # Package format. The following parameters are available within the expansion.
+  #
+  # - P9K_PACKAGE_NAME     The value of `name` field in package.json.
+  # - P9K_PACKAGE_VERSION  The value of `version` field in package.json.
+  #
+  # typeset -g POWERLEVEL9K_PACKAGE_CONTENT_EXPANSION='${P9K_PACKAGE_NAME//\%/%%}@${P9K_PACKAGE_VERSION//\%/%%}'
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_PACKAGE_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #############[ rbenv: ruby version from rbenv (https://github.com/rbenv/rbenv) ]##############
+  # Rbenv color.
+  typeset -g POWERLEVEL9K_RBENV_FOREGROUND=168
+  # Hide ruby version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_RBENV_SOURCES=(shell local global)
+  # If set to false, hide ruby version if it's the same as global:
+  # $(rbenv version-name) == $(rbenv global).
+  typeset -g POWERLEVEL9K_RBENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide ruby version if it's equal to "system".
+  typeset -g POWERLEVEL9K_RBENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_RBENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  #######################[ rvm: ruby version from rvm (https://rvm.io) ]########################
+  # Rvm color.
+  typeset -g POWERLEVEL9K_RVM_FOREGROUND=168
+  # Don't show @gemset at the end.
+  typeset -g POWERLEVEL9K_RVM_SHOW_GEMSET=false
+  # Don't show ruby- at the front.
+  typeset -g POWERLEVEL9K_RVM_SHOW_PREFIX=false
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_RVM_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###########[ fvm: flutter version management (https://github.com/leoafarias/fvm) ]############
+  # Fvm color.
+  typeset -g POWERLEVEL9K_FVM_FOREGROUND=38
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_FVM_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##########[ luaenv: lua version from luaenv (https://github.com/cehoffman/luaenv) ]###########
+  # Lua color.
+  typeset -g POWERLEVEL9K_LUAENV_FOREGROUND=32
+  # Hide lua version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_LUAENV_SOURCES=(shell local global)
+  # If set to false, hide lua version if it's the same as global:
+  # $(luaenv version-name) == $(luaenv global).
+  typeset -g POWERLEVEL9K_LUAENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide lua version if it's equal to "system".
+  typeset -g POWERLEVEL9K_LUAENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_LUAENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###############[ jenv: java version from jenv (https://github.com/jenv/jenv) ]################
+  # Java color.
+  typeset -g POWERLEVEL9K_JENV_FOREGROUND=32
+  # Hide java version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_JENV_SOURCES=(shell local global)
+  # If set to false, hide java version if it's the same as global:
+  # $(jenv version-name) == $(jenv global).
+  typeset -g POWERLEVEL9K_JENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide java version if it's equal to "system".
+  typeset -g POWERLEVEL9K_JENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_JENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ###########[ plenv: perl version from plenv (https://github.com/tokuhirom/plenv) ]############
+  # Perl color.
+  typeset -g POWERLEVEL9K_PLENV_FOREGROUND=67
+  # Hide perl version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_PLENV_SOURCES=(shell local global)
+  # If set to false, hide perl version if it's the same as global:
+  # $(plenv version-name) == $(plenv global).
+  typeset -g POWERLEVEL9K_PLENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide perl version if it's equal to "system".
+  typeset -g POWERLEVEL9K_PLENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_PLENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ############[ phpenv: php version from phpenv (https://github.com/phpenv/phpenv) ]############
+  # PHP color.
+  typeset -g POWERLEVEL9K_PHPENV_FOREGROUND=99
+  # Hide php version if it doesn't come from one of these sources.
+  typeset -g POWERLEVEL9K_PHPENV_SOURCES=(shell local global)
+  # If set to false, hide php version if it's the same as global:
+  # $(phpenv version-name) == $(phpenv global).
+  typeset -g POWERLEVEL9K_PHPENV_PROMPT_ALWAYS_SHOW=false
+  # If set to false, hide php version if it's equal to "system".
+  typeset -g POWERLEVEL9K_PHPENV_SHOW_SYSTEM=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_PHPENV_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  ##########[ haskell_stack: haskell version from stack (https://haskellstack.org/) ]###########
+  # Haskell color.
+  typeset -g POWERLEVEL9K_HASKELL_STACK_FOREGROUND=172
+  # Hide haskell version if it doesn't come from one of these sources.
+  #
+  #   shell:  version is set by STACK_YAML
+  #   local:  version is set by stack.yaml up the directory tree
+  #   global: version is set by the implicit global project (~/.stack/global-project/stack.yaml)
+  typeset -g POWERLEVEL9K_HASKELL_STACK_SOURCES=(shell local)
+  # If set to false, hide haskell version if it's the same as in the implicit global project.
+  typeset -g POWERLEVEL9K_HASKELL_STACK_ALWAYS_SHOW=true
+  # Custom icon.
+  # typeset -g POWERLEVEL9K_HASKELL_STACK_VISUAL_IDENTIFIER_EXPANSION='⭐'
+
+  # Example of a user-defined prompt segment. Function prompt_example will be called on every
+  # prompt if `example` prompt segment is added to POWERLEVEL9K_LEFT_PROMPT_ELEMENTS or
+  # POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS. It displays an icon and orange text greeting the user.
+  #
+  # Type `p10k help segment` for documentation and a more sophisticated example.
+  function prompt_watson() {
+    local watson_status=$(watson status)
+    local noproject="No project started."
+    if [ "$watson_status" != "$noproject" ]; then
+      p10k segment -i "祥" -f yellow -t "$(echo $watson_status | awk '{print $2,$3}')"
+    else
+      p10k segment -i "⏾" -f red -t ""
+    fi
+  }
+
+  function prompt_triton() {
+    local triton_profile=$(echo $TRITON_PROFILE)
+    if [ "$triton_profile" != "" ]; then
+      p10k segment -f yellow -t "$(echo "✚" "$triton_profile")"
+    fi
+  }
+
+  # Transient prompt works similarly to the builtin transient_rprompt option. It trims down prompt
+  # when accepting a command line. Supported values:
+  #
+  #   - off:      Don't change prompt when accepting a command line.
+  #   - always:   Trim down prompt when accepting a command line.
+  #   - same-dir: Trim down prompt when accepting a command line unless this is the first command
+  #               typed after changing current working directory.
+  typeset -g POWERLEVEL9K_TRANSIENT_PROMPT=always
+
+  # Instant prompt mode.
+  #
+  #   - off:     Disable instant prompt. Choose this if you've tried instant prompt and found
+  #              it incompatible with your zsh configuration files.
+  #   - quiet:   Enable instant prompt and don't print warnings when detecting console output
+  #              during zsh initialization. Choose this if you've read and understood
+  #              https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt.
+  #   - verbose: Enable instant prompt and print a warning when detecting console output during
+  #              zsh initialization. Choose this if you've never tried instant prompt, haven't
+  #              seen the warning, or if you are unsure what this all means.
+  typeset -g POWERLEVEL9K_INSTANT_PROMPT=verbose
+
+  # Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized.
+  # For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload
+  # can slow down prompt by 1-2 milliseconds, so it's better to keep it turned off unless you
+  # really need it.
+  typeset -g POWERLEVEL9K_DISABLE_HOT_RELOAD=false
+
+  # If p10k is already loaded, reload configuration.
+  # This works even with POWERLEVEL9K_DISABLE_HOT_RELOAD=true.
+  (( ! $+functions[p10k] )) || p10k reload
+}
+
+# Tell `p10k configure` which file it should overwrite.
+typeset -g POWERLEVEL9K_CONFIG_FILE=${${(%):-%x}:a}
+
+(( ${#p10k_config_opts} )) && setopt ${p10k_config_opts[@]}
+'builtin' 'unset' 'p10k_config_opts'

modules/virtualisation/default.nix

@@ -39,7 +39,7 @@ in {
       libvirt-glib
       qemu
       virt-manager
-      python3Packages.libvirt
+      python38Packages.libvirt
       gvfs
       edk2
       OVMF

overlays/blesh.nix

@@ -1,32 +1,13 @@
 final: prev: {
   blesh = prev.blesh.overrideAttrs (oldAttrs: rec {
-    inherit (prev.sources.blesh-nvfetcher) version src;
-
-    dontBuild = false;
-    buildInputs = [prev.git];
-    patchPhase = ''
-      substituteInPlace GNUmakefile \
-        --replace "git submodule update --init --recursive" ""
-    '';
-    nativeCheckInputs = oldAttrs.nativeCheckInputs ++ [prev.busybox];
-
-    installPhase = ''
-      runHook preInstall
-
-      mkdir -p "$out/share/blesh/lib"
-
-      cat <<EOF >"$out/share/blesh/lib/_package.sh"
-      _ble_base_package_type=nix
-
-      function ble/base/package:nix/update {
-        echo "Ble.sh is installed by Nix. You can update it there." >&2
-        return 1
-      }
-      EOF
-
-      make install INSDIR=$out/share/blesh
-
-      runHook postInstall
-    '';
+    version = "unstable-2023-02-01";
+    src = prev.fetchFromGitHub {
+      owner = "akinomyoga";
+      repo = "ble.sh";
+      rev = "0ceb0cb38157c2c37650ffb069098783338eb02c";
+      hash = "sha256-f3w3gHKysRafBGcZbCPUvy9e/fOrQc9TBZAjb0ioxpo=";
+      fetchSubmodules = true;
+      leaveDotGit = true;
+    };
   });
 }

overlays/overrides.nix

@@ -3,13 +3,34 @@ channels: final: prev: {
 
   inherit
     (channels.latest)
-    nixd
-    docker_24
+    cachix
+    docker
+    docker-compose
+    dhall
+    discord
+    element-desktop
+    rage
+    nix-index
+    qutebrowser
+    alejandra
+    signal-desktop
+    starship
+    deploy-rs
+    tdesktop
+    arduino
+    arduino-cli
+    steam
+    firefox
     ;
 
   inherit
-    (channels.fork)
-    nvfetcher
+    (channels.pub-solar)
+    yubikey-agent
+    ;
+
+  inherit
+    (channels.master)
+    factorio-headless
     ;
 
   haskellPackages =
@@ -25,6 +46,4 @@ channels: final: prev: {
           ;
       });
     });
-
-  vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;};
 }

pkgs/_sources/generated.nix

@@ -1,19 +1,19 @@
 # This file was generated by nvfetcher, please do not modify it manually.
-{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }:
 {
-  blesh-nvfetcher = {
-    pname = "blesh-nvfetcher";
-    version = "9d84b424daf31b192891c06275fff316fa5ddd35";
+  fetchgit,
+  fetchurl,
+  fetchFromGitHub,
+}: {
+  F-Sy-H = {
+    pname = "F-Sy-H";
+    version = "b935a87a75560f8173dd78deee6717c59d464e06";
     src = fetchFromGitHub {
-      owner = "akinomyoga";
-      repo = "ble.sh";
-      rev = "9d84b424daf31b192891c06275fff316fa5ddd35";
-      fetchSubmodules = true;
-      deepClone = false;
-      leaveDotGit = true;
-      sha256 = "sha256-7aX5UtDB9pUHHeOi9n+qWsM2KGenHVL6O18vG9W8tmQ=";
+      owner = "z-shell";
+      repo = "F-Sy-H";
+      rev = "b935a87a75560f8173dd78deee6717c59d464e06";
+      fetchSubmodules = false;
+      sha256 = "sha256-448OlDnrDkUjvaSLDhXsa9bkgYXzj1Ju8CTpJVjH8LM=";
     };
-    date = "2023-10-02";
   };
   instant-nvim-nvfetcher = {
     pname = "instant-nvim-nvfetcher";
@@ -25,7 +25,6 @@
       fetchSubmodules = false;
       sha256 = "sha256-DXJWji/NR8ZCxe014rD51v3EHJHMhRQeOoI3SsY8mR4=";
     };
-    date = "2022-06-25";
   };
   manix = {
     pname = "manix";
@@ -37,31 +36,50 @@
       fetchSubmodules = false;
       sha256 = "sha256-GqPuYscLhkR5E2HnSFV4R48hCWvtM3C++3zlJhiK/aw=";
     };
-    date = "2021-04-20";
+  };
+  ohmyzsh = {
+    pname = "ohmyzsh";
+    version = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf";
+    src = fetchFromGitHub {
+      owner = "ohmyzsh";
+      repo = "ohmyzsh";
+      rev = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf";
+      fetchSubmodules = false;
+      sha256 = "sha256-qyI7CU0vKhhADZfQtD73GsyAbqdMPhDQ1uA03h4erpw=";
+    };
+  };
+  powerlevel10k = {
+    pname = "powerlevel10k";
+    version = "8091c8a3a8a845c70046684235a01cd500075def";
+    src = fetchFromGitHub {
+      owner = "romkatv";
+      repo = "powerlevel10k";
+      rev = "8091c8a3a8a845c70046684235a01cd500075def";
+      fetchSubmodules = false;
+      sha256 = "sha256-I0/tktXCbZ3hMYTNvPoWfOEYWRgmHoXsar/jcUB6bpo=";
+    };
   };
   rnix-lsp-nvfetcher = {
     pname = "rnix-lsp-nvfetcher";
-    version = "95d40673fe43642e2e1144341e86d0036abd95d9";
+    version = "6925256babec4307479a4080b44f2be38056f210";
     src = fetchFromGitHub {
       owner = "nix-community";
       repo = "rnix-lsp";
-      rev = "95d40673fe43642e2e1144341e86d0036abd95d9";
+      rev = "6925256babec4307479a4080b44f2be38056f210";
       fetchSubmodules = false;
-      sha256 = "sha256-F0s0m62S5bHNVWNHLZD6SeHiLrsDx98VQbRjDyIu+qQ=";
+      sha256 = "sha256-OKLyIXIXhUnRB3Xw+7zI3u6XkwF7Mrbfz1XaasV6i7Q=";
     };
-    date = "2022-11-27";
   };
   vim-apprentice-nvfetcher = {
     pname = "vim-apprentice-nvfetcher";
-    version = "59ad13661fa15edaf72c62218903c7817b5a3691";
+    version = "9942d0bb0a5d82f7a24450b00051c1f2cc008659";
     src = fetchFromGitHub {
       owner = "romainl";
       repo = "Apprentice";
-      rev = "59ad13661fa15edaf72c62218903c7817b5a3691";
+      rev = "9942d0bb0a5d82f7a24450b00051c1f2cc008659";
       fetchSubmodules = false;
-      sha256 = "sha256-03B9tmU9+6t2hxhOgZxBqJr9r41CAqhHLUkHYvFdcks=";
+      sha256 = "sha256-Xs+vTdnihNbBFPOKsW+NB40pqN9eaadqzc0DIeNoOFo=";
     };
-    date = "2023-02-15";
   };
   vim-beautify-nvfetcher = {
     pname = "vim-beautify-nvfetcher";
@@ -73,7 +91,6 @@
       fetchSubmodules = false;
       sha256 = "sha256-QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ=";
     };
-    date = "2018-12-27";
   };
   vim-caddyfile-nvfetcher = {
     pname = "vim-caddyfile-nvfetcher";
@@ -85,19 +102,17 @@
       fetchSubmodules = false;
       sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o=";
     };
-    date = "2022-05-09";
   };
   vim-workspace-nvfetcher = {
     pname = "vim-workspace-nvfetcher";
-    version = "c0d1e4332a378f58bfdf363b4957168fa78e79b4";
+    version = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
     src = fetchFromGitHub {
       owner = "thaerkh";
       repo = "vim-workspace";
-      rev = "c0d1e4332a378f58bfdf363b4957168fa78e79b4";
+      rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
       fetchSubmodules = false;
-      sha256 = "sha256-2Brx098dk5THiieBiW71FG9mUUwS1CSY9mpOPWA/Tq4=";
+      sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI=";
     };
-    date = "2023-05-28";
   };
   vimagit-nvfetcher = {
     pname = "vimagit-nvfetcher";
@@ -109,6 +124,16 @@
       fetchSubmodules = false;
       sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0=";
     };
-    date = "2022-07-03";
+  };
+  zsh-nix-shell = {
+    pname = "zsh-nix-shell";
+    version = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08";
+    src = fetchFromGitHub {
+      owner = "chisui";
+      repo = "zsh-nix-shell";
+      rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08";
+      fetchSubmodules = false;
+      sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ=";
+    };
   };
 }

pkgs/default.nix

@@ -19,6 +19,5 @@ with final; {
   wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
   drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
   record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
-
-  # ps-fixes
+  scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
 }