.editorconfig

@@ -24,6 +24,14 @@ charset = unset
 indent_style = unset
 indent_size = unset
 
+[*.rom]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+charset = unset
+indent_style = unset
+indent_size = unset
+
 [*.py]
 indent_size = 4
 

.gitignore

@@ -7,6 +7,7 @@ vm
 iso
 doi
 
-pkgs/_sources/.shake*
-
+# PubSolarOS
 tags
+/owners
+pkgs/_sources/.shake*

flake.lock

@@ -20,6 +20,27 @@
         "type": "github"
       }
     },
+    "b12f-nix-fonts": {
+      "inputs": {
+        "nixpkgs": [
+          "latest"
+        ]
+      },
+      "locked": {
+        "lastModified": 1622501268,
+        "narHash": "sha256-wITrQEsJ5zWEl9yGUUPOUUpBN08Sva7MaB7uwYHmX7s=",
+        "ref": "main",
+        "rev": "51f94ad589c096e7fbb6a1f58f3b07037ef035bd",
+        "revCount": 4,
+        "type": "git",
+        "url": "https://git.b12f.io/b12f/nix-fonts"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.b12f.io/b12f/nix-fonts"
+      }
+    },
     "blank": {
       "locked": {
         "lastModified": 1625557891,
@@ -93,11 +114,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1628068208,
-        "narHash": "sha256-akJBkj6os4bjO1drhketJvXNC21yPuy4ufL2pyius4M=",
+        "lastModified": 1628752686,
+        "narHash": "sha256-Lzh9MYUJDsjgif+YEyOErXtj1IH+ci8J1C30g1ms69s=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "d72174307d5b88ec24cc2e69e875228fe3d642ed",
+        "rev": "e5546f9c2503c26d175f08a81fc0a0f330be4cbe",
         "type": "github"
       },
       "original": {
@@ -108,11 +129,11 @@
     },
     "devshell": {
       "locked": {
-        "lastModified": 1625086391,
-        "narHash": "sha256-IpNPv1v8s4L3CoxhwcgZIitGpcrnNgnj09X7TA0QV3k=",
+        "lastModified": 1629275356,
+        "narHash": "sha256-R17M69EKXP6q8/mNHaK53ECwjFo1pdF+XaJC9Qq8zjg=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "4b5ac7cf7d9a1cc60b965bb51b59922f2210cbc7",
+        "rev": "26f25a12265f030917358a9632cd600b51af1d97",
         "type": "github"
       },
       "original": {
@@ -131,6 +152,7 @@
         "home-manager": [
           "home"
         ],
+        "nix": "nix",
         "nixlib": [
           "nixos"
         ],
@@ -140,11 +162,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1628211944,
-        "narHash": "sha256-2q1dNUzitVd0JNRHYTubbyb8ks3fL9hPJOvQgofxELE=",
+        "lastModified": 1629419320,
+        "narHash": "sha256-ktoQQnRi/27juWC9YRNBj2RBG7lJU5h/kG8/KYFQt6M=",
         "owner": "divnix",
         "repo": "digga",
-        "rev": "760bb9c29063258ba547145de0ab96acd7eba4c0",
+        "rev": "50f10e12156a08f71a189cca98498161fae9c952",
         "type": "github"
       },
       "original": {
@@ -192,11 +214,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1627071952,
-        "narHash": "sha256-FhE0KOuI9Kl4eyGJXu4bh9fBP2hbxjnD1DlKHljCcYs=",
+        "lastModified": 1628855985,
+        "narHash": "sha256-OqhVFoCCA6GfGuMhZXQ5CrmZUYsumCJTwI72FOMf82I=",
         "owner": "gytis-ivaskevicius",
         "repo": "flake-utils-plus",
-        "rev": "51a82925db31073bc4822c9b538a0a3ebf1134b2",
+        "rev": "a79a0b86e59dc087df6704f9b13b1ed951ef5c5f",
         "type": "github"
       },
       "original": {
@@ -228,11 +250,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1624228557,
-        "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=",
+        "lastModified": 1630076227,
+        "narHash": "sha256-p3YdtqSPLnMudWsLMgd6XMEhQKB2oz1hvDkHtOlz5/Q=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "35a24648d155843a4d162de98c17b1afd5db51e4",
+        "rev": "f5adb9be829f487f99bcc0f1884f74ddb85f70c8",
         "type": "github"
       },
       "original": {
@@ -258,10 +280,29 @@
         "type": "github"
       }
     },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1617481909,
+        "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "ref": "VERSION_0_8_4",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
     "naersk": {
       "inputs": {
         "nixpkgs": [
-          "latest"
+          "digga",
+          "deploy",
+          "nixpkgs"
         ]
       },
       "locked": {
@@ -286,11 +327,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1623927034,
+        "lastModified": 1629707199,
         "narHash": "sha256-sGxlmfp5eXL5sAMNqHSb04Zq6gPl+JeltIZ226OYN0w=",
         "owner": "nmattia",
         "repo": "naersk",
-        "rev": "e09c320446c5c2516d430803f7b19f5833781337",
+        "rev": "df71f5e4babda41cd919a8684b72218e2e809fa9",
         "type": "github"
       },
       "original": {
@@ -299,6 +340,28 @@
         "type": "github"
       }
     },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "digga",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1629360796,
+        "narHash": "sha256-KAcvr8eEhEqOQweDAsHurO9ECmfdptbU1UT7smcpyBs=",
+        "owner": "nixos",
+        "repo": "nix",
+        "rev": "ffa629b2c0ea6368deca700afdac53a6e14557aa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
     "nix-dram": {
       "inputs": {
         "flake-utils": "flake-utils_2",
@@ -320,11 +383,11 @@
     },
     "nixos": {
       "locked": {
-        "lastModified": 1628203131,
-        "narHash": "sha256-jQgXeJ9NQQS0Eobb/qQOvS+RRULkqRikAeXkkFKOPDA=",
+        "lastModified": 1630598110,
+        "narHash": "sha256-FD1xIDoKMOjBE8tHHp95aa5HfxKDCa+3kf5T7AA47tY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "178da37860823d35e801c7df2f73d7866d3d598a",
+        "rev": "6bfe71f2a4e2e425dee26b25d2309f341ff1600d",
         "type": "github"
       },
       "original": {
@@ -437,6 +500,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "b12f-nix-fonts": "b12f-nix-fonts",
         "blank": [
           "digga",
           "blank"

flake.nix

@@ -51,6 +51,10 @@
 
       # PubSolarOS additions
       nix-dram.url = "github:dramforever/nix-dram";
+
+      # b12f additions
+      b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main";
+      b12f-nix-fonts.inputs.nixpkgs.follows = "latest";
     };
 
   outputs =
@@ -65,6 +69,7 @@
     , nvfetcher
     , deploy
     , nix-dram
+    , b12f-nix-fonts
     , ...
     } @ inputs:
     digga.lib.mkFlake
@@ -83,6 +88,7 @@
               nvfetcher.overlay
               deploy.overlay
               nix-dram.overlay
+              b12f-nix-fonts.overlay
               ./pkgs/default.nix
             ];
           };
@@ -127,7 +133,10 @@
             suites = with profiles; rec {
               base = [ core users.nixos users.root ];
               pubsolaros = [ core base-user users.root ];
-              anonymous = [ pubsolaros users.nixos ];
+              anonymous = pubsolaros ++ [ users.nixos ];
+              b12f = pubsolaros ++ [ users.ben gaming ];
+              biolimo = b12f ++ [ graphical ];
+              chocolatebar = b12f ++ [ graphical virtualisation ];
             };
           };
         };

hosts/biolimo/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc

hosts/biolimo/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/biolimo/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,9 @@
+input "1739:0:Synaptics_TM3288-011" {
+  dwt enabled
+  tap enabled
+  middle_emulation enabled
+}
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}

hosts/biolimo/.config/sway/config.d/screens.conf

@@ -0,0 +1,21 @@
+set $internal eDP-1
+set $middle "Hewlett Packard HP E231 3CQ4290S5J"
+set $standup "Hewlett Packard HP E231 3CQ4251F33"
+
+output $internal {
+  scale 1.3
+  pos 0 500
+}
+
+output $middle {
+  scale 1
+
+  # 1969 is the 1.3 scaled width of the internal monitor
+  pos 1969 0
+}
+
+output $standup {
+  scale 1
+  transform 270
+  pos 3889 0
+}

hosts/biolimo/.gitattributes

@@ -0,0 +1 @@
+secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

hosts/biolimo/base.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+  ];
+
+  config = {
+    pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin";
+
+    hardware.cpu.intel.updateMicrocode = true;
+
+    networking.firewall.allowedTCPPorts = [
+      5000
+    ];
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+    };
+  };
+}

hosts/biolimo/biolimo.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+  ];
+
+  config = {
+    pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin";
+
+    hardware.cpu.intel.updateMicrocode = true;
+
+    networking.firewall.allowedTCPPorts = [ 5000 ];
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+    };
+  };
+}

hosts/biolimo/configuration.nix

@@ -0,0 +1,26 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
+

hosts/biolimo/default.nix

@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./biolimo.nix
+  ] ++ suites.biolimo;
+}

hosts/biolimo/hardware-configuration.nix

@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/3B67-0CAB";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}

hosts/chocolatebar/.config/sway/config.d/autostart.conf

@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc

hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf

@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {    print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ {    print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

hosts/chocolatebar/.config/sway/config.d/input-defaults.conf

@@ -0,0 +1,9 @@
+input "1739:0:Synaptics_TM3288-011" {
+  dwt enabled
+  tap enabled
+  middle_emulation enabled
+}
+input * {
+  xkb_layout us(intl),de
+  xkb_options ctrl:nocaps
+}

hosts/chocolatebar/.config/sway/config.d/screens.conf

@@ -0,0 +1,21 @@
+set $internal eDP-1
+set $middle DP-4
+set $standup DP-5
+
+output $internal {
+  scale 1.3
+  pos 0 500
+}
+
+output $middle {
+  scale 1
+
+  # 1969 is the 1.3 scaled width of the internal monitor
+  pos 1969 0
+}
+
+output $standup {
+  scale 1
+  transform 270
+  pos 3889 0
+}

hosts/chocolatebar/.gitattributes

@@ -0,0 +1 @@
+secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

hosts/chocolatebar/base.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+    ./virtualisation
+  ];
+
+  config = {
+    pub-solar.x-os.keyfile = "/etc/nixos/hosts/chocolatebar/secrets/keyfile.bin";
+
+    pub-solar.virtualisation.isolateGPU = "rx550x";
+
+    hardware.cpu.amd.updateMicrocode = true;
+
+    hardware.opengl.extraPackages = with pkgs; [
+      rocm-opencl-icd
+      rocm-opencl-runtime
+    ];
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+  };
+}

hosts/chocolatebar/chocolatebar.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./configuration.nix
+    ./virtualisation
+  ];
+
+  config = {
+    pub-solar.x-os.keyfile = "/etc/nixos/hosts/chocolatebar/secrets/keyfile.bin";
+
+    pub-solar.virtualisation.isolateGPU = "rx550x";
+
+    hardware.cpu.amd.updateMicrocode = true;
+
+    hardware.opengl.extraPackages = with pkgs; [
+      rocm-opencl-icd
+      rocm-opencl-runtime
+    ];
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+  };
+}

hosts/chocolatebar/configuration.nix

@@ -0,0 +1,25 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}

hosts/chocolatebar/default.nix

@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./chocolatebar.nix
+  ] ++ suites.chocolatebar;
+}

hosts/chocolatebar/hardware-configuration.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbcore" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/a3a74208-b244-4268-b374-e58265810fce";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/afcde41f-9811-4ac8-bb7b-a683844acc5c";
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/12FD-62A8";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

hosts/chocolatebar/virtualisation/create-service.nix

@@ -0,0 +1,78 @@
+{ config, pkgs, lib, vm, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
+  generateXML = import ./generate-xml.nix;
+in
+{
+  serviceConfig = {
+    Type = "oneshot";
+    RemainAfterExit = "yes";
+    Restart = "no";
+  };
+
+  script =
+    let
+      networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
+      machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
+    in
+    ''
+      echo "Checking if ${vm.name} is already running"
+      STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
+      if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
+        echo "Domain ${vm.name} is already running or in an inconsistent state:"
+        ${pkgs.libvirt}/bin/virsh list --all
+        exit 0
+      fi
+
+      NET_TMP_FILE="/tmp/network.xml"
+
+      NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
+      (sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE
+
+      ${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE
+      ${pkgs.libvirt}/bin/virsh net-start 'default' || true
+
+      VARS_FILE=${varsFile}
+      if [ ! -f "$VARS_FILE" ]; then
+        cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE
+      fi
+
+      TMP_FILE="/tmp/${vm.name}.xml"
+
+      UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
+      (sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE
+
+      USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
+      LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
+      sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE
+
+      USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
+      USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
+      LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
+      sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" $TMP_FILE
+
+      # TODO: Set correct pci address too
+
+      ${pkgs.libvirt}/bin/virsh define $TMP_FILE
+      ${pkgs.libvirt}/bin/virsh start '${vm.name}'
+    '';
+
+  preStop =
+    ''
+      ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
+      let "timeout = $(date +%s) + 10"
+      while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
+        if [ "$(date +%s)" -ge "$timeout" ]; then
+          # Meh, we warned it...
+          ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
+        else
+          # The machine is still running, let's give it some time to shut down
+          sleep 0.5
+        fi
+      done
+
+      ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
+    '';
+}

hosts/chocolatebar/virtualisation/default.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  createService = import ./create-service.nix;
+  isolateAnyGPU = psCfg.virtualisation.isolateGPU != null;
+in
+{
+  options.pub-solar.virtualisation.isolateGPU = mkOption {
+    description = "Which GPU to isolate for virtualisation guests";
+    type = with types; nullOr (enum [ "rx5700xt" "rx550x" ]);
+    default = null;
+  };
+
+  config = mkIf psCfg.virtualisation.enable {
+    boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
+      "softdep amdgpu pre: vfio vfio_pci"
+      (if psCfg.virtualisation.isolateGPU == "rx5700xt"
+      then "options vfio-pci ids=1002:731f,1002:ab38"
+      else "options vfio-pci ids=1002:699f,1002:aae0"
+      )
+    ]);
+
+    systemd.user.services = {
+      vm-windows = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "windows";
+          disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
+          id = "http://microsoft.com/win/10";
+          gpu = true;
+          mountHome = false;
+        };
+      };
+      vm-manjaro = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "manjaro";
+          disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
+          id = "https://manjaro.org/download/#i3";
+          gpu = true;
+          mountHome = true;
+        };
+      };
+    };
+  };
+}

hosts/chocolatebar/virtualisation/generate-xml.nix

@@ -0,0 +1,242 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+  <domain type='kvm'>
+    <name>${vm.name}</name>
+    <uuid>UUID</uuid>
+    <metadata>
+      <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+        <libosinfo:os id="${vm.id}"/>
+      </libosinfo:libosinfo>
+    </metadata>
+    <memory unit='KiB'>33554432</memory>
+    <currentMemory unit='KiB'>33554432</currentMemory>
+    <vcpu placement='static'>12</vcpu>
+    <cputune>
+      <vcpupin vcpu='0' cpuset='6'/>
+      <vcpupin vcpu='1' cpuset='7'/>
+      <vcpupin vcpu='2' cpuset='8'/>
+      <vcpupin vcpu='3' cpuset='9'/>
+      <vcpupin vcpu='4' cpuset='10'/>
+      <vcpupin vcpu='5' cpuset='11'/>
+      <vcpupin vcpu='6' cpuset='18'/>
+      <vcpupin vcpu='7' cpuset='19'/>
+      <vcpupin vcpu='8' cpuset='20'/>
+      <vcpupin vcpu='9' cpuset='21'/>
+      <vcpupin vcpu='10' cpuset='22'/>
+      <vcpupin vcpu='11' cpuset='23'/>
+    </cputune>
+    <resource>
+      <partition>/machine</partition>
+    </resource>
+    <os>
+      <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
+      <loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
+      <nvram>${varsFile}</nvram>
+      <boot dev='hd'/>
+    </os>
+    <features>
+      <acpi/>
+      <apic/>
+      <hyperv>
+        <relaxed state='on'/>
+        <vapic state='on'/>
+        <spinlocks state='on' retries='8191'/>
+        <vendor_id state='on' value='wahtever'/>
+      </hyperv>
+      <kvm>
+        <hidden state='on'/>
+      </kvm>
+      <vmport state='off'/>
+    </features>
+    <cpu mode='custom' match='exact' check='full'>
+      <model fallback='forbid'>EPYC-IBPB</model>
+      <vendor>AMD</vendor>
+      <topology sockets='1' dies='1' cores='6' threads='2'/>
+      <feature policy='require' name='x2apic'/>
+      <feature policy='require' name='tsc-deadline'/>
+      <feature policy='require' name='hypervisor'/>
+      <feature policy='require' name='tsc_adjust'/>
+      <feature policy='require' name='clwb'/>
+      <feature policy='require' name='umip'/>
+      <feature policy='require' name='stibp'/>
+      <feature policy='require' name='arch-capabilities'/>
+      <feature policy='require' name='ssbd'/>
+      <feature policy='require' name='xsaves'/>
+      <feature policy='require' name='cmp_legacy'/>
+      <feature policy='require' name='perfctr_core'/>
+      <feature policy='require' name='clzero'/>
+      <feature policy='require' name='wbnoinvd'/>
+      <feature policy='require' name='amd-ssbd'/>
+      <feature policy='require' name='virt-ssbd'/>
+      <feature policy='require' name='rdctl-no'/>
+      <feature policy='require' name='skip-l1dfl-vmentry'/>
+      <feature policy='require' name='mds-no'/>
+      <feature policy='require' name='pschange-mc-no'/>
+      <feature policy='disable' name='monitor'/>
+      <feature policy='disable' name='svm'/>
+      <feature policy='require' name='topoext'/>
+    </cpu>
+    <clock offset='utc'>
+      <timer name='rtc' tickpolicy='catchup'/>
+      <timer name='pit' tickpolicy='delay'/>
+      <timer name='hpet' present='no'/>
+    </clock>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    <pm>
+      <suspend-to-mem enabled='no'/>
+      <suspend-to-disk enabled='no'/>
+    </pm>
+    <devices>
+      <emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
+      <disk type='block' device='disk'>
+        <driver name='qemu' type='raw'/>
+        <source dev='${vm.disk}'/>
+        <backingStore/>
+        <target dev='vdb' bus='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+      </disk>
+      <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+        <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='sata' index='0'>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+      </controller>
+      <controller type='pci' index='0' model='pcie-root'/>
+      <controller type='pci' index='1' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='1' port='0x10'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+      </controller>
+      <controller type='pci' index='2' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='2' port='0x11'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+      </controller>
+      <controller type='pci' index='3' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='3' port='0x12'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+      </controller>
+      <controller type='pci' index='4' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='4' port='0x13'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+      </controller>
+      <controller type='pci' index='5' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='5' port='0x14'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+      </controller>
+      <controller type='pci' index='6' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='6' port='0x15'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+      </controller>
+      <controller type='pci' index='7' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='7' port='0x16'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+      </controller>
+      <controller type='pci' index='8' model='pcie-to-pci-bridge'>
+        <model name='pcie-pci-bridge'/>
+        <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </controller>
+      <controller type='pci' index='9' model='pcie-root-port'>
+        <model name='pcie-root-port'/>
+        <target chassis='9' port='0x17'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+      </controller>
+      <controller type='virtio-serial' index='0'>
+        <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+      </controller>
+      ${if vm.mountHome then ''
+        <filesystem type='mount' accessmode='mapped'>
+          <source dir='/home/${psCfg.user.name}'/>
+          <target dir='/media/home'/>
+          <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
+        </filesystem>
+      '' else ""}
+      <interface type='network'>
+        <mac address='52:54:00:44:cd:ac'/>
+        <source network='default'/>
+        <model type='rtl8139'/>
+        <address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
+      </interface>
+      <serial type='pty'>
+        <target type='isa-serial' port='0'>
+          <model name='isa-serial'/>
+        </target>
+      </serial>
+      <console type='pty'>
+        <target type='serial' port='0'/>
+      </console>
+      <input type='tablet' bus='usb'>
+        <address type='usb' bus='0' port='1'/>
+      </input>
+      <input type='mouse' bus='ps2'/>
+      <input type='keyboard' bus='ps2'/>
+      <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+        <listen type='address' address='127.0.0.1'/>
+        <image compression='off'/>
+      </graphics>
+      <video>
+        <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+      </video>
+      <hostdev mode='subsystem' type='usb' managed='yes'>
+        <source>
+          <vendor id='0x046d'/>
+          <product id='0xc328'/>
+          <address bus='1' device='2'/>
+        </source>
+        <address type='usb' bus='0' port='4'/>
+      </hostdev>
+      <hostdev mode='subsystem' type='usb' managed='yes'>
+        <source>
+          <vendor id='0x046d'/>
+          <product id='0xc52b'/>
+          <address bus='1' device='4'/>
+        </source>
+        <address type='usb' bus='0' port='5'/>
+      </hostdev>
+      ${if vm.gpu && psCfg.virtualisation.isolateGPU != null then ''
+        <hostdev mode='subsystem' type='pci' managed='yes'>
+          <driver name='vfio'/>
+          <source>
+            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
+          </source>
+          <rom bar='on' file='/etc/nixos/owners/b12f/devices/chocolatebar/virtualisation/${psCfg.virtualisation.isolateGPU}.rom'/>
+          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
+        </hostdev>
+        <hostdev mode='subsystem' type='pci' managed='yes'>
+          <driver name='vfio'/>
+          <source>
+            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
+          </source>
+          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
+        </hostdev>
+      '' else ""}
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='2'/>
+      </redirdev>
+      <redirdev bus='usb' type='spicevmc'>
+        <address type='usb' bus='0' port='3'/>
+      </redirdev>
+      <memballoon model='virtio'>
+        <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+      </memballoon>
+      <shmem name='scream-ivshmem'>
+        <model type='ivshmem-plain'/>
+        <size unit='M'>2</size>
+        <address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/>
+      </shmem>
+    </devices>
+  </domain>
+''

hosts/chocolatebar/virtualisation/network-xml.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+''
+  <network>
+    <name>default</name>
+    <uuid>UUID</uuid>
+    <forward mode='nat'>
+      <nat>
+        <port start='1024' end='65535'/>
+      </nat>
+    </forward>
+    <bridge name='virbr0' stp='on' delay='0'/>
+    <mac address='52:54:00:bd:a0:73'/>
+    <ip address='192.168.122.1' netmask='255.255.255.0'>
+      <dhcp>
+        <range start='192.168.122.2' end='192.168.122.254'/>
+      </dhcp>
+    </ip>
+  </network>
+''

modules/devops/default.nix

@@ -18,6 +18,7 @@ in
         restic
         shellcheck
         terraform_0_15
+        tea
       ];
     };
   };

modules/terminal-life/nvim/default.nix

@@ -39,6 +39,15 @@ let
       sha256 = "QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ=";
     };
   };
+  vim-mdx-js = pkgs.vimUtils.buildVimPlugin {
+    name = "vim-mdx-js";
+    src = pkgs.fetchFromGitHub {
+      owner = "jxnblk";
+      repo = "vim-mdx-js";
+      rev = "17179d7f2a73172af5f9a8d65b01a3acf12ddd50";
+      sha256 = "wfYCvw9JVGG8p8PQhRPT6CeGGf2OVz9SR2KQM0LjQhY=";
+    };
+  };
 in
 {
   enable = true;
@@ -137,5 +146,6 @@ in
     vim-ruby
     vim-toml
     vim-nix
+    vim-mdx-js
   ];
 }

overlays/overrides.nix

@@ -8,6 +8,7 @@ channels: final: prev: {
     discord
     element-desktop-wayland
     rage
+    docker-compose
     neovim-unwrapped
     nixpkgs-fmt
     qutebrowser

profiles/base-user/default.nix

@@ -7,18 +7,14 @@ in
     ./home.nix
   ];
 
-  users = {
-    mutableUsers = false;
-
-    users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] {
-      # Indicates whether this is an account for a “real” user.
-      # This automatically sets group to users, createHome to true,
-      # home to /home/username, useDefaultShell to true, and isSystemUser to false.
-      isNormalUser = true;
-      description = "";
-      extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ];
-      initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
-      shell = pkgs.zsh;
-    };
+  users.users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] {
+    # Indicates whether this is an account for a “real” user.
+    # This automatically sets group to users, createHome to true,
+    # home to /home/username, useDefaultShell to true, and isSystemUser to false.
+    isNormalUser = true;
+    description = "The main PubSolarOS user";
+    extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ];
+    initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
+    shell = pkgs.zsh;
   };
 }

profiles/base-user/home.nix

@@ -9,7 +9,7 @@ in
     ./session-variables.nix
   ];
 
-  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+  home-manager.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
     # Let Home Manager install and manage itself.
     programs.home-manager.enable = true;
 

profiles/gaming/default.nix

@@ -3,7 +3,4 @@ let inherit (lib) fileContents;
 in
 {
   pub-solar.gaming.enable = true;
-  pub-solar.docker.enable = true;
-  pub-solar.docker.enable = true;
-  pub-solar.docker.enable = true;
-};
+}

profiles/virtualisation/default.nix

@@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.virtualisation.enable = true;
+}

users/ben/.config/msmtp/config

@@ -0,0 +1,31 @@
+account hello@benjaminbaedorf.eu
+  host mail.hosting.de
+  port 587
+  protocol smtp
+  auth on
+  from hello@benjaminbaedorf.eu
+  user hello@benjaminbaedorf.eu
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account benjamin.baedorf@rwth-aachen.de
+  host mail.rwth-aachen.de
+  port 587
+  protocol smtp
+  auth on
+  from benjamin.baedorf@rwth-aachen.de
+  user bb564306@rwth-aachen.de
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account b.baedorf@openproject.com
+  host smtp.mailbox.org
+  port 465
+  protocol smtp
+  auth on
+  from b.baedorf@openproject.com
+  user b.baedorf@openproject.com
+  tls on
+  tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account default : hello@benjaminbaedorf.eu

users/ben/.config/mutt/b.baedorf@openproject.com.muttrc

@@ -0,0 +1,24 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <b.baedorf@openproject.com>"
+set sendmail = "msmtp -a b.baedorf@openproject.com"
+set signature = "~/.config/mutt/b.baedorf@openproject.com.signature"
+
+set pgp_default_key="DB94333951EC9A362B33FBA5069CA2D117AB5CCF"
+
+set imap_user = b.baedorf@openproject.com
+set imap_pass = `secret-tool lookup service smtp host smtp.mailbox.org user b.baedorf@openproject.com`
+
+set folder      = imaps://imap.mailbox.org:993
+
+set spoolfile   = "+INBOX"
+set postponed   = "+Drafts"
+set record      = "+Sent"
+set trash       = "+Trash"
+mbox-hook   = "+Archive"
+unmailboxes *
+mailboxes +INBOX \
+          +Drafts \
+          +Sent \
+          +Archive \
+          +Trash

users/ben/.config/mutt/b.baedorf@openproject.com.signature

@@ -0,0 +1,19 @@
+--
+
+Benjamin Bädorf
+Senior Frontend Engineer
+
+OpenProject GmbH
+Karl-Liebknecht-Str. 5
+10178 Berlin
+
+E: b.baedorf@openproject.com
+GPG: DB94 3339 51EC 9A36 2B33  FBA5 069C A2D1 17AB 5CC
+
+T: +49 9599 899 22
+M: +49 151 2266 2777
+I: www.openproject.org
+
+Amtsgericht Berlin-Charlottenburg HRB 117935
+Geschäftsführer Niels Lindenthal
+UStID DE211309779

users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc

@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <benjamin.baedorf@rwth-aachen.de>"
+set sendmail = "msmtp -a benjamin.baedorf@rwth-aachen.de"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+benjamin.baedorf\@rwth-aachen.de/INBOX"
+set postponed   = "+benjamin.baedorf\@rwth-aachen.de/Drafts"
+set record      = "+benjamin.baedorf\@rwth-aachen.de/Sent"
+set trash       = "+benjamin.baedorf\@rwth-aachen.de/Trash"
+mbox-hook   = "+benjamin.baedorf\@rwth-aachen.de/Journal"
+unmailboxes *
+mailboxes +benjamin.baedorf\@rwth-aachen.de/INBOX \
+          +benjamin.baedorf\@rwth-aachen.de/Drafts \
+          +benjamin.baedorf\@rwth-aachen.de/Sent \
+          +benjamin.baedorf\@rwth-aachen.de/Journal \
+          +benjamin.baedorf\@rwth-aachen.de/Trash

users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc

@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf <hello@benjaminbaedorf.eu>"
+set sendmail = "msmtp -a hello@benjaminbaedorf.eu"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type   = Maildir
+set folder      = ~/Mail
+set spoolfile   = "+hello\@benjaminbaedorf.eu/INBOX"
+set postponed   = "+hello\@benjaminbaedorf.eu/Drafts"
+set record      = "+hello\@benjaminbaedorf.eu/Sent"
+set trash       = "+hello\@benjaminbaedorf.eu/Trash"
+mbox-hook   = "+hello\@benjaminbaedorf.eu/Archive"
+unmailboxes *
+mailboxes +hello\@benjaminbaedorf.eu/INBOX \
+          +hello\@benjaminbaedorf.eu/Drafts \
+          +hello\@benjaminbaedorf.eu/Sent \
+          +hello\@benjaminbaedorf.eu/Archive \
+          +hello\@benjaminbaedorf.eu/Trash

users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature

@@ -0,0 +1,7 @@
+--
+
+Benjamin Bädorf
+Software Engineer
+
+E: hello@benjaminbaedorf.eu
+GPG: 4332 E0D0 2B21 4D31 376C  366E 4406 E80E 13CD 656C

users/ben/.config/offlineimap/config

@@ -0,0 +1,49 @@
+[general]
+pythonfile = $XDG_CONFIG_HOME/offlineimap/functions.py
+metadata = $XDG_DATA_HOME/offlineimap
+accounts = BBEU, RWTH
+
+[Account BBEU]
+localrepository = LocalBBEU
+remoterepository = RemoteBBEU
+
+[Repository LocalBBEU]
+type = Maildir
+localfolders = ~/Mail/hello@benjaminbaedorf.eu
+
+[Repository RemoteBBEU]
+type = IMAP
+remotehost = mail.hosting.de
+remoteuser = hello@benjaminbaedorf.eu
+remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "hello@benjaminbaedorf.eu")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account RWTH]
+localrepository = LocalRWTH
+remoterepository = RemoteRWTH
+
+[Repository LocalRWTH]
+type = Maildir
+localfolders = ~/Mail/benjamin.baedorf@rwth-aachen.de
+
+[Repository RemoteRWTH]
+type = IMAP
+remotehost = mail.rwth-aachen.de
+remoteuser = bb564306@rwth-aachen.de
+remotepasseval = get_secret("service", "smtp", "host", "mail.rwth-aachen.de", "user", "bb564306@rwth-aachen.de")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account OPGmail]
+localrepository = LocalOPGmail
+remoterepository = RemoteOPGmail
+
+[Repository LocalOPGmail]
+type = Maildir
+localfolders = ~/Mail/b.baedorf@openproject.com
+
+[Repository RemoteOPGmail]
+type = IMAP
+remotehost = imap.gmail.com
+remoteuser = b.baedorf@openproject.com
+remotepasseval = get_secret("service", "smtp", "host", "smtp.gmail.com", "user", "b.baedorf@openproject.com")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt

users/ben/.gitattributes

@@ -0,0 +1 @@
+secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

users/ben/default.nix

@@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+let
+  psCfg = config.pub-solar;
+in
+{
+  imports = [
+    ./home.nix
+  ];
+
+  config = {
+    pub-solar = {
+      # These are your personal settings
+      # The only required settings are `name` and `password`,
+      # The rest is used for programs like git
+      user = {
+        name = "ben";
+        password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
+        fullName = "Benjamin Bädorf";
+        email = "hello@benjaminbaedorf.eu";
+        gpgKeyId = "4406E80E13CD656C";
+      };
+
+      email.enable = true;
+      uhk.enable = true;
+    };
+
+    networking.hosts = {
+      "127.0.0.1" = [
+        "openproject.local"
+        "saas-1.openproject.local"
+        "transmission.local"
+      ];
+    };
+
+    fonts.fonts = lib.attrValues pkgs.b12f.fonts;
+  };
+}

users/ben/home.nix

@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./session-variables.nix
+  ];
+
+  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+    home.packages = with pkgs; [
+      dogecoin
+      nodejs
+    ];
+
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        "git.b12f.io" = {
+          hostname = "git.b12f.io";
+          port = 2222;
+          user = "git";
+        };
+
+        "aur.archlinux.org" = {
+          user = "aur";
+        };
+      };
+    };
+
+    xdg.configFile."mutt/accounts.muttrc".text = ''
+      source ./hello@benjaminbaedorf.eu.muttrc
+
+      macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
+      macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
+      macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
+    '';
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
+    xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+    xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
+    xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
+    xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
+    xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
+    xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
+    # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
+  };
+
+  services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ./secrets/mopidy.conf);
+}

users/ben/session-variables.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+    home.sessionVariables = {
+      DRONE_SERVER = "https://ci.b12f.io";
+      RESTIC_REPOSITORY = "sftp:root@backup.b12f.io:/media/internal/backups";
+      RESTIC_PASSWORD_COMMAND = "secret-tool lookup restic repository-password";
+    };
+  };
+}