diff --git a/flake.lock b/flake.lock
index b0820712..047ab202 100644
--- a/flake.lock
+++ b/flake.lock
@@ -15,11 +15,11 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix"
},
"locked": {
- "lastModified": 1619088868,
- "narHash": "sha256-l9db+HpNIkY41MonGE8z4pbkjBa5BdzJTG5AxV7V7Lw=",
+ "lastModified": 1620750556,
+ "narHash": "sha256-J+z8oduu9u1FZ8spSowrgyAmtnBUIUDImqfQCZ58heo=",
"owner": "hercules-ci",
"repo": "hercules-ci-agent",
- "rev": "08f953a263518a3af0ca28cd887020ff3465bdf5",
+ "rev": "f62ce85aed4c4a7fca9e5da2b00340bbcdc92f88",
"type": "github"
},
"original": {
@@ -35,11 +35,11 @@
]
},
"locked": {
- "lastModified": 1613595894,
- "narHash": "sha256-MOk/7rCAUB5Lf4GL+HimvyAAZXYEw8gWsq5nW4PPQQA=",
+ "lastModified": 1622060422,
+ "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=",
"owner": "LnL7",
"repo": "nix-darwin",
- "rev": "5c3146b75d5d478f0693d0ea6c83f1da8382ff56",
+ "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64",
"type": "github"
},
"original": {
@@ -93,11 +93,11 @@
"utils": "utils_2"
},
"locked": {
- "lastModified": 1621354376,
- "narHash": "sha256-b597Jj8B1Nq4NX/Gl/+bYGKqJxpSfUtr1Nmp9m1DND8=",
+ "lastModified": 1622484894,
+ "narHash": "sha256-n3Vn4H1muqDcoMtXS59c0ZZthSJ11gFAodfo1LSQvj8=",
"owner": "divnix",
"repo": "digga",
- "rev": "5ef9b8cabbc10c9b4fe5534107224c7241c63b3d",
+ "rev": "0cbc8bd4defee8fddc0c582556267bd2c1c02704",
"type": "github"
},
"original": {
@@ -138,6 +138,22 @@
"type": "github"
}
},
+ "flake-compat_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1606424373,
+ "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
"flake-utils": {
"locked": {
"lastModified": 1620759905,
@@ -153,6 +169,36 @@
"type": "github"
}
},
+ "flake-utils_2": {
+ "locked": {
+ "lastModified": 1610051610,
+ "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_3": {
+ "locked": {
+ "lastModified": 1619345332,
+ "narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"home": {
"inputs": {
"nixpkgs": [
@@ -160,11 +206,11 @@
]
},
"locked": {
- "lastModified": 1616724076,
- "narHash": "sha256-SwbPXLjN2sLy4NL/GhodiJrdkIVZwGGTGiCN3JxH1cU=",
+ "lastModified": 1622938142,
+ "narHash": "sha256-eNA2HPZI/iO4MCi/FCs+nRuFbpuMplM93Aj6YA2XCyY=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "fedfd430f96695997b3eaf8d7e82ca79406afa23",
+ "rev": "7591c8041d290d4bb99679e9fed2d8061a8f0435",
"type": "github"
},
"original": {
@@ -175,11 +221,11 @@
},
"latest": {
"locked": {
- "lastModified": 1619400530,
- "narHash": "sha256-7ZO7B+b9i1wFbHw62EFT+iwuBBpXeA/fcHlR63Z4J0w=",
+ "lastModified": 1622984109,
+ "narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e8dc8adab655eb27957859c62bef11484b53f639",
+ "rev": "690496c4e545e68482b5c162a03f0a4f97d35373",
"type": "github"
},
"original": {
@@ -215,11 +261,11 @@
]
},
"locked": {
- "lastModified": 1614785451,
- "narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=",
+ "lastModified": 1622810282,
+ "narHash": "sha256-4wmvM3/xfD0hCdNDIXVzRMfL4yB1J+DjH6Zte2xbAxk=",
"owner": "nmattia",
"repo": "naersk",
- "rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9",
+ "rev": "e8061169e1495871b56be97c5c51d310fae01374",
"type": "github"
},
"original": {
@@ -228,6 +274,68 @@
"type": "github"
}
},
+ "neovim-flake": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "dir": "contrib",
+ "lastModified": 1622951124,
+ "narHash": "sha256-UbAiCtoQ1T+Uv3p6Nf3ORd4BS/3g8biQyLi3uO9pBXI=",
+ "owner": "neovim",
+ "repo": "neovim",
+ "rev": "b3e3ab0567a1a3c2f97de943ef9d7b24c0008979",
+ "type": "github"
+ },
+ "original": {
+ "dir": "contrib",
+ "owner": "neovim",
+ "repo": "neovim",
+ "type": "github"
+ }
+ },
+ "neovim-nightly": {
+ "inputs": {
+ "flake-compat": "flake-compat_3",
+ "neovim-flake": "neovim-flake",
+ "nixpkgs": "nixpkgs_3"
+ },
+ "locked": {
+ "lastModified": 1622968938,
+ "narHash": "sha256-ms8m1Iyy4eDMUzyQVNwvxlfUxiXIi2994IstzdM66pE=",
+ "owner": "nix-community",
+ "repo": "neovim-nightly-overlay",
+ "rev": "c67067465cbfec02720e0b1308d6fe565bc22e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "neovim-nightly-overlay",
+ "type": "github"
+ }
+ },
+ "nix-dram": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_4"
+ },
+ "locked": {
+ "lastModified": 1620663773,
+ "narHash": "sha256-Nfc2g9xUCPYBFKE5O7OdrDpCVspwk64S8EbsDYoY38c=",
+ "owner": "dramforever",
+ "repo": "nix-dram",
+ "rev": "86485e22621b17bcc4472889eedbd562498bb5a2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "dramforever",
+ "repo": "nix-dram",
+ "type": "github"
+ }
+ },
"nixlib": {
"locked": {
"lastModified": 1620519687,
@@ -245,11 +353,11 @@
},
"nixos": {
"locked": {
- "lastModified": 1615797423,
- "narHash": "sha256-5NGDZXPQzuoxf/42NiyC9YwwhwzfMfIRrz3aT0XHzSc=",
+ "lastModified": 1622797669,
+ "narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "266dc8c3d052f549826ba246d06787a219533b8f",
+ "rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae",
"type": "github"
},
"original": {
@@ -260,11 +368,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1615652054,
- "narHash": "sha256-jqXKU8Ovpi7MmPRqGf2FB3QOPcZtGwO2MFc0AYiOPjg=",
+ "lastModified": 1622521809,
+ "narHash": "sha256-7XcqrtrHDeaasKzg/ruroLsC2fb6Fi3aenCrv1+xVLk=",
"owner": "nixos",
"repo": "nixos-hardware",
- "rev": "31f61b90ddb9257b94888ee17ccf96236e180c76",
+ "rev": "b2186d6c3cdc58fb3a8def0f608bcae61138cc6f",
"type": "github"
},
"original": {
@@ -304,13 +412,59 @@
"type": "github"
}
},
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1622797669,
+ "narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1620340338,
+ "narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "63586475587d7e0e078291ad4b49b6f6a6885100",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1622984109,
+ "narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "690496c4e545e68482b5c162a03f0a4f97d35373",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
"nur": {
"locked": {
- "lastModified": 1615921934,
- "narHash": "sha256-nURGM869KKA1+c1SHHsXKYcPXhHIuxWBjNXjJ90OzRQ=",
+ "lastModified": 1622977420,
+ "narHash": "sha256-7ftFD75ACb7R9YFwcLxOMhYYYuFyW8Yyqccq0DCIvek=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "faf862e8cf009edfa38ecc61188f7a6ace293552",
+ "rev": "3c7f52ed2f37964fe83a4b2ba0bc9db1f1cde5af",
"type": "github"
},
"original": {
@@ -358,8 +512,11 @@
"home": "home",
"latest": "latest",
"naersk": "naersk_2",
+ "neovim-nightly": "neovim-nightly",
+ "nix-dram": "nix-dram",
"nixos": "nixos",
"nixos-hardware": "nixos-hardware",
+ "nixpkgs": "nixpkgs_5",
"nur": "nur",
"pkgs": "pkgs"
}
diff --git a/flake.nix b/flake.nix
index 036e3db9..11a0fd54 100644
--- a/flake.nix
+++ b/flake.nix
@@ -84,6 +84,8 @@
base = [ core users.nixos users.root ];
pubsolaros = [ core base-user users.root ];
anonymous = [ pubsolaros users.nixos ];
+ teutat3s = [ base users.teutat3s ];
+ dumpyourvms = [ teutat3s graphical ];
};
};
diff --git a/hosts/con/.config/sway/config.d/applications.conf b/hosts/con/.config/sway/config.d/applications.conf
new file mode 100644
index 00000000..c528a114
--- /dev/null
+++ b/hosts/con/.config/sway/config.d/applications.conf
@@ -0,0 +1,14 @@
+assign [app_id="firefox"] $ws2
+
+# seahorse
+for_window [title="seahorse"] floating enabled
+
+# NetworkManager
+for_window [title="Network Connections"] floating enabled
+
+# thunderbird
+for_window [title="New Task:*"] floating enabled
+for_window [title="Edit Task:*"] floating enabled
+for_window [title="New Event:*"] floating enabled
+for_window [title="Edit Event:*"] floating enabled
+
diff --git a/hosts/con/.config/sway/config.d/autostart.conf b/hosts/con/.config/sway/config.d/autostart.conf
new file mode 100644
index 00000000..8ed35abb
--- /dev/null
+++ b/hosts/con/.config/sway/config.d/autostart.conf
@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+#exec qMasterPassword
diff --git a/hosts/con/.config/sway/config.d/custom-keybindings.conf b/hosts/con/.config/sway/config.d/custom-keybindings.conf
new file mode 100644
index 00000000..e678cb75
--- /dev/null
+++ b/hosts/con/.config/sway/config.d/custom-keybindings.conf
@@ -0,0 +1,5 @@
+# switch keyboard input language
+bindsym $mod+tab exec swaymsg input "1:1:AT_Translated_Set_2_keyboard" xkb_switch_layout next
+
+bindsym $mod+Shift+F2 exec chromium --enable-features=UseOzonePlatform --ozone-platform=wayland
+
diff --git a/hosts/con/.config/sway/config.d/input-defaults.conf b/hosts/con/.config/sway/config.d/input-defaults.conf
new file mode 100644
index 00000000..11773d48
--- /dev/null
+++ b/hosts/con/.config/sway/config.d/input-defaults.conf
@@ -0,0 +1,35 @@
+### Input configuration
+#
+# You can get the names of your inputs by running: swaymsg -t get_inputs
+# Read `man 5 sway-input` for more information about this section.
+
+input "type:keyboard" {
+ xkb_layout us,de
+ xkb_model pc105
+ xkb_options altwin:swap_alt_win
+}
+
+input "type:touchpad" {
+ tap enabled
+ natural_scroll enabled
+}
+
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
diff --git a/hosts/con/.config/sway/config.d/screens.conf b/hosts/con/.config/sway/config.d/screens.conf
new file mode 100644
index 00000000..3ff444e0
--- /dev/null
+++ b/hosts/con/.config/sway/config.d/screens.conf
@@ -0,0 +1,41 @@
+### Output configuration
+#
+# Example configuration:
+#
+# output HDMI-A-1 resolution 1920x1080 position 1920,0
+#
+# You can get the names of your outputs by running: swaymsg -t get_outputs
+
+set $main_screen eDP-1
+set $displayport DP-1
+set $hmdi HDMI-A-1
+
+output $main_screen
+output $displayport scale 2
+output $hdmi scale 1
+
+output $main_screen pos 0 0
+output $displayport pos 0 -1200
+output $hdmi pos 1920 0
+
+#bindswitch lid:on output $main_screen disable
+#bindswitch lid:off output $main_screen enable
+bindsym $mod+Shift+x output $main_screen toggle
+
+# TODO when using more monitors
+## Manual management of external displays
+# Set the shortcuts and what they do
+#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
+#mode "$mode_display" {
+# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
+# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
+# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym o output HDMI-A-1 disable, mode "default"
+#
+# # back to normal: Enter or Escape
+# bindsym Return mode "default"
+# bindsym Escape mode "default"
+#}
+## Declare here the shortcut to bring the display selection menu
+#bindsym $mod+x mode "$mode_display"
diff --git a/hosts/con/.gitattributes b/hosts/con/.gitattributes
new file mode 100644
index 00000000..5a37d556
--- /dev/null
+++ b/hosts/con/.gitattributes
@@ -0,0 +1 @@
+secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705
diff --git a/hosts/con/default.nix b/hosts/con/default.nix
new file mode 100644
index 00000000..95238b8c
--- /dev/null
+++ b/hosts/con/default.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ config = {
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ home.sessionVariables = {
+ DOCKER_BUILDKIT = "1";
+ };
+ # Custom device sway configs
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
+ "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+ "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+ };
+ };
+ networking.hosts = {
+ "127.0.0.1" = [ "virtrex.test" "expo.test" "proxy.test" ];
+ };
+ };
+}
diff --git a/hosts/con/secrets/keyfile.bin b/hosts/con/secrets/keyfile.bin
new file mode 100644
index 00000000..73bc3a7a
Binary files /dev/null and b/hosts/con/secrets/keyfile.bin differ
diff --git a/hosts/dumpyourvms.nix b/hosts/dumpyourvms.nix
new file mode 100644
index 00000000..d4d9802f
--- /dev/null
+++ b/hosts/dumpyourvms.nix
@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+ imports = [
+ ./dumpyourvms
+ ] ++ suites.dumpyourvms;
+}
diff --git a/hosts/dumpyourvms/.config/sway/config.d/applications.conf b/hosts/dumpyourvms/.config/sway/config.d/applications.conf
new file mode 100644
index 00000000..c528a114
--- /dev/null
+++ b/hosts/dumpyourvms/.config/sway/config.d/applications.conf
@@ -0,0 +1,14 @@
+assign [app_id="firefox"] $ws2
+
+# seahorse
+for_window [title="seahorse"] floating enabled
+
+# NetworkManager
+for_window [title="Network Connections"] floating enabled
+
+# thunderbird
+for_window [title="New Task:*"] floating enabled
+for_window [title="Edit Task:*"] floating enabled
+for_window [title="New Event:*"] floating enabled
+for_window [title="Edit Event:*"] floating enabled
+
diff --git a/hosts/dumpyourvms/.config/sway/config.d/autostart.conf b/hosts/dumpyourvms/.config/sway/config.d/autostart.conf
new file mode 100644
index 00000000..8ed35abb
--- /dev/null
+++ b/hosts/dumpyourvms/.config/sway/config.d/autostart.conf
@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+#exec qMasterPassword
diff --git a/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf b/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf
new file mode 100644
index 00000000..dfe31ce2
--- /dev/null
+++ b/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf
@@ -0,0 +1,3 @@
+# switch keyboard input language
+bindsym $mod+tab exec swaymsg input "1452:628:Apple_Inc._Apple_Internal_Keyboard_/_Trackpad" xkb_switch_layout next
+
diff --git a/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf b/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf
new file mode 100644
index 00000000..74fd8d38
--- /dev/null
+++ b/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf
@@ -0,0 +1,34 @@
+### Input configuration
+#
+# You can get the names of your inputs by running: swaymsg -t get_inputs
+# Read `man 5 sway-input` for more information about this section.
+
+input "type:keyboard" {
+ xkb_layout us,de
+ xkb_model pc105
+}
+
+input "type:touchpad" {
+ tap enabled
+ natural_scroll enabled
+}
+
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d gmux_backlight set +10%; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d gmux_backlight set 10%-; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ { print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
diff --git a/hosts/dumpyourvms/.config/sway/config.d/screens.conf b/hosts/dumpyourvms/.config/sway/config.d/screens.conf
new file mode 100644
index 00000000..a760d4c2
--- /dev/null
+++ b/hosts/dumpyourvms/.config/sway/config.d/screens.conf
@@ -0,0 +1,41 @@
+### Output configuration
+#
+# Example configuration:
+#
+# output HDMI-A-1 resolution 1920x1080 position 1920,0
+#
+# You can get the names of your outputs by running: swaymsg -t get_outputs
+
+set $main_screen eDP-1
+set $displayport DP-1
+set $hmdi HDMI-A-1
+
+output $main_screen scale 2
+output $displayport scale 2
+output $hdmi scale 1
+
+output $main_screen pos 0 0
+output $displayport pos 0 -1080
+output $hdmi pos 1440 0
+
+#bindswitch lid:on output $main_screen disable
+#bindswitch lid:off output $main_screen enable
+bindsym $mod+Shift+x output $main_screen toggle
+
+# TODO when using more monitors
+## Manual management of external displays
+# Set the shortcuts and what they do
+#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
+#mode "$mode_display" {
+# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
+# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
+# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym o output HDMI-A-1 disable, mode "default"
+#
+# # back to normal: Enter or Escape
+# bindsym Return mode "default"
+# bindsym Escape mode "default"
+#}
+## Declare here the shortcut to bring the display selection menu
+#bindsym $mod+x mode "$mode_display"
diff --git a/hosts/dumpyourvms/.gitattributes b/hosts/dumpyourvms/.gitattributes
new file mode 100644
index 00000000..5a37d556
--- /dev/null
+++ b/hosts/dumpyourvms/.gitattributes
@@ -0,0 +1 @@
+secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705
diff --git a/hosts/dumpyourvms/consul-agent-ca.pem b/hosts/dumpyourvms/consul-agent-ca.pem
new file mode 100644
index 00000000..4413687f
--- /dev/null
+++ b/hosts/dumpyourvms/consul-agent-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbzCCAxSgAwIBAgIRAMK20/fFF0YVThq8xm/YvBswCgYIKoZIzj0EAwIwgbkx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
+bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
+FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
+IDI1ODgxOTUyODQyOTMwNjIxMjY4NDgwMTUxODE3OTM2NjUxNzc4NzAeFw0xOTEx
+MDYwMDI3MzVaFw0yNDExMDQwMDI3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
+bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
+Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyNTg4MTk1Mjg0MjkzMDYyMTI2
+ODQ4MDE1MTgxNzkzNjY1MTc3ODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQE
+SZ2kc9rKUNX3czze+rFR/bZdLx3JEYrpcSXKkpv1wr68E1Jqhi/8Dm8b62Ei/Bc6
+ZhoJvtB2Shtl+6LbjccUo4H6MIH3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
+BTADAQH/MGgGA1UdDgRhBF9hZjo4MzoyZTpiOToyZTozMzo5MDplOTpkMjpiNzpj
+NjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4YzozMDo0Mjo3OTo4
+ZDo0ZDpmZDozMjo2NzpiYjBqBgNVHSMEYzBhgF9hZjo4MzoyZTpiOToyZTozMzo5
+MDplOTpkMjpiNzpjNjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4
+YzozMDo0Mjo3OTo4ZDo0ZDpmZDozMjo2NzpiYjAKBggqhkjOPQQDAgNJADBGAiEA
+zKCV25P6HqFEa1iUVQnsNAp/WHUwxNlR0OctZSdiuIkCIQDiRK03ZYSK/hmY9kXV
+42nj6kO8MexfiYN4IE4URmzYnA==
+-----END CERTIFICATE-----
diff --git a/hosts/dumpyourvms/default.nix b/hosts/dumpyourvms/default.nix
new file mode 100644
index 00000000..c1eebb60
--- /dev/null
+++ b/hosts/dumpyourvms/default.nix
@@ -0,0 +1,75 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./hardware-configuration.nix
+ ];
+
+ config = {
+ pub-solar.x-os.keyfile = "/home/teutat3s/flk/hosts/dumpyourvms/secrets/keyfile.bin";
+
+ # fix backlight for keyboard and brightness, adjust function key binding
+ boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" ];
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ hardware = {
+ cpu.intel.updateMicrocode = true;
+ facetimehd.enable = true;
+ };
+
+ networking = import ./networking.nix;
+
+ security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
+
+ services.unbound = import ./unbound.nix;
+
+ # Radeon driver seems to work better than amdgpu with Radeon R9 M370X
+ services.xserver.videoDrivers = [ "radeon" ];
+
+ # Thunderbolt tools
+ services.hardware.bolt.enable = true;
+
+ services.udev.extraRules =
+ # Disable XHC1 wakeup signal to avoid resume getting triggered some time
+ # after suspend. Reboot required for this to take effect.
+ ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
+
+
+ services.printing.enable = true;
+ services.printing.drivers = [ pkgs.brlaser ];
+
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ # Custom device sway configs
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
+ "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+ "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+ };
+ };
+
+ users.users.teutat3s = {
+ extraGroups = [ "unbound" ];
+ };
+
+
+ # WLAN frequency compliance (e.g. check for radar with DFS)
+ hardware.firmware = with pkgs; [ wireless-regdb ];
+ boot.extraModprobeConfig = ''
+ options cfg80211 ieee80211_regdom="DE"
+ '';
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "21.05"; # Did you read the comment?
+ };
+}
diff --git a/hosts/dumpyourvms/hardware-configuration.nix b/hosts/dumpyourvms/hardware-configuration.nix
new file mode 100644
index 00000000..6d2c9b64
--- /dev/null
+++ b/hosts/dumpyourvms/hardware-configuration.nix
@@ -0,0 +1,37 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [
+ #(modulesPath + "/hardware/network/broadcom-43xx.nix")
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ {
+ device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c100b9a7-99d7-44d9-b7c2-3892a5f233c4";
+
+ fileSystems."/boot/efi" =
+ {
+ device = "/dev/disk/by-uuid/06B8-5414";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/02fa042f-7310-4be6-a615-524d5d7dc909"; }];
+
+ # high-resolution display
+ hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix
new file mode 100644
index 00000000..f1739d41
--- /dev/null
+++ b/hosts/dumpyourvms/networking.nix
@@ -0,0 +1,52 @@
+{
+ hosts = {
+ "10.0.0.42" = [ "nomad.service.consul" ];
+ "10.0.0.48" = [ "consul.service.consul" ];
+ "10.0.0.49" = [ "vault.service.consul" ];
+ };
+
+ wireguard.enable = true;
+ wg-quick.interfaces = {
+ wg0 = {
+ address = [ "5.0.0.6/32" ];
+ privateKeyFile = "/etc/wireguard/wg0.privatekey";
+
+ peers = [
+ {
+ publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
+ allowedIPs = [ "5.0.0.16/32" "10.0.0.0/24" "10.88.88.0/24" ];
+ endpoint = "85.88.23.16:51820";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ wg1 = {
+ address = [ "10.13.0.1/32" ];
+ privateKeyFile = "/etc/wireguard/wg1.privatekey";
+ mtu = 1412;
+
+ peers = [
+ {
+ publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
+ allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
+ endpoint = "[2a00:6020:409d:bb00:dea6:32ff:fe85:3306]:51820";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ wg2 = {
+ address = [ "10.6.6.4/32" ];
+ privateKeyFile = "/etc/wireguard/wg2.privatekey";
+
+ peers = [
+ {
+ publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
+ presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
+ allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
+ endpoint = "85.88.23.127:51820";
+ persistentKeepalive = 16;
+ }
+ ];
+ };
+ };
+}
diff --git a/hosts/dumpyourvms/secrets/keyfile.bin b/hosts/dumpyourvms/secrets/keyfile.bin
new file mode 100644
index 00000000..bead2555
Binary files /dev/null and b/hosts/dumpyourvms/secrets/keyfile.bin differ
diff --git a/hosts/dumpyourvms/unbound.nix b/hosts/dumpyourvms/unbound.nix
new file mode 100644
index 00000000..6006efe0
--- /dev/null
+++ b/hosts/dumpyourvms/unbound.nix
@@ -0,0 +1,54 @@
+{
+ enable = true;
+ localControlSocketPath = "/run/unbound/unbound.ctl";
+ settings = {
+ server = {
+ cache-max-ttl = 14400;
+ cache-min-ttl = 1200;
+ aggressive-nsec = true;
+ prefetch = false;
+ rrset-roundrobin = true;
+ use-caps-for-id = true;
+ do-ip6 = false;
+ hide-identity = true;
+ hide-version = true;
+ do-not-query-localhost = false;
+ tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
+ };
+
+ # fritz.box stub zone
+ stub-zone = {
+ name = "fritz.box";
+ stub-addr = "192.168.178.1";
+ };
+
+ # DNS over DLS forwarding
+ forward-zone = {
+ name = ".";
+ forward-tls-upstream = true;
+
+ forward-addr = [
+ "5.1.66.255@853#dot.ffmuc.net"
+ "185.150.99.255@853#dot.ffmuc.net"
+ "145.100.185.18@853#dnsovertls3.sinodun.com"
+ "89.233.43.71@853#unicast.censurfridns.dk"
+ "94.130.110.185@853#ns1.dnsprivacy.at"
+
+ "2001:678:e68:f000::@853#dot.ffmuc.net"
+ "2001:678:ed0:f000::@853#dot.ffmuc.net"
+ "2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com"
+ "2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
+ "2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
+ "2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"
+
+ "2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com"
+ "2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com"
+ "2a04:b900:0:100::38@853#getdnsapi.net"
+
+ "145.100.185.15@853#dnsovertls.sinodun.com"
+ "145.100.185.16@853#dnsovertls1.sinodun.com"
+ "185.49.141.37@853#getdnsapi.net"
+ ];
+ };
+ };
+}
diff --git a/hosts/ryzensun/.config/sway/config.d/autostart.conf b/hosts/ryzensun/.config/sway/config.d/autostart.conf
new file mode 100644
index 00000000..626f2809
--- /dev/null
+++ b/hosts/ryzensun/.config/sway/config.d/autostart.conf
@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec qMasterPassword
diff --git a/hosts/ryzensun/.config/sway/config.d/input-defaults.conf b/hosts/ryzensun/.config/sway/config.d/input-defaults.conf
new file mode 100644
index 00000000..b37a429e
--- /dev/null
+++ b/hosts/ryzensun/.config/sway/config.d/input-defaults.conf
@@ -0,0 +1,30 @@
+### Input configuration
+#
+# You can get the names of your inputs by running: swaymsg -t get_inputs
+# Read `man 5 sway-input` for more information about this section.
+
+input * {
+ xkb_layout us,de
+ xkb_options ctrl:nocaps
+ natural_scroll disabled
+}
+
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
diff --git a/hosts/ryzensun/.config/sway/config.d/screens.conf b/hosts/ryzensun/.config/sway/config.d/screens.conf
new file mode 100644
index 00000000..37c47d1f
--- /dev/null
+++ b/hosts/ryzensun/.config/sway/config.d/screens.conf
@@ -0,0 +1,33 @@
+### Output configuration
+#
+# Example configuration:
+#
+# output HDMI-A-1 resolution 1920x1080 position 1920,0
+#
+# You can get the names of your outputs by running: swaymsg -t get_outputs
+
+set $main_screen HDMI-A-1
+
+output $main_screen scale 2
+
+#bindswitch lid:on output $main_screen disable
+#bindswitch lid:off output $main_screen enable
+bindsym $mod+Shift+x output $main_screen toggle
+
+# TODO when using more monitors
+## Manual management of external displays
+# Set the shortcuts and what they do
+#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
+#mode "$mode_display" {
+# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
+# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
+# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
+# bindsym o output HDMI-A-1 disable, mode "default"
+#
+# # back to normal: Enter or Escape
+# bindsym Return mode "default"
+# bindsym Escape mode "default"
+#}
+## Declare here the shortcut to bring the display selection menu
+#bindsym $mod+x mode "$mode_display"
diff --git a/hosts/ryzensun/.gitattributes b/hosts/ryzensun/.gitattributes
new file mode 100644
index 00000000..5a37d556
--- /dev/null
+++ b/hosts/ryzensun/.gitattributes
@@ -0,0 +1 @@
+secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705
diff --git a/hosts/ryzensun/default.nix b/hosts/ryzensun/default.nix
new file mode 100644
index 00000000..56fe0a2f
--- /dev/null
+++ b/hosts/ryzensun/default.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./virtualisation
+ ];
+
+ config.home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+ };
+}
diff --git a/hosts/ryzensun/virtualisation/create-service.nix b/hosts/ryzensun/virtualisation/create-service.nix
new file mode 100644
index 00000000..df7453f1
--- /dev/null
+++ b/hosts/ryzensun/virtualisation/create-service.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, lib, vm, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
+ generateXML = import ./generate-xml.nix;
+in
+{
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ Restart = "no";
+ };
+
+ script =
+ let
+ networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
+ machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
+ in
+ ''
+ echo "Checking if ${vm.name} is already running"
+ if [[ $(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' ) != 'shut off' ]]; then
+ echo "Domain ${vm.name} is already running or in an inconsistent state:"
+ ${pkgs.libvirt}/bin/virsh list --all
+ exit 0
+ fi
+
+ NET_TMP_FILE="/tmp/network.xml"
+
+ NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
+ (sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE
+
+ ${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE
+ ${pkgs.libvirt}/bin/virsh net-start 'default' || true
+
+ VARS_FILE=${varsFile}
+ if [ ! -f "$VARS_FILE" ]; then
+ cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE
+ fi
+
+ TMP_FILE="/tmp/${vm.name}.xml"
+
+ UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
+ (sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE
+
+ USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
+ LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
+ sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE
+
+ USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
+ USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
+ LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
+ sed -i "''${LINE_NUMBER}s/.*//" $TMP_FILE
+
+ # TODO: Set correct pci address too
+
+ ${pkgs.libvirt}/bin/virsh define $TMP_FILE
+ ${pkgs.libvirt}/bin/virsh start '${vm.name}'
+ '';
+
+ preStop =
+ ''
+ ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
+ let "timeout = $(date +%s) + 10"
+ while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
+ if [ "$(date +%s)" -ge "$timeout" ]; then
+ # Meh, we warned it...
+ ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
+ else
+ # The machine is still running, let's give it some time to shut down
+ sleep 0.5
+ fi
+ done
+
+ ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
+ '';
+}
diff --git a/hosts/ryzensun/virtualisation/default.nix b/hosts/ryzensun/virtualisation/default.nix
new file mode 100644
index 00000000..e44fdb08
--- /dev/null
+++ b/hosts/ryzensun/virtualisation/default.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ createService = import ./create-service.nix;
+in
+{
+ options.pub-solar.virtualisation.rx5700xt = mkEnableOption "Use the bigger GPU for guests";
+
+ config = mkIf psCfg.virtualisation.enable {
+ boot.extraModprobeConfig = "softdep amdgpu pre: vfio vfio_pci" + (if psCfg.virtualisation.rx5700xt
+ then "\noptions vfio-pci ids=1002:731f,1002:ab38"
+ else "\noptions vfio-pci ids=1002:699f,1002:aae0");
+
+ systemd.user.services = {
+ vm-windows = createService {
+ inherit config;
+ inherit pkgs;
+ inherit lib;
+ vm = {
+ name = "windows";
+ disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
+ id = "http://microsoft.com/win/10";
+ gpu = true;
+ mountHome = false;
+ };
+ };
+ vm-manjaro = createService {
+ inherit config;
+ inherit pkgs;
+ inherit lib;
+ vm = {
+ name = "manjaro";
+ disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
+ id = "https://manjaro.org/download/#i3";
+ gpu = true;
+ mountHome = true;
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/ryzensun/virtualisation/generate-xml.nix b/hosts/ryzensun/virtualisation/generate-xml.nix
new file mode 100644
index 00000000..6ec49bc5
--- /dev/null
+++ b/hosts/ryzensun/virtualisation/generate-xml.nix
@@ -0,0 +1,246 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+
+ ${vm.name}
+ UUID
+
+
+
+
+
+ 33554432
+ 33554432
+ 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /machine
+
+
+ hvm
+ /run/libvirt/nix-ovmf/OVMF_CODE.fd
+ ${varsFile}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EPYC-IBPB
+ AMD
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ destroy
+ restart
+ destroy
+
+
+
+
+
+ ${pkgs.qemu}/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ${if vm.mountHome then ''
+
+
+
+
+
+ '' else ""}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ${if vm.gpu then ''
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ '' else ""}
+
+
+
+
+
+
+
+
+
+
+
+ 2
+
+
+
+
+''
diff --git a/hosts/ryzensun/virtualisation/network-xml.nix b/hosts/ryzensun/virtualisation/network-xml.nix
new file mode 100644
index 00000000..81882917
--- /dev/null
+++ b/hosts/ryzensun/virtualisation/network-xml.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+''
+
+ default
+ UUID
+
+
+
+
+
+
+
+
+
+
+
+
+
+''
diff --git a/users/teutat3s/.config/git/config.nix b/users/teutat3s/.config/git/config.nix
new file mode 100644
index 00000000..10cbd6f0
--- /dev/null
+++ b/users/teutat3s/.config/git/config.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+let
+in
+pkgs.lib.mkAfter ''[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"]
+ path = ~/.config/git/config_greenbaum.cloud
+
+[includeIf "gitdir:~/CodeRoom/git.b12f.io/"]
+ path = ~/.config/git/config_git.b12f.io''
diff --git a/users/teutat3s/.config/git/config_git.b12f.io.nix b/users/teutat3s/.config/git/config_git.b12f.io.nix
new file mode 100644
index 00000000..e333d877
--- /dev/null
+++ b/users/teutat3s/.config/git/config_git.b12f.io.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+let
+in
+''[user]
+ name = teutat3s
+ email = teutates@mailbox.org
+ signingkey = 4FA1D3FA524F22C1''
diff --git a/users/teutat3s/.config/git/config_greenbaum.cloud.nix b/users/teutat3s/.config/git/config_greenbaum.cloud.nix
new file mode 100644
index 00000000..f2af6493
--- /dev/null
+++ b/users/teutat3s/.config/git/config_greenbaum.cloud.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+let
+in
+''[user]
+ name = jhonas
+ email = wernery@greenbaum.cloud
+ signingkey = 924889A86D0B0FEB''
diff --git a/users/teutat3s/default.nix b/users/teutat3s/default.nix
new file mode 100644
index 00000000..91ea03a1
--- /dev/null
+++ b/users/teutat3s/default.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+let
+ psCfg = config.pub-solar;
+in
+{
+ imports = [
+ ./home.nix
+ ];
+
+ config = {
+ pub-solar = {
+ # These are your personal settings
+ # The only required settings are `name` and `password`,
+ # The rest is used for programs like git
+ user = {
+ name = "teutat3s";
+ fullName = "teutat3s";
+ email = "10206665+teutat3s@users.noreply.github.com";
+ gpgKeyId = "18DAE600A6BBE705";
+ password = "$6$guLp1v0G0TxGThXX$y7YeEcYjFpN6gutLCbvAkqppOVLYZjfo4DxofrMm6a9MIjVoKKaY20UzityJsHbQU4THIFfj8gLWVOjyjL.P2.";
+ };
+
+ sway.v4l2loopback.enable = false;
+ };
+ };
+}
diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix
new file mode 100644
index 00000000..7a4ee25e
--- /dev/null
+++ b/users/teutat3s/home.nix
@@ -0,0 +1,76 @@
+{ config, home-manager, lib, pkgs, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./session-variables.nix
+ ];
+
+ config = {
+ pub-solar.graphical.alacritty.settings.font.size = 12;
+ pub-solar.graphical.alacritty.settings.key_bindings = [
+ { key = "V"; mods = "Control|Super"; action = "Paste"; }
+ { key = "C"; mods = "Control|Super"; action = "Copy"; }
+ ];
+ services.kbfs.enable = true;
+ services.keybase.enable = true;
+ services.yubikey-agent.enable = true;
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; };
+ xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; };
+ xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; };
+
+ home.packages = with pkgs; [
+ AusweisApp2
+ consul
+ keybase-gui
+ nomad
+ thunderbird
+ vault
+ veracrypt
+ waypoint
+ ];
+
+
+ systemd.user.services.yubikey-agent = {
+ Unit = {
+ Description = "Seamless ssh-agent for YubiKeys";
+ Documentation = [ "https://filippo.io/yubikey-agent" ];
+ };
+
+ Service = {
+ ExecStart = "${pkgs.yubikey-agent}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
+ ExecReload = "/bin/kill -HUP $MAINPID";
+ IPAddressDeny = "any";
+ RestrictAddressFamilies = "AF_UNIX";
+ RestrictNamespaces = "yes";
+ RestrictRealtime = "yes";
+ RestrictSUIDSGID = "yes";
+ LockPersonality = "yes";
+ SystemCallFilter = "@system-service ~@privileged @resources";
+ SystemCallErrorNumber = "EPERM";
+ SystemCallArchitectures = "native";
+ NoNewPrivileges = "yes";
+ KeyringMode = "private";
+ UMask = "0177";
+ RuntimeDirectory = "yubikey-agent";
+ };
+
+ Install = {
+ WantedBy = [ "sway-session.target" ];
+ };
+ };
+
+ programs.zsh = {
+ initExtra = import ./zshrc.nix pkgs;
+ };
+
+ # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
+ };
+
+ #services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ../../secrets/mopidy.conf);
+ };
+}
diff --git a/users/teutat3s/session-variables.nix b/users/teutat3s/session-variables.nix
new file mode 100644
index 00000000..a5850f73
--- /dev/null
+++ b/users/teutat3s/session-variables.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ home.sessionVariables = {
+ DRONE_SERVER = "https://drone.greenbaum.cloud";
+ };
+ };
+}
diff --git a/users/teutat3s/zshrc.nix b/users/teutat3s/zshrc.nix
new file mode 100644
index 00000000..26b11f41
--- /dev/null
+++ b/users/teutat3s/zshrc.nix
@@ -0,0 +1,86 @@
+pkgs:
+''
+ bindkey "^[[1;3D" backward-word
+ bindkey "^[[1;3C" forward-word
+ bindkey "^[p" backward-word
+ bindkey "^[n" forward-word
+
+ # make cursor jump to slash, period, dash, underscore, dollar sign, equals sign
+ # by default: export WORDCHARS='*?_-.[]~=/&;!#$%^(){}<>'
+ export WORDCHARS='*?[]~&;!#$%^(){}'
+
+ # Alt+Backspace stops at /
+ bindkey "^[^?" backward-kill-word
+ backward-kill-dir () {
+ local WORDCHARS=''${WORDCHARS/\/}
+ zle backward-kill-word
+ }
+ zle -N backward-kill-dir
+ bindkey '^[^?' backward-kill-dir
+
+ # git aliases
+ alias ga="git add"
+ alias gau="git add --update"
+ alias gb="git branch"
+ alias gbd="git branch --delete"
+ alias gc="git commit"
+ alias gcm="git commit --message"
+ alias gco="git checkout"
+ alias gcob="git checkout -b"
+ alias gd="git diff"
+ alias gm="git merge"
+ alias gma="git merge --abort"
+ alias gmc="git merge --continue"
+ alias gp="git pull"
+ alias gs="git status"
+
+ # misc aliases
+ alias zshconfig="vim ~/.zshrc"
+ alias zshhistory="vim $XDG_DATA_HOME/zsh/zsh_history"
+ alias zshsource="source ~/.zshrc"
+
+ alias tp="triton profile set"
+ alias tt="triton"
+ alias ttco="triton-compose"
+ alias tf="terraform"
+
+ alias dstart="sudo systemctl start docker"
+ alias dstop="sudo systemctl stop docker"
+ alias lvstart="sudo systemctl start libvirtd"
+ alias lvstop="sudo systemctl stop libvirtd"
+
+
+ alias wg-up="sudo systemctl start wg-quick@wg0.service"
+ alias wg-down="sudo systemctl stop wg-quick@wg0.service"
+
+ # Helper function for docker on triton
+ ttdo () {
+ if [[ "$1" == "set" ]]; then
+ if [[ -n "$2" ]]; then
+ triton profile set "$2"
+ fi
+ source ~/CodeRoom/greenbaum.cloud/triton-docker.env.sh
+ elif [[ "$1" == "unset" ]]; then
+ eval "$(triton env --unset)" && unset TRITON_CNS_SEARCH_DOMAIN_PRIVATE TRITON_CNS_SEARCH_DOMAIN_PUBLIC
+ elif [[ "$1" == "env" ]]; then
+ env | grep "DOCKER\|TRITON\|SDC"
+ else
+ /usr/bin/docker $@
+ fi
+ }
+
+ # remove @machine from prompt
+ DEFAULT_USER=$(whoami)
+
+ # autocomplete cd ..
+ zstyle ':completion:*' special-dirs true
+
+ autoload -U +X bashcompinit && bashcompinit
+ complete -o nospace -C ${pkgs.consul}/bin/consul consul
+ complete -o nospace -C ${pkgs.nomad}/bin/nomad nomad
+ complete -o nospace -C ${pkgs.vault}/bin/vault vault
+ complete -o nospace -C ${pkgs.terraform_0_15}/bin/terraform terraform
+ complete -o nospace -C ${pkgs.waypoint}/bin/waypoint waypoint
+ complete -C '${pkgs.awscli2}/bin/aws_completer' ${pkgs.awscli2}/bin/aws
+
+''