├── .gitattributes
├── .github
    └── workflows
    │   └── nix.yml
├── .sops.yaml
├── LICENSE
├── README.md
├── fetch.sh
├── flake.lock
├── flake.nix
├── home
    ├── aerc.nix
    ├── alacritty.nix
    ├── clipman.nix
    ├── common.nix
    ├── default.nix
    ├── direnv.nix
    ├── dunst.nix
    ├── fzf.nix
    ├── gammastep.nix
    ├── git.nix
    ├── gpg.nix
    ├── helix
    │   ├── default.nix
    │   └── full.nix
    ├── hyfetch.nix
    ├── jujutsu.nix
    ├── niri
    │   ├── config.kdl
    │   └── default.nix
    ├── nix-index.nix
    ├── ntfy.nix
    ├── packages.nix
    ├── pass.nix
    ├── persistence.nix
    ├── playerctld.nix
    ├── programming
    │   ├── default.nix
    │   ├── nix.nix
    │   ├── python.nix
    │   ├── rust.nix
    │   └── uiua.nix
    ├── rofi
    │   ├── default.nix
    │   └── nord.rasi
    ├── scripts
    │   ├── download_rss.sh
    │   ├── mount.sh
    │   ├── ntfy-sub.sh
    │   ├── rofipass.sh
    │   └── timetracker.sh
    ├── sops.nix
    ├── ssh.nix
    ├── syncthing.nix
    ├── theme.nix
    ├── tmux.nix
    ├── vscodium.nix
    ├── waybar.nix
    ├── xournalpp
    │   ├── default.nix
    │   └── settings
    │   │   ├── colornames.ini
    │   │   ├── settings.xml
    │   │   └── toolbar.ini
    ├── yubikey.nix
    ├── zoxide.nix
    └── zsh
    │   ├── default.nix
    │   ├── full.nix
    │   └── p10k.zsh
├── hosts
    └── neon
    │   ├── default.nix
    │   ├── hardware-configuration.nix
    │   └── secrets
    │       ├── default.yml
    │       ├── networking
    │           ├── .gitkeep
    │           └── uni-wifi-keys
    │           │   ├── client_cert.pem
    │           │   ├── client_key.pem
    │           │   └── root_ca.pem
    │       └── nm-connections
    │           ├── home-wifi
    │           ├── home-wifi-5
    │           ├── hotspot
    │           ├── uni-vpn
    │           ├── uni-wifi
    │           ├── vpn
    │           └── vpn-full
├── renovate.json
├── scripts
    ├── default.nix
    └── easyroam-setup.sh
├── secrets
    ├── aerc
    │   └── accounts.conf
    ├── gtk
    │   └── bookmarks
    ├── nix.yml
    ├── ntfy
    └── ssh
    │   └── hosts
├── system
    ├── audio.nix
    ├── backlight.nix
    ├── backup.nix
    ├── base.nix
    ├── bluetooth.nix
    ├── boot.nix
    ├── btrbk.nix
    ├── btrfs.nix
    ├── common.nix
    ├── default.nix
    ├── emulation.nix
    ├── env.nix
    ├── fonts.nix
    ├── geoclue2.nix
    ├── kanata.nix
    ├── networking.nix
    ├── nix-ld.nix
    ├── persistence.nix
    ├── power.nix
    ├── services.nix
    ├── sops.nix
    ├── ssh.nix
    ├── steam.nix
    ├── users.nix
    ├── virt.nix
    ├── wayland.nix
    └── zram.nix
├── treefmt.nix
└── wallpapers
    ├── cryptic.jpg
    ├── nix-simple-geometric.png
    ├── nix-snowflake-dark.png
    └── python.png


/.gitattributes:
--------------------------------------------------------------------------------
1 | **/secrets/** diff=sopsdiffer
2 | /home/zsh/p10k.zsh linguist-vendored
3 | 


--------------------------------------------------------------------------------
/.github/workflows/nix.yml:
--------------------------------------------------------------------------------
 1 | name: nix
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [main, staging, trying]
 6 |   pull_request:
 7 | 
 8 | permissions:
 9 |   contents: read
10 | 
11 | jobs:
12 |   fmt:
13 |     runs-on: ubuntu-latest
14 |     steps:
15 |       - uses: actions/checkout@v4
16 |       - uses: DeterminateSystems/nix-installer-action@v17
17 |       - run: nix fmt -- --ci
18 | 
19 |   checks:
20 |     runs-on: ubuntu-latest
21 |     steps:
22 |       - uses: actions/checkout@v4
23 |       - uses: wimpysworld/nothing-but-nix@v6
24 |       - uses: DeterminateSystems/nix-installer-action@v17
25 |       - uses: ryanccn/attic-action@v0
26 |         with:
27 |           endpoint: https://attic.defelo.de/
28 |           cache: nixos
29 |           # atticd-atticadm make-token --sub github --validity 1y --pull nixos --push nixos
30 |           token: ${{ secrets.ATTIC_TOKEN }}
31 |       - run: nix build -L --keep-going .#checks
32 | 


--------------------------------------------------------------------------------
/.sops.yaml:
--------------------------------------------------------------------------------
 1 | keys:
 2 |   - &defelo 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
 3 |   - &neon age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g
 4 | creation_rules:
 5 |   - path_regex: hosts/neon/secrets/.+$
 6 |     key_groups:
 7 |       - pgp: [*defelo]
 8 |         age: [*neon]
 9 |   - path_regex: secrets/.+$
10 |     key_groups:
11 |       - pgp: [*defelo]
12 |         age: [*neon]
13 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Defelo
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # nixos
 2 | My NixOS configuration
 3 | 
 4 | ## Installation instructions
 5 | 1. Boot the [minimal NixOS ISO image](https://nixos.org/download.html#nixos-iso)
 6 | 2. Create a GPT partition table with the following partitions:
 7 |     - `/dev/EFI_PARTITION`: EFI system partition (type: EFI System, size: 1G)
 8 |     - `/dev/LUKS_PARTITION`: Encrypted root partition (type: Linux filesystem)
 9 | 3. Create and open the LUKS container:
10 |     ```bash
11 |     cryptsetup -yv luksFormat /dev/LUKS_PARTITION
12 |     cryptsetup open /dev/LUKS_PARTITION root
13 |     ```
14 | 4. Create and mount btrfs subvolumes:
15 |     ```bash
16 |     mkfs.btrfs -f /dev/mapper/root
17 | 
18 |     mount -m -o noatime,compress=zstd /dev/mapper/root /mnt
19 |     btrfs subvolume create /mnt/@data
20 |     btrfs subvolume create /mnt/@data/.snapshots
21 |     btrfs subvolume create /mnt/@cache
22 |     btrfs subvolume create /mnt/@cache/.snapshots
23 |     btrfs subvolume create /mnt/@nix
24 |     btrfs subvolume create /mnt/@swap
25 |     umount /mnt
26 | 
27 |     mount -m -o size=100%,mode=755 -t tmpfs tmpfs /mnt
28 |     mount -m -o noatime,compress=zstd,subvol=@data /dev/mapper/root /mnt/persistent/data
29 |     mount -m -o noatime,compress=zstd,subvol=@cache /dev/mapper/root /mnt/persistent/cache
30 |     mount -m -o noatime,compress=zstd,subvol=@nix /dev/mapper/root /mnt/nix
31 |     mount -m -o noatime,compress=zstd,subvol=@swap /dev/mapper/root /mnt/swap
32 |     ```
33 | 5. Create and activate swapfile:
34 |     ```bash
35 |     btrfs filesystem mkswapfile -s 16G /mnt/swap/swapfile
36 |     btrfs inspect-internal map-swapfile -r /mnt/swap/swapfile  # resume_offset
37 |     swapon /mnt/swap/swapfile
38 |     ```
39 | 6. Format and mount EFI system partition:
40 |     ```bash
41 |     mkfs.vfat /dev/EFI_PARTITION
42 |     mount -m -o umask=0077 /dev/EFI_PARTITION /mnt/boot
43 |     ```
44 | 7. Install git:
45 |     ```bash
46 |     nix-env -iA nixos.git
47 |     ```
48 | 8. Clone this repository:
49 |     ```bash
50 |     mkdir -p /mnt/persistent/data/home/felix/
51 |     cd /mnt/persistent/data/home/felix/
52 |     git clone https://github.com/Defelo/nixos.git
53 |     cd nixos
54 |     ```
55 | 9. Create a new or modify an existing host (don't forget to add new files to git).
56 | 10. Install the system and reboot:
57 |     ```bash
58 |     nixos-install --flake .#HOSTNAME --no-channel-copy --no-root-password
59 |     reboot
60 |     ```
61 | 


--------------------------------------------------------------------------------
/fetch.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | set -euo pipefail
4 | 
5 | path=$(nix eval --raw .#nixosConfigurations."$(cat /proc/sys/kernel/hostname)".config.system.build.toplevel.outPath)
6 | nix-store -r "$path"
7 | 


--------------------------------------------------------------------------------
/flake.lock:
--------------------------------------------------------------------------------
  1 | {
  2 |   "nodes": {
  3 |     "crane": {
  4 |       "locked": {
  5 |         "lastModified": 1731098351,
  6 |         "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
  7 |         "owner": "ipetkov",
  8 |         "repo": "crane",
  9 |         "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
 10 |         "type": "github"
 11 |       },
 12 |       "original": {
 13 |         "owner": "ipetkov",
 14 |         "repo": "crane",
 15 |         "type": "github"
 16 |       }
 17 |     },
 18 |     "fenix": {
 19 |       "inputs": {
 20 |         "nixpkgs": "nixpkgs",
 21 |         "rust-analyzer-src": "rust-analyzer-src"
 22 |       },
 23 |       "locked": {
 24 |         "lastModified": 1749192146,
 25 |         "narHash": "sha256-ZEpmRS5m692wzUhRSdBgSojaWR0EU0lqT9x0Bsb+2xY=",
 26 |         "owner": "nix-community",
 27 |         "repo": "fenix",
 28 |         "rev": "167c053888748278d52fba3c4bf3b8abaee72929",
 29 |         "type": "github"
 30 |       },
 31 |       "original": {
 32 |         "owner": "nix-community",
 33 |         "repo": "fenix",
 34 |         "type": "github"
 35 |       }
 36 |     },
 37 |     "flake-compat": {
 38 |       "flake": false,
 39 |       "locked": {
 40 |         "lastModified": 1696426674,
 41 |         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
 42 |         "owner": "edolstra",
 43 |         "repo": "flake-compat",
 44 |         "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
 45 |         "type": "github"
 46 |       },
 47 |       "original": {
 48 |         "owner": "edolstra",
 49 |         "repo": "flake-compat",
 50 |         "type": "github"
 51 |       }
 52 |     },
 53 |     "flake-parts": {
 54 |       "inputs": {
 55 |         "nixpkgs-lib": [
 56 |           "lanzaboote",
 57 |           "nixpkgs"
 58 |         ]
 59 |       },
 60 |       "locked": {
 61 |         "lastModified": 1730504689,
 62 |         "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
 63 |         "owner": "hercules-ci",
 64 |         "repo": "flake-parts",
 65 |         "rev": "506278e768c2a08bec68eb62932193e341f55c90",
 66 |         "type": "github"
 67 |       },
 68 |       "original": {
 69 |         "owner": "hercules-ci",
 70 |         "repo": "flake-parts",
 71 |         "type": "github"
 72 |       }
 73 |     },
 74 |     "flake-utils": {
 75 |       "inputs": {
 76 |         "systems": "systems"
 77 |       },
 78 |       "locked": {
 79 |         "lastModified": 1731533236,
 80 |         "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
 81 |         "owner": "numtide",
 82 |         "repo": "flake-utils",
 83 |         "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
 84 |         "type": "github"
 85 |       },
 86 |       "original": {
 87 |         "owner": "numtide",
 88 |         "repo": "flake-utils",
 89 |         "type": "github"
 90 |       }
 91 |     },
 92 |     "gitignore": {
 93 |       "inputs": {
 94 |         "nixpkgs": [
 95 |           "lanzaboote",
 96 |           "pre-commit-hooks-nix",
 97 |           "nixpkgs"
 98 |         ]
 99 |       },
100 |       "locked": {
101 |         "lastModified": 1709087332,
102 |         "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
103 |         "owner": "hercules-ci",
104 |         "repo": "gitignore.nix",
105 |         "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
106 |         "type": "github"
107 |       },
108 |       "original": {
109 |         "owner": "hercules-ci",
110 |         "repo": "gitignore.nix",
111 |         "type": "github"
112 |       }
113 |     },
114 |     "helix": {
115 |       "inputs": {
116 |         "nixpkgs": "nixpkgs_2",
117 |         "rust-overlay": "rust-overlay"
118 |       },
119 |       "locked": {
120 |         "lastModified": 1749248684,
121 |         "narHash": "sha256-5Upy6vLXAguCrd1alanuKc0XwAa+tQRWGeq+bDM0XXw=",
122 |         "owner": "helix-editor",
123 |         "repo": "helix",
124 |         "rev": "f4b488e380e28aa36a06ad400d6656fa864ba5b7",
125 |         "type": "github"
126 |       },
127 |       "original": {
128 |         "owner": "helix-editor",
129 |         "repo": "helix",
130 |         "type": "github"
131 |       }
132 |     },
133 |     "home-manager": {
134 |       "inputs": {
135 |         "nixpkgs": [
136 |           "nixpkgs"
137 |         ]
138 |       },
139 |       "locked": {
140 |         "lastModified": 1749243446,
141 |         "narHash": "sha256-P1gumhZN5N9q+39ndePHYrtwOwY1cGx+VoXGl+vTm7A=",
142 |         "owner": "nix-community",
143 |         "repo": "home-manager",
144 |         "rev": "2d7d65f65b61fdfce23278e59ca266ddd0ef0a36",
145 |         "type": "github"
146 |       },
147 |       "original": {
148 |         "owner": "nix-community",
149 |         "repo": "home-manager",
150 |         "type": "github"
151 |       }
152 |     },
153 |     "impermanence": {
154 |       "locked": {
155 |         "lastModified": 1737831083,
156 |         "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
157 |         "owner": "nix-community",
158 |         "repo": "impermanence",
159 |         "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
160 |         "type": "github"
161 |       },
162 |       "original": {
163 |         "owner": "nix-community",
164 |         "repo": "impermanence",
165 |         "type": "github"
166 |       }
167 |     },
168 |     "lanzaboote": {
169 |       "inputs": {
170 |         "crane": "crane",
171 |         "flake-compat": "flake-compat",
172 |         "flake-parts": "flake-parts",
173 |         "nixpkgs": [
174 |           "nixpkgs"
175 |         ],
176 |         "pre-commit-hooks-nix": "pre-commit-hooks-nix",
177 |         "rust-overlay": "rust-overlay_2"
178 |       },
179 |       "locked": {
180 |         "lastModified": 1737639419,
181 |         "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
182 |         "owner": "nix-community",
183 |         "repo": "lanzaboote",
184 |         "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
185 |         "type": "github"
186 |       },
187 |       "original": {
188 |         "owner": "nix-community",
189 |         "ref": "v0.4.2",
190 |         "repo": "lanzaboote",
191 |         "type": "github"
192 |       }
193 |     },
194 |     "nix-index-database": {
195 |       "inputs": {
196 |         "nixpkgs": [
197 |           "nixpkgs"
198 |         ]
199 |       },
200 |       "locked": {
201 |         "lastModified": 1748751003,
202 |         "narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
203 |         "owner": "Mic92",
204 |         "repo": "nix-index-database",
205 |         "rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
206 |         "type": "github"
207 |       },
208 |       "original": {
209 |         "owner": "Mic92",
210 |         "repo": "nix-index-database",
211 |         "type": "github"
212 |       }
213 |     },
214 |     "nix-vscode-extensions": {
215 |       "inputs": {
216 |         "flake-utils": "flake-utils",
217 |         "nixpkgs": "nixpkgs_3"
218 |       },
219 |       "locked": {
220 |         "lastModified": 1749261690,
221 |         "narHash": "sha256-cx/BC96wW+29joUehjHeERqEPxohHlMmPwYXXVORPZk=",
222 |         "owner": "nix-community",
223 |         "repo": "nix-vscode-extensions",
224 |         "rev": "5af3052a092b3b097f243d70a66b0484e000b423",
225 |         "type": "github"
226 |       },
227 |       "original": {
228 |         "owner": "nix-community",
229 |         "repo": "nix-vscode-extensions",
230 |         "type": "github"
231 |       }
232 |     },
233 |     "nixpkgs": {
234 |       "locked": {
235 |         "lastModified": 1748929857,
236 |         "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
237 |         "owner": "nixos",
238 |         "repo": "nixpkgs",
239 |         "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
240 |         "type": "github"
241 |       },
242 |       "original": {
243 |         "owner": "nixos",
244 |         "ref": "nixos-unstable",
245 |         "repo": "nixpkgs",
246 |         "type": "github"
247 |       }
248 |     },
249 |     "nixpkgs-stable": {
250 |       "locked": {
251 |         "lastModified": 1730741070,
252 |         "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
253 |         "owner": "NixOS",
254 |         "repo": "nixpkgs",
255 |         "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
256 |         "type": "github"
257 |       },
258 |       "original": {
259 |         "owner": "NixOS",
260 |         "ref": "nixos-24.05",
261 |         "repo": "nixpkgs",
262 |         "type": "github"
263 |       }
264 |     },
265 |     "nixpkgs_2": {
266 |       "locked": {
267 |         "lastModified": 1740560979,
268 |         "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
269 |         "owner": "nixos",
270 |         "repo": "nixpkgs",
271 |         "rev": "5135c59491985879812717f4c9fea69604e7f26f",
272 |         "type": "github"
273 |       },
274 |       "original": {
275 |         "owner": "nixos",
276 |         "ref": "nixos-unstable",
277 |         "repo": "nixpkgs",
278 |         "type": "github"
279 |       }
280 |     },
281 |     "nixpkgs_3": {
282 |       "locked": {
283 |         "lastModified": 1744868846,
284 |         "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
285 |         "owner": "NixOS",
286 |         "repo": "nixpkgs",
287 |         "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
288 |         "type": "github"
289 |       },
290 |       "original": {
291 |         "owner": "NixOS",
292 |         "repo": "nixpkgs",
293 |         "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
294 |         "type": "github"
295 |       }
296 |     },
297 |     "nixpkgs_4": {
298 |       "locked": {
299 |         "lastModified": 1749143949,
300 |         "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
301 |         "owner": "NixOS",
302 |         "repo": "nixpkgs",
303 |         "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
304 |         "type": "github"
305 |       },
306 |       "original": {
307 |         "owner": "NixOS",
308 |         "ref": "nixos-unstable",
309 |         "repo": "nixpkgs",
310 |         "type": "github"
311 |       }
312 |     },
313 |     "nixpkgs_5": {
314 |       "locked": {
315 |         "lastModified": 1744868846,
316 |         "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
317 |         "owner": "NixOS",
318 |         "repo": "nixpkgs",
319 |         "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
320 |         "type": "github"
321 |       },
322 |       "original": {
323 |         "owner": "NixOS",
324 |         "ref": "nixpkgs-unstable",
325 |         "repo": "nixpkgs",
326 |         "type": "github"
327 |       }
328 |     },
329 |     "pre-commit-hooks-nix": {
330 |       "inputs": {
331 |         "flake-compat": [
332 |           "lanzaboote",
333 |           "flake-compat"
334 |         ],
335 |         "gitignore": "gitignore",
336 |         "nixpkgs": [
337 |           "lanzaboote",
338 |           "nixpkgs"
339 |         ],
340 |         "nixpkgs-stable": "nixpkgs-stable"
341 |       },
342 |       "locked": {
343 |         "lastModified": 1731363552,
344 |         "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
345 |         "owner": "cachix",
346 |         "repo": "pre-commit-hooks.nix",
347 |         "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
348 |         "type": "github"
349 |       },
350 |       "original": {
351 |         "owner": "cachix",
352 |         "repo": "pre-commit-hooks.nix",
353 |         "type": "github"
354 |       }
355 |     },
356 |     "root": {
357 |       "inputs": {
358 |         "fenix": "fenix",
359 |         "helix": "helix",
360 |         "home-manager": "home-manager",
361 |         "impermanence": "impermanence",
362 |         "lanzaboote": "lanzaboote",
363 |         "nix-index-database": "nix-index-database",
364 |         "nix-vscode-extensions": "nix-vscode-extensions",
365 |         "nixpkgs": "nixpkgs_4",
366 |         "sops-nix": "sops-nix"
367 |       }
368 |     },
369 |     "rust-analyzer-src": {
370 |       "flake": false,
371 |       "locked": {
372 |         "lastModified": 1749133384,
373 |         "narHash": "sha256-nKbHae8x2v2IMg1Rd3e5OrRPk5lxAqcvPkIM3fYtB90=",
374 |         "owner": "rust-lang",
375 |         "repo": "rust-analyzer",
376 |         "rev": "d5665e5ca79135a753f853b5a0e2f33f8f263a0b",
377 |         "type": "github"
378 |       },
379 |       "original": {
380 |         "owner": "rust-lang",
381 |         "ref": "nightly",
382 |         "repo": "rust-analyzer",
383 |         "type": "github"
384 |       }
385 |     },
386 |     "rust-overlay": {
387 |       "inputs": {
388 |         "nixpkgs": [
389 |           "helix",
390 |           "nixpkgs"
391 |         ]
392 |       },
393 |       "locked": {
394 |         "lastModified": 1740623427,
395 |         "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
396 |         "owner": "oxalica",
397 |         "repo": "rust-overlay",
398 |         "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
399 |         "type": "github"
400 |       },
401 |       "original": {
402 |         "owner": "oxalica",
403 |         "repo": "rust-overlay",
404 |         "type": "github"
405 |       }
406 |     },
407 |     "rust-overlay_2": {
408 |       "inputs": {
409 |         "nixpkgs": [
410 |           "lanzaboote",
411 |           "nixpkgs"
412 |         ]
413 |       },
414 |       "locked": {
415 |         "lastModified": 1731897198,
416 |         "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
417 |         "owner": "oxalica",
418 |         "repo": "rust-overlay",
419 |         "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
420 |         "type": "github"
421 |       },
422 |       "original": {
423 |         "owner": "oxalica",
424 |         "repo": "rust-overlay",
425 |         "type": "github"
426 |       }
427 |     },
428 |     "sops-nix": {
429 |       "inputs": {
430 |         "nixpkgs": "nixpkgs_5"
431 |       },
432 |       "locked": {
433 |         "lastModified": 1747603214,
434 |         "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
435 |         "owner": "Mic92",
436 |         "repo": "sops-nix",
437 |         "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
438 |         "type": "github"
439 |       },
440 |       "original": {
441 |         "owner": "Mic92",
442 |         "repo": "sops-nix",
443 |         "type": "github"
444 |       }
445 |     },
446 |     "systems": {
447 |       "locked": {
448 |         "lastModified": 1681028828,
449 |         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
450 |         "owner": "nix-systems",
451 |         "repo": "default",
452 |         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
453 |         "type": "github"
454 |       },
455 |       "original": {
456 |         "owner": "nix-systems",
457 |         "repo": "default",
458 |         "type": "github"
459 |       }
460 |     }
461 |   },
462 |   "root": "root",
463 |   "version": 7
464 | }
465 | 


--------------------------------------------------------------------------------
/flake.nix:
--------------------------------------------------------------------------------
  1 | {
  2 |   inputs = {
  3 |     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  4 |     # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
  5 |     # nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
  6 |     home-manager = {
  7 |       url = "github:nix-community/home-manager";
  8 |       inputs.nixpkgs.follows = "nixpkgs";
  9 |     };
 10 |     sops-nix.url = "github:Mic92/sops-nix";
 11 |     impermanence.url = "github:nix-community/impermanence";
 12 |     nix-index-database = {
 13 |       url = "github:Mic92/nix-index-database";
 14 |       inputs.nixpkgs.follows = "nixpkgs";
 15 |     };
 16 |     helix.url = "github:helix-editor/helix";
 17 |     fenix.url = "github:nix-community/fenix";
 18 |     nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
 19 |     lanzaboote = {
 20 |       url = "github:nix-community/lanzaboote/v0.4.2";
 21 |       inputs.nixpkgs.follows = "nixpkgs";
 22 |     };
 23 |   };
 24 | 
 25 |   outputs =
 26 |     {
 27 |       self,
 28 |       nixpkgs,
 29 |       home-manager,
 30 |       ...
 31 |     }@inputs:
 32 |     let
 33 |       inherit (nixpkgs) lib;
 34 | 
 35 |       eachDefaultSystem = lib.genAttrs [
 36 |         "x86_64-linux"
 37 |         "aarch64-linux"
 38 |       ];
 39 | 
 40 |       importNixpkgs =
 41 |         system: nixpkgs:
 42 |         let
 43 |           config.allowUnfreePredicate =
 44 |             pkg:
 45 |             builtins.elem (lib.getName pkg) [
 46 |               "discord-canary"
 47 |               "obsidian"
 48 |               "steam"
 49 |               "steam-unwrapped"
 50 |               "steam-original"
 51 |               "steam-run"
 52 |               "spotify"
 53 |             ];
 54 |         in
 55 |         import nixpkgs { inherit system config; };
 56 | 
 57 |       extra-pkgs =
 58 |         system:
 59 |         lib.pipe inputs [
 60 |           (lib.filterAttrs (k: _: lib.hasPrefix "nixpkgs-" k))
 61 |           (lib.mapAttrs' (
 62 |             k: v: {
 63 |               name = lib.removePrefix "nix" k;
 64 |               value = importNixpkgs system v;
 65 |             }
 66 |           ))
 67 |         ];
 68 | 
 69 |       getSystemFromHardwareConfiguration =
 70 |         hostName:
 71 |         let
 72 |           f = import ./hosts/${hostName}/hardware-configuration.nix;
 73 |           args = builtins.functionArgs f // {
 74 |             lib.mkDefault = lib.id;
 75 |           };
 76 |         in
 77 |         (f args).nixpkgs.hostPlatform;
 78 | 
 79 |       mkHost =
 80 |         name: system:
 81 |         lib.nixosSystem {
 82 |           inherit system;
 83 |           pkgs = importNixpkgs system nixpkgs;
 84 |           specialArgs = inputs // (extra-pkgs system);
 85 |           modules = [
 86 |             ./hosts/${name}
 87 |             ./hosts/${name}/hardware-configuration.nix
 88 |             ./system
 89 |             { networking.hostName = name; }
 90 |           ];
 91 |         };
 92 |     in
 93 |     {
 94 |       nixosConfigurations = lib.pipe ./hosts [
 95 |         builtins.readDir
 96 |         (lib.filterAttrs (_: type: type == "directory"))
 97 |         (builtins.mapAttrs (name: _: mkHost name (getSystemFromHardwareConfiguration name)))
 98 |       ];
 99 | 
100 |       packages = eachDefaultSystem (
101 |         system:
102 |         let
103 |           pkgs = importNixpkgs system nixpkgs;
104 |         in
105 |         import ./scripts pkgs
106 |         // {
107 |           checks =
108 |             let
109 |               packages = pkgs.linkFarm "nixos-checks-packages" (
110 |                 lib.removeAttrs self.packages.${system} [ "checks" ]
111 |               );
112 |               hosts = pkgs.linkFarm "nixos-checks-hosts" (
113 |                 lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations
114 |               );
115 |             in
116 |             pkgs.linkFarmFromDrvs "nixos-checks" [
117 |               packages
118 |               hosts
119 |             ];
120 |         }
121 |       );
122 | 
123 |       formatter = eachDefaultSystem (
124 |         system:
125 |         let
126 |           pkgs = nixpkgs.legacyPackages.${system};
127 |         in
128 |         pkgs.treefmt.withConfig {
129 |           settings = lib.mkMerge [
130 |             ./treefmt.nix
131 |             { _module.args = { inherit pkgs; }; }
132 |           ];
133 |         }
134 |       );
135 |     };
136 | }
137 | 


--------------------------------------------------------------------------------
/home/aerc.nix:
--------------------------------------------------------------------------------
 1 | { conf, ... }:
 2 | {
 3 |   programs.aerc = {
 4 |     enable = true;
 5 |     extraConfig = {
 6 |       ui = {
 7 |         fuzzy-complete = true;
 8 |         message-list-split = "h 20";
 9 |         threading-enabled = true;
10 |         reverse-thread-order = true;
11 |         dirlist-tree = true;
12 |       };
13 | 
14 |       hooks.mail-received = ''dunstify "[$AERC_ACCOUNT] New mail from $AERC_FROM_NAME" "$AERC_SUBJECT"'';
15 | 
16 |       filters = {
17 |         "text/plain" = "colorize";
18 |         "text/calendar" = "calendar";
19 |         "message/delivery-status" = "colorize";
20 |         "message/rfc822" = "colorize";
21 |         "text/html" = "! html";
22 |         ".headers" = "colorize";
23 |       };
24 |     };
25 |     extraBinds = { };
26 |   };
27 | 
28 |   sops.secrets."aerc/accounts" = {
29 |     format = "binary";
30 |     sopsFile = ../secrets/aerc/accounts.conf;
31 |     path = "/home/${conf.user}/.config/aerc/accounts.conf";
32 |   };
33 | }
34 | 


--------------------------------------------------------------------------------
/home/alacritty.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   programs.alacritty = {
 3 |     enable = true;
 4 |     settings = {
 5 |       env.TERM = "xterm-256color";
 6 |       window = {
 7 |         # opacity = 0.8;
 8 |         title = "Alacritty";
 9 |         dynamic_title = false;
10 |       };
11 |       font = {
12 |         normal.family = "MesloLGS NF";
13 |         bold.family = "MesloLGS NF";
14 |         italic.family = "MesloLGS NF";
15 |         bold_italic.family = "MesloLGS NF";
16 |         size = 10;
17 |       };
18 |     };
19 |   };
20 | }
21 | 


--------------------------------------------------------------------------------
/home/clipman.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   home.packages = [ pkgs.clipman ];
 4 | 
 5 |   # https://github.com/nix-community/home-manager/blob/master/modules/services/clipman.nix
 6 |   systemd.user.services.clipman = {
 7 |     Unit = {
 8 |       Description = "Clipboard management daemon";
 9 |       PartOf = [ "graphical-session.target" ];
10 |       After = [ "graphical-session.target" ];
11 |     };
12 | 
13 |     Service = {
14 |       ExecStart = "${pkgs.wl-clipboard}/bin/wl-paste -t text --watch ${pkgs.clipman}/bin/clipman store --max-items=200";
15 |       ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR2 $MAINPID";
16 |       Restart = "on-failure";
17 |       KillMode = "mixed";
18 |     };
19 | 
20 |     Install.WantedBy = [ "graphical-session.target" ];
21 |   };
22 | }
23 | 


--------------------------------------------------------------------------------
/home/common.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   home.sessionPath = [
 3 |     "$HOME/.local/bin"
 4 |     "$HOME/.cargo/bin"
 5 |   ];
 6 | 
 7 |   home.sessionVariables = {
 8 |     EDITOR = "hx";
 9 |     VISUAL = "hx";
10 |     PAGER = "less -FRX";
11 |   };
12 | 
13 |   systemd.user.startServices = "sd-switch";
14 | 
15 |   home.stateVersion = "22.11";
16 | }
17 | 


--------------------------------------------------------------------------------
/home/default.nix:
--------------------------------------------------------------------------------
 1 | let
 2 |   common = [
 3 |     ./common.nix
 4 | 
 5 |     ./direnv.nix
 6 |     ./fzf.nix
 7 |     ./helix
 8 |     ./nix-index.nix
 9 |     ./tmux.nix
10 |     ./zoxide.nix
11 |     ./zsh
12 |   ];
13 | in
14 | {
15 |   user = common ++ [
16 |     ./aerc.nix
17 |     ./alacritty.nix
18 |     ./clipman.nix
19 |     ./dunst.nix
20 |     ./gammastep.nix
21 |     ./git.nix
22 |     ./gpg.nix
23 |     ./helix/full.nix
24 |     ./hyfetch.nix
25 |     ./jujutsu.nix
26 |     ./niri
27 |     ./ntfy.nix
28 |     ./packages.nix
29 |     ./pass.nix
30 |     ./playerctld.nix
31 |     ./programming
32 |     ./rofi
33 |     ./sops.nix
34 |     ./ssh.nix
35 |     ./syncthing.nix
36 |     ./theme.nix
37 |     ./vscodium.nix
38 |     ./waybar.nix
39 |     ./xournalpp
40 |     ./yubikey.nix
41 |     ./zsh/full.nix
42 |   ];
43 | 
44 |   root = common;
45 | }
46 | 


--------------------------------------------------------------------------------
/home/direnv.nix:
--------------------------------------------------------------------------------
1 | {
2 |   programs.direnv = {
3 |     enable = true;
4 |     nix-direnv.enable = true;
5 |   };
6 | }
7 | 


--------------------------------------------------------------------------------
/home/dunst.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   services.dunst = {
 4 |     enable = true;
 5 |     settings =
 6 |       let
 7 |         transparency = "DD";
 8 |       in
 9 |       {
10 |         global = {
11 |           follow = "mouse";
12 |           width = 300;
13 |           height = 300;
14 |           origin = "top-right";
15 |           offset = "10x50";
16 |           scale = 0;
17 |           notification_limit = 0;
18 | 
19 |           indicate_hidden = true;
20 |           separator_height = 2;
21 |           padding = 6;
22 |           horizontal_padding = 6;
23 |           text_icon_padding = 0;
24 |           frame_width = 3;
25 |           frame_color = "#8EC07C${transparency}";
26 |           sort = true;
27 |           idle_threshold = 0;
28 | 
29 |           font = "Meslo Nerd Font 11";
30 |           line_height = 3;
31 |           markup = "full";
32 |           format = "<b>%s</b>\\n%b";
33 |           alignment = "center";
34 |           vertical_alignment = "top";
35 |           show_age_threshold = 10;
36 |           ellipsize = "middle";
37 |           ignore_newline = false;
38 |           stack_duplicates = true;
39 |           hide_duplicate_count = false;
40 |           show_indicators = true;
41 | 
42 |           icon_position = "left";
43 |           min_icon_size = 0;
44 |           max_icon_size = 32;
45 | 
46 |           sticky_history = true;
47 |           history_length = 10000;
48 | 
49 |           dmenu = "${pkgs.rofi}/bin/rofi -dmenu";
50 |           browser = "xdg-open";
51 |           always_run_script = true;
52 |           title = "Dunst";
53 |           class = "Dunst";
54 |           corner_radius = 0;
55 | 
56 |           mouse_left_click = "close_current";
57 |           mouse_middle_click = "do_action, close_current";
58 |           mouse_right_click = "close_all";
59 |         };
60 | 
61 |         urgency_low = {
62 |           background = "#191311${transparency}";
63 |           foreground = "#3B7C87${transparency}";
64 |           frame_color = "#3B7C87${transparency}";
65 |           timeout = 10;
66 |         };
67 |         urgency_normal = {
68 |           background = "#191311${transparency}";
69 |           foreground = "#5B8234${transparency}";
70 |           frame_color = "#5B8234${transparency}";
71 |           timeout = 10;
72 |         };
73 |         urgency_critical = {
74 |           background = "#191311${transparency}";
75 |           foreground = "#B7472A${transparency}";
76 |           frame_color = "#B7472A${transparency}";
77 |           timeout = 0;
78 |         };
79 |       };
80 |   };
81 | }
82 | 


--------------------------------------------------------------------------------
/home/fzf.nix:
--------------------------------------------------------------------------------
1 | {
2 |   programs.fzf = {
3 |     enable = true;
4 |   };
5 | }
6 | 


--------------------------------------------------------------------------------
/home/gammastep.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   services.gammastep = {
 3 |     enable = true;
 4 |     provider = "geoclue2";
 5 |     temperature = {
 6 |       day = 6500;
 7 |       night = 4000;
 8 |     };
 9 |     settings.general = {
10 |       brightness-day = 1.0;
11 |       brightness-night = 1.0;
12 |     };
13 |   };
14 | }
15 | 


--------------------------------------------------------------------------------
/home/git.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | 
 3 | {
 4 |   programs.git = {
 5 |     enable = true;
 6 |     package = pkgs.gitFull;
 7 |     userName = "Defelo";
 8 |     userEmail = "mail@defelo.de";
 9 |     difftastic.enable = true;
10 |     ignores = [
11 |       ".direnv"
12 |       ".devenv"
13 |       "result"
14 |       "result-*"
15 |       "repl-result-*"
16 |     ];
17 |     extraConfig = {
18 |       init.defaultBranch = "main";
19 |       push.default = "upstream";
20 |       rerere.enabled = true;
21 |       merge.conflictStyle = "zdiff3";
22 |       diff.algorithm = "histogram";
23 |       diff.submodule = "log";
24 |       diff.sopsdiffer.textconv =
25 |         let
26 |           conf = builtins.toFile "sops.yaml" (
27 |             builtins.toJSON {
28 |               creation_rules = [
29 |                 { key_groups = [ { pgp = [ "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64" ]; } ]; }
30 |               ];
31 |             }
32 |           );
33 |         in
34 |         "${pkgs.sops}/bin/sops --config ${conf} -d";
35 |       sendemail = {
36 |         smtpserver = "mail.defelo.de";
37 |         smtpuser = "mail@defelo.de";
38 |         smtpencryption = "ssl";
39 |         smtpserverport = 465;
40 |         annotate = true;
41 |       };
42 |       credential."smtp://mail.defelo.de:465".helper =
43 |         let
44 |           helper = pkgs.writeShellScript "git-credential-helper" ''
45 |             [[ "$1" = get ]] || exit 1
46 |             pw=$(pass email/mail@defelo.de)
47 |             echo "password=$pw"
48 |           '';
49 |         in
50 |         ''!${helper} "$@"'';
51 |     };
52 |   };
53 | }
54 | 


--------------------------------------------------------------------------------
/home/gpg.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   programs.gpg = {
 4 |     enable = true;
 5 |     settings.trust-model = "tofu+pgp";
 6 |     scdaemonSettings = {
 7 |       disable-ccid = true;
 8 |       pcsc-driver = "${pkgs.pcsclite.lib}/lib/libpcsclite.so.1";
 9 |       card-timeout = "1";
10 |       reader-port = "Yubico YubiKey";
11 |     };
12 |   };
13 | 
14 |   services.gpg-agent = {
15 |     enable = true;
16 |     pinentry.package = pkgs.pinentry-gnome3;
17 |     enableSshSupport = true;
18 |     sshKeys = [ "D2277B1C3C924964972148EF590B9F083697F9A8" ];
19 |     enableExtraSocket = true;
20 |   };
21 | }
22 | 


--------------------------------------------------------------------------------
/home/helix/default.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, helix, ... }:
 2 | {
 3 |   programs.helix = {
 4 |     enable = true;
 5 |     package = helix.packages.${pkgs.system}.default;
 6 |     settings = {
 7 |       theme = "dark_plus";
 8 |       editor = {
 9 |         line-number = "relative";
10 |         mouse = false;
11 |         cursorline = true;
12 |         cursor-shape = {
13 |           insert = "bar";
14 |           normal = "block";
15 |           select = "underline";
16 |         };
17 |         file-picker = {
18 |           hidden = false;
19 |         };
20 |         statusline = {
21 |           left = [
22 |             "mode"
23 |             "spinner"
24 |           ];
25 |           center = [
26 |             "file-name"
27 |             "read-only-indicator"
28 |             "file-modification-indicator"
29 |           ];
30 |           right = [
31 |             "version-control"
32 |             "diagnostics"
33 |             "selections"
34 |             "register"
35 |             "position"
36 |             "position-percentage"
37 |             "file-encoding"
38 |             "file-line-ending"
39 |             "file-type"
40 |           ];
41 |           separator = "|";
42 |         };
43 |         lsp = {
44 |           display-messages = true;
45 |           display-inlay-hints = true;
46 |         };
47 |         indent-guides = {
48 |           render = true;
49 |         };
50 |         idle-timeout = 0;
51 |         bufferline = "always";
52 |         soft-wrap = {
53 |           enable = true;
54 |         };
55 |         inline-diagnostics = {
56 |           cursor-line = "hint";
57 |           other-lines = "warning";
58 |         };
59 |       };
60 |       keys = {
61 |         normal = {
62 |           "0" = "goto_line_start";
63 |           "$" = "goto_line_end";
64 |           "G" = "goto_last_line";
65 |           "C-h" = "jump_view_left";
66 |           "C-j" = "jump_view_down";
67 |           "C-k" = "jump_view_up";
68 |           "C-l" = "jump_view_right";
69 |           "ö" = "goto_word";
70 |         };
71 |         select = {
72 |           "0" = "goto_line_start";
73 |           "$" = "goto_line_end";
74 |           "G" = "goto_last_line";
75 |           "ö" = "extend_to_word";
76 |         };
77 |         insert = {
78 |           "C-space" = "completion";
79 |         };
80 |       };
81 |     };
82 |   };
83 | }
84 | 


--------------------------------------------------------------------------------
/home/helix/full.nix:
--------------------------------------------------------------------------------
 1 | { lib, pkgs, ... }:
 2 | {
 3 |   imports = [ ./. ];
 4 | 
 5 |   programs.helix.languages = {
 6 |     language-server = {
 7 |       rust-analyzer = {
 8 |         config = {
 9 |           checkOnSave.command = "clippy";
10 |           cargo.features = "all";
11 |           cargo.unsetTest = [ ];
12 |         };
13 |       };
14 |       pyright = {
15 |         command = "${pkgs.pyright}/bin/pyright-langserver";
16 |         args = [ "--stdio" ];
17 |         config = { };
18 |       };
19 |       nil.command = "${pkgs.nil}/bin/nil";
20 |       bash-language-server = {
21 |         command = "${pkgs.bash-language-server}/bin/bash-language-server";
22 |         args = [ "start" ];
23 |       };
24 |       uiua = {
25 |         command = "${pkgs.uiua}/bin/uiua";
26 |         args = [ "lsp" ];
27 |       };
28 |       haskell = {
29 |         command = "${pkgs.haskell-language-server}/bin/haskell-language-server-wrapper";
30 |         args = [ "lsp" ];
31 |       };
32 |     };
33 |     language = [
34 |       {
35 |         name = "python";
36 |         auto-format = true;
37 |         language-servers = [ { name = "pyright"; } ];
38 |         formatter = {
39 |           command = "/bin/sh";
40 |           args = [
41 |             "-c"
42 |             "${pkgs.isort}/bin/isort - | ${pkgs.black}/bin/black -q -l 120 -C -"
43 |           ];
44 |         };
45 |       }
46 |       {
47 |         name = "nix";
48 |         auto-format = true;
49 |         language-servers = [ { name = "nil"; } ];
50 |         formatter = {
51 |           command = lib.getExe pkgs.nixfmt-rfc-style;
52 |           args = [ "-s" ];
53 |         };
54 |       }
55 |       # {
56 |       #   name = "latex";
57 |       #   auto-format = true;
58 |       #   language-server.command = "${pkgs.texlab}/bin/texlab";
59 |       # }
60 |       {
61 |         name = "bash";
62 |         auto-format = true;
63 |       }
64 |       {
65 |         name = "uiua";
66 |         scope = "source.uiua";
67 |         injection-regex = "uiua";
68 |         file-types = [ "ua" ];
69 |         roots = [ ];
70 |         auto-format = true;
71 |         comment-token = "#";
72 |         language-servers = [ { name = "uiua"; } ];
73 |         indent = {
74 |           tab-width = 2;
75 |           unit = "  ";
76 |         };
77 |         shebangs = [ "uiua" ];
78 |       }
79 |       {
80 |         name = "haskell";
81 |         auto-format = true;
82 |         language-servers = [ { name = "haskell"; } ];
83 |         formatter = {
84 |           command = "${pkgs.ormolu}/bin/ormolu";
85 |           args = [ "--no-cabal" ];
86 |         };
87 |       }
88 |     ];
89 |   };
90 | }
91 | 


--------------------------------------------------------------------------------
/home/hyfetch.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   programs.hyfetch = {
 3 |     enable = true;
 4 |     settings = {
 5 |       preset = "rainbow";
 6 |       mode = "rgb";
 7 |       light_dark = "dark";
 8 |       lightness = 0.65;
 9 |       color_align.mode = "horizontal";
10 |       backend = "fastfetch";
11 |     };
12 |   };
13 | 
14 |   programs.fastfetch.enable = true;
15 | }
16 | 


--------------------------------------------------------------------------------
/home/jujutsu.nix:
--------------------------------------------------------------------------------
 1 | { lib, pkgs, ... }:
 2 | 
 3 | {
 4 |   programs.jujutsu = {
 5 |     enable = true;
 6 |     settings = {
 7 |       user = {
 8 |         name = "Defelo";
 9 |         email = "mail@defelo.de";
10 |       };
11 |       signing = {
12 |         behavior = "drop";
13 |         backend = "gpg";
14 |       };
15 |       ui = {
16 |         default-command = [ "log" ];
17 |         show-cryptographic-signatures = true;
18 |         diff-formatter = [
19 |           (lib.getExe pkgs.difftastic)
20 |           "--color=always"
21 |           "--background=light"
22 |           "--display=side-by-side"
23 |           "$left"
24 |           "$right"
25 |         ];
26 |         diff-editor = ":builtin";
27 |       };
28 |       git = {
29 |         sign-on-push = true;
30 |         private-commits = "private()";
31 |       };
32 |       templates = {
33 |         log = "builtin_log_comfortable";
34 |       };
35 |       revset-aliases = {
36 |         "private()" = ''subject(regex:"^(private|wip)(:|$)")'';
37 |       };
38 |     };
39 |   };
40 | }
41 | 


--------------------------------------------------------------------------------
/home/niri/config.kdl:
--------------------------------------------------------------------------------
  1 | environment {
  2 |     SDL_VIDEODRIVER "wayland"
  3 |     QT_QPA_PLATFORM "wayland"
  4 |     QT_WAYLAND_DISABLE_WINDOWDECORATION "1"
  5 |     _JAVA_AWT_WM_NONREPARENTING "1"
  6 |     MOZ_ENABLE_WAYLAND "1"
  7 |     XDG_CURRENT_DESKTOP "niri"
  8 |     XDG_SESSION_DESKTOP "niri"
  9 |     NIXOS_OZONE_WL "1"
 10 |     DISPLAY ":0"
 11 | }
 12 | 
 13 | input {
 14 |     keyboard {
 15 |         xkb {
 16 |             layout "de,us,epo"
 17 |             options "grp:shifts_toggle"
 18 |             variant "nodeadkeys,,"
 19 |         }
 20 |     }
 21 | 
 22 |     touchpad {
 23 |         tap
 24 |         natural-scroll
 25 |     }
 26 | 
 27 |     tablet {
 28 |         map-to-output "eDP-1"
 29 |     }
 30 | 
 31 |     focus-follows-mouse max-scroll-amount="0%"
 32 |     disable-power-key-handling
 33 | }
 34 | 
 35 | output "eDP-1" {
 36 |     mode "2560x1600"
 37 |     position x=0 y=0
 38 |     scale 1.25
 39 | }
 40 | 
 41 | output "HDMI-A-1" {
 42 |     mode "1280x1024"
 43 |     position x=-1280 y=0
 44 |     scale 1
 45 | }
 46 | 
 47 | layout {
 48 |     gaps 0
 49 | 
 50 |     center-focused-column "never"
 51 | 
 52 |     preset-column-widths {
 53 |         proportion 0.33333
 54 |         proportion 0.5
 55 |         proportion 0.66667
 56 |     }
 57 | 
 58 |     default-column-width { proportion 0.5; }
 59 | 
 60 |     focus-ring { off; }
 61 | 
 62 |     border { off; }
 63 | }
 64 | 
 65 | prefer-no-csd
 66 | 
 67 | screenshot-path null
 68 | 
 69 | binds {
 70 |     Mod+Return { spawn "alacritty" "-e" "sh" "-c" "tmux new -d -- && tmux set-option detach-on-destroy on && exec tmux a"; }
 71 |     Mod+Shift+Return { spawn "alacritty"; }
 72 | 
 73 |     Mod+D { spawn "rofi" "-combi-modi" "drun,ssh,run" "-modi" "combi" "-show" "combi" "-show-icons"; }
 74 |     Mod+Shift+Y { spawn @lock-command@; }
 75 | 
 76 |     XF86AudioRaiseVolume       { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; }
 77 |     XF86AudioLowerVolume       { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05-"; }
 78 |     XF86AudioMute              { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; }
 79 |     XF86AudioMicMute           { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"; }
 80 |     Shift+XF86AudioRaiseVolume { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SOURCE@" "0.05+"; }
 81 |     Shift+XF86AudioLowerVolume { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SOURCE@" "0.05-"; }
 82 | 
 83 |     XF86AudioPlay { spawn "playerctl" "play-pause"; }
 84 |     XF86AudioStop { spawn "playerctl" "stop"; }
 85 |     XF86AudioNext { spawn "playerctl" "next"; }
 86 |     XF86AudioPrev { spawn "playerctl" "previous"; }
 87 | 
 88 |     XF86MonBrightnessUp         { spawn "light" "-A" "5"; }
 89 |     XF86MonBrightnessDown       { spawn "light" "-U" "5"; }
 90 |     Shift+XF86MonBrightnessUp   { spawn "light" "-A" "1"; }
 91 |     Shift+XF86MonBrightnessDown { spawn "light" "-U" "1"; }
 92 | 
 93 |     Mod+Shift+Q { close-window; }
 94 | 
 95 |     Mod+H     { focus-column-or-monitor-left; }
 96 |     Mod+J     { focus-window-or-workspace-down; }
 97 |     Mod+K     { focus-window-or-workspace-up; }
 98 |     Mod+L     { focus-column-or-monitor-right; }
 99 | 
100 |     Mod+Shift+H     { move-column-left-or-to-monitor-left; }
101 |     Mod+Shift+J     { move-window-down-or-to-workspace-down; }
102 |     Mod+Shift+K     { move-window-up-or-to-workspace-up; }
103 |     Mod+Shift+L     { move-column-right-or-to-monitor-right; }
104 | 
105 |     Mod+Ctrl+H     { focus-monitor-left; }
106 |     Mod+Ctrl+J     { focus-monitor-down; }
107 |     Mod+Ctrl+K     { focus-monitor-up; }
108 |     Mod+Ctrl+L     { focus-monitor-right; }
109 | 
110 |     Mod+Ctrl+Shift+H     { move-column-to-monitor-left; }
111 |     Mod+Ctrl+Shift+J     { move-column-to-monitor-down; }
112 |     Mod+Ctrl+Shift+K     { move-column-to-monitor-up; }
113 |     Mod+Ctrl+Shift+L     { move-column-to-monitor-right; }
114 | 
115 |     Mod+N       { focus-workspace-down; }
116 |     Mod+P       { focus-workspace-up; }
117 |     Mod+Shift+N { move-column-to-workspace-down; }
118 |     Mod+Shift+P { move-column-to-workspace-up; }
119 |     Mod+Ctrl+N  { move-workspace-down; }
120 |     Mod+Ctrl+P  { move-workspace-up; }
121 | 
122 |     Mod+1 { focus-workspace 1; }
123 |     Mod+2 { focus-workspace 2; }
124 |     Mod+3 { focus-workspace 3; }
125 |     Mod+4 { focus-workspace 4; }
126 |     Mod+5 { focus-workspace 5; }
127 |     Mod+6 { focus-workspace 6; }
128 |     Mod+7 { focus-workspace 7; }
129 |     Mod+8 { focus-workspace 8; }
130 |     Mod+9 { focus-workspace 9; }
131 |     Mod+0 { focus-workspace 10; }
132 |     Mod+Ctrl+1 { move-column-to-workspace 1; }
133 |     Mod+Ctrl+2 { move-column-to-workspace 2; }
134 |     Mod+Ctrl+3 { move-column-to-workspace 3; }
135 |     Mod+Ctrl+4 { move-column-to-workspace 4; }
136 |     Mod+Ctrl+5 { move-column-to-workspace 5; }
137 |     Mod+Ctrl+6 { move-column-to-workspace 6; }
138 |     Mod+Ctrl+7 { move-column-to-workspace 7; }
139 |     Mod+Ctrl+8 { move-column-to-workspace 8; }
140 |     Mod+Ctrl+9 { move-column-to-workspace 9; }
141 |     Mod+Ctrl+0 { move-column-to-workspace 10; }
142 | 
143 |     Mod+Tab { focus-workspace-previous; }
144 | 
145 |     Mod+I  { consume-or-expel-window-left; }
146 |     Mod+O { consume-or-expel-window-right; }
147 | 
148 |     Mod+R { switch-preset-column-width; }
149 |     Mod+Shift+R { switch-preset-window-height; }
150 |     Mod+Ctrl+R { reset-window-height; }
151 |     Mod+F { maximize-column; }
152 |     Mod+Shift+F { fullscreen-window; }
153 |     Mod+C { center-column; }
154 | 
155 |     Mod+Minus { set-column-width "-10%"; }
156 |     Mod+Plus { set-column-width "+10%"; }
157 | 
158 |     Mod+Shift+Minus { set-window-height "-10%"; }
159 |     Mod+Shift+Plus { set-window-height "+10%"; }
160 | 
161 |     Mod+Space { switch-focus-between-floating-and-tiling; }
162 |     Mod+Shift+Space { toggle-window-floating; }
163 |     Mod+Ctrl+Space { toggle-overview; }
164 | 
165 |     Mod+Numbersign       { screenshot; }
166 |     Mod+Shift+Numbersign { screenshot-window; }
167 |     Mod+Ctrl+Numbersign  { screenshot-screen; }
168 | 
169 |     Mod+KP_Add       { spawn "dunstctl" "set-paused" "toggle"; }
170 |     Mod+Comma        { spawn "dunstctl" "close"; }
171 |     Mod+Shift+Comma  { spawn "dunstctl" "close-all"; }
172 |     Mod+Shift+Period { spawn "dunstctl" "history-pop"; }
173 |     Mod+Period       { spawn "dunstctl" "context"; }
174 | 
175 |     Mod+M       { spawn "clipman" "pick" "-t" "rofi"; }
176 |     Mod+Shift+M { spawn "clipman" "clear" "-t" "rofi"; }
177 |     Mod+Ctrl+M  { spawn "@rofipass-command@"; }
178 | 
179 |     Mod+Shift+E { quit; }
180 | }
181 | 
182 | cursor {
183 |     hide-when-typing
184 | }
185 | 
186 | hotkey-overlay {
187 |     skip-at-startup
188 | }
189 | 


--------------------------------------------------------------------------------
/home/niri/default.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   config,
 3 |   lib,
 4 |   pkgs,
 5 |   ...
 6 | }:
 7 | let
 8 |   lock-command = map (x: ''"${x}"'') [
 9 |     (lib.getExe pkgs.swaylock-effects)
10 |     "--screenshots"
11 |     "--clock"
12 |     "--submit-on-touch"
13 |     "--show-failed-attempts"
14 |     "--effect-pixelate=8"
15 |     "--fade-in=0.5"
16 |   ];
17 | 
18 |   rofipass-command =
19 |     let
20 |       runtimeDependencies = lib.attrValues {
21 |         inherit (pkgs)
22 |           pass
23 |           wl-clipboard
24 |           rofi-wayland
25 |           dunst
26 |           clipman
27 |           ;
28 |       };
29 |     in
30 |     pkgs.writeShellScript "rofipass-wrapped.sh" ''
31 |       export PASSWORD_STORE_DIR=${lib.escapeShellArg config.programs.password-store.settings.PASSWORD_STORE_DIR}
32 |       export PATH=${lib.makeBinPath runtimeDependencies}:$PATH
33 |       exec -a rofipass.sh ${../scripts/rofipass.sh} "$@"
34 |     '';
35 | in
36 | {
37 |   home.file.".config/niri/config.kdl".source = pkgs.replaceVars ./config.kdl {
38 |     inherit lock-command rofipass-command;
39 |     DEFAULT_AUDIO_SINK = null;
40 |     DEFAULT_AUDIO_SOURCE = null;
41 |   };
42 | 
43 |   systemd.user.services.swaybg = {
44 |     Unit = {
45 |       PartOf = [ "graphical-session.target" ];
46 |       After = [ "graphical-session.target" ];
47 |     };
48 | 
49 |     Service = {
50 |       ExecStart = "${lib.getExe pkgs.swaybg} -m fill -i ${../../wallpapers/nix-snowflake-dark.png}";
51 |       Restart = "on-failure";
52 |     };
53 | 
54 |     Install.WantedBy = [ "graphical-session.target" ];
55 |   };
56 | 
57 |   systemd.user.services.xwayland-satellite = {
58 |     Unit = {
59 |       PartOf = [ "graphical-session.target" ];
60 |       After = [ "graphical-session.target" ];
61 |     };
62 | 
63 |     Service = {
64 |       ExecStart = "${lib.getExe pkgs.xwayland-satellite} :0";
65 |       Restart = "on-failure";
66 |     };
67 | 
68 |     Install.WantedBy = [ "graphical-session.target" ];
69 |   };
70 | 
71 |   xdg.autostart.enable = false;
72 | }
73 | 


--------------------------------------------------------------------------------
/home/nix-index.nix:
--------------------------------------------------------------------------------
1 | { nix-index-database, ... }:
2 | {
3 |   imports = [ nix-index-database.hmModules.nix-index ];
4 |   programs.nix-index = {
5 |     enable = true;
6 |     enableZshIntegration = false;
7 |   };
8 | }
9 | 


--------------------------------------------------------------------------------
/home/ntfy.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   conf,
 3 |   config,
 4 |   pkgs,
 5 |   ...
 6 | }:
 7 | {
 8 |   systemd.user.services.ntfy-sub = {
 9 |     Install.WantedBy = [ "default.target" ];
10 |     Unit.After = [
11 |       "sops-nix.service"
12 |       "dunst.service"
13 |     ];
14 |     Service = {
15 |       ExecStart = "${pkgs.bash}/bin/bash ${./scripts/ntfy-sub.sh} ${config.sops.secrets.ntfy.path}";
16 |       Environment =
17 |         let
18 |           runtimeDependencies = builtins.attrValues {
19 |             inherit (pkgs)
20 |               coreutils
21 |               jq
22 |               dunst
23 |               xdg-utils
24 |               ntfy-sh
25 |               ;
26 |           };
27 |         in
28 |         "PATH=${pkgs.lib.makeBinPath runtimeDependencies}";
29 |     };
30 |   };
31 | 
32 |   home.packages = [ pkgs.ntfy-sh ];
33 |   programs.zsh.shellAliases.ny = "ntfy pub defelo";
34 | 
35 |   sops.secrets.ntfy = {
36 |     sopsFile = ../secrets/ntfy;
37 |     format = "binary";
38 |     path = "/home/${conf.user}/.config/ntfy/client.yml";
39 |   };
40 | }
41 | 


--------------------------------------------------------------------------------
/home/packages.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | 
 3 | {
 4 |   home.packages = builtins.attrValues {
 5 |     inherit (pkgs)
 6 |       # programming
 7 |       gcc
 8 |       gnumake
 9 |       git-crypt
10 |       just
11 | 
12 |       # browsers
13 |       brave
14 |       tor-browser-bundle-bin
15 | 
16 |       # communication
17 |       discord-canary
18 |       element-desktop
19 | 
20 |       # games
21 |       prismlauncher
22 |       mindustry-wayland
23 | 
24 |       # system
25 |       pulsemixer
26 |       pavucontrol
27 |       playerctl
28 |       nix-output-monitor
29 |       wl-clipboard
30 |       xdg-utils
31 |       virt-manager
32 |       wdisplays
33 |       slurp
34 |       grim
35 |       swappy
36 |       wl-mirror
37 |       wayvnc
38 | 
39 |       # utils
40 |       feh
41 |       eog
42 |       speedtest-cli
43 |       pwgen
44 |       xkcdpass
45 |       gh
46 |       imagemagick
47 |       termshot
48 |       bc
49 |       inotify-tools
50 | 
51 |       obsidian
52 |       vlc
53 | 
54 |       spotify
55 |       rnote
56 |       zotero
57 |       ;
58 | 
59 |     tex = pkgs.texlive.combined.scheme-full;
60 | 
61 |     networkmanagerapplet = pkgs.networkmanagerapplet.overrideAttrs (attrs: {
62 |       postFixup = ''
63 |         ${attrs.postFixup or ""}
64 |         rm -r $out/etc/xdg/autostart
65 |       '';
66 |     });
67 |   };
68 | }
69 | 


--------------------------------------------------------------------------------
/home/pass.nix:
--------------------------------------------------------------------------------
 1 | { conf, ... }:
 2 | {
 3 |   programs.password-store = {
 4 |     enable = true;
 5 |     settings = {
 6 |       PASSWORD_STORE_DIR = "/home/${conf.user}/.password-store";
 7 |       PASSWORD_STORE_CLIP_TIME = "20";
 8 |     };
 9 |   };
10 | }
11 | 


--------------------------------------------------------------------------------
/home/persistence.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   data = {
 3 |     directories = [
 4 |       ".config/dconf"
 5 |       ".config/fcitx5"
 6 |       ".config/gh"
 7 |       ".config/syncthing"
 8 |       ".config/Signal"
 9 |       ".gnupg"
10 |       ".local/share/Mindustry"
11 |       ".local/share/Paradox Interactive"
12 |       ".local/share/PrismLauncher/instances"
13 |       ".local/share/zoxide"
14 |       ".password-store"
15 |       ".ssh"
16 |       ".timetracker"
17 |       ".zotero"
18 | 
19 |       "nixos"
20 |       "Persistent"
21 |       "Zotero"
22 |     ];
23 |     files = [ ];
24 |   };
25 | 
26 |   cache = {
27 |     directories = [
28 |       ".cache/nix"
29 |       ".cache/spotify"
30 |       ".cache/zotero"
31 |       ".cargo"
32 |       ".config/BraveSoftware"
33 |       ".config/Element"
34 |       ".config/discordcanary"
35 |       ".config/obsidian"
36 |       ".config/spotify"
37 |       ".local/share/PrismLauncher"
38 |       ".local/share/Steam"
39 |       ".local/share/containers"
40 |       # ".local/share/waydroid"
41 |       ".local/state/wireplumber"
42 |       "Downloads"
43 |     ];
44 |     files = [ ".local/share/nix/trusted-settings.json" ];
45 |   };
46 | }
47 | 


--------------------------------------------------------------------------------
/home/playerctld.nix:
--------------------------------------------------------------------------------
1 | {
2 |   services.playerctld = {
3 |     enable = true;
4 |   };
5 | }
6 | 


--------------------------------------------------------------------------------
/home/programming/default.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   imports = [
 4 |     ./nix.nix
 5 |     ./python.nix
 6 |     ./rust.nix
 7 |     ./uiua.nix
 8 |   ];
 9 | 
10 |   home.packages = builtins.attrValues {
11 |     inherit (pkgs) nodejs lean4;
12 |     inherit (pkgs.nodePackages) "@angular/cli" live-server;
13 |   };
14 | }
15 | 


--------------------------------------------------------------------------------
/home/programming/nix.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   home.packages = builtins.attrValues {
 4 |     inherit (pkgs)
 5 |       # rnix-lsp
 6 |       nixfmt-rfc-style
 7 |       ;
 8 |   };
 9 | }
10 | 


--------------------------------------------------------------------------------
/home/programming/python.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   home.packages = builtins.attrValues {
 4 |     python = pkgs.python313.withPackages (p: builtins.attrValues { inherit (p) numpy requests; });
 5 | 
 6 |     inherit (pkgs)
 7 |       poetry
 8 |       poethepoet
 9 |       pyright
10 |       ruff
11 |       ;
12 |   };
13 | }
14 | 


--------------------------------------------------------------------------------
/home/programming/rust.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   conf,
 3 |   pkgs,
 4 |   fenix,
 5 |   ...
 6 | }:
 7 | {
 8 |   home.packages = builtins.attrValues {
 9 |     rust =
10 |       let
11 |         inherit (fenix.packages.${pkgs.system}) combine complete targets;
12 |       in
13 |       combine [
14 |         complete.toolchain
15 |         targets.x86_64-unknown-linux-musl.latest.rust-std
16 |         targets.wasm32-unknown-unknown.latest.rust-std
17 |       ];
18 | 
19 |     inherit (pkgs)
20 |       bacon
21 |       cargo-audit
22 |       cargo-expand
23 |       cargo-hack
24 |       ;
25 |   };
26 | 
27 |   home.file.cargo = {
28 |     text = ''
29 |       [target.x86_64-unknown-linux-gnu]
30 |       linker = "${pkgs.clang}/bin/clang"
31 |       rustflags = ["-C", "link-arg=--ld-path=${pkgs.mold}/bin/mold"]
32 | 
33 |       [registries.crates-io]
34 |       protocol = "sparse"
35 | 
36 |       [build]
37 |       target-dir = "/home/${conf.user}/.cargo/target"
38 | 
39 |       [profile.dev]
40 |       opt-level = 1
41 |       codegen-backend = "cranelift"
42 | 
43 |       [profile.dev.package."curve25519-dalek"]
44 |       codegen-backend = "llvm"
45 |       [profile.dev.package."httparse"]
46 |       codegen-backend = "llvm"
47 | 
48 |       [unstable]
49 |       codegen-backend = true
50 |     '';
51 |     target = ".cargo/config.toml";
52 |   };
53 |   home.file.rustfmt = {
54 |     text = ''
55 |       format_code_in_doc_comments = true
56 |       format_macro_bodies = true
57 |       # format_macro_matchers = true
58 |       format_strings = true
59 |       group_imports = "StdExternalCrate"
60 |       imports_granularity = "Crate"
61 |       unstable_features = true
62 |       wrap_comments = true
63 |     '';
64 |     target = ".config/rustfmt/rustfmt.toml";
65 |   };
66 | 
67 |   programs.zsh.shellAliases.rl = "CARGO_PROFILE_DEV_CODEGEN_BACKEND=llvm";
68 | }
69 | 


--------------------------------------------------------------------------------
/home/programming/uiua.nix:
--------------------------------------------------------------------------------
1 | { pkgs, ... }:
2 | {
3 |   home.packages = [ pkgs.uiua ];
4 | }
5 | 


--------------------------------------------------------------------------------
/home/rofi/default.nix:
--------------------------------------------------------------------------------
1 | { pkgs, ... }:
2 | {
3 |   programs.rofi = {
4 |     enable = true;
5 |     package = pkgs.rofi-wayland;
6 |     theme = ./nord.rasi;
7 |   };
8 | }
9 | 


--------------------------------------------------------------------------------
/home/rofi/nord.rasi:
--------------------------------------------------------------------------------
  1 | * {
  2 |     nord0: #2e3440;
  3 |     nord1: #3b4252;
  4 |     nord2: #434c5e;
  5 |     nord3: #4c566a;
  6 |     nord4: #d8dee9;
  7 |     nord5: #e5e9f0;
  8 |     nord6: #eceff4;
  9 |     nord7: #8fbcbb;
 10 |     nord8: #88c0d0;
 11 |     nord9: #81a1c1;
 12 |     nord10: #5e81ac;
 13 |     nord11: #bf616a;
 14 |     nord12: #d08770;
 15 |     nord13: #ebcb8b;
 16 |     nord14: #a3be8c;
 17 |     nord15: #b48ead;
 18 | 
 19 |     spacing: 2;
 20 |     background-color: var(nord1);
 21 | 
 22 |     background: var(nord1);
 23 |     foreground: var(nord4);
 24 | 
 25 |     normal-background: var(background);
 26 |     normal-foreground: var(foreground);
 27 |     alternate-normal-background: var(background);
 28 |     alternate-normal-foreground: var(foreground);
 29 |     selected-normal-background: var(nord8);
 30 |     selected-normal-foreground: var(background);
 31 | 
 32 |     active-background: var(background);
 33 |     active-foreground: var(nord10);
 34 |     alternate-active-background: var(background);
 35 |     alternate-active-foreground: var(nord10);
 36 |     selected-active-background: var(nord10);
 37 |     selected-active-foreground: var(background);
 38 | 
 39 |     urgent-background: var(background);
 40 |     urgent-foreground: var(nord11);
 41 |     alternate-urgent-background: var(background);
 42 |     alternate-urgent-foreground: var(nord11);
 43 |     selected-urgent-background: var(nord11);
 44 |     selected-urgent-foreground: var(background);
 45 | }
 46 | element {
 47 |     padding: 0px 0px 0px 7px;
 48 |     spacing: 5px;
 49 |     border:  0;
 50 |     cursor:  pointer;
 51 | }
 52 | element normal.normal {
 53 |     background-color: var(normal-background);
 54 |     text-color: var(normal-foreground);
 55 | }
 56 | element normal.urgent {
 57 |     background-color: var(urgent-background);
 58 |     text-color: var(urgent-foreground);
 59 | }
 60 | element normal.active {
 61 |     background-color: var(active-background);
 62 |     text-color: var(active-foreground);
 63 | }
 64 | element selected.normal {
 65 |     background-color: var(selected-normal-background);
 66 |     text-color: var(selected-normal-foreground);
 67 | }
 68 | element selected.urgent {
 69 |     background-color: var(selected-urgent-background);
 70 |     text-color: var(selected-urgent-foreground);
 71 | }
 72 | element selected.active {
 73 |     background-color: var(selected-active-background);
 74 |     text-color: var(selected-active-foreground);
 75 | }
 76 | element alternate.normal {
 77 |     background-color: var(alternate-normal-background);
 78 |     text-color: var(alternate-normal-foreground);
 79 | }
 80 | element alternate.urgent {
 81 |     background-color: var(alternate-urgent-background);
 82 |     text-color: var(alternate-urgent-foreground);
 83 | }
 84 | element alternate.active {
 85 |     background-color: var(alternate-active-background);
 86 |     text-color: var(alternate-active-foreground);
 87 | }
 88 | element-text {
 89 |     background-color: rgba(0, 0, 0, 0%);
 90 |     text-color: inherit;
 91 |     highlight: inherit;
 92 |     cursor: inherit;
 93 | }
 94 | element-icon {
 95 |     background-color: rgba(0, 0, 0, 0%);
 96 |     size: 1.0000em;
 97 |     text-color: inherit;
 98 |     cursor: inherit;
 99 | }
100 | window {
101 |     width: 75%;
102 |     height: 75%;
103 |     padding: 0;
104 |     border: 0;
105 |     background-color: var(background);
106 | }
107 | mainbox {
108 |     padding: 0;
109 |     border: 0;
110 | }
111 | message {
112 |     margin: 0px 7px;
113 | }
114 | textbox {
115 |     text-color: var(foreground);
116 | }
117 | listview {
118 |     margin: 0px 0px 5px;
119 |     scrollbar: true;
120 |     spacing: 2px;
121 |     fixed-height: 0;
122 | }
123 | scrollbar {
124 |     padding: 0;
125 |     handle-width: 14px;
126 |     border: 0;
127 |     handle-color: var(nord3);
128 | }
129 | button {
130 |     spacing: 0;
131 |     text-color: var(normal-foreground);
132 |     cursor: pointer;
133 | }
134 | button selected {
135 |     background-color: var(selected-normal-background);
136 |     text-color: var(selected-normal-foreground);
137 | }
138 | inputbar {
139 |     padding: 7px;
140 |     margin: 7px;
141 |     spacing: 0;
142 |     text-color: var(normal-foreground);
143 |     background-color: var(nord3);
144 |     children: [ entry ];
145 | }
146 | entry {
147 |     spacing: 0;
148 |     cursor: text;
149 |     text-color: var(normal-foreground);
150 |     background-color: var(nord3);
151 | }
152 | 


--------------------------------------------------------------------------------
/home/scripts/download_rss.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -e
 4 | 
 5 | download_from_rss() {
 6 |   d=$(curl -s "$1" | xq -r ".rss.channel.item[${3:-0}]")
 7 |   jq -r .title <<<"$d"
 8 |   url=$(jq -r '.enclosure."@url"' <<<"$d")
 9 |   echo "$url"
10 |   pub=$(jq -r '.pubDate' <<<"$d")
11 |   name=$(date -d "$pub" +"$2_%Y_%m_%d.mp4")
12 |   wget --continue -O "$name" "$url"
13 | }
14 | 
15 | future=$3
16 | declare -A urls=(
17 |   ["x3"]="https://mediathekviewweb.de/feed?query=extra%203%20vom&future=$future"
18 |   ["hs"]="https://mediathekviewweb.de/feed?query=heute-show%20!ZDF&future=$future"
19 |   ["zmr"]="https://mediathekviewweb.de/feed?query=zdf%20magazin%20royale%20!ZDF&future=$future"
20 |   ["m"]="https://mediathekviewweb.de/feed?query=!zdf%20wir%20sind%20die%20meiers&future=$future"
21 |   ["zcs"]="https://mediathekviewweb.de/feed?query=!zdf%20zdf%20comedy%20sommer&future=$future"
22 |   ["anstalt"]="https://mediathekviewweb.de/feed?query=!zdf%20die%20anstalt&future=$future"
23 | )
24 | 
25 | download_from_rss "${urls[$1]}" "$1" ${2:-0}
26 | 


--------------------------------------------------------------------------------
/home/scripts/mount.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/zsh
 2 | 
 3 | usage() {
 4 |   echo "usage: mnt <device> <mnt>"
 5 | }
 6 | 
 7 | if ! (return 0 2>/dev/null); then
 8 |   usage
 9 |   exit 1
10 | fi
11 | 
12 | if [[ $# -ne 2 ]]; then
13 |   usage
14 |   return 1
15 | fi
16 | 
17 | uid=$(id -u)
18 | gid=$(id -g)
19 | 
20 | if ! lsblk $1 &>/dev/null; then
21 |   echo "'$1' is not a block device"
22 |   return 3
23 | fi
24 | 
25 | fs=$(lsblk -f $1 | tail -1 | awk '{print $2}')
26 | 
27 | case $fs in
28 | ext4)
29 |   sudo mount -m $1 $2
30 |   ;;
31 | 
32 | vfat | exfat)
33 |   sudo mount -m -o uid=$uid,gid=$gid $1 $2
34 |   ;;
35 | 
36 | *)
37 |   echo "filesystem '$fs' is not supported"
38 |   return 2
39 |   ;;
40 | esac
41 | 
42 | sudo chown $uid:$gid $2
43 | cd $2
44 | 


--------------------------------------------------------------------------------
/home/scripts/ntfy-sub.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | handle() {
 4 |   line="$1"
 5 |   message=$(jq -r .message <<<"$line")
 6 |   if ! title=$(jq -e -r .title <<<"$line"); then
 7 |     title="$message"
 8 |     message=""
 9 |   fi
10 |   prio=$(jq -e -r .priority <<<"$line") || prio=3
11 |   if [[ $prio -lt 3 ]]; then
12 |     prio=0
13 |   elif [[ $prio -eq 3 ]]; then
14 |     prio=1
15 |   else
16 |     prio=2
17 |   fi
18 | 
19 |   actions=()
20 |   while read act; do
21 |     id=$(jq -r .id <<<"$act")
22 |     action=$(jq -r .action <<<"$act")
23 |     [[ $action == "view" ]] || continue
24 |     label=$(jq -r .label <<<"$act")
25 |     actions+=("-A" "$id,$label")
26 |   done < <(jq -c '.actions//[]|.[]' <<<"$line")
27 | 
28 |   id=$(dunstify "${actions[@]}" -u $prio "$title" "$message")
29 |   if url=$(jq -e --arg id "$id" -r '.actions//[]|.[]|select(.id==$id)|.url' <<<"$line"); then
30 |     xdg-open "$url"
31 |   fi
32 | }
33 | 
34 | while read -r line; do
35 |   handle "$line" &
36 | done < <(ntfy sub -C -c "$1")
37 | 


--------------------------------------------------------------------------------
/home/scripts/rofipass.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | shopt -s globstar
 4 | 
 5 | cd $PASSWORD_STORE_DIR
 6 | if x=$( (for f in $(find * -type f -name '*.gpg'); do echo "${f%.gpg}"; done) | rofi -dmenu -i -no-custom -matching fuzzy); then
 7 |   password=$(pass show "$x" | head -1)
 8 | 
 9 |   # prevent clipman from storing the password
10 |   [[ -f ~/.local/share/clipman.json ]] || echo -n '[]' >~/.local/share/clipman.json
11 |   chmod u-w ~/.local/share/clipman.json
12 |   wl-copy -n <<<"$password"
13 |   (
14 |     sleep 1
15 |     chmod u+w ~/.local/share/clipman.json
16 |   )
17 | 
18 |   dunstify -t 5000 'Password copied to clipboard'
19 |   sleep 5
20 |   wl-copy -c
21 |   clipman pick -t CUSTOM -T "head -1" # restore last clipboard entry
22 | fi
23 | 


--------------------------------------------------------------------------------
/home/scripts/timetracker.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | export GIT_DIR=$HOME/.timetracker/.git
  4 | export GIT_WORK_TREE=$HOME/.timetracker
  5 | 
  6 | _usage() {
  7 |   echo "Usage: tt <name> [start|stop|list|show|edit|config|delete|save] [<args>]"
  8 |   echo "       tt list"
  9 |   echo "       tt git [<args>]"
 10 |   exit 1
 11 | }
 12 | 
 13 | if [[ $1 == git ]]; then
 14 |   shift
 15 |   exec git "$@"
 16 | elif [[ $1 == list ]]; then
 17 |   [[ $# == 1 ]] || _usage
 18 |   for file in $(
 19 |     cd $GIT_WORK_TREE
 20 |     ls
 21 |   ); do
 22 |     echo $file
 23 |   done
 24 |   exit
 25 | elif [[ $# -lt 1 ]] || ! [[ $2 =~ ^(|start|stop|list|show|edit|config|delete|save)$ ]]; then
 26 |   _usage
 27 | fi
 28 | 
 29 | if ! git status &>/dev/null; then
 30 |   git init
 31 | fi
 32 | 
 33 | NAME="$1"
 34 | FILE="$HOME/.timetracker/$1"
 35 | CONF="$HOME/.timetracker/.$1.yml"
 36 | if [[ $2 != delete ]]; then
 37 |   mkdir -p $(dirname "$FILE")
 38 |   [[ -e $FILE ]] || touch "$FILE"
 39 |   [[ -e $CONF ]] || cat <<EOF >"$CONF"
 40 | regular: 0  # per week
 41 | start: 0
 42 | bonus: []  # hours
 43 | salary: 0  # €/month
 44 | EOF
 45 | 
 46 |   PER_WEEK=$(yq -r .regular "$CONF")
 47 |   START=$(yq -r .start "$CONF")
 48 |   BONUS=$(yq -r '.bonus+[0]|add*60*60|round' "$CONF")
 49 |   SALARY=$(yq -r .salary "$CONF")
 50 | fi
 51 | 
 52 | _fmt_ts() {
 53 |   date -d @$1 +"%a %d %b %Y %T"
 54 | }
 55 | 
 56 | _fmt_delta() {
 57 |   x=$1
 58 |   echo $((x / 3600))h $((x / 60 % 60))m $((x % 60))s
 59 | }
 60 | 
 61 | _week() {
 62 |   date -d @$1 +"%G-%V"
 63 | }
 64 | 
 65 | _now() {
 66 |   date +"%s"
 67 | }
 68 | 
 69 | _running() {
 70 |   grep -E '^([0-9]+)$' "$FILE"
 71 | }
 72 | 
 73 | _overtime() {
 74 |   [[ $PER_WEEK -gt 0 ]] || return
 75 | 
 76 |   t=$(($(_now) - START))
 77 |   regular=$(jq -n "$PER_WEEK*$t/(24*7)|round-($BONUS)")
 78 |   until=$(jq -n "$START+($1+($BONUS))/$PER_WEEK*24*7|round")
 79 |   money=$(jq -n "$SALARY*($1-$regular)/3600/$PER_WEEK/52*12*100|round/100")
 80 |   echo "Overtime: $(_fmt_delta $(($1 - regular))) (until $(_fmt_ts $until); ${money}€)"
 81 | }
 82 | 
 83 | start() {
 84 |   if x=$(_running); then
 85 |     echo "Already running (started at $(_fmt_ts $x))"
 86 |     return 1
 87 |   fi
 88 |   now=$(_now | tee -a "$FILE")
 89 |   echo "Started at $(_fmt_ts $now)"
 90 | }
 91 | 
 92 | stop() {
 93 |   if ! x=$(_running); then
 94 |     echo "Not running"
 95 |     return 1
 96 |   fi
 97 |   now=$(_now)
 98 |   sed -i -E "s/^([0-9]+)$/\1 $now/" "$FILE"
 99 |   echo "Stopped at $(_fmt_ts $now) ($(_fmt_delta $((now - x))))"
100 |   save
101 | }
102 | 
103 | list() {
104 |   cnt=${1:-all}
105 |   last=""
106 |   w=0
107 |   s=0
108 |   r=""
109 |   lines=$(wc -l <"$FILE")
110 |   l=${#lines}
111 |   i=1
112 |   while read begin end; do
113 |     [[ $cnt == all ]] || [[ $i -gt $((lines - cnt)) ]]
114 |     out=$?
115 |     ln=$(printf "%0${l}d" $i)
116 |     i=$((i + 1))
117 |     if [[ -z $end ]]; then
118 |       end=$(_now)
119 |       end_fmt="NOW"
120 |       r="(running)"
121 |     else
122 |       end_fmt=$(_fmt_ts $end)
123 |     fi
124 |     week=$(_week $begin)
125 |     if [[ $last != "$week" ]]; then
126 |       [[ $out == 0 ]] && [[ -n $last ]] && echo "=> $(_fmt_delta $w)"
127 |       [[ $out == 0 ]] && echo -e "\n$week"
128 |       w=0
129 |     fi
130 |     last="$week"
131 |     [[ $out == 0 ]] && echo "#$ln $(_fmt_ts $begin) - $end_fmt ($(_fmt_delta $((end - begin))))"
132 |     w=$((w + end - begin))
133 |     s=$((s + end - begin))
134 |   done <"$FILE"
135 |   [[ -n $last ]] && echo "=> $(_fmt_delta $w)"
136 |   echo -e "\nTOTAL: $(_fmt_delta $s) $r"
137 |   _overtime $s
138 | }
139 | 
140 | show() {
141 |   sum=0
142 |   r=""
143 |   while read begin end; do
144 |     if [[ -z $end ]]; then
145 |       end=$(_now)
146 |       r="(running)"
147 |     fi
148 |     sum=$((sum + end - begin))
149 |   done <"$FILE"
150 |   echo "TOTAL: $(_fmt_delta $sum) $r"
151 |   _overtime $sum
152 | }
153 | 
154 | interactive() {
155 |   _running >/dev/null || start
156 |   x=$(_running)
157 |   f=1
158 |   trap f=0 SIGINT
159 |   first=1
160 |   while [[ $f == 1 ]]; do
161 |     s=$(show)
162 |     printf "${new}Current: $(_fmt_delta $(($(_now) - x)))\n$s (Ctrl+C to stop) "
163 |     sleep 1
164 |     if [[ $first == 1 ]]; then
165 |       new=$(tput cuu $(echo -e "$s" | wc -l) hpa 0 ed)
166 |       first=0
167 |     fi
168 |   done
169 |   trap - SIGINT
170 |   printf "$new"
171 |   stop
172 | }
173 | 
174 | edit() {
175 |   ${EDITOR:-vi} "$FILE"
176 |   save
177 | }
178 | 
179 | config() {
180 |   ${EDITOR:-vi} "$CONF"
181 |   save
182 | }
183 | 
184 | delete() {
185 |   for file in "$FILE" "$CONF"; do
186 |     [[ -e $file ]] && rm -i "$file" || echo "$file does not exist"
187 |   done
188 |   save
189 | }
190 | 
191 | save() {
192 |   git add "$FILE" "$CONF"
193 |   if ! git diff --staged --exit-code --quiet; then
194 |     git commit -m "Update $NAME"
195 |     git push
196 |   fi
197 | }
198 | 
199 | cmd=${2:-interactive}
200 | shift 2
201 | "$cmd" "$@"
202 | 


--------------------------------------------------------------------------------
/home/sops.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   conf,
 3 |   sops-nix,
 4 |   system-config,
 5 |   ...
 6 | }:
 7 | let
 8 |   inherit (system-config.users.users.${conf.user}) uid;
 9 | in
10 | {
11 |   imports = [ sops-nix.homeManagerModules.sops ];
12 |   sops = {
13 |     age.keyFile = "/persistent/data/home/${conf.user}/.config/sops/age/keys.txt";
14 |     defaultSymlinkPath = "/run/user/${toString uid}/secrets";
15 |     defaultSecretsMountPoint = "/run/user/${toString uid}/secrets.d";
16 |     environment.GNUPGHOME = "/dev/null";
17 |   };
18 | }
19 | 


--------------------------------------------------------------------------------
/home/ssh.nix:
--------------------------------------------------------------------------------
 1 | { config, ... }:
 2 | {
 3 |   programs.ssh = {
 4 |     enable = true;
 5 |     serverAliveInterval = 20;
 6 |     controlMaster = "auto";
 7 |     controlPersist = "2h";
 8 |     controlPath = "~/.ssh/master-%C";
 9 |     extraConfig = ''
10 |       TCPKeepAlive no
11 |     '';
12 |     includes = [ config.sops.secrets."ssh/hosts".path ];
13 |   };
14 | 
15 |   sops.secrets = {
16 |     "ssh/hosts" = {
17 |       format = "binary";
18 |       sopsFile = ../secrets/ssh/hosts;
19 |     };
20 |   };
21 | }
22 | 


--------------------------------------------------------------------------------
/home/syncthing.nix:
--------------------------------------------------------------------------------
1 | {
2 |   services.syncthing = {
3 |     enable = true;
4 |   };
5 | }
6 | 


--------------------------------------------------------------------------------
/home/theme.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, conf, ... }:
 2 | {
 3 |   gtk = {
 4 |     enable = true;
 5 |     theme.name = "Adapta-Nokto";
 6 |     theme.package = pkgs.adapta-gtk-theme;
 7 |     iconTheme.name = "breeze-dark";
 8 |     iconTheme.package = pkgs.libsForQt5.breeze-icons;
 9 |     font.name = "Cantarell";
10 |     font.size = 12;
11 |     font.package = pkgs.cantarell-fonts;
12 |     gtk3.extraConfig = {
13 |       gtk-application-prefer-dark-theme = 1;
14 |     };
15 |   };
16 | 
17 |   sops.secrets."gtk/bookmarks" = {
18 |     format = "binary";
19 |     sopsFile = ../secrets/gtk/bookmarks;
20 |     path = "/home/${conf.user}/.config/gtk-3.0/bookmarks";
21 |   };
22 | 
23 |   home.pointerCursor = {
24 |     package = pkgs.libsForQt5.breeze-gtk;
25 |     gtk.enable = true;
26 |     name = "breeze_cursors";
27 |     size = 16;
28 |   };
29 | 
30 |   fonts.fontconfig.enable = true;
31 | }
32 | 


--------------------------------------------------------------------------------
/home/tmux.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   programs.tmux = {
 4 |     enable = true;
 5 |     aggressiveResize = true;
 6 |     baseIndex = 1;
 7 |     clock24 = true;
 8 |     customPaneNavigationAndResize = true;
 9 |     escapeTime = 0;
10 |     keyMode = "vi";
11 |     prefix = "M-Space";
12 |     resizeAmount = 5;
13 |     secureSocket = false;
14 |     terminal = "tmux-256color";
15 |     plugins = builtins.attrValues { inherit (pkgs.tmuxPlugins) tmux-fzf onedark-theme; };
16 |     extraConfig = ''
17 |       set -ag terminal-overrides ",xterm-256color:RGB"
18 | 
19 |       set-option -g detach-on-destroy off
20 | 
21 |       # open new panes in same directory
22 |       bind '"' split-window -c "#{pane_current_path}"
23 |       bind % split-window -h -c "#{pane_current_path}"
24 |       bind c new-window -c "#{pane_current_path}"
25 | 
26 |       # switch panes using Alt+vimarrow without prefix
27 |       bind -n M-h select-pane -L
28 |       bind -n M-l select-pane -R
29 |       bind -n M-k select-pane -U
30 |       bind -n M-j select-pane -D
31 | 
32 |       # switch windows using Alt+Number without prefix
33 |       bind -n M-1 select-window -t1
34 |       bind -n M-2 select-window -t2
35 |       bind -n M-3 select-window -t3
36 |       bind -n M-4 select-window -t4
37 |       bind -n M-5 select-window -t5
38 |       bind -n M-6 select-window -t6
39 |       bind -n M-7 select-window -t7
40 |       bind -n M-8 select-window -t8
41 |       bind -n M-9 select-window -t9
42 |       bind -n M-0 select-window -t10
43 |     '';
44 |   };
45 | }
46 | 


--------------------------------------------------------------------------------
/home/vscodium.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, nix-vscode-extensions, ... }:
 2 | let
 3 |   extensions = nix-vscode-extensions.extensions.${pkgs.system};
 4 | in
 5 | {
 6 |   programs.vscode = {
 7 |     enable = true;
 8 |     package = pkgs.vscodium;
 9 |     profiles.default = {
10 |       enableExtensionUpdateCheck = false;
11 |       enableUpdateCheck = false;
12 |       extensions = with extensions.vscode-marketplace; [
13 |         angular.ng-template
14 |         bbenoist.nix
15 |         cyrilletuzi.angular-schematics
16 |         dbaeumer.vscode-eslint
17 |         eamodio.gitlens
18 |         esbenp.prettier-vscode
19 |         # github.copilot
20 |         # github.copilot-chat
21 |         hediet.vscode-drawio
22 |         infinity1207.angular2-switcher
23 |         james-yu.latex-workshop
24 |         leanprover.lean4
25 |         ms-python.python
26 |         # ms-toolsai.jupyter
27 |         # ms-toolsai.jupyter-keymap
28 |         # ms-toolsai.jupyter-renderers
29 |         ms-vsliveshare.vsliveshare
30 |         orta.vscode-jest
31 |         redhat.vscode-yaml
32 |         rust-lang.rust-analyzer
33 |         # streetsidesoftware.code-spell-checker
34 |         uiua-lang.uiua-vscode
35 |         usernamehw.errorlens
36 |         vscodevim.vim
37 |         vue.volar
38 |         xabikos.javascriptsnippets
39 |       ];
40 |       userSettings = {
41 |         "editor.wordWrap" = "on";
42 |         "workbench.startupEditor" = "newUntitledFile";
43 |         "files.autoSave" = "afterDelay";
44 |         "python.autoComplete.extraPaths" = [ ];
45 |         "editor.lineNumbers" = "on";
46 |         "vim.commandLineModeKeyBindings" = [ ];
47 |         "rust-analyzer.checkOnSave.command" = "clippy";
48 |         "files.associations" = {
49 |           "*.toml" = "toml";
50 |         };
51 |         "vim.useSystemClipboard" = true;
52 |         "task.quickOpen.skip" = true;
53 |         "explorer.confirmDragAndDrop" = false;
54 |         "jupyter.askForKernelRestart" = false;
55 |         "notebook.output.textLineLimit" = 50;
56 |         "hediet.vscode-drawio.theme" = "Kennedy";
57 |         "[uiua]"."editor.fontSize" = 18;
58 |         "[html]"."editor.defaultFormatter" = "esbenp.prettier-vscode";
59 |         "[javascript]"."editor.defaultFormatter" = "esbenp.prettier-vscode";
60 |         "[json]"."editor.defaultFormatter" = "esbenp.prettier-vscode";
61 |         "[jsonc]"."editor.defaultFormatter" = "vscode.json-language-features";
62 |         "[scss]"."editor.defaultFormatter" = "esbenp.prettier-vscode";
63 |         "[typescript]"."editor.defaultFormatter" = "esbenp.prettier-vscode";
64 |       };
65 |       keybindings = [
66 |         {
67 |           "key" = "F10";
68 |           "command" = "workbench.action.tasks.runTask";
69 |           "args" = "Run";
70 |         }
71 |         {
72 |           "key" = "shift+f10";
73 |           "command" = "-editor.action.showContextMenu";
74 |           "when" = "textInputFocus";
75 |         }
76 |         {
77 |           "key" = "shift+f10";
78 |           "command" = "workbench.action.tasks.reRunTask";
79 |         }
80 |         {
81 |           "key" = "ctrl+k";
82 |           "command" = "-extension.vim_ctrl+k";
83 |           "when" = "editorTextFocus && vim.active && vim.use<C-k> && !inDebugRepl";
84 |         }
85 |         {
86 |           "key" = "shift+escape";
87 |           "command" = "workbench.action.closePanel";
88 |         }
89 |         {
90 |           "key" = "ctrl+f10";
91 |           "command" = "workbench.action.tasks.restartTask";
92 |         }
93 |       ];
94 |     };
95 |   };
96 | }
97 | 


--------------------------------------------------------------------------------
/home/waybar.nix:
--------------------------------------------------------------------------------
  1 | {
  2 |   conf,
  3 |   pkgs,
  4 |   lib,
  5 |   ...
  6 | }:
  7 | {
  8 |   programs.waybar = {
  9 |     enable = true;
 10 |     systemd.enable = true;
 11 |     settings =
 12 |       let
 13 |         icons = lib.splitString " ";
 14 |         mkDisk = name: path: {
 15 |           inherit path;
 16 |           interval = 5;
 17 |           format = "${name} {percentage_used}%";
 18 |           states = {
 19 |             critical = 90;
 20 |             warning = 80;
 21 |           };
 22 |         };
 23 |         base = {
 24 |           layer = "top";
 25 |           position = "top";
 26 |           height = 20;
 27 |           fixed-center = false;
 28 | 
 29 |           "custom/yk" =
 30 |             let
 31 |               script = builtins.toFile "yktd.py" ''
 32 |                 import json, socket, os
 33 |                 s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 34 |                 s.connect(f"/run/user/{os.getuid()}/yubikey-touch-detector.socket")
 35 |                 def update(touch):
 36 |                   print(json.dumps({
 37 |                     "text": "",
 38 |                     "tooltip": "YubiKey is waiting for a touch",
 39 |                   } if touch else {}), flush=True)
 40 |                 update(False)
 41 |                 while True: update(s.recv(5).decode().endswith("1"))
 42 |               '';
 43 |             in
 44 |             {
 45 |               exec = "${pkgs.python311}/bin/python ${script}";
 46 |               return-type = "json";
 47 |             };
 48 | 
 49 |           "custom/screenshot" = {
 50 |             format = "";
 51 |             on-click = pkgs.writeShellScript "screenshot.sh" ''
 52 |               export PATH=${
 53 |                 lib.makeBinPath (
 54 |                   lib.attrValues {
 55 |                     inherit (pkgs)
 56 |                       coreutils
 57 |                       grim
 58 |                       slurp
 59 |                       wl-clipboard
 60 |                       ;
 61 |                   }
 62 |                 )
 63 |               }:$PATH
 64 |               grim -g "$(slurp)" - | wl-copy -t image/png
 65 |             '';
 66 |           };
 67 | 
 68 |           "custom/github" = {
 69 |             interval = 10;
 70 |             on-click = "${pkgs.xdg-utils}/bin/xdg-open https://github.com/notifications";
 71 |             exec = pkgs.writeShellScript "github-notifications" ''
 72 |               export PATH=${lib.makeBinPath (lib.attrValues { inherit (pkgs) coreutils gh; })}
 73 | 
 74 |               set -euo pipefail
 75 | 
 76 |               cnt=$(gh api /notifications -q length)
 77 |               if [[ $cnt -gt 0 ]]; then
 78 |                 echo " $cnt"
 79 |               fi
 80 |             '';
 81 |           };
 82 | 
 83 |           "custom/dunst" = {
 84 |             exec = pkgs.writeShellScript "dunst-is-paused" ''
 85 |               export PATH=${lib.makeBinPath (lib.attrValues { inherit (pkgs) coreutils dunst dbus; })}
 86 | 
 87 |               set -euo pipefail
 88 | 
 89 |               readonly ENABLED=''
 90 |               readonly DISABLED=''
 91 |               dbus-monitor path='/org/freedesktop/Notifications',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged' --profile |
 92 |                 while read -r _; do
 93 |                   PAUSED="$(dunstctl is-paused)"
 94 |                   if [ "$PAUSED" == 'false' ]; then
 95 |                     CLASS="enabled"
 96 |                     TEXT="$ENABLED"
 97 |                   else
 98 |                     CLASS="disabled"
 99 |                     TEXT="$DISABLED"
100 |                     COUNT="$(dunstctl count waiting)"
101 |                     if [ "$COUNT" != '0' ]; then
102 |                       TEXT="$DISABLED ($COUNT)"
103 |                     fi
104 |                   fi
105 |                   printf '{"text": "%s", "class": "%s"}\n' "$TEXT" "$CLASS"
106 |                 done
107 |             '';
108 |             return-type = "json";
109 |             on-click = pkgs.writeShellScript "dunst-toggle-paused.sh" ''
110 |               dunstctl set-paused toggle
111 |             '';
112 |           };
113 | 
114 |           "tray" = {
115 |             spacing = 8;
116 |           };
117 | 
118 |           "backlight" = {
119 |             format = "󰌵 {percent}%";
120 |           };
121 | 
122 |           "battery" = {
123 |             format = "{icon} {capacity}%{time}";
124 |             format-charging = "󰂄 {capacity}%{time}";
125 |             format-icons = icons "󰁺 󰁻 󰁼 󰁽 󰁾 󰁿 󰂀 󰂁 󰂂 󰁹";
126 |             format-plugged = "󰚥 {capacity}%";
127 |             format-time = " ({H}:{m})";
128 |             states = {
129 |               critical = 15;
130 |               warning = 30;
131 |             };
132 |           };
133 | 
134 |           "clock" = {
135 |             interval = 1;
136 |             format = "󰃭 {:%a, %d.%m.%Y 󰥔 %H:%M:%S}";
137 |             tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
138 |           };
139 | 
140 |           "cpu" = {
141 |             interval = 2;
142 |             format = "󰘚 {usage}%";
143 |             tooltip = false;
144 |           };
145 | 
146 |           "memory" = {
147 |             interval = 2;
148 |             format = "󰍛 {avail} GB";
149 |           };
150 |           "memory#swap" = {
151 |             interval = 2;
152 |             format = "󰍛 {swapUsed} GB";
153 |           };
154 | 
155 |           "disk" = mkDisk "/" "/";
156 |           "disk#persistent" = mkDisk "/persistent" "/persistent/data";
157 | 
158 |           "network" = {
159 |             interval = 2;
160 |             format-disconnected = "󰀦 Disconnected";
161 |             format-ethernet = " {bandwidthTotalBytes} ({ipaddr})";
162 |             format-wifi = " {essid} {signalStrength}% {bandwidthTotalBytes} ({ipaddr})";
163 |           };
164 | 
165 |           "pulseaudio" = {
166 |             format = "{icon} {volume}%";
167 |             format-muted = "󰖁";
168 |             format-bluetooth = "{icon} 󰂯 {volume}%";
169 |             format-bluetooth-muted = "󰖁 󰂯";
170 |             format-icons = icons "󰕿 󰖀 󰕾";
171 |           };
172 | 
173 |           "pulseaudio#mic" = {
174 |             format = "{format_source}";
175 |             format-muted = "{format_source}";
176 |             format-bluetooth = "{format_source}";
177 |             format-bluetooth-muted = "{format_source}";
178 |             format-source = "󰍬 {volume}%";
179 |             format-source-muted = "󰍭";
180 |           };
181 | 
182 |           "niri/language" = {
183 |             format = "{short}";
184 |             tooltip-format = "{long}";
185 |           };
186 | 
187 |           "niri/window" = {
188 |             separate-outputs = true;
189 |           };
190 |         };
191 |       in
192 |       {
193 |         default = base // {
194 |           output = lib.mkIf (conf.wayland.outputs.default.name != null) conf.wayland.outputs.default.name;
195 | 
196 |           modules-left = [ "niri/workspaces" ];
197 |           modules-center = [ "niri/window" ];
198 |           modules-right = [
199 |             "custom/yk"
200 |             "custom/screenshot"
201 |             "memory"
202 |             "memory#swap"
203 |             "disk"
204 |             "disk#persistent"
205 |             "cpu"
206 |             "custom/dunst"
207 |             "custom/github"
208 |             "backlight"
209 |             "pulseaudio"
210 |             "pulseaudio#mic"
211 |             "custom/webcam"
212 |             "niri/language"
213 |             "battery"
214 |             "network"
215 |             "clock"
216 |             "tray"
217 |           ];
218 |         };
219 |       }
220 |       // (builtins.mapAttrs (
221 |         k: v:
222 |         base
223 |         // {
224 |           name = k;
225 |           height = 25;
226 |           output = v.name;
227 | 
228 |           modules-left = [ "niri/workspaces" ];
229 |           modules-center = [ "niri/window" ];
230 |           modules-right = [
231 |             "custom/yk"
232 |             "memory"
233 |             "memory#swap"
234 |             "disk"
235 |             "disk#persistent"
236 |             "cpu"
237 |             "custom/dunst"
238 |             "backlight"
239 |             "pulseaudio"
240 |             "pulseaudio#mic"
241 |             "custom/webcam"
242 |             "niri/language"
243 |             "battery"
244 |             "network"
245 |             "clock"
246 |           ];
247 |         }
248 |       ) (builtins.removeAttrs conf.wayland.outputs [ "default" ]));
249 | 
250 |     style = ''
251 |       * {
252 |           font-family: MesloLGS NF;
253 |           font-size: 12px;
254 |       }
255 | 
256 |       window#waybar {
257 |           background-color: #1f1f1f;
258 |           color: #ffffff;
259 |           transition-property: box-shadow;
260 |           transition-duration: 0.5s;
261 |       }
262 | 
263 |       window#waybar.ext > * {
264 |         margin-top: 5px;
265 |       }
266 | 
267 |       button {
268 |           box-shadow: inset 0 -3px transparent;
269 |           border: none;
270 |           border-radius: 0;
271 |       }
272 | 
273 |       #workspaces button {
274 |           padding: 0 12px;
275 |           min-width: 0;
276 |           color: #ffffff;
277 |       }
278 | 
279 |       #workspaces button:hover {
280 |           background: #282828;
281 |           box-shadow: inset 0 -2px #00897b;
282 |       }
283 | 
284 |       #workspaces button.focused {
285 |           background-color: #333;
286 |           box-shadow: inset 0 -2px #00b9ab;
287 |       }
288 | 
289 |       #workspaces button.urgent {
290 |           background-color: #eb4d4b;
291 |       }
292 | 
293 |       #clock,
294 |       #battery,
295 |       #cpu,
296 |       #memory,
297 |       #disk,
298 |       #temperature,
299 |       #custom-dunst,
300 |       #backlight,
301 |       #network,
302 |       #pulseaudio,
303 |       #wireplumber,
304 |       #custom-media,
305 |       #tray,
306 |       #mode,
307 |       #idle_inhibitor,
308 |       #scratchpad,
309 |       #mpd,
310 |       #custom-github,
311 |       #language {
312 |           padding: 0 2px;
313 |           margin: 0 4px;
314 |           color: #ffffff;
315 |       }
316 | 
317 |       @keyframes yk-blink {
318 |         to {
319 |           border: 2px solid transparent;
320 |         }
321 |       }
322 | 
323 |       #custom-yk {
324 |         border: 2px solid #0f0;
325 |         padding: 0 6px;
326 |         margin: 0 4px;
327 |         color: #fff;
328 |         animation-name: yk-blink;
329 |         animation-duration: 0.375s;
330 |         animation-iteration-count: infinite;
331 |         animation-timing-function: linear;
332 |         animation-direction: alternate;
333 |       }
334 | 
335 |       #custom-screenshot {
336 |         padding: 0 5px;
337 |         box-shadow: inset 0 -2px #fc5;
338 |       }
339 | 
340 |       #window,
341 |       #workspaces {
342 |           margin: 0 4px;
343 |       }
344 | 
345 |       #workspaces {
346 |           margin-left: 0;
347 |       }
348 | 
349 |       #clock {
350 |           box-shadow: inset 0 -2px #0a7;
351 |       }
352 | 
353 |       #language {
354 |           box-shadow: inset 0 -2px #07a;
355 |       }
356 | 
357 |       @keyframes github-blink {
358 |         to {
359 |           box-shadow: inset 0 -2px #1f1f1f;
360 |         }
361 |       }
362 | 
363 |       #custom-github {
364 |         box-shadow: inset 0 -2px #ff507a;
365 |         animation-name: github-blink;
366 |         animation-duration: 0.5s;
367 |         animation-iteration-count: infinite;
368 |         animation-timing-function: ease-in-out;
369 |         animation-direction: alternate;
370 |       }
371 | 
372 |       #battery {
373 |           box-shadow: inset 0 -2px #c00;
374 |           background: none;
375 |       }
376 | 
377 |       #battery.charging, #battery.plugged {
378 |           box-shadow: inset 0 -2px #26A65B;
379 |       }
380 | 
381 |       #battery.warning:not(.charging) {
382 |           background: #850;
383 |       }
384 |       #battery.critical:not(.charging) {
385 |           background: #810;
386 |       }
387 | 
388 |       #cpu {
389 |           box-shadow: inset 0 -2px #2ecc71;
390 |       }
391 | 
392 |       #memory {
393 |           box-shadow: inset 0 -2px #9b59b6;
394 |       }
395 | 
396 |       #disk {
397 |           box-shadow: inset 0 -2px #6961ff;
398 |       }
399 |       #disk.warning {
400 |           background: #850;
401 |       }
402 |       #disk.critical {
403 |           background: #810;
404 |       }
405 | 
406 |       #custom-dunst.enabled {
407 |         box-shadow: inset 0 -2px #0a7;
408 |       }
409 |       #custom-dunst.disabled {
410 |         box-shadow: inset 0 -2px #e00;
411 |       }
412 | 
413 |       #backlight {
414 |           box-shadow: inset 0 -2px #a0c1c1;
415 |       }
416 | 
417 |       #network {
418 |           box-shadow: inset 0 -2px #2980b9;
419 |       }
420 | 
421 |       #network.disconnected {
422 |           box-shadow: inset 0 -2px #e00;
423 |       }
424 | 
425 |       #pulseaudio {
426 |           box-shadow: inset 0 -2px #f1c40f;
427 |       }
428 | 
429 |       #pulseaudio.muted:not(.mic), #pulseaudio.mic.source-muted {
430 |           box-shadow: inset 0 -2px #880;
431 |       }
432 | 
433 |       #tray > .passive {
434 |           -gtk-icon-effect: dim;
435 |       }
436 | 
437 |       #tray > .needs-attention {
438 |           -gtk-icon-effect: highlight;
439 |           background-color: #eb4d4b;
440 |       }
441 | 
442 |       #scratchpad.empty {
443 |           background-color: transparent;
444 |       }
445 |     '';
446 |   };
447 | }
448 | 


--------------------------------------------------------------------------------
/home/xournalpp/default.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   home.packages = [ pkgs.xournalpp ];
 4 |   home.file.xournalpp = {
 5 |     source = ./settings;
 6 |     target = ".config/xournalpp";
 7 |     recursive = true;
 8 |   };
 9 | }
10 | 


--------------------------------------------------------------------------------
/home/xournalpp/settings/colornames.ini:
--------------------------------------------------------------------------------
1 | [info]
2 | about=Xournalpp custom color names
3 | 


--------------------------------------------------------------------------------
/home/xournalpp/settings/settings.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <!--The Xournal++ settings file. Do not edit this file! Most settings are available in the Settings dialog, the others are commented in this file, but handle with care!-->
  3 | <settings>
  4 |   <property name="pressureSensitivity" value="true"/>
  5 |   <property name="minimumPressure" value="0.05000000"/>
  6 |   <property name="pressureMultiplier" value="1.00000000"/>
  7 |   <property name="zoomGesturesEnabled" value="true"/>
  8 |   <property name="selectedToolbar" value="Right hand Note Taking Copy 1"/>
  9 |   <property name="lastSavePath" value=""/>
 10 |   <property name="lastOpenPath" value=""/>
 11 |   <property name="lastImagePath" value=""/>
 12 |   <property name="edgePanSpeed" value="20.00000000"/>
 13 |   <property name="edgePanMaxMult" value="5.00000000"/>
 14 |   <property name="zoomStep" value="10.00000000"/>
 15 |   <property name="zoomStepScroll" value="2.00000000"/>
 16 |   <property name="displayDpi" value="144"/>
 17 |   <property name="mainWndWidth" value="1920"/>
 18 |   <property name="mainWndHeight" value="1054"/>
 19 |   <property name="maximized" value="true"/>
 20 |   <property name="showToolbar" value="true"/>
 21 |   <property name="showSidebar" value="false"/>
 22 |   <property name="sidebarWidth" value="50"/>
 23 |   <property name="sidebarOnRight" value="false"/>
 24 |   <property name="scrollbarOnLeft" value="false"/>
 25 |   <property name="menubarVisible" value="true"/>
 26 |   <property name="numColumns" value="1"/>
 27 |   <property name="numRows" value="1"/>
 28 |   <property name="viewFixedRows" value="false"/>
 29 |   <property name="showPairedPages" value="false"/>
 30 |   <property name="layoutVertical" value="false"/>
 31 |   <property name="layoutRightToLeft" value="false"/>
 32 |   <property name="layoutBottomToTop" value="false"/>
 33 |   <property name="numPairsOffset" value="1"/>
 34 |   <property name="presentationMode" value="false"/>
 35 |   <!--Which gui elements are hidden if you are in Fullscreen mode, separated by a colon (,)-->
 36 |   <property name="fullscreenHideElements" value="mainMenubar"/>
 37 |   <!--Which gui elements are hidden if you are in Presentation mode, separated by a colon (,)-->
 38 |   <property name="presentationHideElements" value="mainMenubar,sidebarContents"/>
 39 |   <!--The cursor icon used with a stylus, allowed values are "none", "dot", "big"-->
 40 |   <property name="stylusCursorType" value="dot"/>
 41 |   <property name="highlightPosition" value="false"/>
 42 |   <property name="cursorHighlightColor" value="2164260608"/>
 43 |   <property name="cursorHighlightBorderColor" value="2147483903"/>
 44 |   <property name="cursorHighlightRadius" value="30.00000000"/>
 45 |   <property name="cursorHighlightBorderWidth" value="0.00000000"/>
 46 |   <property name="darkTheme" value="false"/>
 47 |   <property name="useStockIcons" value="false"/>
 48 |   <property name="disableScrollbarFadeout" value="false"/>
 49 |   <!--Hides scroolbars in the main window, allowed values: "none", "horizontal", "vertical", "both"-->
 50 |   <property name="scrollbarHideType" value="both"/>
 51 |   <property name="autoloadMostRecent" value="false"/>
 52 |   <property name="autoloadPdfXoj" value="true"/>
 53 |   <property name="defaultSaveName" value="%F-Note-%H-%M"/>
 54 |   <property name="autosaveEnabled" value="true"/>
 55 |   <property name="autosaveTimeout" value="1"/>
 56 |   <property name="addHorizontalSpace" value="false"/>
 57 |   <property name="addHorizontalSpaceAmount" value="150"/>
 58 |   <property name="addVerticalSpace" value="false"/>
 59 |   <property name="addVerticalSpaceAmount" value="150"/>
 60 |   <property name="drawDirModsEnabled" value="false"/>
 61 |   <property name="drawDirModsRadius" value="50"/>
 62 |   <property name="snapRotation" value="true"/>
 63 |   <property name="snapRotationTolerance" value="0.20000000"/>
 64 |   <property name="snapGrid" value="true"/>
 65 |   <property name="snapGridTolerance" value="0.25000000"/>
 66 |   <property name="snapGridSize" value="14.17000000"/>
 67 |   <property name="touchDrawing" value="false"/>
 68 |   <property name="pressureGuessing" value="false"/>
 69 |   <property name="selectionBorderColor" value="4294901760"/>
 70 |   <property name="backgroundColor" value="4292664021"/>
 71 |   <property name="selectionMarkerColor" value="4285702095"/>
 72 |   <property name="touchZoomStartThreshold" value="0.00000000"/>
 73 |   <property name="pageRerenderThreshold" value="5.00000000"/>
 74 |   <!--The count of rendered PDF pages which will be cached.-->
 75 |   <property name="pdfPageCacheSize" value="10"/>
 76 |   <property name="preloadPagesBefore" value="3"/>
 77 |   <property name="preloadPagesAfter" value="5"/>
 78 |   <property name="eagerPageCleanup" value="true"/>
 79 |   <!--Config for new pages-->
 80 |   <property name="pageTemplate" value="xoj/template&#10;copyLastPageSize=false&#10;copyLastPageSettings=false&#10;size=595,000000x841,000000&#10;backgroundType=graph&#10;backgroundColor=#ffffffff&#10;"/>
 81 |   <property name="sizeUnit" value="points"/>
 82 |   <property name="audioFolder" value=""/>
 83 |   <property name="audioInputDevice" value="-1"/>
 84 |   <property name="audioOutputDevice" value="-1"/>
 85 |   <property name="audioSampleRate" value="44100.00000000"/>
 86 |   <property name="audioGain" value="1.00000000"/>
 87 |   <property name="defaultSeekTime" value="5"/>
 88 |   <property name="pluginEnabled" value="ToggleGrid"/>
 89 |   <property name="pluginDisabled" value=""/>
 90 |   <property name="strokeFilterIgnoreTime" value="150"/>
 91 |   <property name="strokeFilterIgnoreLength" value="1.00000000"/>
 92 |   <property name="strokeFilterSuccessiveTime" value="500"/>
 93 |   <property name="strokeFilterEnabled" value="false"/>
 94 |   <property name="doActionOnStrokeFiltered" value="false"/>
 95 |   <property name="trySelectOnStrokeFiltered" value="false"/>
 96 |   <property name="snapRecognizedShapesEnabled" value="false"/>
 97 |   <property name="restoreLineWidthEnabled" value="false"/>
 98 |   <property name="numIgnoredStylusEvents" value="0"/>
 99 |   <property name="inputSystemTPCButton" value="false"/>
100 |   <property name="inputSystemDrawOutsideWindow" value="true"/>
101 |   <property name="preferredLocale" value=""/>
102 |   <property name="stabilizerAveragingMethod" value="0"/>
103 |   <property name="stabilizerPreprocessor" value="0"/>
104 |   <property name="stabilizerBuffersize" value="20"/>
105 |   <property name="stabilizerSigma" value="0.50000000"/>
106 |   <property name="stabilizerDeadzoneRadius" value="1.30000000"/>
107 |   <property name="stabilizerDrag" value="0.40000000"/>
108 |   <property name="stabilizerMass" value="5.00000000"/>
109 |   <property name="stabilizerCuspDetection" value="true"/>
110 |   <property name="stabilizerFinalizeStroke" value="true"/>
111 |   <property name="latexSettings.autoCheckDependencies" value="true"/>
112 |   <property name="latexSettings.globalTemplatePath" value="/usr/share/xournalpp/resources/default_template.tex"/>
113 |   <property name="latexSettings.genCmd" value="pdflatex -halt-on-error -interaction=nonstopmode '{}'"/>
114 |   <property name="font" font="Sans" size="10.00000000"/>
115 |   <data name="buttonConfig">
116 |     <data name="default">
117 |       <attribute name="color" type="hex" value="ff000000"/>
118 |       <attribute name="drawingType" type="string" value="default"/>
119 |       <attribute name="size" type="string" value="medium"/>
120 |       <attribute name="tool" type="string" value="pen"/>
121 |     </data>
122 |     <data name="eraser">
123 |       <attribute name="eraserMode" type="string" value="none"/>
124 |       <attribute name="size" type="string" value="none"/>
125 |       <attribute name="tool" type="string" value="eraser"/>
126 |     </data>
127 |     <data name="middle">
128 |       <attribute name="eraserMode" type="string" value="none"/>
129 |       <attribute name="size" type="string" value="none"/>
130 |       <attribute name="tool" type="string" value="eraser"/>
131 |     </data>
132 |     <data name="right">
133 |       <attribute name="eraserMode" type="string" value="none"/>
134 |       <attribute name="size" type="string" value="none"/>
135 |       <attribute name="tool" type="string" value="eraser"/>
136 |     </data>
137 |     <data name="stylus">
138 |       <attribute name="tool" type="string" value="selectRegion"/>
139 |     </data>
140 |     <data name="stylus2">
141 |       <attribute name="tool" type="string" value="selectRegion"/>
142 |     </data>
143 |     <data name="touch">
144 |       <attribute name="device" type="string" value=""/>
145 |       <attribute name="disableDrawing" type="boolean" value="false"/>
146 |       <attribute name="tool" type="string" value="none"/>
147 |     </data>
148 |   </data>
149 |   <data name="deviceClasses">
150 |     <data name="ELAN0707:00 04F3:30DA Mouse">
151 |       <attribute name="deviceClass" type="int" value="1"/>
152 |       <attribute name="deviceSource" type="int" value="0"/>
153 |     </data>
154 |     <data name="ELAN0707:00 04F3:30DA Touchpad">
155 |       <attribute name="deviceClass" type="int" value="1"/>
156 |       <attribute name="deviceSource" type="int" value="6"/>
157 |     </data>
158 |     <data name="ELAN2514:00 04F3:2A1F">
159 |       <attribute name="deviceClass" type="int" value="4"/>
160 |       <attribute name="deviceSource" type="int" value="5"/>
161 |     </data>
162 |     <data name="ELAN2514:00 04F3:2A1F Eraser (0)">
163 |       <attribute name="deviceClass" type="int" value="3"/>
164 |       <attribute name="deviceSource" type="int" value="2"/>
165 |     </data>
166 |     <data name="ELAN2514:00 04F3:2A1F Pen (0)">
167 |       <attribute name="deviceClass" type="int" value="2"/>
168 |       <attribute name="deviceSource" type="int" value="1"/>
169 |     </data>
170 |     <data name="ELAN2514:00 04F3:2A1F Stylus Eraser (0)">
171 |       <attribute name="deviceClass" type="int" value="3"/>
172 |       <attribute name="deviceSource" type="int" value="2"/>
173 |     </data>
174 |     <data name="ELAN2514:00 04F3:2A1F Stylus Pen (0)">
175 |       <attribute name="deviceClass" type="int" value="2"/>
176 |       <attribute name="deviceSource" type="int" value="1"/>
177 |     </data>
178 |     <data name="Virtual core XTEST pointer">
179 |       <attribute name="deviceClass" type="int" value="1"/>
180 |       <attribute name="deviceSource" type="int" value="0"/>
181 |     </data>
182 |   </data>
183 |   <data name="lastUsedPageBgColor"/>
184 |   <data name="tools">
185 |     <attribute name="current" type="string" value="pen"/>
186 |     <data name="drawArrow">
187 |       <attribute name="drawingType" type="string" value="default"/>
188 |     </data>
189 |     <data name="drawCoordinateSystem">
190 |       <attribute name="drawingType" type="string" value="default"/>
191 |     </data>
192 |     <data name="drawEllipse">
193 |       <attribute name="drawingType" type="string" value="default"/>
194 |     </data>
195 |     <data name="drawRect">
196 |       <attribute name="drawingType" type="string" value="default"/>
197 |     </data>
198 |     <data name="drawSpline">
199 |       <attribute name="drawingType" type="string" value="default"/>
200 |     </data>
201 |     <data name="eraser">
202 |       <attribute name="drawingType" type="string" value="default"/>
203 |       <attribute name="size" type="string" value="THIN"/>
204 |       <attribute name="type" type="string" value="deleteStroke"/>
205 |     </data>
206 |     <data name="hand">
207 |       <attribute name="drawingType" type="string" value="default"/>
208 |     </data>
209 |     <data name="highlighter">
210 |       <attribute name="color" type="hex" value="ff8000"/>
211 |       <attribute name="drawingType" type="string" value="default"/>
212 |       <attribute name="fill" type="int" value="0"/>
213 |       <attribute name="fillAlpha" type="int" value="128"/>
214 |       <attribute name="size" type="string" value="MEDIUM"/>
215 |     </data>
216 |     <data name="image">
217 |       <attribute name="drawingType" type="string" value="default"/>
218 |     </data>
219 |     <data name="pen">
220 |       <attribute name="color" type="hex" value="000000"/>
221 |       <attribute name="drawingType" type="string" value="default"/>
222 |       <attribute name="fill" type="int" value="0"/>
223 |       <attribute name="fillAlpha" type="int" value="128"/>
224 |       <attribute name="size" type="string" value="MEDIUM"/>
225 |       <attribute name="style" type="string" value="plain"/>
226 |     </data>
227 |     <data name="playObject">
228 |       <attribute name="drawingType" type="string" value="default"/>
229 |     </data>
230 |     <data name="selectObject">
231 |       <attribute name="drawingType" type="string" value="default"/>
232 |     </data>
233 |     <data name="selectRect">
234 |       <attribute name="drawingType" type="string" value="default"/>
235 |     </data>
236 |     <data name="selectRegion">
237 |       <attribute name="drawingType" type="string" value="default"/>
238 |     </data>
239 |     <data name="showFloatingToolbox">
240 |       <attribute name="drawingType" type="string" value="default"/>
241 |     </data>
242 |     <data name="text">
243 |       <attribute name="color" type="hex" value="000000"/>
244 |       <attribute name="drawingType" type="string" value="default"/>
245 |     </data>
246 |     <data name="verticalSpace">
247 |       <attribute name="drawingType" type="string" value="default"/>
248 |     </data>
249 |   </data>
250 |   <data name="touch">
251 |     <attribute name="cmdDisable" type="string" value=""/>
252 |     <attribute name="cmdEnable" type="string" value=""/>
253 |     <attribute name="disableTouch" type="boolean" value="false"/>
254 |     <attribute name="method" type="string" value="auto"/>
255 |     <attribute name="timeout" type="int" value="1000"/>
256 |   </data>
257 | </settings>
258 | 


--------------------------------------------------------------------------------
/home/xournalpp/settings/toolbar.ini:
--------------------------------------------------------------------------------
 1 | ## Xournal++ Toolbar configuration
 2 | ## Here you can customize the Toolbars
 3 | # Delete this file to generate a new config file with default values
 4 | #
 5 | # Available buttons:
 6 | # File: NEW,SAVE,OPEN
 7 | #
 8 | # Edit: CUT,COPY,PASTE,SEARCH,UNDO,REDO,INSERT_NEW_PAGE
 9 | #
10 | # Navigation: GOTO_FIRST,GOTO_BACK,GOTO_NEXT,GOTO_LAST,GOTO_NEXT_ANNOTATED_PAGE
11 | #
12 | # Zoom: ZOOM_OUT,ZOOM_IN,ZOOM_FIT,ZOOM_100,FULLSCREEN,PAIRED_PAGES
13 | #
14 | # Color: COLOR(0xffffff),COLOR(0xffff00),COLOR(0xff8000),COLOR(0xff00ff),COLOR(0x00ff00),COLOR(0x00c0ff),COLOR(0x808080),COLOR(0x008000),COLOR(0xff0000),COLOR(0x3333cc),COLOR(0x000000),COLOR_SELECT
15 | #  Notice: This are the default Xournal colors, each other color in HEX can also be used, eg COLOR(0x12ABCF);
16 | #
17 | # Tools: ERASER,PEN,HILIGHTER,IMAGE,TEXT,IMAGE,SELECT,SELECT_REGION,SELECT_RECTANGLE,VERTICAL_SPACE,HAND
18 | #  Notice: ERASER also has a drop down menu to select the eraser type, SELECT are all selection tools, with drop down menu
19 | #
20 | # Tool settings: SHAPE_RECOGNIZER,RULER,FINE,MEDIUM,THICK,SELECT_FONT
21 | #
22 | # Components: PAGE_SPIN,ZOOM_SLIDER,LAYER
23 | #  PAGE_SPIN: The page spiner, incl. current page label
24 | #  ZOOM_SLIDER: The zoom slider
25 | #  LAYER: The layer dropdown menu
26 | #
27 | #
28 | 
29 | [Right hand Note Taking Copy]
30 | toolbarTop1=SAVE,NEW,OPEN,SEPARATOR,CUT,COPY,PASTE,SEPARATOR,UNDO,REDO,SEPARATOR,PEN,ERASER,HILIGHTER,IMAGE,TEXT,MATH_TEX,SEPARATOR,DEFAULT_TOOL,SEPARATOR,INSERT_NEW_PAGE,DELETE_CURRENT_PAGE,SEPARATOR,GOTO_BACK,GOTO_NEXT,SEPARATOR,FULLSCREEN,SEPARATOR,AUDIO_RECORDING,AUDIO_PAUSE_PLAYBACK,AUDIO_STOP_PLAYBACK
31 | toolbarLeft1=COLOR(0xffffff),COLOR(0xffff00),COLOR(0xff8000),COLOR(0xff00ff),COLOR(0x00ff00),COLOR(0x00c0ff),COLOR(0x808080),COLOR(0x008000),COLOR(0xff0000),COLOR(0x3333cc),COLOR(0x000000),COLOR_SELECT,SEPARATOR,PRESENTATION_MODE,ZOOM_100,ZOOM_FIT,ZOOM_IN,ZOOM_OUT
32 | toolbarLeft2=FINE,MEDIUM,THICK,SEPARATOR,TOOL_FILL,SEPARATOR,DRAW_CIRCLE,DRAW_RECTANGLE,DRAW_ARROW,RULER,SEPARATOR,ROTATION_SNAPPING,GRID_SNAPPING,SEPARATOR,VERTICAL_SPACE,SELECT_REGION,SELECT_RECTANGLE,SELECT_OBJECT,PLAY_OBJECT
33 | name=Right hand Note Taking Copy
34 | 
35 | [Right hand Note Taking Copy 1]
36 | toolbarTop1=SAVE,NEW,OPEN,SEPARATOR,SEPARATOR,UNDO,REDO,SEPARATOR,IMAGE,TEXT,MATH_TEX,SEPARATOR,DEFAULT_TOOL,SEPARATOR,INSERT_NEW_PAGE,DELETE_CURRENT_PAGE,SEPARATOR,GOTO_BACK,GOTO_NEXT,SEPARATOR,FULLSCREEN,SEPARATOR,AUDIO_RECORDING,AUDIO_PAUSE_PLAYBACK,AUDIO_STOP_PLAYBACK
37 | toolbarLeft1=COLOR(0xffffff),COLOR(0xffff00),COLOR(0x808080),COLOR(0xff8000),COLOR(0xff00ff),COLOR(0x00ff00),COLOR(0x00c0ff),COLOR(0x008000),COLOR(0xff0000),COLOR(0x3333cc),COLOR(0x000000),COLOR_SELECT,SEPARATOR,PRESENTATION_MODE,PEN,HILIGHTER,ERASER,ZOOM_100,ZOOM_FIT,ZOOM_IN,ZOOM_OUT
38 | toolbarLeft2=FINE,MEDIUM,THICK,SEPARATOR,TOOL_FILL,SEPARATOR,DRAW_CIRCLE,DRAW_RECTANGLE,DRAW_ARROW,RULER,SEPARATOR,ROTATION_SNAPPING,GRID_SNAPPING,SEPARATOR,VERTICAL_SPACE,SELECT_REGION,SELECT_RECTANGLE,SELECT_OBJECT,PLAY_OBJECT,COPY,CUT,PASTE,DELETE
39 | name=Right hand Note Taking Copy 1
40 | 


--------------------------------------------------------------------------------
/home/yubikey.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   home.packages = builtins.attrValues { inherit (pkgs) yubikey-manager yubioath-flutter; };
 4 | 
 5 |   systemd.user =
 6 |     let
 7 |       yktd = pkgs.yubikey-touch-detector;
 8 |     in
 9 |     {
10 |       services = {
11 |         yubikey-touch-detector = {
12 |           Unit = {
13 |             Description = "Detects when your YubiKey is waiting for a touch";
14 |             Requires = "yubikey-touch-detector.socket";
15 |           };
16 |           Service = {
17 |             ExecStart = "${yktd}/bin/yubikey-touch-detector --libnotify";
18 |             Environment = "PATH=${pkgs.lib.makeBinPath [ pkgs.gnupg ]}";
19 |             EnvironmentFile = "-%E/yubikey-touch-detector/service.conf";
20 |           };
21 |           Install = {
22 |             Also = "yubikey-touch-detector.socket";
23 |             WantedBy = [ "default.target" ];
24 |           };
25 |         };
26 |       };
27 |       sockets = {
28 |         yubikey-touch-detector = {
29 |           Unit = {
30 |             Description = "Unix socket activation for YubiKey touch detector service";
31 |           };
32 |           Socket = {
33 |             ListenStream = "%t/yubikey-touch-detector.socket";
34 |             RemoveOnStop = "yes";
35 |           };
36 |           Install = {
37 |             WantedBy = [ "sockets.target" ];
38 |           };
39 |         };
40 |       };
41 |     };
42 | }
43 | 


--------------------------------------------------------------------------------
/home/zoxide.nix:
--------------------------------------------------------------------------------
1 | {
2 |   programs.zoxide = {
3 |     enable = true;
4 |     options = [ "--cmd=cd" ];
5 |   };
6 | }
7 | 


--------------------------------------------------------------------------------
/home/zsh/default.nix:
--------------------------------------------------------------------------------
  1 | { pkgs, lib, ... }:
  2 | let
  3 |   aliases = {
  4 |     "." = "source";
  5 |     ls = "EXA_COLORS='xx=2;37' ${pkgs.eza}/bin/eza -g --git --group-directories-first";
  6 |     l = "ls -aal";
  7 |     tre = "ls -alT";
  8 |     c = "clear";
  9 |     h = "cd;c";
 10 |     grep = "grep --color=auto";
 11 |     f = "cd $(pwd -P)";
 12 |     curl = "curl -L";
 13 |     cif = "curl ifconfig.co";
 14 |     ciff = "curl httpbin.org/ip";
 15 |     cf = "ping 1.1.1.1";
 16 |     cal = "cal -m";
 17 |     py = "python";
 18 |     diff = "git diff --no-index";
 19 |     sshx = "ssh -o UserKnownHostsFile=/dev/null";
 20 |     sftpx = "sftp -o UserKnownHostsFile=/dev/null";
 21 |     lsblk = "lsblk -M";
 22 |     type = "which";
 23 |     j = "just";
 24 |     qmv = "qmv -f destination-only";
 25 |     repl = "nix repl -f '<nixpkgs>'";
 26 |     da = "direnv allow";
 27 |     de = "direnv edit .";
 28 |     dr = "direnv reload";
 29 |     db = "direnv block";
 30 |     duff = "duf /persistent/* /nix /";
 31 |     mksv = "btrfs subvolume create";
 32 | 
 33 |     g = "git";
 34 |     gs = "git status";
 35 |     gsh = "git show";
 36 |     gl = "git log --graph";
 37 |     glp = "git log --graph -p";
 38 |     gb = "git branch";
 39 |     gg = "git switch";
 40 |     gd = "git diff";
 41 |     gds = "git diff --staged";
 42 |     gt = "git stash";
 43 |     ga = "git add";
 44 |     gap = "git add -p";
 45 |     gai = "git add --intent-to-add";
 46 |     gx = "git restore";
 47 |     gxp = "git restore -p";
 48 |     gc = "git commit -v";
 49 |     gca = "git commit -v --amend";
 50 |     gcf = "git commit --fixup";
 51 |     gr = "git rebase -i --autosquash";
 52 |     grc = "git rebase --continue";
 53 |     gra = "git rebase --abort";
 54 |     gm = "git merge";
 55 |     gcp = "git cherry-pick";
 56 |     gp = "git pull --all --prune --rebase --autostash";
 57 |     gu = "git push";
 58 |     guf = "git push --force-with-lease";
 59 |     gch = "git checkout";
 60 |     gcl = "git clone";
 61 |     grr = "git reset";
 62 |     grs = "git reset --soft";
 63 |     grh = "git reset --hard";
 64 |   };
 65 |   functions = {
 66 |     d = "dirs -v | tac";
 67 |     mkcd = ''mkdir -p "$1"; cd "$1"'';
 68 |     temp = ''(d=$(mktemp -d); cd "$d"; zsh && rm -rf "$d")'';
 69 | 
 70 |     skg = ''
 71 |       f=$(mktemp -u)
 72 |       ssh-keygen -t ed25519 -C "" -P "" -f $f
 73 |       cat $f
 74 |       cat $f.pub
 75 |       rm $f $f.pub
 76 |     '';
 77 |     wgpeer = ''
 78 |       key=$(wg genkey)
 79 |       echo "# Private Key: $key\n[Peer]\nPublicKey = $(wg pubkey <<< $key)\nPresharedKey = $(wg genpsk)\nAllowedIPs = "
 80 |     '';
 81 | 
 82 |     s = ''
 83 |       tmux new -d -c ~ -s "$1"
 84 |       if [[ -n "$TMUX" ]]; then
 85 |         tmux switch-client -t "$1"
 86 |       else
 87 |         tmux a -t "$1"
 88 |       fi
 89 |     '';
 90 | 
 91 |     is_btrfs_subvolume = ''
 92 |       local dir=''${1:-.}
 93 |       [[ "$(stat -f --format=%T $dir)" = "btrfs" ]] && [[ "$(stat --format=%i $dir)" =~ ^(2|256)$ ]]
 94 |     '';
 95 | 
 96 |     command_not_found_handler = ''
 97 |       local d="$HOME/.cache/zsh_command_not_found_handler"
 98 |       if ! [[ -f "$d/$1" ]]; then
 99 |         echo -n "command '$1' not found, try comma? " >&2
100 |         read -q || return
101 |         mkdir -p "$d" && touch "$d/$1"
102 |       fi
103 |       ${lib.getExe pkgs.comma} "$@"
104 |     '';
105 |   };
106 | in
107 | {
108 |   programs.zsh = {
109 |     enable = true;
110 |     autosuggestion.enable = true;
111 |     syntaxHighlighting.enable = true;
112 |     defaultKeymap = "viins";
113 |     autocd = true;
114 |     history.share = false;
115 |     plugins = [
116 |       {
117 |         name = "powerlevel10k";
118 |         src = pkgs.zsh-powerlevel10k;
119 |         file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
120 |       }
121 |     ];
122 |     initContent = ''
123 |       # p10k instant prompt
124 |       P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
125 |       [[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
126 | 
127 |       source ${./p10k.zsh}
128 | 
129 |       ZSH_AUTOSUGGEST_STRATEGY=(history completion)
130 |       bindkey '^ ' autosuggest-accept
131 | 
132 |       zstyle ':completion:*' menu select
133 | 
134 |       setopt autopushd
135 | 
136 |       # custom functions
137 |       ${(builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${k}() {\n${v}\n}") functions))}
138 | 
139 |       if [[ -n "$SSH_TTY" ]]; then
140 |         export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$UID/bus
141 |       fi
142 |     '';
143 |     shellAliases = aliases;
144 |   };
145 | }
146 | 


--------------------------------------------------------------------------------
/home/zsh/full.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   system-config,
 3 |   pkgs,
 4 |   lib,
 5 |   ...
 6 | }:
 7 | let
 8 |   aliases = {
 9 |     bt = "bluetoothctl";
10 |     vlc = "vlc -I ncurses";
11 |     mnt = "source ${../scripts/mount.sh}";
12 |     tt = "${../scripts/timetracker.sh}";
13 |     drss = "${../scripts/download_rss.sh}";
14 |     sys-rebuild = "_rebuild && source /etc/zshrc && source ~/.zshrc";
15 |     sys-update = "_update && source /etc/zshrc && source ~/.zshrc";
16 |     c = lib.mkForce "clear; is_split || hyfetch";
17 |   };
18 | 
19 |   impure = system-config.system.replaceDependencies.replacements != [ ];
20 | 
21 |   functions = {
22 |     _rebuild = ''
23 |       sudo nixos-rebuild "''${1:-switch}" --flake ~/nixos ${lib.optionalString impure "--impure"} --log-format internal-json -v |& nom --json
24 |     '';
25 |     _update = ''
26 |       nix flake update --commit-lock-file --flake ~/nixos && _rebuild
27 |     '';
28 | 
29 |     shot = ''
30 |       file=$(mktemp --suffix .png)
31 |       ${pkgs.termshot}/bin/termshot -f $file $TERMSHOT_FLAGS -- "$@" \
32 |         && ${pkgs.imagemagick}/bin/convert $file -crop 0x0+81+191 -crop -113-140 $file \
33 |         && ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i $file \
34 |         && ${pkgs.eog}/bin/eog $file
35 |     '';
36 |     cshot = ''TERMSHOT_FLAGS="-c" shot "$@";'';
37 | 
38 |     is_split = ''
39 |       [[ "$TERM" =~ ^tmux ]] && [[ $(tmux list-panes | wc -l) -gt 1 ]]
40 |     '';
41 | 
42 |     fwatch = ''
43 |       if [[ $# -eq 0 ]] || [[ "$1" = "--help" ]]; then
44 |         ${lib.getExe' pkgs.inotify-tools "inotifywait"} --help
45 |         return
46 |       fi
47 | 
48 |       args=()
49 |       while [[ $# -gt 0 ]]; do
50 |         if [[ "$1" = "--" ]]; then shift; break; fi
51 |         args+=("$1")
52 |         shift
53 |       done
54 | 
55 |       while true; do
56 |         ${lib.getExe' pkgs.inotify-tools "inotifywait"} "''${args[@]}"
57 |         code=$?
58 |         if [[ $code -eq 0 ]]; then
59 |           "$@"
60 |         else
61 |           return $code
62 |         fi
63 |       done
64 |     '';
65 |   };
66 | in
67 | {
68 |   imports = [ ./. ];
69 |   programs.zsh = {
70 |     initContent =
71 |       let
72 |         ng-completion = pkgs.runCommand "ng-completion" { } ''
73 |           SHELL=zsh ${pkgs.nodePackages."@angular/cli"}/bin/ng completion script > $out
74 |         '';
75 |       in
76 |       ''
77 |         ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${k}() {\n${v}\n}") functions)}
78 | 
79 |         # Load Angular CLI autocompletion.
80 |         source ${ng-completion}
81 | 
82 |         is_split || hyfetch
83 |       '';
84 |     shellAliases = aliases;
85 |   };
86 | }
87 | 


--------------------------------------------------------------------------------
/hosts/neon/default.nix:
--------------------------------------------------------------------------------
  1 | {
  2 |   _module.args.conf = {
  3 |     user = "felix";
  4 | 
  5 |     networking = {
  6 |       vpn.default = "72ab4eb3-3c9a-42c9-adeb-9f4730d540e6";
  7 |       vpn.full = "bb1d4d42-dedb-4598-8b81-d2147b3197ab";
  8 |       wifi.trusted = [
  9 |         "fad97450-a66a-44f9-894b-19d578ba6265"
 10 |         "9a3a989a-c30b-4b2c-be19-28094e503bf2"
 11 |         "ffb7f072-ae29-3ade-9b4f-29eec0ff1324"
 12 |       ];
 13 |       secrets = ./secrets;
 14 |     };
 15 | 
 16 |     wayland.outputs = {
 17 |       default = {
 18 |         name = "eDP-1";
 19 |         pos = "0,0"; # primary output should start at 0,0
 20 |         mode = "2560x1600";
 21 |         scale = "1.25";
 22 |         touch = true;
 23 |         workspaces = null;
 24 |       };
 25 |       ext = {
 26 |         name = "HDMI-A-1";
 27 |         pos = "-1280,0";
 28 |         mode = "1280x1024";
 29 |         scale = "1";
 30 |         touch = false;
 31 |         workspaces = [ "0" ];
 32 |       };
 33 |     };
 34 |   };
 35 | 
 36 |   boot.initrd.luks.devices.root.device = "/dev/disk/by-uuid/4500f286-2548-47a5-9432-d24cb032063b";
 37 | 
 38 |   fileSystems = {
 39 |     "/" = {
 40 |       device = "tmpfs";
 41 |       fsType = "tmpfs";
 42 |       options = [
 43 |         "defaults"
 44 |         "size=100%"
 45 |         "mode=755"
 46 |       ];
 47 |     };
 48 | 
 49 |     "/nix" = {
 50 |       device = "/dev/disk/by-uuid/5ad67c07-d42c-4871-b2ea-f4ea30121666";
 51 |       fsType = "btrfs";
 52 |       neededForBoot = true;
 53 |       options = [
 54 |         "compress=zstd"
 55 |         "noatime"
 56 |         "subvol=@nix"
 57 |       ];
 58 |     };
 59 | 
 60 |     "/persistent/data" = {
 61 |       device = "/dev/disk/by-uuid/5ad67c07-d42c-4871-b2ea-f4ea30121666";
 62 |       fsType = "btrfs";
 63 |       neededForBoot = true;
 64 |       options = [
 65 |         "compress=zstd"
 66 |         "noatime"
 67 |         "subvol=@data"
 68 |       ];
 69 |     };
 70 | 
 71 |     "/persistent/cache" = {
 72 |       device = "/dev/disk/by-uuid/5ad67c07-d42c-4871-b2ea-f4ea30121666";
 73 |       fsType = "btrfs";
 74 |       neededForBoot = true;
 75 |       options = [
 76 |         "compress=zstd"
 77 |         "noatime"
 78 |         "subvol=@cache"
 79 |       ];
 80 |     };
 81 | 
 82 |     "/swap" = {
 83 |       device = "/dev/disk/by-uuid/5ad67c07-d42c-4871-b2ea-f4ea30121666";
 84 |       fsType = "btrfs";
 85 |       neededForBoot = true;
 86 |       options = [
 87 |         "noatime"
 88 |         "subvol=@swap"
 89 |       ];
 90 |     };
 91 | 
 92 |     "/boot" = {
 93 |       device = "/dev/disk/by-uuid/6B80-B69E";
 94 |       fsType = "vfat";
 95 |       options = [ "umask=0077" ];
 96 |     };
 97 |   };
 98 | 
 99 |   swapDevices = [
100 |     {
101 |       device = "/swap/swapfile";
102 |       priority = 0;
103 |     }
104 |   ];
105 |   boot.resumeDevice = "/dev/disk/by-uuid/5ad67c07-d42c-4871-b2ea-f4ea30121666";
106 |   boot.kernelParams = [ "resume_offset=14754000" ];
107 | 
108 |   # https://wiki.archlinux.org/title/Lenovo_Yoga_7i#Speaker_audio
109 |   boot.extraModprobeConfig = ''
110 |     options snd-sof-intel-hda-generic hda_model=alc287-yoga9-bass-spk-pin
111 |   '';
112 | }
113 | 


--------------------------------------------------------------------------------
/hosts/neon/hardware-configuration.nix:
--------------------------------------------------------------------------------
 1 | # Do not modify this file!  It was generated by ‘nixos-generate-config’
 2 | # and may be overwritten by future invocations.  Please make changes
 3 | # to /etc/nixos/configuration.nix instead.
 4 | { config, lib, pkgs, modulesPath, ... }:
 5 | 
 6 | {
 7 |   imports =
 8 |     [ (modulesPath + "/installer/scan/not-detected.nix")
 9 |     ];
10 | 
11 |   boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "sdhci_pci" ];
12 |   boot.initrd.kernelModules = [ ];
13 |   boot.kernelModules = [ "kvm-intel" ];
14 |   boot.extraModulePackages = [ ];
15 | 
16 |   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
17 |   # (the default) this is the recommended approach. When using systemd-networkd it's
18 |   # still possible to use this option, but it's recommended to use it in conjunction
19 |   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
20 |   networking.useDHCP = lib.mkDefault true;
21 |   # networking.interfaces.enp0s20f0u2u4.useDHCP = lib.mkDefault true;
22 |   # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
23 |   # networking.interfaces.vpn.useDHCP = lib.mkDefault true;
24 |   # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
25 | 
26 |   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
27 |   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
28 | }
29 | 


--------------------------------------------------------------------------------
/hosts/neon/secrets/default.yml:
--------------------------------------------------------------------------------
 1 | user:
 2 |     hashedPassword: ENC[AES256_GCM,data:UqNKMQZGo7VlveDUqjPR8mN0zjmr+pT1OSjMj3Ei83hWR2CXCmue4y/bHLvH+kSeme4dQoz8lGC+7phE0VZnsvSzdmrFOrqxVA==,iv:lVercc3ECuC/dbgU9pm3Pa7a1usZcjD2EbeFJJ3hPw4=,tag:MaBOLrIJE2T1SPCmsfNdOw==,type:str]
 3 | backup:
 4 |     srv:
 5 |         repository-password: ENC[AES256_GCM,data:BwCZh8xIBseTL25RFFy4r9eluMfEb3Z7L0POU+7UZvXPC6x2d1GgrKwqQ6532rOzawp8d0KiRHQynVL781Onuw==,iv:7CtdDCRJdZcLkwEbLKBdpO9Lwv2W8fhXI7MPRyMWOqQ=,tag:TSSqVmdapZkpuCcf1iOJvA==,type:str]
 6 |         rest-password: ENC[AES256_GCM,data:yHJr8hFagoOAIgWP2LMULk5sD3Unf6vWlSCdOb2TIWNrmCgZFdKij4nGpjdvKfyasi8Nz1zwh0hJUP3ZmCn8Pw==,iv:SIKUAOK6PCUCBl8mlUGP85iDNK8GapZGlF7jgGX6P7A=,tag:Spgs1MztlSx3JtdcPyvceQ==,type:str]
 7 |     home:
 8 |         repository-password: ENC[AES256_GCM,data:pCZaYwgXATWOysmwF4/UU6OwJgumWxnJeh3aIExSpreIzthDEgwinMyVOhpUo9NfxdIdQOpCW0JcaUdmIF+Ogg==,iv:Op++W7T0VvYzH38Iip8cFffZxL/6C3yrUA204jx7cEc=,tag:ZIvDjVCId7/gOCpVPA3gdg==,type:str]
 9 |         rest-password: ENC[AES256_GCM,data:AkmcWqWDkbpsX4i4FOIi2N/UhPNNVr56/qsgXjRxp9ut6D2zyznbokyJO3uwsbM5wk0y4VeqjIJwV9++A60lXw==,iv:tNwuslThgxWZgpF7OwLx0v6pnsGtKLCZYKu4ZFsI1vU=,tag:Sg31L4eTMeXPorx3G8bhrQ==,type:str]
10 |     box:
11 |         repository-password: ENC[AES256_GCM,data:pwJzMk+AINzeJ020d+QGcKzTh0Ri39Oi3T5UhKZ1gntOZkEImBaHjut/UeYp1/o1xEhtrOEgoZf3xHKW1VXNbg==,iv:xP1L/KzRXzSIZApGSyOMb3Wzk7gre13WQz90qJYN53I=,tag:EqHfOSnzLNAqY+hSyf6sNg==,type:str]
12 |         ssh-key: ENC[AES256_GCM,data:qeu8kRkjAbp2pjcvReZO3lQ+yzN9oM7Mjw/Ijd9hA3kfCo29rgJNtAbUoMnm1GUpMhGEH83zqCteCPvBL4vjz8ZGw893wuKxxIy1TFjq2QhRpx9cZ+ws4TpE1Aqx7RDElOR6uGvc212Be++5aDwQ0J4ThrJSl1xKefRRfna7FZFlZiLcnfWvv6aO1U39tIpcmoMCjlWcY0afQTsCFVfxrtt7Bw4A71IZYVs9eHkGcurCeX7w810IKAIRP7bgicVLwUFDKaF6awxs4oFGesQi2WcTZspsUxxPeagH5sfEDR2gobAfGLcI0h40eHl7zW5b0WPpGt4Dy8AzxbNJw+ppN1Az0HgDZ/xA0CuU8GPiyWKAHcneQ4qIIgqjGz910ShX5xcTvP/vL6RozxCAjdzlTC3hmFBfLEIm2kWsu8CsIW9Rtw8gPd/8Wkr2SlmUiPivjCtqIJN+/8VbiUTVByhhGJQ22t8F6at2ZKdA9Scms6VYFPELlpllD9l0+qf3duxBbR2G,iv:jCKJiatdmkr3tExp1yazyoFqftPEMQzG7n4OTbv60cY=,tag:HAEvcYJBty9pd82mIGyYsQ==,type:str]
13 | sops:
14 |     kms: []
15 |     gcp_kms: []
16 |     azure_kv: []
17 |     hc_vault: []
18 |     age:
19 |         - recipient: age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g
20 |           enc: |
21 |             -----BEGIN AGE ENCRYPTED FILE-----
22 |             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkLzZxaVNZZWR5UEZpLzA3
23 |             b01qVW1UNkdxbHVZQjBDRGhlRHRiWXk5WUFvCm9nSVhhMExENklYNmwwN2w2RUZy
24 |             ejRzYU5BODhUUWtpOTBsQ0I3S3FwYzQKLS0tIGk5MmdFblh3RjBMbGJrNnJkSDRK
25 |             anNjS1E0M3lZekFveFdoblFkcnBMKzAKZeXoj7jHWeWllwPGV7UvoFk0Wc/oCo8o
26 |             Sa4anpi03Gu0kONwP6bQWWlr+2+zHjS6vizZgAWmk4dbpgVgeRA01Q==
27 |             -----END AGE ENCRYPTED FILE-----
28 |     lastmodified: "2024-08-15T13:12:24Z"
29 |     mac: ENC[AES256_GCM,data:7TiKuTBrjaxUzwx0tJPnN0MB/kyNNWDBtHdeGtgfGHlFVqxc37xRABC2brkujxAZzxMNU05GyJ5dBD9WKhLVDN3nAuadIUPjLrJoOhsWLt6nX7mtO1oangrMTeNwqVDS7Xcbo9n4BvLICvdxK8vw+JcuoHqew2WjvwCDjW8Eu4Y=,iv:I2T1s9rfanD/lGP5gHP6yqGFzvyrF1HJ4vaj/jetjNE=,tag:uOp+4bq2QzLE5SGfuxMWRA==,type:str]
30 |     pgp:
31 |         - created_at: "2023-08-05T14:48:19Z"
32 |           enc: |-
33 |             -----BEGIN PGP MESSAGE-----
34 | 
35 |             wV4D8w/Zb+cfdxsSAQdAq7+v7y5g8lhGR0MuQXmEjVeJbUtew9v5zYuWzkOy8RMw
36 |             rPZrMDFuHwnBjsCtwAflgZ6TljXEctb/+PvWwbg+mncCwn6w0Eof++n/G4VzfZyx
37 |             0lEB2/9x0qyQjOptKTHXm64ScVufU3kdkNfSyIDN/vPuEcpSCmDuaZ8+J9XdjR/N
38 |             tIuBvDQsT03fMzF5Y+GKwUN26j/ZYu2kVPpF22xxN4pkVrc=
39 |             =zBDW
40 |             -----END PGP MESSAGE-----
41 |           fp: 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
42 |     unencrypted_suffix: _unencrypted
43 |     version: 3.9.0
44 | 


--------------------------------------------------------------------------------
/hosts/neon/secrets/networking/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Defelo/nixos/5ecb867d90490637bbc466c3222fefa2752fca7e/hosts/neon/secrets/networking/.gitkeep


--------------------------------------------------------------------------------
/hosts/neon/secrets/networking/uni-wifi-keys/client_cert.pem:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:Q+1Y74AOuX+Bg6g3xGlPVVSIYal3+giXFoSHuMUCyedhBmElaHz5UyzumGmU5vGAOJHyK5gdYOoPfunAZKzzjelpaibXXb/TiPEO9beGtSoOrNc+dLJk8/rzZShm7aR2VxHqcnoPigneg+TMv9aNfx+OTRPLAgcgTcly8NOHtGmUImf/qklol9GUCi9bHV7DVNnh7Km/HtA9HjzB967pDJDr8QLt7s8B/3AeKW6jlmEYTaAyBw0kU06rB5/sJn5oIJ7oPzPdB9PfJCRjoo/jfLAj5iUSyW1f5JWB3tgaTOhonpRy9AiLBvMvUzLt9nXfkOTXG+3byk6vNrSvlqRLGGiPry0s1spcASi/g32Js/NFcirKEHuBuy2Y885QlG9KD09yalMxoumkixEmHxO0FZEmU/KWBbKb29p06yTvZoPJtPpCgkFb7RVKWG+8ZyKOTliGN9uIHJAB/bK1COQoAQrHjhqvtWaoKv4i9HHrGGG9l51/uTyX2J6GDb1Sjbup04uyY7AgY77qpz2TTAZWeAUcRGQkLsHP0PFL5GXo1p+iQb4rZHcvPXzZdCH2enAaogojOAbQZ727YYvvhMN5rlAk7e073WdhNcaRLAj3bIXS7LzIeR2JdmIx99BRjAI9Udzw6HxCGLn8M/kfZBiwWjiXaUcKUNzYCji05GaX30dVGEwK0X50D38ymPR9c06fY1BKmdj0znY8DGu4+g1eP/eH27qr/V7cZB8S4xRljYDT9/f3S7pBUSrOe9OEjNoxv4alyF/T/iDPcLXt/9I8zO7M9RKtmPZqqxI6KKfY04O+VNkkRD0Xp4Asr255D6JItUausAzj2HK2qMsTXqKcgBxzCS1iA0eLyVj8i1bv2wUWvWfkQx6vwh9r6B4PnUBiPol4TlXIpNs5iOHnd0x4RX/UIHvFNFUntPzKlcwRXrPSZgqDfmMtTRv1Md95N/ACJiHv1+6i4Q3tYM3buPQG/ISQSplBGEIT0R6jOEwM43JtEDyqfRGYzgRe5p7VHtvyzvS0imj1w84iCq5/5l0d5+rGJpTxeg3+fsw+tfaItn4ahp2UP5KMB01zLEHXeg0PsErKZubvQ7k+8pbI1qrgH+WKObmkKdVR1tTprgFF3jorBUEm/uBlAISePtWINsRE+hXWrDyXz7tZL/A4XQICRI5HAmFg1DvCsktXn9RhK+fC34NcKZq19Iyjt77Se5Wir/oMxg8+rk9nFBe7+wogTKHcocQRNTnGdEGBpv/AjE8nRPLAzFcUWlu/9UjEsR7ed/zxRLL47fbyVLlBxHuxOpJ+vI3EjOs6L+31Jk4qJO/oWB6w+rV8+rRgdLVgiFsBXNkwcE2Rb68KJM03jKIr6z0x5OBy9zpugfJGttOMT/F72tXhTzIFEdU+fyc4tp+EOF6KraIj9iAixTiV20Fd0/E/HR9Dyy+unFTAusxcXgvxDIA3WE4N16tZKeoBabKyhp40SGBtAqmjOLt/WDU1JQTREScPIvGjXL+BOAwGX+OlzjE3W9/A+AP2uPcydkQNjVTpTQ52Sm6bydy+HuV1NpL3PhVSCZn0o5hlL2OS9cLFS6eXNm4/XU22qRV3Ju9YBE1pHEFyvXs1AIlqQ/T6KyTAWZsRHLX5zzKELwCkfYJp9HeDPBzr2o+tywEdT8T7xKlXeJE4jPcu6E8tARfbL412hYIt9o/NXTjD7W86iUwtqicNJmn2+a2z2agMgJqPGQAA7JYuvUFPTwkp218FdI0raVxkfBGSNvEFpfV2/aosJTRb6WsGV/w/x42j4TgfAaOg/g1my94lxwad8FCXsYiMOZVwU9CmU2MyXD/QyfdK0Br1CN0JEtDlbEg4tWi9cVCje+NVObmQO0c4pXy/iURm4FvBnm+BS3rYm2qyqPTQrl6YY9McuPKFRQsKIO+6KlcZ7DiMs5lFayrKjr3XdRySmuiVJb1plFShBAIoR6VIenKBcSOWtIDq5vHmlPjfORC33/g7xRhh3IuXTWQzRYdwx79IQg6+a+b7znoXKFPvDO6aUtFCtsQqdN9yGhKe8x3I47Mi52En66vQsoD//3R0+KJ7I64nRPQPJimdtf3De4czWpYX/9IBDHx8Vg87vJ3vrcvtcHa0lJwuq7H95XF1qBtJCmZNkZ8dyBarNBKIpV/FmkbK9gajwEUNLBPlje2qvSbO8nlemfUv9+tYhm1Wv9uGhbuy2Rp2SUNESf/LH3lvS5t+M0/n02A/PMOflH30+PzaCk4yhWcQtxnod7aai2OB3atxQBLB0J03AnXqOYCvL5qjAnP6ob9+jAZvJRPjPzydUaAkrloLNkxJ1kdYLKNTPS/J+Dm41DXoGqEagdVA7K1Z/2Hjxdu5bsldBTdXLJnj2NOBvPh0Y4FyjBu9wuzpyIMnNYAHnvADjCF1P5SQ86r6SaN2kdUPHyyWWrigSLOzyR7tXFeiM3xU72YYMIJRRQ1J2nEijZG+2fJhtr2T4BxNQDHds9aNm/w8/C/h+ZSwnA==,iv:Am52WOhQR4L7glcnlJk3v0ZiyE1o+NgdsGH62XA8e98=,tag:x/75L27oahQ2oIUZ/1kS1w==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYMUlLZTMraW9HRmw3bjBG\ndkh1UlQ3cjlsMFZ2bFViYm1yVkNNU3h0QVRFCjVxRUdialJFbS9jdHR1Yk5IQXMz\nOHVGNFZmVzNjaUpYTHpjQ3JKd0VhVUUKLS0tIHdMV0YrMUtIa3A2WDJ1T1VGWi9C\nNDZTbnBZajBBVWUxNHBEaUlQSW1rT1kKVxqdQfUzq9FmECB5fhY1Du+PVOYA+k4N\n3rNA4M9+kNgd4MdjNn34Ra5g6zSarRrT0iiZi2sgF0n4L2hHydjyYg==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-05-14T21:28:54Z",
15 | 		"mac": "ENC[AES256_GCM,data:K1XCx7RiLpGEVlr/u5U8I50+hAObrLWLH9cQCJnTkIG0L39Z5uRgZM6l7j9PDqf+NpoLnnBc2iINkFqD3kQ5jGrbLZmL97kDkuItOTqO9plW3UyElKk4jUT1Q+UYO6zrGXHojQ7/v6HgfN40AZBHWtObRR/OGnZ3cLfaAUbMEHQ=,iv:Mf/9A+/Ubp2uch0bWYz60jyyUY1ic4vLlVG0HH9zNtA=,tag:+ynibC4cc0DsWRwoIApZXA==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-05-14T21:28:54Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAq+u5IrJAmY87viEUZHQdWSERg4iTwCCsTvE64mN2qmIw\nlZAx63ZoAUn3kswNDWsZewD2Rd4h1hyE0cY61WsPVzFzMjeesh5jYJdflb1VwlLE\n0l4BPEN8E9CuxOe1n1m268c6rIpcFsotOZndOhksDthaU3WR8mCgRsejPwwPJH/Z\nTuKT8KKZ0J2bnbQ6us1NKIY+UtfURjdc09ZokEmvGvPibl0IXyCrnvDF42pkqjip\n=bXyH\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.8.1"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/networking/uni-wifi-keys/client_key.pem:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:fa92yO+ZrFgQg0YaeLpnW7u+jsMVL8cpOoNpJ1ALfjUvyidT8h8OhghAJULKnKF2Psn/cqiC8+6FanRjXwdVIHGfgIGs8p/I7/QwSPkPXhAHT9tZLKJUMtGkb1C0J2DNnvLMiDwzknhiUlDcka6oWeVMrA+uogUfvm2aDmg1ZJ1/a/PGzW7QvgP7Z8jjpnD6+e6foQ8+9944smmejsLRBPTyGhBGgdR1fpXCdUnjAbRY6hsAWBtHC/7ua4sdpazItvR6zurfyRe3oQ/FMOizOPtIY8xnLJKD7BZx4vtAVhYLLEHtSYQ1fqkIy6QLDcQtl5zzrg5yBckQFOGnrxEY+yL60iEYC4XSLWrZXK55pWuJNMCpdvTPvbvvSM30BoNwNCIGGV8gNWrFoVt7wWtb9srUNNNKhqWpcn9MoW1MXF0XgIvRbKJViqQl5w9FHvsPsPw+rjvgHdSV2ujdg8rezwVmLG8kTpna/KP6WTmUY9go9bqIDis7yNnHlYheXNksPY90PLswLjjXsYsvMOafS5emHAh2CIif74krPIj9psmpx9nWaV+J3tRg2k5Ux++2Ojk/h+MgVPu4cs1vTAda2fHhHrH+SDIOjDsSj5BtJvSEyJ4qwM2TMKzDcnwqJ4ET8ckRScsS2pYPjh3l71FohPtDCu6lrGOlwy02jHp1oZ13n65jexrGdlPe3BUb12GhuINzaTrkk1bRzFlTUhqWFQoy9B5wKsIs+zmSbi+dXTGywLYhqWiwgN5fD3dFTeWtEH4zYMv4DWjmSfzT623wuH56vBwKfcPETFPeIdC2JBR8kjpHsewNPAcII9pkPSlaD4uEKhgrtp+98y2nQzDqMQ7p5goCgKf+Yt2TiuQ48Jhag8Oz3fvwlD7tM1dgXI9r1KNoAo8R9BuFsc6V4BdCaVR4Evg+XPOzPtyt4tOuKJiPIwIfIZpamILkJ8cc4haHnhBmjGENnVmQCi4ilfgUtrpg4Va1/7LoNnizFzMoicj5TNd8hZON3Cf4oI/WoDTHdPz6S/JtdLr/iNenmxctglvochaYf1onigR2mjcL3+Lv6MZlOG+LXUuXCjecUjA/ib0po0a6JMVK/1s9e4GFBKyfN3PfB0MhWG74JiAIwK+dHojg6X9HZE8+BB6ULODIpdfYgcq/JrhQAG3yTKNsnlUHa+LnE/xEm1cc1/7dcniipOJd+O73LdUXZwZegiScl55Zk0P0/voqJ+TU+gKio0CHpgcbY/k3UnjzIRnDx664WfbVhZPu8ZNtjYCfhtkjDDHCA5rjMCmKkm3b+zGGBNgYk9Gr4gG9EtF3cCf7sUveGYVNF442oV3IeTdxZHSOE60Zj3LpGY1n7MekxZl2uH1itudWYkU9ATqD1gLjZBOmVPEd+0GhmNs4lgD63yPY25sQYCbfzeioCOorsoU65KB0eUWBl6GB1BCsqQIrnzQorT4Xw1f0CZSXWhRdad+OczBqa0ZsCyFAza+twEZg2aZJQUdxXukIpxkydVlCOuZup5i3jeeVH7Pv79IJfBt7NqUxDuYwDcMRwBWg5RaZ9LtonsR6AfbsLu5eLZKJc3cVZma8BTFcl9hO0wa4eYvryNsEUXw6SEtOMdveizzEn/O0LL+2wTrYLC1lrdC7KHcAYt6+yMDV9Zhz4cMlWcHhUkUOPCV4J6R9BLo0M6pp9nRoaOSkaELUaMk6YS8pstyQJF26hPK4iq+LA6znWnG53utLHQq4g4PlAE5Ek/G4bEfMfW/YpRNOA815/XnUkMPAIrPfyRO3kL721dUzbTHqdQkoQ8/QoQaGTSjxCKc46U1hVrK57XQ8VSQm9KvorN0o10SI6qtswZltuPlu2csAZ2/Tx1kvgKQ/Ar2Y7DQ+pbCCWnsD8NgG4AX/jmMkHZtEMtZjI3/CkQ1CJ1PvLcA7QKBe8JQ58F3GRSt7gvTlgqNjvxxFl0a0yZwMNtnsmHrf78kWOzPNOpCFxaPizbNPcMQ3vP72k9MKh5OjqWfka3MCAkYQ7yEgX82kaO+PjmC/hyN9IEfJY3UrOHIbwrPWF+AvunCfmN0QPsXva02wtUenAXFE53KkZhH9Phsvuj67bavsVwRaCPbXvFUK5CycjhEDq3mJaBrzQDEIiKTKmY+YFlA2yXlMYYjU6SytQlwm4HEueRN7BuNPONUFta3zA+QgCWVfZEEMbtvXutfhU6bqE/BxuTDHokN8AHAuiVYeJPysqNldrRtvnnQPPPgpEu0NyJ5Zx8bGfVgT01bc50kpLLIhag2XhSiuPXYM7PZFPfREFyjOZeuzrcpzNIeW3G4CVAzu39iiS3cmx9M4ZqmUQGAzWWD00IkkezXfdgxGOUTn9ZRKif0CJP5gZgZtbETdyxsPn59RC1FL4KPhAUlLz5zxVKw9RLxbQHP2Z5JIGWf49CFtP5kTYmV0OvyWEqAiBL37Crehjcx7spJxZoWhWecWX4r1sQRLz9VQLSrh1NaTeiN1mwuB6m/kvBXRDPs=,iv:W3wF5CZ3AUsKl4/d1e4h+B8u7nkpHAUGCnsy0p1Ud1Y=,tag:Uva4jCDVMOrPGnehzR9Few==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMy8rQ3luM1JQNEJRWGsr\nMEJLSTFRZnArTHdMZG5mcHlqdmQ1bmFrOWc4Cnhhek5DTER3RDZrQ0U4RzZsK1ZG\nNEY1cGpxRCtGZWRhZ0llQ002enJ2VUEKLS0tIHlTclllK2YraEx4SUJGL1pNMXFv\nRi8wTXA1d3NYLzNXQUhBK1hqcm43L0UKfSauxKjU3Wk2UYG76JbkCScZEpft3o3O\n3Ex1aJbV6eI9BA0GP4oTY1t0CTn2cOurvnXA6GRo80pROe1EzxLhMQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-05-14T21:29:10Z",
15 | 		"mac": "ENC[AES256_GCM,data:qOXeAYHnB4TPr1q5HPlP0uwJ2UDOtFRBPML6YqJq2PoFE85Q6rjEQK9cVGTwTZzZ5kjlW1T+VJ6ePCPfSFMJpN8U33wrs8BSN9fnlKulY/pSheyV5ZfBJzQBpDHsmNJOsAsburok7KbC0vApH+Nj9l8ODE4SCUwL/9hwe9ZF0SI=,iv:IAkEQEymei3vlFdtUReFYSHtW8SNQI/wDF+E9PisaR0=,tag:m1k3GxWZAxvn7KYGvJsdsQ==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-05-14T21:29:10Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdA2DRrUhZFoJqWREhfQkXxyUrzvoZQNutr5QynGBqxQlEw\n/YQEOdgsjogo4/AEI00m/c79nrF+T2VIvJG8MJHKdvaxdt/pvyGQFLEh5U3xEKLo\n0l4BTlmMM6pMmPPGGFxRsDRPSi0g9vZR6eDIdqwFaWPP175GCikR+52i+k2Qynie\nl9BNp8lMP0ycSZhjEG3TkSgDpmejJ9n+lQ9ybxBLCjSm/GsYR+XocYGexP2gUSV1\n=50Hp\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.8.1"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/networking/uni-wifi-keys/root_ca.pem:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:Ktc7l3gasT65VflDzZn+WGoyYFNpvwIYZ8yuK8uNVoLwRydmt4vFesYNJCYsqwOf6OIgQ8zKuDCuLbAW+IN/k40zgw4JzMiCEgSwruz54F06QV5ByqCOZJG+A1/Jj4Q/DlU60pKIeU1X1oOFXPJLO2E1ySUgADLZq3wQ3kC396oLmpdju2vdtAuZz7ibqS3hu3/BFQLV0VbfDcjRhwBvqBfLbg5GAwGv00I3Ez5SJ0ZJiuh8UFCr8kOPXf5cv4/udLYGmUkd7Vbs1gjqcStGnE0mxU3ubfC1ucZabgL5/QxgJlXpMlHR29sfPux93Vr6TTQzxHtOZjIqTuy5cXfAgSkWEW5iAUB0kZl8OXwU2G1DIBiof9Si/zarMv91+PfQ/ObcvP05BKE3AIRttOER6SQ05K4rGdm2xWjVH000dMFu9ZJyNUl84jy6QD1bE5SBRLgu622Y/e7sFYbU1Asv1L0ff6PgXDFgVNndft99S3fjtB6jLFYxtwA7BD8DHCXytT3sZpapoUEoU/ZdNvS7rFjDcO3QpmTeeZa7YT3dwbqmAa9YbtKGQ6qL6gdWMIv7EqJNkEhW4FNNJFXM6JGD328u7C2GE/Jk9meWKGbSLF5nOBVyEx82S8e00a5jMeqOBR+/7bOSgocTdBYRICoL/bMJ20Yb8dc9Wn/ze3yNZ/fLJid5TKtNqnV1WOte2fGoe2URaXOonbE06hHly+w8q/I6fzwrHChfY1TU2uPviZn0tOuCZnlAFdXLUaFyjGm2rY5DKnv5Rgi0jOWnG8GisC9JdW7C+f+WBrJcKWbsae0g8Wh3W5ORz9oi9YHqiA+Pe+u7paDJc+vsuOH7hmyuWL6sP6/dImURYhm48EpkdofX2FvAvIH/n+SlyomFKbQ9Lgt5+Jo8QL0neN5oFalMRZEKovgjdXmthcPTij8P88wzCj3XROqCCM1uCGJwga31+lRDolHioB9dWvteHKE/Lf+qmV6LY0cNCq4uNU1BF5hwWnensTrWxoYDK0O6M9zdl+sK2NnRopvosmwwB4djeYzGrpy0KkSFbitLtSRRhPNOeTD5fINoQl0ENq2i4eo/xtWJDoB857u1Oo9yQ0yVdtLQdu/U0SFbOUtjm6uSmwsaJeffgQEZ5sxqHrOOy/9DQlLkHV3/JqSlJvFFjtGPdfyopjlg5WuIBgf1jR2y7gqB+g0d8IW1FnlurpFm/Xe0w9nT/nkK/y841OICWnuYnPcB4+REb56pHBnq7Zvgc4io8P2X3k2cJOZfVODZziTbUgMH6v+j52gQmcW3Nb8xcNsHbTgnJIgEx93ucmk39+Z+o3efzBDDIvfVo25IRkZFSkuY5bdeG9tJLJ4cQMGHrVHYYm9jvIQ9vB/SsuBO4NVFeyfG2Rk/uBTYOP+XpFoWMO8FmL36BMClfATjD1iyM/FxzubE9+l0+8fYzWM2ZnVKitH5vyYV+n6fZppKg+LszIBwERMxavSusK9qp4akGMe8F4EgHHBfseK7yhlrke8BizsgmP7q1seaHp1ll9gmDglvxpWhRL8jycEO1gWwJ0cSnLasaFQJDE5M+A3nyrDWOc5HIYs+ONtkSyncpHZrULlvYUdM/IPwkkXqyDU6YCs7HnHSazeGYKpNkBzn9j1h5UtWuDktIBpes1xqU2e8Sgl3r6573GcpjIFj2TSXMOZYwT8Llk7sQzAXpmcelvzBS1xidMQp9Fvqq7SHze9E5nMld+XuN7HOSsmvlkMs+j35zVSxmWJRIz5czVwRVfe5xap3u676ALnffOPuVDDCCgres5l6TRU6226AI/2NPdLNWEO6RdBE7IaAoHj+1GRChjNC7FRpJKxmUrx7Y6wWpkQHrJKCPZ0aHrQ2QEuurTGFT4q+2dcla/vX0ItWHCxIDF1HmLv/5eSYVQTK2EJXavUjGYz5eMCgudFwYtSevnjZEKVaVamPn3APkT9tdd9EBtWWDfjXjS6b4NVyWAC+I1CGuzXAcog9biOWflsgZFRhuIBmKqCQNrVQV5Cnsnq1OM+NMSkvp9OpzzdbquokRZQbXVqGobclF/zQXZZ1+1cFR9GfDQLcipgeI1ohTwWL5YEwxEBDUr6+VM/FNts0LYDeK+0DfMOwq28hnNrqO5sYbZNEEkYim1zubfCX2TRUIcPiO83CrR0y0Q7v6XGfOLTDK/hpM0286VOR0EENL0tdu8iIFm8yduScx50ia7BP4lJYiDkiiOVQIo8pKXJ6iRE0gsC+CiwVJLQotQfiDEQmFwDTl1LDngbg4MCI84u617KXaa5SMzpM3x7E2LZ/68id2dEQDdnHbPyvPabrrh7Vz/VQxAm3YHrFQXPdGsrzLdCH9g==,iv:NhiOz1Tv2rv7TljgSYsmnH9JiRNW1IposPIeCuC5nXo=,tag:WAQLhPmn2G4uV+mOEOimIQ==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSjNjczNwTUFhbzJMeGtZ\nbHVaSWFaSzFUMmlXYmdPaGRJQU1qTmxUc2dnCkxCZFVwUmlEQllyS25RK3IwZVNO\nRTlaWUZ1NXBBeGp2TWtwcEpsSlRzRzQKLS0tIFNxMzV4S1VPTCtZWjZ1bml6enRM\nN3NqSk9rNDgxS2NuM0RxRTVRN21XT0UKSfIyCqEVPTarGmOVaRj8kxGqUKs3PNS6\nxNeDN/hDQvQYlYf26RAQ9YVY2gFjIBkeaDa1aKAK0fTJuzVQm0uW/Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-05-14T21:29:13Z",
15 | 		"mac": "ENC[AES256_GCM,data:PQzH+L6hTns3k3+meQZb/OQ8EZh7l5cmzlKFIbsuLRvzbUZ/sIY7RdZIBXdzXO2CpXa/N4BcH//aLN16roA0g6GrwPNn9ZRRcV81C3FIChS4bQGEZOy8JykimJh4ceDZYoq6XfkW/YHjcc9UNk6oco/vJg/LLcemX1Qr9rEDB3g=,iv:B1mWylrrEQNxGsFEB/w+ZY2JmDz+GjfSLuyFy76J18o=,tag:cPldMiiWSdQ/3aG6eMGTAA==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-05-14T21:29:13Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAJWhC0skZERAURuSTsm7v/tlqFP16VqAXo5usNYYfQz8w\nXNDw1F2t2oHE/r9BWbYpAuAcSCIXQHMZ+SFNXkBdxEGe19vLOihPVX5660fXJiT2\n0lwBNuNBEWwy4MQCFhV8gBiM92RwsnT0Y5hzDbJngv2FPnELxF7a3/yeXOlTL7Bz\nhYDb2c8ZSstkBib7+lNRUjZXi64iU2nSdTxJKJ+wJW1SpA/8JIFcyjVxAbZ7YQ==\n=5Mr5\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.8.1"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/home-wifi:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:cIGnlN/2wXw2aO1o9G65sgGLI5pk1o+U2mD2FI28QpgGGpjRkcKiEoDTXoIpG0tX5CMBqvh6qNGMEUL0+QrJ027CNCW9h66OSMdPColy7OlGZEklQky2lOHedtnabXKEjJFpareSPnBctGa6Kxlxz8hMNqLMK/yDsy9EsipxX8fM+FgXIArgsy+K2lCvA1iKN9anEBKWWTU+CQrHUJljCqL0Y+r6ukDUIr+y6sJcxMwBE+UNgZzR5Nq3a3qHPi7xKU91v+AJu0EgA2yjJJlBQbQR95/NoUm70jmnfzc4t841Btq0wirEYr1Cc6SRFaUPGtz6mFT51PxQXSIP1zFRy/Y9SoMNn+oUcJc15LEAMckrDhomkBOJSSe/dysaPOrmVVXot3zk1UFcofLR3Z+iBMjglPlHqI2amapO5DDmenvPGY3CAlKqrlg1gOIaukML4OR+gaH5/NuTq75FMh/j5d8I7Bv6BavveEfBeerhZYPvaJwJrQQ+0tZPIg==,iv:LlZygQQW7VU000SdBa8780aivq8EieEhRs1yA1FuH2E=,tag:oqCgvhZISrOBmz6o/56WEw==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVVY3Z0dqaDBPU0F1MFVz\nVGkybW8rR0xCZlYrNTQycWJ0RlpnNmRJL1hNClYwQ0lCRVp0N1BkU09ReUt2SmVs\nNFdBaG1YMzNGM2RNRzF3RkVROXNrdm8KLS0tIEFveXpOdzF2V2xFdzBaSUYrTlBQ\nZGtSditZSXMwYVFmdjZIYXR6akNBV0EKCQ/I0wGxCABEld2TMRCFEWOwhoNh674g\n77sP+1Q9UMUcHYVJL0kHZRGOWEDfFxzecLInYAH0Yo0DW3R12afNFQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2023-06-14T21:33:09Z",
15 | 		"mac": "ENC[AES256_GCM,data:rd++zGaLOlmH45mcPGtb5EpFS9FPkaswEL3FEsRCgBuopCJYE+OxtHppoec9GTKT6q+7qy6+KKbuklf3g/6iWmE33U9VqwMdAwq1ouTEsNjwPBe1kbUVXceoTwWdJFxr/v9kG0Q8r21TJWCy7JGN6eOYNBatSDo44r8hezFKbBs=,iv:jhRo7CLaD0AcFGgrOVSm0k2M5qieMJWn2svhNkE0jEw=,tag:2jj5ymhhEK52kgYiDrEbWg==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-06-14T21:32:59Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdA0em76ZVsXUhL2hSmi/tKupbkVP18f2tx+gwh3otF5zAw\na8iKP4wb5gFAxTWmPm59e5t1IRBIj2DhG+NFbH1KOyAy/VMG9Qe8EDSIKdnftwQs\n0lEBaEABpYE/eqVThdP7JBXGpkxCsmkEeEO6EDIrwMyHTO+CEEfuoRnY0W1P//v3\nKvXkGOPEHyim1KqR/oMmIKQSrC9rgLQKQlaMk/8iYKRogew=\n=4tzY\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.7.3"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/home-wifi-5:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:3DpY6eNe+ThjZkYKo40zK3ByGtHxfbC802RH7NZ1Pvmfm4oqsRAvgXRXp/Cb5c4Q1e+uTiNCRgrlUqHGcrEVaOJ/1U2U8bIcskzusSVtubb6L2Ki3brMcPV8P6BAg960v8HoiMNYuw4ypD9kVgWhEeqGPeiO9YMdngfKrJvQkDnRNVWBJrprivG1iZEGc4rCLEPDEgWhSVnpZa/YetdqvA2n/f5cf+pvB3zeWVgtddCsmbizXI0r2CzvPAA1PB9canxf2m9H++9fA/spf/ZzvjESsW2E2pkpdUIe01D6yuKiGOoadOeL7tli+N5DG5sKtbRbHrRbbZGx9hAnxgYS8OagdD2Cjxl2Ww3OiL7ykv+4525W4hempmqhCSAlEO84MMrFC7S+gFu7fL4pb7sDJk5QU/+99RGJ5WpocJu0f1BSRg8y6qGD+wRowDHQD2iA6F9MRyUjUtUaeQiTvBNdYEOcO3A3GAKBON2OBb70eB0Ya0kLul9YLAnzfC/UUIfz0d+1csO9c5F7AtE+5cN/9G44uw==,iv:zbfXSxjMreEK11VyR0BvKcie4EnojAySKfnvKLcEaa8=,tag:Rpy50jzV/5brGOWD1P5b4w==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWVZKWWFMNnBmdnVnd09K\ncjd4N0FIY1AyYlZhRHB0cURlejNLKzFOQnpRCkl3TTdzeGdTblplclFBRmZnUkQy\nWnFSbzJqZXNaNit6c3FVWkZ2Si8rQWcKLS0tIHh4UmpiRmdMTDRrZzRqZ3pESEdq\nSG5kU21tSTBPK1BJb0I0NUhFZS84RzgKViCuNtc7dh+zwpjBJL4gAaltukVM8W+e\nqlR6otDy1Yvj1COTcR1tK8TY0uFWjBLzw1vD3yOJcfMT6zrvWnGTvA==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2023-06-14T21:33:09Z",
15 | 		"mac": "ENC[AES256_GCM,data:QqCyT7PxwzYoN/BAv4jvfKJPsLG0VyolQYprwlT0bC5Zu1txwmRwM52Zl0XibX/NwWMTyp1SutC955TvaK+JEbHB56+dWyWw5U7lWh7hNKjKT6no0pEFkpkG0vZj5KCQehWMaZWxE0WrrzTZD5qwIrIn3g7ukR98LkpeTGvSnIA=,iv:k63J6ivZL6a37A9edQf9w2euHBbhvz7FLkDMx6WZxB4=,tag:FDIMCRtSiIbMfSbSt9R9rA==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-06-14T21:32:58Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdADpwuAIRXlKLf/Mv8UwYm2jQtIXzuYmehe5RGxZEO9Tcw\nukgti9nc2qlCMUoRAeyJo3YIxeMyWvate0B6ReFRMNyYZ33wfVVAe7dwzSiFV78Y\n0lEB6IPE1o39LqsdcbtR8TYQHrzZq1HSKLGaMSvKEA8kr8DfSYFIn6xxegFn6HpH\nRHq2pPVQI9boAvUVpB1rGypbChkLdzcdVtvwuHkO4c0sifQ=\n=cztg\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.7.3"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/hotspot:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:+02y5D8kOpE8MQsKAup64OnGh3HBx8nCrGvcK43wxvk74UehpSx9en1rA6KKhR0mUeBXiLaAOJEHkVwoWAlvGi33gQ+YaCEs6X8uSvlvi1b9LsI/iTMc1DIe3fYnDAPpDjQgXvvWHFcgn7YhzGhC14mzzBhb6RUwjfz89AbfTaQ7THQyUcseZ1t5kg4LwCZolnP4a595wxRWfcbokf4cxC0+vxh6uZ6yTv7vjyWMzb9b9VNlzzWlPLt9LxNT4V9G4TzbVTM/FENro2kO5luPADBlfr4AYr0fjd2kQEIxGCH+yvqfhva1yCiX+YF0CK430q6bxS/y9/nClb5lytjcF8aFzcwXUWmhNwPiw6mPuWHO0X1braAz1WwtUnXSUT10FL/YHdI/C9FIr32n4/aGv3GPXFtaea3kqYwCfof16xDQzfqsmGEq,iv:GqDu2eJh5FRlWe2GE1MOi7JP9BCiyU5VygQ5b39GF2g=,tag:C4MgOeS1DKnqmtFNfNTraw==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXBqZkRROTg2RFIrOWtR\nY0lyYVVLajlHWmRNbGdJeVh3VkpuK2dBVjJRCittaldTakhCcXF4a0UrTElIOWdS\nWGFSbzAraUM4dnUrNyt4VEJrY3JmK0kKLS0tIGNXeStaSng3amg4aW1BWnJtTkVu\nWU0wVHZOSXBUZEpzbEJOeEpPbVFaSEEKhwTfQDDRKTPfv1U+8FV4MMhWE0Clao+N\nMCacH6qEQx5O22yPz2HhV65Rb3OqQsz06Q0oNED+LUgGb7iNdaBBtQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2023-07-30T09:56:07Z",
15 | 		"mac": "ENC[AES256_GCM,data:XzpQdcA8FFQnCD7Q76HhOb2cV4yb/QODFY7ojCvdx0xNfh9C4mGRXNudj+YTPqQN6XfU9W6vEz+3cYr3TLk1qOWxme5clGdNTtVO/2YsUDACaIbAietYMy+9FJnN0p+JMDwQTJE3L4oNVBbyj3l1bc0fEWEoGlTtseGec0e6YtA=,iv:UU0cB3b+bae4dqj29qs25Clmq1C28dWoqqVWAIcpVcA=,tag:9K15e6yi741vQNCGqMBs9g==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-06-14T21:32:59Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdAjkM3tyNIeKa+GSwx2xI6y61hqb1XxKf9nKlh9jeHFlow\nO/E3hokktS17lgHh6pGuaxS8i/Ylc9CaHonUkqZSx/ucLTp4Hy4b20vNnW7ziIw2\n0lEBGHj9o237/LtTAbZRc5Oo4xdqR2+vr6iI2RlWgAy3B3eOS1D7xg+dsPn+jHE7\nf2wTlk9E49xq9gFw1x753Ul2RdYDyNbqBw96RMkFH0AAgts=\n=dW3G\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.7.3"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/uni-vpn:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:m8C5kaVg5NFn7OiyJ/H2bopVKB673G8OE1w2F7qQmzmsqV1T6nQUnDyNIsvbZTT2KL5u4pRtSecJPFyY7pix6eIuu15yJmzpBlgCMq5/VitYXvcVcMLk1H3/7O8Yy4mjOeaZaeGfN4WDV8NeNkoeZM1bpdGNLvd5FMf7De6cINyli67N6amZNWjLTQ75z17FomQgRZhGZev/6lpdJyvXSY9RJtyUI+qMfRsihzTGlbgY0VIj9NnG3kXsBSaHKGpBgFV0tY0z2AjeGVH/UnsfWgpyNoW8DZXwbj/M4nuR9rAHHcnVLGECnT1yb4VIyfCF4XITqnBcvw3+HOHacTDoUQNHTVEJjEVRwl22817eW/TbXEByfaJoX5iO78wrosFZ/CeeFbCDQ4ZFvgNJm4PkGrRc23kkfotBOjPkzukQsdYSHSMRWfHSI1liInYnZ6225WySADI9IGC4cgchLYsAF9zpAbOWGLYISFi459smJIX5gzjzC7N+f2Db/RSGJ+WFuXeEAIPhl1+fVuhA7t6WwQH8xS+coXEiQKqTkeDmDX2f/TPV6XpTl+oHQp02WlaOkIzItwHhUHK3oZLhm/ZMa0t4k0GrM1oCLb4iM2easnFpPFjCeDbRlh/MthVg+F9kgThqdtjCdvw0owR6O+OFgS2947LGMNzI7XrRMoelRpBamNYbiHsY7a8Jpwe9AkSlPTaoO5VgKkHZh5bEkK/1V5NGSuU=,iv:YPHktvUSxz0kj9Smk14gJ4NvCjPiXPppY10EhTo1cyQ=,tag:hIslWrxeoZrzcTI2DOIKxw==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvekxKZ09idjdCZEg1VWx2\nM2RISkQ0T2N6Y2NWVkV1U0ppRThBYlRhNjNjCkdlVnBnNU5EQlF1Y3RpRjB4WmxQ\nNXh0TnQwbTY5U0Nqdy9mbkkydDhVUzgKLS0tIG1wTGluWTRQTndEWGpKWjhoN2VU\nUm5nbkRCKytZZVh3QWRRQW9xblpwMUEKeYWmUVgpImfhelTCNBQhN6dieRg1DLpq\nDKe9vcUvvxlGH1uEloeg5uGLKVMzz30TD7eMm4K12a/b68OwwZpGSw==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-09-26T13:08:50Z",
15 | 		"mac": "ENC[AES256_GCM,data:qzykPBiFR50KeUx0Qbn+U2HopjJnsnKsEdbhWFP2sicuLUdSGX9Ktu9wV0EVUvFjg9Z+i/svvDiwIuhKNaY+7GUEfaHl7lhOUaIYeuElhSZyfhPeQsDwy3HmL2wsmTj3YQMbYBEWWZ2gafirahCcgwPtLY8bfxOy87kOpzWVdhU=,iv:NxQTtmn+SFRKDRZrThttD+yMnKUPpKgkCkRhQaSsSGM=,tag:taKTWyezNmwaY0NaNxTtaA==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-06-14T21:24:40Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdA2CAHg23OkPNxwugZ6JmnVToZcwJIrEJ3+ep5G7+17QIw\nCIIFxCrIrGRPSDWi6/l0Am7G4KyvYgJKtS5YzBK6xEaGeE57ffGWyoLaNXI/88ek\n0lEBEbybGaDc8d+t7RPP0TR0TJI485huCBnkkZpasXKWYgg23a/3pz/BCGj/Kg/w\n84e4Z/Ss/du50xOpd0KBRBOWijkfSwFkQeGDE3NjxB00COk=\n=nKtW\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.9.0"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/uni-wifi:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:9Gv/PIoOGvb8Gu2FcgQuoKLnb+1pp9ulSE0iy0Tel5T3uNmxtI45Fm59cQEfI/NjivxrSmUAI4+ATED3gc2hwOCatGC4+JKnLQiXPHu9suJCSj8w6kSUzeUSr2HI2rlogEzJkgpoFKbTzYVO94Hd3HCIU8/eNuS3bfFwilZJIGBpB3+0neOU4BTYysOSc858wHSUunLK0O/zmzirCfMMZWUdzk2gX2EULS4hnp5TuswYniqjuyCL6EtLPZz+5Mryqb7d/t2AUtxc+IaDwRdKC3USllq5PSple9wTs6OKxzyIhWb50fhP7KvQ1I1/2MBb1sa+u81zkJN3Uo9bYevyyWFGOJfueZW4U2W/dZKdX9Gdw1ue058nyLiPXfd5d4y3e+ea1ACpkdvnJKuvHkQp4PCKaWbsF1iTy30X0/qLhUO5dxjVFqU5WCdY9CgdI4SBQi1BFIy5M7QsI8uJx2f4MiAuBw5Jy17HxTNgIw9RyOd/MDUGzU26/54EBwHMRmnsMtxTrzmQ4hLmfB7fVlg1Icw8KKaqzbEybFtwK0v32DbrQWyCDLlknj7wC+g3wqwJyyfzOZ4NSqJ8ULA+pWYZ889esci7+PT9UH1znywPmySuQZB4J+nuR4EIh0R0vfFm9aZVQchBrRjeNU6OLkioMkivi2AIlWL0bDWIR8Lcs3oDJZx2smIK2tDOX+scvTnm3KgSSSqWWtg+oIzdelQl0XvQOS4NBCs=,iv:n4fL/DOfyhYcUP+HRH15x+8NuBxEIUN2oS923tBDdS8=,tag:lxGcBXICLAljknz9Oj/7eg==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaV3ZESFJBWEh5WXJmMThv\nMVdCU3ZIZ2Q5eDZBem1qTlVLMHZIRUZ6cWdjCk82eTJpSnRIeG1uWFBHZjFtT0xC\nVW5EcytyNVQybVFSaWsxbE43TmVzQk0KLS0tIHJXREFMYlRiR21DOXVBTEJYdjJs\nQlZUdk5md1hBNFV1V21sb0k3U3VtUVkKzbt1JbGCRjvtw/QeKdkRCx6HVokcZyeb\n/hGNScAL2g3RK0Sylq7eyM0V0gOyo2/GmXu/xvxlNtlcMQK0kRIfVg==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-05-14T21:32:05Z",
15 | 		"mac": "ENC[AES256_GCM,data:SZry0MKZ+97KcegzCUkQkVUgfAWz8izmYjziMD0/UEX2Pr+SUek/58uLQZgw8GW/6RD31g990xgh1HFa6UqgR2ifwPRGEZCh+xP2R7luwf2iMhl5rOzDjfhLHmV42MgMgDu0j8LqciLyjakuYvZWbiLQ9ofSK5CyzTyiOnkxCIE=,iv:okqN36LoWsz5P68bUlk6SIZNzqzCVn1PYw6+pY3SBEg=,tag:Pqa4C+0oBsQ0ytJtsnnUJg==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-10-31T17:17:00Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAvuTgknONSh+jZSIPTmd39KLZK1KjOtxYj2NVVpzqpwkw\n0Cypib1VwIJNLzieycs81l475nX/xkVQCK1s8GWKs+WVJmSCwZE2WDJrc24xNHjQ\n0lwBZDZkgrj0rBKq1PeUjmkFB4Q/AiiahknXjT18y0cRqCm4KtGFGvBojqodHhjO\nbCFCEQqHWGeibOflZUBjzknwoWd0TPYKsFL7SHre4xNJcF2f+udqRnnjWdA+tA==\n=OAAt\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.8.1"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/vpn:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:w2gUzQ576mmtOwulv5Xc/RxipsatsApbAqM5Aw+hvVJP5/iWr57TpUz/X4MZBeJzePA+fIxJrOdBL6lPZ0hKR68b+xHC2wRV6Mlwf2sDFfvqgOsK+fA5OGjubvDjq3DN2yzeETgzRateFYVxxTZK3YKREUDq7SAsJ3H1DclwGchW8bCDSzSu27F1UR7/xEDOc1K4ZG4GxnijplaWM0U5O0w65qsFJwWYmtimMBtz/AKKtxqLzWcp4lH6SJPinTrFwvRu1QV7/wYZyxOy/07m3DT2WHzebB6XLEtLZRG/VfcoXixi49CxWtwjo8bmBdPUhWSoiFT6nQheU44e/9JNgisn+1CuL0WXlzWM8wxZArQQQ5jl4UUOJsyBxGuUB8rbHKN0lhRYqZ0coreVD1edtOCWK2oMUzj1MfDPmVXru/wO/VANnRW451i3cgH2Xh+gJ/8VyHJJuyWp52bQu0xI7ua+5JdBDcsM+IK429hKnAT3+SbVzDzijLSJB8glcq++6z4sq19wE5GModx8s3RZRxPqOAWcOupRYKak6wnRXNLTXsyFGLBXSIwAGVVCWnHu6Rn6NPgichzW2SDdIgAT2Qwj+cOA/sHT3tVPnypSDq5V0kbXoPJe4sfOYwxyxGO7f26plkSFufeIVVgNgqMUJrVX0oerXTSR6xbm7iqtpcr/RwWmNSAw61XJ5PzxVvza25Kc/f7K4DAtRSVlVB/SHkDJr6u9gIGPgDWjy0jiIhb9lVJjMHDovlSmlOpmZq0drmZ83AYQq1z9,iv:xvps9pPJ/jbr9mzvXEJi+wcuew78Ewvu5ieD9NnQcqs=,tag:fMm9ZJWsmbdwolRwJ64huA==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdUVsS3NCWUowa3l6TmZ0\nM3dIOGpBZUtUS3hFUXoxSlo1V3NxMnFWMG1zCmpnZnJJSkVWVHUxaXFhTkIzbDhW\nSjJ1ajloOXRFSWJvL2JWbzJsZHVyUWMKLS0tIFZrSk1IbUY4bmNrQ1cxc2dhQS9q\nYUFwcHVoYjV5eUJFU3dIcEg1dWMzN2MKmpr4HAqNg2NjDl1sXHeY6SYvnTTwKwTO\nsR5Imq/9RMt0HkhTvpFSOGKOTXm61sYlV19G3C4ols+LLlqcDFJc1g==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-08-17T15:27:53Z",
15 | 		"mac": "ENC[AES256_GCM,data:eBKM6Ag2yHjWbUxfL6iQYl1SdtcBNBw1bXpHlp90ieGViCpOr0b1JWQQ6u69Tx32Rd5suhPCF+p4x9+3Mrag76+Xl+bV05UK7DhygB+mfm0ym3bFQoZPDDb+N6U1NfNPpNCXSd05X++HT22SPD0iv3LeSzT+ggenYdcjEHNicCM=,iv:IjJ9cAINrw8mabgwpfQfOm3kuo8Ef+3ViGDdPJJ7b9k=,tag:FuCWp8WY153wFLoJKCbkgQ==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2023-06-14T21:24:41Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdAyz+YU5DyDruWc9ukIYfbpAK16p4VxhypAnYdkcrXjUUw\nH8aT36U90tmHpiIX+kARVi2uYvZUOspmMFMCkwXAsNRYEpdqDkN55N/Fqx8/SG6h\n0lEBAHVY7bPL01xogPozw4JNe8jVSU7AfgeFIyIN/EXc9ulcagLzlDSDHjWhHNuk\ntmAE15ypsTehbIJmvr8RUa+XYWxELAw0kqax6VWFw+HDtNE=\n=ZyAs\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.9.0"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/hosts/neon/secrets/nm-connections/vpn-full:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:3VRVEjAp0lTA6Qqdt82ds+xOo1oNMWmWFqCdBpHW6HEuAJqep6En2M1Ctpfbgg11feY/ecqrM0UrHy8EPQRuKkyRYiBGCHHgpAwbpyfiQhcu+a3oPB+MK35ifmiRgZUnkQqfzPx1UGz+1cgZAntG0tgFWHYq3seBLxh2fIojNTu53qXGzYarAi6XWU8JadCNXiSXC6i57dmECm1GMR9Kb+kLdbBPLPLRI5bJ662r10zysw5aZKZboE3psSHhrcp9mcv3ATal8z/ewt1ArWu5nuiIXa0BHwXAcG167BRx2h5RYENtwXFZCJgvLXN+mKsf3tyfpsbZjoJknFprVrYqCocRiFtpIBx8uXHuY9gu8GOzQ4YbUgqIrLXuPTcgjHaK57EIGK/TnOxN0fWwc6amUJz7sV1qXNV5jHIQVcicTasIjUFACMeBhLYSkCl9loAss1UZZUM3C6ZrQOIF4UUHybPTNZsIRmLo3Nul7JdtsjOp8tSzi7Y4tTZ8ViVHLMYk8Jn0TpU0Yus73Xt8lCJVFweAiIIFO3eJ0cMcApwFY9Zm5wT1gEWGRzV3B9lULbGyQRddXsro5xrjjWKEEsHBaGa+qYVhVM8SDtvbMpNTHNTqAHZ/3Il2Je8TcHRE+Ncl1aIy9dGSGK4uy1onpbf4vDIB/Ni+hrgtqiHT8BG9yZkDhCq0u/7IbBeWfh6RMXmpJBPYyljrB2hFijU04HGrE+FgQIHB/AyG,iv:ltLQXl2asFT+wHD8LFKXKyeo0EFBQGvM3Gc7+ENJgXg=,tag:TgaajggiLc8fSZQCoWWoJg==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFeTUzcDNZSVpyOG1JTDNI\ncWFzdGlrRkJldW1tamg5UUZMbjhIUTE5c21vCjhVWXV0ckxSNkxlV1Fqc21hQ2hY\nQXEyN2xUQ2lJTFV6dWovQ2R4ak1Jd0kKLS0tIFd1d2ZlL0pIalNqREVTQkNSUWtO\nSnpGYUR3dXZQZnZGWHgyUTFYMk9yRUUKJrVL5bv7tpgGR+RkD3JVn1YV49suVl5o\nEcZAIoCJ0kqaxpYF+in4L6HOr5/oHpt2qNyA4i8oEVxF40rAr4wgbQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-08-17T14:47:31Z",
15 | 		"mac": "ENC[AES256_GCM,data:hKNh+hRqmw0ol0VYPKjaD+eVvZAgbjPES5HbPkBpICLtdLiqtrHEIgdcOx66L5AtdfwruWGvzw7LuhhltnmWvnXNWgCmquyQG1DBVBSgmexjn/qxwCuRGuW+VjhlxEdbS1WJ6XJP932rbG/0iCKHrI561EQuPq+aJYf/Zi1LdVo=,iv:PtyKrC/90zR+AVSiOJh9rnZhY8NXFPe3zoFAS1NUY3o=,tag:aE4bfJWhYDNyAJJg32r/rA==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-08-13T11:21:34Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAjuSsbhdwNuOvsf6F1QyTxLCzGZtWlhQWVSO8j9H4xXkw\nJrc8rszFtIUcncyHLMsanl5D/br+5QWOF9qh/aphavqCrkimDY44Soiv5dFZmfAj\n0l4BTghJht/yjI24DneUUOoBJm0LjEu4sC5CodHADZLGSEKqw2GmGObNcIRLN8bi\nC/7PilV1kteE7QF0gUFGm02KVbAO1otj44mhjnIqQCZYvnoRFkAQpqROrTljeL9Z\n=tcoA\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.9.0"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/renovate.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 3 | 
 4 |   "extends": ["config:recommended"],
 5 | 
 6 |   "lockFileMaintenance": {
 7 |     "enabled": true,
 8 |     "automerge": true,
 9 |     "schedule": ["* 4 * * *"]
10 |   }
11 | }
12 | 


--------------------------------------------------------------------------------
/scripts/default.nix:
--------------------------------------------------------------------------------
 1 | pkgs:
 2 | let
 3 |   mkScripts = builtins.mapAttrs (
 4 |     name: deps:
 5 |     pkgs.writeShellApplication {
 6 |       inherit name;
 7 |       runtimeInputs = deps;
 8 |       text = builtins.readFile ./${name}.sh;
 9 |     }
10 |   );
11 | 
12 |   scripts = mkScripts {
13 |     easyroam-setup = builtins.attrValues {
14 |       inherit (pkgs)
15 |         coreutils
16 |         openssl
17 |         gnused
18 |         util-linux # uuidgen
19 |         pwgen
20 |         ;
21 |     };
22 |   };
23 | in
24 | scripts
25 | 


--------------------------------------------------------------------------------
/scripts/easyroam-setup.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -e
 4 | 
 5 | if [[ $# -lt 1 ]]; then
 6 |   cat <<EOF
 7 | Setup instructions:
 8 |   1. Go to https://www.easyroam.de/User/Generate
 9 |   2. Select 'Manual options' > 'PKCS12', enter your device name and generate the profile
10 |   3. After downloading the profile, run this script again:
11 |       easyroam-setup <path-to-profile> [<output-path>]
12 | EOF
13 |   exit
14 | fi
15 | 
16 | profile=$(realpath "$1")
17 | 
18 | if [[ -n $2 ]]; then
19 |   mkdir -p "$2"
20 |   cd "$2"
21 | fi
22 | 
23 | pkpass=$(pwgen -s 32 1)
24 | openssl pkcs12 -in "$profile" -legacy -nokeys -password pass: | openssl x509 >easyroam_client_cert.pem
25 | openssl pkcs12 -legacy -in "$profile" -nodes -nocerts -password pass: | openssl rsa -aes256 -out easyroam_client_key.pem -passout "pass:$pkpass"
26 | openssl pkcs12 -in "$profile" -legacy -cacerts -nokeys -password pass: >easyroam_root_ca.pem
27 | cn=$(openssl x509 -noout -subject -in easyroam_client_cert.pem -legacy | sed 's/.*CN = \(.*\), C.*/\1/')
28 | 
29 | cat <<EOF
30 | [connection]
31 | id=easyroam
32 | uuid=$(uuidgen)
33 | type=wifi
34 | 
35 | [wifi]
36 | mode=infrastructure
37 | ssid=eduroam
38 | 
39 | [wifi-security]
40 | key-mgmt=wpa-eap
41 | 
42 | [802-1x]
43 | ca-cert=$(realpath easyroam_root_ca.pem)
44 | client-cert=$(realpath easyroam_client_cert.pem)
45 | eap=tls;
46 | identity=$cn
47 | private-key=$(realpath easyroam_client_key.pem)
48 | private-key-password=$pkpass
49 | 
50 | [ipv4]
51 | method=auto
52 | 
53 | [ipv6]
54 | addr-gen-mode=stable-privacy
55 | method=auto
56 | 
57 | [proxy]
58 | EOF
59 | 


--------------------------------------------------------------------------------
/secrets/aerc/accounts.conf:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:NacJJcoqBww5WW6Fr0dA80jbkFNDQQRkt6UdbscTj2A+mt/lK0Spfzt+4HAi2jod7QRnhGUU3BFs5ZqIvpOcT5vgPQEiW2J/0S4sD7XJiMxrrT9OLbyhDKCIVKKmKE9fDDOyH4jr+SFC7AiltP8DGV10YoYeAyhAAXufSD5Ooo4KOc97nTWzg2hOpWrqtCo42AJSevxyECYA5fS6C0Y2WFqhA6FrHEg6DJlSmYwtgKSOCMkGgleX/dc9UgFJ44gYpxIK9d3jboeNnmwSLwJka5aWgK7hxBANml+pnRjYU0B+oSdY/IlWz9j1JMb6THubq+yohlOOkqrc0M4cp5V2ZB2c/5Hz7jSu05JxFE3yl1zsxVBUdcitwEIzQtKUH/BivgiKYvHLshC75lG79ZS34qpqumvSUN8YaRMzkzw8D98SoY7RHM/LzCwamdd+S1Yxidp/Ym5+BDCXrcofbVwmka2bRdaDYyD1ZaTEp/4nMaNIIY8TjCWeAqPHghV0OV0oHIRvepe5fEgr4irtDFpxurCPmIffAk//BLukzSnlH1eTNmfBe2WbYEkpRCvkilUIDpcEVHtX3tDVoqCa2rhwnfa6Pkqp7/HisLla8gRpdtxtm3kO1AJtbtoApb39ZlEsq3U/+Yuar38dw8EhCKKnqrN55UW83tCWYMLnb15cbiY2fkPP+siAnYrtM5xt7f6s/xGokutEyjSdn3pIhC2Oh3Bhm/VujyWgHv5ad0/OCeU/bHuUFFT9osi2IckiOQnIJZm+ASx2sjBcf/QhwlatGGlW8RZ8gbjR99wYEHlVkPYQ6uRpGgWADF862tCPJLz6+ScVMFcMi90x1dzgpQs4aHQvwG18OJf7F4dzt0ZbglKx5sGO2BuXrDleykXStzxyZEmjHXy8FbpntFFJTfsOS34zfptPjTQN7o/QxB9GsruyFgaB3kPUkOUqo4QuG5C9wAnX8Lkg8ygqvpcyZVBJttYedxBQBqWpUmWYv7P3WGJH+FpY1Sq6/bCOSJzpT3Z8XDcB8KVdP5FsK3h5n1t2+g9+g9c5HOHfU5iwTughQLw/4vWd+8re36pQ4M0oRQXbLnxhHyNvaaPVGp8iBOXepXSB4ePNP+pyQzVYDINpbndr9foMX3cK/pLHrGtKm9ZsyN2UZ7tgJbJepIS01iWl7GKFlxwe75CCUobUai75p6rz0DxJQQI/KtgnELIm1+usNafDi48d55yzUAYjTLsJjU8Qy17//vPY4tXBqlZqrlES23RC7E71PbqWQ+gX8POFLjz/qFGPiatUy6DCEeNSyslaz06E2lIXVUnSLqxscuEGpLtsiF8tvJJWaVXp+iVjT5VDI3bdqOtXSF61LRSbGJbHCYRrsdrtGPC0hKHpbY/T5r9zkT40s1M7G1jMjUTSMTn6Etpc/yFSxAG1A73o468e32f8HdMh7BiloOFiUyu6Cd/5JoRzvxsCCA1gbec2QvmF5E2mQ9qhpTk3yJlEoO0YEYbKdEV/Hbt2HGWZT1t3Q6rnol6tO8XDiGpgqO6QimMX6smxx3S8F0it6yoansfn1xjE8mh+H2sC2uxlDg7aD/5tV7Sq95dEdJ2+3+3yrbrHrhIFD27/YF/gmxJyYMwNAujk3ETxM6lEQICYOrCWItpgldK8ARwPFF9kBioepAvX3J7mZKDrMJBvxq6yjJkq0Xzqk6rXKZopuvHtVzRI+fUzpgrmAJ+u+f0YfWZ/WWMGdYh3Qgreu+S2okE/eHNjh02Tk6vWPthCIfKl2ALTeyKsG1eBTF/exfX+KXyqVB6ui1bcEJnn9tqeR2va36yonYsQrpxYDqo9OlkOhQvHEtgWEFt8Y4JMjep06jJqshCW4yz7LoutRlzSPVFeE1tYT2HZshWLvW0AfKY1GvAgGxnsyKuF+qzlDRZmg0dhh3wo0mB7TdYGurpIIovkcK/vX1sabj4Fxan3/+/LEHhiZndw8NmjFMmyV/OtIqBiPkfslIGTFehMa1k8qoVIwo7bqKu8GHenB6lEfiF0UFPlYuAV3hS2CW2OtItcjV2DV5WBcPfnNj51QUqhttINus2z8F6QhtjkMOGTn97jSDAzcU4v5uaTh8ZgB/+CxAWPtjP1yiiZltBW90OgYuPirpoc3K997wnylDpJ8f6H2PF4cjCvrJE3g8jN0MmlPxBdTigckMD9cJUGxhhm+5DyU8bcq6ml+Qy0M875SR6Qed81oUVcH5L3yiMqcwGtHL8ZLLTR7kxZF4W/LtjCeE+oXy0xouhZLIuVieDZ5vtZMTlRxU1MtBilfP941tInGzvAqjy4JAeVIJjMD9jqBHrY948TpwSLJwZEOipwQFQpAD8O0hkYLLK0DXUBEQIze9SOoMfBa2DD9FbkyuFiR7BHeIsx3IlXum/04uuohZzvM14TTkZfaJdL5ya7b27rxQqTjnV+5qQPln5GZk7ity2ZzsUH3Z0pNCIqkpVL+5xE7+egvgczr88r2iVBf3hVUlMLSkukjmhkltJ/q8ovzEGx0g6aRLXPjECtj8GKf8k8bepNX6aOg/3C2pHjDfH7ORTEocgu+oJRyBF2zh1JdM+0DxqVX40JtyXGWvAC3ho7eVn806lTplO5O8St1MHjIk5vfwPjLis9qYkBIT8BOaBLFNAqJcgmOcU8m8di0EhLJsBxfJAkhVyWXcEpBVMbWmS2T+7FTAovk5FaWJR1yUAxBfdKg+Xj9sQyjt9b5GcWBNHRrh8GjFRRa3m0Np+Bov+3RzjQLpnippkc44JsP/ZOzN3rX27qBe1UOV/i0n7GmRapOqPZ2euTPR1SowP8X2ZbrmzeDR4HGAV4C9nHlsllPSgNCkOb75qpSTkMqGeI3G5cSBPRhbAs05Eh0B+7uFYrCl97HDTP60opF+8LT/uDBtw2+rDRH+sNYDCnPRTGi+IL0hZ2ymSaY/SDuwA6m5dPTdrcIRcg32RbOoKlk3S/w8ICikPu5ggAbK/2pUk055EGbDM1oOPhvQJcWUerIfZi4xvI1p0E3J4Zk9IW3WgHwcxCQE1CbUdlFfsDWrJl46kFMyT4H7H6ZZLmcv63dbx88LbG/jc8PtYXz9/oOwwiwQRs06h9vi1gBd9MdwcBP1YFMF6FHj8ImL6XwwcIAP80EnivhVzIme63vtc7FSJi+WZY59lJlxo1D6x3d1fa0MuxYCKjoXkT2ZH+juv+dBvpWgWLO1XbDRdNKkZwTeJmMBx4E1OeDX52knkP7qsZqUZPMcucjIGzpeOsAyQQLGXT9tPnoletOcX2nrM48t6UnEjyxz8MMSHxAxqwceoM9BrznwhoNor4ZZYs8s+XdQIjayzsZ9wlVytJZv28LIYJfKPAR70xX1klUoSjk/ue5z1g+rk1lAV2fklHnUwMyAfH5IP0GZILCP1nBJYg+FV+insXyqja3XaYGTiiwRCJeAvMsCunI4tmxAAZJUm0ANZ6Ovam3FVqwd5g1ctWjwx5kjWpk7KLexa8rOnVs46DVScb8Zrzhh7Y+h/Dk3pmJH6qLQqdTt8akwvVa5grv3j2vSsQGQUe+BkbSa+cw0+3XQtq50vIiZQaIJWBFbd7pDjNYxv4vQYBMQHoTCB19nJ19ERKqNciOvX5NIpr0zMm9U2Il+j26CEj+ycrM0kPVvvh8kAwxauW4k1gpkYMtDwVhZDpDSL4MbEJplPYHYAsd/FzNnH1PP0WSxKEUVGfrTbsQKOpZVjGnFrV5Rie/RlXjgiVbCVDzutAt+We3FGAxrm9F3Sc705JnICGJoU4qYXLsSO0D3W6Bq8Eg/wKqQcQVHkyVDix/+JUGdUu3whZkUW7r3R7ovs4BzbXy1F8gkJ+hvoR5mWiMuzENdEqPclQGggdH6t4/kyyi9p6QaRwQorAyNtaqZAr2HgS4/H1s4iywNAZJMoPgN/G27go+VuziOICw0nF8b6HCWUAul1G6qizyFFg8HLUQ6EN7mgErtEyu9csZZZl23AGyJWdyFYxeQZjY3E4mYIGnQ/IAVYSBqom6wiv3tkZ6DRMrbEr+YSCiZP9dd0CUl6QFime3Oi8amCOv6ye31+7te3Zq2IaYSzKI58CFcT8Y0VPBdg8ZWlCNLfcWaTi+KjB+KVrE3dc/QW5GSRacgJ/HvZKsEwcUhHg/G3ZttDAhdOQQG8c6Ji5+U3k0qPobPiT1FgBhNQCEmLb6wtMbKJW2CPYMOZ1C/CjoSe9WryzG06w+CVsHWsR2ppAxAzRxtpkmpf6u126gNOCwryK9MM9QqCjE5y94OyxKVqmCuSNH1wVPcyUW+Fa/GuTY81p3n7X5tt9xN8jXAQGaEiZruZJPg9vXA9ETM2lmbKN7qYOrlKGD1wIIcPAzHE1ycBtTKpEl3JcIb4IVv9BEhiPiRZFICcPBxMK5dzTzsUp6q76LIGNd4CA172LF/JnBD8APhzC+wEnb/27vfF6G2GUZCbXTFGLcvsNmHurso6Z2oW3dMXR2L6a683Aw65S//oWKPGanf/tp2Cw5MXJxpe62PJ05L0Tvt8LveSOM/3ek42C2W7k8tr6ACng/tJTEWTza8KD5HBCPUTTJ4DLQbVoNLxCP12FqWN3/bIuglbDCz4DxPx/8Fkb8YrngovkjgzVuSRwlSWZ5HbZXXYoR+p0FAyVgaETEKQX5njouNCMVJEbrbGy3z1Kxg1j6SXsYZBS7hSws3s5CVK9u+mtp/MqjWFOyYgfdu1DT20yFl830Di9m/N770/eV33i9K+A8P++irQsSvzAM3A+uWtUxBedfY66BaXsi/6HWvrWeBb2WaQwv9rnODLZmbTtNIeF51icmtaLkqNk9Tfy0hsLm/uWVO2TNA9yGl8uCT1BTLnxtainoLWCd6QKgXrAMvvc0SszI/ZVxF3xU1qjTUNR2cHGx3WJim/02bnRT4U6GhVUmPHl/ceKMgiE1rurLFnqfGWSVw4asgTkGU8o2ncZsoYu7j+Qu270Dp1aglLxBd+SO0wO9SiHO/1KWwcZ+am8rKZ4tNybEfuIYc28Vbod1bp2gYeJpZ0jSZeT/zI4guWjkGopYQ7e9nK+eZKAYNVqglS1d8kkMepC22PpMEyq/CH3wgdPJUtT/frs0F4TnHDGxA2OG9PfjULMfqV7i1p2EiylR6YErFyqSxVdFzdT24fYSbkUd56XRncPVt7kUEQ1,iv:smE0klOE+AfbVuKI4HyC7vdGuVBmJYO8+dV3tD4zcSI=,tag:2500GfSqmEM+GeZVQK2BUw==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcldLVm94WHhhT0NCR2ZS\nVm9MaUFHY0htemF4SUh3RlBuOUE4cnUyWUJnClUrc2VidEdpYVlWTGdOODVJZkE1\nb2FVdFlmVlZuSHAzb0JRUzFJU04vVkUKLS0tIDBDZ2FlMDZxNkg4TEpoZ0svNms1\naW01a2JxUXlsL3J0VEloS2t5OVpPRFkKNsM8SnHNgQ6VNveMAQohzeYuInOfZca8\nVGDg+in9ITq+2j4fjq/4CwYCW1/F7T64TlLCKB93NGP0dhobsW77OQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2025-02-01T19:00:02Z",
15 | 		"mac": "ENC[AES256_GCM,data:wIkRn61IQefTLoEietvjwq3s//5WrtyUthKm1T+llP9GSk1fC+bJSnWbxdENHqICfpYvQdArFzjjMWmTGDzdMj6jqFJgSDAVPlFQZ6JV0YgDA4Re1HB6fi8obpZXvS93BbMAE9LGVl6aXYrc12EHR5O4JD1N6OCbpSbrPoY1Ff8=,iv:luJiXPUNgTsUp0eWvlOOnhZmNJFdVkUK/rrJPyEyN0g=,tag:5+Uy1QAWPRoXz64RJcnSnw==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2025-01-28T14:29:33Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAD7kchAlEebsb/Hqgj5H+zI7shnJXks4XYU5MscYFTjkw\neXeox4Ns3FZIxfk/97KriAmf9WFMtPZLRjnxaqEFHzSFM/xzU4C+ESGQFs3zR+0m\n0l4BA7sjym3m0TfQ+xPCy2BnoeIrUv0jH4TePrXk+BsuNw7mzM4vloz7a/pCvUDc\npPu8huY1MRrT2aMdFYr1f/o4UlXuoqWlzBcrBqk3AJufVkGmy1t9n/pHSb8BfZ54\n=Md5H\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.9.4"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/secrets/gtk/bookmarks:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:HqxlJh3/Njedf4L8vwGMncoCFcd9Ly2w/SgV6W6ssxLwoHCrR9tIypRnXhonTpjglWeESW09lbvD4OhR1SiNL/yxUOXyv3VjpfknDTKa9K52E77Q2OpdN5av+Gfh6lYWRBGQC1rp4bmT7qWAIqmji21vZfibFd5bdPxc+Sia5e4IbfTc42oLruuvo1C7Voad8Nm6EyovJTD2Cgbt/MDcm5Tkj+Ruwz5QDhRGo/eKoTkPARpOE9pW/EFO5pLmeYvIqTXBWpT1sk8n3pCBWI9XmGTmAGAL+QbG82JJJAeI4IeXM1njLs7V51tbHht6ncKDE4UwPZZIUiItFPnk3R4PeK6Rb/0GQ1t895zNh86xAYAZMe17+qH5R/Nk6MSIGBsVxZYyEWAEN9/5JZE7fKE3NfkYdFcSUTj4RowhzgoSz7YXpImCPDJ8kPi71g+hMq6+Foxr2LR4e7Wk08htRlKLQWP0+lyhj4NHcLCRzvK1W3ldrh4PlCaWpovh513ZEC4xJWfqj8UQJptqEcKnrQ==,iv:vhkvMB6X1L82RD1FT1C4zg6fdgt9HoCHJNZRH9+/IGk=,tag:vZCXuqosutan+3G6A+XTAQ==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVhWeFA3U3JKZk5ENnlV\ncWdmOU5lQ1RSTThrUkZtcy9XeHJ2L1JqeHhNCjZLVlN3N3FwNlRMbml3dm1tdkxJ\nRUwyd3Z3U0M1MHgvWFh3QXQveWlqTU0KLS0tIDR2MVNqQ2laZE1iejg1ZUErRGt1\nWHZZZGlDRnJoeldHVVdhd2trYXRDTVUKhBZxR82mH8lp6Zsp6s8hB/L2ZRTBDEnb\n+Ah8dilQ4YeJ+r4N2VwhlB6SMCZcujKeo+xvdB6VkSx+2grBxhQTnA==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-06-26T19:13:22Z",
15 | 		"mac": "ENC[AES256_GCM,data:QDqnMXTwSwf6TASwvU1s2AWHG7/cc1W7x9rkPjuPwW/2WhbwItcBIW6LXkMYVueOIByA782BmNknCzgzyks6ruQw7taccakOFZ1WY3fvbbrYaoNSwxFeVDFK8m8ufwVNWsRpnhbrEq4eASodgFtyUfodjr2bNUY1jaG5DZ5U7lg=,iv:JDDkqVpHm+W+CunM/5PjqODqV/46K2nbOcmb/QI/V7s=,tag:sryQAyYwEOxAU3sC1QYoWQ==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-10-06T18:11:18Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdAQi0mgkEBzRvDVQ/XcIoBvhFwNTlW6ewW51ZacfILjHkw\nuoOOQRtPd8S3aWOtz8FzjF8qTOvpTKUGEUI+Yt6KmE80FpB1QKOoecmHOk5wX52v\n0l4B1G2v99Dq34HSstMbwpRpR38c30bqI4381MkONBWpCTiSLCZbNn4ZVifrK42T\nsaxHvdatkVBcY9Vrbdi2Y00InJU0APaFWGgTaLCaK9mQMehOblTqn12AZgnwE3ba\n=e3FA\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.8.1"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/secrets/nix.yml:
--------------------------------------------------------------------------------
 1 | nix:
 2 |     tokens:
 3 |         github: ENC[AES256_GCM,data:DVs0HgLwAJlzPnrEpDwX+mIaahGKXyC+Mh63NHkGQqs4O8bzC/2Si+Tde8JmldcFG5sTgBTL9SboxMqbMNbeisl8u+mUULYAgbAxGIPKWe7fw1zMNFALEawI7XGk,iv:c0bdK6BGCi1vHQx/HXtQqE3UPXygOLKQvbHWav31YYc=,tag:JQAX5oQaIrFaSb+cGQ2a4A==,type:str]
 4 |         attic: ENC[AES256_GCM,data:dOcwdgBSREMYjHb5n+AG0nxSbyMz16S+NsDGwwAtr74h3P1055qlYE1xj6lcPuERdS3GnWz94FzrPfMWyEigbCq5xaoj+/GdmTJ+xmfwR9J/6olzghMnBi9RQgE//HeOMp53TuUsf7Sc3QaCa1iRL9ZCl1mhChXTXkRFzDXZpqduV5tj4+GHga7teUk5aN2677fUd7RmpPq9KzEYg+rz5OxM8ReJeoNgJOQXPksrsYBvnRze9YXHHWRppzCdAemY8K3Ueg14ginM4bdtK7t7vGpUKAxN6Nsq6OjmST/cZkSoXKp8vzBPKVGjAy6xgvtOHQTyGBjsls25wRYw2Q4tI3t/+7RRWO7fcUXcVkanH3ejS4Nuz//4kd0ZKgY4bRtc5v3Y4Z3omv6mQHC70kPnAgUW5vA+cSHDJH6t53RZ9Iw4l+yPhutFXlvr2iuE+pzZpcHZmSqH85Ps0ui8K1UBcsL5PmPlBN3Zbdl7x2ipIQQi+hKIKYzP1jyvfAhKONzosctOmh4GIAglJXcetgXmGNspR0N5kvZ/EUKznW3CtqnQ/YbUfmqwjJE35cNwyVWzkGfkxXCNNI1L5Ey+lCDtaJVLmGaBW1kBFz0xewuN1hb+UFVk2ORV1Sn8uctPC02kGbzxBDcNteNGM3dK0sHnwmyoX/EfzQkW9ZfWyv3SdqxmU2qtn+xv09dtmmPO4YvtkZdSRExbjW+nwOzMR6FlbqMhIg6N+nKchlfTegmGDF/FwzKx/oN7ufgNSaW+2Vtx2zkL1R5aB61R9ck79xOlUt1BPjuvpW/MqSV64nup2iAj7WabVW/ge6El/X/GJOShHI4jETTpxbyM25WnuKdJ1qpoNP+bFy0fngz/bXX22oKQBLxSO0+D63ozanf6QqHYRGzyMXL/tROrlSkQ61BjZt/VEvcW/fzdwPMYTMZHQybpeJZfKNDpjUk/0/wgCE98Zi9qftyvbGHBTCu3T7jSYEvqcASfQ/lbCeSpz/nOm2+yKvEO3wCq9gy/OjUSDL4wEnGBPqYSuwLOUQjw42eXWeaz77LrZlmLSHV7Kc3xg2R+f6YDK5fDTMdO2378V830GcptfMEy7n7B1WtM9TEcG1YyKbIfP/rfAuD9cOCblPrKQqnFTYOSlneGKiSURgGpVfWEcpK76sy4wVURlx3gcTlsCw==,iv:+t8XEh7Wrhreyiy0ZRrwcuFlw+VUjcrPNxPriCGVH0k=,tag:nh52VhkuWI7sQQYrydWaiQ==,type:str]
 5 | sops:
 6 |     age:
 7 |         - recipient: age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g
 8 |           enc: |
 9 |             -----BEGIN AGE ENCRYPTED FILE-----
10 |             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRzJwOXI0bkFKU01YM1dS
11 |             ZUFWempRejhkdXUvdER2Qm42UmxTNEtSUlNBClc5a2MyRTh5Tk82K2FBNHYwUENn
12 |             bVlEUkF0K2dVOXhPQWNTTE9KSXlXUncKLS0tIDRxamdoNGJwTTlaNWpPUDhkQ0E3
13 |             S1M4cENHN1Uyb09XVWphR3N3MWRZT28KH9dAcqJLxb6s/Q7qP2C6+C+cNd/iFslp
14 |             4TIKNEO3VUnDxeNoyK3JMZaLL0aBMFKmg0gcEPCg0CE9NWG1bm6vCg==
15 |             -----END AGE ENCRYPTED FILE-----
16 |     lastmodified: "2025-06-05T15:35:16Z"
17 |     mac: ENC[AES256_GCM,data:us8TeEXGsg8C9OvVgFr1Sdo2gcp+v4vCMnJiWx4G9MPJaY6/bDmtVpxTACbtYDFL2SEWywscO1v59YCWjf0VClzeEsBrHHW5CQQyGlfPrhucC8XdWCyeyZ+vLtV8FiBKYep/GO1u4vQbt7Hc0hx6Cl2D/83+dkcu9LS5xHLjrHw=,iv:xLHyA1dQgi9eNHES/p7JhWkh6Rmc9NvJDrx4JzJTJvE=,tag:R2JGhPfMh5/+kd2+cV3AaQ==,type:str]
18 |     pgp:
19 |         - created_at: "2024-10-06T18:11:20Z"
20 |           enc: |-
21 |             -----BEGIN PGP MESSAGE-----
22 | 
23 |             hF4D8w/Zb+cfdxsSAQdA/R8EHF6g3NjXQCfmvnbzTai9uirbidCzUdkvo1Np4CUw
24 |             Bcj1Pk++JMTa765TUHE3ZBZCYLcnjkJt/lX7V5J+N261UrjPZ+Cnms1zFZl35I67
25 |             0lwBIcr/jL4b5kiYId6IA6IELsGBS4L0Gc/05KjodxmsV/af2Od1o3SDV3ATgihf
26 |             T7ydgsbWNC6SDBVJjus02pZS0dO4cQ6sC0wPdmoyMzaxXeMSC4IIXmtRc5BG+w==
27 |             =LUfJ
28 |             -----END PGP MESSAGE-----
29 |           fp: 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
30 |     unencrypted_suffix: _unencrypted
31 |     version: 3.10.2
32 | 


--------------------------------------------------------------------------------
/secrets/ntfy:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:6BTBD4AArOXak3MRZO3em6aOjd28US9spF2EmU6aDfBf/6A2X460LGtQfqi0IpPPouWCSFDnL4584fbY6YulwPZBUSit4A4q3WoiaafHmuRXxdAhE2WfFBu0/dT9jojR74enlOCzSAIe/QC4/LpDpYXBebHDwxjUspSJlfBRzCIK+cCx3kv6TViGfocctepc/8pOnqaV5JfiUDJ2UbxGwlUW9+VX5MWTlI8oHz1HN9xsJJoc2PaeKAwxJ6U6Yjkcid+3aphj4WMZafqsEGYrVN7B7WrpiHSChtcrno9K8MUhc9YgYdzCJO0xFP9pdX6T9jQamo4r187PVTlj+uSA+Z8Orrr2f6cPDYIHDVvpEm3ZeKHwX7gsLVZrGVsS3gMziaARPsFWpZglC0mE0vhBTEER5Y2rBFM6kSCGX6ZN35BjgQT6JMVxpFQeaewRJpr9PelmDYpENhAw3ABqyGZuS/Vaq99KC0sJW3n79rqN8cOv0+95YotvoPl/HB69zEHe8iPtiNVrq4r5xZez3uxW+QUqp2/cMNi800seGMGSj/+streiO3vhzAh1XAmX4V8IX5qAjtiCviLBy+RX3mrkjMM42PgCAMqS,iv:CFFB2t74VGaJ5UYSa8rbQCqjySsjtr10kVhWrdNsUHM=,tag:aFBfqu6N6Ogx2EuYoR7Shg==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OU9BMjhLNmlHdStsbzN4\nS2tRRjIyc3JqZmhwZ1lzN3pMUENhTmVJQ3dZCkhCZXNpdVRWWWpOOUU2NURnWlNV\nUTR4K3JZcEdabHJBNllQMUNFNkRYRFkKLS0tIHZXd2I1dXU1M3Bnak9ZM3dQNE9p\naU9UanM1Yi9IbkZnQmk4QWUrdGwydE0KaTI/VnHS67E0DWaZnIc9nNZhp0zsZJpk\ngDypF5OrVAN/F5tKxVm6X4shQ2qBQHpFo30kHJZRdD1tI7AH8XEzzQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2023-07-13T09:54:15Z",
15 | 		"mac": "ENC[AES256_GCM,data:LjFqMmk65S5M8RZhw7+y4hh1qoKKy7a6FU35YAfTh5J0cn967/HFzYbuRAxSDPAOv2CmDlddLcW7JndaHN+dockrwc2v4sgXbLmOqv+uiXA/xuKi/uatKKK+8AhHXqqYV6GqQ0wLVN1MGhke6QFaDmOSuDG3QZIQ0UFIWlEiXAw=,iv:oTA/8YxiJA7rwhfwmLdr5K/LPYwZfs1ehDXV0ipLbBs=,tag:9ZERd57pSKUhiP6V+mQXgg==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-10-06T18:10:30Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdA1SN96KdlS9ULfEH7YbBYaKPM4T6hBq02MrT2rGNDzQow\nfBGZbHWtGN0hoAnPbOyqUZWaNrLGiGtephcx7fI3XoHxPTfB0D9WbtCb0HtTAPRL\n0lEBQvU0cRaQYgc6odBU99FlMpc5Yy47e2H8UMP8B6CkIbz3DYVf7g8iNNiC2aR9\no8ZnCcrxNZ/r/kYosGgWtCtjkdUyUNX5vXSenI/l0evBD30=\n=bcDl\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.7.3"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/secrets/ssh/hosts:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"data": "ENC[AES256_GCM,data:js6E3d45At0CxCdpTMXSnQV8f/iMDr5+htc9dKqKhxQ9couHz0qfn6ZXuqm5k/Sktyb/phv6pPSNYaFdyZE8i3jwHhATVewQg3oZPXwjCQbKzEluUsA8Dl0hdfDhf1ZsFl0wAfjNI6QmUsptL+KalqD6YUAptSsIPCRIUzbWdO7OE02PwdQ1i/GMal1vD9N2kmknhevpPU3jb/Dzr5BLaDrZxG09nWOZDLAzXIGhbaiLeuDojvYR1O9xhFOxiniV8jMF0zs6Tn8Mb/bnsdeQt+qp427tsSvucj8bmjD346rreKIXee96YSrkHxaITI8CjdoW6xkmW/cEJp5yNOhaqSx1hR92ojZP1QWQvWJTGXk/iNqTSq1MpE3MFUirHYqlXM4Uogt5giz824ktS1zrD+7oere/r3YA34wPT4dEVrieODq9D8Y/n8nWjKJ1IkG3CSLBleluu3Jts9hBupoPu6Mvdndta8SvWHcu8tCL3sfk4kLYEHPP9j2h6k6utSYOxAVfc224rXvzRPrBqqO/YTDpsxZU2B1fQca0MNtUIQolvwo+NnC+l5XOpeLEdM23JbVajdCl1SpSF40rYp2G4vnQA4Bqtyr9Rne/er63tbtTBgPJ5KEb4YWFybDjGxzwQmQOZXMmHcR6yrcE29y/HwY346kSXZQScJ3Ov2XqYGWTwmv9ZQf8hXjvYOmUN1xlJ3S3c5ny3z67V8cniZVaEgBgReUNgYPiiAECuSJ/OiKv2X+3DCsX/MHkr5PEtYNoIU6HZYB7QKUsx/nYpIypyCcM8BS+ESRmBXGLx1TBJbWUoZ2gZNoy0t7UiHi+9zUqHV589tZmN5ax/STdYdtBnTd0CuwlMI4Tlskg/NV8X91uIQExNYZKyfmdIZBOI3nKK3JDHbxi4VI8JpsT6K6p1q6mL0cvxr5YMtotnomEIb8F4wmdHicw1C1asEk6+tX2rt5Q2fP3zKwdzBq/TuBVLzZhHuNsMh/q6/99ZKfU76fW/SNDRkcze8mU7JbJ0B1C4uLbu1bEEW7z/iHDHINQdVe74TG2e6PkbpyNWO8MbH0V8TOzuM+OumBZ6hFoeS5XzrKsuXDujI2+N2jlPms5G/QdNgX66g932vgvlv08gfP785T7dCLmcbz1OZk1gWHEDkpblVki0yiqY6osAlfExUV5cXyy+w2K46NHkjcA+ZPf,iv:pmad6J65Yx7P0sBnVl2riGplgRZZEs9AZzaxbsSVm2A=,tag:1iZVFQrWlqosa3KqfY8t8Q==,type:str]",
 3 | 	"sops": {
 4 | 		"kms": null,
 5 | 		"gcp_kms": null,
 6 | 		"azure_kv": null,
 7 | 		"hc_vault": null,
 8 | 		"age": [
 9 | 			{
10 | 				"recipient": "age12qr4rxqrrr59fa9fqtvk0jtf9hsynv3jf5xgjj3fdczujrz65paqh6qc8g",
11 | 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ckJkYTlHNmc4ZXJZR2xE\nQzZaKzZpOGRjelhib1VMaC81QlNLVjBUOW1BCldTc1Yydnk5RFU0bWRlZVp2Tk05\nTDJXeEZ1MWErbWh4SnpVSi91TWJVak0KLS0tIGluWFVVUFBVem9wdjR4K2lKN1Br\nRnZza05VbThPdEREc0w0TitMU0FkWmsKdZQwYyWyC6+CCC5w57SPSvgLlQB000oT\n0altzU/ANpX3q8TQEWDkwihDoVaLKAPEtBFTAIUrky4Xg4ugB1wEoQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 | 			}
13 | 		],
14 | 		"lastmodified": "2024-09-09T18:55:03Z",
15 | 		"mac": "ENC[AES256_GCM,data:rc+MtGz7klknHFU7aFybQkDOoe8B2c0lWYJ2cESL2Du64V/Vnr8yhaH5/3a5XcMJKOQ7P2WWjzun+oP5k6ePwyAHhAVGFd9ork3s0KbqSdoqO3f4L2XVoSl58z4YepvmaKSi42ma+KV2jS/cSKzo2oEZxEsUIT3Z74f3Q7E8YZg=,iv:7P/Jdm4Cufz6bhI4842MmghPtAFZ8zZQ9N2K6QtUmJY=,tag:uEQyA8okDYtUjaWWzNGW4w==,type:str]",
16 | 		"pgp": [
17 | 			{
18 | 				"created_at": "2024-10-06T18:11:19Z",
19 | 				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D8w/Zb+cfdxsSAQdASlhLqezqJxuYbMGfqFk5KXxO9nALaoMvdh072aSmsBYw\n6rpq0fKzRXz+ihfHivStMFaIWxU7iqXG36VWKDKREuZyBTkid0ERMNHy93NPMntI\n0l4BpDc6SlMHFGUtqjW6LcbhSUUEc323RHdWAmYZnI0y3vG7wqglWTKIlKGYcvDX\nNsGX5xtizUVigF1fLRJiVtyHfP1ujO75Rj8CkXR+5hBsJua8nbOQgtBSeI5RWuvG\n=mi7E\n-----END PGP MESSAGE-----",
20 | 				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
21 | 			}
22 | 		],
23 | 		"unencrypted_suffix": "_unencrypted",
24 | 		"version": "3.9.0"
25 | 	}
26 | }


--------------------------------------------------------------------------------
/system/audio.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   security.rtkit.enable = true;
 3 |   services.pipewire = {
 4 |     enable = true;
 5 |     alsa.enable = true;
 6 |     alsa.support32Bit = true;
 7 |     pulse.enable = true;
 8 |     # jack.enable = true;
 9 |   };
10 | }
11 | 


--------------------------------------------------------------------------------
/system/backlight.nix:
--------------------------------------------------------------------------------
1 | { programs.light.enable = true; }
2 | 


--------------------------------------------------------------------------------
/system/backup.nix:
--------------------------------------------------------------------------------
  1 | {
  2 |   config,
  3 |   lib,
  4 |   pkgs,
  5 |   ...
  6 | }:
  7 | let
  8 |   targets = {
  9 |     srv = "rest:https://backup.defelo.de";
 10 |     # home = "rest:https://backup.home.defelo.de";
 11 |     box = "sftp://u360850-sub3@u360850.your-storagebox.de:23";
 12 |   };
 13 | 
 14 |   hostname = config.networking.hostName;
 15 | 
 16 |   scriptConfig =
 17 |     let
 18 |       script = pkgs.writeShellScriptBin "backup" ''
 19 |         if [[ $UID -ne 0 ]]; then
 20 |           exec sudo $0 $@
 21 |         fi
 22 | 
 23 |         systemctl start prepare-backup.service
 24 |         journalctl -f${
 25 |           lib.concatMapStrings (target: " -u restic-backups-${target}.service") (builtins.attrNames targets)
 26 |         }
 27 |       '';
 28 |     in
 29 |     {
 30 |       environment.systemPackages = [ script ];
 31 |     };
 32 | 
 33 |   prepareConfig = {
 34 |     systemd.services.prepare-backup = {
 35 |       onSuccess = lib.mapAttrsToList (target: _: "restic-backups-${target}.service") targets;
 36 |       restartIfChanged = false;
 37 |       path = lib.attrValues { inherit (pkgs) coreutils btrfs-progs; };
 38 |       script = ''
 39 |         set -e
 40 | 
 41 |         if [[ -e /persistent/data/backup ]]; then
 42 |           rm -rf /persistent/data/backup
 43 |         fi
 44 | 
 45 |         mkdir -m 700 /persistent/data/backup
 46 |         cd /persistent/data/backup
 47 |         date --iso-8601=seconds > /persistent/data/backup/timestamp
 48 | 
 49 |         if [[ -e /persistent/data/.snapshots/backup ]]; then
 50 |           btrfs subvolume delete /persistent/data/.snapshots/backup
 51 |         fi
 52 |         btrfs subvolume snapshot -r /persistent/data /persistent/data/.snapshots/backup
 53 |       '';
 54 |     };
 55 |   };
 56 | 
 57 |   groupConfig = {
 58 |     users.groups.restic = { };
 59 |   };
 60 | 
 61 |   backupConfigs = lib.mapAttrsToList (
 62 |     target: repo:
 63 |     let
 64 |       isRest = lib.hasPrefix "rest:" repo;
 65 |       isSftp = lib.hasPrefix "sftp:" repo;
 66 |     in
 67 |     {
 68 |       services.restic.backups.${target} = {
 69 |         timerConfig = null;
 70 |         repository = "${repo}/${hostname}";
 71 |         environmentFile = lib.mkIf isRest config.sops.templates."backup/${target}".path;
 72 |         passwordFile = config.sops.secrets."backup/${target}/repository-password".path;
 73 |         extraOptions = lib.optional isSftp "sftp.args='-i ${
 74 |           config.sops.secrets."backup/${target}/ssh-key".path
 75 |         }'";
 76 | 
 77 |         initialize = true;
 78 |         paths = [ "/persistent/data/.snapshots/backup" ];
 79 |         exclude = [
 80 |           "node_modules"
 81 |           ".venv"
 82 |           "target"
 83 |         ];
 84 |       };
 85 | 
 86 |       sops = {
 87 |         secrets =
 88 |           let
 89 |             s = {
 90 |               sopsFile = ../hosts/${hostname}/secrets/default.yml;
 91 |               owner = "root";
 92 |               group = "restic";
 93 |               mode = "0440";
 94 |             };
 95 |           in
 96 |           {
 97 |             "backup/${target}/repository-password" = s;
 98 |           }
 99 |           // (lib.optionalAttrs isRest { "backup/${target}/rest-password" = s; })
100 |           // (lib.optionalAttrs isSftp { "backup/${target}/ssh-key" = { inherit (s) sopsFile; }; });
101 |         templates = lib.optionalAttrs isRest {
102 |           "backup/${target}" = {
103 |             content = ''
104 |               RESTIC_REST_USERNAME=${hostname}
105 |               RESTIC_REST_PASSWORD=${config.sops.placeholder."backup/${target}/rest-password"}
106 |             '';
107 |             owner = "root";
108 |             group = "restic";
109 |             mode = "0440";
110 |           };
111 |         };
112 |       };
113 |     }
114 |   ) targets;
115 | in
116 | lib.mkMerge (
117 |   [
118 |     scriptConfig
119 |     prepareConfig
120 |     groupConfig
121 |   ]
122 |   ++ backupConfigs
123 | )
124 | 


--------------------------------------------------------------------------------
/system/base.nix:
--------------------------------------------------------------------------------
1 | { pkgs, ... }:
2 | {
3 |   users.mutableUsers = false;
4 |   users.users.root.password = "nixos";
5 |   services.getty.autologinUser = "root";
6 | 
7 |   environment.systemPackages = builtins.attrValues { inherit (pkgs) vim git; };
8 | }
9 | 


--------------------------------------------------------------------------------
/system/bluetooth.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   hardware.bluetooth = {
 4 |     enable = true;
 5 |     settings.General.Experimental = true;
 6 |   };
 7 | 
 8 |   systemd.services.bluetooth.preStart = ''
 9 |     ${pkgs.util-linux}/bin/rfkill unblock bluetooth
10 |   '';
11 | }
12 | 


--------------------------------------------------------------------------------
/system/boot.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   config,
 3 |   pkgs,
 4 |   lanzaboote,
 5 |   lib,
 6 |   ...
 7 | }:
 8 | {
 9 |   imports = [ lanzaboote.nixosModules.lanzaboote ];
10 | 
11 |   boot.loader.systemd-boot.enable = lib.mkForce false;
12 |   boot.loader.timeout = 2;
13 |   boot.loader.efi.canTouchEfiVariables = true;
14 | 
15 |   # https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md
16 |   boot.lanzaboote = {
17 |     enable = true;
18 |     pkiBundle = "/var/lib/sbctl";
19 |   };
20 | 
21 |   environment.systemPackages = lib.attrValues { inherit (pkgs) efibootmgr sbctl; };
22 | 
23 |   boot.kernel.sysctl = {
24 |     "kernel.sysrq" = 1;
25 |     "vm.swappiness" = 1;
26 |   };
27 | 
28 |   boot.supportedFilesystems = [ "ntfs" ];
29 | 
30 |   boot.kernelPackages = pkgs.linuxPackages_latest;
31 |   boot.extraModulePackages = [ config.boot.kernelPackages.rtl8821ce ];
32 | 
33 |   boot.initrd.kernelModules = [
34 |     "vfat"
35 |     "nls_cp437"
36 |     "nls_iso8859-1"
37 |     "usbhid"
38 |   ];
39 | 
40 |   boot.blacklistedKernelModules = [
41 |     "uvcvideo"
42 |     "rtw88_8821ce"
43 |   ];
44 | }
45 | 


--------------------------------------------------------------------------------
/system/btrbk.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   services.btrbk = {
 3 |     instances.data = {
 4 |       onCalendar = "*:0/5";
 5 |       settings = {
 6 |         volume."/persistent/data" = {
 7 |           snapshot_preserve_min = "2h";
 8 |           snapshot_preserve = "24h 7d";
 9 |           subvolume = ".";
10 |           snapshot_dir = ".snapshots";
11 |         };
12 |       };
13 |     };
14 | 
15 |     instances.cache = {
16 |       onCalendar = "*:0/5";
17 |       settings = {
18 |         volume."/persistent/cache" = {
19 |           snapshot_preserve_min = "1h";
20 |           snapshot_preserve = "24h 7d";
21 |           subvolume = ".";
22 |           snapshot_dir = ".snapshots";
23 |         };
24 |       };
25 |     };
26 |   };
27 | }
28 | 


--------------------------------------------------------------------------------
/system/btrfs.nix:
--------------------------------------------------------------------------------
1 | {
2 |   services.btrfs.autoScrub = {
3 |     enable = true;
4 |     interval = "Fri 07:00";
5 |     fileSystems = [ "/dev/mapper/root" ];
6 |   };
7 | }
8 | 


--------------------------------------------------------------------------------
/system/common.nix:
--------------------------------------------------------------------------------
  1 | {
  2 |   config,
  3 |   nixpkgs,
  4 |   pkgs,
  5 |   lib,
  6 |   ...
  7 | }:
  8 | {
  9 |   boot.tmp.useTmpfs = true;
 10 | 
 11 |   time.timeZone = "Europe/Berlin";
 12 | 
 13 |   i18n.defaultLocale = "en_US.UTF-8";
 14 |   i18n.extraLocaleSettings.LC_TIME = "en_GB.UTF-8";
 15 |   console.keyMap = "de-latin1";
 16 | 
 17 |   networking.networkmanager = {
 18 |     enable = true;
 19 |     wifi.macAddress = "random";
 20 |     ethernet.macAddress = "random";
 21 |   };
 22 | 
 23 |   programs.zsh.enable = true;
 24 |   users.defaultUserShell = pkgs.zsh;
 25 | 
 26 |   environment.systemPackages = lib.attrValues {
 27 |     inherit (pkgs)
 28 |       attic-client
 29 |       age
 30 |       btdu
 31 |       comma
 32 |       # compsize
 33 |       dig
 34 |       duf
 35 |       eza
 36 |       file
 37 |       htop
 38 |       iw
 39 |       jq
 40 |       ncdu
 41 |       nix-tree
 42 |       nvd
 43 |       ranger
 44 |       renameutils
 45 |       ripgrep
 46 |       sd
 47 |       sops
 48 |       unp
 49 |       wget
 50 |       wireguard-tools
 51 |       wirelesstools
 52 |       xxd
 53 |       yq
 54 |       zip
 55 |       ;
 56 |   };
 57 | 
 58 |   environment.pathsToLink = [ "/share/zsh" ];
 59 | 
 60 |   nix = {
 61 |     package = pkgs.nixVersions.latest;
 62 |     nixPath = [ "nixpkgs=${nixpkgs}" ];
 63 |     gc = {
 64 |       automatic = true;
 65 |       dates = "05:30";
 66 |       options = "--delete-older-than 3d";
 67 |     };
 68 |     settings = {
 69 |       keep-outputs = true;
 70 |       auto-optimise-store = true;
 71 |       experimental-features = [
 72 |         "nix-command"
 73 |         "flakes"
 74 |       ];
 75 |       trusted-users = [
 76 |         "root"
 77 |         "@wheel"
 78 |       ];
 79 |       substituters = lib.mkAfter [
 80 |         "https://nix-community.cachix.org"
 81 |         "https://attic.defelo.de/nixos"
 82 |       ];
 83 |       trusted-public-keys = [
 84 |         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
 85 |         "nixos:5Pnh7nNQP4a0E3R850micmqOUXhn6uvP+DsT2FU7vfI="
 86 |       ];
 87 |       netrc-file = config.sops.templates."nix-netrc".path;
 88 |       builders-use-substitutes = true;
 89 |     };
 90 |     distributedBuilds = true;
 91 |     buildMachines = [
 92 |       {
 93 |         systems = [
 94 |           "x86_64-linux"
 95 |           "aarch64-linux"
 96 |         ];
 97 |         supportedFeatures = [
 98 |           "kvm"
 99 |           "nixos-test"
100 |           "big-parallel"
101 |         ];
102 |         protocol = "ssh-ng";
103 |         sshUser = "root";
104 |         hostName = "10.42.0.1";
105 |         maxJobs = 8;
106 |       }
107 |     ];
108 |     registry = {
109 |       nixpkgs = {
110 |         from = {
111 |           id = "nixpkgs";
112 |           type = "indirect";
113 |         };
114 |         exact = true;
115 |         flake = nixpkgs;
116 |       };
117 |     };
118 |     extraOptions = ''
119 |       !include ${config.sops.templates."nix".path}
120 |     '';
121 |   };
122 | 
123 |   systemd.extraConfig = ''
124 |     DefaultTimeoutStopSec=10s
125 |   '';
126 | 
127 |   system.activationScripts.nvd-diff = ''
128 |     if old_system=$(readlink /run/current-system); then
129 |       ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=/run/current-system/sw/bin/ diff $old_system $systemConfig
130 |     fi
131 |     if [[ -e /run/booted-system ]] && ! ${pkgs.diffutils}/bin/diff <(readlink /run/booted-system/{initrd,kernel,kernel-modules}) <(readlink $systemConfig/{initrd,kernel,kernel-modules}); then
132 |       echo -e "\033[1m==> REBOOT REQUIRED! \033[0m"
133 |     fi
134 |   '';
135 |   environment.shellAliases.needrestart = "sh -c 'diff <(readlink /run/booted-system/{initrd,kernel,kernel-modules}) <(readlink /run/current-system/{initrd,kernel,kernel-modules})'";
136 | 
137 |   systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ];
138 | 
139 |   system.stateVersion = "23.11";
140 | 
141 |   sops = {
142 |     secrets = {
143 |       "nix/tokens/github".sopsFile = ../secrets/nix.yml;
144 |       # atticd-atticadm make-token --sub nixos --validity 1y --pull nixos
145 |       "nix/tokens/attic".sopsFile = ../secrets/nix.yml;
146 |     };
147 |     templates = {
148 |       "nix" = {
149 |         content = ''
150 |           access-tokens = github.com=${config.sops.placeholder."nix/tokens/github"}
151 |         '';
152 |         mode = "444";
153 |       };
154 |       "nix-netrc" = {
155 |         content = ''
156 |           machine attic.defelo.de
157 |           password ${config.sops.placeholder."nix/tokens/attic"}
158 |         '';
159 |         mode = "444";
160 |       };
161 |     };
162 |   };
163 | }
164 | 


--------------------------------------------------------------------------------
/system/default.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   config,
 3 |   home-manager,
 4 |   specialArgs,
 5 |   ...
 6 | }:
 7 | {
 8 |   imports = [
 9 |     ./common.nix
10 | 
11 |     ./audio.nix
12 |     ./backlight.nix
13 |     ./backup.nix
14 |     ./bluetooth.nix
15 |     ./boot.nix
16 |     ./btrbk.nix
17 |     ./btrfs.nix
18 |     ./emulation.nix
19 |     ./env.nix
20 |     ./fonts.nix
21 |     ./geoclue2.nix
22 |     ./kanata.nix
23 |     ./networking.nix
24 |     ./nix-ld.nix
25 |     ./persistence.nix
26 |     ./power.nix
27 |     ./services.nix
28 |     ./sops.nix
29 |     ./ssh.nix
30 |     ./steam.nix
31 |     ./users.nix
32 |     ./virt.nix
33 |     ./wayland.nix
34 | 
35 |     home-manager.nixosModules.home-manager
36 |   ];
37 | 
38 |   home-manager = {
39 |     useGlobalPkgs = true;
40 |     useUserPackages = true;
41 |     extraSpecialArgs = config._module.args // specialArgs // { system-config = config; };
42 |   };
43 | }
44 | 


--------------------------------------------------------------------------------
/system/emulation.nix:
--------------------------------------------------------------------------------
1 | {
2 |   boot.binfmt.emulatedSystems = [
3 |     "aarch64-linux"
4 |     "x86_64-windows"
5 |   ];
6 | }
7 | 


--------------------------------------------------------------------------------
/system/env.nix:
--------------------------------------------------------------------------------
1 | {
2 |   environment.variables = {
3 |     EDITOR = "hx";
4 |     VISUAL = "hx";
5 |   };
6 | }
7 | 


--------------------------------------------------------------------------------
/system/fonts.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   fonts.packages = builtins.attrValues {
 4 |     inherit (pkgs)
 5 |       dejavu_fonts
 6 |       # ipafont
 7 |       meslo-lgs-nf
 8 |       fantasque-sans-mono
 9 |       material-icons
10 |       font-awesome_5
11 |       noto-fonts
12 |       noto-fonts-cjk-sans
13 |       noto-fonts-emoji
14 |       ;
15 |   };
16 |   # fonts.fontconfig.defaultFonts = {
17 |   #   monospace = [
18 |   #     "DejaVu Sans Mono"
19 |   #     "IPAGothic"
20 |   #   ];
21 |   #   sansSerif = [
22 |   #     "DejaVu Sans"
23 |   #     "IPAPGothic"
24 |   #   ];
25 |   #   serif = [
26 |   #     "DejaVu Serif"
27 |   #     "IPAPMincho"
28 |   #   ];
29 |   # };
30 | }
31 | 


--------------------------------------------------------------------------------
/system/geoclue2.nix:
--------------------------------------------------------------------------------
1 | { services.geoclue2.enable = true; }
2 | 


--------------------------------------------------------------------------------
/system/kanata.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   services.kanata = {
 3 |     enable = true;
 4 |     keyboards.default = {
 5 |       extraDefCfg = ''
 6 |         process-unmapped-keys yes
 7 |         delegate-to-first-layer yes
 8 |       '';
 9 |       config = ''
10 |         (defsrc
11 |           caps
12 |           lctl)
13 | 
14 |         (deflayermap (default)
15 |           caps (tap-hold-press 200 200 esc lctl)
16 |           lctl caps
17 |           )
18 |       '';
19 |     };
20 |   };
21 | }
22 | 


--------------------------------------------------------------------------------
/system/networking.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   conf,
 3 |   pkgs,
 4 |   lib,
 5 |   ...
 6 | }:
 7 | {
 8 |   networking.networkmanager.dispatcherScripts = [
 9 |     {
10 |       type = "basic";
11 |       source =
12 |         let
13 |           inherit (conf.networking) vpn;
14 |           wifi.trusted = builtins.toFile "wifi-trusted" (
15 |             builtins.foldl' (acc: x: "${acc}${x}\n") "" conf.networking.wifi.trusted
16 |           );
17 |         in
18 |         pkgs.writeText "trusted-networks" ''
19 |           export PATH=${
20 |             pkgs.lib.makeBinPath (lib.attrValues { inherit (pkgs) coreutils gnugrep networkmanager; })
21 |           }
22 | 
23 |           if [[ -z "$1" ]] || [[ "$1" = "vpn" ]]; then
24 |             exit
25 |           fi
26 | 
27 |           if nmcli --fields=UUID c s --active | tail +2 | cut -d' ' -f1 | sort | comm -12 - <(sort ${wifi.trusted}) | grep -q .; then
28 |             nmcli c up "${vpn.default}" &
29 |           else
30 |             nmcli c up "${vpn.full}" &
31 |           fi
32 |         '';
33 |     }
34 |   ];
35 | 
36 |   networking.firewall = {
37 |     enable = true;
38 |     allowPing = false;
39 |     allowedTCPPorts = [
40 |       22000 # syncthing
41 |     ];
42 |     allowedUDPPorts = [ ];
43 |     trustedInterfaces = [ "vpn" ];
44 | 
45 |     # disable rpfilter for wireguard
46 |     # if packets are still dropped, they will show up in dmesg
47 |     logReversePathDrops = true;
48 |     # wireguard trips rpfilter up
49 |     extraCommands = ''
50 |       ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
51 |       ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
52 |     '';
53 |     extraStopCommands = ''
54 |       ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
55 |       ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
56 |     '';
57 |   };
58 | 
59 |   sops.secrets =
60 |     let
61 |       connections = /${conf.networking.secrets}/nm-connections;
62 |       secrets = /${conf.networking.secrets}/networking;
63 |     in
64 |     builtins.listToAttrs (
65 |       map (name: {
66 |         name = "networking/nm-connection-${name}.nmconnection";
67 |         value = {
68 |           format = "binary";
69 |           sopsFile = /${connections}/${name};
70 |           path = "/etc/NetworkManager/system-connections/${name}.nmconnection";
71 |         };
72 |       }) (builtins.attrNames (builtins.removeAttrs (builtins.readDir connections) [ ".gitkeep" ]))
73 |       ++ (map (file: {
74 |         name = "networking${lib.removePrefix (toString secrets) (toString file)}";
75 |         value = {
76 |           format = "binary";
77 |           sopsFile = file;
78 |         };
79 |       }) (lib.remove /${secrets}/.gitkeep (lib.filesystem.listFilesRecursive secrets)))
80 |     );
81 | }
82 | 


--------------------------------------------------------------------------------
/system/nix-ld.nix:
--------------------------------------------------------------------------------
1 | { programs.nix-ld.enable = true; }
2 | 


--------------------------------------------------------------------------------
/system/persistence.nix:
--------------------------------------------------------------------------------
 1 | { conf, impermanence, ... }:
 2 | {
 3 |   imports = [ impermanence.nixosModule ];
 4 | 
 5 |   environment.persistence."/persistent/data" = {
 6 |     hideMounts = true;
 7 |     directories = [
 8 |       "/etc/NetworkManager/system-connections"
 9 |       "/root/.ssh"
10 |       "/var/lib/bluetooth"
11 |     ];
12 |     files = [ ];
13 | 
14 |     users.${conf.user} = (import ../home/persistence.nix).data;
15 |   };
16 | 
17 |   environment.persistence."/persistent/cache" = {
18 |     hideMounts = true;
19 |     directories = [
20 |       "/root/.cache/nix"
21 |       "/var/lib/btrfs"
22 |       "/var/lib/libvirt"
23 |       "/var/lib/nixos"
24 |       "/var/lib/sbctl"
25 |       "/var/lib/systemd/backlight"
26 |       "/var/lib/systemd/timers"
27 |       # "/var/lib/waydroid"
28 |       "/var/log"
29 |     ];
30 |     files = [ "/etc/machine-id" ];
31 | 
32 |     users.${conf.user} = (import ../home/persistence.nix).cache;
33 |   };
34 | }
35 | 


--------------------------------------------------------------------------------
/system/power.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   services.upower = {
 4 |     enable = true;
 5 |   };
 6 |   powerManagement.powertop.enable = true;
 7 |   services.tlp.enable = true;
 8 |   services.logind = {
 9 |     lidSwitch = "suspend-then-hibernate";
10 |     lidSwitchDocked = "suspend-then-hibernate";
11 |     extraConfig = ''
12 |       HandlePowerKey=hibernate
13 |     '';
14 |   };
15 |   systemd.sleep.extraConfig = ''
16 |     HibernateDelaySec=120m
17 |   '';
18 |   systemd.services.powertop.postStart = ''
19 |     cd /sys/bus/usb/devices
20 |     for f in *; do
21 |       if [[ -e "$f/product" ]] && [[ "$(cat $f/product)" = "USB OPTICAL MOUSE " ]]; then
22 |         echo on > "$f/power/control"
23 |       fi
24 |     done
25 |   '';
26 | 
27 |   environment.systemPackages = [ pkgs.powertop ];
28 | }
29 | 


--------------------------------------------------------------------------------
/system/services.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   virtualisation.podman = {
 4 |     enable = true;
 5 |   };
 6 | 
 7 |   services.pcscd.enable = true;
 8 | 
 9 |   programs.ssh.startAgent = false;
10 | 
11 |   programs.dconf.enable = true;
12 | 
13 |   services.udev.packages = [ pkgs.yubikey-personalization ];
14 | 
15 |   programs.mtr.enable = true;
16 | }
17 | 


--------------------------------------------------------------------------------
/system/sops.nix:
--------------------------------------------------------------------------------
1 | { sops-nix, ... }:
2 | {
3 |   imports = [ sops-nix.nixosModules.sops ];
4 |   sops = {
5 |     age.keyFile = "/persistent/data/root/.config/sops/age/keys.txt";
6 |   };
7 | }
8 | 


--------------------------------------------------------------------------------
/system/ssh.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   services.openssh = {
 3 |     enable = true;
 4 |     settings = {
 5 |       PermitRootLogin = "no";
 6 |       PasswordAuthentication = false;
 7 |       UsePAM = false;
 8 |     };
 9 |     hostKeys = [
10 |       {
11 |         type = "ed25519";
12 |         path = "/persistent/cache/ssh/ssh_host_ed25519_key";
13 |       }
14 |     ];
15 |   };
16 | 
17 |   programs.ssh.knownHosts = {
18 |     "*.your-storagebox.de" = {
19 |       extraHostNames = [ "[*.your-storagebox.de]:23" ];
20 |       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
21 |     };
22 |   };
23 | }
24 | 


--------------------------------------------------------------------------------
/system/steam.nix:
--------------------------------------------------------------------------------
1 | {
2 |   programs.steam = {
3 |     enable = true;
4 |     remotePlay.openFirewall = true;
5 |     dedicatedServer.openFirewall = true;
6 |   };
7 | }
8 | 


--------------------------------------------------------------------------------
/system/users.nix:
--------------------------------------------------------------------------------
 1 | { conf, config, ... }:
 2 | 
 3 | {
 4 |   users.mutableUsers = false;
 5 |   users.users.${conf.user} = {
 6 |     isNormalUser = true;
 7 |     uid = 1000;
 8 |     extraGroups = [
 9 |       "wheel"
10 |       "networkmanager"
11 |       "video"
12 |       "libvirtd"
13 |       "restic"
14 |     ];
15 |     hashedPasswordFile = config.sops.secrets."user/hashedPassword".path;
16 |     openssh.authorizedKeys.keys = [
17 |       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+Dd5FL6zKIxkjJaOb+/7fp5YtePkDdGasYESAl0br"
18 |       "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCqDljgWk+qK1pHdTZdgFgXcMdizAz7OmGR9fx0yROQ6+Ja7zUxnAxOi0ijOk8HLWrZ9xu/TqKPvF29hndCEJtg="
19 |     ];
20 |   };
21 | 
22 |   home-manager.users =
23 |     let
24 |       hm = import ../home;
25 |     in
26 |     {
27 |       ${conf.user} = {
28 |         imports = hm.user;
29 |         home.username = conf.user;
30 |         home.homeDirectory = "/home/${conf.user}";
31 |       };
32 |       root = {
33 |         imports = hm.root;
34 |         home.username = "root";
35 |         home.homeDirectory = "/root";
36 |       };
37 |     };
38 | 
39 |   # security.sudo.wheelNeedsPassword = false;
40 |   security.pam.u2f = {
41 |     enable = true;
42 | 
43 |     # $ nix shell nixpkgs#pam_u2f --command pamu2fcfg
44 |     # user=root, group=users, mode=640
45 |     settings.authfile = "/persistent/cache/u2f_keys";
46 |   };
47 | 
48 |   sops.secrets."user/hashedPassword" = {
49 |     sopsFile = ../hosts/${config.networking.hostName}/secrets/default.yml;
50 |     neededForUsers = true;
51 |   };
52 | }
53 | 


--------------------------------------------------------------------------------
/system/virt.nix:
--------------------------------------------------------------------------------
 1 | { pkgs, ... }:
 2 | {
 3 |   virtualisation.libvirtd = {
 4 |     enable = true;
 5 |     qemu = {
 6 |       package = pkgs.qemu_kvm;
 7 |       swtpm.enable = true;
 8 |       ovmf = {
 9 |         enable = true;
10 |         packages = [
11 |           (pkgs.OVMF.override {
12 |             secureBoot = true;
13 |             tpmSupport = true;
14 |           }).fd
15 |         ];
16 |       };
17 |     };
18 |   };
19 | 
20 |   boot.extraModprobeConfig = ''
21 |     options kvm_intel nested=1
22 |     options kvm_intel emulate_invalid_guest_state=0
23 |     options kvm ignore_msrs=1
24 |   '';
25 | 
26 |   programs.dconf.enable = true;
27 | 
28 |   # virtualisation.waydroid.enable = true;
29 |   # virtualisation.lxd.enable = true;
30 | }
31 | 


--------------------------------------------------------------------------------
/system/wayland.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   conf,
 3 |   config,
 4 |   lib,
 5 |   pkgs,
 6 |   ...
 7 | }:
 8 | {
 9 |   security.polkit.enable = true;
10 |   security.pam.services.swaylock = { };
11 | 
12 |   services.dbus.enable = true;
13 |   services.dbus.packages = [ pkgs.gcr ];
14 |   xdg.portal = {
15 |     enable = true;
16 |     config.common = {
17 |       default = "gtk";
18 |       "org.freedesktop.impl.portal.ScreenCast" = "gnome";
19 |     };
20 |   };
21 | 
22 |   hardware.graphics.enable = true;
23 | 
24 |   environment.systemPackages = [ pkgs.qt5.qtwayland ];
25 | 
26 |   programs.niri.enable = true;
27 | 
28 |   services.gnome.gnome-keyring.enable = false;
29 | 
30 |   xdg.autostart.enable = lib.mkForce false;
31 |   services.xserver.desktopManager.runXdgAutostartIfNone = false;
32 | 
33 |   services.greetd = {
34 |     enable = true;
35 |     settings = {
36 |       default_session.command =
37 |         let
38 |           shell = config.users.defaultUserShell;
39 |         in
40 |         "${pkgs.greetd.greetd}/bin/agreety --cmd ${shell}${shell.shellPath}";
41 |       initial_session = {
42 |         user = conf.user;
43 |         command = "niri-session";
44 |       };
45 |     };
46 |   };
47 | }
48 | 


--------------------------------------------------------------------------------
/system/zram.nix:
--------------------------------------------------------------------------------
1 | {
2 |   zramSwap = {
3 |     enable = true;
4 |     priority = 5;
5 |     algorithm = "zstd";
6 |     memoryPercent = 25;
7 |   };
8 | }
9 | 


--------------------------------------------------------------------------------
/treefmt.nix:
--------------------------------------------------------------------------------
 1 | { lib, pkgs, ... }:
 2 | 
 3 | {
 4 |   tree-root-file = ".git/config";
 5 |   on-unmatched = "error";
 6 | 
 7 |   excludes = [
 8 |     # no formatter available
 9 |     ".gitattributes"
10 |     "LICENSE"
11 |     "*.kdl"
12 |     "*.md"
13 |     "*.rasi"
14 | 
15 |     # generated/managed by other programs
16 |     "home/xournalpp/settings/*"
17 |     "home/zsh/p10k.zsh"
18 |     "hosts/*/hardware-configuration.nix"
19 |     "secrets/*"
20 |     "*/secrets/*"
21 |     "*.lock"
22 | 
23 |     # not text
24 |     "*.jpg"
25 |     "*.png"
26 |   ];
27 | 
28 |   formatter.black = {
29 |     command = lib.getExe pkgs.black;
30 |     includes = [ "*.py" ];
31 |     options = [ ];
32 |   };
33 | 
34 |   formatter.nixfmt = {
35 |     command = lib.getExe pkgs.nixfmt-rfc-style;
36 |     includes = [ "*.nix" ];
37 |     options = [ "--strict" ];
38 |   };
39 | 
40 |   formatter.prettier = {
41 |     command = lib.getExe pkgs.nodePackages.prettier;
42 |     includes = [
43 |       "*.json"
44 |       "*.yml"
45 |       "*.yaml"
46 |     ];
47 |     options = [ "--write" ];
48 |   };
49 | 
50 |   formatter.shfmt = {
51 |     command = lib.getExe pkgs.shfmt;
52 |     includes = [ "*.sh" ];
53 |     options = [
54 |       "--simplify"
55 |       "--write"
56 |       "--indent=2"
57 |     ];
58 |   };
59 | }
60 | 


--------------------------------------------------------------------------------
/wallpapers/cryptic.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Defelo/nixos/5ecb867d90490637bbc466c3222fefa2752fca7e/wallpapers/cryptic.jpg


--------------------------------------------------------------------------------
/wallpapers/nix-simple-geometric.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Defelo/nixos/5ecb867d90490637bbc466c3222fefa2752fca7e/wallpapers/nix-simple-geometric.png


--------------------------------------------------------------------------------
/wallpapers/nix-snowflake-dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Defelo/nixos/5ecb867d90490637bbc466c3222fefa2752fca7e/wallpapers/nix-snowflake-dark.png


--------------------------------------------------------------------------------
/wallpapers/python.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Defelo/nixos/5ecb867d90490637bbc466c3222fefa2752fca7e/wallpapers/python.png


--------------------------------------------------------------------------------