diff --git a/SwarselSystems.org b/SwarselSystems.org index f1da79e..19b36ad 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -151,7 +151,7 @@ For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS mo }; monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; }; name = "FiraCode Nerd Font Mono"; }; @@ -162,8 +162,6 @@ For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS mo }; }; - - #+end_src *** Waybar items - LAPTOPS :PROPERTIES: @@ -176,22 +174,23 @@ The most part of this configuration is done here: [[#h:0bf51f63-01c0-4053-a591-7 #+begin_src nix :tangle no :noweb-ref waybarlaptop - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; #+end_src *** Waybar items - PC @@ -205,26 +204,27 @@ The most part of this configuration is done here: [[#h:0bf51f63-01c0-4053-a591-7 #+begin_src nix :tangle no :noweb-ref waybarpc - programs.waybar.settings.mainBar."custom/pseudobat"= { - format= ""; - on-click-right= "wlogout -p layer-shell"; - }; - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; + programs.waybar.settings.mainBar."custom/pseudobat" = { + format = ""; + on-click-right = "wlogout -p layer-shell"; + }; + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; #+end_src *** Sway Startup commands @@ -244,12 +244,12 @@ Do not that =syncthingtray= is also not mentioned here. It is installed as a hom #+begin_src nix :tangle no :noweb-ref startupnixos - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} +{ command = "nextcloud --background"; } +{ command = "discord --start-minimized"; } +{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } +{ command = "ANKI_WAYLAND=1 anki"; } +{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } +{ command = "nm-applet"; } #+end_src @@ -274,10 +274,10 @@ I also enable the extra socket here for ssh agent forwarding. But I have not ful defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; + }; #+end_src @@ -331,7 +331,7 @@ This sections is for common NixoS settings that I use for my NixoS LXC images th }; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -402,6 +402,7 @@ Mind the comma at the end. You need this because the =...= is being passed as th lanzaboote, nixos-hardware, nix-alien, + nixos-generators, nswitch-rcm-nix, nix-index-database, @@ -410,7 +411,7 @@ Mind the comma at the end. You need this because the =...= is being passed as th Here, just add the input names, urls and other options that are needed, like =nixpkgs.follows=. By using the latter option, you tell the package to not provide it's own package repository, but instead 'nest' itself into another, which is very useful. A short overview over each input and what it does: -- nixkpkgs +- [[https://github.com/NixOS/nixpkgs][nixpkgs]] This is the base repository that I am following for all packages. I follow the unstable branch. - [[https://github.com/nix-community/home-manager][home-manager]] This handles user-level configuration and mostly provides dotfiles that are generated and symlinked to =~/.config/=. @@ -430,6 +431,8 @@ A short overview over each input and what it does: Provides specific hardware setting for some hardware configurations. For example, this sets some better defaults for my Lenovo Thinkpad P14s Gen2. - [[https://github.com/thiagokokada/nix-alien][nix-alien]] This is supposed to allow me to run unpatched libraries directly without a need for ELF patching or resorting to =steam-run=. However, I have not yet gotten this to work. +- [[https://github.com/nix-community/nixos-generators][nixos-generators]] + Provides me with images that I can use to create LXCs on Proxmox. - [[https://github.com/Swarsel/nswitch-rcm-nix][nswitch-rcm-nix]] Allows auto injection of payloads upon connecting a Nintendo Switch. - [[https://github.com/nix-community/nix-index-database][nix-index-database]] @@ -483,11 +486,6 @@ A short overview over each input and what it does: inputs.nixpkgs.follows = "nixpkgs"; }; - # patches for gaming on nix - nix-gaming = { - url = "github:fufexan/nix-gaming"; - }; - # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; @@ -522,42 +520,47 @@ Lastly I define some common module lists that I can simply load depending on the #+begin_src nix :tangle no :noweb-ref flakelet system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment - pkgs = import nixpkgs { inherit system; - overlays = [ emacs-overlay.overlay - nur.overlay - nixgl.overlay - (final: _prev: { - stable = import nixpkgs-stable { - inherit (final) system config; - }; - }) - ]; - config.allowUnfree = true; - }; + pkgs = import nixpkgs { + inherit system; + overlays = [ + emacs-overlay.overlay + nur.overlay + nixgl.overlay + (final: _prev: { + stable = import nixpkgs-stable { + inherit (final) system config; + }; + }) + ]; + config.allowUnfree = true; + }; # NixOS modules that can only be used on NixOS systems - nixModules = [ stylix.nixosModules.stylix - sops-nix.nixosModules.sops - nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix - # dynamic library loading - ({ self, system, ... }: { - environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ - nix-alien - ]; - # needed for `nix-alien-ld` - programs.nix-ld.enable = true; - }) - ]; + nixModules = [ + stylix.nixosModules.stylix + sops-nix.nixosModules.sops + nswitch-rcm-nix.nixosModules.nswitch-rcm + ./profiles/common/nixos.nix + # dynamic library loading + ({ self, system, ... }: { + environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ + nix-alien + ]; + # needed for `nix-alien-ld` + programs.nix-ld.enable = true; + }) + ]; # Home-Manager modules wanted on non-NixOS systems - homeModules = [ stylix.homeManagerModules.stylix - ]; + homeModules = [ + stylix.homeManagerModules.stylix + ]; # Home-Manager modules wanted on both NixOS and non-NixOS systems - mixedModules = [ sops-nix.homeManagerModules.sops - nix-index-database.hmModules.nix-index - ./profiles/common/home.nix - ]; + mixedModules = [ + sops-nix.homeManagerModules.sops + nix-index-database.hmModules.nix-index + ./profiles/common/home.nix + ]; #+end_src *** nixosConfigurations @@ -570,9 +573,9 @@ This section is the biggest pain point of the configuration. For every system, I #+begin_src nix :tangle no :noweb-ref flakenixosconf onett = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ - ./profiles/onett/nixos.nix + ./profles/onett/nixos.nix home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = mixedModules ++ [ @@ -583,7 +586,7 @@ This section is the biggest pain point of the configuration. For every system, I }; sandbox = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix @@ -591,7 +594,7 @@ This section is the biggest pain point of the configuration. For every system, I }; twoson = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ ./profiles/twoson/nixos.nix home-manager.nixosModules.home-manager @@ -604,7 +607,7 @@ This section is the biggest pain point of the configuration. For every system, I }; threed = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ lanzaboote.nixosModules.lanzaboote ./profiles/threed/nixos.nix @@ -618,7 +621,7 @@ This section is the biggest pain point of the configuration. For every system, I }; fourside = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./profiles/fourside/nixos.nix @@ -632,7 +635,7 @@ This section is the biggest pain point of the configuration. For every system, I }; winters = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ nixos-hardware.nixosModules.framework-16-inch-7040-amd ./profiles/winters/nixos.nix @@ -646,7 +649,7 @@ This section is the biggest pain point of the configuration. For every system, I }; stand = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ ./profiles/stand/nixos.nix home-manager.nixosModules.home-manager @@ -659,7 +662,7 @@ This section is the biggest pain point of the configuration. For every system, I }; nginx = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/nginx/nixos.nix @@ -667,7 +670,7 @@ This section is the biggest pain point of the configuration. For every system, I }; calibre = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/calibre/nixos.nix @@ -675,7 +678,7 @@ This section is the biggest pain point of the configuration. For every system, I }; jellyfin = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ # sops-nix.nixosModules.sops ./profiles/server1/jellyfin/nixos.nix @@ -683,7 +686,7 @@ This section is the biggest pain point of the configuration. For every system, I }; transmission = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/transmission/nixos.nix @@ -691,7 +694,7 @@ This section is the biggest pain point of the configuration. For every system, I }; matrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; # this is to import a service module that is not on nixpkgs # this way avoids infinite recursion errors modules = [ @@ -701,7 +704,7 @@ This section is the biggest pain point of the configuration. For every system, I }; sound = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/sound/nixos.nix @@ -709,7 +712,7 @@ This section is the biggest pain point of the configuration. For every system, I }; spotifyd = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/spotifyd/nixos.nix @@ -717,7 +720,7 @@ This section is the biggest pain point of the configuration. For every system, I }; paperless = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/paperless/nixos.nix @@ -726,7 +729,7 @@ This section is the biggest pain point of the configuration. For every system, I #ovm swarsel sync = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/sync/nixos.nix @@ -735,7 +738,7 @@ This section is the biggest pain point of the configuration. For every system, I #ovm swarsel swatrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/matrix/nixos.nix @@ -794,7 +797,7 @@ nix build ~/.dotfiles/#proxmox-lxc The resulting image can then be loaded in Proxmox. -#+begin_src nix :nowe:tangle no b-ref flakenixosgenerators +#+begin_src nix :tangle no :noweb-ref flakenixosgenerators proxmox-lxc = nixos-generators.nixosGenerate { inherit system; @@ -837,62 +840,61 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl :END: #+begin_src nix :noweb yes :tangle profiles/TEMPLATE/nixos.nix +{ pkgs, ... }: - { pkgs, ... }: - - { - - <> - - services = { - getty.autologinUser = "TEMPLATE"; - greetd.settings.initial_session.user="TEMPLATE"; - }; - - # Bootloader - boot.loader.grub = { - enable = true; - device = "/dev/sda"; # TEMPLATE - if only one disk, this will work - useOSProber = true; - }; +{ - # -------------------------------------- - # you might need a configuration like this instead: - # Bootloader - # boot = { - # kernelPackages = pkgs.linuxPackages_latest; - # loader.grub = { - # enable = true; - # devices = ["nodev" ]; - # useOSProber = true; - # }; - # }; - # -------------------------------------- + <> - networking.hostName = "TEMPLATE"; # Define your hostname. + services = { + getty.autologinUser = "TEMPLATE"; + greetd.settings.initial_session.user = "TEMPLATE"; + }; - stylix.image = ../../wallpaper/TEMPLATEwp.png; - <> + # Bootloader + boot.loader.grub = { + enable = true; + device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + useOSProber = true; + }; - # Configure keymap in X11 (only used for login) - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; + # -------------------------------------- + # you might need a configuration like this instead: + # Bootloader + # boot = { + # kernelPackages = pkgs.linuxPackages_latest; + # loader.grub = { + # enable = true; + # devices = ["nodev" ]; + # useOSProber = true; + # }; + # }; + # -------------------------------------- + + networking.hostName = "TEMPLATE"; # Define your hostname. + + stylix.image = ../../wallpaper/TEMPLATEwp.png; + <> + + # Configure keymap in X11 (only used for login) + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - users.users.TEMPLATE = { - isNormalUser = true; - description = "TEMPLATE"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; - packages = with pkgs; []; - }; + users.users.TEMPLATE = { + isNormalUser = true; + description = "TEMPLATE"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; [ ]; + }; - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ + ]; - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } +} #+end_src @@ -901,89 +903,91 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl :CUSTOM_ID: h:a08e51ee-88eb-4241-917d-68b4bdbcf171 :END: #+begin_src nix :noweb yes :tangle profiles/TEMPLATE/home.nix +{ config, pkgs, ... }: - { config, pkgs, ... }: - - { - - <> - home = { - username = "TEMPLATE"; - homeDirectory = "/home/TEMPLATE"; - stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. - keyboard.layout = "us"; # TEMPLATE - home.packages = with pkgs; [ - # --------------------------------------------------------------- - # if schildichat works on this machine, use it, otherwise go for element - # element-desktop - # --------------------------------------------------------------- - ]; - }; - # update path if the sops private key is stored somewhere else - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; - - # waybar config - TEMPLATE - update for cores and temp - programs.waybar.settings.mainBar = { - #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; - cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; - temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; - }; +{ - # ----------------------------------------------------------------- - # is this machine always connected to power? If yes, use this block: - # <> - # ----------------------------------------------------------------- + <> + home = { + username = "TEMPLATE"; + homeDirectory = "/home/TEMPLATE"; + stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. + keyboard.layout = "us"; # TEMPLATE + home.packages = with pkgs; [ + # --------------------------------------------------------------- + # if schildichat works on this machine, use it, otherwise go for element + # element-desktop + # --------------------------------------------------------------- + ]; + }; + # update path if the sops private key is stored somewhere else + sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + + # waybar config - TEMPLATE - update for cores and temp + programs.waybar.settings.mainBar = { + #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; + cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; + temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; + }; - # ----------------------------------------------------------------- - # if not always connected to power (laptop), use this (default): - <> - # ----------------------------------------------------------------- + # ----------------------------------------------------------------- + # is this machine always connected to power? If yes, use this block: + # <> + # ----------------------------------------------------------------- - wayland.windowManager.sway= { - config = rec { - # update for actual inputs here, - input = { - "36125:53060:splitkb.com_Kyria_rev3" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE - xkb_layout = "us"; - xkb_options = "grp:win_space_toggle"; - # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; - xkb_variant = "altgr-intl"; - }; - "type:touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - }; + # ----------------------------------------------------------------- + # if not always connected to power (laptop), use this (default): + <> + # ----------------------------------------------------------------- + wayland.windowManager.sway = { + config = rec { + # update for actual inputs here, + input = { + "36125:53060:splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE + xkb_layout = "us"; + xkb_options = "grp:win_space_toggle"; + # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; + xkb_variant = "altgr-intl"; + }; + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; }; - output = { - DP-1 = { - mode = "2560x1440"; # TEMPLATE - scale = "1"; - bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill"; - }; + }; + + output = { + DP-1 = { + mode = "2560x1440"; # TEMPLATE + scale = "1"; + bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill"; }; + }; - keybindings = let + keybindings = + let inherit (config.wayland.windowManager.sway.config) modifier; - in { + in + { # TEMPLATE "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; }; - startup = [ - <> - ]; - }; + startup = [ + <> + ]; }; - } + }; +} #+end_src @@ -1004,814 +1008,823 @@ My old laptop, replaced by a new one, since most basic functions have stopped to :END: #+begin_src nix :noweb yes :tangle profiles/sandbox/nixos.nix +{ config, pkgs, sops, ... }: +let + matrixDomain = "swatrix.swarsel.win"; +in +{ - { config, pkgs, sops, ... }: let - matrixDomain = "swatrix.swarsel.win"; - in { - - imports = [ - ./hardware-configuration.nix - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - supportedFilesystems = [ "zfs" ]; - zfs.forceImportRoot = false; - kernelModules = [ "tun" ]; - kernel.sysctl = { - "net.ipv4.conf.all.rp_filter" = 2; - "net.ipv4.conf.default.rp_filter" = 2; - "net.ipv4.conf.enp7s0.rp_filter" = 2; - }; - }; + imports = [ + ./hardware-configuration.nix + ]; - networking = { - hostId = "8a8ad84a"; - hostName = "sandbox"; # Define your hostname. - enableIPv6 = true; - firewall.enable = false; - firewall.extraCommands = '' - sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - ''; - iproute2 = { - enable = true; - rttablesExtraConfig = '' - 200 vpn - ''; - }; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + supportedFilesystems = [ "zfs" ]; + zfs.forceImportRoot = false; + kernelModules = [ "tun" ]; + kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.enp7s0.rp_filter" = 2; }; + }; - hardware.graphics = { + networking = { + hostId = "8a8ad84a"; + hostName = "sandbox"; # Define your hostname. + enableIPv6 = true; + firewall.enable = false; + firewall.extraCommands = '' + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; + iproute2 = { enable = true; - hardware.enableAllFirmware = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; + rttablesExtraConfig = '' + 200 vpn + ''; }; + }; - sound = { - enable = true; - }; + hardware.graphics = { + enable = true; + hardware.enableAllFirmware = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; - users = { - groups = { - vpn = {}; - mpd = {}; - navidrome = { - gid = 61593; - }; - spotifyd = { - gid = 65136; - }; + sound = { + enable = true; + }; + + users = { + groups = { + vpn = { }; + mpd = { }; + navidrome = { + gid = 61593; }; - users = { - jellyfin = { - extraGroups = [ "video" "render" ]; - }; - vpn = { - isNormalUser = true; - group = "vpn"; - home = "/home/vpn"; - }; - navidrome = { - isSystemUser = true; - uid = 61593; - group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; - }; - spotifyd = { - isSystemUser = true; - uid = 65136; - group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; - }; - mpd = { - isSystemUser = true; - group = "mpd"; - extraGroups = [ "audio" "utmp" ]; - }; - swarsel = { - isNormalUser = true; - description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp"]; - packages = with pkgs; []; - }; - root = { - openssh.authorizedKeys.keyFiles = [ - ../../secrets/keys/authorized_keys - ]; - }; + spotifyd = { + gid = 65136; }; }; - - fileSystems."/mnt/Eternor" = { - device = "//192.168.1.3/Eternor"; - fsType = "cifs"; - options = let - # this line prevents hanging on network split - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; - }; - - environment = { - systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - lego - nginx - calibre - openvpn - jq - iptables - busybox - wireguard-tools - matrix-synapse - lottieconverter - ffmpeg - pciutils - alsa-utils - mpv - zfs - ]; - etc = { - "openvpn/iptables.sh" = - { source = ../../scripts/server1/iptables.sh; - mode = "0755"; - }; - "openvpn/update-resolv-conf" = - { source = ../../scripts/server1/update-resolv-conf; - mode = "0755"; - }; - "openvpn/routing.sh" = - { source = ../../scripts/server1/routing.sh; - mode = "0755"; - }; - "openvpn/ca.rsa.2048.crt" = - { source = ../../secrets/certs/ca.rsa.2048.crt; - mode = "0644"; - }; - "openvpn/crl.rsa.2048.pem" = - { source = ../../secrets/certs/crl.rsa.2048.pem; - mode = "0644"; - }; + users = { + jellyfin = { + extraGroups = [ "video" "render" ]; }; - shellAliases = { - nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + vpn = { + isNormalUser = true; + group = "vpn"; + home = "/home/vpn"; }; - }; - - systemd = { - timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "1d"; - OnUnitActiveSec = "1d"; - Unit = "restart-bridges.service"; - }; + navidrome = { + isSystemUser = true; + uid = 61593; + group = "navidrome"; + extraGroups = [ "audio" "utmp" ]; }; - - services."restart-bridges" = { - script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; + spotifyd = { + isSystemUser = true; + uid = 65136; + group = "spotifyd"; + extraGroups = [ "audio" "utmp" ]; }; - }; - nix.settings.experimental-features = ["nix-command" "flakes"]; - - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - - documentation = { - enable = false; - }; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; - defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; - validateSopsFiles = false; - secrets = { - dnstokenfull = {owner="acme";}; - kavita = { owner = "kavita";}; - vpnuser = {}; - rpcuser = {owner="vpn";}; - vpnpass = {}; - rpcpass = {owner="vpn";}; - vpnprot = {}; - vpnloc = {}; - mpdpass = { owner = "mpd";}; + mpd = { + isSystemUser = true; + group = "mpd"; + extraGroups = [ "audio" "utmp" ]; }; - templates = { - "transmission-rpc" = { - owner = "vpn"; - content = builtins.toJSON { - rpc-username = config.sops.placeholder.rpcuser; - rpc-password = config.sops.placeholder.rpcpass; - }; - }; - - pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; - - vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server - - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 - - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt - - disable-occ - ''; - "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; + swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" ]; + packages = with pkgs; [ ]; + }; + root = { + openssh.authorizedKeys.keyFiles = [ + ../../secrets/keys/authorized_keys + ]; }; }; + }; - security.acme = { - acceptTerms = true; - preliminarySelfsigned = false; - defaults.email = "mrswarsel@gmail.com"; - defaults.dnsProvider = "cloudflare"; - defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; - }; - - services = { - xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; + fileSystems."/mnt/Eternor" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + options = + let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in + [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ]; + }; + + environment = { + systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + lego + nginx + calibre + openvpn + jq + iptables + busybox + wireguard-tools + matrix-synapse + lottieconverter + ffmpeg + pciutils + alsa-utils + mpv + zfs + ]; + etc = { + "openvpn/iptables.sh" = + { + source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = + { + source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = + { + source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = + { + source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = + { + source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; + }; + shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + }; + + systemd = { + timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; }; + }; - openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; }; + }; + }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - virtualHosts = { - - "stash.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "https://192.168.1.5"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + documentation = { + enable = false; + }; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; + validateSopsFiles = false; + secrets = { + dnstokenfull = { owner = "acme"; }; + kavita = { owner = "kavita"; }; + vpnuser = { }; + rpcuser = { owner = "vpn"; }; + vpnpass = { }; + rpcpass = { owner = "vpn"; }; + vpnprot = { }; + vpnloc = { }; + mpdpass = { owner = "mpd"; }; + }; + templates = { + "transmission-rpc" = { + owner = "vpn"; + content = builtins.toJSON { + rpc-username = config.sops.placeholder.rpcuser; + rpc-password = config.sops.placeholder.rpcpass; + }; + }; + + pia.content = '' + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; + + vpn.content = '' + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; + "certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + }; + }; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services = { + xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + listenAddresses = [{ + port = 22; + addr = "0.0.0.0"; + }]; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "https://192.168.1.5"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; }; }; + }; - "swatrix.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://127.0.0.1:8008"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + client_max_body_size 0; + ''; }; }; + }; - "sound.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:4040"; - proxyWebsockets = true; - extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; - }; + "sound.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = '' + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; }; }; + }; - "scan.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:28981"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + "scan.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:28981"; + extraConfig = '' + client_max_body_size 0; + ''; }; }; + }; - "screen.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8096"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + "screen.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 0; + ''; }; }; + }; - "scroll.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8080"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + "scroll.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + client_max_body_size 0; + ''; }; }; }; }; + }; - kavita = { - enable = true; - user = "kavita"; - port = 8080; - tokenKeyFile = config.sops.secrets.kavita.path; - }; + kavita = { + enable = true; + user = "kavita"; + port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; - jellyfin = { - enable = true; - user = "jellyfin"; - }; + jellyfin = { + enable = true; + user = "jellyfin"; + }; - radarr = { - enable = true; - }; - readarr = { - enable = true; - }; - sonarr = { - enable = true; - }; - lidarr = { - enable = true; - }; - prowlarr = { - enable = true; - }; - openvpn.servers = { - pia = { - autoStart = true; - updateResolvConf = false; - config = "config ${config.sops.templates.vpn.path}"; - }; + radarr = { + enable = true; + }; + readarr = { + enable = true; + }; + sonarr = { + enable = true; + }; + lidarr = { + enable = true; + }; + prowlarr = { + enable = true; + }; + openvpn.servers = { + pia = { + autoStart = true; + updateResolvConf = false; + config = "config ${config.sops.templates.vpn.path}"; }; - transmission = { - enable = true; - credentialsFile = config.sops.templates."transmission-rpc".path; - user = "vpn"; - settings = { - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 256; - dht-enabled= false; - download-dir= "/test"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; - }; - }; - - # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; - # sops.templates."matrix_user_register.sh".content = '' - # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - # ''; - # sops.templates.matrixshared.owner = "matrix-synapse"; - # sops.templates.matrixshared.content = '' - # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - # ''; - # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; - # sops.templates.mautrixtelegram.owner = "matrix-synapse"; - # sops.templates.mautrixtelegram.content = '' - # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} - # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} - # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} - # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - # ''; - - - - - # ---------------- - # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; - # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; - # sops.templates.mautrixwhatsapp.content = '' - # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} - # ''; - - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - matrix-synapse = { - settings.app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/whatsapp-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" - "/var/lib/matrix-synapse/doublepuppet.yaml" - ]; - enable = false; - settings.server_name = matrixDomain; - settings.public_baseurl = "https://${matrixDomain}"; - extraConfigFiles = [ - config.sops.templates.matrixshared.path - ]; - settings.listeners = [ - { port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = true; - } - ]; - } - ]; + }; + transmission = { + enable = true; + credentialsFile = config.sops.templates."transmission-rpc".path; + user = "vpn"; + settings = { + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 256; + dht-enabled = false; + download-dir = "/test"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; }; + }; - mautrix-telegram = { - enable = false; - environmentFile = config.sops.templates.mautrixtelegram.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; + # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + # sops.templates."matrix_user_register.sh".content = '' + # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + # ''; + # sops.templates.matrixshared.owner = "matrix-synapse"; + # sops.templates.matrixshared.content = '' + # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + # ''; + # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + # sops.templates.mautrixtelegram.owner = "matrix-synapse"; + # sops.templates.mautrixtelegram.content = '' + # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + # ''; + + + + + # ---------------- + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = false; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { + port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + mautrix-telegram = { + enable = false; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address = "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; }; - appservice = { - address= "http://localhost:29317"; - hostname = "0.0.0.0"; - port = "29317"; - provisioning.enabled = true; - id = "telegram"; - # ephemeral_events = true; # not needed due to double puppeting - public = { - enabled = false; - }; - database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; }; - bridge = { - # login_shared_secret_map = { - # matrixDomain = "as_token:doublepuppet"; - # }; - relaybot.authless_portals = true; - allow_avatar_remove = true; - allow_contact_info = true; - sync_channel_members = true; - startup_sync = true; - sync_create_limit = 0; - sync_direct_chats = true; - telegram_link_preview = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; - animated_sticker = { - target = "gif"; - args = { - width = 256; - height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported - }; + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; + }; - mautrix-whatsapp = { - enable = false; - # environmentFile = config.sops.templates.mautrixwhatsapp.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; + mautrix-whatsapp = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address = "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; }; - appservice = { - address= "http://localhost:29318"; - hostname = "0.0.0.0"; - port = 29318; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; }; }; - bridge = { - displayname_template = "{{or .FullName .PushName .JID}} (WA)"; - history_sync = { - backfill = true; - max_initial_conversations = -1; - message_count = -1; - request_full_sync = true; - full_sync_config = { - days_limit = 900; - size_mb_limit = 5000; - storage_quota_mb = 5000; - }; - }; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; - }; - sync_manual_marked_unread = true; - send_presence_on_typing = true; - parallel_member_sync = true; - url_previews = true; - caption_in_message = true; - extev_polls = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + mautrix-signal = { + enable = false; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address = "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; }; }; - }; - - mautrix-signal = { - enable = false; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { - - address= "http://localhost:29328"; - hostname = "0.0.0.0"; - port = 29328; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-signal?host=/run/postgresql"; - }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; }; - bridge = { - displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; - }; - caption_in_message = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; }; }; }; + }; - navidrome = { - enable = true; - settings = { - Address = "0.0.0.0"; - Port = 4040; - MusicFolder = "/mnt/"; - EnableSharing = true; - EnableTranscodingConfig = true; - Scanner.GroupAlbumReleases = true; - ScanSchedule = "@every 24h"; - # Insert these values locally as sops-nix does not work for them - # LastFM.ApiKey = TEMPLATE; - # LastFM.Secret = TEMPLATE; - # Spotify.ID = TEMPLATE; - # Spotify.Secret = TEMPLATE; - UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; - UIWelcomeMessage = "~SwarselSound~"; - }; + navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + Port = 4040; + MusicFolder = "/mnt/"; + EnableSharing = true; + EnableTranscodingConfig = true; + Scanner.GroupAlbumReleases = true; + ScanSchedule = "@every 24h"; + # Insert these values locally as sops-nix does not work for them + # LastFM.ApiKey = TEMPLATE; + # LastFM.Secret = TEMPLATE; + # Spotify.ID = TEMPLATE; + # Spotify.Secret = TEMPLATE; + UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; + UIWelcomeMessage = "~SwarselSound~"; }; - mpd = { - enable = true; - musicDirectory = "/mnt/Eternor/Musik"; - user = "mpd"; - group = "mpd"; - network = { - port = 3254; - listenAddress = "any"; - }; - credentials = [ - { - passwordFile = config.sops.secrets.mpdpass.path; - permissions = [ - "read" - "add" - "control" - "admin" - ]; - } - ]; + }; + mpd = { + enable = true; + musicDirectory = "/mnt/Eternor/Musik"; + user = "mpd"; + group = "mpd"; + network = { + port = 3254; + listenAddress = "any"; }; + credentials = [ + { + passwordFile = config.sops.secrets.mpdpass.path; + permissions = [ + "read" + "add" + "control" + "admin" + ]; + } + ]; + }; - spotifyd = { - enable = true; - settings = { - global = { - dbus_type = "session"; - use_mpris = false; - device = "default:CARD=PCH"; - device_name = "SwarselSpot"; - mixer = "alsa"; - zeroconf_port = 1025; - }; + spotifyd = { + enable = true; + settings = { + global = { + dbus_type = "session"; + use_mpris = false; + device = "default:CARD=PCH"; + device_name = "SwarselSpot"; + mixer = "alsa"; + zeroconf_port = 1025; }; }; + }; - # Network shares - # add a user with sudo smbpasswd -a - samba = { - package = pkgs.samba4Full; - extraConfig = '' - workgroup = WORKGROUP - server role = standalone server - dns proxy = no - - pam password change = yes - map to guest = bad user - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - follow symlinks = yes - ''; - - # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` - # Required for samba to register mDNS records for auto discovery - # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 - enable = true; - # openFirewall = true; - shares.test = { - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - path = "/test2"; - writable = "true"; - comment = "Eternor"; - "valid users" = "@smbtest2"; - }; + # Network shares + # add a user with sudo smbpasswd -a + samba = { + package = pkgs.samba4Full; + extraConfig = '' + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; + + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + # openFirewall = true; + shares.test = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/test2"; + writable = "true"; + comment = "Eternor"; + "valid users" = "@smbtest2"; }; + }; - avahi = { - publish.enable = true; - publish.userServices = true; - # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns = true; - # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; - }; + avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + }; - samba-wsdd = { - # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued - enable = true; - }; + samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; }; - } + }; +} #+end_src **** Threed (Surface Pro 3) @@ -1827,54 +1840,53 @@ New setup for the SP3, this time using NixOS - another machine will take over th :END: #+begin_src nix :noweb yes :tangle profiles/threed/nixos.nix +{ lib, pkgs, ... }: - { lib, pkgs, ... }: - - { - <> +{ + <> - services = { - getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; - }; + services = { + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user = "swarsel"; + }; - hardware.bluetooth.enable = true; + hardware.bluetooth.enable = true; - # Bootloader - boot = { - loader.systemd-boot.enable = lib.mkForce false; - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - loader.efi.canTouchEfiVariables = true; - # use bootspec instead of lzbt for secure boot. This is not a generally needed setting - bootspec.enable = true; - # kernelPackages = pkgs.linuxPackages_latest; + # Bootloader + boot = { + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; }; + loader.efi.canTouchEfiVariables = true; + # use bootspec instead of lzbt for secure boot. This is not a generally needed setting + bootspec.enable = true; + # kernelPackages = pkgs.linuxPackages_latest; + }; - networking = { - hostName = "threed"; - enableIPv6 = false; - firewall.enable = false; - }; + networking = { + hostName = "threed"; + enableIPv6 = false; + firewall.enable = false; + }; - stylix.image = ../../wallpaper/surfacewp.png; - <> + stylix.image = ../../wallpaper/surfacewp.png; + <> - users.users.swarsel = { - isNormalUser = true; - description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; - packages = with pkgs; []; - }; + users.users.swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; [ ]; + }; - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ + ]; - system.stateVersion = "23.05"; + system.stateVersion = "23.05"; - } +} #+end_src @@ -1883,7 +1895,6 @@ New setup for the SP3, this time using NixOS - another machine will take over th :CUSTOM_ID: h:449c20d8-338a-483c-a6f0-9a164a6071d6 :END: #+begin_src nix :noweb yes :tangle profiles/threed/home.nix - { config, pkgs, ... }: { @@ -1907,7 +1918,7 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { input = { "*" = { @@ -1931,18 +1942,20 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; }; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+F2" = "exec brightnessctl set +5%"; - "${modifier}+F1"= "exec brightnessctl set 5%-"; - "${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; - "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; - "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; - "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; - }; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+F2" = "exec brightnessctl set +5%"; + "${modifier}+F1" = "exec brightnessctl set 5%-"; + "${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; + "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; + "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; + "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + }; startup = [ <> @@ -1954,9 +1967,9 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; extraConfig = " - exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1 - exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1 - "; + exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1 + exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1 + "; }; } #+end_src @@ -1976,7 +1989,6 @@ My new main machine. Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. #+begin_src nix :noweb yes :tangle profiles/fourside/nixos.nix - { config, pkgs, ... }: { @@ -1989,7 +2001,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -2010,46 +2022,46 @@ Mostly just sets some opened ports for several games, enables virtualbox (which allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPortRanges = [ - {from = 27015; to = 27030;} # barotrauma - {from = 27036; to = 27037;} # barotrauma + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma ]; allowedUDPPortRanges = [ - {from = 27000; to = 27031;} # barotrauma - {from = 58962; to = 58964;} # barotrauma + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma ]; }; }; virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; <> hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; - }; - bluetooth.enable = true; - trackpoint = { - enable = true; - device = "TPPS/2 Elan TrackPoint"; - }; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + }; + bluetooth.enable = true; + trackpoint = { + enable = true; + device = "TPPS/2 Elan TrackPoint"; }; + }; programs.steam = { enable = true; @@ -2058,7 +2070,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which ]; }; - # Configure keymap in X11 (only used for login) + # Configure keymap in X11 (only used for login) services.thinkfan = { enable = false; @@ -2069,7 +2081,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services.nswitch-rcm = { enable = true; - package = pkgs.fetchurl { + package = pkgs.fetchurl { url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; }; @@ -2080,17 +2092,17 @@ Mostly just sets some opened ports for several games, enables virtualbox (which description = "Leon S"; hashedPasswordFile = config.sops.secrets.swarseluser.path; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; []; + packages = with pkgs; [ ]; }; environment.systemPackages = with pkgs; [ - # gog games installing - heroic - # minecraft - temurin-bin-17 - (prismlauncher.override { - glfw = pkgs.glfw-wayland-minecraft; - }) + # gog games installing + heroic + # minecraft + temurin-bin-17 + (prismlauncher.override { + glfw = pkgs.glfw-wayland-minecraft; + }) ]; system.stateVersion = "23.05"; @@ -2108,7 +2120,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which This is basically just adjusted to the core count, path to the =hwmon= (this was very bothersome on this machine due to changing address), as well as making use of the top-row function keys. #+begin_src nix :noweb yes :tangle profiles/fourside/home.nix - { config, pkgs, ... }: { @@ -2134,7 +2145,7 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -2142,7 +2153,8 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -2172,28 +2184,30 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "DP-4"; workspace = "2:二";} + { output = "eDP-1"; workspace = "1:一"; } + { output = "DP-4"; workspace = "2:二"; } ]; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; - "XF86Display" = "exec wl-mirror eDP-1"; - # these are left open to use - # "XF86WLAN" = "exec wl-mirror eDP-1"; - # "XF86Messenger" = "exec wl-mirror eDP-1"; - # "XF86Go" = "exec wl-mirror eDP-1"; - # "XF86Favorites" = "exec wl-mirror eDP-1"; - # "XF86HomePage" = "exec wtype -P Escape -p Escape"; - # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%"; - # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% "; - "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle"; - }; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; + "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86Display" = "exec wl-mirror eDP-1"; + # these are left open to use + # "XF86WLAN" = "exec wl-mirror eDP-1"; + # "XF86Messenger" = "exec wl-mirror eDP-1"; + # "XF86Go" = "exec wl-mirror eDP-1"; + # "XF86Favorites" = "exec wl-mirror eDP-1"; + # "XF86HomePage" = "exec wtype -P Escape -p Escape"; + # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%"; + # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% "; + "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle"; + }; startup = [ <> @@ -2219,7 +2233,6 @@ My work machine. Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. #+begin_src nix :noweb yes :tangle profiles/winters/nixos.nix - { pkgs, ... }: { @@ -2232,7 +2245,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -2259,27 +2272,27 @@ Mostly just sets some opened ports for several games, enables virtualbox (which virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; <> hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - ]; - }; - bluetooth.enable = true; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + ]; }; + bluetooth.enable = true; + }; programs.steam = { enable = true; @@ -2294,7 +2307,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which isNormalUser = true; description = "Leon S"; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; []; + packages = with pkgs; [ ]; }; environment.systemPackages = with pkgs; [ @@ -2323,7 +2336,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. #+begin_src nix :noweb yes :tangle profiles/winters/home.nix - { config, pkgs, ... }: { @@ -2349,7 +2361,7 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -2357,7 +2369,8 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -2388,8 +2401,8 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "HDMI-A-1"; workspace = "2:二";} + { output = "eDP-1"; workspace = "1:一"; } + { output = "HDMI-A-1"; workspace = "2:二"; } ]; @@ -2427,48 +2440,47 @@ In the long run, I am thinking about a transition to kubernetes or using just a :END: #+begin_src nix :tangle profiles/server1/TEMPLATE/nixos.nix +{ pkgs, modulesPath, ... }: - { pkgs, modulesPath, ... }: - - { - imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") - ]; +{ + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - ]; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; - networking = { -hostName = "TEMPLATE"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; - services.openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - }; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../secrets/keys/authorized_keys - ]; - # users.users.root.password = "TEMPLATE"; + proxmoxLXC = { + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; + networking = { + hostName = "TEMPLATE"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; + # users.users.root.password = "TEMPLATE"; - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change +} #+end_src @@ -2482,7 +2494,6 @@ firewall.enable = false; :END: #+begin_src nix :tangle profiles/server1/nginx/nixos.nix - { config, pkgs, modulesPath, ... }: { imports = [ @@ -2503,15 +2514,15 @@ firewall.enable = false; xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; validateSopsFiles = false; - secrets.dnstokenfull = {owner="acme";}; + secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; proxmoxLXC = { @@ -2564,7 +2575,7 @@ firewall.enable = false; proxyPass = "https://192.168.1.5"; extraConfig = '' client_max_body_size 0; - ''; + ''; }; # "/push/" = { # proxyPass = "http://192.168.2.5:7867"; @@ -2586,8 +2597,8 @@ firewall.enable = false; "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.23:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2602,13 +2613,13 @@ firewall.enable = false; proxyPass = "http://192.168.1.13:4040"; proxyWebsockets = true; extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; }; }; }; @@ -2621,8 +2632,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.24:28981"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2635,8 +2646,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.16:8096"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2649,8 +2660,8 @@ firewall.enable = false; "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.20:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2663,8 +2674,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.22:8080"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2677,8 +2688,8 @@ firewall.enable = false; "/" = { proxyPass = "https://192.168.1.7"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2717,7 +2728,6 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib :END: #+begin_src nix :tangle profiles/server1/calibre/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2736,10 +2746,10 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib users.groups.lxc_shares = { gid = 10000; members = [ - "kavita" - "calibre-web" - "root" - ]; + "kavita" + "calibre-web" + "root" + ]; }; services.xserver = { @@ -2747,24 +2757,24 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { -age.sshKeyPaths = [ "/etc/ssh/sops" ]; -defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; -validateSopsFiles = false; -secrets.kavita = { owner = "kavita";}; -}; + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; + validateSopsFiles = false; + secrets.kavita = { owner = "kavita"; }; + }; proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; networking = { -hostName = "calibre"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; + hostName = "calibre"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; @@ -2801,7 +2811,6 @@ firewall.enable = false; :END: #+begin_src nix :tangle profiles/server1/jellyfin/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2825,7 +2834,7 @@ firewall.enable = false; }; users.users.jellyfin = { - extraGroups = [ "video" "render" ]; + extraGroups = [ "video" "render" ]; }; services.xserver = { @@ -2833,7 +2842,7 @@ firewall.enable = false; xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -2866,7 +2875,7 @@ firewall.enable = false; enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; @@ -2895,7 +2904,6 @@ This stuff just does not work, I seem to be unable to create a working VPN Split :END: #+begin_src nix :tangle profiles/server1/transmission/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2927,7 +2935,7 @@ This stuff just does not work, I seem to be unable to create a working VPN Split "root" ]; }; - users.groups.vpn = {}; + users.groups.vpn = { }; users.users.vpn = { isNormalUser = true; @@ -2940,7 +2948,7 @@ This stuff just does not work, I seem to be unable to create a working VPN Split xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; @@ -2981,28 +2989,33 @@ This stuff just does not work, I seem to be unable to create a working VPN Split networking.iproute2 = { enable = true; rttablesExtraConfig = '' - 200 vpn - ''; + 200 vpn + ''; }; environment.etc = { "openvpn/iptables.sh" = - { source = ../../../scripts/server1/iptables.sh; + { + source = ../../../scripts/server1/iptables.sh; mode = "0755"; }; "openvpn/update-resolv-conf" = - { source = ../../../scripts/server1/update-resolv-conf; + { + source = ../../../scripts/server1/update-resolv-conf; mode = "0755"; }; "openvpn/routing.sh" = - { source = ../../../scripts/server1/routing.sh; + { + source = ../../../scripts/server1/routing.sh; mode = "0755"; }; "openvpn/ca.rsa.2048.crt" = - { source = ../../../secrets/certs/ca.rsa.2048.crt; + { + source = ../../../secrets/certs/ca.rsa.2048.crt; mode = "0644"; }; "openvpn/crl.rsa.2048.pem" = - { source = ../../../secrets/certs/crl.rsa.2048.pem; + { + source = ../../../secrets/certs/crl.rsa.2048.pem; mode = "0644"; }; }; @@ -3036,46 +3049,46 @@ This stuff just does not work, I seem to be unable to create a working VPN Split }; pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server - - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 - - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt - - disable-occ - dhcp-option DNS 209.222.18.222 - dhcp-option DNS 209.222.18.218 - dhcp-option DNS 8.8.8.8 - route-noexec - ''; + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + dhcp-option DNS 209.222.18.222 + dhcp-option DNS 209.222.18.218 + dhcp-option DNS 8.8.8.8 + route-noexec + ''; }; secrets = { - vpnuser = {}; - rpcuser = {owner="vpn";}; - vpnpass = {}; - rpcpass = {owner="vpn";}; - vpnprot = {}; - vpnloc = {}; + vpnuser = { }; + rpcuser = { owner = "vpn"; }; + vpnpass = { }; + rpcpass = { owner = "vpn"; }; + vpnprot = { }; + vpnloc = { }; }; }; services.openvpn.servers = { @@ -3093,74 +3106,74 @@ This stuff just does not work, I seem to be unable to create a working VPN Split group = "lxc_shares"; settings = { - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 4; - dht-enabled= false; - download-dir= "/media/Eternor/New"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 4; + dht-enabled = false; + download-dir = "/media/Eternor/New"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; }; }; @@ -3189,10 +3202,11 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/matrix/nixos.nix - - { config, pkgs, modulesPath, sops, ... }: let + { config, pkgs, modulesPath, sops, ... }: + let matrixDomain = "matrix2.swarsel.win"; - in { + in + { <> imports = [ @@ -3220,21 +3234,21 @@ Make sure to also do this for doublepuppet.yaml defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; validateSopsFiles = false; secrets = { - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + matrixsharedsecret = { owner = "matrix-synapse"; }; + mautrixtelegram_as = { owner = "matrix-synapse"; }; + mautrixtelegram_hs = { owner = "matrix-synapse"; }; + mautrixtelegram_api_id = { owner = "matrix-synapse"; }; + mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; mautrixtelegram = { owner = "matrix-synapse"; @@ -3243,7 +3257,7 @@ Make sure to also do this for doublepuppet.yaml MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; }; }; @@ -3251,27 +3265,27 @@ Make sure to also do this for doublepuppet.yaml services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { @@ -3286,7 +3300,8 @@ Make sure to also do this for doublepuppet.yaml server_name = matrixDomain; public_baseurl = "https://${matrixDomain}"; listeners = [ - { port = 8008; + { + port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; @@ -3314,7 +3329,7 @@ Make sure to also do this for doublepuppet.yaml domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -3343,16 +3358,16 @@ Make sure to also do this for doublepuppet.yaml args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -3363,7 +3378,7 @@ Make sure to also do this for doublepuppet.yaml domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -3410,7 +3425,7 @@ Make sure to also do this for doublepuppet.yaml }; appservice = { - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -3446,10 +3461,10 @@ Make sure to also do this for doublepuppet.yaml systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; @@ -3470,7 +3485,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/sound/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -3493,7 +3507,7 @@ Make sure to also do this for doublepuppet.yaml gid = 61593; }; - mpd = {}; + mpd = { }; }; users = { @@ -3501,13 +3515,13 @@ Make sure to also do this for doublepuppet.yaml isSystemUser = true; uid = 61593; group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; mpd = { isSystemUser = true; group = "mpd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; }; }; @@ -3534,7 +3548,7 @@ Make sure to also do this for doublepuppet.yaml age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; validateSopsFiles = false; - secrets.mpdpass = { owner = "mpd";}; + secrets.mpdpass = { owner = "mpd"; }; }; services.navidrome = { @@ -3590,7 +3604,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/spotifyd/nixos.nix - { pkgs, modulesPath, ... }: { @@ -3606,7 +3619,7 @@ Make sure to also do this for doublepuppet.yaml isSystemUser = true; uid = 65136; group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; sound = { @@ -3652,7 +3665,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :tangle profiles/remote/oracle/sync/nixos.nix - { config, pkgs, ... }: { @@ -3671,16 +3683,16 @@ Make sure to also do this for doublepuppet.yaml xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; validateSopsFiles = false; - secrets.swarsel = { owner = "root";}; - secrets.dnstokenfull = {owner="acme";}; + secrets.swarsel = { owner = "root"; }; + secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; @@ -3708,8 +3720,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:27701"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3722,8 +3734,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:8384/"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3736,8 +3748,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:3000"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3751,14 +3763,14 @@ Make sure to also do this for doublepuppet.yaml enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT ''; }; services.openssh = { @@ -3833,12 +3845,12 @@ The files mentioned by #+begin_src nix :tangle no - settings.app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/whatsapp-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" - "/var/lib/matrix-synapse/doublepuppet.yaml" - ] + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ] #+end_src @@ -3873,10 +3885,11 @@ namespaces: Lastly, the machine that runs matrix needs to regularly update, as otherwise you will lose connectivity to the bridges. #+begin_src nix :tangle profiles/remote/oracle/matrix/nixos.nix - - { config, pkgs, sops, ... }: let + { config, pkgs, sops, ... }: + let matrixDomain = "swatrix.swarsel.win"; - in { + in + { imports = [ ./hardware-configuration.nix @@ -3896,27 +3909,27 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; validateSopsFiles = false; secrets = { - dnstokenfull = {owner="acme";}; - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + dnstokenfull = { owner = "acme"; }; + matrixsharedsecret = { owner = "matrix-synapse"; }; + mautrixtelegram_as = { owner = "matrix-synapse"; }; + mautrixtelegram_hs = { owner = "matrix-synapse"; }; + mautrixtelegram_api_id = { owner = "matrix-synapse"; }; + mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; mautrixtelegram = { owner = "matrix-synapse"; content = '' @@ -3924,13 +3937,13 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; }; }; @@ -3963,8 +3976,8 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://localhost:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3978,13 +3991,13 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you enableIPv6 = false; domain = "swarsel.win"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT - ''; + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT + ''; }; services.openssh = { enable = true; @@ -4005,27 +4018,27 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { settings.app_service_config_files = [ @@ -4040,7 +4053,8 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you public_baseurl = "https://${matrixDomain}"; }; listeners = [ - { port = 8008; + { + port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; @@ -4067,7 +4081,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -4096,16 +4110,16 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -4116,7 +4130,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -4164,7 +4178,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you }; appservice = { - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -4200,10 +4214,10 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; @@ -4224,56 +4238,55 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you :END: #+begin_src nix :noweb yes :tangle profiles/server1/paperless/nixos.nix +{ config, pkgs, modulesPath, ... }: - { config, pkgs, modulesPath, ... }: - - { - <> - - users.groups.lxc_shares = { - gid = 10000; - members = [ - "paperless" - "root" - ]; - }; +{ + <> - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age + users.groups.lxc_shares = { + gid = 10000; + members = [ + "paperless" + "root" ]; + }; - networking = { - hostName = "paperless"; # Define your hostname. - firewall.enable = false; - }; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; - sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; - defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; - validateSopsFiles = false; - secrets.admin = { owner = "paperless";}; - }; + networking = { + hostName = "paperless"; # Define your hostname. + firewall.enable = false; + }; - services.paperless = { - enable = true; - mediaDir = "/media"; - user = "paperless"; - port = 28981; - passwordFile = config.sops.secrets.admin.path; - address = "0.0.0.0"; - extraConfig = { - PAPERLESS_OCR_LANGUAGE = "deu+eng"; - PAPERLESS_URL = "scan.swarsel.win"; - PAPERLESS_OCR_USER_ARGS = builtins.toJSON { - optimize = 1; - pdfa_image_compression = "lossless"; - }; + sops = { + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; + validateSopsFiles = false; + secrets.admin = { owner = "paperless"; }; + }; + + services.paperless = { + enable = true; + mediaDir = "/media"; + user = "paperless"; + port = 28981; + passwordFile = config.sops.secrets.admin.path; + address = "0.0.0.0"; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "scan.swarsel.win"; + PAPERLESS_OCR_USER_ARGS = builtins.toJSON { + optimize = 1; + pdfa_image_compression = "lossless"; }; }; + }; - } +} #+end_src @@ -4316,6 +4329,7 @@ First, we enable the use of =home-manager= as a NixoS module Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is extremly comfortable to use #+begin_src nix :tangle profiles/common/nixos.nix + services.xserver = { xkb = { layout = "us"; @@ -4766,30 +4780,31 @@ I use sops-nix to handle secrets that I want to have available on my machines at validateSopsFiles = false; secrets = { - swarseluser = {neededForUsers = true;}; - ernest = {}; - frauns = {}; - hotspot = {}; - eduid = {}; - edupass = {}; - handyhotspot = {}; - vpnuser = {}; - vpnpass = {}; + swarseluser = { neededForUsers = true; }; + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; }; templates = { "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - ''; + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + ''; }; }; -#+end_src + + #+end_src *** System Packages :PROPERTIES: @@ -4852,7 +4867,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh #lsp-bridge / python gcc gdb - (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) # -------------------------------------------- @@ -4870,9 +4885,9 @@ Mostly used to install some compilers and lsp's that I want to have available wh ]; unpackPhase = '' - mkdir -p $out/bin - tar xvf $src -C $out/ - mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + mkdir -p $out/bin + tar xvf $src -C $out/ + mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ ''; }) @@ -4905,6 +4920,7 @@ Also, we setup zsh. Do not touch this. users.defaultUserShell = pkgs.zsh; environment.shells = with pkgs; [ zsh ]; environment.pathsToLink = [ "/share/zsh" ]; + #+end_src *** Services @@ -4961,13 +4977,14 @@ This allows me to use my big scanner/printer's printing function over the networ pkgs.gutenprintBin ]; browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; }; + #+end_src Avahi is the service used for the network discovery @@ -4979,6 +4996,7 @@ Avahi is the service used for the network discovery nssmdns4 = true; openFirewall = true; }; + #+end_src **** enable GVfs @@ -5006,26 +5024,28 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; - udevmonConfig = let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 - - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 + + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] ''; - in '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; }; #+end_src @@ -5078,18 +5098,18 @@ This section houses the greetd related settings. I do not really want to use a d initial_session.command = "sway"; # initial_session.user ="swarsel"; default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; }; }; environment.etc."greetd/environments".text = '' - sway - ''; + sway + ''; #+end_src @@ -5114,8 +5134,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :END: #+begin_src nix :tangle profiles/common/home.nix - - { config, pkgs, fetchFromGitHub , ... }: + { config, pkgs, fetchFromGitHub, ... }: { home.packages = with pkgs; [ @@ -5144,6 +5163,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 # nix alejandra + nixpkgs-fmt deadnix statix @@ -5265,12 +5285,12 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 # latex and related packages (pkgs.texlive.combine { inherit (pkgs.texlive) scheme-full - dvisvgm dvipng # for preview and export as html + dvisvgm dvipng# for preview and export as html wrapfig amsmath ulem hyperref capt-of; }) # font stuff - (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly"]; }) + (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; }) noto-fonts-emoji font-awesome_5 noto-fonts @@ -5284,134 +5304,138 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :END: #+begin_src nix :tangle profiles/common/home.nix - # cura - (let cura5 = appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.4.0"; - src = fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; - hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; - }; - extraPkgs = pkgs: with pkgs; [ ]; - }; in writeScriptBin "cura" '' - #! ${pkgs.bash}/bin/bash - # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. - # So we convert each of the files passed as argument to an absolute path. - # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. - args=() - for a in "$@"; do - if [ -e "$a" ]; then - a="$(realpath "$a")" - fi - args+=("$a") - done - exec "${cura5}/bin/cura5" "''${args[@]}" - '') + ( + let + cura5 = appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.4.0"; + src = fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; + hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; + }; + extraPkgs = pkgs: with pkgs; [ ]; + }; + in + writeScriptBin "cura" '' + #! ${pkgs.bash}/bin/bash + # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. + # So we convert each of the files passed as argument to an absolute path. + # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. + args=() + for a in "$@"; do + if [ -e "$a" ]; then + a="$(realpath "$a")" + fi + args+=("$a") + done + exec "${cura5}/bin/cura5" "''${args[@]}" + '' + ) #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state (pkgs.writeShellScriptBin "e" '' - bash ~/.dotfiles/scripts/editor_nowait.sh "$@" - '') + bash ~/.dotfiles/scripts/editor_nowait.sh "$@" + '') (pkgs.writeShellScriptBin "timer" '' - sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; - '') + sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; + '') (pkgs.writeScriptBin "project" '' - #! ${pkgs.bash}/bin/bash - if [ "$1" == "rust" ]; then - cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix - cp ~/.dotfiles/templates/toolchain.toml . - elif [ "$1" == "cpp" ]; then - cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix - elif [ "$1" == "python" ]; then - cp ~/.dotfiles/templates/py_flake.nix ./flake.nix - elif [ "$1" == "cuda" ]; then - cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix - elif [ "$1" == "other" ]; then - cp ~/.dotfiles/templates/other_flake.nix ./flake.nix - elif [ "$1" == "latex" ]; then - if [ "$2" == "" ]; then - echo "No filename specified, usage: 'project latex '" - exit 0 - fi - cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex - exit 0 - else - echo "No valid argument given. Valid arguments are rust cpp python, cuda" - exit 0 - fi - echo "use flake" >> .envrc - direnv allow - '') + #! ${pkgs.bash}/bin/bash + if [ "$1" == "rust" ]; then + cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix + cp ~/.dotfiles/templates/toolchain.toml . + elif [ "$1" == "cpp" ]; then + cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix + elif [ "$1" == "python" ]; then + cp ~/.dotfiles/templates/py_flake.nix ./flake.nix + elif [ "$1" == "cuda" ]; then + cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix + elif [ "$1" == "latex" ]; then + if [ "$2" == "" ]; then + echo "No filename specified, usage: 'project latex '" + exit 0 + fi + cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex + exit 0 + else + echo "No valid argument given. Valid arguments are rust cpp python, cuda" + exit 0 + fi + echo "use flake" >> .envrc + direnv allow + '') (pkgs.writeShellApplication { name = "pass-fuzzel"; runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass show -c "$password" &>/tmp/pass-fuzzel - else - pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed Password" - ''; + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass show -c "$password" &>/tmp/pass-fuzzel + else + pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed Password" + ''; }) (pkgs.writeShellApplication { name = "pass-fuzzel-otp"; - runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; + runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ]; text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/otp/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass otp -c "$password" &>/tmp/pass-fuzzel - else - pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" - ''; + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/otp/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass otp -c "$password" &>/tmp/pass-fuzzel + else + pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" + ''; }) (pkgs.writeShellApplication { name = "cdw"; runtimeInputs = [ pkgs.fzf ]; text = '' - cd "$(git worktree list | fzf | awk '{print $1}')" + cd "$(git worktree list | fzf | awk '{print $1}')" ''; }) @@ -5419,7 +5443,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 name = "cdb"; runtimeInputs = [ pkgs.fzf ]; text = '' - git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" + git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" ''; }) @@ -5454,13 +5478,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; secrets = { - mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; - nautilus = {path = "/run/user/1000/secrets/nautilus";}; - leon = {path = "/run/user/1000/secrets/leon";}; - swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; - caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; + mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; + nautilus = { path = "/run/user/1000/secrets/nautilus"; }; + leon = { path = "/run/user/1000/secrets/leon"; }; + swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; + caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; }; }; + #+end_src *** SSH Machines @@ -5472,100 +5497,100 @@ It is very convenient to have SSH aliases in place for machines that I use. This #+begin_src nix :tangle profiles/common/home.nix - programs.ssh= { - enable = true; + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ''; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; + }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ''; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; - }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; - }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; - }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; - }; - }; + user = "ep01427399"; }; + }; + }; #+end_src @@ -5602,7 +5627,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Cura"; exec = "cura"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; anki = { @@ -5610,7 +5635,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Anki"; exec = "anki"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; # schlidichat = { @@ -5626,7 +5651,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Element"; exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; emacsclient-newframe = { @@ -5635,7 +5660,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the exec = "emacsclient -r %u"; icon = "emacs"; terminal = false; - categories = [ "Development" "TextEditor"]; + categories = [ "Development" "TextEditor" ]; }; }; @@ -5730,6 +5755,7 @@ This section is for programs that require no further configuration. zsh Integrat pandoc.enable = true; fzf.enable = true; zoxide.enable = true; + }; #+end_src *** nix-index @@ -5738,22 +5764,24 @@ nix-index provides a way to find out which packages are provided by which deriva #+begin_src nix :tangle profiles/common/home.nix - nix-index = let - command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' + programs.nix-index = + let + command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' mkdir -p $out/etc/profile.d substitute ${../../scripts/command-not-found.sh} \ $out/etc/profile.d/command-not-found.sh \ --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ --replace @tput@ ${pkgs.ncurses}/bin/tput - ''; - in { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ command-not-found ]; + ''; + in + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ command-not-found ]; + }; }; - }; - }; + #+end_src *** password-store @@ -5767,7 +5795,7 @@ Enables password store with the =pass-otp= extension which allows me to store an programs.password-store = { enable = true; - package = pkgs.pass.withExtensions (exts: [exts.pass-otp]); + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; #+end_src @@ -6037,13 +6065,13 @@ Here we set some aliases (some of them should be shellApplications instead) as w nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; magit = "emacsclient -nc -e \"(magit-status)\""; - config="git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g="git"; - c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd="z"; + cd = "z"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; }; autosuggestion.enable = true; @@ -6056,8 +6084,8 @@ Here we set some aliases (some of them should be shellApplications instead) as w ]; defaultKeymap = "emacs"; dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; }; history = { expireDuplicatesFirst = true; @@ -6124,9 +6152,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6174,9 +6202,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl mu.enable = true; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6201,9 +6229,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl mu.enable = true; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6269,7 +6297,7 @@ Lastly, I am defining some more packages here that the parser has problems findi rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; }; - packageRequires = []; + packageRequires = [ ]; }) ]; @@ -6299,15 +6327,15 @@ The rest of this configuration is found here: mainBar = { layer = "top"; position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"]; + modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; modules-center = [ "sway/mode" "custom/configwarn" ]; "sway/mode" = { format = "{}"; }; "custom/configwarn" = { - exec= "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; - interval= 60; + exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; + interval = 60; }; "group/hardware" = { @@ -6330,14 +6358,14 @@ The rest of this configuration is found here: }; power-profiles-daemon = { - format= "{icon}"; - tooltip-format= "Power profile: {profile}\nDriver: {driver}"; - tooltip= true; - format-icons= { - "default"= ""; - "performance"= ""; - "balanced"= ""; - "power-saver"= ""; + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; }; }; @@ -6349,15 +6377,15 @@ The rest of this configuration is found here: }; mpris = { - format= "{player_icon} {title} [{position}/{length}]"; - format-paused= "{player_icon} {title} [{position}/{length}]"; - player-icons= { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { "default" = "▶ "; "mpv" = "🎵 "; "spotify" = " "; }; - status-icons= { - "paused"= " "; + status-icons = { + "paused" = " "; }; interval = 1; title-len = 20; @@ -6368,114 +6396,114 @@ The rest of this configuration is found here: format = ""; tooltip = false; }; - "custom/outer-left-arrow-dark"= { + "custom/outer-left-arrow-dark" = { format = ""; tooltip = false; }; - "custom/left-arrow-light"= { - format= ""; - tooltip= false; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; }; - "custom/right-arrow-dark"= { - format= ""; - tooltip= false; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; }; - "custom/outer-right-arrow-dark"= { - format= ""; - tooltip= false; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; }; - "custom/right-arrow-light"= { - format= ""; - tooltip= false; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; }; - "sway/workspaces"= { - disable-scroll= true; - format= "{name}"; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; }; - "clock#1"= { - min-length= 8; - interval= 1; - format= "{:%H:%M:%S}"; + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; + tooltip-format = "{:%Y %B}\n{calendar}"; }; - "clock#2"= { - format= "{:%d. %B %Y}"; + "clock#2" = { + format = "{:%d. %B %Y}"; # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; + tooltip-format = "{:%Y %B}\n{calendar}"; }; - pulseaudio= { - format= "{icon} {volume:2}%"; - format-bluetooth= "{icon} {volume}%"; - format-muted= "MUTE"; - format-icons= { - headphones= ""; - default= [ + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ "" "" ]; }; - scroll-step= 1; - on-click= "pamixer -t"; - on-click-right= "pavucontrol"; - }; - memory= { - interval= 5; - format= " {}%"; - tooltip-format= "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; - }; - cpu= { - min-length= 6; - interval= 5; - format-icons = ["▁" "▂" "▃" "▄" "▅" "▆" "▇" "█"]; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; + }; + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + }; + cpu = { + min-length = 6; + interval = 5; + format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; # on-click-right= "com.github.stsdc.monitor"; - on-click-right= "kitty -o confirm_os_window_close=0 btm"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; }; - battery= { - states= { - "warning"= 60; - "error"= 30; - "critical"= 15; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; }; - interval=5; - format= "{icon} {capacity}%"; - format-charging= "{capacity}% "; - format-plugged= "{capacity}% "; - format-icons= [ + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ "" "" "" "" "" ]; - on-click-right= "wlogout -p layer-shell"; - }; - disk= { - interval= 30; - format= "Disk {percentage_used:2}%"; - path= "/"; - states= { - "warning"= 80; - "critical"= 90; + on-click-right = "wlogout -p layer-shell"; + }; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; }; tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; }; - tray= { - icon-size= 20; + tray = { + icon-size = 20; }; - network= { + network = { interval = 5; - format-wifi= "{signalStrength}% "; - format-ethernet= ""; - format-linked= "{ifname} (No IP) "; - format-disconnected= "Disconnected ⚠"; - format-alt= "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; }; }; }; @@ -6578,11 +6606,12 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m }; "Home Manager Options" = { - urls = [{ template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; @@ -6748,78 +6777,80 @@ Currently, I am too lazy to explain every option here, but most of it is very se modifier = "Mod4"; terminal = "kitty"; menu = "fuzzel"; - bars = [{ command = "waybar";}]; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; - "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; - "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; - "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; - "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; - "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel-otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; - "${modifier}+Escape" = "mode $exit"; - # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+j" = "focus down"; - "${modifier}+k" = "focus up"; - "${modifier}+Shift+h" = "move left 40px"; - "${modifier}+Shift+l" = "move right 40px"; - "${modifier}+Shift+j" = "move down 40px"; - "${modifier}+Shift+k" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - "${modifier}+Return" = "exec kitty"; - }; + bars = [{ command = "waybar"; }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; + "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; + "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; + "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; + "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; + "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel-otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; + "${modifier}+Escape" = "mode $exit"; + # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+j" = "focus down"; + "${modifier}+k" = "focus up"; + "${modifier}+Shift+h" = "move left 40px"; + "${modifier}+Shift+l" = "move right 40px"; + "${modifier}+Shift+j" = "move down 40px"; + "${modifier}+Shift+k" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + "${modifier}+Return" = "exec kitty"; + }; modes = { resize = { Down = "resize grow height 10 px or 10 ppt"; @@ -6832,8 +6863,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; defaultWorkspace = "workspace 1:一"; startup = [ - { command = "kitty -T kittyterm";} - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} + { command = "kitty -T kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } ]; window = { border = 1; @@ -6845,28 +6876,28 @@ Currently, I am too lazy to explain every option here, but most of it is very se floating = { border = 1; criteria = [ - {title = "^Picture-in-Picture$";} - {app_id = "qalculate-gtk";} - {app_id = "org.gnome.clocks";} - {app_id = "com.github.stsdc.monitor";} - {app_id = "blueman";} - {app_id = "pavucontrol";} - {app_id = "syncthingtray";} - {title = "Syncthing Tray";} - {app_id = "SchildiChat";} - {app_id = "Element";} - {app_id = "com.nextcloud.desktopclient.nextcloud";} - {app_id = "gnome-system-monitor";} - {title = "(?:Open|Save) (?:File|Folder|As)";} - {title = "^Add$";} - {title = "com-jgoodies-jdiskreport-JDiskReport";} - {app_id = "discord";} - {window_role = "pop-up";} - {window_role = "bubble";} - {window_role = "dialog";} - {window_role = "task_dialog";} - {window_role = "menu";} - {window_role = "Preferences";} + { title = "^Picture-in-Picture$"; } + { app_id = "qalculate-gtk"; } + { app_id = "org.gnome.clocks"; } + { app_id = "com.github.stsdc.monitor"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { title = "Syncthing Tray"; } + { app_id = "SchildiChat"; } + { app_id = "Element"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { app_id = "gnome-system-monitor"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "com-jgoodies-jdiskreport-JDiskReport"; } + { app_id = "discord"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } ]; titlebar = false; }; @@ -6893,19 +6924,19 @@ Currently, I am too lazy to explain every option here, but most of it is very se { command = "sticky enable, shadows enable"; criteria = { - title="^Picture-in-Picture$"; + title = "^Picture-in-Picture$"; }; } { command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; criteria = { - title="^kittyterm$"; + title = "^kittyterm$"; }; } { command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; criteria = { - title="^spotifytui$"; + title = "^spotifytui$"; }; } # { @@ -6919,7 +6950,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; criteria = { - class="Spotify"; + class = "Spotify"; }; } { @@ -6946,24 +6977,25 @@ Currently, I am too lazy to explain every option here, but most of it is very se inner = 5; }; }; - extraSessionCommands ='' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; # extraConfigEarly = " # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # "; - extraConfig =let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = " + extraConfig = + let + inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = " blur enable blur_xray disable blur_passes 1 @@ -6973,7 +7005,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se titlebar_separator disable default_dim_inactive 0.02 "; - in " + in + " exec_always autotiling set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" mode $exit { diff --git a/flake.lock b/flake.lock index 1399b51..b2d96e1 100644 --- a/flake.lock +++ b/flake.lock @@ -237,24 +237,6 @@ "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", - "type": "github" - }, "original": { "id": "flake-parts", "type": "indirect" @@ -535,25 +517,6 @@ "type": "github" } }, - "nix-gaming": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1720920199, - "narHash": "sha256-0dNwRhtUVQha5S+NFeoeMXEt/6v0x56DCdyUk+vEFeY=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "fce565402d5b1ed4e92c4a9dfcd094d0172d8f0b", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "nix-gaming", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": "nixpkgs_2" @@ -620,7 +583,7 @@ "nixgl": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1713543440, @@ -732,18 +695,6 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1720954236, @@ -825,22 +776,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1720781449, - "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8b5a3d5a1d951344d683b442c0739010b80039db", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1660551188, "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", @@ -855,7 +790,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -871,7 +806,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -887,7 +822,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1720781449, "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", @@ -903,7 +838,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1714912032, "narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=", @@ -969,8 +904,8 @@ }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_6" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1721302286, @@ -1034,13 +969,12 @@ "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nix-alien": "nix-alien", - "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database_2", "nix-on-droid": "nix-on-droid", "nixgl": "nixgl", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_3", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", @@ -1075,7 +1009,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { @@ -1104,7 +1038,7 @@ "flake-compat": "flake-compat_3", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1720818679, diff --git a/flake.nix b/flake.nix index 9142c2d..70e794c 100644 --- a/flake.nix +++ b/flake.nix @@ -47,11 +47,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # patches for gaming on nix - nix-gaming = { - url = "github:fufexan/nix-gaming"; - }; - # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; @@ -87,6 +82,7 @@ lanzaboote, nixos-hardware, nix-alien, + nixos-generators, nswitch-rcm-nix, nix-index-database, ... @@ -151,7 +147,7 @@ modules = nixModules ++ [ - ./profiles/onett/nixos.nix + ./profles/onett/nixos.nix home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = @@ -368,6 +364,13 @@ }; packages.x86_64-linux = { + proxmox-lxc = nixos-generators.nixosGenerate { + inherit system; + modules = [ + ./profiles/server1/TEMPLATE/nixos.nix + ]; + format = "proxmox-lxc"; + }; }; }; } diff --git a/index.html b/index.html index f08a3af..6571e4b 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -261,7 +261,7 @@

Table of Contents

  • 3.3.6. Linking dotfiles
  • 3.3.7. Sourcing environment variables
  • 3.3.8. Programs
    • -
  • 3.3.9. nix-index
    • +
  • 3.3.9. nix-index
  • 3.3.10. password-store
  • 3.3.11. direnv
  • 3.3.12. eza
    • @@ -329,41 +329,42 @@

    Table of Contents

    @@ -388,7 +389,7 @@

    Table of Contents

    -This file has 41233 words spanning 10941 lines and was last revised on 2024-07-19 14:29:02 +0200. +This file has 41226 words spanning 10979 lines and was last revised on 2024-07-20 00:04:46 +0200.

    @@ -438,7 +439,7 @@

    1

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 14:29:02 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-20 00:04:46 +0200)

    @@ -564,7 +565,7 @@

    2 }; monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; }; name = "FiraCode Nerd Font Mono"; }; @@ -575,8 +576,6 @@

    2 }; }; - - @@ -594,22 +593,23 @@

    2 
    -programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                  "mpris"
-                                                  "custom/left-arrow-light"
-                                                  "network"
-                                                  "custom/left-arrow-dark"
-                                                  "pulseaudio"
-                                                  "custom/left-arrow-light"
-                                                  "custom/pseudobat"
-                                                  "battery"
-                                                  "custom/left-arrow-dark"
-                                                  "group/hardware"
-                                                  "custom/left-arrow-light"
-                                                  "clock#2"
-                                                  "custom/left-arrow-dark"
-                                                  "clock#1"
-                                                 ];
+programs.waybar.settings.mainBar.modules-right = [
+  "custom/outer-left-arrow-dark"
+  "mpris"
+  "custom/left-arrow-light"
+  "network"
+  "custom/left-arrow-dark"
+  "pulseaudio"
+  "custom/left-arrow-light"
+  "custom/pseudobat"
+  "battery"
+  "custom/left-arrow-dark"
+  "group/hardware"
+  "custom/left-arrow-light"
+  "clock#2"
+  "custom/left-arrow-dark"
+  "clock#1"
+];
    @@ -628,26 +628,27 @@

    2 
    -programs.waybar.settings.mainBar."custom/pseudobat"= {
-  format= "";
-  on-click-right= "wlogout -p layer-shell";
+programs.waybar.settings.mainBar."custom/pseudobat" = {
+  format = "";
+  on-click-right = "wlogout -p layer-shell";
 };
-programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                  "mpris"
-                                                  "custom/left-arrow-light"
-                                                  "network"
-                                                  "custom/left-arrow-dark"
-                                                  "pulseaudio"
-                                                  "custom/left-arrow-light"
-                                                  "custom/pseudobat"
-                                                  "battery"
-                                                  "custom/left-arrow-dark"
-                                                  "group/hardware"
-                                                  "custom/left-arrow-light"
-                                                  "clock#2"
-                                                  "custom/left-arrow-dark"
-                                                  "clock#1"
-                                                 ];
+programs.waybar.settings.mainBar.modules-right = [
+  "custom/outer-left-arrow-dark"
+  "mpris"
+  "custom/left-arrow-light"
+  "network"
+  "custom/left-arrow-dark"
+  "pulseaudio"
+  "custom/left-arrow-light"
+  "custom/pseudobat"
+  "battery"
+  "custom/left-arrow-dark"
+  "group/hardware"
+  "custom/left-arrow-light"
+  "clock#2"
+  "custom/left-arrow-dark"
+  "clock#1"
+];
    @@ -678,12 +679,12 @@

    2 
    -{ command = "nextcloud --background";}
-{ command = "discord --start-minimized";}
-{ command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-{ command = "ANKI_WAYLAND=1 anki";}
-{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-{ command = "nm-applet";}
+{ command = "nextcloud --background"; }
+{ command = "discord --start-minimized"; }
+{ command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+{ command = "ANKI_WAYLAND=1 anki"; }
+{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+{ command = "nm-applet"; }
    @@ -714,10 +715,10 @@

    2 defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; +}; @@ -778,7 +779,7 @@

    2 }; }; -nix.settings.experimental-features = ["nix-command" "flakes"]; +nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -831,7 +832,7 @@

    2 }; }; -nix.settings.experimental-features = ["nix-command" "flakes"]; +nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -899,6 +900,7 @@

    2 lanzaboote, nixos-hardware, nix-alien, +nixos-generators, nswitch-rcm-nix, nix-index-database, @@ -911,7 +913,7 @@

    2

      -
    • nixkpkgs +
    • nixpkgs This is the base repository that I am following for all packages. I follow the unstable branch.
    • home-manager This handles user-level configuration and mostly provides dotfiles that are generated and symlinked to ~/.config/.
      • @@ -931,6 +933,8 @@

      2 Provides specific hardware setting for some hardware configurations. For example, this sets some better defaults for my Lenovo Thinkpad P14s Gen2.
    • nix-alien This is supposed to allow me to run unpatched libraries directly without a need for ELF patching or resorting to steam-run. However, I have not yet gotten this to work.
      • +
    • nixos-generators +Provides me with images that I can use to create LXCs on Proxmox.
    • nswitch-rcm-nix Allows auto injection of payloads upon connecting a Nintendo Switch.
    • nix-index-database @@ -985,11 +989,6 @@

      2 inputs.nixpkgs.follows = "nixpkgs"; }; -# patches for gaming on nix -nix-gaming = { - url = "github:fufexan/nix-gaming"; -}; - # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; @@ -1029,42 +1028,47 @@

      2 
       system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment
-pkgs = import nixpkgs { inherit system;
-                        overlays = [ emacs-overlay.overlay
-                                     nur.overlay
-                                     nixgl.overlay
-                                     (final: _prev: {
-                                       stable = import nixpkgs-stable {
-                                         inherit (final) system config;
-                                       };
-                                     })
-                                   ];
-                        config.allowUnfree = true;
-                      };
+pkgs = import nixpkgs {
+  inherit system;
+  overlays = [
+    emacs-overlay.overlay
+    nur.overlay
+    nixgl.overlay
+    (final: _prev: {
+      stable = import nixpkgs-stable {
+        inherit (final) system config;
+      };
+    })
+  ];
+  config.allowUnfree = true;
+};
 
 # NixOS modules that can only be used on NixOS systems
-nixModules = [ stylix.nixosModules.stylix
-               sops-nix.nixosModules.sops
-               nswitch-rcm-nix.nixosModules.nswitch-rcm
-               ./profiles/common/nixos.nix
-               # dynamic library loading
-               ({ self, system, ... }: {
-                 environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
-                   nix-alien
-                 ];
-                 # needed for `nix-alien-ld`
-                 programs.nix-ld.enable = true;
-                 })
-               ];
+nixModules = [
+  stylix.nixosModules.stylix
+  sops-nix.nixosModules.sops
+  nswitch-rcm-nix.nixosModules.nswitch-rcm
+  ./profiles/common/nixos.nix
+  # dynamic library loading
+  ({ self, system, ... }: {
+    environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
+      nix-alien
+    ];
+    # needed for `nix-alien-ld`
+    programs.nix-ld.enable = true;
+  })
+];
 
 # Home-Manager modules wanted on non-NixOS systems
-homeModules = [ stylix.homeManagerModules.stylix
-              ];
+homeModules = [
+  stylix.homeManagerModules.stylix
+];
 # Home-Manager modules wanted on both NixOS and non-NixOS systems
-mixedModules = [ sops-nix.homeManagerModules.sops
-                 nix-index-database.hmModules.nix-index
-                 ./profiles/common/home.nix
-               ];
+mixedModules = [
+  sops-nix.homeManagerModules.sops
+  nix-index-database.hmModules.nix-index
+  ./profiles/common/home.nix
+];
      @@ -1080,9 +1084,9 @@

      2 
       onett = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
-    ./profiles/onett/nixos.nix
+    ./profles/onett/nixos.nix
     home-manager.nixosModules.home-manager
     {
       home-manager.users.swarsel.imports = mixedModules ++ [
@@ -1093,7 +1097,7 @@ 
      2
 };
 
 sandbox = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/sandbox/nixos.nix
@@ -1101,7 +1105,7 @@ 
      2
 };
 
 twoson = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
     ./profiles/twoson/nixos.nix
     home-manager.nixosModules.home-manager
@@ -1114,7 +1118,7 @@ 
      2
 };
 
 threed = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
     lanzaboote.nixosModules.lanzaboote
     ./profiles/threed/nixos.nix
@@ -1128,7 +1132,7 @@ 
      2
 };
 
 fourside = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
     nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
     ./profiles/fourside/nixos.nix
@@ -1142,7 +1146,7 @@ 
      2
 };
 
 winters = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
     nixos-hardware.nixosModules.framework-16-inch-7040-amd
     ./profiles/winters/nixos.nix
@@ -1156,7 +1160,7 @@ 
      2
 };
 
 stand = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = nixModules ++ [
     ./profiles/stand/nixos.nix
     home-manager.nixosModules.home-manager
@@ -1169,7 +1173,7 @@ 
      2
 };
 
 nginx = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/nginx/nixos.nix
@@ -1177,7 +1181,7 @@ 
      2
 };
 
 calibre = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/calibre/nixos.nix
@@ -1185,7 +1189,7 @@ 
      2
 };
 
 jellyfin = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     # sops-nix.nixosModules.sops
     ./profiles/server1/jellyfin/nixos.nix
@@ -1193,7 +1197,7 @@ 
      2
 };
 
 transmission = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/transmission/nixos.nix
@@ -1201,7 +1205,7 @@ 
      2
 };
 
 matrix = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   # this is to import a service module that is not on nixpkgs
   # this way avoids infinite recursion errors
   modules = [
@@ -1211,7 +1215,7 @@ 
      2
 };
 
 sound = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/sound/nixos.nix
@@ -1219,7 +1223,7 @@ 
      2
 };
 
 spotifyd = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/spotifyd/nixos.nix
@@ -1227,7 +1231,7 @@ 
      2
 };
 
 paperless = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/server1/paperless/nixos.nix
@@ -1236,7 +1240,7 @@ 
      2
 
 #ovm swarsel
 sync = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/remote/oracle/sync/nixos.nix
@@ -1245,7 +1249,7 @@ 
      2
 
 #ovm swarsel
 swatrix = nixpkgs.lib.nixosSystem {
-  specialArgs = {inherit inputs pkgs; };
+  specialArgs = { inherit inputs pkgs; };
   modules = [
     sops-nix.nixosModules.sops
     ./profiles/remote/oracle/matrix/nixos.nix
@@ -1366,8 +1370,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ pkgs, ... }:
+
      { pkgs, ... }:
 
 {
 
@@ -1380,7 +1383,7 @@ 
      3
 
   services = {
     getty.autologinUser = "TEMPLATE";
-    greetd.settings.initial_session.user="TEMPLATE";
+    greetd.settings.initial_session.user = "TEMPLATE";
   };
 
   # Bootloader
@@ -1442,7 +1445,7 @@ 
      3
       };
 
       monospace = {
-        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
         name = "FiraCode Nerd Font Mono";
       };
 
@@ -1454,8 +1457,6 @@ 
      3
   };
 
 
-
-
   # Configure keymap in X11 (only used for login)
   services.xserver = {
     layout = "us";
@@ -1466,7 +1467,7 @@ 
      3
     isNormalUser = true;
     description = "TEMPLATE";
     extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
-    packages = with pkgs; [];
+    packages = with pkgs; [ ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -1483,8 +1484,7 @@ 
      3
 
    • Home Manager
      
 
      
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
 
@@ -1497,10 +1497,10 @@ 
      3
     defaultCacheTtl = 600;
     maxCacheTtl = 7200;
     extraConfig = ''
-    allow-loopback-pinentry
-    allow-emacs-pinentry
+      allow-loopback-pinentry
+      allow-emacs-pinentry
     '';
-    };
+  };
 
   home = {
     username = "TEMPLATE";
@@ -1527,52 +1527,54 @@ 
      3
   # -----------------------------------------------------------------
   # is this machine always connected to power? If yes, use this block:
   # 
-  # programs.waybar.settings.mainBar."custom/pseudobat"= {
-  #   format= "";
-  #   on-click-right= "wlogout -p layer-shell";
+  # programs.waybar.settings.mainBar."custom/pseudobat" = {
+  #   format = "";
+  #   on-click-right = "wlogout -p layer-shell";
   # };
-  # programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-  #                                                   "mpris"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "network"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "pulseaudio"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "custom/pseudobat"
-  #                                                   "battery"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "group/hardware"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "clock#2"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "clock#1"
-  #                                                  ];
+  # programs.waybar.settings.mainBar.modules-right = [
+  #   "custom/outer-left-arrow-dark"
+  #   "mpris"
+  #   "custom/left-arrow-light"
+  #   "network"
+  #   "custom/left-arrow-dark"
+  #   "pulseaudio"
+  #   "custom/left-arrow-light"
+  #   "custom/pseudobat"
+  #   "battery"
+  #   "custom/left-arrow-dark"
+  #   "group/hardware"
+  #   "custom/left-arrow-light"
+  #   "clock#2"
+  #   "custom/left-arrow-dark"
+  #   "clock#1"
+  # ];
   # 
   # -----------------------------------------------------------------
 
   # -----------------------------------------------------------------
   # if not always connected to power (laptop), use this (default):
 
-  programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                    "mpris"
-                                                    "custom/left-arrow-light"
-                                                    "network"
-                                                    "custom/left-arrow-dark"
-                                                    "pulseaudio"
-                                                    "custom/left-arrow-light"
-                                                    "custom/pseudobat"
-                                                    "battery"
-                                                    "custom/left-arrow-dark"
-                                                    "group/hardware"
-                                                    "custom/left-arrow-light"
-                                                    "clock#2"
-                                                    "custom/left-arrow-dark"
-                                                    "clock#1"
-                                                   ];
+  programs.waybar.settings.mainBar.modules-right = [
+    "custom/outer-left-arrow-dark"
+    "mpris"
+    "custom/left-arrow-light"
+    "network"
+    "custom/left-arrow-dark"
+    "pulseaudio"
+    "custom/left-arrow-light"
+    "custom/pseudobat"
+    "battery"
+    "custom/left-arrow-dark"
+    "group/hardware"
+    "custom/left-arrow-light"
+    "clock#2"
+    "custom/left-arrow-dark"
+    "clock#1"
+  ];
 
   # -----------------------------------------------------------------
 
-  wayland.windowManager.sway= {
+  wayland.windowManager.sway = {
     config = rec {
       # update for actual inputs here,
       input = {
@@ -1580,7 +1582,8 @@ 
      3
           xkb_layout = "us";
           xkb_variant = "altgr-intl";
         };
-        "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
+        "1:1:AT_Translated_Set_2_keyboard" = {
+          # TEMPLATE
           xkb_layout = "us";
           xkb_options = "grp:win_space_toggle";
           # xkb_options = "ctrl:nocaps,grp:win_space_toggle";
@@ -1603,22 +1606,24 @@ 
      3
         };
       };
 
-      keybindings = let
-        inherit (config.wayland.windowManager.sway.config) modifier;
-      in {
-        # TEMPLATE
-        "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
-        # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
-      };
+      keybindings =
+        let
+          inherit (config.wayland.windowManager.sway.config) modifier;
+        in
+        {
+          # TEMPLATE
+          "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
+          # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
+        };
 
       startup = [
 
-        { command = "nextcloud --background";}
-        { command = "discord --start-minimized";}
-        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-        { command = "ANKI_WAYLAND=1 anki";}
-        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-        { command = "nm-applet";}
+        { command = "nextcloud --background"; }
+        { command = "discord --start-minimized"; }
+        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+        { command = "ANKI_WAYLAND=1 anki"; }
+        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+        { command = "nm-applet"; }
 
       ];
     };
@@ -1646,10 +1651,11 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, sops, ... }: let
+
      { config, pkgs, sops, ... }:
+let
   matrixDomain = "swatrix.swarsel.win";
-in {
+in
+{
 
   imports = [
     ./hardware-configuration.nix
@@ -1675,13 +1681,13 @@ 
      3
     enableIPv6 = true;
     firewall.enable = false;
     firewall.extraCommands = ''
-                          sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
-                          '';
+      sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
+    '';
     iproute2 = {
       enable = true;
       rttablesExtraConfig = ''
-                            200     vpn
-                            '';
+        200     vpn
+      '';
     };
   };
 
@@ -1690,7 +1696,7 @@ 
      3
     hardware.enableAllFirmware = true;
     extraPackages = with pkgs; [
       intel-media-driver # LIBVA_DRIVER_NAME=iHD
-      vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
       vaapiVdpau
       libvdpau-va-gl
     ];
@@ -1702,8 +1708,8 @@ 
      3
 
   users = {
     groups = {
-      vpn = {};
-      mpd = {};
+      vpn = { };
+      mpd = { };
       navidrome = {
         gid = 61593;
       };
@@ -1713,7 +1719,7 @@ 
      3
     };
     users = {
       jellyfin = {
-        extraGroups  = [ "video" "render" ];
+        extraGroups = [ "video" "render" ];
       };
       vpn = {
         isNormalUser = true;
@@ -1724,24 +1730,24 @@ 
      3
         isSystemUser = true;
         uid = 61593;
         group = "navidrome";
-        extraGroups  = [ "audio" "utmp" ];
+        extraGroups = [ "audio" "utmp" ];
       };
       spotifyd = {
         isSystemUser = true;
         uid = 65136;
         group = "spotifyd";
-        extraGroups  = [ "audio" "utmp" ];
+        extraGroups = [ "audio" "utmp" ];
       };
       mpd = {
         isSystemUser = true;
         group = "mpd";
-        extraGroups  = [ "audio" "utmp" ];
+        extraGroups = [ "audio" "utmp" ];
       };
       swarsel = {
         isNormalUser = true;
         description = "Leon S";
-        extraGroups = [ "networkmanager" "wheel" "lp"];
-        packages = with pkgs; [];
+        extraGroups = [ "networkmanager" "wheel" "lp" ];
+        packages = with pkgs; [ ];
       };
       root = {
         openssh.authorizedKeys.keyFiles = [
@@ -1754,10 +1760,12 @@ 
      3
   fileSystems."/mnt/Eternor" = {
     device = "//192.168.1.3/Eternor";
     fsType = "cifs";
-    options = let
-      # this line prevents hanging on network split
-      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
+    options =
+      let
+        # this line prevents hanging on network split
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+      in
+      [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ];
   };
 
   environment = {
@@ -1783,23 +1791,28 @@ 
      3
     ];
     etc = {
       "openvpn/iptables.sh" =
-        { source = ../../scripts/server1/iptables.sh;
+        {
+          source = ../../scripts/server1/iptables.sh;
           mode = "0755";
         };
       "openvpn/update-resolv-conf" =
-        { source = ../../scripts/server1/update-resolv-conf;
+        {
+          source = ../../scripts/server1/update-resolv-conf;
           mode = "0755";
         };
       "openvpn/routing.sh" =
-        { source = ../../scripts/server1/routing.sh;
+        {
+          source = ../../scripts/server1/routing.sh;
           mode = "0755";
         };
       "openvpn/ca.rsa.2048.crt" =
-        { source = ../../secrets/certs/ca.rsa.2048.crt;
+        {
+          source = ../../secrets/certs/ca.rsa.2048.crt;
           mode = "0644";
         };
       "openvpn/crl.rsa.2048.pem" =
-        { source = ../../secrets/certs/crl.rsa.2048.pem;
+        {
+          source = ../../secrets/certs/crl.rsa.2048.pem;
           mode = "0644";
         };
     };
@@ -1820,17 +1833,17 @@ 
      3
 
     services."restart-bridges" = {
       script = ''
-                systemctl restart mautrix-whatsapp.service
-                systemctl restart mautrix-signal.service
-                systemctl restart mautrix-telegram.service
-                '';
+        systemctl restart mautrix-whatsapp.service
+        systemctl restart mautrix-signal.service
+        systemctl restart mautrix-telegram.service
+      '';
       serviceConfig = {
         Type = "oneshot";
         User = "root";
       };
     };
   };
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
 
@@ -1843,15 +1856,15 @@ 
      3
     defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
     validateSopsFiles = false;
     secrets = {
-      dnstokenfull = {owner="acme";};
-      kavita = { owner = "kavita";};
-      vpnuser = {};
-      rpcuser = {owner="vpn";};
-      vpnpass = {};
-      rpcpass = {owner="vpn";};
-      vpnprot = {};
-      vpnloc = {};
-      mpdpass = { owner = "mpd";};
+      dnstokenfull = { owner = "acme"; };
+      kavita = { owner = "kavita"; };
+      vpnuser = { };
+      rpcuser = { owner = "vpn"; };
+      vpnpass = { };
+      rpcpass = { owner = "vpn"; };
+      vpnprot = { };
+      vpnloc = { };
+      mpdpass = { owner = "mpd"; };
     };
     templates = {
       "transmission-rpc" = {
@@ -1863,37 +1876,37 @@ 
      3
       };
 
       pia.content = ''
-                          ${config.sops.placeholder.vpnuser}
-                          ${config.sops.placeholder.vpnpass}
-                          '';
+        ${config.sops.placeholder.vpnuser}
+        ${config.sops.placeholder.vpnpass}
+      '';
 
       vpn.content = ''
-                            client
-                            dev tun
-                            proto ${config.sops.placeholder.vpnprot}
-                            remote ${config.sops.placeholder.vpnloc}
-                            resolv-retry infinite
-                            nobind
-                            persist-key
-                            persist-tun
-                            cipher aes-128-cbc
-                            auth sha1
-                            tls-client
-                            remote-cert-tls server
-
-                            auth-user-pass ${config.sops.templates.pia.path}
-                            compress
-                            verb 1
-                            reneg-sec 0
-
-                            crl-verify /etc/openvpn/crl.rsa.2048.pem
-                            ca /etc/openvpn/ca.rsa.2048.crt
-
-                            disable-occ
-                          '';
+        client
+        dev tun
+        proto ${config.sops.placeholder.vpnprot}
+        remote ${config.sops.placeholder.vpnloc}
+        resolv-retry infinite
+        nobind
+        persist-key
+        persist-tun
+        cipher aes-128-cbc
+        auth sha1
+        tls-client
+        remote-cert-tls server
+
+        auth-user-pass ${config.sops.templates.pia.path}
+        compress
+        verb 1
+        reneg-sec 0
+
+        crl-verify /etc/openvpn/crl.rsa.2048.pem
+        ca /etc/openvpn/ca.rsa.2048.crt
+
+        disable-occ
+      '';
       "certs.secret".content = ''
-              CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
-              '';
+        CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
+      '';
     };
   };
 
@@ -1936,8 +1949,8 @@ 
      3
             "/" = {
               proxyPass = "https://192.168.1.5";
               extraConfig = ''
-                        client_max_body_size 0;
-                        '';
+                client_max_body_size 0;
+              '';
             };
             "/.well-known/carddav" = {
               return = "301 $scheme://$host/remote.php/dav";
@@ -1956,8 +1969,8 @@ 
      3
             "~ ^(/_matrix|/_synapse/client)" = {
               proxyPass = "http://127.0.0.1:8008";
               extraConfig = ''
-                            client_max_body_size 0;
-                          '';
+                client_max_body_size 0;
+              '';
             };
           };
         };
@@ -1972,13 +1985,13 @@ 
      3
               proxyPass = "http://127.0.0.1:4040";
               proxyWebsockets = true;
               extraConfig = ''
-                            proxy_redirect          http:// https://;
-                            proxy_read_timeout      600s;
-                            proxy_send_timeout      600s;
-                            proxy_buffering         off;
-                            proxy_request_buffering off;
-                            client_max_body_size    0;
-                          '';
+                proxy_redirect          http:// https://;
+                proxy_read_timeout      600s;
+                proxy_send_timeout      600s;
+                proxy_buffering         off;
+                proxy_request_buffering off;
+                client_max_body_size    0;
+              '';
             };
           };
         };
@@ -1991,8 +2004,8 @@ 
      3
             "/" = {
               proxyPass = "http://127.0.0.1:28981";
               extraConfig = ''
-                            client_max_body_size 0;
-                          '';
+                client_max_body_size 0;
+              '';
             };
           };
         };
@@ -2005,8 +2018,8 @@ 
      3
             "/" = {
               proxyPass = "http://127.0.0.1:8096";
               extraConfig = ''
-                            client_max_body_size 0;
-                          '';
+                client_max_body_size 0;
+              '';
             };
           };
         };
@@ -2019,8 +2032,8 @@ 
      3
             "/" = {
               proxyPass = "http://127.0.0.1:8080";
               extraConfig = ''
-                            client_max_body_size 0;
-                          '';
+                client_max_body_size 0;
+              '';
             };
           };
         };
@@ -2066,74 +2079,74 @@ 
      3
       credentialsFile = config.sops.templates."transmission-rpc".path;
       user = "vpn";
       settings = {
-        alt-speed-down= 8000;
-        alt-speed-enabled= false;
-        alt-speed-time-begin= 0;
-        alt-speed-time-day= 127;
-        alt-speed-time-enabled= true;
-        alt-speed-time-end= 360;
-        alt-speed-up= 2000;
-        bind-address-ipv4= "0.0.0.0";
-        bind-address-ipv6= "::";
-        blocklist-enabled= false;
-        blocklist-url= "http://www.example.com/blocklist";
-        cache-size-mb= 256;
-        dht-enabled= false;
-        download-dir= "/test";
-        download-limit= 100;
-        download-limit-enabled= 0;
-        download-queue-enabled= true;
-        download-queue-size= 5;
-        encryption= 2;
-        idle-seeding-limit= 30;
-        idle-seeding-limit-enabled= false;
-        incomplete-dir= "/var/lib/transmission-daemon/Downloads";
-        incomplete-dir-enabled= false;
-        lpd-enabled= false;
-        max-peers-global= 200;
-        message-level= 1;
-        peer-congestion-algorithm= "";
-        peer-id-ttl-hours= 6;
-        peer-limit-global= 100;
-        peer-limit-per-torrent= 40;
-        peer-port= 22371;
-        peer-port-random-high= 65535;
-        peer-port-random-low= 49152;
-        peer-port-random-on-start= false;
-        peer-socket-tos= "default";
-        pex-enabled= false;
-        port-forwarding-enabled= false;
-        preallocation= 1;
-        prefetch-enabled= true;
-        queue-stalled-enabled= true;
-        queue-stalled-minutes= 30;
-        ratio-limit= 2;
-        ratio-limit-enabled= false;
-        rename-partial-files= true;
-        rpc-authentication-required= true;
-        rpc-bind-address= "0.0.0.0";
-        rpc-enabled= true;
-        rpc-host-whitelist= "";
-        rpc-host-whitelist-enabled= true;
-        rpc-port= 9091;
-        rpc-url= "/transmission/";
-        rpc-whitelist= "127.0.0.1,192.168.3.2";
-        rpc-whitelist-enabled= true;
-        scrape-paused-torrents-enabled= true;
-        script-torrent-done-enabled= false;
-        seed-queue-enabled= false;
-        seed-queue-size= 10;
-        speed-limit-down= 6000;
-        speed-limit-down-enabled= true;
-        speed-limit-up= 500;
-        speed-limit-up-enabled= true;
-        start-added-torrents= true;
-        trash-original-torrent-files= false;
-        umask= 2;
-        upload-limit= 100;
-        upload-limit-enabled= 0;
-        upload-slots-per-torrent= 14;
-        utp-enabled= false;
+        alt-speed-down = 8000;
+        alt-speed-enabled = false;
+        alt-speed-time-begin = 0;
+        alt-speed-time-day = 127;
+        alt-speed-time-enabled = true;
+        alt-speed-time-end = 360;
+        alt-speed-up = 2000;
+        bind-address-ipv4 = "0.0.0.0";
+        bind-address-ipv6 = "::";
+        blocklist-enabled = false;
+        blocklist-url = "http://www.example.com/blocklist";
+        cache-size-mb = 256;
+        dht-enabled = false;
+        download-dir = "/test";
+        download-limit = 100;
+        download-limit-enabled = 0;
+        download-queue-enabled = true;
+        download-queue-size = 5;
+        encryption = 2;
+        idle-seeding-limit = 30;
+        idle-seeding-limit-enabled = false;
+        incomplete-dir = "/var/lib/transmission-daemon/Downloads";
+        incomplete-dir-enabled = false;
+        lpd-enabled = false;
+        max-peers-global = 200;
+        message-level = 1;
+        peer-congestion-algorithm = "";
+        peer-id-ttl-hours = 6;
+        peer-limit-global = 100;
+        peer-limit-per-torrent = 40;
+        peer-port = 22371;
+        peer-port-random-high = 65535;
+        peer-port-random-low = 49152;
+        peer-port-random-on-start = false;
+        peer-socket-tos = "default";
+        pex-enabled = false;
+        port-forwarding-enabled = false;
+        preallocation = 1;
+        prefetch-enabled = true;
+        queue-stalled-enabled = true;
+        queue-stalled-minutes = 30;
+        ratio-limit = 2;
+        ratio-limit-enabled = false;
+        rename-partial-files = true;
+        rpc-authentication-required = true;
+        rpc-bind-address = "0.0.0.0";
+        rpc-enabled = true;
+        rpc-host-whitelist = "";
+        rpc-host-whitelist-enabled = true;
+        rpc-port = 9091;
+        rpc-url = "/transmission/";
+        rpc-whitelist = "127.0.0.1,192.168.3.2";
+        rpc-whitelist-enabled = true;
+        scrape-paused-torrents-enabled = true;
+        script-torrent-done-enabled = false;
+        seed-queue-enabled = false;
+        seed-queue-size = 10;
+        speed-limit-down = 6000;
+        speed-limit-down-enabled = true;
+        speed-limit-up = 500;
+        speed-limit-up-enabled = true;
+        start-added-torrents = true;
+        trash-original-torrent-files = false;
+        umask = 2;
+        upload-limit = 100;
+        upload-limit-enabled = 0;
+        upload-slots-per-torrent = 14;
+        utp-enabled = false;
       };
     };
 
@@ -2170,27 +2183,27 @@ 
      3
     postgresql = {
       enable = true;
       initialScript = pkgs.writeText "synapse-init.sql" ''
-                CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-                CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-                  TEMPLATE template0
-                  LC_COLLATE = "C"
-                  LC_CTYPE = "C";
-                CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
-                CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
-                  TEMPLATE template0
-                  LC_COLLATE = "C"
-                  LC_CTYPE = "C";
-                CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
-                CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
-                  TEMPLATE template0
-                  LC_COLLATE = "C"
-                  LC_CTYPE = "C";
-                CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
-                CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
-                  TEMPLATE template0
-                  LC_COLLATE = "C"
-                  LC_CTYPE = "C";
-              '';
+        CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+          TEMPLATE template0
+          LC_COLLATE = "C"
+          LC_CTYPE = "C";
+        CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
+        CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
+          TEMPLATE template0
+          LC_COLLATE = "C"
+          LC_CTYPE = "C";
+        CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
+        CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
+          TEMPLATE template0
+          LC_COLLATE = "C"
+          LC_CTYPE = "C";
+        CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
+        CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
+          TEMPLATE template0
+          LC_COLLATE = "C"
+          LC_CTYPE = "C";
+      '';
     };
     matrix-synapse = {
       settings.app_service_config_files = [
@@ -2206,7 +2219,8 @@ 
      3
         config.sops.templates.matrixshared.path
       ];
       settings.listeners = [
-        { port = 8008;
+        {
+          port = 8008;
           bind_addresses = [ "0.0.0.0" ];
           type = "http";
           tls = false;
@@ -2230,7 +2244,7 @@ 
      3
           domain = matrixDomain;
         };
         appservice = {
-          address= "http://localhost:29317";
+          address = "http://localhost:29317";
           hostname = "0.0.0.0";
           port = "29317";
           provisioning.enabled = true;
@@ -2262,8 +2276,8 @@ 
      3
             args = {
               width = 256;
               height = 256;
-              fps = 30;               # only for webm
-              background = "020202";  # only for gif, transparency not supported
+              fps = 30; # only for webm
+              background = "020202"; # only for gif, transparency not supported
             };
           };
         };
@@ -2279,7 +2293,7 @@ 
      3
           domain = matrixDomain;
         };
         appservice = {
-          address= "http://localhost:29318";
+          address = "http://localhost:29318";
           hostname = "0.0.0.0";
           port = 29318;
           database = {
@@ -2326,7 +2340,7 @@ 
      3
         };
         appservice = {
 
-          address= "http://localhost:29328";
+          address = "http://localhost:29328";
           hostname = "0.0.0.0";
           port = 29328;
           database = {
@@ -2409,18 +2423,18 @@ 
      3
     samba = {
       package = pkgs.samba4Full;
       extraConfig = ''
-                  workgroup = WORKGROUP
-                  server role = standalone server
-                  dns proxy = no
-
-                  pam password change = yes
-                  map to guest = bad user
-                  create mask = 0664
-                  force create mode = 0664
-                  directory mask = 0775
-                  force directory mode = 0775
-                  follow symlinks = yes
-                  '';
+        workgroup = WORKGROUP
+        server role = standalone server
+        dns proxy = no
+
+        pam password change = yes
+        map to guest = bad user
+        create mask = 0664
+        force create mode = 0664
+        directory mask = 0775
+        force directory mode = 0775
+        follow symlinks = yes
+      '';
 
       # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba`
       # Required for samba to register mDNS records for auto discovery
@@ -2471,8 +2485,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ lib, pkgs, ... }:
+
      { lib, pkgs, ... }:
 
 {
 
@@ -2484,7 +2497,7 @@ 
      3
 
   services = {
     getty.autologinUser = "swarsel";
-    greetd.settings.initial_session.user="swarsel";
+    greetd.settings.initial_session.user = "swarsel";
   };
 
   hardware.bluetooth.enable = true;
@@ -2545,7 +2558,7 @@ 
      3
       };
 
       monospace = {
-        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
         name = "FiraCode Nerd Font Mono";
       };
 
@@ -2557,13 +2570,11 @@ 
      3
   };
 
 
-
-
   users.users.swarsel = {
     isNormalUser = true;
     description = "Leon S";
     extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
-    packages = with pkgs; [];
+    packages = with pkgs; [ ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -2580,8 +2591,7 @@ 
      3
 
    • Home Manager
      
 
      
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
 
@@ -2594,10 +2604,10 @@ 
      3
     defaultCacheTtl = 600;
     maxCacheTtl = 7200;
     extraConfig = ''
-    allow-loopback-pinentry
-    allow-emacs-pinentry
+      allow-loopback-pinentry
+      allow-emacs-pinentry
     '';
-    };
+  };
 
 
   home = {
@@ -2616,25 +2626,26 @@ 
      3
     temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
   };
 
-  programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                    "mpris"
-                                                    "custom/left-arrow-light"
-                                                    "network"
-                                                    "custom/left-arrow-dark"
-                                                    "pulseaudio"
-                                                    "custom/left-arrow-light"
-                                                    "custom/pseudobat"
-                                                    "battery"
-                                                    "custom/left-arrow-dark"
-                                                    "group/hardware"
-                                                    "custom/left-arrow-light"
-                                                    "clock#2"
-                                                    "custom/left-arrow-dark"
-                                                    "clock#1"
-                                                   ];
+  programs.waybar.settings.mainBar.modules-right = [
+    "custom/outer-left-arrow-dark"
+    "mpris"
+    "custom/left-arrow-light"
+    "network"
+    "custom/left-arrow-dark"
+    "pulseaudio"
+    "custom/left-arrow-light"
+    "custom/pseudobat"
+    "battery"
+    "custom/left-arrow-dark"
+    "group/hardware"
+    "custom/left-arrow-light"
+    "clock#2"
+    "custom/left-arrow-dark"
+    "clock#1"
+  ];
 
 
-  wayland.windowManager.sway= {
+  wayland.windowManager.sway = {
     config = rec {
       input = {
         "*" = {
@@ -2658,27 +2669,29 @@ 
      3
         };
       };
 
-      keybindings = let
-        inherit (config.wayland.windowManager.sway.config) modifier;
-      in {
-        "${modifier}+F2"  = "exec brightnessctl set +5%";
-        "${modifier}+F1"= "exec brightnessctl set 5%-";
-        "${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
-        "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
-        "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
-        "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
-        "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
-        "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
-      };
+      keybindings =
+        let
+          inherit (config.wayland.windowManager.sway.config) modifier;
+        in
+        {
+          "${modifier}+F2" = "exec brightnessctl set +5%";
+          "${modifier}+F1" = "exec brightnessctl set 5%-";
+          "${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
+          "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
+          "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
+          "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
+          "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
+          "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
+        };
 
       startup = [
 
-        { command = "nextcloud --background";}
-        { command = "discord --start-minimized";}
-        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-        { command = "ANKI_WAYLAND=1 anki";}
-        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-        { command = "nm-applet";}
+        { command = "nextcloud --background"; }
+        { command = "discord --start-minimized"; }
+        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+        { command = "ANKI_WAYLAND=1 anki"; }
+        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+        { command = "nm-applet"; }
 
       ];
 
@@ -2688,9 +2701,9 @@ 
      3
     };
 
     extraConfig = "
-    exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
-    exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
-    ";
+      exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
+      exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
+      ";
   };
 }
 
      
@@ -2713,8 +2726,7 @@ 
      3
 
      
 
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
 
@@ -2731,7 +2743,7 @@ 
      3
 
   services = {
     getty.autologinUser = "swarsel";
-    greetd.settings.initial_session.user="swarsel";
+    greetd.settings.initial_session.user = "swarsel";
   };
 
   boot = {
@@ -2752,26 +2764,26 @@ 
      3
       allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
       allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
       allowedTCPPortRanges = [
-        {from = 27015; to = 27030;} # barotrauma
-        {from = 27036; to = 27037;} # barotrauma
+        { from = 27015; to = 27030; } # barotrauma
+        { from = 27036; to = 27037; } # barotrauma
       ];
       allowedUDPPortRanges = [
-        {from = 27000; to = 27031;} # barotrauma
-        {from = 58962; to = 58964;} # barotrauma
+        { from = 27000; to = 27031; } # barotrauma
+        { from = 58962; to = 58964; } # barotrauma
       ];
     };
   };
 
   virtualisation.virtualbox = {
     host = {
-    enable = true;
-    enableExtensionPack = true;
+      enable = true;
+      enableExtensionPack = true;
     };
     # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
     guest = {
       enable = false;
-      };
     };
+  };
 
   stylix.image = ../../wallpaper/lenovowp.png;
 
@@ -2810,7 +2822,7 @@ 
      3
       };
 
       monospace = {
-        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
         name = "FiraCode Nerd Font Mono";
       };
 
@@ -2822,24 +2834,22 @@ 
      3
   };
 
 
-
-
   hardware = {
-      graphics = {
-        enable = true;
-        enable32Bit = true;
-        extraPackages = with pkgs; [
-          vulkan-loader
-          vulkan-validation-layers
-          vulkan-extension-layer
-        ];
-      };
-      bluetooth.enable = true;
-      trackpoint = {
-        enable = true;
-        device = "TPPS/2 Elan TrackPoint";
-      };
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+        vulkan-loader
+        vulkan-validation-layers
+        vulkan-extension-layer
+      ];
+    };
+    bluetooth.enable = true;
+    trackpoint = {
+      enable = true;
+      device = "TPPS/2 Elan TrackPoint";
     };
+  };
 
   programs.steam = {
     enable = true;
@@ -2848,7 +2858,7 @@ 
      3
     ];
   };
 
-    # Configure keymap in X11 (only used for login)
+  # Configure keymap in X11 (only used for login)
 
   services.thinkfan = {
     enable = false;
@@ -2859,7 +2869,7 @@ 
      3
 
   services.nswitch-rcm = {
     enable = true;
-    package =  pkgs.fetchurl {
+    package = pkgs.fetchurl {
       url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
       hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
     };
@@ -2870,17 +2880,17 @@ 
      3
     description = "Leon S";
     hashedPasswordFile = config.sops.secrets.swarseluser.path;
     extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
-    packages = with pkgs; [];
+    packages = with pkgs; [ ];
   };
 
   environment.systemPackages = with pkgs; [
-      # gog games installing
-      heroic
-      # minecraft
-      temurin-bin-17
-      (prismlauncher.override {
-        glfw = pkgs.glfw-wayland-minecraft;
-      })
+    # gog games installing
+    heroic
+    # minecraft
+    temurin-bin-17
+    (prismlauncher.override {
+      glfw = pkgs.glfw-wayland-minecraft;
+    })
   ];
 
   system.stateVersion = "23.05";
@@ -2899,8 +2909,7 @@ 
      3
 
      
 
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
 
@@ -2913,10 +2922,10 @@ 
      3
     defaultCacheTtl = 600;
     maxCacheTtl = 7200;
     extraConfig = ''
-    allow-loopback-pinentry
-    allow-emacs-pinentry
+      allow-loopback-pinentry
+      allow-emacs-pinentry
     '';
-    };
+  };
 
   home = {
     username = "swarsel";
@@ -2937,25 +2946,26 @@ 
      3
   };
 
 
-  programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                    "mpris"
-                                                    "custom/left-arrow-light"
-                                                    "network"
-                                                    "custom/left-arrow-dark"
-                                                    "pulseaudio"
-                                                    "custom/left-arrow-light"
-                                                    "custom/pseudobat"
-                                                    "battery"
-                                                    "custom/left-arrow-dark"
-                                                    "group/hardware"
-                                                    "custom/left-arrow-light"
-                                                    "clock#2"
-                                                    "custom/left-arrow-dark"
-                                                    "clock#1"
-                                                   ];
+  programs.waybar.settings.mainBar.modules-right = [
+    "custom/outer-left-arrow-dark"
+    "mpris"
+    "custom/left-arrow-light"
+    "network"
+    "custom/left-arrow-dark"
+    "pulseaudio"
+    "custom/left-arrow-light"
+    "custom/pseudobat"
+    "battery"
+    "custom/left-arrow-dark"
+    "group/hardware"
+    "custom/left-arrow-light"
+    "clock#2"
+    "custom/left-arrow-dark"
+    "clock#1"
+  ];
 
 
-  wayland.windowManager.sway= {
+  wayland.windowManager.sway = {
     config = rec {
       # update for actual inputs here,
       input = {
@@ -2963,7 +2973,8 @@ 
      3
           xkb_layout = "us";
           xkb_variant = "altgr-intl";
         };
-        "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
+        "1:1:AT_Translated_Set_2_keyboard" = {
+          # TEMPLATE
           xkb_layout = "us";
           xkb_options = "grp:win_space_toggle";
           xkb_variant = "altgr-intl";
@@ -2993,37 +3004,39 @@ 
      3
       };
 
       workspaceOutputAssign = [
-        { output = "eDP-1"; workspace = "1:一";}
-        { output = "DP-4"; workspace = "2:二";}
+        { output = "eDP-1"; workspace = "1:一"; }
+        { output = "DP-4"; workspace = "2:二"; }
       ];
 
 
-      keybindings = let
-        inherit (config.wayland.windowManager.sway.config) modifier;
-      in {
-        "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
-        "XF86MonBrightnessUp"  = "exec brightnessctl set +5%";
-        "XF86MonBrightnessDown"= "exec brightnessctl set 5%-";
-        "XF86Display" = "exec wl-mirror eDP-1";
-        # these are left open to use
-        # "XF86WLAN" = "exec wl-mirror eDP-1";
-        # "XF86Messenger" = "exec wl-mirror eDP-1";
-        # "XF86Go" = "exec wl-mirror eDP-1";
-        # "XF86Favorites" = "exec wl-mirror eDP-1";
-        # "XF86HomePage" = "exec wtype -P Escape -p Escape";
-        # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%";
-        # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5%  ";
-        "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle";
-      };
+      keybindings =
+        let
+          inherit (config.wayland.windowManager.sway.config) modifier;
+        in
+        {
+          "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
+          "XF86MonBrightnessUp" = "exec brightnessctl set +5%";
+          "XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
+          "XF86Display" = "exec wl-mirror eDP-1";
+          # these are left open to use
+          # "XF86WLAN" = "exec wl-mirror eDP-1";
+          # "XF86Messenger" = "exec wl-mirror eDP-1";
+          # "XF86Go" = "exec wl-mirror eDP-1";
+          # "XF86Favorites" = "exec wl-mirror eDP-1";
+          # "XF86HomePage" = "exec wtype -P Escape -p Escape";
+          # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%";
+          # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5%  ";
+          "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle";
+        };
 
       startup = [
 
-        { command = "nextcloud --background";}
-        { command = "discord --start-minimized";}
-        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-        { command = "ANKI_WAYLAND=1 anki";}
-        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-        { command = "nm-applet";}
+        { command = "nextcloud --background"; }
+        { command = "discord --start-minimized"; }
+        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+        { command = "ANKI_WAYLAND=1 anki"; }
+        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+        { command = "nm-applet"; }
 
       ];
     };
@@ -3050,8 +3063,7 @@ 
      3
 
      
 
 
      
-
      -{ pkgs, ... }:
+
      { pkgs, ... }:
 
 {
 
@@ -3068,7 +3080,7 @@ 
      3
 
   services = {
     getty.autologinUser = "swarsel";
-    greetd.settings.initial_session.user="swarsel";
+    greetd.settings.initial_session.user = "swarsel";
   };
 
   boot = {
@@ -3095,14 +3107,14 @@ 
      3
 
   virtualisation.virtualbox = {
     host = {
-    enable = true;
-    enableExtensionPack = true;
+      enable = true;
+      enableExtensionPack = true;
     };
     # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
     guest = {
       enable = false;
-      };
     };
+  };
 
   stylix.image = ../../wallpaper/lenovowp.png;
 
@@ -3141,7 +3153,7 @@ 
      3
       };
 
       monospace = {
-        package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
+        package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; };
         name = "FiraCode Nerd Font Mono";
       };
 
@@ -3153,17 +3165,15 @@ 
      3
   };
 
 
-
-
   hardware = {
-      graphics = {
-        enable = true;
-        enable32Bit = true;
-        extraPackages = with pkgs; [
-        ];
-      };
-      bluetooth.enable = true;
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+      ];
     };
+    bluetooth.enable = true;
+  };
 
   programs.steam = {
     enable = true;
@@ -3178,7 +3188,7 @@ 
      3
     isNormalUser = true;
     description = "Leon S";
     extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
-    packages = with pkgs; [];
+    packages = with pkgs; [ ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -3208,8 +3218,7 @@ 
      3
 
      
 
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
 
@@ -3222,10 +3231,10 @@ 
      3
     defaultCacheTtl = 600;
     maxCacheTtl = 7200;
     extraConfig = ''
-    allow-loopback-pinentry
-    allow-emacs-pinentry
+      allow-loopback-pinentry
+      allow-emacs-pinentry
     '';
-    };
+  };
 
   home = {
     username = "swarsel";
@@ -3246,25 +3255,26 @@ 
      3
   };
 
 
-  programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                    "mpris"
-                                                    "custom/left-arrow-light"
-                                                    "network"
-                                                    "custom/left-arrow-dark"
-                                                    "pulseaudio"
-                                                    "custom/left-arrow-light"
-                                                    "custom/pseudobat"
-                                                    "battery"
-                                                    "custom/left-arrow-dark"
-                                                    "group/hardware"
-                                                    "custom/left-arrow-light"
-                                                    "clock#2"
-                                                    "custom/left-arrow-dark"
-                                                    "clock#1"
-                                                   ];
+  programs.waybar.settings.mainBar.modules-right = [
+    "custom/outer-left-arrow-dark"
+    "mpris"
+    "custom/left-arrow-light"
+    "network"
+    "custom/left-arrow-dark"
+    "pulseaudio"
+    "custom/left-arrow-light"
+    "custom/pseudobat"
+    "battery"
+    "custom/left-arrow-dark"
+    "group/hardware"
+    "custom/left-arrow-light"
+    "clock#2"
+    "custom/left-arrow-dark"
+    "clock#1"
+  ];
 
 
-  wayland.windowManager.sway= {
+  wayland.windowManager.sway = {
     config = rec {
       # update for actual inputs here,
       input = {
@@ -3272,7 +3282,8 @@ 
      3
           xkb_layout = "us";
           xkb_variant = "altgr-intl";
         };
-        "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
+        "1:1:AT_Translated_Set_2_keyboard" = {
+          # TEMPLATE
           xkb_layout = "us";
           xkb_options = "grp:win_space_toggle";
           xkb_variant = "altgr-intl";
@@ -3303,8 +3314,8 @@ 
      3
       };
 
       workspaceOutputAssign = [
-        { output = "eDP-1"; workspace = "1:一";}
-        { output = "HDMI-A-1"; workspace = "2:二";}
+        { output = "eDP-1"; workspace = "1:一"; }
+        { output = "HDMI-A-1"; workspace = "2:二"; }
       ];
 
 
@@ -3316,12 +3327,12 @@ 
      3
 
       startup = [
 
-        { command = "nextcloud --background";}
-        { command = "discord --start-minimized";}
-        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-        { command = "ANKI_WAYLAND=1 anki";}
-        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-        { command = "nm-applet";}
+        { command = "nextcloud --background"; }
+        { command = "discord --start-minimized"; }
+        { command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+        { command = "ANKI_WAYLAND=1 anki"; }
+        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+        { command = "nm-applet"; }
 
       ];
     };
@@ -3355,48 +3366,47 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -  { pkgs, modulesPath, ... }:
+
      { pkgs, modulesPath, ... }:
 
-  {
-    imports = [
-      (modulesPath + "/virtualisation/proxmox-lxc.nix")
-    ];
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
 
-    environment.systemPackages = with pkgs; [
-      git
-      gnupg
-      ssh-to-age
-    ];
+  environment.systemPackages = with pkgs; [
+    git
+    gnupg
+    ssh-to-age
+  ];
 
-    services.xserver = {
-      layout = "us";
-      xkbVariant = "altgr-intl";
-    };
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "altgr-intl";
+  };
 
-    nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-    proxmoxLXC = {
-manageNetwork = true; # manage network myself
-manageHostName = false; # manage hostname myself
-};
-    networking = {
-hostName = "TEMPLATE"; # Define your hostname.
-useDHCP = true;
-enableIPv6 = false;
-firewall.enable = false;
-};
-    services.openssh = {
-      enable = true;
-      settings.PermitRootLogin = "yes";
-    };
-    users.users.root.openssh.authorizedKeys.keyFiles = [
-      ../../../secrets/keys/authorized_keys
-    ];
-    # users.users.root.password = "TEMPLATE";
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  networking = {
+    hostName = "TEMPLATE"; # Define your hostname.
+    useDHCP = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../../secrets/keys/authorized_keys
+  ];
+  # users.users.root.password = "TEMPLATE";
 
-    system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
-  }
+  system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
+}
 
 
      
 
      
@@ -3411,8 +3421,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 {
   imports = [
     (modulesPath + "/virtualisation/proxmox-lxc.nix")
@@ -3432,15 +3441,15 @@ 
      3
     xkbVariant = "altgr-intl";
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   sops = {
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
     defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
     validateSopsFiles = false;
-    secrets.dnstokenfull = {owner="acme";};
+    secrets.dnstokenfull = { owner = "acme"; };
     templates."certs.secret".content = ''
-    CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
+      CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
     '';
   };
   proxmoxLXC = {
@@ -3493,7 +3502,7 @@ 
      3
             proxyPass = "https://192.168.1.5";
             extraConfig = ''
               client_max_body_size 0;
-              '';
+            '';
           };
           # "/push/" = {
           # proxyPass = "http://192.168.2.5:7867";
@@ -3515,8 +3524,8 @@ 
      3
           "~ ^(/_matrix|/_synapse/client)" = {
             proxyPass = "http://192.168.1.23:8008";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3531,13 +3540,13 @@ 
      3
             proxyPass = "http://192.168.1.13:4040";
             proxyWebsockets = true;
             extraConfig = ''
-                  proxy_redirect          http:// https://;
-                  proxy_read_timeout      600s;
-                  proxy_send_timeout      600s;
-                  proxy_buffering         off;
-                  proxy_request_buffering off;
-                  client_max_body_size    0;
-                '';
+              proxy_redirect          http:// https://;
+              proxy_read_timeout      600s;
+              proxy_send_timeout      600s;
+              proxy_buffering         off;
+              proxy_request_buffering off;
+              client_max_body_size    0;
+            '';
           };
         };
       };
@@ -3550,8 +3559,8 @@ 
      3
           "/" = {
             proxyPass = "http://192.168.1.24:28981";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3564,8 +3573,8 @@ 
      3
           "/" = {
             proxyPass = "http://192.168.1.16:8096";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3578,8 +3587,8 @@ 
      3
           "~ ^(/_matrix|/_synapse/client)" = {
             proxyPass = "http://192.168.1.20:8008";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3592,8 +3601,8 @@ 
      3
           "/" = {
             proxyPass = "http://192.168.1.22:8080";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3606,8 +3615,8 @@ 
      3
           "/" = {
             proxyPass = "https://192.168.1.7";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -3657,77 +3666,76 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -  { config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 
-  {
-    imports = [
-      (modulesPath + "/virtualisation/proxmox-lxc.nix")
-      ./hardware-configuration.nix
-    ];
+{
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    ./hardware-configuration.nix
+  ];
 
-    environment.systemPackages = with pkgs; [
-      git
-      gnupg
-      ssh-to-age
-      calibre
-    ];
+  environment.systemPackages = with pkgs; [
+    git
+    gnupg
+    ssh-to-age
+    calibre
+  ];
 
-    users.groups.lxc_shares = {
-      gid = 10000;
-      members = [
-              "kavita"
-              "calibre-web"
-              "root"
-            ];
-    };
+  users.groups.lxc_shares = {
+    gid = 10000;
+    members = [
+      "kavita"
+      "calibre-web"
+      "root"
+    ];
+  };
 
-    services.xserver = {
-      layout = "us";
-      xkbVariant = "altgr-intl";
-    };
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "altgr-intl";
+  };
 
-    nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-    sops = {
-age.sshKeyPaths = [ "/etc/ssh/sops" ];
-defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
-validateSopsFiles = false;
-secrets.kavita = { owner = "kavita";};
-};
-    proxmoxLXC = {
-manageNetwork = true; # manage network myself
-manageHostName = false; # manage hostname myself
-};
-    networking = {
-hostName = "calibre"; # Define your hostname.
-useDHCP = true;
-enableIPv6 = false;
-firewall.enable = false;
-};
-    services.openssh = {
-      enable = true;
-      settings.PermitRootLogin = "yes";
-    };
-    users.users.root.openssh.authorizedKeys.keyFiles = [
-      ../../../secrets/keys/authorized_keys
-    ];
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/sops" ];
+    defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
+    validateSopsFiles = false;
+    secrets.kavita = { owner = "kavita"; };
+  };
+  proxmoxLXC = {
+    manageNetwork = true; # manage network myself
+    manageHostName = false; # manage hostname myself
+  };
+  networking = {
+    hostName = "calibre"; # Define your hostname.
+    useDHCP = true;
+    enableIPv6 = false;
+    firewall.enable = false;
+  };
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../../secrets/keys/authorized_keys
+  ];
 
-    system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
+  system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
 
-    environment.shellAliases = {
-      nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
-    };
+  environment.shellAliases = {
+    nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
+  };
 
-    services.kavita = {
-      enable = true;
-      user = "kavita";
-      port = 8080;
-      tokenKeyFile = config.sops.secrets.kavita.path;
-    };
+  services.kavita = {
+    enable = true;
+    user = "kavita";
+    port = 8080;
+    tokenKeyFile = config.sops.secrets.kavita.path;
+  };
 
 
-  }
+}
 
 
      
 
      
@@ -3742,8 +3750,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 
 {
   imports = [
@@ -3766,7 +3773,7 @@ 
      3
   };
 
   users.users.jellyfin = {
-    extraGroups  = [ "video" "render" ];
+    extraGroups = [ "video" "render" ];
   };
 
   services.xserver = {
@@ -3774,7 +3781,7 @@ 
      3
     xkbVariant = "altgr-intl";
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   proxmoxLXC = {
     manageNetwork = true; # manage network myself
@@ -3807,7 +3814,7 @@ 
      3
     enable = true;
     extraPackages = with pkgs; [
       intel-media-driver # LIBVA_DRIVER_NAME=iHD
-      vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
       vaapiVdpau
       libvdpau-va-gl
     ];
@@ -3837,8 +3844,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 
 {
   imports = [
@@ -3869,7 +3875,7 @@ 
      3
       "root"
     ];
   };
-  users.groups.vpn = {};
+  users.groups.vpn = { };
 
   users.users.vpn = {
     isNormalUser = true;
@@ -3882,7 +3888,7 @@ 
      3
     xkbVariant = "altgr-intl";
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   sops = {
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
@@ -3923,28 +3929,33 @@ 
      3
   networking.iproute2 = {
     enable = true;
     rttablesExtraConfig = ''
-                    200     vpn
-                    '';
+      200     vpn
+    '';
   };
   environment.etc = {
     "openvpn/iptables.sh" =
-      { source = ../../../scripts/server1/iptables.sh;
+      {
+        source = ../../../scripts/server1/iptables.sh;
         mode = "0755";
       };
     "openvpn/update-resolv-conf" =
-      { source = ../../../scripts/server1/update-resolv-conf;
+      {
+        source = ../../../scripts/server1/update-resolv-conf;
         mode = "0755";
       };
     "openvpn/routing.sh" =
-      { source = ../../../scripts/server1/routing.sh;
+      {
+        source = ../../../scripts/server1/routing.sh;
         mode = "0755";
       };
     "openvpn/ca.rsa.2048.crt" =
-      { source = ../../../secrets/certs/ca.rsa.2048.crt;
+      {
+        source = ../../../secrets/certs/ca.rsa.2048.crt;
         mode = "0644";
       };
     "openvpn/crl.rsa.2048.pem" =
-      { source = ../../../secrets/certs/crl.rsa.2048.pem;
+      {
+        source = ../../../secrets/certs/crl.rsa.2048.pem;
         mode = "0644";
       };
   };
@@ -3978,46 +3989,46 @@ 
      3
       };
 
       pia.content = ''
-                  ${config.sops.placeholder.vpnuser}
-                  ${config.sops.placeholder.vpnpass}
-                  '';
+        ${config.sops.placeholder.vpnuser}
+        ${config.sops.placeholder.vpnpass}
+      '';
 
       vpn.content = ''
-                    client
-                    dev tun
-                    proto ${config.sops.placeholder.vpnprot}
-                    remote ${config.sops.placeholder.vpnloc}
-                    resolv-retry infinite
-                    nobind
-                    persist-key
-                    persist-tun
-                    cipher aes-128-cbc
-                    auth sha1
-                    tls-client
-                    remote-cert-tls server
-
-                    auth-user-pass ${config.sops.templates.pia.path}
-                    compress
-                    verb 1
-                    reneg-sec 0
-
-                    crl-verify /etc/openvpn/crl.rsa.2048.pem
-                    ca /etc/openvpn/ca.rsa.2048.crt
-
-                    disable-occ
-                    dhcp-option DNS 209.222.18.222
-                    dhcp-option DNS 209.222.18.218
-                    dhcp-option DNS 8.8.8.8
-                    route-noexec
-                  '';
+        client
+        dev tun
+        proto ${config.sops.placeholder.vpnprot}
+        remote ${config.sops.placeholder.vpnloc}
+        resolv-retry infinite
+        nobind
+        persist-key
+        persist-tun
+        cipher aes-128-cbc
+        auth sha1
+        tls-client
+        remote-cert-tls server
+
+        auth-user-pass ${config.sops.templates.pia.path}
+        compress
+        verb 1
+        reneg-sec 0
+
+        crl-verify /etc/openvpn/crl.rsa.2048.pem
+        ca /etc/openvpn/ca.rsa.2048.crt
+
+        disable-occ
+        dhcp-option DNS 209.222.18.222
+        dhcp-option DNS 209.222.18.218
+        dhcp-option DNS 8.8.8.8
+        route-noexec
+      '';
     };
     secrets = {
-      vpnuser = {};
-      rpcuser = {owner="vpn";};
-      vpnpass = {};
-      rpcpass = {owner="vpn";};
-      vpnprot = {};
-      vpnloc = {};
+      vpnuser = { };
+      rpcuser = { owner = "vpn"; };
+      vpnpass = { };
+      rpcpass = { owner = "vpn"; };
+      vpnprot = { };
+      vpnloc = { };
     };
   };
   services.openvpn.servers = {
@@ -4035,74 +4046,74 @@ 
      3
     group = "lxc_shares";
     settings = {
 
-      alt-speed-down= 8000;
-      alt-speed-enabled= false;
-      alt-speed-time-begin= 0;
-      alt-speed-time-day= 127;
-      alt-speed-time-enabled= true;
-      alt-speed-time-end= 360;
-      alt-speed-up= 2000;
-      bind-address-ipv4= "0.0.0.0";
-      bind-address-ipv6= "::";
-      blocklist-enabled= false;
-      blocklist-url= "http://www.example.com/blocklist";
-      cache-size-mb= 4;
-      dht-enabled= false;
-      download-dir= "/media/Eternor/New";
-      download-limit= 100;
-      download-limit-enabled= 0;
-      download-queue-enabled= true;
-      download-queue-size= 5;
-      encryption= 2;
-      idle-seeding-limit= 30;
-      idle-seeding-limit-enabled= false;
-      incomplete-dir= "/var/lib/transmission-daemon/Downloads";
-      incomplete-dir-enabled= false;
-      lpd-enabled= false;
-      max-peers-global= 200;
-      message-level= 1;
-      peer-congestion-algorithm= "";
-      peer-id-ttl-hours= 6;
-      peer-limit-global= 100;
-      peer-limit-per-torrent= 40;
-      peer-port= 22371;
-      peer-port-random-high= 65535;
-      peer-port-random-low= 49152;
-      peer-port-random-on-start= false;
-      peer-socket-tos= "default";
-      pex-enabled= false;
-      port-forwarding-enabled= false;
-      preallocation= 1;
-      prefetch-enabled= true;
-      queue-stalled-enabled= true;
-      queue-stalled-minutes= 30;
-      ratio-limit= 2;
-      ratio-limit-enabled= false;
-      rename-partial-files= true;
-      rpc-authentication-required= true;
-      rpc-bind-address= "0.0.0.0";
-      rpc-enabled= true;
-      rpc-host-whitelist= "";
-      rpc-host-whitelist-enabled= true;
-      rpc-port= 9091;
-      rpc-url= "/transmission/";
-      rpc-whitelist= "127.0.0.1,192.168.3.2";
-      rpc-whitelist-enabled= true;
-      scrape-paused-torrents-enabled= true;
-      script-torrent-done-enabled= false;
-      seed-queue-enabled= false;
-      seed-queue-size= 10;
-      speed-limit-down= 6000;
-      speed-limit-down-enabled= true;
-      speed-limit-up= 500;
-      speed-limit-up-enabled= true;
-      start-added-torrents= true;
-      trash-original-torrent-files= false;
-      umask= 2;
-      upload-limit= 100;
-      upload-limit-enabled= 0;
-      upload-slots-per-torrent= 14;
-      utp-enabled= false;
+      alt-speed-down = 8000;
+      alt-speed-enabled = false;
+      alt-speed-time-begin = 0;
+      alt-speed-time-day = 127;
+      alt-speed-time-enabled = true;
+      alt-speed-time-end = 360;
+      alt-speed-up = 2000;
+      bind-address-ipv4 = "0.0.0.0";
+      bind-address-ipv6 = "::";
+      blocklist-enabled = false;
+      blocklist-url = "http://www.example.com/blocklist";
+      cache-size-mb = 4;
+      dht-enabled = false;
+      download-dir = "/media/Eternor/New";
+      download-limit = 100;
+      download-limit-enabled = 0;
+      download-queue-enabled = true;
+      download-queue-size = 5;
+      encryption = 2;
+      idle-seeding-limit = 30;
+      idle-seeding-limit-enabled = false;
+      incomplete-dir = "/var/lib/transmission-daemon/Downloads";
+      incomplete-dir-enabled = false;
+      lpd-enabled = false;
+      max-peers-global = 200;
+      message-level = 1;
+      peer-congestion-algorithm = "";
+      peer-id-ttl-hours = 6;
+      peer-limit-global = 100;
+      peer-limit-per-torrent = 40;
+      peer-port = 22371;
+      peer-port-random-high = 65535;
+      peer-port-random-low = 49152;
+      peer-port-random-on-start = false;
+      peer-socket-tos = "default";
+      pex-enabled = false;
+      port-forwarding-enabled = false;
+      preallocation = 1;
+      prefetch-enabled = true;
+      queue-stalled-enabled = true;
+      queue-stalled-minutes = 30;
+      ratio-limit = 2;
+      ratio-limit-enabled = false;
+      rename-partial-files = true;
+      rpc-authentication-required = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-enabled = true;
+      rpc-host-whitelist = "";
+      rpc-host-whitelist-enabled = true;
+      rpc-port = 9091;
+      rpc-url = "/transmission/";
+      rpc-whitelist = "127.0.0.1,192.168.3.2";
+      rpc-whitelist-enabled = true;
+      scrape-paused-torrents-enabled = true;
+      script-torrent-done-enabled = false;
+      seed-queue-enabled = false;
+      seed-queue-size = 10;
+      speed-limit-down = 6000;
+      speed-limit-down-enabled = true;
+      speed-limit-up = 500;
+      speed-limit-up-enabled = true;
+      start-added-torrents = true;
+      trash-original-torrent-files = false;
+      umask = 2;
+      upload-limit = 100;
+      upload-limit-enabled = 0;
+      upload-slots-per-torrent = 14;
+      utp-enabled = false;
     };
   };
 
@@ -4144,10 +4155,11 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, sops, ... }: let
+
      { config, pkgs, modulesPath, sops, ... }:
+let
   matrixDomain = "matrix2.swarsel.win";
-in {
+in
+{
 
 
   services = {
@@ -4165,7 +4177,7 @@ 
      3
     };
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   proxmoxLXC = {
     manageNetwork = true; # manage network myself
@@ -4213,21 +4225,21 @@ 
      3
     defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
     validateSopsFiles = false;
     secrets = {
-      matrixsharedsecret = {owner="matrix-synapse";};
-      mautrixtelegram_as = {owner="matrix-synapse";};
-      mautrixtelegram_hs = {owner="matrix-synapse";};
-      mautrixtelegram_api_id = {owner="matrix-synapse";};
-      mautrixtelegram_api_hash = {owner="matrix-synapse";};
+      matrixsharedsecret = { owner = "matrix-synapse"; };
+      mautrixtelegram_as = { owner = "matrix-synapse"; };
+      mautrixtelegram_hs = { owner = "matrix-synapse"; };
+      mautrixtelegram_api_id = { owner = "matrix-synapse"; };
+      mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
     };
     templates = {
       "matrix_user_register.sh".content = ''
-          register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
-          '';
+        register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
+      '';
       matrixshared = {
         owner = "matrix-synapse";
         content = ''
           registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
-          '';
+        '';
       };
       mautrixtelegram = {
         owner = "matrix-synapse";
@@ -4236,7 +4248,7 @@ 
      3
           MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
           MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
           MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
-          '';
+        '';
       };
     };
   };
@@ -4244,27 +4256,27 @@ 
      3
   services.postgresql = {
     enable = true;
     initialScript = pkgs.writeText "synapse-init.sql" ''
-            CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-            CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
-            CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
-            CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
-            CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-          '';
+      CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+      CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
+      CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
+      CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
+      CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+    '';
   };
 
   services.matrix-synapse = {
@@ -4279,7 +4291,8 @@ 
      3
       server_name = matrixDomain;
       public_baseurl = "https://${matrixDomain}";
       listeners = [
-        { port = 8008;
+        {
+          port = 8008;
           bind_addresses = [ "0.0.0.0" ];
           type = "http";
           tls = false;
@@ -4307,7 +4320,7 @@ 
      3
         domain = matrixDomain;
       };
       appservice = {
-        address= "http://localhost:29317";
+        address = "http://localhost:29317";
         hostname = "0.0.0.0";
         port = "29317";
         provisioning.enabled = true;
@@ -4336,16 +4349,16 @@ 
      3
           args = {
             width = 256;
             height = 256;
-            fps = 30;               # only for webm
-            background = "020202";  # only for gif, transparency not supported
+            fps = 30; # only for webm
+            background = "020202"; # only for gif, transparency not supported
           };
         };
       };
     };
   };
   systemd.services.mautrix-telegram.path = with pkgs; [
-    lottieconverter  # for animated stickers conversion, unfree package
-    ffmpeg           # if converting animated stickers to webm (very slow!)
+    lottieconverter # for animated stickers conversion, unfree package
+    ffmpeg # if converting animated stickers to webm (very slow!)
   ];
 
   services.mautrix-whatsapp = {
@@ -4356,7 +4369,7 @@ 
      3
         domain = matrixDomain;
       };
       appservice = {
-        address= "http://localhost:29318";
+        address = "http://localhost:29318";
         hostname = "0.0.0.0";
         port = 29318;
         database = {
@@ -4403,7 +4416,7 @@ 
      3
       };
       appservice = {
 
-        address= "http://localhost:29328";
+        address = "http://localhost:29328";
         hostname = "0.0.0.0";
         port = 29328;
         database = {
@@ -4439,10 +4452,10 @@ 
      3
 
   systemd.services."restart-bridges" = {
     script = ''
-            systemctl restart mautrix-whatsapp.service
-            systemctl restart mautrix-signal.service
-            systemctl restart mautrix-telegram.service
-            '';
+      systemctl restart mautrix-whatsapp.service
+      systemctl restart mautrix-signal.service
+      systemctl restart mautrix-telegram.service
+    '';
     serviceConfig = {
       Type = "oneshot";
       User = "root";
@@ -4464,8 +4477,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 
 {
 
@@ -4491,7 +4503,7 @@ 
      3
     };
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   proxmoxLXC = {
     manageNetwork = true; # manage network myself
@@ -4532,7 +4544,7 @@ 
      3
         gid = 61593;
       };
 
-      mpd = {};
+      mpd = { };
     };
 
     users = {
@@ -4540,13 +4552,13 @@ 
      3
         isSystemUser = true;
         uid = 61593;
         group = "navidrome";
-        extraGroups  = [ "audio" "utmp" ];
+        extraGroups = [ "audio" "utmp" ];
       };
 
       mpd = {
         isSystemUser = true;
         group = "mpd";
-        extraGroups  = [ "audio" "utmp" ];
+        extraGroups = [ "audio" "utmp" ];
       };
     };
   };
@@ -4573,7 +4585,7 @@ 
      3
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
     defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
     validateSopsFiles = false;
-    secrets.mpdpass = { owner = "mpd";};
+    secrets.mpdpass = { owner = "mpd"; };
   };
 
   services.navidrome = {
@@ -4630,8 +4642,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ pkgs, modulesPath, ... }:
+
      { pkgs, modulesPath, ... }:
 
 {
 
@@ -4657,7 +4668,7 @@ 
      3
     };
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   proxmoxLXC = {
     manageNetwork = true; # manage network myself
@@ -4691,7 +4702,7 @@ 
      3
     isSystemUser = true;
     uid = 65136;
     group = "spotifyd";
-    extraGroups  = [ "audio" "utmp" ];
+    extraGroups = [ "audio" "utmp" ];
   };
 
   sound = {
@@ -4738,8 +4749,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, ... }:
+
      { config, pkgs, ... }:
 
 {
   imports = [
@@ -4757,16 +4767,16 @@ 
      3
     xkbVariant = "altgr-intl";
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   sops = {
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
     defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
     validateSopsFiles = false;
-    secrets.swarsel = { owner = "root";};
-    secrets.dnstokenfull = {owner="acme";};
+    secrets.swarsel = { owner = "root"; };
+    secrets.dnstokenfull = { owner = "acme"; };
     templates."certs.secret".content = ''
-    CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
+      CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
     '';
   };
 
@@ -4794,8 +4804,8 @@ 
      3
           "/" = {
             proxyPass = "http://localhost:27701";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -4808,8 +4818,8 @@ 
      3
           "/" = {
             proxyPass = "http://localhost:8384/";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -4822,8 +4832,8 @@ 
      3
           "/" = {
             proxyPass = "http://localhost:3000";
             extraConfig = ''
-                  client_max_body_size 0;
-                '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -4837,14 +4847,14 @@ 
      3
     enableIPv6 = false;
     domain = "subnet03112148.vcn03112148.oraclevcn.com";
     firewall.extraCommands = ''
-    iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
-    iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
     '';
   };
   services.openssh = {
@@ -4923,11 +4933,11 @@ 
      3
 
      
 
       settings.app_service_config_files = [
-    "/var/lib/matrix-synapse/telegram-registration.yaml"
-    "/var/lib/matrix-synapse/whatsapp-registration.yaml"
-    "/var/lib/matrix-synapse/signal-registration.yaml"
-    "/var/lib/matrix-synapse/doublepuppet.yaml"
-  ]
+  "/var/lib/matrix-synapse/telegram-registration.yaml"
+  "/var/lib/matrix-synapse/whatsapp-registration.yaml"
+  "/var/lib/matrix-synapse/signal-registration.yaml"
+  "/var/lib/matrix-synapse/doublepuppet.yaml"
+]
 
 
      
 
      
@@ -4971,10 +4981,11 @@ 
      3
 
      
 
 
      
-
      -{ config, pkgs, sops, ... }: let
+
      { config, pkgs, sops, ... }:
+let
   matrixDomain = "swatrix.swarsel.win";
-in {
+in
+{
 
   imports = [
     ./hardware-configuration.nix
@@ -4994,27 +5005,27 @@ 
      3
     xkbVariant = "altgr-intl";
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   sops = {
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
     defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
     validateSopsFiles = false;
     secrets = {
-      dnstokenfull = {owner="acme";};
-      matrixsharedsecret = {owner="matrix-synapse";};
-      mautrixtelegram_as = {owner="matrix-synapse";};
-      mautrixtelegram_hs = {owner="matrix-synapse";};
-      mautrixtelegram_api_id = {owner="matrix-synapse";};
-      mautrixtelegram_api_hash = {owner="matrix-synapse";};
+      dnstokenfull = { owner = "acme"; };
+      matrixsharedsecret = { owner = "matrix-synapse"; };
+      mautrixtelegram_as = { owner = "matrix-synapse"; };
+      mautrixtelegram_hs = { owner = "matrix-synapse"; };
+      mautrixtelegram_api_id = { owner = "matrix-synapse"; };
+      mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
     };
     templates = {
       "certs.secret".content = ''
-          CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
-          '';
+        CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
+      '';
       "matrix_user_register.sh".content = ''
-          register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
-          '';
+        register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
+      '';
       mautrixtelegram = {
         owner = "matrix-synapse";
         content = ''
@@ -5022,13 +5033,13 @@ 
      3
           MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
           MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
           MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
-          '';
+        '';
       };
       matrixshared = {
         owner = "matrix-synapse";
         content = ''
           registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
-          '';
+        '';
       };
     };
   };
@@ -5061,8 +5072,8 @@ 
      3
           "~ ^(/_matrix|/_synapse/client)" = {
             proxyPass = "http://localhost:8008";
             extraConfig = ''
-                        client_max_body_size 0;
-                      '';
+              client_max_body_size 0;
+            '';
           };
         };
       };
@@ -5076,13 +5087,13 @@ 
      3
     enableIPv6 = false;
     domain = "swarsel.win";
     firewall.extraCommands = ''
-          iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-          iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-          iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
-          iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
-          iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
-          iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
-          '';
+      iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
+      iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
+    '';
   };
   services.openssh = {
     enable = true;
@@ -5103,27 +5114,27 @@ 
      3
   services.postgresql = {
     enable = true;
     initialScript = pkgs.writeText "synapse-init.sql" ''
-            CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-            CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
-            CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
-            CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-            CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
-            CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
-              TEMPLATE template0
-              LC_COLLATE = "C"
-              LC_CTYPE = "C";
-          '';
+      CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+      CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
+      CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
+      CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+      CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
+      CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
+        TEMPLATE template0
+        LC_COLLATE = "C"
+        LC_CTYPE = "C";
+    '';
   };
   services.matrix-synapse = {
     settings.app_service_config_files = [
@@ -5138,7 +5149,8 @@ 
      3
       public_baseurl = "https://${matrixDomain}";
     };
     listeners = [
-      { port = 8008;
+      {
+        port = 8008;
         bind_addresses = [ "0.0.0.0" ];
         type = "http";
         tls = false;
@@ -5165,7 +5177,7 @@ 
      3
         domain = matrixDomain;
       };
       appservice = {
-        address= "http://localhost:29317";
+        address = "http://localhost:29317";
         hostname = "0.0.0.0";
         port = "29317";
         provisioning.enabled = true;
@@ -5194,16 +5206,16 @@ 
      3
           args = {
             width = 256;
             height = 256;
-            fps = 30;               # only for webm
-            background = "020202";  # only for gif, transparency not supported
+            fps = 30; # only for webm
+            background = "020202"; # only for gif, transparency not supported
           };
         };
       };
     };
   };
   systemd.services.mautrix-telegram.path = with pkgs; [
-    lottieconverter  # for animated stickers conversion, unfree package
-    ffmpeg           # if converting animated stickers to webm (very slow!)
+    lottieconverter # for animated stickers conversion, unfree package
+    ffmpeg # if converting animated stickers to webm (very slow!)
   ];
 
   services.mautrix-whatsapp = {
@@ -5214,7 +5226,7 @@ 
      3
         domain = matrixDomain;
       };
       appservice = {
-        address= "http://localhost:29318";
+        address = "http://localhost:29318";
         hostname = "0.0.0.0";
         port = 29318;
         database = {
@@ -5262,7 +5274,7 @@ 
      3
       };
       appservice = {
 
-        address= "http://localhost:29328";
+        address = "http://localhost:29328";
         hostname = "0.0.0.0";
         port = 29328;
         database = {
@@ -5298,10 +5310,10 @@ 
      3
 
   systemd.services."restart-bridges" = {
     script = ''
-            systemctl restart mautrix-whatsapp.service
-            systemctl restart mautrix-signal.service
-            systemctl restart mautrix-telegram.service
-            '';
+      systemctl restart mautrix-whatsapp.service
+      systemctl restart mautrix-signal.service
+      systemctl restart mautrix-telegram.service
+    '';
     serviceConfig = {
       Type = "oneshot";
       User = "root";
@@ -5323,8 +5335,7 @@ 
      3
 
    • NixOS
      
 
      
 
      
-
      -{ config, pkgs, modulesPath, ... }:
+
      { config, pkgs, modulesPath, ... }:
 
 {
 
@@ -5350,7 +5361,7 @@ 
      3
     };
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   proxmoxLXC = {
     manageNetwork = true; # manage network myself
@@ -5397,7 +5408,7 @@ 
      3
     age.sshKeyPaths = [ "/etc/ssh/sops" ];
     defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
     validateSopsFiles = false;
-    secrets.admin = { owner = "paperless";};
+    secrets.admin = { owner = "paperless"; };
   };
 
   services.paperless = {
@@ -5467,7 +5478,8 @@ 
      3
 
      
 
 
      
-
      services.xserver = {
+
      +services.xserver = {
   xkb = {
     layout = "us";
     variant = "altgr-intl";
@@ -5935,29 +5947,30 @@ 
      3
   validateSopsFiles = false;
 
   secrets = {
-    swarseluser = {neededForUsers = true;};
-    ernest = {};
-    frauns = {};
-    hotspot = {};
-    eduid = {};
-    edupass = {};
-    handyhotspot = {};
-    vpnuser = {};
-    vpnpass = {};
+    swarseluser = { neededForUsers = true; };
+    ernest = { };
+    frauns = { };
+    hotspot = { };
+    eduid = { };
+    edupass = { };
+    handyhotspot = { };
+    vpnuser = { };
+    vpnpass = { };
   };
   templates = {
     "network-manager.env".content = ''
-  ERNEST=${config.sops.placeholder.ernest}
-  FRAUNS=${config.sops.placeholder.frauns}
-  HOTSPOT=${config.sops.placeholder.hotspot}
-  EDUID=${config.sops.placeholder.eduid}
-  EDUPASS=${config.sops.placeholder.edupass}
-  HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
-  VPNUSER=${config.sops.placeholder.vpnuser}
-  VPNPASS=${config.sops.placeholder.vpnpass}
-  '';
+      ERNEST=${config.sops.placeholder.ernest}
+      FRAUNS=${config.sops.placeholder.frauns}
+      HOTSPOT=${config.sops.placeholder.hotspot}
+      EDUID=${config.sops.placeholder.eduid}
+      EDUPASS=${config.sops.placeholder.edupass}
+      HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
+      VPNUSER=${config.sops.placeholder.vpnuser}
+      VPNPASS=${config.sops.placeholder.vpnpass}
+    '';
   };
 };
+
 
      
 
      
 
      
@@ -6023,7 +6036,7 @@ 
      3
   #lsp-bridge / python
   gcc
   gdb
-  (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
+  (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
   # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
   # --------------------------------------------
 
@@ -6041,9 +6054,9 @@ 
      3
     ];
 
     unpackPhase = ''
-    mkdir -p $out/bin
-    tar xvf $src -C $out/
-    mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
+      mkdir -p $out/bin
+      tar xvf $src -C $out/
+      mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
     '';
 
   })
@@ -6081,6 +6094,7 @@ 
      3
 users.defaultUserShell = pkgs.zsh;
 environment.shells = with pkgs; [ zsh ];
 environment.pathsToLink = [ "/share/zsh" ];
+
 
      • 
 
      
 
      
@@ -6141,13 +6155,14 @@ 
      3
     pkgs.gutenprintBin
   ];
   browsedConf = ''
-BrowseDNSSDSubTypes _cups,_print
-BrowseLocalProtocols all
-BrowseRemoteProtocols all
-CreateIPPPrinterQueues All
-BrowseProtocols all
-    '';
+    BrowseDNSSDSubTypes _cups,_print
+    BrowseLocalProtocols all
+    BrowseRemoteProtocols all
+    CreateIPPPrinterQueues All
+    BrowseProtocols all
+  '';
 };
+
 
      • 
 
      
 
@@ -6162,6 +6177,7 @@ 
      3
   nssmdns4 = true;
   openFirewall = true;
 };
+
 
      • 
 
      
 
      
@@ -6191,26 +6207,28 @@ 
      3
 # Make CAPS work as a dual function ESC/CTRL key
 services.interception-tools = {
   enable = true;
-  udevmonConfig = let
-    dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
-      TIMING:
-        TAP_MILLISEC: 200
-        DOUBLE_TAP_MILLISEC: 0
-
-      MAPPINGS:
-        - KEY: KEY_CAPSLOCK
-          TAP: KEY_ESC
-          HOLD: KEY_LEFTCTRL
+  udevmonConfig =
+    let
+      dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
+        TIMING:
+          TAP_MILLISEC: 200
+          DOUBLE_TAP_MILLISEC: 0
+
+        MAPPINGS:
+          - KEY: KEY_CAPSLOCK
+            TAP: KEY_ESC
+            HOLD: KEY_LEFTCTRL
+      '';
+    in
+    ''
+      - JOB: |
+          ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
+            | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
+            | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
+        DEVICE:
+          EVENTS:
+            EV_KEY: [KEY_CAPSLOCK]
     '';
-  in ''
-    - JOB: |
-        ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
-          | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
-          | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
-      DEVICE:
-        EVENTS:
-          EV_KEY: [KEY_CAPSLOCK]
-  '';
 };
 
 
      • 
@@ -6278,18 +6296,18 @@ 
      3
     initial_session.command = "sway";
     # initial_session.user ="swarsel";
     default_session.command = ''
-                ${pkgs.greetd.tuigreet}/bin/tuigreet \
-                  --time \
-                  --asterisks \
-                  --user-menu \
-                  --cmd sway
-              '';
+      ${pkgs.greetd.tuigreet}/bin/tuigreet \
+        --time \
+        --asterisks \
+        --user-menu \
+        --cmd sway
+    '';
   };
 };
 
 environment.etc."greetd/environments".text = ''
-              sway
-            '';
+  sway
+'';
 
 
      
 
      
@@ -6319,8 +6337,7 @@ 
      3
 
    • Packaged
      
 
      
 
      
-
      -{ config, pkgs, fetchFromGitHub , ... }:
+
      { config, pkgs, fetchFromGitHub, ... }:
 
 {
   home.packages = with pkgs; [
@@ -6349,6 +6366,7 @@ 
      3
 
     # nix
     alejandra
+    nixpkgs-fmt
     deadnix
     statix
 
@@ -6470,12 +6488,12 @@ 
      3
     # latex and related packages
     (pkgs.texlive.combine {
       inherit (pkgs.texlive) scheme-full
-        dvisvgm dvipng # for preview and export as html
+        dvisvgm dvipng# for preview and export as html
         wrapfig amsmath ulem hyperref capt-of;
     })
 
     # font stuff
-    (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly"]; })
+    (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; })
     noto-fonts-emoji
     font-awesome_5
     noto-fonts
@@ -6488,134 +6506,138 @@ 
      3
 
    • Self-defined
      
 
      
 
      
-
      -# cura
-(let cura5 = appimageTools.wrapType2 rec {
-       name = "cura5";
-       version = "5.4.0";
-       src = fetchurl {
-         url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
-         hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
-       };
-       extraPkgs = pkgs: with pkgs; [ ];
-     }; in writeScriptBin "cura" ''
-          #! ${pkgs.bash}/bin/bash
-          # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
-          # So we convert each of the files passed as argument to an absolute path.
-          # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
-          args=()
-          for a in "$@"; do
-              if [ -e "$a" ]; then
-                 a="$(realpath "$a")"
-              fi
-              args+=("$a")
-          done
-          exec "${cura5}/bin/cura5" "''${args[@]}"
-          '')
+
      # cura
+(
+  let
+    cura5 = appimageTools.wrapType2 rec {
+      name = "cura5";
+      version = "5.4.0";
+      src = fetchurl {
+        url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
+        hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
+      };
+      extraPkgs = pkgs: with pkgs; [ ];
+    };
+  in
+  writeScriptBin "cura" ''
+    #! ${pkgs.bash}/bin/bash
+    # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
+    # So we convert each of the files passed as argument to an absolute path.
+    # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
+    args=()
+    for a in "$@"; do
+        if [ -e "$a" ]; then
+           a="$(realpath "$a")"
+        fi
+        args+=("$a")
+    done
+    exec "${cura5}/bin/cura5" "''${args[@]}"
+  ''
+)
 
   #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state
   (pkgs.writeShellScriptBin "e" ''
-       bash ~/.dotfiles/scripts/editor_nowait.sh "$@"
-       '')
+    bash ~/.dotfiles/scripts/editor_nowait.sh "$@"
+  '')
   (pkgs.writeShellScriptBin "timer" ''
-       sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done;
-       '')
+    sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done;
+  '')
 
   (pkgs.writeScriptBin "project" ''
- #! ${pkgs.bash}/bin/bash
- if [ "$1" == "rust" ]; then
- cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix
- cp ~/.dotfiles/templates/toolchain.toml .
- elif [ "$1" == "cpp" ]; then
- cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix
- elif [ "$1" == "python" ]; then
- cp ~/.dotfiles/templates/py_flake.nix ./flake.nix
- elif [ "$1" == "cuda" ]; then
- cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix
- elif [ "$1" == "other" ]; then
- cp ~/.dotfiles/templates/other_flake.nix ./flake.nix
- elif [ "$1" == "latex" ]; then
-   if [ "$2" == "" ]; then
-   echo "No filename specified, usage: 'project latex <NAME>'"
-   exit 0
-   fi
- cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex
- exit 0
- else
- echo "No valid argument given. Valid arguments are rust cpp python, cuda"
- exit 0
- fi
- echo "use flake" >> .envrc
- direnv allow
- '')
+    #! ${pkgs.bash}/bin/bash
+    if [ "$1" == "rust" ]; then
+    cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix
+    cp ~/.dotfiles/templates/toolchain.toml .
+    elif [ "$1" == "cpp" ]; then
+    cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix
+    elif [ "$1" == "python" ]; then
+    cp ~/.dotfiles/templates/py_flake.nix ./flake.nix
+    elif [ "$1" == "cuda" ]; then
+    cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix
+    elif [ "$1" == "other" ]; then
+    cp ~/.dotfiles/templates/other_flake.nix ./flake.nix
+    elif [ "$1" == "latex" ]; then
+      if [ "$2" == "" ]; then
+      echo "No filename specified, usage: 'project latex <NAME>'"
+      exit 0
+      fi
+    cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex
+    exit 0
+    else
+    echo "No valid argument given. Valid arguments are rust cpp python, cuda"
+    exit 0
+    fi
+    echo "use flake" >> .envrc
+    direnv allow
+  '')
 
   (pkgs.writeShellApplication {
     name = "pass-fuzzel";
     runtimeInputs = [ pkgs.pass pkgs.fuzzel ];
     text = ''
-       shopt -s nullglob globstar
-
-       typeit=0
-       if [[ $# -ge 1 && $1 == "--type" ]]; then
-         typeit=1
-         shift
-       fi
-
-       export PASSWORD_STORE_DIR=~/.local/share/password-store
-       prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
-       password_files=( "$prefix"/**/*.gpg )
-       password_files=( "''${password_files[@]#"$prefix"/}" )
-       password_files=( "''${password_files[@]%.gpg}" )
-
-       password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
-
-       [[ -n $password ]] || exit
-
-       if [[ $typeit -eq 0 ]]; then
-         pass show -c "$password" &>/tmp/pass-fuzzel
-       else
-         pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
-       fi
-       notify-send -u critical -a pass -t 1000 "Copied/Typed Password"
-     '';
+      shopt -s nullglob globstar
+
+      typeit=0
+      if [[ $# -ge 1 && $1 == "--type" ]]; then
+        typeit=1
+        shift
+      fi
+
+      export PASSWORD_STORE_DIR=~/.local/share/password-store
+      prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
+      password_files=( "$prefix"/**/*.gpg )
+      password_files=( "''${password_files[@]#"$prefix"/}" )
+      password_files=( "''${password_files[@]%.gpg}" )
+
+      password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
+
+      [[ -n $password ]] || exit
+
+      if [[ $typeit -eq 0 ]]; then
+        pass show -c "$password" &>/tmp/pass-fuzzel
+      else
+        pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
+      fi
+      notify-send -u critical -a pass -t 1000 "Copied/Typed Password"
+    '';
   })
 
   (pkgs.writeShellApplication {
     name = "pass-fuzzel-otp";
-    runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))];
+    runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ];
     text = ''
-       shopt -s nullglob globstar
-
-       typeit=0
-       if [[ $# -ge 1 && $1 == "--type" ]]; then
-         typeit=1
-         shift
-       fi
-
-       export PASSWORD_STORE_DIR=~/.local/share/password-store
-       prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
-       password_files=( "$prefix"/otp/**/*.gpg )
-       password_files=( "''${password_files[@]#"$prefix"/}" )
-       password_files=( "''${password_files[@]%.gpg}" )
-
-       password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
-
-       [[ -n $password ]] || exit
-
-       if [[ $typeit -eq 0 ]]; then
-         pass otp -c "$password" &>/tmp/pass-fuzzel
-       else
-         pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
-       fi
-       notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword"
-     '';
+      shopt -s nullglob globstar
+
+      typeit=0
+      if [[ $# -ge 1 && $1 == "--type" ]]; then
+        typeit=1
+        shift
+      fi
+
+      export PASSWORD_STORE_DIR=~/.local/share/password-store
+      prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store}
+      password_files=( "$prefix"/otp/**/*.gpg )
+      password_files=( "''${password_files[@]#"$prefix"/}" )
+      password_files=( "''${password_files[@]%.gpg}" )
+
+      password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@")
+
+      [[ -n $password ]] || exit
+
+      if [[ $typeit -eq 0 ]]; then
+        pass otp -c "$password" &>/tmp/pass-fuzzel
+      else
+        pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype -
+      fi
+      notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword"
+    '';
   })
 
   (pkgs.writeShellApplication {
     name = "cdw";
     runtimeInputs = [ pkgs.fzf ];
     text = ''
-    cd "$(git worktree list | fzf | awk '{print $1}')"
+      cd "$(git worktree list | fzf | awk '{print $1}')"
     '';
   })
 
@@ -6623,7 +6645,7 @@ 
      3
     name = "cdb";
     runtimeInputs = [ pkgs.fzf ];
     text = ''
-    git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
+      git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
     '';
   })
 
@@ -6668,13 +6690,14 @@ 
      3
   defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
   validateSopsFiles = false;
   secrets = {
-    mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
-    nautilus = {path = "/run/user/1000/secrets/nautilus";};
-    leon = {path = "/run/user/1000/secrets/leon";};
-    swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
-    caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
+    mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
+    nautilus = { path = "/run/user/1000/secrets/nautilus"; };
+    leon = { path = "/run/user/1000/secrets/leon"; };
+    swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
+    caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
   };
 };
+
 
      
 
      
 
      
@@ -6683,14 +6706,17 @@ 
      3
 
      3.3.3. SSH Machines
      
 
      
 
      
-It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters.
+It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
 
      
 
 
      
 
      -programs.ssh= {
+programs.ssh = {
   enable = true;
-  extraConfig = "SetEnv TERM=xterm-256color";
+  forwardAgent = true;
+  extraConfig = ''
+    SetEnv TERM=xterm-256color
+  '';
   matchBlocks = {
     "nginx" = {
       hostname = "192.168.1.14";
@@ -6764,57 +6790,18 @@ 
      3
       hostname = "193.122.53.173";
       user = "root"; #this is a oracle vm server but needs root due to nixos-infect
     };
+    "songdiver" = {
+      hostname = "89.168.100.65";
+      user = "ubuntu";
+    };
     "pkv" = {
       hostname = "46.232.248.161";
       user = "root";
     };
-    "nebula" = {
-      hostname = "128.131.171.15";
-      user = "amp23s56";
-      compression = true;
-      identityFile = "~/.ssh/id_ed25519";
-      proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-      extraOptions = {
-        "TCPKeepAlive" = "yes";
-      };
-    };
     "efficient" = {
       hostname = "g0.complang.tuwien.ac.at";
       forwardAgent = true;
       user = "ep01427399";
-
-      # leaving the below lines in for future reference
-
-      # remoteForwards = [
-      #   {
-      #     bind.address = "/run/user/21217/gnupg/S.gpg-agent";
-      #     host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
-      #   }
-      #   {
-      #     bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh";
-      #     host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
-      #   }
-      # ];
-      # extraOptions = {
-      # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
-      # "StreamLocalBindUnlink" = "yes";
-      # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh";
-      # };
-      # setEnv = {
-      #   "TERM" = "xterm";
-      # };
-    };
-    "hydra" = {
-      hostname = "128.131.171.215";
-      user = "hpc23w33";
-      compression = true;
-      forwardAgent = true;
-      # identityFile = "~/.ssh/id_tuwien_hpc";
-      # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at";
-      proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-      extraOptions = {
-        "TCPKeepAlive" = "yes";
-      };
     };
   };
 };
@@ -6862,7 +6849,7 @@ 
      3
     genericName = "Cura";
     exec = "cura";
     terminal = false;
-    categories = [ "Application"];
+    categories = [ "Application" ];
   };
 
   anki = {
@@ -6870,7 +6857,7 @@ 
      3
     genericName = "Anki";
     exec = "anki";
     terminal = false;
-    categories = [ "Application"];
+    categories = [ "Application" ];
   };
 
   # schlidichat = {
@@ -6886,7 +6873,7 @@ 
      3
     genericName = "Element";
     exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
     terminal = false;
-    categories = [ "Application"];
+    categories = [ "Application" ];
   };
 
   emacsclient-newframe = {
@@ -6895,7 +6882,7 @@ 
      3
     exec = "emacsclient -r %u";
     icon = "emacs";
     terminal = false;
-    categories = [ "Development" "TextEditor"];
+    categories = [ "Development" "TextEditor" ];
   };
 
 };
@@ -6999,14 +6986,15 @@ 
      3
   pandoc.enable = true;
   fzf.enable = true;
   zoxide.enable = true;
+};
 
      
 
      
 
      
 
      • 
 
 
      
-
      
-
      3.3.9. nix-index
      
+
      
+
      3.3.9. nix-index
      
 
      
 
      
 nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.
@@ -7014,22 +7002,24 @@ 
      3.3.9. nix-index
      
 
 
      
 
      -nix-index = let
-  command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
+programs.nix-index =
+  let
+    command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
       mkdir -p $out/etc/profile.d
       substitute ${../../scripts/command-not-found.sh}                  \
         $out/etc/profile.d/command-not-found.sh             \
         --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
         --replace @tput@ ${pkgs.ncurses}/bin/tput
-      '';
-in {
-  enable = true;
-  package = pkgs.symlinkJoin {
-    name = "nix-index";
-    paths = [ command-not-found ];
+    '';
+  in
+  {
+    enable = true;
+    package = pkgs.symlinkJoin {
+      name = "nix-index";
+      paths = [ command-not-found ];
+    };
   };
-};
-};
+
 
      
 
      
 
      
@@ -7045,7 +7035,7 @@ 
      3
 
       programs.password-store = {
   enable = true;
-  package = pkgs.pass.withExtensions (exts: [exts.pass-otp]);
+  package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
 };
 
 
      
@@ -7333,13 +7323,13 @@ 
      3
     nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
     edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org";
     magit = "emacsclient -nc -e \"(magit-status)\"";
-    config="git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
-    g="git";
-    c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
+    config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
+    g = "git";
+    c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
     passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
     passpull = "cd ~/.local/share/password-store; git pull; cd -;";
     hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
-    cd="z";
+    cd = "z";
     cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
   };
   autosuggestion.enable = true;
@@ -7352,8 +7342,8 @@ 
      3
   ];
   defaultKeymap = "emacs";
   dirHashes = {
-    dl    = "$HOME/Downloads";
-    gh    = "$HOME/Documents/GitHub";
+    dl = "$HOME/Downloads";
+    gh = "$HOME/Documents/GitHub";
   };
   history = {
     expireDuplicatesFirst = true;
@@ -7422,9 +7412,9 @@ 
      3
     };
     mbsync = {
       enable = true;
-      create= "maildir";
+      create = "maildir";
       expunge = "both";
-      patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
+      patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
       extraConfig = {
         channel = {
           Sync = "All";
@@ -7472,9 +7462,9 @@ 
      3
     mu.enable = true;
     mbsync = {
       enable = true;
-      create= "maildir";
+      create = "maildir";
       expunge = "both";
-      patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
+      patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
       extraConfig = {
         channel = {
           Sync = "All";
@@ -7499,9 +7489,9 @@ 
      3
     mu.enable = true;
     mbsync = {
       enable = true;
-      create= "maildir";
+      create = "maildir";
       expunge = "both";
-      patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"];
+      patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
       extraConfig = {
         channel = {
           Sync = "All";
@@ -7571,7 +7561,7 @@ 
      3
           rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
           hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
         };
-        packageRequires = [];
+        packageRequires = [ ];
       })
 
     ];
@@ -7607,15 +7597,15 @@ 
      3
     mainBar = {
       layer = "top";
       position = "top";
-      modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"];
+      modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
       modules-center = [ "sway/mode" "custom/configwarn" ];
       "sway/mode" = {
         format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
       };
 
       "custom/configwarn" = {
-        exec= "bash ~/.dotfiles/scripts/checkconfigstatus.sh";
-        interval= 60;
+        exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh";
+        interval = 60;
       };
 
       "group/hardware" = {
@@ -7638,14 +7628,14 @@ 
      3
       };
 
       power-profiles-daemon = {
-        format= "{icon}";
-        tooltip-format= "Power profile: {profile}\nDriver: {driver}";
-        tooltip= true;
-        format-icons= {
-          "default"= "";
-          "performance"= "";
-          "balanced"= "";
-          "power-saver"= "";
+        format = "{icon}";
+        tooltip-format = "Power profile: {profile}\nDriver: {driver}";
+        tooltip = true;
+        format-icons = {
+          "default" = "";
+          "performance" = "";
+          "balanced" = "";
+          "power-saver" = "";
         };
       };
 
@@ -7657,15 +7647,15 @@ 
      3
       };
 
       mpris = {
-        format= "{player_icon} {title} <small>[{position}/{length}]</small>";
-        format-paused=  "{player_icon}  <i>{title} <small>[{position}/{length}]</small></i>";
-        player-icons=  {
+        format = "{player_icon} {title} <small>[{position}/{length}]</small>";
+        format-paused = "{player_icon}  <i>{title} <small>[{position}/{length}]</small></i>";
+        player-icons = {
           "default" = "▶ ";
           "mpv" = "🎵 ";
           "spotify" = " ";
         };
-        status-icons= {
-          "paused"= " ";
+        status-icons = {
+          "paused" = " ";
         };
         interval = 1;
         title-len = 20;
@@ -7676,114 +7666,114 @@ 
      3
         format = "";
         tooltip = false;
       };
-      "custom/outer-left-arrow-dark"= {
+      "custom/outer-left-arrow-dark" = {
         format = "";
         tooltip = false;
       };
-      "custom/left-arrow-light"= {
-        format= "";
-        tooltip= false;
+      "custom/left-arrow-light" = {
+        format = "";
+        tooltip = false;
       };
-      "custom/right-arrow-dark"= {
-        format= "";
-        tooltip= false;
+      "custom/right-arrow-dark" = {
+        format = "";
+        tooltip = false;
       };
-      "custom/outer-right-arrow-dark"= {
-        format= "";
-        tooltip= false;
+      "custom/outer-right-arrow-dark" = {
+        format = "";
+        tooltip = false;
       };
-      "custom/right-arrow-light"= {
-        format= "";
-        tooltip= false;
+      "custom/right-arrow-light" = {
+        format = "";
+        tooltip = false;
       };
-      "sway/workspaces"= {
-        disable-scroll= true;
-        format= "{name}";
+      "sway/workspaces" = {
+        disable-scroll = true;
+        format = "{name}";
       };
 
-      "clock#1"= {
-        min-length= 8;
-        interval= 1;
-        format= "{:%H:%M:%S}";
+      "clock#1" = {
+        min-length = 8;
+        interval = 1;
+        format = "{:%H:%M:%S}";
         # on-click-right= "gnome-clocks";
-        tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+        tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
       };
 
-      "clock#2"= {
-        format= "{:%d. %B %Y}";
+      "clock#2" = {
+        format = "{:%d. %B %Y}";
         # on-click-right= "gnome-clocks";
-        tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+        tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
       };
 
-      pulseaudio= {
-        format= "{icon} {volume:2}%";
-        format-bluetooth= "{icon} {volume}%";
-        format-muted= "MUTE";
-        format-icons= {
-          headphones= "";
-          default= [
+      pulseaudio = {
+        format = "{icon} {volume:2}%";
+        format-bluetooth = "{icon} {volume}%";
+        format-muted = "MUTE";
+        format-icons = {
+          headphones = "";
+          default = [
             ""
             ""
           ];
         };
-        scroll-step= 1;
-        on-click= "pamixer -t";
-        on-click-right= "pavucontrol";
+        scroll-step = 1;
+        on-click = "pamixer -t";
+        on-click-right = "pavucontrol";
       };
-      memory= {
-        interval= 5;
-        format= " {}%";
-        tooltip-format= "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
+      memory = {
+        interval = 5;
+        format = " {}%";
+        tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
       };
-      cpu= {
-        min-length= 6;
-        interval= 5;
-        format-icons = ["▁" "▂" "▃" "▄" "▅" "▆" "▇" "█"];
+      cpu = {
+        min-length = 6;
+        interval = 5;
+        format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ];
         # on-click-right= "com.github.stsdc.monitor";
-        on-click-right= "kitty -o confirm_os_window_close=0 btm";
+        on-click-right = "kitty -o confirm_os_window_close=0 btm";
 
       };
-      battery= {
-        states= {
-          "warning"= 60;
-          "error"= 30;
-          "critical"= 15;
+      battery = {
+        states = {
+          "warning" = 60;
+          "error" = 30;
+          "critical" = 15;
         };
-        interval=5;
-        format= "{icon} {capacity}%";
-        format-charging= "{capacity}% ";
-        format-plugged= "{capacity}% ";
-        format-icons= [
+        interval = 5;
+        format = "{icon} {capacity}%";
+        format-charging = "{capacity}% ";
+        format-plugged = "{capacity}% ";
+        format-icons = [
           ""
           ""
           ""
           ""
           ""
         ];
-        on-click-right= "wlogout -p layer-shell";
+        on-click-right = "wlogout -p layer-shell";
       };
-      disk= {
-        interval= 30;
-        format= "Disk {percentage_used:2}%";
-        path= "/";
-        states= {
-          "warning"= 80;
-          "critical"= 90;
+      disk = {
+        interval = 30;
+        format = "Disk {percentage_used:2}%";
+        path = "/";
+        states = {
+          "warning" = 80;
+          "critical" = 90;
         };
         tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
       };
-      tray= {
-        icon-size= 20;
+      tray = {
+        icon-size = 20;
       };
-      network= {
+      network = {
         interval = 5;
-        format-wifi= "{signalStrength}% ";
-        format-ethernet= "";
-        format-linked= "{ifname} (No IP) ";
-        format-disconnected= "Disconnected ⚠";
-        format-alt= "{ifname}: {ipaddr}/{cidr}";
-        tooltip-format-ethernet= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
-        tooltip-format-wifi= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
+        format-wifi = "{signalStrength}% ";
+        format-ethernet = "";
+        format-linked = "{ifname} (No IP) ";
+        format-disconnected = "Disconnected ⚠";
+        format-alt = "{ifname}: {ipaddr}/{cidr}";
+        tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
+        tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
       };
     };
   };
@@ -7894,11 +7884,12 @@ 
      3
       };
 
       "Home Manager Options" = {
-        urls = [{ template = "https://home-manager-options.extranix.com/";
-                  params = [
-                    { name = "query"; value = "{searchTerms}"; }
-                  ];
-                }];
+        urls = [{
+          template = "https://home-manager-options.extranix.com/";
+          params = [
+            { name = "query"; value = "{searchTerms}"; }
+          ];
+        }];
 
         icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
         definedAliases = [ "@hm" "@ho" "@hmo" ];
@@ -8079,78 +8070,80 @@ 
      3
     modifier = "Mod4";
     terminal = "kitty";
     menu = "fuzzel";
-    bars = [{ command = "waybar";}];
-    keybindings = let
-      inherit (config.wayland.windowManager.sway.config) modifier;
-    in {
-      "${modifier}+q" = "kill";
-      "${modifier}+f" = "exec firefox";
-      "${modifier}+Space" = "exec fuzzel";
-      "${modifier}+Shift+Space" = "floating toggle";
-      "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
-      "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
-      "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
-      "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
-      "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
-      "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
-      "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
-      "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
-      "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
-      "${modifier}+Shift+F12" = "move scratchpad";
-      "${modifier}+F12" = "scratchpad show";
-      "${modifier}+c" = "exec qalculate-gtk";
-      "${modifier}+p" = "exec pass-fuzzel";
-      "${modifier}+o" = "exec pass-fuzzel-otp";
-      "${modifier}+Shift+p" = "exec pass-fuzzel --type";
-      "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
-      "${modifier}+Escape" = "mode $exit";
-      # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
-      "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
-      "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
-      "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
-      "${modifier}+1" = "workspace 1:一";
-      "${modifier}+Shift+1" = "move container to workspace 1:一";
-      "${modifier}+2" = "workspace 2:二";
-      "${modifier}+Shift+2" = "move container to workspace 2:二";
-      "${modifier}+3" = "workspace 3:三";
-      "${modifier}+Shift+3" = "move container to workspace 3:三";
-      "${modifier}+4" = "workspace 4:四";
-      "${modifier}+Shift+4" = "move container to workspace 4:四";
-      "${modifier}+5" = "workspace 5:五";
-      "${modifier}+Shift+5" = "move container to workspace 5:五";
-      "${modifier}+6" = "workspace 6:六";
-      "${modifier}+Shift+6" = "move container to workspace 6:六";
-      "${modifier}+7" = "workspace 7:七";
-      "${modifier}+Shift+7" = "move container to workspace 7:七";
-      "${modifier}+8" = "workspace 8:八";
-      "${modifier}+Shift+8" = "move container to workspace 8:八";
-      "${modifier}+9" = "workspace 9:九";
-      "${modifier}+Shift+9" = "move container to workspace 9:九";
-      "${modifier}+0" = "workspace 10:十";
-      "${modifier}+Shift+0" = "move container to workspace 10:十";
-      "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
-      "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
-      "${modifier}+Left" = "focus left";
-      "${modifier}+Right" = "focus right";
-      "${modifier}+Down" = "focus down";
-      "${modifier}+Up" = "focus up";
-      "${modifier}+Shift+Left" = "move left 40px";
-      "${modifier}+Shift+Right" = "move right 40px";
-      "${modifier}+Shift+Down" = "move down 40px";
-      "${modifier}+Shift+Up" = "move up 40px";
-      "${modifier}+h" = "focus left";
-      "${modifier}+l" = "focus right";
-      "${modifier}+j" = "focus down";
-      "${modifier}+k" = "focus up";
-      "${modifier}+Shift+h" = "move left 40px";
-      "${modifier}+Shift+l" = "move right 40px";
-      "${modifier}+Shift+j" = "move down 40px";
-      "${modifier}+Shift+k" = "move up 40px";
-      "${modifier}+Ctrl+Shift+c" = "reload";
-      "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
-      "${modifier}+r" = "mode resize";
-      "${modifier}+Return" = "exec kitty";
-    };
+    bars = [{ command = "waybar"; }];
+    keybindings =
+      let
+        inherit (config.wayland.windowManager.sway.config) modifier;
+      in
+      {
+        "${modifier}+q" = "kill";
+        "${modifier}+f" = "exec firefox";
+        "${modifier}+Space" = "exec fuzzel";
+        "${modifier}+Shift+Space" = "floating toggle";
+        "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
+        "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
+        "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
+        "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
+        "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
+        "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
+        "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
+        "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
+        "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
+        "${modifier}+Shift+F12" = "move scratchpad";
+        "${modifier}+F12" = "scratchpad show";
+        "${modifier}+c" = "exec qalculate-gtk";
+        "${modifier}+p" = "exec pass-fuzzel";
+        "${modifier}+o" = "exec pass-fuzzel-otp";
+        "${modifier}+Shift+p" = "exec pass-fuzzel --type";
+        "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
+        "${modifier}+Escape" = "mode $exit";
+        # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
+        "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
+        "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
+        "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
+        "${modifier}+1" = "workspace 1:一";
+        "${modifier}+Shift+1" = "move container to workspace 1:一";
+        "${modifier}+2" = "workspace 2:二";
+        "${modifier}+Shift+2" = "move container to workspace 2:二";
+        "${modifier}+3" = "workspace 3:三";
+        "${modifier}+Shift+3" = "move container to workspace 3:三";
+        "${modifier}+4" = "workspace 4:四";
+        "${modifier}+Shift+4" = "move container to workspace 4:四";
+        "${modifier}+5" = "workspace 5:五";
+        "${modifier}+Shift+5" = "move container to workspace 5:五";
+        "${modifier}+6" = "workspace 6:六";
+        "${modifier}+Shift+6" = "move container to workspace 6:六";
+        "${modifier}+7" = "workspace 7:七";
+        "${modifier}+Shift+7" = "move container to workspace 7:七";
+        "${modifier}+8" = "workspace 8:八";
+        "${modifier}+Shift+8" = "move container to workspace 8:八";
+        "${modifier}+9" = "workspace 9:九";
+        "${modifier}+Shift+9" = "move container to workspace 9:九";
+        "${modifier}+0" = "workspace 10:十";
+        "${modifier}+Shift+0" = "move container to workspace 10:十";
+        "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
+        "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
+        "${modifier}+Left" = "focus left";
+        "${modifier}+Right" = "focus right";
+        "${modifier}+Down" = "focus down";
+        "${modifier}+Up" = "focus up";
+        "${modifier}+Shift+Left" = "move left 40px";
+        "${modifier}+Shift+Right" = "move right 40px";
+        "${modifier}+Shift+Down" = "move down 40px";
+        "${modifier}+Shift+Up" = "move up 40px";
+        "${modifier}+h" = "focus left";
+        "${modifier}+l" = "focus right";
+        "${modifier}+j" = "focus down";
+        "${modifier}+k" = "focus up";
+        "${modifier}+Shift+h" = "move left 40px";
+        "${modifier}+Shift+l" = "move right 40px";
+        "${modifier}+Shift+j" = "move down 40px";
+        "${modifier}+Shift+k" = "move up 40px";
+        "${modifier}+Ctrl+Shift+c" = "reload";
+        "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
+        "${modifier}+r" = "mode resize";
+        "${modifier}+Return" = "exec kitty";
+      };
     modes = {
       resize = {
         Down = "resize grow height 10 px or 10 ppt";
@@ -8163,8 +8156,8 @@ 
      3
     };
     defaultWorkspace = "workspace 1:一";
     startup = [
-      { command = "kitty -T kittyterm";}
-      { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";}
+      { command = "kitty -T kittyterm"; }
+      { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
     ];
     window = {
       border = 1;
@@ -8176,28 +8169,28 @@ 
      3
     floating = {
       border = 1;
       criteria = [
-        {title = "^Picture-in-Picture$";}
-        {app_id = "qalculate-gtk";}
-        {app_id = "org.gnome.clocks";}
-        {app_id = "com.github.stsdc.monitor";}
-        {app_id = "blueman";}
-        {app_id = "pavucontrol";}
-        {app_id = "syncthingtray";}
-        {title = "Syncthing Tray";}
-        {app_id = "SchildiChat";}
-        {app_id = "Element";}
-        {app_id = "com.nextcloud.desktopclient.nextcloud";}
-        {app_id = "gnome-system-monitor";}
-        {title = "(?:Open|Save) (?:File|Folder|As)";}
-        {title = "^Add$";}
-        {title = "com-jgoodies-jdiskreport-JDiskReport";}
-        {app_id = "discord";}
-        {window_role = "pop-up";}
-        {window_role = "bubble";}
-        {window_role = "dialog";}
-        {window_role = "task_dialog";}
-        {window_role = "menu";}
-        {window_role = "Preferences";}
+        { title = "^Picture-in-Picture$"; }
+        { app_id = "qalculate-gtk"; }
+        { app_id = "org.gnome.clocks"; }
+        { app_id = "com.github.stsdc.monitor"; }
+        { app_id = "blueman"; }
+        { app_id = "pavucontrol"; }
+        { app_id = "syncthingtray"; }
+        { title = "Syncthing Tray"; }
+        { app_id = "SchildiChat"; }
+        { app_id = "Element"; }
+        { app_id = "com.nextcloud.desktopclient.nextcloud"; }
+        { app_id = "gnome-system-monitor"; }
+        { title = "(?:Open|Save) (?:File|Folder|As)"; }
+        { title = "^Add$"; }
+        { title = "com-jgoodies-jdiskreport-JDiskReport"; }
+        { app_id = "discord"; }
+        { window_role = "pop-up"; }
+        { window_role = "bubble"; }
+        { window_role = "dialog"; }
+        { window_role = "task_dialog"; }
+        { window_role = "menu"; }
+        { window_role = "Preferences"; }
       ];
       titlebar = false;
     };
@@ -8224,19 +8217,19 @@ 
      3
         {
           command = "sticky enable, shadows enable";
           criteria = {
-            title="^Picture-in-Picture$";
+            title = "^Picture-in-Picture$";
           };
         }
         {
           command = "opacity 0.8, sticky enable, border normal, move container to scratchpad";
           criteria = {
-            title="^kittyterm$";
+            title = "^kittyterm$";
           };
         }
         {
           command = "opacity 0.95, sticky enable, border normal, move container to scratchpad";
           criteria = {
-            title="^spotifytui$";
+            title = "^spotifytui$";
           };
         }
         # {
@@ -8250,7 +8243,7 @@ 
      3
 
           command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
           criteria = {
-            class="Spotify";
+            class = "Spotify";
           };
         }
         {
@@ -8277,24 +8270,25 @@ 
      3
       inner = 5;
     };
   };
-  extraSessionCommands =''
-      export SDL_VIDEODRIVER=wayland
-      export QT_QPA_PLATFORM=wayland
-      export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
-      export _JAVA_AWT_WM_NONREPARENTING=1
-      export XDG_CURRENT_DESKTOP=sway
-      export XDG_SESSION_DESKTOP=sway
-      export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
-      export ANKI_WAYLAND=1;
-      export OBSIDIAN_USE_WAYLAND=1;
-    '';
+  extraSessionCommands = ''
+    export SDL_VIDEODRIVER=wayland
+    export QT_QPA_PLATFORM=wayland
+    export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+    export _JAVA_AWT_WM_NONREPARENTING=1
+    export XDG_CURRENT_DESKTOP=sway
+    export XDG_SESSION_DESKTOP=sway
+    export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
+    export ANKI_WAYLAND=1;
+    export OBSIDIAN_USE_WAYLAND=1;
+  '';
   # extraConfigEarly = "
   # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
   # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
   # ";
-  extraConfig =let
-    inherit (config.wayland.windowManager.sway.config) modifier;
-    swayfxSettings = "
+  extraConfig =
+    let
+      inherit (config.wayland.windowManager.sway.config) modifier;
+      swayfxSettings = "
         blur enable
         blur_xray disable
         blur_passes 1
@@ -8304,7 +8298,8 @@ 
      3
         titlebar_separator disable
         default_dim_inactive 0.02
     ";
-  in "
+    in
+    "
       exec_always autotiling
       set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
       mode $exit {
@@ -8421,11 +8416,6 @@ 
      3
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # patches for gaming on nix
-    nix-gaming = {
-      url = "github:fufexan/nix-gaming";
-    };
-
     # hardware quirks on nix
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
@@ -8463,6 +8453,7 @@ 
      3
     lanzaboote,
     nixos-hardware,
     nix-alien,
+    nixos-generators,
     nswitch-rcm-nix,
     nix-index-database,
 
@@ -8470,42 +8461,47 @@ 
      3
   }: let
 
     system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment
-    pkgs = import nixpkgs { inherit system;
-                            overlays = [ emacs-overlay.overlay
-                                         nur.overlay
-                                         nixgl.overlay
-                                         (final: _prev: {
-                                           stable = import nixpkgs-stable {
-                                             inherit (final) system config;
-                                           };
-                                         })
-                                       ];
-                            config.allowUnfree = true;
-                          };
+    pkgs = import nixpkgs {
+      inherit system;
+      overlays = [
+        emacs-overlay.overlay
+        nur.overlay
+        nixgl.overlay
+        (final: _prev: {
+          stable = import nixpkgs-stable {
+            inherit (final) system config;
+          };
+        })
+      ];
+      config.allowUnfree = true;
+    };
 
     # NixOS modules that can only be used on NixOS systems
-    nixModules = [ stylix.nixosModules.stylix
-                   sops-nix.nixosModules.sops
-                   nswitch-rcm-nix.nixosModules.nswitch-rcm
-                   ./profiles/common/nixos.nix
-                   # dynamic library loading
-                   ({ self, system, ... }: {
-                     environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
-                       nix-alien
-                     ];
-                     # needed for `nix-alien-ld`
-                     programs.nix-ld.enable = true;
-                     })
-                   ];
+    nixModules = [
+      stylix.nixosModules.stylix
+      sops-nix.nixosModules.sops
+      nswitch-rcm-nix.nixosModules.nswitch-rcm
+      ./profiles/common/nixos.nix
+      # dynamic library loading
+      ({ self, system, ... }: {
+        environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [
+          nix-alien
+        ];
+        # needed for `nix-alien-ld`
+        programs.nix-ld.enable = true;
+      })
+    ];
 
     # Home-Manager modules wanted on non-NixOS systems
-    homeModules = [ stylix.homeManagerModules.stylix
-                  ];
+    homeModules = [
+      stylix.homeManagerModules.stylix
+    ];
     # Home-Manager modules wanted on both NixOS and non-NixOS systems
-    mixedModules = [ sops-nix.homeManagerModules.sops
-                     nix-index-database.hmModules.nix-index
-                     ./profiles/common/home.nix
-                   ];
+    mixedModules = [
+      sops-nix.homeManagerModules.sops
+      nix-index-database.hmModules.nix-index
+      ./profiles/common/home.nix
+    ];
 
   in {
 
@@ -8519,9 +8515,9 @@ 
      3
     nixosConfigurations = {
 
       onett = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
-          ./profiles/onett/nixos.nix
+          ./profles/onett/nixos.nix
           home-manager.nixosModules.home-manager
           {
             home-manager.users.swarsel.imports = mixedModules ++ [
@@ -8532,7 +8528,7 @@ 
      3
       };
 
       sandbox = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/sandbox/nixos.nix
@@ -8540,7 +8536,7 @@ 
      3
       };
 
       twoson = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
           ./profiles/twoson/nixos.nix
           home-manager.nixosModules.home-manager
@@ -8553,7 +8549,7 @@ 
      3
       };
 
       threed = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
           lanzaboote.nixosModules.lanzaboote
           ./profiles/threed/nixos.nix
@@ -8567,7 +8563,7 @@ 
      3
       };
 
       fourside = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
           nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
           ./profiles/fourside/nixos.nix
@@ -8581,7 +8577,7 @@ 
      3
       };
 
       winters = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
           nixos-hardware.nixosModules.framework-16-inch-7040-amd
           ./profiles/winters/nixos.nix
@@ -8595,7 +8591,7 @@ 
      3
       };
 
       stand = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = nixModules ++ [
           ./profiles/stand/nixos.nix
           home-manager.nixosModules.home-manager
@@ -8608,7 +8604,7 @@ 
      3
       };
 
       nginx = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/nginx/nixos.nix
@@ -8616,7 +8612,7 @@ 
      3
       };
 
       calibre = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/calibre/nixos.nix
@@ -8624,7 +8620,7 @@ 
      3
       };
 
       jellyfin = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           # sops-nix.nixosModules.sops
           ./profiles/server1/jellyfin/nixos.nix
@@ -8632,7 +8628,7 @@ 
      3
       };
 
       transmission = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/transmission/nixos.nix
@@ -8640,7 +8636,7 @@ 
      3
       };
 
       matrix = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         # this is to import a service module that is not on nixpkgs
         # this way avoids infinite recursion errors
         modules = [
@@ -8650,7 +8646,7 @@ 
      3
       };
 
       sound = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/sound/nixos.nix
@@ -8658,7 +8654,7 @@ 
      3
       };
 
       spotifyd = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/spotifyd/nixos.nix
@@ -8666,7 +8662,7 @@ 
      3
       };
 
       paperless = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/server1/paperless/nixos.nix
@@ -8675,7 +8671,7 @@ 
      3
 
       #ovm swarsel
       sync = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/remote/oracle/sync/nixos.nix
@@ -8684,7 +8680,7 @@ 
      3
 
       #ovm swarsel
       swatrix = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs pkgs; };
+        specialArgs = { inherit inputs pkgs; };
         modules = [
           sops-nix.nixosModules.sops
           ./profiles/remote/oracle/matrix/nixos.nix
@@ -8718,6 +8714,14 @@ 
      3
 
     packages.x86_64-linux = {
 
+      proxmox-lxc = nixos-generators.nixosGenerate {
+        inherit system;
+        modules = [
+           ./profiles/server1/TEMPLATE/nixos.nix
+        ];
+        format = "proxmox-lxc";
+      };
+
     };
 
   };
@@ -9387,7 +9391,7 @@ 
      4
 
      
 
      
 
      • 
-
    • Nix common prefix bracketer
      
+
    • Nix common prefix bracketer
      
 
      
 
      
 This function searches for common delimiters in region and removes them, summarizing all captured lines by it.
@@ -9420,6 +9424,42 @@ 
      4
 
      
 
      • 
 
      • 
+
    • Nix formatters
      
+
      
+
      
+This formats the org code block at point in accordance to the nixpkgs-fmt formatter
+
      
+
+
      
+
      +(defun swarsel/org-nixpkgs-fmt-block-lite ()
+  (interactive)
+  (org-babel-mark-block)
+  (call-interactively 'nixpkgs-fmt-region))
+
+
+  (defun swarsel/org-nixpkgs-fmt-block ()
+    (interactive)
+    (save-excursion
+      (let* ((element (org-element-at-point))
+             (begin (org-element-property :begin element))
+             (end (org-element-property :end element))
+             (lang (org-element-property :language element)))
+        (when lang
+          (goto-char begin)
+          (forward-line)
+          (insert "{")
+          (goto-char end)
+          (forward-line -1)
+          (beginning-of-line)
+          (forward-char -1)
+          (insert "}")
+          (org-babel-mark-block)
+          (call-interactively 'nixpkgs-fmt-region)))))
+
      
+
      
+
      
+
      • 
 
 
      
 
      
@@ -10953,12 +10993,27 @@ 
      4
 (use-package nix-mode
   :mode "\\.nix\\'")
 
+
      • 
+
      
+
      
+
      • 
+
      
+
      4.4.3. nixpkgs-fmt
      
+
      
+
      
+Adds functions for formatting nix code.
+
      
+
+
      
+
      +(use-package nixpkgs-fmt)
+
 
      
 
      
 
      
 
      
 
      
-
      4.4.3. Markdown Mode
      
+
      4.4.4. Markdown Mode
      
 
      
 
      
 
        
@@ -10996,7 +11051,7 @@ 
        4
 
      
 
      
 
      
-
      4.4.4. Olivetti
      
+
      4.4.5. Olivetti
      
 
      
 
      
 Olivetti is a mode specialized for writing prose in Emacs. I went for a very simple setup with little distractions.
@@ -11018,7 +11073,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.5. darkroom
      
+
      4.4.6. darkroom
      
 
      
 
      
 Darkroom is package that reduces all forms of distraction to a minimum - this can be useful when simply reading a file for example. For this mode I have increased the text scale by a large margin to make for comfortable reading
@@ -11036,7 +11091,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.6. Ripgrep
      
+
      4.4.7. Ripgrep
      
 
      
 
      
 This is the ripgrep command for Emacs.
@@ -11051,7 +11106,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.7. Tree-sitter
      
+
      4.4.8. Tree-sitter
      
 
      
 
      
 Tree-sitter is a parsing library integrated into Emacs to provide better syntax highlighting and code analysis. It generates concrete syntax trees for source code, enabling more accurate and efficient text processing. Emacs' tree-sitter integration enhances language support, offering features like incremental parsing and precise syntax-aware editing. This improves the development experience by providing robust and dynamic syntax features, making it easier for me to navigate and manipulate code.
@@ -11109,7 +11164,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.8. direnv (envrc)
      
+
      4.4.9. direnv (envrc)
      
 
      
 
      
 
      @@ -11122,7 +11177,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.9. avy
      
+
      4.4.10. avy
      
 
      
 
      
 avy provides the ability to search for any character on the screen (not only in the current buffer!) - I enjoy this utility a lot and use it possibly even more often than the native vim commands.
@@ -11141,7 +11196,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.10. crdt (Collaborative Editing)
      
+
      4.4.11. crdt (Collaborative Editing)
      
 
      
 
      
 With this it is possible to work on the same file collaboratively. I have never tried it out, but it sounds cool.
@@ -11156,7 +11211,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.11. devdocs
      
+
      4.4.12. devdocs
      
 
      
 
      
 devdocs is a very nice package that provides documentation from https:devdocs.io. This is very useful since e.g. pyright provides only a very bad documentation and I do not want to leave Emacs all the time just to read documentation.
@@ -11192,7 +11247,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.12. Projectile
      
+
      4.4.13. Projectile
      
 
      
 
      
 projectile is useful for keeping track of your git projects within Emacs. I mostly use it to quickly switch between projects.
@@ -11217,7 +11272,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.13. Magit
      
+
      4.4.14. Magit
      
 
      
 
      
 magit is the best git utility I have ever used - it has a beautiful interface and is very verbose. Here I mostly just setup the list of repositories that I want to expost to magit.
@@ -11242,7 +11297,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.14. Yubikey support
      
+
      4.4.15. Yubikey support
      
 
      
 
      
 The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least.
@@ -11262,7 +11317,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.15. Forge
      
+
      4.4.16. Forge
      
 
      
 
      
 NOTE: Make sure to configure a GitHub token before using this package!
@@ -11300,7 +11355,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.16. git-timemachine
      
+
      4.4.17. git-timemachine
      
 
      
 
      
 This is just a nice utility to browse different versions of a file of a git project within Emacs.
@@ -11317,7 +11372,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.17. Delimiters (brackets): rainbow-delimiters, highlight-parentheses
      
+
      4.4.18. Delimiters (brackets): rainbow-delimiters, highlight-parentheses
      
 
      
 
        
 
      • rainbow-delimiters colors all delimiters, also ones not in current selection
        • 
@@ -11360,7 +11415,7 @@ 
        4
 
      
 
      
 
      
-
      4.4.18. rainbow-mode
      
+
      4.4.19. rainbow-mode
      
 
      
 
      
 Complimentary to the delimiters-packages above, this package sets the background color of the delimiters, which makes it easier to see at a glance where we are in a delimiter-tree.
@@ -11376,7 +11431,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.19. Corfu
      
+
      4.4.20. Corfu
      
 
      
 
      
 This is the company equivalent to the vertico gang.
@@ -11445,7 +11500,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.20. cape
      
+
      4.4.21. cape
      
 
      
 
      
 cape adds even more completion capabilities by adding a lot of completion logic that is exposed as separate functions. I tried out adding these to the completion-at-points-functions alist, but I felt like it cluttered my suggestions too much. Hence I now just call the respective functions when I need them. For this I setup the C-z keybinding in General evil.
@@ -11499,7 +11554,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.21. rust
      
+
      4.4.22. rust
      
 
      
 
      
 This sets up rustic-mode with tree-sitter support - there is still one issue to iron out with automatic adding of dependency crates, but everything else works fine now.
@@ -11526,7 +11581,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.22. Tramp
      
+
      4.4.23. Tramp
      
 
      
 
      
 Tramp allows for SSH access of files over Emacs. I have no ideas what the options here mean, but this is a recommended configuration that I found (sadly I lost the link). I need to research more what these options really do.
@@ -11564,7 +11619,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.23. diff-hl
      
+
      4.4.24. diff-hl
      
 
      
 
      
 This is a simple highlighting utility that uses the margin to visually show the differences since the last git commit.
@@ -11586,7 +11641,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.24. Commenting
      
+
      4.4.25. Commenting
      
 
      
 
      
 This package allows for swift commenting out and in of code snippets. For some reason, it is a bit broken in my config, as it sometimes comments out too much, sometimes too little, and sometimes it splits lines during commenting. Also, in org-mode when inside a src-block, it often times jumps to the top of the block.
@@ -11606,7 +11661,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.25. yasnippet
      
+
      4.4.26. yasnippet
      
 
      
 
      
 yasnippet allows to define snippets that can be quickly expanded by hitting the TAB key after inputting a keyword.
@@ -11693,7 +11748,7 @@ 
      4
 
 
      
 
      
-
      4.4.26. eglot
      
+
      4.4.27. eglot
      
 
      
 
      
 After having tried out lsp-mode and lsp-bridge for a while each, I must say that eglot feels the most clean and fast to me.
@@ -11735,7 +11790,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.27. Breadcrumb
      
+
      4.4.28. Breadcrumb
      
 
      
 
      
 This simple shows the path to the current file on the top of the buffer - I just think it looks kind of neat, even though it is not extremely useful :)
@@ -11751,7 +11806,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.28. Prevent breaking of hardlinks
      
+
      4.4.29. Prevent breaking of hardlinks
      
 
      
 
      
 This setting ensures that hard links are preserved during the backup process, which is useful for maintaining the integrity of files that are linked in multiple locations.
@@ -11766,7 +11821,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.29. Dirvish
      
+
      4.4.30. Dirvish
      
 
      
 
      
 Dirvish is an improvement upon the dired-framework and has more features like file preview etc. Sadly it has an incompatibility with openwith which is why I have disabled that package.
@@ -11830,7 +11885,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.30. pdf-tools: pdf-viewer and support for dirvish
      
+
      4.4.31. pdf-tools: pdf-viewer and support for dirvish
      
 
      
 
      
 This enables pdf-previewing in dirvish and gives a much better pdf-viewer than is shipped normally by emacs.
@@ -11849,7 +11904,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.31. Jupyter
      
+
      4.4.32. Jupyter
      
 
      
 
      
 This is a jupyter client. Using it is a bit cumbersome though, so I have not fully explored all features.
@@ -11864,7 +11919,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.32. undo-tree
      
+
      4.4.33. undo-tree
      
 
      
 
      
 Base emacs undo logic is very useful, but not easy to understand for me. I prefer undo-tree, which makes switching between branches easier and also allows quickly switching back to a much older state using the visualizer.
@@ -11903,7 +11958,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.33. Hydra
      
+
      4.4.34. Hydra
      
 
      
 
      
 Hydra allows for the writing of macro-style functions. I have not yet looked into this all too much, but it seems to be a potent feature.
@@ -11940,7 +11995,7 @@ 
      4
 
 
      
 
      
-
      4.4.34. External Applications
      
+
      4.4.35. External Applications
      
 
      
 
      
 
        
@@ -12089,7 +12144,7 @@ 
        4
 
      
 
      
 
      
-
      4.4.35. Email
      
+
      4.4.36. Email
      
 
      
 
      
 
        
@@ -12199,7 +12254,7 @@ 
        4
 
      
 
      
 
      
-
      4.4.36. Calendar
      
+
      4.4.37. Calendar
      
 
      
 
      
 This provides a beautiful calender to emacs.
@@ -12266,7 +12321,7 @@ 
      4
 
      
 
      
 
      
-
      4.4.37. Dashboard: emacs startup screen
      
+
      4.4.38. Dashboard: emacs startup screen
      
 
      
 
      
 This sets up the dashboard, which is really quite useless. But, it looks cool and makes me happy whenever I start an emacsclient without a file name as argument :)
@@ -12958,7 +13013,7 @@ 
      5
 
      
 
      
 
      Author: Leon Schwarzäugl
      
-
      Created: 2024-07-19 Fr 14:29
      
+
      Created: 2024-07-20 Sa 00:04
      
 
      Validate
      
 
      
 
diff --git a/profiles/TEMPLATE/home.nix b/profiles/TEMPLATE/home.nix
index 037c9a8..ed5c6b2 100644
--- a/profiles/TEMPLATE/home.nix
+++ b/profiles/TEMPLATE/home.nix
@@ -41,26 +41,27 @@
   # -----------------------------------------------------------------
   # is this machine always connected to power? If yes, use this block:
   #
-  # programs.waybar.settings.mainBar."custom/pseudobat"= {
-  #   format= "";
-  #   on-click-right= "wlogout -p layer-shell";
+  # programs.waybar.settings.mainBar."custom/pseudobat" = {
+  #   format = "";
+  #   on-click-right = "wlogout -p layer-shell";
   # };
-  # programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-  #                                                   "mpris"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "network"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "pulseaudio"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "custom/pseudobat"
-  #                                                   "battery"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "group/hardware"
-  #                                                   "custom/left-arrow-light"
-  #                                                   "clock#2"
-  #                                                   "custom/left-arrow-dark"
-  #                                                   "clock#1"
-  #                                                  ];
+  # programs.waybar.settings.mainBar.modules-right = [
+  #   "custom/outer-left-arrow-dark"
+  #   "mpris"
+  #   "custom/left-arrow-light"
+  #   "network"
+  #   "custom/left-arrow-dark"
+  #   "pulseaudio"
+  #   "custom/left-arrow-light"
+  #   "custom/pseudobat"
+  #   "battery"
+  #   "custom/left-arrow-dark"
+  #   "group/hardware"
+  #   "custom/left-arrow-light"
+  #   "clock#2"
+  #   "custom/left-arrow-dark"
+  #   "clock#1"
+  # ];
   #
   # -----------------------------------------------------------------
 
diff --git a/profiles/common/home.nix b/profiles/common/home.nix
index 4ed5dca..ade4368 100644
--- a/profiles/common/home.nix
+++ b/profiles/common/home.nix
@@ -29,6 +29,7 @@
 
     # nix
     alejandra
+    nixpkgs-fmt
     deadnix
     statix
 
@@ -170,31 +171,33 @@
     noto-fonts-cjk-sans
 
     # cura
-    (let
-      cura5 = appimageTools.wrapType2 rec {
-        name = "cura5";
-        version = "5.4.0";
-        src = fetchurl {
-          url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
-          hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
+    (
+      let
+        cura5 = appimageTools.wrapType2 rec {
+          name = "cura5";
+          version = "5.4.0";
+          src = fetchurl {
+            url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
+            hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
+          };
+          extraPkgs = pkgs: with pkgs; [];
         };
-        extraPkgs = pkgs: with pkgs; [];
-      };
-    in
-      writeScriptBin "cura" ''
-        #! ${pkgs.bash}/bin/bash
-        # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
-        # So we convert each of the files passed as argument to an absolute path.
-        # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
-        args=()
-        for a in "$@"; do
-            if [ -e "$a" ]; then
-               a="$(realpath "$a")"
-            fi
-            args+=("$a")
-        done
-        exec "${cura5}/bin/cura5" "''${args[@]}"
-      '')
+      in
+        writeScriptBin "cura" ''
+          #! ${pkgs.bash}/bin/bash
+          # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
+          # So we convert each of the files passed as argument to an absolute path.
+          # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`.
+          args=()
+          for a in "$@"; do
+              if [ -e "$a" ]; then
+                 a="$(realpath "$a")"
+              fi
+              args+=("$a")
+          done
+          exec "${cura5}/bin/cura5" "''${args[@]}"
+        ''
+    )
 
     #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state
     (pkgs.writeShellScriptBin "e" ''
@@ -332,7 +335,10 @@
 
   programs.ssh = {
     enable = true;
-    extraConfig = "SetEnv TERM=xterm-256color";
+    forwardAgent = true;
+    extraConfig = ''
+      SetEnv TERM=xterm-256color
+    '';
     matchBlocks = {
       "nginx" = {
         hostname = "192.168.1.14";
@@ -406,57 +412,18 @@
         hostname = "193.122.53.173";
         user = "root"; #this is a oracle vm server but needs root due to nixos-infect
       };
+      "songdiver" = {
+        hostname = "89.168.100.65";
+        user = "ubuntu";
+      };
       "pkv" = {
         hostname = "46.232.248.161";
         user = "root";
       };
-      "nebula" = {
-        hostname = "128.131.171.15";
-        user = "amp23s56";
-        compression = true;
-        identityFile = "~/.ssh/id_ed25519";
-        proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        extraOptions = {
-          "TCPKeepAlive" = "yes";
-        };
-      };
       "efficient" = {
         hostname = "g0.complang.tuwien.ac.at";
         forwardAgent = true;
         user = "ep01427399";
-
-        # leaving the below lines in for future reference
-
-        # remoteForwards = [
-        #   {
-        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent";
-        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
-        #   }
-        #   {
-        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh";
-        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
-        #   }
-        # ];
-        # extraOptions = {
-        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
-        # "StreamLocalBindUnlink" = "yes";
-        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh";
-        # };
-        # setEnv = {
-        #   "TERM" = "xterm";
-        # };
-      };
-      "hydra" = {
-        hostname = "128.131.171.215";
-        user = "hpc23w33";
-        compression = true;
-        forwardAgent = true;
-        # identityFile = "~/.ssh/id_tuwien_hpc";
-        # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        extraOptions = {
-          "TCPKeepAlive" = "yes";
-        };
       };
     };
   };
@@ -550,21 +517,21 @@
     pandoc.enable = true;
     fzf.enable = true;
     zoxide.enable = true;
+  };
 
-    nix-index = let
-      command-not-found = pkgs.runCommandLocal "command-not-found.sh" {} ''
-        mkdir -p $out/etc/profile.d
-        substitute ${../../scripts/command-not-found.sh}                  \
-          $out/etc/profile.d/command-not-found.sh             \
-          --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
-          --replace @tput@ ${pkgs.ncurses}/bin/tput
-      '';
-    in {
-      enable = true;
-      package = pkgs.symlinkJoin {
-        name = "nix-index";
-        paths = [command-not-found];
-      };
+  programs.nix-index = let
+    command-not-found = pkgs.runCommandLocal "command-not-found.sh" {} ''
+      mkdir -p $out/etc/profile.d
+      substitute ${../../scripts/command-not-found.sh}                  \
+        $out/etc/profile.d/command-not-found.sh             \
+        --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
+        --replace @tput@ ${pkgs.ncurses}/bin/tput
+    '';
+  in {
+    enable = true;
+    package = pkgs.symlinkJoin {
+      name = "nix-index";
+      paths = [command-not-found];
     };
   };
 
diff --git a/profiles/threed/home.nix b/profiles/threed/home.nix
index 57cef2b..7ba133e 100644
--- a/profiles/threed/home.nix
+++ b/profiles/threed/home.nix
@@ -102,8 +102,8 @@
     };
 
     extraConfig = "
-    exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
-    exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
-    ";
+      exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
+      exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
+      ";
   };
 }
diff --git a/programs/emacs/init.el b/programs/emacs/init.el
index b44bff4..daa337f 100644
--- a/programs/emacs/init.el
+++ b/programs/emacs/init.el
@@ -263,6 +263,31 @@ create a new one."
         (while (re-search-forward (concat "^" (regexp-quote common-prefix) "\\.") end t)
           (replace-match ""))))))
 
+(defun swarsel/org-nixpkgs-fmt-block-lite ()
+  (interactive)
+  (org-babel-mark-block)
+  (call-interactively 'nixpkgs-fmt-region))
+
+
+  (defun swarsel/org-nixpkgs-fmt-block ()
+    (interactive)
+    (save-excursion
+      (let* ((element (org-element-at-point))
+             (begin (org-element-property :begin element))
+             (end (org-element-property :end element))
+             (lang (org-element-property :language element)))
+        (when lang
+          (goto-char begin)
+          (forward-line)
+          (insert "{")
+          (goto-char end)
+          (forward-line -1)
+          (beginning-of-line)
+          (forward-char -1)
+          (insert "}")
+          (org-babel-mark-block)
+          (call-interactively 'nixpkgs-fmt-region)))))
+
 ;; Make ESC quit prompts
 (global-set-key (kbd "") 'keyboard-escape-quit)
 
@@ -1074,6 +1099,8 @@ create a new one."
 (use-package nix-mode
   :mode "\\.nix\\'")
 
+(use-package nixpkgs-fmt)
+
 (setq markdown-command "pandoc")
 
 (use-package markdown-mode