update

.gitignore

@@ -1,2 +1,3 @@
 .null-ls*
 nixos-switch.log
+result

flake.lock

@@ -7,15 +7,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1732482255,
-        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
+        "lastModified": 1749154018,
+        "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
+        "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -27,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732139495,
-        "narHash": "sha256-bsL1CZWp5fMDXP6U0Ipwi/XA1YigK9ON+pC7Cxurgec=",
+        "lastModified": 1741303672,
+        "narHash": "sha256-eRKbKccBu3PK/oJpmUuLo+0v45d0SEjosE8tVsHbpeA=",
         "owner": "musnix",
         "repo": "musnix",
-        "rev": "996b38613a282299c852eca204a10914c6b0074d",
+        "rev": "d56a15f30329f304151e4e05fa82264d127da934",
         "type": "github"
       },
       "original": {
@@ -42,11 +43,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1750400657,
+        "narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "b2485d56967598da068b5a6946dadda8bfcbcd37",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1750506804,
+        "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "4206c4cb56751df534751b058295ea61357bbbaa",
         "type": "github"
       },
       "original": {
@@ -61,6 +78,7 @@
         "home-manager": "home-manager",
         "musnix": "musnix",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix"
       }
     },
@@ -71,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732575825,
-        "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
+        "lastModified": 1750119275,
+        "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
+        "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,55 +2,115 @@
   description = "Nixos config flake";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
-    home-manager = {
-      url = "github:nix-community/home-manager";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
 
-    musnix = {
-      url = "github:musnix/musnix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    musnix.url = "github:musnix/musnix";
+    musnix.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = {
     nixpkgs,
+    nixpkgs-unstable,
     home-manager,
     sops-nix,
+    musnix,
     ...
   } @ inputs: let
     system = "x86_64-linux";
     pkgs = import nixpkgs {
       inherit system;
+      overlays = [
+        # make unstable packages available via overlay
+        (final: prev: {
+          unstable = nixpkgs-unstable.legacyPackages.${prev.system};
+        })
+      ];
       config = {
-        allowUnfree = true;
-        rocmSupport = true;
+        allowUnfreePredicate = pkg:
+          builtins.elem (nixpkgs.lib.getName pkg) [
+            "discord"
+            "samsung-unified-linux-driver"
+            "steam"
+            "steam-unwrapped"
+            "stm32cubemx"
+            "obsidian"
+          ];
       };
     };
   in {
-    nixosConfigurations."MaxNixosLaptop" = nixpkgs.lib.nixosSystem {
-      specialArgs = {
-        inherit inputs;
-        inherit pkgs;
+    nixosConfigurations = {
+      "MaxNixosLaptop" = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = {
+          inherit inputs system;
+        };
+        modules = [
+          ./hosts/MaxNixosLaptop/configuration.nix
+          sops-nix.nixosModules.sops
+          home-manager.nixosModules.default
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.sharedModules = [
+              sops-nix.homeManagerModules.sops
+            ];
+          }
+          musnix.nixosModules.musnix
+          {
+            nixpkgs = {
+              overlays = [
+                # make unstable packages available via overlay
+                (final: prev: {
+                  unstable = nixpkgs-unstable.legacyPackages.${prev.system};
+                })
+              ];
+              config = {
+                allowUnfreePredicate = pkg:
+                  builtins.elem (nixpkgs.lib.getName pkg) [
+                    "discord"
+                    "samsung-unified-linux-driver"
+                    "steam"
+                    "steam-unwrapped"
+                    "stm32cubemx"
+                    "obsidian"
+                  ];
+              };
+            };
+          }
+        ];
+      };
+      ServerIso = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          #./machine.nix
+          (nixpkgs
+            + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+          (nixpkgs + "/nixos/modules/installer/cd-dvd/channel.nix")
+          ({pkgs, ...}: {
+            # Enable SSH in the boot process.
+            systemd.services.sshd.wantedBy =
+              pkgs.lib.mkForce ["multi-user.target"];
+            users.users.root.openssh.authorizedKeys.keys = [
+              # your ssh key
+              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLRNvgrjnBizuruEm6htmvc6F1uGath9T7WjAh6ogPD root@host"
+            ];
+            isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+            networking = {
+              usePredictableInterfaceNames = false;
+              useDHCP = true;
+              nameservers = ["1.1.1.1"];
+              hostName = "host";
+            };
+          })
+        ];
       };
-      system = "x86_64-linux";
-      modules = [
-        ./hosts/MaxNixosLaptop/configuration.nix
-        sops-nix.nixosModules.sops
-        home-manager.nixosModules.default
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-        }
-        inputs.musnix.nixosModules.musnix
-      ];
     };
   };
 }

hosts/MaxNixosLaptop/configuration.nix

@@ -2,7 +2,6 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 {
-  config,
   pkgs,
   inputs,
   ...
@@ -19,45 +18,19 @@
     desktop = true;
     gpu.amd.enable = true;
     laptop = true;
-  };
-
-  networking.hostName = "MaxNixosLaptop"; # Define your hostname.
-
-  # NIXOS
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org"];
-    trusted-public-keys = [
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-    ];
+    network.hostName = "MaxNixosLaptop";
   };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.max = {
-    isNormalUser = true;
-    description = "Max Känner";
-    extraGroups = ["networkmanager" "wheel" "libvirtd" "dialout"];
-    shell = pkgs.zsh;
-  };
-
-  networking.firewall.enable = false;
-
-  home-manager = {
-    extraSpecialArgs = {inherit inputs;};
-    users = {
-      "max" = import ./home.nix;
-    };
-  };
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
-    bambu-studio
+    unstable.bambu-studio
     neovim
     wget
     fprintd
     qemu
-    quickemu
     home-manager
     (let
       base = appimageTools.defaultFhsEnvArgs;
@@ -84,131 +57,21 @@
         }))
   ];
 
-  fonts.packages = with pkgs; [
-    nerd-fonts.fira-code
-    montserrat
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-  programs.ssh.startAgent = true;
-  programs.nix-ld.enable = true;
-  programs.nix-ld.libraries = [
-  ];
-
-  programs.zsh.enable = true;
-  programs.steam.enable = true;
-
-  security.polkit.enable = true;
-  environment.sessionVariables.NIXOS_OZONE_WL = "1";
-
-  virtualisation = {
-    podman = {
-      enable = true;
-      dockerCompat = true;
-      defaultNetwork.settings.dns_enabled = true;
-    };
-    libvirtd = {
-      enable = true;
-      qemu = {
-        package = pkgs.qemu_kvm;
-        runAsRoot = true;
-        swtpm.enable = true;
-        ovmf = {
-          enable = true;
-          packages = [
-            (pkgs.OVMF.override {
-              secureBoot = true;
-              tpmSupport = true;
-            })
-            .fd
-          ];
-        };
-      };
-    };
-  };
-
-  # List services that you want to enable:
-
   # fingerprint unlock
   services.fprintd.enable = true;
 
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-  };
-  services.blueman.enable = true;
-
   services.udisks2.enable = true;
 
   services.udev = {
     enable = true;
     packages = with pkgs; [
       picoprobe-udev-rules
-      teensy-udev-rules
       qmk-udev-rules
       game-devices-udev-rules
       android-udev-rules
     ];
-    extraRules = ''
-      ACTION=="add", KERNEL=="event[0-9]*", DEVPATH="/devices/platform/AMDI0010:02/i2c-2/i2c-ELAN2513:00/0018:04F3:2D9C.0001/input/input[0-9]*/event[0-9]*", SYMLINK+="touchscreen0"
-    '';
   };
 
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    jack.enable = true;
-    pulse.enable = true;
-  };
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  system.autoUpgrade = {
-    enable = true;
-    flake = inputs.self.outPath;
-    flags = [
-      "--update-input"
-      "nixpkgs"
-      "--update-input"
-      "home-manager"
-      "--update-input"
-      "sops-nix"
-      "--update-input"
-      "musnix"
-      "--commit-lock-file"
-      "-L"
-      "--cores"
-      "12"
-      "-j"
-      "12"
-    ];
-    dates = "daily";
-    randomizedDelaySec = "45min";
-  };
-
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
-
-  nix.gc = {
-    automatic = true;
-    dates = "10:00";
-    randomizedDelaySec = "45min";
-    options = "--delete-older-than 14d";
-  };
-  nix.settings.auto-optimise-store = true;
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

modules/home/programs/default.nix

@@ -6,7 +6,7 @@
 }: let
   cfg = config.myConfig.programs;
 in {
-  imports = [./foot.nix ./thunderbird.nix ./nextcloud.nix ./udiskie.nix];
+  imports = [./foot.nix ./thunderbird.nix ./nextcloud.nix ./udiskie.nix ./wezterm.nix ./rclone.nix];
 
   options.myConfig.programs = {
     enable = lib.mkEnableOption "programs for desktop use";
@@ -15,8 +15,9 @@ in {
   config = lib.mkIf cfg.enable {
     myConfig.programs = {
       foot.enable = lib.mkDefault true;
+      wezterm.enable = lib.mkDefault true;
       thunderbird.enable = lib.mkDefault true;
-      nextcloud.enable = lib.mkDefault true;
+      rclone.enable = lib.mkDefault true;
       udiskie.enable = lib.mkDefault true;
     };
 
@@ -39,7 +40,7 @@ in {
       discord
       libreoffice-fresh
       mate.caja
-      libsForQt5.okular
+      mate.atril
       mpv
       gimp
       freecad
@@ -51,6 +52,11 @@ in {
       wl-clipboard
       gimp
       godot_4
+      ripgrep-all
+      stm32cubemx
+      flatpak
+      obsidian
+      marksman
     ];
   };
 }

modules/home/programs/nextcloud.nix

@@ -1,6 +1,7 @@
 {
   lib,
   config,
+  pkgs,
   ...
 }: let
   cfg = config.myConfig.programs.nextcloud;
@@ -10,6 +11,9 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    services.nextcloud-client.enable = true;
+    services.nextcloud-client = {
+      enable = true;
+      package = pkgs.unstable.nextcloud-client;
+    };
   };
 }

modules/home/programs/rclone.nix

@@ -0,0 +1,125 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  cfg = config.myConfig.programs.rclone;
+in {
+  options.myConfig.programs.rclone = {
+    enable = lib.mkEnableOption "nextcloud sync using rclone";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops = {
+      age.keyFile = "/home/max/.config/sops/age/keys.txt";
+      secrets = {
+        "cloud/url" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+        "cloud/user" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+        "cloud/pass" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+        "luhbots/url" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+        "luhbots/user" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+        "luhbots/pass" = {
+          sopsFile = ../../../secrets/rclone.yaml;
+        };
+      };
+
+      templates."rclone.conf".content = ''
+        [cloud]
+        type = webdav
+        url = ${config.sops.placeholder."cloud/url"}
+        vendor = nextcloud
+        user = ${config.sops.placeholder."cloud/user"}
+        pass = ${config.sops.placeholder."cloud/pass"}
+        nextcloud_chunk_size = 128M
+
+        [luhbots]
+        type = webdav
+        url = ${config.sops.placeholder."luhbots/url"}
+        vendor = nextcloud
+        user = ${config.sops.placeholder."luhbots/user"}
+        pass = ${config.sops.placeholder."luhbots/pass"}
+      '';
+    };
+
+    home.packages = with pkgs; [rclone fuse3];
+
+    systemd.user = {
+      services = {
+        luhbots-mount = {
+          Unit = {
+            Description = "Mount the luhbots nextcloud";
+            After = ["network-online.target"];
+          };
+          Service = {
+            Type = "notify";
+            ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p \"%h/luhbots Nextcloud\"";
+            ExecStart = "${pkgs.rclone}/bin/rclone --config=${config.sops.templates."rclone.conf".path} --vfs-cache-mode full --vfs-cache-max-age 1w mount \"luhbots:\" \"%h/luhbots Nextcloud\"";
+            ExecStop = "/bin/fusermount -u \"%h/luhbots Nextcloud\"";
+            Environment = ["PATH=/run/wrappers/bin/:$PATH"];
+          };
+          Install.WantedBy = ["default.target"];
+        };
+        music-mount = {
+          Unit = {
+            Description = "Mount the music directory from my cloud";
+            After = ["network-online.target"];
+          };
+          Service = {
+            Type = "notify";
+            ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p \"%h/Music\"";
+            ExecStart = "${pkgs.rclone}/bin/rclone --config=${config.sops.templates."rclone.conf".path} --vfs-cache-mode full --vfs-cache-max-age 1w mount \"cloud:Music\" \"%h/Music\"";
+            ExecStop = "/bin/fusermount -u \"%h/Music\"";
+            Environment = ["PATH=/run/wrappers/bin/:$PATH"];
+          };
+          Install.WantedBy = ["default.target"];
+        };
+        videos-mount = {
+          Unit = {
+            Description = "Mount the videos directory from my cloud";
+            After = ["network-online.target"];
+          };
+          Service = {
+            Type = "notify";
+            ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p \"%h/Videos\"";
+            ExecStart = "${pkgs.rclone}/bin/rclone --config=${config.sops.templates."rclone.conf".path} --vfs-cache-mode full --vfs-cache-max-age 1w mount \"cloud:Videos\" \"%h/Videos\"";
+            ExecStop = "/bin/fusermount -u \"%h/Videos\"";
+            Environment = ["PATH=/run/wrappers/bin/:$PATH"];
+          };
+          Install.WantedBy = ["default.target"];
+        };
+        sync-Documents = {
+          Unit = {
+            Description = "Sync the Documents folder with the cloud Documents folder using bisync";
+            After = ["network-online.target"];
+          };
+          Service = {
+            Type = "oneshot";
+            ExecStart = "${pkgs.rclone}/bin/rclone --config=${config.sops.templates."rclone.conf".path} --resilient --recover -v --conflict-resolve newer --exclude-from %h/Documents/sync-exclude.txt bisync cloud:Documents %h/Documents";
+          };
+          Install.WantedBy = ["default.target"];
+        };
+      };
+      timers = {
+        sync-Documents = {
+          Unit.Description = "Sync Documents folder every half hour";
+          Timer = {
+            OnBootSec = "15min";
+            OnUnitActiveSec = "30min";
+          };
+          Install.WantedBy = ["timers.target"];
+        };
+      };
+    };
+  };
+}

modules/home/programs/thunderbird.nix

@@ -61,6 +61,28 @@ in {
         thunderbird.enable = true;
       };
       "luhbots" = {
+        address = "max.kaenner@luhbots-hannover.de";
+        userName = "max.kaenner@luhbots-hannover.de";
+        realName = "Max Känner";
+        imap = {
+          host = "mxe96b.netcup.net";
+          port = 993;
+          tls = {
+            enable = true;
+            useStartTls = false;
+          };
+        };
+        smtp = {
+          host = "mxe96b.netcup.net";
+          port = 465;
+          tls = {
+            enable = true;
+            useStartTls = false;
+          };
+        };
+        thunderbird.enable = true;
+      };
+      "luhbots-alt" = {
         address = "max.kaenner@luhbots.de";
         userName = "max.kaenner@luhbots.de";
         realName = "Max Känner";
@@ -104,6 +126,23 @@ in {
         };
         thunderbird.enable = true;
       };
+      "max mkaenner" = {
+        address = "max@mkaenner.de";
+        aliases = ["admin@mkaenner.de"];
+        userName = "max@mkaenner.de";
+        realName = "Max Känner";
+        imap = {
+          host = "mail.mkaenner.de";
+          port = 993;
+          tls.enable = true;
+        };
+        smtp = {
+          host = "mail.mkaenner.de";
+          port = 465;
+          tls.enable = true;
+        };
+        thunderbird.enable = true;
+      };
     };
 
     programs.thunderbird = {

modules/home/programs/wezterm.nix

@@ -0,0 +1,56 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.myConfig.programs.wezterm;
+in {
+  options.myConfig.programs.wezterm = {
+    enable = lib.mkEnableOption "wezterm, a wayland terminal emulator";
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.wezterm = {
+      enable = true;
+      enableBashIntegration = true;
+      enableZshIntegration = true;
+      colorSchemes = {
+        myTheme = {
+          ansi = [
+            "#26211e"
+            "#f75b72"
+            "#67af34"
+            "#c98b1a"
+            "#509af6"
+            "#ca64f3"
+            "#1faeae"
+            "#c1b7b0"
+          ];
+          brights = [
+            "#585049"
+            "#fb8590"
+            "#75c73b"
+            "#e49f27"
+            "#77b1fb"
+            "#d68af7"
+            "#24c6c6"
+            "#f2f0ef"
+          ];
+          background = "#0a0807";
+          foreground = "#e6e2de";
+        };
+      };
+      extraConfig = ''
+        local wezterm = require 'wezterm'
+        local config = wezterm.config_builder()
+
+        config.font = wezterm.font 'FiraCode Nerd Font Mono'
+        config.front_end = 'WebGpu'
+        config.enable_tab_bar = false
+        config.color_scheme = 'myTheme'
+
+        return config
+      '';
+    };
+  };
+}

modules/home/shell/neovim.nix

@@ -24,6 +24,7 @@ in {
       extraLuaConfig = ''
         -- This file simply bootstraps the installation of Lazy.nvim and then calls other files for execution
         -- This file doesn't necessarily need to be touched, BE CAUTIOUS editing this file and proceed at your own risk.
+        vim.g.gcc_bin_path = '${lib.getExe pkgs.gcc}'
         local lazypath = vim.env.LAZY or vim.fn.stdpath "data" .. "/lazy/lazy.nvim"
         if not (vim.env.LAZY or (vim.uv or vim.loop).fs_stat(lazypath)) then
           -- stylua: ignore
@@ -48,10 +49,25 @@ in {
         zig
         cargo
         rust-analyzer
-        rustup
         nodejs
         nixd
         alejandra
+        python3Full
+        neocmakelsp
+        ripgrep
+        gdu
+        bottom
+        luajitPackages.luarocks-nix
+        lua
+        go
+        statix
+        deadnix
+        tree-sitter
+        texliveMedium
+        biber
+        gcc
+        just-lsp
+        marksman
       ];
     };
 

modules/home/shell/nvim-lua/community.lua

@@ -6,6 +6,7 @@ return {
 	{ import = "astrocommunity.pack.docker" },
 	{ import = "astrocommunity.pack.html-css" },
 	{ import = "astrocommunity.pack.json" },
+	{ import = "astrocommunity.pack.just" },
 	{ import = "astrocommunity.pack.lua" },
 	{ import = "astrocommunity.pack.markdown" },
 	{ import = "astrocommunity.pack.nix" },

modules/home/shell/nvim-lua/plugins/astrocore.lua

@@ -1,35 +1,41 @@
 ---@type LazySpec
 return {
-  "AstroNvim/astrocore",
-  opts = {
-    options = {
-      opt = {
-        relativenumber = false,
-        number = true,
-        spell = true,
-        signcolumn = "yes",
-        wrap = true,
-        colorcolumn = "80,120",
-      },
-      g = {
-        inlay_hints_enabled = true,
-      },
-    },
-    lsp = {
-      config = {
-        rust_analyzer = {
-          settings = {
-            ["rust-analyzer"] = {
-              cargo = { buildScripts = { enable = true } },
-              procMacro = { enable = true },
-              check = {
-                command = "clippy",
-              },
-            },
-          },
-        },
-        clangd = { capabilities = { offsetEncoding = "utf-8" } },
-      },
-    },
-  },
+	"AstroNvim/astrocore",
+	opts = {
+		options = {
+			opt = {
+				relativenumber = false,
+				number = true,
+				spell = true,
+				signcolumn = "yes",
+				wrap = true,
+				colorcolumn = "80,120",
+			},
+			g = {
+				inlay_hints_enabled = true,
+			},
+		},
+		lsp = {
+			config = {
+				rust_analyzer = {
+					settings = {
+						["rust-analyzer"] = {
+							cargo = {
+								buildScripts = { enable = true },
+								allFeatures = false,
+								extraArgs = { "--release" },
+							},
+							installCargo = false,
+							installRustc = false,
+							procMacro = { enable = true },
+							check = {
+								command = "clippy",
+							},
+						},
+					},
+				},
+				clangd = { capabilities = { offsetEncoding = "utf-8" } },
+			},
+		},
+	},
 }

modules/home/shell/nvim-lua/plugins/nvim-treesitter.lua

@@ -0,0 +1,8 @@
+return {
+  {
+    "nvim-treesitter/nvim-treesitter",
+    config = function ()
+      require("nvim-treesitter.install").compilers = {vim.g.gcc_bin_path}
+    end,
+  }
+}

modules/home/shell/nvim-lua/plugins/user.lua

@@ -1,5 +1,52 @@
 ---@type LazySpec
 return {
+  -- {
+  --   "catppuccin/nvim",
+  --   name = "catppuccin",
+  --   opts = {
+  --     -- configuration options...
+  --     flavor = "mocha",
+  --     dim_inactive = {
+  --       enable = true,
+  --       shade = "light",
+  --       percentage = 0.15,
+  --     },
+  --     color_overrides = {
+  --       mocha = {
+  --         base = "#26211e",
+  --         crust = "#0a0807",
+  --         mantle = "#585049",
+  --         text = "#e6e2de",
+  --         subtext0 = "#c6c2be",
+  --         subtext1 = "#a6a29e",
+  --         surface0 = "#585049",
+  --         surface1 = "#c1b7b0",
+  --         surface2 = "#f2f0ef",
+  --
+  --         red = "#f75b72",
+  --         green = "#67af34",
+  --         yellow = "#c98b1a",
+  --         blue = "#509af6",
+  --         pink = "#ca64f3",
+  --         teal = "#1faeae",
+  --
+  --         bright_red    = "#fb8590",
+  --         bright_green  = "#75c73b",
+  --         bright_yellow = "#e49f27",
+  --         bright_blue   = "#77b1fb",
+  --         bright_pink   = "#d68af7",
+  --         bright_teal   = "#24c6c6",
+  --       },
+  --     },
+  --   },
+  -- },
+  -- {
+  --   "AstroNvim/astroui",
+  --   ---@type AstroUIOpts
+  --   opts = {
+  --     colorscheme = "catppuccin",
+  --   },
+  -- },
   {
     "p00f/clangd_extensions.nvim",
     optional = true,

modules/home/shell/zsh.nix

@@ -44,7 +44,7 @@ in {
       };
       syntaxHighlighting.enable = true;
       syntaxHighlighting.highlighters = ["main" "brackets"];
-      initExtra = ''
+      initContent = ''
         # auto completion
         bindkey '^I' complete-word
         bindkey '^[[Z' autosuggest-accept

modules/home/sway/default.nix

@@ -64,10 +64,20 @@ in {
     home.packages = with pkgs; [
       swaylock # screen locking
       swayidle # automatic screen locking after system idle time
-      foot # terminal
+      wezterm # terminal
       keepassxc # used for secrets instead of gnome-keyring
+
+      # fonts
+      noto-fonts
+      nerd-fonts.fira-code
+      nerd-fonts.fira-mono
+      fira
     ];
 
+    home.sessionVariables = {
+      NIXOS_OZONE_WL = "1";
+    };
+
     wayland.windowManager.sway = {
       enable = true;
       systemd = {
@@ -122,10 +132,12 @@ in {
           };
           # map laptop touchscreen to laptop display
           "1267:11676:ELAN2513:00_04F3:2D9C" = lib.mkIf cfg.laptop {
+            tap = "enable";
             map_to_output = "'AU Optronics 0x4B2D Unknown'";
           };
           # map laptop stylus to laptop display
           "1267:11676:ELAN2513:00_04F3:2D9C_Stylus" = lib.mkIf cfg.laptop {
+            tap = "enable";
             map_to_output = "'AU Optronics 0x4B2D Unknown'";
           };
         };
@@ -140,6 +152,7 @@ in {
             "${modifier}+2" = "workspace term";
             "${modifier}+3" = "workspace msg";
             "${modifier}+4" = "workspace music";
+            "${modifier}+o" = "workspace obsidian";
             "${modifier}+Shift+1" = "move container to workspace main";
             "${modifier}+Shift+2" = "move container to workspace term";
             "${modifier}+Shift+3" = "move container to workspace msg";
@@ -150,8 +163,8 @@ in {
             "${modifier}+Shift+Print" = ''exec ${pkgs.wf-recorder}/bin/wf-recorder -g "$(${pkgs.slurp}/bin/slurp)" -f "$HOME/Videos/screencapture_$(${pkgs.coreutils}/bin/date +%F-%T).mp4"'';
 
             # brightness
-            "XF86MonBrightnessDown" = "exec ${pkgs.light}/bin/light -U 5";
-            "XF86MonBrightnessUp" = "exec ${pkgs.light}/bin/light -A 5";
+            "XF86MonBrightnessDown" = "exec ${pkgs.light}/bin/light -T 0.9";
+            "XF86MonBrightnessUp" = "exec ${pkgs.light}/bin/light -T 1.1";
             # volume
             "XF86AudioRaiseVolume" = "exec '${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +1%'";
             "XF86AudioLowerVolume" = "exec '${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -1%'";
@@ -162,11 +175,11 @@ in {
           };
         menu = "${pkgs.nwg-launchers}/bin/nwggrid -client";
 
-        # use foot as default terminal
-        terminal = "${pkgs.foot}/bin/foot";
+        # use wezterm as default terminal
+        terminal = "${pkgs.wezterm}/bin/wezterm";
         assigns = {
           "main" = [{app_id = "firefox";}];
-          "term" = [{app_id = "foot-startup";}];
+          "term" = [{app_id = "start-terminal";}];
           "msg" = [
             {title = "\\[Locked\\] - KeePassXC$";}
             {app_id = "thunderbird";}
@@ -174,6 +187,7 @@ in {
             {app_id = "Element";}
           ];
           "music" = [{app_id = "org.rncbc.qpwgraph";}];
+          "obsidian" = [{app_id = "obsidian";} {class = "obsidian";}];
         };
         bars = [];
 
@@ -193,9 +207,10 @@ in {
             {command = "${dbus-sway-environment}/bin/dbus-sway-environment";}
             {command = "${pkgs.nwg-launchers}/bin/nwggrid-server -fp";}
             {command = "${pkgs.keepassxc}/bin/keepassxc";}
-            {command = "${pkgs.foot}/bin/foot -a foot-startup";}
+            {command = "${pkgs.wezterm}/bin/wezterm start --class start-terminal";}
             {command = "${pkgs.networkmanagerapplet}/bin/nm-applet";}
             {command = "${pkgs.firefox}/bin/firefox";}
+            {command = "${pkgs.obsidian}/bin/obsidian";}
           ]
           ++ lib.optionals cfg.laptop [
             {command = "${pkgs.squeekboard}/bin/squeekboard";}
@@ -231,6 +246,10 @@ in {
             workspace = "5";
             output = ["DP-3" "DP-4" "DP-6" "HDMI-A-1" "eDP-1"];
           }
+          {
+            workspace = "obsidian";
+            output = ["eDP-1"];
+          }
         ];
 
         floating.criteria = [
@@ -246,6 +265,7 @@ in {
       extraConfig = lib.mkIf cfg.laptop ''
         bindswitch --reload --locked lid:on exec "[ $(${pkgs.sway}/bin/swaymsg -t get_outputs | ${pkgs.jq}/bin/jq '. | length') -gt 1 ] && ${pkgs.sway}/bin/swaymsg output eDP-1 disable"
         bindswitch --reload --locked lid:off output eDP-1 enable
+        bindgesture --input-device=\'1267:11676:ELAN2513:00_04F3:2D9C\' swipe:3:down exec ${pkgs.nwg-launchers}/bin/nwggrid -client
       '';
     };
 
@@ -261,5 +281,16 @@ in {
         show-fai8led-attempts = true;
       };
     };
+
+    # install fonts
+    fonts.fontconfig = {
+      enable = true;
+      defaultFonts = {
+        emoji = ["Noto Color Emoji"];
+        monospace = ["FiraCode Nerd Fonts" "FiraMono Nerd Font" "FiraMono" "NotoMono Nerd Font"];
+        sansSerif = ["FiraSans" "NotoSans Nerd Font"];
+        serif = ["NotoSerif Nerd Font"];
+      };
+    };
   };
 }

modules/home/sway/kanshi.nix

@@ -52,24 +52,25 @@ in {
           profile.outputs = [
             {
               criteria = "eDP-1";
-              position = "1080,1080";
+              position = "0,1080";
             }
             {
               criteria = "Dell Inc. DELL U2422HE 8YCPH83";
-              position = "1080,0";
+              transform = "normal";
+              position = "0,0";
             }
             {
-              criteria = "NEC Corporation E243WMi 59118576NB";
-              transform = "90";
-              position = "0,0";
+              criteria = "Dell Inc. DELL P2422HE 28XL9M3";
+              transform = "normal";
+              position = "1920,0";
             }
           ];
           profile.exec = [
-            "${pkgs.sway}/bin/swaymsg [workspace=main] move workspace to DP-4"
-            "${pkgs.sway}/bin/swaymsg [workspace=term] move workspace to DP-5"
+            "${pkgs.sway}/bin/swaymsg [workspace=main] move workspace to '\"Dell Inc. DELL U2422HE 8YCPH83\"'"
+            "${pkgs.sway}/bin/swaymsg [workspace=term] move workspace to '\"Dell Inc. DELL P2422HE 28XL9M3\"'"
             "${pkgs.sway}/bin/swaymsg [workspace=msg] move workspace to eDP-1"
             "${pkgs.sway}/bin/swaymsg [workspace=music] move workspace to eDP-1"
-            "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to DP-4"
+            "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to '\"Dell Inc. DELL U2422HE 8YCPH83\"'"
           ];
         }
         {
@@ -168,6 +169,54 @@ in {
             "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to '\"Dell Inc. DELL P2422HE 7VWL9M3\"'"
           ];
         }
+        {
+          profile.outputs = [
+            {
+              criteria = "eDP-1";
+              position = "1080,1080";
+            }
+            {
+              criteria = "Dell Inc. DELL U2422HE 7HCPH83";
+              position = "1080,0";
+            }
+            {
+              criteria = "Dell Inc. DELL U2422HE 1XFFH83";
+              transform = "90";
+              position = "0,0";
+            }
+          ];
+          profile.exec = [
+            "${pkgs.sway}/bin/swaymsg [workspace=main] move workspace to '\"Dell Inc. DELL U2422HE 7HCPH83\"'"
+            "${pkgs.sway}/bin/swaymsg [workspace=term] move workspace to '\"Dell Inc. DELL U2422HE 1XFFH83\"'"
+            "${pkgs.sway}/bin/swaymsg [workspace=msg] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=music] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to '\"Dell Inc. DELL U2422HE 7HCPH83\"'"
+          ];
+        }
+        {
+          profile.outputs = [
+            {
+              criteria = "eDP-1";
+              position = "1080,1080";
+            }
+            {
+              criteria = "DP-3";
+              position = "1080,0";
+            }
+            {
+              criteria = "DP-1";
+              transform = "90";
+              position = "0,0";
+            }
+          ];
+          profile.exec = [
+            "${pkgs.sway}/bin/swaymsg [workspace=main] move workspace to DP-3"
+            "${pkgs.sway}/bin/swaymsg [workspace=term] move workspace to DP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=msg] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=music] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to DP-3"
+          ];
+        }
         {
           profile.name = "docked-4k";
           profile.outputs = [
@@ -211,6 +260,25 @@ in {
             "${pkgs.sway}/bin/swaymsg [workspace=mirror] exec ${pkgs.wl-mirror}/bin/wl-mirror eDP-1"
           ];
         }
+        {
+          profile.outputs = [
+            {
+              criteria = "eDP-1";
+              position = "0,1080";
+            }
+            {
+              criteria = "ViewSonic Corporation VG2448 V5E201864188";
+              position = "0,0";
+            }
+          ];
+          profile.exec = [
+            "${pkgs.sway}/bin/swaymsg [workspace=main] move workspace to '\"ViewSonic Corporation VG2448 V5E201864188\"'"
+            "${pkgs.sway}/bin/swaymsg [workspace=term] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=msg] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=music] move workspace to eDP-1"
+            "${pkgs.sway}/bin/swaymsg [workspace=5] move workspace to '\"ViewSonic Corporation VG2448 V5E201864188\"'"
+          ];
+        }
       ];
     };
   };

modules/home/sway/mako.nix

@@ -12,18 +12,20 @@ in {
   config = lib.mkIf cfg.enable {
     services.mako = {
       enable = true;
-      actions = true;
-      anchor = "top-right";
+      settings = {
+        actions = true;
+        anchor = "top-right";
 
-      borderRadius = 10;
-      borderSize = 2;
-      height = 100;
-      width = 400;
+        border-radius = 10;
+        border-size = 2;
+        height = 100;
+        width = 400;
 
-      defaultTimeout = 10000; # ms
-      font = "FiraCode Nerd Font 11";
-      icons = true;
-      markup = true;
+        default-timeout = 10000; # ms
+        font = "FiraCode Nerd Font 11";
+        icons = true;
+        markup = true;
+      };
     };
   };
 }

modules/home/sway/theme.nix

@@ -116,15 +116,14 @@ in {
     };
     xsession.enable = true;
 
-    services.mako = {
-      backgroundColor = "#313131";
-      borderColor = "#00FFEE";
-      progressColor = "#338833";
-      textColor = "#e0e0e0";
-      extraConfig = ''
-        [urgency=low]
-        border-color=#008877
-      '';
+    services.mako.settings = {
+      background-color = "#313131";
+      border-color = "#00FFEE";
+      progress-color = "#338833";
+      text-color = "#e0e0e0";
+      "urgency=low" = {
+        border-color = "#008877";
+      };
     };
   };
 }

modules/nixos/bluetooth.nix

@@ -0,0 +1,19 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.myConfig.bluetooth;
+in {
+  options.myConfig.bluetooth = {
+    enable = lib.mkEnableOption "bluetooth";
+  };
+
+  config = lib.mkIf cfg.enable {
+    hardware.bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+    services.blueman.enable = true;
+  };
+}

modules/nixos/cache.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.myConfig.cache;
+in {
+  options.myConfig.cache = {
+    enable = lib.mkEnableOption "extra binary caches";
+  };
+
+  config = lib.mkIf cfg.enable {
+    nix.settings = {
+      substituters = ["https://nix-community.cachix.org/" "https://nixpkgs-python.cachix.org/"];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
+      ];
+    };
+  };
+}

modules/nixos/cups.nix

@@ -10,7 +10,7 @@ in {
     enable = lib.mkEnableOption "printing";
   };
 
-  config = {
+  config = lib.mkIf cfg.enable {
     # Enable CUPS to print documents.
     services.printing = {
       enable = true;

modules/nixos/default.nix

@@ -1,31 +1,70 @@
 {
   lib,
   config,
+  system,
+  pkgs,
+  inputs,
   ...
 }: let
   cfg = config.myConfig;
 in {
-  imports = [./bootloader.nix ./locale.nix ./greetd.nix ./rebuild.nix ./sops.nix ./sway.nix ./wifi.nix ./music.nix ./cups.nix ./gpu/amd.nix ./touch.nix];
+  imports = [./bootloader.nix ./locale.nix ./greetd.nix ./rebuild.nix ./sops.nix ./sway.nix ./wifi.nix ./music.nix ./cups.nix ./gpu/amd.nix ./touch.nix ./cache.nix ./nix.nix ./update.nix ./podman.nix ./qemu.nix ./bluetooth.nix ./network.nix ./nix-ld.nix];
 
   options.myConfig = {
     enable = lib.mkEnableOption "my custom config";
     desktop = lib.mkEnableOption "custom config with desktop support";
     laptop = lib.mkEnableOption "extra stuff for laptops like wifi";
+    user = lib.mkOption {
+      default = "max";
+      example = "foo";
+      description = "The main user working on this machine";
+      type = lib.types.nonEmptyStr;
+    };
   };
 
-  config.myConfig = lib.mkIf cfg.enable {
-    bootloader.enable = true;
-    locale.enable = true;
-    rebuild.enable = true;
+  config = lib.mkIf cfg.enable {
+    myConfig = {
+      bootloader.enable = true;
+      locale.enable = true;
+      rebuild.enable = true;
+      cache.enable = true;
+      autoUpdate.enable = true;
+      podman.enable = true;
+      qemu.enable = true;
+      qemu.kvm = lib.mkIf (system == "x86_64-linux") true;
+      network.enable = true;
+      nix-ld.enable = true;
 
-    greetd.enable = lib.mkIf cfg.desktop true;
-    sway.enable = lib.mkIf cfg.desktop true;
-    music.enable = lib.mkIf cfg.desktop true;
-    cups.enable = lib.mkIf cfg.desktop true;
-    wifi.tray = lib.mkIf cfg.desktop true;
+      greetd.enable = lib.mkIf cfg.desktop true;
+      sway.enable = lib.mkIf cfg.desktop true;
+      music.enable = lib.mkIf cfg.desktop true;
+      cups.enable = lib.mkIf cfg.desktop true;
+      wifi.tray = lib.mkIf cfg.desktop true;
 
-    sway.laptop = lib.mkIf cfg.laptop true;
-    wifi.enable = lib.mkIf cfg.laptop true;
-    touch.enable = lib.mkIf cfg.laptop true;
+      sway.laptop = lib.mkIf cfg.laptop true;
+      wifi.enable = lib.mkIf cfg.laptop true;
+      touch.enable = lib.mkIf cfg.laptop true;
+      bluetooth.enable = lib.mkIf cfg.laptop true;
+    };
+
+    users.users.${cfg.user} = {
+      isNormalUser = true;
+      description = "Max Känner";
+      extraGroups = ["wheel" "dialout"];
+      shell = pkgs.zsh;
+    };
+
+    home-manager = {
+      extraSpecialArgs = {inherit inputs;};
+      users.${cfg.user} = import ../../hosts/${cfg.network.hostName}/home.nix;
+    };
+
+    programs.ssh.startAgent = true;
+    programs.zsh.enable = true;
+    programs.steam.enable = true;
+
+    security.polkit.enable = true;
+
+    services.upower.enable = true;
   };
 }

modules/nixos/gpu/amd.nix

@@ -14,8 +14,18 @@ in {
     boot.initrd.kernelModules = ["amdgpu"];
     services.xserver.videoDrivers = ["amdgpu"];
 
-    systemd.tmpfiles.rules = [
-      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+    systemd.tmpfiles.rules = let
+      rocmEnv = pkgs.symlinkJoin {
+        name = "rocm-combined";
+        paths = with pkgs.rocmPackages; [
+          rocblas
+          hipblas
+          rocm-smi
+          clr
+        ];
+      };
+    in [
+      "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
     ];
 
     hardware.graphics = {
@@ -23,7 +33,6 @@ in {
       enable32Bit = true;
       extraPackages = with pkgs; [
         rocmPackages.clr.icd
-        rocmPackages.rocm-smi
         amdvlk
       ];
       extraPackages32 = with pkgs; [

modules/nixos/greetd.nix

@@ -44,8 +44,6 @@ in {
       extraGroups = [];
     };
 
-    services.greetd.enable = true;
-
     environment.etc."greetd/environments".text = ''
       sway
     '';

modules/nixos/music.nix

@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  pkgs,
   ...
 }: let
   cfg = config.myConfig.music;
@@ -11,13 +10,11 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    # musnix = {
-    #   enable = true;
-    #   rtcqs.enable = true;
-    #   kernel.realtime = true;
-    #   kernel.packages = pkgs.linuxPackages-rt_latest;
-    # };
-    users.users.max.extraGroups = ["audio"];
+    musnix = {
+      enable = true;
+      rtcqs.enable = true;
+    };
+    users.users.${config.myConfig.user}.extraGroups = ["audio"];
 
     services.pipewire = {
       enable = true;

modules/nixos/network.nix

@@ -0,0 +1,26 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.myConfig.network;
+in {
+  options.myConfig.network = {
+    enable = lib.mkEnableOption "bluetooth";
+    hostName = lib.mkOption {
+      default = null;
+      example = "host";
+      description = "The host name of this machine";
+      type = lib.types.nullOr lib.types.nonEmptyStr;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking = {
+      hostName = cfg.hostName;
+      firewall.enable = false;
+    };
+
+    users.users.${config.myConfig.user}.extraGroups = ["networkmanager"];
+  };
+}

modules/nixos/nix-ld.nix

@@ -0,0 +1,19 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  cfg = config.myConfig.nix-ld;
+in {
+  options.myConfig.nix-ld = {
+    enable = lib.mkEnableOption "ld replacement for external binaries";
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.nix-ld = {
+      enable = true;
+      libraries = with pkgs; [libclang stdenv.cc.cc];
+    };
+  };
+}

modules/nixos/nix.nix

@@ -0,0 +1,11 @@
+{...}: {
+  config = {
+    nix.settings = {
+      experimental-features = ["nix-command" "flakes"];
+      auto-optimise-store = true;
+      max-jobs = "auto";
+      cores = 12;
+      download-buffer-size = 524288000;
+    };
+  };
+}

modules/nixos/podman.nix

@@ -0,0 +1,20 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.myConfig.podman;
+in {
+  options.myConfig.podman = {
+    enable = lib.mkEnableOption "podman";
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+}

modules/nixos/qemu.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  cfg = config.myConfig.qemu;
+in {
+  options.myConfig.qemu = {
+    enable = lib.mkEnableOption "qemu";
+    kvm = lib.mkEnableOption "kvm for faster emulation of x86";
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.
+    libvirtd = {
+      enable = true;
+      qemu = {
+        package =
+          if cfg.kvm
+          then pkgs.qemu_kvm
+          else config.virtualisation.libvirtd.qemu.package;
+        runAsRoot = true;
+        swtpm.enable = true;
+        ovmf = {
+          enable = true;
+          packages = [
+            (pkgs.OVMF.override {
+              secureBoot = true;
+              tpmSupport = true;
+            })
+            .fd
+          ];
+        };
+      };
+    };
+    # boot.binfmt.emulatedSystems = ["aarch64-linux"];
+    users.users.${config.myConfig.user}.extraGroups = ["libvirtd"];
+  };
+}

modules/nixos/rebuild.nix

@@ -21,14 +21,13 @@
     ${pkgs.alejandra}/bin/alejandra . #&>/dev/null
 
     # Shows your changes
-    ${pkgs.git}/bin/git diff -U0 *.nix
+    ${pkgs.git}/bin/git diff -U0
 
     echo "NixOS Rebuilding..."
 
     # echo using sudo so we get feedback after unlocking
     sudo echo "Beginning rebuild"
     # Rebuild, output simplified errors, log trackebacks
-    # sudo nixos-rebuild switch &>nixos-switch.log || (${pkgs.coreutils}/bin/cat nixos-switch.log | ${pkgs.gnugrep}/bin/grep --color error && false)
     sudo nixos-rebuild switch
 
     # Get current generation metadata

modules/nixos/sway.nix

@@ -38,7 +38,7 @@ in {
     };
 
     # make brightness keys work
-    users.users.max.extraGroups = ["video" "input"];
+    users.users.${config.myConfig.user}.extraGroups = ["video" "input"];
     programs.light.enable = lib.mkIf cfg.laptop true;
 
     # make swaylock work

modules/nixos/update.nix

@@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  cfg = config.myConfig.autoUpdate;
+in {
+  options.myConfig.autoUpdate = {
+    enable = lib.mkEnableOption "extra binary caches";
+  };
+
+  config = lib.mkIf cfg.enable {
+    system.autoUpgrade = {
+      enable = false;
+      flake = inputs.self.outPath;
+      flags = [
+        "--recreate-lock-file"
+        "--commit-lock-file"
+        "-L"
+      ];
+      dates = "9:00";
+      randomizedDelaySec = "45min";
+    };
+
+    nix.gc = {
+      automatic = true;
+      dates = "10:00";
+      randomizedDelaySec = "45min";
+      options = "--delete-older-than 14d";
+    };
+  };
+}

secrets/rclone.yaml

@@ -0,0 +1,23 @@
+cloud:
+    url: ENC[AES256_GCM,data:BoSdQrtLNKYpaHIWUj5Ak8PGMJz3hj/z88XVBgN6AbyT2K/bC412p3oi+X9MmYATR3A=,iv:wez+v5kEN+niZmZXzaJoygHf4mqKVI6CINktAZe8WTs=,tag:20W87Kcn94smiLtX9mMdOw==,type:str]
+    user: ENC[AES256_GCM,data:kFza,iv:OrDNF/h+xLuuyq2cpaHnQuRM1lwuXhe8Ue0rm/wRmkY=,tag:9t+hEx38r/yBIzWIFD0GnQ==,type:str]
+    pass: ENC[AES256_GCM,data:p3c8PeE54fjCIJlwDMLmE9gaYexjcXFa05xExJkKJJTNcLKVhMqQCZxeBZReTKxK18dMbTHd6eaFqPKH,iv:IC2MFF4Aj01a9iE5SVk+Os/0sX+8COsD9p8Jdh98VSs=,tag:e/Z9CjP/iXsnGWtD5jlJlQ==,type:str]
+luhbots:
+    url: ENC[AES256_GCM,data:5hnCSyNcr3un83FaNGYaiZdbxCJe87+hzpoRtWozbn0OW31pxONIEQnSikXh59/OlVJN9TEmv+bd3uO210NPoKUL0D2MWw==,iv:fvY7fLbiAVGq0hh4ifs/LRgixlZsIDczw0hpiUvFSw0=,tag:gXNgNWMDXnRMdyhTjnG6oA==,type:str]
+    user: ENC[AES256_GCM,data:ucJ21fRmDKvHtyA=,iv:IYfNwBBWYxVb7ptwhfBiBgXwaoj5oCWg6gCI3WD8sjE=,tag:sB6/PJuquUL/GugpfzNMRw==,type:str]
+    pass: ENC[AES256_GCM,data:3gkyN51YvL/SrtP3kbG4OVhc5KBzu33dYVx4u8pJs9h3GJ9Wh1A5NCaBFJa7VFWfKuysNmr4CQwQEYBX,iv:U5foeasbN/TrrR0mA1mNcqYWZFXHYIAqXLmP/RvC+Os=,tag:x7ck7quJG7npMGwi/ss3ZA==,type:str]
+sops:
+    age:
+        - recipient: age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQ0hJN2R0V1NJNnZEeHRD
+            SDVxVmRFbXRVMjlSUkRKTHExY2I5S1BqVm1zCjRjM1J4Nm5xVG4wWVZLN2tMWGxH
+            Qi90UEpZdmROdkE0RzRoUmt0cDVFRlEKLS0tIHN1ZjQ4VUM5aGNjN3RZcUVieW9C
+            cVV3dFpNbjY1bkZtUlltanpSNDlPd28KQ4FQrC6KyZEzzkmByh07q1RAGnWnCNtr
+            XTDQhlbSq/LdptpqNbUD2g9H9vC2CAC0av39ExvT55JiK4dEWmrwUA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-12T07:55:51Z"
+    mac: ENC[AES256_GCM,data:WXOmWalZiENdsqVQqGfwXrt3OJ0HoMPNTHkk9C7oASv+wl1eX/7yryQ5GWgXe5GGqhBrtnKPIxKNDGABiXqA7zhR31Bp3Kctyztum8ygcv9+7rs2S+8Ya9LxC0/q/mhbsFOiu3UYw9icwig9rRXmx8I41VxaWGLbL/TLryFzWjI=,iv:ygdWjZespGdXVaMqdwbXIr1gD2SengMoAVHuUUswBEw=,tag:5DV6lEmIZvyzoj/JEh9sCw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2

secrets/wifi.yaml

@@ -1,6 +1,6 @@
 home:
-    ssid: ENC[AES256_GCM,data:i76d33GIysjSY2k=,iv:34g02nNL5xYXx0PpN49u4xVHzfraTMtAqC4w4oxLBao=,tag:Y3g8kzhPF5LJuaxFq7jd3w==,type:str]
-    psk: ENC[AES256_GCM,data:bb25mbWgCBvwEvKr4sRRXg==,iv:+oNkqdk0bEP1l1e+HpSveRrxJI8OfQtBVcQ5476kMLU=,tag:vdWSVd5pIRGab+lzP4oFHg==,type:str]
+    ssid: ENC[AES256_GCM,data:NXV/fyH9brOD,iv:fwdot2Zotoxnng55p/bDT1KmO1oGozj8UadZYKgcF8k=,tag:fPF2N7TPq2TGjlfSLfryLQ==,type:str]
+    psk: ENC[AES256_GCM,data:wrKsVQ/Ra8ruWPXLXolyHLyQul/7lFrBA72Cj14=,iv:BkGX4xxyqDdFXAw1Ur3YI4CAYJIW1dRjL8KYOgoxFVc=,tag:aP8wWk6UGEeZOVWhkiGT0g==,type:str]
 parents:
     ssid: ENC[AES256_GCM,data:NZEKQ2N1sC0=,iv:vvsnsH3lYbtXwSnQuInhceiE19Z+ZNszB20TL9BF40g=,tag:5YOljSW9Hht+MCNKhss/Sw==,type:str]
     psk: ENC[AES256_GCM,data:gjpdj21uLDiY,iv:k1RH2ybRkJccEqjkdv1Tz+qLS2EdGWdn+jRkUcTDLtY=,tag:IuwgoHt//GvyWVvDI2C/2g==,type:str]
@@ -26,8 +26,8 @@ sops:
             d0FZc0x5UVhPQ09xUE5Qa1A0QkExVmcKkcy1i+nME0uHlLy8vCu8vgqSuR+0NqaD
             D+zKRKNdfJn1TLsoyDb4iDSeqp8nB9fZzQqIJshGRhlnqxuzIiYqqA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-20T19:10:46Z"
-    mac: ENC[AES256_GCM,data:CAkdbGguJ/W1C0bZY7EE7IU9b6+4sspFbP5SpnybUULqJnR98MK55UT/2cfc6HYsN0RQCz7EtgZ06cjCELPn7AYFFYRbLSptrgBciIpMlDCX/22qlZ+Y6ehRr+j5scCifJITKwe9BfpLqVy27xPA1zFdbuiJkFHW0XKzSNk/hDQ=,iv:FdQlJH6LtksqloAz3+HKmERrTDntKs/lVTKJ1bTP0bM=,tag:aCY6u1ARccyuQix/wb1cfg==,type:str]
+    lastmodified: "2025-05-05T13:46:43Z"
+    mac: ENC[AES256_GCM,data:5V6dtgz6xDFXUqkTxAZ2mdNovMcz4rf64UJHp/oTY0Veqjesyx88etSz6y15E3CsKa4LQImBGtwfowVXa5eto5eBdO8fg07zzfSMT4lUmxPg/kTUJluLNpwph4HxP2mLo5h0o+4PDILuBrwS9ozOHOAzEj/iCKUmmmNFN598xkA=,iv:4MKHWixtku5pCSHfTgNmCIm5NHm5K6nVK1v589BFA9s=,tag:95ud48Qu1q016SCNFzciig==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.4