wip: flakes

.versions/krops.json

@@ -1,9 +1,9 @@
 {
   "url": "https://cgit.krebsco.de/krops",
-  "rev": "13ae434b140035e7e2664bd5a8ef4c475413b2e0",
+  "rev": "cccebf3ff7a53336b3f106cb96dddd5892d427ed",
-  "date": "2021-11-20T15:46:09+01:00",
+  "date": "2021-03-23T22:47:37+01:00",
-  "path": "/nix/store/ig76yx6z8wmc9papmxg5xnjhl9l22dvb-krops",
+  "path": "/nix/store/mz13xxnil35lwsf90hwnrm2agir7hb51-krops",
-  "sha256": "0mzn213dh3pklvdzfpwi4nin4lncdap447zvl11j81r809jll76j",
+  "sha256": "07mg3iaqjf1w49vmwfchi7b1w55bh7rvsbgicp2m47gnj9alwdb6",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

.versions/stockholm.json

@@ -1,9 +1,9 @@
 {
   "url": "https://cgit.lassul.us/stockholm",
-  "rev": "e652f40200e5d86240be8f6cea0b9d1ddbbd0ad6",
+  "rev": "576c05cf3a0ceddefa29c2d0073108177c3cfa52",
-  "date": "2021-12-30T03:22:40+01:00",
+  "date": "2021-12-22T13:59:46+01:00",
-  "path": "/nix/store/l3bj9xb2bbs23314qwn0vjbvirksjllh-stockholm",
+  "path": "/nix/store/yx1j5pardgd9114f0cf3c4xjfq6r4yfv-stockholm",
-  "sha256": "0rjjaqg6jfzfr61gg6jgknhc147rc9qwmyl8cwrfjv63vc60fyqs",
+  "sha256": "18napi4k8i2iizrismlp9ha3ga6c3n2dvrhijy59kl1jxqrsaq9l",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

configs/cloud.nix

@@ -1,12 +1,4 @@
 { config, lib, pkgs, ... }: {
-  imports = [
-    <niveum/modules/dropbox.nix>
-  ];
-
-  niveum = {
-    dropbox.enable = false;
-  };
-
   system.activationScripts.home-symlinks = ''
     ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
     ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
@@ -46,7 +38,7 @@
     dataDir = "/home/kfm/.config/syncthing";
     cert = toString <system-secrets/syncthing/cert.pem>;
     key = toString <system-secrets/syncthing/key.pem>;
-    inherit ((import <niveum/lib>).syncthing) devices;
+    inherit ((import ../lib).syncthing) devices;
     folders =
       let cloud-dir = "${config.users.users.me.home}/cloud";
       in {

configs/default.nix

@@ -1,11 +1,10 @@
 { pkgs, lib, config, options, ... }:
 let
   inherit (lib.strings) makeBinPath;
-  inherit (import <niveum/lib>) localAddresses kieran;
+  inherit (import ../lib) localAddresses kieran;
 in {
   imports = [
-    <home-manager/nixos>
+    ../modules/system-dependent.nix
-    <niveum/modules/system-dependent.nix>
     {
       boot.supportedFilesystems = [ "ntfs" ];
     }
@@ -20,6 +19,8 @@ in {
         config = {
           allowUnfree = true;
           packageOverrides = pkgs: {
+            writeDashBin = pkgs.writers.writeDashBin;
+            writeDash = pkgs.writers.writeDash;
             gfs-fonts = pkgs.callPackage <niveum/packages/gfs-fonts.nix> {};
             iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> { };
             ix = pkgs.callPackage <niveum/packages/ix.nix> { };
@@ -27,7 +28,7 @@ in {
         };
         overlays = [
           (self: super: {
-            scripts = import <niveum/packages/scripts> { pkgs = super; lib = super.lib; };
+            scripts = import ../packages/scripts { pkgs = super; lib = super.lib; };
           })
         ];
       };
@@ -197,19 +198,19 @@ in {
     ./beets.nix
     ./bluetooth.nix
     ./ccc.nix
+    # ./kleiter.nix
     ./khal.nix
-    ./engiadina.nix
     ./chromium.nix
     ./cloud.nix
     ./copyq.nix
     ./compton.nix
     ./direnv.nix
-    ./distrobump.nix
     ./docker.nix
     ./dunst.nix
     ./flix.nix
     ./fonts.nix
     ./fzf.nix
+    ./gaslight.nix
     ./git.nix
     ./hledger.nix
     ./htop.nix
@@ -219,16 +220,16 @@ in {
     ./lb.nix
     ./mpv.nix
     ./mime.nix
+    ./nano.nix
     ./neovim.nix
     ./neomutt.nix
-    ./nix.nix
     ./newsboat.nix
     ./flameshot-once.nix
     ./packages
-    ./power-action.nix
+    # ./power-action.nix
     ./printing.nix
     ./openweathermap.nix
-    ./wallpaper.nix
+    # ./wallpaper.nix
     ./redshift.nix
     ./retiolum.nix
     ./rofi.nix
@@ -240,6 +241,7 @@ in {
     ./sxiv.nix
     ./theming.nix
     ./tmux.nix
+    # ./tor.nix
     ./traadfri.nix
     ./unclutter.nix
     ./version.nix

configs/distrobump.nix

@@ -1,10 +0,0 @@
-{ lib, config, pkgs, ... }: {
-  imports = [
-    (import <stockholm/makefu/3modules/bump-distrowatch.nix> {
-      inherit lib config;
-      pkgs = pkgs // { writeDash = pkgs.writers.writeDash; };
-    })
-  ];
-
-  makefu.distrobump.enable = false;
-}

configs/dunst.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  inherit (import <niveum/lib>) defaultApplications colours theme;
+  inherit (import ../lib) defaultApplications colours theme;
 in {
   home-manager.users.me.services.dunst = {
     enable = true;

configs/engiadina.nix

@@ -1,30 +0,0 @@
-{ config, pkgs, ... }:
-let
-  inherit (import <niveum/lib>) tmpfilesConfig;
-  cdnRoot = "/var/lib/engiadina";
-in
-{
-  imports = [ <stockholm/krebs/3modules/permown.nix> ];
-
-  krebs.permown.${cdnRoot} = {
-    owner = config.users.users.me.name;
-    group = "users";
-    umask = "0002";
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts.default = {
-      root = cdnRoot;
-      listen = [{
-        addr = "0.0.0.0";
-        port = 3333;
-      }];
-    };
-  };
-
-  environment.shellAliases = {
-    engiadina-watch = "${pkgs.findutils}/bin/find extra-src src | ${pkgs.entr}/bin/entr -s 'build-component && ${pkgs.rsync}/bin/rsync -avu dist/*.js ${cdnRoot}/'";
-    engiadina-edit = "$EDITOR ${cdnRoot}/index.html";
-  };
-}

configs/git.nix

@@ -1,6 +1,6 @@
 { pkgs, config, lib, ... }:
 let
-  inherit (import <niveum/lib>) kieran ignorePaths;
+  inherit (import ../lib) kieran ignorePaths;
 in
 {
   environment.systemPackages = [

configs/hass/default.nix

@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (import ./lib.nix) triggers;
+  inherit (import <niveum/lib>) localAddresses;
+in
+{
+  imports = [
+    ./zigbee.nix
+    ./frontend.nix
+  ];
+
+  services.home-assistant = {
+    enable = true;
+    configWritable = true;
+    lovelaceConfigWritable = true;
+    openFirewall = true;
+    config = {
+      homeassistant = {
+        name = "Toum";
+        latitude = config.location.latitude;
+        longitude = config.location.longitude;
+        elevation = 90; # TODO find out how high I live
+        unit_system = "metric";
+        time_zone = config.time.timeZone;
+      };
+      config = {};
+      discovery = {};
+      system_health = {};
+      history = {};
+      # tradfri.host = localAddresses.tradfri; # dont use until python3Packages.pytradfri is packaged
+      sun = {};
+      mobile_app = {};
+      shopping_list = {};
+      sensor = [
+        {
+          platform = "dwd_weather_warnings";
+          region_name = "Berlin";
+        }
+      ];
+      mqtt = {
+        broker = "localhost";
+        port = 1883;
+        client_id = "home-assistant";
+        username = "albrecht";
+        password = lib.strings.fileContents <system-secrets/mosquitto>;
+        keepalive = 60;
+        protocol = "3.1";
+
+        discovery = true;
+        birth_message = {
+          topic = "/hass/status";
+          payload = "online";
+        };
+        will_message = {
+          topic = "/hass/status";
+          payload = "offline";
+        };
+      };
+    };
+  };
+}

configs/hass/frontend.nix

@@ -0,0 +1,37 @@
+let
+  inherit (import ./lib.nix) triggers;
+in
+{
+  services.home-assistant.config = {
+    frontend = {
+      themes = {
+        day_theme = import ./themes/clear.nix;
+        night_theme = import ./themes/clear-dark.nix;
+      };
+    };
+    automation = [
+      {
+        alias = "Night Theme";
+        hide_entity = true;
+        trigger = triggers.night;
+        action = [
+          {
+            service = "frontend.set_theme";
+            data.name = "night_theme";
+          }
+        ];
+      }
+      {
+        alias = "Day Theme";
+        hide_entity = true;
+        trigger = triggers.day;
+        action = [
+          {
+            service = "frontend.set_theme";
+            data.name = "day_theme";
+          }
+        ];
+      }
+    ];
+  };
+}

configs/hass/lib.nix

@@ -0,0 +1,16 @@
+{
+  triggers = {
+    night = {
+      platform = "numeric_state";
+      entity_id = "sun.sun";
+      value_template = "{{ state.attributes.elevation }}";
+      below = -4.0;
+    };
+    day = {
+      platform = "numeric_state";
+      entity_id = "sun.sun";
+      value_template = "{{ state.attributes.elevation }}";
+      above = 0;
+    };
+  };
+}

configs/hass/themes/clear-dark.nix

@@ -0,0 +1,72 @@
+rec {
+# Colors
+ text-color = "#DADADB"; # Grey text
+ text-medium-light-color = "#A0A2A8"; # Medium-light grey text
+ text-medium-color = "#80828A"; # Medium grey text
+ text-dark-color = "#6A6B74"; # Dark grey text
+ accent-color = "#008bef"; # Blue
+ accent-medium-color = "#2484C9"; # Decent blue
+ background-color = "#3b4049"; # Dark grey background
+ background-color-2 = "#484E59"; # Light grey background
+ background-card-color = "#434952"; # Grey background
+ border-color = "#383C46"; # Grey border
+
+ # Header
+ app-header-background-color = "#363941"; # Background color
+
+ # Text
+ primary-color = text-color;
+ text-primary-color = text-color;
+
+ # Left Menu
+ paper-listbox-background-color = background-color; # Background
+ sidebar-icon-color = text-medium-color; # icons
+ sidebar-selected-icon-color = text-medium-light-color; # Selected row icon and background (15%)
+ sidebar-selected-text-color = text-color; # Selected row label
+
+ # UI
+ paper-card-header-color = text-color; # Title in settings
+ primary-background-color = background-color; # Background (also title background in left menu)
+ mdc-theme-primary = accent-medium-color; # Action Buttons (save, restart etc.)
+ card-background-color = background-card-color; # Entity Registry Background
+
+ # Card
+ paper-card-background-color = background-card-color; # Background
+ dark-primary-color = text-color;
+ primary-text-color = text-color;
+ paper-listbox-color = text-color;
+ light-primary-color = text-dark-color;
+ secondary-text-color = text-medium-color;
+ disabled-text-color = text-dark-color;
+ paper-dialog-button-color = text-color;
+ secondary-background-color = background-color-2; # Background more info title
+
+ # Icons
+ paper-item-icon-color = text-dark-color; # Off
+ paper-item-icon-active-color = accent-color; # On
+
+ # Switches
+ switch-checked-button-color = text-medium-light-color; # Knob On
+ switch-unchecked-button-color = text-medium-light-color; # Knob Off
+ switch-checked-track-color = "#009FFF"; # Background On
+ switch-unchecked-track-color = "#767682"; # Background Off
+
+ # Slider
+ paper-slider-active-color = accent-color; # Line On
+ paper-slider-knob-color = text-medium-light-color; # Knob On
+ paper-slider-container-color = text-dark-color; # Line Off
+ paper-slider-knob-start-color = text-medium-light-color; # Knob Off
+
+ # Badges
+ label-badge-text-color = text-color;
+ label-badge-background-color = "rgba(54, 57, 65, 0.6)";
+
+ # Shadows
+ ha-card-box-shadow = "inset 0px 0px 0px 1px var(--border-color)";
+
+ # HACS
+ hacs-badge-color = accent-color; # New Badge
+ hacs-status-installed = text-color; # Installed Icon
+ hacs-status-pending-restart = text-dark-color; # Restart Icon
+ hacs-status-pending-update = accent-color;
+}

configs/hass/themes/clear.nix

@@ -0,0 +1,52 @@
+rec {
+  text-color = "#636B75"; # Grey text
+  text-medium-color = "#8c96a5"; # Medium grey text
+  text-light-color = "#BAC0C6"; # Light grey text
+  accent-color = "#00a1ff"; # Blue
+  background-color = "#F7F8F9"; # Light grey background
+  background-color-2 = "#F4F5F6"; # Light grey background
+  background-card-color = "rgba(255,255,255,1.0)"; # White background
+  border-color = "#E8E8E8"; # Light grey border
+
+  # Header
+  primary-color = text-color; # Background
+  text-primary-color = "#FFF"; # Text
+
+  # Left Menu
+  paper-listbox-background-color = background-color; # Background
+  # TODO = Text and Icons
+
+  # UI
+  paper-card-header-color = text-color; # Title in settings
+  primary-background-color = background-color; # Background color (also title background in left menu)
+
+  # Card
+  paper-card-background-color = background-card-color; # Background
+  dark-primary-color = text-color;
+  primary-text-color = text-color;
+  paper-listbox-color = text-color;
+  light-primary-color = text-light-color;
+  secondary-text-color = text-medium-color;
+  disabled-text-color = text-light-color;
+  paper-dialog-button-color = text-color;
+  secondary-background-color = background-color-2; # Background more info title
+
+  # Icons
+  paper-item-icon-color = text-light-color; # Off
+  paper-item-icon-active-color = accent-color; # On
+
+  # Switches
+  switch-checked-button-color = "#FFF"; # Knob On
+  switch-unchecked-button-color = "#FFF"; # Knob Off
+  switch-checked-track-color = "#0077FF"; # Background On
+  switch-unchecked-track-color = disabled-text-color; # Background Off
+
+  # Slider
+  paper-slider-active-color = accent-color; # Line On
+  paper-slider-container-color = "#e5e7ea"; # Line Off
+  paper-slider-knob-color = text-light-color; # Knob On
+  paper-slider-knob-start-color = text-light-color; # Knob Off
+
+  # Shadows
+  ha-card-box-shadow = "inset 0px 0px 0px 1px var(--border-color)";
+}

configs/hass/zigbee.nix

@@ -0,0 +1,102 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (import <niveum/lib>) localAddresses;
+in
+{
+  services.zigbee2mqtt = {
+    enable = true;
+    config = {
+      permit_join = false;
+      homeassistant = true;
+      serial = {
+        port = "/dev/ttyACM0";
+        disable_led = true;
+      };
+      mqtt = {
+        discovery = true;
+        base_topic = "zigbee";
+        server = "mqtt://${localAddresses.toum}";
+        user = "albrecht";
+        password = lib.strings.fileContents <system-secrets/mosquitto>;
+      };
+    };
+  };
+
+  services.mosquitto = {
+    enable = true;
+    host = "0.0.0.0";
+    allowAnonymous = false;
+    checkPasswords = true;
+    users."albrecht" = {
+      password = lib.strings.fileContents <system-secrets/mosquitto>;
+      acl = [ "topic readwrite #" ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 1883 ];
+
+  environment.systemPackages = [ pkgs.mosquitto ];
+
+  services.home-assistant = {
+    config = {
+      switch = [
+        {
+          platform = "mqtt";
+          name = "zigbee2mqtt_join";
+          state_topic = "/zigbee2mqtt/bridge/config/permit_join";
+          command_topic = "/zigbee2mqtt/bridge/config/permit_join";
+          payload_on = "true";
+          payload_off = "false";
+        }
+      ];
+      timer.zigbee_permit_join = {
+        name = "Zigbee Time remaining";
+        duration = 120;
+      };
+      automation = [
+        # Automation to start timer when enable join is turned on
+        {
+          id = "zigbee_join_enabled";
+          alias = "";
+          hide_entity = "true";
+          trigger = {
+            platform = "state";
+            entity_id = "switch.zigbee2mqtt_join";
+            to = "on";
+          };
+          action = {
+            service = "timer.start";
+            entity_id = "timer.zigbee_permit_join";
+          };
+        }
+        # Automation to stop timer when switch turned off and turn off switch when timer finished
+        {
+          id = "zigbee_join_disabled";
+          hide_entity = "true";
+          trigger = [
+            {
+              platform = "event";
+              event_type = "timer.finished";
+              event_data.entity_id = "timer.zigbee_permit_join";
+            }
+            {
+              platform = "state";
+              entity_id = "switch.zigbee2mqtt_join";
+              to = "off";
+            }
+          ];
+          action = [
+            {
+              service = "timer.cancel";
+              data.entity_id = "timer.zigbee_permit_join";
+            }
+            {
+              service = "switch.turn_off";
+              entity_id = "switch.zigbee2mqtt_join";
+            }
+          ];
+        }
+      ];
+    };
+  };
+}

configs/hledger.nix

@@ -1,5 +1,5 @@
 { config, pkgs, ... }: {
-  imports = [ <niveum/modules/hledger.nix> ];
+  imports = [ ../modules/hledger.nix ];
 
   niveum.hledger = {
     enable = true;

configs/i3.nix

@@ -1,7 +1,7 @@
-{ config, pkgs, lib, ... }:
+{ inputs, config, pkgs, lib, ... }:
 let
-  inherit (import <niveum/lib>) defaultApplications colours;
+  inherit (import ../lib) defaultApplications colours;
-  klem = import <niveum/packages/scripts/klem.nix> {
+  klem = import ../packages/scripts/klem.nix {
     inherit pkgs lib;
     config.scripts = {
       "p.r" = pkgs.writers.writeDash "p.r" ''
@@ -146,7 +146,7 @@ in {
           };
         };
         statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ${
-            (pkgs.formats.toml {}).generate "i3status-rust.toml" (import <niveum/lib/i3status-rust.nix> {
+            (pkgs.formats.toml {}).generate "i3status-rust.toml" (import ../lib/i3status-rust.nix {
               inherit (config.niveum) batteryName wirelessInterface;
               inherit colours;
               inherit pkgs;

configs/mpv.nix

@@ -1,6 +1,5 @@
 { pkgs, lib, ... }: let
   swallow = command: "${pkgs.scripts.swallow}/bin/swallow ${command}";
-  nixpkgs-unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
 in {
   environment.shellAliases.smpv = swallow "mpv";
 
@@ -22,7 +21,7 @@ in {
         "Alt+j" = "add video-pan-y -0.05";
       };
       scripts = [
-        nixpkgs-unstable.mpvScripts.youtube-quality
+        pkgs.unstable.mpvScripts.youtube-quality
       ];
     };
   };

configs/nano.nix

@@ -0,0 +1,10 @@
+{
+  programs.nano.nanorc = ''
+    set autoindent
+    set boldtext
+    set morespace
+    set smarthome
+    set tabsize 4
+    set tabstospaces
+  '';
+}

configs/networkmanager.nix

@@ -1,6 +1,5 @@
 { lib, pkgs, ... }:
 let
-  autowifi = pkgs.writers.writePython3Bin "autowifi" { flakeIgnore = [ "E501" ]; } <stockholm/lass/5pkgs/autowifi/autowifi.py>;
   profile = name: custom: lib.recursiveUpdate {
     connection.id = name;
     connection.type = "wifi";
@@ -39,7 +38,7 @@ let
   };
 in
 {
-  imports = [ <niveum/modules/networkmanager-declarative.nix> ];
+  imports = [ ../modules/networkmanager-declarative.nix ];
 
   networking.networkmanager = {
     enable = true;
@@ -83,18 +82,5 @@ in
 
   users.users.me.extraGroups = [ "networkmanager" ];
 
-  systemd.services.autowifi = {
-    enable = false;
-    description = "Automatic wifi connector";
-    wantedBy = [ "multi-user.target" ];
-    path = [ pkgs.networkmanager ];
-    serviceConfig = {
-      Type = "simple";
-      Restart = "always";
-      RestartSec = "10s";
-      ExecStart = "${autowifi}/bin/autowifi";
-    };
-  };
-
   environment.systemPackages = [ pkgs.speedtest-cli ];
 }

configs/nix.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-{
-  nixpkgs = {
-    config.allowUnfree = true;
-    overlays = [
-      (import <nix-writers/pkgs>)
-      (import <stockholm/krebs/5pkgs>)
-    ];
-  };
-  # enable `nix flake`
-  nix = {
-    package = pkgs.nix;
-    # extraOptions = "experimental-features = nix-command flakes";
-  };
-}

configs/printing.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 let
-  inherit (import <niveum/lib>) localAddresses;
+  inherit (import ../lib) localAddresses;
   hp-driver = pkgs.hplipWithPlugin;
 in {
   services.printing = {

configs/retiolum.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }: {
   imports = [
-    <niveum/modules/retiolum.nix>
+    ../modules/retiolum.nix
   ];
 
   networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };

configs/ssh.nix

@@ -1,6 +1,6 @@
 { pkgs, config, lib, ... }:
 let
-  inherit (import <niveum/lib>) sshPort kieran;
+  inherit (import ../lib) sshPort kieran;
 in {
   services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add";
 

configs/sshd.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  inherit (import <niveum/lib>) sshPort kieran;
+  inherit (import ../lib) sshPort kieran;
 in
 {
   users.motd = "Welcome to ${config.networking.hostName}!";

configs/theming.nix

@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }:
 let
-  theme = (import <niveum/lib>).theme pkgs;
+  theme = (import ../lib).theme pkgs;
 in {
   environment.systemPackages =
     [ theme.gtk.package theme.icon.package theme.cursor.package ];

configs/traadfri.nix

@@ -4,7 +4,7 @@ let
   living-room-id = 131090;
 in
 {
-  imports = [ <niveum/modules/traadfri.nix> ];
+  imports = [ ../modules/traadfri.nix ];
 
   environment.systemPackages = [
     (pkgs.writers.writeDashBin "traadfri-party" ''

configs/weechat.nix

@@ -0,0 +1,119 @@
+{ lib, pkgs, ... }:
+let
+  inherit (import <niveum/lib>) kieran;
+  relayPassword = lib.fileContents <system-secrets/weechat/relay>;
+in {
+  systemd.services.weechat =
+  let
+    tmux = pkgs.writers.writeDash "tmux" ''
+      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+        set-option -g prefix `
+        unbind-key C-b
+        bind ` send-prefix
+
+        set-option -g status off
+        set-option -g default-terminal screen-256color
+
+        #use session instead of windows
+        bind-key c new-session
+        bind-key p switch-client -p
+        bind-key n switch-client -n
+        bind-key C-s switch-client -l
+      ''} "$@"
+    '';
+    weechat = pkgs.weechat.override {
+      configure = { ... }: {
+        scripts = [ pkgs.weechatScripts.weechat-autosort pkgs.weechatScripts.colorize_nicks pkgs.weechatScripts.weechat-matrix ];
+        init = let
+          coolColors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (lib.range 31 254);
+          nick = "kmein";
+        in ''
+          /mouse enable
+          /set irc.server_default.nicks "${nick}"
+          /set irc.server_default.msg_part "tschö mit ö"
+          /set irc.server_default.msg_quit "ciao kakao"
+          /set irc.server_default.msg_kick "warum machst du diese?"
+          /set irc.server_default.realname "${kieran.name}"
+
+          /set irc.look.color_nicks_in_nicklist "on"
+          /set weechat.color.chat_nick_colors "${lib.concatMapStringsSep "," toString coolColors}"
+
+          /server add hackint irc.hackint.org/6697 -ipv6 -ssl
+          /server add libera irc.libera.chat/6697 -ssl
+          /server add oftc irc.oftc.net/6697 -ssl -ipv6
+          /server add retiolum irc.r
+          /server add news news.r
+          /matrix server add nibbana nibbana.jp
+
+          /alias add mod /quote omode $channel +o $nick
+
+          /relay add weechat 9000
+          /set relay.network.password ${relayPassword}
+
+          /set matrix.server.nibbana.username ${nick}
+          /set matrix.server.nibbana.password "${lib.strings.fileContents <system-secrets/matrix/nibbana>}"
+
+          /set irc.server.oftc.command /msg nickserv IDENTIFY ${lib.strings.fileContents <system-secrets/irc/oftc>};/msg nickserv SET CLOAK ON
+          /set irc.server.oftc.autojoin "#osm,#osm-de,#home-manager"
+
+          /set irc.server.hackint.autojoin "#krebs,#nixos,#the_playlist"
+          /set irc.server.hackint.sasl_mechanism plain
+          /set irc.server.hackint.sasl_username ${nick}
+          /set irc.server.hackint.sasl_password ${lib.strings.fileContents <system-secrets/irc/hackint>}
+
+          /set irc.server.libera.autojoin "#flipdot,#haskell,#nixos,#fysi,#binaergewitter"
+          /set irc.server.libera.sasl_mechanism plain
+          /set irc.server.libera.sasl_username ${nick}
+          /set irc.server.libera.sasl_password ${lib.strings.fileContents <system-secrets/irc/libera>}
+
+          /set irc.server.retiolum.autojoin "#xxx,#brockman,#flix,#autowifi"
+          /set irc.server.retiolum.command "/oper aids balls"
+          /set irc.server.news.autojoin "#cook,#drachengame,#oepnv,#kmeinung,#memes"
+          /set irc.server.news.command "/oper aids balls"
+          /set logger.level.irc.news 0
+
+          /filter addreplace zerocovid * * [kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert
+          /filter addreplace joinquit * irc_join,irc_part,irc_quit,irc_nick *
+          /filter addreplace playlist_topic irc.*.#the_playlist irc_topic *
+          /filter addreplace brockman_notice irc.news.* irc_notice *
+
+          /set irc.look.server_buffer independent
+
+          /connect libera
+          /connect oftc
+          /connect hackint
+          /connect retiolum
+          /connect news
+          /matrix connect nibbana
+        '';
+      };
+    };
+  in {
+    description = "Weechat bouncer";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    restartIfChanged = true;
+    path = [ pkgs.alacritty.terminfo ];
+    environment.WEECHAT_HOME = "/var/lib/weechat";
+    script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
+    preStop = "${tmux} kill-session -t IM";
+    serviceConfig = {
+      User = "weechat";
+      RemainAfterExit = true;
+      Type = "oneshot";
+    };
+  };
+
+  users.groups.weechat = {};
+  users.extraUsers.weechat = {
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = kieran.sshKeys pkgs ++ [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@heym"
+    ];
+    createHome = true;
+    group = "weechat";
+    home = "/var/lib/weechat";
+    isSystemUser = true;
+    packages = [ pkgs.tmux ];
+  };
+}

deploy.nix

@@ -1,45 +1,40 @@
+{ pkgs, secrets, writeCommand, lib, nixosRebuildCommand ? "switch" }:
 let
-  krops = builtins.fetchGit (gitFromJson .versions/krops.json);
+  sshPort = 22022;
-  lib = import "${krops}/lib";
-  pkgs = import "${krops}/pkgs" {};
 
-  importJson = (import <nixpkgs> {}).lib.importJSON;
+  # command that ensures we use flake.nix during switch
-  gitFromJson = path:
+  command = targetPath:
-    let
+  let
-      object = importJson path;
+    commandLine = "TMPDIR=/tmp nixos-rebuild ${nixosRebuildCommand} --flake ${targetPath} -L --keep-going";
-    in {
+  in
-      inherit (object) url;
+  ''
-      ref = object.rev;
+    echo '${commandLine}'
-    };
+    nix-shell \
+     -E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
+     --run '${commandLine}'
+  '';
 
   source = name: {
     niveum.file = toString ./.;
-    nixos-config.symlink =  "niveum/systems/${name}/configuration.nix";
-
-    nixpkgs.git = gitFromJson .versions/nixpkgs.json // { shallow = true; };
-    nixpkgs-unstable.git = gitFromJson .versions/nixpkgs-unstable.json // { shallow = true; };
-    home-manager.git = gitFromJson .versions/home-manager.json;
-    stockholm.git = gitFromJson .versions/stockholm.json;
-    nix-writers.git = gitFromJson .versions/nix-writers.json;
-    retiolum.git = gitFromJson .versions/retiolum.json;
-    nixpkgs-mozilla.git = gitFromJson .versions/nixpkgs-mozilla.json;
     system-secrets.pass = {
-      dir = toString ~/.password-store;
+      dir = secrets;
       name = "systems/${name}";
     };
     secrets.pass = {
-      dir = toString ~/.password-store;
+      dir = secrets;
       name = "shared";
     };
   };
 
-  system = {name, host}: let inherit (import ./lib/default.nix) sshPort; in pkgs.krops.writeDeploy "deploy-${name}" {
+  deploy = {name, host}: writeCommand "/bin/system" {
     source = lib.evalSource [ (source name) ];
-    target = "root@${host}:${toString sshPort}";
+    force = true;
+    target = lib.mkTarget "root@${host}:${toString sshPort}/var/krops/niveum";
+    inherit command;
   };
 in {
-  zaatar = system { name = "zaatar"; host = "zaatar.r"; };
+  zaatar = deploy { name = "zaatar"; host = "zaatar.r"; };
-  kabsa = system { name = "kabsa"; host = "kabsa.r"; };
+  kabsa = deploy { name = "kabsa"; host = "kabsa.r"; };
-  makanek = system { name = "makanek"; host = "makanek.r"; };
+  manakish = deploy { name = "manakish"; host = "manakish.r"; };
-  manakish = system { name = "manakish"; host = "manakish.r"; };
+  makanek = deploy { name = "makanek"; host = "makanek.r"; };
 }

flake.lock

@@ -0,0 +1,174 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1638122382,
+        "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1639871969,
+        "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "697cc8c68ed6a606296efbbe9614c32537078756",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-21.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "krops": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1632420452,
+        "narHash": "sha256-ncK6vABW/Ku9XI0kqj1otarUfblryoQzSaOCnaZ0oSs=",
+        "owner": "Mic92",
+        "repo": "krops",
+        "rev": "0388970c568905fedcbf429e5745aacd4f7a6633",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "krops",
+        "type": "github"
+      }
+    },
+    "nix-writers": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1554228333,
+        "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
+        "ref": "master",
+        "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
+        "revCount": 32,
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1640759603,
+        "narHash": "sha256-k4d7oC6GvDV1OKxG325JUDpKtZcDUPEiddnJMOQQ/x8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "e101dc111ac1e5a21efca7822417acc1cb92013a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1640540585,
+        "narHash": "sha256-cCmknKFjWgam9jq+58wSd0Z4REia8mjBP65kXcL3ki8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "retiolum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640734423,
+        "narHash": "sha256-i/M1nyPnIEqV7K5dn0Q7V5mRtfzspH+AM6HbgPYGreI=",
+        "owner": "krebs",
+        "repo": "retiolum",
+        "rev": "0e11e0119f330ea103a44e3502149ae50c1a299d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "krebs",
+        "repo": "retiolum",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "krops": "krops",
+        "nix-writers": "nix-writers",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "retiolum": "retiolum",
+        "secrets": "secrets",
+        "stockholm": "stockholm"
+      }
+    },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640701876,
+        "narHash": "sha256-2vQ32k/z0Jh+Ade32mRA6tENetvWI6SNNrR5DJiBuWw=",
+        "ref": "master",
+        "rev": "120635422c7fb78c94e6a182fc384c98fb5cf4ce",
+        "revCount": 170,
+        "type": "git",
+        "url": "file:///home/kfm/projects/sphinx"
+      },
+      "original": {
+        "type": "git",
+        "url": "file:///home/kfm/projects/sphinx"
+      }
+    },
+    "stockholm": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640733142,
+        "narHash": "sha256-HzSEyYTGPoGAfgl+lZLb/DDUCQRoZ2iN7oTLhl+1KTQ=",
+        "ref": "master",
+        "rev": "687948cfe5154e03f93886dd27dc30c7910ba754",
+        "revCount": 10222,
+        "type": "git",
+        "url": "https://cgit.krebsco.de/stockholm"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.krebsco.de/stockholm"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,99 @@
+{
+  description = "niveum systems";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/release-21.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    secrets = {
+      url = "/home/kfm/.password-store";
+      flake = false;
+    };
+
+    flake-utils = {
+      url = "github:numtide/flake-utils";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    home-manager = {
+      url = "github:nix-community/home-manager/release-21.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    retiolum = {
+      url = "github:krebs/retiolum";
+      flake = false;
+    };
+    nix-writers = {
+      url = "git+https://cgit.krebsco.de/nix-writers";
+      flake = false;
+    };
+    stockholm = {
+      url = "git+https://cgit.krebsco.de/stockholm";
+      flake = false;
+    };
+    krops = {
+      url = "github:Mic92/krops";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
+  };
+
+  outputs = { self, nixpkgs, stockholm, secrets, nixpkgs-unstable, home-manager, retiolum, krops, nix-writers, ... }@inputs:
+  let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+    writeCommand = krops.packages.${system}.writeCommand;
+    niveumSystem = configuration: nixpkgs.lib.nixosSystem {
+      inherit system;
+      modules = defaultModules ++ [ configuration ];
+    };
+    defaultModules = [
+      { _module.args.inputs = inputs; }
+      ({ pkgs, ... }: {
+        nix = {
+          nixPath = [ "nixpkgs=${pkgs.path}" ];
+          package = pkgs.nixFlakes;
+          extraOptions = ''
+            experimental-features = nix-command flakes
+          '';
+        };
+        nixpkgs.overlays = [
+          (_self: _super: {
+            unstable = nixpkgs-unstable.legacyPackages.${pkgs.system};
+          })
+          (import "${nix-writers}/pkgs")
+          # (import <stockholm/krebs/5pkgs>)
+        ];
+      })
+      home-manager.nixosModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+      }
+    ];
+  in
+  {
+    nixosConfigurations = {
+      kabsa = niveumSystem systems/kabsa/configuration.nix;
+      makanek = niveumSystem systems/makanek/configuration.nix;
+      manakish = niveumSystem systems/manakish/configuration.nix;
+      zaatar = niveumSystem systems/zaatar/configuration.nix;
+    };
+
+    apps.${system} = {
+      #  nix run ".#deploy.kabsa"
+      deploy = pkgs.callPackage ./deploy.nix {
+        inherit secrets writeCommand;
+        inherit (krops) lib;
+      };
+
+      #  nix run ".#test.kabsa"
+      test = pkgs.callPackage ./deploy.nix {
+        inherit secrets writeCommand;
+        inherit (krops) lib;
+        nixosRebuildCommand = "test";
+      };
+    };
+  };
+}

modules/default.nix

@@ -1,7 +1,6 @@
 {
   imports = [
     ./constants.nix
-    ./dropbox.nix
     ./retiolum.nix
   ];
 }

modules/dropbox.nix

@@ -1,29 +0,0 @@
-{ pkgs, lib, config, ... }:
-with lib;
-let cfg = config.niveum.dropbox;
-in {
-  options.niveum.dropbox = { enable = mkEnableOption "Dropbox"; };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.dropbox-cli ];
-
-    networking.firewall = {
-      allowedTCPPorts = [ 17500 ];
-      allowedUDPPorts = [ 17500 ];
-    };
-
-    systemd.user.services.dropbox = {
-      description = "Dropbox synchronisation service";
-      wantedBy = [ "graphical-session.target" ];
-      serviceConfig = {
-        ExecStart = "${pkgs.dropbox.out}/bin/dropbox";
-        ExecReload = "${pkgs.coreutils.out}/bin/kill -HUP $MAINPID";
-        KillMode = "control-group"; # upstream recommends process
-        Restart = "on-failure";
-        PrivateTmp = true;
-        ProtectSystem = "full";
-        Nice = 10;
-      };
-    };
-  };
-}

modules/retiolum.nix

@@ -1,8 +1,9 @@
-{ config, pkgs, lib, ... }:
+{ inputs, config, pkgs, lib, ... }:
 with lib;
 let
   netname = "retiolum";
   cfg = config.networking.retiolum;
+  inherit (inputs) retiolum;
 in {
   options = {
     networking.retiolum.ipv4 = mkOption {
@@ -31,8 +32,8 @@ in {
     services.tinc.networks.${netname} = {
       name = cfg.nodename;
       hosts = builtins.mapAttrs
-        (name: _: builtins.readFile "${<retiolum/hosts>}/${name}")
+        (name: _: builtins.readFile "${retiolum}/hosts/${name}")
-        (builtins.readDir <retiolum/hosts>);
+        (builtins.readDir "${retiolum}/hosts");
       rsaPrivateKeyFile = toString <system-secrets/retiolum.key>;
       ed25519PrivateKeyFile = toString <system-secrets/retiolum.ed25519>;
       extraConfig = ''
@@ -41,7 +42,7 @@ in {
       '';
     };
 
-    networking.extraHosts = builtins.readFile (toString <retiolum/etc.hosts>);
+    networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
 
     environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
 

shell.nix

@@ -26,7 +26,7 @@ let
       path = toString .versions/home-manager.json;
     };
     krops = {
-      ref = "refs/tags/1.26.2";
+      ref = "refs/tags/v1.25.0";
       url = "https://cgit.krebsco.de/krops";
       path = toString .versions/krops.json;
     };

systems/kabsa/configuration.nix

@@ -1,14 +1,15 @@
 { config, pkgs, lib, ... }:
 let
   nixpkgs-unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
-  inherit (import <niveum/lib>) retiolumAddresses;
+  inherit (import ../../lib) retiolumAddresses;
 in
 {
   imports = [
+    ../../configs/default.nix
+    ../../configs/battery.nix
+    ../../configs/networkmanager.nix
     ./hardware-configuration.nix
-    <niveum/configs/battery.nix>
+    # <stockholm/krebs/2configs/hw/x220.nix>
-    <niveum/configs/default.nix>
-    <niveum/configs/networkmanager.nix>
   ];
 
   niveum = {
@@ -17,18 +18,29 @@ in
     promptColours.success = "cyan";
   };
 
-  nix = {
+  nix.buildCores = 1;
-    buildCores = 1;
+  nix.maxJobs = 2;
-    maxJobs = 2;
-  };
 
   environment.systemPackages = [ nixpkgs-unstable.minecraft ];
 
-  networking = {
+  boot.loader.systemd-boot = {
-    hostName = "kabsa";
+    enable = true;
-    wireless.interfaces = [ "wlp3s0" ];
+    configurationLimit = 5;
-    retiolum = retiolumAddresses.kabsa;
+    consoleMode = "max";
   };
 
+  fileSystems."/mnt/sd-card" = {
+    device = "/dev/disk/by-id/mmc-SD32G_0xda0aa352-part1";
+    fsType = "vfat";
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "kabsa";
+
+  networking.wireless.interfaces = [ "wlp3s0" ];
+
+  networking.retiolum = retiolumAddresses.kabsa;
+
   system.stateVersion = "19.03";
 }

systems/kabsa/hardware-configuration.nix

@@ -1,37 +1,21 @@
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, modulesPath, ... }: {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
 
-  boot = {
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
-    initrd = {
+  boot.initrd.kernelModules = [ ];
-      availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.kernelModules = [ "kvm-intel" ];
-      luks.devices."luksmap".device = "/dev/disk/by-uuid/03b6abd0-e9ce-49c8-9659-a1d94f645d0f";
+  boot.extraModulePackages = [ ];
-      kernelModules = [ ];
+
-    };
+  boot.initrd.luks.devices."luksmap".device = "/dev/disk/by-uuid/03b6abd0-e9ce-49c8-9659-a1d94f645d0f";
-    kernelModules = [ "kvm-intel" ];
+
-    extraModulePackages = [ ];
+  fileSystems."/" = {
-    loader = {
+    device = "/dev/disk/by-uuid/66ced7b9-cfa7-40dd-a488-18ef91a337e0";
-      efi.canTouchEfiVariables = true;
+    fsType = "ext4";
-      systemd-boot = {
-        enable = true;
-        configurationLimit = 5;
-        consoleMode = "max";
-      };
-    };
   };
 
-  fileSystems = {
+  fileSystems."/boot" = {
-    "/" = {
+    device = "/dev/disk/by-uuid/E1B1-1B9C";
-      device = "/dev/disk/by-uuid/66ced7b9-cfa7-40dd-a488-18ef91a337e0";
+    fsType = "vfat";
-      fsType = "ext4";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/E1B1-1B9C";
-      fsType = "vfat";
-    };
-    "/mnt/sd-card" = {
-      device = "/dev/disk/by-id/mmc-SD32G_0xda0aa352-part1";
-      fsType = "vfat";
-    };
   };
 
   zramSwap.enable = false;

systems/makanek/configuration.nix

@@ -4,47 +4,70 @@ let
 in
 {
   imports = [
-    ./gitea.nix
     ./hardware-configuration.nix
-    ./hedgedoc.nix
+    <niveum/configs/hedgedoc.nix>
-    ./matterbridge.nix
-    ./menstruation.nix
-    ./monitoring
-    ./moodle-dl-borsfaye.nix
-    ./names.nix
-    ./nextcloud.nix
-    ./radio
-    ./retiolum-map.nix
-    ./tarot.nix
-    ./urlwatch.nix
-    ./weechat.nix
-    <niveum/configs/monitoring.nix>
-    <niveum/configs/nix.nix>
-    <niveum/configs/save-space.nix>
     <niveum/configs/spacetime.nix>
     <niveum/configs/sshd.nix>
-    <niveum/configs/telegram-bots>
+    <niveum/configs/nextcloud.nix>
+    <niveum/configs/moodle-dl/borsfaye.nix>
+    <niveum/configs/save-space.nix>
+    <niveum/configs/monitoring/pull.nix>
+    <niveum/configs/monitoring/push.nix>
     <niveum/configs/version.nix>
+    <niveum/configs/radio>
+    <niveum/configs/gitea.nix>
+    <niveum/configs/retiolum-map.nix>
+    <niveum/configs/names.nix>
+    <niveum/configs/menstruation.nix>
+    <niveum/configs/telegram-bots>
+    <niveum/configs/nix.nix>
+    <niveum/configs/weechat.nix>
+    <niveum/configs/urlwatch.nix>
+    <niveum/configs/matterbridge.nix>
+    <niveum/configs/tarot.nix>
     <niveum/modules/retiolum.nix>
   ];
 
-  networking = {
+  boot.loader.grub.enable = true;
-    firewall.allowedTCPPorts = [ 80 443 ];
+  boot.loader.grub.version = 2;
-    hostName = "makanek";
+
-    interfaces.ens3.useDHCP = true;
+  nixpkgs.config = {
-    retiolum = retiolumAddresses.makanek;
+    allowUnfree = true;
-    useDHCP = false;
+    packageOverrides = pkgs: {
+      writeDashBin = pkgs.writers.writeDashBin;
+      writeDash = pkgs.writers.writeDash;
+    };
   };
 
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  networking.hostName = "makanek";
+
   system.stateVersion = "20.03";
 
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  services.openssh.enable = true;
+
+  networking.retiolum = retiolumAddresses.makanek;
+
+  environment.etc."tinc/retiolum/rsa_key.priv" = {
+    text = builtins.readFile <system-secrets/retiolum.key>;
+    mode = "400";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+   # Only allow PFS-enabled ciphers with AES256
+   sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
   };
 
   security.acme = {
@@ -52,5 +75,5 @@ in
     email = kieran.email;
   };
 
-  environment.systemPackages = [ pkgs.vim pkgs.git pkgs.tmux pkgs.python3 ];
+  environment.systemPackages = [ pkgs.vim pkgs.git pkgs.tmux pkgs.python3Packages.python ];
 }

systems/makanek/hardware-configuration.nix

@@ -1,25 +1,19 @@
 { config, lib, pkgs, ... }:
+
 {
-  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
 
-  boot = {
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
-    initrd = {
+  boot.initrd.kernelModules = [ ];
-      availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
-      kernelModules = [ ];
+  boot.extraModulePackages = [ ];
-    };
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-    loader.grub = {
-      enable = true;
-      version = 2;
-      devices = [ "/dev/sda" ];
-    };
-  };
 
-  fileSystems."/" = {
+  fileSystems."/" =
-    device = "/dev/disk/by-uuid/9eaeaaa7-b453-4634-8a69-d416f702d3aa";
+    { device = "/dev/disk/by-uuid/9eaeaaa7-b453-4634-8a69-d416f702d3aa";
-    fsType = "ext4";
+      fsType = "ext4";
-  };
+    };
 
   swapDevices = [ ];
   zramSwap.enable = true;

systems/makanek/weechat.nix

@@ -1,165 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  inherit (import <niveum/lib>) kieran;
-  relayPassword = lib.fileContents <system-secrets/weechat/relay>;
-in {
-  systemd.services.weechat =
-  let
-    tmux = pkgs.writers.writeDash "tmux" ''
-      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
-        set-option -g prefix `
-        unbind-key C-b
-        bind ` send-prefix
-
-        set-option -g status off
-        set-option -g default-terminal screen-256color
-
-        #use session instead of windows
-        bind-key c new-session
-        bind-key p switch-client -p
-        bind-key n switch-client -n
-        bind-key C-s switch-client -l
-      ''} "$@"
-    '';
-    weechat = pkgs.weechat-declarative.override {
-      config = {
-        scripts = [
-          pkgs.weechatScripts.weechat-autosort
-          pkgs.weechatScripts.colorize_nicks
-          pkgs.weechatScripts.weechat-matrix
-        ];
-        settings = let nick = "kmein"; in {
-          weechat = {
-            look.mouse = true;
-            color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (lib.range 31 254);
-          };
-          irc = {
-            look.server_buffer = "independent";
-            server_default = {
-              nicks = nick;
-              msg_part = "tschö mit ö";
-              msg_quit = "ciao kakao";
-              msg_kick = "warum machst du diese?";
-              realname = kieran.name;
-            };
-            server = {
-              hackint = {
-                autoconnect = true;
-                address = "irc.hackint.org/6697";
-                ipv6 = true;
-                ssl = true;
-                autojoin = [ "#krebs" "#nixos" "#the_playlist" ];
-                sasl_mechanism = "plain";
-                sasl_username = nick;
-                sasl_password = lib.strings.fileContents <system-secrets/irc/hackint>;
-              };
-              libera = {
-                autoconnect = true;
-                address = "irc.libera.chat/6697";
-                ssl = true;
-                autojoin = [ "#flipdot" "#haskell" "#nixos" "#fysi" "#binaergewitter" ];
-                sasl_mechanism = "plain";
-                sasl_username = nick;
-                sasl_password = lib.strings.fileContents <system-secrets/irc/libera>;
-              };
-              oftc = {
-                autoconnect = true;
-                address = "irc.oftc.net/6697";
-                ssl = true;
-                ipv6 = true;
-                command = lib.concatStringsSep "\\;" [
-                  "/msg nickserv identify ${lib.strings.fileContents <system-secrets/irc/oftc>}"
-                  "/msg nickserv set cloak on"
-                ];
-                autojoin = [ "#osm" "#osm-de" "#home-manager" ];
-              };
-              retiolum = {
-                autoconnect = true;
-                address = "irc.r";
-                autojoin = [ "#xxx" "#brockman" "#flix" "#autowifi" ];
-                command = lib.concatStringsSep "\\;" [
-                  "/oper admin aidsballs"
-                  "/msg nickserv always-on true"
-                  "/msg nickserv autoreplay-missed on"
-                  "/msg nickserv auto-away"
-                ];
-                sasl_mechanism = "plain";
-                sasl_username = nick;
-                sasl_password = lib.strings.fileContents <system-secrets/irc/retiolum>;
-              };
-              news = {
-                autoconnect = true;
-                address = "news.r";
-                autojoin = [ "#cook" "#drachengame" "#oepnv" "#kmeinung" "#memes" ];
-                command = "/oper aids balls";
-              };
-            };
-          };
-          logger.level.irc.news = 0;
-          matrix.server.nibbana = {
-            address = "nibbana.jp";
-            username = nick;
-            password = lib.strings.fileContents <system-secrets/matrix/nibbana>;
-            autoconnect = true;
-          };
-          alias.cmd.mod = "/quote omode $channel +o $nick";
-          relay = {
-            port.weechat = 9000;
-            network.password = relayPassword;
-          };
-          filters = {
-            zerocovid = {
-              buffer = "*";
-              tags = "*";
-              regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert";
-            };
-            joinquit = {
-              buffer = "*";
-              tags = [ "irc_join" "irc_part" "irc_quit" "irc_nick" ];
-              regex = "*";
-            };
-            playlist_topic = {
-              buffer = "irc.*.#the_playlist";
-              tags = "irc_topic";
-              regex = "*";
-            };
-            brockman_notice = {
-              buffer = "irc.news.*";
-              tags = "irc_notice";
-              regex = "*";
-            };
-          };
-        };
-        extraCommands = ''/matrix connect nibbana'';
-      };
-    };
-  in {
-    description = "Weechat bouncer";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    restartIfChanged = true;
-    path = [ pkgs.alacritty.terminfo ];
-    environment.WEECHAT_HOME = "/var/lib/weechat";
-    preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
-    script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
-    preStop = "${tmux} kill-session -t IM";
-    serviceConfig = {
-      User = "weechat";
-      RemainAfterExit = true;
-      Type = "oneshot";
-    };
-  };
-
-  users.groups.weechat = {};
-  users.extraUsers.weechat = {
-    useDefaultShell = true;
-    openssh.authorizedKeys.keys = kieran.sshKeys pkgs ++ [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@heym"
-    ];
-    createHome = true;
-    group = "weechat";
-    home = "/var/lib/weechat";
-    isSystemUser = true;
-    packages = [ pkgs.tmux ];
-  };
-}

systems/manakish/configuration.nix

@@ -1,3 +1,7 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
 { config, pkgs, ... }:
 let
   inherit (import <niveum/lib>) retiolumAddresses;
@@ -5,10 +9,25 @@ in
 {
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ./hdmi.nix
     <niveum/configs/default.nix>
     <niveum/configs/battery.nix>
     <niveum/configs/wpa_supplicant.nix>
+    {
+      programs.steam.enable = true;
+      nixpkgs.config.steam.java = true;
+    }
+    {
+      services.xserver.displayManager.sessionCommands =
+      let
+        intern = "LVDS-1";
+        extern = "HDMI-1";
+        pulseaudioCard = "alsa_card.pci-0000_00_1b.0";
+        pulseaudioProfile = "output:hdmi-stereo+input:analog-stereo";
+      in toString (pkgs.writers.writeDash "hdmi-on" ''
+        ${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto
+        ${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile}
+      '');
+    }
   ];
 
   niveum = {
@@ -17,17 +36,21 @@ in
     promptColours.success = "green";
   };
 
-  networking = {
+  networking.useDHCP = false;
-    useDHCP = false;
+  networking.interfaces = {
-    interfaces = {
+    enp0s25.useDHCP = true;
-      enp0s25.useDHCP = true;
+    wlp3s0.useDHCP = true;
-      wlp3s0.useDHCP = true;
+    wwp0s20u4i6.useDHCP = true;
-      wwp0s20u4i6.useDHCP = true;
-    };
-    wireless.interfaces = [ "wlp3s0" ];
-    retiolum = retiolumAddresses.manakish;
-    networking.hostName = "manakish";
   };
+  networking.wireless.interfaces = [ "wlp3s0" ];
+
+  environment.systemPackages = with pkgs; [
+    git vim
+  ];
+
+  networking.retiolum = retiolumAddresses.manakish;
+
+  networking.hostName = "manakish";
 
   system.stateVersion = "20.09"; # Did you read the comment?
 }

systems/manakish/hardware-configuration.nix

@@ -1,37 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
+
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  boot = {
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
-    initrd = {
+  boot.initrd.kernelModules = [ ];
-      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.kernelModules = [ "kvm-intel" ];
-      kernelModules = [];
+  boot.extraModulePackages = [ ];
-      luks.devices."crypted".device = "/dev/disk/by-uuid/493cb228-c292-4f71-9f38-dcb3e96dec47";
-    };
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
-    loader.grub = {
-      enable = true;
-      version = 2;
-      efiSupport = true;
-      efiInstallAsRemovable = true;
-      device = "/dev/sda";
-    };
-  };
 
-  fileSystems = {
+  fileSystems."/" =
-    "/" = {
+    { device = "/dev/disk/by-uuid/ff47c479-e6d4-4cd6-93f1-9685f4018bc6";
-      device = "/dev/disk/by-uuid/ff47c479-e6d4-4cd6-93f1-9685f4018bc6";
       fsType = "ext4";
     };
-    "/boot" = {
+
-      device = "/dev/disk/by-uuid/D4AC-91B0";
+  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/493cb228-c292-4f71-9f38-dcb3e96dec47";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D4AC-91B0";
       fsType = "vfat";
     };
-  };
 
   swapDevices = [ ];
   zramSwap.enable = true;
 
+  boot.loader.grub = {
+    enable = true;
+    version = 2;
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "/dev/sda";
+  };
+
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 }

systems/manakish/hdmi.nix

@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-{
-  services.xserver.displayManager.sessionCommands =
-  let
-    intern = "LVDS-1";
-    extern = "HDMI-1";
-    pulseaudioCard = "alsa_card.pci-0000_00_1b.0";
-    pulseaudioProfile = "output:hdmi-stereo+input:analog-stereo";
-  in toString (pkgs.writers.writeDash "hdmi-on" ''
-    ${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto
-    ${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile}
-  '');
-}

systems/toum/configuration.nix

@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (import <niveum/lib>) kieran;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    # <niveum/configs/hass>
+    <niveum/configs/distrobump.nix>
+    <niveum/configs/spacetime.nix>
+    <niveum/configs/sshd.nix>
+    <niveum/configs/save-space.nix>
+    <niveum/configs/tmux.nix>
+    <niveum/configs/version.nix>
+    <niveum/configs/traadfri.nix>
+    <niveum/configs/wpa_supplicant.nix>
+    <niveum/modules/retiolum.nix>
+  ];
+
+  nix.nixPath = [ "/var/src" ];
+
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  networking.hostName = "toum";
+
+  environment.variables.TERM = "linux";
+
+  environment.systemPackages = with pkgs; [
+    git vim htop wget reptyr
+    libraspberrypi
+  ];
+
+  users.mutableUsers = false;
+
+  networking.retiolum = {
+    ipv4 = "10.243.2.3";
+    ipv6 = "42:0:3c46:56af:d12b:affd:8390:df22";
+  };
+
+  environment.etc."tinc/retiolum/rsa_key.priv" = {
+    text = builtins.readFile <system-secrets/retiolum.key>;
+    mode = "400";
+  };
+
+  system.stateVersion = "20.03";
+}

systems/toum/hardware-configuration.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }: {
+  boot.kernelPackages = pkgs.linuxPackages; # https://github.com/NixOS/nixpkgs/issues/97064#issuecomment-708986741
+  boot.kernelParams = [ "cma=32M" ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [{
+    device = "/swapfile";
+    size = 1024;
+  }];
+}

systems/zaatar/configuration.nix

@@ -4,24 +4,100 @@ let
 in
 {
   imports = [
-    ./bvg.nix
-    ./gaslight.nix
     ./hardware-configuration.nix
-    ./kiosk.nix
-    ./moodle-dl-meinhark.nix
-    ./pulseaudio.nix
-    ./tuna.nix
     <home-manager/nixos>
-    <niveum/configs/keyboard.nix>
-    <niveum/configs/monitoring.nix>
-    <niveum/configs/nix.nix>
-    <niveum/configs/printing.nix>
-    <niveum/configs/spacetime.nix>
-    <niveum/configs/sshd.nix>
-    <niveum/configs/traadfri.nix>
-    <niveum/configs/version.nix>
     <niveum/configs/wpa_supplicant.nix>
+    <niveum/configs/keyboard.nix>
     <niveum/modules/retiolum.nix>
+    <niveum/configs/spacetime.nix>
+    <niveum/configs/nix.nix>
+    <niveum/configs/tuna.nix>
+    <niveum/configs/sshd.nix>
+    <niveum/configs/version.nix>
+    <niveum/configs/gaslight.nix>
+    <niveum/configs/printing.nix>
+    <niveum/configs/traadfri.nix>
+    <niveum/configs/bvg.nix>
+    <niveum/configs/moodle-dl/meinhark.nix>
+    <niveum/configs/monitoring/push.nix>
+    {
+      nixpkgs.config.allowUnfree = true;
+    }
+    {
+      sound.enable = true;
+
+      hardware.pulseaudio = {
+        enable = true;
+        systemWide = true;
+        tcp = {
+          enable = true;
+          anonymousClients.allowedIpRanges = [ "127.0.0.1" "10.243.2.0/24" "192.168.0.0/16" ];
+        };
+        zeroconf.publish.enable = true;
+      };
+      networking.firewall.allowedTCPPorts = [ 4713 ];
+    }
+    {
+      environment.systemPackages =
+      let
+        worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
+      in [
+        (pkgs.writers.writeDashBin "mpv" ''
+          ${pkgs.mpv}/bin/mpv --no-video "$@"
+        '')
+        (pkgs.writers.writeDashBin "worldradio" ''
+          shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
+        '')
+      ];
+    }
+    {
+      users.extraUsers.kiosk = {
+        isNormalUser = true;
+        password = "";
+        extraGroups = [ "audio" ];
+      };
+      services.cage = {
+        enable = true;
+        user = config.users.extraUsers.kiosk.name;
+        extraArguments = [ "-s" ]; # allow vt switching
+        program =
+        let startUrls = [ "https://open.spotify.com" "https://youtube.com" "http://bvg.kmein.r" ];
+        in pkgs.writers.writeDash "kiosk-browser" ''
+          while true; do
+            ${pkgs.chromium}/bin/chromium \
+              --no-first-run --no-message-box --noerrdialogs \
+              --default-browser --no-default-browser-check \
+              --start-maximized ${lib.escapeShellArgs startUrls}
+            sleep 0.5
+          done
+        '';
+      };
+      systemd.services.cage-tty1.environment.XKB_DEFAULT_LAYOUT = "de";
+      programs.chromium = {
+        enable = true;
+        extensions = [
+          "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
+        ];
+      };
+    }
+    {
+      environment.systemPackages = [ pkgs.tmux ];
+      systemd.services.turntables = {
+        description = "music controller session";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.alacritty.terminfo ];
+        script = ''
+          ${pkgs.tmux}/bin/tmux -2 new-session -d -s turntables ${pkgs.alsaUtils}/bin/alsamixer \; new-window
+        '';
+        preStop = "${pkgs.tmux}/bin/tmux kill-session -t turntables";
+        serviceConfig = {
+          User = "root";
+          RemainAfterExit = true;
+          Type = "oneshot";
+        };
+      };
+    }
   ];
 
   nix.nixPath = [ "/var/src" ];
@@ -34,25 +110,19 @@ in
 
   services.illum.enable = true;
 
-  environment.systemPackages =
+  environment.systemPackages = with pkgs; [ git vim htop ncmpcpp ];
-  let
-    worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
-  in [
-    (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
-    (pkgs.writers.writeDashBin "worldradio" ''
-      shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
-    '')
-    pkgs.git
-    pkgs.vim
-    pkgs.htop
-    pkgs.ncmpcpp
-  ];
 
-  networking = {
+  boot.loader.systemd-boot = {
-    hostName = "zaatar";
+    enable = true;
-    wireless.interfaces = [ "wlp2s0" ];
+    configurationLimit = 5;
-    retiolum = retiolumAddresses.zaatar;
   };
 
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "zaatar";
+  networking.wireless.interfaces = [ "wlp2s0" ];
+
+  networking.retiolum = retiolumAddresses.zaatar;
+
   system.stateVersion = "20.09";
 }

systems/zaatar/hardware-configuration.nix

@@ -1,32 +1,23 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }: {
-{
   imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
 
-  boot = {
+  boot.initrd.availableKernelModules =
-    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];
+    [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];
-    kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
+  boot.extraModulePackages = [ ];
-    loader = {
+
-      systemd-boot = {
+  fileSystems."/" = {
-        enable = true;
+    device = "/dev/disk/by-label/nixos";
-        configurationLimit = 5;
+    fsType = "ext4";
-      };
-      efi.canTouchEfiVariables = true;
-    };
   };
 
-  fileSystems = {
+  fileSystems."/boot" = {
-    "/" = {
+    device = "/dev/disk/by-label/boot";
-      device = "/dev/disk/by-label/nixos";
+    fsType = "vfat";
-      fsType = "ext4";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-label/boot";
-      fsType = "vfat";
-    };
   };
 
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices =
+    [{ device = "/dev/disk/by-label/swap"; }];
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

systems/zaatar/kiosk.nix

@@ -1,31 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  users.extraUsers.kiosk = {
-    isNormalUser = true;
-    password = "";
-    extraGroups = [ "audio" ];
-  };
-  services.cage = {
-    enable = true;
-    user = config.users.extraUsers.kiosk.name;
-    extraArguments = [ "-s" ]; # allow vt switching
-    program =
-    let startUrls = [ "https://open.spotify.com" "https://youtube.com" "http://bvg.kmein.r" ];
-    in pkgs.writers.writeDash "kiosk-browser" ''
-      while true; do
-        ${pkgs.chromium}/bin/chromium \
-          --no-first-run --no-message-box --noerrdialogs \
-          --default-browser --no-default-browser-check \
-          --start-maximized ${lib.escapeShellArgs startUrls}
-        sleep 0.5
-      done
-    '';
-  };
-  systemd.services.cage-tty1.environment.XKB_DEFAULT_LAYOUT = "de";
-  programs.chromium = {
-    enable = true;
-    extensions = [
-      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
-    ];
-  };
-}

systems/zaatar/pulseaudio.nix

@@ -1,14 +0,0 @@
-{
-  sound.enable = true;
-
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-    tcp = {
-      enable = true;
-      anonymousClients.allowedIpRanges = [ "127.0.0.1" "10.243.2.0/24" "192.168.0.0/16" ];
-    };
-    zeroconf.publish.enable = true;
-  };
-  networking.firewall.allowedTCPPorts = [ 4713 ];
-}