fix(spotifyd): disable mpris

fixes #48
big thanks to @n0ur and her copilot

configs/admin-essentials.nix

@@ -0,0 +1,88 @@
+{
+  pkgs,
+  niveumPackages,
+  ...
+}: {
+  environment.systemPackages = [
+    pkgs.htop
+    pkgs.w3m
+    pkgs.wget
+    # ARCHIVE TOOLS
+    pkgs.unzip
+    pkgs.unrar
+    pkgs.p7zip
+    pkgs.zip
+    # MONITORS
+    pkgs.iotop # I/O load monitor
+    pkgs.iftop # interface bandwidth monitor
+    pkgs.lsof # list open files
+    pkgs.psmisc # for killall, pstree
+    # SHELL
+    pkgs.sqlite
+    pkgs.fd # better find
+    pkgs.tree
+    pkgs.parallel # for parallel, since moreutils shadows task spooler
+    pkgs.ripgrep # better grep
+    pkgs.rlwrap
+    pkgs.progress # display progress bars for pipes
+    pkgs.file # determine file type
+    pkgs.gdu # ncurses disk usage (ncdu is broken)
+    pkgs.rmlint # remove duplicate files
+    pkgs.jq # json toolkit
+    pkgs.jless # less(1) for json
+    pkgs.fq # toolkit for yaml, xml and binaries
+    pkgs.bc # calculator
+    pkgs.pari # gp -- better calculator
+    pkgs.ts
+    niveumPackages.vimv
+    niveumPackages.vg
+    niveumPackages.fkill
+    niveumPackages.cyberlocker-tools
+    niveumPackages.untilport
+    niveumPackages.kpaste
+    # HARDWARE
+    pkgs.usbutils # for lsusb
+    pkgs.pciutils # for lspci
+    pkgs.lshw # for lshw
+  ];
+
+  environment.shellAliases = let
+    take = pkgs.writers.writeDash "take" ''
+      mkdir "$1" && cd "$1"
+    '';
+    cdt = pkgs.writers.writeDash "cdt" ''
+      cd "$(mktemp -d)"
+      pwd
+    '';
+    wcd = pkgs.writers.writeDash "wcd" ''
+      cd "$(readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname)/.."
+    '';
+    where = pkgs.writers.writeDash "where" ''
+      readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname
+    '';
+  in {
+    "ß" = "${pkgs.util-linux}/bin/setsid";
+    nixi = "nix repl '<nixpkgs>'";
+    take = "source ${take}";
+
+    wcd = "source ${wcd}";
+    where = "source ${where}";
+    # temporary files and directories
+    cdt = "source ${cdt}";
+    vit = "$EDITOR $(mktemp)";
+    # file safety
+    mv = "mv --interactive";
+    rm = "rm --interactive";
+    cp = "cp --interactive";
+    # colours
+    cat = "${pkgs.bat}/bin/bat --theme=ansi --style=plain";
+    l = "ls --color=auto --time-style=long-iso --almost-all";
+    ls = "ls --color=auto --time-style=long-iso";
+    ll = "ls --color=auto --time-style=long-iso -l";
+    la = "ls --color=auto --time-style=long-iso --almost-all -l";
+    ip = "${pkgs.iproute2}/bin/ip -c";
+    # systemd
+    s = "${pkgs.systemd}/bin/systemctl";
+    us = "${pkgs.systemd}/bin/systemctl --user";
+  };
+}

configs/aerc.nix

@@ -4,7 +4,7 @@
   lib,
   ...
 }: let
-  inherit (import ../lib/email.nix) defaults;
+  inherit (import ../lib/email.nix) defaults thunderbirdProfile;
 in {
   age.secrets = {
     email-password-cock = {
@@ -96,6 +96,26 @@ in {
 
     # programs.himalaya.enable = true;
 
+    programs.thunderbird = {
+      enable = true;
+      settings = {
+      };
+      profiles.${thunderbirdProfile} = {
+        isDefault = true;
+        settings = {
+          "mail.default_send_format" = 1;
+          "msgcompose.default_colors" = false;
+          "msgcompose.text_color" = config.lib.stylix.colors.withHashtag.base00;
+          "msgcompose.background_color" = config.lib.stylix.colors.withHashtag.base05;
+        };
+        userChrome = ''
+        '';
+        userContent = ''
+        '';
+        withExternalGnupg = false;
+      };
+    };
+
     programs.aerc = {
       enable = true;
 
@@ -227,19 +247,19 @@ in {
         general.pgp-provider = "gpg";
         viewer = {pager = "${pkgs.less}/bin/less -R";};
         compose = {
-          address-book-cmd = "khard email --remove-first-line --parsable '%s'";
-          no-attachment-warning = "(attach|attached|attachments?|anbei|Anhang|angehängt)";
+          # address-book-cmd = "khard email --remove-first-line --parsable '%s'";
+          no-attachment-warning = "(attach|attached|attachments?|anbei|Anhang|angehängt|beigefügt)";
         };
         filters = {
-          "text/plain" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
-          "text/calendar" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/calendar";
-          "text/html" = "${pkgs.aerc}/share/aerc/filters/html"; # Requires w3m, dante
+          "text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
+          "text/calendar" = "${pkgs.aerc}/libexec/aerc/filters/calendar";
+          "text/html" = "${pkgs.aerc}/libexec/aerc/filters/html"; # Requires w3m, dante
           # "text/html" =
           #   "${pkgs.aerc}/share/aerc/filters/html | ${pkgs.aerc}/share/aerc/filters/colorize";
           # "text/*" =
           #   ''${pkgs.bat}/bin/bat -fP --theme=ansi --file-name="$AERC_FILENAME "'';
-          "message/delivery-status" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
-          "message/rfc822" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
+          "message/delivery-status" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
+          "message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
           "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
         };
         openers = let

configs/bluetooth.nix

@@ -1,12 +1,10 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
+{pkgs, ...}: {
   hardware.bluetooth = {
     enable = true;
-    settings.General.Enable =
-      lib.concatStringsSep "," ["Source" "Sink" "Media" "Socket"];
+    package = pkgs.bluez;
+    settings.general = {
+      enable = "Source,Sink,Media,Socket";
+    };
   };
 
   services.blueman.enable = true;

configs/browser.nix

@@ -2,27 +2,24 @@
   pkgs,
   config,
   ...
-}: {
-  programs.chromium = {
-    enable = true;
-    extensions = [
-      # "ihlenndgcmojhcghmfjfneahoeklbjjh" # cVim
-      # "fpnmgdkabkmnadcjpehmlllkndpkmiak" # Wayback Machine
-      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
-      "pjjgklgkfeoeiebjogplpnibpfnffkng" # undistracted
-      "nhdogjmejiglipccpnnnanhbledajbpd" # vuejs devtools
-      "eimadpbcbfnmbkopoojfekhnkhdbieeh" # dark reader
-    ];
-  };
+}: let
+  inherit (import ../lib) tmpfilesConfig;
+in {
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "cro" ''
+      ${pkgs.chromium}/bin/chromium \
+        --disable-sync \
+        --no-default-browser-check \
+        --no-first-run \
+        --user-data-dir="$(mktemp -d)" \
+        --incognito \
+        "$@"
+    '')
+  ];
 
   home-manager.users.me = {
     programs.firefox = {
       enable = true;
-      package = pkgs.firefox.override {
-        cfg = {
-          enableTridactylNative = true;
-        };
-      };
       profiles = let
         defaultSettings = {
           "beacon.enabled" = false;
@@ -91,7 +88,5 @@
     };
   };
 
-  environment.systemPackages = [pkgs.brave];
-
-  environment.variables.BROWSER = "brave";
+  environment.variables.BROWSER = "firefox";
 }

configs/cloud.nix

@@ -17,8 +17,9 @@ in {
     }
   ];
 
+  services.gnome.gnome-keyring.enable = true;
+
   home-manager.users.me = {
-    services.gnome-keyring.enable = true;
     services.nextcloud-client = {
       enable = true;
       startInBackground = true;
@@ -95,7 +96,7 @@ in {
     mode = "400";
   };
 
-  services.syncthing = rec {
+  services.syncthing = {
     enable = true;
     user = "kfm";
     openDefaultPorts = true;
@@ -103,21 +104,23 @@ in {
     dataDir = "/home/kfm/.config/syncthing";
     cert = config.age.secrets.syncthing-cert.path;
     key = config.age.secrets.syncthing-key.path;
-    inherit ((import ../lib).syncthing) devices;
-    folders = let
-      cloud-dir = "${config.users.users.me.home}/cloud";
-    in {
-      "${cloud-dir}/syncthing/zotero".devices = ["kabsa" "manakish"];
-      "${cloud-dir}/syncthing/common".devices = ["kabsa" "manakish"];
-      "${cloud-dir}/syncthing/library".devices = ["kabsa" "manakish" "heym"];
-      "${cloud-dir}/syncthing/mundoiu".devices = ["kabsa" "manakish" "heym"];
-      "${cloud-dir}/syncthing/obsidian" = {
-        devices = ["kabsa" "manakish" "heym"];
-        id = "3r1hu-3barr";
-      };
-      "${cloud-dir}/syncthing/music" = {
-        devices = ["kabsa" "manakish" "heym" "zaatar"];
-        id = "music";
+    settings = {
+      inherit ((import ../lib).syncthing) devices;
+      folders = let
+        cloud-dir = "${config.users.users.me.home}/cloud";
+      in {
+        "${cloud-dir}/syncthing/zotero/storage".devices = ["kabsa" "manakish"];
+        "${cloud-dir}/syncthing/common".devices = ["kabsa" "manakish"];
+        "${cloud-dir}/syncthing/library".devices = ["kabsa" "manakish" "heym"];
+        "${cloud-dir}/syncthing/mundoiu".devices = ["kabsa" "manakish" "heym"];
+        "${cloud-dir}/syncthing/obsidian" = {
+          devices = ["kabsa" "manakish" "heym"];
+          id = "3r1hu-3barr";
+        };
+        "${cloud-dir}/syncthing/music" = {
+          devices = ["kabsa" "manakish" "heym" "zaatar"];
+          id = "music";
+        };
       };
     };
   };

configs/default.nix

@@ -25,6 +25,8 @@ in {
           };
           permittedInsecurePackages = [
             "qtwebkit-5.212.0-alpha4"
+            "zotero-6.0.26"
+            "electron-25.9.0"
           ];
         };
       };
@@ -81,9 +83,10 @@ in {
       users.users.me = {
         name = "kfm";
         description = kieran.name;
-        passwordFile = config.age.secrets.kfm-password.path;
+        hashedPasswordFile = config.age.secrets.kfm-password.path;
         isNormalUser = true;
         uid = 1000;
+        extraGroups = ["pipewire" "audio"];
       };
 
       age.secrets = {
@@ -95,48 +98,16 @@ in {
     {
       environment.interactiveShellInit = "export PATH=$PATH:$HOME/projects/niveum";
       environment.shellAliases = let
-        wcd = pkgs.writers.writeDash "wcd" ''
-          cd "$(readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname)/.."
-        '';
-        where = pkgs.writers.writeDash "where" ''
-          readlink "$(${pkgs.which}/bin/which --skip-alias "$1")" | xargs dirname
-        '';
-        take = pkgs.writers.writeDash "take" ''
-          mkdir "$1" && cd "$1"
-        '';
-        cdt = pkgs.writers.writeDash "cdt" ''
-          cd "$(mktemp -d)"
-          pwd
-        '';
         swallow = command: "${niveumPackages.swallow}/bin/swallow ${command}";
       in {
-        "ß" = "${pkgs.util-linux}/bin/setsid";
-        cat = "${pkgs.bat}/bin/bat --theme=ansi --style=plain";
-        chromium-incognito = "chromium --user-data-dir=$(mktemp -d /tmp/chr.XXXXXX) --no-first-run --incognito";
-        cp = "cp --interactive";
-        ip = "${pkgs.iproute2}/bin/ip -c";
-        l = "ls --color=auto --time-style=long-iso --almost-all";
-        ls = "ls --color=auto --time-style=long-iso";
-        ll = "ls --color=auto --time-style=long-iso -l";
-        la = "ls --color=auto --time-style=long-iso --almost-all -l";
-        mv = "mv --interactive";
-        nixi = "nix repl '<nixpkgs>'";
-        ns = "nix-shell --run zsh";
         o = "${pkgs.xdg-utils}/bin/xdg-open";
+        ns = "nix-shell --run zsh";
         pbcopy = "${pkgs.xclip}/bin/xclip -selection clipboard -in";
         pbpaste = "${pkgs.xclip}/bin/xclip -selection clipboard -out";
-        rm = "rm --interactive";
-        s = "${pkgs.systemd}/bin/systemctl";
-        take = "source ${take}";
-        cdt = "source ${cdt}";
-        vit = "$EDITOR $(mktemp)";
         tmux = "${pkgs.tmux}/bin/tmux -2";
         sxiv = swallow "${pkgs.nsxiv}/bin/nsxiv";
         zathura = swallow "${pkgs.zathura}/bin/zathura";
-        us = "${pkgs.systemd}/bin/systemctl --user";
-        wcd = "source ${wcd}";
         im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
-        where = "source ${where}";
         yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
         yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -xic"; # Download with audio
       };
@@ -237,6 +208,7 @@ in {
       };
     }
     ./android.nix
+    ./admin-essentials.nix
     ./stylix.nix
     ./alacritty.nix
     ./backup.nix
@@ -245,7 +217,7 @@ in {
     ./aerc.nix
     ./ccc.nix
     ./khal.nix
-    ./chromium.nix
+    ./browser.nix
     ./clipboard.nix
     ./cloud.nix
     ./direnv.nix
@@ -288,6 +260,7 @@ in {
     ./unclutter.nix
     ./vscode.nix
     ./watson.nix
+    ./wallpaper.nix
     ./zsh.nix
     ./tor.nix
     ./stw-berlin.nix

configs/fonts.nix

@@ -31,7 +31,7 @@
   };
   newGardiner = zip-font "NewGardiner" {
     url = "https://mjn.host.cs.st-andrews.ac.uk/egyptian/fonts/NewGardiner.zip";
-    hash = "sha256-i7ZBN28no/884fYMA7ZJ47WpkwZXzY//TK0bDz21pE0=";
+    hash = "sha256-nP0y4ILt+0mlkDRdCNSeO2Gequ8wyix/qQdmujTNw3Y=";
     stripRoot = false;
   };
   junicode2 = zip-font "JunicodeTwo" {
@@ -52,9 +52,9 @@
   };
 in {
   fonts = {
-    enableDefaultFonts = true;
+    enableDefaultPackages = true;
     fontDir.enable = true;
-    fonts = with pkgs; [
+    packages = with pkgs; [
       alegreya
       alegreya-sans
       amiri
@@ -109,7 +109,7 @@ in {
     fontconfig.defaultFonts = rec {
       monospace = ["Noto Sans Mono"] ++ emoji;
       serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
-      sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic"];
+      sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic"];
       emoji = ["Noto Color Emoji"];
     };
     # xelatex fails with woff files

configs/fu-berlin.nix

@@ -5,7 +5,7 @@
   ...
 }: let
   username = "meinhak99";
-  inherit (import ../lib/email.nix) defaults;
+  inherit (import ../lib/email.nix) defaults pronouns;
   fu-defaults = rec {
     imap.host = "mail.zedat.fu-berlin.de";
     smtp.host = imap.host;
@@ -33,6 +33,21 @@ in {
             address = "kieran.meinhardt@fu-berlin.de";
             aliases = ["${userName}@fu-berlin.de"];
             passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
+            aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
+            signature = {
+              showSignature = "append";
+              text = ''
+                ${defaults.realName}
+                ${pronouns}
+
+                ---
+                Studentische Hilfskraft / ZODIAC
+                Freie Universität Berlin
+
+                Telefon: +49 30 838 58118
+                Arnimallee 10, Raum K011, 14195 Berlin
+              '';
+            };
           });
     };
   };
@@ -66,6 +81,35 @@ in {
     };
   };
 
+  # https://www.zedat.fu-berlin.de/tip4u_157.pdf
+  fileSystems = let
+    fu-berlin-cifs-options = [
+      "uid=${toString config.users.users.me.uid}"
+      "gid=${toString config.users.groups.users.gid}"
+      "rw"
+      "nounix"
+      "domain=fu-berlin"
+      "noauto"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=1"
+      "x-systemd.idle-timeout=1min"
+    ];
+  in {
+    "/media/fu-berlin/zodiac" = {
+      device = "//trove.storage.fu-berlin.de/GESCHKULT";
+      fsType = "cifs";
+      options =
+        fu-berlin-cifs-options
+        ++ [
+          "credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
+        ];
+    };
+  };
+
+  age.secrets = {
+    cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
+  };
+
   systemd.services.fu-vpn = {
     enable = true;
     wants = ["network-online.target"];

configs/hledger.nix

@@ -2,18 +2,23 @@
   config,
   pkgs,
   ...
-}: {
+}: let
+  ledgerDirectory = "$HOME/projects/ledger";
+  timeLedger = "${ledgerDirectory}/time.timeclock";
+  hora = pkgs.writers.writeDashBin "hora" ''
+    ${pkgs.hledger}/bin/hledger -f "${timeLedger}" "$@"
+  '';
+in {
   environment.systemPackages = let
-    ledgerDirectory = "$HOME/projects/ledger";
-    timeLedger = "${ledgerDirectory}/time.timeclock";
     git = "${pkgs.git}/bin/git -C ${ledgerDirectory}";
   in [
     pkgs.hledger
     (pkgs.writers.writeDashBin "hora-edit" ''
       $EDITOR + "${timeLedger}" && ${pkgs.git}/bin/git -C "$(${pkgs.coreutils}/bin/dirname ${timeLedger})" commit --all --message "$(${pkgs.coreutils}/bin/date -Im)"
     '')
-    (pkgs.writers.writeDashBin "hora" ''
-      ${pkgs.hledger}/bin/hledger -f "${timeLedger}" "$@"
+    hora
+    (pkgs.writers.writeDashBin "hora-year" ''
+      ${hora}/bin/hora bal --tree --monthly --begin $(date +%Y) --depth 1
     '')
     (pkgs.writers.writeDashBin "hora-filli" ''
       ${pkgs.hledger}/bin/hledger -f "${timeLedger}" register fillidefilla -O csv \

configs/hu-berlin.nix

@@ -4,7 +4,7 @@
   lib,
   ...
 }: let
-  inherit (import ../lib/email.nix) defaults;
+  inherit (import ../lib/email.nix) defaults pronouns;
   hu-defaults = {
     imap.host = "mailbox.cms.hu-berlin.de";
     imap.port = 993;
@@ -56,12 +56,6 @@ in {
       group = config.users.users.me.group;
       mode = "400";
     };
-    email-password-fsklassp = {
-      file = ../secrets/email-password-fsklassp.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
   };
 
   home-manager.users.me = {
@@ -80,15 +74,6 @@ in {
     };
 
     accounts.email.accounts = rec {
-      hu-student =
-        lib.recursiveUpdate defaults
-        (lib.recursiveUpdate hu-defaults
-          rec {
-            userName = "meinhark";
-            address = "kieran.felix.meinhardt@hu-berlin.de";
-            aliases = ["${userName}@hu-berlin.de"];
-            passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhark.path}";
-          });
       hu-student-cs =
         lib.recursiveUpdate defaults
         (lib.recursiveUpdate hu-defaults
@@ -113,6 +98,7 @@ in {
               showSignature = "append";
               text = ''
                 ${defaults.realName}
+                ${pronouns}
                 Studentische Hilfskraft / Administrator ALEW
                 Humboldt-Universität zu Berlin
 
@@ -133,28 +119,6 @@ in {
             inherit (hu-employee) signature;
             aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
           });
-      hu-fsi =
-        lib.recursiveUpdate defaults
-        (lib.recursiveUpdate hu-defaults
-          rec {
-            userName = "fsklassp";
-            passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-fsklassp.path}";
-            address = "${userName}@hu-berlin.de";
-            realName = "FSI Klassische Philologie";
-            aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
-            signature = {
-              showSignature = "append";
-              text = ''
-                Fachschafts-Initiative
-
-                Humboldt-Universität zu Berlin
-                Sprach- und literaturwissenschaftliche Fakultät
-                Institut für klassische Philologie
-                Unter den Linden 6
-                10099 Berlin
-              '';
-            };
-          });
     };
   };
 
@@ -181,20 +145,17 @@ in {
   systemd.services.hu-vpn = {
     enable = true;
     wants = ["network-online.target"];
-    serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
+    serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhaki.path}";
     script = ''
-      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
-      then
-        ${pkgs.openfortivpn}/bin/openfortivpn \
-          --password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
-          --config=${
+      ${pkgs.openfortivpn}/bin/openfortivpn \
+        --password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
+        --config=${
         pkgs.writeText "hu-berlin.config" ''
           host = forti-ssl.vpn.hu-berlin.de
           port = 443
-          username = meinhark
+          username = meinhaki
         ''
       }
-      fi
     '';
   };
 }

configs/i3.nix

@@ -50,8 +50,11 @@
       emojai = pkgs.writers.writeDash "emojai" ''
         ${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
       '';
-      gpt = pkgs.writers.writeDash "gpt" ''
-        ${niveumPackages.gpt}/bin/gpt
+      "gpt-3.5" = pkgs.writers.writeDash "gpt" ''
+        ${niveumPackages.gpt35}/bin/gpt
+      '';
+      gpt-4 = pkgs.writers.writeDash "gpt" ''
+        ${niveumPackages.gpt4}/bin/gpt
       '';
     };
   };
@@ -243,7 +246,7 @@ in {
         "XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
         "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 5";
         "XF86Calculator" = "exec ${pkgs.st}/bin/st -c floating -e ${pkgs.bc}/bin/bc";
-        "XF86AudioPause" = "exec ${pkgs.playerctl}/bin/playerctl pause";
+        "XF86AudioPause" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
         "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
         "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
         "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";

configs/i3status-rust.nix

@@ -3,6 +3,15 @@
   config,
   ...
 }: {
+  age.secrets = {
+    miniflux-api-token = {
+      file = ../secrets/miniflux-api-token.age;
+      owner = config.users.users.me.name;
+      group = config.users.users.me.group;
+      mode = "400";
+    };
+  };
+
   home-manager.users.me = {
     programs.i3status-rust = {
       enable = true;
@@ -27,6 +36,11 @@
           };
         };
         blocks = [
+          {
+            block = "music";
+            format = "{$icon $combo $play |}";
+            separator = " – ";
+          }
           {
             block = "weather";
             autolocate = true;
@@ -60,6 +74,24 @@
                 print("↑{} ↓{} {}{}".format(sun["sunrise"].strftime("%R"), sun["sunset"].strftime("%R"), "☽" if current_phase < 14 else "☾", round(current_phase, 1)))
               '';
           }
+          {
+            block = "custom";
+            interval = 5 * 60;
+            hide_when_empty = true;
+            json = true;
+            icons_overrides.update = "";
+            command = let
+              minifluxEndpoint = "https://feed.kmein.de";
+            in
+              pkgs.writers.writeDash "miniflux" ''
+                MINIFLUX_TOKEN=$(cat ${config.age.secrets.miniflux-api-token.path})
+                ${pkgs.curl}/bin/curl --insecure --header "X-Auth-Token: $MINIFLUX_TOKEN" ${minifluxEndpoint}/v1/feeds/counters \
+                  | ${pkgs.jq}/bin/jq '{
+                    text: ((.unreads | values | add) // 0) | tostring,
+                    icon: "update"
+                  }'
+              '';
+          }
           {
             block = "github";
             info = ["total"];

configs/mpv.nix

@@ -36,7 +36,7 @@ in {
         "Alt+j" = "add video-pan-y -0.05";
       };
       scripts = [
-        pkgs.mpvScripts.youtube-quality
+        pkgs.mpvScripts.quality-menu
         niveumPackages.mpv-visualizer
       ];
     };

configs/packages.nix

@@ -65,8 +65,6 @@ in {
     aria2
     firefox
     tdesktop
-    w3m
-    wget
     whois
     dnsutils
     # FILE MANAGERS
@@ -77,44 +75,19 @@ in {
     imagemagick
     exiftool
     nsxiv
-    # ARCHIVE TOOLS
-    unzip
-    unrar
-    p7zip
-    zip
-    # MONITORS
-    htop
-    iotop # I/O load monitor
-    iftop # interface bandwidth monitor
-    lsof # list open files
-    psmisc # for killall, pstree
     # SHELL
     bat # better cat
-    fd # better find
-    file # determine file type
     dos2unix
     genpass # generate passwords
-    gdu # ncurses disk usage (ncdu is broken)
-    rmlint # remove duplicate files
     gcc
     python3Packages.jsonschema # json validation
-    jq # json toolkit
     pup # html toolkit
     htmlq
     xsv # csv toolkit
-    fq # toolkit for yaml, xml and binaries
     man-pages
     man-pages-posix
-    tree
     exfat # to mount windows drives
-    parallel # for parallel, since moreutils shadows task spooler
-    ripgrep # better grep
-    rlwrap
-    progress # display progress bars for pipes
     # HARDWARE TOOLS
-    usbutils # for lsusb
-    pciutils # for lspci
-    lshw # for lshw
     arandr # xrandr for noobs
     libnotify # for notify-send
     xclip # clipboard CLI
@@ -124,6 +97,7 @@ in {
     calibre
     electrum
     inkscape
+    gthumb
     astrolog
     obsidian
     anki-bin # flashcards
@@ -140,8 +114,6 @@ in {
     niveumPackages.hc # print files as qr codes
     yt-dlp
     espeak
-    bc # calculator
-    pari # gp -- better calculator
     rink # unit converter
     niveumPackages.auc
     niveumPackages.cheat-sh
@@ -157,24 +129,23 @@ in {
     niveumPackages.ipa # XSAMPA to IPA converter
     niveumPackages.pls
     niveumPackages.mpv-tv
+    niveumPackages.mpv-iptv
+    jellyfin-media-player
     niveumPackages.devanagari
     niveumPackages.betacode # ancient greek betacode to unicode converter
     niveumPackages.meteo
     niveumPackages.mahlzeit
-    niveumPackages.vimv
+    niveumPackages.jq-lsp
     niveumPackages.swallow # window swallowing
     niveumPackages.literature-quote
-    jless # less(1) for json
     niveumPackages.booksplit
     niveumPackages.dmenu-randr
     niveumPackages.dmenu-bluetooth
     niveumPackages.manual-sort
     niveumPackages.dns-sledgehammer
-    ts
-    niveumPackages.vg
-    niveumPackages.fkill
     niveumPackages.wttr
     niveumPackages.unicodmenu
+    niveumPackages.emailmenu
     niveumPackages.closest
     niveumPackages.trans
     (niveumPackages.mpv-radio.override {
@@ -196,7 +167,7 @@ in {
     par
     qrencode
 
-    inputs.menstruation-backend.defaultPackage.x86_64-linux
+    # inputs.menstruation-backend.defaultPackage.x86_64-linux
     inputs.agenix.packages.x86_64-linux.default
     inputs.recht.defaultPackage.x86_64-linux
 
@@ -222,9 +193,6 @@ in {
 
     #krebs
     niveumPackages.dic
-    niveumPackages.cyberlocker-tools
-    niveumPackages.untilport
-    niveumPackages.kpaste
     config.nur.repos.mic92.ircsink
 
     (haskellPackages.ghcWithHoogle (hs: [
@@ -256,6 +224,12 @@ in {
     lua-language-server
     nodePackages.vscode-langservers-extracted
 
+    dhall-lsp-server
+    dhall-nix
+    dhall-bash
+    dhall-json
+    dhall
+
     html-tidy
     nodePackages.csslint
     nodePackages.jsonlint
@@ -275,7 +249,7 @@ in {
     libreoffice
     # gnumeric
     dia
-    unstablePackages.pandoc
+    pandoc
     niveumPackages.man-pandoc
     typst
     # proselint

configs/sound.nix

@@ -1,12 +1,8 @@
 {pkgs, ...}: {
   sound.enable = true;
 
-  # realtime audio for pulseaudio
-  security.rtkit.enable = true;
-
   services.pipewire = {
-    enable = false;
-    systemWide = false;
+    enable = true;
     alsa = {
       enable = true;
       support32Bit = true;
@@ -15,25 +11,21 @@
     jack.enable = true;
   };
 
-  hardware.pulseaudio = {
+  systemd.user.services.pipewire-pulse.path = [pkgs.pulseaudio];
+
+  services.avahi = {
     enable = true;
-    package = pkgs.pulseaudioFull;
-    # copy server:/run/pulse/.config/pulse/cookie to client:~/.config/pulse/cookie to authenticate a client machine
-    zeroconf.discovery.enable = true;
-    extraConfig = ''
-      load-module ${
-        toString [
-          "module-tunnel-sink-new"
-          "server=zaatar.r"
-          "sink_name=zaatar"
-          "channels=2"
-          "rate=44100"
-        ]
-      }
-    '';
+    publish.enable = true;
+    publish.userServices = true;
   };
 
-  users.users.me.extraGroups = ["pipewire" "audio"];
+  environment.etc."pipewire/pipewire-pulse.conf.d/50-network-party.conf".text = ''
+    context.exec = [
+      { path = "pactl" args = "load-module module-native-protocol-tcp" }
+      { path = "pactl" args = "load-module module-zeroconf-discover" }
+      { path = "pactl" args = "load-module module-zeroconf-publish" }
+    ]
+  '';
 
   environment.systemPackages = [
     pkgs.pavucontrol

configs/stw-berlin.nix

@@ -10,7 +10,8 @@
     wants = ["network-online.target"];
     startAt = "weekly";
     serviceConfig = {
-      user = "kfm";
+      User = config.users.users.me.name;
+      Group = config.users.users.me.group;
       WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
       LoadCredential = [
         "password:${config.age.secrets.stw-berlin-card-code.path}"

configs/stylix.nix

@@ -21,25 +21,23 @@ in {
 
   # stylix.polarity = "either";
   stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/${
-    {
-      "0" = "synth-midnight-dark";
-      "1" = "apprentice"; # https://romainl.github.io/Apprentice/
-      "2" = "one-light";
-      "3" = "one-dark";
-      "4" = "material"; # https://github.com/ntpeters/base16-materialtheme-scheme
-      "5" = "material-palenight";
-      "6" = "material-lighter";
-      "7" = "tomorrow"; # https://github.com/chriskempson/tomorrow-theme
-      "8" = "tomorrow-night";
-      "9" = "gruvbox-light-medium"; # https://github.com/dawikur/base16-gruvbox-scheme
-      "a" = "gruvbox-dark-medium";
-      "b" = "selenized-light"; # https://github.com/jan-warchol/selenized
-      "c" = "selenized-dark";
-      "d" = "papercolor-light";
-      "e" = "papercolor-dark";
-      "f" = "dracula"; # https://draculatheme.com/
-    }
-    .${builtins.head (lib.stringToCharacters inputs.nixpkgs.rev)}
+    "onedark"
+    # synth-midnight-dark
+    # apprentice # https://romainl.github.io/Apprentice/
+    # one-light
+    # onedark
+    # material # https://github.com/ntpeters/base16-materialtheme-scheme
+    # material-palenight
+    # material-lighter
+    # tomorrow # https://github.com/chriskempson/tomorrow-theme
+    # tomorrow-night
+    # gruvbox-light-medium # https://github.com/dawikur/base16-gruvbox-scheme
+    # gruvbox-dark-medium
+    # selenized-light # https://github.com/jan-warchol/selenized
+    # selenized-dark
+    # papercolor-light
+    # papercolor-dark
+    # dracula # https://draculatheme.com/
   }.yaml";
 
   stylix.fonts = {

configs/telegram-bots/default.nix

@@ -51,6 +51,7 @@ in {
     telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age;
     telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age;
     telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age;
+    telegram-token-streaming-link.file = ../../secrets/telegram-token-streaming-link.age;
   };
 
   systemd.services.telegram-reverse = {
@@ -66,6 +67,17 @@ in {
     serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-reverse.path}";
   };
 
+  systemd.services.telegram-streaming-link = {
+    wantedBy = ["multi-user.target"];
+    description = "Telegram bot converting YouTube Music <-> Spotify";
+    enable = true;
+    script = ''
+      TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-streaming-link
+    '';
+    serviceConfig.Restart = "always";
+    serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-streaming-link.path}";
+  };
+
   systemd.services.telegram-betacode = {
     wantedBy = ["multi-user.target"];
     description = "Telegram beta code bot";

configs/wallpaper.nix

@@ -3,7 +3,8 @@
   lib,
   ...
 }: let
-  url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
+  # url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
+  url = "http://wallpaper.r/realwallpaper-krebs.png";
   stateDir = "~/.cache/wallpaper";
 in {
   systemd.user.services.wallpaper = {

flake.nix

@@ -5,14 +5,14 @@
     agenix.url = "github:ryantm/agenix";
     coptic-dictionary.url = "github:kmein/coptic-dictionary";
     flake-utils.url = "github:numtide/flake-utils";
-    home-manager.url = "github:nix-community/home-manager/release-23.05";
+    home-manager.url = "github:nix-community/home-manager/release-23.11";
     menstruation-backend.url = "github:kmein/menstruation.rs";
     menstruation-telegram.url = "github:kmein/menstruation-telegram";
     nix-on-droid.url = "github:t184256/nix-on-droid/release-23.05";
     nixinate.url = "github:matthewcroughan/nixinate";
     nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
     nur.url = "github:nix-community/NUR";
     recht.url = "github:kmein/recht";
     retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum";
@@ -29,15 +29,14 @@
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     coptic-dictionary.inputs.nixpkgs.follows = "nixpkgs";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
-    menstruation-backend.inputs.flake-utils.follows = "flake-utils";
-    menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
-    menstruation-backend.inputs.rust-overlay.follows = "rust-overlay";
+    # menstruation-backend.inputs.flake-utils.follows = "flake-utils";
+    # menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
+    # menstruation-backend.inputs.rust-overlay.follows = "rust-overlay";
     menstruation-telegram.inputs.flake-utils.follows = "flake-utils";
     menstruation-telegram.inputs.menstruation-backend.follows = "menstruation-backend";
     menstruation-telegram.inputs.nixpkgs.follows = "nixpkgs-old";
     nix-on-droid.inputs.home-manager.follows = "home-manager";
     nix-on-droid.inputs.nixpkgs.follows = "nixpkgs";
-    nixinate.inputs.nixpkgs.follows = "nixpkgs";
     recht.inputs.flake-utils.follows = "flake-utils";
     recht.inputs.nixpkgs.follows = "nixpkgs";
     rust-overlay.inputs.flake-utils.follows = "flake-utils";
@@ -61,41 +60,55 @@
     nixpkgs-unstable,
     nur,
     home-manager,
-    nixinate,
     agenix,
     retiolum,
+    nixinate,
     flake-utils,
     nix-on-droid,
     stylix,
     ...
   }:
     {
-      apps =
-        nixinate.nixinate.x86_64-linux self
-        // {
-          x86_64-linux = let
-            pkgs = nixpkgs.legacyPackages.x86_64-linux;
-          in {
+      apps = {
+        x86_64-linux = let
+          pkgs = nixpkgs.legacyPackages.x86_64-linux;
+          lib = nixpkgs.lib;
+        in
+          nixinate.nixinate.x86_64-linux self
+          // {
             mock-secrets = {
               type = "app";
               program = toString (pkgs.writers.writeDash "mock-secrets" ''
                 ${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f  | ${pkgs.coreutils}/bin/sort > secrets.txt
               '');
             };
-            deploy = {
+          }
+          # the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
+          // builtins.listToAttrs (map (hostname: let
+            externalNetwork = import ./lib/external-network.nix;
+            targets = {
+              ful = "root@ful";
+              zaatar = "root@zaatar";
+              makanek = "root@makanek";
+              manakish = "root@manakish";
+              kabsa = "root@kabsa";
+            };
+          in
+            lib.attrsets.nameValuePair "deploy-${hostname}" {
               type = "app";
-              program = toString (pkgs.writers.writeDash "deploy" ''
-                if [ $# -eq 0 ]
-                then
-                  systems='${toString (builtins.attrNames self.nixosConfigurations)}'
-                else
-                  systems=$*
-                fi
-                ${pkgs.parallel}/bin/parallel --line-buffer --tagstring '{}' 'nix run .\?submodules=1\#apps.nixinate.{}' ::: $systems
+              program = toString (pkgs.writers.writeDash "deploy-${hostname}" ''
+                exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --max-jobs 2 --log-format internal-json --flake .?submodules=1#${hostname} --build-host ${targets.${hostname}} --target-host ${targets.${hostname}} 2>&1 | ${pkgs.nix-output-monitor}/bin/nom --json
+              '');
+            }) (builtins.attrNames self.nixosConfigurations))
+          // {
+            deploy-ful = {
+              type = "app";
+              program = toString (pkgs.writers.writeDash "deploy-ful" ''
+                exec ${pkgs.nix}/bin/nix run .?submodules=1#nixinate.ful --log-format internal-json 2>&1 | ${pkgs.nix-output-monitor}/bin/nom --json
               '');
             };
           };
-        };
+      };
 
       nixosModules = {
         htgen = import modules/htgen.nix;
@@ -147,6 +160,12 @@
           system = "aarch64-linux";
           specialArgs = niveumSpecialArgs system;
           modules = [
+            systems/ful/configuration.nix
+            agenix.nixosModules.default
+            inputs.self.nixosModules.passport
+            inputs.self.nixosModules.panoptikon
+            retiolum.nixosModules.retiolum
+            nur.nixosModules.nur
             {
               _module.args.nixinate = {
                 host = "ful";
@@ -156,27 +175,12 @@
                 hermetic = false;
               };
             }
-            systems/ful/configuration.nix
-            agenix.nixosModules.default
-            inputs.self.nixosModules.passport
-            inputs.self.nixosModules.panoptikon
-            retiolum.nixosModules.retiolum
-            nur.nixosModules.nur
           ];
         };
         zaatar = nixpkgs.lib.nixosSystem rec {
           system = "x86_64-linux";
           specialArgs = niveumSpecialArgs system;
           modules = [
-            {
-              _module.args.nixinate = {
-                host = "zaatar";
-                sshUser = "root";
-                buildOn = "remote";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
             systems/zaatar/configuration.nix
             inputs.self.nixosModules.moodle-dl
             agenix.nixosModules.default
@@ -188,15 +192,6 @@
           # for using inputs in other config files
           specialArgs = niveumSpecialArgs system;
           modules = [
-            {
-              _module.args.nixinate = {
-                host = "makanek";
-                sshUser = "root";
-                buildOn = "local";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
             systems/makanek/configuration.nix
             inputs.self.nixosModules.telegram-bot
             inputs.self.nixosModules.htgen
@@ -226,15 +221,6 @@
           system = "x86_64-linux";
           specialArgs = niveumSpecialArgs system;
           modules = [
-            {
-              _module.args.nixinate = {
-                host = "manakish";
-                sshUser = "root";
-                buildOn = "local";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
             systems/manakish/configuration.nix
             agenix.nixosModules.default
             retiolum.nixosModules.retiolum
@@ -247,15 +233,6 @@
           system = "x86_64-linux";
           specialArgs = niveumSpecialArgs system;
           modules = [
-            {
-              _module.args.nixinate = {
-                host = "kabsa";
-                sshUser = "root";
-                buildOn = "remote";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
             systems/kabsa/configuration.nix
             agenix.nixosModules.default
             retiolum.nixosModules.retiolum
@@ -272,7 +249,7 @@
         overlays = [
           nur.overlay
           (self: super: {
-            mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer];};
+            mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
             dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
           })
         ];
@@ -307,8 +284,11 @@
         genius = pkgs.callPackage packages/genius.nix {};
         gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
         git-preview = pkgs.callPackage packages/git-preview.nix {};
-        gpt = pkgs.callPackage packages/gpt.nix {};
+        gpt35 = pkgs.callPackage packages/gpt.nix {model = "gpt-3.5-turbo";};
+        gpt4 = pkgs.callPackage packages/gpt.nix {model = "gpt-4";};
         hc = pkgs.callPackage packages/hc.nix {};
+        jq-lsp = pkgs.callPackage packages/jq-lsp.nix {};
+        stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
         heuretes = pkgs.callPackage packages/heuretes.nix {};
         htgen = pkgs.callPackage packages/htgen.nix {};
         image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix {};
@@ -333,6 +313,7 @@
         mpv-radio = pkgs.callPackage packages/mpv-radio.nix {di-fm-key-file = "/dev/null";};
         mpv-tuner = pkgs.callPackage packages/mpv-tuner.nix {di-fm-key-file = "/dev/null";};
         mpv-tv = pkgs.callPackage packages/mpv-tv.nix {};
+        mpv-iptv = pkgs.callPackage packages/mpv-iptv.nix {};
         mpv-visualizer = unstablePackages.mpvScripts.visualizer;
         new-mac = pkgs.callPackage packages/new-mac.nix {};
         nix-git = pkgs.callPackage packages/nix-git.nix {};
@@ -350,6 +331,7 @@
         trans = pkgs.callPackage packages/trans.nix {};
         ttspaste = pkgs.callPackage packages/ttspaste.nix {};
         unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
+        emailmenu = pkgs.callPackage packages/emailmenu.nix {};
         untilport = pkgs.callPackage packages/untilport.nix {};
         vg = pkgs.callPackage packages/vg.nix {};
         vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};

lib/email.nix

@@ -1,5 +1,21 @@
-{
+rec {
+  thunderbirdProfile = "donnervogel";
+  pronouns = builtins.concatStringsSep "/" [
+    "er"
+    "he"
+    "is"
+    "οὗτος"
+    "هو"
+    "ⲛ̄ⲧⲟϥ"
+    "он"
+    "han"
+    "सः"
+  ];
   defaults = {
+    thunderbird = {
+      enable = true;
+      profiles = [thunderbirdProfile];
+    };
     aerc.enable = true;
     realName = "Kierán Meinhardt";
     folders.inbox = "INBOX";

lib/streams.nix

@@ -148,6 +148,11 @@ in
       logo = "https://de.wikipedia.org/wiki/Wikipedia:Enzyklop%C3%A4die/Logo_von_Wikipedia#/media/Datei:Wikipedia-logo-v2.svg";
       tags = [tags.text];
     }
+    {
+      stream = "http://stream.freiesradio.org:8000/live.mp3";
+      station = "Freies Radio Kassel";
+      description = "Gesellschaft zur drahtlosen Belehrung und Erbauung";
+    }
     {
       stream = "http://162.244.80.20:6948";
       station = "Cool Jazz Florida";
@@ -1416,9 +1421,8 @@ in
       tags = [tags.arabic];
     }
     {
-      stream = "http://5.9.16.111:8210/arabic_live";
-      station = "Radio Arabica";
-      logo = "https://radioarabica.de/wp-content/uploads/2020/09/LOGO_klein-1.png";
+      stream = "https://arabica.streamabc.net/76-radioorient-mp3-256-1050481";
+      station = "Radio Orient";
       tags = [tags.berlin tags.arabic];
     }
     {
@@ -1966,6 +1970,15 @@ in
       station = "radioeins | RBB";
       tags = [tags.top40 tags.pop];
     }
+    {
+      stream = "https://liveradio.swr.de/sw282p3/swr4lu/";
+      station = "SWR3 Ludwigshafen";
+      tags = [tags.top40 tags.pop];
+    }
+    {
+      stream = "http://mp3.ffh.de/radioffh/hqlivestream.mp3";
+      station = "Hitradio FFH";
+    }
   ]
   ++ map (name: {
     stream = "https://${name}.stream.publicradio.org/${name}.aac";

lib/vim/init.lua

@@ -113,6 +113,7 @@ local language_servers = {
   html = {}, -- vscode-langservers-extracted
   jsonls = {}, -- vscode-langservers-extracted
   nil_ls = {}, -- github:oxalica/nil
+  dhall_lsp_server = {}, -- dhall-lsp-server
   -- rnix = {}, -- rnix-lsp
   jqls = {}, -- jq-lsp
   rust_analyzer = { ["rust-analyzer"] = {} },

lib/vim/init.vim

@@ -100,7 +100,8 @@ augroup filetypes
   autocmd bufnewfile,bufread *.typ packadd typst.vim | set filetype=typst
   autocmd bufnewfile,bufread *.ics packadd icalendar.vim | set filetype=icalendar
   autocmd bufnewfile,bufread *.ts packadd typescript-vim | set filetype=typescript
-  autocmd bufnewfile,bufread *.jq packadd jq.vim
+  autocmd bufnewfile,bufread *.dhall packadd dhall-vim | set filetype=dhall
+  autocmd bufnewfile,bufread *.jq packadd jq.vim | set filetype=jq
   autocmd bufnewfile,bufread *.journal packadd vim-ledger | set filetype=ledger shiftwidth=4
   autocmd bufnewfile,bufread urls,config set filetype=conf
   autocmd bufnewfile,bufread *.elm packadd elm-vim | set filetype=elm shiftwidth=4

packages/emailmenu.nix

@@ -0,0 +1,18 @@
+{
+  writers,
+  lib,
+  coreutils,
+  dmenu,
+  gawk,
+  libnotify,
+  xclip,
+  khard,
+}:
+writers.writeDashBin "emailmenu" ''
+  history_file=$HOME/.cache/emailmenu
+  PATH=${lib.makeBinPath [coreutils dmenu gawk libnotify xclip]}
+  chosen=$(${khard}/bin/khard email --parsable | awk '!seen[$0]++' | dmenu -i -p 📧 -1 -l 10 | tee --append "$history_file" | cut -f1)
+  [ "$chosen" != "" ] || exit
+  echo "$chosen" | tr -d '\n' | xclip -selection clipboard
+  notify-send --app-name="$(basename "$0")" "'$chosen' copied to clipboard." &
+''

packages/jq-lsp.nix

@@ -0,0 +1,16 @@
+{
+  buildGoModule,
+  fetchFromGitHub,
+  lib,
+}:
+buildGoModule {
+  name = "jq-lsp";
+  version = "unstable-2023-09-08";
+  src = fetchFromGitHub {
+    owner = "wader";
+    repo = "jq-lsp";
+    rev = "85edf1adbe5e6c91b37c67b6a4bf85eda1e49f2f";
+    hash = "sha256-ItLKRSbGZ8UqFEHCoh96KwhSpuKZ3l+2ZXnBkHEZL0M=";
+  };
+  vendorHash = "sha256-ppQ81uERHBgOr/bm/CoDSWcK+IqHwvcL6RFi0DgoLuw=";
+}

packages/mpv-iptv.nix

@@ -0,0 +1,16 @@
+{
+  mpv,
+  writers,
+}:
+writers.writeDashBin "iptv" ''
+  set -efu
+  ${mpv}/bin/mpv \
+    --audio-display=no --audio-channels=stereo \
+    --audio-samplerate=48000 --audio-format=s16 \
+    --ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
+    --audio-delay=-1 \
+    --playlist=https://iptv-org.github.io/iptv/index.nsfw.m3u \
+    --idle=yes \
+    --input-ipc-server=/tmp/mpv.ipc \
+    "$@"
+''

packages/stardict-tools.nix

@@ -0,0 +1,48 @@
+{
+  stdenv,
+  autoreconfHook,
+  pkg-config,
+  which,
+  libtool,
+  glib,
+  zlib,
+  gtk3,
+  libmysqlclient,
+  pcre,
+  libxml2,
+  gnused,
+  fetchFromGitHub,
+}:
+stdenv.mkDerivation {
+  name = "stardict-tools";
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+    which
+    libtool
+  ];
+  buildInputs = [glib zlib gtk3 libmysqlclient pcre libxml2];
+  buildPhase = "make";
+  configureFlags = ["--disable-dict"];
+  env.NIX_CFLAGS_COMPILE = toString [
+    "-Wno-error=format-security"
+  ];
+  patchPhase = ''
+    ${gnused}/bin/sed -i s/noinst_PROGRAMS/bin_PROGRAMS/ tools/src/Makefile.am
+  '';
+  installFlags = ["INSTALL_PREFIX=$(out)"];
+  autoreconfPhase = ''
+    patchShebangs ./autogen.sh
+    ./autogen.sh
+  '';
+  installPhase = ''
+    mkdir $out
+    make install
+  '';
+  src = fetchFromGitHub {
+    owner = "huzheng001";
+    repo = "stardict-3";
+    rev = "96b96d89eab5f0ad9246c2569a807d6d7982aa84";
+    hash = "sha256-zmqp2maKv2JZ5fwMVE7gIOg0BKdEKZ4UvTLC0suuBRw=";
+  };
+}

packages/unicodmenu.nix

@@ -11,7 +11,20 @@
   xclip,
   xdotool,
   gawk,
+  fetchFromGitHub,
 }: let
+  emoji-flags = builtins.fromJSON (builtins.readFile "${fetchFromGitHub {
+    owner = "matiassingers";
+    repo = "emoji-flags";
+    rev = "93ae74505d09bb55a3eb3a511f1dfc0dd60a5347";
+    sha256 = "10j73sx6jb250v37bz2p7w8big0v8da3r6kpqz9xcl667gl8svwx";
+  }}/data.json");
+  emoji-flags-file = writeText "emoji-flags.txt" (lib.strings.concatMapStringsSep "\n" ({
+    emoji,
+    title,
+    ...
+  }: "${emoji}    ${title}")
+  emoji-flags);
   unicode-file = runCommand "unicode.txt" {} ''
     ${
       writers.writePython3 "generate.py" {flakeIgnore = ["E501" "E722"];} ''
@@ -80,7 +93,7 @@ in
 
     all_characters() {
       tac "$history_file"
-      cat ${kaomoji-file} ${unicode-file}
+      cat ${kaomoji-file} ${unicode-file} ${emoji-flags-file}
     }
 
     chosen=$(all_characters | awk '!seen[$0]++' | dmenu -p unicode -i -l 10 | tee --append "$history_file" | sed "s/    .*//")

packages/vim.nix

@@ -55,6 +55,7 @@
       ];
       opt = [
         csv
+        dhall-vim
         elm-vim
         emmet-vim
         haskell-vim

secrets.txt

@@ -1,6 +1,7 @@
 secrets/alertmanager-token-reporters.age
 secrets/blackboard-calendar-ics.age
 secrets/cifs-credentials-hu-berlin.age
+secrets/cifs-credentials-zodiac.age
 secrets/di-fm-key.age
 secrets/email-password-cock.age
 secrets/email-password-dslalewa.age
@@ -34,6 +35,7 @@ secrets/manakish-syncthing-cert.age
 secrets/manakish-syncthing-key.age
 secrets/maxmind-license-key.age
 secrets/mega-password.age
+secrets/miniflux-api-token.age
 secrets/miniflux-credentials.age
 secrets/nextcloud-password-admin.age
 secrets/nextcloud-password-database.age
@@ -56,6 +58,7 @@ secrets/telegram-token-menstruation.age
 secrets/telegram-token-nachtischsatan.age
 secrets/telegram-token-proverb.age
 secrets/telegram-token-reverse.age
+secrets/telegram-token-streaming-link.age
 secrets/weechat-sec.conf.age
 secrets/zaatar-moodle-dl-basicAuth.age
 secrets/zaatar-moodle-dl-tokens.json.age

systems/ful/configuration.nix

@@ -1,5 +1,4 @@
 {
-  lib,
   config,
   pkgs,
   ...
@@ -11,7 +10,7 @@ in {
     ./matomo.nix
     ./radio.nix
     ./panoptikon.nix
-    ./ledger.nix
+    ./hledger.nix
     ../../configs/monitoring.nix
     ../../configs/tor.nix
     ../../configs/save-space.nix
@@ -19,6 +18,7 @@ in {
     ../../configs/retiolum.nix
     ../../configs/sshd.nix
     ../../configs/nix.nix
+    ../../configs/admin-essentials.nix
   ];
 
   niveum.passport = {
@@ -89,7 +89,7 @@ in {
     defaults.email = kieran.email;
   };
 
-  users.users.root.passwordFile = config.age.secrets.root.path;
+  users.users.root.hashedPasswordFile = config.age.secrets.root.path;
 
   environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];
 

systems/ful/hledger.nix

@@ -25,13 +25,13 @@
     script = ''
       ${pkgs.git}/bin/git config user.name "hledger-web"
       ${pkgs.git}/bin/git config user.email "hledger-web@${config.networking.hostName}"
-      ${pkgs.git}/bin/git commit -am $(date -Ih)
+      ${pkgs.git}/bin/git commit -am $(date -Ih) || :
       ${pkgs.git}/bin/git pull --rebase
       ${pkgs.git}/bin/git push
     '';
     serviceConfig = {
-      User = "hledger";
-      Group = "hledger";
+      User = "root";
+      Group = "root";
       WorkingDirectory = config.services.hledger-web.stateDir;
     };
   };

systems/ful/panoptikon.nix

@@ -50,6 +50,10 @@ in {
         script = panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
         reporters = [irc-kmein];
       };
+      humboldt-preis = {
+        script = panoptikon.urlSelector "#content-core" "https://www.hu-berlin.de/de/ueberblick/menschen/ehrungen/humboldtpreis";
+        reporters = [irc-kmein];
+      };
       lisalittmann = {
         script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
         reporters = [irc-kmein];
@@ -94,6 +98,14 @@ in {
         script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
         reporters = [irc-kmein];
       };
+      fu-distant = {
+        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/en/e/ma-distant/Termine/index.html";
+        reporters = [irc-kmein];
+      };
+      fu-aegyptologie = {
+        script = panoptikon.urlSelector "#current_events" "https://www.geschkult.fu-berlin.de/e/aegyptologie/termine/index.html";
+        reporters = [irc-kmein];
+      };
     };
   };
 }

systems/ful/radio.nix

@@ -126,6 +126,8 @@ in {
 
   systemd.services.radio.environment.TMPDIR = liquidsoapDirectory;
 
+  environment.systemPackages = [refresh-qasaid];
+
   systemd.tmpfiles.rules = [
     (tmpfilesConfig {
       type = "d";

systems/makanek/configuration.nix

@@ -16,7 +16,7 @@ in {
     ./names.nix
     ./nextcloud.nix
     ./radio-news.nix
-    ./onlyoffice.nix
+    # ./onlyoffice.nix
     ./retiolum-map.nix
     ./tarot.nix
     ./tt-rss.nix
@@ -29,6 +29,7 @@ in {
     ../../configs/spacetime.nix
     ../../configs/sshd.nix
     ../../configs/telegram-bots
+    ../../configs/admin-essentials.nix
   ];
 
   services.restic.backups.niveum = {

systems/makanek/moinbot.nix

@@ -7,7 +7,8 @@
     startAt = "7:00";
     script = ''
       greeting=$(echo "moin
-      MOIN" | shuf -n1)
+      MOIN
+      moin: gib" | shuf -n1)
       echo "$greeting" | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
         --nick "$greeting""bot" \
         --server irc.hackint.org \

systems/makanek/monitoring/default.nix

@@ -263,6 +263,9 @@ in {
     }
   ];
 
+  # otherwise bearer_token_file will fail
+  services.prometheus.checkConfig = "syntax-only";
+
   services.prometheus.scrapeConfigs = [
     {
       job_name = "makanek";

systems/makanek/nextcloud.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   config,
-  lib,
   ...
 }: let
   storageBoxMountPoint = "/mnt/storagebox";
@@ -48,10 +47,9 @@ in {
 
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud26;
+    package = pkgs.nextcloud27;
 
     https = true;
-    enableBrokenCiphersForSSE = false;
 
     autoUpdateApps = {
       enable = true;
@@ -104,9 +102,11 @@ in {
     ensureUsers = [
       {
         name = "nextcloud";
-        ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES";
+        ensureDBOwnership = true;
+        # ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES";
       }
     ];
+    package = pkgs.postgresql_14;
   };
 
   services.nginx.virtualHosts."cloud.kmein.de" = {

systems/makanek/onlyoffice.nix

@@ -1,8 +1,4 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
+{config, ...}: {
   services.onlyoffice = {
     enable = true;
     port = 8111;

systems/makanek/weechat.nix

@@ -154,7 +154,7 @@ in {
             };
             bots = {
               buffer = "irc.retiolum.*";
-              tags = ["nick_gitlab"];
+              tags = ["nick_gitlab" "nick_prometheus"];
               regex = "*";
             };
             people = {

systems/manakish/configuration.nix

@@ -12,6 +12,7 @@ in {
     ../../configs/default.nix
     ../../configs/battery.nix
     ../../configs/wpa_supplicant.nix
+    ../../configs/admin-essentials.nix
   ];
 
   age.secrets = {

systems/tabula/configuration.nix

@@ -11,6 +11,7 @@ in {
     ../../configs/retiolum.nix
     ../../configs/sshd.nix
     ../../configs/nix.nix
+    ../../configs/admin-essentials.nix
   ];
 
   age.secrets = {

systems/tahina/configuration.nix

@@ -11,6 +11,7 @@ in {
     ../../configs/sshd.nix
     ../../configs/retiolum.nix
     ../../configs/nix.nix
+    ../../configs/admin-essentials.nix
   ];
 
   age.secrets = {

systems/zaatar/configuration.nix

@@ -12,13 +12,12 @@ in {
     ./gaslight.nix
     ./kiosk.nix
     ./hardware-configuration.nix
-    ./moodle-dl-meinhark.nix
-    ./pulseaudio.nix
     ./home-assistant.nix
     ./mpd.nix
     ./grocy.nix
     ./spotifyd.nix
     ../../configs/keyboard.nix
+    ../../configs/sound.nix
     ../../configs/monitoring.nix
     ../../configs/retiolum.nix
     ../../configs/printing.nix
@@ -27,8 +26,11 @@ in {
     ../../configs/tmux.nix
     ../../configs/wpa_supplicant.nix
     ../../configs/nix.nix
+    ../../configs/admin-essentials.nix
   ];
 
+  services.pipewire.systemWide = true;
+
   age.secrets = {
     retiolum-rsa = {
       file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;

systems/zaatar/kiosk.nix

@@ -7,7 +7,7 @@
   users.extraUsers.kiosk = {
     isNormalUser = true;
     password = "";
-    extraGroups = ["audio"];
+    extraGroups = ["audio" "pipewire"];
   };
   # TODO https://github.com/cage-kiosk/cage/issues/138
   services.cage = {

systems/zaatar/mpd.nix

@@ -24,16 +24,20 @@ in {
     dataDir = "${mpd-directory}/.config/syncthing";
     cert = config.age.secrets.syncthing-cert.path;
     key = config.age.secrets.syncthing-key.path;
-    devices = {
-      inherit ((import ../../lib).syncthing.devices) kabsa manakish heym;
-    };
-    folders."${config.services.mpd.musicDirectory}/sync" = {
-      devices = ["heym" "kabsa" "manakish"];
-      id = "music";
-      type = "receiveonly";
+    settings = {
+      devices = {
+        inherit ((import ../../lib).syncthing.devices) kabsa manakish heym;
+      };
+      folders."${config.services.mpd.musicDirectory}/sync" = {
+        devices = ["heym" "kabsa" "manakish"];
+        id = "music";
+        type = "receiveonly";
+      };
     };
   };
 
+  users.users.${config.services.mpd.user}.extraGroups = ["pipewire" "audio"];
+
   services.mpd = {
     enable = true;
     network.listenAddress = "0.0.0.0";
@@ -42,7 +46,7 @@ in {
       auto_update "yes"
 
       audio_output {
-        type "pulse"
+        type "pipewire"
         name "zaatar single room audio system"
       }
     '';

systems/zaatar/pulseaudio.nix

@@ -1,17 +0,0 @@
-{pkgs, ...}: {
-  sound.enable = true;
-
-  environment.systemPackages = [pkgs.ncpamixer];
-
-  hardware.pulseaudio = {
-    package = pkgs.pulseaudioFull;
-    enable = true;
-    systemWide = true;
-    tcp = {
-      enable = true;
-      anonymousClients.allowedIpRanges = ["127.0.0.1" "10.243.2.0/24" "192.168.0.0/16"];
-    };
-    zeroconf.publish.enable = true;
-  };
-  networking.firewall.allowedTCPPorts = [4713];
-}

systems/zaatar/spotifyd.nix

@@ -3,7 +3,10 @@
     # mpris is a dbus service for controlling all music players with e.g. playerctl
     # I do not need this, because I only interact with the service via Spotify Connect
     # otherẃise it will pull in DBus which fails without X11
-    spotifyd = pkgs.spotifyd.overrideAttrs {withMPris = false;};
+    spotifyd = pkgs.spotifyd.overrideAttrs {
+      withMpris = false;
+      withKeyring = false;
+    };
   };
 
   services.spotifyd = {
@@ -12,8 +15,8 @@
       global = {
         username_cmd = "cat $CREDENTIALS_DIRECTORY/username";
         password_cmd = "cat $CREDENTIALS_DIRECTORY/password";
-        backend = "pulseaudio";
         bitrate = 320;
+        use_mpris = false;
         device_type = "s_t_b"; # set-top box
         device_name = config.networking.hostName;
       };
@@ -27,6 +30,8 @@
     ];
   };
 
+  networking.firewall.allowedTCPPorts = [4713];
+
   age.secrets = {
     spotify-username.file = ../../secrets/spotify-username.age;
     spotify-password.file = ../../secrets/spotify-password.age;