port to flakes

.envrc

@@ -1 +1 @@
-use nix
+use flake

.github/workflows/nix-flake-check.yml

@@ -0,0 +1,15 @@
+name: "nix flake check"
+on:
+  pull_request:
+  push:
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: cachix/install-nix-action@v13
+        with:
+          install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - run: nix flake check

.github/workflows/nix-flake-update.yml

@@ -0,0 +1,38 @@
+name: "Update flakes"
+on:
+  repository_dispatch:
+  workflow_dispatch:
+  schedule:
+    - cron:  '10 4 * * 0'
+jobs:
+  createPullRequest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: cachix/install-nix-action@v13
+        with:
+          install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - name: Make changes to pull request
+        run: nix flake update
+      - name: Create Pull Request
+        id: cpr
+        uses: peter-evans/create-pull-request@v3
+        with:
+          commit-message: Update flakes
+          committer: GitHub <noreply@github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          signoff: false
+          branch: flake-updates
+          delete-branch: true
+          title: 'Update flakes'
+          body: |
+            Update report
+            - Updated with *today's* date
+            - Auto-generated by [create-pull-request][1]
+            [1]: https://github.com/peter-evans/create-pull-request
+      - name: Check outputs
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"

default.nix

@@ -1,27 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-with pkgs;
-let
-  myPythonPackages = import ./pkgs/python-pkgs;
-  myPython3Packages = myPythonPackages { callPackage = python3Packages.callPackage; };
-in
-rec {
-  lib = import ./lib { inherit pkgs; };
-  modules = import ./modules;
-  hmModules = import ./modules/home;
-  overlays = import ./overlays;
-
-  profiles = import ./modules/profiles;
-
-  hosts = import ./hosts;
-
-  pythonPackages = myPythonPackages;
-
-  keys = callPackage ./pkgs/keys { };
-  homePage = callPackage ./pkgs/homePage { };
-  deploy = callPackage ./pkgs/deploy.nix { };
-
-  recipemd = python3Packages.toPythonApplication myPython3Packages.recipemd;
-
-  scripts = callPackage ./pkgs/scripts.nix { };
-}

flake.lock

@@ -0,0 +1,92 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1623875721,
+        "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1624806645,
+        "narHash": "sha256-f/UWLS34FUlsmL1YhOcpmGhdG808206qiz1MGJd3K1c=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2aeaf65e8f9219c1acdb47bcf278983b3170a344",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1624713701,
+        "narHash": "sha256-miYoO9/M+ZYlNPknRF9VYh6bQEQCPPz6lM0Pb60jbPk=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "03c60a2db286bcd8ecfac9a8739c50626ca0fd8e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1624447853,
+        "narHash": "sha256-Zn+vTEa3NE9q6z6ytpcNXrr8jV7HvrKRxMYoD2E6DpE=",
+        "path": "/nix/store/1iblaav6dxrc5b39b3gbdnbl47sfjxrq-source",
+        "rev": "1905f5f2e55e0db0bb6244cfe62cb6c0dbda391d",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1624626397,
+        "narHash": "sha256-+h0ulo5//RqStx6g6MDqD9MzgmBfeZ1VYxwEaSmw/Zs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e1f8852faac7638e88d5e8a5b9ee2a7568685e3f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,12 @@
+{
+  description = "dadada's nix flake";
+
+  inputs = {
+    flake-utils.url = github:numtide/flake-utils;
+    nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
+    home-manager.url = github:nix-community/home-manager;
+    nixos-hardware.url = github:NixOS/nixos-hardware/master;
+  };
+
+  outputs = { ... } @ args: import ./outputs.nix args;
+}

home/configurations.nix

@@ -0,0 +1,42 @@
+{ self
+, nixpkgs
+, home-manager
+}:
+let
+  hmConfiguration =
+    { homeDirectory ? "/home/dadada"
+    , extraModules ? [ ]
+    , overlays ? [ ]
+    , system ? "x86_64-linux"
+    , username ? "dadada"
+    , stateVersion
+    }:
+    (home-manager.lib.homeManagerConfiguration {
+      configuration = { ... }: {
+        imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules;
+        nixpkgs = {
+          config = import ./nixpkgs-config.nix {
+            pkgs = nixpkgs;
+          };
+          overlays = overlays;
+        };
+      };
+      inherit system homeDirectory username stateVersion;
+    });
+in
+{
+  home = hmConfiguration {
+    extraModules = [ ./home ];
+    overlays = with self.overlays; [
+      scripts
+    ];
+    stateVersion = "20.09";
+  };
+
+  work = hmConfiguration rec {
+    extraModules = [ ./work ];
+    homeDirectory = "/home/${username}";
+    username = "tim.schubert";
+    stateVersion = "20.09";
+  };
+}

home/home/default.nix

@@ -1,6 +1,5 @@
 { config, pkgs, lib, ... }:
 let
-  this = import ../../.. { inherit pkgs; };
   useFeatures = [
     "alacritty"
     "vim"
@@ -9,7 +8,6 @@ let
     "gpg"
     "gtk"
     "keyring"
-    "ssh"
     "sway"
     "syncthing"
     "tmux"
@@ -18,13 +16,16 @@ let
   ];
 in
 {
-  nixpkgs.overlays = [
-    this.overlays.dadadaScripts
-    this.overlays.python3Packages
-    this.overlays.recipemd
-  ];
+  programs.git = {
+    signing = {
+      key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA";
+      signByDefault = true;
+    };
+    userEmail = "dadada@dadada.li";
+    userName = "dadada";
+  };
 
-  imports = lib.attrValues this.hmModules;
+  programs.gpg.settings.default-key = "99658A3EB5CD7C13";
 
   dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // {
     session = {
@@ -59,5 +60,5 @@ in
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
 
-  home.packages = import ./pkgs.nix { inherit pkgs; };
+  home.packages = import ./pkgs.nix { pkgs = pkgs; };
 }

home/home/pkgs.nix

@@ -1,5 +1,6 @@
 { pkgs }:
 with pkgs; [
+  ag
   anki
   aspell
   aspellDicts.de
@@ -51,6 +52,7 @@ with pkgs; [
   mpv
   mumble
   ncurses
+  newsflash
   nfs-utils
   niv
   nmap
@@ -65,7 +67,6 @@ with pkgs; [
   python3
   python38Packages.dateutil
   python38Packages.managesieve
-  recipemd
   ripgrep
   rustup
   signal-desktop

home/modules/direnv.nix

@@ -11,7 +11,6 @@ in
     programs.direnv = {
       enable = true;
       enableZshIntegration = true;
-      enableNixDirenvIntegration = true;
     };
   };
 }

home/modules/sway/default.nix

@@ -22,7 +22,6 @@ in
       swaylock
       brightnessctl
       playerctl
-      dadadaScripts
     ];
 
     wayland.windowManager.sway = {

home/nixpkgs-config.nix

@@ -0,0 +1,7 @@
+{ pkgs }:
+{
+  allowUnfree = true;
+  allowBroken = false;
+  android_sdk.accept_license = true;
+  pulseaudio = true;
+}

home/work/default.nix

@@ -1,10 +1,5 @@
 { config, pkgs, lib, ... }:
-let
-  this = import ../../.. { inherit pkgs; };
-in
 {
-  imports = lib.attrValues this.hmModules;
-
   dadada.home = {
     vim.enable = true;
     direnv.enable = true;

home/work/pkgs.nix

@@ -6,7 +6,6 @@ with pkgs; [
   element-desktop
   evince
   file
-  firefox-bin
   fzf
   git-lfs
   gitAndTools.hub

hosts/default.nix

@@ -1,6 +0,0 @@
-{
-  ifrit = ./ifrit;
-  gorgon = ./gorgon;
-  surgat = ./surgat;
-  pruflas = ./pruflas;
-}

modules/default.nix

@@ -1,15 +0,0 @@
-{
-  admin = ./admin.nix;
-  backup = ./backup.nix;
-  homePage = ./homepage.nix;
-  element = ./element.nix;
-  fido2 = ./fido2.nix;
-  fileShare = ./fileShare.nix;
-  gitea = ./gitea.nix;
-  networking = ./networking.nix;
-  share = ./share.nix;
-  steam = ./steam.nix;
-  autoUpgrade = ./update.nix;
-  vpnServer = ./vpnServer.nix;
-  weechat = ./weechat.nix;
-}

modules/module-list.nix

@@ -1,15 +0,0 @@
-[
-  ./admin.nix
-  ./backup.nix
-  ./element.nix
-  ./fido2.nix
-  ./fileShare.nix
-  ./gitea.nix
-  ./homepage.nix
-  ./networking.nix
-  ./share.nix
-  ./steam.nix
-  ./update.nix
-  ./vpnServer.nix
-  ./weechat.nix
-]

modules/profiles/default.nix

@@ -1,4 +0,0 @@
-{
-  base = ./base;
-  laptop = ./laptop;
-}

modules/profiles/laptop/default.nix

@@ -1,45 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-{
-  #nixpkgs.overlays = attrValues (import ../../../overlays);
-
-  # conflicts with power-management
-  services.tlp.enable = false;
-
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  networking.domain = mkDefault "dadada.li";
-
-  dadada = {
-    networking = {
-      useLocalResolver = mkDefault true;
-    };
-    autoUpgrade.enable = true;
-  };
-
-  services.fwupd.enable = true;
-
-  fonts.fonts = mkDefault (with pkgs; [
-    source-code-pro
-  ]);
-
-  time.timeZone = mkDefault "Europe/Berlin";
-
-  i18n.defaultLocale = mkDefault "en_US.UTF-8";
-
-  console.keyMap = mkDefault "us";
-
-  users.mutableUsers = true;
-
-  programs.zsh = mkDefault {
-    enable = true;
-    autosuggestions.enable = true;
-    enableCompletion = true;
-    histSize = 100000;
-    vteIntegration = true;
-    syntaxHighlighting = {
-      enable = true;
-      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
-    };
-  };
-}

nixos/configurations.nix

@@ -0,0 +1,69 @@
+{ self
+, nixpkgs
+, nixosSystem
+, home-manager
+, nixos-hardware
+}:
+let adapterModule = {
+  imports = [ ./modules ];
+  nix.nixPath = [
+    "home-manager=${home-manager}"
+    "nixpkgs=${nixpkgs}"
+    "dadada=${self}"
+  ];
+  nix.registry = {
+    home-manager.flake = home-manager;
+    nixpkgs.flake = nixpkgs;
+    dadada.flake = self;
+  };
+  nix.binaryCachePublicKeys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
+  ];
+  nix.requireSignedBinaryCaches = true;
+  nix.useSandbox = true;
+  nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays);
+};
+in
+{
+  gorgon = nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      adapterModule
+      nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
+      #home-manager.nixosModules.home-manager
+      #{
+      #  home-manager.useGlobalPkgs = true;
+      #  home-manager.useUserPackages = true;
+      #  home-manager.users.dadada = self.hmConfigurations.home;
+      #}
+      ./modules/profiles/laptop.nix
+      ./gorgon/configuration.nix
+    ];
+  };
+  ifrit = nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      adapterModule
+      ./modules/profiles/server.nix
+      ./ifrit/configuration.nix
+    ];
+  };
+
+  surgat = nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      adapterModule
+      ./modules/profiles/server.nix
+      ./surgat/configuration.nix
+    ];
+  };
+  pruflas = nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      adapterModule
+      ./modules/profiles/server.nix
+      ./pruflas/configuration.nix
+    ];
+  };
+}

nixos/gorgon/configuration.nix

@@ -1,35 +1,38 @@
 { config, pkgs, lib, ... }:
 let
-  this = import ../.. { inherit pkgs; };
-  nixos-hardware = builtins.fetchTarball {
-    url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz";
-    sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36";
-  };
+  signHook = pkgs.writeShellScript "/etc/nix/sign-cache.sh"
+    ''
+      set -eu
+      set -f # disable globbing
+      export IFS=' '
+
+      echo "Signing paths" $OUT_PATHS
+      nix store sign --key-file /etc/nix/key.private $OUT_PATHS
+    '';
 in
 {
-  imports = (lib.attrValues this.modules) ++ [
-    ../../modules/profiles/laptop
-    "${nixos-hardware}/lenovo/thinkpad/t14s"
+  imports = [
+    ./hardware-configuration.nix
   ];
 
   nix.package = pkgs.nixUnstable;
   nix.extraOptions = ''
     experimental-features = nix-command flakes
+    post-build-hook = ${signHook}
   '';
 
+  # conflicts with power-management
+  services.tlp.enable = false;
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
   boot.kernelModules = [ "kvm-amd" ];
 
-  virtualisation = {
-    libvirtd.enable = true;
-    docker.enable = true;
-  };
-
-  virtualisation.docker.extraOptions = "--bip=192.168.1.5/24";
-
   networking.hostName = "gorgon";
 
   dadada = {
-    admin.enable = false;
+    autoUpgrade.enable = false;
+    headphones.enable = true;
     steam.enable = true;
     #fido2 = {
     #  credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000";
@@ -38,6 +41,7 @@ in
     luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
     networking = {
       enableBsShare = true;
+      useLocalResolver = true;
       vpnExtension = "3";
     };
     backupClient = {
@@ -51,14 +55,8 @@ in
     "vm.swappiness" = 90;
   };
 
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
   programs.adb.enable = true;
 
-  services.fstrim.enable = true;
-
   # Enable CUPS to print documents.
   services.printing = {
     enable = true;
@@ -71,23 +69,17 @@ in
     ];
   };
 
-  environment.systemPackages = [ pkgs.ghostscript ];
-
-  hardware = {
-    bluetooth.enable = true;
-    pulseaudio = {
-      enable = true;
-      extraModules = [ pkgs.pulseaudio-modules-bt ];
-      extraConfig = ''
-        set-source-volume 1 10000
-      '';
-      package = pkgs.pulseaudioFull;
+  services.miniflux = {
+    enable = true;
+    config = {
+      CLEANUP_FREQUENCY = "48";
+      LISTEN_ADDR = "localhost:8080";
     };
+    adminCredentialsFile = "/var/lib/miniflux/admin-credentials";
   };
 
-  services.avahi.enable = false;
+  environment.systemPackages = [ pkgs.ghostscript ];
 
-  networking.networkmanager.enable = true;
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [
@@ -98,25 +90,6 @@ in
     ];
   };
 
-  services.xserver.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-
-  programs.sway = {
-    enable = true;
-    wrapperFeatures.gtk = true; # so that gtk works properly
-    extraPackages = with pkgs; [
-      swaylock
-      swayidle
-      wl-clipboard
-      mako # notification daemon
-      alacritty # Alacritty is the default terminal in the config
-      dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native
-    ];
-  };
-
-  xdg.mime.enable = true;
-
   users.users = {
     dadada = {
       isNormalUser = true;

nixos/gorgon/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5B90-D460";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0";
+      fsType = "ext4";
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 16;
+}

nixos/ifrit/configuration.nix

@@ -10,7 +10,7 @@ let
 in
 {
   imports = [
-    ../../modules/profiles/base
+    ./hardware-configuration.nix
   ];
 
   dadada = {

nixos/ifrit/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix" )
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 2;
+}

nixos/modules/admin.nix

@@ -5,24 +5,26 @@ let
   cfg = config.dadada.admin;
 in
 {
-  options.dadada.admin = {
-    enable = mkEnableOption "Enable admin access";
+  options = {
+    dadada.admin = {
+      enable = mkEnableOption "Enable admin access";
 
-    users = mkOption {
-      type = with types; attrsOf (listOf path);
-      default = [ ];
-      description = ''
-        List of admin users with root access to all the machine.
-      '';
-      example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]";
-    };
+      users = mkOption {
+        type = with types; attrsOf (listOf path);
+        default = [ ];
+        description = ''
+          List of admin users with root access to all the machine.
+        '';
+        example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]";
+      };
 
-    rat = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Enable NAT and firewall traversal for SSH via tor hidden service
-      '';
+      rat = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable NAT and firewall traversal for SSH via tor hidden service
+        '';
+      };
     };
   };
 
@@ -49,7 +51,7 @@ in
       tmux
     ];
 
-    services.tor.hiddenServices = {
+    services.tor.relay.onionServices = {
       "rat" = mkIf cfg.rat.enable {
         name = "rat";
         map = [{ port = 22; }];

nixos/modules/backup.nix

@@ -21,12 +21,14 @@ let
   ];
   cfg = config.dadada.backupClient;
 in
-{
-  options.dadada.backupClient = {
-    enable = mkEnableOption "Enable backup client";
-    gs = mkEnableOption "Enable backup to GS location";
-    bs = mkEnableOption "Enable backup to BS location";
-  };
+  {
+    options = {
+      dadada.backupClient = {
+        enable = mkEnableOption "Enable backup client";
+        gs = mkEnableOption "Enable backup to GS location";
+        bs = mkEnableOption "Enable backup to BS location";
+      };
+    };
 
   config = mkIf cfg.enable {
 

nixos/modules/default.nix

@@ -0,0 +1,19 @@
+{ ... }:
+{
+  imports = [
+    ./admin.nix
+    ./backup.nix
+    ./element.nix
+    ./fido2.nix
+    ./fileShare.nix
+    ./gitea.nix
+    ./headphones.nix
+    ./homepage.nix
+    ./networking.nix
+    ./share.nix
+    ./steam.nix
+    ./update.nix
+    ./vpnServer.nix
+    ./weechat.nix
+  ];
+}

nixos/modules/fido2.nix

@@ -5,7 +5,6 @@ let
   fido2 = config.dadada.fido2;
 in
 {
-
   options = {
     dadada.luks = {
       uuid = mkOption {

nixos/modules/headphones.nix

@@ -0,0 +1,25 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  cfg = config.dadada.headphones;
+in
+{
+  options = {
+    dadada.headphones = {
+      enable = mkEnableOption "Enable bluetooth headphones with more audio codecs.";
+    };
+  };
+  config = mkIf cfg.enable {
+    hardware = {
+      bluetooth.enable = true;
+      pulseaudio = {
+        enable = true;
+        extraModules = [ pkgs.pulseaudio-modules-bt ];
+        extraConfig = ''
+          set-source-volume 1 10000
+        '';
+        package = pkgs.pulseaudioFull;
+      };
+    };
+  };
+}

nixos/modules/homepage.nix

@@ -12,7 +12,7 @@ with lib; {
     services.nginx.virtualHosts."dadada.li" = {
       enableACME = true;
       forceSSL = true;
-      root = /var/lib/www/dadada.li;
+      root = "/var/lib/www/dadada.li";
     };
   };
 }

nixos/modules/networking.nix

@@ -4,19 +4,21 @@ let
   cfg = config.dadada.networking;
 in
 {
-  options.dadada.networking = {
-    useLocalResolver = mkEnableOption "Enable local caching name server";
-    wanInterfaces = mkOption {
-      type = with types; listOf str;
-      description = "WAN network interfaces";
-      default = [ ];
+  options = {
+    dadada.networking = {
+      useLocalResolver = mkEnableOption "Enable local caching name server";
+      wanInterfaces = mkOption {
+        type = with types; listOf str;
+        description = "WAN network interfaces";
+        default = [ ];
+      };
+      vpnExtension = mkOption {
+        type = with types; nullOr str;
+        description = "Last part of VPN address";
+        default = null;
+      };
+      enableBsShare = mkEnableOption "Enable network share at BS location";
     };
-    vpnExtension = mkOption {
-      type = with types; nullOr str;
-      description = "Last part of VPN address";
-      default = null;
-    };
-    enableBsShare = mkEnableOption "Enable network share at BS location";
   };
 
   config = {
@@ -75,7 +77,7 @@ in
       partOf = [ "wg-reresolve-dns.service" ];
       timerConfig.OnCalendar = "hourly";
     };
-    systemd.services.wg-reresolve-dns =  mkIf (cfg.vpnExtension != null) {
+    systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
       serviceConfig.Type = "oneshot";
       script = ''
         ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:dead:beef::/48

nixos/modules/profiles/laptop.nix

@@ -0,0 +1,55 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  networking.domain = mkDefault "dadada.li";
+
+  services.fwupd.enable = mkDefault true;
+
+  fonts.fonts = mkDefault (with pkgs; [
+    source-code-pro
+  ]);
+
+  time.timeZone = mkDefault "Europe/Berlin";
+
+  i18n.defaultLocale = mkDefault "en_US.UTF-8";
+
+  console.keyMap = mkDefault "us";
+
+  users.mutableUsers = mkDefault true;
+
+  programs.zsh = mkDefault {
+    enable = true;
+    autosuggestions.enable = true;
+    enableCompletion = true;
+    histSize = 100000;
+    vteIntegration = true;
+    syntaxHighlighting = {
+      enable = true;
+      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+    };
+  };
+
+  virtualisation = {
+    libvirtd.enable = mkDefault true;
+    docker.enable = mkDefault true;
+  };
+
+  virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24";
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = mkDefault true;
+  boot.loader.efi.canTouchEfiVariables = mkDefault true;
+
+  services.fstrim.enable = mkDefault true;
+
+  services.avahi.enable = false;
+
+  networking.networkmanager.enable = mkDefault true;
+  networking.firewall.enable = mkDefault true;
+
+  services.xserver.enable = mkDefault true;
+  services.xserver.displayManager.gdm.enable = mkDefault true;
+  services.xserver.desktopManager.gnome.enable = mkDefault true;
+
+  xdg.mime.enable = mkDefault true;
+}

nixos/modules/profiles/server.nix

@@ -1,23 +1,13 @@
 { config, pkgs, lib, ... }:
 with lib;
 {
-
-  nix.binaryCachePublicKeys = [
-    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-    "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
-  ];
-
-  nixpkgs.overlays = attrValues (import ../../../overlays);
-
-  imports = import ../../module-list.nix;
-
   networking.domain = mkDefault "dadada.li";
 
   dadada.admin.users = {
-    "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
+    "dadada" = [ "${pkgs.keys}/dadada.pub" ];
   };
 
-  dadada.autoUpgrade.enable = mkDefault true;
+  dadada.autoUpgrade.enable = mkDefault false;
 
   environment.noXlibs = mkDefault true;
   documentation.enable = mkDefault false;
@@ -28,5 +18,4 @@ with lib;
     font = "Lat2-Terminus16";
     keyMap = "us";
   };
-
 }

nixos/modules/steam.nix

@@ -4,8 +4,10 @@ let
   cfg = config.dadada.steam;
 in
 {
-  options.dadada.steam = {
-    enable = mkEnableOption "Enable Steam config";
+  options = {
+    dadada.steam = {
+      enable = mkEnableOption "Enable Steam config";
+    };
   };
   config = mkIf cfg.enable {
     nixpkgs.config.allowUnfree = true;

nixos/modules/update.nix

@@ -11,7 +11,7 @@ in
 
   config = mkIf cfg.enable {
     nix = {
-      autoOptimiseStore = true;
+      autoOptimiseStore = false;
       useSandbox = true;
       gc = {
         automatic = true;

nixos/modules/zsh.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }:
+{
+  programs.zsh = {
+    enable = true;
+    autosuggestions.enable = true;
+    enableCompletion = true;
+    histSize = 100000;
+    vteIntegration = true;
+    syntaxHighlighting = {
+      enable = true;
+      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+    };
+  };
+}

nixos/pruflas/configuration.nix

@@ -2,28 +2,9 @@
 with lib;
 let
   hostName = "pruflas";
-  this = import ../.. { inherit pkgs; };
-  logo = builtins.fetchurl {
-    sha256 = "1c8y19a3yz4g9dl7hbx7aq4y92jfxl4nrsparzyzwn0wcm9jan27";
-    url = "https://openmoji.org/php/download_from_github.php?emoji_hexcode=1F431-200D-1F4BB&emoji_variant=color";
-    name = "open-moji-hack-cat";
-  };
 in
 {
-  nix.binaryCachePublicKeys = [
-    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-    "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
-  ];
-
-
-  imports = [ this.profiles.base ];
-
-  nix = {
-    package = pkgs.nixFlakes;
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
+  imports = [ ./hardware-configuration.nix ];
 
   networking.hostName = hostName;
   networking.hosts = {
@@ -41,7 +22,6 @@ in
     useSubstitutes = true;
     listenHost = "hydra.dadada.li";
     port = 3000;
-    logo = logo;
   };
 
   nix.buildMachines = [
@@ -63,12 +43,7 @@ in
     '';
   };
 
-  dadada.admin = {
-    enable = true;
-    users = {
-      "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
-    };
-  };
+  dadada.admin.enable = true;
 
   dadada.networking.vpnExtension = "5";
   dadada.backupClient = {

nixos/pruflas/hardware-configuration.nix

@@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78";
+      fsType = "ext4";
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0494-CB52";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

nixos/surgat/configuration.nix

@@ -1,10 +1,11 @@
 { config, pkgs, lib, ... }:
 let
   hostName = "surgat";
-  this = import ../.. { inherit pkgs; };
 in
 {
-  imports = [ this.profiles.base ];
+  imports = [
+    ./hardware-configuration.nix
+  ];
 
   networking.hostName = hostName;
 
@@ -37,7 +38,7 @@ in
   dadada.admin = {
     enable = true;
     users = {
-      "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
+      "dadada" = [ "${pkgs.keys}/dadada.pub" ];
     };
   };
 

nixos/surgat/hardware-configuration.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3";
+      fsType = "ext2";
+    };
+
+  swapDevices = [ ];
+
+}

outputs.nix

@@ -0,0 +1,73 @@
+# Adapted from Mic92/dotfiles
+{ self
+, flake-utils
+, nixpkgs
+, home-manager
+, nixos-hardware
+, ...
+}:
+(flake-utils.lib.eachSystem ["x86_64-linux"] (system:
+  let
+    pkgs = nixpkgs.legacyPackages.${system};
+    selfPkgs = self.packages.${system};
+    pythonPackages = import ./pkgs/python-pkgs;
+    python3Packages = pythonPackages { callPackage = pkgs.python3Packages.callPackage; };
+    #lib = import ./lib;
+  in
+  {
+    apps.deploy = {
+      type = "app";
+      program = "${selfPkgs.deploy}/bin/deploy";
+    };
+    apps.hm-switch = {
+      type = "app";
+      program = toString (pkgs.writeScript "hm-switch" ''
+        #!${pkgs.runtimeShell}
+        set -eu -o pipefail -x
+        tmpdir=$(mktemp -d)
+        export PATH=${pkgs.lib.makeBinPath [ pkgs.coreutils pkgs.nixFlakes pkgs.jq ]}
+        trap "rm -rf $tmpdir" EXIT
+        declare -A profiles=(["gorgon"]="home" ["timsch-nb"]="work")
+        profile=''${profiles[$HOSTNAME]:-common}
+        flake=$(nix flake metadata --json ${./.} | jq -r .url)
+        nix build --show-trace --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@"
+        link=$(realpath $tmpdir/result)
+        $link/activate
+      '');
+    };
+    apps.recipemd = {
+      type = "app";
+      program = "${selfPkgs.recipemd}/bin/recipemd";
+    };
+    devShell = pkgs.callPackage ./shell.nix {
+      deploy = selfPkgs.deploy;
+    };
+    packages = flake-utils.lib.flattenTree {
+      deploy = pkgs.callPackage ./pkgs/deploy.nix { };
+      scripts = pkgs.callPackage ./pkgs/scripts.nix { };
+      keys = pkgs.callPackage ./pkgs/keys { };
+      homePage = pkgs.callPackage ./pkgs/homePage { };
+      recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd;
+    };
+  })) // {
+  hmConfigurations = import ./home/configurations.nix {
+    inherit self nixpkgs home-manager;
+  };
+  hmModules = import ./home/modules;
+  nixosConfigurations = import ./nixos/configurations.nix {
+    nixosSystem = nixpkgs.lib.nixosSystem;
+    inherit self nixpkgs home-manager nixos-hardware;
+  };
+  nixosModule = import ./nixos/modules;
+  overlays = import ./overlays;
+  pythonPackages = import ./pkgs/python-pkgs;
+
+  hydraJobs = (
+    nixpkgs.lib.mapAttrs'
+      (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel)
+      self.nixosConfigurations
+  ) // (nixpkgs.lib.mapAttrs'
+    (name: config: nixpkgs.lib.nameValuePair name config.activation-script)
+    self.hmConfigurations
+  );
+}

overlay.nix

@@ -1,18 +0,0 @@
-self: super:
-let
-  isReserved = n: builtins.elem n [
-    "lib"
-    "hosts"
-    "hmModules"
-    "modules"
-    "overlays"
-    "profiles"
-    "pythonPackages"
-  ];
-  nameValuePair = n: v: { name = n; value = v; };
-  attrs = import ./default.nix { pkgs = super; };
-in
-builtins.listToAttrs
-  (map (n: nameValuePair n attrs.${n})
-    (builtins.filter (n: !isReserved n)
-      (builtins.attrNames attrs)))

overlays/default.nix

@@ -1,16 +1,18 @@
-{
-  tubslatex = import ./tubslatex.nix;
-  dadadaKeys = self: super: {
-    dadadaKeys = super.callPackage ../pkgs/keys { };
-  };
-  homePage = self: super: {
-    homePage = super.callPackage ../pkgs/homePage { };
-  };
-  dadadaScripts = self: super: {
-    dadadaScripts = super.callPackage ../pkgs/scripts.nix { };
-  };
+let
   python3Packages = import ./python3-packages.nix;
-  recipemd = self: super: {
-    recipemd = super.python3Packages.toPythonApplication super.python3Packages.recipemd;
+in
+{
+  #tubslatex = import ./tubslatex.nix;
+  keys = final: prev: {
+    keys = prev.callPackage ../pkgs/keys { };
+  };
+  homePage = final: prev: {
+    homePage = prev.callPackage ../pkgs/homePage { };
+  };
+  scripts = final: prev: {
+    scipts = prev.callPackage ../pkgs/scripts.nix { };
+  };
+  recipemd = final: prev: {
+    recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd;
   };
 }

pkgs/deploy.nix

@@ -6,7 +6,7 @@
 }:
 stdenv.mkDerivation rec {
   name = "dadada-deploy";
-  version = "0.1";
+  version = "0.1.1";
 
   src = ../utils;
 
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "deploy scripts";
     license = licenses.publicDomain;
-    platforms = platforms.linux;
+    platforms = platforms.unix;
     maintainers = [ "dadada" ];
   };
 }

pkgs/homePage/default.nix

@@ -15,5 +15,5 @@ stdenv.mkDerivation rec {
     cp -r src/* $out/
   '';
   name = "dadada.li";
-  version = "0.1";
+  version = "0.2";
 }

pkgs/python-pkgs/recipemd/default.nix

@@ -1,6 +1,6 @@
 { lib
 , buildPythonPackage
-, fetchPypi
+, fetchFromGitHub
 , pytestCheckHook
 , pythonPackages
 , installShellFiles
@@ -14,10 +14,11 @@ buildPythonPackage rec {
 
   disabled = isPy36 || isPy27;
 
-  src = fetchPypi {
-    pname = pname;
-    version = version;
-    sha256 = "142w5zb2gf8s5z72bflpkmks633ic42z97nsgw491mskl6jg7cvq";
+  src = fetchFromGitHub {
+    owner = "tstehr";
+    repo = "recipemd";
+    rev = "v4.0.7";
+    sha256 = "sha256-P65CxTaROfvx9kNSJWa5CiCUHCurTMZx8uUH9W9uK1U=";
   };
 
   propagatedBuildInputs = with pythonPackages; [
@@ -47,7 +48,7 @@ buildPythonPackage rec {
     pythonPackages.pytestcov
   ];
 
-  doCheck = false;
+  doCheck = true;
 
   meta = with lib; {
     description = "Markdown recipe manager, reference implementation of RecipeMD";

pkgs/scripts.nix

@@ -3,7 +3,7 @@
 (import
   (pkgs.fetchgit {
     url = "https://git.dadada.li/dadada/scripts.git";
-    sha256 = "0pspybphfqmccl9w97dr89g47dbxk8ly05x8x7c313a5i3pzd5lm";
-    rev = "e1a887a658da130c2a513d4c770d5026565c4e69";
+    sha256 = "sha256-Kdwb34XXLOl4AaiVmOZ3nlu/KdENMqvH+UwISv8Pyiw=";
+    rev = "065ff0f0ee9e44234678f0fefbba7961ea42518c";
   })
   { stdenv = stdenv; lib = lib; })

shell.nix

@@ -1,7 +1,8 @@
-{ pkgs ? import <nixpkgs> { } }:
+{ mkShell
+, deploy
+}:
 
-with (import ./default.nix { inherit pkgs; });
-pkgs.mkShell {
+mkShell {
   buildInputs = [
     deploy
   ];