Move vim packages to pkgs

Add system config

Split up modules into home and system sets

Update

Cleanup

Move home config

Add module attrs

Fix empty LUKS device UUID

Import local secrets

modules/admin.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  cfg = config.dadada.admin;
+in {
+  options.dadada.admin = {
+    enable = mkEnableOption "Enable admin access";
+
+    users = mkOption {
+      type = with types; attrsOf (listOf path);
+      default = [];
+      description = ''
+              List of admin users with root access to all the machine.
+      '';
+      example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]";
+    };
+
+    rat = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable NAT and firewall traversal for SSH via tor hidden service
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.sshd.enable = true;
+    services.openssh.passwordAuthentication = false;
+    security.sudo.wheelNeedsPassword = false;
+
+    users.mutableUsers = false;
+
+    users.users = mapAttrs (user: keys: (
+      {
+        extraGroups = [ "wheel" ];
+        isNormalUser = true;
+        openssh.authorizedKeys.keyFiles = keys;
+      })) cfg.users;
+
+    networking.firewall.allowedTCPPorts = [ 22 ];
+
+    environment.systemPackages = with pkgs; [
+      vim
+    ];
+
+    services.tor.hiddenServices = {
+      "rat" = mkIf cfg.rat.enable {
+        name = "rat";
+        map = [ { port = 22; } ];
+      };
+    };
+  };
+}
+

modules/backup.nix

@@ -0,0 +1,82 @@
+{ config, pkgs, lib, ...}:
+with lib;
+let
+  backupExcludes =  [
+    "/backup"
+    "/dev"
+    "/efi"
+    "/home/*/.cache"
+    "/home/*/.config/Riot/Cache"
+    "/home/iserv"
+    "/lost+found"
+    "/mnt"
+    "/nix"
+    "/proc"
+    "/run"
+    "/sys"
+    "/tmp"
+    "/var/cache"
+    "/var/log"
+    "/var/tmp"
+  ];
+  cfg = config.dadada.backupClient;
+in {
+  options.dadada.backupClient = {
+    enable = mkEnableOption "Enable backup client";
+    gs = mkEnableOption "Enable backup to GS location";
+    bs = mkEnableOption "Enable backup to BS location";
+  };
+
+  config = mkIf cfg.enable {
+
+    fileSystems = mkIf cfg.gs {
+      "/backup" = {
+        device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
+        fsType = "ext4";
+        options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+      };
+    };
+
+    services.borgbackup.jobs.gs = mkIf cfg.gs {
+      paths = "/";
+      exclude = backupExcludes;
+      repo = "/backup/${config.networking.hostName}";
+      doInit = false;
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat /var/lib/borgbackup/gs/passphrase";
+      };
+      compression = "auto,lz4";
+      prune.keep = {
+        within = "1d"; # Keep all archives from the last day
+        daily = 7;
+        weekly = 2;
+        monthly = -1;  # Keep at least one archive for each month
+        yearly = -1;  # Keep at least one archive for each year
+      };
+      startAt = "monthly";
+    };
+
+    networking.hosts = mkIf cfg.bs {
+      "fd42:dead:beef:0:5054:ff:fefb:7361" = [
+        "media.dadada.li"
+      ];
+    };
+
+    services.borgbackup.jobs.bs = mkIf cfg.bs{
+      paths = "/";
+      exclude = backupExcludes;
+      repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
+      doInit = true;
+      environment = {
+        BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'";
+      };
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat /var/lib/borgbackup/bs/passphrase";
+      };
+      compression = "auto,lz4";
+      startAt = "daily";
+    };
+  };
+}

modules/dadada/vim/plugins/myFtplugins/ftplugin/cpp.vim

@@ -1,11 +0,0 @@
-let b:ale_fixers = ['clang-format', 'remove_trailing_lines', 'trim_whitespace']
-let b:ale_linters = ['clangd']
-
-"setlocal tabstop=8 expandtab shiftwidth=2 smarttab
-" GNU Coding Standards
-setlocal cindent
-setlocal cinoptions=>4,n-2,{2,^-2,:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1
-setlocal shiftwidth=2
-setlocal softtabstop=2
-setlocal textwidth=79
-setlocal fo-=ro fo+=cql

modules/dadada/vim/plugins/myFtplugins/ftplugin/css.vim

@@ -1,3 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/fish.vim

@@ -1,2 +0,0 @@
-" Set up :make to use fish for syntax checking.
-compiler fish

modules/dadada/vim/plugins/myFtplugins/ftplugin/foo.kt

@@ -1,3 +0,0 @@
-class Foo {
-    fun 
-}

modules/dadada/vim/plugins/myFtplugins/ftplugin/html.vim

@@ -1,3 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/javascript.vim

@@ -1,5 +0,0 @@
-let b:ale_fixers = ['prettier', 'eslint']
-
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/kotlin.vim

@@ -1,5 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=4
-setlocal softtabstop=4
-let g:ale_kotlin_languageserver_executable = "/home/tim/src/kotlin-language-server/server/build/install/server/bin/kotlin-language-server"
-

modules/dadada/vim/plugins/myFtplugins/ftplugin/ledger.vim

@@ -1,3 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=4
-setlocal softtabstop=4

modules/dadada/vim/plugins/myFtplugins/ftplugin/markdown.md

@@ -1,2 +0,0 @@
-let b:ale_linters = {'markdown': ['languagetool']}
-let b:ale_fixers = {'markdown': ['languagetool']}

modules/dadada/vim/plugins/myFtplugins/ftplugin/nix.vim

@@ -1,3 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/python.vim

@@ -1,4 +0,0 @@
-" Check Python files with flake8 and pylint.
-let b:ale_linters = ['flake8', 'pylint']
-" Fix Python files with autopep8 and yapf.
-let b:ale_fixers = ['autopep8', 'yapf', 'add_blank_lines_for_python_control_statements', 'autopep8', 'remove_trailing_lines', 'reorder-python-imports', 'trim_whitespace']

modules/dadada/vim/plugins/myFtplugins/ftplugin/rust.vim

@@ -1,2 +0,0 @@
-let b:ale_linters = {'rust': ['rustc', 'rls', 'rust-analyzer']}
-let b:ale_fixers = {'rust': ['rustfmt']}

modules/dadada/vim/plugins/myFtplugins/ftplugin/scss.vim

@@ -1,3 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/typescript.vim

@@ -1,5 +0,0 @@
-let b:ale_fixers = ['prettier', 'eslint', 'tsserver']
-
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2

modules/dadada/vim/plugins/myFtplugins/ftplugin/yaml.vim

@@ -1,4 +0,0 @@
-setlocal expandtab
-setlocal shiftwidth=2
-setlocal softtabstop=2
-

modules/default.nix

@@ -0,0 +1,11 @@
+{
+  admin = ./admin.nix;
+  backup = ./backup.nix;
+  fido2 = ./fido2.nix;
+  fileShare = ./fileShare.nix;
+  networking = ./networking.nix;
+  steam = ./steam.nix;
+  update = ./update.nix;
+  vpnServer = ./vpnServer.nix;
+  weechat = ./weechat.nix;
+}

modules/fido2.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  luks = config.dadada.luks;
+  fido2 = config.dadada.fido2;
+in {
+
+  options = {
+    dadada.luks = {
+      uuid = mkOption {
+        type = with types; nullOr str;
+        description = "Device UUID";
+        default = null;
+      };
+    };
+
+    dadada.fido2 = {
+      enablePam = mkEnableOption "Enable PAM U2F";
+      credential = mkOption {
+        type = with types; nullOr str;
+        description = "FIDO2 credential string";
+        default = null;
+      };
+    };
+  };
+
+  config = {
+    boot.initrd.luks.devices = mkIf (luks.uuid != null) {
+      root = {
+        device = "/dev/disk/by-uuid/${luks.uuid}";
+        preLVM = true;
+        allowDiscards = true;
+        fido2 = mkIf (fido2.credential != null) {
+          credential = fido2.credential;
+          passwordLess = true;
+        };
+      };
+    };
+
+    boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true;
+
+    environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [
+      linuxPackages.acpi_call
+      fido2luks
+      python27Packages.dbus-python
+      python38Packages.solo-python    
+    ]);
+
+    security.pam.u2f = mkIf fido2.enablePam {
+      enable = true;
+      control = "sufficient";
+      cue = true;
+    };
+  };
+
+}

modules/fileShare.nix

@@ -0,0 +1,50 @@
+{ config, lib, ... }:
+with lib;
+let
+  cfg = config.dadada.fileShare;
+  sharePath = "/mnt/storage/share";
+  ipv6 = "fd42:dead:beef::/48";
+  ipv4 = "192.168.42.0/24";
+  allow = "192.168.42.0 fd42:dead:beef::";
+in {
+  options.dadada.fileShare = {
+    enable = mkEnableOption "Enable file share server";
+  };
+  config = mkIf cfg.enable {
+    services.samba = {
+      enable = true;
+      securityType = "user";
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = media
+        netbios name = media
+        security = user 
+        #use sendfile = yes
+        #max protocol = smb2
+        hosts allow = ${allow} localhost
+        hosts deny = 0.0.0.0/0
+        guest account = nobody
+        map to guest = bad user
+      '';
+      shares = {
+        public = {
+          path = sharePath;
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "username";
+          "force group" = "groupname";
+        };
+      };
+    };
+    services.nfs = {
+      server.enable = true;
+      server.exports = ''
+        ${sharePath} ${ipv6}(rw,all_squash,insecure,subtree_check) ${ipv4}(rw,all_squash,insecure,subtree_check) # map to user/group - in this case nobody
+      '';
+    };
+  };
+}
+

modules/home/colors.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+with lib;
+{
+  options.dadada.home.colors = mkOption {
+    type = types.attrs;
+    description = "Color scheme";
+  };
+
+  config = {
+    dadada.home.colors = {
+      foreground = "#a3a3a3";
+      foregroundBold = "#e8e8e8";
+      cursor = "#e8e8e8";
+      cursorForeground = "#1f2022";
+      background = "#292b2e";
+      color0  = "#1f2022";
+      color8  = "#585858";
+      color7  = "#a3a3a3";
+      color15 = "#f8f8f8";
+      color1  = "#f2241f";
+      color9  = "#f2241f";
+      color2  = "#67b11d";
+      color10 = "#67b11d";
+      color3  = "#b1951d";
+      color11 = "#b1951d";
+      color4  = "#4f97d7";
+      color12 = "#4f97d7";
+      color5  = "#a31db1";
+      color13 = "#a31db1";
+      color6  = "#2d9574";
+      color14 = "#2d9574";
+      color16 = "#ffa500";
+      color17 = "#b03060";
+      color18 = "#282828";
+      color19 = "#444155";
+      color20 = "#b8b8b8";
+      color21 = "#e8e8e8";
+    };
+  };
+}

modules/home/default.nix

@@ -0,0 +1,20 @@
+{
+  colors = ./colors.nix;
+  direnv = ./direnv.nix;
+  fish = ./fish.nix;
+  git = ./git.nix;
+  gpg = ./gpg.nix;
+  gtk = ./gtk.nix;
+  keyring = ./keyring.nix;
+  kitty = ./kitty;
+  mako = ./mako.nix;
+  session = ./session.nix;
+  ssh = ./ssh.nix;
+  sway = ./sway;
+  syncthing = ./syncthing.nix;
+  termite = ./termite.nix;
+  tmux = ./tmux.nix;
+  vim = ./vim;
+  xdg = ./xdg.nix;
+  zsh = ./zsh.nix;
+}

modules/home/direnv.nix

@@ -1,10 +1,10 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.direnv;
+  cfg = config.dadada.home.direnv;
 in
 {
-  options.dadada.direnv = {
+  options.dadada.home.direnv = {
     enable = mkEnableOption "Enable direnv config";
   };
   config = mkIf cfg.enable {

modules/home/fish.nix

@@ -1,9 +1,9 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.fish;
+  cfg = config.dadada.home.fish;
 in {
-  options.dadada.fish = {
+  options.dadada.home.fish = {
     enable = mkEnableOption "Enable fish config";
   };
 

modules/home/git.nix

@@ -1,10 +1,10 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.git;
+  cfg = config.dadada.home.git;
 in
 {
-  options.dadada.git = {
+  options.dadada.home.git = {
     enable = mkEnableOption "Enable git config";
   };
   config = mkIf cfg.enable {

modules/home/gpg.nix

@@ -1,9 +1,9 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.gpg;
+  cfg = config.dadada.home.gpg;
 in {
-  options.dadada.gpg = {
+  options.dadada.home.gpg = {
     enable = mkEnableOption "Enable GnuPG config";
   };
   config = mkIf cfg.enable {

modules/home/gtk.nix

@@ -1,10 +1,10 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
-  cfg = config.dadada.gtk;
+  cfg = config.dadada.home.gtk;
 in
 {
-  options.dadada.gtk = {
+  options.dadada.home.gtk = {
     enable = mkEnableOption "Enable GTK config";
   };
   config = mkIf cfg.enable {

modules/home/keyring.nix

@@ -1,9 +1,9 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.keyring;
+  cfg = config.dadada.home.keyring;
 in {
-  options.dadada.keyring = {
+  options.dadada.home.keyring = {
     enable = mkEnableOption "Enable keyring config";
   };
   config = mkIf cfg.enable {

modules/home/kitty/default.nix

@@ -1,9 +1,9 @@
 { pkgs, lib, config, ... }:
 with lib;
 let
-  cfg = config.dadada.kitty;
+  cfg = config.dadada.home.kitty;
 in {
-  options.dadada.kitty = {
+  options.dadada.home.kitty = {
     enable = mkEnableOption "Enable kitty config";
   };
   config = mkIf cfg.enable {

modules/home/mako.nix

@@ -1,9 +1,9 @@
 { config, lib, pkgs, colors, ...}:
 with lib;
 let
-  cfg = config.dadada.mako;
+  cfg = config.dadada.home.mako;
 in {
-  options.dadada.mako = {
+  options.dadada.home.mako = {
     enable = mkEnableOption "Enable mako config";
   };
   config = mkIf cfg.enable {

modules/home/module-list.nix

@@ -0,0 +1,20 @@
+[
+  ./colors.nix
+  ./direnv.nix
+  ./fish.nix
+  ./git.nix
+  ./gpg.nix
+  ./gtk.nix
+  ./keyring.nix
+  ./kitty
+  ./mako.nix
+  ./session.nix
+  ./ssh.nix
+  ./sway
+  ./syncthing.nix
+  ./termite.nix
+  ./tmux.nix
+  ./vim
+  ./xdg.nix
+  ./zsh.nix
+]

modules/home/session.nix

@@ -1,9 +1,9 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.session;
+  cfg = config.dadada.home.session;
 in {
-  options.dadada.session = {
+  options.dadada.home.session = {
     enable = mkEnableOption "Enable session variable management";
     sessionVars = mkOption {
       description = "Session variables";

modules/home/ssh.nix

@@ -1,9 +1,9 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.ssh;
+  cfg = config.dadada.home.ssh;
 in {
-  options.dadada.ssh = {
+  options.dadada.home.ssh = {
     enable = mkEnableOption "Enable SSH config";
   };
   config = mkIf cfg.enable {

modules/home/sway/default.nix

@@ -1,9 +1,9 @@
 { config, pkgs, lib, colors, ...}:
 with lib;
 let
-  cfg = config.dadada.sway;
+  cfg = config.dadada.home.sway;
 in {
-  options.dadada.sway = {
+  options.dadada.home.sway = {
     enable = mkEnableOption "Enable Sway config";
   };
   config = mkIf cfg.enable {

modules/home/syncthing.nix

@@ -1,9 +1,9 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.syncthing;
+  cfg = config.dadada.home.syncthing;
 in {
-  options.dadada.syncthing = {
+  options.dadada.home.syncthing = {
     enable = mkEnableOption "Enable Syncthing config";
   };
   config = mkIf cfg.enable {

modules/home/termite.nix

@@ -7,9 +7,9 @@
 }:
 with lib;
 let
-  cfg = config.dadada.termite;
+  cfg = config.dadada.home.termite;
 in {
-  options.dadada.termite = {
+  options.dadada.home.termite = {
     enable = mkEnableOption "Enable termite config";
   };
   config = mkIf cfg.enable {

modules/home/tmux.nix

@@ -1,9 +1,9 @@
 { config, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.tmux;
+  cfg = config.dadada.home.tmux;
 in {
-  options.dadada.tmux = {
+  options.dadada.home.tmux = {
     enable = mkEnableOption "Enable tmux config";
   };
   config = mkIf cfg.enable {

modules/home/vim/default.nix

@@ -1,27 +1,11 @@
-{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, lib, ... }:
 with lib;
 let 
-  cfg = config.dadada.vim;
-
-  myFtplugins = pkgs.vimUtils.buildVimPluginFrom2Nix {
-    pname = "myFtplugins";
-    version = "2010-11-06";
-    src = vim/plugins/myFtplugins;
-  };
-
-  spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix {
-    pname = "spacemacs-theme";
-    version = "2.0.1";
-    src = pkgs.fetchFromGitHub {
-      owner = "colepeters";
-      repo = "spacemacs-theme.vim";
-      rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e";
-      sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz";
-    };
-  };
+  cfg = config.dadada.home.vim;
+  vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {};
 in
 {
-  options.dadada.vim = {
+  options.dadada.home.vim = {
     enable = mkEnableOption "Enable VIM config";
   };
 
@@ -40,7 +24,8 @@ in
         pkgs.vimPlugins.vim-airline
         pkgs.vimPlugins.vim-airline-themes
         pkgs.vimPlugins.vim-fish
-        spacemacsTheme
+        vimPlugins.spacemacsTheme
+        vimPlugins.filetype
         #pkgs.vimPlugins.vim-gnupg
         #pkgs.vimPlugins.vim-l9
         pkgs.vimPlugins.vim-ledger

modules/home/xdg.nix

@@ -18,9 +18,9 @@ let
     "text/plain" = "vim.desktop";
     "application/pdf" = "org.pwmt.zathura.desktop";
   };
-  cfg = config.dadada.xdg;
+  cfg = config.dadada.home.xdg;
 in {
-  options.dadada.xdg = {
+  options.dadada.home.xdg = {
     enable = mkEnableOption "Enable XDG config";
   };
   config = mkIf cfg.enable {

modules/home/zsh.nix

@@ -1,9 +1,9 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  cfg = config.dadada.zsh;
+  cfg = config.dadada.home.zsh;
 in {
-  options.dadada.zsh = {
+  options.dadada.home.zsh = {
     enable = mkEnableOption "Enable ZSH config";
   };
   config = mkIf cfg.enable {

modules/module-list.nix

@@ -1,19 +1,11 @@
 [
-  ./dadada/direnv.nix
-  ./dadada/fish.nix
-  ./dadada/git.nix
-  ./dadada/gpg.nix
-  ./dadada/gtk.nix
-  ./dadada/keyring.nix
-  ./dadada/kitty
-  ./dadada/mako.nix
-  ./dadada/session.nix
-  ./dadada/ssh.nix
-  ./dadada/sway
-  ./dadada/syncthing.nix
-  ./dadada/termite.nix
-  ./dadada/tmux.nix
-  ./dadada/vim
-  ./dadada/xdg.nix
-  ./dadada/zsh.nix
+  ./admin.nix
+  ./backup.nix
+  ./fido2.nix
+  ./fileShare.nix
+  ./networking.nix
+  ./steam.nix
+  ./update.nix
+  ./vpnServer.nix
+  ./weechat.nix
 ]

modules/networking.nix

@@ -0,0 +1,86 @@
+{ config, pkgs, lib, ...}:
+with lib;
+let
+  cfg = config.dadada.networking;
+in {
+  options.dadada.networking = {
+    useLocalResolver = mkEnableOption "Enable local caching name server";
+    domain = mkOption {
+      type = with types; nullOr str;
+      description = "Network domain name";
+      default = null;
+    };
+    wanInterfaces = mkOption {
+      type = with types; listOf str;
+      description = "WAN network interfaces";
+      default = [];
+    };
+    vpnExtension = mkOption {
+      type = with types; nullOr str;
+      description = "Last part of VPN address";
+      default = null;
+    };
+    enableBsShare = mkEnableOption "Enable network share at BS location";
+  };
+
+  config = {
+    networking.domain = cfg.domain;
+    networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true;
+    services.unbound = mkIf cfg.useLocalResolver {
+      enable = true;
+      allowedAccess = [
+        "127.0.0.1/8"
+        "::1"
+      ];
+      extraConfig = ''
+        tls-upstream: yes
+        tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt"
+        forward-zone:
+        name: .
+        forward-tls-upstream: yes
+        forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+        forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+        forward-addr: 1.1.1.1@853#cloudflare-dns.com
+        forward-addr: 1.0.0.1@853#cloudflare-dns.com
+      '';
+    };
+
+    networking.useDHCP = false;
+
+    networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i {
+      useDHCP = true;
+    }));
+
+    networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
+      bs = {
+        ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ];
+        listenPort = 51234;
+
+        privateKeyFile = "/var/lib/wireguard/privkey";
+
+        peers = [
+          {
+            publicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
+            allowedIPs = [ "fd42:dead:beef::/48" ];
+            endpoint = "bs.vpn.dadada.li:51234";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+
+    fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare {
+      device = "media.dadada.li:/mnt/storage/share";
+      fsType = "nfs";
+      options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+    };
+
+    networking.firewall = {
+      enable = true;
+      allowedUDPPorts = [
+        51234 # Wireguard
+        5353  # mDNS
+      ];
+    };
+  };
+}

modules/profiles/base/default.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  imports = import ../../module-list.nix;
+
+  config = {
+    dadada = {
+      autoUpgrade.enable = mkDefault true;
+      networking = {
+        useLocalResolver = mkDefault true;
+        domain = mkDefault "dadada.li";
+      };
+    };
+
+    i18n.defaultLocale = mkDefault "en_US.UTF-8";
+    console = {
+      font = mkDefault "Lat2-Terminus16";
+      keyMap = mkDefault "us";
+    };
+
+    fonts.fonts = mkDefault (with pkgs; [
+      source-code-pro
+    ]);
+
+    time.timeZone = mkDefault "Europe/Berlin";
+
+    programs.zsh = mkDefault {
+      enable = true;
+      autosuggestions.enable = true;
+      enableCompletion = true;
+      histSize = 100000;
+      vteIntegration = true;
+      syntaxHighlighting = {
+        enable = true;
+        highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ];
+      };
+    };
+  };
+}

modules/profiles/home/default.nix

@@ -1,54 +0,0 @@
-{ config, pkgs, lib, ... }:
-let 
-  sources = import ../../../nix/sources.nix;
-  stable = import <nixpkgs-stable> {};
-in {
-  nixpkgs = {
-    overlays = [
-      (import ../../../overlays/texlive-tubslatex.nix)
-    ];
-  };
-
-  imports = import ../../module-list.nix;
-
-  dadada = {
-    vim.enable = true;
-    direnv.enable = true;
-    git.enable = true;
-    gpg.enable = true;
-    gtk.enable = true;
-    keyring.enable = true;
-    kitty.enable = true;
-    session.enable = true;
-    ssh.enable = true;
-    syncthing.enable = true;
-    xdg.enable = true;
-    zsh.enable = true;
-  };
-
-  dadada.session = {
-    sessionVars = {
-      EDITOR = "vim";
-      PAGER = "less";
-      MAILDIR = "\$HOME/.var/mail";
-      MBLAZE = "\$HOME/.config/mblaze";
-      NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
-      MOZ_ENABLE_WAYLAND= "1";
-    };
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  home.packages = import ./pkgs.nix { pkgs = pkgs; };
-
-  # This value determines the Home Manager release that your
-  # configuration is compatible with. This helps avoid breakage
-  # when a new Home Manager release introduces backwards
-  # incompatible changes.
-  #
-  # You can update Home Manager without changing this value. See
-  # the Home Manager release notes for a list of state version
-  # changes in each release.
-  home.stateVersion = "19.09";
-}

modules/profiles/home/pkgs.nix

@@ -1,83 +0,0 @@
-{ pkgs }:
-with pkgs; [
-  android-studio
-  anki
-  aspell
-  aspellDicts.de
-  aspellDicts.en
-  aspellDicts.en-computers
-  aspellDicts.en-science
-  aqbanking
-  bluez-tools
-  chromium
-  clang
-  clang-tools
-  darcs
-  direnv
-  element-desktop
-  evince
-  ffmpeg
-  file
-  firefox-bin
-  fractal
-  fzf
-  gimp
-  git-lfs
-  gitAndTools.hub
-  gnome3.gnome-tweak-tool
-  gnome3.nautilus
-  gnome3.vinagre
-  gnucash
-  gnumake
-  gnupg
-  graphviz
-  grim
-  imagemagick
-  inkscape
-  inotify-tools
-  jameica
-  jq
-  kcachegrind
-  keepassxc
-  kitty
-  ldns
-  libreoffice
-  libvirt
-  lsof
-  mblaze
-  mkpasswd
-  mpv
-  mumble
-  ncurses
-  nfs-utils
-  niv
-  nmap
-  openssl
-  p7zip
-  pass
-  pavucontrol
-  pinentry-gnome
-  playerctl
-  pwgen
-  python27Packages.dbus-python
-  python3
-  python38Packages.dateutil
-  python38Packages.managesieve
-  python38Packages.solo-python
-  signal-desktop
-  slurp
-  sqlite
-  sshfs-fuse
-  steam
-  tcpdump
-  tdesktop
-  texlive-tubslatex
-  thunderbird-bin
-  unzip
-  usbutils
-  virtmanager
-  whois
-  wireshark
-  xdg_utils
-  youtube-dl
-]

modules/profiles/work.nix

@@ -1,45 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  imports = [
-    (import ../session.nix {
-      inherit config;
-      sessionVars = {
-        EDITOR = "vim";
-        PAGER = "less";
-        MOZ_ENABLE_WAYLAND= "1";
-      };
-    })
-    ../vim
-    ../direnv.nix
-    ../git.nix
-    ../gpg.nix
-    ../gtk.nix
-    ../keyring.nix
-    ../kitty.nix
-    ../ssh.nix
-    ../tmux.nix
-    ../zsh.nix
-  ];
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  home.packages = with pkgs; [
-    file
-    gnupg
-    libreoffice
-    python3
-    sshfs-fuse
-    unzip
-  ];
-
-  # This value determines the Home Manager release that your
-  # configuration is compatible with. This helps avoid breakage
-  # when a new Home Manager release introduces backwards
-  # incompatible changes.
-  #
-  # You can update Home Manager without changing this value. See
-  # the Home Manager release notes for a list of state version
-  # changes in each release.
-  home.stateVersion = "19.09";
-}

modules/steam.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  cfg = config.dadada.steam;
+in {
+  options.dadada.steam = {
+    enable = mkEnableOption "Enable Steam config";
+  };
+  config = mkIf cfg.enable {
+    nixpkgs.config.allowUnfree = true;
+
+    hardware.opengl = {
+      enable = true;
+      driSupport32Bit = true;
+      extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
+    };
+
+    hardware.pulseaudio.support32Bit = true;
+  };
+}

modules/update.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  cfg = config.dadada.autoUpgrade;
+in {
+  options = {
+    dadada.autoUpgrade = {
+      enable = mkEnableOption "Enable automatic upgrades";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.fwupd.enable = true;
+
+    nix = {
+      autoOptimiseStore = true;
+      useSandbox = true;
+      gc = {
+        automatic = true;
+        dates = "weekly";
+        options = "--delete-older-than 30d";
+      };
+    };
+
+    system.autoUpgrade = {
+      enable = true;
+      dates = "daily";
+    };
+  };
+}

modules/vpnServer.nix

@@ -0,0 +1,47 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  cfg = config.dadada.vpnServer;
+  wgPeer = { name, ... }: {
+    options = {
+      name = mkOption {
+        internal = true;
+        default = name;
+      };
+      id = mkOption {
+        description = "VPN client id";
+        default = 0;
+        type = types.str;
+      };
+      key = mkOption {
+        description = "VPN client public key";
+        default = "";
+        type = types.str;
+      };
+    };
+  };
+in {
+  options.dadada.vpnServer = {
+    enable = mkEnableOption "Enable wireguard gateway";
+    peers = mkOption {
+      description = "Set of extensions and public keys of peers";
+      type = with types; attrsOf (submodule wgPeer);
+      default = {};
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.wireguard.enable = true;
+    networking.wireguard.interfaces."wg0" = {
+      allowedIPsAsRoutes = true;
+      privateKeyFile = "/var/lib/wireguard/wg0-key";
+      ips = [ "fd42:dead:beef:1337::0/64" ];
+      listenPort = 51234;
+      peers = map (peer: (
+        {
+          allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ];
+          publicKey = peer.key;
+        })) (attrValues cfg.peers);
+    };
+  };
+}

modules/weechat.nix

@@ -0,0 +1,58 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  cfg = config.dadada.weechat;
+in {
+  options.dadada.weechat = {
+    enable = mkEnableOption "Enable weechat relay";
+  };
+  config = mkIf cfg.enable {
+    services.weechat = {
+      enable = true;
+      sessionName = "weechat-dadada";
+    };
+
+    services.nginx.virtualHosts."webchat.dadada.li" = {
+      useACMEHost = "webchat.dadada.li";
+      forceSSL = true;
+      serverAliases = [ "webchat.${config.networking.domain}" ];
+
+      root = pkgs.glowing-bear;
+
+      locations = {
+        "/robots.txt" = {
+          extraConfig = ''
+            add_header Content-Type text/plain;
+            return 200 "User-agent: *\nDisallow: /\n";
+          '';
+        };
+      };
+    };
+    services.nginx.virtualHosts."weechat.dadada.li" = {
+      useACMEHost = "weechat.dadada.li";
+      forceSSL = true;
+      serverAliases = [ "weechat.${config.networking.domain}" ];
+
+      root = "${pkgs.nginx}/html";
+      locations = {
+        "/weechat" = {
+          extraConfig = ''
+            proxy_pass http://localhost:9001;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 8h;
+          '';
+        };
+        "/robots.txt" = {
+          extraConfig = ''
+            add_header Content-Type text/plain;
+            return 200 "User-agent: *\nDisallow: /\n";
+          '';
+        };
+      };
+    };
+  };
+}
+