🚧 downsize cores

⬆️ nix flake update
2024-12-23 08:39:44 +07:00 · 2024-12-09 03:40:35 +01:00 · 2024-12-08 15:53:45 +01:00 · 2024-12-08 14:47:49 +07:00 · 2024-12-08 03:48:38 +01:00 · 2024-12-07 17:11:24 +01:00
266 changed files with 5599 additions and 5168 deletions
--- a/.forgejo/workflows/nix_build.yaml
+++ b/.forgejo/workflows/nix_build.yaml
@ -1,18 +1,17 @@
 name: Build all NixOS Configurations
 on:
  push:
    branches:
      - "**"
  schedule:
    - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
 jobs:
  nix build:
    runs-on: native
    steps:
      - uses: actions/checkout@v4
-
+        with:
          clean: true
      - name: update nix flakes
        if: ${{ github.event_name == 'schedule' }}
        # we need to use our ssh key here because we need access to private flakes
@ -30,7 +29,6 @@ jobs:
          echo $SSH_AGENT_PID
          kill $SSH_AGENT_PID
          rm .ssh_key
      - name: nix flake archive/check
        # we need to use our ssh key here because we need access to private flakes
        run: |
@ -48,25 +46,16 @@ jobs:
          echo $SSH_AGENT_PID
          kill $SSH_AGENT_PID
          rm .ssh_key
      - name: nix build orbi
        run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
-
+        #      - name: nix build cream
-      - name: nix build cream
+        #        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
      - name: nix build cherry
        run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
      - name: nix build chungus
        run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
      - name: nix build sternchen
        run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
      - name: nix build usbstick
        run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
      - name: commit & push
        if: ${{ github.event_name == 'schedule' }}
        # only if all nix builds are fine we update our branch
--- a/assets/wallpaper.png
+++ b/assets/wallpaper.png
--- a/components/README.md
+++ b/components/README.md
@ -1,6 +1,8 @@
 # components concept
 - components are kinda opinionated.
- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
+- should be project agnostic (e.g.: configure bugwarrior via options but leave
- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
+  specifics out).
 - `component.<toplevel>.enabled` should usually be the default for all it
  subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
  - But default should make sense here!
--- a/components/chaospott.nix
+++ b/components/chaospott.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
--- a/components/default.nix
+++ b/components/default.nix
@ -5,7 +5,6 @@
    ./gui
    ./mainUser.nix
    ./media
    ./monitor
    ./network
    ./nixos
    ./terminal
@ -14,5 +13,4 @@
    ./yubikey.nix
  ];
 }
--- a/components/gui/audio.nix
+++ b/components/gui/audio.nix
@ -1,5 +1,10 @@
 # TODO test `alsactl init` after suspend to reinit mic
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.gui.audio.enable = mkOption {
@ -20,7 +25,6 @@ with lib;
    environment.systemPackages = with pkgs; [
      alsa-utils
      alsaUtils
      # PulseAudio control
      # ------------------
--- a/components/gui/browser.nix
+++ b/components/gui/browser.nix
@ -8,11 +8,13 @@ in
    programs.chromium.extensions = [
      "nngceckbapebfimnlniiiahkandclblb" # bitwarden
-      "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
+      # "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
      "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
      "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
      "jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
      "dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
      "mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
    ];
    # overwrite use zram on small RAM systems
--- a/components/gui/default.nix
+++ b/components/gui/default.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
  pkgs,
  lib,
  config,
  ...
 }:
 with lib;
 {
  options.components.gui = {
--- a/components/gui/home-manager/default.nix
+++ b/components/gui/home-manager/default.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
  pkgs,
  lib,
  config,
  ...
 }:
 with lib;
 {
--- a/components/gui/kmonad.nix
+++ b/components/gui/kmonad.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.components.gui.kmonad.enable = lib.mkOption {
@ -79,9 +84,21 @@
        in
        {
-          nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
+          nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
-          dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
+            "lctl"
-          uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
+            "lmet"
            "lalt"
          ];
          dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
            "lctl"
            "lmet"
            "lalt"
          ];
          uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
            "lctl"
            "lmet"
            "lalt"
          ];
        };
    };
  };
--- a/components/gui/noti.nix
+++ b/components/gui/noti.nix
@ -1,6 +1,11 @@
 # notify me when a command is finished
 # todo : secret managment is shit
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  options.components.gui.noti.enable = mkOption {
--- a/components/gui/pass.nix
+++ b/components/gui/pass.nix
@ -1,11 +1,17 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 let
  # desktop file
  # ------------
  # makes it possible to be used by other programs
-  desktopFile = name: bin:
+  desktopFile =
    name: bin:
    pkgs.writeTextFile {
      name = "${name}.desktop";
      destination = "/share/applications/${name}.desktop";
@ -34,7 +40,9 @@ in
    environment.systemPackages = [
      (pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
      # todo : use upstream desktop file creator
-      (desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
+      (desktopFile "passmenu" "${
        pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
      }/bin/passmenu --type -l 10")
      pkgs.otpmenu
--- a/components/gui/steam.nix
+++ b/components/gui/steam.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  options.components.gui.steam.enable = mkOption {
@ -22,7 +27,12 @@ with lib;
      isSystemUser = true;
      home = "/home/steam";
      createHome = true;
-      extraGroups = [ "audio" "input" "video" "pipewire" ];
+      extraGroups = [
        "audio"
        "input"
        "video"
        "pipewire"
      ];
      group = "steam";
      shell = pkgs.bashInteractive;
    };
--- a/components/gui/suspend.nix
+++ b/components/gui/suspend.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.gui.suspend.enable = mkOption {
@ -13,13 +18,11 @@ with lib;
      requiredBy = [ "sleep.target" ];
      environment =
        let
-          display =
+          display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
            if (config.services.xserver.display != null) then
              config.services.xserver.display
            else
              0;
        in
-        { DISPLAY = ":${toString display}"; };
+        {
          DISPLAY = ":${toString display}";
        };
      script = ''
        ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
        sleep 1
--- a/components/gui/vscode.nix
+++ b/components/gui/vscode.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  options.components.gui.vscode.enable = mkOption {
--- a/components/gui/wayland.nix
+++ b/components/gui/wayland.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
--- a/components/gui/xorg/default.nix
+++ b/components/gui/xorg/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
@ -78,4 +83,3 @@ with lib;
  };
 }
--- a/components/gui/xorg/xlock.nix
+++ b/components/gui/xorg/xlock.nix
@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
  lib,
  pkgs,
  config,
  ...
 }:
 with lib;
 let
--- a/components/mainUser.nix
+++ b/components/mainUser.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 with types;
 let
@ -6,15 +11,10 @@ let
  cfg = config.components.mainUser;
  # todo : use optionalList
-  dockerGroup =
+  dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
    if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
  # todo : use optionalList
-  vboxGroup =
+  vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
    if (config.virtualisation.virtualbox.host.enable) then
      [ "vboxusers" ]
    else
      [ ];
 in
 {
@ -73,8 +73,20 @@ in
        uid = cfg.uid;
        home = "/home/${cfg.userName}";
        initialPassword = cfg.userName;
-        extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
+        extraGroups =
-          ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
+          [
            "wheel"
            "networkmanager"
            "transmission"
            "wireshark"
            "audio"
            "pipewire"
            "input"
            "dialout"
          ]
          ++ dockerGroup
          ++ vboxGroup
          ++ cfg.extraGroups;
        openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
        group = config.users.groups.mainUser.name;
      };
--- a/components/media/icecast.nix
+++ b/components/media/icecast.nix
@ -4,7 +4,12 @@
 # * connect via mixxx to it.
 # * add the podcast to mpd in the same network
 # --------------------------------------------------
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 let
--- a/components/media/tts.nix
+++ b/components/media/tts.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
--- a/components/media/video.nix
+++ b/components/media/video.nix
@ -1,10 +1,14 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 let
-  obs-cmd = pkgs.rustPlatform.buildRustPackage
+  obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
    rec {
    pname = "obs-cmd";
    version = "v0.15.2";
    src = pkgs.fetchFromGitHub {
@ -53,7 +57,12 @@ let
    name = "screen-keys";
    paths =
      let
-        screenKeyScript = { position ? "bottom", size ? "small", ... }:
+        screenKeyScript =
          {
            position ? "bottom",
            size ? "small",
            ...
          }:
          pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
            ''
              ${pkgs.screenkey}/bin/screenkey \
@ -65,15 +74,29 @@ let
                                "$@"
            '';
      in
-      lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
+      lib.flatten (
-        lib.flip map [ "top" "center" "bottom" ]
+        lib.flip map
-          (position: screenKeyScript { inherit size position; })));
+          [
            "large"
            "small"
            "medium"
          ]
          (
            size:
            lib.flip map [
              "top"
              "center"
              "bottom"
            ] (position: screenKeyScript { inherit size position; })
          )
      );
  };
  mpvReview =
    let
-      moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
+      moveToDir =
        key: dir:
        pkgs.writeText "move-with-${key}.lua" ''
          tmp_dir = "${dir}"
          function move_current_track_${key}()
@ -110,7 +133,6 @@ in
  config = mkIf (config.components.media.video.enable) {
    home-manager.sharedModules = [
      {
        programs.obs-studio = {
@ -123,7 +145,6 @@ in
      }
    ];
    boot.kernelModules = [ "v4l2loopback" ];
    boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -137,7 +158,6 @@ in
      alphaSafe
      sanitizeFolder
      # obs studio stuff
      obs-cli
      v4l-utils
@ -154,8 +174,6 @@ in
      handbrake
      ffmpeg-full
    ];
  };
 }
--- a/components/monitor/container.nix
+++ b/components/monitor/container.nix
@ -1,17 +1,20 @@
-{ lib, config, ... }:
+{
  lib,
  config,
  inputs,
  ...
 }:
 with lib;
 with types;
 {
  imports = [
    ./default.nix
    ../timezone.nix
  ];
  config = {
-    components.monitor.enable = mkDefault true;
+    telemetry.enable = mkDefault true;
-    components.monitor.metrics.enable = mkDefault false;
+    telemetry.metrics.enable = mkDefault false;
-    components.monitor.opentelemetry.enable = false;
+    telemetry.opentelemetry.enable = false;
    services.journald.extraConfig = "SystemMaxUse=1G";
  };
--- a/components/monitor/default.nix
+++ b/components/monitor/default.nix
@ -1,32 +0,0 @@
 { lib, config, ... }:
 with lib;
 with types;
 {
  options.components.monitor = {
    enable = mkOption {
      type = bool;
      default = true;
    };
    metrics.enable = mkOption {
      type = bool;
      default = config.components.monitor.enable;
    };
    logs.enable = mkOption {
      type = bool;
      default = config.components.monitor.enable;
    };
  };
  imports = [
    ./logs-promtail.nix
    ./metrics-export-zfs.nix
    ./metrics-netdata.nix
    ./metrics-prometheus.nix
    ./metrics-telegraf.nix
    ./opentelemetry.nix
  ];
  config = mkIf config.components.monitor.enable { };
 }
--- a/components/monitor/logs-promtail.nix
+++ b/components/monitor/logs-promtail.nix
@ -1,178 +0,0 @@
 { config, lib, ... }:
 with lib;
 with types;
 let
  cfg = config.components.monitor.promtail;
 in
 {
  options.components.monitor.promtail = {
    enable = mkOption {
      type = lib.types.bool;
      default = config.components.monitor.logs.enable;
    };
    port = mkOption {
      type = int;
      default = 3500;
      description = "port to provide promtail export";
    };
  };
  config = mkMerge [
    (mkIf config.components.monitor.opentelemetry.enable {
      services.opentelemetry-collector.settings = {
        receivers.loki = {
          protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
          use_incoming_timestamp = true;
        };
        service.pipelines.logs.receivers = [ "loki" ];
      };
    })
    (mkIf config.components.monitor.promtail.enable {
      services.promtail = {
        enable = true;
        configuration = {
          server. disable = true;
          positions.filename = "/var/cache/promtail/positions.yaml";
          clients = [
            { url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
          ];
          scrape_configs =
            let
              _replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
              _elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
              _if = index: ''{{ if eq .Value "${toString index}" }}'';
              _end = ''{{ end }}'';
              elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
              ifblock = index: replacement: "${_if index}${_replace index replacement}";
              createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
            in
            [
              {
                job_name = "journal";
                journal = {
                  json = true;
                  max_age = "12h";
                  labels.job = "systemd-journal";
                };
                pipeline_stages = [
                  {
                    # Set of key/value pairs of JMESPath expressions. The key will be
                    # the key in the extracted data while the expression will be the value,
                    # evaluated as a JMESPath from the source data.
                    json.expressions = {
                      # journalctl -o json | jq and you'll see these
                      boot_id = "_BOOT_ID";
                      facility = "SYSLOG_FACILITY";
                      facility_label = "SYSLOG_FACILITY";
                      instance = "_HOSTNAME";
                      msg = "MESSAGE";
                      priority = "PRIORITY";
                      priority_label = "PRIORITY";
                      transport = "_TRANSPORT";
                      unit = "_SYSTEMD_UNIT";
                      # coredump
                      #coredump_cgroup = "COREDUMP_CGROUP";
                      #coredump_exe = "COREDUMP_EXE";
                      #coredump_cmdline = "COREDUMP_CMDLINE";
                      #coredump_uid = "COREDUMP_UID";
                      #coredump_gid = "COREDUMP_GID";
                    };
                  }
                  {
                    # Set the unit (defaulting to the transport like audit and kernel)
                    template = {
                      source = "unit";
                      template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
                    };
                  }
                  {
                    # Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
                    replace = {
                      source = "unit";
                      expression = "^(session-\\d+.scope)$";
                      replace = "session.scope";
                    };
                  }
                  {
                    # Map priority to human readable
                    template = {
                      source = "priority_label";
                      #template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
                      template = createTemplateLine [
                        "emergency"
                        "alert"
                        "critical"
                        "error"
                        "warning"
                        "notice"
                        "info"
                        "debug"
                      ];
                    };
                  }
                  {
                    # Map facility to human readable
                    template =
                      {
                        source = "facility_label";
                        template = createTemplateLine [
                          "kern" # Kernel messages
                          "user" # User-level messages
                          "mail" # Mail system	Archaic POSIX still supported and sometimes used (for more mail(1))
                          "daemon" # System daemons	All daemons, including systemd and its subsystems
                          "auth" # Security/authorization messages	Also watch for different facility 10
                          "syslog" # Messages generated internally by syslogd	For syslogd implementations (not used by systemd, see facility 3)
                          "lpr" # Line printer subsystem (archaic subsystem)
                          "news" # Network news subsystem (archaic subsystem)
                          "uucp" # UUCP subsystem (archaic subsystem)
                          "clock" # Clock daemon	systemd-timesyncd
                          "authpriv" # Security/authorization messages	Also watch for different facility 4
                          "ftp" # FTP daemon
                          "-" # NTP subsystem
                          "-" # Log audit
                          "-" # Log alert
                          "cron" # Scheduling daemon
                          "local0" # Local use 0 (local0)
                          "local1" # Local use 1 (local1)
                          "local2" # Local use 2 (local2)
                          "local3" # Local use 3 (local3)
                          "local4" # Local use 4 (local4)
                          "local5" # Local use 5 (local5)
                          "local6" # Local use 6 (local6)
                          "local7" # Local use 7 (local7)
                        ];
                      };
                  }
                  {
                    # Key is REQUIRED and the name for the label that will be created.
                    # Value is optional and will be the name from extracted data whose value
                    # will be used for the value of the label. If empty, the value will be
                    # inferred to be the same as the key.
                    labels = {
                      boot_id = "";
                      facility = "";
                      facility_label = "";
                      instance = "";
                      priority = "";
                      priority_label = "";
                      transport = "";
                      unit = "";
                    };
                  }
                  {
                    # Write the proper message instead of JSON
                    output.source = "msg";
                  }
                ];
              }
            ];
        };
      };
    })
  ];
 }
--- a/components/monitor/metrics-export-zfs.nix
+++ b/components/monitor/metrics-export-zfs.nix
@ -1,32 +0,0 @@
 { pkgs, config, lib, ... }:
 with lib;
 with types;
 {
  options.components.monitor.exporters.zfs.enable = mkOption {
    type = lib.types.bool;
    default = config.components.monitor.metrics.enable;
  };
  config = mkMerge [
    (mkIf config.components.monitor.exporters.zfs.enable {
      services.telegraf.extraConfig.inputs.zfs = { };
      services.prometheus.exporters.zfs.enable = true;
      services.opentelemetry-collector.settings = {
        receivers.prometheus.config.scrape_configs = [
          {
            job_name = "zfs";
            scrape_interval = "10s";
            static_configs = [{
              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
            }];
          }
        ];
        service.pipelines.metrics.receivers = [ "prometheus" ];
      };
    })
  ];
 }
--- a/components/monitor/metrics-netdata.nix
+++ b/components/monitor/metrics-netdata.nix
@ -1,35 +0,0 @@
 { lib, pkgs, config, ... }:
 with lib;
 with types;
 {
  options.components.monitor.netdata = {
    enable = mkOption {
      type = bool;
      default = config.components.monitor.metrics.enable;
    };
  };
  config = mkIf config.components.monitor.netdata.enable {
    # netdata sink
    services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
      {
        job_name = "netdata";
        scrape_interval = "10s";
        metrics_path = "/api/v1/allmetrics";
        params.format = [ "prometheus" ];
        static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
      }
    ];
    # https://docs.netdata.cloud/daemon/config/
    services.netdata = {
      enable = lib.mkDefault true;
      config = {
        global = {
          "memory mode" = "ram";
        };
      };
    };
  };
 }
--- a/components/monitor/metrics-prometheus.nix
+++ b/components/monitor/metrics-prometheus.nix
@ -1,45 +0,0 @@
 { config, lib, ... }:
 with lib;
 with types;
 let
  cfg = config.components.monitor.prometheus;
 in
 {
  options.components.monitor.prometheus = {
    enable = mkOption {
      type = lib.types.bool;
      default = config.components.monitor.metrics.enable;
    };
    port = mkOption {
      type = int;
      default = 8090;
      description = "port to provide Prometheus export";
    };
  };
  config = mkMerge [
    (mkIf config.components.monitor.prometheus.enable {
      services.prometheus = {
        checkConfig = "syntax-only";
        enable = true;
      };
    })
    (mkIf config.components.monitor.prometheus.enable {
      services.opentelemetry-collector.settings = {
        exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
        service.pipelines.metrics.exporters = [ "prometheus" ];
      };
      services.prometheus.scrapeConfigs = [
        {
          job_name = "opentelemetry";
          metrics_path = "/metrics";
          scrape_interval = "10s";
          static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
        }
      ];
    })
  ];
 }
--- a/components/monitor/metrics-telegraf.nix
+++ b/components/monitor/metrics-telegraf.nix
@ -1,50 +0,0 @@
 { config, pkgs, lib, ... }:
 with lib;
 with types;
 let
  cfg = config.components.monitor.telegraf;
 in
 {
  options.components.monitor.telegraf = {
    enable = mkOption {
      type = lib.types.bool;
      default = config.components.monitor.metrics.enable;
    };
    influxDBPort = mkOption {
      type = int;
      default = 8088;
      description = "Port to listen on influxDB input";
    };
  };
  config = lib.mkMerge [
    (mkIf config.components.monitor.telegraf.enable {
      # opentelemetry wireing
      services.opentelemetry-collector.settings = {
        receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
        service.pipelines.metrics.receivers = [ "influxdb" ];
      };
      services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
    })
    (mkIf config.components.monitor.telegraf.enable {
      systemd.services.telegraf.path = [ pkgs.inetutils ];
      services.telegraf = {
        enable = true;
        extraConfig = {
          # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
          inputs = {
            cpu = { };
            diskio = { };
            processes = { };
            system = { };
            systemd_units = { };
            ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
          };
        };
      };
    })
  ];
 }
--- a/components/monitor/opentelemetry.nix
+++ b/components/monitor/opentelemetry.nix
@ -1,205 +0,0 @@
 { pkgs, config, lib, ... }:
 with lib;
 with types;
 let
  cfg = config.components.monitor.opentelemetry;
 in
 {
  options.components.monitor.opentelemetry = {
    enable = mkOption {
      type = bool;
      default = config.components.monitor.enable;
      description = "weather or not to use opentelemetry";
    };
    receiver.endpoint = mkOption {
      type = nullOr str;
      default = null;
      description = "endpoint to receive the opentelementry data from other collectors";
    };
    exporter.endpoint = mkOption {
      type = nullOr str;
      default = null;
      description = "endpoint to ship opentelementry data too";
    };
    exporter.debug = mkOption {
      type = nullOr (enum [ "logs" "metrics" ]);
      default = null;
      description = "enable debug exporter.";
    };
    metrics.endpoint = mkOption {
      type = str;
      default = "127.0.0.1:8100";
      description = "endpoint on where to provide opentelementry metrics";
    };
  };
  config = mkMerge [
    (mkIf config.components.monitor.opentelemetry.enable {
      services.opentelemetry-collector = {
        enable = true;
        package = pkgs.opentelemetry-collector-contrib;
      };
    })
    # add default tags to metrics
    # todo : make sure we filter out metrics from otlp receivers
    (mkIf config.components.monitor.enable {
      services.opentelemetry-collector.settings = {
        processors = {
          # https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
          "resourcedetection/system" = {
            detectors = [ "system" ];
            override = false;
            system.hostname_sources = [ "os" ];
          };
          metricstransform.transforms = [
            {
              include = ".*";
              match_type = "regexp";
              action = "update";
              operations = [{
                action = "add_label";
                new_label = "machine";
                new_value = config.networking.hostName;
              }];
            }
          ];
        };
      };
    })
    (mkIf config.components.monitor.metrics.enable {
      services.opentelemetry-collector.settings = {
        service.pipelines.metrics.processors = [
          "metricstransform"
          "resourcedetection/system"
        ];
      };
    })
    (mkIf config.components.monitor.logs.enable {
      services.opentelemetry-collector.settings = {
        service.pipelines.logs.processors = [ "resourcedetection/system" ];
      };
    })
    (mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
      services.opentelemetry-collector.settings = {
        exporters.debug = {
          verbosity = "detailed";
          sampling_initial = 5;
          sampling_thereafter = 200;
        };
        service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
          exporters = [ "debug" ];
        };
      };
    })
    # ship to next instance
    (mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
      services.opentelemetry-collector.settings = {
        exporters.otlp = {
          endpoint = cfg.exporter.endpoint;
          tls.insecure = true;
        };
      };
    })
    (mkIf
      (
        config.components.monitor.opentelemetry.exporter.endpoint != null &&
        config.components.monitor.logs.enable
      )
      {
        services.opentelemetry-collector.settings = {
          service.pipelines.logs.exporters = [ "otlp" ];
        };
      })
    (mkIf
      (
        config.components.monitor.opentelemetry.exporter.endpoint != null &&
        config.components.monitor.metrics.enable
      )
      {
        services.opentelemetry-collector.settings = {
          service.pipelines.metrics.exporters = [ "otlp" ];
        };
      })
    # ship from other instance
    (mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
      services.opentelemetry-collector.settings = {
        receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
      };
    })
    (mkIf
      (
        config.components.monitor.opentelemetry.receiver.endpoint != null &&
        config.components.monitor.logs.enable
      )
      {
        services.opentelemetry-collector.settings = {
          service.pipelines.logs.receivers = [ "otlp" ];
        };
      })
    (mkIf
      (
        config.components.monitor.opentelemetry.receiver.endpoint != null &&
        config.components.monitor.metrics.enable
      )
      {
        services.opentelemetry-collector.settings = {
          service.pipelines.metrics.receivers = [ "otlp" ];
        };
      })
    # scrape opentelemetry-colectors metrics
    # todo: this should be collected another way (opentelemetry internal?)
    # todo : enable me only when metrics.endpoint is set.
    (mkIf config.components.monitor.metrics.enable {
      services.opentelemetry-collector.settings = {
        receivers = {
          prometheus.config.scrape_configs = [
            {
              job_name = "otelcol";
              scrape_interval = "10s";
              static_configs = [{
                targets = [ cfg.metrics.endpoint ];
              }];
              metric_relabel_configs = [
                {
                  source_labels = [ "__name__" ];
                  regex = ".*grpc_io.*";
                  action = "drop";
                }
              ];
            }
          ];
        };
        service = {
          pipelines.metrics = {
            receivers = [ "prometheus" ];
          };
          # todo : this should be automatically be collected
          # open telemetries own metrics?
          telemetry.metrics.address = cfg.metrics.endpoint;
        };
      };
    })
    (mkIf (! config.components.monitor.metrics.enable) {
      services.opentelemetry-collector.settings = {
        service.telemetry.metrics.level = "none";
      };
    })
  ];
 }
--- a/components/network/hosts.nix
+++ b/components/network/hosts.nix
@ -1,5 +1,9 @@
 { clanLib, ... }:
 {
  networking.extraHosts = ''
    95.216.66.212 orbi.public
  '';
  services.openssh.knownHosts = {
    "orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
  };
 }
--- a/components/network/nginx.nix
+++ b/components/network/nginx.nix
@ -1,4 +1,10 @@
-{ config, lib, pkgs, assets, ... }:
+{
  config,
  lib,
  pkgs,
  assets,
  ...
 }:
 with lib;
 {
  options.components.network.nginx.enable = mkOption {
@ -16,8 +22,13 @@ with lib;
      environment.systemPackages = [
        pkgs.nginx-config-formatter
-        (pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
+        (pkgs.writers.writePython3Bin "nginx-show-config" {
-          (lib.fileContents "${assets}/nginx-show-config.py"))
+          flakeIgnore = [
            "E265"
            "E225"
            "W292"
          ];
        } (lib.fileContents "${assets}/nginx-show-config.py"))
      ];
      security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -85,7 +96,11 @@ with lib;
          root = pkgs.landingpage.override {
            jsonConfig =
              let
-                entry = { machine, items ? [ ] }:
+                entry =
                  {
                    machine,
                    items ? [ ],
                  }:
                  {
                    text = machine;
                    items = [
@ -160,7 +175,7 @@ with lib;
                  ];
                })
                (entry { machine = "cherry"; })
-                (entry { machine = "cream"; })
+                #(entry { machine = "cream"; })
                (entry { machine = "mobi"; })
                (entry { machine = "bobi"; })
                {
@ -174,14 +189,12 @@ with lib;
                    {
                      label = "Hetzner Cloud";
                      href = "https://console.hetzner.cloud/projects";
-                      image =
+                      image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
                        "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
                    }
                    {
                      label = "Cups";
                      href = "http://localhost:631/";
-                      image =
+                      image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
                        "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
                    }
                  ];
                }
@ -191,52 +204,42 @@ with lib;
                    {
                      label = "NixOS Manual";
                      href = "https://nixos.org/nixos/manual/";
-                      image =
+                      image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                        "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                    }
                    {
                      label = "Nixpkgs Manual";
                      href = "https://nixos.org/nixpkgs/manual/";
-                      image =
+                      image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                        "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                    }
                    {
                      label = "NixOS Reference";
-                      href =
+                      href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
-                        "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
+                      image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                      image =
                        "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                    }
                    {
                      label = "Nix Packages";
                      href = "https://nixos.org/nixos/packages.html";
-                      image =
+                      image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
                        "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
                    }
                    {
                      label = "NixOS Language specific helpers";
-                      href =
+                      href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
-                        "https://nixos.wiki/wiki/Language-specific_package_helpers";
+                      image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                      image =
                        "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                    }
                    {
                      label = "NixOS Weekly";
                      href = "https://weekly.nixos.org/";
-                      image =
+                      image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
                        "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
                    }
                    {
                      label = "NixOS Security";
                      href = "https://broken.sh/";
-                      image =
+                      image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
                        "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
                    }
                    {
                      label = "NixOS RFCs";
                      href = "https://github.com/NixOS/rfcs/";
-                      image =
+                      image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
                        "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
                    }
                  ];
                }
--- a/components/network/sshd/default.nix
+++ b/components/network/sshd/default.nix
@ -1,13 +1,17 @@
-{ pkgs, config, lib, assets, ... }:
+{
  pkgs,
  config,
  lib,
  assets,
  ...
 }:
 with lib;
 with types;
 let
  defaultRootKeyFiles = [ "${assets}/mrvandalo_rsa.pub" ];
  cfg = config.components.network.sshd;
  # maybe ascii-image-converter is also nice here
-  sshBanner = pkgs.runCommand "ssh-banner"
+  sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
    { nativeBuildInputs = [ pkgs.boxes ]; } ''
    echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
  '';
@ -25,11 +29,6 @@ in
      type = bool;
      default = true;
    };
    rootKeyFiles = mkOption {
      type = with types; listOf path;
      default = [ ];
      description = "keys to root login";
    };
    onlyTincAccess = mkOption {
      type = bool;
      default = false;
@ -59,14 +58,13 @@ in
        # settings.LoginGraceTime = 0;
      };
      users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
      # todo enable again when I can it's possible to set the `-q` ssh option in clan
      #services.openssh.banner = builtins.readFile sshBanner;
    })
    (mkIf (cfg.onlyTincAccess && cfg.enable) {
      # fixme: this is not working
      networking.firewall.extraCommands = ''
        iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
      '';
--- a/components/network/sshd/known-hosts-manual.nix
+++ b/components/network/sshd/known-hosts-manual.nix
@ -1,4 +1,10 @@
-{ pkgs, config, lib, clanLib, ... }:
+{
  pkgs,
  config,
  lib,
  clanLib,
  ...
 }:
 with lib;
 let
  publicKey = clanLib.readFact "ssh.id_ed25519.pub";
@ -9,11 +15,18 @@ in
    services.openssh.knownHosts = {
      orbi = {
        hostNames = [
          "git.ingolf-wagner.de"
          "95.216.66.212"
        ];
        publicKey = publicKey "orbi";
      };
      forgejo = {
        hostNames = [
          "[git.ingolf-wagner.de]:2222"
        ];
        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
      };
    };
  };
--- a/components/network/sshd/known-hosts-public.nix
+++ b/components/network/sshd/known-hosts-public.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  config = mkIf (config.components.network.sshd.enable) {
@ -28,65 +33,66 @@ with lib;
      };
      gitlab = {
        hostNames = [ "gitlab.com" ];
-        publicKey =
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
      };
      gitlab-bk = {
-        hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
+        hostNames = [
-        publicKey =
+          "gitlab.bk-bund-berlin.de"
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
+          "116.203.133.59"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
      };
      # space-left
      gitlabSpaceLeft = {
        hostNames = [ "git.space-left.org" ];
-        publicKey =
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
      };
      # c-base
      "bnd-cbase" = {
        hostNames = [ "bnd.cbrp3.c-base.org" ];
-        publicKey =
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
      };
      "shell.cbase" = {
        hostNames = [ "shell.c-base.org" ];
-        publicKey =
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
      };
      "kgb.cbase" = {
        hostNames = [ "kgb.cbrp3.c-base.org" ];
-        publicKey =
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
      };
      "cns.cbase" = {
        hostNames = [ "cns.c-base.org" ];
-        publicKey =
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
      };
      "lassulus" = {
        hostNames = [ "[lassul.us]:45621" ];
-        publicKey =
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
      };
      renoise = {
-        hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
+        hostNames = [
-        publicKey =
+          "*.renoise.com"
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
+          "renoise.com"
          "94.130.128.97"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
      };
      git-renoise = {
-        hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
+        hostNames = [
-        publicKey =
+          "[git.renoise.com]:2229"
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
+          "[94.130.128.97]:2229"
        ];
        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
      };
      "siteground" = {
-        hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
+        hostNames = [
-        publicKey =
+          "[es5.siteground.eu]:18765"
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
+          "[37.60.224.6]:18765"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
      };
      "cracksucht.de" = {
        hostNames = [ "cracksucht.de" ];
-        publicKey =
+        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
      };
    };
--- a/components/network/sshd/known-hosts-zerotier.nix
+++ b/components/network/sshd/known-hosts-zerotier.nix
@ -1,34 +1,34 @@
-{ lib, config, clanLib, ... }:
+{
  lib,
  config,
  clanLib,
  ...
 }:
 with lib;
 with types;
 let
  machines = clanLib.allMachineNames;
  publicKey = clanLib.readFact "ssh.id_ed25519.pub";
  tld = config.clan.static-hosts.topLevelDomain;
-  knownHosts = lib.genAttrs machines
+  knownHosts = lib.genAttrs machines (machine: {
    (machine:
      {
    hostNames = [
      "${machine}"
      "${machine}.${tld}"
      "${machine}.private"
    ];
    publicKey = publicKey machine;
-      }
+  });
    );
  bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
-  knownBootHosts = lib.mapAttrs'
+  knownBootHosts = lib.mapAttrs' (
-    (machine: publicKey: nameValuePair
+    machine: publicKey:
-      "boot_${machine}"
+    nameValuePair "boot_${machine}" {
      {
      inherit publicKey;
      hostNames = [
        "[${machine}]:2222"
        "[${machine}.public]:2222"
      ];
    }
-    )
+  ) bootMachines;
    bootMachines;
 in
 {
--- a/components/network/syncthing.nix
+++ b/components/network/syncthing.nix
@ -1,15 +1,13 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
+{
-let
+  config,
-  clanMachines =
+  lib,
-    lib.mapAttrs
+  pkgs,
-      (machine: facts: {
+  factsGenerator,
-        name = machine;
+  clanLib,
-        id = facts."syncthing.pub";
+  ...
-        addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
+}:
-      })
+with lib;
-      (clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
+{
 in
 with lib; {
  # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -22,6 +20,19 @@ with lib; {
    cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
    settings.devices =
      let
        clanMachines =
          lib.mapAttrs
            (machine: facts: {
              name = machine;
              id = facts."syncthing.pub";
              addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
            })
            (
              clanLib.readFactsFromAllMachines [
                "syncthing.pub"
                "zerotier-ip"
              ]
            );
        device = machine: id: {
          "${machine}" = {
            name = machine;
@ -32,22 +43,27 @@ with lib; {
      in
      clanMachines
      // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
-      // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
+      // (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU")
-    ;
+      // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
    settings.folders = {
      # needs to be on encrypted drives
      # -------------------------------
      audiobooks = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/audiobooks";
-        devices = [ "chungus" "orbi" ];
+        devices = [
          "chungus"
          "orbi"
        ];
      };
      books = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/books";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
          "chungus"
          #          "cream"
          "cherry"
        ];
        versioning = {
          type = "simple";
          params.keep = "2";
@ -56,12 +72,20 @@ with lib; {
      desktop = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/desktop";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
          "chungus"
          #          "cream"
          "cherry"
        ];
      };
      finance = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/finance";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
          "chungus"
          #          "cream"
          "cherry"
        ];
        versioning = {
          type = "simple";
          params.keep = "10";
@ -70,27 +94,46 @@ with lib; {
      flix = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/flix";
-        devices = [ "chungus" "orbi" ];
+        devices = [
          "chungus"
          "orbi"
        ];
      };
      logseq = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/logseq";
-        devices = [ "chungus" "cream" "cherry" "iPhone" ];
+        devices = [
          "cherry"
          "chungus"
          "iPad"
          "iPhone"
        ];
      };
      lectures = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/lectures";
-        devices = [ "chungus" "orbi" ];
+        devices = [
          "chungus"
          "orbi"
        ];
      };
      oscar_cpap = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/oscar_cpap";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
          "chungus"
          #          "cream"
          "cherry"
        ];
      };
      password-store = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/password-store";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
          "chungus"
          #          "cream"
          "cherry"
        ];
        versioning = {
          type = "simple";
          params.keep = "10";
@ -100,18 +143,12 @@ with lib; {
      share = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/password-store";
-        devices = [ "cream" "cherry" "orbi" ];
+        devices = [
          #          "cream"
          "cherry"
          "orbi"
        ];
      };
      # todo remove if zfs is is used
      #nextcloud_backup = {
      #  enable = lib.mkDefault false;
      #  path = lib.mkDefault "/tmp/lost-fotos";
      #  devices = [ "chungus"  ];
      #  versioning = {
      #    type = "simple";
      #    params.keep = "2";
      #  };
      #};
    };
  };
--- a/components/network/tinc/default.nix
+++ b/components/network/tinc/default.nix
@ -1,4 +1,10 @@
-{ lib, config, factsGenerator, clanLib, ... }:
+{
  lib,
  config,
  factsGenerator,
  clanLib,
  ...
 }:
 with lib;
 {
@ -20,18 +26,21 @@ with lib;
  };
  config = mkMerge [
-    (mkIf config.tinc.private.enable (import ./private.nix {
+    (mkIf config.tinc.private.enable (
      import ./private.nix {
        ipv4 = config.tinc.private.ipv4;
        ipv6 = null;
        inherit (lib) optionalString concatStringsSep mapAttrsToList;
        inherit config factsGenerator clanLib;
-    }))
+      }
-    (mkIf config.tinc.secret.enable (import ./secret.nix {
+    ))
    (mkIf config.tinc.secret.enable (
      import ./secret.nix {
        ipv4 = config.tinc.secret.ipv4;
        ipv6 = null;
        inherit (lib) optionalString concatStringsSep mapAttrsToList;
        inherit config factsGenerator clanLib;
-    }))
+      }
    ))
  ];
 }
--- a/components/network/tinc/private.nix
+++ b/components/network/tinc/private.nix
@ -1,19 +1,20 @@
-{ ipv4
+{
-, ipv6
+  ipv4,
-, config
+  ipv6,
-, optionalString
+  config,
-, concatStringsSep
+  optionalString,
-, factsGenerator
+  concatStringsSep,
-, mapAttrsToList
+  factsGenerator,
-, clanLib
+  mapAttrsToList,
-, ...
+  clanLib,
  ...
 }:
 let
  hosts = {
    bobi = "10.23.42.25";
    cherry = "10.23.42.29";
    chungus = "10.23.42.28";
-    cream = "10.23.42.27";
+    #    cream = "10.23.42.27";
    mobi = "10.23.42.23";
    orbi = "10.23.42.100";
  };
@ -27,6 +28,7 @@ let
    "photoprism.orbi" = hosts.orbi;
    # chungus
    "video.chungus" = hosts.chungus;
    "music.chungus" = hosts.chungus;
    "de.tts.chungus" = hosts.chungus;
    "en.tts.chungus" = hosts.chungus;
    "flix.chungus" = hosts.chungus;
@ -51,7 +53,8 @@ in
  services.tinc.networks = {
    ${network} = {
-      ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
+      ed25519PrivateKeyFile =
        config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
      interfaceType = "tap";
      extraConfig = ''
        LocalDiscovery = yes
@ -65,10 +68,10 @@ in
          subnets = [ { address = hosts.bobi; } ];
          settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
        };
-        cream = {
+        #        cream = {
-          subnets = [{ address = hosts.cream; }];
+        #          subnets = [ { address = hosts.cream; } ];
-          settings.Ed25519PublicKey = Ed25519PublicKey "cream";
+        #          settings.Ed25519PublicKey = Ed25519PublicKey "cream";
-        };
+        #        };
        cherry = {
          subnets = [ { address = hosts.cherry; } ];
          settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
@ -100,6 +103,8 @@ in
    LinkLocalAddressing = no
  '';
-  networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
+  networking.extraHosts = concatStringsSep "\n" (
    mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
  );
 }
--- a/components/network/tinc/secret.nix
+++ b/components/network/tinc/secret.nix
@ -1,17 +1,18 @@
-{ ipv4
+{
-, ipv6
+  ipv4,
-, config
+  ipv6,
-, optionalString
+  config,
-, concatStringsSep
+  optionalString,
-, mapAttrsToList
+  concatStringsSep,
-, factsGenerator
+  mapAttrsToList,
-, ...
+  factsGenerator,
  ...
 }:
 let
  port = 721;
  hosts = {
    cherry = "10.123.42.29";
-    cream = "10.123.42.27";
+    #    cream = "10.123.42.27";
    robi = "10.123.42.123";
    sternchen = "10.123.42.25";
    sterni = "10.123.42.24";
@ -23,7 +24,8 @@ in
  services.tinc.networks = {
    ${network} = {
-      ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
+      ed25519PrivateKeyFile =
        config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
      extraConfig = ''
        LocalDiscovery = yes
        Port = ${toString port}
@ -33,10 +35,10 @@ in
          subnets = [ { address = hosts.sternchen; } ];
          settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
        };
-        cream = {
+        #        cream = {
-          subnets = [{ address = hosts.cream; }];
+        #          subnets = [ { address = hosts.cream; } ];
-          settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
+        #          settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
-        };
+        #        };
        cherry = {
          subnets = [ { address = hosts.cherry; } ];
          settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
@ -46,7 +48,12 @@ in
          settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
        };
        robi = {
-          addresses = [{ address = "144.76.13.147"; port = port; }];
+          addresses = [
            {
              address = "144.76.13.147";
              port = port;
            }
          ];
          subnets = [ { address = hosts.robi; } ];
          settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
        };
@ -68,23 +75,37 @@ in
    LinkLocalAddressing = no
  '';
-  networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
+  networking.extraHosts = concatStringsSep "\n" (
    mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
  );
  services.openssh.knownHosts = {
-    "cream.${network}" = {
+    #    "cream.${network}" = {
-      hostNames = [ "cream.${network}" hosts.cream ];
+    #      hostNames = [
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
+    #        "cream.${network}"
-    };
+    #        hosts.cream
    #      ];
    #      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
    #    };
    "sternchen.${network}" = {
-      hostNames = [ "sterni.${network}" hosts.sterni ];
+      hostNames = [
        "sterni.${network}"
        hosts.sterni
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
    };
    "sterni.${network}" = {
-      hostNames = [ "sterni.${network}" hosts.sterni ];
+      hostNames = [
        "sterni.${network}"
        hosts.sterni
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
    };
    "robi" = {
-      hostNames = [ "robi.${network}" hosts.robi ];
+      hostNames = [
        "robi.${network}"
        hosts.robi
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
    };
  };
--- a/components/network/wifi.nix
+++ b/components/network/wifi.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 with types;
 {
@ -22,7 +27,6 @@ with types;
    # Setting this value to 1 means to try activation once, without retry.
    networking.networkmanager.settings.main.autoconnect-retries-default = 999;
    hardware.enableRedistributableFirmware = true;
    # because Networkd-wait-online is just failing.
@ -47,4 +51,3 @@ with types;
  };
 }
--- a/components/network/wireguard.nix
+++ b/components/network/wireguard.nix
@ -25,9 +25,9 @@ with lib;
  config = {
    networking.extraHosts = ''
      10.100.0.1 cache.orbi.wg0
      10.100.0.1 orbi.wg0
      10.100.0.2 chungus.wg0
    '';
  };
 }
--- a/components/nixos/upgrade-diff.nix
+++ b/components/nixos/upgrade-diff.nix
@ -1,5 +1,10 @@
 # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 {
  options.components.nixos.update-diff.enable = lib.mkOption {
--- a/components/terminal/bash.nix
+++ b/components/terminal/bash.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal.bash.enable = mkOption {
@ -16,7 +21,6 @@ with lib;
      interactiveShellInit = "set -o vi";
      shellAliases = {
        ls = "ls --color=tty";
        l = "ls -CFh";
--- a/components/terminal/default.nix
+++ b/components/terminal/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal = {
@ -12,7 +17,6 @@ with lib;
    ./direnv.nix
    ./git.nix
    ./heygpt.nix
    ./hoard.nix
    ./remote-install.nix
    ./wtf.nix
    ./zsh.nix
--- a/components/terminal/direnv.nix
+++ b/components/terminal/direnv.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal.direnv.enable = mkOption {
@ -12,7 +17,10 @@ with lib;
    home-manager.sharedModules = [
      {
        programs.direnv.enable = true;
-        programs.git.ignores = [ ".envrc" ".direnv" ];
+        programs.git.ignores = [
          ".envrc"
          ".direnv"
        ];
      }
    ];
--- a/components/terminal/git.nix
+++ b/components/terminal/git.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal.git.enable = mkOption {
@ -8,7 +13,6 @@ with lib;
  config = mkIf (config.components.terminal.git.enable) {
    environment.systemPackages = with pkgs; [
      git
      gita
@ -29,4 +33,3 @@ with lib;
    ];
  };
 }
--- a/components/terminal/heygpt.nix
+++ b/components/terminal/heygpt.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
  options.components.terminal.heygpt.enable = mkOption {
--- a/components/terminal/hoard.nix
+++ b/components/terminal/hoard.nix
@ -1,62 +0,0 @@
 { pkgs, config, lib, ... }:
 with lib;
 let
  hoardSrc = pkgs.fetchFromGitHub {
    owner = "Hyde46";
    repo = "hoard";
    rev = "v1.3.1";
    sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
  };
 in
 {
  options.components.terminal.hoard.enable = mkOption {
    type = lib.types.bool;
    default = config.components.terminal.enable;
  };
  config = mkIf (config.components.terminal.hoard.enable) {
    # todo : sync via syncthing
    #backup.dirs = [
    #  "/root/.config/hoard"
    #  "/home/palo/.config/hoard"
    #];
    environment.systemPackages = [ pkgs.legacy_2211.hoard ];
    home-manager.users.mainUser = {
      xdg.configFile."hoard/config.yml".text = builtins.toJSON {
        version = "1.0.1";
        default_namespace = "default";
        config_home_path = "/home/palo/.config/hoard";
        trove_path = "/home/palo/.config/hoard/trove.yml";
        query_prefix = " >";
        primary_color = [ 87 142 87 ];
        secondary_color = [ 203 184 144 ];
        tertiary_color = [ 30 30 30 ];
        command_color = [ 30 30 30 ];
        parameter_token = "#";
        read_from_current_directory = true;
      };
      programs.zsh.initExtra = ''
        export HOARD_NOBIND=1
        source ${hoardSrc}/src/shell/hoard.zsh
        bindkey '^x' _hoard_list_widget
      '';
    };
    # use showkey -a
    # Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
    programs.zsh.interactiveShellInit = ''
      export HOARD_NOBIND=1
      source ${hoardSrc}/src/shell/hoard.zsh
      bindkey '^x' _hoard_list_widget
    '';
    programs.bash.interactiveShellInit = ''
      export HOARD_NOBIND=1
      source ${hoardSrc}/src/shell/hoard.bash
      bind -x '"\C-x": __hoard_list'
    '';
  };
 }
--- a/components/terminal/remote-install.nix
+++ b/components/terminal/remote-install.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal.remote-install.enable = mkOption {
--- a/components/terminal/wtf.nix
+++ b/components/terminal/wtf.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 let
@ -18,7 +23,7 @@ let
          ${pkgs.iw}/bin/iw dev \
            | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
        ); do
-          inet=$(${pkgs.iproute}/bin/ip addr show $dev \
+          inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
            | ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
            || unset inet
          ssid=$(${pkgs.iw}/bin/iw dev $dev link \
@ -54,8 +59,8 @@ let
    echo
  '';
-  userHighlight = map ({ user, ... }: user)
+  userHighlight =
-    (builtins.attrValues config.services.browser.configList)
+    map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
    ++ [ "steam" ];
  activeUsers = pkgs.writers.writeBash "active-users" ''
@ -63,14 +68,20 @@ let
     | ${pkgs.gnused}/bin/sed '1 d' \
     | ${pkgs.coreutils}/bin/sort  \
     | ${pkgs.coreutils}/bin/uniq \
-     | ${pkgs.gnugrep}/bin/egrep --color=always '(${
+     | ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
       pkgs.lib.concatStringsSep "|" userHighlight
     })|$'
  '';
  # default settings
  wtfModule =
-    args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
+    args@{
      height ? 1,
      width ? 1,
      top,
      left,
      enabled ? true,
      type,
      ...
    }:
    {
      enabled = enabled;
      focusable = false;
@ -78,33 +89,50 @@ let
      position.left = left;
      position.height = height;
      position.width = width;
-    } // (lib.filterAttrs
+    }
-      (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
+    // (lib.filterAttrs (
-      args);
+      key: _:
      lib.all (x: x != key) [
        "height"
        "width"
        "top"
        "left"
      ]
    ) args);
  # command runner module
-  cmdRunner = args@{ cmd, ... }:
+  cmdRunner =
-    wtfModule ({
+    args@{ cmd, ... }:
    wtfModule (
      {
        type = "cmdrunner";
        focusable = false;
        refreshInterval = 300;
-    } // args);
+      }
      // args
    );
  modules = {
    inherit cmdRunner;
-    digitalclock = args@{ top, left, ... }:
+    digitalclock =
-      cmdRunner ({
+      args@{ top, left, ... }:
      cmdRunner (
        {
          cmd = pkgs.writers.writeDash "clock" ''
            ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
            ${pkgs.coreutils}/bin/date +"%B %d %Y"
          '';
          title = "";
          refreshInterval = 30;
-      } // args);
+        }
        // args
      );
-    clocks = args@{ top, left, ... }:
+    clocks =
-      wtfModule ({
+      args@{ top, left, ... }:
      wtfModule (
        {
          type = "clocks";
          title = "";
          border = false;
@ -115,30 +143,43 @@ let
          locations = {
            UTC = "Etc/UTC";
            Berlin = "Europe/Berlin";
-          Cuba = "America/Havana";
+            Thailand = "Asia/Bangkok";
-          Wellington = "Pacific/Auckland";
+            #Cuba = "America/Havana";
            #Wellington = "Pacific/Auckland";
          };
          sort = "alphabetical";
          refreshInterval = 60;
-      } // args);
+        }
        // args
      );
-    resourceusage = args@{ top, left, ... }:
+    resourceusage =
-      wtfModule ({
+      args@{ top, left, ... }:
      wtfModule (
        {
          type = "resourceusage";
          title = "";
          cpuCombined = false;
          refreshInterval = 5;
-      } // args);
+        }
        // args
      );
-    power = args@{ top, left, ... }:
+    power =
-      wtfModule ({
+      args@{ top, left, ... }:
      wtfModule (
        {
          type = "power";
          title = "";
          refreshInterval = 100;
-      } // args);
+        }
        // args
      );
-    prettyweather = args@{ top, left, ... }:
+    prettyweather =
-      wtfModule ({
+      args@{ top, left, ... }:
      wtfModule (
        {
          type = "prettyweather";
          title = "";
          city = "Essen";
@ -146,10 +187,19 @@ let
          view = 0;
          language = "en";
          refreshInterval = 3600;
-      } // args);
+        }
        // args
      );
-    feedreader = args@{ top, left, feeds, ... }:
+    feedreader =
-      wtfModule ({
+      args@{
        top,
        left,
        feeds,
        ...
      }:
      wtfModule (
        {
          type = "feedreader";
          title = "";
          refreshInterval = 3600;
@ -159,10 +209,20 @@ let
            even = "white";
            odd = "white";
          };
-      } // args);
+        }
        // args
      );
-    github = args@{ top, left, username, apiKey, ... }:
+    github =
-      wtfModule ({
+      args@{
        top,
        left,
        username,
        apiKey,
        ...
      }:
      wtfModule (
        {
          type = "github";
          title = "";
          refreshInterval = 3600;
@ -177,7 +237,9 @@ let
          #    - "wtfutil/wtf"
          #    - "wtfutil/docs"
          #    - "umbrella-corp/wesker-api"
-      } // args);
+        }
        // args
      );
  };
@ -190,8 +252,20 @@ let
        normal = "green";
      };
      grid = {
-        columns = [ 28 0 0 ];
+        columns = [
-        rows = [ 9 9 9 9 9 9 0 ];
+          28
          0
          0
        ];
        rows = [
          9
          9
          9
          9
          9
          9
          0
        ];
      };
      refreshInterval = 1;
      mods = with modules; {
@ -226,8 +300,7 @@ let
          top = 4;
          left = 1;
          height = 1;
-          feeds =
+          feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
            [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
        };
        nixos = feedreader {
          title = "NixOS Weekly";
@ -264,8 +337,20 @@ let
        normal = "green";
      };
      grid = {
-        columns = [ 33 12 28 36 0 ];
+        columns = [
-        rows = [ 9 4 6 6 0 ];
+          33
          12
          28
          36
          0
        ];
        rows = [
          9
          4
          6
          6
          0
        ];
      };
      refreshInterval = 1;
      mods = with modules; {
@ -291,12 +376,16 @@ let
          left = 0;
        };
-        rates = wtfModule {
+        yfinance = wtfModule {
          type = "yfinance";
          top = 3;
          left = 0;
          title = "rates";
-          symbols = [ "EURUSD=X" "EURNZD=X" ];
+          symbols = [
            "EURUSD=X"
            "EURNZD=X"
            "EURTHB=X"
          ];
          refreshInterval = 60;
        };
@ -307,7 +396,12 @@ let
        calendar = cmdRunner {
          title = "";
-          args = [ "-3" "--monday" "--color=never" "-w" ];
+          args = [
            "-3"
            "--monday"
            "--color=never"
            "-w"
          ];
          cmd = "cal";
          top = 1;
          left = 1;
@ -369,9 +463,12 @@ let
    };
  };
-  createDashboard = { json, name }:
+  createDashboard =
-    let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
+    { json, name }:
-    in pkgs.writers.writeBashBin name ''
+    let
      configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
    in
    pkgs.writers.writeBashBin name ''
      ${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
    '';
--- a/components/terminal/zsh.nix
+++ b/components/terminal/zsh.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  options.components.terminal.zsh.enable = mkOption {
--- a/components/timezone.nix
+++ b/components/timezone.nix
@ -1,8 +1,9 @@
 { lib, ... }:
 {
  # some system stuff
  # -----------------
  time.timeZone = "Europe/Berlin";
-  #time.timeZone = lib.mkDefault "Pacific/Auckland";
+  #time.timeZone = "Pacific/Auckland";
-  #time.timeZone = lib.mkDefault "Asia/Singapore";
+  #time.timeZone = "Asia/Singapore";
-  #time.timeZone = lib.mkDefault "Asia/Makassar";
+  #time.timeZone = "Asia/Makassar";
 }
--- a/components/virtualisation/docker.nix
+++ b/components/virtualisation/docker.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
--- a/components/virtualisation/podman.nix
+++ b/components/virtualisation/podman.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
--- a/components/virtualisation/qemu.nix
+++ b/components/virtualisation/qemu.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
--- a/components/virtualisation/virtualbox.nix
+++ b/components/virtualisation/virtualbox.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
--- a/components/yubikey.nix
+++ b/components/yubikey.nix
@ -1,7 +1,12 @@
 # References:
 # * https://github.com/drduh/YubiKey-Guide
 # * https://nixos.wiki/wiki/Yubikey
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
@ -16,7 +21,6 @@ with lib;
    services.pcscd.enable = true;
    services.udev.packages = [ pkgs.yubikey-personalization ];
    environment.systemPackages = [
      pkgs.yubikey-personalization
--- a/features/boot/ssh.nix
+++ b/features/boot/ssh.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
+{
  config,
  lib,
  pkgs,
  factsGenerator,
  clanLib,
  ...
 }:
 with lib;
 with types;
@ -11,8 +18,7 @@ with types;
    kernelModules = mkOption {
      type = listOf str;
      default = [ ];
-      description =
+      description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
        "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
    };
  };
@ -42,4 +48,3 @@ with types;
  };
 }
--- a/features/boot/tor.nix
+++ b/features/boot/tor.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
+{
  config,
  lib,
  pkgs,
  factsGenerator,
  clanLib,
  ...
 }:
 with lib;
 with types;
 {
@ -16,14 +23,13 @@ with types;
      name = "initrd";
      addressPrefix = "init";
    };
-    boot.initrd.secrets =
+    boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
-      mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file)
+      genAttrs [
        (genAttrs [
        "hostname"
        "hs_ed25519_public_key"
        "hs_ed25519_secret_key"
-        ]
+      ] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
-          (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path));
+    );
    boot.initrd.systemd.storePaths = [
      pkgs.tor
@ -43,7 +49,10 @@ with types;
    boot.initrd.systemd.services.tor = {
      description = "tor during init";
      wantedBy = [ "initrd.target" ];
-      after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
+      after = [
        "network.target"
        "initrd-nixos-copy-secrets.service"
      ];
      before = [ "shutdown.target" ];
      conflicts = [ "shutdown.target" ];
@ -53,8 +62,7 @@ with types;
        pkgs.iproute2
        pkgs.coreutils
      ];
-      script =
+      script = ''
        ''
        echo "tor: preparing onion folder"
        # have to do this otherwise tor does not want to start
        chmod -R 700 /etc/tor
@ -66,4 +74,3 @@ with types;
    };
  };
 }
--- a/features/network/fail2ban.nix
+++ b/features/network/fail2ban.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with lib;
 {
  options.features.network.fail2ban.enable = mkOption {
@ -11,7 +16,6 @@ with lib;
      environment.systemPackages = [ pkgs.fail2ban ];
      services.fail2ban = {
        enable = true;
        #package = pkgs.legacy_2311.fail2ban;
        jails = { };
      };
    })
--- a/features/network/sshguard.nix
+++ b/features/network/sshguard.nix
@ -1,4 +1,10 @@
-{ pkgs, config, lib, assets, ... }:
+{
  pkgs,
  config,
  lib,
  assets,
  ...
 }:
 with lib;
 with types;
 {
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -1,80 +1,54 @@
 {
  # "git+file:///<full-path>" for fixing an input
  inputs = {
-    flake-parts.url = "github:hercules-ci/flake-parts";
+    clan-core.inputs.flake-parts.follows = "flake-parts";
    clan-core.inputs.nixpkgs.follows = "nixpkgs";
    clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
    clan-fact-generators.inputs.clan-core.follows = "clan-core";
    clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
-
+    flake-parts.url = "github:hercules-ci/flake-parts";
-    clan-fact-generators = {
+    healthchecks.inputs.nixpkgs.follows = "nixpkgs";
-      url = "github:mrvandalo/clan-fact-generators";
+    healthchecks.url = "github:mrvandalo/nixos-healthchecks";
-      inputs.clan-core.follows = "clan-core";
+    #healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
-    };
+    home-manager-utils.inputs.home-manager.follows = "home-manager";
-
+    home-manager-utils.url = "github:mrvandalo/home-manager-utils";
-    clan-core = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
-      url = "git+https://git.clan.lol/clan/clan-core";
+    home-manager.url = "github:nix-community/home-manager";
-      #url = "git+file:///home/palo/dev/clan-core";
+    landingpage.url = "github:mrVanDalo/landingpage";
-      inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
+    nix-topology.inputs.nixpkgs.follows = "nixpkgs";
-      inputs.flake-parts.follows = "flake-parts";
+    nix-topology.url = "github:oddlama/nix-topology";
-    };
+    nixos-anywhere.url = "github:nix-community/nixos-anywhere";
-
+    nixos-hardware.url = "github:nixos/nixos-hardware";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
    nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
    nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixos-hardware.url = "github:nixos/nixos-hardware";
+    nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
-    nixos-anywhere.url = "github:nix-community/nixos-anywhere";
+    nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
-
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    home-manager = {
+    permown.inputs.nixpkgs.follows = "nixpkgs";
-      #url = "github:nix-community/home-manager/release-23.11";
+    permown.url = "github:mrVanDalo/module.permown";
-      url = "github:nix-community/home-manager";
+    polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
-      #inputs.nixpkgs.follows = "nixpkgs";
+    private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
-    };
+    private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
-
+    #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
-    polygon-art = {
+    retiolum.url = "github:Mic92/retiolum";
-      url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
+    share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
-    };
+    share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
    home-manager-utils = {
      url = "github:mrvandalo/home-manager-utils";
      inputs.home-manager.follows = "home-manager";
    };
    permown = {
      url = "github:mrVanDalo/module.permown";
      #url = "git+file:///home/palo/dev/nixos/permown";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    private_assets = {
      #url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
      url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
      flake = true;
    };
    retiolum = {
      url = "github:Mic92/retiolum";
      #url = "git+file:///home/palo/dev/nixos/retiolum";
    };
    srvos.url = "github:nix-community/srvos";
-
+    stylix.inputs.home-manager.follows = "home-manager";
-    landingpage = {
+    stylix.inputs.nixpkgs.follows = "nixpkgs";
-      #url = "git+file:///home/palo/dev/landingpage";
+    stylix.url = "github:danth/stylix";
-      url = "github:mrVanDalo/landingpage";
+    taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
-    };
+    taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
-
+    #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
-    # todo: mabye use https://github.com/jtroo/kanata instead
+    telemetry.inputs.nixpkgs.follows = "nixpkgs";
-    # fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
+    telemetry.url = "github:mrvandalo/nixos-telemetry";
-    kmonad = {
+    #telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
-      url = "github:kmonad/kmonad?dir=nix";
+    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
-      inputs.nixpkgs.follows = "nixpkgs";
+    treefmt-nix.url = "github:numtide/treefmt-nix";
    };
    stylix = {
      url = "github:danth/stylix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    # smoke test framwork to trigger tests (enable if I  want to use it for real)
    #smoke = {
@ -82,125 +56,154 @@
    #  inputs.nixpkgs.follows = "nixpkgs";
    #};
    # had to override it to  remove colors
    taskshell = {
      url = "github:mrvandalo/taskshell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # my  own tool
    overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
  };
  outputs =
-    inputs@{ self
+    inputs@{
-    , clan-core
+      clan-core,
-    , clan-fact-generators
+      clan-fact-generators,
-    , flake-parts
+      flake-parts,
-    , home-manager
+      healthchecks,
-    , home-manager-utils
+      home-manager,
-    , kmonad
+      home-manager-utils,
-    , landingpage
+      landingpage,
-    , nixos-anywhere
+      nix-topology,
-    , nixos-hardware
+      nixos-anywhere,
-    , nixpkgs
+      nixos-hardware,
-    , nixpkgs-legacy_2211
+      nixpkgs,
-    , nixpkgs-legacy_2311
+      nixpkgs-legacy_2211,
-    , nixpkgs-legacy_2405
+      nixpkgs-legacy_2311,
-    , nixpkgs-unstable-small
+      nixpkgs-legacy_2405,
-    , overviewer
+      nixpkgs-legacy_2411,
-    , permown
+      nixpkgs-unstable-small,
-    , polygon-art
+      permown,
-    , private_assets
+      polygon-art,
-    , retiolum
+      private-parts,
-    , srvos
+      retiolum,
-    , stylix
+      self,
-    , taskshell
+      share-http,
      srvos,
      stylix,
      taskwarrior,
      telemetry,
      treefmt-nix,
    }:
    let
      #system = "x86_64-linux";
      #pkgs = nixpkgs.legacyPackages.${system};
      inherit (nixpkgs) lib;
      meta = rec {
        system = "x86_64-linux";
-        pkgs = import nixpkgs {
+        pkgs =
-          inherit system;
+          let
-          config.allowUnfree = true;
+            allowUnfree = true;
-          config.permittedInsecurePackages = [
+            permittedInsecurePackages = [
              "electron-24.8.6" # for bitwarden
              "python-2.7.18.6"
              "python-2.7.18.7"
              "python-2.7.18.8"
              "electron-27.3.11" # for logseq
              "electron-28.3.3" # for logseq
              "aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
              "aspnetcore-runtime-6.0.36" # for jellyfin
              "dotnet-sdk-wrapped-6.0.428" # for jellyfin
              "dotnet-sdk-6.0.428" # for jellyfin
            ];
          in
          import nixpkgs {
            inherit system;
            config = {
              inherit allowUnfree permittedInsecurePackages;
            };
            overlays = [
              (_self: _super: {
                unstable-small = import nixpkgs-unstable-small {
                  inherit system;
-                config.allowUnfree = true;
+                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2211 = import nixpkgs-legacy_2211 {
                  inherit system;
-                config.allowUnfree = true;
+                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2311 = import nixpkgs-legacy_2311 {
                  inherit system;
-                config.allowUnfree = true;
+                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                legacy_2405 = import nixpkgs-legacy_2405 {
                  inherit system;
-                config.allowUnfree = true;
+                  config = {
                    inherit allowUnfree permittedInsecurePackages;
                  };
                };
                polygon-art = polygon-art.packages.${system};
                landingpage = landingpage.packages.${system}.plain;
-              kmonad = kmonad.packages.${system}.kmonad;
+                share-via-http = share-http.packages.${system}.default;
-              tasksh = taskshell.packages.${system}.tasksh;
+                inherit (taskwarrior.packages.${system})
-              overviewer = overviewer.packages.${system}.overviewer;
+                  bugwarrior
-              pkl = self.packages.${system}.pkl;
+                  tasksh
                  taskwarrior-hooks
                  ;
                inherit (self.packages.${system})
                  otpmenu
                  nsxiv
                  ;
              })
            (import ./pkgs)
            ];
          };
        specialArgs = {
-          inherit private_assets inputs;
+          inherit inputs;
          assets = ./assets;
          factsGenerator = clan-fact-generators.lib { inherit pkgs; };
-          clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
+          clanLib = import ./lib/clanlib.nix {
-          zerotierDeviceName = "ztbn67ogn2";
+            inherit (pkgs) lib;
            machineDir = ./machines;
          };
          # https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
          zerotierInterface = "ztbn67ogn2";
          components = ./components;
          features = ./features;
        };
      };
      clanSetup =
-        { name
+        {
-        , host
+          name,
-        , modules
+          host,
-        }: {
+          modules,
        }:
        {
          clan.core.networking.targetHost = lib.mkDefault "root@${host}";
          nixpkgs.pkgs = meta.pkgs;
          nixpkgs.hostPlatform = meta.system;
          clan.core.facts.secretStore = "password-store";
          clan.core.vars.settings.secretStore = "password-store";
-          imports = modules ++ defaultModules ++ [
+          imports =
            modules
            ++ defaultModules
            ++ [
              ./machines/${name}/configuration.nix
              nix-topology.nixosModules.default
            ];
        };
-      zerotierControllerModule =
+      zerotierControllerModule = {
        {
        clan.core.networking.zerotier.controller = {
          enable = true;
          public = false;
        };
      };
-      zerotierModules = { pkgs, ... }: {
+      zerotierModules =
        { pkgs, ... }:
        {
          imports = [
            # this magically adds all my machines in the zero tier network
@ -228,22 +231,26 @@
          ];
        };
      defaultAuthorizedKeys =
        { config, pkgs, ... }:
        {
          users.users.root.openssh.authorizedKeys.keyFiles = [
            # yubikey key
            ./assets/mrvandalo_rsa.pub
            # backup key
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
          ];
          environment.systemPackages = [ pkgs.borgbackup ];
        };
      defaultModules = [
        # make flake inputs accessiable in NixOS
        {
          _module.args.self = self;
          _module.args.inputs = self.inputs;
        }
        # ssh keys
        ({ config, ... }: {
          users.users.root.openssh.authorizedKeys.keyFiles = [
            # master key
            ./assets/mrvandalo_rsa.pub
            # backup key
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
          ];
        })
        {
          # disable emergency mode everywhere, although it might be needed on laptops
          boot.initrd.systemd.emergencyAccess = false;
@ -254,12 +261,23 @@
          systemd.enableEmergencyMode = false;
        }
        # configure nix
-        ({ pkgs, lib, clanLib, ... }:
+        (
          {
            pkgs,
            lib,
            clanLib,
            ...
          }:
          {
            nix.settings.substituters = [ "http://cache.orbi.wg0" ];
            nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
-            nix.settings.experimental-features = [ "nix-command" "flakes" ];
+            nix.settings.experimental-features = [
              "nix-command"
              "flakes"
            ];
            # https://nix.dev/manual/nix/2.17/advanced-topics/cores-vs-jobs
            nix.settings.max-jobs = 1;
            nix.settings.cores = 4;
            # no channesl needed this way
            nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -272,10 +290,13 @@
              ./components
              ./features
              #./modules
-              inputs.clan-core.nixosModules.clanCore
+              clan-core.nixosModules.clanCore
              telemetry.nixosModules.telemetry
              {
                clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
              }
              # inputs.stylix.nixosModules.stylix # fixme: not working
              permown.nixosModules.permown
              kmonad.nixosModules.default
              home-manager.nixosModules.home-manager
              # retiolum.nixosModules.retiolum # fixme: not working
            ];
@ -283,57 +304,82 @@
            boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
            boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
            boot.loader.grub.configurationLimit = lib.mkDefault 10;
-          })
+          }
        )
        # My Structure
        ./components
        ./features
        ./modules # todo : spread this across features and components
        #./system/all # todo : spread this across features and components
        (
          { lib, pkgs, ... }:
          {
            telemetry.netdata.enable = false;
          }
        )
        # some modules I always use
        telemetry.nixosModules.telemetry
        permown.nixosModules.permown
        kmonad.nixosModules.default
        # some default things I always want
-        ({ pkgs, ... }: {
+        (
          { pkgs, ... }:
          {
            boot.tmp.useTmpfs = lib.mkDefault true;
-          environment.systemPackages = [
+          }
-            pkgs.nixpkgs-fmt
+        )
          ];
        })
      ];
-      stylixModules = { pkgs, config, ... }: {
+      stylixModules =
        {
          pkgs,
          config,
          lib,
          ...
        }:
        {
          imports = [ stylix.nixosModules.stylix ];
          stylix.enable = true;
          stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
          stylix.image = ./assets/wallpaper.png;
          home-manager.sharedModules = [
            {
              # no need for hyperland
              # https://github.com/danth/stylix/issues/543
              stylix.targets.hyprpaper.enable = lib.mkForce false;
              stylix.targets.hyprland.enable = lib.mkForce false;
            }
          ];
          stylix.fonts = {
            serif = {
-            package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
+              package = pkgs.nerd-fonts.ubuntu;
              name = "Ubuntu";
            };
            sansSerif = {
-            package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
+              package = pkgs.nerd-fonts.ubuntu;
              name = "Ubuntu";
            };
            monospace = {
-            package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
+              package = pkgs.nerd-fonts.jetbrains-mono;
              name = "JetBrains Mono";
            };
-          emoji = {
+            emoji = config.stylix.fonts.monospace;
-            package = pkgs.noto-fonts-emoji;
+            #            emoji = {
-            name = "Noto Color Emoji";
+            #              package = pkgs.noto-fonts-emoji;
-          };
+            #              name = "Noto Color Emoji";
            #            };
            sizes.popups = 15;
          };
        };
-      homeManagerModules = { pkgs, config, ... }: {
+      homeManagerModules =
        { pkgs, config, ... }:
        {
          imports = [
            home-manager.nixosModules.home-manager
          ];
          home-manager.extraSpecialArgs = {
          inherit private_assets;
            assets = ./assets;
          };
          home-manager.useGlobalPkgs = true;
@ -341,25 +387,29 @@
          home-manager.backupFileExtension = "backup";
          home-manager.sharedModules = [
            home-manager-utils.hmModule
            taskwarrior.hmModules.bugwarrior
          ];
        };
    in
-    flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
+    flake-parts.lib.mkFlake { inherit inputs; } (
-      # We define our own systems below. you can still use this to add system specific outputs to your flake.
+      {
-      # See: https://flake.parts/getting-started
+        self,
        self',
        pkgs,
        ...
      }:
      {
        systems = [ "x86_64-linux" ];
      # import clan-core modules
        imports = [
          clan-core.flakeModules.default
          healthchecks.flakeModule
          ./nix/formatter.nix
          ./nix/packages
          ./nix/topology
        ];
      perSystem = { pkgs, ... }: {
        packages.pkl = pkgs.callPackage ./pkgs/pkl { };
      };
        # Define your clan
        clan = {
          # Clan wide settings.
@ -368,64 +418,15 @@
          machines = {
          sternchen = clanSetup {
            name = "sternchen";
            host = "sternchen.bear";
            #host = "192.168.178.25";
            modules = [
              nixos-hardware.nixosModules.lenovo-thinkpad-x220
              homeManagerModules
              stylixModules
              { home-manager.users.mainUser.gui.enable = true; }
              {
                home-manager.users.mainUser = import ./homes/tina;
                home-manager.users.root = import ./homes/root;
              }
              # todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
              ({ lib, ... }: {
                home-manager.sharedModules = [
                  {
                    programs.atuin.enable = lib.mkForce false;
                  }
                ];
              })
              {
                clan.core.machineDescription = "LaLaptop";
              }
            ];
          };
          cream = clanSetup {
            name = "cream";
            host = "cream.bear";
            modules = [
              zerotierModules
              nixos-hardware.nixosModules.framework-12th-gen-intel
              retiolum.nixosModules.retiolum
              private_assets.nixosModules.cream
              private_assets.nixosModules.yubikey
              homeManagerModules
              stylixModules
              { home-manager.users.mainUser.gui.enable = true; }
              {
                home-manager.users.mainUser = import ./homes/palo;
                home-manager.users.root = import ./homes/root;
              }
              {
                clan.core.machineDescription = "Laptop";
              }
            ];
          };
            cherry = clanSetup {
              name = "cherry";
              host = "cherry.bear";
              modules = [
                healthchecks.nixosModules.default
                zerotierModules
                nixos-hardware.nixosModules.framework-13th-gen-intel
                retiolum.nixosModules.retiolum
-              private_assets.nixosModules.yubikey
+                private-parts.nixosModules.cherry
              private_assets.nixosModules.cherry
                homeManagerModules
                stylixModules
                { home-manager.users.mainUser.gui.enable = true; }
@ -436,6 +437,15 @@
                {
                  clan.core.machineDescription = "Laptop";
                }
                (
                  { config, ... }:
                  {
                    # keys only to access cherry
                    users.users.root.openssh.authorizedKeys.keyFiles = [
                      "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
                    ];
                  }
                )
              ];
            };
@ -443,12 +453,13 @@
              name = "chungus";
              host = "chungus.bear";
              modules = [
                healthchecks.nixosModules.default
                zerotierModules
                zerotierControllerModule
                homeManagerModules
                stylixModules
                retiolum.nixosModules.retiolum
-              private_assets.nixosModules.chungus
+                private-parts.nixosModules.chungus
                {
                  home-manager.users.mainUser = import ./homes/palo;
                  home-manager.users.root = import ./homes/root;
@ -456,6 +467,15 @@
                {
                  clan.core.machineDescription = "Home Server";
                }
                (
                  { config, ... }:
                  {
                    # keys only to access chungus
                    users.users.root.openssh.authorizedKeys.keyFiles = [
                      "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
                    ];
                  }
                )
              ];
            };
@ -464,6 +484,8 @@
              host = "orbi.bear";
              #host = "95.216.66.212";
              modules = [
                defaultAuthorizedKeys
                healthchecks.nixosModules.default
                homeManagerModules
                stylixModules
                zerotierModules
@ -485,6 +507,7 @@
              #host = "167.235.205.150";
              host = "95.217.18.54";
              modules = [
                defaultAuthorizedKeys
                homeManagerModules
                stylixModules
                srvos.nixosModules.hardware-hetzner-cloud
@ -506,6 +529,7 @@
              #host = "usbstick.bear";
              host = "10.100.0.100";
              modules = [
                defaultAuthorizedKeys
                homeManagerModules
                stylixModules
                zerotierModules
@ -524,7 +548,7 @@
        };
-    });
+      }
    );
 }
--- a/homes/common/default.nix
+++ b/homes/common/default.nix
@ -2,7 +2,9 @@
 {
  imports = [
    ./editor.nix
-    ./oh-my-posh
+    ./network.nix
    #./oh-my-posh
    ./starship-rs
    ./packages.nix
    ./terminal.nix
    ./zfs.nix
--- a/homes/common/network.nix
+++ b/homes/common/network.nix
@ -0,0 +1,34 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 {
  config = mkMerge [
    {
      home.packages = [
        # firewall analysis
        pkgs.nftables
        pkgs.nixos-firewall-tool
        # analyser
        pkgs.dnsutils
        pkgs.tcpdump
        pkgs.nmap
        pkgs.rustscan
        # helper
        pkgs.ipcalc
      ];
    }
    (mkIf config.gui.enable {
      home.packages = [
        pkgs.wireshark
      ];
    })
  ];
 }
--- a/homes/common/oh-my-posh/default.nix
+++ b/homes/common/oh-my-posh/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 {
  programs.oh-my-posh = {
--- a/homes/common/oh-my-posh/gmay.json
+++ b/homes/common/oh-my-posh/gmay.json
@ -12,11 +12,20 @@
          "template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
          "type": "os"
        },
        {
          "background": "#AF3A03",
          "foreground": "#EBDBB2",
          "powerline_symbol": "\ue0b0",
          "style": "powerline",
          "template": " \uf0e7 ",
          "type": "root"
        },
        {
          "background": "#076678",
          "foreground": "#EBDBB2",
          "powerline_symbol": "\ue0b0",
          "style": "powerline",
-          "template": " {{ .UserName }}@{{ .HostName }} ",
+          "template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
          "type": "session"
        },
        {
@ -42,28 +51,44 @@
          "type": "time"
        },
        {
-          "background": "#8F3F71",
+          "type": "project",
          "foreground": "#EBDBB2",
          "powerline_symbol": "\ue0b0",
          "properties": {
            "fetch_stash_count": true,
            "fetch_upstream_icon": true
          },
          "style": "powerline",
-          "template": " {{ .UpstreamIcon }}{{ .HEAD }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
+          "powerline_symbol": "",
-          "type": "git"
+          "foreground": "#193549",
          "background": "#ffeb3b",
          "template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
        },
        {
-          "background": "#9D0006",
+          "type": "git",
          "foreground": "#EBDBB2",
          "powerline_symbol": "\ue0b0",
          "style": "powerline",
-          "template": " \uf0e7 ",
+          "powerline_symbol": "",
-          "type": "root"
+          "background": "#427b58",
          "foreground": "#EBDBB2",
          "background_templates": [
            "{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
            "{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
            "{{ if gt .Ahead 0 }}#076678{{ end }}",
            "{{ if gt .Behind 0 }}#076678{{ end }}"
          ],
          "template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
          "properties": {
            "fetch_status": true,
            "fetch_upstream_icon": true,
            "untracked_modes": {
              "/Users/user/Projects/oh-my-posh/": "no"
            },
            "source": "cli",
            "mapped_branches": {
              "feat/*": "🚀 ",
              "bug/*": "🐛 "
            }
          }
        },
        {
          "background": "#427B58",
-          "background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"],
+          "background_templates": [
            "{{ if gt .Code 0 }}#9D0006{{ end }}"
          ],
          "foreground": "#EBDBB2",
          "leading_diamond": "<transparent,background>\ue0b0</>",
          "properties": {
--- a/homes/common/oh-my-posh/gruvbox.json
+++ b/homes/common/oh-my-posh/gruvbox.json
@ -13,9 +13,13 @@
        },
        {
          "background": "#fbf1c7",
-          "background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
+          "background_templates": [
            "{{ if .Root }}#af3a03{{ end }}"
          ],
          "foreground": "#282828",
-          "foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
+          "foreground_templates": [
            "{{ if .Root }}#fbf1c7{{ end }}"
          ],
          "powerline_symbol": "\ue0b0",
          "style": "powerline",
          "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
--- a/homes/common/packages.nix
+++ b/homes/common/packages.nix
@ -1,14 +1,16 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with pkgs;
 with lib;
 {
  config = mkMerge [
    {
      home.packages = [
        bind.dnsutils
        nmap
        hexyl
        ipcalc
        units
        difftastic
@ -21,7 +23,9 @@ with lib;
        gimoji
-        tldr
+        #tldr
        tealdeer
        navi # cheatsheet manager
        bandwhich # todo : put this to common/networking.nix
@ -35,13 +39,16 @@ with lib;
        (writers.writeBashBin "vulnix-system" ''
          ${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
        '')
        # cpu load monitor
        glances
      ];
      # cpu load monitor
      programs.btop.enable = true;
    }
    (mkIf config.gui.enable {
      home.packages = [
        libreoffice
@ -54,7 +61,7 @@ with lib;
        aspellDicts.es
        evince
-        sxiv
+        nsxiv
        gimp
        inkscape
--- a/homes/common/starship-rs/default.nix
+++ b/homes/common/starship-rs/default.nix
@ -0,0 +1,33 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 with config.lib.stylix.colors.withHashtag;
 {
  programs.starship = {
    enable = true;
    # download presets from : https://starship.rs/presets/
    settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
      palettes.stylix = {
        color_fg0 = base01;
        color_terminal_fg = base05;
        color_terminal_bg = base00;
        color_bg1 = base04;
        color_bg2 = base02;
        color_bg3 = base03;
        color_blue = base0D;
        color_aqua = base0C;
        color_green = base0B;
        color_orange = base0F;
        color_purple = base0E;
        color_red = base08;
        color_yellow = base0A;
      };
    };
  };
 }
--- a/homes/common/starship-rs/gruvbox-rainbow.toml
+++ b/homes/common/starship-rs/gruvbox-rainbow.toml
@ -0,0 +1,184 @@
 "$schema" = 'https://starship.rs/config-schema.json'
 format = """
 $os\
 $username\
 $hostname \
 [](bg:color_yellow fg:color_terminal_bg)\
 $directory\
 [](fg:color_yellow bg:color_aqua)\
 $git_branch\
 $git_status\
 [](fg:color_aqua bg:color_blue)\
 $c\
 $rust\
 $golang\
 $nodejs\
 $php\
 $java\
 $kotlin\
 $haskell\
 $python\
 [](fg:color_blue bg:color_bg3)\
 $docker_context\
 $conda\
 [](fg:color_bg3 bg:color_bg1)\
 $time\
 [ ](fg:color_bg1)\
 $character"""
 palette = 'stylix' # we use stylix instead of gruvbox_dark
 # todo : use stylix/base16 scheme
 [palettes.gruvbox_dark]
 color_fg0 = '#fbf1c7'
 color_terminal_bg = '#fbf1c7' # original background
 color_terminal_fg = '#3c3836' # original foreground
 color_bg1 = '#3c3836'
 color_bg2 = '#665c54'
 color_bg3 = '#665c54'
 color_blue = '#458588'
 color_aqua = '#689d6a'
 color_green = '#98971a'
 color_orange = '#d65d0e'
 color_purple = '#b16286'
 color_red = '#cc241d'
 color_yellow = '#d79921'
 [os]
 disabled = false
 style = "bold bg:color_blue fg:color_terminal_bg"
 #format = "[$symbol ]($style)"
 format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
 [os.symbols]
 Alpine = ""
 Amazon = ""
 Android = ""
 Arch = "󰣇"
 Artix = "󰣇"
 CentOS = ""
 Debian = "󰣚"
 EndeavourOS = ""
 Fedora = "󰣛"
 Gentoo = "󰣨"
 Linux = "󰌽"
 Macos = "󰀵"
 Manjaro = ""
 Mint = "󰣭"
 NixOS = ""
 Pop = ""
 Raspbian = "󰐿"
 RedHatEnterprise = "󱄛"
 Redhat = "󱄛"
 SUSE = ""
 Ubuntu = "󰕈"
 Windows = "󰍲"
 [username]
 show_always = true
 style_user = "bg:color_terminal_bg fg:color_terminal_fg"
 style_root = "bg:color_terminal_bg fg:color_red bold"
 format = '[$user]($style)'
 [hostname]
 ssh_only = true
 style = "bg:color_terminal_bg fg:color_terminal_fg"
 ssh_symbol = "@"
 format = "[$ssh_symbol$hostname]($style)"
 [directory]
 style = "fg:color_fg0 bg:color_yellow"
 format = "[ $path ]($style)"
 truncation_length = 3
 truncation_symbol = "…/"
 [directory.substitutions]
 "Documents" = "󰈙 "
 "Downloads" = " "
 "Music" = "󰝚 "
 "Pictures" = " "
 "Developer" = "󰲋 "
 "dev" = "󰲋 "
 [git_branch]
 symbol = ""
 style = "bg:color_aqua"
 format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
 [git_status]
 style = "bg:color_aqua"
 format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
 [nodejs]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [c]
 symbol = " "
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [rust]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [golang]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [php]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [java]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [kotlin]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [haskell]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [python]
 symbol = ""
 style = "bg:color_blue"
 format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
 [docker_context]
 symbol = ""
 style = "bg:color_bg3"
 format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
 [conda]
 style = "bg:color_bg3"
 format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
 [time]
 disabled = false
 time_format = "%R"
 style = "bg:color_bg1"
 format = '[[  $time ](fg:color_fg0 bg:color_bg1)]($style)'
 [line_break]
 disabled = false
 [character]
 disabled = false
 success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
 error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
 vimcmd_symbol = '[](bold fg:color_green)'
 vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
 vimcmd_replace_symbol = '[](bold fg:color_purple)'
 vimcmd_visual_symbol = '[](bold fg:color_yellow)'
--- a/homes/common/terminal.nix
+++ b/homes/common/terminal.nix
@ -1,4 +1,9 @@
-{ lib, pkgs, assets, ... }:
+{
  lib,
  pkgs,
  assets,
  ...
 }:
 {
  programs.zsh = {
--- a/homes/common/zfs.nix
+++ b/homes/common/zfs.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with pkgs;
 with lib;
 {
--- a/homes/palo/default.nix
+++ b/homes/palo/default.nix
@ -1,11 +1,11 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  imports = [
    ../common
    ./git.nix
    ./gpg.nix
    ./gui
    #./hyperland.nix
    ./i3.nix
    ./packages
    ./ssh.nix
--- a/homes/palo/doom-emacs.nix
+++ b/homes/palo/doom-emacs.nix
@ -1,35 +0,0 @@
 { config, pkgs, lib, ... }:
 with lib;
 {
  config = mkMerge [
    {
      home.packages = [ pkgs.ripgrep ];
    }
    (mkIf config.gui.enable {
      programs.doom-emacs = {
        enable = lib.mkDefault true;
        doomPrivateDir = ./doom.d;
        extraConfig = ''
          ;; "monospace" means use the system default. However, the default is usually two
          ;; points larger than I'd like, so I specify size 12 here.
          (setq doom-font
            (font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
          ;;(setq doom-font
          ;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
        '';
        #emacsPackagesOverlay = self: super: {
        #  # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
        #  gitignore-mode = pkgs.emacsPackages.git-modes;
        #  gitconfig-mode = pkgs.emacsPackages.git-modes;
        #};
      };
    })
    (mkIf (!config.gui.enable) {
      programs.doom-emacs = {
        enable = lib.mkDefault true;
        doomPrivateDir = ./doom.d;
        package = pkgs.emacs-nox;
      };
    })
  ];
 }
--- a/homes/palo/doom.d/config.el
+++ b/homes/palo/doom.d/config.el
@ -1,4 +0,0 @@
 ;; configure theme
 (setq doom-theme 'doom-solarized-light)
--- a/homes/palo/doom.d/init.el
+++ b/homes/palo/doom.d/init.el
@ -1,187 +0,0 @@
 ;;; init.el -*- lexical-binding: t; -*-
 ;; This file controls what Doom modules are enabled and what order they load
 ;; in. Remember to run 'doom sync' after modifying it!
 ;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
 ;;      documentation. There you'll find a "Module Index" link where you'll find
 ;;      a comprehensive list of Doom's modules and what flags they support.
 ;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
 ;;      'C-c c k' for non-vim users) to view its documentation. This works on
 ;;      flags as well (those symbols that start with a plus).
 ;;
 ;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
 ;;      directory (for easy access to its source code).
 (doom! :input
       ;;chinese
       ;;japanese
       ;;layout            ; auie,ctsrnm is the superior home row
       :completion
       company           ; the ultimate code completion backend
       ;;helm              ; the *other* search engine for love and life
       ;;ido               ; the other *other* search engine...
       ivy               ; a search engine for love and life
       :ui
       ;;deft              ; notational velocity for Emacs
       doom              ; what makes DOOM look the way it does
       doom-dashboard    ; a nifty splash screen for Emacs
       doom-quit         ; DOOM quit-message prompts when you quit Emacs
       ;;(emoji +unicode)  ; 🙂
       hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
       ;;hydra
       ;;indent-guides     ; highlighted indent columns
       ;;ligatures         ; ligatures and symbols to make your code pretty again
       ;;minimap           ; show a map of the code on the side
       modeline          ; snazzy, Atom-inspired modeline, plus API
       ;;nav-flash         ; blink cursor line after big motions
       ;;neotree           ; a project drawer, like NERDTree for vim
       ophints           ; highlight the region an operation acts on
       (popup +defaults)   ; tame sudden yet inevitable temporary windows
       ;;tabs              ; a tab bar for Emacs
       ;;treemacs          ; a project drawer, like neotree but cooler
       ;;unicode           ; extended unicode support for various languages
       vc-gutter         ; vcs diff in the fringe
       vi-tilde-fringe   ; fringe tildes to mark beyond EOB
       ;;window-select     ; visually switch windows
       workspaces        ; tab emulation, persistence & separate workspaces
       ;;zen               ; distraction-free coding or writing
       :editor
       (evil +everywhere); come to the dark side, we have cookies
       file-templates    ; auto-snippets for empty files
       fold              ; (nigh) universal code folding
       ;;(format +onsave)  ; automated prettiness
       ;;god               ; run Emacs commands without modifier keys
       ;;lispy             ; vim for lisp, for people who don't like vim
       ;;multiple-cursors  ; editing in many places at once
       ;;objed             ; text object editing for the innocent
       ;;parinfer          ; turn lisp into python, sort of
       ;;rotate-text       ; cycle region at point between text candidates
       snippets          ; my elves. They type so I don't have to
       ;;word-wrap         ; soft wrapping with language-aware indent
       :emacs
       dired             ; making dired pretty [functional]
       electric          ; smarter, keyword-based electric-indent
       ;;ibuffer         ; interactive buffer management
       undo              ; persistent, smarter undo for your inevitable mistakes
       vc                ; version-control and Emacs, sitting in a tree
       :term
       ;;eshell            ; the elisp shell that works everywhere
       ;;shell             ; simple shell REPL for Emacs
       ;;term              ; basic terminal emulator for Emacs
       ;;vterm             ; the best terminal emulation in Emacs
       :checkers
       syntax              ; tasing you for every semicolon you forget
       ;;(spell +flyspell) ; tasing you for misspelling mispelling
       ;;grammar           ; tasing grammar mistake every you make
       :tools
       ;;ansible
       ;;debugger          ; FIXME stepping through code, to help you add bugs
       ;;direnv
       ;;docker
       ;;editorconfig      ; let someone else argue about tabs vs spaces
       ;;ein               ; tame Jupyter notebooks with emacs
       (eval +overlay)     ; run code, run (also, repls)
       ;;gist              ; interacting with github gists
       lookup              ; navigate your code and its documentation
       ;;lsp               ; M-x vscode
       magit             ; a git porcelain for Emacs
       ;;make              ; run make tasks from Emacs
       ;;pass              ; password manager for nerds
       ;;pdf               ; pdf enhancements
       ;;prodigy           ; FIXME managing external services & code builders
       ;;rgb               ; creating color strings
       ;;taskrunner        ; taskrunner for all your projects
       ;;terraform         ; infrastructure as code
       ;;tmux              ; an API for interacting with tmux
       ;;upload            ; map local to remote projects via ssh/ftp
       :os
       (:if IS-MAC macos)  ; improve compatibility with macOS
       ;;tty               ; improve the terminal Emacs experience
       :lang
       ;;agda              ; types of types of types of types...
       ;;beancount         ; mind the GAAP
       ;;cc                ; C > C++ == 1
       ;;clojure           ; java with a lisp
       ;;common-lisp       ; if you've seen one lisp, you've seen them all
       ;;coq               ; proofs-as-programs
       ;;crystal           ; ruby at the speed of c
       ;;csharp            ; unity, .NET, and mono shenanigans
       ;;data              ; config/data formats
       ;;(dart +flutter)   ; paint ui and not much else
       ;;elixir            ; erlang done right
       ;;elm               ; care for a cup of TEA?
       emacs-lisp        ; drown in parentheses
       ;;erlang            ; an elegant language for a more civilized age
       ;;ess               ; emacs speaks statistics
       ;;factor
       ;;faust             ; dsp, but you get to keep your soul
       ;;fsharp            ; ML stands for Microsoft's Language
       ;;fstar             ; (dependent) types and (monadic) effects and Z3
       ;;gdscript          ; the language you waited for
       ;;(go +lsp)         ; the hipster dialect
       ;;(haskell +dante)  ; a language that's lazier than I am
       ;;hy                ; readability of scheme w/ speed of python
       ;;idris             ; a language you can depend on
       ;;json              ; At least it ain't XML
       ;;(java +meghanada) ; the poster child for carpal tunnel syndrome
       ;;javascript        ; all(hope(abandon(ye(who(enter(here))))))
       ;;julia             ; a better, faster MATLAB
       ;;kotlin            ; a better, slicker Java(Script)
       ;;latex             ; writing papers in Emacs has never been so fun
       ;;lean              ; for folks with too much to prove
       ;;ledger            ; be audit you can be
       ;;lua               ; one-based indices? one-based indices
       markdown            ; writing docs for people to ignore
       ;;nim               ; python + lisp at the speed of c
       nix                 ; I hereby declare "nix geht mehr!"
       ;;ocaml             ; an objective camel
       (org +roam2)        ; organize your plain life in plain text
       ;;php               ; perl's insecure younger brother
       ;;plantuml          ; diagrams for confusing people more
       ;;purescript        ; javascript, but functional
       ;;python            ; beautiful is better than ugly
       ;;qt                ; the 'cutest' gui framework ever
       ;;racket            ; a DSL for DSLs
       ;;raku              ; the artist formerly known as perl6
       ;;rest              ; Emacs as a REST client
       ;;rst               ; ReST in peace
       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
       ;;rust              ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
       ;;scala             ; java, but good
       ;;(scheme +guile)   ; a fully conniving family of lisps
       sh                ; she sells {ba,z,fi}sh shells on the C xor
       ;;sml
       ;;solidity          ; do you need a blockchain? No.
       ;;swift             ; who asked for emoji variables?
       ;;terra             ; Earth and Moon in alignment for performance.
       ;;web               ; the tubes
       ;;yaml              ; JSON, but readable
       ;;zig               ; C, but simpler
       :email
       ;;(mu4e +gmail)
       ;;notmuch
       ;;(wanderlust +gmail)
       :app
       ;;calendar
       ;;emms
       ;;everywhere        ; *leave* Emacs!? You must be joking
       ;;irc               ; how neckbeards socialize
       ;;(rss +org)        ; emacs as an RSS reader
       ;;twitter           ; twitter client https://twitter.com/vnought
       :config
       ;;literate
       (default +bindings +smartparens))
--- a/homes/palo/doom.d/packages.el
+++ b/homes/palo/doom.d/packages.el
--- a/homes/palo/git.nix
+++ b/homes/palo/git.nix
@ -10,16 +10,24 @@ with pkgs;
      key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
      signByDefault = true;
    };
-    ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
+    ignores = [
      "*.swp"
      "*~"
      ".idea"
      ".*penis.*"
      "result"
      ".envrc"
      ".direnv"
    ];
    extraConfig = {
      init.defaultBranch = "main";
      pull.ff = "only";
      push.autoSetupRemote = true;
    };
    #diff-so-fancy.enable = true;
    difftastic.enable = true;
  };
  home.packages = [
    pre-commit
    gita
--- a/homes/palo/gpg.nix
+++ b/homes/palo/gpg.nix
@ -12,8 +12,7 @@
      keyserver = "keyserver.ubuntu.com";
      personal-digest-preferences = "SHA512";
      cert-digest-algo = "SHA512";
-      default-preference-list =
+      default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
        "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
    };
  };
--- a/homes/palo/gui/alacritty.nix
+++ b/homes/palo/gui/alacritty.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
  pkgs,
  lib,
  config,
  ...
 }:
 with lib;
 {
--- a/homes/palo/gui/kitty.nix
+++ b/homes/palo/gui/kitty.nix
@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
  lib,
  pkgs,
  config,
  ...
 }:
 with lib;
 {
@ -31,6 +36,5 @@ with lib;
      };
    };
  };
 }
--- a/homes/palo/hyperland.nix
+++ b/homes/palo/hyperland.nix
@ -1,161 +0,0 @@
 { pkgs, ... }:
 {
  home.file.".config/hypr/hyperland.conf".text = ''
    autogenerated = 1 # remove this line to remove the warning
    # See https://wiki.hyprland.org/Configuring/Monitors/
    monitor=,preferred,auto,auto
    # Some default env vars.
    env = XCURSOR_SIZE,24
    # For all categories, see https://wiki.hyprland.org/Configuring/Variables/
    input {
        kb_layout = us
        kb_variant =
        kb_model =
        kb_options =
        kb_rules =
        follow_mouse = 1
        touchpad {
            natural_scroll = no
        }
        sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
    }
    general {
        # See https://wiki.hyprland.org/Configuring/Variables/ for more
        gaps_in = 5
        gaps_out = 20
        border_size = 2
        col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
        col.inactive_border = rgba(595959aa)
        layout = dwindle
        # Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
        allow_tearing = false
    }
    decoration {
        # See https://wiki.hyprland.org/Configuring/Variables/ for more
        rounding = 10
        blur {
            enabled = true
            size = 3
            passes = 1
        }
        drop_shadow = yes
        shadow_range = 4
        shadow_render_power = 3
        col.shadow = rgba(1a1a1aee)
    }
    animations {
        enabled = yes
        # Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
        bezier = myBezier, 0.05, 0.9, 0.1, 1.05
        animation = windows, 1, 7, myBezier
        animation = windowsOut, 1, 7, default, popin 80%
        animation = border, 1, 10, default
        animation = borderangle, 1, 8, default
        animation = fade, 1, 7, default
        animation = workspaces, 1, 6, default
    }
    dwindle {
        # See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
        pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
        preserve_split = yes # you probably want this
    }
    master {
        # See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
        new_is_master = true
    }
    gestures {
        # See https://wiki.hyprland.org/Configuring/Variables/ for more
        workspace_swipe = off
    }
    misc {
        # See https://wiki.hyprland.org/Configuring/Variables/ for more
        force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
    }
    # Example per-device config
    # See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
    device:epic-mouse-v1 {
        sensitivity = -0.5
    }
    # See https://wiki.hyprland.org/Configuring/Keywords/ for more
    $mainMod = SUPER
    # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
    bind = $mainMod, enter, exec, alacritty
    bind = $mainMod, C, killactive,
    bind = $mainMod, Q, exit,
    bind = $mainMod, E, exec, dolphin
    bind = $mainMod, V, togglefloating,
    bind = $mainMod, R, exec, wofi --show drun
    bind = $mainMod, P, pseudo, # dwindle
    bind = $mainMod, J, togglesplit, # dwindle
    # Move focus with mainMod + arrow keys
    bind = $mainMod, left, movefocus, l
    bind = $mainMod, right, movefocus, r
    bind = $mainMod, up, movefocus, u
    bind = $mainMod, down, movefocus, d
    # Switch workspaces with mainMod + [0-9]
    bind = $mainMod, 1, workspace, 1
    bind = $mainMod, 2, workspace, 2
    bind = $mainMod, 3, workspace, 3
    bind = $mainMod, 4, workspace, 4
    bind = $mainMod, 5, workspace, 5
    bind = $mainMod, 6, workspace, 6
    bind = $mainMod, 7, workspace, 7
    bind = $mainMod, 8, workspace, 8
    bind = $mainMod, 9, workspace, 9
    bind = $mainMod, 0, workspace, 10
    # Move active window to a workspace with mainMod + SHIFT + [0-9]
    bind = $mainMod SHIFT, 1, movetoworkspace, 1
    bind = $mainMod SHIFT, 2, movetoworkspace, 2
    bind = $mainMod SHIFT, 3, movetoworkspace, 3
    bind = $mainMod SHIFT, 4, movetoworkspace, 4
    bind = $mainMod SHIFT, 5, movetoworkspace, 5
    bind = $mainMod SHIFT, 6, movetoworkspace, 6
    bind = $mainMod SHIFT, 7, movetoworkspace, 7
    bind = $mainMod SHIFT, 8, movetoworkspace, 8
    bind = $mainMod SHIFT, 9, movetoworkspace, 9
    bind = $mainMod SHIFT, 0, movetoworkspace, 10
    # Example special workspace (scratchpad)
    bind = $mainMod, S, togglespecialworkspace, magic
    bind = $mainMod SHIFT, S, movetoworkspace, special:magic
    # Scroll through existing workspaces with mainMod + scroll
    bind = $mainMod, mouse_down, workspace, e+1
    bind = $mainMod, mouse_up, workspace, e-1
    # Move/resize windows with mainMod + LMB/RMB and dragging
    bindm = $mainMod, mouse:272, movewindow
    bindm = $mainMod, mouse:273, resizewindow
  '';
 }
--- a/homes/palo/i3.nix
+++ b/homes/palo/i3.nix
@ -1,8 +1,20 @@
-{ config, lib, pkgs, osConfig, ... }:
+{
  config,
  lib,
  pkgs,
  osConfig,
  ...
 }:
 with lib;
 let
-  rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
+  rofi = pkgs.rofi.override {
    plugins = [
      pkgs.rofi-emoji
      pkgs.rofi-calc
      pkgs.xdotool
    ];
  };
  backgroundCommand = pkgs.writers.writeDash "background" ''
    ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -43,6 +55,7 @@ in
        pkgs.autorandr
        pkgs.polygon-art.polygon-art
        pkgs.xdotool # needed for rofi-emoji
        pkgs.xclicker # makes stuff much easier
      ];
    programs.i3status-rust = {
@ -140,21 +153,25 @@ in
          focus = {
            followMouse = true;
          };
-          colors.focused =
+          colors.focused = with config.lib.stylix.colors.withHashtag; {
            with config.lib.stylix.colors.withHashtag;
            {
            # stylix color overrides
            border = lib.mkForce base08;
            background = lib.mkForce base0A;
            text = lib.mkForce base00;
          };
-          startup =
+          startup = [
-            [
+            #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
              #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
              { command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
              { command = toString backgroundCommand; always = true; }
            {
-                command = toString (pkgs.writers.writeDash "xsettings" ''
+              command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
              always = true;
            }
            {
              command = toString backgroundCommand;
              always = true;
            }
            {
              command = toString (
                pkgs.writers.writeDash "xsettings" ''
                  # to allow sudo commands to access X
                  ${pkgs.xorg.xhost}/bin/xhost +
                  # no shitty pcspkr crap
@ -162,13 +179,15 @@ in
                  # no sleeping monitor
                  ${pkgs.xorg.xset}/bin/xset -dpms
                  ${pkgs.xorg.xset}/bin/xset s off
-                '');
+                ''
              );
              always = true;
            }
          ];
          bars = [
-            (config.lib.stylix.i3.bar //
+            (
-              {
+              config.lib.stylix.i3.bar
              // {
                #mode = "hide";
                hiddenState = "hide";
                position = "top";
@ -188,6 +207,19 @@ in
            in
            {
              "Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
              # --- Brightness controls --- #
              "XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
              "XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
              # --- Pulse/Pipewire Audio controls --- #
              "XF86AudioRaiseVolume" =
                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
              "XF86AudioLowerVolume" =
                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
              "XF86AudioMute" =
                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
              "${modifier}+Return" = "exec ${cfg.config.terminal}";
              "${modifier}+Shift+q" = "exit";
              "${modifier}+q" = "kill";
@ -286,7 +318,8 @@ in
              "${modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
              "${modifier}+Shift+c" = "reload";
              "${modifier}+Shift+r" = "restart";
-              "${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
+              "${modifier}+Shift+e" =
                "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
              "${modifier}+r" = "mode resize";
--- a/homes/palo/packages/development.nix
+++ b/homes/palo/packages/development.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
  pkgs,
  lib,
  config,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -15,55 +20,47 @@ with lib;
        zed-editor
        minicom # for flipper zero
        #jetbrains.mps
-        jetbrains.datagrip
+        #jetbrains.datagrip
        # Rust
        # ----
-        jetbrains.rust-rover
+        #jetbrains.rust-rover
-        gcc
+        #gcc
-        rustup
+        #rustup
        # Python
        # ------
        jetbrains.pycharm-professional
        # planing
        ((ganttproject-bin.override {
          jre = pkgs.openjdk11;
        }).overrideAttrs (old: {
          version = "3.1.3100";
          src = pkgs.fetchzip {
            url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
            sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
          };
        }))
        # Pkl
        # ---
        # pkl (not working yet)
        # terminal code to image/movie renderer
        vhs
        carbon-now-cli
        asciinema
        asciinema-agg
        asciinema-scenario
-        asciinema
+        carbon-now-cli
        termtosvg
        vhs
-        legacy_2311.blockdiag
+        #legacy_2311.blockdiag
        # nomad
-        nomad
+        #nomad
-        vault
+        #vault
-        consul
+        #consul
-        wander
+        #wander
        # terraform
        terragrunt
        terraform
        terraform-docs
        awscli2
-        packer
+        #packer
        # documentation renderers
        mdbook
@ -72,23 +69,17 @@ with lib;
        marp-cli # markdown to presentation framework
        # terminal recorder
        asciinema
        asciinema-agg
        asciinema-scenario
        termtosvg
        #surrealist
        #surrealdb # fixme: not working because of rust update or something
        boxes
-        nodePackages.prettier
+        #nodePackages.prettier
-        shfmt
+        #shfmt
-        black
+        #black
-        pre-commit
+        #pre-commit
-        nixpkgs-fmt
+        #nixpkgs-fmt
-        treefmt
+        #treefmt
        # python
        python3Full
@ -101,7 +92,8 @@ with lib;
    {
      home.packages =
        let
-          pandocScript = { inputFormat, outputFormat }:
+          pandocScript =
            { inputFormat, outputFormat }:
            pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
              ${pkgs.pandoc}/bin/pandoc \
                --from ${inputFormat} \
@ -135,10 +127,26 @@ with lib;
            ${pkgs.less}/bin/less
          '')
-        ] ++ (map pandocScript (lib.cartesianProduct {
+        ]
-          inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
+        ++ (map pandocScript (
-          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
+          lib.cartesianProduct {
-        }));
+            inputFormat = [
              "man"
              "markdown"
              "mediawiki"
              "asciidoc"
            ];
            outputFormat = [
              "mediawiki"
              "docbook5"
              "html5"
              "man"
              "jira"
              "markdown"
              "asciidoc"
            ];
          }
        ));
    }
  ];
--- a/homes/palo/packages/graphics.nix
+++ b/homes/palo/packages/graphics.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -6,15 +11,17 @@ with lib;
    home.packages = [
-      pureref
+      #pureref
      valentina
      gimp
      inkscape
      imagemagick
      nsxiv
      blender
      lightburn
-      colorpicker
+
      # to convert HEIC -> JPG
      # heif-dec -q 92 <name>.HEIC
      libheif
      darktable
      # CAD & 3D Plotting
      openscad
@ -23,6 +30,9 @@ with lib;
      qrencode
      xclicker
      xdotool
    ];
  };
--- a/homes/palo/packages/logseq.nix
+++ b/homes/palo/packages/logseq.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
--- a/homes/palo/packages/media.nix
+++ b/homes/palo/packages/media.nix
@ -1,5 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
-with pkgs;
+  pkgs,
  lib,
  config,
  ...
 }:
 with lib;
 {
@ -7,25 +11,24 @@ with lib;
    (mkIf config.gui.enable {
      home.packages = [
-        freetube
+
-        vlc
+        pkgs.share-via-http
        pkgs.freetube
        pkgs.vlc
        # music editors
        # =============
-        picard # musicbrainz editor
+        pkgs.picard # musicbrainz editor
-        #kid3-qt # id3 tag editor
+        pkgs.easytag
-        easytag
+        pkgs.dconf
-        dconf
+
        pkgs.jellyfin-mpv-shim
      ];
    })
    {
-      home.packages = [
+      home.packages = [ ];
        # music editors
        # =============
        kid3-cli
      ];
    }
  ];
 }
--- a/homes/palo/packages/nextcloud.nix
+++ b/homes/palo/packages/nextcloud.nix
@ -1,10 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 let
  nextcloud-client = pkgs.legacy_2311.nextcloud-client;
-  nextcloudSync = folder:
+  nextcloudSync =
    folder:
    let
      password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
      user = "palo";
@ -16,8 +22,7 @@ let
        "https://${user}:${password}@nextcloud.ingolf-wagner.de"
    '';
-  borrow = pkgs.writers.writeDashBin "borrow"
+  borrow = pkgs.writers.writeDashBin "borrow" ''
    ''
    ${getExe hledger-ui} \
      --all \
      --theme=terminal \
--- a/homes/palo/packages/packages.nix
+++ b/homes/palo/packages/packages.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -8,7 +13,6 @@ with lib;
    # ¯\_(ツ)_/¯
    home.packages = [
      nixos-shell
      # bluetooth gui
@ -47,6 +51,18 @@ with lib;
      # office
      pdfarranger
      # sewing
      #seamly2d
      #valentina
      # xorg/x11 macros
      # ---------------
      # wait 2 secs, than record mouse movements (use Ctrl-C to stop recording)
      # > cnee --record --mouse -o ./mouse-events.xnl --time 2
      # replay 3 times the mouse movements (zsh only)
      # > repeat 3 cnee --time 2 --replay -f ./mouse-events.xnl
      xnee
    ];
  };
--- a/homes/palo/packages/social.nix
+++ b/homes/palo/packages/social.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -8,7 +13,8 @@ with lib;
    home.packages = [
      emoji-picker
      signal-desktop
-      legacy_2311.fluffychat
+      #legacy_2311.fluffychat
      #fluffychat
    ];
  };
--- a/homes/palo/ssh.nix
+++ b/homes/palo/ssh.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
  pkgs,
  lib,
  config,
  ...
 }:
 {
  home.packages = [ pkgs.sshuttle ];
--- a/homes/palo/taskwarrior.nix
+++ b/homes/palo/taskwarrior.nix
@ -1,93 +1,47 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 with types;
 let
  mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
    mkOption {
      inherit example description default apply;
      type = with lib.types;
        let
          valueType = nullOr
            (oneOf [
              bool
              int
              float
              str
              (attrsOf valueType)
              (listOf valueType)
            ]) // {
            description = "bool, int, float or str";
            emptyValue.value = { };
          };
        in
        valueType;
    };
-
+  #taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
-  taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
+  taskwarrior-tui = pkgs.taskwarrior-tui;
  taskwarrior = pkgs.taskwarrior3;
 in
 {
  # bugwarrior (a bit fiddly)
  imports = [{
    options.bugwarrior.config = mkMagicMergeOption {
      type = attrs;
      default = { };
    };
    config = {
      home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config;
      # todo : before deleting this, put it in logseq
      home.packages = [
        (pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
          version = "develop";
          src = pkgs.fetchFromGitHub {
            owner = "ralphbean";
            repo = "bugwarrior";
            rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
            sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
          };
          propagatedBuildInputs = old.propagatedBuildInputs ++ [
            pkgs.legacy_2311.python3Packages.pydantic
            pkgs.legacy_2311.python3Packages.tomli
            pkgs.legacy_2311.python3Packages.email-validator
            pkgs.legacy_2311.python3Packages.packaging
          ];
        }))
      ];
    };
  }];
  config = mkIf config.gui.enable {
-    home.packages = with pkgs;
+    bugwarrior.enable = true;
-      [
+
    home.packages = [
      pkgs.timewarrior
      taskwarrior
      pkgs.tasksh
      pkgs.taskwarrior-hooks
      (pkgs.writeShellScriptBin "tsak" ''${taskwarrior}/bin/task "$@"'')
      pkgs.vit
      taskwarrior-tui
        timewarrior
        tasksh
        taskwarrior-hooks
        (pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
        vit
      (pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
      (pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
      (pkgs.writers.writeBashBin "calendar" ''
-          ${pkgs.taskwarrior}/bin/task calendar
+        ${taskwarrior}/bin/task calendar
-          ${pkgs.taskwarrior}/bin/task calendar_report
+        ${taskwarrior}/bin/task calendar_report
      '')
      # todo : belongs to calendar.nix
-        vdirsyncer
+      pkgs.vdirsyncer
-        khal
+      pkgs.khal
      (pkgs.writers.writeBashBin "kalendar" ''
        ${pkgs.vdirsyncer}/bin/vdirsyncer sync
        ${pkgs.khal}/bin/ikhal
--- a/homes/root/default.nix
+++ b/homes/root/default.nix
@ -2,6 +2,7 @@
  imports = [
    ../common
  ];
  gui.enable = false;
  home.stateVersion = "22.11";
--- a/homes/tina/logseq.nix
+++ b/homes/tina/logseq.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -6,10 +11,14 @@ with lib;
    home.packages = [
      logseq
    ];
-    home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
+    home.file.".config/Logseq/Preferences".source =
      (pkgs.formats.json { }).generate "LogseqPreferences.json"
        {
          spellcheck = {
-          dictionaries = [ "en-US" "de-DE" ];
+            dictionaries = [
              "en-US"
              "de-DE"
            ];
            dictionary = "";
          };
        };
--- a/homes/tina/packages.nix
+++ b/homes/tina/packages.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 with pkgs;
 with lib;
 {
@ -25,10 +30,7 @@ with lib;
      pdfarranger
      calibre
    ];
  };
 }
--- a/images/lib/remote-access.nix
+++ b/images/lib/remote-access.nix
@ -1,136 +0,0 @@
 {
  # cat ~/.ssh/id_rsa.pub
  publicSshKey ? ""
 , # remote-install-get-hiddenReceiver
  hiddenReceiver ? ""
 ,
 }:
 { config, lib, pkgs, ... }: {
  imports = [
    {
      # system setup
      networking.hostName = "liveos";
      users.extraUsers = {
        root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
      };
    }
    {
      # installed packages
      environment.systemPackages = with pkgs; [
        #style
        most
        rxvt_unicode.terminfo
        #monitoring tools
        htop
        iotop
        #network
        iptables
        iftop
        nmap
        #stuff for dl
        aria2
        #neat utils
        pciutils
        psmisc
        tmux
        usbutils
        git
        #unpack stuff
        p7zip
        unzip
        unrar
        #data recovery
        ddrescue
        ntfs3g
        dosfstools
      ];
    }
    {
      # bash configuration
      programs.bash = {
        enableCompletion = true;
        interactiveShellInit = ''
          HISTCONTROL='erasedups:ignorespace'
          HISTSIZE=65536
          HISTFILESIZE=$HISTSIZE
          shopt -s checkhash
          shopt -s histappend histreedit histverify
          shopt -s no_empty_cmd_completion
          complete -d cd
        '';
        promptInit = ''
          if test $UID = 0; then
            PS1='\[\033[1;31m\]\w\[\033[0m\] '
            PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
          elif test $UID = 1337; then
            PS1='\[\033[1;32m\]\w\[\033[0m\] '
            PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
          else
            PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
            PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
          fi
          if test -n "$SSH_CLIENT"; then
            PS1='\[\033[35m\]\h'" $PS1"
            PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
          fi
        '';
      };
    }
    {
      # ssh configuration
      services.openssh.enable = true;
      services.openssh.passwordAuthentication = false;
      systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
    }
    {
      # hidden ssh announce
      config =
        let
          torDirectory = "/var/lib/tor";
          hiddenServiceDir = torDirectory + "/onion/hidden-ssh";
        in
        {
          services.tor = {
            enable = true;
            client.enable = true;
            relay.onionServices.hidden-ssh = {
              version = 3;
              map = [{
                port = 22;
                target.port = 22;
              }];
            };
          };
          systemd.services.hidden-ssh-announce = {
            description = "irc announce hidden ssh";
            after = [ "tor.service" "network-online.target" ];
            wants = [ "tor.service" ];
            wantedBy = [ "multi-user.target" ];
            serviceConfig = {
              ExecStart = pkgs.writers.writeDash "irc-announce-ssh" ''
                set -efu
                until test -e ${hiddenServiceDir}/hostname; do
                  echo "still waiting for ${hiddenServiceDir}/hostname"
                  sleep 1
                done
                until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \
                  echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337
              '';
              PrivateTmp = "true";
              User = "tor";
              Type = "oneshot";
            };
          };
        };
    }
  ];
 }
--- a/images/machine-init-configuration.nix
+++ b/images/machine-init-configuration.nix
@ -1,56 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
      (import ./disko-config.nix { })
    ];
  networking.hostName = "nixos";
  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "4750e4b8";
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
  networking.networkmanager.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  environment.systemPackages = with pkgs; [
    vim
    wget
    htop
    silver-searcher
  ];
  environment.extraInit = ''
    # use vi shortcuts
    # ----------------
    set -o vi
    EDITOR=vim
  '';
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/images/remote-install/README.md
+++ b/images/remote-install/README.md
@ -1,18 +0,0 @@
 # remote installation iso
 - `./config.nix` : to generate the installation image
 - `./remote-service.nix` : tor configuration you have to start on your machine.
 ## Steps
 - import `./remote-service.nix` in your `/etc/nixos/configuration.nix`
 - `nixos-rebuild switch`
 - run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix` as `hiddenReceiver`
 - set the public key in `./config.nix`
 - run `nixos-generate -f install-iso -c ./config.nix`
 - prepare the usb stick : `sudo if=<path of the iso> of=/dev/<device> bs=4096`
 - boot the usb-stick at the new machine
 - run `remote-install-start-service`
 - after some time you will see a you can use to login to the new machine.
 Now you can do the normal installations procedure.
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Ingolf Wagner	1e1e8e8509	🚧 downsize cores	2024-12-23 08:39:44 +07:00
Forgejo Action :robot	f845906a69	⬆️ nix flake update	2024-12-09 03:40:35 +01:00
Forgejo Action :robot	84b3079d35	⬆️ nix flake update	2024-12-08 15:53:45 +01:00
Ingolf Wagner	b6279e415e	🔧 add todo torrents to rbackup	2024-12-08 14:47:49 +07:00
Forgejo Action :robot	7fb4455050	⬆️ nix flake update	2024-12-08 03:48:38 +01:00
Forgejo Action :robot	a49a95f1a4	⬆️ nix flake update	2024-12-07 17:11:24 +01:00
Ingolf Wagner	fd52105901	🐛 use upstream paperless-ngx because of a patch `8b81bddc76`	2024-12-07 19:14:52 +07:00
Ingolf Wagner	525f97460c	🐛 disable otel-collector-contrib override. https://github.com/NixOS/nixpkgs/issues/356708 seems to be fixed by now	2024-12-07 16:04:09 +07:00
Ingolf Wagner	dc3e39f0db	🔧 try unstable-small for nixpkgs, for quicker fix cycles	2024-12-06 21:57:54 +07:00
Ingolf Wagner	0c3915f1a6	🎨 nix fmt	2024-12-06 21:57:53 +07:00
Ingolf Wagner	d32a5609c8	⬆️ manual nix flake update	2024-12-03 20:45:26 +07:00
Ingolf Wagner	40854dd628	🔨 add addSys from ˈt͡sɛːzaɐ	2024-11-28 13:47:17 +07:00
Ingolf Wagner	c729802b6e	💚 fix CI build problems	2024-11-24 15:21:15 +07:00
Ingolf Wagner	be6b1fbfa4	✨ enable tika and gotenberg on paperless-ngx	2024-11-23 18:24:15 +07:00
Ingolf Wagner	6b4d8b2e71	🚑 pin clan-core revision because of clan-vars vs clan-facts	2024-11-23 14:25:37 +07:00
Ingolf Wagner	fe63dea188	🗑️ cleanup	2024-11-23 14:25:36 +07:00
Ingolf Wagner	1b47a9f823	♻️ service paperless split up	2024-11-23 14:25:35 +07:00
Ingolf Wagner	cfe528a4ff	🐛 fix clan update (with password-store)	2024-11-23 11:02:32 +07:00
Ingolf Wagner	d1264e3b47	📦 add share-http	2024-11-22 13:21:28 +07:00
Forgejo Action :robot	f92ad6fa16	⬆️ nix flake update	2024-11-19 09:40:59 +01:00
Forgejo Action :robot	f3b86c79a4	⬆️ nix flake update	2024-11-19 03:41:45 +01:00
Forgejo Action :robot	9d4187301b	⬆️ nix flake update	2024-11-18 21:40:38 +01:00
Forgejo Action :robot	caa8d760ce	⬆️ nix flake update	2024-11-18 15:41:57 +01:00
Ingolf Wagner	d3a10cc4b4	🚑 fix opentelemetry-collector-contrib problems https://github.com/NixOS/nixpkgs/issues/356708	2024-11-18 12:06:35 +07:00
Forgejo Action :robot	579540ed3c	⬆️ nix flake update	2024-11-18 03:42:39 +01:00
Forgejo Action :robot	a0884bd50c	⬆️ nix flake update	2024-11-17 21:41:37 +01:00
Forgejo Action :robot	a2544ed6cf	⬆️ nix flake update	2024-11-17 15:40:11 +01:00
Forgejo Action :robot	c8bf08b811	⬆️ nix flake update	2024-11-17 11:07:49 +01:00
Forgejo Action :robot	e28c2f979d	⬆️ nix flake update	2024-11-16 15:41:10 +01:00
Forgejo Action :robot	b7bcd5b9f7	⬆️ nix flake update	2024-11-16 09:40:09 +01:00
Forgejo Action :robot	5321ebc01d	⬆️ nix flake update	2024-11-16 03:42:08 +01:00
Forgejo Action :robot	5cdbf62e9b	⬆️ nix flake update	2024-11-15 21:40:10 +01:00
Forgejo Action :robot	e9d51213c6	⬆️ nix flake update	2024-11-15 15:41:08 +01:00
Ingolf Wagner	e0ad591fc5	add xnee for x11 macros	2024-11-15 16:30:59 +07:00
Ingolf Wagner	ff60ed5400	add steamcommunity.com to hosts.nix	2024-11-15 16:30:59 +07:00
Forgejo Action :robot	b0f5d2c64b	⬆️ nix flake update	2024-11-15 09:40:23 +01:00
Forgejo Action :robot	26acb97703	⬆️ nix flake update	2024-11-15 03:40:50 +01:00
Forgejo Action :robot	09309fed38	⬆️ nix flake update	2024-11-14 21:41:48 +01:00
Forgejo Action :robot	40239a2b93	⬆️ nix flake update	2024-11-14 15:48:13 +01:00
Forgejo Action :robot	d361bc2c3c	⬆️ nix flake update	2024-11-14 10:20:17 +01:00
Ingolf Wagner	4f3efeaa4c	🔧 add some minio information	2024-11-12 14:08:44 +09:00
Ingolf Wagner	4ac6d12b0c	🔧 change timezone	2024-11-12 13:57:10 +09:00
Ingolf Wagner	197e516ec1	✅ add *.ingolf-wagner.de healthchecks	2024-11-08 21:21:45 +09:00
Ingolf Wagner	03a5b33bbf	✅ update s3 healthchecks	2024-11-08 21:21:21 +09:00
Ingolf Wagner	e84fee5a36	✅ add s3 bucket healthchecks	2024-11-07 11:04:07 +09:00
Ingolf Wagner	266d9246c1	🐛 try to fix paperless OCR Problems	2024-11-05 17:45:42 +09:00
Forgejo Action :robot	f3e223e3a4	⬆️ nix flake update	2024-11-02 21:40:38 +01:00
Forgejo Action :robot	428482c99e	⬆️ nix flake update	2024-11-02 15:39:47 +01:00
Forgejo Action :robot	f0cb1d0b43	⬆️ nix flake update	2024-11-02 09:39:49 +01:00
Ingolf Wagner	f6427e5237	🔧 put nginx in front of navidrome	2024-11-02 16:35:32 +09:00
Forgejo Action :robot	d85780c563	⬆️ nix flake update	2024-10-31 15:05:51 +01:00
Ingolf Wagner	06af1cef58	📦 remove colorpicker	2024-10-31 19:23:51 +09:00
Ingolf Wagner	e5889daf0a	💄 style starship.rs	2024-10-31 14:08:05 +09:00
Ingolf Wagner	3afd6e851e	📦 oh-my-posh -> starship.rs	2024-10-30 15:45:40 +09:00
Ingolf Wagner	7ac796d908	📦 add selenium ide to browsers	2024-10-25 23:38:12 +09:00
Ingolf Wagner	b372a34a59	🔧 browser plugin configuration	2024-10-24 18:01:58 +09:00
Ingolf Wagner	5a96339104	🔧 add proxy configuration to chrome	2024-10-24 17:38:30 +09:00
Ingolf Wagner	14d9b4bdf5	🐛 fix nix flake update	2024-10-24 17:37:59 +09:00
Ingolf Wagner	362cbaea9b	🚧 fixing paperless error Input PDF has a digital signature. OCR would alter the document, invalidating the signature.	2024-10-23 14:40:23 +09:00
Ingolf Wagner	f911177ab7	🐛 fixing nix flake update	2024-10-23 09:20:19 +09:00
Ingolf Wagner	64b3e78f43	⬆️ nix flake update	2024-10-23 09:18:59 +09:00
Ingolf Wagner	117d55b27c	➖ remove kmonad, as it is part of NixOS now	2024-10-23 09:02:21 +09:00
Ingolf Wagner	1473a90df9	🔥 delete fluffychat	2024-10-23 00:46:30 +09:00
Ingolf Wagner	847bb88330	🔥 delete hoard	2024-10-23 00:29:03 +09:00
Ingolf Wagner	286e6d7578	📦 add ferdium	2024-10-23 00:20:17 +09:00
Ingolf Wagner	b201ee77c0	📦 add navi	2024-10-23 00:20:05 +09:00
Ingolf Wagner	733985c773	🔧 dedicated ssh key for cherry as well	2024-10-19 16:25:14 +09:00
Ingolf Wagner	74f7208936	🔥 delete cream	2024-10-19 16:24:26 +09:00
Ingolf Wagner	79db8373c2	Update facts/secrets for service ssh.root.cherry in machine cherry	2024-10-19 16:03:45 +09:00
Ingolf Wagner	0e3e67554a	🔒 use exclusive ssh key for chungus	2024-10-19 15:32:03 +09:00
Ingolf Wagner	9efa7f7ca6	🔥 cleanup	2024-10-19 15:23:18 +09:00
Ingolf Wagner	11fd6a6071	🚚 rename public key names	2024-10-19 15:22:53 +09:00
Ingolf Wagner	e68eed4216	🔥 cleanup	2024-10-19 15:22:20 +09:00
Ingolf Wagner	e612510267	Update facts/secrets for service mainUser.ssh.chungus in machine cherry	2024-10-19 14:59:29 +09:00
Ingolf Wagner	70b76d149a	🔥 delete unused images	2024-10-19 14:17:05 +09:00
Ingolf Wagner	4b12e04e15	🐛 fix migration to nixos-telemetry flake on orbi	2024-10-18 09:26:27 +09:00
Ingolf Wagner	8deb5b98ed	➕ migrate to nixos-telemetry flake	2024-10-16 23:22:52 +09:00
Forgejo Action :robot	180bd7ca44	⬆️ nix flake update	2024-10-14 14:39:52 +02:00
Ingolf Wagner	6668aa4a42	⬆️ use --time parameter always	2024-10-14 20:38:48 +09:00
Forgejo Action :robot	0662795882	⬆️ nix flake update	2024-10-14 08:39:12 +02:00
Ingolf Wagner	e7bc5e3c90	🔧 add orbi.public ssh key configuration	2024-10-14 14:28:25 +09:00
Forgejo Action :robot	a1502974f2	⬆️ nix flake update	2024-10-12 20:39:55 +02:00
Ingolf Wagner	403e3165b1	🔧 backup forgejo	2024-10-13 02:25:00 +09:00
Ingolf Wagner	f97ab14238	🔧 renamed forgejo-runners	2024-10-13 02:13:39 +09:00
Ingolf Wagner	b20dff2899	🐛 forgejo ssh port should be public available	2024-10-13 02:12:48 +09:00
Ingolf Wagner	94759e4a67	🏗️ update flake.nix inputs	2024-10-13 01:30:09 +09:00
Ingolf Wagner	dc890c2d5d	🔧 new git.ingolf-wagner.de:2222 knowhost key	2024-10-13 01:26:20 +09:00
Ingolf Wagner	f026fa1fdc	🏗️ forgejo: sqlite -> mysql	2024-10-13 01:25:39 +09:00
Ingolf Wagner	05fbad21e1	✅ test mysqlPort in photoprism	2024-10-13 01:24:32 +09:00
Forgejo Action :robot	bc7375024d	⬆️ nix flake update	2024-10-11 16:19:41 +02:00
Ingolf Wagner	5aef72baf9	📦 upgrade nextcloud	2024-10-10 10:01:42 +09:00
Ingolf Wagner	913aa0dae9	🔥 remove unused services	2024-10-10 09:35:28 +09:00
Ingolf Wagner	a46240a9e5	✅ add some more healthchecks	2024-10-10 09:35:02 +09:00
Ingolf Wagner	ad8333ccde	⬆️ update healthchecks dependency	2024-10-10 08:54:50 +09:00
Forgejo Action :robot	12bea7955e	⬆️ nix flake update	2024-10-09 14:47:29 +02:00
Ingolf Wagner	c73e0f43f4	✅ add a lot more healthchecks	2024-10-09 21:27:44 +09:00
Ingolf Wagner	171e7400ba	🐛 fix retiolum on chungus	2024-10-09 21:27:43 +09:00
Forgejo Action :robot	f5da6bc863	⬆️ nix flake update	2024-10-08 21:14:03 +02:00
Ingolf Wagner	a18428a120	⚡ fixing intel vaapi configuration	2024-10-08 23:34:42 +09:00
Ingolf Wagner	40911d4aa0	📦 update forgejo because of performance issues	2024-10-08 23:23:00 +09:00
Ingolf Wagner	e34dc222db	🔧 add glances	2024-10-08 22:56:22 +09:00
Ingolf Wagner	6d5dbcbafc	🔧 reconfigure logseq sync	2024-10-08 22:52:25 +09:00
Ingolf Wagner	743b196ec9	🔧 Add iPad in syncthing.nix	2024-10-07 14:50:56 +09:00
Ingolf Wagner	9a8717f9aa	🔧 borgbackup for paperless	2024-10-06 18:17:42 +09:00
Ingolf Wagner	90f61ebec4	🔧 borgbackup for paperless	2024-10-06 18:15:45 +09:00
Ingolf Wagner	07a2b5f2d1	🚧 borgbackup for paperless	2024-10-06 09:40:42 +09:00
Ingolf Wagner	253b146406	Update facts/secrets for service paperless-ngx.ssh in machine chungus	2024-10-06 09:22:23 +09:00
Ingolf Wagner	09d89ad596	✅ add healthcheck for syncthing-gui port	2024-10-03 15:31:46 +09:00
Ingolf Wagner	6d7056c9fb	⬆️ update healthchecks and fixed missconfiguration	2024-10-02 17:49:39 +09:00
Forgejo Action :robot	ee4274110c	⬆️ nix flake update	2024-09-30 14:42:25 +02:00
Ingolf Wagner	4a10bae866	➕ use nixos-healthchecks instead of verify	2024-09-30 20:48:04 +09:00
Forgejo Action :robot	177f77faab	⬆️ nix flake update	2024-09-28 14:45:11 +02:00
Ingolf Wagner	225401e4c2	⬆️ update private parts	2024-09-28 19:25:53 +09:00
Ingolf Wagner	5cccd77dad	📦 add darktable	2024-09-28 19:24:43 +09:00
Forgejo Action :robot	310f5fcf54	⬆️ nix flake update	2024-09-27 14:39:14 +02:00
Ingolf Wagner	6d01aa2529	🐛 fix legacy bugwarrior problems	2024-09-27 15:15:03 +09:00
Ingolf Wagner	fff6089b96	🔧 update bugwarrior configuration	2024-09-27 15:06:12 +09:00
Ingolf Wagner	9ec11a8a24	➕ migrate taskwarrior parts to taskwarrior-flake	2024-09-27 14:43:07 +09:00
Ingolf Wagner	226687604b	📦 add minicom	2024-09-27 14:39:58 +09:00
Ingolf Wagner	1d7f67471e	📦 add libheif	2024-09-27 14:25:38 +09:00
Forgejo Action :robot	99e65576a1	⬆️ nix flake update	2024-09-27 03:26:10 +02:00
Ingolf Wagner	d963855d75	🚑 fix clan behavior to implicitly use machines/<name>/configuration.nix	2024-09-27 09:03:46 +09:00
Ingolf Wagner	d4f826e32b	🚑 fix clan behavior to implicitly use machines/<name>/configuration.nix	2024-09-26 21:07:06 +09:00
Ingolf Wagner	96a2e00a96	🐛 pureref is not working anymore	2024-09-22 13:19:16 +09:00
Ingolf Wagner	a0d942dc6b	🎨 nix fmt	2024-09-22 12:50:50 +09:00
Ingolf Wagner	53bc9b3176	⬆️ update bugwarrior dependencies	2024-09-22 12:44:26 +09:00
Ingolf Wagner	39c29f7e60	⬆️ update bugwarrior dependencies	2024-09-22 12:42:36 +09:00
Ingolf Wagner	2bb52175d1	⬆️ update bugwarrior dependencies	2024-09-22 12:41:10 +09:00
Ingolf Wagner	1a9c1f4913	🔧 add wireguard device	2024-09-22 12:06:16 +09:00
Ingolf Wagner	361497a6e6	🚚 move packages around	2024-09-22 08:23:52 +09:00
Ingolf Wagner	4bd2f7f3f2	✅ add some more healtchecks	2024-09-22 08:22:49 +09:00
Ingolf Wagner	d70e39d6fa	🗑️ cleanup	2024-09-22 08:22:48 +09:00
Ingolf Wagner	e25dd3c59a	🔧 fix time zone	2024-09-22 08:20:03 +09:00
Ingolf Wagner	61eaadba3d	✅ improve verify flake module	2024-09-22 08:19:07 +09:00
Ingolf Wagner	9ae95ddb11	💄 update wallpaper.png	2024-09-22 08:16:58 +09:00
Ingolf Wagner	e4bfd58901	💚 try to fix forgejo builds It happens to be that forgejo is not cleaning up it's cache when doing scheduled runs.	2024-09-22 08:16:25 +09:00
Ingolf Wagner	2f769675fd	📝 add a comment	2024-09-17 08:44:54 +07:00
Ingolf Wagner	a5a36ce5c8	✨ Add Volume Commands to i3	2024-09-17 07:40:53 +07:00
Ingolf Wagner	eea3ddf0cf	♻️ minor refactoring	2024-09-16 08:58:27 +07:00
Ingolf Wagner	62315ee2c2	📝 update module documentation	2024-09-16 08:53:03 +07:00
Ingolf Wagner	e43f4514bc	✨ create verify.http options	2024-09-16 07:06:03 +07:00
Ingolf Wagner	c584bb39ce	✨ add service-taskchampion verify test	2024-09-16 06:36:08 +07:00
Forgejo Action :robot	e62d841524	⬆️ nix flake update	2024-09-15 08:43:38 +02:00
Ingolf Wagner	d0a34454d4	✅ add some more smoke tests.	2024-09-15 09:11:25 +07:00
Ingolf Wagner	743a9fc885	✅ add some smoke tests.	2024-09-15 07:22:02 +07:00
Ingolf Wagner	a52e1b39a0	🚚 get rid of modules/default.nix in verify flake module	2024-09-15 07:08:05 +07:00
Ingolf Wagner	614a1d8e37	✨ add local command to verify	2024-09-15 07:04:59 +07:00
Ingolf Wagner	7e8c3d41c9	🚸 improve verify flake	2024-09-15 06:09:53 +07:00
Ingolf Wagner	c264db7f13	📝 add documentation to verify flake module	2024-09-15 05:31:47 +07:00
Ingolf Wagner	577003f607	🚑 enable zfs auto snapshots again	2024-09-15 05:29:33 +07:00
Ingolf Wagner	267b8d73a0	⬆️ nix flake update	2024-09-15 04:53:32 +07:00
Ingolf Wagner	e5f1729bdc	🔧 enable push.autoSetupRemote	2024-09-15 04:48:47 +07:00
Ingolf Wagner	c53b563565	🔧 disable samba share because it has a new way to configure	2024-09-14 16:49:09 +07:00
Ingolf Wagner	8279af8370	🔧 use photoprism thumb unchached default	2024-09-14 08:52:00 +07:00
Ingolf Wagner	70aba78c06	♻️ refactor samba.extraConfig	2024-09-14 08:51:15 +07:00
Ingolf Wagner	c42e7e669a	✨ add counter to autoclicker script	2024-09-14 08:16:28 +07:00
Ingolf Wagner	9afb53585b	✨ add autoclicker script	2024-09-14 07:51:31 +07:00
Ingolf Wagner	31d674132b	✨ verify closed ports script kinda works now.	2024-09-14 07:09:41 +07:00
Ingolf Wagner	4c1a3ef72f	♻️ refactor the options interface	2024-09-14 06:02:32 +07:00
Ingolf Wagner	f49730a0a9	🚚 renaming	2024-09-13 14:36:17 +07:00
Ingolf Wagner	7ef34db19b	🚧 poc of rustscan script generator	2024-09-13 14:32:10 +07:00
Ingolf Wagner	e795a3bed9	🚑 don't use nextcloud deck for now, because of https://github.com/GothenburgBitFactory/bugwarrior/issues/1062	2024-09-13 11:37:46 +07:00
Forgejo Action :robot	a6284e6509	⬆️ nix flake update	2024-09-11 08:40:48 +02:00
Ingolf Wagner	1d044521e8	🚧 use nextcloud deck with bugwarrior	2024-09-11 10:36:15 +07:00
Ingolf Wagner	84a6dd2c8f	🔧 cache.orbi.wg0: 10 -> 50	2024-09-11 10:36:14 +07:00
Forgejo Action :robot	abe153cdce	⬆️ nix flake update	2024-09-08 08:41:53 +02:00
Ingolf Wagner	488a63db26	🚧 taskwarrior-webui as podman container but not working as expected	2024-09-08 11:29:49 +07:00
Ingolf Wagner	3a72b901b3	🔧 brightness configuration	2024-09-08 11:29:48 +07:00
Ingolf Wagner	347acf7e6e	🚧 working on taskwarrior-webui It can't use wireguard to access stuff, so we will put it on orbi behind an nginx	2024-09-08 11:29:47 +07:00
Ingolf Wagner	903e963d05	🚑 hotfix bugwarrior by introducing bugwarrior-sync	2024-09-08 11:29:46 +07:00
Ingolf Wagner	9aa5e1ef09	📦 update bugwarrior package	2024-09-08 11:29:45 +07:00
Forgejo Action :robot	7402e5ad5e	⬆️ nix flake update	2024-09-06 08:43:33 +02:00
Ingolf Wagner	f670c2af5f	🚚 rename services to service on chungus	2024-09-05 09:31:08 +07:00
Ingolf Wagner	5655847c08	📦 bump bugwarrior	2024-09-05 09:29:48 +07:00
Ingolf Wagner	7f27ccd07c	🚚 extract bugwarrior to packages	2024-09-05 09:21:16 +07:00
Ingolf Wagner	0e5387dfc0	🔧 remove hyperland from stylix	2024-09-04 16:51:59 +07:00
Ingolf Wagner	51e3d8df22	📦 add network packages	2024-09-04 16:32:40 +07:00
Ingolf Wagner	ae3a14f5fa	🔧 add jellyfin-mpv-shim	2024-09-04 07:57:18 +07:00
Ingolf Wagner	394790bf0e	💄 nix fmt	2024-09-03 18:21:26 +07:00
Ingolf Wagner	e619cc2dab	🔧 migrate to taskwarrior 3	2024-09-03 18:20:29 +07:00
Ingolf Wagner	c03727fd80	🔥 delete emacs	2024-09-03 18:19:24 +07:00
Ingolf Wagner	485cdfe116	✨ add etags	2024-09-01 21:23:00 +07:00
Ingolf Wagner	ad35b322c5	🐛 fix insecure packages error	2024-09-01 19:32:28 +07:00
Ingolf Wagner	96c388bbac	🔧 add some topology information	2024-08-31 23:29:18 +07:00
Forgejo Action :robot	229eff0d63	⬆️ nix flake update	2024-08-31 08:45:44 +02:00
Ingolf Wagner	8da0bbc3ef	🔧 add some topology information	2024-08-31 08:33:28 +07:00
Forgejo Action :robot	3833b870dd	⬆️ nix flake update	2024-08-30 14:41:05 +02:00
Ingolf Wagner	1564bd8d72	🔧 add some topology information	2024-08-30 17:34:57 +07:00
Ingolf Wagner	55c2e14337	🔧 configure nsxiv	2024-08-30 16:32:00 +07:00
Ingolf Wagner	ee13d7fa82	✨ add nix run .#topology	2024-08-30 14:18:51 +07:00
Forgejo Action :robot	2f3a6ba574	⬆️ nix flake update	2024-08-30 08:42:09 +02:00
Ingolf Wagner	f7ac29e2fa	➕ add nix-topology	2024-08-30 08:50:04 +07:00
Ingolf Wagner	71f9225dc6	♻️ refactored flake.nix inputs to easily sort them	2024-08-30 08:50:03 +07:00
Ingolf Wagner	aed3dbd602	🚚 private_assets -> private-parts	2024-08-30 07:31:06 +07:00
Ingolf Wagner	d1c9241245	♻️ move pkgs to nix/packages	2024-08-30 07:31:05 +07:00
Ingolf Wagner	db2187a2e7	♻️ migrated pkgs to flake-parts	2024-08-30 07:31:05 +07:00
Forgejo Action :robot	09d8f33a01	⬆️ nix flake update	2024-08-29 20:49:24 +02:00
Ingolf Wagner	0f42a99288	🎨 nix fmt	2024-08-29 13:22:51 +07:00
Ingolf Wagner	32e0eacffa	🔧 update formatter.nix	2024-08-29 13:22:29 +07:00
Ingolf Wagner	7a6510a4e6	nix fmt	2024-08-29 08:26:04 +07:00
Ingolf Wagner	200063fcb1	introduce treefmt-nix	2024-08-29 08:25:41 +07:00
Ingolf Wagner	2bc86a4912	improve syncthing.nix	2024-08-29 08:06:27 +07:00
Forgejo Action :robot	4c647291bc	⬆️ nix flake update	2024-08-28 08:42:30 +02:00
Ingolf Wagner	2758c873bb	made oh-my-posh look nice	2024-08-28 09:47:09 +07:00
Ingolf Wagner	a48aa680a4	clean up private_assets	2024-08-28 06:02:37 +07:00
Ingolf Wagner	581d41238c	fix timezone	2024-08-28 06:01:56 +07:00
Ingolf Wagner	4489b24659	fix timezones	2024-08-28 05:37:18 +07:00
Forgejo Action :robot	167875c1fc	⬆️ nix flake update	2024-08-27 21:06:57 +02:00
Ingolf Wagner	c4bd159888	configure photoprism	2024-08-27 17:03:22 +02:00
Ingolf Wagner	0430d97d24	fix clan core update	2024-08-27 15:30:09 +02:00
Ingolf Wagner	ffc8bcafa7	remove sternchen	2024-08-27 11:31:25 +02:00
Ingolf Wagner	0209b7ca42	remove overviewer	2024-08-27 09:43:40 +02:00
Ingolf Wagner	644705cdb2	no need for clanDir it breaks stuff	2024-08-27 09:17:23 +02:00
Ingolf Wagner	ec2a51c514	set clanDir manually	2024-08-27 07:30:02 +02:00
Ingolf Wagner	2e9bf75dab	don't use sternchen anymore	2024-08-27 05:17:18 +02:00
Ingolf Wagner	47f717392a	comment photoprism	2024-08-26 17:58:19 +02:00
Forgejo Action :robot	d0ff322489	⬆️ nix flake update	2024-08-23 20:44:13 +02:00
Ingolf Wagner	8879a739b6	fix photoprism	2024-08-23 17:02:48 +02:00
Forgejo Action :robot	a2a7763b47	⬆️ nix flake update	2024-08-23 09:18:02 +02:00
		`@ -1,4 +0,0 @@`
			`;; configure theme`
			`(setq doom-theme 'doom-solarized-light)`