🔧 configure media services to use ipv6 and zerotier

I currently blogs the update

.forgejo/workflows/nix_build.yaml

@@ -1,18 +1,17 @@
 name: Build all NixOS Configurations
-
 on:
   push:
     branches:
       - "**"
   schedule:
-    - cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
-
+    - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
 jobs:
   nix build:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
-
+        with:
+          clean: true
       - name: update nix flakes
         if: ${{ github.event_name == 'schedule' }}
         # we need to use our ssh key here because we need access to private flakes
@@ -30,7 +29,6 @@ jobs:
           echo $SSH_AGENT_PID
           kill $SSH_AGENT_PID
           rm .ssh_key
-
       - name: nix flake archive/check
         # we need to use our ssh key here because we need access to private flakes
         run: |
@@ -48,22 +46,16 @@ jobs:
           echo $SSH_AGENT_PID
           kill $SSH_AGENT_PID
           rm .ssh_key
-
       - name: nix build orbi
         run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
-
-      - name: nix build cream
-        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
-
+        #      - name: nix build cream
+        #        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
       - name: nix build cherry
         run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
-
       - name: nix build chungus
         run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
-
-      - name: nix build sternchen
-        run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
-
+      - name: nix build usbstick
+        run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
       - name: commit & push
         if: ${{ github.event_name == 'schedule' }}
         # only if all nix builds are fine we update our branch

components/README.md

@@ -1,6 +1,8 @@
 # components concept
 
 - components are kinda opinionated.
-- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
-- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
+- should be project agnostic (e.g.: configure bugwarrior via options but leave
+  specifics out).
+- `component.<toplevel>.enabled` should usually be the default for all it
+  subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
   - But default should make sense here!

components/chaospott.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 {
 
@@ -8,7 +13,7 @@ with lib;
   };
 
   config = mkIf (config.components.chaospott.enable && config.components.gui.audio.enable) {
-    hardware.pulseaudio.zeroconf.discovery.enable = true;
+    services.pulseaudio.zeroconf.discovery.enable = true;
     environment.systemPackages = with pkgs; [
       paprefs
     ];

components/default.nix

@@ -5,13 +5,12 @@
     ./gui
     ./mainUser.nix
     ./media
-    ./monitor
     ./network
     ./nixos
     ./terminal
     ./timezone.nix
+    ./virtualisation
     ./yubikey.nix
   ];
 
-
 }

components/gui/audio.nix

@@ -1,5 +1,10 @@
 # TODO test `alsactl init` after suspend to reinit mic
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.gui.audio.enable = mkOption {
@@ -7,46 +12,54 @@ with lib;
     default = config.components.gui.enable;
   };
 
-  config = mkIf (config.components.gui.audio.enable) {
+  config = mkMerge [
+    (mkIf (config.components.gui.audio.enable) {
 
-    security.rtkit.enable = true;
+      security.rtkit.enable = true;
+      hardware.bluetooth = {
+        enable = true;
+        powerOnBoot = true;
+      };
 
-    hardware.pulseaudio.enable = false;
+      environment.systemPackages = with pkgs; [
+        alsa-utils
 
-    hardware.bluetooth = {
-      enable = true;
-      powerOnBoot = true;
-    };
+        # PulseAudio control
+        # ------------------
+        ponymix
+        pavucontrol
+        lxqt.pavucontrol-qt
+      ];
 
-    environment.systemPackages = with pkgs; [
-      alsa-utils
-      alsaUtils
+      services.pipewire = {
+        #enable = true;
+        systemWide = true;
+        alsa.enable = true;
+        alsa.support32Bit = true;
+        pulse.enable = true;
+        jack.enable = true;
+      };
 
-      # PulseAudio control
-      # ------------------
-      ponymix
-      pavucontrol
-      lxqt.pavucontrol-qt
-    ];
+      environment.etc = {
+        "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+          bluez_monitor.properties = {
+            ["bluez5.enable-sbc-xq"] = true,
+            ["bluez5.enable-msbc"] = true,
+            ["bluez5.enable-hw-volume"] = true,
+            ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+          }
+        '';
+      };
+    })
 
-    services.pipewire = {
-      enable = true;
-      systemWide = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-      jack.enable = true;
-    };
+    {
 
-    environment.etc = {
-      "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
-        bluez_monitor.properties = {
-          ["bluez5.enable-sbc-xq"] = true,
-          ["bluez5.enable-msbc"] = true,
-          ["bluez5.enable-hw-volume"] = true,
-          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
-        }
-      '';
-    };
-  };
+      # this is always true
+      # seems other options enable this one
+      services.pipewire.enable = config.components.gui.audio.enable;
+      services.pulseaudio.enable = false;
+
+    }
+
+  ];
 }

components/gui/browser.nix

@@ -8,11 +8,14 @@ in
 
     programs.chromium.extensions = [
       "nngceckbapebfimnlniiiahkandclblb" # bitwarden
-      "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
+      # "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
       "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
       "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
       "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
       "jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
+      # "dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
+      # "mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
+      # "hnkcfpcejkafcihlgbojoidoihckciin" # Referer Control
     ];
 
     # overwrite use zram on small RAM systems

components/gui/default.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 with lib;
 {
   options.components.gui = {
@@ -10,10 +15,10 @@ with lib;
     ./audio.nix
     ./browser.nix
     ./cups.nix
-    ./fonts.nix
     ./home-manager
+    ./kde.nix
     ./kmonad.nix
-    #./noti.nix # todo: make this different (use password store and such)
+    ./noti.nix # todo: make this different (use password store and such)
     ./pass.nix
     ./steam.nix
     ./suspend.nix

components/gui/fonts.nix

@@ -1,36 +0,0 @@
-{ pkgs, config, lib, ... }:
-with lib;
-{
-  options.components.gui.style.enable = mkOption {
-    type = lib.types.bool;
-    default = config.components.gui.enable;
-  };
-
-  config = mkIf (config.components.gui.style.enable) {
-
-    fonts.packages = with pkgs; [
-
-      corefonts
-      hasklig
-      inconsolata
-      source-code-pro
-      symbola
-      ubuntu_font_family
-
-      # symbol fonts
-      # ------------
-      nerdfonts
-      powerline-fonts
-      font-awesome
-      fira-code-symbols
-      jetbrains-mono
-
-      # shell font
-      # ----------
-      terminus_font
-      gohufont
-
-    ];
-
-  };
-}

components/gui/home-manager/default.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 with lib;
 {
 

components/gui/kde.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+
+  options.components.gui.kde.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.components.gui.enable;
+  };
+
+  config = lib.mkIf (config.components.gui.kde.enable) {
+
+    services.desktopManager.plasma6.enable = true;
+
+  };
+}

components/gui/kmonad.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
 
   options.components.gui.kmonad.enable = lib.mkOption {
@@ -79,9 +84,21 @@
 
         in
         {
-          nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
-          dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
-          uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
+          nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
+            "lctl"
+            "lmet"
+            "lalt"
+          ];
+          dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
+            "lctl"
+            "lmet"
+            "lalt"
+          ];
+          uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
+            "lctl"
+            "lmet"
+            "lalt"
+          ];
         };
     };
   };

components/gui/noti.nix

@@ -1,6 +1,11 @@
 # notify me when a command is finished
 # todo : secret managment is shit
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.gui.noti.enable = mkOption {
@@ -11,29 +16,41 @@ with lib;
   # todo : put this in `/homes`
   config = mkIf (config.components.gui.noti.enable) {
 
-    sops.secrets.pushover_user_key = { };
-    sops.secrets.pushover_api_key = { };
-    sops.templates."noti.yaml".owner = config.users.users.mainUser.name;
-    sops.templates."noti.yaml".group = config.users.users.mainUser.group;
-    sops.templates."noti.yaml".content = ''
-      pushover:
-        userKey: ${config.sops.placeholder.pushover_user_key}
-        apiToken: ${config.sops.placeholder.pushover_api_key}
-    '';
+    clan.core.facts.services.noti = {
+      secret."noti.yaml" = { };
+      generator = {
+        prompt = "noti.yaml";
+        path = with pkgs; [ coreutils ];
+        script = ''
+          echo "$prompt_value" > "$secrets"/noti.yaml
+        '';
+      };
+    };
+
+    systemd.tmpfiles.settings.noti = {
+      # don't like to use a non tmpfs here, but does not work another way
+      "${config.users.users.mainUser.home}/.config/noti/noti.yaml"."C+" = {
+        user = config.users.users.mainUser.name;
+        group = config.users.users.mainUser.group;
+        mode = "400";
+        argument = config.clan.core.facts.services.noti.secret."noti.yaml".path;
+      };
+    };
+
+    #    sops.secrets.pushover_user_key = { };
+    #    sops.secrets.pushover_api_key = { };
+    #    sops.templates."noti.yaml".owner = config.users.users.mainUser.name;
+    #    sops.templates."noti.yaml".group = config.users.users.mainUser.group;
+    #    sops.templates."noti.yaml".content = ''
+    #      pushover:
+    #        userKey: ${config.sops.placeholder.pushover_user_key}
+    #        apiToken: ${config.sops.placeholder.pushover_api_key}
+    #    '';
 
     home-manager.users.mainUser = {
-      home.packages = [
-        (pkgs.writers.writeBashBin "noti" ''
-          ${pkgs.noti}/bin/noti --file ${config.sops.templates."noti.yaml".path} "$@"
-        '')
-        (pkgs.writers.writeBashBin "noti-pushover" ''
-          ${pkgs.noti}/bin/noti --pushover --file ${config.sops.templates."noti.yaml".path} "$@"
-        '')
-      ];
-
-      ## not working :(
-      #programs.noti.enable = true;
-      #xdg.configFile."noti/noti.yaml".source = toString config.sops.templates."noti.yaml".path;
+      programs.noti.enable = true;
+      #      xdg.configFile."noti/noti.yaml".target = "/run/facts/mainUser.noti.yaml";
     };
+
   };
 }

components/gui/pass.nix

@@ -1,11 +1,17 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 let
 
   # desktop file
   # ------------
   # makes it possible to be used by other programs
-  desktopFile = name: bin:
+  desktopFile =
+    name: bin:
     pkgs.writeTextFile {
       name = "${name}.desktop";
       destination = "/share/applications/${name}.desktop";
@@ -34,7 +40,9 @@ in
     environment.systemPackages = [
       (pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
       # todo : use upstream desktop file creator
-      (desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
+      (desktopFile "passmenu" "${
+        pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
+      }/bin/passmenu --type -l 10")
 
       pkgs.otpmenu
 

components/gui/steam.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.gui.steam.enable = mkOption {
@@ -13,8 +18,6 @@ with lib;
         /var/run/wrappers/bin/sudo -u steam -i ${pkgs.steam}/bin/steam $@
       '')
       pkgs.xorg.xhost
-      # to use xbox controllers
-      pkgs.xboxdrv
     ];
 
     users.users.steam = {
@@ -22,7 +25,12 @@ with lib;
       isSystemUser = true;
       home = "/home/steam";
       createHome = true;
-      extraGroups = [ "audio" "input" "video" "pipewire" ];
+      extraGroups = [
+        "audio"
+        "input"
+        "video"
+        "pipewire"
+      ];
       group = "steam";
       shell = pkgs.bashInteractive;
     };

components/gui/suspend.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.gui.suspend.enable = mkOption {
@@ -13,13 +18,11 @@ with lib;
       requiredBy = [ "sleep.target" ];
       environment =
         let
-          display =
-            if (config.services.xserver.display != null) then
-              config.services.xserver.display
-            else
-              0;
+          display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
         in
-        { DISPLAY = ":${toString display}"; };
+        {
+          DISPLAY = ":${toString display}";
+        };
       script = ''
         ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
         sleep 1

components/gui/vscode.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.gui.vscode.enable = mkOption {

components/gui/wayland.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
 

components/gui/xorg/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
 
@@ -9,73 +14,85 @@ with lib;
     default = config.components.gui.enable;
   };
 
-  config = mkIf (config.components.gui.xorg.enable && config.components.gui.enable) {
-
-    # system.custom.fonts.enable = true;
-    services.displayManager = {
-      defaultSession = lib.mkDefault "none+i3";
-      autoLogin.enable = lib.mkDefault true;
-      autoLogin.user = config.users.users.mainUser.name;
-    };
-
-    services.xserver = {
-
-      enable = true;
-
-      displayManager = {
-        lightdm.enable = lib.mkDefault true;
-      };
-
-      desktopManager.xterm.enable = false;
-      windowManager.i3.enable = true;
-
-      # mouse/touchpad
-      # --------------
-
-    };
-
-    services.libinput = {
-      enable = true;
-      touchpad = {
-        disableWhileTyping = true;
-        tapping = true;
-        scrollMethod = "twofinger";
-        accelSpeed = "1.3";
-        naturalScrolling = true;
-        horizontalScrolling = true;
-      };
-    };
-
-    # Packages
-    # --------
-    environment.systemPackages = with pkgs; [
-
-      xclip
-      xtrlock-pam
-      xorg.xev
-
-      dmenu
-      arandr
-      xcalib
-      flameshot
-      feh
-
-    ];
-
-    # Xresources config
-    # -----------------
-    # spread the Xresource config
-    # across different files
-    # just add a file into `/etc/X11/Xresource.d/` and it will be
-    # evaluated.
-    services.xserver.displayManager.sessionCommands = ''
-      for file in `ls /etc/X11/Xresource.d/`
-      do
-        ${pkgs.xorg.xrdb}/bin/xrdb -merge /etc/X11/Xresource.d/$file
-      done
-    '';
-    environment.etc."/X11/Xresource.d/.keep".text = "";
-
+  options.components.gui.xorg.lightdm.enable = mkOption {
+    type = lib.types.bool;
+    default = config.components.gui.xorg.enable;
   };
-}
 
+  options.components.gui.xorg.sddm.enable = mkOption {
+    type = lib.types.bool;
+    default = !config.components.gui.xorg.lightdm.enable;
+  };
+
+  config = mkMerge [
+
+    (mkIf (config.components.gui.xorg.lightdm.enable && config.components.gui.xorg.enable) {
+
+      services.displayManager = {
+        defaultSession = "none+i3";
+        autoLogin.enable = lib.mkDefault true;
+        autoLogin.user = config.users.users.mainUser.name;
+      };
+
+      services.xserver.displayManager.lightdm.enable = true;
+
+    })
+
+    (mkIf (config.components.gui.xorg.sddm.enable && config.components.gui.xorg.enable) {
+
+      services.xserver.displayManager.sddm.enable = true;
+
+    })
+
+    (mkIf (config.components.gui.xorg.enable && config.components.gui.enable) {
+
+      services.xserver.enable = true;
+
+      services.xserver.windowManager.i3.enable = true;
+
+      services.libinput = {
+        enable = true;
+        touchpad = {
+          disableWhileTyping = true;
+          tapping = true;
+          scrollMethod = "twofinger";
+          accelSpeed = "1.3";
+          naturalScrolling = true;
+          horizontalScrolling = true;
+        };
+      };
+
+      # Packages
+      # --------
+      environment.systemPackages = with pkgs; [
+
+        xclip
+        #xtrlock-pam
+        xorg.xev
+
+        dmenu
+        arandr
+        xcalib
+        flameshot
+        feh
+
+      ];
+
+      # Xresources config
+      # -----------------
+      # spread the Xresource config
+      # across different files
+      # just add a file into `/etc/X11/Xresource.d/` and it will be
+      # evaluated.
+      services.xserver.displayManager.sessionCommands = ''
+        for file in `ls /etc/X11/Xresource.d/`
+        do
+          ${pkgs.xorg.xrdb}/bin/xrdb -merge /etc/X11/Xresource.d/$file
+        done
+      '';
+      environment.etc."/X11/Xresource.d/.keep".text = "";
+
+    })
+
+  ];
+}

components/gui/xorg/xlock.nix

@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
 with lib;
 let
 

components/mainUser.nix

@@ -1,18 +1,20 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 with types;
 let
 
   cfg = config.components.mainUser;
 
-  dockerGroup =
-    if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
+  # todo : use optionalList
+  dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
 
-  vboxGroup =
-    if (config.virtualisation.virtualbox.host.enable) then
-      [ "vboxusers" ]
-    else
-      [ ];
+  # todo : use optionalList
+  vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
 
 in
 {
@@ -71,8 +73,20 @@ in
         uid = cfg.uid;
         home = "/home/${cfg.userName}";
         initialPassword = cfg.userName;
-        extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
-          ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
+        extraGroups =
+          [
+            "wheel"
+            "networkmanager"
+            "transmission"
+            "wireshark"
+            "audio"
+            "pipewire"
+            "input"
+            "dialout"
+          ]
+          ++ dockerGroup
+          ++ vboxGroup
+          ++ cfg.extraGroups;
         openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
         group = config.users.groups.mainUser.name;
       };

components/media/icecast.nix

@@ -4,7 +4,12 @@
 # * connect via mixxx to it.
 # * add the podcast to mpd in the same network
 # --------------------------------------------------
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 
 let

components/media/tts.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
 

components/media/video.nix

@@ -1,31 +1,35 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 with lib;
 
 let
-  obs-cmd = pkgs.rustPlatform.buildRustPackage
-    rec {
-      pname = "obs-cmd";
-      version = "v0.15.2";
-      src = pkgs.fetchFromGitHub {
-        owner = "grigio";
-        repo = "obs-cmd";
-        rev = version;
-        sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
-      };
-
-      cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
-      #cargoSha256 = fakeSha256;
-
-      meta = with lib; {
-        description = "a minimal obs CLI for obs-websocket v5";
-        homepage = "https://github.com/grigio/obs-cmd";
-        license = licenses.mit;
-        maintainers = [ maintainers.mrVanDalo ];
-        platforms = platforms.all;
-      };
+  obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
+    pname = "obs-cmd";
+    version = "v0.15.2";
+    src = pkgs.fetchFromGitHub {
+      owner = "grigio";
+      repo = "obs-cmd";
+      rev = version;
+      sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
     };
 
+    cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
+    #cargoSha256 = fakeSha256;
+
+    meta = with lib; {
+      description = "a minimal obs CLI for obs-websocket v5";
+      homepage = "https://github.com/grigio/obs-cmd";
+      license = licenses.mit;
+      maintainers = [ maintainers.mrVanDalo ];
+      platforms = platforms.all;
+    };
+  };
+
   # Lassulus streaming setup
   # -------------------------
   # ffmpeg \
@@ -53,7 +57,12 @@ let
     name = "screen-keys";
     paths =
       let
-        screenKeyScript = { position ? "bottom", size ? "small", ... }:
+        screenKeyScript =
+          {
+            position ? "bottom",
+            size ? "small",
+            ...
+          }:
           pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
             ''
               ${pkgs.screenkey}/bin/screenkey \
@@ -65,27 +74,41 @@ let
                                 "$@"
             '';
       in
-      lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
-        lib.flip map [ "top" "center" "bottom" ]
-          (position: screenKeyScript { inherit size position; })));
+      lib.flatten (
+        lib.flip map
+          [
+            "large"
+            "small"
+            "medium"
+          ]
+          (
+            size:
+            lib.flip map [
+              "top"
+              "center"
+              "bottom"
+            ] (position: screenKeyScript { inherit size position; })
+          )
+      );
   };
 
-
   mpvReview =
     let
-      moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
-        tmp_dir = "${dir}"
+      moveToDir =
+        key: dir:
+        pkgs.writeText "move-with-${key}.lua" ''
+          tmp_dir = "${dir}"
 
-        function move_current_track_${key}()
-          track = mp.get_property("path")
-          os.execute("mkdir -p '" .. tmp_dir .. "'")
-          os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
-          print("moved '" .. track .. "' to " .. tmp_dir)
-          mp.command("playlist-next")
-        end
+          function move_current_track_${key}()
+            track = mp.get_property("path")
+            os.execute("mkdir -p '" .. tmp_dir .. "'")
+            os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
+            print("moved '" .. track .. "' to " .. tmp_dir)
+            mp.command("playlist-next")
+          end
 
-        mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
-      '';
+          mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
+        '';
       delete = moveToDir "D" "./.graveyard";
       good = moveToDir "G" "./.good";
     in
@@ -110,11 +133,10 @@ in
 
   config = mkIf (config.components.media.video.enable) {
 
-
     home-manager.sharedModules = [
       {
         programs.obs-studio = {
-          enable = true;
+          enable = false;
           plugins = with pkgs.obs-studio-plugins; [
             obs-backgroundremoval
             obs-vaapi
@@ -123,7 +145,6 @@ in
       }
     ];
 
-
     boot.kernelModules = [ "v4l2loopback" ];
     boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
 
@@ -137,25 +158,22 @@ in
       alphaSafe
       sanitizeFolder
 
-
       # obs studio stuff
       obs-cli
       v4l-utils
-      obs-cmd
+      #obs-cmd
 
       # to record your screen
       # ---------------------
-      simplescreenrecorder
+      #simplescreenrecorder
       screenKey
       #obs-studio
 
       # to transcode video material
       # ---------------------------
-      handbrake
+      #      handbrake
       ffmpeg-full
 
-
     ];
   };
 }
-

components/monitor/container.nix

@@ -1,18 +0,0 @@
-{ lib, config, ... }:
-with lib;
-with types;
-{
-  imports = [
-    ./default.nix
-    ../timezone.nix
-  ];
-
-  config = {
-    components.monitor.enable = mkDefault true;
-    components.monitor.metrics.enable = mkDefault false;
-    components.monitor.opentelemetry.enable = false;
-
-    services.journald.extraConfig = "SystemMaxUse=1G";
-  };
-
-}

components/monitor/default.nix

@@ -1,32 +0,0 @@
-{ lib, config, ... }:
-with lib;
-with types;
-{
-
-  options.components.monitor = {
-    enable = mkOption {
-      type = bool;
-      default = true;
-    };
-    metrics.enable = mkOption {
-      type = bool;
-      default = config.components.monitor.enable;
-    };
-    logs.enable = mkOption {
-      type = bool;
-      default = config.components.monitor.enable;
-    };
-  };
-
-  imports = [
-    ./logs-promtail.nix
-    ./metrics-export-zfs.nix
-    ./metrics-netdata.nix
-    ./metrics-prometheus.nix
-    ./metrics-telegraf.nix
-    ./opentelemetry.nix
-  ];
-
-  config = mkIf config.components.monitor.enable { };
-
-}

components/monitor/logs-promtail.nix

@@ -1,178 +0,0 @@
-{ config, lib, ... }:
-with lib;
-with types;
-let
-  cfg = config.components.monitor.promtail;
-in
-{
-  options.components.monitor.promtail = {
-    enable = mkOption {
-      type = lib.types.bool;
-      default = config.components.monitor.logs.enable;
-    };
-    port = mkOption {
-      type = int;
-      default = 3500;
-      description = "port to provide promtail export";
-    };
-  };
-
-  config = mkMerge [
-
-    (mkIf config.components.monitor.opentelemetry.enable {
-      services.opentelemetry-collector.settings = {
-        receivers.loki = {
-          protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
-          use_incoming_timestamp = true;
-        };
-        service.pipelines.logs.receivers = [ "loki" ];
-      };
-    })
-
-    (mkIf config.components.monitor.promtail.enable {
-      services.promtail = {
-        enable = true;
-        configuration = {
-          server. disable = true;
-          positions.filename = "/var/cache/promtail/positions.yaml";
-
-          clients = [
-            { url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
-          ];
-
-          scrape_configs =
-
-            let
-              _replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
-              _elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
-              _if = index: ''{{ if eq .Value "${toString index}" }}'';
-              _end = ''{{ end }}'';
-              elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
-              ifblock = index: replacement: "${_if index}${_replace index replacement}";
-              createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
-            in
-            [
-              {
-                job_name = "journal";
-                journal = {
-                  json = true;
-                  max_age = "12h";
-                  labels.job = "systemd-journal";
-                };
-                pipeline_stages = [
-                  {
-                    # Set of key/value pairs of JMESPath expressions. The key will be
-                    # the key in the extracted data while the expression will be the value,
-                    # evaluated as a JMESPath from the source data.
-                    json.expressions = {
-                      # journalctl -o json | jq and you'll see these
-                      boot_id = "_BOOT_ID";
-                      facility = "SYSLOG_FACILITY";
-                      facility_label = "SYSLOG_FACILITY";
-                      instance = "_HOSTNAME";
-                      msg = "MESSAGE";
-                      priority = "PRIORITY";
-                      priority_label = "PRIORITY";
-                      transport = "_TRANSPORT";
-                      unit = "_SYSTEMD_UNIT";
-                      # coredump
-                      #coredump_cgroup = "COREDUMP_CGROUP";
-                      #coredump_exe = "COREDUMP_EXE";
-                      #coredump_cmdline = "COREDUMP_CMDLINE";
-                      #coredump_uid = "COREDUMP_UID";
-                      #coredump_gid = "COREDUMP_GID";
-                    };
-                  }
-                  {
-                    # Set the unit (defaulting to the transport like audit and kernel)
-                    template = {
-                      source = "unit";
-                      template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
-                    };
-                  }
-                  {
-                    # Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
-                    replace = {
-                      source = "unit";
-                      expression = "^(session-\\d+.scope)$";
-                      replace = "session.scope";
-                    };
-                  }
-                  {
-                    # Map priority to human readable
-                    template = {
-                      source = "priority_label";
-                      #template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
-                      template = createTemplateLine [
-                        "emergency"
-                        "alert"
-                        "critical"
-                        "error"
-                        "warning"
-                        "notice"
-                        "info"
-                        "debug"
-                      ];
-                    };
-                  }
-                  {
-                    # Map facility to human readable
-                    template =
-                      {
-                        source = "facility_label";
-                        template = createTemplateLine [
-                          "kern" # Kernel messages
-                          "user" # User-level messages
-                          "mail" # Mail system	Archaic POSIX still supported and sometimes used (for more mail(1))
-                          "daemon" # System daemons	All daemons, including systemd and its subsystems
-                          "auth" # Security/authorization messages	Also watch for different facility 10
-                          "syslog" # Messages generated internally by syslogd	For syslogd implementations (not used by systemd, see facility 3)
-                          "lpr" # Line printer subsystem (archaic subsystem)
-                          "news" # Network news subsystem (archaic subsystem)
-                          "uucp" # UUCP subsystem (archaic subsystem)
-                          "clock" # Clock daemon	systemd-timesyncd
-                          "authpriv" # Security/authorization messages	Also watch for different facility 4
-                          "ftp" # FTP daemon
-                          "-" # NTP subsystem
-                          "-" # Log audit
-                          "-" # Log alert
-                          "cron" # Scheduling daemon
-                          "local0" # Local use 0 (local0)
-                          "local1" # Local use 1 (local1)
-                          "local2" # Local use 2 (local2)
-                          "local3" # Local use 3 (local3)
-                          "local4" # Local use 4 (local4)
-                          "local5" # Local use 5 (local5)
-                          "local6" # Local use 6 (local6)
-                          "local7" # Local use 7 (local7)
-                        ];
-                      };
-                  }
-                  {
-                    # Key is REQUIRED and the name for the label that will be created.
-                    # Value is optional and will be the name from extracted data whose value
-                    # will be used for the value of the label. If empty, the value will be
-                    # inferred to be the same as the key.
-                    labels = {
-                      boot_id = "";
-                      facility = "";
-                      facility_label = "";
-                      instance = "";
-                      priority = "";
-                      priority_label = "";
-                      transport = "";
-                      unit = "";
-                    };
-                  }
-                  {
-                    # Write the proper message instead of JSON
-                    output.source = "msg";
-                  }
-                ];
-              }
-            ];
-        };
-      };
-    })
-  ];
-}

components/monitor/metrics-export-zfs.nix

@@ -1,32 +0,0 @@
-{ pkgs, config, lib, ... }:
-with lib;
-with types;
-{
-  options.components.monitor.exporters.zfs.enable = mkOption {
-    type = lib.types.bool;
-    default = config.components.monitor.metrics.enable;
-  };
-
-  config = mkMerge [
-    (mkIf config.components.monitor.exporters.zfs.enable {
-
-      services.telegraf.extraConfig.inputs.zfs = { };
-
-      services.prometheus.exporters.zfs.enable = true;
-      services.opentelemetry-collector.settings = {
-        receivers.prometheus.config.scrape_configs = [
-          {
-            job_name = "zfs";
-            scrape_interval = "10s";
-            static_configs = [{
-              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
-            }];
-          }
-        ];
-        service.pipelines.metrics.receivers = [ "prometheus" ];
-      };
-
-    })
-  ];
-
-}

components/monitor/metrics-netdata.nix

@@ -1,35 +0,0 @@
-{ lib, pkgs, config, ... }:
-with lib;
-with types;
-{
-  options.components.monitor.netdata = {
-    enable = mkOption {
-      type = bool;
-      default = config.components.monitor.metrics.enable;
-    };
-  };
-
-  config = mkIf config.components.monitor.netdata.enable {
-
-    # netdata sink
-    services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
-      {
-        job_name = "netdata";
-        scrape_interval = "10s";
-        metrics_path = "/api/v1/allmetrics";
-        params.format = [ "prometheus" ];
-        static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
-      }
-    ];
-
-    # https://docs.netdata.cloud/daemon/config/
-    services.netdata = {
-      enable = lib.mkDefault true;
-      config = {
-        global = {
-          "memory mode" = "ram";
-        };
-      };
-    };
-  };
-}

components/monitor/metrics-prometheus.nix

@@ -1,45 +0,0 @@
-{ config, lib, ... }:
-with lib;
-with types;
-let
-  cfg = config.components.monitor.prometheus;
-in
-{
-  options.components.monitor.prometheus = {
-    enable = mkOption {
-      type = lib.types.bool;
-      default = config.components.monitor.metrics.enable;
-    };
-    port = mkOption {
-      type = int;
-      default = 8090;
-      description = "port to provide Prometheus export";
-    };
-  };
-
-  config = mkMerge [
-
-    (mkIf config.components.monitor.prometheus.enable {
-      services.prometheus = {
-        checkConfig = "syntax-only";
-        enable = true;
-      };
-    })
-
-    (mkIf config.components.monitor.prometheus.enable {
-      services.opentelemetry-collector.settings = {
-        exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
-        service.pipelines.metrics.exporters = [ "prometheus" ];
-      };
-      services.prometheus.scrapeConfigs = [
-        {
-          job_name = "opentelemetry";
-          metrics_path = "/metrics";
-          scrape_interval = "10s";
-          static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
-        }
-      ];
-    })
-
-  ];
-}

components/monitor/metrics-telegraf.nix

@@ -1,50 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-with types;
-let
-  cfg = config.components.monitor.telegraf;
-in
-{
-  options.components.monitor.telegraf = {
-    enable = mkOption {
-      type = lib.types.bool;
-      default = config.components.monitor.metrics.enable;
-    };
-    influxDBPort = mkOption {
-      type = int;
-      default = 8088;
-      description = "Port to listen on influxDB input";
-    };
-  };
-
-  config = lib.mkMerge [
-    (mkIf config.components.monitor.telegraf.enable {
-      # opentelemetry wireing
-      services.opentelemetry-collector.settings = {
-        receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
-        service.pipelines.metrics.receivers = [ "influxdb" ];
-      };
-      services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
-    })
-
-    (mkIf config.components.monitor.telegraf.enable {
-
-      systemd.services.telegraf.path = [ pkgs.inetutils ];
-
-      services.telegraf = {
-        enable = true;
-        extraConfig = {
-          # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
-          inputs = {
-            cpu = { };
-            diskio = { };
-            processes = { };
-            system = { };
-            systemd_units = { };
-            ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
-          };
-        };
-      };
-    })
-  ];
-}

components/monitor/opentelemetry.nix

@@ -1,205 +0,0 @@
-{ pkgs, config, lib, ... }:
-with lib;
-with types;
-let
-  cfg = config.components.monitor.opentelemetry;
-in
-{
-  options.components.monitor.opentelemetry = {
-    enable = mkOption {
-      type = bool;
-      default = config.components.monitor.enable;
-      description = "weather or not to use opentelemetry";
-    };
-    receiver.endpoint = mkOption {
-      type = nullOr str;
-      default = null;
-      description = "endpoint to receive the opentelementry data from other collectors";
-    };
-    exporter.endpoint = mkOption {
-      type = nullOr str;
-      default = null;
-      description = "endpoint to ship opentelementry data too";
-    };
-    exporter.debug = mkOption {
-      type = nullOr (enum [ "logs" "metrics" ]);
-      default = null;
-      description = "enable debug exporter.";
-    };
-    metrics.endpoint = mkOption {
-      type = str;
-      default = "127.0.0.1:8100";
-      description = "endpoint on where to provide opentelementry metrics";
-    };
-  };
-
-  config = mkMerge [
-
-    (mkIf config.components.monitor.opentelemetry.enable {
-      services.opentelemetry-collector = {
-        enable = true;
-        package = pkgs.opentelemetry-collector-contrib;
-      };
-    })
-
-    # add default tags to metrics
-    # todo : make sure we filter out metrics from otlp receivers
-    (mkIf config.components.monitor.enable {
-      services.opentelemetry-collector.settings = {
-
-        processors = {
-
-          # https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
-          "resourcedetection/system" = {
-            detectors = [ "system" ];
-            override = false;
-            system.hostname_sources = [ "os" ];
-          };
-
-          metricstransform.transforms = [
-            {
-              include = ".*";
-              match_type = "regexp";
-              action = "update";
-              operations = [{
-                action = "add_label";
-                new_label = "machine";
-                new_value = config.networking.hostName;
-              }];
-            }
-          ];
-        };
-      };
-    })
-    (mkIf config.components.monitor.metrics.enable {
-      services.opentelemetry-collector.settings = {
-        service.pipelines.metrics.processors = [
-          "metricstransform"
-          "resourcedetection/system"
-        ];
-      };
-    })
-    (mkIf config.components.monitor.logs.enable {
-      services.opentelemetry-collector.settings = {
-        service.pipelines.logs.processors = [ "resourcedetection/system" ];
-      };
-    })
-
-
-    (mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
-      services.opentelemetry-collector.settings = {
-        exporters.debug = {
-          verbosity = "detailed";
-          sampling_initial = 5;
-          sampling_thereafter = 200;
-        };
-        service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
-          exporters = [ "debug" ];
-        };
-
-      };
-    })
-
-    # ship to next instance
-    (mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
-      services.opentelemetry-collector.settings = {
-        exporters.otlp = {
-          endpoint = cfg.exporter.endpoint;
-          tls.insecure = true;
-        };
-      };
-    })
-    (mkIf
-      (
-        config.components.monitor.opentelemetry.exporter.endpoint != null &&
-        config.components.monitor.logs.enable
-      )
-      {
-        services.opentelemetry-collector.settings = {
-          service.pipelines.logs.exporters = [ "otlp" ];
-        };
-      })
-    (mkIf
-      (
-        config.components.monitor.opentelemetry.exporter.endpoint != null &&
-        config.components.monitor.metrics.enable
-      )
-      {
-        services.opentelemetry-collector.settings = {
-          service.pipelines.metrics.exporters = [ "otlp" ];
-        };
-      })
-
-    # ship from other instance
-    (mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
-      services.opentelemetry-collector.settings = {
-        receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
-      };
-    })
-    (mkIf
-      (
-        config.components.monitor.opentelemetry.receiver.endpoint != null &&
-        config.components.monitor.logs.enable
-      )
-      {
-        services.opentelemetry-collector.settings = {
-          service.pipelines.logs.receivers = [ "otlp" ];
-        };
-      })
-    (mkIf
-      (
-        config.components.monitor.opentelemetry.receiver.endpoint != null &&
-        config.components.monitor.metrics.enable
-      )
-      {
-        services.opentelemetry-collector.settings = {
-          service.pipelines.metrics.receivers = [ "otlp" ];
-        };
-      })
-
-
-
-    # scrape opentelemetry-colectors metrics
-    # todo: this should be collected another way (opentelemetry internal?)
-    # todo : enable me only when metrics.endpoint is set.
-    (mkIf config.components.monitor.metrics.enable {
-      services.opentelemetry-collector.settings = {
-        receivers = {
-          prometheus.config.scrape_configs = [
-            {
-              job_name = "otelcol";
-              scrape_interval = "10s";
-              static_configs = [{
-                targets = [ cfg.metrics.endpoint ];
-              }];
-              metric_relabel_configs = [
-                {
-                  source_labels = [ "__name__" ];
-                  regex = ".*grpc_io.*";
-                  action = "drop";
-                }
-              ];
-            }
-          ];
-        };
-
-        service = {
-          pipelines.metrics = {
-            receivers = [ "prometheus" ];
-          };
-
-          # todo : this should be automatically be collected
-          # open telemetries own metrics?
-          telemetry.metrics.address = cfg.metrics.endpoint;
-        };
-
-      };
-    })
-    (mkIf (! config.components.monitor.metrics.enable) {
-      services.opentelemetry-collector.settings = {
-        service.telemetry.metrics.level = "none";
-      };
-    })
-  ];
-
-}

components/network/default.nix

@@ -11,7 +11,6 @@ with types;
 
   imports = [
     #./avahi.nix
-    ./fail2ban.nix
     ./hosts.nix
     ./nginx.nix
     ./sshd

components/network/hosts.nix

@@ -1,5 +1,9 @@
+{ clanLib, ... }:
 {
   networking.extraHosts = ''
     95.216.66.212 orbi.public
   '';
+  services.openssh.knownHosts = {
+    "orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
+  };
 }

components/network/nginx.nix

@@ -1,4 +1,10 @@
-{ config, lib, pkgs, assets, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  assets,
+  ...
+}:
 with lib;
 {
   options.components.network.nginx.enable = mkOption {
@@ -16,8 +22,13 @@ with lib;
 
       environment.systemPackages = [
         pkgs.nginx-config-formatter
-        (pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
-          (lib.fileContents "${assets}/nginx-show-config.py"))
+        (pkgs.writers.writePython3Bin "nginx-show-config" {
+          flakeIgnore = [
+            "E265"
+            "E225"
+            "W292"
+          ];
+        } (lib.fileContents "${assets}/nginx-show-config.py"))
       ];
 
       security.acme.defaults.email = "contact@ingolf-wagner.de";
@@ -85,7 +96,11 @@ with lib;
           root = pkgs.landingpage.override {
             jsonConfig =
               let
-                entry = { machine, items ? [ ] }:
+                entry =
+                  {
+                    machine,
+                    items ? [ ],
+                  }:
                   {
                     text = machine;
                     items = [
@@ -160,7 +175,7 @@ with lib;
                   ];
                 })
                 (entry { machine = "cherry"; })
-                (entry { machine = "cream"; })
+                #(entry { machine = "cream"; })
                 (entry { machine = "mobi"; })
                 (entry { machine = "bobi"; })
                 {
@@ -174,14 +189,12 @@ with lib;
                     {
                       label = "Hetzner Cloud";
                       href = "https://console.hetzner.cloud/projects";
-                      image =
-                        "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
+                      image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
                     }
                     {
                       label = "Cups";
                       href = "http://localhost:631/";
-                      image =
-                        "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
+                      image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
                     }
                   ];
                 }
@@ -191,52 +204,42 @@ with lib;
                     {
                       label = "NixOS Manual";
                       href = "https://nixos.org/nixos/manual/";
-                      image =
-                        "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
+                      image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                     }
                     {
                       label = "Nixpkgs Manual";
                       href = "https://nixos.org/nixpkgs/manual/";
-                      image =
-                        "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
+                      image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
                     }
                     {
                       label = "NixOS Reference";
-                      href =
-                        "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
-                      image =
-                        "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
+                      href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
+                      image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                     }
                     {
                       label = "Nix Packages";
                       href = "https://nixos.org/nixos/packages.html";
-                      image =
-                        "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
+                      image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
                     }
                     {
                       label = "NixOS Language specific helpers";
-                      href =
-                        "https://nixos.wiki/wiki/Language-specific_package_helpers";
-                      image =
-                        "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
+                      href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
+                      image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
                     }
                     {
                       label = "NixOS Weekly";
                       href = "https://weekly.nixos.org/";
-                      image =
-                        "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
+                      image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
                     }
                     {
                       label = "NixOS Security";
                       href = "https://broken.sh/";
-                      image =
-                        "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
+                      image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
                     }
                     {
                       label = "NixOS RFCs";
                       href = "https://github.com/NixOS/rfcs/";
-                      image =
-                        "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
+                      image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
                     }
                   ];
                 }

components/network/sshd/default.nix

@@ -1,17 +1,20 @@
-{ pkgs, config, lib, assets, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  assets,
+  ...
+}:
 with lib;
 with types;
 let
-  defaultRootKeyFiles = [ "${assets}/mrvandalo_rsa.pub" ];
   cfg = config.components.network.sshd;
 
   # maybe ascii-image-converter is also nice here
-  sshBanner = pkgs.runCommand "ssh-banner"
-    { nativeBuildInputs = [ pkgs.boxes ]; } ''
+  sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
     echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
   '';
 
-
 in
 {
 
@@ -26,15 +29,6 @@ in
       type = bool;
       default = true;
     };
-    rootKeyFiles = mkOption {
-      type = with types; listOf path;
-      default = [ ];
-      description = "keys to root login";
-    };
-    sshguard.enable = mkOption {
-      type = bool;
-      default = config.components.network.sshd.enable;
-    };
     onlyTincAccess = mkOption {
       type = bool;
       default = false;
@@ -42,6 +36,13 @@ in
         make sure ssh is only available trough the tinc
       '';
     };
+    allowMosh = mkOption {
+      type = bool;
+      default = true;
+      description = ''
+        make mosh port available
+      '';
+    };
   };
 
   config = mkMerge [
@@ -64,24 +65,27 @@ in
         # settings.LoginGraceTime = 0;
       };
 
-      users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
-
       # todo enable again when I can it's possible to set the `-q` ssh option in clan
       #services.openssh.banner = builtins.readFile sshBanner;
 
     })
 
-    (mkIf cfg.sshguard.enable {
-      environment.systemPackages = [ pkgs.ipset ];
-      services.sshguard.enable = lib.mkDefault true;
-      #boot.kernelModules = ["xt_set"];
-    })
-
     (mkIf (cfg.onlyTincAccess && cfg.enable) {
+      # fixme: this is not working
       networking.firewall.extraCommands = ''
         iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
       '';
     })
+
+    (mkIf (cfg.allowMosh && cfg.enable) {
+      networking.firewall.allowedUDPPortRanges = [
+        {
+          from = 60000;
+          to = 61000;
+        }
+      ];
+    })
+
   ];
 
 }

components/network/sshd/known-hosts-manual.nix

@@ -1,4 +1,10 @@
-{ pkgs, config, lib, clanLib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  clanLib,
+  ...
+}:
 with lib;
 let
   publicKey = clanLib.readFact "ssh.id_ed25519.pub";
@@ -9,11 +15,18 @@ in
     services.openssh.knownHosts = {
       orbi = {
         hostNames = [
-          "git.ingolf-wagner.de"
           "95.216.66.212"
         ];
         publicKey = publicKey "orbi";
       };
+
+      forgejo = {
+        hostNames = [
+          "[git.ingolf-wagner.de]:2222"
+        ];
+        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
+      };
+
     };
 
   };

components/network/sshd/known-hosts-public.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   config = mkIf (config.components.network.sshd.enable) {
@@ -28,65 +33,66 @@ with lib;
       };
       gitlab = {
         hostNames = [ "gitlab.com" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
       };
       gitlab-bk = {
-        hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
+        hostNames = [
+          "gitlab.bk-bund-berlin.de"
+          "116.203.133.59"
+        ];
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
       };
       # space-left
       gitlabSpaceLeft = {
         hostNames = [ "git.space-left.org" ];
-        publicKey =
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
       };
       # c-base
       "bnd-cbase" = {
         hostNames = [ "bnd.cbrp3.c-base.org" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
       };
       "shell.cbase" = {
         hostNames = [ "shell.c-base.org" ];
-        publicKey =
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
       };
       "kgb.cbase" = {
         hostNames = [ "kgb.cbrp3.c-base.org" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
       };
       "cns.cbase" = {
         hostNames = [ "cns.c-base.org" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
       };
       "lassulus" = {
         hostNames = [ "[lassul.us]:45621" ];
-        publicKey =
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
       };
       renoise = {
-        hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
+        hostNames = [
+          "*.renoise.com"
+          "renoise.com"
+          "94.130.128.97"
+        ];
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
       };
       git-renoise = {
-        hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
-        publicKey =
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
+        hostNames = [
+          "[git.renoise.com]:2229"
+          "[94.130.128.97]:2229"
+        ];
+        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
       };
       "siteground" = {
-        hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
-        publicKey =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
+        hostNames = [
+          "[es5.siteground.eu]:18765"
+          "[37.60.224.6]:18765"
+        ];
+        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
       };
       "cracksucht.de" = {
         hostNames = [ "cracksucht.de" ];
-        publicKey =
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
+        publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
       };
     };
 

components/network/sshd/known-hosts-zerotier.nix

@@ -1,27 +1,38 @@
-{ lib, config, clanLib, ... }:
+{
+  lib,
+  config,
+  clanLib,
+  ...
+}:
 with lib;
 with types;
 let
   machines = clanLib.allMachineNames;
   publicKey = clanLib.readFact "ssh.id_ed25519.pub";
   tld = config.clan.static-hosts.topLevelDomain;
-  knownHosts = lib.genAttrs machines
-    (machine:
-      {
-        hostNames = [
-          "[${machine}]:2222"
-          "[${machine}.${tld}]:2222"
-          "[${machine}.private]:2222"
-          "${machine}"
-          "${machine}.${tld}"
-          "${machine}.private"
-        ];
-        publicKey = publicKey machine;
-      }
-    );
+  knownHosts = lib.genAttrs machines (machine: {
+    hostNames = [
+      "${machine}"
+      "${machine}.${tld}"
+      "${machine}.private"
+    ];
+    publicKey = publicKey machine;
+  });
+  bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
+  knownBootHosts = lib.mapAttrs' (
+    machine: publicKey:
+    nameValuePair "boot_${machine}" {
+      inherit publicKey;
+      hostNames = [
+        "[${machine}]:2222"
+        "[${machine}.public]:2222"
+      ];
+    }
+  ) bootMachines;
 in
 {
 
+  # todo : move this to the proper place
   options.components.network.zerotier = {
     enable = mkOption {
       type = bool;
@@ -30,6 +41,6 @@ in
   };
 
   config = mkIf config.components.network.zerotier.enable {
-    services.openssh.knownHosts = knownHosts;
+    services.openssh.knownHosts = knownHosts // knownBootHosts;
   };
 }

components/network/syncthing.nix

@@ -1,15 +1,13 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
-let
-  clanMachines =
-    lib.mapAttrs
-      (machine: facts: {
-        name = machine;
-        id = facts."syncthing.pub";
-        addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
-      })
-      (clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
-in
-with lib; {
+{
+  config,
+  lib,
+  pkgs,
+  factsGenerator,
+  clanLib,
+  ...
+}:
+with lib;
+{
 
   # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
 
@@ -22,6 +20,19 @@ with lib; {
     cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
     settings.devices =
       let
+        clanMachines =
+          lib.mapAttrs
+            (machine: facts: {
+              name = machine;
+              id = facts."syncthing.pub";
+              addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
+            })
+            (
+              clanLib.readFactsFromAllMachines [
+                "syncthing.pub"
+                "zerotier-ip"
+              ]
+            );
         device = machine: id: {
           "${machine}" = {
             name = machine;
@@ -32,22 +43,27 @@ with lib; {
       in
       clanMachines
       // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
-      // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
-    ;
+      // (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU")
+      // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
 
     settings.folders = {
 
-      # needs to be on encrypted drives
-      # -------------------------------
       audiobooks = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/audiobooks";
-        devices = [ "chungus" "orbi" ];
+        devices = [
+          "chungus"
+          "orbi"
+        ];
       };
       books = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/books";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
+          "chungus"
+          #          "cream"
+          "cherry"
+        ];
         versioning = {
           type = "simple";
           params.keep = "2";
@@ -56,12 +72,20 @@ with lib; {
       desktop = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/desktop";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
+          "chungus"
+          #          "cream"
+          "cherry"
+        ];
       };
       finance = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/finance";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
+          "chungus"
+          #          "cream"
+          "cherry"
+        ];
         versioning = {
           type = "simple";
           params.keep = "10";
@@ -70,27 +94,46 @@ with lib; {
       flix = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/flix";
-        devices = [ "chungus" "orbi" ];
+        devices = [
+          "chungus"
+          "orbi"
+        ];
       };
       logseq = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/logseq";
-        devices = [ "chungus" "cream" "cherry" "iPhone" ];
+        devices = [
+          "cherry"
+          "chungus"
+          "iPad"
+          "iPhone"
+        ];
       };
       lectures = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/lectures";
-        devices = [ "chungus" "orbi" ];
+        devices = [
+          "chungus"
+          "orbi"
+        ];
       };
       oscar_cpap = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/oscar_cpap";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
+          "chungus"
+          #          "cream"
+          "cherry"
+        ];
       };
       password-store = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/password-store";
-        devices = [ "chungus" "cream" "cherry" ];
+        devices = [
+          "chungus"
+          #          "cream"
+          "cherry"
+        ];
         versioning = {
           type = "simple";
           params.keep = "10";
@@ -100,18 +143,12 @@ with lib; {
       share = {
         enable = lib.mkDefault false;
         path = lib.mkDefault "/tmp/password-store";
-        devices = [ "cream" "cherry" "orbi" ];
+        devices = [
+          #          "cream"
+          "cherry"
+          "orbi"
+        ];
       };
-      # todo remove if zfs is is used
-      #nextcloud_backup = {
-      #  enable = lib.mkDefault false;
-      #  path = lib.mkDefault "/tmp/lost-fotos";
-      #  devices = [ "chungus"  ];
-      #  versioning = {
-      #    type = "simple";
-      #    params.keep = "2";
-      #  };
-      #};
     };
   };
 

components/network/tinc/default.nix

@@ -1,4 +1,10 @@
-{ lib, config, factsGenerator, clanLib, ... }:
+{
+  lib,
+  config,
+  factsGenerator,
+  clanLib,
+  ...
+}:
 with lib;
 {
 
@@ -20,18 +26,21 @@ with lib;
   };
 
   config = mkMerge [
-    (mkIf config.tinc.private.enable (import ./private.nix {
-      ipv4 = config.tinc.private.ipv4;
-      ipv6 = null;
-      inherit (lib) optionalString concatStringsSep mapAttrsToList;
-      inherit config factsGenerator clanLib;
-    }))
-    (mkIf config.tinc.secret.enable (import ./secret.nix {
-      ipv4 = config.tinc.secret.ipv4;
-      ipv6 = null;
-      inherit (lib) optionalString concatStringsSep mapAttrsToList;
-      inherit config factsGenerator clanLib;
-    }))
+    (mkIf config.tinc.private.enable (
+      import ./private.nix {
+        ipv4 = config.tinc.private.ipv4;
+        ipv6 = null;
+        inherit (lib) optionalString concatStringsSep mapAttrsToList;
+        inherit config factsGenerator clanLib;
+      }
+    ))
+    (mkIf config.tinc.secret.enable (
+      import ./secret.nix {
+        ipv4 = config.tinc.secret.ipv4;
+        ipv6 = null;
+        inherit (lib) optionalString concatStringsSep mapAttrsToList;
+        inherit config factsGenerator clanLib;
+      }
+    ))
   ];
 }
-

components/network/tinc/private.nix

@@ -1,19 +1,20 @@
-{ ipv4
-, ipv6
-, config
-, optionalString
-, concatStringsSep
-, factsGenerator
-, mapAttrsToList
-, clanLib
-, ...
+{
+  ipv4,
+  ipv6,
+  config,
+  optionalString,
+  concatStringsSep,
+  factsGenerator,
+  mapAttrsToList,
+  clanLib,
+  ...
 }:
 let
   hosts = {
     bobi = "10.23.42.25";
     cherry = "10.23.42.29";
     chungus = "10.23.42.28";
-    cream = "10.23.42.27";
+    #    cream = "10.23.42.27";
     mobi = "10.23.42.23";
     orbi = "10.23.42.100";
   };
@@ -26,6 +27,8 @@ let
     "prowlarr.orbi" = hosts.orbi;
     "photoprism.orbi" = hosts.orbi;
     # chungus
+    "video.chungus" = hosts.chungus;
+    "music.chungus" = hosts.chungus;
     "de.tts.chungus" = hosts.chungus;
     "en.tts.chungus" = hosts.chungus;
     "flix.chungus" = hosts.chungus;
@@ -50,35 +53,36 @@ in
 
   services.tinc.networks = {
     ${network} = {
-      ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
+      ed25519PrivateKeyFile =
+        config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
       interfaceType = "tap";
       extraConfig = ''
         LocalDiscovery = yes
       '';
       hostSettings = {
         mobi = {
-          subnets = [{ address = hosts.mobi; }];
+          subnets = [ { address = hosts.mobi; } ];
           settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
         };
         bobi = {
-          subnets = [{ address = hosts.bobi; }];
+          subnets = [ { address = hosts.bobi; } ];
           settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
         };
-        cream = {
-          subnets = [{ address = hosts.cream; }];
-          settings.Ed25519PublicKey = Ed25519PublicKey "cream";
-        };
+        #        cream = {
+        #          subnets = [ { address = hosts.cream; } ];
+        #          settings.Ed25519PublicKey = Ed25519PublicKey "cream";
+        #        };
         cherry = {
-          subnets = [{ address = hosts.cherry; }];
+          subnets = [ { address = hosts.cherry; } ];
           settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
         };
         chungus = {
-          subnets = [{ address = hosts.chungus; }];
+          subnets = [ { address = hosts.chungus; } ];
           settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
         };
         orbi = {
-          addresses = [{ address = "95.216.66.212"; }];
-          subnets = [{ address = hosts.orbi; }];
+          addresses = [ { address = "95.216.66.212"; } ];
+          subnets = [ { address = hosts.orbi; } ];
           settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
         };
       };
@@ -99,6 +103,8 @@ in
     LinkLocalAddressing = no
   '';
 
-  networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
+  networking.extraHosts = concatStringsSep "\n" (
+    mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
+  );
 
 }

components/network/tinc/secret.nix

@@ -1,17 +1,18 @@
-{ ipv4
-, ipv6
-, config
-, optionalString
-, concatStringsSep
-, mapAttrsToList
-, factsGenerator
-, ...
+{
+  ipv4,
+  ipv6,
+  config,
+  optionalString,
+  concatStringsSep,
+  mapAttrsToList,
+  factsGenerator,
+  ...
 }:
 let
   port = 721;
   hosts = {
     cherry = "10.123.42.29";
-    cream = "10.123.42.27";
+    #    cream = "10.123.42.27";
     robi = "10.123.42.123";
     sternchen = "10.123.42.25";
     sterni = "10.123.42.24";
@@ -23,31 +24,37 @@ in
 
   services.tinc.networks = {
     ${network} = {
-      ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
+      ed25519PrivateKeyFile =
+        config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
       extraConfig = ''
         LocalDiscovery = yes
         Port = ${toString port}
       '';
       hostSettings = {
         sternchen = {
-          subnets = [{ address = hosts.sternchen; }];
+          subnets = [ { address = hosts.sternchen; } ];
           settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
         };
-        cream = {
-          subnets = [{ address = hosts.cream; }];
-          settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
-        };
+        #        cream = {
+        #          subnets = [ { address = hosts.cream; } ];
+        #          settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
+        #        };
         cherry = {
-          subnets = [{ address = hosts.cherry; }];
+          subnets = [ { address = hosts.cherry; } ];
           settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
         };
         sterni = {
-          subnets = [{ address = hosts.sterni; }];
+          subnets = [ { address = hosts.sterni; } ];
           settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
         };
         robi = {
-          addresses = [{ address = "144.76.13.147"; port = port; }];
-          subnets = [{ address = hosts.robi; }];
+          addresses = [
+            {
+              address = "144.76.13.147";
+              port = port;
+            }
+          ];
+          subnets = [ { address = hosts.robi; } ];
           settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
         };
       };
@@ -68,23 +75,37 @@ in
     LinkLocalAddressing = no
   '';
 
-  networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
+  networking.extraHosts = concatStringsSep "\n" (
+    mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
+  );
 
   services.openssh.knownHosts = {
-    "cream.${network}" = {
-      hostNames = [ "cream.${network}" hosts.cream ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
-    };
+    #    "cream.${network}" = {
+    #      hostNames = [
+    #        "cream.${network}"
+    #        hosts.cream
+    #      ];
+    #      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
+    #    };
     "sternchen.${network}" = {
-      hostNames = [ "sterni.${network}" hosts.sterni ];
+      hostNames = [
+        "sterni.${network}"
+        hosts.sterni
+      ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
     };
     "sterni.${network}" = {
-      hostNames = [ "sterni.${network}" hosts.sterni ];
+      hostNames = [
+        "sterni.${network}"
+        hosts.sterni
+      ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
     };
     "robi" = {
-      hostNames = [ "robi.${network}" hosts.robi ];
+      hostNames = [
+        "robi.${network}"
+        hosts.robi
+      ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
     };
   };

components/network/wifi.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 with types;
 {
@@ -22,7 +27,6 @@ with types;
     # Setting this value to 1 means to try activation once, without retry.
     networking.networkmanager.settings.main.autoconnect-retries-default = 999;
 
-
     hardware.enableRedistributableFirmware = true;
 
     # because Networkd-wait-online is just failing.
@@ -47,4 +51,3 @@ with types;
   };
 
 }
-

components/network/wireguard.nix

@@ -25,9 +25,9 @@ with lib;
   config = {
     networking.extraHosts = ''
       10.100.0.1 cache.orbi.wg0
+      10.100.0.1 orbi.wg0
+      10.100.0.2 chungus.wg0
     '';
   };
 
-
 }
-

components/nixos/upgrade-diff.nix

@@ -1,5 +1,10 @@
 # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
 
   options.components.nixos.update-diff.enable = lib.mkOption {

components/terminal/bash.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal.bash.enable = mkOption {
@@ -16,7 +21,6 @@ with lib;
 
       interactiveShellInit = "set -o vi";
 
-
       shellAliases = {
         ls = "ls --color=tty";
         l = "ls -CFh";

components/terminal/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal = {
@@ -12,8 +17,6 @@ with lib;
     ./direnv.nix
     ./git.nix
     ./heygpt.nix
-    ./hoard.nix
-    ./oh-my-posh
     ./remote-install.nix
     ./wtf.nix
     ./zsh.nix

components/terminal/direnv.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal.direnv.enable = mkOption {
@@ -12,7 +17,10 @@ with lib;
     home-manager.sharedModules = [
       {
         programs.direnv.enable = true;
-        programs.git.ignores = [ ".envrc" ".direnv" ];
+        programs.git.ignores = [
+          ".envrc"
+          ".direnv"
+        ];
       }
     ];
 

components/terminal/git.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal.git.enable = mkOption {
@@ -8,7 +13,6 @@ with lib;
 
   config = mkIf (config.components.terminal.git.enable) {
 
-
     environment.systemPackages = with pkgs; [
       git
       gita
@@ -29,4 +33,3 @@ with lib;
     ];
   };
 }
-

components/terminal/heygpt.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 {
   options.components.terminal.heygpt.enable = mkOption {

components/terminal/hoard.nix

@@ -1,62 +0,0 @@
-{ pkgs, config, lib, ... }:
-with lib;
-let
-  hoardSrc = pkgs.fetchFromGitHub {
-    owner = "Hyde46";
-    repo = "hoard";
-    rev = "v1.3.1";
-    sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
-  };
-in
-{
-  options.components.terminal.hoard.enable = mkOption {
-    type = lib.types.bool;
-    default = config.components.terminal.enable;
-  };
-
-  config = mkIf (config.components.terminal.hoard.enable) {
-
-    # todo : sync via syncthing
-    #backup.dirs = [
-    #  "/root/.config/hoard"
-    #  "/home/palo/.config/hoard"
-    #];
-
-    environment.systemPackages = [ pkgs.legacy_2211.hoard ];
-
-    home-manager.users.mainUser = {
-      xdg.configFile."hoard/config.yml".text = builtins.toJSON {
-        version = "1.0.1";
-        default_namespace = "default";
-        config_home_path = "/home/palo/.config/hoard";
-        trove_path = "/home/palo/.config/hoard/trove.yml";
-        query_prefix = " >";
-        primary_color = [ 87 142 87 ];
-        secondary_color = [ 203 184 144 ];
-        tertiary_color = [ 30 30 30 ];
-        command_color = [ 30 30 30 ];
-        parameter_token = "#";
-        read_from_current_directory = true;
-      };
-      programs.zsh.initExtra = ''
-        export HOARD_NOBIND=1
-        source ${hoardSrc}/src/shell/hoard.zsh
-        bindkey '^x' _hoard_list_widget
-      '';
-    };
-
-    # use showkey -a
-    # Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
-    programs.zsh.interactiveShellInit = ''
-      export HOARD_NOBIND=1
-      source ${hoardSrc}/src/shell/hoard.zsh
-      bindkey '^x' _hoard_list_widget
-    '';
-    programs.bash.interactiveShellInit = ''
-      export HOARD_NOBIND=1
-      source ${hoardSrc}/src/shell/hoard.bash
-      bind -x '"\C-x": __hoard_list'
-    '';
-
-  };
-}

components/terminal/oh-my-posh/default.nix

@@ -1,26 +0,0 @@
-{ pkgs, config, lib, ... }:
-with lib;
-{
-  options.components.terminal.oh-my-posh.enable = mkOption {
-    type = lib.types.bool;
-    default = config.components.terminal.enable;
-  };
-
-  config = mkIf (config.components.terminal.oh-my-posh.enable) {
-
-    home-manager.users =
-      let
-        poshConfig = {
-          programs.oh-my-posh = {
-            enable = true;
-            # useTheme = "gruvbox";
-            settings = builtins.fromJSON (builtins.readFile ./gruvbox.json);
-          };
-        };
-      in
-      {
-        mainUser = poshConfig;
-        root = poshConfig;
-      };
-  };
-}

components/terminal/oh-my-posh/gruvbox.json

@@ -1,65 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
-  "blocks": [
-    {
-      "alignment": "left",
-      "segments": [
-        {
-          "background": "#3A3A3A",
-          "foreground": "#ffffff",
-          "style": "powerline",
-          "template": "{{ if .WSL }}WSL at{{ end }} {{.Icon}} ",
-          "type": "os"
-        },
-        {
-          "background": "#fbf1c7",
-          "background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
-          "foreground": "#282828",
-          "foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
-          "powerline_symbol": "\ue0b0",
-          "style": "powerline",
-          "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
-          "type": "session"
-        },
-        {
-          "background": "#458588",
-          "foreground": "#282828",
-          "powerline_symbol": "\ue0b0",
-          "properties": {
-            "style": "full"
-          },
-          "style": "powerline",
-          "template": " {{ .Path }} ",
-          "type": "path"
-        },
-        {
-          "background": "#98971A",
-          "background_templates": [
-            "{{ if or (.Working.Changed) (.Staging.Changed) }}#FF9248{{ end }}",
-            "{{ if and (gt .Ahead 0) (gt .Behind 0) }}#ff4500{{ end }}",
-            "{{ if gt .Ahead 0 }}#B388FF{{ end }}",
-            "{{ if gt .Behind 0 }}#B388FF{{ end }}"
-          ],
-          "foreground": "#282828",
-          "leading_diamond": "\ue0b6",
-          "powerline_symbol": "\ue0b0",
-          "properties": {
-            "branch_max_length": 25,
-            "fetch_stash_count": true,
-            "fetch_status": true,
-            "branch_icon": "\uE0A0 ",
-            "branch_identical_icon": "\u25CF"
-          },
-          "style": "powerline",
-          "template": " {{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }} \uf044 {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }} \uf046 {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
-          "trailing_diamond": "\ue0b4",
-          "type": "git"
-        }
-      ],
-      "type": "prompt"
-    }
-  ],
-  "console_title_template": "{{ .Folder }}",
-  "final_space": true,
-  "version": 2
-}

components/terminal/remote-install.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal.remote-install.enable = mkOption {
@@ -10,7 +15,7 @@ with lib;
     services.tor = {
       enable = true;
       client.enable = true;
-      relay.onionServices.liveos.map = [{ port = 1337; }];
+      relay.onionServices.liveos.map = [ { port = 1337; } ];
     };
 
     environment.systemPackages = [

components/terminal/wtf.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 let
 
@@ -18,7 +23,7 @@ let
           ${pkgs.iw}/bin/iw dev \
             | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
         ); do
-          inet=$(${pkgs.iproute}/bin/ip addr show $dev \
+          inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
             | ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
             || unset inet
           ssid=$(${pkgs.iw}/bin/iw dev $dev link \
@@ -54,23 +59,29 @@ let
     echo
   '';
 
-  userHighlight = map ({ user, ... }: user)
-    (builtins.attrValues config.services.browser.configList)
-  ++ [ "steam" ];
+  userHighlight =
+    map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
+    ++ [ "steam" ];
 
   activeUsers = pkgs.writers.writeBash "active-users" ''
     ${pkgs.procps}/bin/ps -eo user \
      | ${pkgs.gnused}/bin/sed '1 d' \
      | ${pkgs.coreutils}/bin/sort  \
      | ${pkgs.coreutils}/bin/uniq \
-     | ${pkgs.gnugrep}/bin/egrep --color=always '(${
-       pkgs.lib.concatStringsSep "|" userHighlight
-     })|$'
+     | ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
   '';
 
   # default settings
   wtfModule =
-    args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
+    args@{
+      height ? 1,
+      width ? 1,
+      top,
+      left,
+      enabled ? true,
+      type,
+      ...
+    }:
     {
       enabled = enabled;
       focusable = false;
@@ -78,106 +89,157 @@ let
       position.left = left;
       position.height = height;
       position.width = width;
-    } // (lib.filterAttrs
-      (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
-      args);
+    }
+    // (lib.filterAttrs (
+      key: _:
+      lib.all (x: x != key) [
+        "height"
+        "width"
+        "top"
+        "left"
+      ]
+    ) args);
 
   # command runner module
-  cmdRunner = args@{ cmd, ... }:
-    wtfModule ({
-      type = "cmdrunner";
-      focusable = false;
-      refreshInterval = 300;
-    } // args);
+  cmdRunner =
+    args@{ cmd, ... }:
+    wtfModule (
+      {
+        type = "cmdrunner";
+        focusable = false;
+        refreshInterval = 300;
+      }
+      // args
+    );
 
   modules = {
     inherit cmdRunner;
 
-    digitalclock = args@{ top, left, ... }:
-      cmdRunner ({
-        cmd = pkgs.writers.writeDash "clock" ''
-          ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
-          ${pkgs.coreutils}/bin/date +"%B %d %Y"
-        '';
-        title = "";
-        refreshInterval = 30;
-      } // args);
+    digitalclock =
+      args@{ top, left, ... }:
+      cmdRunner (
+        {
+          cmd = pkgs.writers.writeDash "clock" ''
+            ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
+            ${pkgs.coreutils}/bin/date +"%B %d %Y"
+          '';
+          title = "";
+          refreshInterval = 30;
+        }
+        // args
+      );
 
-    clocks = args@{ top, left, ... }:
-      wtfModule ({
-        type = "clocks";
-        title = "";
-        border = false;
-        colors.rows = {
-          even = "white";
-          odd = "white";
-        };
-        locations = {
-          UTC = "Etc/UTC";
-          Berlin = "Europe/Berlin";
-          Cuba = "America/Havana";
-          Wellington = "Pacific/Auckland";
-        };
-        sort = "alphabetical";
-        refreshInterval = 60;
-      } // args);
+    clocks =
+      args@{ top, left, ... }:
+      wtfModule (
+        {
+          type = "clocks";
+          title = "";
+          border = false;
+          colors.rows = {
+            even = "white";
+            odd = "white";
+          };
+          locations = {
+            UTC = "Etc/UTC";
+            Berlin = "Europe/Berlin";
+            Thailand = "Asia/Bangkok";
+            #Cuba = "America/Havana";
+            #Wellington = "Pacific/Auckland";
+          };
+          sort = "alphabetical";
+          refreshInterval = 60;
+        }
+        // args
+      );
 
-    resourceusage = args@{ top, left, ... }:
-      wtfModule ({
-        type = "resourceusage";
-        title = "";
-        cpuCombined = false;
-        refreshInterval = 5;
-      } // args);
+    resourceusage =
+      args@{ top, left, ... }:
+      wtfModule (
+        {
+          type = "resourceusage";
+          title = "";
+          cpuCombined = false;
+          refreshInterval = 5;
+        }
+        // args
+      );
 
-    power = args@{ top, left, ... }:
-      wtfModule ({
-        type = "power";
-        title = "";
-        refreshInterval = 100;
-      } // args);
+    power =
+      args@{ top, left, ... }:
+      wtfModule (
+        {
+          type = "power";
+          title = "";
+          refreshInterval = 100;
+        }
+        // args
+      );
 
-    prettyweather = args@{ top, left, ... }:
-      wtfModule ({
-        type = "prettyweather";
-        title = "";
-        city = "Essen";
-        unit = "m";
-        view = 0;
-        language = "en";
-        refreshInterval = 3600;
-      } // args);
+    prettyweather =
+      args@{ top, left, ... }:
+      wtfModule (
+        {
+          type = "prettyweather";
+          title = "";
+          city = "Essen";
+          unit = "m";
+          view = 0;
+          language = "en";
+          refreshInterval = 3600;
+        }
+        // args
+      );
 
-    feedreader = args@{ top, left, feeds, ... }:
-      wtfModule ({
-        type = "feedreader";
-        title = "";
-        refreshInterval = 3600;
-        focusable = true;
-        #feedLimit = 10;
-        colors.rows = {
-          even = "white";
-          odd = "white";
-        };
-      } // args);
+    feedreader =
+      args@{
+        top,
+        left,
+        feeds,
+        ...
+      }:
+      wtfModule (
+        {
+          type = "feedreader";
+          title = "";
+          refreshInterval = 3600;
+          focusable = true;
+          #feedLimit = 10;
+          colors.rows = {
+            even = "white";
+            odd = "white";
+          };
+        }
+        // args
+      );
 
-    github = args@{ top, left, username, apiKey, ... }:
-      wtfModule ({
-        type = "github";
-        title = "";
-        refreshInterval = 3600;
-        feedlimit = 10;
+    github =
+      args@{
+        top,
+        left,
+        username,
+        apiKey,
+        ...
+      }:
+      wtfModule (
+        {
+          type = "github";
+          title = "";
+          refreshInterval = 3600;
+          feedlimit = 10;
 
-        enableStatus = true;
-        #  customQueries:
-        #    othersPRs:
-        #      title: "Others Pull Requests"
-        #      filter: "is:open is:pr -author:wtfutil"
-        #  repositories:
-        #    - "wtfutil/wtf"
-        #    - "wtfutil/docs"
-        #    - "umbrella-corp/wesker-api"
-      } // args);
+          enableStatus = true;
+          #  customQueries:
+          #    othersPRs:
+          #      title: "Others Pull Requests"
+          #      filter: "is:open is:pr -author:wtfutil"
+          #  repositories:
+          #    - "wtfutil/wtf"
+          #    - "wtfutil/docs"
+          #    - "umbrella-corp/wesker-api"
+        }
+        // args
+      );
 
   };
 
@@ -190,8 +252,20 @@ let
         normal = "green";
       };
       grid = {
-        columns = [ 28 0 0 ];
-        rows = [ 9 9 9 9 9 9 0 ];
+        columns = [
+          28
+          0
+          0
+        ];
+        rows = [
+          9
+          9
+          9
+          9
+          9
+          9
+          0
+        ];
       };
       refreshInterval = 1;
       mods = with modules; {
@@ -226,8 +300,7 @@ let
           top = 4;
           left = 1;
           height = 1;
-          feeds =
-            [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
+          feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
         };
         nixos = feedreader {
           title = "NixOS Weekly";
@@ -264,8 +337,20 @@ let
         normal = "green";
       };
       grid = {
-        columns = [ 33 12 28 36 0 ];
-        rows = [ 9 4 6 6 0 ];
+        columns = [
+          33
+          12
+          28
+          36
+          0
+        ];
+        rows = [
+          9
+          4
+          6
+          6
+          0
+        ];
       };
       refreshInterval = 1;
       mods = with modules; {
@@ -291,12 +376,16 @@ let
           left = 0;
         };
 
-        rates = wtfModule {
+        yfinance = wtfModule {
           type = "yfinance";
           top = 3;
           left = 0;
           title = "rates";
-          symbols = [ "EURUSD=X" "EURNZD=X" ];
+          symbols = [
+            "EURUSD=X"
+            "EURNZD=X"
+            "EURTHB=X"
+          ];
           refreshInterval = 60;
         };
 
@@ -307,7 +396,12 @@ let
 
         calendar = cmdRunner {
           title = "";
-          args = [ "-3" "--monday" "--color=never" "-w" ];
+          args = [
+            "-3"
+            "--monday"
+            "--color=never"
+            "-w"
+          ];
           cmd = "cal";
           top = 1;
           left = 1;
@@ -369,9 +463,12 @@ let
     };
   };
 
-  createDashboard = { json, name }:
-    let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
-    in pkgs.writers.writeBashBin name ''
+  createDashboard =
+    { json, name }:
+    let
+      configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
+    in
+    pkgs.writers.writeBashBin name ''
       ${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
     '';
 

components/terminal/zsh.nix

@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 with lib;
 {
   options.components.terminal.zsh.enable = mkOption {

components/timezone.nix

@@ -1,8 +1,6 @@
+{ lib, ... }:
 {
   # some system stuff
   # -----------------
   time.timeZone = "Europe/Berlin";
-  #time.timeZone = lib.mkDefault "Pacific/Auckland";
-  #time.timeZone = lib.mkDefault "Asia/Singapore";
-  #time.timeZone = lib.mkDefault "Asia/Makassar";
 }

components/virtualisation/default.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./docker.nix
+    ./podman.nix
+    ./virtualbox.nix
+    ./qemu.nix
+  ];
+
+  options.components.virtualisation.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+  };
+
+}

components/virtualisation/docker.nix

@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+{
+
+  options.components.virtualisation.docker.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.components.virtualisation.enable;
+  };
+
+  config = mkIf config.components.virtualisation.docker.enable {
+
+    virtualisation.docker.enable = true;
+    virtualisation.docker.extraPackages = [ pkgs.zfs ];
+
+  };
+
+}

components/virtualisation/podman.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+{
+
+  options.components.virtualisation.podman.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.components.virtualisation.enable;
+  };
+
+  config = mkMerge [
+    (mkIf config.components.virtualisation.podman.enable {
+
+      virtualisation.podman.enable = true;
+
+      # make sure /var/lib/containers/storage is a zfs dataset
+      virtualisation.podman.extraPackages = [ pkgs.zfs ];
+
+    })
+    (mkIf (config.components.virtualisation.podman.enable && (!config.virtualisation.docker.enable)) {
+      virtualisation.podman.dockerCompat = true;
+      virtualisation.podman.dockerSocket.enable = true;
+    })
+
+  ];
+
+}

components/virtualisation/qemu.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+{
+
+  options.components.virtualisation.qemu.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.components.virtualisation.enable;
+  };
+
+  config = mkIf config.components.virtualisation.qemu.enable {
+
+    virtualisation.libvirtd.enable = true;
+    #virtualisation.libvirtd.allowedBridges = ["virbr0"];
+    virtualisation.libvirtd.onShutdown = "shutdown";
+
+    environment.systemPackages = [
+      pkgs.qemu_kvm
+      #(pkgs.quickemu.override { qemu_full = pkgs.qemu_kvm; })
+      pkgs.quickemu
+      pkgs.virt-manager
+    ];
+
+    users.users.mainUser.extraGroups = [ "libvirtd" ];
+
+  };
+
+}

components/virtualisation/virtualbox.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+{
+
+  options.components.virtualisation.virtualbox.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.components.virtualisation.enable;
+  };
+
+  config = mkIf config.components.virtualisation.virtualbox.enable {
+
+    virtualisation.virtualbox.host.enable = true;
+    virtualisation.virtualbox.host.enableExtensionPack = true;
+    virtualisation.virtualbox.guest.enable = true;
+    virtualisation.virtualbox.guest.dragAndDrop = true;
+
+    # https://discourse.nixos.org/t/issue-with-virtualbox-in-24-11/57607/2
+    boot.kernelParams = [ "kvm.enable_virt_at_load=0" ];
+
+    users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];
+
+  };
+
+}

components/yubikey.nix

@@ -1,7 +1,12 @@
 # References:
 # * https://github.com/drduh/YubiKey-Guide
 # * https://nixos.wiki/wiki/Yubikey
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with lib;
 {
 
@@ -18,6 +23,11 @@ with lib;
 
     environment.systemPackages = [
 
+      pkgs.yubikey-personalization
+      pkgs.yubikey-personalization-gui
+      pkgs.yubikey-manager
+      pkgs.yubikey-manager-qt
+
       # for `gpg --export $keyid | hokey lint` to check keys
       #pkgs.haskellPackages.hopenpgp-tools
 

features/boot/ssh.nix

@@ -1,4 +1,11 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  factsGenerator,
+  clanLib,
+  ...
+}:
 with lib;
 with types;
 
@@ -11,8 +18,7 @@ with types;
     kernelModules = mkOption {
       type = listOf str;
       default = [ ];
-      description =
-        "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
+      description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
     };
   };
 
@@ -21,6 +27,7 @@ with types;
     # ssh host key
     clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
 
+    # todo: maybe put this in a component
     # boot
     boot.initrd.systemd.enable = true;
     boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
@@ -41,4 +48,3 @@ with types;
   };
 
 }
-

features/boot/tor.nix

@@ -1,4 +1,11 @@
-{ config, lib, pkgs, factsGenerator, clanLib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  factsGenerator,
+  clanLib,
+  ...
+}:
 with lib;
 with types;
 {
@@ -16,10 +23,13 @@ with types;
       name = "initrd";
       addressPrefix = "init";
     };
-    boot.initrd.secrets = {
-      "/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services."initrd.tor".secret."tor.initrd.priv".path;
-      "/etc/tor/onion/bootup/hostname" = config.clan.core.facts.services."initrd.tor".secret."tor.initrd.hostname".path;
-    };
+    boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
+      genAttrs [
+        "hostname"
+        "hs_ed25519_public_key"
+        "hs_ed25519_secret_key"
+      ] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
+    );
 
     boot.initrd.systemd.storePaths = [
       pkgs.tor
@@ -39,7 +49,10 @@ with types;
     boot.initrd.systemd.services.tor = {
       description = "tor during init";
       wantedBy = [ "initrd.target" ];
-      after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
+      after = [
+        "network.target"
+        "initrd-nixos-copy-secrets.service"
+      ];
       before = [ "shutdown.target" ];
       conflicts = [ "shutdown.target" ];
 
@@ -49,17 +62,15 @@ with types;
         pkgs.iproute2
         pkgs.coreutils
       ];
-      script =
-        ''
-          echo "tor: preparing onion folder"
-          # have to do this otherwise tor does not want to start
-          chmod -R 700 /etc/tor
+      script = ''
+        echo "tor: preparing onion folder"
+        # have to do this otherwise tor does not want to start
+        chmod -R 700 /etc/tor
 
-          echo "tor: starting tor"
-          tor -f /etc/tor/tor.rc --verify-config
-          tor -f /etc/tor/tor.rc
-        '';
+        echo "tor: starting tor"
+        tor -f /etc/tor/tor.rc --verify-config
+        tor -f /etc/tor/tor.rc
+      '';
     };
   };
 }
-

features/default.nix

@@ -1,3 +1,6 @@
 {
-  imports = [ ./boot ];
+  imports = [
+    ./boot
+    ./network
+  ];
 }

features/network/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./fail2ban.nix
+    ./sshguard.nix
+  ];
+}

features/network/fail2ban.nix

@@ -1,17 +1,21 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 {
-  options.components.network.fail2ban.enable = mkOption {
+  options.features.network.fail2ban.enable = mkOption {
     type = lib.types.bool;
     default = false;
   };
 
   config = mkMerge [
-    (mkIf config.components.network.fail2ban.enable {
-      environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
+    (mkIf config.features.network.fail2ban.enable {
+      environment.systemPackages = [ pkgs.fail2ban ];
       services.fail2ban = {
         enable = true;
-        #package = pkgs.legacy_2311.fail2ban;
         jails = { };
       };
     })
@@ -19,7 +23,7 @@ with lib;
     # custom defined jails
     # --------------------
     # https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
-    (mkIf config.components.network.fail2ban.enable {
+    (mkIf config.features.network.fail2ban.enable {
       services.fail2ban.jails.nginx-git-not-found.settings = {
         port = "http,https";
         logpath = "%(nginx_error_log)s";
@@ -33,7 +37,7 @@ with lib;
         '';
       };
     })
-    (mkIf config.components.network.fail2ban.enable {
+    (mkIf config.features.network.fail2ban.enable {
       services.fail2ban.jails.nginx-git-bad-request.settings = {
         port = "http,https";
         logpath = "%(nginx_error_log)s";

features/network/sshguard.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  config,
+  lib,
+  assets,
+  ...
+}:
+with lib;
+with types;
+{
+
+  options.features.network.sshguard = {
+    enable = mkOption {
+      type = bool;
+      default = false;
+    };
+  };
+
+  config = mkIf config.features.network.sshguard.enable {
+    environment.systemPackages = [ pkgs.ipset ];
+    services.sshguard.enable = true;
+  };
+
+}

flake.nix

@@ -1,80 +1,49 @@
 {
+
+  # "git+file:///<full-path>" for fixing an input
   inputs = {
 
-    flake-parts.url = "github:hercules-ci/flake-parts";
+    clan-core.inputs.flake-parts.follows = "flake-parts";
+    clan-core.inputs.nixpkgs.follows = "nixpkgs";
+    clan-core.url = "git+https://git.clan.lol/clan/clan-core";
+    clan-fact-generators.inputs.clan-core.follows = "clan-core";
+    clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
-
-    clan-fact-generators = {
-      url = "github:mrvandalo/clan-fact-generators";
-      inputs.clan-core.follows = "clan-core";
-    };
-
-    clan-core = {
-      url = "git+https://git.clan.lol/clan/clan-core";
-      #url = "git+file:///home/palo/dev/clan-core";
-      inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
-      inputs.flake-parts.follows = "flake-parts";
-    };
-
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
-    nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
-    nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixos-hardware.url = "github:nixos/nixos-hardware";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    healthchecks.inputs.nixpkgs.follows = "nixpkgs";
+    healthchecks.url = "github:mrvandalo/nixos-healthchecks";
+    #healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
+    home-manager-utils.inputs.home-manager.follows = "home-manager";
+    home-manager-utils.url = "github:mrvandalo/home-manager-utils";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager.url = "github:nix-community/home-manager";
+    landingpage.url = "github:mrVanDalo/landingpage";
+    nix-topology.inputs.nixpkgs.follows = "nixpkgs";
+    nix-topology.url = "github:oddlama/nix-topology";
     nixos-anywhere.url = "github:nix-community/nixos-anywhere";
-
-    home-manager = {
-      #url = "github:nix-community/home-manager/release-23.11";
-      url = "github:nix-community/home-manager";
-      #inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    polygon-art = {
-      url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
-    };
-
-    home-manager-utils = {
-      url = "github:mrvandalo/home-manager-utils";
-      inputs.home-manager.follows = "home-manager";
-    };
-
-    permown = {
-      url = "github:mrVanDalo/module.permown";
-      #url = "git+file:///home/palo/dev/nixos/permown";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    private_assets = {
-      #url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
-      url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
-      flake = true;
-    };
-
-    retiolum = {
-      url = "github:Mic92/retiolum";
-      #url = "git+file:///home/palo/dev/nixos/retiolum";
-    };
-
+    nixos-hardware.url = "github:nixos/nixos-hardware";
+    nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    permown.inputs.nixpkgs.follows = "nixpkgs";
+    permown.url = "github:mrVanDalo/module.permown";
+    polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
+    private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
+    private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
+    #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
+    share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
+    share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
     srvos.url = "github:nix-community/srvos";
-
-    landingpage = {
-      #url = "git+file:///home/palo/dev/landingpage";
-      url = "github:mrVanDalo/landingpage";
-    };
-
-    # todo: mabye use https://github.com/jtroo/kanata instead
-    # fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
-    kmonad = {
-      url = "github:kmonad/kmonad?dir=nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    stylix = {
-      url = "github:danth/stylix";
-      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.home-manager.follows = "home-manager";
-    };
+    stylix.inputs.home-manager.follows = "home-manager";
+    stylix.inputs.nixpkgs.follows = "nixpkgs";
+    stylix.url = "github:danth/stylix";
+    taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
+    #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
+    telemetry.inputs.nixpkgs.follows = "nixpkgs";
+    telemetry.url = "github:mrvandalo/nixos-telemetry";
+    #telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
+    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
+    treefmt-nix.url = "github:numtide/treefmt-nix";
+    devshell.url = "github:numtide/devshell";
 
     # smoke test framwork to trigger tests (enable if I  want to use it for real)
     #smoke = {
@@ -82,175 +51,208 @@
     #  inputs.nixpkgs.follows = "nixpkgs";
     #};
 
-    # had to override it to  remove colors
-    taskshell = {
-      url = "github:mrvandalo/taskshell";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    # my  own tool
-    overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
   };
 
   outputs =
-    inputs@{ self
-    , clan-core
-    , clan-fact-generators
-    , flake-parts
-    , home-manager
-    , home-manager-utils
-    , kmonad
-    , landingpage
-    , nixos-anywhere
-    , nixos-hardware
-    , nixpkgs
-    , nixpkgs-legacy_2211
-    , nixpkgs-legacy_2311
-    , nixpkgs-legacy_2405
-    , nixpkgs-unstable-small
-    , overviewer
-    , permown
-    , polygon-art
-    , private_assets
-    , retiolum
-    , srvos
-    , stylix
-    , taskshell
+    inputs@{
+      clan-core,
+      clan-fact-generators,
+      devshell,
+      flake-parts,
+      healthchecks,
+      home-manager,
+      home-manager-utils,
+      landingpage,
+      nix-topology,
+      nixos-anywhere,
+      nixos-hardware,
+      nixpkgs,
+      nixpkgs-unstable-small,
+      permown,
+      polygon-art,
+      private-parts,
+      self,
+      share-http,
+      srvos,
+      stylix,
+      taskwarrior,
+      telemetry,
+      treefmt-nix,
     }:
 
     let
-      #system = "x86_64-linux";
-
-      #pkgs = nixpkgs.legacyPackages.${system};
       inherit (nixpkgs) lib;
 
       meta = rec {
         system = "x86_64-linux";
-        pkgs = import nixpkgs {
-          inherit system;
-          config.allowUnfree = true;
-          config.permittedInsecurePackages = [
-            "electron-24.8.6" # for bitwarden
-            "python-2.7.18.6"
-            "python-2.7.18.7"
-            "python-2.7.18.8"
-            "electron-27.3.11" # for logseq
-            "electron-28.3.3" # for logseq
-          ];
-          overlays = [
-            (_self: _super: {
-              unstable-small = import nixpkgs-unstable-small {
-                inherit system;
-                config.allowUnfree = true;
-              };
-              legacy_2211 = import nixpkgs-legacy_2211 {
-                inherit system;
-                config.allowUnfree = true;
-              };
-              legacy_2311 = import nixpkgs-legacy_2311 {
-                inherit system;
-                config.allowUnfree = true;
-              };
-              legacy_2405 = import nixpkgs-legacy_2405 {
-                inherit system;
-                config.allowUnfree = true;
-              };
-              polygon-art = polygon-art.packages.${system};
-              landingpage = landingpage.packages.${system}.plain;
-              kmonad = kmonad.packages.${system}.kmonad;
-              tasksh = taskshell.packages.${system}.tasksh;
-              overviewer = overviewer.packages.${system}.overviewer;
-              pkl = self.packages.${system}.pkl;
-            })
-            (import ./pkgs)
-          ];
-        };
+        pkgs =
+          let
+            allowUnfree = true;
+            permittedInsecurePackages = [
+              "electron-24.8.6" # for bitwarden
+              "python-2.7.18.6"
+              "python-2.7.18.7"
+              "python-2.7.18.8"
+              "electron-27.3.11" # for logseq
+              "electron-28.3.3" # for logseq
+              "aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
+              "aspnetcore-runtime-6.0.36" # for jellyfin
+              "dotnet-sdk-wrapped-6.0.428" # for jellyfin
+              "dotnet-sdk-6.0.428" # for jellyfin
+            ];
+          in
+          import nixpkgs {
+            inherit system;
+            config = {
+              inherit allowUnfree permittedInsecurePackages;
+            };
+            overlays = [
+              (_self: _super: {
+                unstable-small = import nixpkgs-unstable-small {
+                  inherit system;
+                  config = {
+                    inherit allowUnfree permittedInsecurePackages;
+                  };
+                };
+                polygon-art = polygon-art.packages.${system};
+                landingpage = landingpage.packages.${system}.plain;
+                share-via-http = share-http.packages.${system}.default;
+                inherit (taskwarrior.packages.${system})
+                  bugwarrior
+                  tasksh
+                  taskwarrior-hooks
+                  ;
+                healthchecks = self.packages.${system}.healthchecks;
+                inherit (self.packages.${system})
+                  otpmenu
+                  nsxiv
+                  systemctl-find-service-config
+                  ;
+              })
+            ];
+          };
         specialArgs = {
-          inherit private_assets inputs;
+          inherit inputs;
           assets = ./assets;
           factsGenerator = clan-fact-generators.lib { inherit pkgs; };
-          clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
-          zerotierDeviceName = "ztbn67ogn2";
+          clanLib = import ./lib/clanlib.nix {
+            inherit (pkgs) lib;
+            machineDir = ./machines;
+          };
+          # https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
+          zerotierInterface = "ztbn67ogn2";
           components = ./components;
           features = ./features;
         };
       };
 
       clanSetup =
-        { name
-        , host
-        , modules
-        }: {
+        {
+          name,
+          host,
+          modules,
+        }:
+        {
 
           clan.core.networking.targetHost = lib.mkDefault "root@${host}";
           nixpkgs.pkgs = meta.pkgs;
           nixpkgs.hostPlatform = meta.system;
           clan.core.facts.secretStore = "password-store";
+          clan.core.vars.settings.secretStore = "password-store";
 
-          imports = modules ++ defaultModules ++ [
-            ./machines/${name}/configuration.nix
+          imports =
+            modules
+            ++ defaultModules
+            ++ [
+              ./machines/${name}/configuration.nix
+              nix-topology.nixosModules.default
+            ];
+        };
+
+      zerotierControllerModule = {
+        clan.core.networking.zerotier.controller = {
+          enable = true;
+          public = false;
+        };
+      };
+
+      zerotierModules =
+        { pkgs, ... }:
+        {
+          imports = [
+
+            # this magically adds all my machines in the zero tier network
+            # and makes the controller accept them.
+            # will automatic look into `/machines/<name>/facts/zerotier-ip
+            inputs.clan-core.clanModules.zerotier-static-peers
+
+            # Statically configure the host names of machines based on their respective zerotier-ip.
+            inputs.clan-core.clanModules.static-hosts
+
+            # generate ssh host keys with facts
+            inputs.clan-core.clanModules.sshd
+
+            # manual configs
+            {
+              clan.static-hosts.topLevelDomain = "bear";
+              components.network.zerotier.enable = true;
+              environment.systemPackages = [
+                clan-core.packages.${pkgs.system}.clan-cli
+                (pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
+                  sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
+                '')
+              ];
+            }
           ];
         };
 
-      zerotierControllerModule =
+      defaultAuthorizedKeys =
+        { config, pkgs, ... }:
         {
-          clan.core.networking.zerotier.controller = {
-            enable = true;
-            public = false;
-          };
+          users.users.root.openssh.authorizedKeys.keyFiles = [
+            # yubikey key
+            ./assets/mrvandalo_rsa.pub
+            # backup key
+            "${config.clan.core.settings.directory}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
+            "${config.clan.core.settings.directory}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
+            "${config.clan.core.settings.directory}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
+          ];
+          environment.systemPackages = [ pkgs.borgbackup ];
         };
 
-      zerotierModules = { pkgs, ... }: {
-        imports = [
-
-          # this magically adds all my machines in the zero tier network
-          # and makes the controller accept them.
-          # will automatic look into `/machines/<name>/facts/zerotier-ip
-          inputs.clan-core.clanModules.zerotier-static-peers
-
-          # Statically configure the host names of machines based on their respective zerotier-ip.
-          inputs.clan-core.clanModules.static-hosts
-
-          # generate ssh host keys with facts
-          inputs.clan-core.clanModules.sshd
-
-          # manual configs
-          {
-            clan.static-hosts.topLevelDomain = "bear";
-            components.network.zerotier.enable = true;
-            environment.systemPackages = [
-              clan-core.packages.${pkgs.system}.clan-cli
-              (pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
-                sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
-              '')
-            ];
-          }
-        ];
-      };
-
       defaultModules = [
         # make flake inputs accessiable in NixOS
         {
           _module.args.self = self;
           _module.args.inputs = self.inputs;
         }
-        # ssh keys
-        ({ config, ... }: {
-          users.users.root.openssh.authorizedKeys.keyFiles = [
-            # master key
-            ./assets/mrvandalo_rsa.pub
-            # backup key
-            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
-            "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
+        {
+          # disable emergency mode everywhere, although it might be needed on laptops
+          boot.initrd.systemd.emergencyAccess = false;
+          boot.initrd.systemd.suppressedUnits = [
+            "emergency.service"
+            "emergency.target"
           ];
-        })
+          systemd.enableEmergencyMode = false;
+        }
         # configure nix
-        ({ pkgs, lib, clanLib, ... }:
+        (
+          {
+            pkgs,
+            lib,
+            clanLib,
+            ...
+          }:
           {
             nix.settings.substituters = [ "http://cache.orbi.wg0" ];
             nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
-            nix.settings.experimental-features = [ "nix-command" "flakes" ];
+            nix.settings.experimental-features = [
+              "nix-command"
+              "flakes"
+            ];
+            # https://nix.dev/manual/nix/2.17/advanced-topics/cores-vs-jobs
             nix.settings.max-jobs = 1;
+            nix.settings.cores = 4;
             # no channesl needed this way
             nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
 
@@ -263,18 +265,25 @@
               ./components
               ./features
               #./modules
-              inputs.clan-core.nixosModules.clanCore
+              clan-core.nixosModules.clanCore
+              telemetry.nixosModules.telemetry
+              {
+                clan.core.settings.directory = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
+              }
               # inputs.stylix.nixosModules.stylix # fixme: not working
               permown.nixosModules.permown
-              kmonad.nixosModules.default
               home-manager.nixosModules.home-manager
-              # retiolum.nixosModules.retiolum # fixme: not working
             ];
 
             boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
             boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
             boot.loader.grub.configurationLimit = lib.mkDefault 10;
-          })
+            environment.systemPackages = [
+              pkgs.systemctl-find-service-config
+              pkgs.healthchecks
+            ];
+          }
+        )
         # My Structure
         ./components
         ./features
@@ -282,230 +291,238 @@
         #./system/all # todo : spread this across features and components
 
         # some modules I always use
+        telemetry.nixosModules.telemetry
         permown.nixosModules.permown
-        kmonad.nixosModules.default
         # some default things I always want
-        ({ pkgs, ... }: {
-          boot.tmp.useTmpfs = lib.mkDefault true;
-          environment.systemPackages = [
-            pkgs.nixpkgs-fmt
-          ];
-        })
+        (
+          { pkgs, ... }:
+          {
+            boot.tmp.useTmpfs = lib.mkDefault true;
+          }
+        )
       ];
 
-      stylixModules = { pkgs, config, ... }: {
-        imports = [ stylix.nixosModules.stylix ];
-        stylix.enable = true;
-        stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
-        stylix.image = ./assets/wallpaper.png;
-        stylix.fonts = {
-          serif = {
-            package = pkgs.ubuntu_font_family;
-            name = "Ubuntu";
-          };
-          sansSerif = {
-            package = pkgs.ubuntu_font_family;
-            name = "Ubuntu";
-          };
-          monospace = {
-            package = pkgs.jetbrains-mono;
-            name = "JetBrains Mono";
-          };
-          emoji = {
-            package = pkgs.noto-fonts-emoji;
-            name = "Noto Color Emoji";
-          };
-          sizes.popups = 15;
-        };
-        # todo: remove this if not needed anymore
-        #home-manager.sharedModules = [
-        #  { stylix.targets.bemenu.enable = false; }
-        #];
+      stylixModules =
+        {
+          pkgs,
+          config,
+          lib,
+          ...
+        }:
+        {
+          imports = [ stylix.nixosModules.stylix ];
+          stylix.enable = true;
+          stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
+          stylix.image = ./assets/wallpaper.png;
 
-      };
+          home-manager.sharedModules = [
+            {
+              # no need for hyperland
+              # https://github.com/danth/stylix/issues/543
+              stylix.targets.hyprpaper.enable = lib.mkForce false;
+              stylix.targets.hyprland.enable = lib.mkForce false;
+              stylix.targets.swaylock.enable = lib.mkForce false;
+              stylix.targets.qt.platform = "qtct";
 
-      homeManagerModules = { pkgs, config, ... }: {
-        imports = [
-          home-manager.nixosModules.home-manager
-        ];
-        home-manager.extraSpecialArgs = {
-          inherit private_assets;
-          assets = ./assets;
+              # running into strange problems
+              # fixme: remove if possible
+              stylix.targets.vim.enable = lib.mkForce false;
+            }
+          ];
+          stylix.fonts = {
+            serif = {
+              package = pkgs.nerd-fonts.ubuntu;
+              name = "Ubuntu";
+            };
+            sansSerif = {
+              package = pkgs.nerd-fonts.ubuntu;
+              name = "Ubuntu";
+            };
+            monospace = {
+              package = pkgs.nerd-fonts.jetbrains-mono;
+              name = "JetBrains Mono";
+            };
+            emoji = config.stylix.fonts.monospace;
+            sizes.popups = 15;
+          };
+        };
+
+      homeManagerModules =
+        { pkgs, config, ... }:
+        {
+          imports = [
+            home-manager.nixosModules.home-manager
+          ];
+          home-manager.extraSpecialArgs = {
+            assets = ./assets;
+          };
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.backupFileExtension = "backup";
+          home-manager.sharedModules = [
+            home-manager-utils.hmModule
+            taskwarrior.hmModules.bugwarrior
+          ];
         };
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.backupFileExtension = "backup";
-        home-manager.sharedModules = [
-          home-manager-utils.hmModule
-        ];
-      };
 
     in
 
-    flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
-      # We define our own systems below. you can still use this to add system specific outputs to your flake.
-      # See: https://flake.parts/getting-started
-      systems = [ "x86_64-linux" ];
+    flake-parts.lib.mkFlake { inherit inputs; } (
+      {
+        self,
+        self',
+        pkgs,
+        ...
+      }:
+      {
+        systems = [ "x86_64-linux" ];
+        imports = [
+          clan-core.flakeModules.default
+          healthchecks.flakeModule
+          ./nix/formatter.nix
+          ./nix/devshells.nix
+          ./nix/packages
+          ./nix/topology
+        ];
 
-      # import clan-core modules
-      imports = [
-        clan-core.flakeModules.default
-      ];
+        # Define your clan
+        clan = {
+          # Clan wide settings.
+          meta.name = "gummybears"; # Ensure to choose a unique name.
+          specialArgs = meta.specialArgs;
 
-      perSystem = { pkgs, ... }: {
-        packages.pkl = pkgs.callPackage ./pkgs/pkl { };
-      };
+          machines = {
 
-      # Define your clan
-      clan = {
-        # Clan wide settings.
-        meta.name = "gummybears"; # Ensure to choose a unique name.
-        specialArgs = meta.specialArgs;
-
-        machines = {
-
-          sternchen = clanSetup {
-            name = "sternchen";
-            host = "sternchen.bear";
-            #host = "192.168.178.25";
-            modules = [
-              nixos-hardware.nixosModules.lenovo-thinkpad-x220
-              homeManagerModules
-              stylixModules
-              { home-manager.users.mainUser.gui.enable = true; }
-              {
-                home-manager.users.mainUser = import ./homes/tina;
-                home-manager.users.root = import ./homes/root;
-              }
-              # todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
-              ({ lib, ... }: {
-                home-manager.sharedModules = [
+            cherry = clanSetup {
+              name = "cherry";
+              host = "cherry.bear";
+              modules = [
+                healthchecks.nixosModules.default
+                zerotierModules
+                nixos-hardware.nixosModules.framework-13th-gen-intel
+                private-parts.nixosModules.cherry
+                homeManagerModules
+                stylixModules
+                { home-manager.users.mainUser.gui.enable = true; }
+                {
+                  home-manager.users.mainUser = import ./homes/palo;
+                  home-manager.users.root = import ./homes/root;
+                }
+                {
+                  clan.core.settings.machine.description = "Laptop";
+                }
+                (
+                  { config, ... }:
                   {
-                    programs.atuin.enable = lib.mkForce false;
+                    # keys only to access cherry
+                    users.users.root.openssh.authorizedKeys.keyFiles = [
+                      "${config.clan.core.settings.directory}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
+                    ];
                   }
-                ];
-              })
-              {
-                clan.core.machineDescription = "LaLaptop";
-              }
-            ];
-          };
+                )
+              ];
+            };
 
-          cream = clanSetup {
-            name = "cream";
-            host = "cream.bear";
-            modules = [
-              zerotierModules
-              nixos-hardware.nixosModules.framework-12th-gen-intel
-              retiolum.nixosModules.retiolum
-              private_assets.nixosModules.cream
-              private_assets.nixosModules.yubikey
-              homeManagerModules
-              stylixModules
-              { home-manager.users.mainUser.gui.enable = true; }
-              {
-                home-manager.users.mainUser = import ./homes/palo;
-                home-manager.users.root = import ./homes/root;
-              }
-              {
-                clan.core.machineDescription = "Laptop";
-              }
-            ];
-          };
+            chungus = clanSetup {
+              name = "chungus";
+              host = "chungus.bear";
+              modules = [
+                healthchecks.nixosModules.default
+                zerotierModules
+                zerotierControllerModule
+                homeManagerModules
+                stylixModules
+                private-parts.nixosModules.chungus
+                {
+                  home-manager.users.mainUser = import ./homes/palo;
+                  home-manager.users.root = import ./homes/root;
+                }
+                {
+                  clan.core.settings.machine.description = "Home Server";
+                }
+                (
+                  { config, ... }:
+                  {
+                    # keys only to access chungus
+                    users.users.root.openssh.authorizedKeys.keyFiles = [
+                      "${config.clan.core.settings.directory}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
+                    ];
+                  }
+                )
+              ];
+            };
 
-          cherry = clanSetup {
-            name = "cherry";
-            host = "cherry.bear";
-            modules = [
-              zerotierModules
-              nixos-hardware.nixosModules.framework-13th-gen-intel
-              retiolum.nixosModules.retiolum
-              private_assets.nixosModules.yubikey
-              homeManagerModules
-              stylixModules
-              { home-manager.users.mainUser.gui.enable = true; }
-              {
-                home-manager.users.mainUser = import ./homes/palo;
-                home-manager.users.root = import ./homes/root;
-              }
-              {
-                clan.core.machineDescription = "Laptop";
-              }
-            ];
-          };
+            orbi = clanSetup {
+              name = "orbi";
+              host = "orbi.bear";
+              #host = "95.216.66.212";
+              modules = [
+                defaultAuthorizedKeys
+                healthchecks.nixosModules.default
+                homeManagerModules
+                stylixModules
+                zerotierModules
+                srvos.nixosModules.hardware-hetzner-online-intel
+                private-parts.nixosModules.orbi
+                #srvos.nixosModules.server
+                #srvos.nixosModules.mixins-terminfo
+                {
+                  home-manager.users.mainUser = import ./homes/palo;
+                  home-manager.users.root = import ./homes/root;
+                }
+                {
+                  clan.core.settings.machine.description = "Internet Server";
+                }
+              ];
+            };
 
-          chungus = clanSetup {
-            name = "chungus";
-            host = "chungus.bear";
-            modules = [
-              zerotierModules
-              zerotierControllerModule
-              homeManagerModules
-              stylixModules
-              retiolum.nixosModules.retiolum
-              private_assets.nixosModules.chungus
-              {
-                home-manager.users.mainUser = import ./homes/palo;
-                home-manager.users.root = import ./homes/root;
-              }
-              {
-                clan.core.machineDescription = "Home Server";
-              }
-            ];
-          };
+            probe = clanSetup {
+              name = "probe";
+              #host = "167.235.205.150";
+              host = "95.217.18.54";
+              modules = [
+                defaultAuthorizedKeys
+                homeManagerModules
+                stylixModules
+                srvos.nixosModules.hardware-hetzner-cloud
+                srvos.nixosModules.server
+                srvos.nixosModules.mixins-terminfo
+                #inputs.clan-core.clanModules.sshd
+                {
+                  home-manager.users.mainUser = import ./homes/palo;
+                  home-manager.users.root = import ./homes/root;
+                }
+                {
+                  clan.core.settings.machine.description = "Dummy Internet Server";
+                }
+              ];
+            };
 
-          orbi = clanSetup {
-            name = "orbi";
-            host = "orbi.bear";
-            #host = "95.216.66.212";
-            modules = [
-              zerotierModules
-              homeManagerModules
-              stylixModules
-              srvos.nixosModules.hardware-hetzner-online-intel
-              #srvos.nixosModules.server
-              #srvos.nixosModules.mixins-terminfo
-              {
-                # not needed for servers in general
-                boot.initrd.systemd.emergencyAccess = false;
-                systemd.enableEmergencyMode = false;
-              }
-              {
-                home-manager.users.mainUser = import ./homes/palo;
-                home-manager.users.root = import ./homes/root;
-              }
-              {
-                clan.core.machineDescription = "Internet Server";
-              }
-            ];
-          };
+            usbstick = clanSetup {
+              name = "usbstick";
+              #host = "usbstick.bear";
+              host = "10.100.0.100";
+              modules = [
+                defaultAuthorizedKeys
+                homeManagerModules
+                stylixModules
+                zerotierModules
+                { home-manager.users.mainUser.gui.enable = true; }
+                {
+                  home-manager.users.mainUser = import ./homes/palo;
+                  home-manager.users.root = import ./homes/root;
+                }
+                {
+                  clan.core.settings.machine.description = "USB-Stick for Backup";
+                }
+              ];
+            };
 
-          probe = clanSetup {
-            name = "probe";
-            #host = "167.235.205.150";
-            host = "95.217.18.54";
-            modules = [
-              homeManagerModules
-              stylixModules
-              srvos.nixosModules.hardware-hetzner-cloud
-              srvos.nixosModules.server
-              srvos.nixosModules.mixins-terminfo
-              #inputs.clan-core.clanModules.sshd
-              {
-                home-manager.users.mainUser = import ./homes/palo;
-                home-manager.users.root = import ./homes/root;
-              }
-              {
-                clan.core.machineDescription = "Dummy Internet Server";
-              }
-            ];
           };
 
         };
 
-      };
-
-    });
+      }
+    );
 
 }
-

homes/common/default.nix

@@ -1,9 +1,14 @@
 { lib, ... }:
 {
+
   imports = [
+    ./editor.nix
+    ./network.nix
+    ./starship-rs
     ./packages.nix
     ./terminal.nix
     ./zfs.nix
   ];
+
   options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
 }

homes/common/editor.nix

@@ -0,0 +1,9 @@
+{ lib, ... }:
+{
+  programs.vim = {
+    enable = true;
+    defaultEditor = lib.mkDefault true;
+  };
+  #  enable = true;
+  #};
+}

homes/common/network.nix

@@ -0,0 +1,34 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+{
+  config = mkMerge [
+    {
+      home.packages = [
+        # firewall analysis
+        pkgs.nftables
+        pkgs.nixos-firewall-tool
+
+        # analyser
+        pkgs.dnsutils
+        pkgs.tcpdump
+        pkgs.nmap
+        pkgs.rustscan
+
+        # helper
+        pkgs.ipcalc
+      ];
+
+    }
+
+    (mkIf config.gui.enable {
+      home.packages = [
+        pkgs.wireshark
+      ];
+    })
+  ];
+}

homes/common/packages.nix

@@ -1,14 +1,16 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with pkgs;
 with lib;
 {
   config = mkMerge [
     {
       home.packages = [
-        bind.dnsutils
-        nmap
         hexyl
-        ipcalc
 
         units
         difftastic
@@ -21,9 +23,11 @@ with lib;
 
         gimoji
 
-        tldr
+        #tldr
+        tealdeer
+        navi # cheatsheet manager
 
-        bandwhich
+        bandwhich # todo : put this to common/networking.nix
 
         unzip
         genpass
@@ -35,13 +39,16 @@ with lib;
         (writers.writeBashBin "vulnix-system" ''
           ${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
         '')
+
+        # cpu load monitor
+        glances
       ];
 
+      # cpu load monitor
       programs.btop.enable = true;
 
     }
 
-
     (mkIf config.gui.enable {
       home.packages = [
         libreoffice
@@ -54,7 +61,7 @@ with lib;
         aspellDicts.es
 
         evince
-        sxiv
+        nsxiv
         gimp
         inkscape
 

homes/common/starship-rs/default.nix

@@ -0,0 +1,33 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib;
+with config.lib.stylix.colors.withHashtag;
+
+{
+  programs.starship = {
+    enable = true;
+    # download presets from : https://starship.rs/presets/
+    settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
+      palettes.stylix = {
+        color_fg0 = base01;
+        color_terminal_fg = base05;
+        color_terminal_bg = base00;
+        color_bg1 = base04;
+        color_bg2 = base02;
+        color_bg3 = base03;
+        color_blue = base0D;
+        color_aqua = base0C;
+        color_green = base0B;
+        color_orange = base0F;
+        color_purple = base0E;
+        color_red = base08;
+        color_yellow = base0A;
+      };
+    };
+  };
+
+}

homes/common/starship-rs/gruvbox-rainbow.toml

@@ -0,0 +1,184 @@
+"$schema" = 'https://starship.rs/config-schema.json'
+
+format = """
+$os\
+$username\
+$hostname \
+[](bg:color_yellow fg:color_terminal_bg)\
+$directory\
+[](fg:color_yellow bg:color_aqua)\
+$git_branch\
+$git_status\
+[](fg:color_aqua bg:color_blue)\
+$c\
+$rust\
+$golang\
+$nodejs\
+$php\
+$java\
+$kotlin\
+$haskell\
+$python\
+[](fg:color_blue bg:color_bg3)\
+$docker_context\
+$conda\
+[](fg:color_bg3 bg:color_bg1)\
+$time\
+[ ](fg:color_bg1)\
+$character"""
+
+palette = 'stylix' # we use stylix instead of gruvbox_dark
+
+# todo : use stylix/base16 scheme
+[palettes.gruvbox_dark]
+color_fg0 = '#fbf1c7'
+color_terminal_bg = '#fbf1c7' # original background
+color_terminal_fg = '#3c3836' # original foreground
+color_bg1 = '#3c3836'
+color_bg2 = '#665c54'
+color_bg3 = '#665c54'
+color_blue = '#458588'
+color_aqua = '#689d6a'
+color_green = '#98971a'
+color_orange = '#d65d0e'
+color_purple = '#b16286'
+color_red = '#cc241d'
+color_yellow = '#d79921'
+
+[os]
+disabled = false
+style = "bold bg:color_blue fg:color_terminal_bg"
+#format = "[$symbol ]($style)"
+format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
+
+
+[os.symbols]
+Alpine = ""
+Amazon = ""
+Android = ""
+Arch = "󰣇"
+Artix = "󰣇"
+CentOS = ""
+Debian = "󰣚"
+EndeavourOS = ""
+Fedora = "󰣛"
+Gentoo = "󰣨"
+Linux = "󰌽"
+Macos = "󰀵"
+Manjaro = ""
+Mint = "󰣭"
+NixOS = ""
+Pop = ""
+Raspbian = "󰐿"
+RedHatEnterprise = "󱄛"
+Redhat = "󱄛"
+SUSE = ""
+Ubuntu = "󰕈"
+Windows = "󰍲"
+
+[username]
+show_always = true
+style_user = "bg:color_terminal_bg fg:color_terminal_fg"
+style_root = "bg:color_terminal_bg fg:color_red bold"
+format = '[$user]($style)'
+
+[hostname]
+ssh_only = true
+style = "bg:color_terminal_bg fg:color_terminal_fg"
+ssh_symbol = "@"
+format = "[$ssh_symbol$hostname]($style)"
+
+[directory]
+style = "fg:color_fg0 bg:color_yellow"
+format = "[ $path ]($style)"
+truncation_length = 3
+truncation_symbol = "…/"
+
+[directory.substitutions]
+"Documents" = "󰈙 "
+"Downloads" = " "
+"Music" = "󰝚 "
+"Pictures" = " "
+"Developer" = "󰲋 "
+"dev" = "󰲋 "
+
+[git_branch]
+symbol = ""
+style = "bg:color_aqua"
+format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
+
+[git_status]
+style = "bg:color_aqua"
+format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
+
+[nodejs]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[c]
+symbol = " "
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[rust]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[golang]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[php]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[java]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[kotlin]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[haskell]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[python]
+symbol = ""
+style = "bg:color_blue"
+format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
+
+[docker_context]
+symbol = ""
+style = "bg:color_bg3"
+format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
+
+[conda]
+style = "bg:color_bg3"
+format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
+
+[time]
+disabled = false
+time_format = "%R"
+style = "bg:color_bg1"
+format = '[[  $time ](fg:color_fg0 bg:color_bg1)]($style)'
+
+[line_break]
+disabled = false
+
+[character]
+disabled = false
+success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
+error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
+vimcmd_symbol = '[](bold fg:color_green)'
+vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
+vimcmd_replace_symbol = '[](bold fg:color_purple)'
+vimcmd_visual_symbol = '[](bold fg:color_yellow)'

homes/common/terminal.nix

@@ -1,4 +1,9 @@
-{ lib, pkgs, assets, ... }:
+{
+  lib,
+  pkgs,
+  assets,
+  ...
+}:
 {
 
   programs.zsh = {
@@ -32,29 +37,4 @@
     enableZshIntegration = true;
   };
 
-  # provide better `Ctrl+r` command in terminal
-  programs.atuin = {
-    enable = true;
-    enableBashIntegration = true;
-    enableZshIntegration = true;
-    #package = pkgs.atuin;
-    package = pkgs.legacy_2405.atuin.overrideAttrs (_old: {
-      # as cursed as doing mitigations=off in the kernel command line
-      patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
-    });
-    settings = {
-      auto_sync = true;
-      sync_frequency = "5m";
-      sync_address = "http://chungus.private:8888";
-      search_mode = "fuzzy";
-      style = "full";
-      inline_height = 20;
-      keymap_mode = "vim-normal";
-
-      # With workspace filtering enabled, Atuin will filter for commands executed
-      # in any directory within a git repository tree.
-      workspaces = true;
-
-    };
-  };
 }

homes/common/zfs.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 with pkgs;
 with lib;
 {

homes/palo/atuin.nix

@@ -0,0 +1,28 @@
+{
+
+  # provide better `Ctrl+r` command in terminal
+  programs.atuin = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    daemon.enable = true;
+    settings = {
+      auto_sync = true;
+      sync_frequency = "5m";
+      sync_address = "http://chungus.private:8888";
+      search_mode = "fuzzy";
+      style = "full";
+      inline_height = 20;
+      keymap_mode = "vim-normal";
+
+      # because the daemon can't remember my mode (with  Ctrl-r)
+      filter_mode = "directory";
+
+      # With workspace filtering enabled, Atuin will filter for commands executed
+      # in any directory within a git repository tree.
+      workspaces = true;
+
+    };
+  };
+
+}

homes/palo/default.nix

@@ -1,19 +1,19 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
 
   imports = [
     ../common
-    ./editor.nix
+    ./atuin.nix
     ./git.nix
     ./gpg.nix
     ./gui
-    #./hyperland.nix
     ./i3.nix
     ./packages
     ./ssh.nix
     ./stylix.nix
     ./taskwarrior.nix
     ./tmux.nix
-    ./zellij.nix
+    #./zellij.nix
   ];
 
   home.stateVersion = "22.11";

homes/palo/doom-emacs.nix

@@ -1,35 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-{
-  config = mkMerge [
-    {
-      home.packages = [ pkgs.ripgrep ];
-    }
-    (mkIf config.gui.enable {
-      programs.doom-emacs = {
-        enable = lib.mkDefault true;
-        doomPrivateDir = ./doom.d;
-        extraConfig = ''
-          ;; "monospace" means use the system default. However, the default is usually two
-          ;; points larger than I'd like, so I specify size 12 here.
-          (setq doom-font
-            (font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
-          ;;(setq doom-font
-          ;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
-        '';
-        #emacsPackagesOverlay = self: super: {
-        #  # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
-        #  gitignore-mode = pkgs.emacsPackages.git-modes;
-        #  gitconfig-mode = pkgs.emacsPackages.git-modes;
-        #};
-      };
-    })
-    (mkIf (!config.gui.enable) {
-      programs.doom-emacs = {
-        enable = lib.mkDefault true;
-        doomPrivateDir = ./doom.d;
-        package = pkgs.emacs-nox;
-      };
-    })
-  ];
-}

homes/palo/doom.d/config.el

@@ -1,4 +0,0 @@
-;; configure theme
-(setq doom-theme 'doom-solarized-light)
-
-

homes/palo/doom.d/init.el

@@ -1,187 +0,0 @@
-;;; init.el -*- lexical-binding: t; -*-
-
-;; This file controls what Doom modules are enabled and what order they load
-;; in. Remember to run 'doom sync' after modifying it!
-
-;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
-;;      documentation. There you'll find a "Module Index" link where you'll find
-;;      a comprehensive list of Doom's modules and what flags they support.
-
-;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
-;;      'C-c c k' for non-vim users) to view its documentation. This works on
-;;      flags as well (those symbols that start with a plus).
-;;
-;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
-;;      directory (for easy access to its source code).
-
-(doom! :input
-       ;;chinese
-       ;;japanese
-       ;;layout            ; auie,ctsrnm is the superior home row
-
-       :completion
-       company           ; the ultimate code completion backend
-       ;;helm              ; the *other* search engine for love and life
-       ;;ido               ; the other *other* search engine...
-       ivy               ; a search engine for love and life
-
-       :ui
-       ;;deft              ; notational velocity for Emacs
-       doom              ; what makes DOOM look the way it does
-       doom-dashboard    ; a nifty splash screen for Emacs
-       doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       ;;(emoji +unicode)  ; 🙂
-       hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
-       ;;hydra
-       ;;indent-guides     ; highlighted indent columns
-       ;;ligatures         ; ligatures and symbols to make your code pretty again
-       ;;minimap           ; show a map of the code on the side
-       modeline          ; snazzy, Atom-inspired modeline, plus API
-       ;;nav-flash         ; blink cursor line after big motions
-       ;;neotree           ; a project drawer, like NERDTree for vim
-       ophints           ; highlight the region an operation acts on
-       (popup +defaults)   ; tame sudden yet inevitable temporary windows
-       ;;tabs              ; a tab bar for Emacs
-       ;;treemacs          ; a project drawer, like neotree but cooler
-       ;;unicode           ; extended unicode support for various languages
-       vc-gutter         ; vcs diff in the fringe
-       vi-tilde-fringe   ; fringe tildes to mark beyond EOB
-       ;;window-select     ; visually switch windows
-       workspaces        ; tab emulation, persistence & separate workspaces
-       ;;zen               ; distraction-free coding or writing
-
-       :editor
-       (evil +everywhere); come to the dark side, we have cookies
-       file-templates    ; auto-snippets for empty files
-       fold              ; (nigh) universal code folding
-       ;;(format +onsave)  ; automated prettiness
-       ;;god               ; run Emacs commands without modifier keys
-       ;;lispy             ; vim for lisp, for people who don't like vim
-       ;;multiple-cursors  ; editing in many places at once
-       ;;objed             ; text object editing for the innocent
-       ;;parinfer          ; turn lisp into python, sort of
-       ;;rotate-text       ; cycle region at point between text candidates
-       snippets          ; my elves. They type so I don't have to
-       ;;word-wrap         ; soft wrapping with language-aware indent
-
-       :emacs
-       dired             ; making dired pretty [functional]
-       electric          ; smarter, keyword-based electric-indent
-       ;;ibuffer         ; interactive buffer management
-       undo              ; persistent, smarter undo for your inevitable mistakes
-       vc                ; version-control and Emacs, sitting in a tree
-
-       :term
-       ;;eshell            ; the elisp shell that works everywhere
-       ;;shell             ; simple shell REPL for Emacs
-       ;;term              ; basic terminal emulator for Emacs
-       ;;vterm             ; the best terminal emulation in Emacs
-
-       :checkers
-       syntax              ; tasing you for every semicolon you forget
-       ;;(spell +flyspell) ; tasing you for misspelling mispelling
-       ;;grammar           ; tasing grammar mistake every you make
-
-       :tools
-       ;;ansible
-       ;;debugger          ; FIXME stepping through code, to help you add bugs
-       ;;direnv
-       ;;docker
-       ;;editorconfig      ; let someone else argue about tabs vs spaces
-       ;;ein               ; tame Jupyter notebooks with emacs
-       (eval +overlay)     ; run code, run (also, repls)
-       ;;gist              ; interacting with github gists
-       lookup              ; navigate your code and its documentation
-       ;;lsp               ; M-x vscode
-       magit             ; a git porcelain for Emacs
-       ;;make              ; run make tasks from Emacs
-       ;;pass              ; password manager for nerds
-       ;;pdf               ; pdf enhancements
-       ;;prodigy           ; FIXME managing external services & code builders
-       ;;rgb               ; creating color strings
-       ;;taskrunner        ; taskrunner for all your projects
-       ;;terraform         ; infrastructure as code
-       ;;tmux              ; an API for interacting with tmux
-       ;;upload            ; map local to remote projects via ssh/ftp
-
-       :os
-       (:if IS-MAC macos)  ; improve compatibility with macOS
-       ;;tty               ; improve the terminal Emacs experience
-
-       :lang
-       ;;agda              ; types of types of types of types...
-       ;;beancount         ; mind the GAAP
-       ;;cc                ; C > C++ == 1
-       ;;clojure           ; java with a lisp
-       ;;common-lisp       ; if you've seen one lisp, you've seen them all
-       ;;coq               ; proofs-as-programs
-       ;;crystal           ; ruby at the speed of c
-       ;;csharp            ; unity, .NET, and mono shenanigans
-       ;;data              ; config/data formats
-       ;;(dart +flutter)   ; paint ui and not much else
-       ;;elixir            ; erlang done right
-       ;;elm               ; care for a cup of TEA?
-       emacs-lisp        ; drown in parentheses
-       ;;erlang            ; an elegant language for a more civilized age
-       ;;ess               ; emacs speaks statistics
-       ;;factor
-       ;;faust             ; dsp, but you get to keep your soul
-       ;;fsharp            ; ML stands for Microsoft's Language
-       ;;fstar             ; (dependent) types and (monadic) effects and Z3
-       ;;gdscript          ; the language you waited for
-       ;;(go +lsp)         ; the hipster dialect
-       ;;(haskell +dante)  ; a language that's lazier than I am
-       ;;hy                ; readability of scheme w/ speed of python
-       ;;idris             ; a language you can depend on
-       ;;json              ; At least it ain't XML
-       ;;(java +meghanada) ; the poster child for carpal tunnel syndrome
-       ;;javascript        ; all(hope(abandon(ye(who(enter(here))))))
-       ;;julia             ; a better, faster MATLAB
-       ;;kotlin            ; a better, slicker Java(Script)
-       ;;latex             ; writing papers in Emacs has never been so fun
-       ;;lean              ; for folks with too much to prove
-       ;;ledger            ; be audit you can be
-       ;;lua               ; one-based indices? one-based indices
-       markdown            ; writing docs for people to ignore
-       ;;nim               ; python + lisp at the speed of c
-       nix                 ; I hereby declare "nix geht mehr!"
-       ;;ocaml             ; an objective camel
-       (org +roam2)        ; organize your plain life in plain text
-       ;;php               ; perl's insecure younger brother
-       ;;plantuml          ; diagrams for confusing people more
-       ;;purescript        ; javascript, but functional
-       ;;python            ; beautiful is better than ugly
-       ;;qt                ; the 'cutest' gui framework ever
-       ;;racket            ; a DSL for DSLs
-       ;;raku              ; the artist formerly known as perl6
-       ;;rest              ; Emacs as a REST client
-       ;;rst               ; ReST in peace
-       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
-       ;;rust              ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
-       ;;scala             ; java, but good
-       ;;(scheme +guile)   ; a fully conniving family of lisps
-       sh                ; she sells {ba,z,fi}sh shells on the C xor
-       ;;sml
-       ;;solidity          ; do you need a blockchain? No.
-       ;;swift             ; who asked for emoji variables?
-       ;;terra             ; Earth and Moon in alignment for performance.
-       ;;web               ; the tubes
-       ;;yaml              ; JSON, but readable
-       ;;zig               ; C, but simpler
-
-       :email
-       ;;(mu4e +gmail)
-       ;;notmuch
-       ;;(wanderlust +gmail)
-
-       :app
-       ;;calendar
-       ;;emms
-       ;;everywhere        ; *leave* Emacs!? You must be joking
-       ;;irc               ; how neckbeards socialize
-       ;;(rss +org)        ; emacs as an RSS reader
-       ;;twitter           ; twitter client https://twitter.com/vnought
-
-       :config
-       ;;literate
-       (default +bindings +smartparens))

homes/palo/editor.nix

@@ -1,11 +0,0 @@
-{
-  programs.vim = {
-    enable = true;
-    defaultEditor = true;
-  };
-
-  programs.helix = {
-    enable = true;
-    # defaultEditor = true;
-  };
-}

homes/palo/git.nix

@@ -10,16 +10,25 @@ with pkgs;
       key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
       signByDefault = true;
     };
-    ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
+    ignores = [
+      "*.swp"
+      "*~"
+      ".idea"
+      "*.iml"
+      ".*penis.*"
+      "result"
+      ".envrc"
+      ".direnv"
+    ];
     extraConfig = {
       init.defaultBranch = "main";
       pull.ff = "only";
+      push.autoSetupRemote = true;
     };
     #diff-so-fancy.enable = true;
     difftastic.enable = true;
   };
 
-
   home.packages = [
     pre-commit
     gita

homes/palo/gpg.nix

@@ -12,8 +12,7 @@
       keyserver = "keyserver.ubuntu.com";
       personal-digest-preferences = "SHA512";
       cert-digest-algo = "SHA512";
-      default-preference-list =
-        "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+      default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
     };
   };
 

homes/palo/gui/alacritty.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 with lib;
 {
 

homes/palo/gui/kitty.nix

@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
 with lib;
 {
 
@@ -31,6 +36,5 @@ with lib;
       };
     };
 
-
   };
 }

homes/palo/hyperland.nix

@@ -1,161 +0,0 @@
-{ pkgs, ... }:
-{
-
-  home.file.".config/hypr/hyperland.conf".text = ''
-    autogenerated = 1 # remove this line to remove the warning
-    # See https://wiki.hyprland.org/Configuring/Monitors/
-    monitor=,preferred,auto,auto
-
-    # Some default env vars.
-    env = XCURSOR_SIZE,24
-
-    # For all categories, see https://wiki.hyprland.org/Configuring/Variables/
-    input {
-        kb_layout = us
-        kb_variant =
-        kb_model =
-        kb_options =
-        kb_rules =
-
-        follow_mouse = 1
-
-        touchpad {
-            natural_scroll = no
-        }
-
-        sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
-    }
-
-    general {
-        # See https://wiki.hyprland.org/Configuring/Variables/ for more
-
-        gaps_in = 5
-        gaps_out = 20
-        border_size = 2
-        col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
-        col.inactive_border = rgba(595959aa)
-
-        layout = dwindle
-
-        # Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
-        allow_tearing = false
-    }
-
-    decoration {
-        # See https://wiki.hyprland.org/Configuring/Variables/ for more
-
-        rounding = 10
-
-        blur {
-            enabled = true
-            size = 3
-            passes = 1
-        }
-
-        drop_shadow = yes
-        shadow_range = 4
-        shadow_render_power = 3
-        col.shadow = rgba(1a1a1aee)
-    }
-
-    animations {
-        enabled = yes
-
-        # Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
-
-        bezier = myBezier, 0.05, 0.9, 0.1, 1.05
-
-        animation = windows, 1, 7, myBezier
-        animation = windowsOut, 1, 7, default, popin 80%
-        animation = border, 1, 10, default
-        animation = borderangle, 1, 8, default
-        animation = fade, 1, 7, default
-        animation = workspaces, 1, 6, default
-    }
-
-    dwindle {
-        # See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
-        pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
-        preserve_split = yes # you probably want this
-    }
-
-    master {
-        # See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
-        new_is_master = true
-    }
-
-    gestures {
-        # See https://wiki.hyprland.org/Configuring/Variables/ for more
-        workspace_swipe = off
-    }
-
-    misc {
-        # See https://wiki.hyprland.org/Configuring/Variables/ for more
-        force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
-    }
-
-    # Example per-device config
-    # See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
-    device:epic-mouse-v1 {
-        sensitivity = -0.5
-    }
-
-    # See https://wiki.hyprland.org/Configuring/Keywords/ for more
-    $mainMod = SUPER
-
-    # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
-    bind = $mainMod, enter, exec, alacritty
-    bind = $mainMod, C, killactive,
-    bind = $mainMod, Q, exit,
-    bind = $mainMod, E, exec, dolphin
-    bind = $mainMod, V, togglefloating,
-    bind = $mainMod, R, exec, wofi --show drun
-    bind = $mainMod, P, pseudo, # dwindle
-    bind = $mainMod, J, togglesplit, # dwindle
-
-    # Move focus with mainMod + arrow keys
-    bind = $mainMod, left, movefocus, l
-    bind = $mainMod, right, movefocus, r
-    bind = $mainMod, up, movefocus, u
-    bind = $mainMod, down, movefocus, d
-
-    # Switch workspaces with mainMod + [0-9]
-    bind = $mainMod, 1, workspace, 1
-    bind = $mainMod, 2, workspace, 2
-    bind = $mainMod, 3, workspace, 3
-    bind = $mainMod, 4, workspace, 4
-    bind = $mainMod, 5, workspace, 5
-    bind = $mainMod, 6, workspace, 6
-    bind = $mainMod, 7, workspace, 7
-    bind = $mainMod, 8, workspace, 8
-    bind = $mainMod, 9, workspace, 9
-    bind = $mainMod, 0, workspace, 10
-
-    # Move active window to a workspace with mainMod + SHIFT + [0-9]
-    bind = $mainMod SHIFT, 1, movetoworkspace, 1
-    bind = $mainMod SHIFT, 2, movetoworkspace, 2
-    bind = $mainMod SHIFT, 3, movetoworkspace, 3
-    bind = $mainMod SHIFT, 4, movetoworkspace, 4
-    bind = $mainMod SHIFT, 5, movetoworkspace, 5
-    bind = $mainMod SHIFT, 6, movetoworkspace, 6
-    bind = $mainMod SHIFT, 7, movetoworkspace, 7
-    bind = $mainMod SHIFT, 8, movetoworkspace, 8
-    bind = $mainMod SHIFT, 9, movetoworkspace, 9
-    bind = $mainMod SHIFT, 0, movetoworkspace, 10
-
-    # Example special workspace (scratchpad)
-    bind = $mainMod, S, togglespecialworkspace, magic
-    bind = $mainMod SHIFT, S, movetoworkspace, special:magic
-
-    # Scroll through existing workspaces with mainMod + scroll
-    bind = $mainMod, mouse_down, workspace, e+1
-    bind = $mainMod, mouse_up, workspace, e-1
-
-    # Move/resize windows with mainMod + LMB/RMB and dragging
-    bindm = $mainMod, mouse:272, movewindow
-    bindm = $mainMod, mouse:273, resizewindow
-
-  '';
-
-}
-

homes/palo/i3.nix

@@ -1,8 +1,20 @@
-{ config, lib, pkgs, osConfig, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  osConfig,
+  ...
+}:
 with lib;
 let
 
-  rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
+  rofi = pkgs.rofi.override {
+    plugins = [
+      pkgs.rofi-emoji
+      pkgs.rofi-calc
+      pkgs.xdotool
+    ];
+  };
 
   backgroundCommand = pkgs.writers.writeDash "background" ''
     ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@@ -43,14 +55,15 @@ in
         pkgs.autorandr
         pkgs.polygon-art.polygon-art
         pkgs.xdotool # needed for rofi-emoji
+        pkgs.xclicker # makes stuff much easier
       ];
 
     programs.i3status-rust = {
       enable = true;
       bars = {
         my = {
-          icons = "awesome5";
-          theme = "gruvbox-light";
+          icons = "material-nf"; # nerd fonts (influenced by stylix.font settings)
+          theme = "gruvbox-light"; # not configured by stylix yet.
           # https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
           blocks = [
             {
@@ -74,36 +87,37 @@ in
               format = "$icon $percentage $time";
             }
             { block = "uptime"; }
-            {
-              block = "taskwarrior";
-              interval = 60;
-              format = " $icon $count.eng(w:3) todo ";
-              format_singular = " $icon 1 task ";
-              format_everything_done = "";
-              warning_threshold = 10;
-              critical_threshold = 20;
-              filters = [
-                {
-                  name = "active";
-                  filter = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )";
-                }
-              ];
-            }
-            {
-              block = "taskwarrior";
-              interval = 60;
-              format = " $icon $count.eng(w:2) ";
-              format_singular = " $icon 1 task ";
-              format_everything_done = "";
-              warning_threshold = 3;
-              critical_threshold = 5;
-              filters = [
-                {
-                  name = "started";
-                  filter = "+PENDING and +ACTIVE";
-                }
-              ];
-            }
+            # interferes with `bugwarrior pull`
+            #            {
+            #              block = "taskwarrior";
+            #              interval = 60;
+            #              format = " $icon $count.eng(w:3) todo ";
+            #              format_singular = " $icon 1 task ";
+            #              format_everything_done = "";
+            #              warning_threshold = 10;
+            #              critical_threshold = 20;
+            #              filters = [
+            #                {
+            #                  name = "active";
+            #                  filter = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )";
+            #                }
+            #              ];
+            #            }
+            #            {
+            #              block = "taskwarrior";
+            #              interval = 60;
+            #              format = " $icon $count.eng(w:2) ";
+            #              format_singular = " $icon 1 task ";
+            #              format_everything_done = "";
+            #              warning_threshold = 3;
+            #              critical_threshold = 5;
+            #              filters = [
+            #                {
+            #                  name = "started";
+            #                  filter = "+PENDING and +ACTIVE";
+            #                }
+            #              ];
+            #            }
             {
               block = "time";
               interval = 60;
@@ -112,7 +126,7 @@ in
             {
               block = "tea_timer";
               format = " $icon {$minutes:$seconds |}";
-              done_cmd = "${pkgs.noti}/bin/noti -t 'Timer Finished'";
+              done_cmd = "${pkgs.noti}/bin/noti -o -t 'Timer Finished' || ${pkgs.noti}/bin/noti -t 'Timer Finished'";
             }
           ];
         };
@@ -140,21 +154,25 @@ in
           focus = {
             followMouse = true;
           };
-          colors.focused =
-            with config.lib.stylix.colors.withHashtag;
+          colors.focused = with config.lib.stylix.colors.withHashtag; {
+            # stylix color overrides
+            border = lib.mkForce base08;
+            background = lib.mkForce base0A;
+            text = lib.mkForce base00;
+          };
+          startup = [
+            #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
             {
-              # stylix color overrides
-              border = lib.mkForce base08;
-              background = lib.mkForce base0A;
-              text = lib.mkForce base00;
-            };
-          startup =
-            [
-              #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
-              { command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
-              { command = toString backgroundCommand; always = true; }
-              {
-                command = toString (pkgs.writers.writeDash "xsettings" ''
+              command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
+              always = true;
+            }
+            {
+              command = toString backgroundCommand;
+              always = true;
+            }
+            {
+              command = toString (
+                pkgs.writers.writeDash "xsettings" ''
                   # to allow sudo commands to access X
                   ${pkgs.xorg.xhost}/bin/xhost +
                   # no shitty pcspkr crap
@@ -162,13 +180,15 @@ in
                   # no sleeping monitor
                   ${pkgs.xorg.xset}/bin/xset -dpms
                   ${pkgs.xorg.xset}/bin/xset s off
-                '');
-                always = true;
-              }
-            ];
+                ''
+              );
+              always = true;
+            }
+          ];
           bars = [
-            (config.lib.stylix.i3.bar //
-              {
+            (
+              config.lib.stylix.i3.bar
+              // {
                 #mode = "hide";
                 hiddenState = "hide";
                 position = "top";
@@ -188,6 +208,19 @@ in
             in
             {
               "Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
+
+              # --- Brightness controls --- #
+              "XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
+              "XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
+
+              # --- Pulse/Pipewire Audio controls --- #
+              "XF86AudioRaiseVolume" =
+                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
+              "XF86AudioLowerVolume" =
+                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
+              "XF86AudioMute" =
+                "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
+
               "${modifier}+Return" = "exec ${cfg.config.terminal}";
               "${modifier}+Shift+q" = "exit";
               "${modifier}+q" = "kill";
@@ -204,6 +237,9 @@ in
               "${modifier}+Shift+Up" = "move up";
               "${modifier}+Shift+Right" = "move right";
 
+              # sticky window toggle
+              "${modifier}+Shift+s" = "sticky toggle";
+
               "${modifier}+h" = "split h";
               "${modifier}+v" = "split v";
               "${modifier}+f" = "fullscreen toggle";
@@ -286,7 +322,8 @@ in
               "${modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
               "${modifier}+Shift+c" = "reload";
               "${modifier}+Shift+r" = "restart";
-              "${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
+              "${modifier}+Shift+e" =
+                "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
 
               "${modifier}+r" = "mode resize";
 

homes/palo/packages/development.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 with pkgs;
 with lib;
 {
@@ -11,59 +16,49 @@ with lib;
 
         # general
         jetbrains.idea-ultimate
-        #vscode
+        vscode
 
-        zed-editor
+        #zed-editor
+
+        # minicom # for flipper zero
 
         #jetbrains.mps
-        jetbrains.datagrip
+        #jetbrains.datagrip
 
         # Rust
         # ----
-        jetbrains.rust-rover
-        gcc
-        rustup
+        #jetbrains.rust-rover
+        #gcc
+        #rustup
 
         # Python
         # ------
         jetbrains.pycharm-professional
 
-        # planing
-        ((ganttproject-bin.override {
-          jre = pkgs.openjdk11;
-        }).overrideAttrs (old: {
-          version = "3.1.3100";
-          src = pkgs.fetchzip {
-            url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
-            sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
-          };
-        }))
-
         # Pkl
         # ---
         # pkl (not working yet)
 
         # terminal code to image/movie renderer
-        vhs
-        carbon-now-cli
         asciinema
+        asciinema-agg
         asciinema-scenario
-        asciinema
-
-        legacy_2311.blockdiag
+        carbon-now-cli
+        termtosvg
+        vhs
 
         # nomad
-        nomad
-        vault
-        consul
-        wander
+        #nomad
+        #vault
+        #consul
+        #wander
 
         # terraform
         terragrunt
         terraform
         terraform-docs
         awscli2
-        packer
+        #packer
 
         # documentation renderers
         mdbook
@@ -72,23 +67,17 @@ with lib;
 
         marp-cli # markdown to presentation framework
 
-        # terminal recorder
-        asciinema
-        asciinema-agg
-        asciinema-scenario
-        termtosvg
-
         #surrealist
-        surrealdb
+        #surrealdb # fixme: not working because of rust update or something
 
         boxes
 
-        nodePackages.prettier
-        shfmt
-        black
-        pre-commit
-        nixpkgs-fmt
-        treefmt
+        #nodePackages.prettier
+        #shfmt
+        #black
+        #pre-commit
+        #nixpkgs-fmt
+        #treefmt
 
         # python
         python3Full
@@ -101,7 +90,8 @@ with lib;
     {
       home.packages =
         let
-          pandocScript = { inputFormat, outputFormat }:
+          pandocScript =
+            { inputFormat, outputFormat }:
             pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
               ${pkgs.pandoc}/bin/pandoc \
                 --from ${inputFormat} \
@@ -116,7 +106,7 @@ with lib;
           tmux
 
           nethogs
-          netsniff-ng
+          #netsniff-ng # build problems
           iftop
 
           # shell
@@ -124,6 +114,7 @@ with lib;
           yq-go
           gojq
           jq
+          fx
           ijq
           miller
 
@@ -135,10 +126,26 @@ with lib;
             ${pkgs.less}/bin/less
           '')
 
-        ] ++ (map pandocScript (lib.cartesianProduct {
-          inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
-          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
-        }));
+        ]
+        ++ (map pandocScript (
+          lib.cartesianProduct {
+            inputFormat = [
+              "man"
+              "markdown"
+              "mediawiki"
+              "asciidoc"
+            ];
+            outputFormat = [
+              "mediawiki"
+              "docbook5"
+              "html5"
+              "man"
+              "jira"
+              "markdown"
+              "asciidoc"
+            ];
+          }
+        ));
 
     }
   ];

homes/palo/packages/graphics.nix

@@ -1,28 +1,56 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with pkgs;
 with lib;
+let
+  use_override = false;
+  bambu-studio =
+    if use_override then
+      pkgs.bambu-studio.overrideAttrs (old: rec {
+        version = "01.10.02.76";
+        src = pkgs.fetchFromGitHub {
+          owner = "bambulab";
+          repo = "BambuStudio";
+          rev = "v${version}";
+          hash = "sha256-LvAi3I5lnnumhOUagyej28uVy0Lgd3e19HNQXOUWSvQ=";
+        };
+      })
+    else
+      pkgs.bambu-studio;
+in
 {
   config = mkIf config.gui.enable {
 
     home.packages = [
 
-      pureref
-      valentina
+      #pureref
       gimp
       inkscape
       imagemagick
-      nsxiv
       blender
       lightburn
-      colorpicker
+
+      # to convert HEIC -> JPG
+      # heif-dec -q 92 <name>.HEIC
+      libheif
+      darktable
 
       # CAD & 3D Plotting
       openscad
       fstl
-      legacy_2311.cura
+
+      orca-slicer
+      bambu-studio
 
       qrencode
 
+      xclicker
+      xdotool
+
     ];
 
   };

homes/palo/packages/logseq.nix

@@ -1,10 +1,15 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with pkgs;
 with lib;
 {
   config = mkIf config.gui.enable {
     home.packages = [
-      pkgs.legacy_2405.logseq
+      pkgs.logseq
     ];
     #home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
     #  {

homes/palo/packages/media.nix

@@ -1,5 +1,9 @@
-{ pkgs, lib, config, ... }:
-with pkgs;
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 with lib;
 {
 
@@ -7,25 +11,24 @@ with lib;
 
     (mkIf config.gui.enable {
       home.packages = [
-        freetube
-        vlc
+
+        pkgs.share-via-http
+
+        pkgs.freetube
+        pkgs.vlc
 
         # music editors
         # =============
-        picard # musicbrainz editor
-        #kid3-qt # id3 tag editor
-        easytag
-        dconf
+        pkgs.picard # musicbrainz editor
+        pkgs.easytag
+        pkgs.dconf
+
+        pkgs.jellyfin-mpv-shim
 
       ];
     })
     {
-      home.packages = [
-
-        # music editors
-        # =============
-        kid3-cli
-      ];
+      home.packages = [ ];
     }
   ];
 }

homes/palo/packages/nextcloud.nix

@@ -1,10 +1,16 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with pkgs;
 with lib;
 let
-  nextcloud-client = pkgs.legacy_2311.nextcloud-client;
+  nextcloud-client = pkgs.nextcloud-client;
 
-  nextcloudSync = folder:
+  nextcloudSync =
+    folder:
     let
       password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
       user = "palo";
@@ -16,19 +22,18 @@ let
         "https://${user}:${password}@nextcloud.ingolf-wagner.de"
     '';
 
-  borrow = pkgs.writers.writeDashBin "borrow"
-    ''
-      ${getExe hledger-ui} \
-        --all \
-        --theme=terminal \
-        --file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
+  borrow = pkgs.writers.writeDashBin "borrow" ''
+    ${getExe hledger-ui} \
+      --all \
+      --theme=terminal \
+      --file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
 
-      ${getExe gum} confirm \
-          --affirmative="update" \
-          --negative="skip" \
-          --default=false \
-          "Syncronize with Nextcloud?" && ${getExe(nextcloudSync "Unterlagen")}
-    '';
+    ${getExe gum} confirm \
+        --affirmative="update" \
+        --negative="skip" \
+        --default=false \
+        "Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")}
+  '';
 in
 {
 
@@ -46,6 +51,7 @@ in
       (nextcloudSync "Kunstbuch")
       (nextcloudSync "Flipper")
       (nextcloudSync "AWS-SolutionArchitect-Professional")
+      (nextcloudSync "windows")
 
       borrow
 

homes/palo/packages/packages.nix

@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with pkgs;
 with lib;
 {
@@ -8,7 +13,6 @@ with lib;
     # ¯\_(ツ)_/¯
     home.packages = [
 
-
       nixos-shell
 
       # bluetooth gui
@@ -47,6 +51,18 @@ with lib;
       # office
       pdfarranger
 
+      # sewing
+      #seamly2d
+      #valentina
+
+      # xorg/x11 macros
+      # ---------------
+      # wait 2 secs, than record mouse movements (use Ctrl-C to stop recording)
+      # > cnee --record --mouse -o ./mouse-events.xnl --time 2
+      # replay 3 times the mouse movements (zsh only)
+      # > repeat 3 cnee --time 2 --replay -f ./mouse-events.xnl
+      xnee
+
     ];
 
   };

homes/palo/packages/social.nix

@@ -1,14 +1,18 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with pkgs;
 with lib;
 {
 
   config = mkIf config.gui.enable {
-    programs.obs-studio.enable = true;
+    programs.obs-studio.enable = false;
     home.packages = [
       emoji-picker
       signal-desktop
-      legacy_2311.fluffychat
     ];
 
   };