lint checks, formatting, update statix url

flake.lock

@@ -266,11 +266,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751117291,
+        "lastModified": 1757763404,
-        "narHash": "sha256-iOeiPypZkl6uPL5mQ4aFG4wYVs9w9BJZ2/5XHlLgyIk=",
+        "narHash": "sha256-a1h+58wDOtbQXrHoZwLwB7PhXwFhBXRHhNRhAQGq/oY=",
         "ref": "refs/heads/main",
-        "rev": "2a4818dc2158cbdad34a701ab12d0b1cf7f52c46",
+        "rev": "07a5fbca27ec941c841ad93f2ac65bc529225a51",
-        "revCount": 45,
+        "revCount": 46,
         "type": "git",
         "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-cli.git"
       },
@@ -290,11 +290,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752323001,
+        "lastModified": 1757763091,
-        "narHash": "sha256-YEcYegmlv12yN9VWrz2qt0nyL+9EeGIlrDvac8Pf7Cw=",
+        "narHash": "sha256-V3E6JKGzCrq5u+hp38sAdKv/EoxU+X0qfSoBIPxALi4=",
         "ref": "refs/heads/main",
-        "rev": "75a0ae7a59e687bea5f92791a2d64c048f35846d",
+        "rev": "493b7b0343334019b372176f811a966839ba9aa5",
-        "revCount": 119,
+        "revCount": 121,
         "type": "git",
         "url": "https://git.berlin.ccc.de/servicepoint/servicepoint-simulator.git"
       },
@@ -358,11 +358,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755431984,
+        "lastModified": 1757847061,
-        "narHash": "sha256-iBgSdzkta6zQ2eIRWjmJTLZ3b1e1EZiCyCPcgCdqPGU=",
+        "narHash": "sha256-YW8fpD35tD+1zTkxk0WhP7FJSL15JlFfG7tscgkdI+A=",
         "ref": "refs/heads/main",
-        "rev": "31abcb7a9583c4ed931f658eca3e3c1970e60814",
+        "rev": "ddff8c9b206564dd9b9007e4e894afa6f7860fc8",
-        "revCount": 28,
+        "revCount": 30,
         "type": "git",
         "url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus"
       },

flake.nix

@@ -1,7 +1,6 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
-
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
 
     home-manager = {
@@ -50,7 +49,7 @@
   };
 
   outputs =
-    inputs@{
+    {
       self,
       nixpkgs,
       home-manager,
@@ -59,31 +58,74 @@
       nixpkgs-unstable,
       servicepoint-cli,
       servicepoint-simulator,
-      naersk,
       nix-vscode-extensions,
       ...
     }:
     let
       devices = {
-        vinzenz-lpt2 = "x86_64-linux";
+        vinzenz-lpt2 = {
-        vinzenz-pc2 = "x86_64-linux";
+          system = "x86_64-linux";
-        ronja-pc = "x86_64-linux";
+          additional-modules = [
-        hetzner-vpn2 = "aarch64-linux";
+            self.nixosModules.user-vinzenz
-        forgejo-runner-1 = "aarch64-linux";
+
+            self.nixosModules.gnome
+            self.nixosModules.wine-gaming
+            self.nixosModules.steam
+            self.nixosModules.printing
+            self.nixosModules.podman
+            self.nixosModules.vinzenz-desktop-settings
+            self.nixosModules.intel-graphics
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) vinzenz;
+          };
+        };
+        vinzenz-pc2 = {
+          system = "x86_64-linux";
+          additional-modules = [
+            self.nixosModules.user-vinzenz
+            self.nixosModules.user-ronja
+
+            self.nixosModules.gnome
+            self.nixosModules.wine-gaming
+            self.nixosModules.steam
+            self.nixosModules.printing
+            self.nixosModules.podman
+            self.nixosModules.vinzenz-desktop-settings
+            self.nixosModules.amd-graphics
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) vinzenz ronja;
+          };
+        };
+        ronja-pc = {
+          system = "x86_64-linux";
+          additional-modules = [
+            self.nixosModules.user-ronja
+
+            self.nixosModules.gnome
+            self.nixosModules.steam
+            self.nixosModules.wine-gaming
+            self.nixosModules.vinzenz-desktop-settings
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) ronja;
+          };
+        };
+        hetzner-vpn2 = {
+          system = "aarch64-linux";
+        };
+        forgejo-runner-1 = {
+          system = "aarch64-linux";
+          additional-modules = [ self.nixosModules.podman ];
+        };
       };
-      homeDevices = [
+      inherit (nixpkgs) lib;
-        "vinzenz-lpt2"
+      forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
-        "vinzenz-pc2"
+      supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
-        "ronja-pc"
-      ];
-      forDevice = f: nixpkgs.lib.mapAttrs f devices;
-      supported-systems = [
-        "x86_64-linux"
-        "aarch64-linux"
-      ];
       forAllSystems =
         f:
-        nixpkgs.lib.genAttrs supported-systems (
+        lib.genAttrs supported-systems (
           system:
           f rec {
             inherit system;
@@ -91,67 +133,141 @@
           }
         );
     in
-    rec {
+    {
+      lib = {
+        importDir =
+          dir:
+          (lib.attrsets.mapAttrs' (
+            m: _:
+            lib.attrsets.nameValuePair (lib.strings.removeSuffix ".nix" m) { imports = [ "${dir}/${m}" ]; }
+          ) (builtins.readDir dir));
+      };
+
+      overlays = {
+        unstable-packages = final: prev: {
+          unstable = import nixpkgs-unstable {
+            inherit (prev) system config;
+          };
+        };
+      };
+
+      nixosModules = (self.lib.importDir ./nixosModules) // {
+        niri = {
+          imports = [ niri.nixosModules.niri ];
+          nixpkgs.overlays = [ niri.overlays.niri ];
+        };
+        pkgs-unstable = {
+          nixpkgs.overlays = [ self.overlays.unstable-packages ];
+        };
+        pkgs-vscode-extensions = {
+          nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
+        };
+        # required modules to use other modules, should not do anything on their own
+        default = {
+          imports = [ self.nixosModules.allowed-unfree-list ];
+        };
+      };
+
+      homeModules = self.lib.importDir ./homeModules;
+      homeConfigurations = self.lib.importDir ./homeConfigurations;
+
+      formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
+
       nixosConfigurations = forDevice (
-        device: system:
+        {
+          device,
+          system,
+          home-manager-users ? { },
+          additional-modules ? [ ],
+        }:
         let
           specialArgs = {
-            inherit inputs device;
+            inherit device;
           };
         in
         nixpkgs.lib.nixosSystem {
           inherit system specialArgs;
           modules = [
-            { networking.hostName = device; }
-
-            ./modules/globalinstalls.nix
-            ./modules/networking.nix
-            ./modules/nixpkgs.nix
-            ./modules/lix.nix
-
-            ./hosts/${device}/hardware.nix
-            ./hosts/${device}/imports.nix
-            ./hosts/${device}/configuration.nix
-
             {
+              networking.hostName = device;
+              nixpkgs = {
+                inherit system;
+                hostPlatform = lib.mkDefault system;
+              };
+              system = {
+                stateVersion = "22.11";
+                autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
+              };
+
               nixpkgs.overlays = [
-                overlays.unstable-packages
+                self.overlays.unstable-packages
               ];
+
+              nix.settings.experimental-features = [
+                "nix-command"
+                "flakes"
+              ];
+
+              documentation = {
+                info.enable = false; # info pages and the info command
+                doc.enable = false; # documentation distributed in packages' /share/doc
+              };
             }
+
+            ./nixosConfigurations/${device}
+
+            self.nixosModules.default
+            self.nixosModules.lix-is-nix
+            self.nixosModules.globalinstalls
+            self.nixosModules.autoupdate
+            self.nixosModules.openssh
+            self.nixosModules.tailscale
+            self.nixosModules.allowed-unfree-list
+            self.nixosModules.extra-caches
+            self.nixosModules.systemd-boot
+
+            zerforschen-plus.nixosModules.default
           ]
-          ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
+          ++ (nixpkgs.lib.optionals (home-manager-users != { }) [
-            home-manager.nixosModules.home-manager
-            { home-manager.extraSpecialArgs = specialArgs; }
-            ./modules/home-manager.nix
-
-            ./modules/i18n.nix
-
-            niri.nixosModules.niri
             {
-              nixpkgs.overlays = [
+              home-manager = {
-                niri.overlays.niri
+                extraSpecialArgs = specialArgs;
-                overlays.servicepoint-packages
+                useGlobalPkgs = true;
-                nix-vscode-extensions.overlays.default
+                useUserPackages = true;
+              };
+
+              time.timeZone = "Europe/Berlin";
+
+              home-manager.sharedModules = [
+                { home.stateVersion = "22.11"; }
+                self.homeModules.adwaita
+                self.homeModules.git
+                self.homeModules.templates
+                self.homeModules.zsh-basics
+                self.homeModules.nano
+                self.homeModules.gnome-extensions
               ];
+
+              home-manager.users = home-manager-users;
             }
-          ]);
+
+            self.nixosModules.pkgs-unstable
+            self.nixosModules.pkgs-vscode-extensions
+            self.nixosModules.niri
+            self.nixosModules.kdeconnect
+            self.nixosModules.en-de
+            self.nixosModules.gnome
+            self.nixosModules.modern-desktop
+            self.nixosModules.nix-ld
+            self.nixosModules.quiet-boot
+            self.nixosModules.firmware-updates
+
+            home-manager.nixosModules.home-manager
+            servicepoint-simulator.nixosModules.default
+            servicepoint-cli.nixosModules.default
+          ])
+          ++ additional-modules;
         }
       );
-
-      overlays = {
-        unstable-packages = final: prev: {
-          unstable = import nixpkgs-unstable {
-            system = prev.system;
-            config = prev.config;
-          };
-        };
-        servicepoint-packages = final: prev: {
-          servicepoint-cli = servicepoint-cli.legacyPackages."${prev.system}".servicepoint-cli;
-          servicepoint-simulator =
-            servicepoint-simulator.legacyPackages."${prev.system}".servicepoint-simulator;
-        };
-      };
-
-      formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-tree);
     };
 }

home/ronja/default.nix

@@ -1,25 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    # Define user account
-    users.users.ronja = {
-      isNormalUser = true;
-      name = "ronja";
-      description = "Ronja";
-      home = "/home/ronja";
-      extraGroups = [
-        "networkmanager"
-        "wheel"
-        "games"
-        "podman"
-        "openvscode-server"
-      ];
-      shell = pkgs.zsh;
-    };
-
-    home-manager.users.ronja.imports = [
-      ./configuration.nix
-      ./vscode.nix
-    ];
-  };
-}

home/vinzenz/default.nix

@@ -1,51 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    users.users.vinzenz = {
-      isNormalUser = true;
-      name = "vinzenz";
-      description = "Vinzenz";
-      home = "/home/vinzenz";
-      extraGroups = [
-        "networkmanager"
-        "wheel"
-        "games"
-        "dialout"
-        "podman"
-        "nginx"
-        "adbusers"
-        "kvm"
-        "input"
-        "video"
-      ];
-      shell = pkgs.zsh;
-      autoSubUidGidRange = true;
-    };
-
-    nix.settings.trusted-users = [ "vinzenz" ];
-
-    home-manager.users.vinzenz.imports = [
-      ./configuration.nix
-      ./editorconfig.nix
-      ./fuzzel.nix
-      ./git.nix
-      ./gnome.nix
-      #./niri.nix
-      ./ssh.nix
-      ./swaylock.nix
-      ./vscode.nix
-      ./waybar.nix
-      ./zsh.nix
-    ];
-
-    allowedUnfreePackages = [
-      "rider"
-      "pycharm-professional"
-      "jetbrains-toolbox"
-
-      "anydesk"
-
-      "vscode-extension-ms-dotnettools-csharp"
-    ];
-  };
-}

home/vinzenz/gnome.nix

@@ -1,26 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    home.packages =
-      with pkgs.gnomeExtensions;
-      [
-        gsconnect
-        # battery-health-charging
-        quick-settings-tweaker
-        solaar-extension
-        alphabetical-app-grid
-      ]
-      ++ (with pkgs; [ foliate ]);
-
-    dconf.settings = {
-      "org/gnome/shell" = {
-        enabled-extensions = [
-          "GPaste@gnome-shell-extensions.gnome.org"
-          "gsconnect@andyholmes.github.io"
-          "solaar-extension@sidevesh"
-          "AlphabeticalAppGrid@stuarthayhurst"
-        ];
-      };
-    };
-  };
-}

homeConfigurations/ronja/default.nix

@@ -1,5 +1,6 @@
 { config, pkgs, ... }:
 {
+  imports = [ ./vscode.nix ];
   config = {
     home.packages = with pkgs; [
       ## Apps

homeConfigurations/vinzenz/.zsh/p10k.zsh

@@ -60,8 +60,8 @@
     nodeenv                 # node.js environment (https://github.com/ekalinin/nodeenv)
     # node_version          # node.js version
     # go_version            # go version (https://golang.org)
-    # rust_version          # rustc version (https://www.rust-lang.org)
+    rust_version          # rustc version (https://www.rust-lang.org)
-    # dotnet_version        # .NET version (https://dotnet.microsoft.com)
+    dotnet_version        # .NET version (https://dotnet.microsoft.com)
     # php_version           # php version (https://www.php.net/)
     # laravel_version       # laravel php framework version (https://laravel.com/)
     # java_version          # java version (https://www.java.com/)
@@ -756,14 +756,14 @@
   typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0
   # Custom icon.
   # typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐'
-  
+
   ####################[ yazi: yazi shell (https://github.com/sxyazi/yazi) ]#####################
   # Yazi shell color.
   typeset -g POWERLEVEL9K_YAZI_FOREGROUND=3
   typeset -g POWERLEVEL9K_YAZI_BACKGROUND=0
   # Custom icon.
   # typeset -g POWERLEVEL9K_YAZI_VISUAL_IDENTIFIER_EXPANSION='⭐'
-  
+
   ######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]#######################
   # Nnn shell color.
   typeset -g POWERLEVEL9K_NNN_FOREGROUND=0

homeConfigurations/vinzenz/configuration.nix

@@ -56,6 +56,10 @@
     icu
 
     nextcloud-client
+
+    lutris
+
+    foliate
   ];
 
   home.file = {

homeConfigurations/vinzenz/default.nix

@@ -0,0 +1,15 @@
+{
+  imports = [
+    ./configuration.nix
+    ./editorconfig.nix
+    ./fuzzel.nix
+    ./git.nix
+    ./gnome.nix
+    #./niri.nix
+    ./ssh.nix
+    ./swaylock.nix
+    ./vscode.nix
+    ./waybar.nix
+    ./zsh.nix
+  ];
+}

homeConfigurations/vinzenz/editorconfig.nix

@@ -1,4 +1,3 @@
-{ ... }:
 {
   config.editorconfig = {
     enable = true;

homeConfigurations/vinzenz/git.nix

@@ -1,4 +1,3 @@
-{ ... }:
 {
   config.programs.git = {
     enable = true;

homeConfigurations/vinzenz/gnome.nix

@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+{
+  config = {
+    home.packages = with pkgs; [
+      gitg
+      meld
+      simple-scan
+      pinta
+      dconf-editor
+      impression # usb image writer
+      papers # pdf viewer
+      gnome-software # for flatpak apps
+      gnomeExtensions.solaar-extension
+      snapshot
+    ];
+
+    dconf.settings = {
+      "org/gnome/shell".enabled-extensions = [
+        "GPaste@gnome-shell-extensions.gnome.org"
+        "solaar-extension@sidevesh"
+      ];
+      "org/gnome/desktop/interface".color-scheme = "prefer-dark";
+      "org/gnome/desktop/wm/keybindings" = {
+        switch-windows = [ "<Alt>Tab" ];
+        switch-windows-backward = [ "<Shift><Alt>Tab" ];
+        switch-applications = [ "<Super>Tab" ];
+        switch-applications-backward = [ "<Shift><Super>Tab" ];
+      };
+    };
+  };
+}

homeConfigurations/vinzenz/niri.nix

@@ -16,16 +16,7 @@
       name = "adwaita-dark";
     };
 
-    services = {
+    services.mako.enable = true;
-      kdeconnect = {
-        enable = true;
-        # this still shows up in gnome session starting with 25.05
-        # indicator = true;
-      };
-      mako = {
-        enable = true;
-      };
-    };
 
     programs.niri.settings = {
       input.keyboard.xkb.layout = "de";

homeConfigurations/vinzenz/ssh.nix

@@ -1,4 +1,3 @@
-{ ... }:
 {
   config.programs.ssh = {
     enable = true;

homeConfigurations/vinzenz/zsh.nix

@@ -20,7 +20,7 @@
       my-direnvallow = "echo \"use nix\" > .envrc && direnv allow";
       my-ip4 = "ip addr show | grep 192";
       deadnix = "nix run github:astro/deadnix -- ";
-      statix = "nix run git+https://git.peppe.rs/languages/statix -- ";
+      statix = "nix run github:oppiliappan/statix -- ";
     };
 
     history = {

homeModules/adwaita.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  gtk = {
+    enable = true;
+    iconTheme.name = "Adwaita";
+    cursorTheme.name = "Adwaita";
+    theme = {
+      name = "adw-gtk3-dark";
+      package = pkgs.adw-gtk3;
+    };
+  };
+}

homeModules/git.nix

@@ -0,0 +1,13 @@
+{
+  programs = {
+    git = {
+      enable = true;
+      extraConfig.init.defaultBranch = "main";
+    };
+
+    gh = {
+      enable = true;
+      gitCredentialHelper.enable = true;
+    };
+  };
+}

homeModules/gnome-extensions.nix

@@ -0,0 +1,101 @@
+{
+  lib,
+  pkgs,
+  osConfig,
+  config,
+  ...
+}:
+{
+  options.vinzenz.gnome-extensions =
+    let
+      mkDefaultEnabledOption =
+        name:
+        lib.mkOption {
+          default = true;
+          example = false;
+          description = "Whether to enable ${name}.";
+          type = lib.types.bool;
+        };
+    in
+    {
+      enable = mkDefaultEnabledOption "gnome extended options";
+      appindicator.enable = mkDefaultEnabledOption "appindicator";
+      caffeine.enable = mkDefaultEnabledOption "caffeine";
+      tailscale-qs.enable = lib.mkOption {
+        default = osConfig.services.tailscale.enable;
+        example = true;
+        description = "Whether to enable tailscale quick setting.";
+        type = lib.types.bool;
+      };
+      alphabetic-apps.enable = mkDefaultEnabledOption "alphabetic app grid";
+      clock-show-seconds = mkDefaultEnabledOption "clock seconds";
+      show-battery-percentage = mkDefaultEnabledOption "battery percentage";
+      enable-numlock = mkDefaultEnabledOption "num lock on login";
+      enable-systool-warning = lib.mkEnableOption "system configuration tool warning";
+      edge-tiling = mkDefaultEnabledOption "edge tiling";
+      dynamic-workspaces = mkDefaultEnabledOption "dynamic workspaces";
+      tap-to-click = mkDefaultEnabledOption "tap to click";
+      two-finger-scrolling = mkDefaultEnabledOption "two finger scrolling";
+    };
+
+  config =
+    let
+      cfg = config.vinzenz.gnome-extensions;
+    in
+    lib.mkIf cfg.enable (
+      lib.mkMerge [
+        {
+          dconf = {
+            enable = true;
+            settings = {
+              "org/gnome/shell" = {
+                disable-user-extensions = false;
+                disabled-extensions = [ ];
+                enabled-extensions = [ ];
+              };
+
+              "ca/desrt/dconf-editor".show-warning = cfg.enable-systool-warning;
+              "org/gnome/tweaks".show-extensions-notice = cfg.enable-systool-warning;
+              "org/gnome/mutter" = {
+                inherit (cfg) edge-tiling dynamic-workspaces;
+              };
+              "org/gnome/desktop/peripherals/touchpad" = {
+                inherit (cfg) tap-to-click;
+                two-finger-scrolling-enabled = cfg.two-finger-scrolling;
+              };
+              "org/gnome/desktop/interface" = {
+                inherit (cfg) clock-show-seconds show-battery-percentage;
+              };
+            };
+          };
+        }
+
+        (lib.mkIf cfg.tailscale-qs.enable {
+          home.packages = [ pkgs.gnomeExtensions.tailscale-qs ];
+          dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
+        })
+
+        (lib.mkIf cfg.appindicator.enable {
+          home.packages = [ pkgs.gnomeExtensions.appindicator ];
+          dconf.settings."org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" ];
+        })
+
+        (lib.mkIf cfg.caffeine.enable {
+          home.packages = [ pkgs.gnomeExtensions.caffeine ];
+          dconf.settings."org/gnome/shell".enabled-extensions = [ "caffeine@patapon.info" ];
+        })
+
+        (lib.mkIf cfg.alphabetic-apps.enable {
+          home.packages = [ pkgs.gnomeExtensions.alphabetical-app-grid ];
+          dconf.settings = {
+            "org/gnome/shell".enabled-extensions = [ "AlphabeticalAppGrid@stuarthayhurst" ];
+            "org/gnome/shell/extensions/alphabetical-app-grid".folder-order-position = "start";
+          };
+        })
+
+        (lib.mkIf cfg.enable-numlock {
+          dconf.settings."org/gnome/desktop/peripherals/keyboard".numlock-state = true;
+        })
+      ]
+    );
+}

homeModules/nano.nix

@@ -0,0 +1,9 @@
+{
+  home = {
+    sessionVariables.EDITOR = "nano";
+    file.".nanorc".text = ''
+      set linenumbers
+      set mouse
+    '';
+  };
+}

homeModules/templates.nix

@@ -0,0 +1,12 @@
+{
+  home.file = {
+    "Templates/Empty file".text = "";
+    "Templates/Empty bash script".text = ''
+      #!/usr/bin/env bash
+      # abort on error, undefined variables
+      set -eu
+      # print commands before execution
+      set -x
+    '';
+  };
+}

homeModules/zsh-basics.nix

@@ -0,0 +1,13 @@
+{
+  programs = {
+    command-not-found.enable = true;
+    dircolors.enable = true;
+
+    zsh = {
+      enable = true;
+      syntaxHighlighting.enable = true;
+      autosuggestion.enable = true;
+      enableVteIntegration = true;
+    };
+  };
+}

hooks/pre-commit

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+nix fmt
+
+nix flake check --all-systems --show-trace

hosts/forgejo-runner-1/configuration.nix

@@ -1,15 +0,0 @@
-{ ... }:
-{
-  # uncomment for build check on non arm system (requires --impure)
-  # nixpkgs.buildPlatform = builtins.currentSystem;
-  services.tailscale.useRoutingFeatures = "both";
-  system.autoUpgrade.allowReboot = true;
-
-  users.users = {
-    root.openssh.authorizedKeys.keys = [
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
-    ];
-  };
-}

hosts/forgejo-runner-1/imports.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ../../modules/podman.nix
-    ./forgejo-runner.nix
-  ];
-}

hosts/hetzner-vpn2/configuration.nix

@@ -1,21 +0,0 @@
-{ ... }:
-{
-  # uncomment for build check on non arm system (requires --impure)
-  # nixpkgs.buildPlatform = builtins.currentSystem;
-
-  services.tailscale.useRoutingFeatures = "both";
-
-  users.users = {
-    root.openssh.authorizedKeys.keys = [
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
-      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
-    ];
-    #ronja.openssh.authorizedKeys.keys = [
-    #  ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
-    #];
-  };
-
-  system.autoUpgrade.allowReboot = true;
-}

hosts/hetzner-vpn2/imports.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ./nginx.nix
-  ];
-}

hosts/ronja-pc/configuration.nix

@@ -1,26 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-{
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "de";
-    variant = "";
-  };
-
-  # Configure console keymap
-  console.keyMap = "de";
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    #  wget
-  ];
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-}

hosts/ronja-pc/imports.nix

@@ -1,10 +0,0 @@
-{
-  imports = [
-    ../../modules/gnome.nix
-    ../../modules/gaming.nix
-    ../../modules/desktop-environment.nix
-    ../../modules/desktop-hardware.nix
-
-    ../../home/ronja
-  ];
-}

hosts/vinzenz-lpt2/hardware.nix

@@ -1,63 +0,0 @@
-{ lib, ... }:
-{
-  imports = [ ../../modules/intel-graphics.nix ];
-  config = {
-    # intel cpu
-    boot.kernelModules = [
-      "kvm-intel"
-      "xe"
-    ];
-    hardware.cpu.intel.updateMicrocode = true;
-
-    boot.loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-
-    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    # (the default) this is the recommended approach. When using systemd-networkd it's
-    # still possible to use this option, but it's recommended to use it in conjunction
-    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    networking.useDHCP = lib.mkDefault true;
-
-    hardware.enableRedistributableFirmware = true;
-
-    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-    boot.initrd = {
-      availableKernelModules = [
-        "xhci_pci"
-        "thunderbolt"
-        "nvme"
-      ];
-      luks.devices = {
-        "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
-          device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
-        };
-      };
-    };
-
-    fileSystems = {
-      "/" = {
-        device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
-        fsType = "btrfs";
-        options = [ "subvol=@" ];
-      };
-
-      "/boot" = {
-        device = "/dev/disk/by-uuid/E2B7-2BC1";
-        fsType = "vfat";
-      };
-    };
-
-    swapDevices = [
-      {
-        device = "/var/lib/swapfile";
-        size = 32 * 1024;
-      }
-    ];
-
-    services.thermald.enable = true;
-    services.hardware.bolt.enable = true; # thunderbolt security
-  };
-}

hosts/vinzenz-lpt2/imports.nix

@@ -1,14 +0,0 @@
-{
-  imports = [
-    ../../modules/gnome.nix
-    ../../modules/gaming.nix
-    ../../modules/printing.nix
-    ../../modules/podman.nix
-    #../../modules/niri.nix
-    ../../modules/desktop-environment.nix
-    ../../modules/desktop-hardware.nix
-
-    ../../home/vinzenz
-    ../../home/ronja
-  ];
-}

hosts/vinzenz-pc2/hardware.nix

@@ -1,25 +0,0 @@
-{ ... }:
-{
-  imports = [ ../../modules/amd-graphics.nix ];
-  config = {
-    # amd cpu
-    boot.kernelModules = [ "kvm-amd" ];
-    hardware.cpu.amd.updateMicrocode = true;
-
-    boot = {
-      initrd.availableKernelModules = [
-        "nvme"
-        "xhci_pci"
-        "ahci"
-        "usbhid"
-        "sd_mod"
-      ]; # "usb_storage"
-      loader.efi.efiSysMountPoint = "/boot";
-    };
-
-    fileSystems = import ./fstab.nix;
-    swapDevices = [ ];
-
-    networking.interfaces.eno1.wakeOnLan.enable = true;
-  };
-}

hosts/vinzenz-pc2/imports.nix

@@ -1,14 +0,0 @@
-{
-  imports = [
-    ../../modules/gnome.nix
-    ../../modules/gaming.nix
-    ../../modules/printing.nix
-    ../../modules/podman.nix
-    #../../modules/niri.nix
-    ../../modules/desktop-environment.nix
-    ../../modules/desktop-hardware.nix
-
-    ../../home/vinzenz
-    ../../home/ronja
-  ];
-}

modules/amd-graphics.nix

@@ -1,22 +0,0 @@
-{ pkgs, config, ... }:
-{
-  config = {
-    boot.kernelModules = [ "amdgpu" ];
-    services.xserver.videoDrivers = [ "amdgpu" ];
-
-    hardware = {
-      graphics.enable = true;
-      amdgpu = {
-        opencl.enable = true;
-        amdvlk = {
-          # TODO: this creates black borders around GNOME apps
-          # enable = true;
-          # support32Bit.enable = config.hardware.graphics.enable32Bit;
-        };
-        overdrive.enable = true;
-      };
-    };
-
-    environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
-  };
-}

modules/desktop-environment.nix

@@ -1,121 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    services = {
-      xserver.enable = true;
-      libinput.enable = true;
-      flatpak.enable = true;
-      fstrim.enable = true;
-      earlyoom = {
-        enable = true;
-        freeMemThreshold = 5;
-      };
-    };
-
-    # Enable sound with pipewire.
-    security.rtkit.enable = true;
-    services = {
-      pulseaudio.enable = false;
-      pipewire = {
-        enable = true;
-        alsa.enable = true;
-        alsa.support32Bit = true;
-        pulse.enable = true;
-        #jack.enable = true;
-      };
-    };
-
-    programs = {
-      kdeconnect.enable = true;
-      firefox = {
-        enable = true;
-        languagePacks = [
-          "en-US"
-          "de"
-        ];
-      };
-      nix-ld = {
-        enable = true;
-        libraries = with pkgs; [
-          stdenv.cc.cc
-          zlib
-          zstd
-          curl
-          openssl
-          attr
-          libssh
-          bzip2
-          libxml2
-          acl
-          libsodium
-          util-linux
-          xz
-          systemd
-        ];
-      };
-      appimage = {
-        enable = true;
-        binfmt = true;
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPortRanges = [
-          {
-            # KDE Connect / gsconnect
-            from = 1714;
-            to = 1764;
-          }
-        ];
-        allowedUDPPortRanges = [
-          {
-            # KDE Connect / gsconnect
-            from = 1714;
-            to = 1764;
-          }
-        ];
-      };
-    };
-
-    systemd = {
-      # save some boot time because nothing actually requires network connectivity
-      services.NetworkManager-wait-online.enable = false;
-
-      # prevent stuck units from preventing shutdown (default is 120s)
-      extraConfig = ''
-        DefaultTimeoutStopSec=10s
-      '';
-    };
-
-    environment.systemPackages = with pkgs; [
-      lm_sensors
-
-      # office
-      libreoffice-qt
-      hunspell
-      hunspellDicts.de-de
-      hunspellDicts.en-us-large
-    ];
-
-    fonts = {
-      enableDefaultPackages = true;
-      fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
-      packages = with pkgs; [
-        nerd-fonts.fira-code
-        roboto-mono
-        recursive
-      ];
-    };
-
-    hardware.logitech.wireless = {
-      enable = true;
-      enableGraphical = true;
-    };
-
-    system.autoUpgrade = {
-      allowReboot = false;
-      operation = "boot";
-    };
-  };
-}

modules/desktop-hardware.nix

@@ -1,48 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}:
-{
-  config = {
-    boot = {
-      kernelPackages = pkgs.linuxPackages_zen;
-      kernelParams = [
-        "quiet"
-        "udev.log_level=3"
-      ];
-      supportedFilesystems = [ "btrfs" ];
-      initrd.supportedFilesystems = [ "btrfs" ];
-      consoleLogLevel = 0;
-      initrd.verbose = false;
-      plymouth.enable = true;
-      loader = {
-        timeout = 3;
-        efi.canTouchEfiVariables = true;
-        systemd-boot = {
-          enable = true;
-          editor = false; # do not allow changing kernel parameters
-          consoleMode = "max";
-        };
-      };
-    };
-
-    networking.networkmanager.enable = true;
-    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    # (the default) this is the recommended approach. When using systemd-networkd it's
-    # still possible to use this option, but it's recommended to use it in conjunction
-    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    networking.useDHCP = lib.mkDefault true;
-    # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-    # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
-
-    hardware = {
-      enableRedistributableFirmware = true;
-      bluetooth.enable = true;
-    };
-
-    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-    services.fwupd.enable = true;
-  };
-}

modules/gaming.nix

@@ -1,81 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    hardware = {
-      graphics = {
-        enable32Bit = true;
-        extraPackages = with pkgs; [ mangohud ];
-        extraPackages32 = with pkgs; [ mangohud ];
-      };
-
-      steam-hardware.enable = true;
-      xpadneo.enable = true;
-    };
-
-    environment.systemPackages = with pkgs; [
-      wineWowPackages.stagingFull
-      wineWowPackages.fonts
-      winetricks
-      dxvk
-      mangohud
-      vulkan-tools
-      glxinfo
-      lutris
-    ];
-
-    programs = {
-      xwayland.enable = true;
-      steam = {
-        enable = true;
-        remotePlay.openFirewall = true;
-        dedicatedServer.openFirewall = true;
-        localNetworkGameTransfers.openFirewall = true;
-        gamescopeSession.enable = false;
-      };
-      gamemode.enable = true;
-    };
-
-    networking.firewall = {
-      allowedUDPPorts = [
-        # Factorio
-        34197
-
-        # steam network transfer
-        3478
-      ];
-
-      allowedTCPPorts = [
-        # steam network transfer
-        24070
-      ];
-
-      allowedTCPPortRanges = [
-        # steam network transfer
-        {
-          from = 27015;
-          to = 27050;
-        }
-      ];
-
-      allowedUDPPortRanges = [
-        # steam network transfer
-        {
-          from = 4379;
-          to = 4380;
-        }
-        {
-          from = 27000;
-          to = 27100;
-        }
-      ];
-    };
-
-    allowedUnfreePackages = [
-      "steam"
-      "steam-original"
-      "steam-run"
-      "steam-unwrapped"
-      "ut1999"
-    ];
-  };
-}

modules/globalinstalls.nix

@@ -1,34 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    environment = {
-      systemPackages = with pkgs; [
-        ncdu
-        glances
-        iotop
-
-        pciutils
-        lsof
-        dig
-
-        screen
-
-        tldr
-        neofetch
-
-        nix-output-monitor
-      ];
-    };
-
-    programs = {
-      zsh.enable = true;
-      htop.enable = true;
-      iotop.enable = true;
-      git.enable = true;
-      nano = {
-        enable = true;
-        syntaxHighlight = true;
-      };
-    };
-  };
-}

modules/gnome-shared-dconf.nix

@@ -1,46 +0,0 @@
-{
-  "org/gnome/desktop/interface" = {
-    color-scheme = "prefer-dark";
-    clock-show-seconds = true;
-    show-battery-percentage = true;
-  };
-  "org/gnome/mutter" = {
-    edge-tiling = true;
-    dynamic-workspaces = true;
-  };
-  "org/gnome/desktop/peripherals/keyboard" = {
-    numlock-state = true;
-  };
-  "org/gnome/desktop/peripherals/touchpad" = {
-    tap-to-click = true;
-    two-finger-scrolling-enabled = true;
-  };
-  "org/gnome/tweaks" = {
-    show-extensions-notice = false;
-  };
-  "org/gnome/shell" = {
-    disable-user-extensions = false;
-    disabled-extensions = [ ];
-    enabled-extensions = [
-      "tailscale@joaophi.github.com"
-      "appindicatorsupport@rgcjonas.gmail.com"
-      "workspace-indicator@gnome-shell-extensions.gcampax.github.com"
-      "caffeine@patapon.info"
-    ];
-  };
-  "ca/desrt/dconf-editor" = {
-    show-warning = false;
-  };
-  "org/gnome/desktop/wm/keybindings" = {
-    switch-windows = [ "<Alt>Tab" ];
-    switch-windows-backward = [ "<Shift><Alt>Tab" ];
-    switch-applications = [ "<Super>Tab" ];
-    switch-applications-backward = [ "<Shift><Super>Tab" ];
-  };
-  "org/gnome/shell/extensions/alphabetical-app-grid" = {
-    folder-order-position = "start";
-  };
-  "org/gnome/shell/extensions/gsconnect" = {
-    enabled = true;
-  };
-}

modules/gnome.nix

@@ -1,101 +0,0 @@
-{ pkgs, ... }:
-{
-  config = {
-    services = {
-      xserver = {
-        # Enable the GNOME Desktop Environment.
-        desktopManager.gnome = {
-          enable = true;
-          extraGSettingsOverridePackages = [ pkgs.mutter ];
-          extraGSettingsOverrides = ''
-            [org.gnome.mutter]
-            experimental-features=['scale-monitor-framebuffer']
-          '';
-        };
-        displayManager.gdm.enable = true;
-        excludePackages = with pkgs; [ xterm ];
-      };
-
-      displayManager.defaultSession = "gnome";
-
-      gnome = {
-        tinysparql.enable = false;
-        localsearch.enable = false;
-        sushi.enable = true;
-        gnome-remote-desktop.enable = true;
-      };
-    };
-
-    programs = {
-      dconf.enable = true;
-      gpaste.enable = true;
-      kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
-    };
-
-    # remove some gnome default apps
-    environment.gnome.excludePackages = with pkgs; [
-      cheese # photo booth
-      epiphany # web browser
-      evince # document viewer
-      geary # email client
-      gnome-maps
-      gnome-weather
-      gnome-tour
-      sysprof
-      orca # screen reader
-      gnome-weather
-      gnome-backgrounds
-      gnome-user-docs
-      yelp # help app
-      # gnome-music
-      # totem # video player
-      # snapshot # camera
-      # baobab # disk usage
-    ];
-
-    # RDP connections
-    networking.firewall.allowedTCPPorts = [ 3389 ];
-
-    home-manager.sharedModules = [
-      {
-        home.packages =
-          with pkgs;
-          [
-            gitg
-            meld
-            simple-scan
-            pinta
-            dconf-editor
-            gpaste
-            ghex
-            impression
-            papers
-
-            # graphical installer for flatpak apps
-            gnome-software
-          ]
-          ++ (with gnomeExtensions; [
-            caffeine
-            appindicator
-          ]);
-
-        dconf.settings = import ./gnome-shared-dconf.nix;
-
-        gtk = {
-          enable = true;
-          iconTheme.name = "Adwaita";
-          cursorTheme.name = "Adwaita";
-          theme = {
-            name = "adw-gtk3-dark";
-            package = pkgs.adw-gtk3;
-          };
-        };
-      }
-
-      {
-        home.packages = with pkgs; [ trayscale ] ++ (with gnomeExtensions; [ tailscale-qs ]);
-        dconf.settings."org/gnome/shell".enabled-extensions = [ "tailscale@joaophi.github.com" ];
-      }
-    ];
-  };
-}

modules/home-manager.nix

@@ -1,61 +0,0 @@
-_: {
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    sharedModules = [
-      # set stateVersion
-      { home.stateVersion = "22.11"; }
-      # make nano the default editor
-      {
-        home = {
-          sessionVariables.EDITOR = "nano";
-          file.".nanorc".text = ''
-            set linenumbers
-            set mouse
-          '';
-        };
-      }
-      # command line niceness
-      {
-        programs = {
-          command-not-found.enable = true;
-          dircolors.enable = true;
-
-          zsh = {
-            enable = true;
-            syntaxHighlighting.enable = true;
-            autosuggestion.enable = true;
-            enableVteIntegration = true;
-          };
-        };
-      }
-      # common git config
-      {
-        programs = {
-          git = {
-            enable = true;
-            extraConfig.init.defaultBranch = "main";
-          };
-
-          gh = {
-            enable = true;
-            gitCredentialHelper.enable = true;
-          };
-        };
-      }
-      # Templates
-      {
-        home.file = {
-          "Templates/Empty file".text = "";
-          "Templates/Empty bash script".text = ''
-            #!/usr/bin/env bash
-            # abort on error, undefined variables
-            set -eu
-            # print commands before execution
-            set -x
-          '';
-        };
-      }
-    ];
-  };
-}

modules/i18n.nix

@@ -1,19 +0,0 @@
-_: {
-  config = {
-    time.timeZone = "Europe/Berlin";
-    i18n = {
-      defaultLocale = "en_US.UTF-8";
-      extraLocaleSettings = {
-        LC_ADDRESS = "de_DE.UTF-8";
-        LC_IDENTIFICATION = "de_DE.UTF-8";
-        LC_MEASUREMENT = "de_DE.UTF-8";
-        LC_MONETARY = "de_DE.UTF-8";
-        LC_NAME = "de_DE.UTF-8";
-        LC_NUMERIC = "de_DE.UTF-8";
-        LC_PAPER = "de_DE.UTF-8";
-        LC_TELEPHONE = "de_DE.UTF-8";
-        LC_TIME = "de_DE.UTF-8";
-      };
-    };
-  };
-}

modules/lix.nix

@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  nixpkgs.overlays = [ (final: prev: {
-    inherit (prev.lixPackageSets.stable)
-      nixpkgs-review
-      nix-eval-jobs
-      nix-fast-build
-      colmena;
-  }) ];
-
-  nix.package = pkgs.lixPackageSets.stable.lix;
-}

modules/networking.nix

@@ -1,23 +0,0 @@
-_: {
-  config = {
-    services.openssh = {
-      enable = true;
-      openFirewall = true;
-      settings = {
-        PermitRootLogin = "without-password";
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-      };
-    };
-
-    services.tailscale = {
-      enable = true;
-      openFirewall = true;
-    };
-
-    networking.firewall = {
-      enable = true;
-      checkReversePath = "loose";
-    };
-  };
-}

modules/nixpkgs.nix

@@ -1,59 +0,0 @@
-{ config, lib, ... }:
-{
-  options.allowedUnfreePackages = lib.mkOption {
-    type = lib.types.listOf lib.types.str;
-    default = [ ];
-    example = [ "steam" ];
-  };
-  config = {
-    nixpkgs.config = {
-      # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
-      allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages;
-    };
-
-    nix = {
-      settings = {
-        substituters = [
-          "https://cache.nixos.org/"
-          "https://nix-community.cachix.org"
-          "https://cache.lix.systems"
-          "https://niri.cachix.org"
-        ];
-        trusted-public-keys = [
-          "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-          "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
-          "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
-        ];
-        experimental-features = [
-          "nix-command"
-          "flakes"
-        ];
-      };
-      gc = {
-        automatic = true;
-        dates = "daily";
-        options = "--delete-older-than 7d";
-      };
-      optimise.automatic = true;
-    };
-
-    system = {
-      stateVersion = "22.11";
-      # enable auto updates
-      autoUpgrade = {
-        enable = true;
-        dates = "daily";
-        flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
-      };
-    };
-
-    documentation = {
-      enable = true; # documentation of packages
-      nixos.enable = false; # nixos documentation
-      man.enable = true; # manual pages and the man command
-      info.enable = false; # info pages and the info command
-      doc.enable = false; # documentation distributed in packages' /share/doc
-    };
-  };
-}

modules/printing.nix

@@ -1,14 +0,0 @@
-_: {
-  config = {
-    services = {
-      # Enable CUPS to print documents.
-      printing.enable = true;
-
-      avahi = {
-        enable = true; # runs the Avahi daemon
-        nssmdns4 = true; # enables the mDNS NSS plug-in
-        openFirewall = true; # opens the firewall for UDP port 5353
-      };
-    };
-  };
-}

nixosConfigurations/forgejo-runner-1/default.nix

@@ -0,0 +1,21 @@
+{
+  imports = [
+    ./hardware.nix
+    ./forgejo-runner.nix
+  ];
+
+  config = {
+    # uncomment for build check on non arm system (requires --impure)
+    # nixpkgs.buildPlatform = builtins.currentSystem;
+    services.tailscale.useRoutingFeatures = "both";
+    system.autoUpgrade.allowReboot = true;
+
+    users.users = {
+      root.openssh.authorizedKeys.keys = [
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
+      ];
+    };
+  };
+}

nixosConfigurations/forgejo-runner-1/hardware.nix

@@ -3,11 +3,6 @@
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   config = {
-    nixpkgs = {
-      hostPlatform = "aarch64-linux";
-      system = "aarch64-linux";
-    };
-
     boot = {
       tmp.cleanOnBoot = true;
       kernelParams = [ "console=tty" ];

nixosConfigurations/hetzner-vpn2/default.nix

@@ -0,0 +1,27 @@
+{
+  imports = [
+    ./hardware.nix
+    ./nginx.nix
+  ];
+
+  config = {
+    # uncomment for build check on non arm system (requires --impure)
+    # nixpkgs.buildPlatform = builtins.currentSystem;
+
+    services.tailscale.useRoutingFeatures = "both";
+
+    users.users = {
+      root.openssh.authorizedKeys.keys = [
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
+      ];
+      #ronja.openssh.authorizedKeys.keys = [
+      #  ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
+      #];
+    };
+
+    system.autoUpgrade.allowReboot = true;
+  };
+}

nixosConfigurations/hetzner-vpn2/hardware.nix

@@ -3,11 +3,6 @@
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   config = {
-    nixpkgs = {
-      hostPlatform = "aarch64-linux";
-      system = "aarch64-linux";
-    };
-
     boot = {
       tmp.cleanOnBoot = true;
       kernelParams = [ "console=tty" ];

nixosConfigurations/hetzner-vpn2/nginx.nix

@@ -1,4 +1,4 @@
-{ inputs, pkgs, ... }:
+{ pkgs, ... }:
 let
   blog-domain-socket = "/run/nginx/blog.sock";
   anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@@ -72,28 +72,26 @@ in
             addSSL = true;
             enableACME = true;
             locations."/" = {
-              proxyPass = ("http://unix:" + anubis-domain-socket);
+              proxyPass = "http://unix:" + anubis-domain-socket;
             };
           };
 
           "blog-in-anubis" = {
-            root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
+            root = pkgs.zerforschen-plus-content;
             listen = [
               {
-                addr = ("unix:" + blog-domain-socket);
+                addr = "unix:" + blog-domain-socket;
               }
             ];
           };
         };
     };
 
-    anubis = {
+    anubis.instances.main = {
-      instances.main = {
+      enable = true;
-        enable = true;
+      settings = {
-        settings = {
+        BIND = anubis-domain-socket;
-          BIND = anubis-domain-socket;
+        TARGET = "unix://" + blog-domain-socket;
-          TARGET = "unix://" + blog-domain-socket;
-        };
       };
     };
   };

nixosConfigurations/ronja-pc/default.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  config = {
+    # Configure keymap in X11
+    services.xserver.xkb = {
+      layout = "de";
+      variant = "";
+    };
+
+    # Configure console keymap
+    console.keyMap = "de";
+
+    # List packages installed in system profile. To search, run:
+    # $ nix search wget
+    environment.systemPackages = with pkgs; [
+      #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      #  wget
+    ];
+
+    # Open ports in the firewall.
+    # networking.firewall.allowedTCPPorts = [ ... ];
+    # networking.firewall.allowedUDPPorts = [ ... ];};
+  };
+}

nixosConfigurations/ronja-pc/hardware.nix

@@ -1,6 +1,8 @@
 { lib, ... }:
 {
   boot = {
+    supportedFilesystems = [ "btrfs" ];
+    initrd.supportedFilesystems = [ "btrfs" ];
     kernelModules = [ "kvm-intel" ];
     extraModulePackages = [ ];
     initrd = {
@@ -37,6 +39,10 @@
     { device = "/dev/disk/by-uuid/bf9d19fb-499b-4bfb-b67d-131fa5bf8259"; }
   ];
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.bluetooth.enable = true;
-  hardware.cpu.intel.updateMicrocode = true;
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = lib.mkDefault true;
+  };
 }

nixosConfigurations/vinzenz-lpt2/default.nix

@@ -1,6 +1,8 @@
-{ ... }:
 {
-  imports = [ ./nginx.nix ];
+  imports = [
+    ./hardware.nix
+    ./nginx.nix
+  ];
 
   config = {
     nix.settings.extra-platforms = [

nixosConfigurations/vinzenz-lpt2/hardware.nix

@@ -0,0 +1,56 @@
+{ pkgs, lib, ... }:
+{
+  # intel cpu
+  boot.kernelModules = [
+    "kvm-intel"
+    "xe"
+  ];
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = lib.mkDefault true;
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_zen;
+    supportedFilesystems = [ "btrfs" ];
+    initrd = {
+      supportedFilesystems = [ "btrfs" ];
+      availableKernelModules = [
+        "xhci_pci"
+        "thunderbolt"
+        "nvme"
+      ];
+      luks.devices = {
+        "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
+          device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
+        };
+      };
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
+      fsType = "btrfs";
+      options = [ "subvol=@" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/E2B7-2BC1";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 32 * 1024;
+    }
+  ];
+
+  services.thermald.enable = true;
+  services.hardware.bolt.enable = true; # thunderbolt security
+
+  hardware.bluetooth.enable = true;
+}

nixosConfigurations/vinzenz-lpt2/nginx.nix

@@ -1,4 +1,4 @@
-{ inputs, pkgs, ... }:
+{ pkgs, ... }:
 let
   blog-domain-socket = "/run/nginx/blog.sock";
   anubis-domain-socket = "/run/anubis/anubis-blog.sock";
@@ -29,15 +29,15 @@ in
 
         "vinzenz-lpt2" = {
           locations."/" = {
-            proxyPass = ("http://unix:" + anubis-domain-socket);
+            proxyPass = "http://unix:" + anubis-domain-socket;
           };
         };
 
         "vinzenz-lpt2-in-anubis" = {
-          root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
+          root = pkgs.zerforschen-plus-content;
           listen = [
             {
-              addr = ("unix:" + blog-domain-socket);
+              addr = "unix:" + blog-domain-socket;
             }
           ];
         };

nixosConfigurations/vinzenz-lpt2/zerforschen-plus.nix

@@ -1,7 +1,5 @@
 {
   pkgs,
-  system,
-  inputs,
   ...
 }:
 {
@@ -28,7 +26,7 @@
       "zerforschen.plus" = {
         #addSSL = true;
         #enableACME = true;
-        root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
+        root = pkgs.zerforschen-plus-content;
       };
     };
   };

nixosConfigurations/vinzenz-pc2/default.nix

@@ -5,6 +5,7 @@
     ./vscode-server.nix
     ./hass.nix
   ];
+
   config = {
     nix.settings.extra-platforms = [
       "aarch64-linux"
@@ -32,5 +33,10 @@
     ];
 
     environment.systemPackages = with pkgs; [ lact ];
+
+    networking.firewall.allowedUDPPorts = [
+      # Factorio
+      34197
+    ];
   };
 }

nixosConfigurations/vinzenz-pc2/hardware.nix

@@ -0,0 +1,30 @@
+{ pkgs, lib, ... }:
+{
+  # amd cpu
+  boot.kernelModules = [ "kvm-amd" ];
+
+  boot = {
+    initrd.availableKernelModules = [
+      "nvme"
+      "xhci_pci"
+      "ahci"
+      "usbhid"
+      "sd_mod"
+    ]; # "usb_storage"
+    kernelPackages = pkgs.linuxPackages_zen;
+    supportedFilesystems = [ "btrfs" ];
+    initrd.supportedFilesystems = [ "btrfs" ];
+    loader.efi.efiSysMountPoint = "/boot";
+  };
+
+  fileSystems = import ./fstab.nix;
+  swapDevices = [ ];
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = lib.mkDefault true;
+    interfaces.eno1.wakeOnLan.enable = true;
+  };
+
+  hardware.bluetooth.enable = true;
+}

nixosConfigurations/vinzenz-pc2/vscode-server.nix

@@ -15,16 +15,12 @@
     ];
   };
 
-  networking = {
+  networking.firewall.allowedTCPPorts = [
-    firewall = {
+    8542
-      allowedTCPPorts = [
+    8543
-        8542
+    8544
-        8543
+    80
-        8544
+    1313
-        80
+    5201
-        1313
+  ];
-        5201
-      ];
-    };
-  };
 }

nixosModules/allowed-unfree-list.nix

@@ -0,0 +1,17 @@
+{ lib, config, ... }:
+{
+  options.allowedUnfreePackages = lib.mkOption {
+    type = lib.types.listOf lib.types.str;
+    default = [ ];
+    example = [ "steam" ];
+  };
+
+  config = {
+    nixpkgs.config = {
+      # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
+      allowUnfreePredicate = lib.mkDefault (
+        pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages
+      );
+    };
+  };
+}

nixosModules/amd-graphics.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+  boot.kernelModules = [ "amdgpu" ];
+  services.xserver.videoDrivers = [ "amdgpu" ];
+
+  hardware = {
+    graphics.enable = true;
+    amdgpu = {
+      opencl.enable = true;
+      amdvlk = {
+        # TODO: this creates black borders around GNOME apps
+        # enable = true;
+        # support32Bit.enable = config.hardware.graphics.enable32Bit;
+      };
+      overdrive.enable = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
+}

nixosModules/autoupdate.nix

@@ -0,0 +1,16 @@
+{
+  nix = {
+    optimise.automatic = true;
+    gc = {
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 7d";
+    };
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    dates = "daily";
+    # do not forget to set `flake` when using this module!
+  };
+}

nixosModules/en-de.nix

@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+{
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocales = [
+      "de_DE.UTF-8/UTF-8"
+    ];
+    extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "de_DE.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+  };
+
+  programs.firefox.languagePacks = [
+    "en-US"
+    "de"
+  ];
+
+  environment.systemPackages = [
+    pkgs.hunspell
+    pkgs.hunspellDicts.de-de
+    pkgs.hunspellDicts.en-us
+  ];
+}

nixosModules/extra-caches.nix

@@ -0,0 +1,16 @@
+{
+  nix.settings = {
+    substituters = [
+      "https://cache.nixos.org/"
+      "https://nix-community.cachix.org"
+      "https://cache.lix.systems"
+      "https://niri.cachix.org"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+      "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
+    ];
+  };
+}

nixosModules/firmware-updates.nix

@@ -0,0 +1,11 @@
+{
+  hardware = {
+    enableRedistributableFirmware = true;
+    cpu = {
+      amd.updateMicrocode = true;
+      intel.updateMicrocode = true;
+    };
+  };
+
+  services.fwupd.enable = true;
+}

nixosModules/globalinstalls.nix

@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    ncdu
+    glances
+    lsof
+    dig
+    screen
+    tldr
+    nix-output-monitor
+  ];
+
+  programs = {
+    zsh.enable = true;
+    htop.enable = true;
+    iotop.enable = true;
+    git.enable = true;
+    nano = {
+      enable = true;
+      syntaxHighlight = true;
+    };
+  };
+}

nixosModules/gnome.nix

@@ -0,0 +1,65 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  options.vinzenz = {
+    keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
+  };
+
+  config = lib.mkMerge [
+    {
+      services = {
+        xserver = {
+          # Enable the GNOME Desktop Environment.
+          desktopManager.gnome = {
+            enable = true;
+            extraGSettingsOverridePackages = [ pkgs.mutter ];
+            extraGSettingsOverrides = ''
+              [org.gnome.mutter]
+              experimental-features=['scale-monitor-framebuffer']
+            '';
+          };
+          displayManager.gdm.enable = true;
+          excludePackages = [ pkgs.xterm ];
+        };
+
+        displayManager.defaultSession = "gnome";
+
+        gnome = {
+          tinysparql.enable = false;
+          localsearch.enable = false;
+          sushi.enable = true;
+        };
+      };
+
+      programs = {
+        dconf.enable = true;
+        gpaste.enable = true;
+      };
+    }
+    (lib.mkIf (!config.vinzenz.keep-gnome-default-apps) {
+      environment.gnome.excludePackages = with pkgs; [
+        cheese # photo booth
+        epiphany # web browser
+        evince # document viewer
+        geary # email client
+        gnome-maps
+        gnome-weather
+        gnome-tour
+        sysprof
+        orca # screen reader
+        gnome-weather
+        gnome-backgrounds
+        gnome-user-docs
+        yelp # help app
+        gnome-music
+        totem # video player
+        snapshot # camera
+        baobab # disk usage
+      ];
+    })
+  ];
+}

nixosModules/kdeconnect.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  config = lib.mkMerge [
+    {
+      networking.firewall =
+        let
+          kdeconnect-range = {
+            from = 1714;
+            to = 1764;
+          };
+        in
+        {
+          allowedTCPPortRanges = [ kdeconnect-range ];
+          allowedUDPPortRanges = [ kdeconnect-range ];
+        };
+
+      programs.kdeconnect.enable = true;
+      home-manager.sharedModules = [
+        {
+          services.kdeconnect = {
+            enable = true;
+            # this still shows up in gnome session starting with 25.05
+            # indicator = true;
+          };
+        }
+      ];
+    }
+
+    (lib.mkIf config.services.xserver.desktopManager.gnome.enable {
+      # replace kdeconnect with gsconnect
+      programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
+
+      home-manager.sharedModules = [
+        (
+          { pkgs, ... }:
+          {
+            home.packages = [ pkgs.gnomeExtensions.gsconnect ];
+            # enable gsconnect extension
+            dconf.settings = {
+              "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ];
+              "org/gnome/shell/extensions/gsconnect".enabled = true;
+            };
+          }
+        )
+      ];
+    })
+  ];
+}

nixosModules/lix-is-nix.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  nixpkgs.overlays = [
+    (final: prev: {
+      inherit (prev.lixPackageSets.stable)
+        nixpkgs-review
+        nix-eval-jobs
+        nix-fast-build
+        colmena
+        ;
+    })
+  ];
+
+  nix.package = pkgs.lixPackageSets.latest.lix;
+}

nixosModules/modern-desktop.nix

@@ -0,0 +1,49 @@
+{
+  services = {
+    xserver.enable = true;
+    libinput.enable = true;
+    flatpak.enable = true;
+    fstrim.enable = true;
+    earlyoom = {
+      enable = true;
+      freeMemThreshold = 5;
+    };
+  };
+
+  # Enable sound with pipewire.
+  security.rtkit.enable = true;
+  services = {
+    pulseaudio.enable = false;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      #jack.enable = true;
+    };
+  };
+
+  systemd = {
+    # save some boot time because nothing actually requires network connectivity
+    services.NetworkManager-wait-online.enable = false;
+
+    # prevent stuck units from preventing shutdown (default is 120s)
+    extraConfig = ''
+      DefaultTimeoutStopSec=10s
+    '';
+  };
+
+  programs = {
+    xwayland.enable = true;
+
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+  };
+
+  system.autoUpgrade = {
+    allowReboot = false;
+    operation = "boot";
+  };
+}

nixosModules/nix-ld.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+{
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs; [
+      stdenv.cc.cc
+      zlib
+      zstd
+      curl
+      openssl
+      attr
+      libssh
+      bzip2
+      libxml2
+      acl
+      libsodium
+      util-linux
+      xz
+      systemd
+    ];
+  };
+}

nixosModules/openssh.nix

@@ -0,0 +1,11 @@
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      PermitRootLogin = "without-password";
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+}

nixosModules/podman.nix

@@ -1,4 +1,4 @@
-_: {
+{
   virtualisation = {
     containers.enable = true;
     podman = {

nixosModules/printing.nix

@@ -0,0 +1,12 @@
+{
+  services = {
+    # Enable CUPS to print documents.
+    printing.enable = true;
+
+    avahi = {
+      enable = true; # runs the Avahi daemon
+      nssmdns4 = true; # enables the mDNS NSS plug-in
+      openFirewall = true; # opens the firewall for UDP port 5353
+    };
+  };
+}

nixosModules/quiet-boot.nix

@@ -0,0 +1,11 @@
+{
+  boot = {
+    kernelParams = [
+      "quiet"
+      "udev.log_level=3"
+    ];
+    consoleLogLevel = 0;
+    initrd.verbose = false;
+    plymouth.enable = true;
+  };
+}

nixosModules/steam.nix

@@ -0,0 +1,45 @@
+{
+  hardware.steam-hardware.enable = true;
+
+  programs = {
+    steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      dedicatedServer.openFirewall = true;
+      localNetworkGameTransfers.openFirewall = true;
+      gamescopeSession.enable = false;
+    };
+    gamemode.enable = true;
+  };
+
+  # steam network transfer
+  networking.firewall = {
+    allowedUDPPorts = [ 3478 ];
+    allowedTCPPorts = [ 24070 ];
+
+    allowedTCPPortRanges = [
+      {
+        from = 27015;
+        to = 27050;
+      }
+    ];
+
+    allowedUDPPortRanges = [
+      {
+        from = 4379;
+        to = 4380;
+      }
+      {
+        from = 27000;
+        to = 27100;
+      }
+    ];
+  };
+
+  allowedUnfreePackages = [
+    "steam"
+    "steam-original"
+    "steam-run"
+    "steam-unwrapped"
+  ];
+}

nixosModules/systemd-boot.nix

@@ -0,0 +1,11 @@
+{
+  boot.loader = {
+    timeout = 3;
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      editor = false; # do not allow changing kernel parameters
+      consoleMode = "max";
+    };
+  };
+}

nixosModules/tailscale.nix

@@ -0,0 +1,8 @@
+{
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  networking.firewall.checkReversePath = "loose";
+}

nixosModules/user-ronja.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  users.users.ronja = {
+    isNormalUser = true;
+    name = "ronja";
+    description = "Ronja";
+    home = "/home/ronja";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "games"
+      "podman"
+      "openvscode-server"
+    ];
+    shell = pkgs.zsh;
+  };
+
+  nix.settings.trusted-users = [ "ronja" ];
+}

nixosModules/user-vinzenz.nix

@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+{
+  users.users.vinzenz = {
+    isNormalUser = true;
+    name = "vinzenz";
+    description = "Vinzenz";
+    home = "/home/vinzenz";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "games"
+      "dialout"
+      "podman"
+      "nginx"
+      "adbusers"
+      "kvm"
+      "input"
+      "video"
+    ];
+    shell = pkgs.zsh;
+    autoSubUidGidRange = true;
+  };
+
+  nix.settings.trusted-users = [ "vinzenz" ];
+
+  allowedUnfreePackages = [
+    "rider"
+    "pycharm-professional"
+    "jetbrains-toolbox"
+
+    "anydesk"
+
+    "vscode-extension-ms-dotnettools-csharp"
+  ];
+}

nixosModules/vinzenz-desktop-settings.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  programs.firefox.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    lm_sensors
+    libreoffice-qt6
+  ];
+
+  fonts = {
+    enableDefaultPackages = true;
+    fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font" ];
+    packages = with pkgs; [
+      nerd-fonts.fira-code
+      roboto-mono
+      recursive
+    ];
+  };
+
+  hardware.logitech.wireless = {
+    enable = true;
+    enableGraphical = true;
+  };
+
+  # RDP connections
+  services.gnome.gnome-remote-desktop.enable = true;
+  networking.firewall.allowedTCPPorts = [ 3389 ];
+}

nixosModules/wine-gaming.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+{
+  hardware = {
+    graphics = {
+      enable32Bit = true;
+      extraPackages = with pkgs; [ mangohud ];
+      extraPackages32 = with pkgs; [ mangohud ];
+    };
+
+    xpadneo.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    wineWowPackages.stagingFull
+    wineWowPackages.fonts
+    winetricks
+    dxvk
+    mangohud
+    vulkan-tools
+    glxinfo
+  ];
+}