WIP: home/{hyprland,waybar}: init

2024-08-05 17:48:48 +02:00
43 changed files with 271 additions and 620 deletions
--- a/home/config/gtk.nix
+++ b/home/config/gtk.nix
@ -16,16 +16,14 @@
    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
    gtk3.bookmarks = map (s: "file://${config.home.homeDirectory}/${s}") [
      "Dropbox"
      "Downloads"
      "pictures"
      "documents"
      "music"
      ".config"
      ".local/share"
      # "Dropbox"
      "git"
      "git/pvv"
      "nix"
      "NTNU"
      "ng"
      "git"
      "music"
    ];
  };
 }
--- a/home/config/xdg/default.nix
+++ b/home/config/xdg/default.nix
@ -9,13 +9,13 @@
    userDirs = {
      enable = true;
      desktop = "${config.home.homeDirectory}/Desktop";
-      documents = "${config.home.homeDirectory}/documents";
+      documents = "${config.home.homeDirectory}/Documents";
      download = "${config.home.homeDirectory}/Downloads";
      music = "${config.home.homeDirectory}/music";
-      pictures = "${config.home.homeDirectory}/pictures";
+      pictures = "${config.home.homeDirectory}/Pictures";
      publicShare = "${config.home.homeDirectory}/public";
      templates = "${config.home.homeDirectory}/templates";
-      videos = "${config.home.homeDirectory}/videos";
+      videos = "${config.home.homeDirectory}/Videos";
    };
  };
-}
+}
--- a/home/home.nix
+++ b/home/home.nix
@ -11,18 +11,19 @@ in {
    ./programs/atuin.nix
    ./programs/comma.nix
-    ./programs/direnv
+    ./programs/direnv.nix
    ./programs/gdb.nix
    ./programs/gh.nix
    ./programs/git
    ./programs/gpg
    ./programs/less.nix
-    ./programs/neovim
+    ./programs/neovim.nix
    ./programs/nix-index
-    ./programs/tealdeer
+    ./programs/tealdeer.nix
    ./programs/tmux.nix
    ./programs/zsh
    ./services/git-maintenance.nix
    ./services/nix-channel-update.nix
    ./services/pueue.nix
@ -40,12 +41,11 @@ in {
    ./programs/qutebrowser.nix
    ./programs/rofi.nix
    ./programs/taskwarrior.nix
-    ./programs/vscode
+    ./programs/vscode.nix
    ./programs/waybar.nix
    # ./programs/xmobar
    ./programs/xmonad
    ./programs/zathura.nix
    ./programs/zed
    ./services/copyq.nix
    ./services/dunst.nix
--- a/home/packages.nix
+++ b/home/packages.nix
@ -13,9 +13,7 @@
    ffmpeg
    file
    gh-dash
    glances
    gpg-tui
    gping
    graphviz
    httpie
    imagemagick
--- a/home/programs/direnv/default.nix
+++ b/home/programs/direnv/default.nix
@ -1,9 +1,5 @@
 { ... }:
 {
  imports = [
    ./auto-prune.nix
  ];
  programs.direnv = {
    enable = true;
    enableZshIntegration = true;
--- a/home/programs/direnv/auto-prune.nix
+++ b/home/programs/direnv/auto-prune.nix
@ -1,38 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.programs.direnv;
 in
 {
  config = {
    systemd.user.services.prune-allowed-direnv-dirs = {
      Unit = {
        Description = "Prune unused allowed directories for direnv";
        Documentation = [ "man:direnv(1)" ];
      };
      Service = {
        Type = "oneshot";
        CPUSchedulingPolicy = "idle";
        IOSchedulingClass = "idle";
        ExecStart = "${lib.getExe cfg.package} prune";
      };
    };
    systemd.user.timers.prune-allowed-direnv-dirs = {
      Unit = {
        Description = "Prune unused allowed directories for direnv";
        Documentation = [ "man:direnv(1)" ];
      };
      Timer = {
        Unit = "prune-allowed-direnv-dirs.service";
        OnCalendar = "daily";
        Persistent = true;
      };
      Install = {
        WantedBy = [ "timers.target" ];
      };
    };
  };
 }
--- a/home/programs/git/default.nix
+++ b/home/programs/git/default.nix
@ -14,10 +14,6 @@ let
  ];
 in
 {
  imports = [
    ./maintenance-timers.nix
  ];
  # TODO: convert to template once nix-sops supports it in hm module
  sops.secrets."git/nordicsemi-config" = { };
@ -54,7 +50,6 @@ in
        authors = "shortlog --summary --numbered --email";
        si = "switch-interactive";
        rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
        git = "!git";
      };
      extraConfig = {
@ -89,10 +84,6 @@ in
        maintenance.strategy = "incremental";
        scalar = {
          repo = [ "${config.home.homeDirectory}/nixpkgs" ];
        };
        transfer.fsckObjects = true;
        receive.fsckObjects = true;
--- a/home/programs/gpg/auto-update-trust-db.nix
+++ b/home/programs/gpg/auto-update-trust-db.nix
@ -1,61 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.programs.gpg;
 in
 {
  options = {
    programs.gpg.auto-update-trust-db = {
      enable = lib.mkEnableOption "a timer that automatically updates your trust db";
      frequency = lib.mkOption {
        default = "daily";
        type = lib.types.str;
        description = ''
          How often to update trust db
          :::{.note}
            This value is passed to the systemd
            timer configuration as the onCalendar option.  See
            {manpage}`systemd.time(7)`
            for more information about the format.
          :::
        '';
      };
    };
  };
  config = {
    systemd.user.services.update-trust-db = lib.mkIf cfg.auto-update-trust-db.enable {
      Unit = {
        Description = "Update gpg trust database";
        Documentation = [ "man:gpg(1)" ];
      };
      Service = {
        Type = "oneshot";
        CPUSchedulingPolicy = "idle";
        IOSchedulingClass = "idle";
        ExecStart = "${lib.getExe cfg.package} --update-trustdb";
        Environment = [
          "GNUPGHOME=${cfg.homedir}"
        ];
      };
    };
    systemd.user.timers.gpg-refresh-keys = lib.mkIf cfg.auto-update-trust-db.enable {
      Unit = {
        Description = "Update gpg trust database";
        Documentation = [ "man:gpg(1)" ];
      };
      Timer = {
        Unit = "update-trust-db.service";
        OnCalendar = cfg.auto-update-trust-db.frequency;
        Persistent = true;
      };
      Install = {
        WantedBy = [ "timers.target" ];
      };
    };
  };
 }
--- a/home/programs/gpg/default.nix
+++ b/home/programs/gpg/default.nix
@ -2,7 +2,6 @@
 {
  imports = [
    ./auto-refresh-keys.nix
    ./auto-update-trust-db.nix
    ./declarative-key-fetcher.nix
  ];
--- a/home/programs/neovim/default.nix
+++ b/home/programs/neovim/default.nix
@ -1,9 +1,5 @@
 { pkgs, home, ... }:
 {
  imports = [
    ./auto-clean-swapfiles.nix
  ];
  programs.neovim = {
    enable = true;
--- a/home/programs/neovim/auto-clean-swapfiles.nix
+++ b/home/programs/neovim/auto-clean-swapfiles.nix
@ -1,56 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  daysBeforeDeletion = 2;
 in
 {
  config = {
    systemd.user.services.clean-neovim-swap-files = {
      Unit = {
        Description = "Clean old swap files for neovim";
      };
      Service = {
        Type = "oneshot";
        CPUSchedulingPolicy = "idle";
        IOSchedulingClass = "idle";
        ExecStart = lib.getExe (pkgs.writeShellApplication {
          name = "clean-neovim-swap-files";
          runtimeInputs = with pkgs; [ findutils ];
          text = ''
            echo "Cleaning old swap files for neovim"
            OLD_SWAPFILES=$(find "${config.xdg.stateHome}/nvim/swap" -type f -name '*.swp' -mtime +${toString daysBeforeDeletion})
            if [ -z "$OLD_SWAPFILES" ]; then
              echo "No old swap files found"
              exit 0
            fi
            for swapfile in $OLD_SWAPFILES; do
              echo "Removing $swapfile"
              rm -- "$swapfile"
            done
            echo "Done"
          '';
        });
      };
    };
    systemd.user.timers.clean-neovim-swap-files = {
      Unit = {
        Description = "Clean old swap files for neovim";
      };
      Timer = {
        Unit = "clean-neovim-swap-files.service";
        OnCalendar = "daily";
        Persistent = true;
      };
      Install = {
        WantedBy = [ "timers.target" ];
      };
    };
  };
 }
--- a/home/programs/newsboat/default.nix
+++ b/home/programs/newsboat/default.nix
@ -16,10 +16,6 @@ in {
    maxItems = 50;
    browser = ''"${defaultBrowser}"'';
    extraConfig = lib.strings.concatStringsSep "\n" [
      ''
        auto-reload no
      ''
      ''
        macro m set browser "${videoViewer}"; open-in-browser ; set browser "${defaultBrowser}"
        macro l set browser "${defaultBrowser}"; open-in-browser ; set browser "${defaultBrowser}"
--- a/home/programs/newsboat/sources.nix
+++ b/home/programs/newsboat/sources.nix
@ -37,6 +37,5 @@ in {
    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/feed.xml")
    (mkSource [ "tech" "linux" "nixos" "compilers" ] "https://flyx.org/feed.xml")
    (mkSource [ "tech" "linux" ] "https://blog.jfx.ac/feed.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
  ];
 }
--- a/home/programs/nix-index/fetch-nix-index-database.nix
+++ b/home/programs/nix-index/fetch-nix-index-database.nix
@ -34,7 +34,6 @@ in
        ExecStart = lib.getExe (pkgs.writeShellApplication {
          name = "fetch-nix-index-database";
          runtimeInputs = with pkgs; [
            coreutils
            gnused
            wget
          ];
@ -56,4 +55,4 @@ in
      };
    };
  };
-}
+}
--- a/home/programs/tealdeer/auto-update-tldr-db.nix
+++ b/home/programs/tealdeer/auto-update-tldr-db.nix
@ -1,8 +1,10 @@
 { pkgs, lib, ... }:
 {
-  systemd.user.services.update-tldr-db = {
+  programs.tealdeer.enable = true;
  systemd.user.services.tealdeer-refresh = {
    Unit = {
-      Description = "Update tealdeer database";
+      Description = "Refresh tealdeer contents";
    };
    Service = {
@ -13,13 +15,13 @@
    };
  };
-  systemd.user.timers.update-tldr-db = {
+  systemd.user.timers.tealdeer-refresh = {
    Unit = {
-      Description = "Update tealdeer database";
+      Description = "Refresh tealdeer contents";
    };
    Timer = {
-      Unit = "update-tldr-db.service";
+      Unit = "tealdeer-refresh.service";
      OnCalendar = "daily";
      Persistent = true;
    };
--- a/home/programs/tealdeer/default.nix
+++ b/home/programs/tealdeer/default.nix
@ -1,8 +0,0 @@
 { pkgs, lib, ... }:
 {
  imports = [
    ./auto-update-tldr-db.nix
  ];
  programs.tealdeer.enable = true;
 }
--- a/home/programs/vscode-extensions/noop-syslog.c
+++ b/home/programs/vscode-extensions/noop-syslog.c
--- a/home/programs/vscode-extensions/vsliveshare.nix
+++ b/home/programs/vscode-extensions/vsliveshare.nix
--- a/home/programs/vscode/default.nix
+++ b/home/programs/vscode/default.nix
@ -14,11 +14,6 @@ let
  configFilePath = "${userDir}/settings.json";
 in
 {
  imports = [
    ./auto-update-extensions.nix
    # ./extensions
  ];
  home.file.${configFilePath} = {
    target = "${configFilePath}.ro";
    onChange = ''install -m660 $(realpath "${configFilePath}.ro") "${configFilePath}"'';
--- a/home/programs/vscode/auto-update-extensions.nix
+++ b/home/programs/vscode/auto-update-extensions.nix
@ -1,35 +0,0 @@
 { config, lib, ... }:
 let
  cfg = config.programs.vscode;
 in
 {
  # TODO: add `dirname` to $PATH upstream
  systemd.user.services.update-vscode-extensions = {
    Unit = {
      Description = "Update vscode extensions";
    };
    Service = {
      Type = "oneshot";
      CPUSchedulingPolicy = "idle";
      IOSchedulingClass = "idle";
      ExecStart = "${lib.getExe cfg.package} --update-extensions";
    };
  };
  systemd.user.timers.update-vscode-extensions = {
    Unit = {
      Description = "Update vscode extensions";
    };
    Timer = {
      Unit = "update-vscode-extensions.service";
      OnCalendar = "daily";
      Persistent = true;
    };
    Install = {
      WantedBy = [ "timers.target" ];
    };
  };
 }
--- a/home/programs/zed/default.nix
+++ b/home/programs/zed/default.nix
@ -1,34 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  home.packages = with pkgs; [ zed-editor ];
  xdg.configFile."zed/settings.json".source = let
    format = pkgs.formats.json { };
  in format.generate "zed-settings.json" {
    autosave = "off";
    buffer_font_family = "Fira Code";
    load_direnv = "shell_hook";
    format_on_save = "off";
    telemetry = {
      diagnostics = false;
      metrics = false;
    };
    vim_mode = true;
    theme = {
      mod = "dark";
      dark = "monokai Classic";
    };
  };
  xdg.configFile."zed/themes/monokai.json".source = let
    package = pkgs.fetchFromGitHub {
      owner = "billgo";
      repo = "monokai";
      rev = "061a86ff4845b11ac2f183c2e26c77b15cfae7d0";
      hash = "sha256-mlEcgnLStYH1pV3p1iqNSvfVu4MpvpEOc+vxI+90MJs=";
    };
  in "${package}/themes/monokai.json";
 }
--- a/home/programs/git/maintenance-timers.nix
+++ b/home/programs/git/maintenance-timers.nix
@ -42,7 +42,6 @@ in
    Timer = {
      Persistent = true;
      OnCalendar = "%i";
    };
    Install = {
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -3,28 +3,102 @@ let
  inherit (config) machineVars;
 in {
  imports = [
-    ./fonts.nix
+    ./nix-builders/bob.nix
-    ./nix.nix
+    ./nix-builders/isvegg.nix
-
+    ./nix-builders/tsuki.nix
    ./programs/gnupg.nix
    ./programs/neovim.nix
    ./programs/nix-ld.nix
    ./programs/ssh.nix
    ./programs/usbtop.nix
    ./services/dbus.nix
    ./services/openssh.nix
    ./services/pcscd.nix
    ./services/pipewire.nix
    ./services/printing.nix
    ./services/resolved.nix
    ./services/smartd.nix
    ./services/systemd-lock-handler.nix
    ./services/xserver.nix
  ];
  sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
  sops.secrets = {
    "nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; };
    "ssh/secret-config" = {
      sopsFile = ./../../secrets/common.yaml;
      mode = "0444";
    };
  };
  nix = {
    package = unstable-pkgs.nixVersions.stable;
    distributedBuilds = config.networking.hostName != "tsuki";
    settings = {
      allow-dirty = true;
      allowed-uris = [ "http://" "https://" ];
      auto-optimise-store = true;
      binary-caches = [ "https://cache.nixos.org/" ];
      builders-use-substitutes = true;
      experimental-features = [ "nix-command" "flakes" ];
      log-lines = 50;
      trusted-users = [ "h7x4" "nix-builder" ];
      use-xdg-base-directories = true;
    };
    extraOptions = ''
      !include ${config.sops.secrets."nix/access-tokens".path}
    '';
    registry = {
      home.to = {
        type = "path";
        path = "/home/h7x4/nix";
      };
      wack.to = {
        type = "path";
        path = "/home/h7x4/git/wack-ctf-flake";
      };
      nxpt.to = {
        type = "path";
        path = "/home/h7x4/git/nixpkgs-tools";
      };
    };
  };
  programs.nix-ld = {
    enable = true;
    libraries = with pkgs; [
      libusb1
    ];
  };
  programs.ssh = {
    extraConfig = ''
      Include ${config.sops.secrets."ssh/secret-config".path}
    '';
    knownHosts = {
      bob = {
        hostNames = [
          "bob.pvv.ntnu.no"
          "bob.pvv.org"
        ];
        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJSgh20qDIYEXiK4MUZhc879dJIyH0K/s0RZ+9wFI0F";
      };
      hildring = {
        hostNames = [
          "hildring.pvv.ntnu.no"
          "hildring.pvv.org"
          "login.pvv.ntnu.no"
          "login.pvv.org"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
      };
      isvegg = {
        hostNames = [
          "isvegg.pvv.ntnu.no"
          "isvegg.pvv.org"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
      };
    #   tsukir = {
    #     hostNames = [ "nani.wtf" "gingakei.loginto.me" ];
    #     # publicKeyFile = config.sops.secrets."ssh/nix-builders/tsuki/pub".path;
    #     publicKeyFile = "/var/keys/tsuki_nix-builder.pub";
    #   };
    };
  };
  time.timeZone = "Europe/Oslo";
  console = {
@ -88,6 +162,49 @@ in {
          else (lib.mkIf (fixDisplayCommand != null) fixDisplayCommand));
  };
  fonts = {
    fontDir.enable = true;
    enableDefaultPackages = true;
    packages = with pkgs; [
      ark-pixel-font
      cm_unicode
      corefonts
      dejavu_fonts
      fira-code
      fira-code-symbols
      iosevka
      ipaexfont
      ipafont
      liberation_ttf
      migmix
      noto-fonts
      noto-fonts-cjk-sans
      noto-fonts-cjk-serif
      noto-fonts-emoji
      ocr-a
      open-sans
      powerline-fonts
      source-han-sans
      source-sans
      symbola
      texlivePackages.asana-math
      ubuntu_font_family
      victor-mono
      yasashisa-gothic
      (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
    ];
    fontconfig = {
      defaultFonts = {
        serif = [ "Droid Sans Serif" "Ubuntu" ];
        sansSerif = [ "Droid Sans" "Ubuntu" ];
        monospace = [ "Fira Code" "Ubuntu" ];
        emoji = [ "Noto Sans Emoji" ];
      };
    };
  };
  users = {
    users.h7x4 = {
      isNormalUser = true;
@ -116,7 +233,21 @@ in {
  };
  services = {
    tumbler.enable = !config.machineVars.headless;
    gnome.gnome-keyring.enable = !config.machineVars.headless;
    printing.enable = !config.machineVars.headless;
    resolved.enable = true;
    openssh = {
      startWhenNeeded = true;
      settings = {
        StreamLocalBindUnlink = true;
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = "no";
      };
    };
    udev.packages = with pkgs; [
      yubikey-personalization
@ -124,10 +255,54 @@ in {
      light
    ];
    pcscd.enable = true;
    dbus = {
      enable = true;
      packages = with pkgs; [
        gcr
        dconf
      ];
    };
    libinput = {
      enable = !config.machineVars.headless;
      touchpad.disableWhileTyping = true;
    };
    displayManager = {
      enable = true;
      defaultSession = "none+xmonad";
      sddm = {
        enable = !config.machineVars.headless;
        wayland.enable = true;
      };
    };
    xserver = {
      enable = !config.machineVars.headless;
      xkb = {
        layout = "us";
        options = "caps:escape";
      };
      # desktopManager = {
      #   xterm.enable = false;
      #   xfce.enable = !config.machineVars.headless;
      # };
      # displayManager.lightdm.enable = !config.machineVars.headless;
      windowManager.xmonad = {
        enable = true;
        enableContribAndExtras = true;
        enableConfiguredRecompile = true;
        extraPackages = hPkgs: with hPkgs; [
          dbus
        ];
      };
    };
  };
  programs = {
@ -135,7 +310,40 @@ in {
    git.enable = true;
    tmux.enable = true;
    zsh.enable = true;
    hyprland.enable = true;
    gnupg.agent.enable = true;
    gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
    neovim = {
      enable = true;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
      configure = {
        packages.myVimPackage = with pkgs.vimPlugins; {
          start = [
            direnv-vim
            vim-nix
            vim-polyglot
          ];
          opt = [
            vim-monokai
          ];
        };
        customRC = ''
          set number relativenumber
          set undofile
          set undodir=~/.cache/vim/undodir
          packadd! vim-monokai
          colorscheme monokai
        '';
      };
    };
  };
  system.extraDependencies =
@ -178,6 +386,12 @@ in {
    ]);
  security.rtkit.enable = !config.machineVars.headless;
  services.pipewire = {
    enable = !config.machineVars.headless;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  security.sudo.extraConfig = let
    sudoLecture = pkgs.writeText "sudo-lecture.txt" (extendedLib.termColors.front.red "Be careful or something, idk...\n");
--- a/hosts/common/fonts.nix
+++ b/hosts/common/fonts.nix
@ -1,45 +0,0 @@
 { pkgs, ... }:
 {
  fonts = {
    fontDir.enable = true;
    enableDefaultPackages = true;
    packages = with pkgs; [
      ark-pixel-font
      cm_unicode
      corefonts
      dejavu_fonts
      fira-code
      fira-code-symbols
      iosevka
      ipaexfont
      ipafont
      liberation_ttf
      migmix
      noto-fonts
      noto-fonts-cjk-sans
      noto-fonts-cjk-serif
      noto-fonts-emoji
      ocr-a
      open-sans
      powerline-fonts
      source-han-sans
      source-sans
      symbola
      texlivePackages.asana-math
      ubuntu_font_family
      victor-mono
      yasashisa-gothic
      (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
    ];
    fontconfig = {
      defaultFonts = {
        serif = [ "Droid Sans Serif" "Ubuntu" ];
        sansSerif = [ "Droid Sans" "Ubuntu" ];
        monospace = [ "Fira Code" "Ubuntu" ];
        emoji = [ "Noto Sans Emoji" ];
      };
    };
  };
 }
--- a/hosts/common/nix-builders/bob.nix
+++ b/hosts/common/nix-builders/bob.nix
@ -18,21 +18,11 @@
    # sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
  }];
-  programs.ssh = {
+  programs.ssh.extraConfig = ''
-    extraConfig = ''
+    Host nix-builder-bob
-      Host nix-builder-bob
+      HostName bob.pvv.ntnu.no
-        HostName bob.pvv.ntnu.no
+      ProxyJump nix-builder-isvegg
-        ProxyJump nix-builder-isvegg
+      User oysteikt
-        User oysteikt
+      IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
-        IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
+  '';
-    '';
+}
    knownHosts.bob = {
      hostNames = [
        "bob.pvv.ntnu.no"
        "bob.pvv.org"
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJSgh20qDIYEXiK4MUZhc879dJIyH0K/s0RZ+9wFI0F";
    };
  };
 }
--- a/hosts/common/nix-builders/isvegg.nix
+++ b/hosts/common/nix-builders/isvegg.nix
@ -20,4 +20,4 @@
      User oysteikt
      IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path}
  '';
-}
+}
--- a/hosts/common/nix-builders/tsuki.nix
+++ b/hosts/common/nix-builders/tsuki.nix
@ -22,17 +22,9 @@
    sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path;
  }];
-  programs.ssh = {
+  programs.ssh.extraConfig = ''
-    extraConfig = ''
+    Host nix-builder-tsukir
-      Host nix-builder-tsukir
+      HostName gingakei.loginto.me
-        HostName gingakei.loginto.me
+      Port ${toString secrets.ports.ssh.home-in}
-        Port ${toString secrets.ports.ssh.home-in}
+  '';
-    '';
+}
    # knownHosts.tsukir = {
    #   hostNames = [ "nani.wtf" "gingakei.loginto.me" ];
    #   # publicKeyFile = config.sops.secrets."ssh/nix-builders/tsuki/pub".path;
    #   publicKeyFile = "/var/keys/tsuki_nix-builder.pub";
    # };
  };
 }
--- a/hosts/common/nix.nix
+++ b/hosts/common/nix.nix
@ -1,48 +0,0 @@
 { config, unstable-pkgs, ... }:
 {
  imports = [
    ./nix-builders/bob.nix
    ./nix-builders/isvegg.nix
    ./nix-builders/tsuki.nix
  ];
  sops.secrets = {
    "nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; };
  };
  nix = {
    package = unstable-pkgs.nixVersions.stable;
    distributedBuilds = config.networking.hostName != "tsuki";
    settings = {
      allow-dirty = true;
      allowed-uris = [ "http://" "https://" ];
      auto-optimise-store = true;
      binary-caches = [ "https://cache.nixos.org/" ];
      builders-use-substitutes = true;
      experimental-features = [ "nix-command" "flakes" ];
      log-lines = 50;
      trusted-users = [ "h7x4" "nix-builder" ];
      use-xdg-base-directories = true;
    };
    extraOptions = ''
      !include ${config.sops.secrets."nix/access-tokens".path}
    '';
    registry = {
      home.to = {
        type = "path";
        path = "/home/h7x4/nix";
      };
      wack.to = {
        type = "path";
        path = "/home/h7x4/git/wack-ctf-flake";
      };
      nxpt.to = {
        type = "path";
        path = "/home/h7x4/git/nixpkgs-tools";
      };
    };
  };
 }
--- a/hosts/common/programs/gnupg.nix
+++ b/hosts/common/programs/gnupg.nix
@ -1,9 +0,0 @@
 { pkgs, ... }:
 {
  programs.gnupg = {
    agent = {
      enable = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };
 }
--- a/hosts/common/programs/neovim.nix
+++ b/hosts/common/programs/neovim.nix
@ -1,31 +0,0 @@
 { pkgs, ... }:
 {
  programs.neovim = {
    enable = true;
    defaultEditor = true;
    viAlias = true;
    vimAlias = true;
    configure = {
      packages.myVimPackage = with pkgs.vimPlugins; {
        start = [
          direnv-vim
          vim-nix
          vim-polyglot
        ];
        opt = [
          vim-monokai
        ];
      };
      customRC = ''
        set number relativenumber
        set undofile
        set undodir=~/.cache/vim/undodir
        packadd! vim-monokai
        colorscheme monokai
      '';
    };
  };
 }
--- a/hosts/common/programs/nix-ld.nix
+++ b/hosts/common/programs/nix-ld.nix
@ -1,9 +0,0 @@
 { pkgs, ... }:
 {
  programs.nix-ld = {
    enable = true;
    libraries = with pkgs; [
      libusb1
    ];
  };
 }
--- a/hosts/common/programs/ssh.nix
+++ b/hosts/common/programs/ssh.nix
@ -1,32 +0,0 @@
 { config, ... }:
 {
  sops.secrets."ssh/secret-config" = {
    sopsFile = ./../../../secrets/common.yaml;
    mode = "0444";
  };
  programs.ssh = {
    extraConfig = ''
      Include ${config.sops.secrets."ssh/secret-config".path}
    '';
    knownHosts = {
      hildring = {
        hostNames = [
          "hildring.pvv.ntnu.no"
          "hildring.pvv.org"
          "login.pvv.ntnu.no"
          "login.pvv.org"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
      };
      isvegg = {
        hostNames = [
          "isvegg.pvv.ntnu.no"
          "isvegg.pvv.org"
        ];
        publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
      };
    };
  };
 }
--- a/hosts/common/programs/usbtop.nix
+++ b/hosts/common/programs/usbtop.nix
@ -1,22 +0,0 @@
 { pkgs, lib, ... }:
 {
  # programs.usbtop.enable = true;
  boot.kernelModules = [ "usbmon" ];
  security.wrappers."usbtop" = {
    owner = "root";
    group = "usbmon";
    setgid = true;
    source = lib.getExe pkgs.usbtop;
  };
  users.groups.usbmon = {
    # NOTE: picked at random
    gid = 872;
  };
  services.udev.extraRules = ''
    SUBSYSTEM=="usbmon", MODE="0660", OWNER="root", GROUP="usbmon"
  '';
 }
--- a/hosts/common/services/dbus.nix
+++ b/hosts/common/services/dbus.nix
@ -1,10 +0,0 @@
 { pkgs, ... }:
 {
  services.dbus = {
    enable = true;
    packages = with pkgs; [
      gcr
      dconf
    ];
  };
 }
--- a/hosts/common/services/openssh.nix
+++ b/hosts/common/services/openssh.nix
@ -1,12 +0,0 @@
 { ... }:
 {
  services.openssh = {
    startWhenNeeded = true;
    settings = {
      StreamLocalBindUnlink = true;
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
    };
  };
 }
--- a/hosts/common/services/pcscd.nix
+++ b/hosts/common/services/pcscd.nix
@ -1,4 +0,0 @@
 { ... }:
 {
  services.pcscd.enable = true;
 }
--- a/hosts/common/services/pipewire.nix
+++ b/hosts/common/services/pipewire.nix
@ -1,9 +0,0 @@
 { config, ... }:
 {
  services.pipewire = {
    enable = !config.machineVars.headless;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
 }
--- a/hosts/common/services/printing.nix
+++ b/hosts/common/services/printing.nix
@ -1,4 +0,0 @@
 { config, ... }:
 {
  services.printing.enable = !config.machineVars.headless;
 }
--- a/hosts/common/services/resolved.nix
+++ b/hosts/common/services/resolved.nix
@ -1,4 +0,0 @@
 { ... }:
 {
  services.resolved.enable = true;
 }
--- a/hosts/common/services/smartd.nix
+++ b/hosts/common/services/smartd.nix
@ -1,4 +0,0 @@
 { ... }:
 {
  services.smartd.enable = true;
 }
--- a/hosts/common/services/systemd-lock-handler.nix
+++ b/hosts/common/services/systemd-lock-handler.nix
@ -1,4 +0,0 @@
 { ... }:
 {
  services.systemd-lock-handler.enable = true;
 }
--- a/hosts/common/services/xserver.nix
+++ b/hosts/common/services/xserver.nix
@ -1,36 +0,0 @@
 { config, ... }:
 {
  services.displayManager = {
    enable = true;
    defaultSession = "none+xmonad";
    sddm = {
      enable = !config.machineVars.headless;
      wayland.enable = true;
    };
  };
  services.xserver = {
    enable = !config.machineVars.headless;
    xkb = {
      layout = "us";
      options = "caps:escape";
    };
    # desktopManager = {
    #   xterm.enable = false;
    #   xfce.enable = !config.machineVars.headless;
    # };
    # displayManager.lightdm.enable = !config.machineVars.headless;
    windowManager.xmonad = {
      enable = true;
      enableContribAndExtras = true;
      enableConfiguredRecompile = true;
      extraPackages = hPkgs: with hPkgs; [
        dbus
      ];
    };
  };
 }
--- a/hosts/dosei/configuration.nix
+++ b/hosts/dosei/configuration.nix
@ -66,6 +66,8 @@
    # hostId = "";
  };
  programs.usbtop.enable = true;
  services = {
    openssh = {
      enable = true;