WIP

2024-08-16 12:37:58 +02:00
35 changed files with 184 additions and 428 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -50,6 +50,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ra-multiplex = {
      url = "github:pr2502/ra-multiplex";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Nix expressions and keys (TODO: move keys to another solution like agenix)
    # which should be kept from the main repo for privacy reasons.
    #
@@ -75,6 +80,7 @@
    secrets,
    sops-nix,
    vscode-server,
    ra-multiplex
    # website
  }: let
    system = "x86_64-linux";
@@ -95,19 +101,14 @@
        nonrecursive-unstable-pkgs = import nixpkgs-unstable {
          inherit system;
          config.allowUnfree = true;
          config.segger-jlink.acceptLicense = true;
          config.permittedInsecurePackages = [
            "segger-jlink-qt4-794s"
          ];
        };
      in [
        (self: super: {
-          inherit (nonrecursive-unstable-pkgs)
+          inherit (nonrecursive-unstable-pkgs) atuin wstunnel;
-            atuin
+        })
-            wstunnel
+
-            nrf-udev
+        (self: super: {
-            nrfutil
+          ra-multiplex = ra-multiplex.packages.${system}.default;
            ;
        })
        # https://github.com/NixOS/nixpkgs/pull/251706
@@ -197,7 +198,6 @@
                  useGlobalPkgs = true;
                  extraSpecialArgs = {
                    inherit inputs;
                    inherit unstable-pkgs;
                    inherit (self) extendedLib;
                    inherit (config) machineVars;
                    secrets = secrets.outputs.settings;
--- a/home/config/xdg/directory-spec-overrides.nix
+++ b/home/config/xdg/directory-spec-overrides.nix
@@ -18,12 +18,8 @@
    GHCUP_USE_XDG_DIRS = "true";
    __GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
    ANDROID_USER_HOME = "${dataHome}/android";
    AZURE_CONFIG_DIR = "${dataHome}/azure";
    BZRPATH = "${configHome}/bazaar";
    BZR_PLUGIN_PATH = "${dataHome}/bazaar";
    BZR_HOME = "${cacheHome}/bazaar";
    CARGO_HOME = "${dataHome}/cargo";
    CUDA_CACHE_PATH = "${cacheHome}/nv";
    DOCKER_CONFIG = "${configHome}/docker";
--- a/home/config/xdg/mimetypes.nix
+++ b/home/config/xdg/mimetypes.nix
@@ -95,7 +95,7 @@ let
  vscode = "code.desktop";
  mpv = "mpv.desktop";
  zathura = "org.pwmt.zathura.desktop";
-  nsxiv = "nsxiv.desktop";
+  sxiv = "sxiv.desktop";
  font-viewer = "org.gnome.font-viewer.desktop";
 in {
  xdg.configFile."mimeapps.list".force = true;
@@ -104,7 +104,7 @@ in {
    # associations.added = {};
    # associations.removed = {};
    defaultApplications =
-      (lib.mapAttrs' (_: v: lib.nameValuePair v nsxiv) mime.image)
+      (lib.mapAttrs' (_: v: lib.nameValuePair v sxiv) mime.image)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)
--- a/home/home.nix
+++ b/home/home.nix
@@ -8,23 +8,18 @@ in {
    ./config/xdg
    ./programs/aria2.nix
    ./programs/atuin.nix
    ./programs/beets.nix
    ./programs/comma.nix
    ./programs/direnv
    ./programs/gdb.nix
    ./programs/gh.nix
    ./programs/gh-dash.nix
    ./programs/git
    ./programs/gpg
    ./programs/jq.nix
    ./programs/less.nix
    ./programs/neovim
    ./programs/nix-index
    ./programs/ssh
    ./programs/tealdeer
    ./programs/thunderbird.nix
    ./programs/tmux.nix
    ./programs/zsh
@@ -56,6 +51,7 @@ in {
    ./services/mpd.nix
    ./services/picom.nix
    ./services/polybar.nix
    ./services/ra-multiplex.nix
    ./services/screen-locker.nix
    # ./services/stalonetray.nix
    ./services/sxhkd.nix
@@ -101,17 +97,9 @@ in {
    sessionVariables = {
      CARGO_NET_GIT_FETCH_WITH_CLI = "true";
      PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
      _JAVA_AWT_WM_NONREPARENTING = "1";
    };
  };
  xsession = {
    enable = true;
    # TODO: declare using xdg config home
    scriptPath = ".config/X11/xsession";
    profilePath = ".config/X11/xprofile";
  };
  xdg.configFile = {
    "ghc/ghci.conf".text = ''
      :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
@@ -185,7 +173,10 @@ in {
  qt = mkIf graphics {
    enable = true;
-    platformTheme.name = "adwaita";
+    platformTheme.name = "gtk";
-    style.name = "adwaita-dark";
+    style = {
      name = "adwaita-dark";
      package = pkgs.adwaita-qt;
    };
  };
 }
--- a/home/packages.nix
+++ b/home/packages.nix
@@ -1,6 +1,7 @@
 { pkgs, config, machineVars, ... }:
 {
  home.packages = with pkgs; [
    beets
    binutils
    cloc
    cyme
@@ -11,18 +12,18 @@
    duff
    ffmpeg
    file
    gh-dash
    glances
    gpg-tui
    gping
    graphviz
    hexyl
    httpie
    imagemagick
    jq
    kepubify
    # keybase
    keymapviz
    libwebp
    lnav
    lolcat
    mdcat
    mediainfo
@@ -32,6 +33,7 @@
    mtr
    neofetch
    nix-diff
    nix-index
    nix-output-monitor
    nix-tree
    nix-update
@@ -42,7 +44,6 @@
    pandoc
    parallel
    progress
    pwntools
    python3
    rclone
    ripgrep
@@ -81,18 +82,17 @@
      alsa-utils
      anki
      ark
      birdtray
      calibre
      cool-retro-term
      darktable
      discord
      element-desktop
      geogebra
      ghidra
      gimp
      gnome.gnome-font-viewer
      gnome.seahorse
      google-chrome
      imhex
      inkscape
      insomnia
      iwgtk
@@ -109,7 +109,6 @@
      mopidy-youtube
      mpc_cli
      naps2
      nsxiv
      nyxt
      obsidian
      # pcloud
@@ -120,9 +119,11 @@
      slack
      # sublime3
      # swiPrologWithGui
      sxiv
      tagainijisho
      tenacity
      thunderbird
      # transcribe
      wireshark
      xcalib
--- a/home/programs/aria2.nix
+++ b/home/programs/aria2.nix
@@ -1,4 +0,0 @@
 { ... }:
 {
  programs.aria2.enable = true;
 }
--- a/home/programs/beets.nix
+++ b/home/programs/beets.nix
@@ -1,4 +0,0 @@
 { ... }:
 {
  programs.beets.enable = true;
 }
--- a/home/programs/browser/bookmarks.nix
+++ b/home/programs/browser/bookmarks.nix
@@ -9,7 +9,7 @@ in [
  (link "GitHub" "http://github.com")
  (short "/u/" "danger/u/" "https://dangeru.us/")
  (link "PVV" "https://www.pvv.ntnu.no/")
-  (short "PVVM" "PVV Mail" "https://webmail.pvv.ntnu.no/roundcube/")
+  (short "PVVM" "PVV Mail" "https://webmail2.pvv.ntnu.no/roundcube/")
  (short "ΩV" "Omega Verksted" "https://omegav.no/")
  (dir "Nix" [
@@ -31,34 +31,21 @@ in [
  ])
  (dir "CTF" [
-    (link "Revshells" "https://revshells.com/")
+    (link "HackTheBox" "https://www.hackthebox.eu/")
    (link "TryHackMe" "https://tryhackme.com/dashboard")
    (link "OverTheWire" "https://overthewire.org/wargames/")
    (link "NetGarage" "https://io.netgarage.org/")
    (link "Exploit Education" "http://exploit.education/")
    (link "Webhook" "https://webhook.site")
    (link "CyberChef" "https://gchq.github.io/CyberChef/")
    (link "Aperisolve" "https://www.aperisolve.com/")
    (link "how2heap" "https://github.com/shellphish/how2heap")
    (link "Heap Search" "https://kissprogramming.com/heap/heap-search")
    (link "CrackStation" "https://crackstation.net/")
    (link "FactorDB" "http://factordb.com/")
    (link "Syscalls" "https://syscalls.w3challs.com/")
    (link "DogBolt" "https://dogbolt.org/")
    (link "HackTricks" "https://book.hacktricks.xyz/")
    (dir "Practise" [
      (link "S2G" "https://s2gctf.ncr.ntnu.no")
      (link "Pico CTF" "https://play.picoctf.org/practice")
      (link "Pwn college" "https://pwn.college/")
      (link "HackTheBox" "https://www.hackthebox.eu")
      (link "Crackmes" "https://crackmes.one")
      (link "Nightmare" "https://guyinatuxedo.github.io/")
    ])
  ])
  (dir "Misc & Tools" [
    (link "ASCIIFlow" "https://asciiflow.com/#/")
    (link "CopyChar" "https://copychar.cc/")
    (link "CyberChef" "https://gchq.github.io/CyberChef/")
    (link "Device Info" "https://www.deviceinfo.me/")
    (link "Diagrams" "https://app.diagrams.net/")
    (link "FakeMail" "http://www.fakemailgenerator.com/")
    (link "FilePizza" "https://file.pizza/")
    (link "IPLeak" "https://ipleak.net/")
    (link "LaTeX" "https://www.codecogs.com/latex/eqneditor.php")
    (link "ManualsLib" "https://www.manualslib.com/")
--- a/home/programs/gh-dash.nix
+++ b/home/programs/gh-dash.nix
@@ -1,4 +0,0 @@
 { ... }:
 {
  programs.gh-dash.enable = true;
 }
--- a/home/programs/gh.nix
+++ b/home/programs/gh.nix
@@ -4,7 +4,7 @@
    enable = true;
    settings = {
      gitProtocol = "ssh";
-      pager = "${pkgs.bat}/bin/bat";
+      pager = "${pkgs.bat}/git/bat";
      aliases = {
        co = "pr checkout";
        pv = "pr view";
--- a/home/programs/git/default.nix
+++ b/home/programs/git/default.nix
@@ -53,7 +53,6 @@ in
        forcepush = "push --force-with-lease --force-if-includes";
        authors = "shortlog --summary --numbered --email";
        si = "switch-interactive";
        subs = "submodule update --init --recursive";
        rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
        git = "!git";
      };
@@ -129,8 +128,6 @@ in
          submodule = "log";
        };
        pager.show = lib.getExe pkgs.bat;
        status = {
          showUntrackedFiles = "all";
          relativePaths = true;
@@ -262,14 +259,6 @@ in
      runtimeInputs = with pkgs; [ cfg.package coreutils ];
      text = lib.fileContents ./scripts/git-tcommit.sh;
    })
    (pkgs.writeShellApplication {
      name = "git-tmcommit";
      runtimeInputs = with pkgs; [ cfg.package coreutils ];
      text = lib.pipe ./scripts/git-tcommit.sh [
        lib.fileContents
        (builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
      ];
    })
    (pkgs.writeShellApplication {
      name = "git-switch-interactive";
      runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
--- a/home/programs/git/scripts/git-tcommit.sh
+++ b/home/programs/git/scripts/git-tcommit.sh
@@ -1,10 +1,5 @@
 set -euo pipefail
 if [[ $# -lt 1 ]]; then
  echo "Usage: git tcommit [-]<hours>"
  exit 1
 fi
 HOUR_SHIFT="$1"
 shift
--- a/home/programs/jq.nix
+++ b/home/programs/jq.nix
@@ -1,4 +0,0 @@
 { ... }:
 {
  programs.jq.enable = true;
 }
--- a/home/programs/newsboat/sources.nix
+++ b/home/programs/newsboat/sources.nix
@@ -3,45 +3,40 @@ let
  mkSource = tags: url: { inherit tags url; };
 in {
  programs.newsboat.urls = [
-    (mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/")
+    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
-    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org/blog/announcements-rss.xml")
+    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
-    (mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss")
+    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
-    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
+    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
    (mkSource [ "tech" ] "https://blog.hackeriet.no/feed.xml")
    (mkSource [ "tech" ] "https://fribyte.no/rss.xml")
    (mkSource [ "tech" ] "https://existentialtype.wordpress.com/feed/")
    (mkSource [ "tech" "linux" "ntnu" ] "https://wiki.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=90&limit=50&action=feedrecentchanges&format=xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
    (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
-    (mkSource [ "tech" ] "https://branchfree.org/feed/")
+    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
-    (mkSource [ "tech" ] "https://search.marginalia.nu/news.xml")
+    (mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/")
    (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
-    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/atom-feed.xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org//blog/announcements-rss.xml")
    (mkSource [ "tech" "linux" ] "https://www.digitalneanderthal.com/index.xml")
    (mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss")
    (mkSource [ "tech" ] "https://code.visualstudio.com/feed.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://blog.ysndr.de/atom.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://kaushikc.org/atom.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://ianthehenry.com/feed.xml")
    (mkSource [ "tech" "linux" "ntnu" ] "https://www.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=7&limit=50&action=feedrecentchanges&feedformat=atom")
    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
    (mkSource [ "tech" "linux" "japanese" ] "https://www.ncaq.net/feed.atom")
-    (mkSource [ "tech" "linux" "nixos" "emacs" "japanese" ] "https://apribase.net/program/feed")
+    (mkSource [ "tech" "linux" "haskell" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
-    (mkSource [ "tech" "linux" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
+    (mkSource [ "tech" "haskell" "functional-programming" ] "https://williamyaoh.com/feed.atom")
-    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
+    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
-    (mkSource [ "tech" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
+    (mkSource [ "tech" "haskell" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
-    (mkSource [ "tech" "functional-programming" ] "https://williamyaoh.com/feed.atom")
+    (mkSource [ "tech" "haskell" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
-    (mkSource [ "tech" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
+    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
-    (mkSource [ "tech" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
+    (mkSource [ "tech" "haskell" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
-    (mkSource [ "tech" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
+    (mkSource [ "tech" "haskell" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
-    (mkSource [ "tech" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
+    (mkSource [ "tech" "flutter" ] "https://resocoder.com/feed/")
-    (mkSource [ "tech" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
+    (mkSource [ "tech" "compilers" ] "https://existentialtype.wordpress.com/feed/")
-    (mkSource [ "tech" ] "https://go.dev/blog/feed.atom")
+    (mkSource [ "tech" "compilers" "haskell" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
    (mkSource [ "tech" "linux" ] "https://jfx.ac/blog/index.xml")
    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
    (mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
-    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
+    (mkSource [ "tech" "compilers" ] "https://go.dev/blog/feed.atom")
-    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/feed.xml")
-    (mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
+    (mkSource [ "tech" "linux" "nixos" "compilers" ] "https://flyx.org/feed.xml")
-    (mkSource [ "tech" ] "https://resocoder.com/feed/")
+    (mkSource [ "tech" "linux" ] "https://blog.jfx.ac/feed.xml")
-
+    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
    # Broken?
    (mkSource [ "tech" "linux" "nixos" ] "https://flyx.org/feed.xml")
  ];
 }
--- a/home/programs/ssh/pvv.nix
+++ b/home/programs/ssh/pvv.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, extendedLib, ... }:
 let
  adminUser = "root";
  normalUser = "oysteikt";
@@ -10,35 +10,26 @@ let
      proxyJump = lib.mkDefault null;
      addressFamily = "inet";
    }
    "dagali"
    "drolsum"
    "demiurgen"
    "eirin"
    [ "bekkalokk" "pvv-web" "pvv-wiki" "pvv-webmail" ]
    "ildkule"
    "shark"
    "buskerud"
    [ "bicep" "pvv-databases" ]
    "bob"
    [ "brzeczyszczykiewicz" "brez" "bokhylle" ]
    "buskerud"
    "dagali"
    "demiurgen"
    "drolsum"
    "eirin"
    "georg"
    "ildkule"
    "isvegg"
    "knutsen"
-    [ "microbel" "pvv-users" "pvv-mail" ]
+    "isvegg"
    "orchid"
    "shark"
    "tallulah"
    "tom"
-    "venture"
+    [ "microbel" "pvv-users" "pvv-mail" ]
  ];
  rootMachines = [
-    [ "ameno" "pvv-dns" ]
+    [ "sleipner" "pvv-salt" ]
    [ "balduzius" "pvv-krb" ]
    [ "innovation" "pvv-minecraft" ]
    "ludvigsen"
    [ "principal" "pvv-backup" ]
    [ "skrott" "dibbler" ]
    [ "sleipner" "pvv-salt" ]
  ];
  # Either( String [String] AttrSet{String} ) -> AttrSet{String}
@@ -88,17 +79,16 @@ let
    machines: pipe machines pipeline;
 in
  {
-    programs.ssh.matchBlocks = lib.mergeAttrsList [
+    programs.ssh.matchBlocks = (extendedLib.attrsets.concatAttrs [
      (convertMachinesWith convertNormalMachine normalMachines)
      (convertMachinesWith convertAdminMachine rootMachines)
-      {
+    ]) // {
-        "pvv-git git.pvv.ntnu.no" = {
+      "pvv-git git.pvv.ntnu.no" = {
-          hostname = "git.pvv.ntnu.no";
+        hostname = "git.pvv.ntnu.no";
-          user = "gitea";
+        user = "gitea";
-          addressFamily = "inet";
+        addressFamily = "inet";
-          port = 2222;
+        port = 2222;
-          proxyJump = "pvv";
+        proxyJump = "pvv";
-        };
+      };
-      }
+    };
    ];
  }
--- a/home/programs/thunderbird.nix
+++ b/home/programs/thunderbird.nix
@@ -1,18 +0,0 @@
 { config, pkgs, lib, machineVars, ... }:
 let
  cfg = config.programs.thunderbird;
 in
 {
  programs.thunderbird = {
    enable = !machineVars.headless;
    profiles.h7x4 = {
      isDefault = true;
      withExternalGnupg = true;
    };
  };
  home.packages = lib.mkIf cfg.enable (with pkgs; [
    birdtray
  ]);
 }
--- a/home/programs/vscode/default.nix
+++ b/home/programs/vscode/default.nix
@@ -24,7 +24,7 @@ in
    onChange = ''install -m660 $(realpath "${configFilePath}.ro") "${configFilePath}"'';
  };
-  programs.vscode = {
+  programs.vscode ={
    enable = true;
    package = pkgs.vscode;
@@ -161,6 +161,9 @@ in
      "vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue";
      "window.zoomLevel" = 1;
      "rust-analyzer.server.path" =
        toString (pkgs.writeShellScript "ra-multiplex-client" "${lib.getExe pkgs.ra-multiplex} client");
      "search.exclude" = {
        "**/node_modules" = true;
        "**/bower_components" = true;
@@ -296,7 +299,7 @@ in
      # jock.svg
      # ms-azuretools.vscode-docker
      # ms-toolsai.jupyter
-      # ms-vscode-remote.remote-ssh
+      ms-vscode-remote.remote-ssh
      # ms-vsliveshare.vsliveshare
      bbenoist.nix
      christian-kohler.path-intellisense
@@ -318,12 +321,8 @@ in
      rust-lang.rust-analyzer
      mkhl.direnv
      waderyan.gitblame
      # vs-liveshare
      vscodevim.vim
      hbenl.vscode-test-explorer
      # vitaliymaz.vscode-svg-previewer
      ms-vscode.test-adapter-converter
      visualstudioexptteam.vscodeintellicode
      tamasfe.even-better-toml
    ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
      {
        name = "monokai-st3";
@@ -331,17 +330,47 @@ in
        version = "0.2.0";
        sha256 = "1rvz5hlrfshy9laybxzvrdklx328s13j0lb8ljbda9zkadi3wcad";
      }
      {
        name = "vscode-svgviewer";
        publisher = "cssho";
        version = "2.0.0";
        sha256 = "06swlqiv3gc7plcbmzz795y6zwpxsdhg79k1n3jj6qngfwnv2p6z";
      }
      {
        name = "comment-anchors";
        publisher = "ExodiusStudios";
-        version = "1.10.4";
+        version = "1.10.3";
-        sha256 = "sha256-FvfjPpQsgCsnY1BylhLCM/qDQChf9/iTr3cKkCGfMVI=";
+        sha256 = "sha256-IyiiS4jpcghwKI0j8s69uGNZlKnZ0o78ZCT0oZeJER0=";
      }
      {
        name = "vscode-test-explorer";
        publisher = "hbenl";
        version = "2.21.1";
        sha256 = "022lnkq278ic0h9ggpqcwb3x3ivpcqjimhgirixznq0zvwyrwz3w";
      }
      {
        name = "vscode-gutter-preview";
        publisher = "kisstkondoros";
-        version = "0.31.2";
+        version = "0.29.0";
-        sha256 = "sha256-2/RvDSsVL06UmNG9HchXaJMJ4FYtnpuJ2Bn53JVv1t8=";
+        sha256 = "00vibv9xmhwaqiqzp0y2c246pqiqfjsw4bqx4vcdd67pz1wnqhg1";
      }
      {
        name = "test-adapter-converter";
        publisher = "ms-vscode";
        version = "0.1.9";
        sha256 = "sha256-M53jhAVawk2yCeSrLkWrUit3xbDc0zgCK2snbK+BaSs=";
      }
      # {
      #   name = "indent-rainbow";
      #   publisher = "oderwat";
      #   version = "8.2.2";
      #   sha256 = "1xxljwh66f21fzmhw8icrmxxmfww1s67kf5ja65a8qb1x1rhjjgf";
      # }
      {
        name = "vscodeintellicode";
        publisher = "VisualStudioExptTeam";
        version = "1.2.30";
        sha256 = "sha256-f2Gn+W0QHN8jD5aCG+P93Y+JDr/vs2ldGL7uQwBK4lE=";
      }
      {
        name = "keyboard-quickfix";
--- a/home/programs/xmonad/xmonad.hs
+++ b/home/programs/xmonad/xmonad.hs
@@ -86,16 +86,14 @@ myScratchpads = [ NS "ncmpcpp"     spawnNC findNC layoutA
  where
    spawnNC = myTerminal ++ " --title ncmpcppScratchpad -e ncmpcpp"
    spawnTM = myTerminal ++ " --class floatingTerminal -e tmux new-session -A -s f"
    spawnTW = myTerminal ++ " --class taskWarriorTerminal -e taskwarrior-tui"
    -- spawnMX = "element"
    spawnFB = "thunar --class=floatingThunar"
    spawnEX = "emacs --name=floatingEmacs"
-    spawnSC = "nsxiv -N floatingSchedule ~/uni/schedule.png"
+    spawnSC = "sxiv -N floatingSchedule ~/uni/schedule.png"
    spawnHP = "echo \"" ++ help ++ "\" | xmessage -file -"
    findNC = title =? "ncmpcppScratchpad"
    findTM = className =? "floatingTerminal"
    findTW = className =? "taskWarriorTerminal"
    findSC = className =? "floatingSchedule"
    -- findMX = className =? "element"
    findFB = className =? "floatingThunar"
@@ -170,7 +168,7 @@ myKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
    , ((modm .|. shiftMask , xK_space ),    spawn $ myTerminal ++ " -e tmux")
    -- , ((modm               , xK_v ),        spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass")
-    -- , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
+    , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
    ]
 termIsOpen :: X Bool
--- a/home/programs/zed/default.nix
+++ b/home/programs/zed/default.nix
@@ -1,6 +1,6 @@
-{ config, pkgs, unstable-pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 {
-  home.packages = with unstable-pkgs; [ zed-editor ];
+  home.packages = with pkgs; [ zed-editor ];
  xdg.configFile."zed/settings.json".source = let
    format = pkgs.formats.json { };
--- a/home/services/polybar.nix
+++ b/home/services/polybar.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, machineVars, ... }: let
+{ pkgs, config, machineVars, ... }: let
  colors = config.colors.defaultColorSet;
 in {
  services.polybar = {
@@ -11,23 +11,13 @@ in {
    package = pkgs.polybar.override {
      githubSupport = true;
      mpdSupport = true;
      pulseSupport = true;
    };
    settings = {
      "module/tray" = {
        type = "internal/tray";
        # padding = 4;
        tray-spacing = "8px";
        tray-maxsize = "25px";
        # tray-background = colors.background;
      };
      "bar/top" = {
        bottom = false;
        # monitor =
-        # tray.position = "right";
+        tray.position = "right";
        background = colors.background;
        foreground = colors.foreground;
@@ -51,20 +41,19 @@ in {
          left = "xmonad";
          center = "date";
          right = builtins.concatStringsSep " " [
-            "filesystem"
+            "filesystem "
-            (lib.optionalString (machineVars.wlanInterface != null) "wlan")
+            (if machineVars.wlanInterface != null then "wlan " else "")
-            (lib.optionalString (machineVars.battery != null) "batt")
+            (if machineVars.battery != null then "batt " else "")
-            "pulseaudio"
+            "vol"
            "mpd"
            "tray"
          ];
        };
-        # tray = {
+        tray = {
-        #   padding = 4;
+          padding = 4;
-        #   maxsize = 25;
+          maxsize = 25;
-        #   background = colors.background;
+          background = colors.background;
-        # };
+        };
      };
      "module/xmonad" = {
@@ -166,15 +155,15 @@ in {
        };
      };
-      "module/pulseaudio" = {
+      "module/vol" = {
-        type = "internal/pulseaudio";
+        type = "internal/alsa";
        # format-volume = "<bar-volume>}"
        # format-volume = "%{A1:bash -c '~/.scripts/get-volume' &:}<bar-volume>%{A}"
        # format-volume = <label-volume> <bar-volume>
        # format-volume-padding = 1
        # format-muted-padding = 1
-        format-volume = "  <label-volume> <bar-volume>";
+        format-volume = "%{T3}%{T-} <label-volume> <bar-volume>";
        # label-volume = 
        label-volume-foreground = colors.magenta;
        # format-muted-foreground = "${colors.foreground-alt}";
@@ -284,11 +273,9 @@ in {
        # Default: false
        fixed-values = true;
-        # Margin (number of spaces, pixels, or points) to add before/after each module
+        # Spacing (number of spaces, pixels, points) between entries
-        # Individual side values can be defined using:
+        # Default: 2
-        #   module-margin-{left,right}
+        spacing = 4;
        module-margin = "16px";
        # spacing = "16px";
        # Default: 90
        # New in version 3.6.0
--- a/home/services/ra-multiplex.nix
+++ b/home/services/ra-multiplex.nix
@@ -0,0 +1,36 @@
 { pkgs, lib, ... }:
 let
  format = pkgs.formats.toml { };
  package = pkgs.ra-multiplex;
 in
 {
  xdg.configFile."ra-multiplex/config.toml".source = format.generate "ra-multiplex-config.toml" {
    # listen = "/var/run/user/1001/ra-mux/ra-multiplex.sock";
    # connect = "/var/run/user/1001/ra-mux/ra-multiplex.sock";
    listen = [ "127.0.0.1" 27631 ];
    connect = [ "127.0.0.1" 27631 ];
    pass_environment = [
      "RUST_SRC_PATH"
      "RUSTC_WRAPPER"
      "SCCACHE_DIR"
    ];
  };
  systemd.user.services.ra-multiplex = {
    Unit = {
      Description = "Rust analyzer multiplex server";
    };
    Service = {
      Type = "simple";
      ExecStart = "${lib.getExe package} server";
      Environment = [
        "PATH=${lib.makeBinPath [ pkgs.rust-analyzer ]}"
      ];
    };
    Install = {
      WantedBy = [ "default.target" ];
    };
  };
 }
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, extendedLib, ... }:
+{ pkgs, unstable-pkgs, lib, extendedLib, config, inputs, secrets, ... }:
 let
  inherit (config) machineVars;
 in {
@@ -12,9 +12,7 @@ in {
    ./programs/ssh.nix
    ./programs/usbtop.nix
    ./services/cups.nix
    ./services/dbus.nix
    ./services/logrotate.nix
    ./services/openssh.nix
    ./services/pcscd.nix
    ./services/pipewire.nix
@@ -131,8 +129,6 @@ in {
      touchpad.disableWhileTyping = true;
    };
    irqbalance.enable = true;
    displayManager.defaultSession = "none+xmonad";
  };
--- a/hosts/common/services/cups.nix
+++ b/hosts/common/services/cups.nix
@@ -1,71 +0,0 @@
 { config, lib, ... }:
 {
  systemd.services = lib.mkIf config.services.printing.enable {
    cups.serviceConfig = {
      PrivateTmp = true;
      ProtectSystem = "strict";
      ProtectHome = true;
      ProtectClock= true;
      ProtectControlGroups = true;
      ProtectHostname = true; 
      ProtectKernelLogs = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      ProtectProc = "invisible";
      PrivateDevices = true;
      NoNewPrivileges = true;
      # User =
      AmbientCapabilities = [ "" ];
      CapabilityBoundingSet = [ "" ];
      DevicePolicy = "closed";
      KeyringMode = "private";
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      PrivateUsers = true;
      RemoveIPC = true;
      # RestrictAddressFamilies = [ "" ];
      RestrictNamespaces=true;
      RestrictRealtime=true;
      RestrictSUIDSGID=true;
      SystemCallArchitectures = "native";
      SystemCallFilter = [
        "@system-service"
        "~@privileged"
      ];
      UMask = "0077";
    };
    cups-browsed.serviceConfig = {
      PrivateTmp = true;
      ProtectSystem = "strict";
      ProtectHome = true;
      ProtectClock= true;
      ProtectControlGroups = true;
      ProtectHostname = true;
      ProtectKernelLogs = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      ProtectProc = "invisible";
      PrivateDevices = true;
      NoNewPrivileges = true;
      # User =
      AmbientCapabilities = [ "" ];
      CapabilityBoundingSet = [ "" ];
      DevicePolicy = "closed";
      KeyringMode = "private";
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      PrivateUsers = true;
      RemoveIPC = true;
      # RestrictAddressFamilies = [ "" ];
      RestrictNamespaces=true;
      RestrictRealtime=true;
      RestrictSUIDSGID=true;
      SystemCallArchitectures = "native";
      SystemCallFilter = [
        "@system-service"
        "~@privileged"
      ];
      UMask = "0077";
    };
  };
 }
--- a/hosts/common/services/logrotate.nix
+++ b/hosts/common/services/logrotate.nix
@@ -1,42 +0,0 @@
 { ... }:
 {
  # source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service
  systemd.services.logrotate = {
    documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ];
    unitConfig.RequiresMountsFor = "/var/log";
    serviceConfig = {
      Nice = 19;
      IOSchedulingClass = "best-effort";
      IOSchedulingPriority = 7;
      ReadWritePaths = [ "/var/log" ];
      AmbientCapabilities = [ "" ];
      CapabilityBoundingSet = [ "" ];
      DeviceAllow = [ "" ];
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      NoNewPrivileges = true; # disable for third party rotate scripts
      PrivateDevices = true;
      PrivateNetwork = true; # disable for mail delivery
      PrivateTmp = true;
      ProtectClock = true;
      ProtectControlGroups = true;
      ProtectHome = true; # disable for userdir logs
      ProtectHostname = true;
      ProtectKernelLogs = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      ProtectProc = "invisible";
      ProtectSystem = "full";
      RestrictNamespaces = true;
      RestrictRealtime = true;
      RestrictSUIDSGID = true; # disable for creating setgid directories
      SocketBindDeny = [ "any" ];
      SystemCallArchitectures = "native";
      SystemCallFilter = [
        "@system-service"
      ];
    };
  };
 }
--- a/hosts/dosei/configuration.nix
+++ b/hosts/dosei/configuration.nix
@@ -3,8 +3,6 @@
  imports = [
    ./hardware-configuration.nix
    ./programs/nrfutil.nix
    ./services/avahi.nix
    ./services/docker.nix
    ./services/jenkins.nix
--- a/hosts/dosei/programs/nrfutil.nix
+++ b/hosts/dosei/programs/nrfutil.nix
@@ -1,13 +0,0 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    nrfutil
    nrfconnect
    nrf-command-line-tools
  ];
  services.udev.packages = with pkgs; [
    nrf-udev
    segger-jlink
  ];
 }
--- a/hosts/dosei/services/journald-remote.nix
+++ b/hosts/dosei/services/journald-remote.nix
@@ -1,19 +0,0 @@
 { ... }:
 {
  # TODO: Reproducible certificates
  services.journald.remote = {
    enable = true;
    settings.Remote = {
      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
      TrustedCertificateFile = "-";
    };
  };
  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
  #   "key.pem:/etc/journald-remote-certs/key.pem"
  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
  # ];
 }
--- a/hosts/europa/configuration.nix
+++ b/hosts/europa/configuration.nix
@@ -5,7 +5,6 @@
    ./services/avahi.nix
    ./services/docker.nix
    ./services/journald-remote.nix
  ];
  boot.loader.systemd-boot.enable = true;
--- a/hosts/europa/services/journald-remote.nix
+++ b/hosts/europa/services/journald-remote.nix
@@ -1,14 +0,0 @@
 { ... }:
 {
  services.journald.upload = {
    enable = true;
    settings.Upload = {
      URL = "https://10.250.14.105:19532";
      # ServerKeyFile = toString ./key.pem;
      # ServerCertificateFile = toString ./cert.pem;
      ServerKeyFile = "-";
      ServerCertificateFile = "-";
      TrustedCertificateFile = "-";
    };
  };  
 }
--- a/hosts/kasei/configuration.nix
+++ b/hosts/kasei/configuration.nix
@@ -2,7 +2,6 @@
 {
  imports = [
    ./services/avahi.nix
    ./services/btrfs.nix
    ./services/docker.nix
    ./services/libvirtd.nix
    ./services/logiops.nix
@@ -11,16 +10,12 @@
    ./services/tailscale.nix
    ./services/keybase.nix
    ./nspawn-containers/arch.nix
  ];
  system.stateVersion = "22.05";
  boot.binfmt.emulatedSystems = [
    "x86_64-windows"
    "aarch64-linux"
    "armv7l-linux"
    "i686-linux"
  ];
  nix.settings.system-features = [
--- a/hosts/kasei/nspawn-containers/arch.nix
+++ b/hosts/kasei/nspawn-containers/arch.nix
@@ -1,28 +0,0 @@
 { ... }:
 {
  systemd.targets.machines.enable = true;
  systemd.nspawn."arch" = {
    enable = true;
    execConfig.Boot = true;
    filesConfig = {
      BindReadOnly = [
        "/nix/store"
        # "/etc/resolv.conf:/etc/resolv.conf"
      ];
      Bind = [
        "/home/h7x4/git"
        "/home/h7x4/pico"
        "/home/h7x4/Downloads"
      ];
    };
    networkConfig.Private = false;
  };
  systemd.services."systemd-nspawn@arch" = {
    enable = true;
    requiredBy = [ "machines.target" ];
    overrideStrategy = "asDropin";
  };
 }
--- a/hosts/kasei/services/btrfs.nix
+++ b/hosts/kasei/services/btrfs.nix
@@ -1,4 +0,0 @@
 { ... }:
 {
  services.btrfs.autoScrub.enable = true;
 }
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -7,6 +7,9 @@ in rec {
  mapToAttrsWithConst = constant: items:
    listToAttrs (map (name: nameValuePair name constant) items);
  # [AttrSet] -> AttrSet
  concatAttrs = foldr (a: b: a // b) {};
  # (Int -> String -> a -> a) -> AttrSet -> AttrSet
  imap0Attrs = f: set:
    listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
--- a/package-overrides/fcitx5-mozc.nix
+++ b/package-overrides/fcitx5-mozc.nix
@@ -1,5 +1,3 @@
 # Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
 { bazel
 , buildBazelPackage
 , fcitx5
--- a/package-overrides/mozc.nix
+++ b/package-overrides/mozc.nix
@@ -1,5 +1,3 @@
 # Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
 { bazel
 , buildBazelPackage
 , fetchFromGitHub