WIP

flake.nix

@@ -95,10 +95,19 @@
         nonrecursive-unstable-pkgs = import nixpkgs-unstable {
           inherit system;
           config.allowUnfree = true;
+          config.segger-jlink.acceptLicense = true;
+          config.permittedInsecurePackages = [
+            "segger-jlink-qt4-794s"
+          ];
         };
       in [
         (self: super: {
-          inherit (nonrecursive-unstable-pkgs) atuin wstunnel;
+          inherit (nonrecursive-unstable-pkgs)
+            atuin
+            wstunnel
+            nrf-udev
+            nrfutil
+            ;
         })
 
         # https://github.com/NixOS/nixpkgs/pull/251706
@@ -188,6 +197,7 @@
                   useGlobalPkgs = true;
                   extraSpecialArgs = {
                     inherit inputs;
+                    inherit unstable-pkgs;
                     inherit (self) extendedLib;
                     inherit (config) machineVars;
                     secrets = secrets.outputs.settings;

home/config/xdg/directory-spec-overrides.nix

@@ -18,8 +18,12 @@
 
     GHCUP_USE_XDG_DIRS = "true";
 
+    __GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
     ANDROID_USER_HOME = "${dataHome}/android";
     AZURE_CONFIG_DIR = "${dataHome}/azure";
+    BZRPATH = "${configHome}/bazaar";
+    BZR_PLUGIN_PATH = "${dataHome}/bazaar";
+    BZR_HOME = "${cacheHome}/bazaar";
     CARGO_HOME = "${dataHome}/cargo";
     CUDA_CACHE_PATH = "${cacheHome}/nv";
     DOCKER_CONFIG = "${configHome}/docker";

home/config/xdg/mimetypes.nix

@@ -95,7 +95,7 @@ let
   vscode = "code.desktop";
   mpv = "mpv.desktop";
   zathura = "org.pwmt.zathura.desktop";
-  sxiv = "sxiv.desktop";
+  nsxiv = "nsxiv.desktop";
   font-viewer = "org.gnome.font-viewer.desktop";
 in {
   xdg.configFile."mimeapps.list".force = true;
@@ -104,7 +104,7 @@ in {
     # associations.added = {};
     # associations.removed = {};
     defaultApplications =
-      (lib.mapAttrs' (_: v: lib.nameValuePair v sxiv) mime.image)
+      (lib.mapAttrs' (_: v: lib.nameValuePair v nsxiv) mime.image)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)

home/home.nix

@@ -8,18 +8,23 @@ in {
 
     ./config/xdg
 
+    ./programs/aria2.nix
     ./programs/atuin.nix
+    ./programs/beets.nix
     ./programs/comma.nix
     ./programs/direnv
     ./programs/gdb.nix
     ./programs/gh.nix
+    ./programs/gh-dash.nix
     ./programs/git
     ./programs/gpg
+    ./programs/jq.nix
     ./programs/less.nix
     ./programs/neovim
     ./programs/nix-index
     ./programs/ssh
     ./programs/tealdeer
+    ./programs/thunderbird.nix
     ./programs/tmux.nix
     ./programs/zsh
 
@@ -96,9 +101,17 @@ in {
     sessionVariables = {
       CARGO_NET_GIT_FETCH_WITH_CLI = "true";
       PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
+      _JAVA_AWT_WM_NONREPARENTING = "1";
     };
   };
 
+  xsession = {
+    enable = true;
+    # TODO: declare using xdg config home
+    scriptPath = ".config/X11/xsession";
+    profilePath = ".config/X11/xprofile";
+  };
+
   xdg.configFile = {
     "ghc/ghci.conf".text = ''
       :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
@@ -172,10 +185,7 @@ in {
 
   qt = mkIf graphics {
     enable = true;
-    platformTheme.name = "gtk";
+    platformTheme.name = "adwaita";
-    style = {
+    style.name = "adwaita-dark";
-      name = "adwaita-dark";
-      package = pkgs.adwaita-qt;
-    };
   };
 }

home/packages.nix

@@ -1,7 +1,6 @@
 { pkgs, config, machineVars, ... }:
 {
   home.packages = with pkgs; [
-    beets
     binutils
     cloc
     cyme
@@ -12,18 +11,18 @@
     duff
     ffmpeg
     file
-    gh-dash
     glances
     gpg-tui
     gping
     graphviz
+    hexyl
     httpie
     imagemagick
-    jq
     kepubify
     # keybase
     keymapviz
     libwebp
+    lnav
     lolcat
     mdcat
     mediainfo
@@ -33,7 +32,6 @@
     mtr
     neofetch
     nix-diff
-    nix-index
     nix-output-monitor
     nix-tree
     nix-update
@@ -44,6 +42,7 @@
     pandoc
     parallel
     progress
+    pwntools
     python3
     rclone
     ripgrep
@@ -82,17 +81,18 @@
       alsa-utils
       anki
       ark
-      birdtray
       calibre
       cool-retro-term
       darktable
       discord
       element-desktop
       geogebra
+      ghidra
       gimp
       gnome.gnome-font-viewer
       gnome.seahorse
       google-chrome
+      imhex
       inkscape
       insomnia
       iwgtk
@@ -109,6 +109,7 @@
       mopidy-youtube
       mpc_cli
       naps2
+      nsxiv
       nyxt
       obsidian
       # pcloud
@@ -119,11 +120,9 @@
       slack
       # sublime3
       # swiPrologWithGui
-      sxiv
       tagainijisho
 
       tenacity
-      thunderbird
       # transcribe
       wireshark
       xcalib

home/programs/aria2.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.aria2.enable = true;
+}

home/programs/beets.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.beets.enable = true;
+}

home/programs/browser/bookmarks.nix

@@ -9,7 +9,7 @@ in [
   (link "GitHub" "http://github.com")
   (short "/u/" "danger/u/" "https://dangeru.us/")
   (link "PVV" "https://www.pvv.ntnu.no/")
-  (short "PVVM" "PVV Mail" "https://webmail2.pvv.ntnu.no/roundcube/")
+  (short "PVVM" "PVV Mail" "https://webmail.pvv.ntnu.no/roundcube/")
   (short "ΩV" "Omega Verksted" "https://omegav.no/")
 
   (dir "Nix" [
@@ -31,21 +31,34 @@ in [
   ])
 
   (dir "CTF" [
-    (link "HackTheBox" "https://www.hackthebox.eu/")
+    (link "Revshells" "https://revshells.com/")
-    (link "TryHackMe" "https://tryhackme.com/dashboard")
-    (link "OverTheWire" "https://overthewire.org/wargames/")
-    (link "NetGarage" "https://io.netgarage.org/")
     (link "Exploit Education" "http://exploit.education/")
+    (link "Webhook" "https://webhook.site")
+    (link "CyberChef" "https://gchq.github.io/CyberChef/")
+    (link "Aperisolve" "https://www.aperisolve.com/")
+    (link "how2heap" "https://github.com/shellphish/how2heap")
+    (link "Heap Search" "https://kissprogramming.com/heap/heap-search")
+    (link "CrackStation" "https://crackstation.net/")
+    (link "FactorDB" "http://factordb.com/")
+    (link "Syscalls" "https://syscalls.w3challs.com/")
+    (link "DogBolt" "https://dogbolt.org/")
+    (link "HackTricks" "https://book.hacktricks.xyz/")
+    (dir "Practise" [
+      (link "S2G" "https://s2gctf.ncr.ntnu.no")
+      (link "Pico CTF" "https://play.picoctf.org/practice")
+      (link "Pwn college" "https://pwn.college/")
+      (link "HackTheBox" "https://www.hackthebox.eu")
+      (link "Crackmes" "https://crackmes.one")
+      (link "Nightmare" "https://guyinatuxedo.github.io/")
+    ])
   ])
 
   (dir "Misc & Tools" [
     (link "ASCIIFlow" "https://asciiflow.com/#/")
     (link "CopyChar" "https://copychar.cc/")
-    (link "CyberChef" "https://gchq.github.io/CyberChef/")
     (link "Device Info" "https://www.deviceinfo.me/")
     (link "Diagrams" "https://app.diagrams.net/")
     (link "FakeMail" "http://www.fakemailgenerator.com/")
-    (link "FilePizza" "https://file.pizza/")
     (link "IPLeak" "https://ipleak.net/")
     (link "LaTeX" "https://www.codecogs.com/latex/eqneditor.php")
     (link "ManualsLib" "https://www.manualslib.com/")

home/programs/gh-dash.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.gh-dash.enable = true;
+}

home/programs/gh.nix

@@ -4,7 +4,7 @@
     enable = true;
     settings = {
       gitProtocol = "ssh";
-      pager = "${pkgs.bat}/git/bat";
+      pager = "${pkgs.bat}/bin/bat";
       aliases = {
         co = "pr checkout";
         pv = "pr view";

home/programs/git/default.nix

@@ -53,6 +53,7 @@ in
         forcepush = "push --force-with-lease --force-if-includes";
         authors = "shortlog --summary --numbered --email";
         si = "switch-interactive";
+        subs = "submodule update --init --recursive";
         rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
         git = "!git";
       };
@@ -128,6 +129,8 @@ in
           submodule = "log";
         };
 
+        pager.show = lib.getExe pkgs.bat;
+
         status = {
           showUntrackedFiles = "all";
           relativePaths = true;
@@ -259,6 +262,14 @@ in
       runtimeInputs = with pkgs; [ cfg.package coreutils ];
       text = lib.fileContents ./scripts/git-tcommit.sh;
     })
+    (pkgs.writeShellApplication {
+      name = "git-tmcommit";
+      runtimeInputs = with pkgs; [ cfg.package coreutils ];
+      text = lib.pipe ./scripts/git-tcommit.sh [
+        lib.fileContents
+        (builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
+      ];
+    })
     (pkgs.writeShellApplication {
       name = "git-switch-interactive";
       runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];

home/programs/git/scripts/git-tcommit.sh

@@ -1,5 +1,10 @@
 set -euo pipefail
 
+if [[ $# -lt 1 ]]; then
+  echo "Usage: git tcommit [-]<hours>"
+  exit 1
+fi
+
 HOUR_SHIFT="$1"
 shift
 

home/programs/jq.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.jq.enable = true;
+}

home/programs/newsboat/sources.nix

@@ -3,40 +3,45 @@ let
   mkSource = tags: url: { inherit tags url; };
 in {
   programs.newsboat.urls = [
-    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
-    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
-    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
-    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
-    (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
-    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
     (mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/")
-    (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
+    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org/blog/announcements-rss.xml")
-    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org//blog/announcements-rss.xml")
-    (mkSource [ "tech" "linux" ] "https://www.digitalneanderthal.com/index.xml")
     (mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss")
-    (mkSource [ "tech" ] "https://code.visualstudio.com/feed.xml")
+    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
+    (mkSource [ "tech" ] "https://blog.hackeriet.no/feed.xml")
+    (mkSource [ "tech" ] "https://fribyte.no/rss.xml")
+    (mkSource [ "tech" ] "https://existentialtype.wordpress.com/feed/")
+    (mkSource [ "tech" "linux" "ntnu" ] "https://wiki.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=90&limit=50&action=feedrecentchanges&format=xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
+    (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
+    (mkSource [ "tech" ] "https://branchfree.org/feed/")
+    (mkSource [ "tech" ] "https://search.marginalia.nu/news.xml")
+    (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
+    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/atom-feed.xml")
     (mkSource [ "tech" "linux" "nixos" ] "https://blog.ysndr.de/atom.xml")
     (mkSource [ "tech" "linux" "nixos" ] "https://kaushikc.org/atom.xml")
     (mkSource [ "tech" "linux" "nixos" ] "https://ianthehenry.com/feed.xml")
-    (mkSource [ "tech" "linux" "ntnu" ] "https://www.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=7&limit=50&action=feedrecentchanges&feedformat=atom")
-    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
     (mkSource [ "tech" "linux" "japanese" ] "https://www.ncaq.net/feed.atom")
-    (mkSource [ "tech" "linux" "haskell" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
+    (mkSource [ "tech" "linux" "nixos" "emacs" "japanese" ] "https://apribase.net/program/feed")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://williamyaoh.com/feed.atom")
+    (mkSource [ "tech" "linux" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
-    (mkSource [ "tech" "haskell" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
+    (mkSource [ "tech" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
+    (mkSource [ "tech" "functional-programming" ] "https://williamyaoh.com/feed.atom")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
+    (mkSource [ "tech" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
-    (mkSource [ "tech" "haskell" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
+    (mkSource [ "tech" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
-    (mkSource [ "tech" "haskell" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
+    (mkSource [ "tech" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
-    (mkSource [ "tech" "flutter" ] "https://resocoder.com/feed/")
+    (mkSource [ "tech" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
-    (mkSource [ "tech" "compilers" ] "https://existentialtype.wordpress.com/feed/")
+    (mkSource [ "tech" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
-    (mkSource [ "tech" "compilers" "haskell" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
+    (mkSource [ "tech" ] "https://go.dev/blog/feed.atom")
+    (mkSource [ "tech" "linux" ] "https://jfx.ac/blog/index.xml")
+    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
+    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
     (mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
-    (mkSource [ "tech" "compilers" ] "https://go.dev/blog/feed.atom")
+    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
-    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/feed.xml")
+    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
-    (mkSource [ "tech" "linux" "nixos" "compilers" ] "https://flyx.org/feed.xml")
+    (mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
-    (mkSource [ "tech" "linux" ] "https://blog.jfx.ac/feed.xml")
+    (mkSource [ "tech" ] "https://resocoder.com/feed/")
-    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
+
+    # Broken?
+    (mkSource [ "tech" "linux" "nixos" ] "https://flyx.org/feed.xml")
   ];
 }

home/programs/ssh/pvv.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, extendedLib, ... }:
+{ pkgs, lib, ... }:
 let
   adminUser = "root";
   normalUser = "oysteikt";
@@ -10,26 +10,35 @@ let
       proxyJump = lib.mkDefault null;
       addressFamily = "inet";
     }
-    "dagali"
-    "drolsum"
-    "demiurgen"
-    "eirin"
     [ "bekkalokk" "pvv-web" "pvv-wiki" "pvv-webmail" ]
-    "ildkule"
-    "shark"
-    "buskerud"
     [ "bicep" "pvv-databases" ]
     "bob"
-    "knutsen"
+    [ "brzeczyszczykiewicz" "brez" "bokhylle" ]
+    "buskerud"
+    "dagali"
+    "demiurgen"
+    "drolsum"
+    "eirin"
+    "georg"
+    "ildkule"
     "isvegg"
-    "tom"
+    "knutsen"
     [ "microbel" "pvv-users" "pvv-mail" ]
+    "orchid"
+    "shark"
+    "tallulah"
+    "tom"
+    "venture"
   ];
 
   rootMachines = [
-    [ "sleipner" "pvv-salt" ]
+    [ "ameno" "pvv-dns" ]
     [ "balduzius" "pvv-krb" ]
     [ "innovation" "pvv-minecraft" ]
+    "ludvigsen"
+    [ "principal" "pvv-backup" ]
+    [ "skrott" "dibbler" ]
+    [ "sleipner" "pvv-salt" ]
   ];
 
   # Either( String [String] AttrSet{String} ) -> AttrSet{String}
@@ -79,10 +88,10 @@ let
     machines: pipe machines pipeline;
 in
   {
-    programs.ssh.matchBlocks = (extendedLib.attrsets.concatAttrs [
+    programs.ssh.matchBlocks = lib.mergeAttrsList [
       (convertMachinesWith convertNormalMachine normalMachines)
       (convertMachinesWith convertAdminMachine rootMachines)
-    ]) // {
+      {
         "pvv-git git.pvv.ntnu.no" = {
           hostname = "git.pvv.ntnu.no";
           user = "gitea";
@@ -90,5 +99,6 @@ in
           port = 2222;
           proxyJump = "pvv";
         };
-    };
+      }
+    ];
   }

home/programs/thunderbird.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, machineVars, ... }:
+let
+  cfg = config.programs.thunderbird;
+in
+{
+  programs.thunderbird = {
+    enable = !machineVars.headless;
+    profiles.h7x4 = {
+      isDefault = true;
+      withExternalGnupg = true;
+    };
+  };
+
+
+  home.packages = lib.mkIf cfg.enable (with pkgs; [
+    birdtray
+  ]);
+}

home/programs/vscode/default.nix

@@ -296,7 +296,7 @@ in
       # jock.svg
       # ms-azuretools.vscode-docker
       # ms-toolsai.jupyter
-      ms-vscode-remote.remote-ssh
+      # ms-vscode-remote.remote-ssh
       # ms-vsliveshare.vsliveshare
       bbenoist.nix
       christian-kohler.path-intellisense
@@ -318,8 +318,12 @@ in
       rust-lang.rust-analyzer
       mkhl.direnv
       waderyan.gitblame
-      # vs-liveshare
       vscodevim.vim
+      hbenl.vscode-test-explorer
+      # vitaliymaz.vscode-svg-previewer
+      ms-vscode.test-adapter-converter
+      visualstudioexptteam.vscodeintellicode
+      tamasfe.even-better-toml
     ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
       {
         name = "monokai-st3";
@@ -327,47 +331,17 @@ in
         version = "0.2.0";
         sha256 = "1rvz5hlrfshy9laybxzvrdklx328s13j0lb8ljbda9zkadi3wcad";
       }
-      {
-        name = "vscode-svgviewer";
-        publisher = "cssho";
-        version = "2.0.0";
-        sha256 = "06swlqiv3gc7plcbmzz795y6zwpxsdhg79k1n3jj6qngfwnv2p6z";
-      }
       {
         name = "comment-anchors";
         publisher = "ExodiusStudios";
-        version = "1.10.3";
+        version = "1.10.4";
-        sha256 = "sha256-IyiiS4jpcghwKI0j8s69uGNZlKnZ0o78ZCT0oZeJER0=";
+        sha256 = "sha256-FvfjPpQsgCsnY1BylhLCM/qDQChf9/iTr3cKkCGfMVI=";
-      }
-      {
-        name = "vscode-test-explorer";
-        publisher = "hbenl";
-        version = "2.21.1";
-        sha256 = "022lnkq278ic0h9ggpqcwb3x3ivpcqjimhgirixznq0zvwyrwz3w";
       }
       {
         name = "vscode-gutter-preview";
         publisher = "kisstkondoros";
-        version = "0.29.0";
+        version = "0.31.2";
-        sha256 = "00vibv9xmhwaqiqzp0y2c246pqiqfjsw4bqx4vcdd67pz1wnqhg1";
+        sha256 = "sha256-2/RvDSsVL06UmNG9HchXaJMJ4FYtnpuJ2Bn53JVv1t8=";
-      }
-      {
-        name = "test-adapter-converter";
-        publisher = "ms-vscode";
-        version = "0.1.9";
-        sha256 = "sha256-M53jhAVawk2yCeSrLkWrUit3xbDc0zgCK2snbK+BaSs=";
-      }
-      # {
-      #   name = "indent-rainbow";
-      #   publisher = "oderwat";
-      #   version = "8.2.2";
-      #   sha256 = "1xxljwh66f21fzmhw8icrmxxmfww1s67kf5ja65a8qb1x1rhjjgf";
-      # }
-      {
-        name = "vscodeintellicode";
-        publisher = "VisualStudioExptTeam";
-        version = "1.2.30";
-        sha256 = "sha256-f2Gn+W0QHN8jD5aCG+P93Y+JDr/vs2ldGL7uQwBK4lE=";
       }
       {
         name = "keyboard-quickfix";

home/programs/xmonad/xmonad.hs

@@ -86,14 +86,16 @@ myScratchpads = [ NS "ncmpcpp"     spawnNC findNC layoutA
   where
     spawnNC = myTerminal ++ " --title ncmpcppScratchpad -e ncmpcpp"
     spawnTM = myTerminal ++ " --class floatingTerminal -e tmux new-session -A -s f"
+    spawnTW = myTerminal ++ " --class taskWarriorTerminal -e taskwarrior-tui"
     -- spawnMX = "element"
     spawnFB = "thunar --class=floatingThunar"
     spawnEX = "emacs --name=floatingEmacs"
-    spawnSC = "sxiv -N floatingSchedule ~/uni/schedule.png"
+    spawnSC = "nsxiv -N floatingSchedule ~/uni/schedule.png"
     spawnHP = "echo \"" ++ help ++ "\" | xmessage -file -"
 
     findNC = title =? "ncmpcppScratchpad"
     findTM = className =? "floatingTerminal"
+    findTW = className =? "taskWarriorTerminal"
     findSC = className =? "floatingSchedule"
     -- findMX = className =? "element"
     findFB = className =? "floatingThunar"
@@ -168,7 +170,7 @@ myKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
     , ((modm .|. shiftMask , xK_space ),    spawn $ myTerminal ++ " -e tmux")
 
     -- , ((modm               , xK_v ),        spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass")
-    , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
+    -- , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
     ]
 
 termIsOpen :: X Bool

home/programs/zed/default.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, unstable-pkgs, lib, ... }:
 {
-  home.packages = with pkgs; [ zed-editor ];
+  home.packages = with unstable-pkgs; [ zed-editor ];
 
   xdg.configFile."zed/settings.json".source = let
     format = pkgs.formats.json { };

home/services/polybar.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, machineVars, ... }: let
+{ pkgs, lib, config, machineVars, ... }: let
   colors = config.colors.defaultColorSet;
 in {
   services.polybar = {
@@ -11,13 +11,23 @@ in {
     package = pkgs.polybar.override {
       githubSupport = true;
       mpdSupport = true;
+      pulseSupport = true;
     };
 
     settings = {
+      "module/tray" = {
+        type = "internal/tray";
+
+        # padding = 4;
+        tray-spacing = "8px";
+        tray-maxsize = "25px";
+        # tray-background = colors.background;
+      };
+
       "bar/top" = {
         bottom = false;
         # monitor =
-        tray.position = "right";
+        # tray.position = "right";
 
         background = colors.background;
         foreground = colors.foreground;
@@ -42,18 +52,19 @@ in {
           center = "date";
           right = builtins.concatStringsSep " " [
             "filesystem"
-            (if machineVars.wlanInterface != null then "wlan " else "")
+            (lib.optionalString (machineVars.wlanInterface != null) "wlan")
-            (if machineVars.battery != null then "batt " else "")
+            (lib.optionalString (machineVars.battery != null) "batt")
-            "vol"
+            "pulseaudio"
             "mpd"
+            "tray"
           ];
         };
 
-        tray = {
+        # tray = {
-          padding = 4;
+        #   padding = 4;
-          maxsize = 25;
+        #   maxsize = 25;
-          background = colors.background;
+        #   background = colors.background;
-        };
+        # };
       };
 
       "module/xmonad" = {
@@ -155,15 +166,15 @@ in {
         };
       };
 
-      "module/vol" = {
+      "module/pulseaudio" = {
-        type = "internal/alsa";
+        type = "internal/pulseaudio";
         # format-volume = "<bar-volume>}"
         # format-volume = "%{A1:bash -c '~/.scripts/get-volume' &:}<bar-volume>%{A}"
         # format-volume = <label-volume> <bar-volume>
 
         # format-volume-padding = 1
         # format-muted-padding = 1
-        format-volume = "%{T3}%{T-} <label-volume> <bar-volume>";
+        format-volume = "  <label-volume> <bar-volume>";
         # label-volume = 
         label-volume-foreground = colors.magenta;
         # format-muted-foreground = "${colors.foreground-alt}";
@@ -273,9 +284,11 @@ in {
         # Default: false
         fixed-values = true;
 
-        # Spacing (number of spaces, pixels, points) between entries
+        # Margin (number of spaces, pixels, or points) to add before/after each module
-        # Default: 2
+        # Individual side values can be defined using:
-        spacing = 4;
+        #   module-margin-{left,right}
+        module-margin = "16px";
+        # spacing = "16px";
 
         # Default: 90
         # New in version 3.6.0

hosts/common/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, unstable-pkgs, lib, extendedLib, config, inputs, secrets, ... }:
+{ config, pkgs, lib, extendedLib, ... }:
 let
   inherit (config) machineVars;
 in {
@@ -12,7 +12,9 @@ in {
     ./programs/ssh.nix
     ./programs/usbtop.nix
 
+    ./services/cups.nix
     ./services/dbus.nix
+    ./services/logrotate.nix
     ./services/openssh.nix
     ./services/pcscd.nix
     ./services/pipewire.nix
@@ -129,6 +131,8 @@ in {
       touchpad.disableWhileTyping = true;
     };
 
+    irqbalance.enable = true;
+
     displayManager.defaultSession = "none+xmonad";
   };
 

hosts/common/services/cups.nix

@@ -0,0 +1,71 @@
+{ config, lib, ... }:
+{
+  systemd.services = lib.mkIf config.services.printing.enable {
+    cups.serviceConfig = {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true; 
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+    cups-browsed.serviceConfig = {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+  };
+}

hosts/common/services/logrotate.nix

@@ -0,0 +1,42 @@
+{ ... }:
+{
+  # source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service
+  systemd.services.logrotate = {
+    documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ];
+    unitConfig.RequiresMountsFor = "/var/log";
+    serviceConfig = {
+      Nice = 19;
+      IOSchedulingClass = "best-effort";
+      IOSchedulingPriority = 7;
+
+      ReadWritePaths = [ "/var/log" ];
+
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DeviceAllow = [ "" ];
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      NoNewPrivileges = true; # disable for third party rotate scripts
+      PrivateDevices = true;
+      PrivateNetwork = true; # disable for mail delivery
+      PrivateTmp = true;
+      ProtectClock = true;
+      ProtectControlGroups = true;
+      ProtectHome = true; # disable for userdir logs
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ProtectSystem = "full";
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      RestrictSUIDSGID = true; # disable for creating setgid directories
+      SocketBindDeny = [ "any" ];
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+      ];
+    };
+  };
+}

hosts/dosei/configuration.nix

@@ -3,6 +3,8 @@
   imports = [
     ./hardware-configuration.nix
 
+    ./programs/nrfutil.nix
+
     ./services/avahi.nix
     ./services/docker.nix
     ./services/jenkins.nix

hosts/dosei/programs/nrfutil.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    nrfutil
+    nrfconnect
+    nrf-command-line-tools
+  ];
+
+  services.udev.packages = with pkgs; [
+    nrf-udev
+    segger-jlink
+  ];
+}

hosts/dosei/services/journald-remote.nix

@@ -0,0 +1,19 @@
+{ ... }:
+{
+  # TODO: Reproducible certificates
+  services.journald.remote = {
+    enable = true;
+    settings.Remote = {
+      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
+      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
+      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
+      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
+      TrustedCertificateFile = "-";
+    };
+  };
+
+  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
+  #   "key.pem:/etc/journald-remote-certs/key.pem"
+  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
+  # ];
+}

hosts/europa/configuration.nix

@@ -5,6 +5,7 @@
 
     ./services/avahi.nix
     ./services/docker.nix
+    ./services/journald-remote.nix
   ];
 
   boot.loader.systemd-boot.enable = true;

hosts/europa/services/journald-remote.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+  services.journald.upload = {
+    enable = true;
+    settings.Upload = {
+      URL = "https://10.250.14.105:19532";
+      # ServerKeyFile = toString ./key.pem;
+      # ServerCertificateFile = toString ./cert.pem;
+      ServerKeyFile = "-";
+      ServerCertificateFile = "-";
+      TrustedCertificateFile = "-";
+    };
+  };  
+}

hosts/kasei/configuration.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./services/avahi.nix
+    ./services/btrfs.nix
     ./services/docker.nix
     ./services/libvirtd.nix
     ./services/logiops.nix
@@ -10,12 +11,16 @@
     ./services/tailscale.nix
     ./services/keybase.nix
 
+    ./nspawn-containers/arch.nix
+  ];
+
   system.stateVersion = "22.05";
 
   boot.binfmt.emulatedSystems = [
     "x86_64-windows"
     "aarch64-linux"
     "armv7l-linux"
+    "i686-linux"
   ];
 
   nix.settings.system-features = [

hosts/kasei/nspawn-containers/arch.nix

@@ -0,0 +1,28 @@
+{ ... }:
+{
+  systemd.targets.machines.enable = true;
+
+  systemd.nspawn."arch" = {
+    enable = true;
+    execConfig.Boot = true;
+
+    filesConfig = {
+      BindReadOnly = [
+        "/nix/store"
+        # "/etc/resolv.conf:/etc/resolv.conf"
+      ];
+      Bind = [
+        "/home/h7x4/git"
+        "/home/h7x4/pico"
+        "/home/h7x4/Downloads"
+      ];
+    };
+    networkConfig.Private = false;
+  };
+
+  systemd.services."systemd-nspawn@arch" = {
+    enable = true;
+    requiredBy = [ "machines.target" ];
+    overrideStrategy = "asDropin";
+  };
+}

hosts/kasei/services/btrfs.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  services.btrfs.autoScrub.enable = true;
+}

lib/attrsets.nix

@@ -7,9 +7,6 @@ in rec {
   mapToAttrsWithConst = constant: items:
     listToAttrs (map (name: nameValuePair name constant) items);
 
-  # [AttrSet] -> AttrSet
-  concatAttrs = foldr (a: b: a // b) {};
-
   # (Int -> String -> a -> a) -> AttrSet -> AttrSet
   imap0Attrs = f: set:
     listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));

package-overrides/fcitx5-mozc.nix

@@ -1,3 +1,5 @@
+# Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
+
 { bazel
 , buildBazelPackage
 , fcitx5

package-overrides/mozc.nix

@@ -1,3 +1,5 @@
+# Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
+
 { bazel
 , buildBazelPackage
 , fetchFromGitHub