flake update

enable imaginary and cleanup
remove whiteboard collab
2025-12-13 10:30:58 +01:00 · 2025-12-07 11:53:30 +01:00 · 2025-12-07 11:43:17 +01:00 · 2025-12-07 11:24:36 +01:00 · 2025-12-06 16:48:39 +01:00 · 2025-11-30 18:02:54 +01:00
174 changed files with 6972 additions and 1447 deletions
--- a/disko/btrfs.nix
+++ b/disko/btrfs.nix
@@ -13,7 +13,7 @@
              content = {
                type = "filesystem";
                format = "vfat";
-                extraArgs = [ "-n NIXBOOT" ];
+                extraArgs = [ "-n" "NIXBOOT" ];
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
@@ -24,7 +24,7 @@
              size = "100%";
              content = {
                type = "btrfs";
-                extraArgs = [ "-f -L NIXROOT" ];
+                extraArgs = [ "-f" "-L" "NIXROOT" ];
                subvolumes = {
                  "@" = {
                    mountpoint = "/";
--- a/disko/btrfs_luks.nix
+++ b/disko/btrfs_luks.nix
@@ -47,6 +47,10 @@
                      mountpoint = "/nix";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
+                    "@opt" = {
+                      mountpoint = "/opt";
+                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
+                    };
                    "@snapshots" = {
                      mountpoint = "/mnt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
--- a/disko/mount.sh
+++ b/disko/mount.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+disk="/dev/vda"
+mountpoint="/mnt"
+
+mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
+mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
+mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
+mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
+mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
+mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap
--- a/disko/nas_luks.nix
+++ b/disko/nas_luks.nix
@@ -0,0 +1,47 @@
+{
+  disko.devices = {
+    disk = {
+      sda = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "NAS-RAID";
+                askPassword = true;
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                settings = {
+                  allowDiscards = true;
+                };
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f -L NAS-RAID" ];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/mnt/Pluto";
+                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
+                    };
+                    "@/Backups";
+                    "@/Media";
+                    "@/Games";
+                    "@/IT";
+                    "@/Rest";
+                    "@snapshots" = {
+                      mountpoint = "/mnt";
+                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1703433843,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "lastModified": 1762618334,
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
        "type": "github"
      },
      "original": {
@@ -23,6 +23,21 @@
        "type": "github"
      }
    },
+    "crane": {
+      "locked": {
+        "lastModified": 1765145449,
+        "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@@ -31,11 +46,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
@@ -45,16 +60,32 @@
        "type": "github"
      }
    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -63,6 +94,28 @@
        "type": "github"
      }
    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "pre-commit",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -71,11 +124,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703113217,
-        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
@@ -91,11 +144,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1705104164,
-        "narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=",
+        "lastModified": 1765606130,
+        "narHash": "sha256-KOP4QnkiRwiD5KEOr6ceF67rfTP1OqPmCCft6xDC3k4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0912d26b30332ae6a90e1b321ff88e80492127dd",
+        "rev": "d787ec69c3216ea33be1c0424fe65cb23aa8fb31",
        "type": "github"
      },
      "original": {
@@ -111,20 +164,35 @@
        ]
      },
      "locked": {
-        "lastModified": 1704980875,
-        "narHash": "sha256-IPZmMjk5f4TBbEpzUFBc3OC1W6OwDNEXk2w/0uVXX1o=",
+        "lastModified": 1765605144,
+        "narHash": "sha256-RM2xs+1HdHxesjOelxoA3eSvXShC8pmBvtyTke4Ango=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5f0ab0eedc6ede69beb8f45561ffefa54edc6e65",
+        "rev": "90b62096f099b73043a747348c11dbfcfbdea949",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.11",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
    "jovian-nixos": {
      "inputs": {
        "nix-github-actions": "nix-github-actions",
@@ -133,11 +201,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1704665257,
-        "narHash": "sha256-Cycz00I26e8QZ9sZtCz0uIz6Cad5ld3zM7N2I+5beqI=",
+        "lastModified": 1765526639,
+        "narHash": "sha256-4U8crbUT3PDQdqhaMLnVaxnciBlcnDAw8XAJaXiS0pA=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "8951673c6c216ddd6bac3db3e88e3f2281b3511a",
+        "rev": "457a55ed77a105088a47cb55b9eccf7768559451",
        "type": "github"
      },
      "original": {
@@ -146,6 +214,30 @@
        "type": "github"
      }
    },
+    "lanzaboote": {
+      "inputs": {
+        "crane": "crane",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pre-commit": "pre-commit",
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1765382359,
+        "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
+        "owner": "nix-community",
+        "repo": "lanzaboote",
+        "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "lanzaboote",
+        "type": "github"
+      }
+    },
    "microvm": {
      "inputs": {
        "flake-utils": "flake-utils",
@@ -155,11 +247,11 @@
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1705057870,
-        "narHash": "sha256-o5Mc/awjkFOVDUm/dx8Es0NcWG5v/kw4Zt3B/ZO+KpE=",
+        "lastModified": 1765456745,
+        "narHash": "sha256-vJ6Ikk9tV7HuDsn/I90y14w+sNtLmAYfdm5S+yBzrCA=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "8a8b8c68d15029752b0669a57281e7d2aaf23dd5",
+        "rev": "f5c1bbfd4cf686ec1822ccaeb634a8b93ee5120f",
        "type": "github"
      },
      "original": {
@@ -176,11 +268,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690328911,
-        "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
+        "lastModified": 1729697500,
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
        "owner": "zhaofengli",
        "repo": "nix-github-actions",
-        "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
        "type": "github"
      },
      "original": {
@@ -192,11 +284,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1704786394,
-        "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=",
+        "lastModified": 1764440730,
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
        "type": "github"
      },
      "original": {
@@ -208,27 +300,27 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1704874635,
-        "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
+        "lastModified": 1765311797,
+        "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
+        "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1704722960,
-        "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
+        "lastModified": 1765472234,
+        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
+        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
        "type": "github"
      },
      "original": {
@@ -238,18 +330,26 @@
        "type": "github"
      }
    },
-    "nur": {
+    "pre-commit": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
      "locked": {
-        "lastModified": 1705142735,
-        "narHash": "sha256-RA4nC6WFaMj62bdJHLW9idSD18g78dNS94Jy0R2DpU4=",
-        "owner": "nix-community",
-        "repo": "NUR",
-        "rev": "eb257a2f64d88dd14eaaf112822160496f6a916f",
+        "lastModified": 1765016596,
+        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
-        "repo": "NUR",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
@@ -258,22 +358,44 @@
        "agenix": "agenix",
        "home-manager": "home-manager_2",
        "home-manager-unstable": "home-manager-unstable",
+        "impermanence": "impermanence",
        "jovian-nixos": "jovian-nixos",
+        "lanzaboote": "lanzaboote",
        "microvm": "microvm",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nur": "nur"
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1765075567,
+        "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
      }
    },
    "spectrum": {
      "flake": false,
      "locked": {
-        "lastModified": 1703273931,
-        "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
+        "lastModified": 1759482047,
+        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
        "ref": "refs/heads/main",
-        "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
-        "revCount": 597,
+        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+        "revCount": 996,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -9,10 +9,9 @@
 {
  description = "Kabbone's peronal NixOS Flake config";

-  inputs =                                                                  # All flake references used to build my NixOS setup. These are dependencies.
-    {
+  inputs = {
      nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
-      nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
      nixos-hardware.url = "github:NixOS/nixos-hardware/master";

      microvm = {
@@ -20,8 +19,10 @@
        inputs.nixpkgs.follows = "nixpkgs";
      };

+      impermanence.url = "github:nix-community/impermanence";
+
      home-manager = {                                                      # User Package Management
-        url = "github:nix-community/home-manager/release-23.11";
+        url = "github:nix-community/home-manager/release-25.11";
        inputs.nixpkgs.follows = "nixpkgs";
      };

@@ -30,36 +31,79 @@
        inputs.nixpkgs.follows = "nixpkgs-unstable";
      };

-      nur = {
-        url = "github:nix-community/NUR";                                   # NUR Packages
-      };
-
      agenix = {
        url = "github:ryantm/agenix";
        inputs.nixpkgs.follows = "nixpkgs";
      };

      jovian-nixos = {
-          url = "github:Jovian-Experiments/Jovian-NixOS";
-          inputs.nixpkgs.follows = "nixpkgs-unstable";
+        url = "github:Jovian-Experiments/Jovian-NixOS";
+        inputs.nixpkgs.follows = "nixpkgs-unstable";
      };
-    };

-  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, agenix, jovian-nixos, microvm, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
-    let                                                                     # Variables that can be used in the config files
-      user = "kabbone";
-      userdmz = "diablo";
-      userserver = "mephisto";
-      location = "$HOME/.setup";
-    in                                                                      # Use above variables in ...
-    {
-      nixosConfigurations = (                                               # NixOS configurations
-        import ./hosts {                                                    # Imports ./hosts/default.nix
-          inherit (nixpkgs) lib;
-          inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable nur user userdmz userserver location agenix jovian-nixos microvm;   # Also inherit home-manager so it does not need to be defined here.
-          nix.allowedUsers = [ "@wheel" ];
-          security.sudo.execWheelOnly = true;
-        }
-      );
+      lanzaboote = {
+        url = "github:nix-community/lanzaboote/master";
+        inputs.nixpkgs.follows = "nixpkgs";
+      };
+
+  };
+
+  outputs = { 
+    self,
+    nixpkgs,
+    nixpkgs-unstable,
+    nixos-hardware,
+    home-manager,
+    home-manager-unstable,
+    agenix,
+    jovian-nixos,
+    microvm,
+    impermanence,
+    lanzaboote,
+    ...
+  } @ inputs: rec {
+    inherit (self) outputs;
+    systems = [
+      "aarch64-linux"
+      "x86_64-linux"
+    ];
+
+    forAllSystems = nixpkgs.lib.genAttrs systems;
+  #in {
+    # Your custom packages
+    # Accessible through 'nix build', 'nix shell', etc
+    packages = forAllSystems (system: import ./packages nixpkgs.legacyPackages.${system});
+    # Formatter for your nix files, available through 'nix fmt'
+    # Other options beside 'alejandra' include 'nixpkgs-fmt'
+    formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
+
+    # Your custom packages and modifications, exported as overlays
+    overlays = import ./overlays {inherit inputs;};
+    # Reusable nixos modules you might want to export
+    # These are usually stuff you would upstream into nixpkgs
+    #nixosModules = import ./modules/kabbone;
+    # Reusable home-manager modules you might want to export
+    # These are usually stuff you would upstream into home-manager
+    #homeManagerModules = import ./modules/home-manager;
+
+
+    nixosConfigurations = (                                               # NixOS configurations
+      import ./hosts {                                                    # Imports ./hosts/default.nix
+        inherit (nixpkgs) lib;
+        inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote;   # Also inherit home-manager so it does not need to be defined here.
+        nix.allowedUsers = [ "@wheel" ];
+        security.sudo.execWheelOnly = true;
+      }
+    );
+
+    hydraJobs = {
+      "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
+      "hades" = nixosConfigurations.hades.config.system.build.toplevel;
+      "nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
+      "jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
+      "lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
+      "kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
+      "dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
    };
+  };
 }
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -10,7 +10,7 @@
 #               └─ default.nix
 #

-{ config, lib, pkgs, inputs, user, location, agenix, ... }:
+{ config, lib, pkgs, pkgs-stable, inputs, user, location, agenix, ... }:

 {
  imports =                                 # Import window or display manager.
@@ -47,6 +47,7 @@
  };

  security = {
+    pam.services.login.enableGnomeKeyring = true;
    rtkit.enable = true;
    pki.certificateFiles = [
      ./rootCA.pem
@@ -58,28 +59,22 @@
    #  };
  };

-  sound = {                                 # ALSA sound enable
-    #enable = true;
-    mediaKeys = {                           # Keyboard Media Keys (for minimal desktop) enable = true;
-      enable = true;
-    };
-  };
+  #sound = {                                 # ALSA sound enable
+  ##  #enable = true;
+  #  mediaKeys = {                           # Keyboard Media Keys (for minimal desktop) enable = true;
+  #    enable = true;
+  #  };
+  #};

  fonts.packages = with pkgs; [                # Fonts
    carlito                                 # NixOS
    vegur                                   # NixOS
    source-code-pro
-    jetbrains-mono
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
    intel-one-mono
-    office-code-pro
-    (nerdfonts.override {                   # Nerdfont Icons override
-      fonts = [
-        "FiraCode"
-      ];
-    })
+    cascadia-code
  ];

  environment = {
@@ -89,13 +84,14 @@
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
-    systemPackages = with pkgs; [           # Default packages install system-wide
+    systemPackages = (with pkgs; [           # Default packages install system-wide
      vim
      git
      killall
      pciutils
      usbutils
      wget
+      file
      powertop
      cpufrequtils
      lm_sensors
@@ -109,13 +105,24 @@
      age-plugin-yubikey
      pwgen
      cryptsetup
-      powerline
+      python311Packages.powerline
      powerline-fonts
      powerline-symbols
      tree
      direnv
      linuxPackages_latest.cpupower
-    ];
+      linuxPackages_latest.turbostat
+      btop
+      sbctl
+      ausweisapp
+      e2fsprogs
+    ])
+
+    ++
+
+    (with pkgs-stable; [
+      orca-slicer
+    ]);
  };

  services = {
@@ -130,28 +137,18 @@
    };
    openssh = {                             # SSH: secure shell (remote connection to shell of server)
      enable = true;                        # local: $ ssh <user>@<ip>
-                                            # public:
-                                            #   - port forward 22 TCP to server
-                                            #   - in case you want to use the domain name insted of the ip:
-                                            #       - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
-                                            #   - connect via ssh <user>@<ip or ssh.domain>
-                                            # generating a key:
-                                            #   - $ ssh-keygen   |  ssh-copy-id <ip/domain>  |  ssh-add
-                                            #   - if ssh-add does not work: $ eval `ssh-agent -s`
-#      allowSFTP = true;                     # SFTP: secure file transfer protocol (send file to server)
-                                            # connect: $ sftp <user>@<ip/domain>
-                                            # commands:
-                                            #   - lpwd & pwd = print (local) parent working directory
-                                            #   - put/get <filename> = send or receive file
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
 #      extraConfig = ''
 #        HostKeyAlgorithms +ssh-rsa
 #      '';                                   # Temporary extra config so ssh will work in guacamole
-      settings.PasswordAuthentication = false;
    };
    pcscd.enable = true;
    yubikey-agent.enable = true;
    udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
-    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
+    flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
                                            # List:
                                            # com.obsproject.Studio
@@ -161,6 +158,16 @@
    fwupd.enable = true;
  };

+  programs = {                              # No xbacklight, this is the alterantive
+    zsh.enable = true;
+    dconf.enable = true;
+    ssh = {
+        startAgent = true;
+        agentTimeout = "1h";
+    };
+  };
+  
+
  #xdg.portal = {                            # Required for flatpak
  #  enable = true;
  #  extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@@ -176,25 +183,28 @@
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
-    registry.nixpkgs.flake = inputs.nixpkgs;
    extraOptions = ''
      experimental-features = nix-command flakes
-      keep-outputs          = true
-      keep-derivations      = true
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
-  nixpkgs.config.packageOverrides = pkgs: {
-    nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
-      inherit pkgs;
-    };
-  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "olm-3.2.16"
+    "mbedtls-2.28.10"
+  ];

  system = {                                # NixOS settings
-#    autoUpgrade = {                         # Allow auto update
-#      enable = true;
-#      channel = "https://nixos.org/channels/nixos-unstable";
-#    };
+    autoUpgrade = {                         # Allow auto update
+      enable = false;
+      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
+      randomizedDelaySec = "5m";
+      allowReboot = true;
+      rebootWindow = {
+          lower = "02:00";
+          upper = "05:00";
+      };
+      #channel = "https://nixos.org/channels/nixos-unstable";
+    };
    stateVersion = "23.05";
  };
 }
--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@@ -13,8 +13,6 @@
 { config, lib, pkgs, inputs, user, location, agenix, ... }:

 {
-
-
  imports =                                 # Import window or display manager.
    [
     #../modules/editors/nvim              # ! Comment this out on first install !
@@ -49,24 +47,22 @@
    keyMap = "us";	                    # or us/azerty/etc
  };

-  security.rtkit.enable = true;
-  security.pki.certificateFiles = [
+  security = {
+    rtkit.enable = true;
+    pki.certificateFiles = [
      ./rootCA.pem
-  ];
+    ];
+  };

  fonts.packages = with pkgs; [                # Fonts
    carlito                                 # NixOS
    vegur                                   # NixOS
    source-code-pro
-    jetbrains-mono
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
-    (nerdfonts.override {                   # Nerdfont Icons override
-      fonts = [
-        "FiraCode"
-      ];
-    })
+    intel-one-mono
+    cascadia-code
  ];

  environment = {
@@ -74,6 +70,7 @@
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
+      BROWSER = "firefox";
    };
    systemPackages = with pkgs; [           # Default packages install system-wide
      vim
@@ -90,10 +87,15 @@
      agenix.packages.x86_64-linux.default
      ffmpeg
      smartmontools
-      powerline
+      cryptsetup
+      python311Packages.powerline
      powerline-fonts
      powerline-symbols
      tree
+      direnv
+      linuxPackages_latest.cpupower
+      btop
+      htop
    ];
  };

@@ -112,6 +114,10 @@
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
  };

+  programs = {
+    zsh.enable = true;
+  };
+
  nix = {                                   # Nix Package Manager settings
    settings ={
      auto-optimise-store = true;           # Optimise syslinks
@@ -122,7 +128,6 @@
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
-    registry.nixpkgs.flake = inputs.nixpkgs;
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs          = true
@@ -130,17 +135,21 @@
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
-  nixpkgs.config.packageOverrides = pkgs: {
-    nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
-      inherit pkgs;
-    };
-  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "olm-3.2.16"
+  ];

  system = {                                # NixOS settings
-#    autoUpgrade = {                         # Allow auto update
-#      enable = true;
-#      channel = "https://nixos.org/channels/nixos-unstable";
-#    };
-    stateVersion = "22.05";
+    autoUpgrade = {                         # Allow auto update
+      enable = true;
+      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
+      randomizedDelaySec = "5m";
+      allowReboot = true;
+      rebootWindow = {
+          lower = "02:00";
+          upper = "05:00";
+      };
+    };
+    stateVersion = "23.05";
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -11,9 +11,14 @@
 #            └─ ./home.nix 
 #

-{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, ... }:
+{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:

 let
+  user = "kabbone";
+  userdmz = "diablo";
+  userserver = "mephisto";
+  location = "$HOME/.setup";
+
  system = "x86_64-linux";                                  # System architecture

  pkgs = import nixpkgs {
@@ -21,20 +26,36 @@ let
    config.allowUnfree = true;                              # Allow proprietary software
  };

+  pkgs-unstable = import nixpkgs-unstable {
+    inherit system;
+    config.allowUnfree = true;                              # Allow proprietary software
+  };
+
+  pkgs-stable = import nixpkgs {
+    inherit system;
+    config.allowUnfree = true;                              # Allow proprietary software
+  };
+
+  pkgs-kabbone = import ../packages {
+    inherit system;
+    inherit pkgs;
+  };
+
  lib = nixpkgs.lib;
  users.defaultShell = "pkgs.zsh";

 in
 {
-  desktop = lib.nixosSystem {                                # Desktop profile
+  hades = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix microvm nixpkgs; };
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote pkgs-kabbone; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
      microvm.nixosModules.host
+      lanzaboote.nixosModules.lanzaboote
      ./desktop
      ./configuration_desktop.nix
+      ../modules/hardware/hydraCache.nix
      ../modules/hardware/remoteBuilder.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
@@ -42,9 +63,6 @@ in
      

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -55,28 +73,46 @@ in
    ];
  };

-  laptop = lib.nixosSystem {                                # Laptop profile
+  lifebook = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix lanzaboote; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
-      ./laptop
+      lanzaboote.nixosModules.lanzaboote
+      ./lifebook
      ./configuration_desktop.nix
-      #../modules/hardware/remoteClient.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
-      nixos-hardware.nixosModules.common-gpu-intel
      nixos-hardware.nixosModules.common-pc-ssd

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-        imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
+        imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
+        };
+      }
+    ];
+  };
+
+  nbf5 = lib.nixosSystem {                                # Laptop profile
+    inherit system;
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix; };
+    modules = [
+      agenix.nixosModules.default
+      ./nbf5
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
+      nixos-hardware.nixosModules.common-cpu-intel
+      nixos-hardware.nixosModules.common-pc-ssd
+
+      home-manager.nixosModules.home-manager {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = { inherit user; };
+        home-manager.users.${user} = {
+        imports = [(import ./home_server.nix)] ++ [(import ./nbf5/home.nix)];
        };
      }
    ];
@@ -84,22 +120,16 @@ in

  steamdeck = nixpkgs-unstable.lib.nixosSystem {            # steamdeck profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix jovian-nixos; };
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
      jovian-nixos.nixosModules.default
+      lanzaboote.nixosModules.lanzaboote
      ./steamdeck
      ./configuration_desktop.nix
-      #../modules/hardware/remoteClient.nix
-      nixos-hardware.nixosModules.common-cpu-amd
-      nixos-hardware.nixosModules.common-gpu-amd
-      nixos-hardware.nixosModules.common-pc-ssd
+      ../modules/hardware/hydraCache.nix

      home-manager-unstable.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -112,19 +142,17 @@ in

  server = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
+      microvm.nixosModules.host
      ./server
      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-pc-ssd

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -135,23 +163,41 @@ in
    ];
  };

-  nasbackup = lib.nixosSystem {                                # Desktop profile
+  kabtop = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    #user = "dmz-user";
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs pkgs-unstable impermanence; };
+    modules = [
+      agenix.nixosModules.default
+      microvm.nixosModules.host
+      ./kabtop
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
+      nixos-hardware.nixosModules.common-cpu-amd
+      nixos-hardware.nixosModules.common-pc-ssd
+
+      home-manager.nixosModules.home-manager {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = { inherit user; };
+        home-manager.users.${user} = {
+        imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
+        };
+      }
+    ];
+  };
+
+  nasbak = lib.nixosSystem {                                # Desktop profile
+    inherit system;
+    specialArgs = { inherit inputs user location nixos-hardware agenix; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
      ./nasbackup
-      ./configuration_desktop.nix
-      #../modules/hardware/remoteClient.nix
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -164,20 +210,16 @@ in

  jupiter = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix pkgs-kabbone; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
      ./jupiter
-      ./configuration_desktop.nix
-      #../modules/hardware/remoteClient.nix
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -188,21 +230,63 @@ in
    ];
  };

-  dmz = lib.nixosSystem {                                # Desktop profile
+  kabtopci = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware nur agenix nixpkgs; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
      microvm.nixosModules.host
-      ./dmz
+      ./kabtopci
      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
+      nixos-hardware.nixosModules.common-pc-ssd
+
+      home-manager.nixosModules.home-manager {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = { inherit user; };
+        home-manager.users.${user} = {
+        imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
+        };
+      }
+    ];
+  };
+
+  kubemaster-1 = lib.nixosSystem {                                # Desktop profile
+    inherit system;
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
+    modules = [
+      agenix.nixosModules.default
+      microvm.nixosModules.host
+      ./kubemaster-1
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
+      nixos-hardware.nixosModules.common-cpu-intel
+      nixos-hardware.nixosModules.common-pc-ssd
+
+      home-manager.nixosModules.home-manager {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = { inherit user; };
+        home-manager.users.${user} = {
+        imports = [(import ./home_server.nix)] ++ [(import ./kubemaster-1/home.nix)];
+        };
+      }
+    ];
+  };
+
+  dmz = lib.nixosSystem {                                # Desktop profile
+    inherit system;
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
+    modules = [
+      agenix.nixosModules.default
+      microvm.nixosModules.host
+      ./dmz
+      ./configuration_server.nix
+      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-pc-ssd

      home-manager.nixosModules.home-manager {
-          nixpkgs.overlays = [
-            nur.overlay
-          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -213,39 +297,21 @@ in
    ];
  };

-  q920 = lib.nixosSystem {                                # Laptop profile
-    inherit system;
-    specialArgs = { inherit inputs user location ; };
-    modules = [
-      ./q920
-      ./configuration.nix
-
-      home-manager.nixosModules.home-manager {
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.extraSpecialArgs = { inherit user; };
-        home-manager.users.${user} = {
-          imports = [(import ./home.nix)] ++ [(import ./q920/home.nix)];
-        };
-      }
-    ];
-  };
-
-  vm = lib.nixosSystem {                                    # VM profile
-    inherit system;
-    specialArgs = { inherit inputs user location; };
-    modules = [
-      ./vm
-      ./configuration.nix
-
-      home-manager.nixosModules.home-manager {
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.extraSpecialArgs = { inherit user; }; 
-        home-manager.users.${user} = {
-          imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
-        };
-      }
-    ];
-  };
+#  vm = lib.nixosSystem {                                    # VM profile
+#    inherit system;
+#    specialArgs = { inherit inputs user location; };
+#    modules = [
+#      ./vm
+#      ./configuration.nix
+#
+#      home-manager.nixosModules.home-manager {
+#        home-manager.useGlobalPkgs = true;
+#        home-manager.useUserPackages = true;
+#        home-manager.extraSpecialArgs = { inherit user; }; 
+#        home-manager.users.${user} = {
+#          imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
+#        };
+#      }
+#    ];
+#  };
 }
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -17,27 +17,33 @@
 #           └─ default.nix
 #

-{ config, nixpkgs, pkgs, user, ... }:
+{ config, nixpkgs, pkgs, user, lib, pkgs-kabbone, ... }:

 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
-    (import ../../modules/desktop/virtualisation) ++   # Docker
-    (import ../../modules/hardware);                                # Hardware devices
+    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
+    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
+    #[(import ../../modules/kabbone/corosync-qdevice.nix)] ++   # corosync qdevice quorum
+    (import ../../modules/hardware);                             # Hardware devices

  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;

    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
  };

 #  hardware.sane = {                           # Used for scanning with Xsane
@@ -48,51 +54,52 @@
 #    nitrokey.enable = true;
 #  };

-#  environment = {
-#    systemPackages = with pkgs; [
-##      simple-scan
-##       intel-media-driver
-##       alacritty
-#    ];
-#  };
-
-  programs = {                              # No xbacklight, this is the alterantive
-    zsh.enable = true;
-    dconf.enable = true;
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-      pinentryFlavor = "curses";
-    };
+  environment = {
+    systemPackages = [
+      pkgs.linux-firmware
+      #pkgs-kabbone.corosync-qdevice
+    ];
  };

  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
-    printing = {                            # Printing and drivers for TS5300
+    avahi = {                               # Needed to find wireless printer
      enable = true;
-      drivers = [ pkgs.gutenprint ];
+      nssmdns4 = true;
+      publish = {                           # Needed for detecting the scanner
+        enable = true;
+        addresses = true;
+        userServices = true;
+      };
    };
-    #avahi = {                               # Needed to find wireless printer
-    #  enable = true;
-    #  nssmdns = true;
-    #  publish = {                           # Needed for detecting the scanner
-    #    enable = true;
-    #    addresses = true;
-    #    userServices = true;
-    #  };
-    #};
    hardware.openrgb = {
        enable = true;
        motherboard = "amd";
    };
-
+    syncthing = {
+        enable = true;
+        group = "users";
+        user = "kabbone";
+        dataDir = "/home/${config.services.syncthing.user}/Sync";
+        configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
+        overrideDevices = true;     # overrides any devices added or deleted through the WebUI
+        overrideFolders = true;     # overrides any folders added or deleted through the WebUI
+        openDefaultPorts = true;
+        settings = {
+          devices = {
+            "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
+            "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
+          };
+          folders = {
+            "Sync" = {         # Name of folder in Syncthing, also the folder ID
+              path = "/home/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
+              devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ];      # Which devices to share the folder with
+              ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
+            };
+          };
+        };
+    };
  };

-  #temporary bluetooth fix
-#  systemd.tmpfiles.rules = [
-#    "d /var/lib/bluetooth 700 root root - -"
-#  ];
-#  systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
 }
--- a/hosts/desktop/hardware-configuration.nix
+++ b/hosts/desktop/hardware-configuration.nix
@@ -19,7 +19,7 @@

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-amd" "nct6775" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
@@ -34,6 +34,7 @@
  };

  services.btrbk = {
+      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -56,6 +57,40 @@
                  };
              };
          };
+          bak = {
+              onCalendar = "daily";
+              settings = {
+	          stream_buffer = "256m";
+                  stream_compress = "lz4";
+                  incremental = "yes";
+                  snapshot_create = "no";
+                  snapshot_dir = "@snapshots";
+                  timestamp_format = "long";
+
+                  snapshot_preserve_min = "all";
+                  target_preserve_min = "no";
+                  target_preserve = "2m 4w 3d";
+
+                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
+                  ssh_user = "btrbk";
+                
+                  volume =  {
+                      "/mnt/snapshots/root" = {
+                          subvolume = {
+                              "@home" = {};
+                          };
+		          target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
+                      };
+                  };
+	      };
+	  };
+      };
+  };
+
+  systemd.timers = {
+      btrbk-bak = {
+          after = [ "network-online.target" ];
+          requires = [ "network-online.target" ];
      };
  };

@@ -119,24 +154,29 @@
    useDHCP = false;                        # Deprecated
    hostName = "hades";
    networkmanager = {
-      enable = false;
+      enable = true;
+    };
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [ 24727 ];
+      allowedTCPPorts = [ 24727 ];
    };
  };

-  systemd.network = {
-      enable = true;
-      networks = {
-          "10-lan" = {
-              matchConfig.Name = "enp34s0";
-              ntp = [ "192.168.2.1" ];
-              domains = [ "home.opel-online.de" ];
-              networkConfig = {
-                DHCP = "yes";
-                IPv6AcceptRA = true;
-              };
-          };
-      };
-  };
+#  systemd.network = {
+#      enable = true;
+#      networks = {
+#          "10-lan" = {
+#              matchConfig.Name = "eno1";
+#              ntp = [ "192.168.2.1" ];
+#              domains = [ "home.opel-online.de" ];
+#              networkConfig = {
+#                DHCP = "yes";
+#                IPv6AcceptRA = true;
+#              };
+#          };
+#      };
+#  };

  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -16,8 +16,8 @@
 {
  imports =
    [
-      #../../modules/desktop/hyprland/home.nix # Window Manager
-      ../../modules/desktop/sway/home.nix # Window Manager
+      #../../modules/wm/hyprland/home.nix # Window Manager
+      ../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];

@@ -30,8 +30,7 @@
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
-      element-desktop
-      nheko
+      #nheko
      pulsemixer
      #yubioath-flutter
      nitrokey-app
@@ -46,10 +45,6 @@
    ];
  };

-  programs = {
-    alacritty.settings.font.size = 11;
-  };
-
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
--- a/hosts/dmz/default.nix
+++ b/hosts/dmz/default.nix
@@ -17,14 +17,14 @@
 #           └─ default.nix
 #

-{ config, pkgs, user, agenix, ... }:
+{ config, pkgs, user, agenix, impermanence, ... }:

 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
-    (import ../../modules/services/dmz) ++                       # Server Services
-    (import ../../modules/hardware);                                # Hardware devices
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
+    (import ../../modules/services/dmz);                       # Server Services

  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -47,7 +47,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@@ -81,13 +81,16 @@
      enable = true;
      networks = {
          "10-lan" = {
-              matchConfig.Name = "enp6s18";
+              matchConfig.Name = "ens18";
              ntp = [ "192.168.101.1" ];
-              domains = [ "home.opel-online.de" ];
+              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
+              dns = [
+                "192.168.101.1"
+              ];
          };
      };
  };
@@ -97,7 +100,7 @@
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
-      allowedTCPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
    };
  };

--- a/hosts/fuji/default.nix
+++ b/hosts/fuji/default.nix
@@ -0,0 +1,78 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ config, nixpkgs, pkgs, user, lib, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
+    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
+    (import ../../modules/hardware);                             # Hardware devices
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+      systemd-boot.enable = lib.mkForce false;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+      timeout = 1;                          # Grub auto select time
+    };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
+  };
+
+#  hardware.sane = {                           # Used for scanning with Xsane
+#    enable = false;
+#    extraBackends = [ pkgs.sane-airscan ];
+#  };
+#  hardware = {
+#    nitrokey.enable = true;
+#  };
+
+#  environment = {
+#    systemPackages = with pkgs; [
+##      simple-scan
+##       intel-media-driver
+##       alacritty
+#    ];
+#  };
+
+  services = {
+    #auto-cpufreq.enable = true;
+    blueman.enable = true;
+    avahi = {                               # Needed to find wireless printer
+      enable = true;
+      nssmdns4 = true;
+      publish = {                           # Needed for detecting the scanner
+        enable = true;
+        addresses = true;
+        userServices = true;
+      };
+    };
+  };
+
+}
--- a/hosts/fuji/hardware-configuration.nix
+++ b/hosts/fuji/hardware-configuration.nix
@@ -0,0 +1,138 @@
+#
+# Hardware settings for Teclast F5 10" Laptop
+# NixOS @ sda2
+#
+# flake.nix
+#  └─ ./hosts
+#      └─ ./laptop
+#          └─ hardware-configuration.nix *
+#
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
+      [( import ../../modules/hardware/backup.nix )];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  boot.tmp.useTmpfs = false;
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "monthly";
+    fileSystems = [
+      "/"
+    ];
+  };
+
+  services.btrbk = {
+      instances = {
+          hf = {
+              onCalendar = "hourly";
+              settings = {
+                  incremental = "yes";
+                  snapshot_create = "ondemand";
+                  snapshot_dir = "@snapshots";
+                  timestamp_format = "long";
+
+                  snapshot_preserve = "2m 2w 5d 5h";
+                  snapshot_preserve_min = "latest";
+                
+                  volume =  {
+                      "/mnt/snapshots/root" = {
+                          snapshot_create = "always";
+                          subvolume = {
+                              "@home" = {};
+                          };
+                      };
+                  };
+              };
+          };
+      };
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
+    };
+
+  fileSystems."/srv" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
+    };
+
+  fileSystems."/mnt/snapshots/root" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
+      fsType = "vfat";
+    };
+
+
+  swapDevices = [ { device = "/swap/swapfile"; } ];
+  
+  networking = {
+    useDHCP = false;                        # Deprecated
+    hostName = "fuji";
+    networkmanager = {
+      enable = false;
+    };
+    firewall = {
+      enable = true;
+      #allowedUDPPorts = [ 24727 ];
+      #allowedTCPPorts = [ 24727 ];
+    };
+  };
+
+  systemd.network = {
+      enable = true;
+      networks = {
+          "10-lan" = {
+              matchConfig.Name = "eno1";
+              ntp = [ "192.168.2.1" ];
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+          };
+      };
+  };
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  #powerManagement.powertop.enable = true;
+  powerManagement = {
+    scsiLinkPolicy = "med_power_with_dipm";
+  };
+}
--- a/hosts/fuji/home.nix
+++ b/hosts/fuji/home.nix
@@ -0,0 +1,45 @@
+#
+#  Home-manager configuration for laptop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │       └─ home.nix *
+#   └─ ./modules
+#       └─ ./desktop
+#           └─ ./hyprland
+#              └─ hyprland.nix
+#
+
+{ pkgs, ... }:
+
+{
+  imports =
+    [
+      #../../modules/wm/hyprland/home.nix # Window Manager
+      #../../modules/wm/kde/home.nix # Window Manager
+      ../../modules/home.nix # Window Manager
+    ];
+
+  home = {                                # Specific packages for laptop
+    packages = with pkgs; [
+      # Applications
+      #firefox
+      chromium
+      thunderbird
+      streamlink
+      streamlink-twitch-gui-bin
+      element-desktop
+      #nheko
+      pulsemixer
+    ];
+  };
+
+  services = {                            # Applets
+   #blueman-applet.enable = true;         # Bluetooth
+   network-manager-applet.enable = true; # Network
+  };
+
+  xsession.preferStatusNotifierItems = true;
+
+}
--- a/hosts/home.nix
+++ b/hosts/home.nix
@@ -15,10 +15,10 @@
 #           └─ default.nix
 #

-{ config, lib, pkgs, user, ... }:
+{ config, lib, pkgs, user, pkgs-stable, ... }:

 { 
-  imports =                                   # Home Manager Modules
+  imports =
    (import ../modules/editors) ++
    (import ../modules/programs) ++
    (import ../modules/programs/configs) ++
@@ -31,13 +31,13 @@

    packages = with pkgs; [
 # Terminal
-      btop              # Resource Manager
      pfetch            # Minimal fetch
      ranger            # File Manager
      gnupg             # sign and authorize 2nd Fac

      xdg-utils
      steam
+      wakelan

 # dev ols
      gcc
@@ -52,32 +52,33 @@

 # VideAudio
      mpv               # Media Player
-      youtube-dl

 # Apps
      galculator
-      tdesktop
+      telegram-desktop
      hdparm
-      python3Full
+      python3
      android-tools
      calibre
      mtpfs
      vimiv-qt
      freecad
+      discord
+      element-desktop

 # Fileanagement
-      #okular            # PDF viewer
-      #gnome.file-roller # Archive Manager
-      ark
+      kdePackages.ark
      pcmanfm           # File Manager
      rsync             # Syncer $ rsync -r dir1/ dir2/
      unzip             # Zip files
      unrar             # Rar files
      papirus-icon-theme
+      arc-theme

-# Genel configuration
+# General configuration
      keepassxc
      libreoffice
+      gimp

      # Flatpak
      prusa-slicer
@@ -90,42 +91,47 @@
            #ms-python.python
            ms-vscode.cpptools
            dracula-theme.theme-dracula
-            catppuccin.catppuccin-vsc
-            catppuccin.catppuccin-vsc-icons

          ];
      })
+
+      sdkmanager
+      android-tools
    ];
+
    file.".config/wall".source = ../modules/themes/wall.jpg;
    file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
-    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
-      name = "Dracula-cursors";
-      package = pkgs.dracula-theme;
-      size = 16;
-      gtk.enable = true;
-    };
+#    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
+#      name = "Dracula-cursors";
+#      package = pkgs.dracula-theme;
+#      size = 16;
+#      gtk.enable = true;
+#    };
    stateVersion = "23.05";
  };

  programs = {
    home-manager.enable = true;
+    alacritty = {
+      settings.font.size = 11;
+    };
  };


-  gtk = {                                     # Theming
-    enable = true;
-    theme = {
-      name = "Dracula";
-      package = pkgs.dracula-theme;
-    };
-    iconTheme = {
-      name = "Papirus-Dark";
-      package = pkgs.papirus-icon-theme;
-    };
-    font = {
-      name = "FiraCode Nerd Font";         # or FiraCode Nerd Font Mono Medium
-    };                                        # Cursor is declared under home.pointerCursor
-  };
+#  gtk = {                                     # Theming
+#    enable = true;
+#    theme = {
+#      name = "Dracula";
+#      package = pkgs.dracula-theme;
+#    };
+#    iconTheme = {
+#      name = "Papirus-Dark";
+#      package = pkgs.papirus-icon-theme;
+#    };
+#    font = {
+#      name = "Cascadia Code";         # or FiraCode Nerd Font Mono Medium
+#    };                                        # Cursor is declared under home.pointerCursor
+#  };
  systemd.user.services.mpris-proxy = {
    Unit.Description = "Mpris proxy";
    Unit.After = [ "network.target" "sound.target" ];
--- a/hosts/home_server.nix
+++ b/hosts/home_server.nix
@@ -31,7 +31,6 @@

    packages = with pkgs; [
      # Terminal
-      btop              # Resource Manager
      pfetch            # Minimal fetch
      ranger            # File Manager
      gnupg             # sign and authorize 2nd Fac
@@ -43,7 +42,7 @@

      # Apps
      hdparm
-      python3Full
+      python3

      # File Management
      rsync             # Syncer $ rsync -r dir1/ dir2/
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -17,12 +17,12 @@
 #           └─ default.nix
 #

-{ config, pkgs, user, ... }:
+{ config, pkgs, user, pkgs-kabbone, ... }:

 {
  imports =                                                         # For now, if applying to other ssystem, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    #(import ../../modules/desktop/virtualisation) ++   # Docker
+    #(import ../../modules/wm/virtualisation) ++   # Docker
    (import ../../modules/services/nas) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices

@@ -40,10 +40,11 @@
  };

 #  environment = {
-#    systemPackages = with pkgs; [
-##      simple-scan
-##       intel-media-driver
-##       alacritty
+#    systemPackages = with pkgs-kabbone; [
+#      corosync-qdevice
+###      simple-scan
+###       intel-media-driver
+###       alacritty
 #    ];
 #  };

@@ -53,7 +54,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };

@@ -61,7 +62,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/jupiter/hardware-configuration.nix
+++ b/hosts/jupiter/hardware-configuration.nix
@@ -50,6 +50,7 @@
  };

  services.btrbk = {
+      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -188,35 +189,24 @@
 
  swapDevices = [ { device = "/swap/swapfile"; } ];
  
+  systemd.network = {
+      enable = true;
+      networks = {
+          "10-lan" = {
+              matchConfig.Name = "ens18";
+              ntp = [ "192.168.2.1" ];
+              #domains = [ "home.opel-online.de" ];
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+          };
+      };
+  };
  networking = {
    hostName = "jupiter";
    domain = "home.opel-online.de";
-    networkmanager = {
-      enable = false;
-    };
-    timeServers = [
-        "192.168.2.1"
-    ];
-    interfaces = {
-      enp6s18 = {
-        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
-#        ipv4.addresses = [ {
-#            address = "45.142.114.153";
-#            prefixLength = 24;
-#        } ];
-#        ipv6.addresses = [ {
-#            address = "2a00:ccc1:101:19D::2";
-#            prefixLength = 64;
-#        } ];
-#      };
-      };
-    };
-#    defaultGateway = "45.142.114.1";
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "enp6s18";
-    };
-#    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
+    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
@@ -228,7 +218,7 @@
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
-    scsiLinkPolicy = "med_power_with_dipm";
+    #scsiLinkPolicy = "med_power_with_dipm";
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
    '';
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -0,0 +1,111 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ config, pkgs, pkgs-unstable, user, agenix, impermanence, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++  # kvm module options
+    (import ../../modules/services/server);                     # Server Services
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+    grub = {
+        enable = true;
+        device = "/dev/sda";
+    };
+      timeout = 1;                          # Grub auto select time
+    };
+  };
+
+  environment = {
+    etc = {
+      "fail2ban/filter.d/open-webui.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
+        mode = "0444";
+      };
+      "fail2ban/filter.d/gitea.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
+        mode = "0444";
+      };
+      "fail2ban/filter.d/nextcloud.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
+        mode = "0444";
+      };
+    };
+  };
+
+  programs = {                              # No xbacklight, this is the alterantive
+    zsh.enable = true;
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryPackage = pkgs.pinentry-curses;
+    };
+  };
+
+  services = {
+    #auto-cpufreq.enable = true;
+    qemuGuest.enable = true;
+    #avahi = {                               # Needed to find wireless printer
+    #  enable = true;
+    #  nssmdns = true;
+    #  publish = {                           # Needed for detecting the scanner
+    #    enable = true;
+    #    addresses = true;
+    #    userServices = true;
+    #  };
+    #};
+    fail2ban = {
+        enable = true;
+        maxretry = 5;
+        jails.DEFAULT.settings = {
+           findtime = "15m";
+        };
+        jails = {
+            open-webui = ''
+              enabled = true
+              filter = open-webui
+              backend = systemd
+              action = iptables-allports
+            '';
+            gitea = ''
+              enabled = true
+              filter = gitea
+              backend = systemd
+              action = iptables-allports
+            '';
+            nextcloud = ''
+              backend = auto
+              enabled = true
+              filter = nextcloud
+              logpath = /var/lib/nextcloud/data/nextcloud.log
+              action = iptables-allports
+            '';
+          };
+    };
+
+  };
+
+}
--- a/hosts/kabtop/hardware-configuration.nix
+++ b/hosts/kabtop/hardware-configuration.nix
@@ -0,0 +1,149 @@
+#
+# Hardware settings for Teclast F5 10" Laptop
+# NixOS @ sda2
+#
+# flake.nix
+#  └─ ./hosts
+#      └─ ./laptop
+#          └─ hardware-configuration.nix *
+#
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [  "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+  boot.tmp.useTmpfs = false;
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "monthly";
+    fileSystems = [
+      "/"
+    ];
+  };
+
+  services.btrbk = {
+      instances = {
+          hf = {
+              onCalendar = "hourly";
+              settings = {
+                  incremental = "yes";
+                  snapshot_create = "ondemand";
+                  snapshot_dir = "@snapshots";
+                  timestamp_format = "long";
+
+                  snapshot_preserve = "2m 2w 5d 5h";
+                  snapshot_preserve_min = "latest";
+                
+                  volume =  {
+                      "/mnt/snapshots/root" = {
+                          snapshot_create = "always";
+                          subvolume = {
+                              "@" = {};
+                              "@home" = {};
+                              "@var" = {};
+                          };
+                      };
+                  };
+              };
+          };
+      };
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
+    };
+
+  fileSystems."/srv" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
+    };
+
+  fileSystems."/mnt/snapshots/root" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
+    };
+
+
+  #swapDevices = [ { device = "/swap/swapfile"; } ];
+  swapDevices = [  ];
+  
+  networking = {
+    useDHCP = false;                        # Deprecated
+    hostName = "kabtop";
+    domain = "kabtop.de";
+    networkmanager = {
+      enable = false;
+    };
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+  systemd.network = {
+      enable = true;
+      networks = {
+          "10-lan" = {
+              matchConfig.Name = "ens18";
+
+              address = [
+                "37.44.215.182/24"
+                "2a13:7e80:0:ef::2/64"
+              ];
+
+              routes = [
+                {  Gateway = "37.44.215.1"; }
+                {  Gateway = "fe80::1"; }
+              ];
+
+              dns = [
+                "9.9.9.9"
+                "2620:fe::fe"
+              ];
+          };
+      };
+  };
+
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/kabtop/home.nix
+++ b/hosts/kabtop/home.nix
@@ -16,19 +16,18 @@
 {
  imports =
    [
-      ../../modules/desktop/hyprland/home.nix # Window Manager
+      ../../modules/home.nix # Window Manager
    ];

  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
-      libreoffice                         # Office packages

      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.

      # Power Management
-      auto-cpufreq                       # Power management
+      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
@@ -37,14 +36,4 @@
    alacritty.settings.font.size = 11;
  };

-  services = {                            # Applets
-    blueman-applet.enable = true;         # Bluetooth
-    network-manager-applet.enable = true; # Network
-#   cbatticon = {
-#     enable = true;
-#     criticalLevelPercent = 10;
-#     lowLevelPercent = 20;
-#     iconType = null;
-#   };
-  };
 }
--- a/hosts/kabtopci/default.nix
+++ b/hosts/kabtopci/default.nix
@@ -0,0 +1,45 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ config, pkgs, user, agenix, impermanence, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # Docker
+    (import ../../modules/services/kabtopci);                       # Server Services
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+    grub = {
+        enable = true;
+        device = "/dev/vda";
+    };
+      timeout = 1;                          # Grub auto select time
+    };
+  };
+
+  programs = {                              # No xbacklight, this is the alterantive
+    zsh.enable = true;
+  };
+
+}
--- a/hosts/kabtopci/hardware-configuration.nix
+++ b/hosts/kabtopci/hardware-configuration.nix
@@ -0,0 +1,108 @@
+#
+# Hardware settings for Teclast F5 10" Laptop
+# NixOS @ sda2
+#
+# flake.nix
+#  └─ ./hosts
+#      └─ ./laptop
+#          └─ hardware-configuration.nix *
+#
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.tmp.useTmpfs = false;
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "monthly";
+    fileSystems = [
+      "/"
+    ];
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
+    };
+
+  fileSystems."/srv" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
+    };
+
+  swapDevices = [  ];
+  
+  networking = {
+    useDHCP = false;                        # Deprecated
+    hostName = "kabtopci";
+    domain = "ci.kabtop.de";
+    networkmanager = {
+      enable = false;
+    };
+    interfaces = {
+      ens3 = {
+        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
+        ipv4.addresses = [ {
+            address = "195.90.221.87";
+            prefixLength = 22;
+        } ];
+        ipv6.addresses = [ {
+            address = "2a00:6800:3:d5b::2";
+            prefixLength = 64;
+        } ];
+      };
+    };
+    defaultGateway = "195.90.220.1";
+    defaultGateway6 = {
+      address = "2a00:6800:3::1";
+      interface = "ens3";
+    };
+
+    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/kabtopci/home.nix
+++ b/hosts/kabtopci/home.nix
@@ -0,0 +1,39 @@
+#
+#  Home-manager configuration for laptop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │       └─ home.nix *
+#   └─ ./modules
+#       └─ ./desktop
+#           └─ ./hyprland
+#              └─ hyprland.nix
+#
+
+{ pkgs, ... }:
+
+{
+  imports =
+    [
+      ../../modules/home.nix # Window Manager
+    ];
+
+  home = {                                # Specific packages for laptop
+    packages = with pkgs; [
+      # Applications
+
+      # Display
+      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
+
+      # Power Management
+      #auto-cpufreq                       # Power management
+      #tlp                                # Power management
+    ];
+  };
+
+  programs = {
+    alacritty.settings.font.size = 11;
+  };
+
+}
--- a/hosts/kubemaster-1/default.nix
+++ b/hosts/kubemaster-1/default.nix
@@ -0,0 +1,58 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ config, pkgs, user, agenix, impermanence, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
+    (import ../../modules/services/kubemaster);                       # Server Services
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+      systemd-boot.enable = true;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+      timeout = 1;                          # Grub auto select time
+    };
+  };
+
+  programs = {                              # No xbacklight, this is the alterantive
+    zsh.enable = true;
+  };
+
+  services = {
+    avahi = {                               # Needed to find wireless printer
+      enable = true;
+      nssmdns4 = true;
+      publish = {                           # Needed for detecting the scanner
+        enable = true;
+        addresses = true;
+        userServices = true;
+      };
+    };
+  };
+
+}
--- a/hosts/kubemaster-1/hardware-configuration.nix
+++ b/hosts/kubemaster-1/hardware-configuration.nix
@@ -0,0 +1,117 @@
+#
+# Hardware settings for Teclast F5 10" Laptop
+# NixOS @ sda2
+#
+# flake.nix
+#  └─ ./hosts
+#      └─ ./laptop
+#          └─ hardware-configuration.nix *
+#
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  boot.tmp.useTmpfs = false;
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "monthly";
+    fileSystems = [
+      "/"
+    ];
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
+    };
+
+  fileSystems."/srv" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
+    };
+
+  fileSystems."/mnt/snapshots/root" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
+    };
+
+  swapDevices = [  ];
+  
+  systemd.network = {
+      enable = true;
+      networks = {
+          "10-lan" = {
+              matchConfig.Name = "enp0s31f6";
+              ntp = [ "192.168.2.1" ];
+              #domains = [ "home.opel-online.de" ];
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+              dns = [
+                "192.168.2.1"
+              ];
+          };
+      };
+  };
+  networking = {
+    useDHCP = false;                        # Deprecated
+    hostName = "kubemaster-1";
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  powerManagement = {
+    cpuFreqGovernor = lib.mkDefault "powersave";
+    powertop.enable = true;
+    powerUpCommands = ''
+      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/e036f437-bc91-4398-b182-7cf5724e23a2
+    '';
+  };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+}
--- a/hosts/kubemaster-1/home.nix
+++ b/hosts/kubemaster-1/home.nix
@@ -0,0 +1,39 @@
+#
+#  Home-manager configuration for laptop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │       └─ home.nix *
+#   └─ ./modules
+#       └─ ./desktop
+#           └─ ./hyprland
+#              └─ hyprland.nix
+#
+
+{ pkgs, ... }:
+
+{
+  imports =
+    [
+      ../../modules/home.nix # Window Manager
+    ];
+
+  home = {                                # Specific packages for laptop
+    packages = with pkgs; [
+      # Applications
+
+      # Display
+      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
+
+      # Power Management
+      #auto-cpufreq                       # Power management
+      #tlp                                # Power management
+    ];
+  };
+
+  programs = {
+    alacritty.settings.font.size = 11;
+  };
+
+}
--- a/hosts/lifebook/default.nix
+++ b/hosts/lifebook/default.nix
@@ -0,0 +1,103 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ lib, config, pkgs, user, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
+    [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
+    (import ../../modules/hardware);                                # Hardware devices
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+    initrd.prepend = [ "${./patched-SSDT4}" ];
+
+    loader = {                              # EFI Boot
+      systemd-boot.enable = lib.mkForce false;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+      timeout = 1;                          # Grub auto select time
+    };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
+  };
+
+  hardware = {
+    nitrokey.enable = true;
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+       linux-firmware
+       intel-media-driver
+    ];
+  };
+
+  programs = {                              # No xbacklight, this is the alterantive
+    light.enable = true;
+  };
+
+  systemd.sleep.extraConfig = "HibernateDelaySec=1h";
+  services = {
+    logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
+    blueman.enable = true;
+    avahi = {                               # Needed to find wireless printer
+      enable = true;
+      nssmdns4 = true;
+      publish = {                           # Needed for detecting the scanner
+        enable = true;
+        addresses = true;
+        userServices = true;
+      };
+    };
+    #tailscale.enable = true;
+    syncthing = {
+        enable = true;
+        group = "users";
+        user = "kabbone";
+        dataDir = "/home/${config.services.syncthing.user}/Sync";
+        configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
+        overrideDevices = true;     # overrides any devices added or deleted through the WebUI
+        overrideFolders = true;     # overrides any folders added or deleted through the WebUI
+        openDefaultPorts = true;
+        settings = {
+          devices = {
+            "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
+            "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
+          };
+          folders = {
+            "Sync" = {         # Name of folder in Syncthing, also the folder ID
+              path = "/home/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
+              devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ];      # Which devices to share the folder with
+              ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
+            };
+          };
+        };
+    };
+  };
+}
--- a/hosts/lifebook/hardware-configuration.nix
+++ b/hosts/lifebook/hardware-configuration.nix
@@ -0,0 +1,224 @@
+#
+# Hardware settings for Teclast F5 10" Laptop
+# NixOS @ sda2
+#
+# flake.nix
+#  └─ ./hosts
+#      └─ ./laptop
+#          └─ hardware-configuration.nix *
+#
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
+      [( import ../../modules/hardware/backup.nix )];
+
+  boot = {
+	  initrd = {
+		  availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
+		  kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
+		  systemd.enable = true;
+		  luks = {
+			  devices."crypted" = {
+				  device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
+				  allowDiscards = true;
+		                  bypassWorkqueues = true;
+			  };
+		  };
+	  };
+
+	  kernelModules = [ "kvm-intel" ];
+	  kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
+	  extraModprobeConfig = ''
+		  options i915 enable_guc=3
+		  '';
+	  tmp.useTmpfs = false;
+	  tmp.cleanOnBoot = true;
+  };
+
+  zramSwap.enable = true;
+
+
+  services = {
+      btrfs.autoScrub = {
+          enable = true;
+          interval = "monthly";
+          fileSystems = [
+              "/"
+          ];
+      };
+      udev.extraRules = ''
+          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
+          '';
+
+      btrbk = {
+          extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
+          instances = {
+              hf = {
+                  onCalendar = "hourly";
+                  settings = {
+                      incremental = "yes";
+                      snapshot_create = "ondemand";
+                      snapshot_dir = "@snapshots";
+                      timestamp_format = "long";
+
+                      snapshot_preserve = "2m 2w 5d 5h";
+                      snapshot_preserve_min = "latest";
+                    
+                      volume =  {
+                          "/mnt/snapshots/root" = {
+                              snapshot_create = "always";
+                              subvolume = {
+                                  "@home" = {};
+                              };
+                          };
+                      };
+                  };
+              };
+              bak = {
+                  onCalendar = "daily";
+                  settings = {
+	              stream_buffer = "256m";
+                      stream_compress = "lz4";
+                      incremental = "yes";
+                      snapshot_create = "no";
+                      snapshot_dir = "@snapshots";
+                      timestamp_format = "long";
+
+                      snapshot_preserve_min = "all";
+                      target_preserve_min = "no";
+                      target_preserve = "2m 4w 3d";
+
+                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
+                      ssh_user = "btrbk";
+                    
+                      volume =  {
+                          "/mnt/snapshots/root" = {
+                              subvolume = {
+                                  "@home" = {};
+                              };
+	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
+                          };
+                      };
+	          };
+	      };
+          };
+      };
+  };
+  
+  systemd.timers = {
+      btrbk-bak = {
+          after = [ "network-online.target" ];
+          requires = [ "network-online.target" ];
+      };
+  };
+
+  fileSystems."/" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
+    };
+
+  fileSystems."/srv" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
+    };
+
+  fileSystems."/opt" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
+    };
+
+  fileSystems."/var" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
+    };
+
+  fileSystems."/mnt/snapshots/root" =
+    { device = "/dev/mapper/crypted";
+      fsType = "btrfs";
+      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
+    };
+
+
+  fileSystems."/mnt/Pluto" =
+    { device = "jupiter.home.opel-online.de:/Pluto";
+      fsType = "nfs";
+      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
+    };
+
+  fileSystems."/mnt/Mars" =
+    { device = "jupiter.home.opel-online.de:/Mars";
+      fsType = "nfs";
+      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
+    };
+
+
+  swapDevices = [ { device = "/swap/swapfile"; } ];
+  
+
+  networking = {
+    useDHCP = false;                        # Deprecated
+    hostName = "lifebook";
+    wireless.iwd.enable = true;
+    networkmanager = {
+      enable = true;
+      wifi = {
+        backend = "iwd";
+        powersave = true;
+      };
+    };
+#    interfaces = {
+#      wlan0 = {
+#        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
+#        #ipv4.addresses = [ {
+#        #    address = "192.168.0.51";
+#        #    prefixLength = 24;
+#        #} ];
+#      };
+#    };
+    #defaultGateway = "192.168.0.1";
+    #nameservers = [ "192.168.0.4" ];
+    firewall = {
+      checkReversePath = false;
+      enable = true;
+      allowedUDPPorts = [ 24727 51820 ];
+      allowedTCPPorts = [ 24727 ];
+    };
+  };
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  powerManagement = {
+    powertop.enable = true;    
+  };
+}
--- a/hosts/lifebook/home.nix
+++ b/hosts/lifebook/home.nix
@@ -16,8 +16,8 @@
 {
  imports =
    [
-      #../../modules/desktop/hyprland/home.nix # Window Manager
-      ../../modules/desktop/sway/home.nix # Window Manager
+      #../../modules/wm/hyprland/home.nix # Window Manager
+      ../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];

@@ -30,7 +30,6 @@
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
-      element-desktop
      intel-gpu-tools
      pulsemixer
      
@@ -43,10 +42,6 @@
    ];
  };

-  programs = {
-    alacritty.settings.font.size = 11;
-  };
-
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
--- a/hosts/lifebook/patched-SSDT4
+++ b/hosts/lifebook/patched-SSDT4
--- a/hosts/nas/default.nix
+++ b/hosts/nas/default.nix
@@ -22,7 +22,7 @@
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    (import ../../modules/desktop/virtualisation) ++   # Docker
+    (import ../../modules/wm/virtualisation) ++   # Docker
    (import ../../modules/services/nas) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices

@@ -53,7 +53,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };

--- a/hosts/nasbackup/default.nix
+++ b/hosts/nasbackup/default.nix
@@ -22,7 +22,7 @@
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    (import ../../modules/desktop/virtualisation) ++   # Docker
+    #[(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    (import ../../modules/services/nasbackup) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices

@@ -45,7 +45,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };

@@ -53,7 +53,7 @@
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
--- a/hosts/nasbackup/hardware-configuration.nix
+++ b/hosts/nasbackup/hardware-configuration.nix
@@ -19,20 +19,22 @@

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
-#  boot.initrd.secrets = {
-#    "/root/NASKeyfile" =
-#        /root/NASKeyfile;
-#  };
-#  boot.initrd.luks.devices = {
-#    NAS-RAID1 = {
-#      device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
-#      keyFile = "/root/NASKeyfile";
-#    };
-#    NAS-RAID2 = {
-#      device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
-#      keyFile = "/root/NASKeyfile";
-#    };
-#  };
+  boot.initrd.secrets = {
+    "/root/NASKeyfile" =
+        /root/NASKeyfile;
+  };
+  boot.initrd.luks.devices = {
+    NAS-RAID1 = {
+      device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
+      keyFile = "/root/NASKeyfile";
+      bypassWorkqueues = true;
+    };
+    NAS-RAID2 = {
+      device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
+      keyFile = "/root/NASKeyfile";
+      bypassWorkqueues = true;
+    };
+  };
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
@@ -49,7 +51,7 @@
  };

  services.btrbk = {
-      extraPackages = [ pkgs.lz4 ];
+      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -76,6 +78,7 @@
          bak = {
              onCalendar = "weekly";
              settings = {
+	          stream_buffer = "265m";
                  stream_compress = "lz4";
                  incremental = "yes";
                  snapshot_create = "no";
@@ -85,21 +88,36 @@
                  snapshot_preserve_min = "all";
                  target_preserve_min = "no";
                  target_preserve = "4w 2m";
+                  archive_preserve_min = "no";
+                  archive_preserve = "4w 2m";

                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
                  ssh_user = "btrbk";
                
                  volume =  {
-                      "ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
-                          target = "/mnt/nas/Backups/nas/Mars";
+                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
                          subvolume = {
-                              "@nas" = {};
+                              "@nas" = {
+                                  target = "/mnt/nas/Backups/Mars";
+			      };
+                              "@hades/@home" = {
+				  target = "/mnt/nas/Backups/Hades";
+				  snapshot_dir = "@snapshots/@hades";
+			      };
+                              "@lifebook/@home" = {
+				  target = "/mnt/nas/Backups/Lifebook";
+				  snapshot_dir = "@snapshots/@lifebook";
+			      };
+#                              "@steamdeck/@home" = {
+#				  target = "/mnt/nas/Backups/Steamdeck";
+#				  snapshot_dir = "@snapshots/@steamdeck";
+#			      };
                          };
                      };
                  };
                  volume =  {
-                      "ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
-                          target = "/mnt/nas/Backups/nas/Pluto";
+                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
+                          target = "/mnt/nas/Backups/Pluto";
                          subvolume = {
                              "@/Games" = {};
                              "@/IT" = {};
@@ -111,36 +129,17 @@
                  };
              };
          };
-#          lf = {
-#              onCalendar = "daily";
-#              settings = {
-#                  incremental = "yes";
-#                  snapshot_create = "ondemand";
-#                  snapshot_dir = "@snapshots";
-#                  timestamp_format = "long";
-#
-#                  snapshot_preserve = "2m 2w 5d";
-#                  snapshot_preserve_min = "latest";
-#                
-#                  volume =  {
-#                      "/mnt/snapshots/Pluto" = {
-#                          snapshot_create = "always";
-#                          subvolume = {
-#                            "@" = {};
-#                            "@/Backups" = {};
-#                            "@/Games" = {};
-#                            "@/IT" = {};
-#                            "@/Media" = {};
-#                            "@/Pictures" = {};
-#                            "@/Rest" = {};
-#                          };
-#                      };
-#                  };
-#              };
-#          };
      };
  };

+  systemd.services = {
+      btrbk-bak = {
+          after = [ "network-online.target" ];
+          requires = [ "network-online.target" ];
+      };
+  };
+
+
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
@@ -184,7 +183,7 @@
 #    };
 #
  fileSystems."/mnt/nas" =
-    { device = "/dev/disk/by-uuid/6f53d32d-b56f-42ec-bfad-c0b8d1114015";
+    { device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
      fsType = "btrfs";
      options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
    };
@@ -196,35 +195,24 @@

  swapDevices = [ { device = "/swap/swapfile"; } ];
  
+  systemd.network = {
+      enable = true;
+      networks = {
+          "10-lan" = {
+              matchConfig.Name = "ens18";
+              ntp = [ "192.168.2.1" ];
+              #domains = [ "home.opel-online.de" ];
+              networkConfig = {
+                DHCP = "yes";
+                IPv6AcceptRA = true;
+              };
+          };
+      };
+  };
  networking = {
    hostName = "nasbak";
    domain = "home.opel-online.de";
-    networkmanager = {
-      enable = false;
-    };
-    timeServers = [
-        "192.168.2.1"
-    ];
-    interfaces = {
-      enp6s18 = {
-        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
-#        ipv4.addresses = [ {
-#            address = "45.142.114.153";
-#            prefixLength = 24;
-#        } ];
-#        ipv6.addresses = [ {
-#            address = "2a00:ccc1:101:19D::2";
-#            prefixLength = 64;
-#        } ];
-#      };
-      };
-    };
-#    defaultGateway = "45.142.114.1";
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "enp6s18";
-    };
-#    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
+    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -22,10 +22,12 @@
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
-    (import ../../modules/hardware);                                # Hardware devices
+    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
+   # [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
+    (import ../../modules/hardware) ++
+    (import ../../modules/services/printer);                                # Hardware devices

  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -40,32 +42,14 @@
    };
  };

-#  hardware.sane = {                           # Used for scanning with Xsane
-#    enable = false;
-#    extraBackends = [ pkgs.sane-airscan ];
-#  };
-  hardware = {
-    nitrokey.enable = true;
-  };
-
  environment = {
    systemPackages = with pkgs; [
-#      simple-scan
       intel-media-driver
-#       alacritty
    ];
  };

  programs = {                              # No xbacklight, this is the alterantive
-    zsh.enable = true;
-    dconf.enable = true;
    light.enable = true;
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-      pinentryFlavor = "curses";
-    };
  };

  services = {
@@ -79,21 +63,15 @@
    logind.lidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
    #auto-cpufreq.enable = true;
    blueman.enable = true;
-    printing = {                            # Printing and drivers for TS5300
-      enable = true;
-      drivers = [ pkgs.gutenprint ];
-    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
-    tailscale.enable = true;
-
  };

  #temporary bluetooth fix
--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@@ -134,30 +134,19 @@
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "nbf5";
-    wireless.iwd.enable = true;
-    networkmanager = {
-      enable = true;
-      wifi = {
-        backend = "iwd";
-        powersave = true;
-      };
+    wireless = {
+      iwd.enable = true;
+      interfaces = [ "wlan0" ];
    };
    interfaces = {
      wlan0 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
-        #ipv4.addresses = [ {
-        #    address = "192.168.0.51";
-        #    prefixLength = 24;
-        #} ];
      };
    };
-    #defaultGateway = "192.168.0.1";
-    #nameservers = [ "192.168.0.4" ];
    firewall = {
-      checkReversePath = "loose";
-    #  enable = false;
-    #  #allowedUDPPorts = [ 53 67 ];
-    #  #allowedTCPPorts = [ 53 80 443 9443 ];
+      enable = true;
+      #allowedUDPPorts = [ 53 67 ];
+      allowedTCPPorts = [ 80 443 ];
    };
  };

--- a/hosts/nbf5/home.nix
+++ b/hosts/nbf5/home.nix
@@ -0,0 +1,51 @@
+#
+#  Home-manager configuration for laptop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │       └─ home.nix *
+#   └─ ./modules
+#       └─ ./desktop
+#           └─ ./hyprland
+#              └─ hyprland.nix
+#
+
+{ pkgs, ... }:
+
+{
+  imports =
+    [
+      #../../modules/wm/hyprland/home.nix # Window Manager
+      #../../modules/wm/sway/home.nix # Window Manager
+      ../../modules/home.nix # Window Manager
+    ];
+
+  home = {                                # Specific packages for laptop
+    packages = with pkgs; [
+      # Applications
+      firefox
+      intel-gpu-tools
+      pulsemixer
+      
+      # Display
+      light                              # xorg.xbacklight not supported. Other option is just use xrandr.
+
+      # Power Management
+      #auto-cpufreq                       # Power management
+      #tlp                                # Power management
+    ];
+  };
+
+  programs = {
+    alacritty.settings.font.size = 11;
+  };
+
+  services = {                            # Applets
+   blueman-applet.enable = true;         # Bluetooth
+   network-manager-applet.enable = true; # Network
+  };
+
+  xsession.preferStatusNotifierItems = true;
+
+}
--- a/hosts/q920/default.nix
+++ b/hosts/q920/default.nix
@@ -1,111 +0,0 @@
-#
-#  Specific system configuration settings for desktop
-#
-#  flake.nix
-#   ├─ ./hosts
-#   │   └─ ./laptop
-#   │        ├─ default.nix *
-#   │        └─ hardware-configuration.nix       
-#   └─ ./modules
-#       ├─ ./desktop
-#       │   └─ ./hyprland
-#       │       └─ hyprland.nix
-#       ├─ ./modules
-#       │   └─ ./programs
-#       │       └─ waybar.nix
-#       └─ ./hardware
-#           └─ default.nix
-#
-
-{ config, pkgs, user, ... }:
-
-{
-  imports =                                                         # For now, if applying to other system, swap files
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    [(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/virtualisation/docker.nix)]; # ++   # Docker
-    #(import ../../modules/hardware);                                # Hardware devices
-
-  boot = {                                  # Boot options
-    kernelPackages = pkgs.linuxPackages_latest;
-
-    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-      timeout = 1;                          # Grub auto select time
-    };
-  };
-
-#  hardware.sane = {                           # Used for scanning with Xsane
-#    enable = false;
-#    extraBackends = [ pkgs.sane-airscan ];
-#  };
-
-#  environment = {
-#    systemPackages = with pkgs; [
-#      simple-scan
-#    ];
-#  };
-
-  programs = {                              # No xbacklight, this is the alterantive
-#    dconf.enable = true;
-#    light.enable = true;
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-      pinentryFlavor = "curses";
-    };
-  };
-
-  services = {
-#    tlp.enable = true;                      # TLP and auto-cpufreq for power management
-    #logind.lidSwitch = "ignore";            # Laptop does not go to sleep when lid is closed
-    auto-cpufreq.enable = true;
-    blueman.enable = true;
-    pcscd.enable = true;
-    udev.packages = [ 
-        pkgs.nitrokey-udev-rules
-    ];
-    printing = {                            # Printing and drivers for TS5300
-      enable = true;
-      drivers = [ pkgs.gutenprint ];
-    };
-    avahi = {                               # Needed to find wireless printer
-      enable = true;
-      nssmdns = true;
-      publish = {                           # Needed for detecting the scanner
-        enable = true;
-        addresses = true;
-        userServices = true;
-      };
-    };
-
-    #xserver = {
-    #  libinput = {                          # Trackpad support & gestures
-    #    touchpad = {
-    #      tapping = true;
-    #      scrollMethod = "twofinger";
-    #      naturalScrolling = true;            # The correct way of scrolling
-    #      accelProfile = "adaptive";          # Speed settings
-    #      #accelSpeed = "-0.5";
-    #      disableWhileTyping = true;
-    #    };
-    #  };
-    #  resolutions = [
-    #    { x = 1600; y = 920; }
-    #    { x = 1280; y = 720; }
-    #    { x = 1920; y = 1080; }
-    #  ];
-    #};
-  };
-
-  #temporary bluetooth fix
-#  systemd.tmpfiles.rules = [
-#    "d /var/lib/bluetooth 700 root root - -"
-#  ];
-#  systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
-}
--- a/hosts/q920/hardware-configuration.nix
+++ b/hosts/q920/hardware-configuration.nix
@@ -1,82 +0,0 @@
-#
-# Hardware settings for Teclast F5 10" Laptop
-# NixOS @ sda2
-#
-# flake.nix
-#  └─ ./hosts
-#      └─ ./laptop
-#          └─ hardware-configuration.nix *
-#
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-label/ROOT";
-      fsType = "btrfs";
-      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-label/ROOT";
-      fsType = "btrfs";
-      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
-    };
-
-  fileSystems."/srv" =
-    { device = "/dev/disk/by-label/ROOT";
-      fsType = "btrfs";
-      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-label/BOOT";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-  
-  networking = {
-    useDHCP = false;                        # Deprecated
-    hostName = "q920";
-    networkmanager.enable = true;
-    interfaces = {
-      enp0s25 = {
-        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
-        #ipv4.addresses = [ {
-        #    address = "192.168.0.51";
-        #    prefixLength = 24;
-        #} ];
-      };
-#      wlo1 = {
-#        useDHCP = true;
-#        #ipv4.addresses = [ {
-#        #  address = "192.168.0.51";
-#        #  prefixLength = 24;
-#        #} ];  
-#      };
-    };
-    #defaultGateway = "192.168.0.1";
-    #nameservers = [ "192.168.0.4" ];
-    #firewall = {
-    #  enable = false;
-    #  #allowedUDPPorts = [ 53 67 ];
-    #  #allowedTCPPorts = [ 53 80 443 9443 ];
-    #};
-  };
-
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
-}
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -17,12 +17,12 @@
 #           └─ default.nix
 #

-{ config, pkgs, user, ... }:
+{ config, pkgs, user, agenix, impermanence, ... }:

 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    (import ../../modules/services/server) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices

@@ -57,22 +57,22 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };

  services = {
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
-      enable = true;
-      nssmdns = true;
-      publish = {                           # Needed for detecting the scanner
-        enable = true;
-        addresses = true;
-        userServices = true;
-      };
-    };
+    #avahi = {                               # Needed to find wireless printer
+    #  enable = true;
+    #  nssmdns = true;
+    #  publish = {                           # Needed for detecting the scanner
+    #    enable = true;
+    #    addresses = true;
+    #    userServices = true;
+    #  };
+    #};
    fail2ban = {
        enable = true;
        maxretry = 5;
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -17,53 +17,49 @@
 #           └─ default.nix
 #

-{ config, pkgs, user, jovian-nixos, ... }:
+{ config, pkgs, user, jovian-nixos, lib, ... }:

 {
+  specialisation = {
+  	sway.configuration = {
+		imports =
+		  [(import ../../modules/wm/sway)];
+
+		jovian.steam.enable = lib.mkForce false;
+		services.desktopManager.plasma6.enable = lib.mkForce false;
+	};
+  };
+
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    [(import ../../modules/desktop/steam/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/kde/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
-    (import ../../modules/hardware);                                # Hardware devices
+    (import ../../modules/wm/virtualisation) ++                 # libvirt + Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
+    [(import ../../modules/wm/steam)] ++
+    [(import ../../modules/wm/kde)] ++
+    (import ../../modules/hardware);                                 # Hardware devices

  boot = {                                  # Boot options
-    kernelPackages = pkgs.linuxPackages_latest;
-
    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
  };

-#  hardware.sane = {                           # Used for scanning with Xsane
-#    enable = false;
-#    extraBackends = [ pkgs.sane-airscan ];
-#  };
  hardware = {
    nitrokey.enable = true;
  };

-#  environment = {
-#    systemPackages = with pkgs; [
-##       alacritty
-#    ];
-#  };
-
  programs = {                              # No xbacklight, this is the alterantive
-    zsh.enable = true;
-    dconf.enable = true;
    light.enable = true;
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-      pinentryFlavor = "curses";
-    };
  };

  services = {
@@ -84,4 +80,5 @@
    tailscale.enable = true;

  };
+  security.pam.sshAgentAuth.enable = true;
 }
--- a/hosts/steamdeck/hardware-configuration.nix
+++ b/hosts/steamdeck/hardware-configuration.nix
@@ -19,13 +19,14 @@

  boot = {
 	  initrd = {
-                  availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
+          availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
 		  kernelModules = [ ];
 		  systemd.enable = true;
 		  luks = {
 			  devices."crypted" = {
 				  device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
 				  allowDiscards = true;
+                  bypassWorkqueues = true;
 			  };
 		  };
 	  };
@@ -49,33 +50,66 @@
      udev.extraRules = ''
          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
          '';
-  };

-  services.btrbk = {
-      instances = {
-          hf = {
-              onCalendar = "hourly";
-              settings = {
-                  incremental = "yes";
-                  snapshot_create = "ondemand";
-                  snapshot_dir = "@snapshots";
-                  timestamp_format = "long";
+      btrbk = {
+          instances = {
+              hf = {
+                  onCalendar = "hourly";
+                  settings = {
+                      incremental = "yes";
+                      snapshot_create = "ondemand";
+                      snapshot_dir = "@snapshots";
+                      timestamp_format = "long";

-                  snapshot_preserve = "2m 2w 5d 5h";
-                  snapshot_preserve_min = "latest";
-                
-                  volume =  {
-                      "/mnt/snapshots/root" = {
-                          snapshot_create = "always";
-                          subvolume = {
-                              "@home" = {};
+                      snapshot_preserve = "2m 2w 5d 5h";
+                      snapshot_preserve_min = "latest";
+                    
+                      volume =  {
+                          "/mnt/snapshots/root" = {
+                              snapshot_create = "always";
+                              subvolume = {
+                                  "@home" = {};
+                              };
                          };
                      };
                  };
              };
+#              bak = {
+#                  onCalendar = "daily";
+#                  settings = {
+#	              stream_buffer = "256m";
+#                      stream_compress = "lz4";
+#                      incremental = "yes";
+#                      snapshot_create = "no";
+#                      snapshot_dir = "@snapshots";
+#                      timestamp_format = "long";
+#
+#                      snapshot_preserve_min = "all";
+#                      target_preserve_min = "no";
+#                      target_preserve = "2m 4w 3d";
+#
+#                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
+#                      ssh_user = "btrbk";
+#                    
+#                      volume =  {
+#                          "/mnt/snapshots/root" = {
+#                              subvolume = {
+#                                  "@home" = {};
+#                              };
+#	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
+#                          };
+#                      };
+#	          };
+#	      };
          };
      };
  };
+#
+#  systemd.timers = {
+#      btrbk-bak = {
+#          requires = [ "network-online.target" ];
+#      };
+#  };

  fileSystems."/" =
    { device = "/dev/mapper/crypted";
@@ -154,7 +188,7 @@
      enable = true;
      wifi = {
        backend = "iwd";
-        powersave = true;
+        powersave = false;
      };
    };
 #    interfaces = {
@@ -170,9 +204,9 @@
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = "loose";
-    #  enable = false;
-    #  #allowedUDPPorts = [ 53 67 ];
-    #  #allowedTCPPorts = [ 53 80 443 9443 ];
+      enable = true;
+      allowedUDPPorts = [ 24727 ];
+      allowedTCPPorts = [ 24727 ];
    };
  };

--- a/hosts/steamdeck/home.nix
+++ b/hosts/steamdeck/home.nix
@@ -14,12 +14,17 @@
 { pkgs, ... }:

 {
+  specialisation = {
+  	sway.configuration = {
+		imports =
+		[(import ../../modules/wm/sway/home.nix)];
+	};
+  };
+
  imports =
-    [
-      ../../modules/desktop/steam/home.nix # Window Manager
-      ../../modules/desktop/kde/home.nix # Window Manager
-      ../../modules/home.nix # Window Manager
-    ];
+    [(import ../../modules/home.nix)] ++ # Window Manager
+    [(import ../../modules/wm/steam/home.nix)] ++
+    [(import ../../modules/wm/kde/home.nix)];

  home = {                                # Specific packages for laptop
    packages = with pkgs; [
@@ -30,8 +35,8 @@
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
-      element-desktop
      pulsemixer
+      #yuzu-early-access
      
      # Display
      light                              # xorg.xbacklight not supported. Other option is just use xrandr.
@@ -42,10 +47,6 @@
    ];
  };

-  programs = {
-    alacritty.settings.font.size = 11;
-  };
-
  services = {                            # Applets
  };

--- a/modules/desktop/virtualisation/qemu.nix
+++ b/modules/desktop/virtualisation/qemu.nix
@@ -1,233 +0,0 @@
-#
-# Qemu/KVM with virt-manager 
-#
-
-{ config, pkgs, user, ... }:
-
-{                                             # Add libvirtd and kvm to userGroups
-  boot.extraModprobeConfig = ''
-    options kvm_intel nested=1
-    options kvm_intel emulate_invalid_guest_state=0
-    options kvm ignore_nsrs=1
-  '';                                         # Needed to run OSX-KVM 
-
-  users.groups.libvirtd.members = [ "root" "${user}" ];
-
-  virtualisation = {
-    libvirtd = {
-      enable = true;                          # Virtual drivers
-      onShutdown = "shutdown";
-      #qemuPackage = pkgs.qemu_kvm;           # Default
-      qemu = {
-        runAsRoot = false;
-        ovmf.enable = true;
-#        ovmf.packages = [ pkgs.OVMFFull ];
-#        verbatimConfig = ''
-#         nvram = [ "${pkgs.OVMF}/FV/OVMF_CODE.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
-#        '';
-      };
-    };
-    spiceUSBRedirection.enable = true;        # USB passthrough
-  };
-  programs.dconf.enable = true;
-
-  environment = {
-    systemPackages = with pkgs; [
-      virt-manager
-      virt-viewer
-      qemu
-      OVMF
-      gvfs                                    # Used for shared folders between linux and windows
-    ];
-  };
-
-  services = {                                # Enable file sharing between OS
-    gvfs.enable = true;
-  };
-
-  #boot ={
-  #  kernelParams = [ "intel_iommu=on" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];      # or amd_iommu (cpu)
-  #  kernelModules = [ "vendor-reset" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd"];
-  #  extraModulePackages = [ config.boot.kernelPackages.vendor-reset ]; # Presumably fix for GPU Reset Bug
-  #  extraModprobeConfig = "options vfio-pci ids=1002:67DF,1002:AAF0"; # grep PCI_ID /sys/bus/pci/devices/*/uevent
-  #  kernelPatches = [
-  #    {
-  #    name = "vendor-reset-reqs-and-other-stuff";
-  #    patch = null;
-  #    extraConfig = ''
-  #    FTRACE y
-  #    KPROBES y
-  #    FUNCTION_TRACER y
-  #    HWLAT_TRACER y
-  #    TIMERLAT_TRACER y
-  #    IRQSOFF_TRACER y
-  #    OSNOISE_TRACER y
-  #    PCI_QUIRKS y
-  #    KALLSYMS y
-  #    KALLSYMS_ALL y
-  #    ''; 
-  #    }
-  #  ];
-  #};
-}
-
-#SHARED FOLDER
-#FOR WINDOWS
-# 3 options:
-#
-# 1. Make use of host samba server
-# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
-# 1.1 On host, set a password for the autentication of the samba server
-# 1.2 $ smbpasswd -a <user>
-# 1.3 Give password twice
-# 1.4 On windows, open file explorer, right click "This PC", Map network drive...
-# 1.5 fill in address: \\<ip-address>\share
-# 1.6 Log in with details entered beforehand
-#
-# 2. Since this setup make use of iommu, you can pass through external usb hard drives or a specific PCI storage devices
-# 2.1 Open details of virtual desktop in virt-manager
-# 2.2 Add hardware
-# 2.3 USB Host Device
-# 2.4 Select device and launch virtual desktop
-#
-# 3. Set up shared folders in windows guest that can be accessed by host
-# 3.0. Enable above service gvfs (this is used in the file manager to actually connect to the windows directory)
-# 3.1. Log in to Windows
-# 3.2. Go to "Network and Sharing Center"
-# 3.3. Click "Change advanced sharing settings" and enable all settings for Private, Guest or Public and All Networks
-# 3.3.1. Under "All Networks" you can disable "Password protected sharing" but it seems for optimal use, it's better to still give the password in the file manager
-# 3.4. (possibly optional), select a folder and click "Properties", "Sharing", "Advanced Sharing"
-# 3.4.1. Enable "Share this file"
-# 3.4.2. Under "Permissions", allow full control. Apply
-# 3.5. Click "Share" and use de drop down to add "Everyone" and change "Permission Level" to "Read/Write". Share, Done
-# 3.6. Search for services and open menu
-# 3.6.1. Search for below serices. Right click and select "Properties". "Startup type" = Automatic
-# 3.6.1.1. SSDP Discovery
-# 3.6.1.2. uPnPDevice Host
-# 3.6.1.3. Functions Discovery Provider Host
-# 3.6.1.4. Functions Discovery Resource Publication
-# 3.7. Find IP of virtual device and make sure you can ping it.
-# 3.8. In file manager add connection
-# 3.8.1. For example in PCManFM
-# 3.8.2. Search for smb://*ip*/
-# 3.8.3. You can even specify specific folder smb://*ip*/users/Matthias/Desktop/share
-# 3.8.4. If prompted to log in, do it, otherwise it might close on its own.
-# 3.9. If there are any issues, maybe disable firewall on guest
-# 3.10. Recommended to bookmark location for later
-# Note:
-# There is no passthrough, its recommended to install the windows kvm guest drivers.
-# Can be found on github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md
-# Add this as CD storage in virt manager
-# It can than be accest in the windows and the guest driver exe's can be run.
-# Also, change video in virt-manager to virtio. This will fix the resolution
-
-#FOR LINUX
-# 2 options
-#
-# 1. Make use of host samba server
-# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
-# 1.1 On host, set a password for the autentication of the samba server
-# 1.2 $ smbpasswd -a <user>
-# 1.3 Give password twice
-# 1.4 On virtual machine open file manager
-# 1.5 Search for smb://<ip-address>/share
-# 1.6 Log in with details entered beforehand
-#
-# 2. Passing through a filesystem
-# 2.1 Open details of virtual desktop on virt-manager
-# 2.2 Add hardware
-# 2.3 Select Filesystem: Type = mount / Mode = mapped / Source path = /home/<user>/share / Target path = /sharepoint
-# 2.4 Boot into virtual machine
-# 2.5 Create a directory to mount /sharepoint
-# 2.6 $ sudo mount -t 9p -o trans=virtio /sharepoint /<mountpoint>
-
-#SINGLE GPU PASSTHROUGH
-# General Guide: gitlab.com/risingprismtv/single-gpu-passthrough/-/wikis/home
-# 1. Download ISO
-# 2. Download latest Video BIOS from techpowerup.com/vgabios (Sapphire RX580 8Gb)
-# 2.1. $ Sudo mkdir /var/lib/libvirt/vbios/
-# 2.2. $ Sudo mv ~/Downloads/*.rom /var/lib/libvirt/vbios/GPU.rom
-# 2.3. $ Cd /var/lib/libvirt/vbios/
-# 2.4. $ Sudo chmod -R 660 GPU.rom
-# 3. Launch virt-manager
-# 4. File - Add Connection
-# 5. Create Virtual Machine
-# 5.1 Select ISO and mark it as win10
-# 5.2 Give temporary RAM
-# 5.3 Customize configuration before install
-# 5.4 Overview - Firmware - UEFI x86_64: /usr/*/OVMF_CODE.fd
-# 5.5 Allow XML Editing via Edit - Preferences
-# 5.6 Edit XML - Remove rtc & pit line. Change hpet to "yes"
-# 6. Start Installation (let it run without interference and do steps below)
-# 6.1 Press Esc, type exit, select boot-manager DVD ROM
-# 6.2 Do installation, select Pro version.
-# 6.3 Install hooks (Step 7 in guide)
-# 7. Close VM
-# 8. Edit VM
-# 8.1 Remove everything spice (Display, Video QXL, Serial, Channel Spice)
-# 8.2 Remove CD Rom
-# 8.3 Add PCI hardware (GPU: 01:00:0 & 01:00:1 (most likely))
-# 8.3 Add Mouse, Keyboard (PCI USB Controller in PCI Host Device or USB Host Device)
-# 9. Select GPU and open XML
-# 9.1 Add line "<rom file='/var/lib/libvirt/vbios/GPU.rom'/>" under "</source>"
-# 9.2 Do for both 01:00:0 and 01:00:1
-# 10. Edit CPU
-# 10.1 Disable "Copy host CPU configuration" and select "host-passthrough"
-# 10.2 Edit topology: Sockets=1 Cores=Total/2 Threads=2
-# 10.3 Edit XML cpu under topology
-# 10.3.1  Add "<feature policy='require' name='topoext'/>" for AMDCPU
-# 10.3.2  Add "<feature policy='disable' name='smep'/>" for Intel CPU
-# 11 Change memory to prefered (12GB for 16GB Total)
-# 12 Start VM
-# 13 Install correct video drivers
-
-#MACOS ON VIRT-MANAGER
-# General Guide: nixos.wiki/wiki/OSX-KVM
-# Repository: github.com/kholia/OSX-KVM
-# IMPORTANT: if you wish to start the virtual machine with virt-manager gui, clone to /home/<user>/.
-# 1. git clone https://github.com/kholia/OSX-KVM
-# 2. create a shell.nix (maybe best to store inside cloned directory)
-# 3. shell.nix content:
-#    with import <nixpkgs> {};
-#    mkShell {
-#      buildInputs = [
-#        qemu
-#        python3
-#        iproute2
-#      ];
-#    }
-# 4. In nixos configuration add:
-#    virtualisation.libvirtd.enable = true;
-#    users.extraUsers.<user>.extraGroups = [ "libvirtd" ];
-#    boot.extraModprobeConfig = ''
-#      options kvm_intel nested=1
-#      options kvm_intel emulate_invalid_guest_state=0
-#      options kvm ignore_msrs=1
-#    '';
-# 5. Run the shell: $ nix-shell
-# 6. As mentioned in the README, run ./fetch-macOS.py
-# 6.1 Can be a specific version 
-# 7. Create base image for the macOs installer
-# 8. $ qemu-img convert BaseSystem.dmg -O raw BaseSystem.img
-# 9. Create disk for macOS
-# 9.1 $ qemu-img create -f qcow2 mac_hdd_ng.img 128G
-# 10. Set up networking. If something like virbr0 does not get detected start virt-manager. Commands:
-#    $ sudo ip tuntap add dev tap0 mode tap
-#    $ sudo ip link set tap0 up promisc on
-#    $ sudo ip link set dev virbr0 up
-#    $ sudo ip link set dev tap0 master virbr0
-# 11. Boot the system
-# 11.1 $ ./OpenCore-Boot.sh
-# 12. Choose the first option to start the MacOS installer: macOS Base Systen
-# 12.1 Use Disk Utility to esase the correct drive.
-# 13. Go back and select the option to reinstall macOS
-# 13.1 After the initial installation, a reboot will happen. Do nothing and wait or select the second option 'MacOs install'.
-# 13.2 This will finalize the installaton but it will probably reboot multiple times. The second option will now have changed to the name of your drive. Use this as the boot option
-# 14. To add the installation to virt-manager:
-# 14.1 $ sed "s/CHANGEME/$USER/g" macOS-libvirt-Catalina.xml > macOS.xml
-# 14.2 Inside macOS.xml change the emulator from /usr/bin/qemu-system-x86_64 to /run/libvirt/nix-emulators/qemu-system-x86_64
-# 14.3 $ virt-xml-validate macOS.xml
-# 15. $ virsh --connect qemu:///system define macOS.xml
-# 16.(optional if permission is needed to the libvirt-qemu user)
-# 16.1 $ sudo setfacl -m u:libvirt-qemu:rx /home/$USER
-# 16.2 $ sudo setfacl -R -m u:libvirt-qemu:rx /home/$USER/OSX-KVM
--- a/modules/editors/nvim/config/bufferline.nix
+++ b/modules/editors/nvim/config/bufferline.nix
@@ -0,0 +1,5 @@
+{
+  plugins.bufferline = {
+    enable = true;
+  };
+}
--- a/modules/editors/nvim/config/default.nix
+++ b/modules/editors/nvim/config/default.nix
@@ -0,0 +1,16 @@
+{ nvim, ... }:
+{
+  # Import all your configuration modules here
+  programs.nixvim = {
+      enable = true;
+      colorschemes.gruvbox.enable = true;
+
+      imports = [
+        ./bufferline.nix
+        ./plugins.nix
+        ./options.nix
+        ./keymaps.nix
+        ./highlight.nix
+      ];
+  };
+}
--- a/modules/editors/nvim/config/highlight.nix
+++ b/modules/editors/nvim/config/highlight.nix
@@ -0,0 +1,8 @@
+{
+  highlight = {
+    Comment.fg = "#ff00ff";
+    Comment.bg = "#000000";
+    Comment.underline = true;
+    Comment.bold = true;
+  };
+}
--- a/modules/editors/nvim/config/keymaps.nix
+++ b/modules/editors/nvim/config/keymaps.nix
@@ -0,0 +1,8 @@
+{
+  keymaps = [
+    {
+      action = "<cmd>Telescope live_grep<CR>";
+      key = "<leader>g";
+    }
+  ];
+}
--- a/modules/editors/nvim/config/options.nix
+++ b/modules/editors/nvim/config/options.nix
@@ -0,0 +1,14 @@
+{
+    config = {
+        globals.mapleader = " ";
+        viAlias = true;
+        vimAlias = true;
+
+        opts = {
+            number = true;         # Show line numbers
+            relativenumber = true; # Show relative line numbers
+
+            shiftwidth = 2;        # Tab width should be 2
+        };
+    };
+}
--- a/modules/editors/nvim/config/plugins.nix
+++ b/modules/editors/nvim/config/plugins.nix
@@ -0,0 +1,51 @@
+{
+    plugins = {
+        lualine.enable = true;
+
+        cmp = {
+            enable = true;
+            autoEnableSources = true;
+            settings = {
+                sources = [
+                  {name = "nvim_lsp";}
+                  {name = "path";}
+                  {name = "buffer";}
+                  {name = "luasnip";}
+                ];
+
+                mapping = {
+                    "<C-d>" = "cmp.mapping.scroll_docs(-4)";
+                    "<C-f>" = "cmp.mapping.scroll_docs(4)";
+                    "<C-Space>" = "cmp.mapping.complete()";
+                    "<C-e>" = "cmp.mapping.close()";
+                    "<CR>" = "cmp.mapping.confirm({ select = true })";
+                    "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
+                    "<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
+                };
+            };
+        };
+
+        lsp = {
+            enable = true;
+
+            servers = {
+                tsserver.enable = true;
+
+                lua-ls = {
+                    enable = true;
+                    settings.telemetry.enable = false;
+                };
+#                rust-analyzer = {
+#                    enable = true;
+#                    installCargo = true;
+#                };
+            };
+        };
+
+        telescope.enable = true;
+
+        treesitter.enable = true;
+
+        luasnip.enable = true;
+    };
+}
--- a/modules/hardware/autoaspm.py
+++ b/modules/hardware/autoaspm.py
@@ -0,0 +1,114 @@
+#!/usr/bin/env python3
+
+# Original bash script by Luis R. Rodriguez
+# Re-written in Python by z8
+# Re-re-written to patch supported devices automatically by notthebee
+
+import re
+import subprocess
+import os
+import platform
+from enum import Enum
+
+class ASPM(Enum):
+    DISABLED = 0b00
+    L0s = 0b01
+    L1 = 0b10
+    L0sL1 = 0b11
+
+
+def run_prerequisites():
+    if platform.system() != "Linux":
+        raise OSError("This script only runs on Linux-based systems")
+    if not os.environ.get("SUDO_UID") and os.geteuid() != 0:
+        raise PermissionError("This script needs root privileges to run")
+    lspci_detected = subprocess.run(["which", "lspci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
+    if lspci_detected.returncode > 0:
+        raise Exception("lspci not detected. Please install pciutils")
+    lspci_detected = subprocess.run(["which", "setpci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
+    if lspci_detected.returncode > 0:
+        raise Exception("setpci not detected. Please install pciutils")
+
+
+def get_device_name(addr):
+    p = subprocess.Popen([
+        "lspci",
+        "-s",
+        addr,
+    ], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    return p.communicate()[0].splitlines()[0].decode()
+
+def read_all_bytes(device):
+    all_bytes = bytearray()
+    device_name = get_device_name(device)
+    p = subprocess.Popen([
+        "lspci",
+        "-s",
+        device,
+        "-xxx"
+    ], stdout= subprocess.PIPE, stderr=subprocess.PIPE)
+    ret = p.communicate()
+    ret = ret[0].decode()
+    for line in ret.splitlines():
+        if not device_name in line and ": " in line:
+            all_bytes.extend(bytearray.fromhex(line.split(": ")[1]))
+    if len(all_bytes) < 256:
+        exit()
+    return all_bytes
+
+def find_byte_to_patch(bytes, pos):
+    pos = bytes[pos]
+    if bytes[pos] != 0x10:
+        pos += 0x1
+        return find_byte_to_patch(bytes, pos)
+    else:
+        pos += 0x10
+        return pos
+
+def patch_byte(device, position, value):
+    subprocess.Popen([
+        "setpci",
+        "-s",
+        device,
+        f"{hex(position)}.B={hex(value)}"
+    ]).communicate()
+
+def patch_device(addr, aspm_value):
+    endpoint_bytes = read_all_bytes(addr)
+    byte_position_to_patch = find_byte_to_patch(endpoint_bytes, 0x34)
+    if int(endpoint_bytes[byte_position_to_patch]) & 0b11 != aspm_value.value:
+        patched_byte = int(endpoint_bytes[byte_position_to_patch])
+        patched_byte = patched_byte >> 2
+        patched_byte = patched_byte << 2
+        patched_byte = patched_byte | aspm_value.value
+
+        patch_byte(addr, byte_position_to_patch, patched_byte)
+        print(f"{addr}: Enabled ASPM {aspm_value.name}")
+    else:
+        print(f"{addr}: Already has ASPM {aspm_value.name} enabled")
+
+
+def list_supported_devices():
+    pcie_addr_regex = r"([0-9a-f]{2}:[0-9a-f]{2}.[0-9a-f])"
+    lspci = subprocess.run("lspci -vv", shell=True, capture_output=True).stdout
+    lspci_arr = re.split(pcie_addr_regex, str(lspci))[1:]
+    lspci_arr = [ x+y for x,y in zip(lspci_arr[0::2], lspci_arr[1::2]) ]
+
+    aspm_devices = {}
+    for dev in lspci_arr:
+        device_addr = re.findall(pcie_addr_regex, dev)[0]
+        if "ASPM" not in dev or "ASPM not supported" in dev:
+            continue
+        aspm_support = re.findall(r"ASPM (L[L0-1s ]*),", dev)
+        if aspm_support:
+            aspm_devices.update({device_addr: ASPM[aspm_support[0].replace(" ", "")]})
+    return aspm_devices
+
+
+def main():
+    run_prerequisites()
+    for device, aspm_mode in list_supported_devices().items():
+        patch_device(device, aspm_mode)
+
+if __name__ == "__main__":
+    main()
--- a/modules/hardware/backup.nix
+++ b/modules/hardware/backup.nix
@@ -9,7 +9,10 @@
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
        roles = [ "source" "info" "send" ];
      }
+      {
+        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
+        roles = [ "target" "info" "receive" "delete" ];
+      }
    ];
-    extraPackages = [ pkgs.lz4 ];
  };
 }
--- a/modules/hardware/bluetooth.nix
+++ b/modules/hardware/bluetooth.nix
@@ -14,4 +14,7 @@
      };
    };
  };
+  environment.systemPackages = with pkgs; [
+    zmkBATx
+  ];
 }
--- a/modules/hardware/hydraCache.nix
+++ b/modules/hardware/hydraCache.nix
@@ -0,0 +1,21 @@
+
+{ config, lib, pkgs, ... }:
+
+{
+  nix = {
+    settings = {
+      extra-trusted-public-keys = [
+        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
+	"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
+      ];
+      extra-substituters = [
+	"https://steamdeck.cachix.org"
+        "https://cache.ci.kabtop.de"
+      ];
+      #extra-trusted-substituters = [
+      #  "https://cache.home.opel-online.de"
+      #];
+    };
+  };
+  
+}
--- a/modules/hardware/remoteClient.nix
+++ b/modules/hardware/remoteClient.nix
@@ -3,7 +3,7 @@

 {
  nix = {
-    distributedBuilds = true;
+    distributedBuilds = false;
    buildMachines = [ {
      hostName = "hades";
      system = "x86_64-linux";
@@ -11,16 +11,16 @@
      sshUser = "nixremote";
      sshKey = config.age.secrets."keys/nixremote".path;
      maxJobs = 1;
-      speedFactor = 8;
+      speedFactor = 4;
      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
      protocol = "ssh-ng";
    } ];
    settings = {
-      trusted-public-keys = [
+      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
      ];
-      substituters = [
-        "ssh-ng://hades"
+      trusted-users = [
+        "kabbone"
      ];
    };
  };
--- a/modules/home.nix
+++ b/modules/home.nix
@@ -24,7 +24,7 @@
    theme = {
      theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
      icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
-      font = mkOption { type = types.str; default = "FiraCode Nerd Font 11"; };
+      font = mkOption { type = types.str; default = "Cascadia Code 11"; };
      wallpaper = mkOption { type = types.str; default = ""; };
    };
  };
--- a/modules/kabbone/corosync-qdevice.nix
+++ b/modules/kabbone/corosync-qdevice.nix
@@ -0,0 +1,75 @@
+{
+  lib,
+  config,
+  pkgs,
+  pkgs-kabbone,
+  ...
+}:
+let
+  cfg = config.services.corosync-qnetd;
+  dataDir = "/var/run/corosync-qnetd";
+in
+{
+  # interface
+  options.services.corosync-qnetd = {
+    enable = lib.mkEnableOption "corosync-qnetd";
+    package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { };
+
+    extraOptions = lib.mkOption {
+      type = with lib.types; listOf str;
+      default = [ ];
+      description = "Additional options with which to start corosync-qnetd.";
+    };
+  };
+
+  # implementation
+
+  # implementation
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ];
+
+    users.users.coroqnetd = {
+      isSystemUser = true;
+      group = "coroqnetd";
+      home = dataDir;
+      description = "Corosync-qnetd Service User";
+    };
+
+    users.groups.coroqnetd = { };
+
+   # environment.etc."corosync/corosync-qnetd.conf".text = ''
+   #   totem {
+   #     version: 2
+   #     secauth: on
+   #     cluster_name: ${cfg.clusterName}
+   #     transport: knet
+   #   }
+
+
+   #   logging {
+   #     to_syslog: yes
+   #   }
+   # '';
+
+    systemd.packages = [ cfg.package ];
+    systemd.services.corosync-qnetd = {
+      serviceConfig = {
+        User = "coroqnetd";
+        StateDirectory = "corosync-qnetd";
+        StateDirectoryMode = "0700";
+      };
+    };
+
+    environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) ''
+      COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
+    '';
+  };
+
+  meta = {
+    #buildDocsInSandbox = false;
+    #doc = ./mautrix-whatsapp.md;
+    maintainers = with lib.maintainers; [
+      kabbone
+    ];
+  };
+}
--- a/modules/kabbone/mautrix-whatsapp.md
+++ b/modules/kabbone/mautrix-whatsapp.md
@@ -0,0 +1,32 @@
+# Mautrix-Whatsapp {#module-services-mautrix-whatsapp}
+
+[Mautrix-Whatsapp](https://github.com/mautrix/whatsapp) is a Matrix-Whatsapp puppeting bridge.
+
+## Configuration {#module-services-mautrix-whatsapp-configuration}
+
+1. Set [](#opt-services.mautrix-whatsapp.enable) to `true`. The service will use
+   SQLite by default.
+2. To create your configuration check the default configuration for
+   [](#opt-services.mautrix-whatsapp.settings). To obtain the complete default
+   configuration, run
+   `nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c default.yaml -e"`.
+
+::: {.warning}
+Mautrix-Whatsapp allows for some options like `encryption.pickle_key`,
+`provisioning.shared_secret`, allow the value `generate` to be set.
+Since the configuration file is regenerated on every start of the
+service, the generated values would be discarded and might break your
+installation. Instead, set those values via
+[](#opt-services.mautrix-whatsapp.environmentFile).
+:::
+
+## Migrating from an older configuration {#module-services-mautrix-whatsapp-migrate-configuration}
+
+With Mautrix-Whatsapp v0.7.0 the configuration has been rearranged. Mautrix-Whatsapp
+performs an automatic configuration migration so your pre-0.7.0 configuration
+should just continue to work.
+
+In case you want to update your NixOS configuration, compare the migrated configuration
+at `/var/lib/mautrix-whatsapp/config.yaml` with the default configuration
+(`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c example.yaml -e"`) and
+update your module configuration accordingly.
--- a/modules/kabbone/mautrix-whatsapp.nix
+++ b/modules/kabbone/mautrix-whatsapp.nix
@@ -0,0 +1,280 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.kabbone_mautrix-whatsapp;
+  dataDir = "/var/lib/mautrix-whatsapp";
+  registrationFile = "${dataDir}/whatsapp-registration.yaml";
+  settingsFile = "${dataDir}/config.yaml";
+  settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
+  settingsFormat = pkgs.formats.json { };
+  appservicePort = 29318;
+
+  # to be used with a list of lib.mkIf values
+  optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
+  mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
+  defaultConfig = {
+    network = {
+      displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
+      identity_change_notices = true;
+      history_sync = {
+        request_full_sync = true;
+      };
+    };
+    bridge = {
+      command_prefix = "!wa";
+      relay.enabled = true;
+      permissions."*" = "relay";
+    };
+    database = {
+      type = "sqlite3";
+      uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
+    };
+    homeserver.address = "http://localhost:8448";
+    appservice = {
+      hostname = "[::]";
+      port = appservicePort;
+      id = "whatsapp";
+      bot = {
+        username = "whatsappbot";
+        displayname = "WhatsApp Bridge Bot";
+      };
+      as_token = "";
+      hs_token = "";
+      username_template = "whatsapp_{{.}}";
+    };
+    double_puppet = {
+      servers = { };
+      secrets = { };
+    };
+    # By default, the following keys/secrets are set to `generate`. This would break when the service
+    # is restarted, since the previously generated configuration will be overwritten everytime.
+    # If encryption is enabled, it's recommended to set those keys via `environmentFile`.
+    encryption.pickle_key = "";
+    provisioning.shared_secret = "";
+    public_media.signing_key = "";
+    direct_media.server_key = "";
+    logging = {
+      min_level = "info";
+      writers = lib.singleton {
+        type = "stdout";
+        format = "pretty-colored";
+        time_format = " ";
+      };
+    };
+  };
+
+in
+{
+  options.services.kabbone_mautrix-whatsapp = {
+    enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
+
+    package = lib.mkPackageOption pkgs "mautrix-whatsapp" { };
+
+    settings = lib.mkOption {
+      apply = lib.recursiveUpdate defaultConfig;
+      type = settingsFormat.type;
+      default = defaultConfig;
+      description = ''
+        {file}`config.yaml` configuration as a Nix attribute set.
+        Configuration options should match those described in the example configuration.
+        Get an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`
+        Secret tokens should be specified using {option}`environmentFile`
+        instead of this world-readable attribute set.
+      '';
+      example = {
+        bridge = {
+          private_chat_portal_meta = true;
+          mute_only_on_create = false;
+          permissions = {
+            "example.com" = "user";
+          };
+        };
+        database = {
+          type = "postgres";
+          uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
+        };
+        homeserver = {
+          address = "http://[::1]:8008";
+          domain = "my-domain.tld";
+        };
+        appservice = {
+          id = "whatsapp";
+          ephemeral_events = false;
+        };
+        matrix.message_status_events = true;
+        provisioning = {
+          shared_secret = "disable";
+        };
+        backfill.enabled = true;
+        encryption = {
+          allow = true;
+          default = true;
+          require = true;
+          pickle_key = "$ENCRYPTION_PICKLE_KEY";
+        };
+      };
+    };
+
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        File containing environment variables to be passed to the mautrix-signal service.
+        If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
+        then its value will be used in the configuration file for the option
+        `double_puppet.secrets` without leaking it to the store, using the configured
+        `homeserver.domain` as key.
+      '';
+    };
+
+    serviceDependencies = lib.mkOption {
+      type = with lib.types; listOf str;
+      default =
+        (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
+        ++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
+      defaultText = lib.literalExpression ''
+        (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
+        ++ (optional config.services.matrix-conduit.enable "conduit.service")
+      '';
+      description = ''
+        List of systemd units to require and wait for when starting the application service.
+      '';
+    };
+
+    registerToSynapse = lib.mkOption {
+      type = lib.types.bool;
+      default = config.services.matrix-synapse.enable;
+      defaultText = lib.literalExpression ''
+        config.services.matrix-synapse.enable
+      '';
+      description = ''
+        Whether to add the bridge's app service registration file to
+        `services.matrix-synapse.settings.app_service_config_files`.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    users.users.mautrix-whatsapp = {
+      isSystemUser = true;
+      group = "mautrix-whatsapp";
+      home = dataDir;
+      description = "Mautrix-Whatsapp bridge user";
+    };
+
+    users.groups.mautrix-whatsapp = { };
+
+    services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
+      settings.app_service_config_files = [ registrationFile ];
+    };
+    systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
+      serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
+    };
+
+    # Note: this is defined here to avoid the docs depending on `config`
+    services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
+      with config.services;
+      [
+        (lib.mkIf matrix-synapse.enable (mkDefaults {
+          domain = matrix-synapse.settings.server_name;
+        }))
+        (lib.mkIf matrix-conduit.enable (mkDefaults {
+          domain = matrix-conduit.settings.global.server_name;
+          address = "http://localhost:${toString matrix-conduit.settings.global.port}";
+        }))
+      ]
+    );
+
+    systemd.services.kabbone_mautrix-whatsapp = {
+      description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
+      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
+      # ffmpeg is required for conversion of voice messages
+      path = [ pkgs.ffmpeg-headless ];
+
+      preStart = ''
+        # substitute the settings file by environment variables
+        # in this case read from EnvironmentFile
+        test -f '${settingsFile}' && rm -f '${settingsFile}'
+        old_umask=$(umask)
+        umask 0177
+        ${pkgs.envsubst}/bin/envsubst \
+          -o '${settingsFile}' \
+          -i '${settingsFileUnsubstituted}'
+        umask $old_umask
+
+        # generate the appservice's registration file if absent
+        if [ ! -f '${registrationFile}' ]; then
+          ${cfg.package}/bin/mautrix-whatsapp \
+            --generate-registration \
+            --config='${settingsFile}' \
+            --registration='${registrationFile}'
+        fi
+        chmod 640 ${registrationFile}
+
+        umask 0177
+        # 1. Overwrite registration tokens in config
+        # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET
+        #    is set, set it as the login shared secret value for the configured
+        #    homeserver domain.
+        ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
+          | .[0].appservice.hs_token = .[1].hs_token
+          | .[0]
+          | if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
+          '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
+        mv '${settingsFile}.tmp' '${settingsFile}'
+        umask $old_umask
+      '';
+
+      serviceConfig = {
+        User = "mautrix-whatsapp";
+        Group = "mautrix-whatsapp";
+        EnvironmentFile = cfg.environmentFile;
+        StateDirectory = baseNameOf dataDir;
+        WorkingDirectory = dataDir;
+        ExecStart = ''
+          ${cfg.package}/bin/mautrix-whatsapp \
+          --config='${settingsFile}' \
+          --registration='${registrationFile}'
+        '';
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        Restart = "on-failure";
+        RestartSec = "30s";
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallErrorNumber = "EPERM";
+        SystemCallFilter = [ "@system-service" ];
+        Type = "simple";
+        UMask = 27;
+      };
+      restartTriggers = [ settingsFileUnsubstituted ];
+    };
+  };
+  meta = {
+    #buildDocsInSandbox = false;
+    #doc = ./mautrix-whatsapp.md;
+    maintainers = with lib.maintainers; [
+      kabbone
+    ];
+  };
+}
--- a/modules/programs/alacritty.nix
+++ b/modules/programs/alacritty.nix
@@ -15,16 +15,14 @@
      enable = true;
      package = pkgs.alacritty;
      settings = {
+        env.term = "screen-256color";
        font = rec {                          # Font - Laptop has size manually changed at home.nix
-          #normal.family = "Source Code Pro";
-          normal.family = "FiraCode Nerd Font";
+          #normal.family = "FiraCode Nerd Font";
+          normal.family = "Cascadia Code";
+          #normal.family = "Intel One Mono";
          #bold = { style = "Bold"; };
 #         size = 8;
        };
-        offset = {                            # Positioning
-          x = -1;
-          y = 0;
-        };
      };
    };
  };
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -12,10 +12,10 @@

 [
   ./alacritty.nix
-   ./rofi.nix
+#   ./rofi.nix
   ./firefox.nix
   #./waybar.nix
   #./games.nix
 ]
-# Waybar.nix is pulled from modules/desktop/..
+# Waybar.nix is pulled from modules/wm/..
 # Games.nix is pulled from desktop/default.nix
--- a/modules/programs/firefox.nix
+++ b/modules/programs/firefox.nix
@@ -18,7 +18,7 @@
      #        ExtensionSettings =  {};
      #    };
      #};
-      package = pkgs.firefox-wayland;
+#      package = pkgs.firefox-wayland;
 #      profiles.kabbone = {
 #          #id = 271987;
 #          name = "kabbone";
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -19,6 +19,7 @@
  #./udiskie.nix
  #./redshift.nix
  ./kanshi.nix
+  ./keyring.nix
 ]

 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/dmz/default.nix
+++ b/modules/services/dmz/default.nix
@@ -12,6 +12,7 @@

 [
  ./microvm.nix
+#  ./hydra.nix
 ]

 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/dmz/gitea_runner.nix
+++ b/modules/services/dmz/gitea_runner.nix
@@ -5,6 +5,12 @@
      podman ={
        enable = true;
        autoPrune.enable = true;
+        dockerCompat = true;
+      };
+      containers.containersConf.settings = {
+        # podman seems to not work with systemd-resolved
+        containers.dns_servers = [ "192.168.101.1" ];
+        #containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
      };
    };

@@ -13,24 +19,42 @@
            enable = true;
            url = "https://git.kabtop.de";
            name = "Homerunner";
-            tokenFile = config.age.secrets."services/gitea/runner-token".path;
+            tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
            labels = [ 
+              "home"
              "debian-latest:docker://node:18-bullseye"
+              "ubuntu-latest:docker://node:16-bullseye"
+              "ubuntu-22.04:docker://node:16-bullseye"
+              "ubuntu-20.04:docker://node:16-bullseye"
+              "ubuntu-18.04:docker://node:16-buster"
              "native:host"
            ];
            hostPackages = with pkgs; [
              bash
-              curl
-              gitMinimal
              coreutils
-              wget
+              curl
+              gawk
+              gitMinimal
              gnused
+              nodejs
+              wget
            ];
+            settings = {
+             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
+               # the default network that also respects our dns server settings
+              container.network = "host";
+              container.privileged = false;
+             # container.valid_volumes = [
+             #   "/nix"
+             #   "${storeDeps}/bin"
+             #   "${storeDeps}/etc/ssl"
+             # ];
+            };
        };
    };

-  age.secrets."services/gitea/runner-token" = {
-    file = ../../../secrets/services/gitea/runner-token.age;
-    owner = "gitea-runner";
-  };
+    age.secrets."services/gitea/homerunner-token" = {
+      file = ../../../secrets/services/gitea/homerunner-token.age;
+      owner = "gitea-runner";
+    };
 }
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -0,0 +1,91 @@
+{ lib, config, pkgs, ... }:
+
+{
+    services = {
+      hydra = {
+        enable = true;
+        hydraURL = "https://hydra.home.opel-online.de";
+        listenHost = "127.0.0.1";
+        notificationSender = "hydra@localhost";
+        useSubstitutes = true;
+        minimumDiskFree = 30;
+      };
+      nix-serve = {
+          enable = true;
+          port = 5001;
+          bindAddress = "127.0.0.1";
+          secretKeyFile = config.age.secrets."keys/nixsign".path;
+      };
+      nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        virtualHosts = {
+          "home.opel-online.de" = {
+            enableACME = true;
+            forceSSL = true;
+            default = true;
+            locations."/".return = "503";
+          };
+          "hydra.home.opel-online.de" = {
+            useACMEHost = "home.opel-online.de";
+            forceSSL = true;
+            locations."/" = {
+              proxyPass = "http://localhost:3000";
+              extraConfig = ''
+                proxy_set_header X-Forwarded-Port 443;
+              '';
+            };
+          };
+          "cache.home.opel-online.de" = {
+            useACMEHost = "home.opel-online.de";
+            forceSSL = true;
+            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+          };
+        };
+      };
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "webmaster@opel-online.de";
+        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+        dnsResolver = "9.9.9.9:53";
+      };
+      certs = {
+        "home.opel-online.de" = {
+          domain = "*.home.opel-online.de";
+          dnsProvider = "netcup";
+          environmentFile = config.age.secrets."services/acme/opel-online".path;
+          webroot = null;
+        };
+      };
+    };
+    
+    nix = {
+      settings = {
+        trusted-users = [
+          "hydra"
+        ];
+        allowed-uris = "http:// https://";
+      };
+
+      extraOptions = ''
+        secret-key-files = ${config.age.secrets."keys/nixsign".path}
+      '';
+    };
+    
+    age.secrets."keys/nixsign" = {
+      file = ../../../secrets/keys/nixservepriv.age;
+      owner = "hydra";
+    };
+    age.secrets."services/acme/opel-online" = {
+      file = ../../../secrets/services/acme/opel-online.age;
+      owner = "acme";
+    };
+
+
+}
--- a/modules/services/dmz/microvm.nix
+++ b/modules/services/dmz/microvm.nix
@@ -1,23 +1,23 @@
-{ microvm, nixpkgs, user, agenix, ... }:
+{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  microvm = {
    autostart = [
-      "gitea-runnervm"
+      name
    ];
    vms = {
      ${name} = {

-
-        pkgs = import nixpkgs {
-          system = "x86_64-linux";
-          config.allowUnfree = true;
-        };
+        inherit pkgs;

        config = {
-          imports = [( ./gitea_runner.nix )];
+          imports = 
+            [ agenix.nixosModules.default ] ++
+            [ impermanence.nixosModules.impermanence ] ++
+            [( ./gitea_runner.nix )];
+
          networking = {
            hostName = "${name}";

@@ -55,6 +55,41 @@ in
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
+              hostKeys = [
+              {
+                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
+                  type = "ed25519";
+              }
+              {
+                  path = "/persist/etc/ssh/ssh_host_rsa_key";
+                  type = "rsa";
+                  bits = 4096;
+              }];
+            };
+          };
+
+          fileSystems."/persist".neededForBoot = lib.mkForce true;
+
+          environment = {
+            systemPackages = with pkgs; [           # Default packages install system-wide
+               bash
+               coreutils
+               curl
+               gawk
+               gitMinimal
+               gnused
+               nodejs
+               wget
+            ];
+            persistence."/persist" = {
+              directories = [
+                "/var/log"
+                "/var/lib/private"
+              ];
+
+              files = [
+                "/etc/machine-id"
+              ];
            };
          };

@@ -68,7 +103,7 @@ in
              id = "vm-${name}";
              mac = "04:00:00:00:00:01";
              macvtap = {
-                  link = "enp6s18";
+                  link = "ens18";
                  mode = "bridge";
              };
            } ];
@@ -77,11 +112,18 @@ in
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
+            }
+            {
+              source = "/etc/vm-persist/${name}";
+              mountPoint = "/persist";
+              tag = "persist";
+              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
-        system.stateVersion = "23.05";
+
+          system.stateVersion = "23.05";
        };
      };
    };
--- a/modules/services/kabtopci/default.nix
+++ b/modules/services/kabtopci/default.nix
@@ -0,0 +1,19 @@
+#
+#  Services
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ home.nix
+#   └─ ./modules
+#       └─ ./services
+#           └─ default.nix *
+#               └─ ...
+#
+
+[
+#  ./microvm.nix
+  ./hydra.nix
+]
+
+# picom, polybar and sxhkd are pulled from desktop module
+# redshift temporarely disables
--- a/modules/services/kabtopci/gitea_runner.nix
+++ b/modules/services/kabtopci/gitea_runner.nix
@@ -0,0 +1,59 @@
+{ lib, config, pkgs, ... }:
+
+{
+    virtualisation = {
+      podman ={
+        enable = true;
+        autoPrune.enable = true;
+        dockerCompat = true;
+      };
+      containers.containersConf.settings = {
+        # podman seems to not work with systemd-resolved
+        containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
+      };
+    };
+
+    services.gitea-actions-runner.instances = {
+        cirunner = {
+            enable = true;
+            url = "https://git.kabtop.de";
+            name = "CI Kabtop runner";
+            tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
+            labels = [ 
+              "ci"
+              "debian-latest:docker://node:18-bullseye"
+              "ubuntu-latest:docker://node:16-bullseye"
+              "ubuntu-22.04:docker://node:16-bullseye"
+              "ubuntu-20.04:docker://node:16-bullseye"
+              "ubuntu-18.04:docker://node:16-buster"
+              "native:host"
+            ];
+            hostPackages = with pkgs; [
+              bash
+              coreutils
+              curl
+              gawk
+              gitMinimal
+              gnused
+              nodejs
+              wget
+            ];
+            settings = {
+             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
+               # the default network that also respects our dns server settings
+              container.network = "host";
+              container.privileged = false;
+             # container.valid_volumes = [
+             #   "/nix"
+             #   "${storeDeps}/bin"
+             #   "${storeDeps}/etc/ssl"
+             # ];
+            };
+        };
+    };
+
+    age.secrets."services/gitea/cirunner-token" = {
+      file = ../../../secrets/services/gitea/cirunner-token.age;
+      owner = "gitea-runner";
+    };
+}
--- a/modules/services/kabtopci/hydra.nix
+++ b/modules/services/kabtopci/hydra.nix
@@ -0,0 +1,82 @@
+{ lib, config, pkgs, ... }:
+
+{
+    services = {
+      hydra = {
+        enable = true;
+        hydraURL = "https://hydra.ci.kabtop.de";
+        listenHost = "127.0.0.1";
+        notificationSender = "hydra@kabtop.de";
+        useSubstitutes = true;
+        minimumDiskFree = 8;
+      };
+      nix-serve = {
+          enable = true;
+          port = 5001;
+          bindAddress = "127.0.0.1";
+          secretKeyFile = config.age.secrets."keys/nixsign".path;
+      };
+      nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        virtualHosts = {
+          "ci.kabtop.de" = {
+            enableACME = true;
+            forceSSL = true;
+            default = true;
+            locations."/".return = "503";
+          };
+          "hydra.ci.kabtop.de" = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/" = {
+              proxyPass = "http://localhost:3000";
+              extraConfig = ''
+                proxy_set_header X-Forwarded-Port 443;
+              '';
+            };
+          };
+          "cache.ci.kabtop.de" = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+          };
+        };
+      };
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "webmaster@kabtop.de";
+        webroot = "/var/lib/acme/acme-challenge";
+        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      };
+    };
+    
+    nix = {
+      settings = {
+        trusted-users = [
+          "hydra"
+        ];
+        allowed-uris = [
+	  "github:"
+	  "https://github.com/"
+  	  "git+ssh://github.com/"
+  	];
+      };
+
+      extraOptions = ''
+        secret-key-files = ${config.age.secrets."keys/nixsign".path}
+      '';
+    };
+    
+    age.secrets."keys/nixsign" = {
+      file = ../../../secrets/keys/nixservepriv.age;
+      owner = "hydra";
+    };
+
+}
--- a/modules/services/kabtopci/microvm.nix
+++ b/modules/services/kabtopci/microvm.nix
@@ -0,0 +1,128 @@
+{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
+let
+  name = "gitea-runner";
+in
+{
+  microvm = {
+    autostart = [
+      name
+    ];
+    vms = {
+      ${name} = {
+
+        inherit pkgs;
+
+        config = {
+          imports = 
+            [ agenix.nixosModules.default ] ++
+            [ impermanence.nixosModules.impermanence ] ++
+            [( ./gitea_runner.nix )];
+
+          networking = {
+            hostName = "${name}";
+
+            firewall = {
+              enable = true;
+                allowedUDPPorts = [  ];
+                allowedTCPPorts = [  ];
+            };
+          };
+          systemd.network = {
+              enable = true;
+              networks = {
+                  "10-lan" = {
+                      matchConfig.Name = "*";
+                      networkConfig = {
+                        DHCP = "yes";
+                        IPv6AcceptRA = true;
+                      };
+                  };
+              };
+          };
+
+          users.users.${user} = {                   # System User
+            isNormalUser = true;
+            extraGroups = [ "wheel" ];
+            uid = 2000;
+            openssh.authorizedKeys.keys = [
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
+              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
+            ];
+          };
+          services = {
+            openssh = {
+              enable = true;
+              settings.PasswordAuthentication = false;
+              hostKeys = [
+              {
+                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
+                  type = "ed25519";
+              }
+              {
+                  path = "/persist/etc/ssh/ssh_host_rsa_key";
+                  type = "rsa";
+                  bits = 4096;
+              }];
+            };
+          };
+
+          fileSystems."/persist".neededForBoot = lib.mkForce true;
+
+          environment = {
+            systemPackages = with pkgs; [           # Default packages install system-wide
+               bash
+               coreutils
+               curl
+               gawk
+               gitMinimal
+               gnused
+               nodejs
+               wget
+            ];
+            persistence."/persist" = {
+              directories = [
+                "/var/log"
+                "/var/lib/private"
+              ];
+
+              files = [
+                "/etc/machine-id"
+              ];
+            };
+          };
+
+          microvm = {
+            hypervisor = "qemu";
+            vcpu = 4;
+            mem = 3096;
+            #kernel = pkgs.linuxKernel.packages.linux_latest;
+            interfaces = [
+            {
+              type = "user";
+              id = "vm-${name}";
+              mac = "04:00:00:00:00:02";
+            } ];
+             shares = [{
+              source = "/nix/store";
+              mountPoint = "/nix/.ro-store";
+              tag = "ro-store";
+              proto = "virtiofs";
+            }
+            {
+              source = "/etc/vm-persist/${name}";
+              mountPoint = "/persist";
+              tag = "persist";
+              proto = "virtiofs";
+            }];
+            #writableStoreOverlay = "/nix/.rw-store";
+            #storeOnDisk = true;
+          };
+
+          system.stateVersion = "23.05";
+        };
+      };
+    };
+  };
+}
--- a/modules/services/kanshi.nix
+++ b/modules/services/kanshi.nix
@@ -7,31 +7,34 @@
 {
    services.kanshi = {
        enable = true;
-        profiles = {
-            undocked = {
+        settings = [
+            {
+	      profile = {
+	        name = "undocked";
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                ];
-            };
-            #docked_c = {
-            #    outputs = [
-            #        { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
-            #        { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
-            #    ];
-            #};
-            docked_c = {
+	      };
+            }
+	    {
+	      profile = {
+	        name = "docked_c";
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
-            };
-            docked_triple = {
+	      };
+            }
+	    {
+	      profile = {
+	        name = "docked_triple";
                outputs = [
                    { criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
                    { criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
-            };
-        };
+	      };
+            }
+        ];
    };
 }
--- a/modules/services/keyring.nix
+++ b/modules/services/keyring.nix
@@ -0,0 +1,14 @@
+#
+# Screenshots
+#
+
+{ pkgs, user, ... }:
+
+{
+  services = {                                    # sxhkd shortcut = Printscreen button (Print)
+    gnome-keyring = {
+      enable = true;
+    };
+  };
+  home.packages = with pkgs; [ gcr seahorse ];
+}
--- a/modules/services/kubemaster/default.nix
+++ b/modules/services/kubemaster/default.nix
@@ -0,0 +1,19 @@
+#
+#  Services
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ home.nix
+#   └─ ./modules
+#       └─ ./services
+#           └─ default.nix *
+#               └─ ...
+#
+
+[
+#  ./microvm.nix
+#  ./hydra.nix
+]
+
+# picom, polybar and sxhkd are pulled from desktop module
+# redshift temporarely disables
--- a/modules/services/nas/default.nix
+++ b/modules/services/nas/default.nix
@@ -12,6 +12,9 @@

 [
  ./nfs.nix
+  ./nginx.nix
+  ./vaultwarden.nix
+  ./syncthing.nix
 ]

 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/nas/nfs.nix
+++ b/modules/services/nas/nfs.nix
@@ -11,7 +11,7 @@
  };
  # open the firewall
  networking.firewall = {
-    interfaces.enp6s18 = {
+    interfaces.ens18 = {
      allowedTCPPorts = [ 2049 ];
    };
  };
--- a/modules/services/nas/nginx.nix
+++ b/modules/services/nas/nginx.nix
@@ -0,0 +1,53 @@
+#
+# System notifications
+#
+
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    virtualHosts = {
+      "home.opel-online.de" = {
+        enableACME = true;
+        forceSSL = true;
+        default = true;
+        locations."/".return = "503";
+      };
+    };
+  };
+    
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "webmaster@opel-online.de";
+#      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      dnsResolver = "9.9.9.9:53";
+    };
+    certs = {
+      "home.opel-online.de" = {
+        domain = "*.home.opel-online.de";
+        dnsProvider = "netcup";
+        environmentFile = config.age.secrets."services/acme/opel-online".path;
+        webroot = null;
+      };
+    };
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedUDPPorts = [  ];
+    allowedTCPPorts = [ 80 443 ];
+  };
+
+  age.secrets."services/acme/opel-online" = {
+    file = ../../../secrets/services/acme/opel-online.age;
+    owner = "acme";
+  };
+
+}
--- a/modules/services/nas/syncthing.nix
+++ b/modules/services/nas/syncthing.nix
@@ -0,0 +1,53 @@
+#
+# System notifications
+#
+
+{ config, lib, pkgs, ... }:
+
+{
+  services.syncthing = {
+    enable = true;
+    group = "users";
+    user = "kabbone";
+    dataDir = "/home/${config.services.syncthing.user}/Sync";
+    configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
+    overrideDevices = true;     # overrides any devices added or deleted through the WebUI
+    overrideFolders = true;     # overrides any folders added or deleted through the WebUI
+    openDefaultPorts = true;
+    settings = {
+      devices = {
+        "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
+        "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
+      };
+      folders = {
+        "Sync" = {         # Name of folder in Syncthing, also the folder ID
+          path = "/mnt/Mars/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
+          devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ];      # Which devices to share the folder with
+          ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
+        };
+      };
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "syncthing.home.opel-online.de" = {
+        useACMEHost = "home.opel-online.de";
+        forceSSL = true;
+        locations."/" = {
+	  recommendedProxySettings = false;
+	  proxyPass = "http://${toString config.services.syncthing.guiAddress}";
+          extraConfig = ''
+          proxy_set_header        Host localhost;
+          proxy_set_header        X-Real-IP $remote_addr;
+          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header        X-Forwarded-Proto $scheme;
+          proxy_set_header        X-Forwarded-Host $host;
+          proxy_set_header        X-Forwarded-Server $host;
+          '';
+        };
+      };
+    };
+  };
+
+}
--- a/modules/services/nas/vaultwarden.nix
+++ b/modules/services/nas/vaultwarden.nix
@@ -0,0 +1,38 @@
+#
+# System notifications
+#
+
+{ config, lib, pkgs, ... }:
+
+{
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "sqlite";
+    backupDir = "/var/backup/vaultwarden";
+    environmentFile = config.age.secrets."services/vaultwarden/environment".path;
+    config = {
+      DOMAIN = "https://vault.home.opel-online.de";
+      SIGNUPS_ALLOWED = false;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+
+      ROCKET_LOG = "critical";
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "vault.home.opel-online.de" = {
+        useACMEHost = "home.opel-online.de";
+        forceSSL = true;
+        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+      };
+    };
+  };
+
+  age.secrets."services/vaultwarden/environment" = {
+      file = ../../../secrets/services/vaultwarden/environment.age;
+      owner = "vaultwarden";
+  };
+
+}
--- a/modules/services/printer/cfgs/CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/CALIBRATION.cfg
@@ -0,0 +1,50 @@
+[gcode_macro PID_TEST_BED]
+gcode:
+    # Parameters
+    {% set TARGETTEMP = params.TEMP|default(70)|int %}
+    
+    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
+    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
+    G28
+    G90
+    G1 X{max_x/2} Y{max_y/2} Z40 F6000
+    PID_CALIBRATE HEATER=heater_bed TARGET={TARGETTEMP}
+
+[gcode_macro PID_TEST_HOTEND]
+gcode:
+    # Parameters
+    {% set TARGETTEMP = params.TEMP|default(245)|int %}
+    
+    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
+    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
+    G28
+    G90
+    G1 X{max_x/2} Y{max_y/2} Z10 F6000
+    M106 S64
+    PID_CALIBRATE HEATER=extruder TARGET={TARGETTEMP}
+    M107 ; Turn off print cooling fan
+
+# TODO test this
+[gcode_macro PID_TEST_ALL]
+gcode:
+    PID_TEST_BED
+    PID_TEST_HOTEND
+    SAVE_CONFIG
+
+[gcode_macro DO_PROBE_CALIBRATE]
+gcode:
+    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
+    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
+    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
+    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
+    G28
+    PROBE_CALIBRATE
+
+[gcode_macro DO_CREATE_MESH]
+gcode:
+    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
+    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
+    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
+    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
+    G28
+    _BED_MESH_CALIBRATE
--- a/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
@@ -0,0 +1,110 @@
+###############################################################################
+#  Source https://github.com/strayr/strayr-k-macros/blob/e0807570a66d28735cf05143b105ab4ea6d9798f/mechanical_level_tmc2209.cfg
+# 
+#  Mechanical Gantry Calibration
+#  
+#  Requires TMC2209 drivers with UART control, some tuning and perhaps 
+#  some printed endstops.
+#
+#  Based on on (depricated) M915 and now alternate G34 from Marlin
+#  I beleive Prusa use this, certainly there's older videos advising to just
+#  ram the gantry at full current into the the z-max stops.
+#
+#  It moves the gantry to the top of the travel, drops the current and then
+#  does a force move to force the steppers to stall against the physical end
+#  stops, transfering the level of the frame to the gantry. 
+#
+#  This is the only way to programatically level a multi-stepper single-driver 
+#  gantry. It may also help with a dual-driver gantry on a bed-slinger design
+#  or where the plane of the bed is less trustworthy than the frame.
+#
+#  It's particularly risky doing Z_TILT_ADJUST and SCREWS_TILT_CALCULATE
+#  without a mechanical reference as if one side of the gantry or bed is prone
+#  to droop, over time both bed and gantry will skew excessively but still read
+#  as level, so this can help transfer "level" from the frame to the gantry and
+#  then to the bed.
+#
+#  I don't recommend doing this in a START_PRINT, I call this if a 
+#  SCREWS_TILT_CALCULATE shows some drift, althoughon an Ender 3 type printer
+#  it's prudent to check the v-slot rollers for correct adjustment if drift is
+#  observed.
+#
+#  It's probably best to run this and then do SCREWS_TILT_CALCULATE
+#  until the bed is really level. IF you have dual Z steppers you can then
+#  use Z_TILT_ADJUST for subsequent leveling of the gantry but make sure you
+#  use the same points for gantry level as you use in SCREWS_TILT_CALCULATE
+#
+#  It may damage your printer if you do this at too high a current, or don't
+#  have proper endstops.
+#  
+#            HERE BE DRAGONS!
+#            YOU WERE WARNED!
+#
+#  Here's a video of this in action
+#  https://www.youtube.com/watch?v=aVdIeIIpUAk
+#  and the endstops for 2020 v-slot
+#  https://www.thingiverse.com/thing:4848479
+
+[gcode_macro MECHANICAL_GANTRY_CALIBRATION]
+gcode:
+    ### SET THIS DEFAULT CARFULLY - start really low
+    {% set my_current = params.CURRENT|default(0.20)|float %} ; adjust crash current on the fly :D
+    ###
+    {% set oldcurrent = printer.configfile.settings["tmc2209 stepper_z"].run_current %}
+    {% set oldhold = printer.configfile.settings["tmc2209 stepper_z"].hold_current %} 
+    {% set x_max = printer.toolhead.axis_maximum.x %} 
+    {% set y_max = printer.toolhead.axis_maximum.y %} 
+    {% set z_max = printer.toolhead.axis_maximum.z %} 
+    {% set fast_move_z = printer.configfile.settings["printer"].max_z_velocity %}
+    {% set fast_move = printer.configfile.settings["printer"].max_velocity %}
+    M117 {printer.homed_axes}
+    {% if printer.homed_axes != 'xyz' %}
+        G28 ; Home All Axes
+    {% endif %}
+    G90 ; absolute
+    G0 X{x_max / 2} Y{y_max / 2} F{fast_move * 30 } ;put toolhead in the center of the gantry
+
+    G0 Z{z_max -5} F{fast_move_z * 60 } ; go to the Z-max - 5 at speed max z speed ; CHANGED
+    
+    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={my_current} ; drop current on Z stepper
+    
+    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
+        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={my_current} ; drop current
+    {% endif %}
+
+    CONDITIONAL_BEEP I=1
+    G4 P200 ; Probably not necessary, it is here just for sure
+
+    SET_KINEMATIC_POSITION Z={z_max - 25} ; Trick printer into beleiving the gantry is 25mm lower than it is ; CHANGED
+
+    G1 Z{z_max} F{6 * 60} ; based on above figures, there will be 20mm worth of grinding ; CHANGED
+    CONDITIONAL_BEEP I=2
+    G4 P10000 ; wait 10 seconds
+    G1 Z{z_max -6} F{6 * 60} ; move 4mm down
+    CONDITIONAL_BEEP I=3
+    G4 P200 ; same as the first one
+    
+    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={oldcurrent} HOLDCURRENT={oldhold}
+
+    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
+        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={oldcurrent} HOLDCURRENT={oldhold} ; reset current
+    {% endif %}
+
+    G1 Z{z_max -30} F{6 * 60} ; move to 30mm below z-max to allow homing movement
+
+    G4 P200 ; same as the first one
+    G28 Z ; we MUST home again as the ganty is really in the wrong place.
+
+[gcode_macro G34]
+gcode:
+    MECHANICAL_GANTRY_CALIBRATION
+
+[menu __main __setup __calib __mech_gantry_calibrate]
+type: command
+enable: {not printer.idle_timeout.state == "Printing"}
+name: G34 Gantry Level
+gcode:
+    G34
+
+[force_move]
+enable_force_move: true ; enable FORCE_MOVE and SET_KINEMATIC_POSITION
--- a/modules/services/printer/cfgs/PARKING.cfg
+++ b/modules/services/printer/cfgs/PARKING.cfg
@@ -0,0 +1,54 @@
+# Park front center
+[gcode_macro PARKFRONT]
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28                           ; home if not already homed
+    {% endif %}
+    SAVE_GCODE_STATE NAME=PARKFRONT
+    G90                               ; absolute positioning
+    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z{printer.toolhead.axis_maximum.z/2} F6000        
+    RESTORE_GCODE_STATE NAME=PARKFRONT
+
+# Park front center, but low down.
+[gcode_macro PARKFRONTLOW]
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28                           ; home if not already homed
+    {% endif %}
+    SAVE_GCODE_STATE NAME=PARKFRONT
+    G90                              ; absolute positioning
+    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z20 F6000                                     
+    RESTORE_GCODE_STATE NAME=PARKFRONT
+
+# Park top rear left
+[gcode_macro PARKREAR]
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28                           ; home if not already homed
+    {% endif %}
+    SAVE_GCODE_STATE NAME=PARKREAR
+    G90                              ; absolute positioning
+    G0 X{printer.toolhead.axis_minimum.x+10} Y{printer.toolhead.axis_maximum.y-10} Z{printer.toolhead.axis_maximum.z-50} F6000     
+    RESTORE_GCODE_STATE NAME=PARKREAR
+
+# Park at center of build volume
+[gcode_macro PARKCENTER]
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28                           ; home if not already homed
+    {% endif %}
+    SAVE_GCODE_STATE NAME=PARKCENTER
+    G90                               ; absolute positioning
+    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z{printer.toolhead.axis_maximum.z/2} F6000    
+    RESTORE_GCODE_STATE NAME=PARKCENTER
+
+# Park 15mm above center of bed
+[gcode_macro PARKBED]
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28                           ; home if not already homed
+    {% endif %}
+    SAVE_GCODE_STATE NAME=PARKBED
+    G90                                ; absolute positioning
+    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z15 F6000                                     
+    RESTORE_GCODE_STATE NAME=PARKBED
--- a/modules/services/printer/cfgs/TEST_SPEED.cfg
+++ b/modules/services/printer/cfgs/TEST_SPEED.cfg
@@ -0,0 +1,124 @@
+[gcode_macro TEST_SPEED]
+# Home, get position, throw around toolhead, home again.
+# If MCU stepper positions (first line in GET_POSITION) are greater than a full step different (your number of microsteps), then skipping occured.
+# We only measure to a full step to accomodate for endstop variance.
+# Example: TEST_SPEED SPEED=300 ACCEL=5000 ITERATIONS=10
+
+description: Test for max speed and acceleration parameters for the printer. Procedure: Home -> ReadPositionFromMCU -> MovesToolhead@Vel&Accel -> Home -> ReadPositionfromMCU
+
+gcode:
+    # Speed
+    {% set speed  = params.SPEED|default(printer.configfile.settings.printer.max_velocity)|int %}
+    # Iterations
+    {% set iterations = params.ITERATIONS|default(5)|int %}
+    # Acceleration
+    {% set accel  = params.ACCEL|default(printer.configfile.settings.printer.max_accel)|int %}
+    # Minimum Cruise Ratio
+    {% set min_cruise_ratio = params.MIN_CRUISE_RATIO|default(0.5)|float %}
+    # Bounding inset for large pattern (helps prevent slamming the toolhead into the sides after small skips, and helps to account for machines with imperfectly set dimensions)
+    {% set bound = params.BOUND|default(20)|int %}
+    # Size for small pattern box
+    {% set smallpatternsize = SMALLPATTERNSIZE|default(20)|int %}
+    
+    # Large pattern
+        # Max positions, inset by BOUND
+        {% set x_min = printer.toolhead.axis_minimum.x + bound %}
+        {% set x_max = printer.toolhead.axis_maximum.x - bound %}
+        {% set y_min = printer.toolhead.axis_minimum.y + bound %}
+        {% set y_max = printer.toolhead.axis_maximum.y - bound %}
+    
+    # Small pattern at center
+        # Find X/Y center point
+        {% set x_center = (printer.toolhead.axis_minimum.x|float + printer.toolhead.axis_maximum.x|float ) / 2 %}
+        {% set y_center = (printer.toolhead.axis_minimum.y|float + printer.toolhead.axis_maximum.y|float ) / 2 %}
+        
+        # Set small pattern box around center point
+        {% set x_center_min = x_center - (smallpatternsize/2) %}
+        {% set x_center_max = x_center + (smallpatternsize/2) %}
+        {% set y_center_min = y_center - (smallpatternsize/2) %}
+        {% set y_center_max = y_center + (smallpatternsize/2) %}
+
+    # Save current gcode state (absolute/relative, etc)
+    SAVE_GCODE_STATE NAME=TEST_SPEED
+    
+    # Output parameters to g-code terminal
+    { action_respond_info("TEST_SPEED: starting %d iterations at speed %d, accel %d" % (iterations, speed, accel)) }
+    
+    # Home and get position for comparison later:
+        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
+        G28
+        # QGL if not already QGLd (only if QGL section exists in config)
+        {% if printer.configfile.settings.quad_gantry_level %}
+            {% if printer.quad_gantry_level.applied == False %}
+                QUAD_GANTRY_LEVEL
+                G28 Z
+            {% endif %}
+        {% endif %} 
+        # Move 50mm away from max position and home again (to help with hall effect endstop accuracy - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/24)
+        G90
+        G1 X{printer.toolhead.axis_maximum.x-50} Y{printer.toolhead.axis_maximum.y-50} F{30*60}
+        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
+        G28 X Y
+        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
+        G4 P1000 
+        GET_POSITION
+
+    # Go to starting position
+    G0 X{x_min} Y{y_min} Z{bound + 10} F{speed*60}
+
+    # Set new limits
+    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
+        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} MINIMUM_CRUISE_RATIO={min_cruise_ratio}
+    {% else %}
+        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} ACCEL_TO_DECEL={accel / 2}
+    {% endif %}
+
+    {% for i in range(iterations) %}
+        # Large pattern diagonals
+        G0 X{x_min} Y{y_min} F{speed*60}
+        G0 X{x_max} Y{y_max} F{speed*60}
+        G0 X{x_min} Y{y_min} F{speed*60}
+        G0 X{x_max} Y{y_min} F{speed*60}
+        G0 X{x_min} Y{y_max} F{speed*60}
+        G0 X{x_max} Y{y_min} F{speed*60}
+        
+        # Large pattern box
+        G0 X{x_min} Y{y_min} F{speed*60}
+        G0 X{x_min} Y{y_max} F{speed*60}
+        G0 X{x_max} Y{y_max} F{speed*60}
+        G0 X{x_max} Y{y_min} F{speed*60}
+    
+        # Small pattern diagonals
+        G0 X{x_center_min} Y{y_center_min} F{speed*60}
+        G0 X{x_center_max} Y{y_center_max} F{speed*60}
+        G0 X{x_center_min} Y{y_center_min} F{speed*60}
+        G0 X{x_center_max} Y{y_center_min} F{speed*60}
+        G0 X{x_center_min} Y{y_center_max} F{speed*60}
+        G0 X{x_center_max} Y{y_center_min} F{speed*60}
+        
+        # Small pattern box
+        G0 X{x_center_min} Y{y_center_min} F{speed*60}
+        G0 X{x_center_min} Y{y_center_max} F{speed*60}
+        G0 X{x_center_max} Y{y_center_max} F{speed*60}
+        G0 X{x_center_max} Y{y_center_min} F{speed*60}
+    {% endfor %}
+
+    # Restore max speed/accel/accel_to_decel to their configured values
+    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
+        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} MINIMUM_CRUISE_RATIO={printer.configfile.settings.printer.minimum_cruise_ratio} 
+    {% else %}
+        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} ACCEL_TO_DECEL={printer.configfile.settings.printer.max_accel_to_decel}
+    {% endif %}
+
+    # Re-home and get position again for comparison:
+        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
+        G28 # This is a full G28 to fix an issue with CoreXZ - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/12
+        # Go to XY home positions (in case your homing override leaves it elsewhere)
+        G90
+        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
+        G4 P1000 
+        GET_POSITION
+
+    # Restore previous gcode state (absolute/relative, etc)
+    RESTORE_GCODE_STATE NAME=TEST_SPEED
+    
--- a/modules/services/printer/cfgs/adxl-direct.cfg
+++ b/modules/services/printer/cfgs/adxl-direct.cfg
@@ -0,0 +1,13 @@
+# Documentation https://www.klipper3d.org/Measuring_Resonances.html?h=adxl#configure-adxl345-with-rpi
+# Documentation https://www.klipper3d.org/RPi_microcontroller.html
+
+[mcu rpi]
+serial: /tmp/klipper_host_mcu
+
+[adxl345]
+cs_pin: rpi:None
+
+[resonance_tester]
+accel_chip: adxl345
+probe_points: 111.5, 111.5, 20
+max_smoothing: 0.13
--- a/modules/services/printer/cfgs/adxl-rp2040.cfg
+++ b/modules/services/printer/cfgs/adxl-rp2040.cfg
@@ -0,0 +1,29 @@
+#####################################################################
+#   Find my instructions here: 
+#   https://github.com/bassamanator/rp2040-zero-adxl345-klipper
+#   ADXL345 related Settings 
+#   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
+#####################################################################
+
+[mcu RP2040]
+baud: 115200 # 250000
+restart_method: command
+# Obtain definition by "ls -l /dev/serial/by-id/"
+serial: /dev/serial/by-id/usb-Klipper_rp2040_E6614C311B773B36-if00
+
+[adxl345]
+cs_pin: RP2040:gpio1
+spi_bus: spi0a
+axes_map: x,z,y
+
+[resonance_tester]
+accel_chip: adxl345
+probe_points: 111.5, 111.5, 20
+
+[output_pin power_mode] # Improve power stability
+pin: RP2040:gpio23
+
+[gcode_macro ADX]
+description: Shortcut to ACCELEROMETER_QUERY
+gcode:
+    ACCELEROMETER_QUERY
--- a/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
+++ b/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
@@ -0,0 +1,43 @@
+#####################################################################
+#   Config that supports a print head and a bed sensor at the same time
+#   This requires a Raspberry Pi Pico.
+#   Instructions: https://klipper.discourse.group/t/raspberry-pi-pico-adxl345-portable-resonance-measurement/1757/9
+#   TLDR Instructions: The two sensors should use the spi0a (GPIO 0-3) and spi1a (GPIO 9-12) buses, respectively.
+#
+#   Recommended mounts: 
+#   https://www.printables.com/model/385334-sovol-sv06-adxl345-mount-printhead-and-bed
+#
+#   ADXL345 related Settings 
+#   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
+#####################################################################
+
+[mcu RP2040]
+baud: 115200
+restart_method: command
+# Obtain definition by "ls -l /dev/serial/by-id/"
+serial: /dev/serial/by-id/usb-Klipper_rp2040_E66138935F154C28-if00
+
+[adxl345 head]
+cs_pin: RP2040:gpio1
+spi_bus: spi0a
+# update axes_map if your sensor is oriented differently. Note the print on your sensor.
+# -y, -z, x means that
+#  - the x axis of your printer corresponds to the sensor's negative y axis
+#  - the y axis of your printer corresponds to the sensor's negative z axis
+#  - the z axis of your printer corresponds to the sensor's x axis
+axes_map: -y, -z, x
+
+[adxl345 bed]
+cs_pin: RP2040:gpio9
+spi_bus: spi1a
+
+[resonance_tester]
+accel_chip_x: adxl345 head
+accel_chip_y: adxl345 bed
+probe_points: 111.5, 111.5, 20
+
+[gcode_macro ADX]
+description: Shortcut to ACCELEROMETER_QUERY for both sensors
+gcode:
+    ACCELEROMETER_QUERY CHIP=head
+    ACCELEROMETER_QUERY CHIP=bed
--- a/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
+++ b/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
@@ -0,0 +1,120 @@
+# # # Klipper Adaptive Meshing # # #
+
+# Heads up! If you have any other BED_MESH_CALIBRATE macros defined elsewhere in your config, you will need to comment out / remove them for this to work. (Klicky/Euclid Probe)
+# You will also need to be sure that [exclude_object] is defined in printer.cfg, and your slicer is labeling objects.
+# This macro will parse information from objects in your gcode to define a min and max mesh area to probe, creating an adaptive mesh!
+# This macro will not increase probe_count values in your [bed_mesh] config. If you want richer meshes, be sure to increase probe_count. We recommend at least 5,5.
+
+[gcode_macro BED_MESH_CALIBRATE]
+rename_existing: _BED_MESH_CALIBRATE
+gcode:
+
+    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}                                # Gather all object points
+    {% set bed_mesh_min = printer.configfile.settings.bed_mesh.mesh_min %}                                                          # Get bed mesh min from printer.cfg
+    {% set bed_mesh_max = printer.configfile.settings.bed_mesh.mesh_max %}                                                          # Get bed mesh max from printer.cfg
+    {% set probe_count = printer.configfile.settings.bed_mesh.probe_count %}                                                        # Get probe count from printer.cfg
+    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}                                                                 # Pull variables from _KAMP_Settings
+    {% set verbose_enable = kamp_settings.verbose_enable | abs %}                                                                   # Pull verbose setting from _KAMP_Settings
+    {% set probe_dock_enable = kamp_settings.probe_dock_enable | abs %}                                                             # Pull probe dockable probe settings from _KAMP_Settings
+    {% set attach_macro = kamp_settings.attach_macro | string %}                                                                    # Pull attach probe command from _KAMP_Settings
+    {% set detach_macro = kamp_settings.detach_macro | string %}                                                                    # Pull detach probe command from _KAMP_Settings
+    {% set mesh_margin = kamp_settings.mesh_margin | float %}                                                                       # Pull mesh margin setting from _KAMP_Settings
+    {% set fuzz_amount = kamp_settings.fuzz_amount | float %}                                                                       # Pull fuzz amount setting from _KAMP_Settings
+    {% set probe_count = probe_count if probe_count|length > 1 else probe_count * 2  %}                                             # If probe count is only a single number, convert it to 2. E.g. probe_count:7 = 7,7
+    {% set max_probe_point_distance_x = ( bed_mesh_max[0] - bed_mesh_min[0] ) / (probe_count[0] - 1)  %}                            # Determine max probe point distance
+    {% set max_probe_point_distance_y = ( bed_mesh_max[1] - bed_mesh_min[1] ) / (probe_count[1] - 1)  %}                            # Determine max probe point distance
+    {% set x_min = all_points | map(attribute=0) | min | default(bed_mesh_min[0]) %}                                                # Set x_min from smallest object x point
+    {% set y_min = all_points | map(attribute=1) | min | default(bed_mesh_min[1]) %}                                                # Set y_min from smallest object y point
+    {% set x_max = all_points | map(attribute=0) | max | default(bed_mesh_max[0]) %}                                                # Set x_max from largest object x point
+    {% set y_max = all_points | map(attribute=1) | max | default(bed_mesh_max[1]) %}                                                # Set y_max from largest object y point
+
+    {% set fuzz_range = range((0) | int, (fuzz_amount * 100) | int + 1) %}                                                          # Set fuzz_range between 0 and fuzz_amount
+    {% set adapted_x_min = x_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt x_min to margin and fuzz constraints
+    {% set adapted_y_min = y_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt y_min to margin and fuzz constraints
+    {% set adapted_x_max = x_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt x_max to margin and fuzz constraints
+    {% set adapted_y_max = y_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt y_max to margin and fuzz constraints
+
+    {% set adapted_x_min = [adapted_x_min , bed_mesh_min[0]] | max %}                                                               # Compare adjustments to defaults and choose max
+    {% set adapted_y_min = [adapted_y_min , bed_mesh_min[1]] | max %}                                                               # Compare adjustments to defaults and choose max
+    {% set adapted_x_max = [adapted_x_max , bed_mesh_max[0]] | min %}                                                               # Compare adjustments to defaults and choose min
+    {% set adapted_y_max = [adapted_y_max , bed_mesh_max[1]] | min %}                                                               # Compare adjustments to defaults and choose min
+
+    {% set points_x = (((adapted_x_max - adapted_x_min) / max_probe_point_distance_x) | round(method='ceil') | int) + 1 %}          # Define probe_count's x point count and round up
+    {% set points_y = (((adapted_y_max - adapted_y_min) / max_probe_point_distance_y) | round(method='ceil') | int) + 1 %}          # Define probe_count's y point count and round up
+
+    {% if (([points_x, points_y]|max) > 6) %}                                                                                       # 
+        {% set algorithm = "bicubic" %}                                                                                             # 
+        {% set min_points = 4 %}                                                                                                    # 
+    {% else %}                                                                                                                      # Calculate if algorithm should be bicubic or lagrange
+        {% set algorithm = "lagrange" %}                                                                                            # 
+        {% set min_points = 3 %}                                                                                                    # 
+    {% endif %}                                                                                                                     # 
+
+    {% set points_x = [points_x , min_points]|max %}                                                                                # Set probe_count's x points to fit the calculated algorithm
+    {% set points_y = [points_y , min_points]|max %}                                                                                # Set probe_count's y points to fit the calculated algorithm
+    {% set points_x = [points_x , probe_count[0]]|min %}
+    {% set points_y = [points_y , probe_count[1]]|min %}
+
+    {% if verbose_enable == True %}                                                                                                 # If verbose is enabled, print information about KAMP's calculations
+        {% if printer.exclude_object.objects != [] %}
+
+            { action_respond_info( "Algorithm: {}.".format(                                                                              
+                (algorithm),                                                                                                            
+            )) }
+
+            { action_respond_info("Default probe count: {},{}.".format(                                                                  
+                (probe_count[0]),                                                                                                       
+                (probe_count[1]),                                                                                                       
+            )) }
+
+            { action_respond_info("Adapted probe count: {},{}.".format(                                                                  
+                (points_x),                                                                                                             
+                (points_y),                                                                                                             
+            )) }                                                                                                              
+
+            {action_respond_info("Default mesh bounds: {}, {}.".format(                                                                  
+                (bed_mesh_min[0],bed_mesh_min[1]),                                                                                      
+                (bed_mesh_max[0],bed_mesh_max[1]),                                                                                      
+            )) }
+
+            {% if mesh_margin > 0 %}                                                                                                    
+                {action_respond_info("Mesh margin is {}, mesh bounds extended by {}mm.".format(                                       
+                    (mesh_margin),                                                                                                      
+                    (mesh_margin),                                                                                       
+                )) }                                                                                                                    
+            {% else %}                                                                                                                  
+                {action_respond_info("Mesh margin is 0, margin not increased.")}                                                        
+            {% endif %}                                                                                                                 
+
+            {% if fuzz_amount > 0 %}                                                                                                    
+                {action_respond_info("Mesh point fuzzing enabled, points fuzzed up to {}mm.".format(                                     
+                    (fuzz_amount),                                                                                                      
+                )) }                                                                                                                    
+            {% else %}                                                                                                                  
+                {action_respond_info("Fuzz amount is 0, mesh points not fuzzed.")}                                                      
+            {% endif %}                                                                                                                 
+
+            { action_respond_info("Adapted mesh bounds: {}, {}.".format(                                                                 
+                (adapted_x_min, adapted_y_min),                                                                                         
+                (adapted_x_max, adapted_y_max),                                                                                         
+            )) }
+
+            {action_respond_info("KAMP adjustments successful. Happy KAMPing!")}
+
+        {% else %}
+
+            {action_respond_info("No objects detected! Check your gcode and make sure that EXCLUDE_OBJECT_DEFINE is happening before BED_MESH_CALIBRATE is called. Defaulting to regular meshing.")}
+            G4 P5000                                                                                                                # Wait 5 seconds to make error more visible
+        {% endif %}
+
+    {% endif %}
+
+    {% if probe_dock_enable == True %}
+        {attach_macro}                                                                                                              # Attach/deploy a probe if the probe is stored somewhere outside of the print area
+    {% endif %}
+
+    _BED_MESH_CALIBRATE mesh_min={adapted_x_min},{adapted_y_min} mesh_max={adapted_x_max},{adapted_y_max} ALGORITHM={algorithm} PROBE_COUNT={points_x},{points_y}
+
+    {% if probe_dock_enable == True %}
+        {detach_macro}                                                                                                              # Detach/stow a probe if the probe is stored somewhere outside of the print area
+    {% endif %}                                                                                                                     # End of verbose
--- a/modules/services/printer/cfgs/kamp/KAMP_Settings.cfg
+++ b/modules/services/printer/cfgs/kamp/KAMP_Settings.cfg
@@ -0,0 +1,37 @@
+# Below you can include specific configuration files depending on what you want KAMP to do:
+
+# NOTE bassamanator: uncomment the functionality that you want to use from KAMP
+[include ./Adaptive_Meshing.cfg]       # Include to enable adaptive meshing configuration.
+[include ./Line_Purge.cfg]             # Include to enable adaptive line purging configuration.
+# [include ./Voron_Purge.cfg]            # Include to enable adaptive Voron logo purging configuration.
+# [include ./Smart_Park.cfg]             # Include to enable the Smart Park function, which parks the printhead near the print area for final heating.
+
+[gcode_macro _KAMP_Settings]
+description: This macro contains all adjustable settings for KAMP 
+
+# The following variables are settings for KAMP as a whole.
+variable_verbose_enable: True               # Set to True to enable KAMP information output when running. This is useful for debugging.
+
+# The following variables are for adjusting adaptive mesh settings for KAMP.
+variable_mesh_margin: 0                     # Expands the mesh size in millimeters if desired. Leave at 0 to disable.
+variable_fuzz_amount: 0                     # Slightly randomizes mesh points to spread out wear from nozzle-based probes. Leave at 0 to disable.
+
+# The following variables are for those with a dockable probe like Klicky, Euclid, etc.                 # ----------------  Attach Macro | Detach Macro
+variable_probe_dock_enable: False           # Set to True to enable the usage of a dockable probe.      # ---------------------------------------------
+variable_attach_macro: 'Attach_Probe'       # The macro that is used to attach the probe.               # Klicky Probe:   'Attach_Probe' | 'Dock_Probe'
+variable_detach_macro: 'Dock_Probe'         # The macro that is used to store the probe.                # Euclid Probe:   'Deploy_Probe' | 'Stow_Probe'
+                                                                                                        # Legacy Gcode:   'M401'         | 'M402'
+
+# The following variables are for adjusting adaptive purge settings for KAMP.
+variable_purge_height: 0.8                  # Z position of nozzle during purge, default is 0.8.
+variable_tip_distance: 0                    # Distance between tip of filament and nozzle before purge. Should be similar to PRINT_END final retract amount.
+variable_purge_margin: 10                   # Distance the purge will be in front of the print area, default is 10.
+variable_purge_amount: 30                   # Amount of filament to be purged prior to printing.
+variable_flow_rate: 12                      # Flow rate of purge in mm3/s. Default is 12.
+
+# The following variables are for adjusting the Smart Park feature for KAMP, which will park the printhead near the print area at a specified height.
+variable_smart_park_height: 10              # Z position for Smart Park, default is 10.
+
+gcode: # Gcode section left intentionally blank. Do not disturb.
+
+    {action_respond_info(" Running the KAMP_Settings macro does nothing, it is only used for storing KAMP settings. ")}
--- a/modules/services/printer/cfgs/kamp/Line_Purge.cfg
+++ b/modules/services/printer/cfgs/kamp/Line_Purge.cfg
@@ -0,0 +1,119 @@
+[gcode_macro LINE_PURGE]
+description: A purge macro that adapts to be near your actual printed objects
+gcode:
+    # Get relevant printer params
+    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}
+    {% set cross_section = printer.configfile.settings.extruder.max_extrude_cross_section | float %}
+    
+    # Use firmware retraction if it is defined
+    {% if printer.firmware_retraction is defined %}
+        {% set RETRACT = G10 | string %}
+        {% set UNRETRACT = G11 | string %}
+    {% else %}
+        {% set RETRACT = 'G1 E-.5 F2100' | string %}
+        {% set UNRETRACT = 'G1 E.5 F2100' | string %}
+    {% endif %}
+
+    # Get purge settings from _Kamp_Settings
+    {% set verbose_enable = printer["gcode_macro _KAMP_Settings"].verbose_enable | abs %}
+    {% set purge_height = printer["gcode_macro _KAMP_Settings"].purge_height | float %}
+    {% set tip_distance = printer["gcode_macro _KAMP_Settings"].tip_distance | float %}
+    {% set purge_margin = printer["gcode_macro _KAMP_Settings"].purge_margin | float %}
+    {% set purge_amount = printer["gcode_macro _KAMP_Settings"].purge_amount | float %}
+    {% set flow_rate = printer["gcode_macro _KAMP_Settings"].flow_rate | float %}
+
+
+    # Calculate purge origins and centers from objects
+    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}    # Get all object points
+    {% set purge_x_min = (all_points | map(attribute=0) | min | default(0)) %}                          # Object x min
+    {% set purge_x_max = (all_points | map(attribute=0) | max | default(0)) %}                          # Object x max
+    {% set purge_y_min = (all_points | map(attribute=1) | min | default(0)) %}                          # Object y min
+    {% set purge_y_max = (all_points | map(attribute=1) | max | default(0)) %}                          # Object y max
+
+    {% set purge_x_center = ([((purge_x_max + purge_x_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on X axis
+    {% set purge_y_center = ([((purge_y_max + purge_y_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on Y axis
+
+    {% set purge_x_origin = ([purge_x_min - purge_margin, 0] | max) %}                                  # Add margin to x min, compare to 0, and choose the larger
+    {% set purge_y_origin = ([purge_y_min - purge_margin, 0] | max) %}                                  # Add margin to y min, compare to 0, and choose the larger
+
+    # Calculate purge speed
+    {% set purge_move_speed = (flow_rate / 5.0) * 60 | float %}
+
+    {% if cross_section < 5 %}
+
+        {action_respond_info("[Extruder] max_extrude_cross_section is insufficient for purge, please set it to 5 or greater. Purge skipped.")}
+
+    {% else %}
+
+        {% if verbose_enable == True %}
+
+        {action_respond_info("Moving filament tip {}mms".format(                                                                 
+            (tip_distance),                                                                                      
+        )) }
+        {% endif %}
+
+        {% if printer.firmware_retraction is defined %}
+            {action_respond_info("KAMP purge is using firmware retraction.")}
+        {% else %}
+            {action_respond_info("KAMP purge is not using firmware retraction, it is recommended to configure it.")}
+        {% endif %}
+
+        {% if purge_y_origin > 0 %}
+        
+            {action_respond_info("KAMP purge starting at {}, {} and purging {}mm of filament, requested flow rate is {}mm/s3.".format(                                                                 
+                (purge_x_center),
+                (purge_y_origin),
+                (purge_amount),
+                (flow_rate),
+            )) }
+    
+        {% else %}
+    
+            {action_respond_info("KAMP purge starting at {}, {} and purging {}mm of filament, requested flow rate is {}mm/s3.".format(                                                                 
+                (purge_x_origin),
+                (purge_y_center),
+                (purge_amount),
+                (flow_rate),
+            )) }
+
+        {% endif %}
+
+        SAVE_GCODE_STATE NAME=Prepurge_State                                                    # Create gcode state
+
+        {% if purge_y_origin > 0 %}                                                             # If there's room on Y, purge along X axis in front of print area
+
+            G92 E0                                                                              # Reset extruder
+            G0 F{travel_speed}                                                                  # Set travel speed
+            G90                                                                                 # Absolute positioning
+            G0 X{purge_x_center} Y{purge_y_origin}                                              # Move to purge position
+            G0 Z{purge_height}                                                                  # Move to purge Z height
+            M83                                                                                 # Relative extrusion mode
+            G1 E{tip_distance} F{purge_move_speed}                                              # Move filament tip
+            G1 X{purge_x_center + purge_amount} E{purge_amount} F{purge_move_speed}             # Purge line
+            {RETRACT}                                                                           # Retract
+            G0 X{purge_x_center + purge_amount + 10} F{travel_speed}                            # Rapid move to break string
+            G92 E0                                                                              # Reset extruder distance
+            M82                                                                                 # Absolute extrusion mode
+            G0 Z{purge_height * 2} F{travel_speed}                                              # Z hop
+
+        {% else %}                                                                              # If there's room on X, purge along Y axis to the left of print area
+            
+            G92 E0                                                                              # Reset extruder
+            G0 F{travel_speed}                                                                  # Set travel speed
+            G90                                                                                 # Absolute positioning
+            G0 X{purge_x_origin} Y{purge_y_center}                                              # Move to purge position
+            G0 Z{purge_height}                                                                  # Move to purge Z height
+            M83                                                                                 # Relative extrusion mode
+            G1 E{tip_distance} F{purge_move_speed}                                              # Move filament tip
+            G1 Y{purge_y_center + purge_amount} E{purge_amount} F{purge_move_speed}             # Purge line
+            {RETRACT}                                                                           # Retract
+            G0 Y{purge_y_center + purge_amount + 10} F{travel_speed}                            # Rapid move to break string
+            G92 E0                                                                              # Reset extruder distance
+            M82                                                                                 # Absolute extrusion mode
+            G0 Z{purge_height * 2} F{travel_speed}                                              # Z hop
+
+        {% endif %}
+
+        RESTORE_GCODE_STATE NAME=Prepurge_State                                                 # Restore gcode state
+    
+    {% endif %}
--- a/modules/services/printer/cfgs/kamp/Smart_Park.cfg
+++ b/modules/services/printer/cfgs/kamp/Smart_Park.cfg
@@ -0,0 +1,38 @@
+[gcode_macro SMART_PARK]
+description: Parks your printhead near the print area for pre-print hotend heating.
+gcode:
+
+    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}                                                                 # Pull all variables from _KAMP_Settings
+    {% set z_height = kamp_settings.smart_park_height | float %}                                                                    # Set Z height variable
+    {% set purge_margin = kamp_settings.purge_margin | float %}                                                                     # Set purge margin variable
+    {% set verbose_enable = kamp_settings.verbose_enable | abs %}                                                                   # Set verbosity
+    {% set center_x = printer.toolhead.axis_maximum.x / 2 | float %}                                                                # Create center point of x for fallback
+    {% set center_y = printer.toolhead.axis_maximum.y / 2 | float %}                                                                # Create center point of y for fallback
+    {% set axis_minimum_x = printer.toolhead.axis_minimum.x | float %}
+    {% set axis_minimum_y = printer.toolhead.axis_minimum.y | float %}
+    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}                                # Gather all object points
+    {% set x_min = all_points | map(attribute=0) | min | default(center_x) %}                                                       # Set x_min from smallest object x point
+    {% set y_min = all_points | map(attribute=1) | min | default(center_y) %}                                                       # Set y_min from smallest object y point
+    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}                                                           # Set travel speed from config
+
+    {% if purge_margin > 0 and x_min != center_x and y_min != center_y %}                                                           # If objects are detected and purge margin 
+        {% set x_min = [ x_min - purge_margin , x_min ] | min %}                                                                    # value is greater than 0, move
+        {% set y_min = [ y_min - purge_margin , y_min ] | min %}                                                                    # to purge location + margin
+        {% set x_min = [ x_min , axis_minimum_x ] | max %}
+        {% set y_min = [ y_min , axis_minimum_y ] | max %}
+    {% endif %}
+
+    {% if verbose_enable == True %}                                                                                                 # Verbose park location
+
+    { action_respond_info("Smart Park location: {},{}.".format(
+        (x_min),
+        (y_min),
+    )) }
+
+    {% endif %}
+
+    {% if printer.toolhead.position.z < z_height %}
+        G0 Z{z_height}                                                                                                              # Move Z to park height if current Z position is lower than z_height
+    {% endif %}
+    G0 X{x_min} Y{y_min} F{travel_speed}                                                                                            # Move near object area
+    G0 Z{z_height}                                                                                                                  # Move Z to park height 
--- a/modules/services/printer/cfgs/kamp/Voron_Purge.cfg
+++ b/modules/services/printer/cfgs/kamp/Voron_Purge.cfg
@@ -0,0 +1,91 @@
+[gcode_macro VORON_PURGE]
+description: A purge macro that adapts to be near your actual printed objects
+gcode:
+    # Get relevant printer params
+    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}
+    {% set cross_section = printer.configfile.settings.extruder.max_extrude_cross_section | float %}
+    
+    # Use firmware retraction if it is defined
+    {% if printer.firmware_retraction is defined %}
+        {% set RETRACT = G10 | string %}
+        {% set UNRETRACT = G11 | string %}
+    {% else %}
+        {% set RETRACT = 'G1 E-.5 F2100' | string %}
+        {% set UNRETRACT = 'G1 E.5 F2100' | string %}
+    {% endif %}
+
+    # Get purge settings from _Kamp_Settings
+    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}
+    {% set verbose_enable = kamp_settings.verbose_enable | abs %}
+    {% set purge_height = kamp_settings.purge_height | float %}
+    {% set tip_distance = kamp_settings.tip_distance | float %}
+    {% set purge_margin = kamp_settings.purge_margin | float %}
+    {% set purge_amount = kamp_settings.purge_amount | float %}
+    {% set flow_rate = kamp_settings.flow_rate | float %}
+    {% set size = 10 | float %}
+
+    # Calculate purge origins and centers from objects
+    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}    # Get all object points
+    {% set purge_x_min = (all_points | map(attribute=0) | min | default(0)) %}                          # Object x min
+    {% set purge_x_max = (all_points | map(attribute=0) | max | default(0)) %}                          # Object x max
+    {% set purge_y_min = (all_points | map(attribute=1) | min | default(0)) %}                          # Object y min
+    {% set purge_y_max = (all_points | map(attribute=1) | max | default(0)) %}                          # Object y max
+
+    {% set purge_x_center = ([((purge_x_max + purge_x_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on X axis
+    {% set purge_y_center = ([((purge_y_max + purge_y_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on Y axis
+
+    {% set purge_x_origin = ([purge_x_min - purge_margin, 0] | max) %}                                  # Add margin to x min, compare to 0, and choose the larger
+    {% set purge_y_origin = ([purge_y_min - purge_margin, 0] | max) %}                                  # Add margin to y min, compare to 0, and choose the larger
+
+    # Calculate purge speed
+    {% set purge_move_speed = (flow_rate / 5.0) * 60 | float %}
+
+    {% if cross_section < 5 %}
+
+        {action_respond_info("[Extruder] max_extrude_cross_section is insufficient for purge, please set it to 5 or greater. Purge skipped.")}
+
+    {% else %}
+
+        {% if verbose_enable == True %}
+
+        {action_respond_info("Moving filament tip {}mms".format(                                                                 
+            (tip_distance),                                                                                      
+        )) }
+        {% endif %}
+
+        {% if printer.firmware_retraction is defined %}
+            {action_respond_info("KAMP purge is using firmware retraction.")}
+        {% else %}
+            {action_respond_info("KAMP purge is not using firmware retraction, it is recommended to configure it.")}
+        {% endif %}
+
+            SAVE_GCODE_STATE NAME=Prepurge_State                                                            # Create gcode state
+
+            G92 E0                                                                                          # Reset extruder
+            G0 F{travel_speed}                                                                              # Set travel speed
+            G90                                                                                             # Absolute positioning
+            G0 X{purge_x_origin} Y{purge_y_origin+size/2}                                                   # Move to purge position
+            G0 Z{purge_height}                                                                              # Move to purge Z height
+            M83                                                                                             # Relative extrusion mode
+            G1 E{tip_distance} F{purge_move_speed}                                                          # Move tip of filament to nozzle
+            G1 X{purge_x_origin+size*0.289} Y{purge_y_origin+size} E{purge_amount/4} F{purge_move_speed}    # Purge first line of logo
+            {RETRACT}                                                                                       # Retract
+            G0 Z{purge_height*2}                                                                            # Z hop
+            G0 X{purge_x_origin+size*0.789} Y{purge_y_origin+size}                                          # Move to second purge line origin
+            G0 Z{purge_height}                                                                              # Move to purge Z height
+            {UNRETRACT}                                                                                     # Recover
+            G1 X{purge_x_origin+size*0.211} Y{purge_y_origin} E{purge_amount/2} F{purge_move_speed}         # Purge second line of logo
+            {RETRACT}                                                                                       # Retract
+            G0 Z{purge_height*2}                                                                            # Z hop
+            G0 X{purge_x_origin+size*0.711} Y{purge_y_origin}                                               # Move to third purge line origin
+            G0 Z{purge_height}                                                                              # Move to purge Z height
+            {UNRETRACT}                                                                                     # Recover
+            G1 X{purge_x_origin+size} Y{purge_y_origin+size/2}  E{purge_amount/4} F{purge_move_speed}       # Purge third line of logo
+            {RETRACT}                                                                                       # Retract
+            G92 E0                                                                                          # Reset extruder distance
+            M82                                                                                             # Absolute extrusion mode
+            G0 Z{purge_height*2} F{travel_speed}                                                            # Z hop
+
+            RESTORE_GCODE_STATE NAME=Prepurge_State                                                         # Restore gcode state
+
+    {% endif %}
--- a/modules/services/printer/cfgs/misc-macros.cfg
+++ b/modules/services/printer/cfgs/misc-macros.cfg
@@ -0,0 +1,330 @@
+[force_move]
+enable_force_move: True
+
+# NOTE If you're using a Raspberry Pi, you can uncomment the next 2 lines, optionally.
+#[temperature_sensor raspberry_pi]
+#sensor_type: temperature_host
+
+# NOTE If you're using a an Orange Pi, you can uncomment the next 3 lines, optionally.
+# [temperature_sensor Orange_Pi]
+# sensor_type: temperature_host
+# sensor_path: /sys/class/thermal/thermal_zone0/temp
+
+[virtual_sdcard]
+path: /var/lib/moonraker/gcodes
+
+# NOTE Cancel objects feature is enabled. If you're using a low powered device, comment out [exclude_object].
+# Also see [file_manager] section in moonraker.conf.
+[exclude_object]
+
+[pause_resume]
+[display_status]
+
+[delayed_gcode DISABLEFILAMENTSENSOR]
+initial_duration: 1
+gcode:
+    SET_FILAMENT_SENSOR SENSOR=filament_sensor ENABLE=0
+
+[gcode_macro _globals]
+variable_filament_sensor_enabled: 1 # NOTE Enable(1) or disable(0) the filament sensor, if one is connected
+variable_beeping_enabled: 1 # NOTE Enable(1) or disable(0) beeping everywhere except during gantry calibration
+variable_bed_temp_over: 10 # NOTE Start print if bed temperature is over by this amount, otherwise wait for temperature drop
+variable_kamp_enable: 1 # NOTE Enable(1) or disable(0) KAMP (adaptive mesh)
+variable_pre_purge_prime_length: 1.40
+gcode:
+    # Don't delete this section
+
+[gcode_macro CONDITIONAL_BEEP]
+gcode:
+    # Parameters
+    {% set i = params.I|default(1)|int %}           ; Iterations (number of times to beep).
+    {% set dur = params.DUR|default(100)|int %}     ; Duration/wait of each beep in ms. Default 100ms.
+    {% set freq = params.FREQ|default(2000)|int %}  ; Frequency in Hz. Default 2kHz.
+
+    {% set BEEPING_ENABLED=printer["gcode_macro _globals"].beeping_enabled|default(-1)|int %}
+
+    {% if BEEPING_ENABLED == 1 %}
+        BEEP I={i} DUR={dur} FREQ={freq}
+    {% endif %}
+
+[gcode_macro ADJUST_FILAMENT_SENSOR_STATUS]
+gcode:
+    # Parameters
+    {% set NEWSTATUS = params.ENABLE|default(-1)|int %}
+
+    {% set FILAMENT_SENSOR_ENABLED=printer["gcode_macro _globals"].filament_sensor_enabled|default(-1)|int %}
+
+    {% if FILAMENT_SENSOR_ENABLED == 1 and NEWSTATUS != -1 %}
+        SET_FILAMENT_SENSOR SENSOR=filament_sensor ENABLE={NEWSTATUS}
+    {% endif %}
+
+[gcode_macro M109]
+rename_existing: M99109
+gcode:
+    #Parameters
+    {% set s = params.S|float %}
+    
+    M104 {% for p in params %}{'%s%s' % (p, params[p])}{% endfor %}  ; Set hotend temp
+    {% if s != 0 %}
+        TEMPERATURE_WAIT SENSOR=extruder MINIMUM={s} MAXIMUM={s+1}   ; Wait for hotend temp (within 1 degree)
+    {% endif %}
+
+[gcode_macro M190]
+rename_existing: M99190
+gcode:
+    #Parameters
+    {% set s = params.S|float %}
+
+    M140 {% for p in params %}{'%s%s' % (p, params[p])}{% endfor %}   ; Set bed temp
+    {% if s != 0 %}
+        TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM={s} MAXIMUM={s+1}  ; Wait for bed temp (within 1 degree)
+    {% endif %}
+
+[gcode_macro PURGE_LINE]
+gcode:
+    {% set PRE_PURGE_PRIME_LENGTH=printer["gcode_macro _globals"].pre_purge_prime_length|default(1.40)|float %}
+    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
+
+    #   Misc variables
+    {% set extrudeAmount = 26.6 %}
+    {% set movementLength = 100.0 %}
+    {% set movementSpeed = 15 * 60 %}
+    {% set xStart = 0.5 %}
+    {% set yStart = 0.5 %}
+
+    #   Set safe speeds
+    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
+    {% set maxVelocityAdjusted =  (0.95 * maxVelocity * 60)|int  %}
+
+    G92 E0.0                                ; reset extruder
+    G90                                     ; Absolute positioning
+    G0 X{xStart} Y{yStart} F{maxVelocityAdjusted}         ; move to purge position
+    G1 Z0.4 F500.0                          ; move to purge height
+    M83                                     ; Relative extrusion mode
+    G1 E{PRE_PURGE_PRIME_LENGTH} F500       ; pre-purge prime LENGTH SHOULD MATCH YOUR PRINT_END RETRACT
+    G1 X{xStart + movementLength} E{extrudeAmount} F{movementSpeed}       ; intro line 1
+
+    G92 E0.0                                ; reset extruder
+    M82                                     ; Absolute extrusion mode
+    G1 Z5.0                                 ; move nozzle to prevent scratch
+
+[gcode_macro CANCEL_PRINT]
+rename_existing: BASE_CANCEL_PRINT
+gcode:
+    SET_IDLE_TIMEOUT TIMEOUT={printer.configfile.settings.idle_timeout.timeout} ; set timeout back to configured value
+    CLEAR_PAUSE
+    SDCARD_RESET_FILE
+    PRINT_END
+    BASE_CANCEL_PRINT
+
+[gcode_macro PRINT_START]
+gcode:
+   
+    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
+    # Parameters
+    {% set bedtemp = params.BED|int %}
+    {% set hotendtemp = params.HOTEND|int %}
+    {% set chambertemp = params.CHAMBER|default(0)|int %}
+    
+    # Other variables
+    {% set bedtempSlicer = bedtemp %}
+    {% set bedtempOver = printer["gcode_macro _globals"].bed_temp_over|default(0)|int %}
+    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
+    {% set maxVelocityAdjusted =  (0.90 * maxVelocity * 60)|int %}
+    {% set kampEnabled=printer["gcode_macro _globals"].kamp_enable|default(0)|int %}
+
+    {% if printer.configfile.settings.safe_z_home %}
+        {% set startX = printer.configfile.settings.safe_z_home.home_xy_position[0]|float %}
+        {% set startY = printer.configfile.settings.safe_z_home.home_xy_position[1]|float %}
+    {% endif %}
+
+    {% set bedtempAlmost = ((bedtemp - 2, 0, printer.heater_bed.temperature|int)|max, bedtemp)|max %}
+    {% set hotendtempStepOne = ((hotendtemp, printer[printer.toolhead.extruder].temperature|int)|min, 150)|max %}
+    {% set hotendtempStepTwo = ((hotendtemp, printer[printer.toolhead.extruder].temperature|int)|min, 170)|max %}
+
+    # If bed-temp-almost is higher than bed-temp by a maximum of bed-temp-over
+    {% if bedtempAlmost > bedtemp %}
+        {% if (bedtempAlmost - bedtempOver) <= bedtemp %}
+            {% set bedtemp = bedtempAlmost %}
+        {% endif %}
+    {% endif %}
+
+    G90                                                  ; absolute positioning
+    M140 S{bedtempAlmost}                                ; set & don't wait for bed temp
+    M104 S{hotendtempStepOne}                            ; set & don't wait for hotend temp
+    G28 X Y
+    {% if printer.configfile.settings.safe_z_home %}
+        G1 X{startX} Y{startY} F{maxVelocityAdjusted}
+    {% endif %}
+
+    M190 S{bedtempAlmost}                                ; set & wait for bed temp
+    {% if kampEnabled == 0 %}
+        M104 S{hotendtempStepTwo}                            ; set & don't wait for hotend temp
+    {% endif %}
+    M190 S{bedtemp}                                      ; set & wait for bed temp
+    M140 S{bedtempSlicer}                                ; set & don't wait for bed temp ; set temp to sliced setting regardless
+
+    {% if kampEnabled == 0 %}
+        BED_MESH_PROFILE LOAD=default                        ; NOTE if not using a mesh, comment out this line
+        SKEW_PROFILE LOAD=CaliFlower
+        M104 S{hotendtemp}                                   ; set & don't wait for hotend temp
+        G28 Z                                                ; final z homing
+    {% else %}
+        G28 Z                                                ; final z homing
+        BED_MESH_CALIBRATE                                   ; KAMP mesh
+        M104 S{hotendtemp}                                   ; set & don't wait for hotend temp
+    {% endif %}
+
+    G1 X0 Y0 F{maxVelocityAdjusted}
+    M109 S{hotendtemp}                                   ; set & wait for hotend temp
+
+    G1 Z20 F3000                                         ; move nozzle away from bed
+
+[gcode_macro PRINT_END]
+gcode:
+    SET_SKEW CLEAR=1
+    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=0
+    CONDITIONAL_BEEP I=2 DUR=30 FREQ=8500
+    {% set PRE_PURGE_PRIME_LENGTH=printer["gcode_macro _globals"].pre_purge_prime_length|default(1.40)|float %}
+
+    M400                                    ; wait for buffer to clear
+    G92 E0                                  ; zero the extruder
+    G1 E-{PRE_PURGE_PRIME_LENGTH} F400      ; retract filament
+    G91                                     ; relative positioning
+
+    #   Set safe speeds
+    {% set zVelocity = printer.configfile.settings.printer.max_z_velocity|default(15)|int %}
+    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
+    {% set zVelocityAdjusted =  (0.95 * zVelocity * 60)|int  %}
+    {% set maxVelocityAdjusted =  (0.95 * maxVelocity * 60)|int  %}
+
+    #   Get Boundaries
+    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
+    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
+    {% set max_z = printer.configfile.config["stepper_z"]["position_max"]|float %}
+
+    #   Check end position to determine safe direction to move
+    {% if printer.toolhead.position.x < (max_x - 20) %}
+        {% set x_safe = 20.0 %}
+    {% else %}
+        {% set x_safe = -20.0 %}
+    {% endif %}
+
+    {% if printer.toolhead.position.y < (max_y - 20) %}
+        {% set y_safe = 20.0 %}
+    {% else %}
+        {% set y_safe = -20.0 %}
+    {% endif %}
+
+    {% set lift_height = 25.0 %}
+    {% if printer.toolhead.position.z < (max_z - lift_height) %}
+        {% set z_safe = lift_height %}
+    {% else %}
+        {% set z_safe = max_z - printer.toolhead.position.z %}
+    {% endif %}
+
+    G0 Z{z_safe} F{zVelocityAdjusted}             ; move nozzle up
+    G0 X{x_safe} Y{y_safe} F{maxVelocityAdjusted}   ; move nozzle to remove stringing
+    TURN_OFF_HEATERS
+    M107                           ; turn off fan
+    G90                            ; absolute positioning
+    G0 X60 Y{max_y} F3600          ; park nozzle at rear
+    M84
+
+[gcode_macro LOAD_FILAMENT]
+gcode:
+    M83                            ; set extruder to relative
+    G1 E30 F300                    ; load
+    G1 E15 F150                    ; prime nozzle with filament
+    M82                            ; set extruder to absolute
+    
+[gcode_macro UNLOAD_FILAMENT]
+gcode:
+    M83                            ; set extruder to relative
+    G1 E10 F300                    ; extrude a little to soften tip
+    G1 E-40 F1800                  ; retract some, but not too much or it will jam
+    M82                            ; set extruder to absolute
+
+[gcode_macro M600]
+gcode:
+    CONDITIONAL_BEEP i=1 dur=300
+    CONDITIONAL_BEEP i=1 dur=100
+    CONDITIONAL_BEEP i=1 dur=100
+    PAUSE                ; Pause
+
+[gcode_macro PAUSE]
+rename_existing: BASE_PAUSE
+gcode:
+    # Parameters
+    {% set z = params.Z|default(10)|int %}                                                   ; z hop amount
+
+    {% if printer['pause_resume'].is_paused|int == 0 %}
+        SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=zhop VALUE={z}                              ; set z hop variable for reference in resume macro
+        SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=etemp VALUE={printer['extruder'].target}    ; set hotend temp variable for reference in resume macro
+
+        ADJUST_FILAMENT_SENSOR_STATUS ENABLE=0
+
+        SAVE_GCODE_STATE NAME=PAUSE                                                          ; save current print position for resume
+        BASE_PAUSE                                                                           ; pause print
+        {% if (printer.gcode_move.position.z + z) < printer.toolhead.axis_maximum.z %}       ; check that zhop doesn't exceed z max
+            G91                                                                              ; relative positioning
+            G1 Z{z} F900                                                                     ; raise Z up by z hop amount
+        {% else %}
+            { action_respond_info("Pause zhop exceeds maximum Z height.") }                  ; if z max is exceeded, show message and set zhop value for resume to 0
+            SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=zhop VALUE=0
+        {% endif %}
+        G90                                                                                  ; absolute positioning
+        G1 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} F6000   ; park toolhead at front center
+        SAVE_GCODE_STATE NAME=PAUSEPARK                                                      ; save parked position in case toolhead is moved during the pause (otherwise the return zhop can error)
+        M104 S0                                                                              ; turn off hotend
+        SET_IDLE_TIMEOUT TIMEOUT=43200                                                       ; set timeout to 12 hours
+    {% endif %}
+
+[gcode_macro RESUME]
+rename_existing: BASE_RESUME
+variable_zhop: 0
+variable_etemp: 0
+gcode:
+    # Parameters
+    {% set e = params.E|default(2.5)|int %}                                          ; hotend prime amount (in mm)
+
+    {% if printer['pause_resume'].is_paused|int == 1 %}
+        ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
+
+        SET_IDLE_TIMEOUT TIMEOUT={printer.configfile.settings.idle_timeout.timeout}  ; set timeout back to configured value
+        {% if etemp > 0 %}
+            M109 S{etemp|int}                                                        ; wait for hotend to heat back up
+        {% endif %}
+        RESTORE_GCODE_STATE NAME=PAUSEPARK MOVE=1 MOVE_SPEED=100                     ; go back to parked position in case toolhead was moved during pause (otherwise the return zhop can error)
+        G91                                                                          ; relative positioning
+        M83                                                                          ; relative extruder positioning
+        {% if printer[printer.toolhead.extruder].temperature >= printer.configfile.settings.extruder.min_extrude_temp %}
+            G1 Z{zhop * -1} E{e} F900                                                ; prime nozzle by E, lower Z back down
+        {% else %}
+            G1 Z{zhop * -1} F900                                                     ; lower Z back down without priming (just in case we are testing the macro with cold hotend)
+        {% endif %}
+        RESTORE_GCODE_STATE NAME=PAUSE MOVE=1 MOVE_SPEED=60                          ; restore position
+        BASE_RESUME                                                                  ; resume print
+    {% endif %}
+
+[gcode_macro _CG28]
+# Conditional homing
+gcode:
+    {% if "xyz" not in printer.toolhead.homed_axes %}
+        G28
+    {% endif %}
+
+[gcode_macro BEEP]
+description: BEEP I=3 DUR=200 FREQ=2000: Beep 3 times, for 200ms each, at 2kHz frequency.
+gcode:
+    # Parameters
+    {% set i = params.I|default(1)|int %}           ; Iterations (number of times to beep).
+    {% set dur = params.DUR|default(100)|int %}     ; Duration/wait of each beep in ms. Default 100ms.
+    {% set freq = params.FREQ|default(2000)|int %}  ; Frequency in Hz. Default 2kHz.
+
+    {% for iteration in range(i|int) %}
+        SET_PIN PIN=beeper VALUE=0.8 CYCLE_TIME={ 1.0/freq if freq > 0 else 1 }
+        G4 P{dur}
+        SET_PIN PIN=beeper VALUE=0
+        G4 P{dur}
+    {% endfor %}
--- a/modules/services/printer/default.nix
+++ b/modules/services/printer/default.nix
@@ -0,0 +1,18 @@
+#
+#  Services
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ home.nix
+#   └─ ./modules
+#       └─ ./services
+#           └─ default.nix *
+#               └─ ...
+#
+
+[
+  ./klipper.nix
+]
+
+# picom, polybar and sxhkd are pulled from desktop module
+# redshift temporarely disables
--- a/modules/services/printer/firmware.conf
+++ b/modules/services/printer/firmware.conf
@@ -0,0 +1,110 @@
+CONFIG_LOW_LEVEL_OPTIONS=y
+# CONFIG_MACH_AVR is not set
+# CONFIG_MACH_ATSAM is not set
+# CONFIG_MACH_ATSAMD is not set
+# CONFIG_MACH_LPC176X is not set
+CONFIG_MACH_STM32=y
+# CONFIG_MACH_HC32F460 is not set
+# CONFIG_MACH_RP2040 is not set
+# CONFIG_MACH_PRU is not set
+# CONFIG_MACH_AR100 is not set
+# CONFIG_MACH_LINUX is not set
+# CONFIG_MACH_SIMU is not set
+CONFIG_BOARD_DIRECTORY="stm32"
+CONFIG_MCU="stm32f103xe"
+CONFIG_CLOCK_FREQ=72000000
+CONFIG_SERIAL=y
+CONFIG_FLASH_SIZE=0x10000
+CONFIG_FLASH_BOOT_ADDRESS=0x8000000
+CONFIG_RAM_START=0x20000000
+CONFIG_RAM_SIZE=0x5000
+CONFIG_STACK_SIZE=512
+CONFIG_FLASH_APPLICATION_ADDRESS=0x8007000
+CONFIG_STM32_SELECT=y
+CONFIG_MACH_STM32F103=y
+# CONFIG_MACH_STM32F207 is not set
+# CONFIG_MACH_STM32F401 is not set
+# CONFIG_MACH_STM32F405 is not set
+# CONFIG_MACH_STM32F407 is not set
+# CONFIG_MACH_STM32F429 is not set
+# CONFIG_MACH_STM32F446 is not set
+# CONFIG_MACH_STM32F765 is not set
+# CONFIG_MACH_STM32F031 is not set
+# CONFIG_MACH_STM32F042 is not set
+# CONFIG_MACH_STM32F070 is not set
+# CONFIG_MACH_STM32F072 is not set
+# CONFIG_MACH_STM32G070 is not set
+# CONFIG_MACH_STM32G071 is not set
+# CONFIG_MACH_STM32G0B0 is not set
+# CONFIG_MACH_STM32G0B1 is not set
+# CONFIG_MACH_STM32G431 is not set
+# CONFIG_MACH_STM32G474 is not set
+# CONFIG_MACH_STM32H723 is not set
+# CONFIG_MACH_STM32H743 is not set
+# CONFIG_MACH_STM32H750 is not set
+# CONFIG_MACH_STM32L412 is not set
+# CONFIG_MACH_N32G452 is not set
+# CONFIG_MACH_N32G455 is not set
+# CONFIG_MACH_STM32F103x6 is not set
+CONFIG_MACH_STM32F1=y
+CONFIG_HAVE_STM32_USBFS=y
+CONFIG_HAVE_STM32_CANBUS=y
+CONFIG_STM32F103GD_DISABLE_SWD=y
+CONFIG_STM32_DFU_ROM_ADDRESS=0
+# CONFIG_STM32_FLASH_START_2000 is not set
+# CONFIG_STM32_FLASH_START_5000 is not set
+CONFIG_STM32_FLASH_START_7000=y
+# CONFIG_STM32_FLASH_START_8000 is not set
+# CONFIG_STM32_FLASH_START_8800 is not set
+# CONFIG_STM32_FLASH_START_9000 is not set
+# CONFIG_STM32_FLASH_START_10000 is not set
+# CONFIG_STM32_FLASH_START_800 is not set
+# CONFIG_STM32_FLASH_START_1000 is not set
+# CONFIG_STM32_FLASH_START_4000 is not set
+# CONFIG_STM32_FLASH_START_0000 is not set
+CONFIG_STM32_CLOCK_REF_8M=y
+# CONFIG_STM32_CLOCK_REF_12M is not set
+# CONFIG_STM32_CLOCK_REF_16M is not set
+# CONFIG_STM32_CLOCK_REF_20M is not set
+# CONFIG_STM32_CLOCK_REF_24M is not set
+# CONFIG_STM32_CLOCK_REF_25M is not set
+# CONFIG_STM32_CLOCK_REF_INTERNAL is not set
+CONFIG_CLOCK_REF_FREQ=8000000
+CONFIG_STM32F0_TRIM=16
+# CONFIG_STM32_USB_PA11_PA12 is not set
+CONFIG_STM32_SERIAL_USART1=y
+# CONFIG_STM32_SERIAL_USART1_ALT_PB7_PB6 is not set
+# CONFIG_STM32_SERIAL_USART2 is not set
+# CONFIG_STM32_SERIAL_USART2_ALT_PD6_PD5 is not set
+# CONFIG_STM32_SERIAL_USART3 is not set
+# CONFIG_STM32_SERIAL_USART3_ALT_PD9_PD8 is not set
+# CONFIG_STM32_CANBUS_PA11_PA12 is not set
+# CONFIG_STM32_CANBUS_PA11_PB9 is not set
+# CONFIG_STM32_MMENU_CANBUS_PB8_PB9 is not set
+# CONFIG_STM32_MMENU_CANBUS_PD0_PD1 is not set
+CONFIG_SERIAL_BAUD=250000
+CONFIG_USB_VENDOR_ID=0x1d50
+CONFIG_USB_DEVICE_ID=0x614e
+CONFIG_USB_SERIAL_NUMBER="12345"
+CONFIG_WANT_GPIO_BITBANGING=y
+CONFIG_WANT_DISPLAYS=y
+CONFIG_WANT_SENSORS=y
+CONFIG_WANT_LIS2DW=y
+CONFIG_WANT_LDC1612=y
+CONFIG_WANT_HX71X=y
+CONFIG_WANT_ADS1220=y
+CONFIG_WANT_SOFTWARE_I2C=y
+CONFIG_WANT_SOFTWARE_SPI=y
+CONFIG_NEED_SENSOR_BULK=y
+CONFIG_CANBUS_FREQUENCY=1000000
+CONFIG_INITIAL_PINS=""
+CONFIG_HAVE_GPIO=y
+CONFIG_HAVE_GPIO_ADC=y
+CONFIG_HAVE_GPIO_SPI=y
+CONFIG_HAVE_GPIO_I2C=y
+CONFIG_HAVE_GPIO_HARD_PWM=y
+CONFIG_HAVE_STRICT_TIMING=y
+CONFIG_HAVE_CHIPID=y
+CONFIG_HAVE_STEPPER_BOTH_EDGE=y
+CONFIG_HAVE_BOOTLOADER_REQUEST=y
+CONFIG_INLINE_STEPPER_HACK=y
--- a/modules/services/printer/klipper.nix
+++ b/modules/services/printer/klipper.nix
@@ -0,0 +1,101 @@
+{ lib, config, pkgs, ... }:
+
+{
+    environment = {
+      systemPackages = with pkgs; [
+         klipperscreen
+      ];
+    };
+
+    services = {
+      klipper = {
+        enable = true;
+	user = "moonraker";
+	group = "moonraker";
+	configFile = ./printer.cfg;
+	mutableConfig = true;
+	configDir = "/var/lib/moonraker/config";
+	firmwares."sovol06" = {
+	  serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
+	  enableKlipperFlash = true;
+	  enable = true;
+	  configFile = ./firmware.conf;
+	};
+      };
+
+      mainsail = {
+        enable = true;
+	nginx = {
+	  enableACME = false;
+	  #useACMEHost = "home.opel-online.de";
+	  serverName = "nbf5.home.opel-online.de";
+	  #onlySSL = true;
+	  #listenAddresses = [ "0.0.0.0" "::" ];
+	  #forceSSL = true;
+        };
+      };
+
+      moonraker = {
+        enable = true;
+	allowSystemControl = true;
+        address = "0.0.0.0";
+        settings = {
+          authorization = {
+            force_logins = true;
+            cors_domains = [
+              "*://nbf5.home.opel-online.de"
+              "*.local"
+            ];
+            trusted_clients = [
+              "127.0.0.0/8"
+              "192.168.2.0/24"
+            ];
+          };
+	  file_manager = {
+	    enable_object_processing = true;
+	  };
+        };
+      };
+
+#      nginx = {
+#        enable = true;
+#        recommendedProxySettings = true;
+#        recommendedTlsSettings = true;
+#        recommendedGzipSettings = true;
+#        recommendedOptimisation = true;
+#        virtualHosts = {
+#          "ci.kabtop.de" = {
+#            enableACME = true;
+#            forceSSL = true;
+#            default = true;
+#            locations."/".return = "503";
+#          };
+#          "hydra.ci.kabtop.de" = {
+#            enableACME = true;
+#            forceSSL = true;
+#            locations."/" = {
+#              proxyPass = "http://localhost:3000";
+#              extraConfig = ''
+#                proxy_set_header X-Forwarded-Port 443;
+#              '';
+#            };
+#          };
+#          "cache.ci.kabtop.de" = {
+#            enableACME = true;
+#            forceSSL = true;
+#            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+#          };
+#        };
+#      };
+#    };
+#
+#    security.acme = {
+#      acceptTerms = true;
+#      defaults = {
+#        email = "webmaster@kabtop.de";
+#        webroot = "/var/lib/acme/acme-challenge";
+#        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+#      };
+    };
+    
+}
--- a/modules/services/printer/mainsail.cfg
+++ b/modules/services/printer/mainsail.cfg
@@ -0,0 +1,313 @@
+## Client klipper macro definitions
+##
+## Copyright (C) 2022 Alex Zellner <alexander.zellner@googlemail.com>
+##
+## This file may be distributed under the terms of the GNU GPLv3 license
+##
+## !!! This file is read-only. Maybe the used editor indicates that. !!!
+##
+## Customization:
+##   1) copy the gcode_macro _CLIENT_VARIABLE (see below) to your printer.cfg
+##   2) remove the comment mark (#) from all lines
+##   3) change any value in there to your needs
+##
+## Use the PAUSE macro direct in your M600:
+##  e.g. with a different park position front left and a minimal height of 50 
+##    [gcode_macro M600]
+##    description: Filament change
+##    gcode: PAUSE X=10 Y=10 Z_MIN=50
+##  Z_MIN will park the toolhead at a minimum of 50 mm above to bed to make it easier for you to swap filament.
+##
+## Client variable macro for your printer.cfg
+#[gcode_macro _CLIENT_VARIABLE]
+#variable_use_custom_pos   : False ; use custom park coordinates for x,y [True/False]
+#variable_custom_park_x    : 0.0   ; custom x position; value must be within your defined min and max of X
+#variable_custom_park_y    : 0.0   ; custom y position; value must be within your defined min and max of Y
+#variable_custom_park_dz   : 2.0   ; custom dz value; the value in mm to lift the nozzle when move to park position
+#variable_retract          : 1.0   ; the value to retract while PAUSE
+#variable_cancel_retract   : 5.0   ; the value to retract while CANCEL_PRINT
+#variable_speed_retract    : 35.0  ; retract speed in mm/s
+#variable_unretract        : 1.0   ; the value to unretract while RESUME
+#variable_speed_unretract  : 35.0  ; unretract speed in mm/s
+#variable_speed_hop        : 15.0  ; z move speed in mm/s
+#variable_speed_move       : 100.0 ; move speed in mm/s
+#variable_park_at_cancel   : False ; allow to move the toolhead to park while execute CANCEL_PRINT [True/False]
+#variable_park_at_cancel_x : None  ; different park position during CANCEL_PRINT [None/Position as Float]; park_at_cancel must be True
+#variable_park_at_cancel_y : None  ; different park position during CANCEL_PRINT [None/Position as Float]; park_at_cancel must be True
+## !!! Caution [firmware_retraction] must be defined in the printer.cfg if you set use_fw_retract: True !!!
+#variable_use_fw_retract   : False ; use fw_retraction instead of the manual version [True/False]
+#variable_idle_timeout     : 0     ; time in sec until idle_timeout kicks in. Value 0 means that no value will be set or restored
+#variable_runout_sensor    : ""    ; If a sensor is defined, it will be used to cancel the execution of RESUME in case no filament is detected.
+##                                   Specify the config name of the runout sensor e.g "filament_switch_sensor runout". Hint use the same as in your printer.cfg
+## !!! Custom macros, please use with care and review the section of the corresponding macro.
+## These macros are for simple operations like setting a status LED. Please make sure your macro does not interfere with the basic macro functions.
+## Only  single line commands are supported, please create a macro if you need more than one command.
+#variable_user_pause_macro : ""    ; Everything inside the "" will be executed after the klipper base pause (PAUSE_BASE) function
+#variable_user_resume_macro: ""    ; Everything inside the "" will be executed before the klipper base resume (RESUME_BASE) function
+#variable_user_cancel_macro: ""    ; Everything inside the "" will be executed before the klipper base cancel (CANCEL_PRINT_BASE) function
+#gcode:
+
+[virtual_sdcard]
+path: ~/printer_data/gcodes
+on_error_gcode: CANCEL_PRINT
+
+[pause_resume]
+#recover_velocity: 50.
+#   When capture/restore is enabled, the speed at which to return to
+#   the captured position (in mm/s). Default is 50.0 mm/s.
+
+[display_status]
+
+[respond]
+
+[gcode_macro CANCEL_PRINT]
+description: Cancel the actual running print
+rename_existing: CANCEL_PRINT_BASE
+gcode:
+  ##### get user parameters or use default #####
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set allow_park = client.park_at_cancel|default(false)|lower == 'true' %}
+  {% set retract = client.cancel_retract|default(5.0)|abs %}
+  ##### define park position #####
+  {% set park_x = "" if (client.park_at_cancel_x|default(none) is none)
+            else "X=" ~ client.park_at_cancel_x %}
+  {% set park_y = "" if (client.park_at_cancel_y|default(none) is none)
+            else "Y=" ~ client.park_at_cancel_y %}
+  {% set custom_park = park_x|length > 0 or park_y|length > 0 %}
+  ##### end of definitions #####
+  # restore idle_timeout time if needed
+  {% if printer['gcode_macro RESUME'].restore_idle_timeout > 0 %}
+    SET_IDLE_TIMEOUT TIMEOUT={printer['gcode_macro RESUME'].restore_idle_timeout}
+  {% endif %}
+  {% if (custom_park or not printer.pause_resume.is_paused) and allow_park %} _TOOLHEAD_PARK_PAUSE_CANCEL {park_x} {park_y} {% endif %}
+  _CLIENT_RETRACT LENGTH={retract}
+  TURN_OFF_HEATERS
+  M106 S0
+  {client.user_cancel_macro|default("")}
+  SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=idle_state VALUE=False
+  # clear pause_next_layer and pause_at_layer as preparation for next print
+  SET_PAUSE_NEXT_LAYER ENABLE=0
+  SET_PAUSE_AT_LAYER ENABLE=0 LAYER=0
+  CANCEL_PRINT_BASE
+
+[gcode_macro PAUSE]
+description: Pause the actual running print
+rename_existing: PAUSE_BASE
+gcode:
+  ##### get user parameters or use default ##### 
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set idle_timeout = client.idle_timeout|default(0) %}
+  {% set temp = printer[printer.toolhead.extruder].target if printer.toolhead.extruder != '' else 0 %}
+  {% set restore = False if printer.toolhead.extruder == ''
+              else True  if params.RESTORE|default(1)|int == 1 else False %}
+  ##### end of definitions #####
+  SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=last_extruder_temp VALUE="{{'restore': restore, 'temp': temp}}"
+  # set a new idle_timeout value
+  {% if idle_timeout > 0 %}
+    SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=restore_idle_timeout VALUE={printer.configfile.settings.idle_timeout.timeout}
+    SET_IDLE_TIMEOUT TIMEOUT={idle_timeout}
+  {% endif %}
+  PAUSE_BASE
+  {client.user_pause_macro|default("")}
+  _TOOLHEAD_PARK_PAUSE_CANCEL {rawparams}
+
+[gcode_macro RESUME]
+description: Resume the actual running print
+rename_existing: RESUME_BASE
+variable_last_extruder_temp: {'restore': False, 'temp': 0}
+variable_restore_idle_timeout: 0
+variable_idle_state: False
+gcode:
+  ##### get user parameters or use default #####
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set velocity = printer.configfile.settings.pause_resume.recover_velocity %}
+  {% set sp_move = client.speed_move|default(velocity) %}
+  {% set runout_resume = True if client.runout_sensor|default("") == ""     # no runout
+                    else True if not printer[client.runout_sensor].enabled  # sensor is disabled
+                    else printer[client.runout_sensor].filament_detected %} # sensor status
+  {% set can_extrude = True if printer.toolhead.extruder == ''           # no extruder defined in config
+                  else printer[printer.toolhead.extruder].can_extrude %} # status of active extruder
+  {% set do_resume = False %}
+  {% set prompt_txt = [] %}
+  ##### end of definitions #####
+  #### Printer comming from timeout idle state ####
+  {% if printer.idle_timeout.state|upper == "IDLE" or idle_state %}
+    SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=idle_state VALUE=False
+    {% if last_extruder_temp.restore %}
+      # we need to use the unicode (\u00B0) for the ° as py2 env's would throw an error otherwise 
+      RESPOND TYPE=echo MSG='{"Restoring \"%s\" temperature to %3.1f\u00B0C, this may take some time" % (printer.toolhead.extruder, last_extruder_temp.temp) }'
+      M109 S{last_extruder_temp.temp}
+      {% set do_resume = True %}
+    {% elif can_extrude %}
+      {% set do_resume = True %}
+    {% else %} 
+      RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder}'
+      {% set _d = prompt_txt.append("\"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder) %}
+    {% endif %}
+  #### Printer comming out of regular PAUSE state ####
+  {% elif can_extrude %}
+    {% set do_resume = True %}
+  {% else %}
+    RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder}'
+    {% set _d = prompt_txt.append("\"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder) %}
+  {% endif %}
+  {% if runout_resume %}
+    {% if do_resume %}
+      {% if restore_idle_timeout > 0 %} SET_IDLE_TIMEOUT TIMEOUT={restore_idle_timeout} {% endif %} # restore idle_timeout time
+      {client.user_resume_macro|default("")}
+      _CLIENT_EXTRUDE
+      RESUME_BASE VELOCITY={params.VELOCITY|default(sp_move)}
+    {% endif %}
+  {% else %}
+    RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" detects no filament, please load filament and press RESUME" % (client.runout_sensor.split(" "))[1]}'
+    {% set _d = prompt_txt.append("\"%s\" detects no filament, please load filament and press RESUME" % (client.runout_sensor.split(" "))[1]) %}
+  {% endif %}
+  ##### Generate User Information box in case of abort #####
+  {% if not (runout_resume and do_resume) %} 
+    RESPOND TYPE=command MSG="action:prompt_begin RESUME aborted !!!"
+    {% for element in prompt_txt %}
+      RESPOND TYPE=command MSG='{"action:prompt_text %s" % element}' 
+    {% endfor %}
+    RESPOND TYPE=command MSG="action:prompt_footer_button Ok|RESPOND TYPE=command MSG=action:prompt_end|info"
+    RESPOND TYPE=command MSG="action:prompt_show"
+  {% endif %}
+  
+# Usage: SET_PAUSE_NEXT_LAYER [ENABLE=[0|1]] [MACRO=<name>]
+[gcode_macro SET_PAUSE_NEXT_LAYER]
+description: Enable a pause if the next layer is reached
+gcode:
+  {% set pause_next_layer = printer['gcode_macro SET_PRINT_STATS_INFO'].pause_next_layer %}
+  {% set ENABLE = params.ENABLE|default(1)|int != 0 %}
+  {% set MACRO = params.MACRO|default(pause_next_layer.call, True) %}
+  SET_GCODE_VARIABLE MACRO=SET_PRINT_STATS_INFO VARIABLE=pause_next_layer VALUE="{{ 'enable': ENABLE, 'call': MACRO }}"
+
+# Usage: SET_PAUSE_AT_LAYER [ENABLE=[0|1]] [LAYER=<number>] [MACRO=<name>]
+[gcode_macro SET_PAUSE_AT_LAYER]
+description: Enable/disable a pause if a given layer number is reached
+gcode:
+  {% set pause_at_layer = printer['gcode_macro SET_PRINT_STATS_INFO'].pause_at_layer %}
+  {% set ENABLE = params.ENABLE|int != 0 if params.ENABLE is defined
+             else params.LAYER is defined %}
+  {% set LAYER = params.LAYER|default(pause_at_layer.layer)|int %}
+  {% set MACRO = params.MACRO|default(pause_at_layer.call, True) %}
+  SET_GCODE_VARIABLE MACRO=SET_PRINT_STATS_INFO VARIABLE=pause_at_layer VALUE="{{ 'enable': ENABLE, 'layer': LAYER, 'call': MACRO }}"
+
+# Usage: SET_PRINT_STATS_INFO [TOTAL_LAYER=<total_layer_count>] [CURRENT_LAYER= <current_layer>]
+[gcode_macro SET_PRINT_STATS_INFO]
+rename_existing: SET_PRINT_STATS_INFO_BASE
+description: Overwrite, to get pause_next_layer and pause_at_layer feature
+variable_pause_next_layer: { 'enable': False, 'call': "PAUSE" }
+variable_pause_at_layer  : { 'enable': False, 'layer': 0, 'call': "PAUSE" }
+gcode:
+  {% if pause_next_layer.enable %}
+    RESPOND TYPE=echo MSG='{"%s, forced by pause_next_layer" % pause_next_layer.call}'
+    {pause_next_layer.call} ; execute the given gcode to pause, should be either M600 or PAUSE
+    SET_PAUSE_NEXT_LAYER ENABLE=0
+  {% elif pause_at_layer.enable and params.CURRENT_LAYER is defined and params.CURRENT_LAYER|int == pause_at_layer.layer %}
+    RESPOND TYPE=echo MSG='{"%s, forced by pause_at_layer [%d]" % (pause_at_layer.call, pause_at_layer.layer)}'
+    {pause_at_layer.call} ; execute the given gcode to pause, should be either M600 or PAUSE
+    SET_PAUSE_AT_LAYER ENABLE=0
+  {% endif %}
+  SET_PRINT_STATS_INFO_BASE {rawparams}
+  
+##### internal use #####
+[gcode_macro _TOOLHEAD_PARK_PAUSE_CANCEL]
+description: Helper: park toolhead used in PAUSE and CANCEL_PRINT
+gcode:
+  ##### get user parameters or use default #####
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set velocity = printer.configfile.settings.pause_resume.recover_velocity %}
+  {% set use_custom     = client.use_custom_pos|default(false)|lower == 'true' %}
+  {% set custom_park_x  = client.custom_park_x|default(0.0) %}
+  {% set custom_park_y  = client.custom_park_y|default(0.0) %}
+  {% set park_dz        = client.custom_park_dz|default(2.0)|abs %}
+  {% set sp_hop         = client.speed_hop|default(15) * 60 %}
+  {% set sp_move        = client.speed_move|default(velocity) * 60 %}
+  ##### get config and toolhead values #####
+  {% set origin    = printer.gcode_move.homing_origin %}
+  {% set act       = printer.gcode_move.gcode_position %}
+  {% set max       = printer.toolhead.axis_maximum %}
+  {% set cone      = printer.toolhead.cone_start_z|default(max.z) %} ; height as long the toolhead can reach max and min of an delta
+  {% set round_bed = True if printer.configfile.settings.printer.kinematics is in ['delta','polar','rotary_delta','winch']
+                else False %}
+  ##### define park position #####
+  {% set z_min = params.Z_MIN|default(0)|float %}
+  {% set z_park = [[(act.z + park_dz), z_min]|max, (max.z - origin.z)]|min %}
+  {% set x_park = params.X       if params.X is defined
+             else custom_park_x  if use_custom
+             else 0.0            if round_bed
+             else (max.x - 5.0) %}
+  {% set y_park = params.Y       if params.Y is defined
+             else custom_park_y  if use_custom
+             else (max.y - 5.0)  if round_bed and z_park < cone
+             else 0.0            if round_bed
+             else (max.y - 5.0) %}
+  ##### end of definitions #####
+  _CLIENT_RETRACT
+  {% if "xyz" in printer.toolhead.homed_axes %}
+    G90
+    G1 Z{z_park} F{sp_hop}
+    G1 X{x_park} Y{y_park} F{sp_move}
+    {% if not printer.gcode_move.absolute_coordinates %} G91 {% endif %}
+  {% else %}
+    RESPOND TYPE=echo MSG='Printer not homed'
+  {% endif %}
+  
+[gcode_macro _CLIENT_EXTRUDE]
+description: Extrudes, if the extruder is hot enough
+gcode:
+  ##### get user parameters or use default #####
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set use_fw_retract = (client.use_fw_retract|default(false)|lower == 'true') and (printer.firmware_retraction is defined) %}
+  {% set length = params.LENGTH|default(client.unretract)|default(1.0)|float %}
+  {% set speed = params.SPEED|default(client.speed_unretract)|default(35) %}
+  {% set absolute_extrude = printer.gcode_move.absolute_extrude %}
+  ##### end of definitions #####
+  {% if printer.toolhead.extruder != '' %}
+    {% if printer[printer.toolhead.extruder].can_extrude %}
+      {% if use_fw_retract %}
+        {% if length < 0 %}
+          G10
+        {% else %}
+          G11
+        {% endif %}
+      {% else %}
+        M83
+        G1 E{length} F{(speed|float|abs) * 60}
+        {% if absolute_extrude %}
+          M82
+        {% endif %}
+      {% endif %}
+    {% else %}
+      RESPOND TYPE=echo MSG='{"\"%s\" not hot enough" % printer.toolhead.extruder}'
+    {% endif %}
+  {% endif %}
+
+[gcode_macro _CLIENT_RETRACT]
+description: Retracts, if the extruder is hot enough
+gcode:
+  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
+  {% set length = params.LENGTH|default(client.retract)|default(1.0)|float %}
+  {% set speed = params.SPEED|default(client.speed_retract)|default(35) %}
+
+  _CLIENT_EXTRUDE LENGTH=-{length|float|abs} SPEED={speed|float|abs}
+
+[gcode_macro _CLIENT_LINEAR_MOVE]
+description: Linear move with save and restore of the gcode state
+gcode:
+  {% set x_move = "X" ~ params.X if params.X is defined else "" %}
+  {% set y_move = "Y" ~ params.Y if params.Y is defined else "" %}
+  {% set z_move = "Z" ~ params.Z if params.Z is defined else "" %}
+  {% set e_move = "E" ~ params.E if params.E is defined else "" %}
+  {% set rate = "F" ~ params.F if params.F is defined else "" %}
+  {% set ABSOLUTE = params.ABSOLUTE | default(0) | int != 0 %}
+  {% set ABSOLUTE_E = params.ABSOLUTE_E | default(0) | int != 0 %}
+  SAVE_GCODE_STATE NAME=_client_movement
+  {% if x_move or y_move or z_move %}
+    G9{ 0 if ABSOLUTE else 1 }
+  {% endif %}
+  {% if e_move %}
+    M8{ 2 if ABSOLUTE_E else 3 }
+  {% endif %}
+  G1 { x_move } { y_move } { z_move } { e_move } { rate }
+  RESTORE_GCODE_STATE NAME=_client_movement
--- a/modules/services/printer/nginx.nix
+++ b/modules/services/printer/nginx.nix
@@ -0,0 +1,53 @@
+#
+# System notifications
+#
+
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    virtualHosts = {
+      "home.opel-online.de" = {
+        enableACME = true;
+        forceSSL = true;
+        default = true;
+        locations."/".return = "503";
+      };
+    };
+  };
+    
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "webmaster@opel-online.de";
+#      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      dnsResolver = "9.9.9.9:53";
+    };
+    certs = {
+      "home.opel-online.de" = {
+        domain = "*.home.opel-online.de";
+        dnsProvider = "netcup";
+        environmentFile = config.age.secrets."services/acme/opel-online".path;
+        webroot = null;
+      };
+    };
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedUDPPorts = [  ];
+    allowedTCPPorts = [ 80 443 ];
+  };
+
+  age.secrets."services/acme/opel-online" = {
+    file = ../../../secrets/services/acme/opel-online.age;
+    owner = "acme";
+  };
+
+}
--- a/Show More
+++ b/Show More