flake update

enable imaginary and cleanup
remove whiteboard collab
2025-12-13 10:30:58 +01:00 · 2025-12-07 11:53:30 +01:00 · 2025-12-07 11:43:17 +01:00 · 2025-12-07 11:24:36 +01:00 · 2025-12-06 16:48:39 +01:00 · 2025-11-30 18:02:54 +01:00
188 changed files with 9091 additions and 1334 deletions
--- a/README.md
+++ b/README.md
@@ -1,2 +1,34 @@
 # nixos-config
 ## Install
 ### Patitioning
 - Easiest is to run [disko](https://git.kabtop.de/Kabbone/nixos-config/src/branch/main/disko)
 - **Classic way:**
 Partition disk with gdisk:
 1. EFI Partition, size 512M, type "EF00", Label "NIXBOOT"
 2. Root Partition, size 100%, type "8300", Label "NIXROOT"
 ### Installing
 1. mount all the partitions and subvolumes to /mnt
 2. generate initial nixos config
 ```
 # nixos-generate-config --root /mnt
 ```
 3. clone flake and check config
 ```
 # cd /mnt/etc/nixos/
 # git clone https://git.kabtop.de/Kabbone/nixos-config.git
 ```
 4. install system
 ```
 # nixos-install --flake .#<host>
 ```
 5. reboot
--- a/disko/README.md
+++ b/disko/README.md
@@ -0,0 +1,37 @@
 ## Step by step
 1. Boot the [installer](https://nixos.org/download.html#nixos-iso)
 2. Get disk name 
 ```
 $ lsblk
 ```
 3. Get disko config
 ```
 $ curl https://git.kabtop.de/Kabbone/nixos-config/raw/branch/main/disko/btrfs_luks.nix -o /tmp/disko-config.nix
 ```
 4. Adjust device name
 5. Let disko partition the disk
 ```
 $ sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disko-config.nix
 ```
 6. Check if it got mounted
 ```
 $ mount | grep /mnt
 ```
 7. Continue with NixOS installation
 Filesystem definitions come from disko, hence "--no-filesystems"
 ```
 $ nixos-generate-config --no-filesystems --root /mnt
 $ mv /tmp/disko-config.nix /mnt/etc/nixos
 ```
 **Alternative:** continue with normal hardware-config
 ```
 $ nixos-generate-config --root /mnt
 ```
--- a/disko/btrfs.nix
+++ b/disko/btrfs.nix
@@ -0,0 +1,65 @@
 {
  disko.devices = {
    disk = {
      nvme0n1 = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                extraArgs = [ "-n" "NIXBOOT" ];
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
                ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "btrfs";
                extraArgs = [ "-f" "-L" "NIXROOT" ];
                subvolumes = {
                  "@" = {
                    mountpoint = "/";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@home" = {
                    mountpoint = "/home";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@nix" = {
                    mountpoint = "/nix";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@snapshots" = {
                    mountpoint = "/mnt";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@srv" = {
                    mountpoint = "/srv";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@var" = {
                    mountpoint = "/var";
                    mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                  };
                  "@swap" = {
                    mountpoint = "/swap";
                    swap.swapfile.size = "8G";
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
--- a/disko/btrfs_luks.nix
+++ b/disko/btrfs_luks.nix
@@ -0,0 +1,79 @@
 {
  disko.devices = {
    disk = {
      nvme0n1 = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                extraArgs = [ "-n NIXBOOT" ];
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
                ];
              };
            };
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "crypted";
                askPassword = true;
                # disable settings.keyFile if you want to use interactive password entry
                #passwordFile = "/tmp/secret.key"; # Interactive
                settings = {
                  allowDiscards = true;
                };
                content = {
                  type = "btrfs";
                  extraArgs = [ "-f -L NIXROOT" ];
                  subvolumes = {
                    "@" = {
                      mountpoint = "/";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@home" = {
                      mountpoint = "/home";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@nix" = {
                      mountpoint = "/nix";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@opt" = {
                      mountpoint = "/opt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@snapshots" = {
                      mountpoint = "/mnt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@srv" = {
                      mountpoint = "/srv";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@var" = {
                      mountpoint = "/var";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@swap" = {
                      mountpoint = "/swap";
                      swap.swapfile.size = "8G";
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
--- a/disko/mount.sh
+++ b/disko/mount.sh
@@ -0,0 +1,11 @@
 #!/usr/bin/env bash
 disk="/dev/vda"
 mountpoint="/mnt"
 mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
 mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
 mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
 mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
 mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
 mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap
--- a/disko/nas_luks.nix
+++ b/disko/nas_luks.nix
@@ -0,0 +1,47 @@
 {
  disko.devices = {
    disk = {
      sda = {
        type = "disk";
        device = "/dev/sda";
        content = {
          type = "gpt";
          partitions = {
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "NAS-RAID";
                askPassword = true;
                # disable settings.keyFile if you want to use interactive password entry
                #passwordFile = "/tmp/secret.key"; # Interactive
                settings = {
                  allowDiscards = true;
                };
                content = {
                  type = "btrfs";
                  extraArgs = [ "-f -L NAS-RAID" ];
                  subvolumes = {
                    "@" = {
                      mountpoint = "/mnt/Pluto";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@/Backups";
                    "@/Media";
                    "@/Games";
                    "@/IT";
                    "@/Rest";
                    "@snapshots" = {
                      mountpoint = "/mnt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -6,14 +6,15 @@
        "home-manager": "home-manager",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1683866323,
+        "lastModified": 1762618334,
-        "narHash": "sha256-M2bEuh2jr0Ec13GnP5f8unD8q0AcPt2fHSUynOZJ8No=",
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "92197270a1eedd142a4aff853e4cc6d1e838c22f",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
        "type": "github"
      },
      "original": {
@@ -22,6 +23,21 @@
        "type": "github"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1765145449,
        "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@@ -30,11 +46,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1673295039,
+        "lastModified": 1744478979,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
@@ -44,6 +60,62 @@
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1761588595,
        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -52,11 +124,31 @@
        ]
      },
      "locked": {
-        "lastModified": 1682203081,
+        "lastModified": 1745494811,
-        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager-unstable": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
        "lastModified": 1765606130,
        "narHash": "sha256-KOP4QnkiRwiD5KEOr6ceF67rfTP1OqPmCCft6xDC3k4=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "d787ec69c3216ea33be1c0424fe65cb23aa8fb31",
        "type": "github"
      },
      "original": {
@@ -72,70 +164,131 @@
        ]
      },
      "locked": {
-        "lastModified": 1683929392,
+        "lastModified": 1765605144,
-        "narHash": "sha256-qJddrb/bgS58AXAv25iv5xJ+69G5g7FAYCWec1lLnW0=",
+        "narHash": "sha256-RM2xs+1HdHxesjOelxoA3eSvXShC8pmBvtyTke4Ango=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "eec22729990ddf53d1e45e74624ddf667cdbe11b",
+        "rev": "90b62096f099b73043a747348c11dbfcfbdea949",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
-    "hyprland": {
+    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "jovian-nixos": {
      "inputs": {
-        "hyprland-protocols": "hyprland-protocols",
+        "nix-github-actions": "nix-github-actions",
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
        "lastModified": 1765526639,
        "narHash": "sha256-4U8crbUT3PDQdqhaMLnVaxnciBlcnDAw8XAJaXiS0pA=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
        "rev": "457a55ed77a105088a47cb55b9eccf7768559451",
        "type": "github"
      },
      "original": {
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "wlroots": "wlroots",
+        "pre-commit": "pre-commit",
-        "xdph": "xdph"
+        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1683850587,
+        "lastModified": 1765382359,
-        "narHash": "sha256-ncnstS+f6kgTTqyT0+6Kjnro3PY9KtXh79MBMjRgAnM=",
+        "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",
-        "owner": "vaxerski",
+        "owner": "nix-community",
-        "repo": "Hyprland",
+        "repo": "lanzaboote",
-        "rev": "cc01550aff70a0cbee5b62db5f4a08789244998f",
+        "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",
        "type": "github"
      },
      "original": {
-        "owner": "vaxerski",
+        "owner": "nix-community",
-        "repo": "Hyprland",
+        "ref": "master",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
-    "hyprland-protocols": {
+    "microvm": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
        "spectrum": "spectrum"
      },
      "locked": {
        "lastModified": 1765456745,
        "narHash": "sha256-vJ6Ikk9tV7HuDsn/I90y14w+sNtLmAYfdm5S+yBzrCA=",
        "owner": "astro",
        "repo": "microvm.nix",
        "rev": "f5c1bbfd4cf686ec1822ccaeb634a8b93ee5120f",
        "type": "github"
      },
      "original": {
        "owner": "astro",
        "repo": "microvm.nix",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
-          "hyprland",
+          "jovian-nixos",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1681065697,
+        "lastModified": 1729697500,
-        "narHash": "sha256-QPzwwlGKX95tl6ZEshboZbEwwAXww6lNLdVYd6T9Mrc=",
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
-        "owner": "hyprwm",
+        "owner": "zhaofengli",
-        "repo": "hyprland-protocols",
+        "repo": "nix-github-actions",
-        "rev": "4d29e48433270a2af06b8bc711ca1fe5109746cd",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "zhaofengli",
-        "repo": "hyprland-protocols",
+        "ref": "matrix-name",
        "repo": "nix-github-actions",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1683965003,
+        "lastModified": 1764440730,
-        "narHash": "sha256-DrzSdOnLv/yFBvS2FqmwBA2xIbN/Lny/WlxHyoLR9zE=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "81cd886719e10d4822b2a6caa96e95d56cc915ef",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
        "type": "github"
      },
      "original": {
@@ -147,11 +300,27 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1683408522,
+        "lastModified": 1765311797,
-        "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
+        "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1765472234,
        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
+        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
        "type": "github"
      },
      "original": {
@@ -161,34 +330,26 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable": {
+    "pre-commit": {
      "inputs": {
        "flake-compat": "flake-compat",
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1683928319,
+        "lastModified": 1765016596,
-        "narHash": "sha256-maz0DRKixJVcNRMiAMWlJniiF8IuQ+WbfmlJJ8D+jfM=",
+        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
-        "owner": "NixOS",
+        "owner": "cachix",
-        "repo": "nIxpkgs",
+        "repo": "pre-commit-hooks.nix",
-        "rev": "9656e85a15a0fe67847ee8cdb99a20d8df499962",
+        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "cachix",
-        "ref": "nixos-22.11",
+        "repo": "pre-commit-hooks.nix",
        "repo": "nIxpkgs",
        "type": "github"
      }
    },
    "nur": {
      "locked": {
        "lastModified": 1683962403,
        "narHash": "sha256-wJaQhKet22vmyxA3bPGNUGSmWElqMzCPKEnf8IzIYDQ=",
        "owner": "nix-community",
        "repo": "NUR",
        "rev": "2d85d8781e4fa1e793c92763733b6b131e5aabbb",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "NUR",
        "type": "github"
      }
    },
@@ -196,53 +357,80 @@
      "inputs": {
        "agenix": "agenix",
        "home-manager": "home-manager_2",
-        "hyprland": "hyprland",
+        "home-manager-unstable": "home-manager-unstable",
        "impermanence": "impermanence",
        "jovian-nixos": "jovian-nixos",
        "lanzaboote": "lanzaboote",
        "microvm": "microvm",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unstable": "nixpkgs-unstable"
        "nur": "nur"
      }
    },
-    "wlroots": {
+    "rust-overlay": {
      "flake": false,
      "locked": {
        "host": "gitlab.freedesktop.org",
        "lastModified": 1682436395,
        "narHash": "sha256-GGEjkQO9m7YLYIXIXM76HWdhjg4Ye+oafOtyaFAYKI4=",
        "owner": "wlroots",
        "repo": "wlroots",
        "rev": "6830bfc17fd94709e2cdd4da0af989f102a26e59",
        "type": "gitlab"
      },
      "original": {
        "host": "gitlab.freedesktop.org",
        "owner": "wlroots",
        "repo": "wlroots",
        "type": "gitlab"
      }
    },
    "xdph": {
      "inputs": {
        "hyprland-protocols": [
          "hyprland",
          "hyprland-protocols"
        ],
        "nixpkgs": [
-          "hyprland",
+          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1682439384,
+        "lastModified": 1765075567,
-        "narHash": "sha256-zHDa8LCZs05TZHQSIZ3ucwyMPglBGHcqTBzfkLjYXTM=",
+        "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",
-        "owner": "hyprwm",
+        "owner": "oxalica",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "rust-overlay",
-        "rev": "c0e233955568fbea4e859336f6d3d14d51294d7c",
+        "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "oxalica",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "spectrum": {
      "flake": false,
      "locked": {
        "lastModified": 1759482047,
        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
        "ref": "refs/heads/main",
        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
        "revCount": 996,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
      "original": {
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@@ -9,43 +9,101 @@
 {
  description = "Kabbone's peronal NixOS Flake config";
-  inputs =                                                                  # All flake references used to build my NixOS setup. These are dependencies.
+  inputs = {
-    {
+      nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
-      nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
      nixpkgs-stable.url = "github:NixOS/nIxpkgs/nixos-22.11";
      nixos-hardware.url = "github:NixOS/nixos-hardware/master";
      microvm = {
        url = "github:astro/microvm.nix";
        inputs.nixpkgs.follows = "nixpkgs";
      };
      impermanence.url = "github:nix-community/impermanence";
      home-manager = {                                                      # User Package Management
        url = "github:nix-community/home-manager/release-25.11";
        inputs.nixpkgs.follows = "nixpkgs";
      };
      home-manager-unstable = {                                                      # User Package Management
        url = "github:nix-community/home-manager";
-        inputs.nixpkgs.follows = "nixpkgs";
+        inputs.nixpkgs.follows = "nixpkgs-unstable";
      };
      nur = {
        url = "github:nix-community/NUR";                                   # NUR Packages
      };
      hyprland = {                                                          # Official Hyprland flake
        url = "github:vaxerski/Hyprland";
        inputs.nixpkgs.follows = "nixpkgs";
      };
      agenix = {
        url = "github:ryantm/agenix";
        inputs.nixpkgs.follows = "nixpkgs";
      };
    };
-  outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, hyprland, agenix, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
+      jovian-nixos = {
-    let                                                                     # Variables that can be used in the config files
+        url = "github:Jovian-Experiments/Jovian-NixOS";
-      user = "kabbone";
+        inputs.nixpkgs.follows = "nixpkgs-unstable";
-      location = "$HOME/.setup";
+      };
-    in                                                                      # Use above variables in ...
+
-    {
+      lanzaboote = {
-      nixosConfigurations = (                                               # NixOS configurations
+        url = "github:nix-community/lanzaboote/master";
-        import ./hosts {                                                    # Imports ./hosts/default.nix
+        inputs.nixpkgs.follows = "nixpkgs";
-          inherit (nixpkgs) lib;
+      };
-          inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location hyprland agenix;   # Also inherit home-manager so it does not need to be defined here.
+
-        }
+  };
-      );
+
  outputs = { 
    self,
    nixpkgs,
    nixpkgs-unstable,
    nixos-hardware,
    home-manager,
    home-manager-unstable,
    agenix,
    jovian-nixos,
    microvm,
    impermanence,
    lanzaboote,
    ...
  } @ inputs: rec {
    inherit (self) outputs;
    systems = [
      "aarch64-linux"
      "x86_64-linux"
    ];
    forAllSystems = nixpkgs.lib.genAttrs systems;
  #in {
    # Your custom packages
    # Accessible through 'nix build', 'nix shell', etc
    packages = forAllSystems (system: import ./packages nixpkgs.legacyPackages.${system});
    # Formatter for your nix files, available through 'nix fmt'
    # Other options beside 'alejandra' include 'nixpkgs-fmt'
    formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
    # Your custom packages and modifications, exported as overlays
    overlays = import ./overlays {inherit inputs;};
    # Reusable nixos modules you might want to export
    # These are usually stuff you would upstream into nixpkgs
    #nixosModules = import ./modules/kabbone;
    # Reusable home-manager modules you might want to export
    # These are usually stuff you would upstream into home-manager
    #homeManagerModules = import ./modules/home-manager;
    nixosConfigurations = (                                               # NixOS configurations
      import ./hosts {                                                    # Imports ./hosts/default.nix
        inherit (nixpkgs) lib;
        inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote;   # Also inherit home-manager so it does not need to be defined here.
        nix.allowedUsers = [ "@wheel" ];
        security.sudo.execWheelOnly = true;
      }
    );
    hydraJobs = {
      "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
      "hades" = nixosConfigurations.hades.config.system.build.toplevel;
      "nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
      "jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
      "lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
      "kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
      "dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
    };
  };
 }
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -10,7 +10,7 @@
 #               └─ default.nix
 #
-{ config, lib, pkgs, inputs, user, location, agenix, ... }:
+{ config, lib, pkgs, pkgs-stable, inputs, user, location, agenix, ... }:
 {
  imports =                                 # Import window or display manager.
@@ -20,7 +20,7 @@
  users.users.${user} = {                   # System User
    isNormalUser = true;
-    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" ];
+    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
    shell = pkgs.zsh;                       # Default shell
    uid = 2000;
 #    initialPassword = "password95";
@@ -31,7 +31,6 @@
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };
  #security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.
  time.timeZone = "Europe/Berlin";        # Time zone and internationalisation
  i18n = {
@@ -47,31 +46,35 @@
    keyMap = "us";	                    # or us/azerty/etc
  };
-  security.rtkit.enable = true;
+  security = {
-  security.pki.certificateFiles = [
+    pam.services.login.enableGnomeKeyring = true;
    rtkit.enable = true;
    pki.certificateFiles = [
      ./rootCA.pem
-  ];
+    ];
-
+    #tpm2 = {
-  sound = {                                 # ALSA sound enable
+    #    enable = true;
-    enable = true;
+    #    pkcs11.enable = true;
-    mediaKeys = {                           # Keyboard Media Keys (for minimal desktop) enable = true;
+    #    tctiEnvironment.enable = true;
-      enable = true;
+    #  };
    };
  };
-  fonts.fonts = with pkgs; [                # Fonts
+  #sound = {                                 # ALSA sound enable
  ##  #enable = true;
  #  mediaKeys = {                           # Keyboard Media Keys (for minimal desktop) enable = true;
  #    enable = true;
  #  };
  #};
  fonts.packages = with pkgs; [                # Fonts
    carlito                                 # NixOS
    vegur                                   # NixOS
    source-code-pro
    jetbrains-mono
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
-    (nerdfonts.override {                   # Nerdfont Icons override
+    intel-one-mono
-      fonts = [
+    cascadia-code
        "FiraCode"
      ];
    })
  ];
  environment = {
@@ -81,13 +84,14 @@
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
-    systemPackages = with pkgs; [           # Default packages install system-wide
+    systemPackages = (with pkgs; [           # Default packages install system-wide
      vim
      git
      killall
      pciutils
      usbutils
      wget
      file
      powertop
      cpufrequtils
      lm_sensors
@@ -101,11 +105,24 @@
      age-plugin-yubikey
      pwgen
      cryptsetup
-      powerline
+      python311Packages.powerline
      powerline-fonts
      powerline-symbols
      tree
-    ];
+      direnv
      linuxPackages_latest.cpupower
      linuxPackages_latest.turbostat
      btop
      sbctl
      ausweisapp
      e2fsprogs
    ])
    ++
    (with pkgs-stable; [
      orca-slicer
    ]);
  };
  services = {
@@ -120,28 +137,18 @@
    };
    openssh = {                             # SSH: secure shell (remote connection to shell of server)
      enable = true;                        # local: $ ssh <user>@<ip>
-                                            # public:
+      settings = {
-                                            #   - port forward 22 TCP to server
+        PasswordAuthentication = false;
-                                            #   - in case you want to use the domain name insted of the ip:
+        PermitRootLogin = "no";
-                                            #       - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
+      };
                                            #   - connect via ssh <user>@<ip or ssh.domain>
                                            # generating a key:
                                            #   - $ ssh-keygen   |  ssh-copy-id <ip/domain>  |  ssh-add
                                            #   - if ssh-add does not work: $ eval `ssh-agent -s`
 #      allowSFTP = true;                     # SFTP: secure file transfer protocol (send file to server)
                                            # connect: $ sftp <user>@<ip/domain>
                                            # commands:
                                            #   - lpwd & pwd = print (local) parent working directory
                                            #   - put/get <filename> = send or receive file
 #      extraConfig = ''
 #        HostKeyAlgorithms +ssh-rsa
 #      '';                                   # Temporary extra config so ssh will work in guacamole
      settings.passwordAuthentication = false;
    };
    pcscd.enable = true;
    yubikey-agent.enable = true;
-    udev.packages = [ pkgs.yubikey-personalization ];
+    udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
-    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
+    flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
                                            # List:
                                            # com.obsproject.Studio
@@ -151,6 +158,16 @@
    fwupd.enable = true;
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    dconf.enable = true;
    ssh = {
        startAgent = true;
        agentTimeout = "1h";
    };
  };
  #xdg.portal = {                            # Required for flatpak
  #  enable = true;
  #  extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@@ -159,8 +176,6 @@
  nix = {                                   # Nix Package Manager settings
    settings ={
      auto-optimise-store = true;           # Optimise syslinks
      substituters = ["https://hyprland.cachix.org"];
      trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
    };
    gc = {                                  # Automatic garbage collection
      automatic = true;
@@ -168,25 +183,28 @@
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
    registry.nixpkgs.flake = inputs.nixpkgs;
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs          = true
      keep-derivations      = true
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
-  nixpkgs.config.packageOverrides = pkgs: {
+  nixpkgs.config.permittedInsecurePackages = [
-    nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
+    "olm-3.2.16"
-      inherit pkgs;
+    "mbedtls-2.28.10"
-    };
+  ];
  };
  system = {                                # NixOS settings
-#    autoUpgrade = {                         # Allow auto update
+    autoUpgrade = {                         # Allow auto update
-#      enable = true;
+      enable = false;
-#      channel = "https://nixos.org/channels/nixos-unstable";
+      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
-#    };
+      randomizedDelaySec = "5m";
-    stateVersion = "22.05";
+      allowReboot = true;
      rebootWindow = {
          lower = "02:00";
          upper = "05:00";
      };
      #channel = "https://nixos.org/channels/nixos-unstable";
    };
    stateVersion = "23.05";
  };
 }
--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@@ -47,24 +47,22 @@
    keyMap = "us";	                    # or us/azerty/etc
  };
-  security.rtkit.enable = true;
+  security = {
-  security.pki.certificateFiles = [
+    rtkit.enable = true;
    pki.certificateFiles = [
      ./rootCA.pem
-  ];
+    ];
  };
-  fonts.fonts = with pkgs; [                # Fonts
+  fonts.packages = with pkgs; [                # Fonts
    carlito                                 # NixOS
    vegur                                   # NixOS
    source-code-pro
    jetbrains-mono
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
-    (nerdfonts.override {                   # Nerdfont Icons override
+    intel-one-mono
-      fonts = [
+    cascadia-code
        "FiraCode"
      ];
    })
  ];
  environment = {
@@ -72,6 +70,7 @@
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
    systemPackages = with pkgs; [           # Default packages install system-wide
      vim
@@ -88,10 +87,15 @@
      agenix.packages.x86_64-linux.default
      ffmpeg
      smartmontools
-      powerline
+      cryptsetup
      python311Packages.powerline
      powerline-fonts
      powerline-symbols
      tree
      direnv
      linuxPackages_latest.cpupower
      btop
      htop
    ];
  };
@@ -99,20 +103,21 @@
    openssh = {                             # SSH: secure shell (remote connection to shell of server)
      enable = true;                        # local: $ ssh <user>@<ip>
      settings = {
-        passwordAuthentication = false;
+        PasswordAuthentication = false;
-        permitRootLogin = "no";
+        PermitRootLogin = "no";
      };
      ports = [ 2220 ];
      openFirewall = true;
    };
    fail2ban = {
        enable = true;
    };
    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
  };
  programs = {
    zsh.enable = true;
  };
  nix = {                                   # Nix Package Manager settings
    settings ={
      auto-optimise-store = true;           # Optimise syslinks
@@ -123,7 +128,6 @@
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
    registry.nixpkgs.flake = inputs.nixpkgs;
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs          = true
@@ -131,17 +135,21 @@
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
-  nixpkgs.config.packageOverrides = pkgs: {
+  nixpkgs.config.permittedInsecurePackages = [
-    nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
+    "olm-3.2.16"
-      inherit pkgs;
+  ];
    };
  };
  system = {                                # NixOS settings
-#    autoUpgrade = {                         # Allow auto update
+    autoUpgrade = {                         # Allow auto update
-#      enable = true;
+      enable = true;
-#      channel = "https://nixos.org/channels/nixos-unstable";
+      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
-#    };
+      randomizedDelaySec = "5m";
-    stateVersion = "22.05";
+      allowReboot = true;
      rebootWindow = {
          lower = "02:00";
          upper = "05:00";
      };
    };
    stateVersion = "23.05";
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -11,9 +11,14 @@
 #            └─ ./home.nix 
 #
-{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, hyprland, agenix, ... }:
+{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
 let
  user = "kabbone";
  userdmz = "diablo";
  userserver = "mephisto";
  location = "$HOME/.setup";
  system = "x86_64-linux";                                  # System architecture
  pkgs = import nixpkgs {
@@ -21,28 +26,43 @@ let
    config.allowUnfree = true;                              # Allow proprietary software
  };
  pkgs-unstable = import nixpkgs-unstable {
    inherit system;
    config.allowUnfree = true;                              # Allow proprietary software
  };
  pkgs-stable = import nixpkgs {
    inherit system;
    config.allowUnfree = true;                              # Allow proprietary software
  };
  pkgs-kabbone = import ../packages {
    inherit system;
    inherit pkgs;
  };
  lib = nixpkgs.lib;
  users.defaultShell = "pkgs.zsh";
 in
 {
-  desktop = lib.nixosSystem {                                # Desktop profile
+  hades = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location hyprland nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote pkgs-kabbone; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
+      microvm.nixosModules.host
-      #hyprland.nixosModules.default
+      lanzaboote.nixosModules.lanzaboote
      ./desktop
      ./configuration_desktop.nix
      ../modules/hardware/hydraCache.nix
      ../modules/hardware/remoteBuilder.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
          nixpkgs.overlays = [
            nur.overlay
          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -53,49 +73,86 @@ in
    ];
  };
-  laptop = lib.nixosSystem {                                # Laptop profile
+  lifebook = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs user location hyprland nixos-hardware nur agenix; };
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix lanzaboote; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
+      lanzaboote.nixosModules.lanzaboote
-      #hyprland.nixosModules.default
+      ./lifebook
      ./laptop
      ./configuration_desktop.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-gpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
          nixpkgs.overlays = [
            nur.overlay
          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-        imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
+        imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
        };
      }
    ];
  };
-  dmz = lib.nixosSystem {                                # Desktop profile
+  nbf5 = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    #user = "dmz-user";
+    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix; };
    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
+      ./nbf5
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./nbf5/home.nix)];
        };
      }
    ];
  };
  steamdeck = nixpkgs-unstable.lib.nixosSystem {            # steamdeck profile
    inherit system;
    specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; };
    modules = [
      agenix.nixosModules.default
      jovian-nixos.nixosModules.default
      lanzaboote.nixosModules.lanzaboote
      ./steamdeck
      ./configuration_desktop.nix
      ../modules/hardware/hydraCache.nix
      home-manager-unstable.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
        };
      }
    ];
  };
  server = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./server
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
          nixpkgs.overlays = [
            nur.overlay
          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
@@ -106,67 +163,155 @@ in
    ];
  };
-  nas = lib.nixosSystem {                                # Desktop profile
+  kabtop = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    #user = "dmz-user";
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs pkgs-unstable impermanence; };
    specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
    modules = [
      agenix.nixosModules.default
-      nur.nixosModules.nur
+      microvm.nixosModules.host
-      ./nas
+      ./kabtop
-      ./configuration_desktop.nix
+      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
        };
      }
    ];
  };
  nasbak = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix; };
    modules = [
      agenix.nixosModules.default
      ./nasbackup
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
          nixpkgs.overlays = [
            nur.overlay
          ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-        imports = [(import ./home_server.nix)] ++ [(import ./nas/home.nix)];
+        imports = [(import ./home_server.nix)] ++ [(import ./nasbackup/home.nix)];
        };
      }
    ];
  };
-
+  jupiter = lib.nixosSystem {                                # Desktop profile
  q920 = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs user location hyprland; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix pkgs-kabbone; };
    modules = [
-      hyprland.nixosModules.default
+      agenix.nixosModules.default
-      ./q920
+      ./jupiter
-      ./configuration.nix
+      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-          imports = [(import ./home.nix)] ++ [(import ./q920/home.nix)];
+        imports = [(import ./home_server.nix)] ++ [(import ./jupiter/home.nix)];
        };
      }
    ];
  };
-  vm = lib.nixosSystem {                                    # VM profile
+  kabtopci = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location; };
+    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
-      ./vm
+      agenix.nixosModules.default
-      ./configuration.nix
+      microvm.nixosModules.host
      ./kabtopci
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
-        home-manager.extraSpecialArgs = { inherit user; }; 
+        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-          imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
+        imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
        };
      }
    ];
  };
  kubemaster-1 = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./kubemaster-1
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./kubemaster-1/home.nix)];
        };
      }
    ];
  };
  dmz = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./dmz
      ./configuration_server.nix
      ../modules/hardware/hydraCache.nix
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./dmz/home.nix)];
        };
      }
    ];
  };
 #  vm = lib.nixosSystem {                                    # VM profile
 #    inherit system;
 #    specialArgs = { inherit inputs user location; };
 #    modules = [
 #      ./vm
 #      ./configuration.nix
 #
 #      home-manager.nixosModules.home-manager {
 #        home-manager.useGlobalPkgs = true;
 #        home-manager.useUserPackages = true;
 #        home-manager.extraSpecialArgs = { inherit user; }; 
 #        home-manager.users.${user} = {
 #          imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
 #        };
 #      }
 #    ];
 #  };
 }
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -17,79 +17,89 @@
 #           └─ default.nix
 #
-{ config, pkgs, user, ... }:
+{ config, nixpkgs, pkgs, user, lib, pkgs-kabbone, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
+    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
-    [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
+    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
-    (import ../../modules/desktop/virtualisation) ++   # Docker
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
-    (import ../../modules/hardware);                                # Hardware devices
+    #[(import ../../modules/kabbone/corosync-qdevice.nix)] ++   # corosync qdevice quorum
    (import ../../modules/hardware);                             # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
-  hardware = {
+#  hardware = {
-    nitrokey.enable = true;
+#    nitrokey.enable = true;
  };
 #  environment = {
 #    systemPackages = with pkgs; [
 ##      simple-scan
 ##       intel-media-driver
 ##       alacritty
 #    ];
 #  };
-  programs = {                              # No xbacklight, this is the alterantive
+  environment = {
-    zsh.enable = true;
+    systemPackages = [
-    dconf.enable = true;
+      pkgs.linux-firmware
-    light.enable = true;
+      #pkgs-kabbone.corosync-qdevice
-    ssh.startAgent = false;
+    ];
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
-
+    hardware.openrgb = {
        enable = true;
        motherboard = "amd";
    };
    syncthing = {
        enable = true;
        group = "users";
        user = "kabbone";
        dataDir = "/home/${config.services.syncthing.user}/Sync";
        configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
        overrideDevices = true;     # overrides any devices added or deleted through the WebUI
        overrideFolders = true;     # overrides any folders added or deleted through the WebUI
        openDefaultPorts = true;
        settings = {
          devices = {
            "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
            "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
          };
          folders = {
            "Sync" = {         # Name of folder in Syncthing, also the folder ID
              path = "/home/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
              devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ];      # Which devices to share the folder with
              ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
            };
          };
        };
    };
  };
  #temporary bluetooth fix
 #  systemd.tmpfiles.rules = [
 #    "d /var/lib/bluetooth 700 root root - -"
 #  ];
 #  systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
 }
--- a/hosts/desktop/hardware-configuration.nix
+++ b/hosts/desktop/hardware-configuration.nix
@@ -14,14 +14,15 @@
 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
-    ];
+      [( import ../../modules/hardware/backup.nix )];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-amd" "nct6775" ];
  boot.extraModulePackages = [ ];
-  boot.tmp.useTmpfs = true;
+  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
@@ -33,6 +34,7 @@
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -55,115 +57,126 @@
                  };
              };
          };
          bak = {
              onCalendar = "daily";
              settings = {
 	          stream_buffer = "256m";
                  stream_compress = "lz4";
                  incremental = "yes";
                  snapshot_create = "no";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve_min = "all";
                  target_preserve_min = "no";
                  target_preserve = "2m 4w 3d";
                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
                  ssh_user = "btrbk";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          subvolume = {
                              "@home" = {};
                          };
 		          target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
                      };
                  };
 	      };
 	  };
      };
  };
  systemd.timers = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
  fileSystems."/" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-label/NIXBOOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
      fsType = "vfat";
    };
  fileSystems."/mnt/Pluto" =
-    { device = "nas:/Pluto";
+    { device = "jupiter:/Pluto";
      fsType = "nfs";
      options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  fileSystems."/mnt/Mars" =
-    { device = "nas:/Mars";
+    { device = "jupiter:/Mars";
      fsType = "nfs";
      options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
-  swapDevices = [ ];
+  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    vswitches = {
        vs0 = {
            interfaces = {
                enp34s0 = {  };
                lo1 = {
                    type = "internal";
                };
                #enp34s0iot = {
                #    type = "internal";
                #    vlan = 100;
                #};
            };
        };
    };
    useDHCP = false;                        # Deprecated
    hostName = "hades";
    domain = "home.opel-online.de";
    networkmanager = {
-      enable = false;
+      enable = true;
    };
-    timeServers = [
+    firewall = {
-        "192.168.2.1"
+      enable = true;
-    ];
+      allowedUDPPorts = [ 24727 ];
-    interfaces = {
+      allowedTCPPorts = [ 24727 ];
      #enp34s0 = {
      #  useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
      #  #ipv4.addresses = [ {
      #  #    address = "192.168.0.51";
      #  #    prefixLength = 24;
      #  #} ];
      #};
      #enp34s0iot.useDHCP = true;
      lo1 = {
          useDHCP = true;
          macAddress = "1a:20:e9:ce:9c:1a";
      };
    };
    #defaultGateway = "192.168.0.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "lo1";
    };
    #nameservers = [ "192.168.0.4" ];
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    #};
  };
-  systemd.services = {
+#  systemd.network = {
-    "ovsdb".partOf = [ "network-setup.service" ];
+#      enable = true;
-    "ovs-vswitchd".partOf = [ "network-setup.service" ];
+#      networks = {
-    "network-addresses-lo1".partOf = [ "network-setup.service" ];
+#          "10-lan" = {
-  };
+#              matchConfig.Name = "eno1";
 #              ntp = [ "192.168.2.1" ];
 #              domains = [ "home.opel-online.de" ];
 #              networkConfig = {
 #                DHCP = "yes";
 #                IPv6AcceptRA = true;
 #              };
 #          };
 #      };
 #  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -16,25 +16,25 @@
 {
  imports =
    [
-      #../../modules/desktop/hyprland/home.nix # Window Manager
+      #../../modules/wm/hyprland/home.nix # Window Manager
-      ../../modules/desktop/sway/home.nix # Window Manager
+      ../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
-      freecad                         # Office packages
+      #freecad                         # Office packages
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
-      element-desktop
+      #nheko
      nheko
      pulsemixer
      #yubioath-flutter
      nitrokey-app
      kicad
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
@@ -45,10 +45,6 @@
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
--- a/hosts/dmz/default.nix
+++ b/hosts/dmz/default.nix
@@ -0,0 +1,59 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
    (import ../../modules/services/dmz);                       # Server Services
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
  };
  services = {
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@@ -0,0 +1,107 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  swapDevices = [  ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              ntp = [ "192.168.101.1" ];
              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
              dns = [
                "192.168.101.1"
              ];
          };
      };
  };
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "dmz";
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
 }
--- a/hosts/q920/home.nix
+++ b/hosts/q920/home.nix
@@ -16,19 +16,18 @@
 {
  imports =
    [
-      ../../modules/desktop/hyprland/home.nix # Window Manager
+      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      libreoffice                         # Office packages
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
-      auto-cpufreq                       # Power management
+      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
@@ -37,14 +36,4 @@
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
    blueman-applet.enable = true;         # Bluetooth
    network-manager-applet.enable = true; # Network
 #   cbatticon = {
 #     enable = true;
 #     criticalLevelPercent = 10;
 #     lowLevelPercent = 20;
 #     iconType = null;
 #   };
  };
 }
--- a/hosts/fuji/default.nix
+++ b/hosts/fuji/default.nix
@@ -0,0 +1,78 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, nixpkgs, pkgs, user, lib, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
    (import ../../modules/hardware);                             # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
 #  hardware = {
 #    nitrokey.enable = true;
 #  };
 #  environment = {
 #    systemPackages = with pkgs; [
 ##      simple-scan
 ##       intel-media-driver
 ##       alacritty
 #    ];
 #  };
  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/fuji/hardware-configuration.nix
+++ b/hosts/fuji/hardware-configuration.nix
@@ -0,0 +1,138 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
      [( import ../../modules/hardware/backup.nix )];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  services.btrbk = {
      instances = {
          hf = {
              onCalendar = "hourly";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@home" = {};
                          };
                      };
                  };
              };
          };
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
      fsType = "vfat";
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "fuji";
    networkmanager = {
      enable = false;
    };
    firewall = {
      enable = true;
      #allowedUDPPorts = [ 24727 ];
      #allowedTCPPorts = [ 24727 ];
    };
  };
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "eno1";
              ntp = [ "192.168.2.1" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
          };
      };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
  powerManagement = {
    scsiLinkPolicy = "med_power_with_dipm";
  };
 }
--- a/hosts/fuji/home.nix
+++ b/hosts/fuji/home.nix
@@ -0,0 +1,45 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      #../../modules/wm/hyprland/home.nix # Window Manager
      #../../modules/wm/kde/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      element-desktop
      #nheko
      pulsemixer
    ];
  };
  services = {                            # Applets
   #blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/home.nix
+++ b/hosts/home.nix
@@ -15,10 +15,10 @@
 #           └─ default.nix
 #
-{ config, lib, pkgs, user, ... }:
+{ config, lib, pkgs, user, pkgs-stable, ... }:
 { 
-  imports =                                   # Home Manager Modules
+  imports =
    (import ../modules/editors) ++
    (import ../modules/programs) ++
    (import ../modules/programs/configs) ++
@@ -30,15 +30,16 @@
    homeDirectory = "/home/${user}";
    packages = with pkgs; [
-      # Terminal
+# Terminal
      btop              # Resource Manager
      pfetch            # Minimal fetch
      ranger            # File Manager
      gnupg             # sign and authorize 2nd Fac
      xdg-utils
-      # dev tools
+      xdg-utils
      steam
      wakelan
 # dev ols
      gcc
      gnumake
      gnupatch
@@ -49,141 +50,88 @@
      tailscale
      wireguard-tools
-      # Video/Audio
+# VideAudio
      #feh               # Image Viewer
      mpv               # Media Player
      youtube-dl
      #pavucontrol       # Audio control
      #stremio           # Media Streamer
      #libva-utils       # vainfo
-      # Apps
+# Apps
      #firefox           # Browser
      #google-chrome     # Browser
      #remmina           # XRDP & VNC Client
      galculator
-      tdesktop
+      telegram-desktop
      hdparm
-      python3Full
+      python3
      android-tools
      calibre
      mtpfs
      vimiv-qt
-      #freecad
+      freecad
      discord
      element-desktop
-      # File Management
+# Fileanagement
-      #okular            # PDF viewer
+      kdePackages.ark
      #gnome.file-roller # Archive Manager
      pcmanfm           # File Manager
      rsync             # Syncer $ rsync -r dir1/ dir2/
      unzip             # Zip files
      unrar             # Rar files
      papirus-icon-theme
      arc-theme
-      # General configuration
+# General configuration
      #git              # Repositories
      #killall          # Stop Applications
      #nano             # Text Editor
      #pciutils         # Computer utility info
      #pipewire         # Sound
      #usbutils         # USB utility info
      #wacomtablet      # Wacom Tablet
      #wget             # Downloader
      #zsh              # Shell
      keepassxc
      libreoffice
-      #
+      gimp
-      # General home-manager
+
      #alacritty        # Terminal Emulator
      #dunst            # Notifications
      #doom emacs       # Text Editor
      #flameshot        # Screenshot
      #libnotify        # Dep for Dunst
      #neovim           # Text Editor
      #rofi             # Menu
      #udiskie          # Auto Mounting
      #vim              # Text Editor
      #
      # Xorg configuration
      #xclip            # Console Clipboard
      #xorg.xev         # Input viewer
      #xorg.xkill       # Kill Applications
      #xorg.xrandr      # Screen settings
      #xterm            # Terminal
      #
      # Xorg home-manager
      #picom            # Compositer
      #polybar          # Bar
      #sxhkd            # Shortcuts
      #
      # Wayland configuration
      #autotiling       # Tiling Script
      #swayidle         # Idle Management Daemon
      #wev              # Input viewer
      #wl-clipboard     # Console Clipboard
      #
      # Wayland home-manager
      #pamixer          # Pulse Audio Mixer
      #swaylock-fancy   # Screen Locker
      #waybar           # Bar
      #
      # Desktop
      #blueman          # Bluetooth
      #deluge           # Torrents
      #discord          # Chat
      #ffmpeg           # Video Support (dslr)
      #gmtp             # Mount MTP (GoPro)
      #gphoto2          # Digital Photography
      #handbrake        # Encoder
      #heroic           # Game Launcher
      #hugo             # Static Website Builder
      #lutris           # Game Launcher
      #mkvtoolnix       # Matroska Tool
      #new-lg4ff        # Logitech Drivers
      #plex-media-player# Media Player
      #polymc           # MC Launcher
      #steam            # Games
      #simple-scan      # Scanning
      # 
      # Laptop
      #blueman          # Bluetooth
      #light            # Display Brightness
      #libreoffice      # Office Tools
      #simple-scan      # Scanning
      #
      # Flatpak
-      #obs-studio       # Recording/Live Streaming
+      prusa-slicer
      #vscodium
      (vscode-with-extensions.override {
          vscode = vscodium;
          vscodeExtensions = with vscode-extensions; [
            vscodevim.vim
            github.copilot
            #ms-python.python
            ms-vscode.cpptools
            dracula-theme.theme-dracula
          ];
      })
      sdkmanager
      android-tools
    ];
    file.".config/wall".source = ../modules/themes/wall.jpg;
    file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
-    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
+#    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
-      name = "Dracula-cursors";
+#      name = "Dracula-cursors";
-      package = pkgs.dracula-theme;
+#      package = pkgs.dracula-theme;
-      size = 16;
+#      size = 16;
-      gtk.enable = true;
+#      gtk.enable = true;
-    };
+#    };
-    stateVersion = "22.05";
+    stateVersion = "23.05";
  };
  programs = {
    home-manager.enable = true;
    alacritty = {
      settings.font.size = 11;
    };
  };
-  gtk = {                                     # Theming
+#  gtk = {                                     # Theming
-    enable = true;
+#    enable = true;
-    theme = {
+#    theme = {
-      name = "Dracula";
+#      name = "Dracula";
-      package = pkgs.dracula-theme;
+#      package = pkgs.dracula-theme;
-    };
+#    };
-    iconTheme = {
+#    iconTheme = {
-      name = "Papirus-Dark";
+#      name = "Papirus-Dark";
-      package = pkgs.papirus-icon-theme;
+#      package = pkgs.papirus-icon-theme;
-    };
+#    };
-    font = {
+#    font = {
-      name = "FiraCode Nerd Font";         # or FiraCode Nerd Font Mono Medium
+#      name = "Cascadia Code";         # or FiraCode Nerd Font Mono Medium
-    };                                        # Cursor is declared under home.pointerCursor
+#    };                                        # Cursor is declared under home.pointerCursor
-  };
+#  };
  systemd.user.services.mpris-proxy = {
    Unit.Description = "Mpris proxy";
    Unit.After = [ "network.target" "sound.target" ];
--- a/hosts/home_server.nix
+++ b/hosts/home_server.nix
@@ -31,7 +31,6 @@
    packages = with pkgs; [
      # Terminal
      btop              # Resource Manager
      pfetch            # Minimal fetch
      ranger            # File Manager
      gnupg             # sign and authorize 2nd Fac
@@ -43,7 +42,7 @@
      # Apps
      hdparm
-      python3Full
+      python3
      # File Management
      rsync             # Syncer $ rsync -r dir1/ dir2/
@@ -51,7 +50,7 @@
      #unrar             # Rar files
    ];
-    stateVersion = "22.05";
+    stateVersion = "23.11";
  };
  programs = {
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -0,0 +1,75 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, pkgs-kabbone, ... }:
 {
  imports =                                                         # For now, if applying to other ssystem, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    #(import ../../modules/wm/virtualisation) ++   # Docker
    (import ../../modules/services/nas) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
 #  environment = {
 #    systemPackages = with pkgs-kabbone; [
 #      corosync-qdevice
 ###      simple-scan
 ###       intel-media-driver
 ###       alacritty
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/jupiter/hardware-configuration.nix
+++ b/hosts/jupiter/hardware-configuration.nix
@@ -0,0 +1,227 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [(modulesPath + "/profiles/qemu-guest.nix")] ++
    [( import ../../modules/hardware/backup.nix )];
  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [  ];
  boot.initrd.secrets = {
    "/root/NASKeyfile" =
        /root/NASKeyfile;
  };
  boot.initrd.luks.devices = {
    NAS-RAID1 = {
      device = "/dev/disk/by-uuid/78c74410-c840-49b0-8a29-456d60c38217";
      keyFile = "/root/NASKeyfile";
    };
    NAS-RAID1_2 = {
      device = "/dev/disk/by-uuid/dda6e698-4f0a-4d71-a06c-656b87374ed7";
      keyFile = "/root/NASKeyfile";
    };
  };
  boot.kernelModules = [  ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
      "/mnt/Mars"
      "/mnt/Pluto"
    ];
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                          };
                      };
                  };
                  volume =  {
                      "/mnt/snapshots/Mars" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@nas" = {};
                          };
                      };
                  };
              };
          };
          lf = {
              onCalendar = "daily";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/Pluto" = {
                          snapshot_create = "always";
                          subvolume = {
                            "@" = {};
                            "@/Backups" = {};
                            "@/Games" = {};
                            "@/IT" = {};
                            "@/Media" = {};
                            "@/Pictures" = {};
                            "@/Rest" = {};
                          };
                      };
                  };
              };
          };
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
    fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
    fileSystems."/mnt/snapshots/Mars" =
    { device = "/dev/disk/by-label/MARS";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/mnt/snapshots/Pluto" =
    { device = "/dev/disk/by-label/NAS-RAID";
      fsType = "btrfs";
      options = [ "compress=zstd:8,noatime,subvolid=5" ];
    };
  fileSystems."/mnt/Pluto" =
    { device = "/dev/disk/by-label/NAS-RAID";
      fsType = "btrfs";
      options = [ "compress=zstd:8,noatime,subvol=@" ];
    };
  fileSystems."/mnt/Mars" =
    { device = "/dev/disk/by-label/MARS";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  fileSystems."/export/Pluto" =
    { device = "/mnt/Pluto";
      options = [ "bind" ];
    };
  fileSystems."/export/Mars" =
    { device = "/mnt/Mars";
      options = [ "bind" ];
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              ntp = [ "192.168.2.1" ];
              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
          };
      };
  };
  networking = {
    hostName = "jupiter";
    domain = "home.opel-online.de";
    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    #};
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
    #scsiLinkPolicy = "med_power_with_dipm";
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
    '';
  };
 }
--- a/hosts/jupiter/home.nix
+++ b/hosts/jupiter/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -0,0 +1,111 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, pkgs-unstable, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++  # kvm module options
    (import ../../modules/services/server);                     # Server Services
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
    grub = {
        enable = true;
        device = "/dev/sda";
    };
      timeout = 1;                          # Grub auto select time
    };
  };
  environment = {
    etc = {
      "fail2ban/filter.d/open-webui.conf" = {
        source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
        mode = "0444";
      };
      "fail2ban/filter.d/gitea.conf" = {
        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
        mode = "0444";
      };
      "fail2ban/filter.d/nextcloud.conf" = {
        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
        mode = "0444";
      };
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
    #avahi = {                               # Needed to find wireless printer
    #  enable = true;
    #  nssmdns = true;
    #  publish = {                           # Needed for detecting the scanner
    #    enable = true;
    #    addresses = true;
    #    userServices = true;
    #  };
    #};
    fail2ban = {
        enable = true;
        maxretry = 5;
        jails.DEFAULT.settings = {
           findtime = "15m";
        };
        jails = {
            open-webui = ''
              enabled = true
              filter = open-webui
              backend = systemd
              action = iptables-allports
            '';
            gitea = ''
              enabled = true
              filter = gitea
              backend = systemd
              action = iptables-allports
            '';
            nextcloud = ''
              backend = auto
              enabled = true
              filter = nextcloud
              logpath = /var/lib/nextcloud/data/nextcloud.log
              action = iptables-allports
            '';
          };
    };
  };
 }
--- a/hosts/kabtop/hardware-configuration.nix
+++ b/hosts/kabtop/hardware-configuration.nix
@@ -0,0 +1,149 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [  "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  services.btrbk = {
      instances = {
          hf = {
              onCalendar = "hourly";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                              "@var" = {};
                          };
                      };
                  };
              };
          };
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  #swapDevices = [ { device = "/swap/swapfile"; } ];
  swapDevices = [  ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kabtop";
    domain = "kabtop.de";
    networkmanager = {
      enable = false;
    };
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              address = [
                "37.44.215.182/24"
                "2a13:7e80:0:ef::2/64"
              ];
              routes = [
                {  Gateway = "37.44.215.1"; }
                {  Gateway = "fe80::1"; }
              ];
              dns = [
                "9.9.9.9"
                "2620:fe::fe"
              ];
          };
      };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtop/home.nix
+++ b/hosts/kabtop/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kabtopci/default.nix
+++ b/hosts/kabtopci/default.nix
@@ -0,0 +1,45 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # Docker
    (import ../../modules/services/kabtopci);                       # Server Services
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
    grub = {
        enable = true;
        device = "/dev/vda";
    };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
  };
 }
--- a/hosts/kabtopci/hardware-configuration.nix
+++ b/hosts/kabtopci/hardware-configuration.nix
@@ -0,0 +1,108 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")];
  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  swapDevices = [  ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kabtopci";
    domain = "ci.kabtop.de";
    networkmanager = {
      enable = false;
    };
    interfaces = {
      ens3 = {
        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
        ipv4.addresses = [ {
            address = "195.90.221.87";
            prefixLength = 22;
        } ];
        ipv6.addresses = [ {
            address = "2a00:6800:3:d5b::2";
            prefixLength = 64;
        } ];
      };
    };
    defaultGateway = "195.90.220.1";
    defaultGateway6 = {
      address = "2a00:6800:3::1";
      interface = "ens3";
    };
    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtopci/home.nix
+++ b/hosts/kabtopci/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kubemaster-1/default.nix
+++ b/hosts/kubemaster-1/default.nix
@@ -0,0 +1,58 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
    (import ../../modules/services/kubemaster);                       # Server Services
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
  };
  services = {
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/kubemaster-1/hardware-configuration.nix
+++ b/hosts/kubemaster-1/hardware-configuration.nix
@@ -0,0 +1,117 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  swapDevices = [  ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "enp0s31f6";
              ntp = [ "192.168.2.1" ];
              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
              dns = [
                "192.168.2.1"
              ];
          };
      };
  };
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kubemaster-1";
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/e036f437-bc91-4398-b182-7cf5724e23a2
    '';
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/kubemaster-1/home.nix
+++ b/hosts/kubemaster-1/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/lifebook/default.nix
+++ b/hosts/lifebook/default.nix
@@ -0,0 +1,103 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { lib, config, pkgs, user, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
    [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    initrd.prepend = [ "${./patched-SSDT4}" ];
    loader = {                              # EFI Boot
      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
    };
  };
  hardware = {
    nitrokey.enable = true;
  };
  environment = {
    systemPackages = with pkgs; [
       linux-firmware
       intel-media-driver
    ];
  };
  programs = {                              # No xbacklight, this is the alterantive
    light.enable = true;
  };
  systemd.sleep.extraConfig = "HibernateDelaySec=1h";
  services = {
    logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
    blueman.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    #tailscale.enable = true;
    syncthing = {
        enable = true;
        group = "users";
        user = "kabbone";
        dataDir = "/home/${config.services.syncthing.user}/Sync";
        configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
        overrideDevices = true;     # overrides any devices added or deleted through the WebUI
        overrideFolders = true;     # overrides any folders added or deleted through the WebUI
        openDefaultPorts = true;
        settings = {
          devices = {
            "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
            "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
          };
          folders = {
            "Sync" = {         # Name of folder in Syncthing, also the folder ID
              path = "/home/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
              devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ];      # Which devices to share the folder with
              ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
            };
          };
        };
    };
  };
 }
--- a/hosts/lifebook/hardware-configuration.nix
+++ b/hosts/lifebook/hardware-configuration.nix
@@ -0,0 +1,224 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
      [( import ../../modules/hardware/backup.nix )];
  boot = {
 	  initrd = {
 		  availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
 		  kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
 		  systemd.enable = true;
 		  luks = {
 			  devices."crypted" = {
 				  device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
 				  allowDiscards = true;
 		                  bypassWorkqueues = true;
 			  };
 		  };
 	  };
 	  kernelModules = [ "kvm-intel" ];
 	  kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
 	  extraModprobeConfig = ''
 		  options i915 enable_guc=3
 		  '';
 	  tmp.useTmpfs = false;
 	  tmp.cleanOnBoot = true;
  };
  zramSwap.enable = true;
  services = {
      btrfs.autoScrub = {
          enable = true;
          interval = "monthly";
          fileSystems = [
              "/"
          ];
      };
      udev.extraRules = ''
          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
          '';
      btrbk = {
          extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
          instances = {
              hf = {
                  onCalendar = "hourly";
                  settings = {
                      incremental = "yes";
                      snapshot_create = "ondemand";
                      snapshot_dir = "@snapshots";
                      timestamp_format = "long";
                      snapshot_preserve = "2m 2w 5d 5h";
                      snapshot_preserve_min = "latest";
                      volume =  {
                          "/mnt/snapshots/root" = {
                              snapshot_create = "always";
                              subvolume = {
                                  "@home" = {};
                              };
                          };
                      };
                  };
              };
              bak = {
                  onCalendar = "daily";
                  settings = {
 	              stream_buffer = "256m";
                      stream_compress = "lz4";
                      incremental = "yes";
                      snapshot_create = "no";
                      snapshot_dir = "@snapshots";
                      timestamp_format = "long";
                      snapshot_preserve_min = "all";
                      target_preserve_min = "no";
                      target_preserve = "2m 4w 3d";
                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
                      ssh_user = "btrbk";
                      volume =  {
                          "/mnt/snapshots/root" = {
                              subvolume = {
                                  "@home" = {};
                              };
 	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
                          };
                      };
 	          };
 	      };
          };
      };
  };
  systemd.timers = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
  fileSystems."/" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  fileSystems."/home" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/opt" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/mnt/Pluto" =
    { device = "jupiter.home.opel-online.de:/Pluto";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  fileSystems."/mnt/Mars" =
    { device = "jupiter.home.opel-online.de:/Mars";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "lifebook";
    wireless.iwd.enable = true;
    networkmanager = {
      enable = true;
      wifi = {
        backend = "iwd";
        powersave = true;
      };
    };
 #    interfaces = {
 #      wlan0 = {
 #        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        #ipv4.addresses = [ {
 #        #    address = "192.168.0.51";
 #        #    prefixLength = 24;
 #        #} ];
 #      };
 #    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = false;
      enable = true;
      allowedUDPPorts = [ 24727 51820 ];
      allowedTCPPorts = [ 24727 ];
    };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    powertop.enable = true;    
  };
 }
--- a/hosts/lifebook/home.nix
+++ b/hosts/lifebook/home.nix
@@ -16,8 +16,8 @@
 {
  imports =
    [
-      #../../modules/desktop/hyprland/home.nix # Window Manager
+      #../../modules/wm/hyprland/home.nix # Window Manager
-      ../../modules/desktop/sway/home.nix # Window Manager
+      ../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
@@ -30,7 +30,6 @@
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      element-desktop
      intel-gpu-tools
      pulsemixer
@@ -43,10 +42,6 @@
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
--- a/hosts/lifebook/patched-SSDT4
+++ b/hosts/lifebook/patched-SSDT4
--- a/hosts/nas/default.nix
+++ b/hosts/nas/default.nix
@@ -22,7 +22,7 @@
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    (import ../../modules/desktop/virtualisation) ++   # Docker
+    (import ../../modules/wm/virtualisation) ++   # Docker
    (import ../../modules/services/nas) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
@@ -53,7 +53,7 @@
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
--- a/hosts/nas/hardware-configuration.nix
+++ b/hosts/nas/hardware-configuration.nix
@@ -35,7 +35,8 @@
  };
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  boot.tmp.useTmpfs = true;
+  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
@@ -66,7 +67,7 @@
                          subvolume = {
                              "@" = {};
                              "@home" = {};
-                              "@nas/home" = {};
+                              "@nas/Home" = {};
                          };
                      };
                  };
@@ -126,6 +127,12 @@
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
    fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
@@ -171,7 +178,7 @@
      options = [ "bind" ];
    };
-  swapDevices = [ ];
+  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    vswitches = {
--- a/hosts/nasbackup/default.nix
+++ b/hosts/nasbackup/default.nix
@@ -0,0 +1,66 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    #[(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    (import ../../modules/services/nasbackup) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/nasbackup/hardware-configuration.nix
+++ b/hosts/nasbackup/hardware-configuration.nix
@@ -0,0 +1,233 @@
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.initrd.secrets = {
    "/root/NASKeyfile" =
        /root/NASKeyfile;
  };
  boot.initrd.luks.devices = {
    NAS-RAID1 = {
      device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
      keyFile = "/root/NASKeyfile";
      bypassWorkqueues = true;
    };
    NAS-RAID2 = {
      device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
      keyFile = "/root/NASKeyfile";
      bypassWorkqueues = true;
    };
  };
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
      "/mnt/nas"
    ];
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                          };
                      };
                  };
              };
          };
          bak = {
              onCalendar = "weekly";
              settings = {
 	          stream_buffer = "265m";
                  stream_compress = "lz4";
                  incremental = "yes";
                  snapshot_create = "no";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve_min = "all";
                  target_preserve_min = "no";
                  target_preserve = "4w 2m";
                  archive_preserve_min = "no";
                  archive_preserve = "4w 2m";
                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
                  ssh_user = "btrbk";
                  volume =  {
                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
                          subvolume = {
                              "@nas" = {
                                  target = "/mnt/nas/Backups/Mars";
 			      };
                              "@hades/@home" = {
 				  target = "/mnt/nas/Backups/Hades";
 				  snapshot_dir = "@snapshots/@hades";
 			      };
                              "@lifebook/@home" = {
 				  target = "/mnt/nas/Backups/Lifebook";
 				  snapshot_dir = "@snapshots/@lifebook";
 			      };
 #                              "@steamdeck/@home" = {
 #				  target = "/mnt/nas/Backups/Steamdeck";
 #				  snapshot_dir = "@snapshots/@steamdeck";
 #			      };
                          };
                      };
                  };
                  volume =  {
                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
                          target = "/mnt/nas/Backups/Pluto";
                          subvolume = {
                              "@/Games" = {};
                              "@/IT" = {};
                              "@/Media" = {};
                              "@/Pictures" = {};
                              "@/Rest" = {};
                          };
                      };
                  };
              };
          };
      };
  };
  systemd.services = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
  };
 #  fileSystems."/mnt/snapshots/Pluto" =
 #    { device = "/dev/disk/by-label/NAS-RAID";
 #      fsType = "btrfs";
 #      options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
 #    };
 #
  fileSystems."/mnt/nas" =
    { device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
      fsType = "btrfs";
      options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              ntp = [ "192.168.2.1" ];
              #domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
          };
      };
  };
  networking = {
    hostName = "nasbak";
    domain = "home.opel-online.de";
    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    #};
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
 #    powerUpCommands = ''
 #      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
 #      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
 #    '';
  };
 }
--- a/hosts/nasbackup/home.nix
+++ b/hosts/nasbackup/home.nix
@@ -0,0 +1,39 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -22,10 +22,12 @@
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
+    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
+   # [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
-    (import ../../modules/hardware);                                # Hardware devices
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
    (import ../../modules/hardware) ++
    (import ../../modules/services/printer);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -40,31 +42,14 @@
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
  hardware = {
    nitrokey.enable = true;
  };
  environment = {
    systemPackages = with pkgs; [
 #      simple-scan
       intel-media-driver
 #       alacritty
    ];
  };
  programs = {                              # No xbacklight, this is the alterantive
    dconf.enable = true;
    light.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
@@ -78,21 +63,15 @@
    logind.lidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    tailscale.enable = true;
  };
  #temporary bluetooth fix
--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@@ -17,24 +17,29 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
+  boot = {
-  boot.initrd.kernelModules = [ "i915" "kvm_intel" ];
+	  initrd = {
-  boot.kernelModules = [ "kvm-intel" ];
+		  availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
-  boot.extraModprobeConfig = ''
+		  kernelModules = [ "i915" "kvm_intel" ];
-      options i915 enable_guc=3 enable_fbc=1 fastboot=1
+		  systemd.enable = true;
-      '';
+		  luks = {
-  boot.kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
+			  devices."root" = {
-  boot.tmp.useTmpfs = true;
+				  device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
-  zramSwap.enable = true;
+				  allowDiscards = true;
 			  };
 		  };
 	  };
-  boot.initrd.luks = {
+	  kernelModules = [ "kvm-intel" ];
-    fido2Support = true;
+	  extraModprobeConfig = ''
-    devices."root" = {
+		  options i915 enable_guc=3 enable_fbc=1 fastboot=1
-      device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
+		  '';
-      allowDiscards = true;
+	  kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
-    };
+	  tmp.useTmpfs = true;
  };
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
@@ -111,13 +116,13 @@
    };
  fileSystems."/mnt/Pluto" =
-    { device = "nas:/Pluto";
+    { device = "jupiter:/Pluto";
      fsType = "nfs";
      options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  fileSystems."/mnt/Mars" =
-    { device = "nas:/Mars";
+    { device = "jupiter:/Mars";
      fsType = "nfs";
      options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
@@ -129,30 +134,19 @@
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "nbf5";
-    wireless.iwd.enable = true;
+    wireless = {
-    networkmanager = {
+      iwd.enable = true;
-      enable = true;
+      interfaces = [ "wlan0" ];
      wifi = {
        backend = "iwd";
        powersave = true;
      };
    };
    interfaces = {
      wlan0 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
        #ipv4.addresses = [ {
        #    address = "192.168.0.51";
        #    prefixLength = 24;
        #} ];
      };
    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
-      checkReversePath = "loose";
+      enable = true;
-    #  enable = false;
+      #allowedUDPPorts = [ 53 67 ];
-    #  #allowedUDPPorts = [ 53 67 ];
+      allowedTCPPorts = [ 80 443 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    };
  };
--- a/hosts/nbf5/home.nix
+++ b/hosts/nbf5/home.nix
@@ -0,0 +1,51 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      #../../modules/wm/hyprland/home.nix # Window Manager
      #../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      firefox
      intel-gpu-tools
      pulsemixer
      # Display
      light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/q920/default.nix
+++ b/hosts/q920/default.nix
@@ -1,111 +0,0 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
    [(import ../../modules/desktop/virtualisation/docker.nix)]; # ++   # Docker
    #(import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
 #  environment = {
 #    systemPackages = with pkgs; [
 #      simple-scan
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
 #    dconf.enable = true;
 #    light.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
 #    tlp.enable = true;                      # TLP and auto-cpufreq for power management
    #logind.lidSwitch = "ignore";            # Laptop does not go to sleep when lid is closed
    auto-cpufreq.enable = true;
    blueman.enable = true;
    pcscd.enable = true;
    udev.packages = [ 
        pkgs.nitrokey-udev-rules
    ];
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    #xserver = {
    #  libinput = {                          # Trackpad support & gestures
    #    touchpad = {
    #      tapping = true;
    #      scrollMethod = "twofinger";
    #      naturalScrolling = true;            # The correct way of scrolling
    #      accelProfile = "adaptive";          # Speed settings
    #      #accelSpeed = "-0.5";
    #      disableWhileTyping = true;
    #    };
    #  };
    #  resolutions = [
    #    { x = 1600; y = 920; }
    #    { x = 1280; y = 720; }
    #    { x = 1920; y = 1080; }
    #  ];
    #};
  };
  #temporary bluetooth fix
 #  systemd.tmpfiles.rules = [
 #    "d /var/lib/bluetooth 700 root root - -"
 #  ];
 #  systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
 }
--- a/hosts/q920/hardware-configuration.nix
+++ b/hosts/q920/hardware-configuration.nix
@@ -1,82 +0,0 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-label/ROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/ROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/ROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/BOOT";
      fsType = "vfat";
    };
  swapDevices = [ ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "q920";
    networkmanager.enable = true;
    interfaces = {
      enp0s25 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
        #ipv4.addresses = [ {
        #    address = "192.168.0.51";
        #    prefixLength = 24;
        #} ];
      };
 #      wlo1 = {
 #        useDHCP = true;
 #        #ipv4.addresses = [ {
 #        #  address = "192.168.0.51";
 #        #  prefixLength = 24;
 #        #} ];  
 #      };
    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    #};
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
 }
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -17,12 +17,12 @@
 #           └─ default.nix
 #
-{ config, pkgs, user, ... }:
+{ config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    (import ../../modules/services/server) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
@@ -32,20 +32,24 @@
    loader = {                              # EFI Boot
    grub = {
        enable = true;
        version = 2;
        device = "/dev/sda";
    };
      timeout = 1;                          # Grub auto select time
    };
  };
-#  environment = {
+  environment = {
-#    systemPackages = with pkgs; [
+    etc = {
-##      simple-scan
+      "fail2ban/filter.d/gitea.conf" = {
-##       intel-media-driver
+        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
-##       alacritty
+        mode = "0444";
-#    ];
+      };
-#  };
+      "fail2ban/filter.d/nextcloud.conf" = {
        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
        mode = "0444";
      };
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
@@ -53,20 +57,43 @@
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage = pkgs.pinentry-curses;
    };
  };
  services = {
    #auto-cpufreq.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    qemuGuest.enable = true;
-      enable = true;
+    #avahi = {                               # Needed to find wireless printer
-      nssmdns = true;
+    #  enable = true;
-      publish = {                           # Needed for detecting the scanner
+    #  nssmdns = true;
    #  publish = {                           # Needed for detecting the scanner
    #    enable = true;
    #    addresses = true;
    #    userServices = true;
    #  };
    #};
    fail2ban = {
        enable = true;
-        addresses = true;
+        maxretry = 5;
-        userServices = true;
+        jails.DEFAULT.settings = {
-      };
+           findtime = "15m";
        };
        jails = {
            gitea = ''
              enabled = true
              filter = gitea
              backend = systemd
              action = iptables-allports
            '';
            nextcloud = ''
              backend = auto
              enabled = true
              filter = nextcloud
              logpath = /var/lib/nextcloud/data/nextcloud.log
              action = iptables-allports
            '';
          };
    };
  };
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -21,7 +21,8 @@
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
-  boot.tmp.useTmpfs = true;
+  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
@@ -83,6 +84,12 @@
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
@@ -90,11 +97,12 @@
    };
-  swapDevices = [ ];
+  #swapDevices = [ { device = "/swap/swapfile"; } ];
  swapDevices = [  ];
  networking = {
    useDHCP = false;                        # Deprecated
-    hostName = "dmz";
+    hostName = "kabtop";
    domain = "kabtop.de";
    networkmanager = {
      enable = false;
@@ -126,5 +134,5 @@
    };
  };
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  #hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -0,0 +1,84 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, jovian-nixos, lib, ... }:
 {
  specialisation = {
  	sway.configuration = {
 		imports =
 		  [(import ../../modules/wm/sway)];
 		jovian.steam.enable = lib.mkForce false;
 		services.desktopManager.plasma6.enable = lib.mkForce false;
 	};
  };
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    (import ../../modules/wm/virtualisation) ++                 # libvirt + Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
    [(import ../../modules/wm/steam)] ++
    [(import ../../modules/wm/kde)] ++
    (import ../../modules/hardware);                                 # Hardware devices
  boot = {                                  # Boot options
    loader = {                              # EFI Boot
      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
    };
  };
  hardware = {
    nitrokey.enable = true;
  };
  programs = {                              # No xbacklight, this is the alterantive
    light.enable = true;
  };
  services = {
 #   blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    tailscale.enable = true;
  };
  security.pam.sshAgentAuth.enable = true;
 }
--- a/hosts/steamdeck/hardware-configuration.nix
+++ b/hosts/steamdeck/hardware-configuration.nix
@@ -0,0 +1,218 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot = {
 	  initrd = {
          availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
 		  kernelModules = [ ];
 		  systemd.enable = true;
 		  luks = {
 			  devices."crypted" = {
 				  device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
 				  allowDiscards = true;
                  bypassWorkqueues = true;
 			  };
 		  };
 	  };
 	  kernelModules = [ "kvm-amd" "amdgpu" ];
 	  kernelParams = [ "luks.options=fido2-device=auto" ];
 	  tmp.useTmpfs = false;
 	  tmp.cleanOnBoot = true;
  };
  zramSwap.enable = true;
  services = {
      btrfs.autoScrub = {
          enable = true;
          interval = "monthly";
          fileSystems = [
              "/"
          ];
      };
      udev.extraRules = ''
          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
          '';
      btrbk = {
          instances = {
              hf = {
                  onCalendar = "hourly";
                  settings = {
                      incremental = "yes";
                      snapshot_create = "ondemand";
                      snapshot_dir = "@snapshots";
                      timestamp_format = "long";
                      snapshot_preserve = "2m 2w 5d 5h";
                      snapshot_preserve_min = "latest";
                      volume =  {
                          "/mnt/snapshots/root" = {
                              snapshot_create = "always";
                              subvolume = {
                                  "@home" = {};
                              };
                          };
                      };
                  };
              };
 #              bak = {
 #                  onCalendar = "daily";
 #                  settings = {
 #	              stream_buffer = "256m";
 #                      stream_compress = "lz4";
 #                      incremental = "yes";
 #                      snapshot_create = "no";
 #                      snapshot_dir = "@snapshots";
 #                      timestamp_format = "long";
 #
 #                      snapshot_preserve_min = "all";
 #                      target_preserve_min = "no";
 #                      target_preserve = "2m 4w 3d";
 #
 #                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
 #                      ssh_user = "btrbk";
 #                    
 #                      volume =  {
 #                          "/mnt/snapshots/root" = {
 #                              subvolume = {
 #                                  "@home" = {};
 #                              };
 #	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
 #                          };
 #                      };
 #	          };
 #	      };
          };
      };
  };
 #
 #  systemd.timers = {
 #      btrbk-bak = {
 #          requires = [ "network-online.target" ];
 #      };
 #  };
  fileSystems."/" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  fileSystems."/home" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/opt" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
 #  fileSystems."/sdcard" =
 #    { device = "/dev/disk/by-label/sdcard";
 #      fsType = "ext4";
 #      options = [ "nofail,noauto,users,x-systemd.automount" ];
 #    };
  fileSystems."/mnt/Pluto" =
    { device = "jupiter:/Pluto";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  fileSystems."/mnt/Mars" =
    { device = "jupiter:/Mars";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "steamdeck";
    wireless.iwd.enable = true;
    networkmanager = {
      enable = true;
      wifi = {
        backend = "iwd";
        powersave = false;
      };
    };
 #    interfaces = {
 #      wlan0 = {
 #        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        #ipv4.addresses = [ {
 #        #    address = "192.168.0.51";
 #        #    prefixLength = 24;
 #        #} ];
 #      };
 #    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = "loose";
      enable = true;
      allowedUDPPorts = [ 24727 ];
      allowedTCPPorts = [ 24727 ];
    };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
  powerManagement = {
    scsiLinkPolicy = "med_power_with_dipm";
  };
 }
--- a/hosts/steamdeck/home.nix
+++ b/hosts/steamdeck/home.nix
@@ -0,0 +1,55 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  specialisation = {
  	sway.configuration = {
 		imports =
 		[(import ../../modules/wm/sway/home.nix)];
 	};
  };
  imports =
    [(import ../../modules/home.nix)] ++ # Window Manager
    [(import ../../modules/wm/steam/home.nix)] ++
    [(import ../../modules/wm/kde/home.nix)];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      libreoffice                         # Office packages
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      pulsemixer
      #yuzu-early-access
      # Display
      light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  services = {                            # Applets
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/modules/desktop/virtualisation/qemu.nix
+++ b/modules/desktop/virtualisation/qemu.nix
@@ -1,234 +0,0 @@
 #
 # Qemu/KVM with virt-manager 
 #
 { config, pkgs, user, ... }:
 {                                             # Add libvirtd and kvm to userGroups
  boot.extraModprobeConfig = ''
    options kvm_intel nested=1
    options kvm_intel emulate_invalid_guest_state=0
    options kvm ignore_nsrs=1
  '';                                         # Needed to run OSX-KVM 
  users.groups.libvirtd.members = [ "root" "${user}" ];
  virtualisation = {
    vswitch.enable = true;
    libvirtd = {
      enable = true;                          # Virtual drivers
      onShutdown = "shutdown";
      #qemuPackage = pkgs.qemu_kvm;           # Default
      qemu = {
        runAsRoot = false;
        ovmf.enable = true;
 #        ovmf.packages = [ pkgs.OVMFFull ];
 #        verbatimConfig = ''
 #         nvram = [ "${pkgs.OVMF}/FV/OVMF_CODE.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
 #        '';
      };
    };
    spiceUSBRedirection.enable = true;        # USB passthrough
  };
  programs.dconf.enable = true;
  environment = {
    systemPackages = with pkgs; [
      virt-manager
      virt-viewer
      qemu
      OVMF
      gvfs                                    # Used for shared folders between linux and windows
    ];
  };
  services = {                                # Enable file sharing between OS
    gvfs.enable = true;
  };
  #boot ={
  #  kernelParams = [ "intel_iommu=on" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];      # or amd_iommu (cpu)
  #  kernelModules = [ "vendor-reset" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd"];
  #  extraModulePackages = [ config.boot.kernelPackages.vendor-reset ]; # Presumably fix for GPU Reset Bug
  #  extraModprobeConfig = "options vfio-pci ids=1002:67DF,1002:AAF0"; # grep PCI_ID /sys/bus/pci/devices/*/uevent
  #  kernelPatches = [
  #    {
  #    name = "vendor-reset-reqs-and-other-stuff";
  #    patch = null;
  #    extraConfig = ''
  #    FTRACE y
  #    KPROBES y
  #    FUNCTION_TRACER y
  #    HWLAT_TRACER y
  #    TIMERLAT_TRACER y
  #    IRQSOFF_TRACER y
  #    OSNOISE_TRACER y
  #    PCI_QUIRKS y
  #    KALLSYMS y
  #    KALLSYMS_ALL y
  #    ''; 
  #    }
  #  ];
  #};
 }
 #SHARED FOLDER
 #FOR WINDOWS
 # 3 options:
 #
 # 1. Make use of host samba server
 # 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
 # 1.1 On host, set a password for the autentication of the samba server
 # 1.2 $ smbpasswd -a <user>
 # 1.3 Give password twice
 # 1.4 On windows, open file explorer, right click "This PC", Map network drive...
 # 1.5 fill in address: \\<ip-address>\share
 # 1.6 Log in with details entered beforehand
 #
 # 2. Since this setup make use of iommu, you can pass through external usb hard drives or a specific PCI storage devices
 # 2.1 Open details of virtual desktop in virt-manager
 # 2.2 Add hardware
 # 2.3 USB Host Device
 # 2.4 Select device and launch virtual desktop
 #
 # 3. Set up shared folders in windows guest that can be accessed by host
 # 3.0. Enable above service gvfs (this is used in the file manager to actually connect to the windows directory)
 # 3.1. Log in to Windows
 # 3.2. Go to "Network and Sharing Center"
 # 3.3. Click "Change advanced sharing settings" and enable all settings for Private, Guest or Public and All Networks
 # 3.3.1. Under "All Networks" you can disable "Password protected sharing" but it seems for optimal use, it's better to still give the password in the file manager
 # 3.4. (possibly optional), select a folder and click "Properties", "Sharing", "Advanced Sharing"
 # 3.4.1. Enable "Share this file"
 # 3.4.2. Under "Permissions", allow full control. Apply
 # 3.5. Click "Share" and use de drop down to add "Everyone" and change "Permission Level" to "Read/Write". Share, Done
 # 3.6. Search for services and open menu
 # 3.6.1. Search for below serices. Right click and select "Properties". "Startup type" = Automatic
 # 3.6.1.1. SSDP Discovery
 # 3.6.1.2. uPnPDevice Host
 # 3.6.1.3. Functions Discovery Provider Host
 # 3.6.1.4. Functions Discovery Resource Publication
 # 3.7. Find IP of virtual device and make sure you can ping it.
 # 3.8. In file manager add connection
 # 3.8.1. For example in PCManFM
 # 3.8.2. Search for smb://*ip*/
 # 3.8.3. You can even specify specific folder smb://*ip*/users/Matthias/Desktop/share
 # 3.8.4. If prompted to log in, do it, otherwise it might close on its own.
 # 3.9. If there are any issues, maybe disable firewall on guest
 # 3.10. Recommended to bookmark location for later
 # Note:
 # There is no passthrough, its recommended to install the windows kvm guest drivers.
 # Can be found on github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md
 # Add this as CD storage in virt manager
 # It can than be accest in the windows and the guest driver exe's can be run.
 # Also, change video in virt-manager to virtio. This will fix the resolution
 #FOR LINUX
 # 2 options
 #
 # 1. Make use of host samba server
 # 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
 # 1.1 On host, set a password for the autentication of the samba server
 # 1.2 $ smbpasswd -a <user>
 # 1.3 Give password twice
 # 1.4 On virtual machine open file manager
 # 1.5 Search for smb://<ip-address>/share
 # 1.6 Log in with details entered beforehand
 #
 # 2. Passing through a filesystem
 # 2.1 Open details of virtual desktop on virt-manager
 # 2.2 Add hardware
 # 2.3 Select Filesystem: Type = mount / Mode = mapped / Source path = /home/<user>/share / Target path = /sharepoint
 # 2.4 Boot into virtual machine
 # 2.5 Create a directory to mount /sharepoint
 # 2.6 $ sudo mount -t 9p -o trans=virtio /sharepoint /<mountpoint>
 #SINGLE GPU PASSTHROUGH
 # General Guide: gitlab.com/risingprismtv/single-gpu-passthrough/-/wikis/home
 # 1. Download ISO
 # 2. Download latest Video BIOS from techpowerup.com/vgabios (Sapphire RX580 8Gb)
 # 2.1. $ Sudo mkdir /var/lib/libvirt/vbios/
 # 2.2. $ Sudo mv ~/Downloads/*.rom /var/lib/libvirt/vbios/GPU.rom
 # 2.3. $ Cd /var/lib/libvirt/vbios/
 # 2.4. $ Sudo chmod -R 660 GPU.rom
 # 3. Launch virt-manager
 # 4. File - Add Connection
 # 5. Create Virtual Machine
 # 5.1 Select ISO and mark it as win10
 # 5.2 Give temporary RAM
 # 5.3 Customize configuration before install
 # 5.4 Overview - Firmware - UEFI x86_64: /usr/*/OVMF_CODE.fd
 # 5.5 Allow XML Editing via Edit - Preferences
 # 5.6 Edit XML - Remove rtc & pit line. Change hpet to "yes"
 # 6. Start Installation (let it run without interference and do steps below)
 # 6.1 Press Esc, type exit, select boot-manager DVD ROM
 # 6.2 Do installation, select Pro version.
 # 6.3 Install hooks (Step 7 in guide)
 # 7. Close VM
 # 8. Edit VM
 # 8.1 Remove everything spice (Display, Video QXL, Serial, Channel Spice)
 # 8.2 Remove CD Rom
 # 8.3 Add PCI hardware (GPU: 01:00:0 & 01:00:1 (most likely))
 # 8.3 Add Mouse, Keyboard (PCI USB Controller in PCI Host Device or USB Host Device)
 # 9. Select GPU and open XML
 # 9.1 Add line "<rom file='/var/lib/libvirt/vbios/GPU.rom'/>" under "</source>"
 # 9.2 Do for both 01:00:0 and 01:00:1
 # 10. Edit CPU
 # 10.1 Disable "Copy host CPU configuration" and select "host-passthrough"
 # 10.2 Edit topology: Sockets=1 Cores=Total/2 Threads=2
 # 10.3 Edit XML cpu under topology
 # 10.3.1  Add "<feature policy='require' name='topoext'/>" for AMDCPU
 # 10.3.2  Add "<feature policy='disable' name='smep'/>" for Intel CPU
 # 11 Change memory to prefered (12GB for 16GB Total)
 # 12 Start VM
 # 13 Install correct video drivers
 #MACOS ON VIRT-MANAGER
 # General Guide: nixos.wiki/wiki/OSX-KVM
 # Repository: github.com/kholia/OSX-KVM
 # IMPORTANT: if you wish to start the virtual machine with virt-manager gui, clone to /home/<user>/.
 # 1. git clone https://github.com/kholia/OSX-KVM
 # 2. create a shell.nix (maybe best to store inside cloned directory)
 # 3. shell.nix content:
 #    with import <nixpkgs> {};
 #    mkShell {
 #      buildInputs = [
 #        qemu
 #        python3
 #        iproute2
 #      ];
 #    }
 # 4. In nixos configuration add:
 #    virtualisation.libvirtd.enable = true;
 #    users.extraUsers.<user>.extraGroups = [ "libvirtd" ];
 #    boot.extraModprobeConfig = ''
 #      options kvm_intel nested=1
 #      options kvm_intel emulate_invalid_guest_state=0
 #      options kvm ignore_msrs=1
 #    '';
 # 5. Run the shell: $ nix-shell
 # 6. As mentioned in the README, run ./fetch-macOS.py
 # 6.1 Can be a specific version 
 # 7. Create base image for the macOs installer
 # 8. $ qemu-img convert BaseSystem.dmg -O raw BaseSystem.img
 # 9. Create disk for macOS
 # 9.1 $ qemu-img create -f qcow2 mac_hdd_ng.img 128G
 # 10. Set up networking. If something like virbr0 does not get detected start virt-manager. Commands:
 #    $ sudo ip tuntap add dev tap0 mode tap
 #    $ sudo ip link set tap0 up promisc on
 #    $ sudo ip link set dev virbr0 up
 #    $ sudo ip link set dev tap0 master virbr0
 # 11. Boot the system
 # 11.1 $ ./OpenCore-Boot.sh
 # 12. Choose the first option to start the MacOS installer: macOS Base Systen
 # 12.1 Use Disk Utility to esase the correct drive.
 # 13. Go back and select the option to reinstall macOS
 # 13.1 After the initial installation, a reboot will happen. Do nothing and wait or select the second option 'MacOs install'.
 # 13.2 This will finalize the installaton but it will probably reboot multiple times. The second option will now have changed to the name of your drive. Use this as the boot option
 # 14. To add the installation to virt-manager:
 # 14.1 $ sed "s/CHANGEME/$USER/g" macOS-libvirt-Catalina.xml > macOS.xml
 # 14.2 Inside macOS.xml change the emulator from /usr/bin/qemu-system-x86_64 to /run/libvirt/nix-emulators/qemu-system-x86_64
 # 14.3 $ virt-xml-validate macOS.xml
 # 15. $ virsh --connect qemu:///system define macOS.xml
 # 16.(optional if permission is needed to the libvirt-qemu user)
 # 16.1 $ sudo setfacl -m u:libvirt-qemu:rx /home/$USER
 # 16.2 $ sudo setfacl -R -m u:libvirt-qemu:rx /home/$USER/OSX-KVM
--- a/modules/editors/nvim/config/bufferline.nix
+++ b/modules/editors/nvim/config/bufferline.nix
@@ -0,0 +1,5 @@
 {
  plugins.bufferline = {
    enable = true;
  };
 }
--- a/modules/editors/nvim/config/default.nix
+++ b/modules/editors/nvim/config/default.nix
@@ -0,0 +1,16 @@
 { nvim, ... }:
 {
  # Import all your configuration modules here
  programs.nixvim = {
      enable = true;
      colorschemes.gruvbox.enable = true;
      imports = [
        ./bufferline.nix
        ./plugins.nix
        ./options.nix
        ./keymaps.nix
        ./highlight.nix
      ];
  };
 }
--- a/modules/editors/nvim/config/highlight.nix
+++ b/modules/editors/nvim/config/highlight.nix
@@ -0,0 +1,8 @@
 {
  highlight = {
    Comment.fg = "#ff00ff";
    Comment.bg = "#000000";
    Comment.underline = true;
    Comment.bold = true;
  };
 }
--- a/modules/editors/nvim/config/keymaps.nix
+++ b/modules/editors/nvim/config/keymaps.nix
@@ -0,0 +1,8 @@
 {
  keymaps = [
    {
      action = "<cmd>Telescope live_grep<CR>";
      key = "<leader>g";
    }
  ];
 }
--- a/modules/editors/nvim/config/options.nix
+++ b/modules/editors/nvim/config/options.nix
@@ -0,0 +1,14 @@
 {
    config = {
        globals.mapleader = " ";
        viAlias = true;
        vimAlias = true;
        opts = {
            number = true;         # Show line numbers
            relativenumber = true; # Show relative line numbers
            shiftwidth = 2;        # Tab width should be 2
        };
    };
 }
--- a/modules/editors/nvim/config/plugins.nix
+++ b/modules/editors/nvim/config/plugins.nix
@@ -0,0 +1,51 @@
 {
    plugins = {
        lualine.enable = true;
        cmp = {
            enable = true;
            autoEnableSources = true;
            settings = {
                sources = [
                  {name = "nvim_lsp";}
                  {name = "path";}
                  {name = "buffer";}
                  {name = "luasnip";}
                ];
                mapping = {
                    "<C-d>" = "cmp.mapping.scroll_docs(-4)";
                    "<C-f>" = "cmp.mapping.scroll_docs(4)";
                    "<C-Space>" = "cmp.mapping.complete()";
                    "<C-e>" = "cmp.mapping.close()";
                    "<CR>" = "cmp.mapping.confirm({ select = true })";
                    "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
                    "<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
                };
            };
        };
        lsp = {
            enable = true;
            servers = {
                tsserver.enable = true;
                lua-ls = {
                    enable = true;
                    settings.telemetry.enable = false;
                };
 #                rust-analyzer = {
 #                    enable = true;
 #                    installCargo = true;
 #                };
            };
        };
        telescope.enable = true;
        treesitter.enable = true;
        luasnip.enable = true;
    };
 }
--- a/modules/editors/nvim/default.nix
+++ b/modules/editors/nvim/default.nix
@@ -5,6 +5,11 @@
 { pkgs, ... }:
 {
  home = {
      packages = [ pkgs.gnvim ];
  };
  programs = {
    neovim = {
      enable = true;
--- a/modules/hardware/autoaspm.py
+++ b/modules/hardware/autoaspm.py
@@ -0,0 +1,114 @@
 #!/usr/bin/env python3
 # Original bash script by Luis R. Rodriguez
 # Re-written in Python by z8
 # Re-re-written to patch supported devices automatically by notthebee
 import re
 import subprocess
 import os
 import platform
 from enum import Enum
 class ASPM(Enum):
    DISABLED = 0b00
    L0s = 0b01
    L1 = 0b10
    L0sL1 = 0b11
 def run_prerequisites():
    if platform.system() != "Linux":
        raise OSError("This script only runs on Linux-based systems")
    if not os.environ.get("SUDO_UID") and os.geteuid() != 0:
        raise PermissionError("This script needs root privileges to run")
    lspci_detected = subprocess.run(["which", "lspci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
    if lspci_detected.returncode > 0:
        raise Exception("lspci not detected. Please install pciutils")
    lspci_detected = subprocess.run(["which", "setpci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
    if lspci_detected.returncode > 0:
        raise Exception("setpci not detected. Please install pciutils")
 def get_device_name(addr):
    p = subprocess.Popen([
        "lspci",
        "-s",
        addr,
    ], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    return p.communicate()[0].splitlines()[0].decode()
 def read_all_bytes(device):
    all_bytes = bytearray()
    device_name = get_device_name(device)
    p = subprocess.Popen([
        "lspci",
        "-s",
        device,
        "-xxx"
    ], stdout= subprocess.PIPE, stderr=subprocess.PIPE)
    ret = p.communicate()
    ret = ret[0].decode()
    for line in ret.splitlines():
        if not device_name in line and ": " in line:
            all_bytes.extend(bytearray.fromhex(line.split(": ")[1]))
    if len(all_bytes) < 256:
        exit()
    return all_bytes
 def find_byte_to_patch(bytes, pos):
    pos = bytes[pos]
    if bytes[pos] != 0x10:
        pos += 0x1
        return find_byte_to_patch(bytes, pos)
    else:
        pos += 0x10
        return pos
 def patch_byte(device, position, value):
    subprocess.Popen([
        "setpci",
        "-s",
        device,
        f"{hex(position)}.B={hex(value)}"
    ]).communicate()
 def patch_device(addr, aspm_value):
    endpoint_bytes = read_all_bytes(addr)
    byte_position_to_patch = find_byte_to_patch(endpoint_bytes, 0x34)
    if int(endpoint_bytes[byte_position_to_patch]) & 0b11 != aspm_value.value:
        patched_byte = int(endpoint_bytes[byte_position_to_patch])
        patched_byte = patched_byte >> 2
        patched_byte = patched_byte << 2
        patched_byte = patched_byte | aspm_value.value
        patch_byte(addr, byte_position_to_patch, patched_byte)
        print(f"{addr}: Enabled ASPM {aspm_value.name}")
    else:
        print(f"{addr}: Already has ASPM {aspm_value.name} enabled")
 def list_supported_devices():
    pcie_addr_regex = r"([0-9a-f]{2}:[0-9a-f]{2}.[0-9a-f])"
    lspci = subprocess.run("lspci -vv", shell=True, capture_output=True).stdout
    lspci_arr = re.split(pcie_addr_regex, str(lspci))[1:]
    lspci_arr = [ x+y for x,y in zip(lspci_arr[0::2], lspci_arr[1::2]) ]
    aspm_devices = {}
    for dev in lspci_arr:
        device_addr = re.findall(pcie_addr_regex, dev)[0]
        if "ASPM" not in dev or "ASPM not supported" in dev:
            continue
        aspm_support = re.findall(r"ASPM (L[L0-1s ]*),", dev)
        if aspm_support:
            aspm_devices.update({device_addr: ASPM[aspm_support[0].replace(" ", "")]})
    return aspm_devices
 def main():
    run_prerequisites()
    for device, aspm_mode in list_supported_devices().items():
        patch_device(device, aspm_mode)
 if __name__ == "__main__":
    main()
--- a/modules/hardware/backup.nix
+++ b/modules/hardware/backup.nix
@@ -0,0 +1,18 @@
 { config, lib, pkgs, ... }:
 {
  services.btrbk = {
    sshAccess = [
      {
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
        roles = [ "source" "info" "send" ];
      }
      {
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
        roles = [ "target" "info" "receive" "delete" ];
      }
    ];
  };
 }
--- a/modules/hardware/bluetooth.nix
+++ b/modules/hardware/bluetooth.nix
@@ -14,4 +14,7 @@
      };
    };
  };
  environment.systemPackages = with pkgs; [
    zmkBATx
  ];
 }
--- a/modules/hardware/hydraCache.nix
+++ b/modules/hardware/hydraCache.nix
@@ -0,0 +1,21 @@
 { config, lib, pkgs, ... }:
 {
  nix = {
    settings = {
      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
 	"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
      ];
      extra-substituters = [
 	"https://steamdeck.cachix.org"
        "https://cache.ci.kabtop.de"
      ];
      #extra-trusted-substituters = [
      #  "https://cache.home.opel-online.de"
      #];
    };
  };
 }
--- a/modules/hardware/remoteBuilder.nix
+++ b/modules/hardware/remoteBuilder.nix
@@ -0,0 +1,25 @@
 { pkgs, config, ... }:
 {
  users.users.nixremote = {                   # System User
    isNormalUser = true;
    extraGroups = [ "kvm" ];
    shell = pkgs.zsh;                       # Default shell
    uid = 1001;
 #    initialPassword = "password95";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
    ];
  };
  nix.settings.trusted-users = [
    "nixremote"
  ];
  services.nix-serve.secretKeyFile = config.age.secrets."keys/nixservepriv".path;
  age.secrets."keys/nixservepriv" = {
    file = ../../secrets/keys/nixservepriv.age;
    owner = "nixremote";
  };
 }
--- a/modules/hardware/remoteClient.nix
+++ b/modules/hardware/remoteClient.nix
@@ -0,0 +1,32 @@
 { config, lib, pkgs, ... }:
 {
  nix = {
    distributedBuilds = false;
    buildMachines = [ {
      hostName = "hades";
      system = "x86_64-linux";
      supportedFeatures = [ "kvm" "big-parallel" ];
      sshUser = "nixremote";
      sshKey = config.age.secrets."keys/nixremote".path;
      maxJobs = 1;
      speedFactor = 4;
      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
      protocol = "ssh-ng";
    } ];
    settings = {
      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
      ];
      trusted-users = [
        "kabbone"
      ];
    };
  };
  age.secrets."keys/nixremote" = {
    file = ../../secrets/keys/nixremote.age;
    owner = "root";
  };
 }
--- a/modules/home.nix
+++ b/modules/home.nix
@@ -24,7 +24,7 @@
    theme = {
      theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
      icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
-      font = mkOption { type = types.str; default = "FiraCode Nerd Font 11"; };
+      font = mkOption { type = types.str; default = "Cascadia Code 11"; };
      wallpaper = mkOption { type = types.str; default = ""; };
    };
  };
--- a/modules/kabbone/corosync-qdevice.nix
+++ b/modules/kabbone/corosync-qdevice.nix
@@ -0,0 +1,75 @@
 {
  lib,
  config,
  pkgs,
  pkgs-kabbone,
  ...
 }:
 let
  cfg = config.services.corosync-qnetd;
  dataDir = "/var/run/corosync-qnetd";
 in
 {
  # interface
  options.services.corosync-qnetd = {
    enable = lib.mkEnableOption "corosync-qnetd";
    package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { };
    extraOptions = lib.mkOption {
      type = with lib.types; listOf str;
      default = [ ];
      description = "Additional options with which to start corosync-qnetd.";
    };
  };
  # implementation
  # implementation
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];
    users.users.coroqnetd = {
      isSystemUser = true;
      group = "coroqnetd";
      home = dataDir;
      description = "Corosync-qnetd Service User";
    };
    users.groups.coroqnetd = { };
   # environment.etc."corosync/corosync-qnetd.conf".text = ''
   #   totem {
   #     version: 2
   #     secauth: on
   #     cluster_name: ${cfg.clusterName}
   #     transport: knet
   #   }
   #   logging {
   #     to_syslog: yes
   #   }
   # '';
    systemd.packages = [ cfg.package ];
    systemd.services.corosync-qnetd = {
      serviceConfig = {
        User = "coroqnetd";
        StateDirectory = "corosync-qnetd";
        StateDirectoryMode = "0700";
      };
    };
    environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) ''
      COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
    '';
  };
  meta = {
    #buildDocsInSandbox = false;
    #doc = ./mautrix-whatsapp.md;
    maintainers = with lib.maintainers; [
      kabbone
    ];
  };
 }
--- a/modules/kabbone/mautrix-whatsapp.md
+++ b/modules/kabbone/mautrix-whatsapp.md
@@ -0,0 +1,32 @@
 # Mautrix-Whatsapp {#module-services-mautrix-whatsapp}
 [Mautrix-Whatsapp](https://github.com/mautrix/whatsapp) is a Matrix-Whatsapp puppeting bridge.
 ## Configuration {#module-services-mautrix-whatsapp-configuration}
 1. Set [](#opt-services.mautrix-whatsapp.enable) to `true`. The service will use
   SQLite by default.
 2. To create your configuration check the default configuration for
   [](#opt-services.mautrix-whatsapp.settings). To obtain the complete default
   configuration, run
   `nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c default.yaml -e"`.
 ::: {.warning}
 Mautrix-Whatsapp allows for some options like `encryption.pickle_key`,
 `provisioning.shared_secret`, allow the value `generate` to be set.
 Since the configuration file is regenerated on every start of the
 service, the generated values would be discarded and might break your
 installation. Instead, set those values via
 [](#opt-services.mautrix-whatsapp.environmentFile).
 :::
 ## Migrating from an older configuration {#module-services-mautrix-whatsapp-migrate-configuration}
 With Mautrix-Whatsapp v0.7.0 the configuration has been rearranged. Mautrix-Whatsapp
 performs an automatic configuration migration so your pre-0.7.0 configuration
 should just continue to work.
 In case you want to update your NixOS configuration, compare the migrated configuration
 at `/var/lib/mautrix-whatsapp/config.yaml` with the default configuration
 (`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c example.yaml -e"`) and
 update your module configuration accordingly.
--- a/modules/kabbone/mautrix-whatsapp.nix
+++ b/modules/kabbone/mautrix-whatsapp.nix
@@ -0,0 +1,280 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.services.kabbone_mautrix-whatsapp;
  dataDir = "/var/lib/mautrix-whatsapp";
  registrationFile = "${dataDir}/whatsapp-registration.yaml";
  settingsFile = "${dataDir}/config.yaml";
  settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
  settingsFormat = pkgs.formats.json { };
  appservicePort = 29318;
  # to be used with a list of lib.mkIf values
  optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
  mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
  defaultConfig = {
    network = {
      displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
      identity_change_notices = true;
      history_sync = {
        request_full_sync = true;
      };
    };
    bridge = {
      command_prefix = "!wa";
      relay.enabled = true;
      permissions."*" = "relay";
    };
    database = {
      type = "sqlite3";
      uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
    };
    homeserver.address = "http://localhost:8448";
    appservice = {
      hostname = "[::]";
      port = appservicePort;
      id = "whatsapp";
      bot = {
        username = "whatsappbot";
        displayname = "WhatsApp Bridge Bot";
      };
      as_token = "";
      hs_token = "";
      username_template = "whatsapp_{{.}}";
    };
    double_puppet = {
      servers = { };
      secrets = { };
    };
    # By default, the following keys/secrets are set to `generate`. This would break when the service
    # is restarted, since the previously generated configuration will be overwritten everytime.
    # If encryption is enabled, it's recommended to set those keys via `environmentFile`.
    encryption.pickle_key = "";
    provisioning.shared_secret = "";
    public_media.signing_key = "";
    direct_media.server_key = "";
    logging = {
      min_level = "info";
      writers = lib.singleton {
        type = "stdout";
        format = "pretty-colored";
        time_format = " ";
      };
    };
  };
 in
 {
  options.services.kabbone_mautrix-whatsapp = {
    enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
    package = lib.mkPackageOption pkgs "mautrix-whatsapp" { };
    settings = lib.mkOption {
      apply = lib.recursiveUpdate defaultConfig;
      type = settingsFormat.type;
      default = defaultConfig;
      description = ''
        {file}`config.yaml` configuration as a Nix attribute set.
        Configuration options should match those described in the example configuration.
        Get an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`
        Secret tokens should be specified using {option}`environmentFile`
        instead of this world-readable attribute set.
      '';
      example = {
        bridge = {
          private_chat_portal_meta = true;
          mute_only_on_create = false;
          permissions = {
            "example.com" = "user";
          };
        };
        database = {
          type = "postgres";
          uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
        };
        homeserver = {
          address = "http://[::1]:8008";
          domain = "my-domain.tld";
        };
        appservice = {
          id = "whatsapp";
          ephemeral_events = false;
        };
        matrix.message_status_events = true;
        provisioning = {
          shared_secret = "disable";
        };
        backfill.enabled = true;
        encryption = {
          allow = true;
          default = true;
          require = true;
          pickle_key = "$ENCRYPTION_PICKLE_KEY";
        };
      };
    };
    environmentFile = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      default = null;
      description = ''
        File containing environment variables to be passed to the mautrix-signal service.
        If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
        then its value will be used in the configuration file for the option
        `double_puppet.secrets` without leaking it to the store, using the configured
        `homeserver.domain` as key.
      '';
    };
    serviceDependencies = lib.mkOption {
      type = with lib.types; listOf str;
      default =
        (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
        ++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
      defaultText = lib.literalExpression ''
        (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
        ++ (optional config.services.matrix-conduit.enable "conduit.service")
      '';
      description = ''
        List of systemd units to require and wait for when starting the application service.
      '';
    };
    registerToSynapse = lib.mkOption {
      type = lib.types.bool;
      default = config.services.matrix-synapse.enable;
      defaultText = lib.literalExpression ''
        config.services.matrix-synapse.enable
      '';
      description = ''
        Whether to add the bridge's app service registration file to
        `services.matrix-synapse.settings.app_service_config_files`.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    users.users.mautrix-whatsapp = {
      isSystemUser = true;
      group = "mautrix-whatsapp";
      home = dataDir;
      description = "Mautrix-Whatsapp bridge user";
    };
    users.groups.mautrix-whatsapp = { };
    services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
      settings.app_service_config_files = [ registrationFile ];
    };
    systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
      serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
    };
    # Note: this is defined here to avoid the docs depending on `config`
    services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
      with config.services;
      [
        (lib.mkIf matrix-synapse.enable (mkDefaults {
          domain = matrix-synapse.settings.server_name;
        }))
        (lib.mkIf matrix-conduit.enable (mkDefaults {
          domain = matrix-conduit.settings.global.server_name;
          address = "http://localhost:${toString matrix-conduit.settings.global.port}";
        }))
      ]
    );
    systemd.services.kabbone_mautrix-whatsapp = {
      description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
      wantedBy = [ "multi-user.target" ];
      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
      # ffmpeg is required for conversion of voice messages
      path = [ pkgs.ffmpeg-headless ];
      preStart = ''
        # substitute the settings file by environment variables
        # in this case read from EnvironmentFile
        test -f '${settingsFile}' && rm -f '${settingsFile}'
        old_umask=$(umask)
        umask 0177
        ${pkgs.envsubst}/bin/envsubst \
          -o '${settingsFile}' \
          -i '${settingsFileUnsubstituted}'
        umask $old_umask
        # generate the appservice's registration file if absent
        if [ ! -f '${registrationFile}' ]; then
          ${cfg.package}/bin/mautrix-whatsapp \
            --generate-registration \
            --config='${settingsFile}' \
            --registration='${registrationFile}'
        fi
        chmod 640 ${registrationFile}
        umask 0177
        # 1. Overwrite registration tokens in config
        # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET
        #    is set, set it as the login shared secret value for the configured
        #    homeserver domain.
        ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
          | .[0].appservice.hs_token = .[1].hs_token
          | .[0]
          | if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
          '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
        mv '${settingsFile}.tmp' '${settingsFile}'
        umask $old_umask
      '';
      serviceConfig = {
        User = "mautrix-whatsapp";
        Group = "mautrix-whatsapp";
        EnvironmentFile = cfg.environmentFile;
        StateDirectory = baseNameOf dataDir;
        WorkingDirectory = dataDir;
        ExecStart = ''
          ${cfg.package}/bin/mautrix-whatsapp \
          --config='${settingsFile}' \
          --registration='${registrationFile}'
        '';
        LockPersonality = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateTmp = true;
        PrivateUsers = true;
        ProtectClock = true;
        ProtectControlGroups = true;
        ProtectHome = true;
        ProtectHostname = true;
        ProtectKernelLogs = true;
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        ProtectSystem = "strict";
        Restart = "on-failure";
        RestartSec = "30s";
        RestrictRealtime = true;
        RestrictSUIDSGID = true;
        SystemCallArchitectures = "native";
        SystemCallErrorNumber = "EPERM";
        SystemCallFilter = [ "@system-service" ];
        Type = "simple";
        UMask = 27;
      };
      restartTriggers = [ settingsFileUnsubstituted ];
    };
  };
  meta = {
    #buildDocsInSandbox = false;
    #doc = ./mautrix-whatsapp.md;
    maintainers = with lib.maintainers; [
      kabbone
    ];
  };
 }
--- a/modules/programs/alacritty.nix
+++ b/modules/programs/alacritty.nix
@@ -15,16 +15,14 @@
      enable = true;
      package = pkgs.alacritty;
      settings = {
        env.term = "screen-256color";
        font = rec {                          # Font - Laptop has size manually changed at home.nix
-          #normal.family = "Source Code Pro";
+          #normal.family = "FiraCode Nerd Font";
-          normal.family = "FiraCode Nerd Font";
+          normal.family = "Cascadia Code";
          #normal.family = "Intel One Mono";
          #bold = { style = "Bold"; };
 #         size = 8;
        };
        offset = {                            # Positioning
          x = -1;
          y = 0;
        };
      };
    };
  };
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -12,10 +12,10 @@
 [
   ./alacritty.nix
-   ./rofi.nix
+#   ./rofi.nix
   ./firefox.nix
   #./waybar.nix
   #./games.nix
 ]
-# Waybar.nix is pulled from modules/desktop/..
+# Waybar.nix is pulled from modules/wm/..
 # Games.nix is pulled from desktop/default.nix
--- a/modules/programs/firefox.nix
+++ b/modules/programs/firefox.nix
@@ -18,7 +18,7 @@
      #        ExtensionSettings =  {};
      #    };
      #};
-      package = pkgs.firefox-wayland;
+#      package = pkgs.firefox-wayland;
 #      profiles.kabbone = {
 #          #id = 271987;
 #          name = "kabbone";
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -19,6 +19,7 @@
  #./udiskie.nix
  #./redshift.nix
  ./kanshi.nix
  ./keyring.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/dmz/default.nix
+++ b/modules/services/dmz/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./microvm.nix
 #  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/dmz/gitea_runner.nix
+++ b/modules/services/dmz/gitea_runner.nix
@@ -0,0 +1,60 @@
 { lib, config, pkgs, ... }:
 {
    virtualisation = {
      podman ={
        enable = true;
        autoPrune.enable = true;
        dockerCompat = true;
      };
      containers.containersConf.settings = {
        # podman seems to not work with systemd-resolved
        containers.dns_servers = [ "192.168.101.1" ];
        #containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
      };
    };
    services.gitea-actions-runner.instances = {
        homerunner = {
            enable = true;
            url = "https://git.kabtop.de";
            name = "Homerunner";
            tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
            labels = [ 
              "home"
              "debian-latest:docker://node:18-bullseye"
              "ubuntu-latest:docker://node:16-bullseye"
              "ubuntu-22.04:docker://node:16-bullseye"
              "ubuntu-20.04:docker://node:16-bullseye"
              "ubuntu-18.04:docker://node:16-buster"
              "native:host"
            ];
            hostPackages = with pkgs; [
              bash
              coreutils
              curl
              gawk
              gitMinimal
              gnused
              nodejs
              wget
            ];
            settings = {
             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
               # the default network that also respects our dns server settings
              container.network = "host";
              container.privileged = false;
             # container.valid_volumes = [
             #   "/nix"
             #   "${storeDeps}/bin"
             #   "${storeDeps}/etc/ssl"
             # ];
            };
        };
    };
    age.secrets."services/gitea/homerunner-token" = {
      file = ../../../secrets/services/gitea/homerunner-token.age;
      owner = "gitea-runner";
    };
 }
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -0,0 +1,91 @@
 { lib, config, pkgs, ... }:
 {
    services = {
      hydra = {
        enable = true;
        hydraURL = "https://hydra.home.opel-online.de";
        listenHost = "127.0.0.1";
        notificationSender = "hydra@localhost";
        useSubstitutes = true;
        minimumDiskFree = 30;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "home.opel-online.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@opel-online.de";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
        dnsResolver = "9.9.9.9:53";
      };
      certs = {
        "home.opel-online.de" = {
          domain = "*.home.opel-online.de";
          dnsProvider = "netcup";
          environmentFile = config.age.secrets."services/acme/opel-online".path;
          webroot = null;
        };
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = "http:// https://";
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
    age.secrets."services/acme/opel-online" = {
      file = ../../../secrets/services/acme/opel-online.age;
      owner = "acme";
    };
 }
--- a/modules/services/dmz/microvm.nix
+++ b/modules/services/dmz/microvm.nix
@@ -0,0 +1,131 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
            [( ./gitea_runner.nix )];
          networking = {
            hostName = "${name}";
            firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
            };
          };
          systemd.network = {
              enable = true;
              networks = {
                  "10-lan" = {
                      matchConfig.Name = "*";
                      networkConfig = {
                        DHCP = "yes";
                        IPv6AcceptRA = true;
                      };
                  };
              };
          };
          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
            uid = 2000;
            openssh.authorizedKeys.keys = [
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
            ];
          };
          services = {
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
              hostKeys = [
              {
                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
                  type = "ed25519";
              }
              {
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
              }];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
            systemPackages = with pkgs; [           # Default packages install system-wide
               bash
               coreutils
               curl
               gawk
               gitMinimal
               gnused
               nodejs
               wget
            ];
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/private"
              ];
              files = [
                "/etc/machine-id"
              ];
            };
          };
          microvm = {
            hypervisor = "cloud-hypervisor";
            vcpu = 4;
            mem = 4096;
            interfaces = [
            {
              type = "macvtap";
              id = "vm-${name}";
              mac = "04:00:00:00:00:01";
              macvtap = {
                  link = "ens18";
                  mode = "bridge";
              };
            } ];
             shares = [{
              source = "/nix/store";
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
            }
            {
              source = "/etc/vm-persist/${name}";
              mountPoint = "/persist";
              tag = "persist";
              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
          system.stateVersion = "23.05";
        };
      };
    };
  };
 }
--- a/modules/services/kabtopci/default.nix
+++ b/modules/services/kabtopci/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./microvm.nix
  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/kabtopci/gitea_runner.nix
+++ b/modules/services/kabtopci/gitea_runner.nix
@@ -0,0 +1,59 @@
 { lib, config, pkgs, ... }:
 {
    virtualisation = {
      podman ={
        enable = true;
        autoPrune.enable = true;
        dockerCompat = true;
      };
      containers.containersConf.settings = {
        # podman seems to not work with systemd-resolved
        containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
      };
    };
    services.gitea-actions-runner.instances = {
        cirunner = {
            enable = true;
            url = "https://git.kabtop.de";
            name = "CI Kabtop runner";
            tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
            labels = [ 
              "ci"
              "debian-latest:docker://node:18-bullseye"
              "ubuntu-latest:docker://node:16-bullseye"
              "ubuntu-22.04:docker://node:16-bullseye"
              "ubuntu-20.04:docker://node:16-bullseye"
              "ubuntu-18.04:docker://node:16-buster"
              "native:host"
            ];
            hostPackages = with pkgs; [
              bash
              coreutils
              curl
              gawk
              gitMinimal
              gnused
              nodejs
              wget
            ];
            settings = {
             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
               # the default network that also respects our dns server settings
              container.network = "host";
              container.privileged = false;
             # container.valid_volumes = [
             #   "/nix"
             #   "${storeDeps}/bin"
             #   "${storeDeps}/etc/ssl"
             # ];
            };
        };
    };
    age.secrets."services/gitea/cirunner-token" = {
      file = ../../../secrets/services/gitea/cirunner-token.age;
      owner = "gitea-runner";
    };
 }
--- a/modules/services/kabtopci/hydra.nix
+++ b/modules/services/kabtopci/hydra.nix
@@ -0,0 +1,82 @@
 { lib, config, pkgs, ... }:
 {
    services = {
      hydra = {
        enable = true;
        hydraURL = "https://hydra.ci.kabtop.de";
        listenHost = "127.0.0.1";
        notificationSender = "hydra@kabtop.de";
        useSubstitutes = true;
        minimumDiskFree = 8;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@kabtop.de";
        webroot = "/var/lib/acme/acme-challenge";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = [
 	  "github:"
 	  "https://github.com/"
  	  "git+ssh://github.com/"
  	];
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
 }
--- a/modules/services/kabtopci/microvm.nix
+++ b/modules/services/kabtopci/microvm.nix
@@ -0,0 +1,128 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
            [( ./gitea_runner.nix )];
          networking = {
            hostName = "${name}";
            firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
            };
          };
          systemd.network = {
              enable = true;
              networks = {
                  "10-lan" = {
                      matchConfig.Name = "*";
                      networkConfig = {
                        DHCP = "yes";
                        IPv6AcceptRA = true;
                      };
                  };
              };
          };
          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
            uid = 2000;
            openssh.authorizedKeys.keys = [
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
            ];
          };
          services = {
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
              hostKeys = [
              {
                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
                  type = "ed25519";
              }
              {
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
              }];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
            systemPackages = with pkgs; [           # Default packages install system-wide
               bash
               coreutils
               curl
               gawk
               gitMinimal
               gnused
               nodejs
               wget
            ];
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/private"
              ];
              files = [
                "/etc/machine-id"
              ];
            };
          };
          microvm = {
            hypervisor = "qemu";
            vcpu = 4;
            mem = 3096;
            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
              type = "user";
              id = "vm-${name}";
              mac = "04:00:00:00:00:02";
            } ];
             shares = [{
              source = "/nix/store";
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
            }
            {
              source = "/etc/vm-persist/${name}";
              mountPoint = "/persist";
              tag = "persist";
              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
          system.stateVersion = "23.05";
        };
      };
    };
  };
 }
--- a/modules/services/kanshi.nix
+++ b/modules/services/kanshi.nix
@@ -7,31 +7,34 @@
 {
    services.kanshi = {
        enable = true;
-        profiles = {
+        settings = [
-            undocked = {
+            {
 	      profile = {
 	        name = "undocked";
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                ];
-            };
+	      };
-            #docked_c = {
+            }
-            #    outputs = [
+	    {
-            #        { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
+	      profile = {
-            #        { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
+	        name = "docked_c";
            #    ];
            #};
            docked_c = {
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
-            };
+	      };
-            docked_triple = {
+            }
 	    {
 	      profile = {
 	        name = "docked_triple";
                outputs = [
                    { criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
                    { criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
-            };
+	      };
-        };
+            }
        ];
    };
 }
--- a/modules/services/keyring.nix
+++ b/modules/services/keyring.nix
@@ -0,0 +1,14 @@
 #
 # Screenshots
 #
 { pkgs, user, ... }:
 {
  services = {                                    # sxhkd shortcut = Printscreen button (Print)
    gnome-keyring = {
      enable = true;
    };
  };
  home.packages = with pkgs; [ gcr seahorse ];
 }
--- a/modules/services/kubemaster/default.nix
+++ b/modules/services/kubemaster/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./microvm.nix
 #  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/nas/default.nix
+++ b/modules/services/nas/default.nix
@@ -12,6 +12,9 @@
 [
  ./nfs.nix
  ./nginx.nix
  ./vaultwarden.nix
  ./syncthing.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/nas/nfs.nix
+++ b/modules/services/nas/nfs.nix
@@ -11,7 +11,7 @@
  };
  # open the firewall
  networking.firewall = {
-    interfaces.lo1 = {
+    interfaces.ens18 = {
      allowedTCPPorts = [ 2049 ];
    };
  };
--- a/modules/services/nas/nginx.nix
+++ b/modules/services/nas/nginx.nix
@@ -0,0 +1,53 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    virtualHosts = {
      "home.opel-online.de" = {
        enableACME = true;
        forceSSL = true;
        default = true;
        locations."/".return = "503";
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "webmaster@opel-online.de";
 #      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      dnsResolver = "9.9.9.9:53";
    };
    certs = {
      "home.opel-online.de" = {
        domain = "*.home.opel-online.de";
        dnsProvider = "netcup";
        environmentFile = config.age.secrets."services/acme/opel-online".path;
        webroot = null;
      };
    };
  };
  networking.firewall = {
    enable = true;
    allowedUDPPorts = [  ];
    allowedTCPPorts = [ 80 443 ];
  };
  age.secrets."services/acme/opel-online" = {
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/nas/syncthing.nix
+++ b/modules/services/nas/syncthing.nix
@@ -0,0 +1,53 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.syncthing = {
    enable = true;
    group = "users";
    user = "kabbone";
    dataDir = "/home/${config.services.syncthing.user}/Sync";
    configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
    overrideDevices = true;     # overrides any devices added or deleted through the WebUI
    overrideFolders = true;     # overrides any folders added or deleted through the WebUI
    openDefaultPorts = true;
    settings = {
      devices = {
        "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
        "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
      };
      folders = {
        "Sync" = {         # Name of folder in Syncthing, also the folder ID
          path = "/mnt/Mars/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
          devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ];      # Which devices to share the folder with
          ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
        };
      };
    };
  };
  services.nginx = {
    virtualHosts = {
      "syncthing.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/" = {
 	  recommendedProxySettings = false;
 	  proxyPass = "http://${toString config.services.syncthing.guiAddress}";
          extraConfig = ''
          proxy_set_header        Host localhost;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_set_header        X-Forwarded-Host $host;
          proxy_set_header        X-Forwarded-Server $host;
          '';
        };
      };
    };
  };
 }
--- a/modules/services/nas/vaultwarden.nix
+++ b/modules/services/nas/vaultwarden.nix
@@ -0,0 +1,38 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
    backupDir = "/var/backup/vaultwarden";
    environmentFile = config.age.secrets."services/vaultwarden/environment".path;
    config = {
      DOMAIN = "https://vault.home.opel-online.de";
      SIGNUPS_ALLOWED = false;
      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;
      ROCKET_LOG = "critical";
    };
  };
  services.nginx = {
    virtualHosts = {
      "vault.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
      };
    };
  };
  age.secrets."services/vaultwarden/environment" = {
      file = ../../../secrets/services/vaultwarden/environment.age;
      owner = "vaultwarden";
  };
 }
--- a/modules/services/nasbackup/default.nix
+++ b/modules/services/nasbackup/default.nix
@@ -0,0 +1,18 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./nfs.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/printer/cfgs/CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/CALIBRATION.cfg
@@ -0,0 +1,50 @@
 [gcode_macro PID_TEST_BED]
 gcode:
    # Parameters
    {% set TARGETTEMP = params.TEMP|default(70)|int %}
    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
    G28
    G90
    G1 X{max_x/2} Y{max_y/2} Z40 F6000
    PID_CALIBRATE HEATER=heater_bed TARGET={TARGETTEMP}
 [gcode_macro PID_TEST_HOTEND]
 gcode:
    # Parameters
    {% set TARGETTEMP = params.TEMP|default(245)|int %}
    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
    G28
    G90
    G1 X{max_x/2} Y{max_y/2} Z10 F6000
    M106 S64
    PID_CALIBRATE HEATER=extruder TARGET={TARGETTEMP}
    M107 ; Turn off print cooling fan
 # TODO test this
 [gcode_macro PID_TEST_ALL]
 gcode:
    PID_TEST_BED
    PID_TEST_HOTEND
    SAVE_CONFIG
 [gcode_macro DO_PROBE_CALIBRATE]
 gcode:
    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
    G28
    PROBE_CALIBRATE
 [gcode_macro DO_CREATE_MESH]
 gcode:
    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
    G28
    _BED_MESH_CALIBRATE
--- a/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
@@ -0,0 +1,110 @@
 ###############################################################################
 #  Source https://github.com/strayr/strayr-k-macros/blob/e0807570a66d28735cf05143b105ab4ea6d9798f/mechanical_level_tmc2209.cfg
 # 
 #  Mechanical Gantry Calibration
 #  
 #  Requires TMC2209 drivers with UART control, some tuning and perhaps 
 #  some printed endstops.
 #
 #  Based on on (depricated) M915 and now alternate G34 from Marlin
 #  I beleive Prusa use this, certainly there's older videos advising to just
 #  ram the gantry at full current into the the z-max stops.
 #
 #  It moves the gantry to the top of the travel, drops the current and then
 #  does a force move to force the steppers to stall against the physical end
 #  stops, transfering the level of the frame to the gantry. 
 #
 #  This is the only way to programatically level a multi-stepper single-driver 
 #  gantry. It may also help with a dual-driver gantry on a bed-slinger design
 #  or where the plane of the bed is less trustworthy than the frame.
 #
 #  It's particularly risky doing Z_TILT_ADJUST and SCREWS_TILT_CALCULATE
 #  without a mechanical reference as if one side of the gantry or bed is prone
 #  to droop, over time both bed and gantry will skew excessively but still read
 #  as level, so this can help transfer "level" from the frame to the gantry and
 #  then to the bed.
 #
 #  I don't recommend doing this in a START_PRINT, I call this if a 
 #  SCREWS_TILT_CALCULATE shows some drift, althoughon an Ender 3 type printer
 #  it's prudent to check the v-slot rollers for correct adjustment if drift is
 #  observed.
 #
 #  It's probably best to run this and then do SCREWS_TILT_CALCULATE
 #  until the bed is really level. IF you have dual Z steppers you can then
 #  use Z_TILT_ADJUST for subsequent leveling of the gantry but make sure you
 #  use the same points for gantry level as you use in SCREWS_TILT_CALCULATE
 #
 #  It may damage your printer if you do this at too high a current, or don't
 #  have proper endstops.
 #  
 #            HERE BE DRAGONS!
 #            YOU WERE WARNED!
 #
 #  Here's a video of this in action
 #  https://www.youtube.com/watch?v=aVdIeIIpUAk
 #  and the endstops for 2020 v-slot
 #  https://www.thingiverse.com/thing:4848479
 [gcode_macro MECHANICAL_GANTRY_CALIBRATION]
 gcode:
    ### SET THIS DEFAULT CARFULLY - start really low
    {% set my_current = params.CURRENT|default(0.20)|float %} ; adjust crash current on the fly :D
    ###
    {% set oldcurrent = printer.configfile.settings["tmc2209 stepper_z"].run_current %}
    {% set oldhold = printer.configfile.settings["tmc2209 stepper_z"].hold_current %} 
    {% set x_max = printer.toolhead.axis_maximum.x %} 
    {% set y_max = printer.toolhead.axis_maximum.y %} 
    {% set z_max = printer.toolhead.axis_maximum.z %} 
    {% set fast_move_z = printer.configfile.settings["printer"].max_z_velocity %}
    {% set fast_move = printer.configfile.settings["printer"].max_velocity %}
    M117 {printer.homed_axes}
    {% if printer.homed_axes != 'xyz' %}
        G28 ; Home All Axes
    {% endif %}
    G90 ; absolute
    G0 X{x_max / 2} Y{y_max / 2} F{fast_move * 30 } ;put toolhead in the center of the gantry
    G0 Z{z_max -5} F{fast_move_z * 60 } ; go to the Z-max - 5 at speed max z speed ; CHANGED
    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={my_current} ; drop current on Z stepper
    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={my_current} ; drop current
    {% endif %}
    CONDITIONAL_BEEP I=1
    G4 P200 ; Probably not necessary, it is here just for sure
    SET_KINEMATIC_POSITION Z={z_max - 25} ; Trick printer into beleiving the gantry is 25mm lower than it is ; CHANGED
    G1 Z{z_max} F{6 * 60} ; based on above figures, there will be 20mm worth of grinding ; CHANGED
    CONDITIONAL_BEEP I=2
    G4 P10000 ; wait 10 seconds
    G1 Z{z_max -6} F{6 * 60} ; move 4mm down
    CONDITIONAL_BEEP I=3
    G4 P200 ; same as the first one
    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={oldcurrent} HOLDCURRENT={oldhold}
    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={oldcurrent} HOLDCURRENT={oldhold} ; reset current
    {% endif %}
    G1 Z{z_max -30} F{6 * 60} ; move to 30mm below z-max to allow homing movement
    G4 P200 ; same as the first one
    G28 Z ; we MUST home again as the ganty is really in the wrong place.
 [gcode_macro G34]
 gcode:
    MECHANICAL_GANTRY_CALIBRATION
 [menu __main __setup __calib __mech_gantry_calibrate]
 type: command
 enable: {not printer.idle_timeout.state == "Printing"}
 name: G34 Gantry Level
 gcode:
    G34
 [force_move]
 enable_force_move: true ; enable FORCE_MOVE and SET_KINEMATIC_POSITION
--- a/modules/services/printer/cfgs/PARKING.cfg
+++ b/modules/services/printer/cfgs/PARKING.cfg
@@ -0,0 +1,54 @@
 # Park front center
 [gcode_macro PARKFRONT]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKFRONT
    G90                               ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z{printer.toolhead.axis_maximum.z/2} F6000        
    RESTORE_GCODE_STATE NAME=PARKFRONT
 # Park front center, but low down.
 [gcode_macro PARKFRONTLOW]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKFRONT
    G90                              ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z20 F6000                                     
    RESTORE_GCODE_STATE NAME=PARKFRONT
 # Park top rear left
 [gcode_macro PARKREAR]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKREAR
    G90                              ; absolute positioning
    G0 X{printer.toolhead.axis_minimum.x+10} Y{printer.toolhead.axis_maximum.y-10} Z{printer.toolhead.axis_maximum.z-50} F6000     
    RESTORE_GCODE_STATE NAME=PARKREAR
 # Park at center of build volume
 [gcode_macro PARKCENTER]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKCENTER
    G90                               ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z{printer.toolhead.axis_maximum.z/2} F6000    
    RESTORE_GCODE_STATE NAME=PARKCENTER
 # Park 15mm above center of bed
 [gcode_macro PARKBED]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKBED
    G90                                ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z15 F6000                                     
    RESTORE_GCODE_STATE NAME=PARKBED
--- a/modules/services/printer/cfgs/TEST_SPEED.cfg
+++ b/modules/services/printer/cfgs/TEST_SPEED.cfg
@@ -0,0 +1,124 @@
 [gcode_macro TEST_SPEED]
 # Home, get position, throw around toolhead, home again.
 # If MCU stepper positions (first line in GET_POSITION) are greater than a full step different (your number of microsteps), then skipping occured.
 # We only measure to a full step to accomodate for endstop variance.
 # Example: TEST_SPEED SPEED=300 ACCEL=5000 ITERATIONS=10
 description: Test for max speed and acceleration parameters for the printer. Procedure: Home -> ReadPositionFromMCU -> MovesToolhead@Vel&Accel -> Home -> ReadPositionfromMCU
 gcode:
    # Speed
    {% set speed  = params.SPEED|default(printer.configfile.settings.printer.max_velocity)|int %}
    # Iterations
    {% set iterations = params.ITERATIONS|default(5)|int %}
    # Acceleration
    {% set accel  = params.ACCEL|default(printer.configfile.settings.printer.max_accel)|int %}
    # Minimum Cruise Ratio
    {% set min_cruise_ratio = params.MIN_CRUISE_RATIO|default(0.5)|float %}
    # Bounding inset for large pattern (helps prevent slamming the toolhead into the sides after small skips, and helps to account for machines with imperfectly set dimensions)
    {% set bound = params.BOUND|default(20)|int %}
    # Size for small pattern box
    {% set smallpatternsize = SMALLPATTERNSIZE|default(20)|int %}
    # Large pattern
        # Max positions, inset by BOUND
        {% set x_min = printer.toolhead.axis_minimum.x + bound %}
        {% set x_max = printer.toolhead.axis_maximum.x - bound %}
        {% set y_min = printer.toolhead.axis_minimum.y + bound %}
        {% set y_max = printer.toolhead.axis_maximum.y - bound %}
    # Small pattern at center
        # Find X/Y center point
        {% set x_center = (printer.toolhead.axis_minimum.x|float + printer.toolhead.axis_maximum.x|float ) / 2 %}
        {% set y_center = (printer.toolhead.axis_minimum.y|float + printer.toolhead.axis_maximum.y|float ) / 2 %}
        # Set small pattern box around center point
        {% set x_center_min = x_center - (smallpatternsize/2) %}
        {% set x_center_max = x_center + (smallpatternsize/2) %}
        {% set y_center_min = y_center - (smallpatternsize/2) %}
        {% set y_center_max = y_center + (smallpatternsize/2) %}
    # Save current gcode state (absolute/relative, etc)
    SAVE_GCODE_STATE NAME=TEST_SPEED
    # Output parameters to g-code terminal
    { action_respond_info("TEST_SPEED: starting %d iterations at speed %d, accel %d" % (iterations, speed, accel)) }
    # Home and get position for comparison later:
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28
        # QGL if not already QGLd (only if QGL section exists in config)
        {% if printer.configfile.settings.quad_gantry_level %}
            {% if printer.quad_gantry_level.applied == False %}
                QUAD_GANTRY_LEVEL
                G28 Z
            {% endif %}
        {% endif %} 
        # Move 50mm away from max position and home again (to help with hall effect endstop accuracy - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/24)
        G90
        G1 X{printer.toolhead.axis_maximum.x-50} Y{printer.toolhead.axis_maximum.y-50} F{30*60}
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28 X Y
        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
        G4 P1000 
        GET_POSITION
    # Go to starting position
    G0 X{x_min} Y{y_min} Z{bound + 10} F{speed*60}
    # Set new limits
    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} MINIMUM_CRUISE_RATIO={min_cruise_ratio}
    {% else %}
        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} ACCEL_TO_DECEL={accel / 2}
    {% endif %}
    {% for i in range(iterations) %}
        # Large pattern diagonals
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_max} Y{y_max} F{speed*60}
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        G0 X{x_min} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        # Large pattern box
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_min} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        # Small pattern diagonals
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_max} Y{y_center_max} F{speed*60}
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
        G0 X{x_center_min} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
        # Small pattern box
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_min} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
    {% endfor %}
    # Restore max speed/accel/accel_to_decel to their configured values
    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} MINIMUM_CRUISE_RATIO={printer.configfile.settings.printer.minimum_cruise_ratio} 
    {% else %}
        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} ACCEL_TO_DECEL={printer.configfile.settings.printer.max_accel_to_decel}
    {% endif %}
    # Re-home and get position again for comparison:
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28 # This is a full G28 to fix an issue with CoreXZ - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/12
        # Go to XY home positions (in case your homing override leaves it elsewhere)
        G90
        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
        G4 P1000 
        GET_POSITION
    # Restore previous gcode state (absolute/relative, etc)
    RESTORE_GCODE_STATE NAME=TEST_SPEED
--- a/modules/services/printer/cfgs/adxl-direct.cfg
+++ b/modules/services/printer/cfgs/adxl-direct.cfg
@@ -0,0 +1,13 @@
 # Documentation https://www.klipper3d.org/Measuring_Resonances.html?h=adxl#configure-adxl345-with-rpi
 # Documentation https://www.klipper3d.org/RPi_microcontroller.html
 [mcu rpi]
 serial: /tmp/klipper_host_mcu
 [adxl345]
 cs_pin: rpi:None
 [resonance_tester]
 accel_chip: adxl345
 probe_points: 111.5, 111.5, 20
 max_smoothing: 0.13
--- a/modules/services/printer/cfgs/adxl-rp2040.cfg
+++ b/modules/services/printer/cfgs/adxl-rp2040.cfg
@@ -0,0 +1,29 @@
 #####################################################################
 #   Find my instructions here: 
 #   https://github.com/bassamanator/rp2040-zero-adxl345-klipper
 #   ADXL345 related Settings 
 #   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
 #####################################################################
 [mcu RP2040]
 baud: 115200 # 250000
 restart_method: command
 # Obtain definition by "ls -l /dev/serial/by-id/"
 serial: /dev/serial/by-id/usb-Klipper_rp2040_E6614C311B773B36-if00
 [adxl345]
 cs_pin: RP2040:gpio1
 spi_bus: spi0a
 axes_map: x,z,y
 [resonance_tester]
 accel_chip: adxl345
 probe_points: 111.5, 111.5, 20
 [output_pin power_mode] # Improve power stability
 pin: RP2040:gpio23
 [gcode_macro ADX]
 description: Shortcut to ACCELEROMETER_QUERY
 gcode:
    ACCELEROMETER_QUERY
--- a/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
+++ b/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
@@ -0,0 +1,43 @@
 #####################################################################
 #   Config that supports a print head and a bed sensor at the same time
 #   This requires a Raspberry Pi Pico.
 #   Instructions: https://klipper.discourse.group/t/raspberry-pi-pico-adxl345-portable-resonance-measurement/1757/9
 #   TLDR Instructions: The two sensors should use the spi0a (GPIO 0-3) and spi1a (GPIO 9-12) buses, respectively.
 #
 #   Recommended mounts: 
 #   https://www.printables.com/model/385334-sovol-sv06-adxl345-mount-printhead-and-bed
 #
 #   ADXL345 related Settings 
 #   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
 #####################################################################
 [mcu RP2040]
 baud: 115200
 restart_method: command
 # Obtain definition by "ls -l /dev/serial/by-id/"
 serial: /dev/serial/by-id/usb-Klipper_rp2040_E66138935F154C28-if00
 [adxl345 head]
 cs_pin: RP2040:gpio1
 spi_bus: spi0a
 # update axes_map if your sensor is oriented differently. Note the print on your sensor.
 # -y, -z, x means that
 #  - the x axis of your printer corresponds to the sensor's negative y axis
 #  - the y axis of your printer corresponds to the sensor's negative z axis
 #  - the z axis of your printer corresponds to the sensor's x axis
 axes_map: -y, -z, x
 [adxl345 bed]
 cs_pin: RP2040:gpio9
 spi_bus: spi1a
 [resonance_tester]
 accel_chip_x: adxl345 head
 accel_chip_y: adxl345 bed
 probe_points: 111.5, 111.5, 20
 [gcode_macro ADX]
 description: Shortcut to ACCELEROMETER_QUERY for both sensors
 gcode:
    ACCELEROMETER_QUERY CHIP=head
    ACCELEROMETER_QUERY CHIP=bed
--- a/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
+++ b/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
@@ -0,0 +1,120 @@
 # # # Klipper Adaptive Meshing # # #
 # Heads up! If you have any other BED_MESH_CALIBRATE macros defined elsewhere in your config, you will need to comment out / remove them for this to work. (Klicky/Euclid Probe)
 # You will also need to be sure that [exclude_object] is defined in printer.cfg, and your slicer is labeling objects.
 # This macro will parse information from objects in your gcode to define a min and max mesh area to probe, creating an adaptive mesh!
 # This macro will not increase probe_count values in your [bed_mesh] config. If you want richer meshes, be sure to increase probe_count. We recommend at least 5,5.
 [gcode_macro BED_MESH_CALIBRATE]
 rename_existing: _BED_MESH_CALIBRATE
 gcode:
    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}                                # Gather all object points
    {% set bed_mesh_min = printer.configfile.settings.bed_mesh.mesh_min %}                                                          # Get bed mesh min from printer.cfg
    {% set bed_mesh_max = printer.configfile.settings.bed_mesh.mesh_max %}                                                          # Get bed mesh max from printer.cfg
    {% set probe_count = printer.configfile.settings.bed_mesh.probe_count %}                                                        # Get probe count from printer.cfg
    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}                                                                 # Pull variables from _KAMP_Settings
    {% set verbose_enable = kamp_settings.verbose_enable | abs %}                                                                   # Pull verbose setting from _KAMP_Settings
    {% set probe_dock_enable = kamp_settings.probe_dock_enable | abs %}                                                             # Pull probe dockable probe settings from _KAMP_Settings
    {% set attach_macro = kamp_settings.attach_macro | string %}                                                                    # Pull attach probe command from _KAMP_Settings
    {% set detach_macro = kamp_settings.detach_macro | string %}                                                                    # Pull detach probe command from _KAMP_Settings
    {% set mesh_margin = kamp_settings.mesh_margin | float %}                                                                       # Pull mesh margin setting from _KAMP_Settings
    {% set fuzz_amount = kamp_settings.fuzz_amount | float %}                                                                       # Pull fuzz amount setting from _KAMP_Settings
    {% set probe_count = probe_count if probe_count|length > 1 else probe_count * 2  %}                                             # If probe count is only a single number, convert it to 2. E.g. probe_count:7 = 7,7
    {% set max_probe_point_distance_x = ( bed_mesh_max[0] - bed_mesh_min[0] ) / (probe_count[0] - 1)  %}                            # Determine max probe point distance
    {% set max_probe_point_distance_y = ( bed_mesh_max[1] - bed_mesh_min[1] ) / (probe_count[1] - 1)  %}                            # Determine max probe point distance
    {% set x_min = all_points | map(attribute=0) | min | default(bed_mesh_min[0]) %}                                                # Set x_min from smallest object x point
    {% set y_min = all_points | map(attribute=1) | min | default(bed_mesh_min[1]) %}                                                # Set y_min from smallest object y point
    {% set x_max = all_points | map(attribute=0) | max | default(bed_mesh_max[0]) %}                                                # Set x_max from largest object x point
    {% set y_max = all_points | map(attribute=1) | max | default(bed_mesh_max[1]) %}                                                # Set y_max from largest object y point
    {% set fuzz_range = range((0) | int, (fuzz_amount * 100) | int + 1) %}                                                          # Set fuzz_range between 0 and fuzz_amount
    {% set adapted_x_min = x_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt x_min to margin and fuzz constraints
    {% set adapted_y_min = y_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt y_min to margin and fuzz constraints
    {% set adapted_x_max = x_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt x_max to margin and fuzz constraints
    {% set adapted_y_max = y_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt y_max to margin and fuzz constraints
    {% set adapted_x_min = [adapted_x_min , bed_mesh_min[0]] | max %}                                                               # Compare adjustments to defaults and choose max
    {% set adapted_y_min = [adapted_y_min , bed_mesh_min[1]] | max %}                                                               # Compare adjustments to defaults and choose max
    {% set adapted_x_max = [adapted_x_max , bed_mesh_max[0]] | min %}                                                               # Compare adjustments to defaults and choose min
    {% set adapted_y_max = [adapted_y_max , bed_mesh_max[1]] | min %}                                                               # Compare adjustments to defaults and choose min
    {% set points_x = (((adapted_x_max - adapted_x_min) / max_probe_point_distance_x) | round(method='ceil') | int) + 1 %}          # Define probe_count's x point count and round up
    {% set points_y = (((adapted_y_max - adapted_y_min) / max_probe_point_distance_y) | round(method='ceil') | int) + 1 %}          # Define probe_count's y point count and round up
    {% if (([points_x, points_y]|max) > 6) %}                                                                                       # 
        {% set algorithm = "bicubic" %}                                                                                             # 
        {% set min_points = 4 %}                                                                                                    # 
    {% else %}                                                                                                                      # Calculate if algorithm should be bicubic or lagrange
        {% set algorithm = "lagrange" %}                                                                                            # 
        {% set min_points = 3 %}                                                                                                    # 
    {% endif %}                                                                                                                     # 
    {% set points_x = [points_x , min_points]|max %}                                                                                # Set probe_count's x points to fit the calculated algorithm
    {% set points_y = [points_y , min_points]|max %}                                                                                # Set probe_count's y points to fit the calculated algorithm
    {% set points_x = [points_x , probe_count[0]]|min %}
    {% set points_y = [points_y , probe_count[1]]|min %}
    {% if verbose_enable == True %}                                                                                                 # If verbose is enabled, print information about KAMP's calculations
        {% if printer.exclude_object.objects != [] %}
            { action_respond_info( "Algorithm: {}.".format(                                                                              
                (algorithm),                                                                                                            
            )) }
            { action_respond_info("Default probe count: {},{}.".format(                                                                  
                (probe_count[0]),                                                                                                       
                (probe_count[1]),                                                                                                       
            )) }
            { action_respond_info("Adapted probe count: {},{}.".format(                                                                  
                (points_x),                                                                                                             
                (points_y),                                                                                                             
            )) }                                                                                                              
            {action_respond_info("Default mesh bounds: {}, {}.".format(                                                                  
                (bed_mesh_min[0],bed_mesh_min[1]),                                                                                      
                (bed_mesh_max[0],bed_mesh_max[1]),                                                                                      
            )) }
            {% if mesh_margin > 0 %}                                                                                                    
                {action_respond_info("Mesh margin is {}, mesh bounds extended by {}mm.".format(                                       
                    (mesh_margin),                                                                                                      
                    (mesh_margin),                                                                                       
                )) }                                                                                                                    
            {% else %}                                                                                                                  
                {action_respond_info("Mesh margin is 0, margin not increased.")}                                                        
            {% endif %}                                                                                                                 
            {% if fuzz_amount > 0 %}                                                                                                    
                {action_respond_info("Mesh point fuzzing enabled, points fuzzed up to {}mm.".format(                                     
                    (fuzz_amount),                                                                                                      
                )) }                                                                                                                    
            {% else %}                                                                                                                  
                {action_respond_info("Fuzz amount is 0, mesh points not fuzzed.")}                                                      
            {% endif %}                                                                                                                 
            { action_respond_info("Adapted mesh bounds: {}, {}.".format(                                                                 
                (adapted_x_min, adapted_y_min),                                                                                         
                (adapted_x_max, adapted_y_max),                                                                                         
            )) }
            {action_respond_info("KAMP adjustments successful. Happy KAMPing!")}
        {% else %}
            {action_respond_info("No objects detected! Check your gcode and make sure that EXCLUDE_OBJECT_DEFINE is happening before BED_MESH_CALIBRATE is called. Defaulting to regular meshing.")}
            G4 P5000                                                                                                                # Wait 5 seconds to make error more visible
        {% endif %}
    {% endif %}
    {% if probe_dock_enable == True %}
        {attach_macro}                                                                                                              # Attach/deploy a probe if the probe is stored somewhere outside of the print area
    {% endif %}
    _BED_MESH_CALIBRATE mesh_min={adapted_x_min},{adapted_y_min} mesh_max={adapted_x_max},{adapted_y_max} ALGORITHM={algorithm} PROBE_COUNT={points_x},{points_y}
    {% if probe_dock_enable == True %}
        {detach_macro}                                                                                                              # Detach/stow a probe if the probe is stored somewhere outside of the print area
    {% endif %}                                                                                                                     # End of verbose
--- a/Show More
+++ b/Show More