minor cleanups

jupiter: fix nix cache proxy
lifebook: add missing user arg
2026-04-25 20:29:42 +02:00 · 2026-04-25 20:29:29 +02:00 · 2026-04-25 18:46:04 +02:00 · 2026-04-25 18:38:13 +02:00 · 2026-04-25 18:32:06 +02:00 · 2026-04-25 18:21:00 +02:00
173 changed files with 7634 additions and 3469 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,3 @@
 *.jpg filter=lfs diff=lfs merge=lfs -text
 *.svg filter=lfs diff=lfs merge=lfs -text
 *.png filter=lfs diff=lfs merge=lfs -text
--- a/disko/btrfs.nix
+++ b/disko/btrfs.nix
@@ -13,7 +13,7 @@
              content = {
                type = "filesystem";
                format = "vfat";
-                extraArgs = [ "-n NIXBOOT" ];
+                extraArgs = [ "-n" "NIXBOOT" ];
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
@@ -24,7 +24,7 @@
              size = "100%";
              content = {
                type = "btrfs";
-                extraArgs = [ "-f -L NIXROOT" ];
+                extraArgs = [ "-f" "-L" "NIXROOT" ];
                subvolumes = {
                  "@" = {
                    mountpoint = "/";
--- a/disko/btrfs_luks.nix
+++ b/disko/btrfs_luks.nix
@@ -47,6 +47,10 @@
                      mountpoint = "/nix";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@opt" = {
                      mountpoint = "/opt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
                    };
                    "@snapshots" = {
                      mountpoint = "/mnt";
                      mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
--- a/disko/mount.sh
+++ b/disko/mount.sh
@@ -0,0 +1,11 @@
 #!/usr/bin/env bash
 disk="/dev/vda"
 mountpoint="/mnt"
 mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
 mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
 mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
 mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
 mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
 mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1715290355,
+        "lastModified": 1770165109,
-        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
        "type": "github"
      },
      "original": {
@@ -24,18 +24,12 @@
      }
    },
    "crane": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1711299236,
+        "lastModified": 1776635034,
-        "narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
+        "narHash": "sha256-OEOJrT3ZfwbChzODfIH4GzlNTtOFuZFWPtW7jIeR8xU=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "880573f80d09e18a11713f402b9e6172a085449f",
+        "rev": "dc7496d8ea6e526b1254b55d09b966e94673750f",
        "type": "github"
      },
      "original": {
@@ -52,11 +46,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700795494,
+        "lastModified": 1744478979,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
@@ -66,212 +60,27 @@
        "type": "github"
      }
    },
    "devshell": {
      "inputs": {
        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1713532798,
        "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1767039857,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
-        "owner": "edolstra",
+        "owner": "NixOS",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
        "type": "github"
      },
      "original": {
-        "owner": "edolstra",
+        "owner": "NixOS",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_2": {
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "revCount": 57,
        "type": "tarball",
        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
      }
    },
    "flake-compat_3": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709336216,
        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715865404,
        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-root": {
      "locked": {
        "lastModified": 1713493429,
        "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
        "owner": "srid",
        "repo": "flake-root",
        "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
        "type": "github"
      },
      "original": {
        "owner": "srid",
        "repo": "flake-root",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1705309234,
        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
-          "pre-commit-hooks-nix",
+          "pre-commit",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "gitignore_2": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "pre-commit-hooks",
          "nixpkgs"
        ]
      },
@@ -297,11 +106,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703113217,
+        "lastModified": 1745494811,
-        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
@@ -317,11 +126,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715930644,
+        "lastModified": 1777086106,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "narHash": "sha256-hlNpIN18pw3xo34Lsrp6vAMUPn0aB/zFBqL0QXI1Pmk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "5826802354a74af18540aef0b01bc1320f82cc17",
        "type": "github"
      },
      "original": {
@@ -337,16 +146,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1715381426,
+        "lastModified": 1775425411,
-        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
+        "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
+        "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.11",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@@ -354,16 +163,16 @@
    "home-manager_3": {
      "inputs": {
        "nixpkgs": [
-          "nixvim",
+          "impermanence",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1715930644,
+        "lastModified": 1768598210,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
        "type": "github"
      },
      "original": {
@@ -373,12 +182,16 @@
      }
    },
    "impermanence": {
      "inputs": {
        "home-manager": "home-manager_3",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1708968331,
+        "lastModified": 1769548169,
-        "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
+        "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
+        "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
        "type": "github"
      },
      "original": {
@@ -395,11 +208,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716107076,
+        "lastModified": 1776962372,
-        "narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
+        "narHash": "sha256-Y2imW4kyIhupx8myNSeNCzDbEx2X+h+AmhNjWXA/7Yw=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
+        "rev": "ee3a1184a978e311194a2d3d352c5e6aba67a4b5",
        "type": "github"
      },
      "original": {
@@ -411,21 +224,18 @@
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
+        "pre-commit": "pre-commit",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1713369831,
+        "lastModified": 1776797459,
-        "narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
+        "narHash": "sha256-utv296Xwk0PwjONe9dsyKx+9Z5xAB70aAsMI//aakpg=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
+        "rev": "4eda91dd5abd2157a2c7bfb33142fc64da668b0a",
        "type": "github"
      },
      "original": {
@@ -437,47 +247,25 @@
    },
    "microvm": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1715787097,
+        "lastModified": 1776340739,
-        "narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
+        "narHash": "sha256-s4FDictJlPtY6Shd6scG5hgrDMiHth09+svtvTA5NLA=",
-        "owner": "astro",
+        "owner": "microvm-nix",
        "repo": "microvm.nix",
-        "rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
+        "rev": "2f2f62fdfdca2750e3399f66bd03986ab967e5ca",
        "type": "github"
      },
      "original": {
-        "owner": "astro",
+        "owner": "microvm-nix",
        "repo": "microvm.nix",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715901937,
        "narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
@@ -486,11 +274,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690328911,
+        "lastModified": 1729697500,
-        "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
        "owner": "zhaofengli",
        "repo": "nix-github-actions",
-        "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
        "type": "github"
      },
      "original": {
@@ -502,11 +290,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1716034089,
+        "lastModified": 1776983936,
-        "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
+        "narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
+        "rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
        "type": "github"
      },
      "original": {
@@ -518,43 +306,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1716061101,
+        "lastModified": 1768564909,
-        "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1710695816,
        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1715961556,
        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
        "type": "github"
      },
      "original": {
@@ -564,84 +320,97 @@
        "type": "github"
      }
    },
-    "nixvim": {
+    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1776877367,
        "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1776734388,
        "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "noctalia": {
      "inputs": {
        "devshell": "devshell",
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_2",
        "flake-root": "flake-root",
        "home-manager": "home-manager_3",
        "nix-darwin": "nix-darwin",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ],
-        "pre-commit-hooks": "pre-commit-hooks",
+        "noctalia-qs": "noctalia-qs"
      },
      "locked": {
        "lastModified": 1777079905,
        "narHash": "sha256-TvYEXwkZnRFQRuFyyqTNSfPnU2tMdhtiBOXSk2AWLJA=",
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
        "rev": "a50c92167c8d438000270f7eca36f6eea74f388e",
        "type": "github"
      },
      "original": {
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
        "type": "github"
      }
    },
    "noctalia-qs": {
      "inputs": {
        "nixpkgs": [
          "noctalia",
          "nixpkgs"
        ],
        "systems": "systems_2",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1716125991,
+        "lastModified": 1776585574,
-        "narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
+        "narHash": "sha256-j35EWhKoGhKrfcXcAOpoRVgXEPQt41Eukji/h59cnjk=",
-        "owner": "nix-community",
+        "owner": "noctalia-dev",
-        "repo": "nixvim",
+        "repo": "noctalia-qs",
-        "rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
+        "rev": "75d180c28a9ab4470e980f3d6f706ad6c5213add",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "noctalia-dev",
-        "repo": "nixvim",
+        "repo": "noctalia-qs",
        "type": "github"
      }
    },
-    "pre-commit-hooks": {
+    "pre-commit": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
        ],
        "nixpkgs-stable": [
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1715870890,
        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "flake-utils": [
          "lanzaboote",
          "flake-utils"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
-        ],
+        ]
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1710923068,
+        "lastModified": 1775585728,
-        "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
+        "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
+        "rev": "580633fa3fe5fc0379905986543fd7495481913d",
        "type": "github"
      },
      "original": {
@@ -660,28 +429,24 @@
        "lanzaboote": "lanzaboote",
        "microvm": "microvm",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nixvim": "nixvim"
+        "noctalia": "noctalia"
      }
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "lanzaboote",
          "flake-utils"
        ],
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1711246447,
+        "lastModified": 1776741231,
-        "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
+        "narHash": "sha256-k9G98qzn+7npROUaks8VqCFm7cFtEG8ulQLBBo5lItg=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
+        "rev": "02061303f7c4c964f7b4584dabd9e985b4cd442b",
        "type": "github"
      },
      "original": {
@@ -693,11 +458,11 @@
    "spectrum": {
      "flake": false,
      "locked": {
-        "lastModified": 1708358594,
+        "lastModified": 1772189877,
-        "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
+        "narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
        "ref": "refs/heads/main",
-        "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
+        "rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
-        "revCount": 614,
+        "revCount": 1255,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
@@ -723,62 +488,33 @@
    },
    "systems_2": {
      "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347949,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
-          "nixvim",
+          "noctalia",
          "noctalia-qs",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1715940852,
+        "lastModified": 1775636079,
-        "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -7,23 +7,22 @@
 #   │   └─ default.nix
 {
-  description = "Kabbone's peronal NixOS Flake config";
+  description = "Kabbone's personal NixOS Flake config";
-  inputs =                                                                  # All flake references used to build my NixOS setup. These are dependencies.
+  inputs = {
    {
      nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";                  # Nix Packages
-      nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+      nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
      nixos-hardware.url = "github:NixOS/nixos-hardware/master";
      microvm = {
-        url = "github:astro/microvm.nix";
+        url = "github:microvm-nix/microvm.nix";
        inputs.nixpkgs.follows = "nixpkgs";
      };
      impermanence.url = "github:nix-community/impermanence";
      home-manager = {                                                      # User Package Management
-        url = "github:nix-community/home-manager/release-23.11";
+        url = "github:nix-community/home-manager/release-25.11";
        inputs.nixpkgs.follows = "nixpkgs";
      };
@@ -38,37 +37,76 @@
      };
      jovian-nixos = {
-          url = "github:Jovian-Experiments/Jovian-NixOS";
+        url = "github:Jovian-Experiments/Jovian-NixOS";
-          inputs.nixpkgs.follows = "nixpkgs-unstable";
+        inputs.nixpkgs.follows = "nixpkgs-unstable";
      };
      lanzaboote = {
-          url = "github:nix-community/lanzaboote/master";
+        url = "github:nix-community/lanzaboote/master";
-          inputs.nixpkgs.follows = "nixpkgs";
+        inputs.nixpkgs.follows = "nixpkgs";
-       };
+      };
-       nixvim = {
+      noctalia = {
-           url = "github:nix-community/nixvim";
+        url = "github:noctalia-dev/noctalia-shell";
-           inputs.nixpkgs.follows = "nixpkgs-unstable";
+        inputs.nixpkgs.follows = "nixpkgs";
-       };
+      };
  };
  outputs = {
    self,
    nixpkgs,
    nixpkgs-unstable,
    nixos-hardware,
    home-manager,
    home-manager-unstable,
    agenix,
    jovian-nixos,
    microvm,
    impermanence,
    lanzaboote,
    noctalia,
    ...
  } @ inputs:
  let
    systems = [
 #      "aarch64-linux"
      "x86_64-linux"
    ];
    forAllSystems = nixpkgs.lib.genAttrs systems;
  in {
    # Your custom packages
    # Accessible through 'nix build', 'nix shell', etc
    packages = forAllSystems (system: import ./packages { pkgs = nixpkgs.legacyPackages.${system}; });
    # Formatter for your nix files, available through 'nix fmt'
    # Other options beside 'alejandra' include 'nixpkgs-fmt'
    formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
    # Your custom packages and modifications, exported as overlays
    overlays = import ./overlays {inherit inputs;};
    # Reusable nixos modules you might want to export
    # These are usually stuff you would upstream into nixpkgs
    #nixosModules = import ./modules/kabbone;
    # Reusable home-manager modules you might want to export
    # These are usually stuff you would upstream into home-manager
    #homeManagerModules = import ./modules/home-manager;
    nixosConfigurations = (                                               # NixOS configurations
      import ./hosts {                                                    # Imports ./hosts/default.nix
        inherit (nixpkgs) lib;
        inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote;   # Also inherit home-manager so it does not need to be defined here.
      }
    );
    hydraJobs = {
      "steamdeck" = self.nixosConfigurations.steamdeck.config.system.build.toplevel;
      "hades" = self.nixosConfigurations.hades.config.system.build.toplevel;
      "nasbak" = self.nixosConfigurations.nasbak.config.system.build.toplevel;
      "jupiter" = self.nixosConfigurations.jupiter.config.system.build.toplevel;
      "lifebook" = self.nixosConfigurations.lifebook.config.system.build.toplevel;
      "kabtop" = self.nixosConfigurations.kabtop.config.system.build.toplevel;
      "dmz" = self.nixosConfigurations.dmz.config.system.build.toplevel;
    };
-
+  };
  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:   # Function that tells my flake which to use and what do what to do with the dependencies.
    let                                                                     # Variables that can be used in the config files
      user = "kabbone";
      userdmz = "diablo";
      userserver = "mephisto";
      location = "$HOME/.setup";
    in                                                                      # Use above variables in ...
    {
      nixosConfigurations = (                                               # NixOS configurations
        import ./hosts {                                                    # Imports ./hosts/default.nix
          inherit (nixpkgs) lib;
          inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim;   # Also inherit home-manager so it does not need to be defined here.
          nix.allowedUsers = [ "@wheel" ];
          security.sudo.execWheelOnly = true;
        }
      );
    };
 }
--- a/hosts/configuration_common.nix
+++ b/hosts/configuration_common.nix
@@ -0,0 +1,126 @@
 #
 #  Common configuration shared by all hosts (desktop and server).
 #  Imported by configuration_desktop.nix and configuration_server.nix.
 #
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 {
  imports = [
    ../modules/hardware/hydraCache.nix
  ];
  users.users.${user} = {
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };
  time.timeZone = "Europe/Berlin";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_TIME = "de_DE.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
    };
  };
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  fonts.packages = with pkgs; [
    carlito
    vegur
    source-code-pro
    font-awesome
    hack-font
    corefonts
    intel-one-mono
    cascadia-code
  ];
  environment = {
    variables = {
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
    systemPackages = with pkgs; [
      vim
      git
      killall
      pciutils
      usbutils
      wget
      bind
      dig
      agenix.packages.${pkgs.system}.default
      cryptsetup
      powerline
      powerline-fonts
      powerline-symbols
      tree
      direnv
      linuxPackages_latest.cpupower
      btop
    ];
  };
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };
  programs.zsh.enable = true;
  nix = {
    settings = {
      auto-optimise-store = true;
      allowed-users = [ "@wheel" ];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
  security = {
    sudo.execWheelOnly = true;
    pki.certificateFiles = [
      ./rootCA.pem
    ];
  };
  system = {
    stateVersion = "23.05";
    autoUpgrade = {
      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
      randomizedDelaySec = "5m";
      allowReboot = true;
      rebootWindow = {
        lower = "02:00";
        upper = "05:00";
      };
    };
  };
 }
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -1,200 +0,0 @@
 #
 #  Main system configuration. More information available in configuration.nix(5) man page.
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ configuration.nix *
 #   └─ ./modules
 #       └─ ./editors
 #           └─ ./nvim
 #               └─ default.nix
 #
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 {
  imports =                                 # Import window or display manager.
    [
      #../modules/editors/nvim              # ! Comment this out on first install !
    ];
  users.users.${user} = {                   # System User
    isNormalUser = true;
    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
    shell = pkgs.zsh;                       # Default shell
    uid = 2000;
 #    initialPassword = "password95";
    openssh.authorizedKeys.keys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };
  time.timeZone = "Europe/Berlin";        # Time zone and internationalisation
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {                 # Extra locale settings that need to be overwritten
      LC_TIME = "de_DE.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
    };
  };
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";	                    # or us/azerty/etc
  };
  security = {
    rtkit.enable = true;
    pki.certificateFiles = [
      ./rootCA.pem
    ];
    #tpm2 = {
    #    enable = true;
    #    pkcs11.enable = true;
    #    tctiEnvironment.enable = true;
    #  };
  };
  sound = {                                 # ALSA sound enable
    #enable = true;
    mediaKeys = {                           # Keyboard Media Keys (for minimal desktop) enable = true;
      enable = true;
    };
  };
  fonts.packages = with pkgs; [                # Fonts
    carlito                                 # NixOS
    vegur                                   # NixOS
    source-code-pro
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
    intel-one-mono
    cascadia-code
    (nerdfonts.override {                   # Nerdfont Icons override
      fonts = [
        "FiraCode"
      ];
    })
  ];
  environment = {
    variables = {
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
    systemPackages = with pkgs; [           # Default packages install system-wide
      vim
      git
      killall
      pciutils
      usbutils
      wget
      powertop
      cpufrequtils
      lm_sensors
      libva-utils
      at-spi2-core
      bind
      dig
      qmk-udev-rules
      gptfdisk
      agenix.packages.x86_64-linux.default
      age-plugin-yubikey
      pwgen
      cryptsetup
      powerline
      powerline-fonts
      powerline-symbols
      tree
      direnv
      linuxPackages_latest.cpupower
      btop
      sbctl
    ];
  };
  services = {
    pipewire = {                            # Sound
      enable = true;
      alsa = {
        enable = true;
      #  support32Bit = true;
      };
      pulse.enable = true;
      wireplumber.enable = true;
    };
    openssh = {                             # SSH: secure shell (remote connection to shell of server)
      enable = true;                        # local: $ ssh <user>@<ip>
                                            # public:
                                            #   - port forward 22 TCP to server
                                            #   - in case you want to use the domain name insted of the ip:
                                            #       - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
                                            #   - connect via ssh <user>@<ip or ssh.domain>
                                            # generating a key:
                                            #   - $ ssh-keygen   |  ssh-copy-id <ip/domain>  |  ssh-add
                                            #   - if ssh-add does not work: $ eval `ssh-agent -s`
 #      allowSFTP = true;                     # SFTP: secure file transfer protocol (send file to server)
                                            # connect: $ sftp <user>@<ip/domain>
                                            # commands:
                                            #   - lpwd & pwd = print (local) parent working directory
                                            #   - put/get <filename> = send or receive file
 #      extraConfig = ''
 #        HostKeyAlgorithms +ssh-rsa
 #      '';                                   # Temporary extra config so ssh will work in guacamole
      settings.PasswordAuthentication = false;
    };
    pcscd.enable = true;
    yubikey-agent.enable = true;
    udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
                                            # List:
                                            # com.obsproject.Studio
                                            # com.parsecgaming.parsec
                                            # com.usebottles.bottles
    gvfs.enable = true;
    fwupd.enable = true;
  };
  #xdg.portal = {                            # Required for flatpak
  #  enable = true;
  #  extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  #};
  nix = {                                   # Nix Package Manager settings
    settings ={
      auto-optimise-store = true;           # Optimise syslinks
    };
    gc = {                                  # Automatic garbage collection
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
  system = {                                # NixOS settings
    autoUpgrade = {                         # Allow auto update
      enable = true;
      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
      randomizedDelaySec = "5m";
      allowReboot = true;
      rebootWindow = {
          lower = "02:00";
          upper = "05:00";
      };
      #channel = "https://nixos.org/channels/nixos-unstable";
    };
    stateVersion = "23.05";
  };
 }
--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@@ -1,149 +1,38 @@
 #
-#  Main system configuration. More information available in configuration.nix(5) man page.
+#  Server configuration. Imports configuration_common.nix for shared settings.
-#
+#  Service modules are imported per-host.
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ configuration.nix *
 #   └─ ./modules
 #       └─ ./editors
 #           └─ ./nvim
 #               └─ default.nix
 #
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 {
  imports = [
    ./configuration_common.nix
  ];
-
+  users.users.${user} = {
  imports =                                 # Import window or display manager.
    [
     #../modules/editors/nvim              # ! Comment this out on first install !
    ];
  users.users.${user} = {                   # System User
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ];
    shell = pkgs.zsh;                       # Default shell
    uid = 3000;
-#    initialPassword = "password95";
+    extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ];
    openssh.authorizedKeys.keys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };
  security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.
  time.timeZone = "Europe/Berlin";        # Time zone and internationalisation
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {                 # Extra locale settings that need to be overwritten
      LC_TIME = "de_DE.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
    };
  };
-  console = {
+  security.sudo.wheelNeedsPassword = true;
    font = "Lat2-Terminus16";
    keyMap = "us";	                    # or us/azerty/etc
  };
-  security.rtkit.enable = true;
+  environment.systemPackages = with pkgs; [
-  security.pki.certificateFiles = [
+    ffmpeg
-      ./rootCA.pem
+    smartmontools
    htop
  ];
-  fonts.packages = with pkgs; [                # Fonts
+  services.openssh = {
-    carlito                                 # NixOS
+    ports = [ 2220 ];
-    vegur                                   # NixOS
+    openFirewall = true;
    source-code-pro
    cascadia-code
    font-awesome                            # Icons
    hack-font
    corefonts                               # MS
    (nerdfonts.override {                   # Nerdfont Icons override
      fonts = [
        "FiraCode"
      ];
    })
  ];
  environment = {
    variables = {
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
    };
    systemPackages = with pkgs; [           # Default packages install system-wide
      vim
      git
      killall
      pciutils
      usbutils
      wget
      powertop
      cpufrequtils
      lm_sensors
      bind
      dig
      agenix.packages.x86_64-linux.default
      ffmpeg
      smartmontools
      powerline
      powerline-fonts
      powerline-symbols
      tree
      btop
      htop
      direnv
    ];
  };
-  services = {
+  nix.extraOptions = ''
-    openssh = {                             # SSH: secure shell (remote connection to shell of server)
+    keep-outputs          = true
-      enable = true;                        # local: $ ssh <user>@<ip>
+    keep-derivations      = true
-      settings = {
+  '';
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
      ports = [ 2220 ];
      openFirewall = true;
    };
-    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
+  system.autoUpgrade.enable = true;
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
  };
  nix = {                                   # Nix Package Manager settings
    settings ={
      auto-optimise-store = true;           # Optimise syslinks
    };
    gc = {                                  # Automatic garbage collection
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;               # Enable nixFlakes on system
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs          = true
      keep-derivations      = true
    '';
  };
  nixpkgs.config.allowUnfree = true;        # Allow proprietary software.
  system = {                                # NixOS settings
    autoUpgrade = {                         # Allow auto update
      enable = true;
      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
      randomizedDelaySec = "5m";
      allowReboot = true;
      rebootWindow = {
          lower = "02:00";
          upper = "05:00";
      };
    };
    stateVersion = "23.05";
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,210 +4,173 @@
 #  flake.nix
 #   └─ ./hosts
 #       ├─ default.nix *
-#       ├─ configuration.nix
+#       ├─ configuration_common.nix
 #       ├─ configuration_desktop.nix
 #       ├─ configuration_server.nix
 #       ├─ home.nix
 #       └─ ./desktop OR ./laptop OR ./vm
 #            ├─ ./default.nix
 #            └─ ./home.nix
 #
-{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
+{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
 let
-  system = "x86_64-linux";                                  # System architecture
+  # Default user — desktop hosts share this; server hosts may override per-host
  # by passing a different `user` value in their own specialArgs block.
  defaultUser = "kabbone";
  location = builtins.getEnv "HOME" + "/.setup";
  system = "x86_64-linux";
  pkgs-unstable = import nixpkgs-unstable {
    inherit system;
    config.allowUnfree = true;
  };
  pkgs-kabbone = import ../packages {
    inherit system;
    pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
  };
  pkgs = import nixpkgs {
    inherit system;
-    config.allowUnfree = true;                              # Allow proprietary software
+    config.allowUnfree = true;
    # Prefer host-specific overlays over a global one here.
    # Set nixpkgs.overlays inside the host's own module (e.g. hosts/desktop/default.nix)
    # so only that host's pkgs is affected. Packages can be imported inline —
    # no specialArgs needed. See hosts/desktop/default.nix for an example.
  };
-  lib = nixpkgs.lib;
+  # Helper: returns [hm-module, config-attrset] for the modules list.
-  users.defaultShell = "pkgs.zsh";
+  # hm        - the home-manager flake input to use (stable or unstable)
  # user      - the username whose home-manager config to build
  # hmImports - list of home.nix paths for this host
  mkHM = hm: user: hmImports: [
    hm.nixosModules.home-manager
    {
      home-manager.useGlobalPkgs = true;
      home-manager.useUserPackages = true;
      home-manager.extraSpecialArgs = { inherit user; };
      home-manager.users.${user}.imports = hmImports;
    }
  ];
 in
 {
-  desktop = lib.nixosSystem {                                # Desktop profile
+  hades = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
+    specialArgs = { inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      lanzaboote.nixosModules.lanzaboote
-      #nixvim.nixosModules.nixvim
+      ./desktop                                            # myDesktop options set inside
-      ./desktop
+      ./configuration_common.nix
      ./configuration_desktop.nix
      ../modules/hardware/remoteBuilder.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
-      
+    ] ++ (mkHM home-manager defaultUser [ ./home.nix ./desktop/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home.nix)] ++ [(import ./desktop/home.nix)];
        };
      }
    ];
  };
-  laptop = lib.nixosSystem {                                # Laptop profile
+  lifebook = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix; };
+    specialArgs = { inherit inputs location nixos-hardware agenix lanzaboote; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
-      ./laptop
+      lanzaboote.nixosModules.lanzaboote
-      ./configuration_desktop.nix
+      ./lifebook                                           # myDesktop options set inside
-      ../modules/hardware/remoteClient.nix
+      ./configuration_common.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-gpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
-
+    ] ++ (mkHM home-manager defaultUser [ ./home.nix ./lifebook/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
        };
      }
    ];
  };
  steamdeck = nixpkgs-unstable.lib.nixosSystem {            # steamdeck profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; };
+    specialArgs = { inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      jovian-nixos.nixosModules.default
      lanzaboote.nixosModules.lanzaboote
      ./steamdeck
-      ./configuration_desktop.nix
+      ./configuration_common.nix
-      ../modules/hardware/remoteClient.nix
+    ] ++ (mkHM home-manager-unstable defaultUser [ ./home.nix ./steamdeck/home.nix ]);
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-gpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager-unstable.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
        };
      }
    ];
  };
-  server = lib.nixosSystem {                                # Desktop profile
+  kabtop = lib.nixosSystem {                                # Server profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
+    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./server
      ./configuration_server.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
        };
      }
    ];
  };
  kabtop = lib.nixosSystem {                                # Desktop profile
    inherit system;
    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./kabtop
-      ./configuration_server.nix
+      ./configuration_common.nix
      nixos-hardware.nixosModules.common-cpu-amd
      nixos-hardware.nixosModules.common-pc-ssd
-
+    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtop/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
        };
      }
    ];
  };
-  nasbak = lib.nixosSystem {                                # Desktop profile
+  nasbak = lib.nixosSystem {                                # Server profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix; };
+    specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      ./nasbackup
-      ./configuration_desktop.nix
+      ./configuration_common.nix
      ../modules/hardware/remoteClient.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
-
+    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./nasbackup/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./nasbackup/home.nix)];
        };
      }
    ];
  };
-  jupiter = lib.nixosSystem {                                # Desktop profile
+  jupiter = lib.nixosSystem {                                # Server profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix; };
+    specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      ./jupiter
-      ./configuration_desktop.nix
+      ./configuration_common.nix
      ../modules/hardware/remoteClient.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
-
+    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./jupiter/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./jupiter/home.nix)];
        };
      }
    ];
  };
-  dmz = lib.nixosSystem {                                # Desktop profile
+  kabtopci = lib.nixosSystem {                                # Server profile
    inherit system;
-    specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
+    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./kabtopci
      ./configuration_common.nix
      nixos-hardware.nixosModules.common-pc-ssd
    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtopci/home.nix ]);
  };
  kubemaster-1 = lib.nixosSystem {                                # Server profile
    inherit system;
    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./kubemaster-1
      ./configuration_common.nix
      nixos-hardware.nixosModules.common-cpu-intel
      nixos-hardware.nixosModules.common-pc-ssd
    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kubemaster-1/home.nix ]);
  };
  dmz = lib.nixosSystem {                                # Server profile
    inherit system;
    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
    modules = [
      agenix.nixosModules.default
      microvm.nixosModules.host
      ./dmz
-      ./configuration_server.nix
+      ./configuration_common.nix
      nixos-hardware.nixosModules.common-pc-ssd
-
+    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./dmz/home.nix ]);
      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
        imports = [(import ./home_server.nix)] ++ [(import ./dmz/home.nix)];
        };
      }
    ];
  };
 #  vm = lib.nixosSystem {                                    # VM profile
@@ -217,14 +180,7 @@ in
 #      ./vm
 #      ./configuration.nix
 #
-#      home-manager.nixosModules.home-manager {
+#      (mkHM home-manager [ ./home.nix ./vm/home.nix ])
 #        home-manager.useGlobalPkgs = true;
 #        home-manager.useUserPackages = true;
 #        home-manager.extraSpecialArgs = { inherit user; }; 
 #        home-manager.users.${user} = {
 #          imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
 #        };
 #      }
 #    ];
 #  };
 }
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -1,103 +1,60 @@
 #
-#  Specific system configuration settings for desktop
+#  Hades desktop — system configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
-{ config, nixpkgs, pkgs, user, lib, nixvim, ... }:
+{ lib, pkgs, inputs, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  # Example: host-specific overlays — only hades gets these packages in its pkgs.
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+  # nixpkgs.overlays = [
-    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
+  #   (final: prev: {
-    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
+  #     # pull a single package from unstable (no specialArgs needed)
-    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
+  #     firefox          = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
-    (import ../../modules/hardware);                             # Hardware devices
+  #     # pull a package from pkgs-kabbone (inline import, no specialArgs needed)
  #     corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
  #   })
  # ];
-  boot = {                                  # Boot options
+  imports = [
    ./hardware-configuration.nix
    ../../modules/desktop
  ];
  # ── Desktop module options ──────────────────────────────────────────────
  myDesktop.windowManager       = "niri";
  myDesktop.cpu                 = "amd";
  myDesktop.virtualisation.enable = true;
  myDesktop.openrgb.enable      = true;
  myDesktop.openrgb.motherboard = "amd";
  myDesktop.syncthing.enable  = true;
  myDesktop.syncthing.devices = {
    "jupiter.home.opel-online.de"  = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
    "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
  };
  myDesktop.syncthing.folders = {
    "Sync" = {
      path        = "/home/kabbone/Sync";
      devices     = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ];
      ignorePerms = false;
    };
  };
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-
+    loader = {
-    loader = {                              # EFI Boot
+      systemd-boot.enable  = lib.mkForce false;
-      systemd-boot.enable = lib.mkForce false;
+      efi.canTouchEfiVariables = true;
-      efi = {
+      efi.efiSysMountPoint = "/boot";
-        canTouchEfiVariables = true;
+      timeout              = 1;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
-        enable = true;
+      enable    = true;
-        pkiBundle = "/etc/secureboot";
+      pkiBundle = "/etc/secureboot";
    };
  };
-#  hardware.sane = {                           # Used for scanning with Xsane
+  environment.systemPackages = [ pkgs.linux-firmware ];
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
 #  hardware = {
 #    nitrokey.enable = true;
 #  };
 #  environment = {
 #    systemPackages = with pkgs; [
 ##      simple-scan
 ##       intel-media-driver
 ##       alacritty
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    dconf.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    #avahi = {                               # Needed to find wireless printer
    #  enable = true;
    #  nssmdns = true;
    #  publish = {                           # Needed for detecting the scanner
    #    enable = true;
    #    addresses = true;
    #    userServices = true;
    #  };
    #};
    hardware.openrgb = {
        enable = true;
        motherboard = "amd";
    };
  };
  #temporary bluetooth fix
 #  systemd.tmpfiles.rules = [
 #    "d /var/lib/bluetooth 700 root root - -"
 #  ];
 #  systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
 }
--- a/hosts/desktop/hardware-configuration.nix
+++ b/hosts/desktop/hardware-configuration.nix
@@ -19,7 +19,7 @@
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-amd" "nct6775" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
@@ -34,6 +34,7 @@
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -56,6 +57,40 @@
                  };
              };
          };
          bak = {
              onCalendar = "daily";
              settings = {
 	          stream_buffer = "256m";
                  stream_compress = "lz4";
                  incremental = "yes";
                  snapshot_create = "no";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve_min = "all";
                  target_preserve_min = "no";
                  target_preserve = "4w 3d";
                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
                  ssh_user = "btrbk";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          subvolume = {
                              "@home" = {};
                          };
 		          target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
                      };
                  };
 	      };
 	  };
      };
  };
  systemd.timers = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
@@ -119,24 +154,29 @@
    useDHCP = false;                        # Deprecated
    hostName = "hades";
    networkmanager = {
-      enable = false;
+      enable = true;
    };
    firewall = {
      enable = true;
      allowedUDPPorts = [ 24727 ];
      allowedTCPPorts = [ 24727 ];
    };
  };
-  systemd.network = {
+#  systemd.network = {
-      enable = true;
+#      enable = true;
-      networks = {
+#      networks = {
-          "10-lan" = {
+#          "10-lan" = {
-              matchConfig.Name = "enp34s0";
+#              matchConfig.Name = "eno1";
-              ntp = [ "192.168.2.1" ];
+#              ntp = [ "192.168.2.1" ];
-              domains = [ "home.opel-online.de" ];
+#              domains = [ "home.opel-online.de" ];
-              networkConfig = {
+#              networkConfig = {
-                DHCP = "yes";
+#                DHCP = "yes";
-                IPv6AcceptRA = true;
+#                IPv6AcceptRA = true;
-              };
+#              };
-          };
+#          };
-      };
+#      };
-  };
+#  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -1,61 +1,29 @@
 #
-#  Home-manager configuration for laptop
+#  Hades desktop — home-manager host-specific additions
-#
+#  (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
-  imports =
+  imports = [
-    [
+    ../../modules/home.nix  # cmds / theme options
-      #../../modules/wm/hyprland/home.nix # Window Manager
+  ];
      ../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
-  home = {                                # Specific packages for laptop
+  home.packages = with pkgs; [
-    packages = with pkgs; [
+    chromium
-      # Applications
+    thunderbird
-      #freecad                         # Office packages
+    streamlink
-      #firefox
+    streamlink-twitch-gui-bin
-      chromium
+    pulsemixer
-      thunderbird
+    nitrokey-app
-      streamlink
+    kicad
-      streamlink-twitch-gui-bin
+  ];
      element-desktop
      nheko
      pulsemixer
      #yubioath-flutter
      nitrokey-app
      kicad
      yuzu-mainline
-      # Display
+  services = {
-      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
+    blueman-applet.enable        = true;
-
+    network-manager-applet.enable = true;
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
   blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/dmz/default.nix
+++ b/hosts/dmz/default.nix
@@ -1,60 +1,40 @@
 #
-#  Specific system configuration settings for desktop
+#  DMZ — demilitarised zone server configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  imports = [
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    ./hardware-configuration.nix
-    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    ../../modules/server
-    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # Docker
+  ] ++ (import ../../modules/services/dmz);
    (import ../../modules/services/dmz) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
-  boot = {                                  # Boot options
+  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
  myServer.virtualisation.cpu    = "intel";
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-
+    loader = {
-    loader = {                              # EFI Boot
+      systemd-boot.enable      = true;
-      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
-      efi = {
+      efi.efiSysMountPoint     = "/boot";
-        canTouchEfiVariables = true;
+      timeout                  = 1;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
  };
  services = {
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    avahi = {
-      enable = true;
+      enable   = true;
-      nssmdns = true;
+      nssmdns4 = true;
-      publish = {                           # Needed for detecting the scanner
+      publish  = {
-        enable = true;
+        enable       = true;
-        addresses = true;
+        addresses    = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@@ -81,13 +81,16 @@
      enable = true;
      networks = {
          "10-lan" = {
-              matchConfig.Name = "enp6s18";
+              matchConfig.Name = "ens18";
              ntp = [ "192.168.101.1" ];
              domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
              dns = [
                "192.168.101.1"
              ];
          };
      };
  };
@@ -97,7 +100,7 @@
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
-      allowedTCPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
    };
  };
--- a/hosts/dmz/home.nix
+++ b/hosts/dmz/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/fuji/default.nix
+++ b/hosts/fuji/default.nix
@@ -17,28 +17,42 @@
 #           └─ default.nix
 #
-{ config, pkgs, user, ... }:
+{ config, nixpkgs, pkgs, user, lib, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
-    (import ../../modules/wm/virtualisation) ++   # Docker
+    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
-    (import ../../modules/services/nas) ++                       # Server Services
+    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
-    (import ../../modules/hardware);                                # Hardware devices
+    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
    (import ../../modules/hardware);                             # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
    lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
 #  hardware = {
 #    nitrokey.enable = true;
 #  };
 #  environment = {
 #    systemPackages = with pkgs; [
 ##      simple-scan
@@ -47,28 +61,18 @@
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = false;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -14,12 +14,12 @@
 {
  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
-    ];
+      [( import ../../modules/hardware/backup.nix )];
-  boot.initrd.availableKernelModules = [  "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
@@ -50,7 +50,6 @@
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                          };
                      };
@@ -61,78 +60,79 @@
  };
  fileSystems."/" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
-    { device = "/dev/disk/by-label/NIXROOT";
+    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
      fsType = "vfat";
    };
-  #swapDevices = [ { device = "/swap/swapfile"; } ];
+
-  swapDevices = [  ];
+  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    useDHCP = false;                        # Deprecated
-    hostName = "kabtop";
+    hostName = "fuji";
    domain = "kabtop.de";
    networkmanager = {
      enable = false;
    };
    interfaces = {
      ens18 = {
        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
        ipv4.addresses = [ {
            address = "45.142.114.153";
            prefixLength = 24;
        } ];
        ipv6.addresses = [ {
            address = "2a00:ccc1:101:19D::2";
            prefixLength = 64;
        } ];
      };
    };
    defaultGateway = "45.142.114.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "ens18";
    };
    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    firewall = {
      enable = true;
-      allowedUDPPorts = [  ];
+      #allowedUDPPorts = [ 24727 ];
-      allowedTCPPorts = [ 80 443 ];
+      #allowedTCPPorts = [ 24727 ];
    };
  };
-  #hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "eno1";
              ntp = [ "192.168.2.1" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
          };
      };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #powerManagement.powertop.enable = true;
  powerManagement = {
    scsiLinkPolicy = "med_power_with_dipm";
  };
 }
--- a/hosts/fuji/home.nix
+++ b/hosts/fuji/home.nix
@@ -0,0 +1,45 @@
 #
 #  Home-manager configuration for laptop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
  imports =
    [
      #../../modules/wm/hyprland/home.nix # Window Manager
      #../../modules/wm/kde/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      element-desktop
      #nheko
      pulsemixer
    ];
  };
  services = {                            # Applets
   #blueman-applet.enable = true;         # Bluetooth
   network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/home.nix
+++ b/hosts/home.nix
@@ -18,7 +18,7 @@
 { config, lib, pkgs, user, ... }:
 { 
-  imports =                                   # Home Manager Modules
+  imports =
    (import ../modules/editors) ++
    (import ../modules/programs) ++
    (import ../modules/programs/configs) ++
@@ -44,43 +44,45 @@
      gnumake
      gnupatch
      gnulib
      screen
      yubioath-flutter
      nitrokey-app
      claude-code
      tailscale
      wireguard-tools
 # VideAudio
      mpv               # Media Player
      youtube-dl
 # Apps
-      galculator
+      qalculate-qt
      tdesktop
      hdparm
-      python3Full
+      python3
      android-tools
-      calibre
+      #calibre
      mtpfs
      vimiv-qt
      freecad
      discord
      vesktop
      element-desktop
 # Fileanagement
-      #okular            # PDF viewer
+      kdePackages.ark
      #gnome.file-roller # Archive Manager
      ark
      pcmanfm           # File Manager
      rsync             # Syncer $ rsync -r dir1/ dir2/
      unzip             # Zip files
      unrar             # Rar files
      papirus-icon-theme
      arc-theme
-# Genel configuration
+# General configuration
      keepassxc
      libreoffice
      gimp
      # Flatpak
      prusa-slicer
      #vscodium
      (vscode-with-extensions.override {
          vscode = vscodium;
@@ -89,26 +91,30 @@
            github.copilot
            #ms-python.python
            ms-vscode.cpptools
-            dracula-theme.theme-dracula
+	    catppuccin.catppuccin-vsc-icons
-            catppuccin.catppuccin-vsc
+	    catppuccin.catppuccin-vsc
            catppuccin.catppuccin-vsc-icons
          ];
      })
      sdkmanager
    ];
    file.".config/wall".source = ../modules/themes/wall.jpg;
    file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
-    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
+#    pointerCursor = {                         # This will set cursor systemwide so applications can not choose their own
-      name = "Dracula-cursors";
+#      name = "Dracula-cursors";
-      package = pkgs.dracula-theme;
+#      package = pkgs.dracula-theme;
-      size = 16;
+#      size = 16;
-      gtk.enable = true;
+#      gtk.enable = true;
-    };
+#    };
    stateVersion = "23.05";
  };
  programs = {
    home-manager.enable = true;
    alacritty = {
      settings.font.size = 11;
    };
  };
--- a/hosts/home_server.nix
+++ b/hosts/home_server.nix
@@ -42,7 +42,7 @@
      # Apps
      hdparm
-      python3Full
+      python3
      # File Management
      rsync             # Syncer $ rsync -r dir1/ dir2/
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -1,74 +1,57 @@
 #
-#  Specific system configuration settings for desktop
+#  Jupiter — NAS server configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
-{ config, pkgs, user, ... }:
+{ config, pkgs, inputs, user, ... }:
 {
-  imports =                                                         # For now, if applying to other ssystem, swap files
+  imports = [
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    ./hardware-configuration.nix
-    #(import ../../modules/wm/virtualisation) ++   # Docker
+    ../../modules/server
-    (import ../../modules/services/nas) ++                       # Server Services
+  ] ++ (import ../../modules/services/nas);
    (import ../../modules/hardware);                                # Hardware devices
-  boot = {                                  # Boot options
+  # ── Server module options ───────────────────────────────────────────────
  # No virtualisation on the NAS
  # ── Host-specific settings ──────────────────────────────────────────────
 # Example: host-specific overlay — only jupiter gets these packages in its pkgs.
 # nixpkgs.overlays = [
 #   (final: prev: {
 #     corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
 #     firefox          = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
 #   })
 # ];
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-
+    loader = {
-    loader = {                              # EFI Boot
+      systemd-boot.enable      = true;
-      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
-      efi = {
+      efi.efiSysMountPoint     = "/boot";
-        canTouchEfiVariables = true;
+      timeout                  = 1;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
-#  environment = {
+  programs = {
 #    systemPackages = with pkgs; [
 ##      simple-scan
 ##       intel-media-driver
 ##       alacritty
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
-      enable = false;
+      enable           = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage  = pkgs.pinentry-curses;
    };
  };
  services = {
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    avahi = {
-      enable = true;
+      enable   = true;
-      nssmdns = true;
+      nssmdns4 = true;
-      publish = {                           # Needed for detecting the scanner
+      publish  = {
-        enable = true;
+        enable       = true;
-        addresses = true;
+        addresses    = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/jupiter/hardware-configuration.nix
+++ b/hosts/jupiter/hardware-configuration.nix
@@ -50,6 +50,7 @@
  };
  services.btrbk = {
      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -59,7 +60,7 @@
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
-                  snapshot_preserve = "2m 2w 5d 5h";
+                  snapshot_preserve = "2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
@@ -188,35 +189,35 @@
  swapDevices = [ { device = "/swap/swapfile"; } ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              ntp = [ "192.168.2.1" ];
              domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
 		IPv6PrivacyExtensions=false;
              };
              ipv6AcceptRAConfig = {
                DHCPv6Client = "always";
                UseDNS = true;
              };
              dhcpV4Config = {
                UseDNS = true;
              };
              dhcpV6Config = {
                UseDNS = true;
              };
          };
      };
  };
  networking = {
    hostName = "jupiter";
    domain = "home.opel-online.de";
-    networkmanager = {
+    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
      enable = false;
    };
    timeServers = [
        "192.168.2.1"
    ];
    interfaces = {
      enp6s18 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        ipv4.addresses = [ {
 #            address = "45.142.114.153";
 #            prefixLength = 24;
 #        } ];
 #        ipv6.addresses = [ {
 #            address = "2a00:ccc1:101:19D::2";
 #            prefixLength = 64;
 #        } ];
 #      };
      };
    };
 #    defaultGateway = "45.142.114.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp6s18";
    };
 #    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
@@ -228,7 +229,7 @@
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
-    scsiLinkPolicy = "med_power_with_dipm";
+    #scsiLinkPolicy = "med_power_with_dipm";
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
    '';
--- a/hosts/jupiter/home.nix
+++ b/hosts/jupiter/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -1,112 +1,55 @@
 #
-#  Specific system configuration settings for desktop
+#  Kabtop — server configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  imports = [
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    ./hardware-configuration.nix
-    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    ../../modules/server
-    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++  # kvm module options
+  ] ++ (import ../../modules/services/server);
    (import ../../modules/services/server) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
-  boot = {                                  # Boot options
+  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
  myServer.virtualisation.cpu    = "amd";
  myServer.fail2ban.enable       = true;
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-
+    loader = {
-    loader = {                              # EFI Boot
+      grub = {
    grub = {
        enable = true;
        device = "/dev/sda";
-    };
+      };
-      timeout = 1;                          # Grub auto select time
+      timeout = 1;
    };
  };
-  environment = {
+  environment.etc = {
-    etc = {
+    "fail2ban/filter.d/open-webui.conf" = {
-      "fail2ban/filter.d/open-webui.conf" = {
+      source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
-        source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
+      mode   = "0444";
-        mode = "0444";
+    };
-      };
+    "fail2ban/filter.d/gitea.conf" = {
-      "fail2ban/filter.d/gitea.conf" = {
+      source = ../../modules/services/server/fail2ban/filter/gitea.conf;
-        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
+      mode   = "0444";
-        mode = "0444";
+    };
-      };
+    "fail2ban/filter.d/nextcloud.conf" = {
-      "fail2ban/filter.d/nextcloud.conf" = {
+      source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
-        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
+      mode   = "0444";
        mode = "0444";
      };
    };
  };
-  programs = {                              # No xbacklight, this is the alterantive
+  programs = {
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
-      enable = true;
+      enable            = true;
-      enableSSHSupport = true;
+      enableSSHSupport  = true;
-      pinentryFlavor = "curses";
+      pinentryPackage   = pkgs.pinentry-curses;
    };
  };
-  services = {
+  services.qemuGuest.enable = true;
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    fail2ban = {
        enable = true;
        maxretry = 5;
        jails.DEFAULT.settings = {
           findtime = "15m";
        };
        jails = {
            open-webui = ''
              enabled = true
              filter = open-webui
              backend = systemd
              action = iptables-allports
            '';
            gitea = ''
              enabled = true
              filter = gitea
              backend = systemd
              action = iptables-allports
            '';
            nextcloud = ''
              backend = auto
              enabled = true
              filter = nextcloud
              logpath = /var/lib/nextcloud/data/nextcloud.log
              action = iptables-allports
            '';
          };
    };
  };
 }
--- a/hosts/kabtop/hardware-configuration.nix
+++ b/hosts/kabtop/hardware-configuration.nix
@@ -52,6 +52,7 @@
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                              "@var" = {};
                          };
                      };
                  };
@@ -113,32 +114,36 @@
    networkmanager = {
      enable = false;
    };
    interfaces = {
      ens18 = {
        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
        ipv4.addresses = [ {
            address = "37.44.215.182";
            prefixLength = 24;
        } ];
        ipv6.addresses = [ {
            address = "2a13:7e80:0:ef::2";
            prefixLength = 64;
        } ];
      };
    };
    defaultGateway = "37.44.215.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "ens18";
    };
    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              address = [
                "37.44.215.182/24"
                "2a13:7e80:0:ef::2/64"
              ];
              routes = [
                {  Gateway = "37.44.215.1"; }
                {  Gateway = "fe80::1"; }
              ];
              dns = [
                "9.9.9.9"
                "2620:fe::fe"
              ];
          };
      };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtop/home.nix
+++ b/hosts/kabtop/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/kabtopci/default.nix
+++ b/hosts/kabtopci/default.nix
@@ -0,0 +1,28 @@
 #
 #  Kabtopci — CI server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../../modules/server
  ] ++ (import ../../modules/services/kabtopci);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
  myServer.virtualisation.cpu    = "amd";
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      grub = {
        enable = true;
        device = "/dev/vda";
      };
      timeout = 1;
    };
  };
 }
--- a/hosts/kabtopci/hardware-configuration.nix
+++ b/hosts/kabtopci/hardware-configuration.nix
@@ -0,0 +1,108 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")];
  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  swapDevices = [  ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kabtopci";
    domain = "ci.kabtop.de";
    networkmanager = {
      enable = false;
    };
    interfaces = {
      ens3 = {
        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
        ipv4.addresses = [ {
            address = "195.90.221.87";
            prefixLength = 22;
        } ];
        ipv6.addresses = [ {
            address = "2a00:6800:3:d5b::2";
            prefixLength = 64;
        } ];
      };
    };
    defaultGateway = "195.90.220.1";
    defaultGateway6 = {
      address = "2a00:6800:3::1";
      interface = "ens3";
    };
    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtopci/home.nix
+++ b/hosts/kabtopci/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/kubemaster-1/default.nix
+++ b/hosts/kubemaster-1/default.nix
@@ -0,0 +1,37 @@
 #
 #  Kubemaster-1 — Kubernetes master server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../../modules/server
  ] ++ (import ../../modules/services/kubemaster);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
  myServer.virtualisation.cpu    = "intel";
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      systemd-boot.enable      = true;
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint     = "/boot";
      timeout                  = 1;
    };
  };
  services.avahi = {
    enable   = true;
    nssmdns4 = true;
    publish  = {
      enable       = true;
      addresses    = true;
      userServices = true;
    };
  };
 }
--- a/hosts/kubemaster-1/hardware-configuration.nix
+++ b/hosts/kubemaster-1/hardware-configuration.nix
@@ -0,0 +1,117 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
    ];
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  swapDevices = [  ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "enp0s31f6";
              ntp = [ "192.168.2.1" ];
              domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
              dns = [
                "192.168.2.1"
              ];
          };
      };
  };
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "kubemaster-1";
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/e036f437-bc91-4398-b182-7cf5724e23a2
    '';
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/kubemaster-1/home.nix
+++ b/hosts/kubemaster-1/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/lifebook/default.nix
+++ b/hosts/lifebook/default.nix
@@ -0,0 +1,58 @@
 #
 #  Lifebook laptop — system configuration
 #
 { lib, pkgs, user, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../../modules/desktop
  ];
  # ── Desktop module options ──────────────────────────────────────────────
  myDesktop.windowManager       = "niri";
  myDesktop.niri.hotkeyVariant  = "lifebook";
  myDesktop.cpu                 = "intel";
  myDesktop.virtualisation.enable = true;
  myDesktop.laptop.enable           = true;
  myDesktop.laptop.lidSwitch        = "suspend-then-hibernate";
  myDesktop.laptop.hibernateDelaySec = "1h";
  myDesktop.git.signingKey = "/home/${user}/.ssh/id_ed25519_sk_rk_blackred";
  myDesktop.syncthing.enable  = true;
  myDesktop.syncthing.devices = {
    "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
    "hades.home.opel-online.de"   = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
  };
  myDesktop.syncthing.folders = {
    "Sync" = {
      path        = "/home/kabbone/Sync";
      devices     = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ];
      ignorePerms = false;
    };
  };
  myDesktop.extraSystemPackages = with pkgs; [
    intel-media-driver
    intel-compute-runtime
  ];
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages    = pkgs.linuxPackages_latest;
    initrd.prepend    = [ "${./patched-SSDT4}" ];
    loader = {
      systemd-boot.enable  = lib.mkForce false;
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot";
      timeout              = 1;
    };
    lanzaboote = {
      enable    = true;
      pkiBundle = "/etc/secureboot";
    };
  };
 }
--- a/hosts/lifebook/hardware-configuration.nix
+++ b/hosts/lifebook/hardware-configuration.nix
@@ -0,0 +1,261 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
      [( import ../../modules/hardware/backup.nix )];
  boot = {
 	  initrd = {
 		  availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
 		  kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
 		  systemd.enable = true;
 		  luks = {
 			  devices."crypted" = {
 				  device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
 				  allowDiscards = true;
 		                  bypassWorkqueues = true;
 			  };
 		  };
 	  };
 	  kernelModules = [ "kvm-intel" ];
 	  kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
 	  extraModprobeConfig = ''
 	options i915 force_probe=!9a49
 	options xe force_probe=9a49
 		  '';
 	  tmp.useTmpfs = false;
 	  tmp.cleanOnBoot = true;
  };
  zramSwap.enable = true;
  services = {
      btrfs.autoScrub = {
          enable = true;
          interval = "monthly";
          fileSystems = [
              "/"
          ];
      };
      udev.extraRules = ''
          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
          '';
      btrbk = {
          extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
          instances = {
              hf = {
                  onCalendar = "hourly";
                  settings = {
                      incremental = "yes";
                      snapshot_create = "ondemand";
                      snapshot_dir = "@snapshots";
                      timestamp_format = "long";
                      snapshot_preserve = "2m 2w 5d 5h";
                      snapshot_preserve_min = "latest";
                      volume =  {
                          "/mnt/snapshots/root" = {
                              snapshot_create = "always";
                              subvolume = {
                                  "@home" = {};
                              };
                          };
                      };
                  };
              };
              bak = {
                  onCalendar = "daily";
                  settings = {
 	              stream_buffer = "256m";
                      stream_compress = "lz4";
                      incremental = "yes";
                      snapshot_create = "no";
                      snapshot_dir = "@snapshots";
                      timestamp_format = "long";
                      snapshot_preserve_min = "all";
                      target_preserve_min = "no";
                      target_preserve = "4w 3d";
                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
                      ssh_user = "btrbk";
                      volume =  {
                          "/mnt/snapshots/root" = {
                              subvolume = {
                                  "@home" = {};
                              };
 	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
                          };
                      };
 	          };
 	      };
          };
      };
      tuned = {
        enable = true;
        profiles = {
          balanced_powertop = {
            main = {
              include = "balanced";
            };
            sysfs = {
              "/sys/class/net/wlan0/device/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
              "/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
            };
          };
          balanced-battery_powertop = {
            main = {
              include = "balanced-battery";
            };
            sysfs = {
              "/sys/class/net/wlan0/device/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
              "/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
            };
          };
        };
      };
  };
  systemd.timers = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
  fileSystems."/" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  fileSystems."/home" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
  fileSystems."/opt" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
    };
  fileSystems."/var" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
    };
  fileSystems."/mnt/snapshots/root" =
    { device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/mnt/Pluto" =
    { device = "jupiter.home.opel-online.de:/Pluto";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  fileSystems."/mnt/Mars" =
    { device = "jupiter.home.opel-online.de:/Mars";
      fsType = "nfs";
      options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "lifebook";
    wireless.iwd.enable = true;
    networkmanager = {
      enable = true;
      wifi = {
        backend = "iwd";
        powersave = true;
      };
    };
 #    interfaces = {
 #      wlan0 = {
 #        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        #ipv4.addresses = [ {
 #        #    address = "192.168.0.51";
 #        #    prefixLength = 24;
 #        #} ];
 #      };
 #    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = false;
      enable = true;
      allowedUDPPorts = [ 24727 51820 ];
      allowedTCPPorts = [ 24727 ];
    };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 #  powerManagement = {
 #    powertop.enable = true;    
 #  };
 }
--- a/hosts/lifebook/home.nix
+++ b/hosts/lifebook/home.nix
@@ -0,0 +1,29 @@
 #
 #  Lifebook laptop — home-manager host-specific additions
 #  (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
 #
 { pkgs, ... }:
 {
  imports = [
    ../../modules/home.nix  # cmds / theme options
  ];
  home.packages = with pkgs; [
    libreoffice
    chromium
    thunderbird
    streamlink
    streamlink-twitch-gui-bin
    intel-gpu-tools
    pulsemixer
  ];
  services = {
    blueman-applet.enable        = true;
    network-manager-applet.enable = true;
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/lifebook/patched-SSDT4
+++ b/hosts/lifebook/patched-SSDT4
--- a/hosts/nas/hardware-configuration.nix
+++ b/hosts/nas/hardware-configuration.nix
@@ -1,255 +0,0 @@
 #
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
 # flake.nix
 #  └─ ./hosts
 #      └─ ./laptop
 #          └─ hardware-configuration.nix *
 #
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
  boot.initrd.secrets = {
    "/root/NASKeyfile" =
        /root/NASKeyfile;
  };
  boot.initrd.luks.devices = {
    NAS-RAID1 = {
      device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
      keyFile = "/root/NASKeyfile";
    };
    NAS-RAID2 = {
      device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
      keyFile = "/root/NASKeyfile";
    };
  };
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.tmp.useTmpfs = false;
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  services.btrfs.autoScrub = {
    enable = true;
    interval = "monthly";
    fileSystems = [
      "/"
      "/mnt/Pluto"
    ];
  };
  services.btrbk = {
      instances = {
          hf = {
              onCalendar = "hourly";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d 5h";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/root" = {
                          snapshot_create = "always";
                          subvolume = {
                              "@" = {};
                              "@home" = {};
                              "@nas/Home" = {};
                          };
                      };
                  };
              };
          };
          lf = {
              onCalendar = "daily";
              settings = {
                  incremental = "yes";
                  snapshot_create = "ondemand";
                  snapshot_dir = "@snapshots";
                  timestamp_format = "long";
                  snapshot_preserve = "2m 2w 5d";
                  snapshot_preserve_min = "latest";
                  volume =  {
                      "/mnt/snapshots/Pluto" = {
                          snapshot_create = "always";
                          subvolume = {
                            "@" = {};
                            "@/Backups" = {};
                            "@/Games" = {};
                            "@/IT" = {};
                            "@/Media" = {};
                            "@/Pictures" = {};
                            "@/Rest" = {};
                          };
                      };
                  };
              };
          };
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
    };
  fileSystems."/srv" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
    };
  fileSystems."/swap" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
    };
    fileSystems."/mnt/snapshots/root" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
    fileSystems."/mnt/snapshots/Mars" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
    };
  fileSystems."/mnt/snapshots/Pluto" =
    { device = "/dev/disk/by-label/NAS-RAID";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
    };
  fileSystems."/mnt/Pluto" =
    { device = "/dev/disk/by-label/NAS-RAID";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,noatime,subvol=@" ];
    };
  fileSystems."/mnt/Mars" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
    };
  fileSystems."/export/Pluto" =
    { device = "/mnt/Pluto";
      options = [ "bind" ];
    };
  fileSystems."/export/Mars" =
    { device = "/mnt/Mars";
      options = [ "bind" ];
    };
  swapDevices = [ { device = "/swap/swapfile"; } ];
  networking = {
    vswitches = {
        vs0 = {
            interfaces = {
                enp0s31f6 = {  };
                lo1 = {
                    type = "internal";
                };
                enp0s31f6iot = {
                    type = "internal";
                    vlan = 100;
                };
            };
        };
    };
    useDHCP = false;                        # Deprecated
    hostName = "nas";
    domain = "home.opel-online.de";
    networkmanager = {
      enable = false;
    };
    timeServers = [
        "192.168.2.1"
    ];
    interfaces = {
 #      enp0s31f6 = {
 #        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        ipv4.addresses = [ {
 #            address = "45.142.114.153";
 #            prefixLength = 24;
 #        } ];
 #        ipv6.addresses = [ {
 #            address = "2a00:ccc1:101:19D::2";
 #            prefixLength = 64;
 #        } ];
 #      };
      lo1 = {
        useDHCP = true;
        macAddress = "f6:14:f3:7b:1f:f7";
      };
    };
 #    defaultGateway = "45.142.114.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "lo1";
    };
 #    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    #};
  };
  systemd.services = {
    "ovsdb".partOf = [ "network-setup.service" ];
    "ovs-vswitchd".partOf = [ "network-setup.service" ];
    "network-addresses-lo1" = {
        requires = [ "network-setup.service" ];
    };
  };
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  powerManagement = {
    cpuFreqGovernor = lib.mkDefault "powersave";
    powertop.enable = true;
    powerUpCommands = ''
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
    '';
  };
 }
--- a/hosts/nasbackup/default.nix
+++ b/hosts/nasbackup/default.nix
@@ -1,66 +1,48 @@
 #
-#  Specific system configuration settings for desktop
+#  Nasbak — NAS backup server configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  imports = [
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    ./hardware-configuration.nix
-    #[(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    ../../modules/server
-    (import ../../modules/services/nasbackup) ++                       # Server Services
+  ] ++ (import ../../modules/services/nasbackup);
    (import ../../modules/hardware);                                # Hardware devices
-  boot = {                                  # Boot options
+  # ── Server module options ───────────────────────────────────────────────
  # No virtualisation on the backup NAS
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-
+    loader = {
-    loader = {                              # EFI Boot
+      systemd-boot.enable      = true;
-      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
-      efi = {
+      efi.efiSysMountPoint     = "/boot";
-        canTouchEfiVariables = true;
+      timeout                  = 1;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
  };
-  programs = {                              # No xbacklight, this is the alterantive
+  programs = {
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
-      enable = false;
+      enable           = false;
      enableSSHSupport = true;
-      pinentryFlavor = "curses";
+      pinentryPackage  = pkgs.pinentry-curses;
    };
  };
  services = {
    qemuGuest.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    avahi = {
-      enable = true;
+      enable   = true;
-      nssmdns = true;
+      nssmdns4 = true;
-      publish = {                           # Needed for detecting the scanner
+      publish  = {
-        enable = true;
+        enable       = true;
-        addresses = true;
+        addresses    = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/nasbackup/hardware-configuration.nix
+++ b/hosts/nasbackup/hardware-configuration.nix
@@ -51,7 +51,7 @@
  };
  services.btrbk = {
-      extraPackages = [ pkgs.lz4 ];
+      extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
      instances = {
          hf = {
              onCalendar = "hourly";
@@ -78,6 +78,7 @@
          bak = {
              onCalendar = "weekly";
              settings = {
 	          stream_buffer = "265m";
                  stream_compress = "lz4";
                  incremental = "yes";
                  snapshot_create = "no";
@@ -87,20 +88,35 @@
                  snapshot_preserve_min = "all";
                  target_preserve_min = "no";
                  target_preserve = "4w 2m";
                  archive_preserve_min = "no";
                  archive_preserve = "4w 2m";
                  ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
                  ssh_user = "btrbk";
                  volume =  {
-                      "ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
+                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
                          target = "/mnt/nas/Backups/Mars";
                          subvolume = {
-                              "@nas" = {};
+                              "@nas" = {
                                  target = "/mnt/nas/Backups/Mars";
 			      };
                              "@hades/@home" = {
 				  target = "/mnt/nas/Backups/Hades";
 				  snapshot_dir = "@snapshots/@hades";
 			      };
                              "@lifebook/@home" = {
 				  target = "/mnt/nas/Backups/Lifebook";
 				  snapshot_dir = "@snapshots/@lifebook";
 			      };
 #                              "@steamdeck/@home" = {
 #				  target = "/mnt/nas/Backups/Steamdeck";
 #				  snapshot_dir = "@snapshots/@steamdeck";
 #			      };
                          };
                      };
                  };
                  volume =  {
-                      "ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
+                      "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
                          target = "/mnt/nas/Backups/Pluto";
                          subvolume = {
                              "@/Games" = {};
@@ -113,36 +129,17 @@
                  };
              };
          };
 #          lf = {
 #              onCalendar = "daily";
 #              settings = {
 #                  incremental = "yes";
 #                  snapshot_create = "ondemand";
 #                  snapshot_dir = "@snapshots";
 #                  timestamp_format = "long";
 #
 #                  snapshot_preserve = "2m 2w 5d";
 #                  snapshot_preserve_min = "latest";
 #                
 #                  volume =  {
 #                      "/mnt/snapshots/Pluto" = {
 #                          snapshot_create = "always";
 #                          subvolume = {
 #                            "@" = {};
 #                            "@/Backups" = {};
 #                            "@/Games" = {};
 #                            "@/IT" = {};
 #                            "@/Media" = {};
 #                            "@/Pictures" = {};
 #                            "@/Rest" = {};
 #                          };
 #                      };
 #                  };
 #              };
 #          };
      };
  };
  systemd.services = {
      btrbk-bak = {
          after = [ "network-online.target" ];
          requires = [ "network-online.target" ];
      };
  };
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "btrfs";
@@ -198,35 +195,24 @@
  swapDevices = [ { device = "/swap/swapfile"; } ];
  systemd.network = {
      enable = true;
      networks = {
          "10-lan" = {
              matchConfig.Name = "ens18";
              ntp = [ "192.168.2.1" ];
              domains = [ "home.opel-online.de" ];
              networkConfig = {
                DHCP = "yes";
                IPv6AcceptRA = true;
              };
          };
      };
  };
  networking = {
    hostName = "nasbak";
    domain = "home.opel-online.de";
-    networkmanager = {
+    useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
      enable = false;
    };
    timeServers = [
        "192.168.2.1"
    ];
    interfaces = {
      enp6s18 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
 #        ipv4.addresses = [ {
 #            address = "45.142.114.153";
 #            prefixLength = 24;
 #        } ];
 #        ipv6.addresses = [ {
 #            address = "2a00:ccc1:101:19D::2";
 #            prefixLength = 64;
 #        } ];
 #      };
      };
    };
 #    defaultGateway = "45.142.114.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp6s18";
    };
 #    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
    #firewall = {
    #  enable = false;
    #  #allowedUDPPorts = [ 53 67 ];
--- a/hosts/nasbackup/home.nix
+++ b/hosts/nasbackup/home.nix
@@ -23,9 +23,6 @@
    packages = with pkgs; [
      # Applications
      # Display
      #light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -23,10 +23,11 @@
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
-    [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
+   # [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
-    (import ../../modules/hardware);                                # Hardware devices
+    (import ../../modules/hardware) ++
    (import ../../modules/services/printer);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
@@ -41,32 +42,14 @@
    };
  };
 #  hardware.sane = {                           # Used for scanning with Xsane
 #    enable = false;
 #    extraBackends = [ pkgs.sane-airscan ];
 #  };
  hardware = {
    nitrokey.enable = true;
  };
  environment = {
    systemPackages = with pkgs; [
 #      simple-scan
       intel-media-driver
 #       alacritty
    ];
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    dconf.enable = true;
    light.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
@@ -80,21 +63,15 @@
    logind.lidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
    #auto-cpufreq.enable = true;
    blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    tailscale.enable = true;
  };
  #temporary bluetooth fix
--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@@ -134,30 +134,19 @@
  networking = {
    useDHCP = false;                        # Deprecated
    hostName = "nbf5";
-    wireless.iwd.enable = true;
+    wireless = {
-    networkmanager = {
+      iwd.enable = true;
-      enable = true;
+      interfaces = [ "wlan0" ];
      wifi = {
        backend = "iwd";
        powersave = true;
      };
    };
    interfaces = {
      wlan0 = {
        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
        #ipv4.addresses = [ {
        #    address = "192.168.0.51";
        #    prefixLength = 24;
        #} ];
      };
    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
-      checkReversePath = "loose";
+      enable = true;
-    #  enable = false;
+      #allowedUDPPorts = [ 53 67 ];
-    #  #allowedUDPPorts = [ 53 67 ];
+      allowedTCPPorts = [ 80 443 ];
    #  #allowedTCPPorts = [ 53 80 443 9443 ];
    };
  };
--- a/hosts/laptop/home.nix
+++ b/hosts/laptop/home.nix
@@ -17,20 +17,14 @@
  imports =
    [
      #../../modules/wm/hyprland/home.nix # Window Manager
-      ../../modules/wm/sway/home.nix # Window Manager
+      #../../modules/wm/sway/home.nix # Window Manager
      ../../modules/home.nix # Window Manager
    ];
  home = {                                # Specific packages for laptop
    packages = with pkgs; [
      # Applications
-      libreoffice                         # Office packages
+      firefox
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      element-desktop
      intel-gpu-tools
      pulsemixer
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -1,101 +0,0 @@
 #
 #  Specific system configuration settings for desktop
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
  imports =                                                         # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
    (import ../../modules/services/server) ++                       # Server Services
    (import ../../modules/hardware);                                # Hardware devices
  boot = {                                  # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {                              # EFI Boot
    grub = {
        enable = true;
        device = "/dev/sda";
    };
      timeout = 1;                          # Grub auto select time
    };
  };
  environment = {
    etc = {
      "fail2ban/filter.d/gitea.conf" = {
        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
        mode = "0444";
      };
      "fail2ban/filter.d/nextcloud.conf" = {
        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
        mode = "0444";
      };
    };
  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };
  };
  services = {
    #auto-cpufreq.enable = true;
    qemuGuest.enable = true;
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    fail2ban = {
        enable = true;
        maxretry = 5;
        jails.DEFAULT.settings = {
           findtime = "15m";
        };
        jails = {
            gitea = ''
              enabled = true
              filter = gitea
              backend = systemd
              action = iptables-allports
            '';
            nextcloud = ''
              backend = auto
              enabled = true
              filter = nextcloud
              logpath = /var/lib/nextcloud/data/nextcloud.log
              action = iptables-allports
            '';
          };
    };
  };
 }
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -1,92 +1,50 @@
 #
-#  Specific system configuration settings for desktop
+#  Steamdeck — system configuration
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │        ├─ default.nix *
 #   │        └─ hardware-configuration.nix       
 #   └─ ./modules
 #       ├─ ./desktop
 #       │   └─ ./hyprland
 #       │       └─ hyprland.nix
 #       ├─ ./modules
 #       │   └─ ./programs
 #       │       └─ waybar.nix
 #       └─ ./hardware
 #           └─ default.nix
 #
-{ config, pkgs, user, jovian-nixos, lib, ... }:
+{ lib, pkgs, user, jovian-nixos, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  imports = [
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    ./hardware-configuration.nix
-    [(import ../../modules/wm/steam/default.nix)] ++            # jovian steam
+    ../../modules/desktop
-    [(import ../../modules/wm/kde/default.nix)] ++              # Window Manager
+    ../../modules/wm/steam
-    (import ../../modules/wm/virtualisation) ++                 # libvirt + Docker
+  ];
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
    (import ../../modules/hardware);                                 # Hardware devices
-  boot = {                                  # Boot options
+  # ── Desktop module options ──────────────────────────────────────────────
-    loader = {                              # EFI Boot
+  myDesktop.windowManager         = "kde";
-      systemd-boot.enable = lib.mkForce false;
+  myDesktop.cpu                   = "amd";
-      efi = {
+  myDesktop.virtualisation.enable = true;
-        canTouchEfiVariables = true;
+  myDesktop.nitrokey.enable       = true;
-        efiSysMountPoint = "/boot";
+
-      };
+  specialisation = {
-      timeout = 1;                          # Grub auto select time
+    sway.configuration = {
      imports                                = [ (import ../../modules/wm/sway) ];
      jovian.steam.enable                    = lib.mkForce false;
      services.desktopManager.plasma6.enable = lib.mkForce false;
    };
  };
  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    loader = {
      systemd-boot.enable      = lib.mkForce false;
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint     = "/boot";
      timeout                  = 1;
    };
    lanzaboote = {
-        enable = true;
+      enable    = true;
-        pkiBundle = "/etc/secureboot";
+      pkiBundle = "/etc/secureboot";
    };
  };
-#  hardware.sane = {                           # Used for scanning with Xsane
+  services.printing = {
-#    enable = false;
+    enable  = true;
-#    extraBackends = [ pkgs.sane-airscan ];
+    drivers = [ pkgs.gutenprint ];
 #  };
  hardware = {
    nitrokey.enable = true;
  };
-#  environment = {
+  services.tailscale.enable = true;
 #    systemPackages = with pkgs; [
 ##       alacritty
 #    ];
 #  };
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    dconf.enable = true;
    light.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      #pinentryFlavor = "curses";
    };
  };
  services = {
 #   blueman.enable = true;
    printing = {                            # Printing and drivers for TS5300
      enable = true;
      drivers = [ pkgs.gutenprint ];
    };
    avahi = {                               # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
      publish = {                           # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
    tailscale.enable = true;
  };
  security.pam.sshAgentAuth.enable = true;
 }
--- a/hosts/steamdeck/hardware-configuration.nix
+++ b/hosts/steamdeck/hardware-configuration.nix
@@ -19,7 +19,7 @@
  boot = {
 	  initrd = {
-                  availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
+          availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
 		  kernelModules = [ ];
 		  systemd.enable = true;
 		  luks = {
@@ -50,33 +50,66 @@
      udev.extraRules = ''
          ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
          '';
  };
-  services.btrbk = {
+      btrbk = {
-      instances = {
+          instances = {
-          hf = {
+              hf = {
-              onCalendar = "hourly";
+                  onCalendar = "hourly";
-              settings = {
+                  settings = {
-                  incremental = "yes";
+                      incremental = "yes";
-                  snapshot_create = "ondemand";
+                      snapshot_create = "ondemand";
-                  snapshot_dir = "@snapshots";
+                      snapshot_dir = "@snapshots";
-                  timestamp_format = "long";
+                      timestamp_format = "long";
-                  snapshot_preserve = "2m 2w 5d 5h";
+                      snapshot_preserve = "2m 2w 5d 5h";
-                  snapshot_preserve_min = "latest";
+                      snapshot_preserve_min = "latest";
-                  volume =  {
+                      volume =  {
-                      "/mnt/snapshots/root" = {
+                          "/mnt/snapshots/root" = {
-                          snapshot_create = "always";
+                              snapshot_create = "always";
-                          subvolume = {
+                              subvolume = {
-                              "@home" = {};
+                                  "@home" = {};
                              };
                          };
                      };
                  };
              };
 #              bak = {
 #                  onCalendar = "daily";
 #                  settings = {
 #	              stream_buffer = "256m";
 #                      stream_compress = "lz4";
 #                      incremental = "yes";
 #                      snapshot_create = "no";
 #                      snapshot_dir = "@snapshots";
 #                      timestamp_format = "long";
 #
 #                      snapshot_preserve_min = "all";
 #                      target_preserve_min = "no";
 #                      target_preserve = "2m 4w 3d";
 #
 #                      ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
 #                      ssh_user = "btrbk";
 #                    
 #                      volume =  {
 #                          "/mnt/snapshots/root" = {
 #                              subvolume = {
 #                                  "@home" = {};
 #                              };
 #	                      target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
 #                          };
 #                      };
 #	          };
 #	      };
          };
      };
  };
 #
 #  systemd.timers = {
 #      btrbk-bak = {
 #          requires = [ "network-online.target" ];
 #      };
 #  };
  fileSystems."/" =
    { device = "/dev/mapper/crypted";
@@ -171,9 +204,9 @@
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = "loose";
-    #  enable = false;
+      enable = true;
-    #  #allowedUDPPorts = [ 53 67 ];
+      allowedUDPPorts = [ 24727 ];
-    #  #allowedTCPPorts = [ 53 80 443 9443 ];
+      allowedTCPPorts = [ 24727 ];
    };
  };
--- a/hosts/steamdeck/home.nix
+++ b/hosts/steamdeck/home.nix
@@ -1,55 +1,30 @@
 #
-#  Home-manager configuration for laptop
+#  Home-manager configuration for steamdeck
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ ./laptop
 #   │       └─ home.nix *
 #   └─ ./modules
 #       └─ ./desktop
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
 { pkgs, ... }:
 {
-  imports =
+  specialisation = {
-    [
+    sway.configuration = {
-      ../../modules/wm/steam/home.nix # Window Manager
+      imports = [ (import ../../modules/wm/sway/home.nix) ];
-      ../../modules/wm/kde/home.nix # Window Manager
+    };
-      ../../modules/home.nix # Window Manager
+  };
    ];
-  home = {                                # Specific packages for laptop
+  imports =
    [ (import ../../modules/home.nix) ] ++
    [ (import ../../modules/wm/steam/home.nix) ];
  home = {
    packages = with pkgs; [
-      # Applications
+      libreoffice
      libreoffice                         # Office packages
      #firefox
      chromium
      thunderbird
      streamlink
      streamlink-twitch-gui-bin
      element-desktop
      pulsemixer
      #yuzu-early-access
      # Display
      light                              # xorg.xbacklight not supported. Other option is just use xrandr.
      # Power Management
      #auto-cpufreq                       # Power management
      #tlp                                # Power management
    ];
  };
  programs = {
    alacritty.settings.font.size = 11;
  };
  services = {                            # Applets
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@@ -0,0 +1,522 @@
 #
 #  Desktop module — import this instead of manual WM/virtualisation imports.
 #
 #  Usage in hosts/<hostname>/default.nix:
 #
 #    imports = [
 #      ./hardware-configuration.nix
 #      ../../modules/desktop
 #    ];
 #
 #    myDesktop.windowManager  = "niri";   # niri (default) | sway | kde
 #    myDesktop.cpu            = "amd";    # amd | intel | none (default)
 #
 #    myDesktop.virtualisation.enable = true;
 #
 #    myDesktop.syncthing.enable  = true;
 #    myDesktop.syncthing.devices = { "jupiter.home.example.de" = { id = "XXXXX-..."; }; };
 #    myDesktop.syncthing.folders = { "Sync" = { path = "/home/user/Sync"; devices = [...]; }; };
 #
 #    myDesktop.openrgb.enable      = true;
 #    myDesktop.openrgb.motherboard = "amd";   # or "intel"
 #
 #    myDesktop.laptop.enable           = true;
 #    myDesktop.laptop.lidSwitch        = "suspend-then-hibernate";
 #    myDesktop.laptop.hibernateDelaySec = "1h";
 #
 #    myDesktop.nitrokey.enable = true;
 #
 #    myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
 #
 { config, lib, pkgs, inputs, user, ... }:
 let
  cfg = config.myDesktop;
 in
 {
  # Hardware modules that are always useful on desktops (bluetooth, …)
  imports = (import ../hardware);
  # ── Options ──────────────────────────────────────────────────────────────
  options.myDesktop = with lib; {
    windowManager = mkOption {
      type        = types.enum [ "niri" "sway" "kde" ];
      default     = "niri";
      description = "Window manager / desktop environment for this host.";
    };
    cpu = mkOption {
      type        = types.enum [ "amd" "intel" "none" ];
      default     = "none";
      description = "CPU type — selects the matching KVM kernel parameters.";
    };
    virtualisation.enable =
      mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)";
    syncthing = {
      enable  = mkEnableOption "syncthing continuous file synchronisation";
      devices = mkOption {
        type    = types.attrs;
        default = {};
        example = literalExpression
          ''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
        description = "Syncthing peer devices.";
      };
      folders = mkOption {
        type    = types.attrs;
        default = {};
        example = literalExpression
          ''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
        description = "Syncthing shared folders.";
      };
    };
    openrgb = {
      enable      = mkEnableOption "OpenRGB RGB motherboard control";
      motherboard = mkOption {
        type        = types.str;
        default     = "amd";
        description = "Motherboard vendor string passed to OpenRGB (amd or intel).";
      };
    };
    laptop = {
      enable             = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
      lidSwitch          = mkOption {
        type        = types.str;
        default     = "suspend-then-hibernate";
        description = "systemd-logind action on lid close.";
      };
      hibernateDelaySec  = mkOption {
        type        = types.str;
        default     = "1h";
        description = "Delay before transitioning from suspend to hibernate.";
      };
    };
    nitrokey.enable = mkEnableOption "Nitrokey hardware security key support";
    niri.hotkeyVariant = mkOption {
      type        = types.enum [ "default" "lifebook" ];
      default     = "default";
      description = "Niri hotkey variant to deploy — selects binds/<variant>.kdl.";
    };
    git.signingKey = mkOption {
      type        = types.str;
      default     = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
      description = "SSH key used for git commit signing on this host.";
    };
    extraSystemPackages = mkOption {
      type        = types.listOf types.package;
      default     = [];
      description = "Additional system packages specific to this host.";
    };
  };
  # ── Configuration ────────────────────────────────────────────────────────
  config = lib.mkMerge [
    # ── Base desktop config (replaces configuration_desktop.nix) ───────────
    {
      users.users.${user} = {
        isNormalUser = true;
        uid          = 2000;
        extraGroups  = [
          "wheel" "video" "audio" "camera" "networkmanager"
          "lp" "kvm" "libvirtd" "adb" "dialout" "tss"
        ];
      };
      security = {
        pam.services.login.enableGnomeKeyring = true;
        # swaylock PAM is harmless on non-sway WMs
        pam.services.swaylock = {};
        rtkit.enable          = true;
      };
      environment.systemPackages = with pkgs;
        [
          file
          powertop
          cpufrequtils
          lm_sensors
          libva-utils
          at-spi2-core
          qmk-udev-rules
          gptfdisk
          age-plugin-yubikey
          pwgen
          sbctl
          ausweisapp
          e2fsprogs
          orca-slicer
 	]
        ++ cfg.extraSystemPackages;
      nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ];
      services = {
        pipewire = {
          enable            = true;
          alsa.enable       = true;
          pulse.enable      = true;
          wireplumber.enable = true;
        };
        pcscd.enable        = true;
        yubikey-agent.enable = true;
        udev.packages       = with pkgs; [ yubikey-personalization nitrokey-udev-rules ];
        flatpak.enable      = true;
        gvfs.enable         = true;
        fwupd.enable        = true;
        blueman.enable      = true;
        avahi = {
          enable    = true;
          nssmdns4  = true;
          publish   = {
            enable       = true;
            addresses    = true;
            userServices = true;
          };
        };
      };
      programs.dconf.enable     = true;
      system.autoUpgrade.enable = false;
      home-manager.users.${user}.programs.git.signing.key =
        cfg.git.signingKey;
    }
    # ── Niri ───────────────────────────────────────────────────────────────
    (lib.mkIf (cfg.windowManager == "niri") {
      environment = {
        systemPackages = with pkgs; [
          alacritty
          xdg-desktop-portal-gnome
          xdg-desktop-portal-gtk
          swaylock
          swayidle
          slurp
          grim
          lxqt.lxqt-openssh-askpass
          clinfo
          glib
          brightnessctl
          playerctl
          xwayland-satellite
          breeze-hacked-cursor-theme
          pwvucontrol
        ];
        loginShellInit = ''
          export GTK_IM_MODULE="simple"
          export ELECTRON_OZONE_PLATFORM_HINT="auto"
          export NIXOS_OZONE_WL="1"
          export WLR_RENDERER="vulkan"
          export _JAVA_AWT_WM_NONREPARENTING="1"
        '';
      };
      services = {
        iio-niri.enable = false;
        greetd = {
          enable          = true;
          useTextGreeter  = true;
          settings.default_session.command =
            "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
        };
        tuned.enable  = true;
        upower.enable = true;
      };
      programs = {
        niri.enable            = true;
        ssh.enableAskPassword  = true;
        ssh.askPassword        =
          "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
      };
      # Noctalia shell + niri home config via home-manager
      home-manager.users.${user} = {
        imports = [
          inputs.noctalia.homeModules.default
          ../wm/niri/home.nix
        ];
        xdg.configFile."niri/binds.kdl".source =
          ../wm/niri/binds/${cfg.niri.hotkeyVariant}.kdl;
        services = {
          mako.enable         = true;
          polkit-gnome.enable = true;
        };
        programs = {
          fuzzel.enable = true;
          noctalia-shell = {
            enable         = true;
            settings = {
              appLauncher.terminalCommand = "alacritty -e";
              bar = {
                density     = "compact";
                position    = "top";
                showCapsule = false;
                widgets = {
                  left = [
                    { id = "ControlCenter"; useDistroLogo = true; }
                    { hideUnoccupied = false; id = "Workspace";
                      labelMode = "index"; showApplications = true; }
                    { id = "ActiveWindow"; }
                  ];
                  center = [
                    { formatHorizontal   = "HH:mm\\ndd-MM-yy";
                      formatVertical     = "HH mm";
                      id                 = "Clock";
                      useMonospacedFont  = true;
                      usePrimaryColor    = true; }
                  ];
                  right = [
                    { id = "MediaMini"; }
                    { id = "SystemMonitor"; showNetworkStats = true; compactMode = false; }
                    { id = "WiFi"; }
                    { id = "Bluetooth"; }
                    { id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; }
                    { id = "Volume"; displayMode = "alwaysShow"; }
                    { id = "NotificationHistory"; hideWhenZero = true; }
                    { id = "Tray"; }
                  ];
                };
              };
              colorSchemes.predefinedScheme = "Catppuccin";
              general = {
                avatarImage    = "/home/${user}/.face";
                radiusRatio    = 0.2;
                lockOnSusepnd  = true;
              };
              location = {
                monthBeforeDay           = true;
                name                     = "Munich, Germany";
                showWeekNumberInCalendar = true;
                firstDayOfWeek           = 0;
              };
              wallpaper = {
                enabled         = true;
                overviewEnabled = false;
                directory       = "/home/${user}/.setup/modules/themes/";
              };
              brightness = {
                enforceMinimum = true;
                brightnessStep = 5;
              };
              controlCenter.shortcuts.left = [
                { id = "WiFi"; }
                { id = "Bluetooth"; }
                { id = "ScreenRecorder"; }
                { id = "PowerProfile"; }
                { id = "KeepAwake"; }
              ];
              dock.enabled              = false;
              sessionMenu.enableCountdown = false;
              templates = {
                fuzzel   = true;
                alacritty = true;
                qt       = true;
                gtk      = true;
                discord  = true;
                code     = true;
                telegram = true;
                niri     = true;
                firefox  = true;
              };
            };
          };
        };
        home.file.".cache/noctalia/wallpapers.json".text = builtins.toJSON {
          defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
        };
      };
    })
    # ── Sway ───────────────────────────────────────────────────────────────
    (lib.mkIf (cfg.windowManager == "sway") {
      environment = {
        loginShellInit = ''
          if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
            exec sway
          fi
        '';
        systemPackages = with pkgs; [
          xdg-desktop-portal-wlr
          sway
          swaylock
          swayidle
          slurp
          grim
          bemenu
          lxqt.lxqt-openssh-askpass
          clinfo
          waybar
          glib
        ];
      };
      programs = {
        sway = {
          enable               = true;
          extraSessionCommands = ''
            export MOZ_ENABLE_WAYLAND="1"
            export MOZ_WEBRENDER="1"
            export WLR_RENDERER="vulkan"
            export XDG_SESSION_TYPE="wayland"
            export GTK_THEME="Arc"
            export _JAVA_AWT_WM_NONREPARENTING="1"
          '';
        };
        ssh.enableAskPassword = true;
        ssh.askPassword       =
          "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
      };
      xdg.portal = {
        enable      = true;
        wlr.enable  = true;
        extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
      };
      home-manager.users.${user}.imports = [
        ../wm/sway/home.nix
        ../wm/waybar.nix        # sway uses waybar for the bar
      ];
    })
    # ── KDE Plasma ─────────────────────────────────────────────────────────
    (lib.mkIf (cfg.windowManager == "kde") {
      environment.systemPackages = with pkgs; [
        kdePackages.discover
        maliit-keyboard
        maliit-framework
        kdePackages.ksshaskpass
      ];
      programs.ssh = {
        enableAskPassword = true;
        askPassword       = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
      };
      services = {
        packagekit.enable              = true;
        desktopManager.plasma6.enable  = true;
        udev.packages                  = with pkgs; [ gnome-settings-daemon ];
      };
      qt.platformTheme = "kde";
      home-manager.users.${user}.imports = [ ../wm/kde/home.nix ];
    })
    # ── Virtualisation (podman/docker-compat + qemu/libvirt) ───────────────
    (lib.mkIf cfg.virtualisation.enable {
      users.groups = {
        docker.members   = [ user ];
        libvirtd.members = [ "root" user ];
      };
      virtualisation = {
        podman = {
          enable           = true;
          autoPrune.enable = true;
          dockerCompat     = true;
        };
        libvirtd = {
          enable      = true;
          onShutdown  = "shutdown";
          qemu.runAsRoot = false;
        };
        spiceUSBRedirection.enable = true;
      };
      environment.systemPackages = with pkgs; [
        virt-manager
        virt-viewer
        qemu
        OVMF
        OVMF-cloud-hypervisor
        gvfs
        cloud-hypervisor
      ];
    })
    # ── KVM – AMD ──────────────────────────────────────────────────────────
    (lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "amd") {
      boot.extraModprobeConfig = ''
        options kvm_amd nested=0 avic=1 npt=1
      '';
    })
    # ── KVM – Intel ────────────────────────────────────────────────────────
    (lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "intel") {
      boot.extraModprobeConfig = ''
        options kvm_intel nested=1
        options kvm_intel emulate_invalid_guest_state=0
        options kvm ignore_nsrs=1
      '';
    })
    # ── Syncthing ──────────────────────────────────────────────────────────
    (lib.mkIf cfg.syncthing.enable {
      services.syncthing = {
        enable           = true;
        group            = "users";
        user             = user;
        dataDir          = "/home/${user}/Sync";
        configDir        = "/home/${user}/.config/syncthing";
        overrideDevices  = true;
        overrideFolders  = true;
        openDefaultPorts = true;
        settings = {
          devices = cfg.syncthing.devices;
          folders = cfg.syncthing.folders;
        };
      };
    })
    # ── OpenRGB ────────────────────────────────────────────────────────────
    (lib.mkIf cfg.openrgb.enable {
      services.hardware.openrgb = {
        enable      = true;
        motherboard = cfg.openrgb.motherboard;
      };
    })
    # ── Laptop ─────────────────────────────────────────────────────────────
    (lib.mkIf cfg.laptop.enable {
      systemd.sleep.extraConfig =
        "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
      services.logind.settings.Login.HandleLidSwitch =
        cfg.laptop.lidSwitch;
    })
    # ── Nitrokey ───────────────────────────────────────────────────────────
    (lib.mkIf cfg.nitrokey.enable {
      hardware.nitrokey.enable = true;
    })
  ];
 }
--- a/modules/editors/nvim/default.nix
+++ b/modules/editors/nvim/default.nix
@@ -17,6 +17,8 @@
      vimAlias = true;
      vimdiffAlias = true;
      withNodeJs = true;
      withRuby = true;
      withPython3 = true;
 #      plugins = with pkgs.vimPlugins; [
 #
@@ -51,12 +53,12 @@
 #        indent-blankline-nvim
 #      ];
-      extraPackages = with pkgs; [
+#      extraPackages = with pkgs; [
-        ripgrep
+#        ripgrep
-        fd
+#        fd
-        nodejs
+#        nodejs
-        nodePackages.npm
+#        nodePackages.npm
-      ];
+#      ];
 #      extraConfig = ''
 #        set expandtab
--- a/modules/hardware/autoaspm.py
+++ b/modules/hardware/autoaspm.py
@@ -0,0 +1,114 @@
 #!/usr/bin/env python3
 # Original bash script by Luis R. Rodriguez
 # Re-written in Python by z8
 # Re-re-written to patch supported devices automatically by notthebee
 import re
 import subprocess
 import os
 import platform
 from enum import Enum
 class ASPM(Enum):
    DISABLED = 0b00
    L0s = 0b01
    L1 = 0b10
    L0sL1 = 0b11
 def run_prerequisites():
    if platform.system() != "Linux":
        raise OSError("This script only runs on Linux-based systems")
    if not os.environ.get("SUDO_UID") and os.geteuid() != 0:
        raise PermissionError("This script needs root privileges to run")
    lspci_detected = subprocess.run(["which", "lspci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
    if lspci_detected.returncode > 0:
        raise Exception("lspci not detected. Please install pciutils")
    lspci_detected = subprocess.run(["which", "setpci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
    if lspci_detected.returncode > 0:
        raise Exception("setpci not detected. Please install pciutils")
 def get_device_name(addr):
    p = subprocess.Popen([
        "lspci",
        "-s",
        addr,
    ], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    return p.communicate()[0].splitlines()[0].decode()
 def read_all_bytes(device):
    all_bytes = bytearray()
    device_name = get_device_name(device)
    p = subprocess.Popen([
        "lspci",
        "-s",
        device,
        "-xxx"
    ], stdout= subprocess.PIPE, stderr=subprocess.PIPE)
    ret = p.communicate()
    ret = ret[0].decode()
    for line in ret.splitlines():
        if not device_name in line and ": " in line:
            all_bytes.extend(bytearray.fromhex(line.split(": ")[1]))
    if len(all_bytes) < 256:
        exit()
    return all_bytes
 def find_byte_to_patch(bytes, pos):
    pos = bytes[pos]
    if bytes[pos] != 0x10:
        pos += 0x1
        return find_byte_to_patch(bytes, pos)
    else:
        pos += 0x10
        return pos
 def patch_byte(device, position, value):
    subprocess.Popen([
        "setpci",
        "-s",
        device,
        f"{hex(position)}.B={hex(value)}"
    ]).communicate()
 def patch_device(addr, aspm_value):
    endpoint_bytes = read_all_bytes(addr)
    byte_position_to_patch = find_byte_to_patch(endpoint_bytes, 0x34)
    if int(endpoint_bytes[byte_position_to_patch]) & 0b11 != aspm_value.value:
        patched_byte = int(endpoint_bytes[byte_position_to_patch])
        patched_byte = patched_byte >> 2
        patched_byte = patched_byte << 2
        patched_byte = patched_byte | aspm_value.value
        patch_byte(addr, byte_position_to_patch, patched_byte)
        print(f"{addr}: Enabled ASPM {aspm_value.name}")
    else:
        print(f"{addr}: Already has ASPM {aspm_value.name} enabled")
 def list_supported_devices():
    pcie_addr_regex = r"([0-9a-f]{2}:[0-9a-f]{2}.[0-9a-f])"
    lspci = subprocess.run("lspci -vv", shell=True, capture_output=True).stdout
    lspci_arr = re.split(pcie_addr_regex, str(lspci))[1:]
    lspci_arr = [ x+y for x,y in zip(lspci_arr[0::2], lspci_arr[1::2]) ]
    aspm_devices = {}
    for dev in lspci_arr:
        device_addr = re.findall(pcie_addr_regex, dev)[0]
        if "ASPM" not in dev or "ASPM not supported" in dev:
            continue
        aspm_support = re.findall(r"ASPM (L[L0-1s ]*),", dev)
        if aspm_support:
            aspm_devices.update({device_addr: ASPM[aspm_support[0].replace(" ", "")]})
    return aspm_devices
 def main():
    run_prerequisites()
    for device, aspm_mode in list_supported_devices().items():
        patch_device(device, aspm_mode)
 if __name__ == "__main__":
    main()
--- a/modules/hardware/backup.nix
+++ b/modules/hardware/backup.nix
@@ -9,7 +9,10 @@
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
        roles = [ "source" "info" "send" ];
      }
      {
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
        roles = [ "target" "info" "receive" "delete" ];
      }
    ];
    extraPackages = [ pkgs.lz4 ];
  };
 }
--- a/modules/hardware/bluetooth.nix
+++ b/modules/hardware/bluetooth.nix
@@ -14,4 +14,7 @@
      };
    };
  };
  environment.systemPackages = with pkgs; [
    zmkBATx
  ];
 }
--- a/modules/hardware/hydraCache.nix
+++ b/modules/hardware/hydraCache.nix
@@ -0,0 +1,19 @@
 { config, lib, pkgs, ... }:
 {
  nix = {
    settings = {
      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
 	"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
      ];
      extra-substituters = [
        "https://cache.home.opel-online.de"
        "https://steamdeck.cachix.org"
        "https://cache.ci.kabtop.de"
      ];
    };
  };
 }
--- a/modules/kabbone/corosync-qdevice.nix
+++ b/modules/kabbone/corosync-qdevice.nix
@@ -0,0 +1,75 @@
 {
  lib,
  config,
  pkgs,
  pkgs-kabbone,
  ...
 }:
 let
  cfg = config.services.corosync-qnetd;
  dataDir = "/var/run/corosync-qnetd";
 in
 {
  # interface
  options.services.corosync-qnetd = {
    enable = lib.mkEnableOption "corosync-qnetd";
    package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { };
    extraOptions = lib.mkOption {
      type = with lib.types; listOf str;
      default = [ ];
      description = "Additional options with which to start corosync-qnetd.";
    };
  };
  # implementation
  # implementation
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];
    users.users.coroqnetd = {
      isSystemUser = true;
      group = "coroqnetd";
      home = dataDir;
      description = "Corosync-qnetd Service User";
    };
    users.groups.coroqnetd = { };
   # environment.etc."corosync/corosync-qnetd.conf".text = ''
   #   totem {
   #     version: 2
   #     secauth: on
   #     cluster_name: ${cfg.clusterName}
   #     transport: knet
   #   }
   #   logging {
   #     to_syslog: yes
   #   }
   # '';
    systemd.packages = [ cfg.package ];
    systemd.services.corosync-qnetd = {
      serviceConfig = {
        User = "coroqnetd";
        StateDirectory = "corosync-qnetd";
        StateDirectoryMode = "0700";
      };
    };
    environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) ''
      COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
    '';
  };
  meta = {
    #buildDocsInSandbox = false;
    #doc = ./mautrix-whatsapp.md;
    maintainers = with lib.maintainers; [
      kabbone
    ];
  };
 }
--- a/modules/kabbone/mautrix-whatsapp.md
+++ b/modules/kabbone/mautrix-whatsapp.md
@@ -0,0 +1,32 @@
 # Mautrix-Whatsapp {#module-services-mautrix-whatsapp}
 [Mautrix-Whatsapp](https://github.com/mautrix/whatsapp) is a Matrix-Whatsapp puppeting bridge.
 ## Configuration {#module-services-mautrix-whatsapp-configuration}
 1. Set [](#opt-services.mautrix-whatsapp.enable) to `true`. The service will use
   SQLite by default.
 2. To create your configuration check the default configuration for
   [](#opt-services.mautrix-whatsapp.settings). To obtain the complete default
   configuration, run
   `nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c default.yaml -e"`.
 ::: {.warning}
 Mautrix-Whatsapp allows for some options like `encryption.pickle_key`,
 `provisioning.shared_secret`, allow the value `generate` to be set.
 Since the configuration file is regenerated on every start of the
 service, the generated values would be discarded and might break your
 installation. Instead, set those values via
 [](#opt-services.mautrix-whatsapp.environmentFile).
 :::
 ## Migrating from an older configuration {#module-services-mautrix-whatsapp-migrate-configuration}
 With Mautrix-Whatsapp v0.7.0 the configuration has been rearranged. Mautrix-Whatsapp
 performs an automatic configuration migration so your pre-0.7.0 configuration
 should just continue to work.
 In case you want to update your NixOS configuration, compare the migrated configuration
 at `/var/lib/mautrix-whatsapp/config.yaml` with the default configuration
 (`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c example.yaml -e"`) and
 update your module configuration accordingly.
--- a/modules/kabbone/mautrix-whatsapp.nix
+++ b/modules/kabbone/mautrix-whatsapp.nix
@@ -0,0 +1,280 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.services.kabbone_mautrix-whatsapp;
  dataDir = "/var/lib/mautrix-whatsapp";
  registrationFile = "${dataDir}/whatsapp-registration.yaml";
  settingsFile = "${dataDir}/config.yaml";
  settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
  settingsFormat = pkgs.formats.json { };
  appservicePort = 29318;
  # to be used with a list of lib.mkIf values
  optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
  mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
  defaultConfig = {
    network = {
      displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
      identity_change_notices = true;
      history_sync = {
        request_full_sync = true;
      };
    };
    bridge = {
      command_prefix = "!wa";
      relay.enabled = true;
      permissions."*" = "relay";
    };
    database = {
      type = "sqlite3";
      uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
    };
    homeserver.address = "http://localhost:8448";
    appservice = {
      hostname = "[::]";
      port = appservicePort;
      id = "whatsapp";
      bot = {
        username = "whatsappbot";
        displayname = "WhatsApp Bridge Bot";
      };
      as_token = "";
      hs_token = "";
      username_template = "whatsapp_{{.}}";
    };
    double_puppet = {
      servers = { };
      secrets = { };
    };
    # By default, the following keys/secrets are set to `generate`. This would break when the service
    # is restarted, since the previously generated configuration will be overwritten everytime.
    # If encryption is enabled, it's recommended to set those keys via `environmentFile`.
    encryption.pickle_key = "";
    provisioning.shared_secret = "";
    public_media.signing_key = "";
    direct_media.server_key = "";
    logging = {
      min_level = "info";
      writers = lib.singleton {
        type = "stdout";
        format = "pretty-colored";
        time_format = " ";
      };
    };
  };
 in
 {
  options.services.kabbone_mautrix-whatsapp = {
    enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
    package = lib.mkPackageOption pkgs "mautrix-whatsapp" { };
    settings = lib.mkOption {
      apply = lib.recursiveUpdate defaultConfig;
      type = settingsFormat.type;
      default = defaultConfig;
      description = ''
        {file}`config.yaml` configuration as a Nix attribute set.
        Configuration options should match those described in the example configuration.
        Get an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`
        Secret tokens should be specified using {option}`environmentFile`
        instead of this world-readable attribute set.
      '';
      example = {
        bridge = {
          private_chat_portal_meta = true;
          mute_only_on_create = false;
          permissions = {
            "example.com" = "user";
          };
        };
        database = {
          type = "postgres";
          uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
        };
        homeserver = {
          address = "http://[::1]:8008";
          domain = "my-domain.tld";
        };
        appservice = {
          id = "whatsapp";
          ephemeral_events = false;
        };
        matrix.message_status_events = true;
        provisioning = {
          shared_secret = "disable";
        };
        backfill.enabled = true;
        encryption = {
          allow = true;
          default = true;
          require = true;
          pickle_key = "$ENCRYPTION_PICKLE_KEY";
        };
      };
    };
    environmentFile = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      default = null;
      description = ''
        File containing environment variables to be passed to the mautrix-signal service.
        If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
        then its value will be used in the configuration file for the option
        `double_puppet.secrets` without leaking it to the store, using the configured
        `homeserver.domain` as key.
      '';
    };
    serviceDependencies = lib.mkOption {
      type = with lib.types; listOf str;
      default =
        (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
        ++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
      defaultText = lib.literalExpression ''
        (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
        ++ (optional config.services.matrix-conduit.enable "conduit.service")
      '';
      description = ''
        List of systemd units to require and wait for when starting the application service.
      '';
    };
    registerToSynapse = lib.mkOption {
      type = lib.types.bool;
      default = config.services.matrix-synapse.enable;
      defaultText = lib.literalExpression ''
        config.services.matrix-synapse.enable
      '';
      description = ''
        Whether to add the bridge's app service registration file to
        `services.matrix-synapse.settings.app_service_config_files`.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    users.users.mautrix-whatsapp = {
      isSystemUser = true;
      group = "mautrix-whatsapp";
      home = dataDir;
      description = "Mautrix-Whatsapp bridge user";
    };
    users.groups.mautrix-whatsapp = { };
    services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
      settings.app_service_config_files = [ registrationFile ];
    };
    systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
      serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
    };
    # Note: this is defined here to avoid the docs depending on `config`
    services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
      with config.services;
      [
        (lib.mkIf matrix-synapse.enable (mkDefaults {
          domain = matrix-synapse.settings.server_name;
        }))
        (lib.mkIf matrix-conduit.enable (mkDefaults {
          domain = matrix-conduit.settings.global.server_name;
          address = "http://localhost:${toString matrix-conduit.settings.global.port}";
        }))
      ]
    );
    systemd.services.kabbone_mautrix-whatsapp = {
      description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
      wantedBy = [ "multi-user.target" ];
      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
      # ffmpeg is required for conversion of voice messages
      path = [ pkgs.ffmpeg-headless ];
      preStart = ''
        # substitute the settings file by environment variables
        # in this case read from EnvironmentFile
        test -f '${settingsFile}' && rm -f '${settingsFile}'
        old_umask=$(umask)
        umask 0177
        ${pkgs.envsubst}/bin/envsubst \
          -o '${settingsFile}' \
          -i '${settingsFileUnsubstituted}'
        umask $old_umask
        # generate the appservice's registration file if absent
        if [ ! -f '${registrationFile}' ]; then
          ${cfg.package}/bin/mautrix-whatsapp \
            --generate-registration \
            --config='${settingsFile}' \
            --registration='${registrationFile}'
        fi
        chmod 640 ${registrationFile}
        umask 0177
        # 1. Overwrite registration tokens in config
        # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET
        #    is set, set it as the login shared secret value for the configured
        #    homeserver domain.
        ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
          | .[0].appservice.hs_token = .[1].hs_token
          | .[0]
          | if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
          '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
        mv '${settingsFile}.tmp' '${settingsFile}'
        umask $old_umask
      '';
      serviceConfig = {
        User = "mautrix-whatsapp";
        Group = "mautrix-whatsapp";
        EnvironmentFile = cfg.environmentFile;
        StateDirectory = baseNameOf dataDir;
        WorkingDirectory = dataDir;
        ExecStart = ''
          ${cfg.package}/bin/mautrix-whatsapp \
          --config='${settingsFile}' \
          --registration='${registrationFile}'
        '';
        LockPersonality = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateTmp = true;
        PrivateUsers = true;
        ProtectClock = true;
        ProtectControlGroups = true;
        ProtectHome = true;
        ProtectHostname = true;
        ProtectKernelLogs = true;
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        ProtectSystem = "strict";
        Restart = "on-failure";
        RestartSec = "30s";
        RestrictRealtime = true;
        RestrictSUIDSGID = true;
        SystemCallArchitectures = "native";
        SystemCallErrorNumber = "EPERM";
        SystemCallFilter = [ "@system-service" ];
        Type = "simple";
        UMask = 27;
      };
      restartTriggers = [ settingsFileUnsubstituted ];
    };
  };
  meta = {
    #buildDocsInSandbox = false;
    #doc = ./mautrix-whatsapp.md;
    maintainers = with lib.maintainers; [
      kabbone
    ];
  };
 }
--- a/modules/programs/alacritty.nix
+++ b/modules/programs/alacritty.nix
@@ -1,32 +0,0 @@
 #
 # Terminal Emulator
 #
 # Hardcoded as terminal for rofi and doom emacs
 { pkgs, ... }:
 {
  home.packages = [ pkgs.alacritty ];
  programs = {
    alacritty = {
      enable = true;
      package = pkgs.alacritty;
      settings = {
        font = rec {                          # Font - Laptop has size manually changed at home.nix
          #normal.family = "FiraCode Nerd Font";
          normal.family = "Cascadia Code";
          #normal.family = "Intel One Mono";
          #bold = { style = "Bold"; };
 #         size = 8;
        };
        offset = {                            # Positioning
          x = -1;
          y = 0;
        };
      };
    };
  };
 }
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -1,21 +1,3 @@
 #
 #  Apps
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./apps
 #           └─ default.nix *
 #               └─ ...
 #
 [
-   ./alacritty.nix
+  ./firefox.nix
   ./rofi.nix
   ./firefox.nix
   #./waybar.nix
   #./games.nix
 ]
 # Waybar.nix is pulled from modules/wm/..
 # Games.nix is pulled from desktop/default.nix
--- a/modules/programs/firefox.nix
+++ b/modules/programs/firefox.nix
@@ -3,7 +3,7 @@
 #
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
@@ -12,13 +12,14 @@
  programs = {
    firefox = {
      enable = true;
      configPath = "${config.xdg.configHome}/mozilla/firefox";
      #package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
          #forceWayland = true;
      #    extraPolicies = {
      #        ExtensionSettings =  {};
      #    };
      #};
-      package = pkgs.firefox-wayland;
+#      package = pkgs.firefox-wayland;
 #      profiles.kabbone = {
 #          #id = 271987;
 #          name = "kabbone";
--- a/modules/programs/rofi.nix
+++ b/modules/programs/rofi.nix
@@ -1,119 +0,0 @@
 #
 # System Menu
 #
 { config, lib, pkgs, ... }:
 let
  inherit (config.lib.formats.rasi) mkLiteral;        # Theme.rasi alternative. Add Theme here
  colors = import ../themes/colors.nix;
 in
 {
  programs = {
    rofi = {
      enable = true;
      terminal = "${pkgs.alacritty}/bin/alacritty";           # Alacritty is default terminal emulator
      location = "center";
      theme =  with colors.scheme.doom; {
        "*" = {
          bg0 = mkLiteral "#${bg}";
          bg1 = mkLiteral "#414868";
          fg0 = mkLiteral "#${text}";
          fg1 = mkLiteral "#${text-alt}";
          background-color = mkLiteral "transparent";
          text-color = mkLiteral "@fg0";
          margin = 0;
          padding = 0;
          spacing = 0;
        };
        "element-icon, element-text, scrollbar" = {
          cursor = mkLiteral "pointer";
        };
        "window" = {
          location = mkLiteral "northwest";
          width = mkLiteral "280px";
          x-offset = mkLiteral "8px";
          y-offset = mkLiteral "24px";
          background-color = mkLiteral "@bg0";
          border = mkLiteral "1px";
          border-color = mkLiteral "@bg1";
          border-radius = mkLiteral "6px";
        };
        "inputbar" = {
          spacing = mkLiteral "8px";
          padding = mkLiteral "4px 8px";
          children = mkLiteral "[ icon-search, entry ]";
          #background-color = mkLiteral "@bg0";
          background-color = mkLiteral "@bg0";
        };
        "icon-search, entry, element-icon, element-text" = {
          vertical-align = mkLiteral "0.5";
        };
        "icon-search" = {
          expand = false;
          filename = mkLiteral "[ search-symbolic ]";
          size = mkLiteral "14px";
        };
        "textbox" = {
          padding = mkLiteral "4px 8px";
          background-color = mkLiteral "@bg0";
        };
        "listview" = {
          padding = mkLiteral "4px 0px";
          lines = 12;
          columns = 1;
          scrollbar = true;
          fixed-height = false;
          dynamic = true;
        };
        "element" = {
          padding = mkLiteral "4px 8px";
          spacing = mkLiteral "8px";
        };
        "element normal urgent" = {
          text-color = mkLiteral "@fg1";
        };
        "element normal active" = {
          text-color = mkLiteral "@fg1";
        };
        "element selected" = {
          text-color = mkLiteral "@bg0"; #1
          background-color = mkLiteral "@fg1";
        };
        "element selected urgent" = {
          background-color = mkLiteral "@fg1";
        };
        "element-icon" = {
          size = mkLiteral "0.8em";
        };
        "element-text" = {
          text-color = mkLiteral "inherit";
        };
        "scrollbar" = {
          handle-width = mkLiteral "4px";
          handle-color = mkLiteral "@fg1";
          padding = mkLiteral "0 4px";
        };
      };
    };
  };
 }
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -0,0 +1,151 @@
 #
 #  Server module — import this instead of configuration_server.nix + manual virtualisation imports.
 #
 #  Usage in hosts/<hostname>/default.nix:
 #
 #    imports = [
 #      ./hardware-configuration.nix
 #      ../../modules/server
 #    ];
 #
 #    myServer.virtualisation.enable = true;
 #    myServer.virtualisation.cpu    = "amd";   # amd | intel | none (default)
 #
 #    myServer.sshPort               = 2220;    # default
 #    myServer.fail2ban.enable       = true;
 #
 #    myServer.extraSystemPackages   = with pkgs; [ some-tool ];
 #
 { config, lib, pkgs, user, ... }:
 let
  cfg = config.myServer;
 in
 {
  # ── Options ──────────────────────────────────────────────────────────────
  options.myServer = with lib; {
    uid = mkOption {
      type        = types.int;
      default     = 3000;
      description = "UID for the server user.";
    };
    sshPort = mkOption {
      type        = types.port;
      default     = 2220;
      description = "Port openssh listens on.";
    };
    sudoRequiresPassword = mkOption {
      type        = types.bool;
      default     = true;
      description = "Whether wheel users must enter a password for sudo.";
    };
    autoUpgrade.enable = mkOption {
      type        = types.bool;
      default     = true;
      description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix).";
    };
    virtualisation = {
      enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)";
      cpu    = mkOption {
        type        = types.enum [ "amd" "intel" "none" ];
        default     = "none";
        description = "CPU type — selects KVM kernel parameters when virtualisation is enabled.";
      };
    };
    extraGroups = mkOption {
      type        = types.listOf types.str;
      default     = [];
      description = "Additional groups for the server user beyond the defaults.";
    };
    extraSystemPackages = mkOption {
      type        = types.listOf types.package;
      default     = [];
      description = "Additional system packages specific to this host.";
    };
    fail2ban = {
      enable = mkEnableOption "fail2ban intrusion prevention";
    };
  };
  # ── Configuration ────────────────────────────────────────────────────────
  config = lib.mkMerge [
    # ── Base server config ────────────────────────────────────────────────
    {
      users.users.${user} = {
        isNormalUser = true;
        uid          = cfg.uid;
        extraGroups  = [ "wheel" "networkmanager" "kvm" "libvirtd" ] ++ cfg.extraGroups;
      };
      security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
      environment.systemPackages = with pkgs; [
        ffmpeg
        smartmontools
        htop
      ] ++ cfg.extraSystemPackages;
      services.openssh = {
        ports       = [ cfg.sshPort ];
        openFirewall = true;
      };
      nix.extraOptions = ''
        keep-outputs          = true
        keep-derivations      = true
      '';
      system.autoUpgrade.enable = cfg.autoUpgrade.enable;
    }
    # ── Virtualisation (podman/docker-compat) ─────────────────────────────
    (lib.mkIf cfg.virtualisation.enable {
      virtualisation.podman = {
        enable           = true;
        autoPrune.enable = true;
        dockerCompat     = true;
      };
      users.groups.docker.members = [ user ];
    })
    # ── KVM – AMD ─────────────────────────────────────────────────────────
    (lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "amd") {
      boot.extraModprobeConfig = ''
        options kvm_amd nested=0 avic=1 npt=1
      '';
    })
    # ── KVM – Intel ───────────────────────────────────────────────────────
    (lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "intel") {
      boot.extraModprobeConfig = ''
        options kvm_intel nested=1
        options kvm_intel emulate_invalid_guest_state=0
        options kvm ignore_nsrs=1
      '';
    })
    # ── Fail2ban ──────────────────────────────────────────────────────────
    (lib.mkIf cfg.fail2ban.enable {
      services.fail2ban = {
        enable     = true;
        maxretry   = 5;
        jails.DEFAULT.settings.findtime = "15m";
      };
    })
  ];
 }
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1,25 +1,3 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
-  ./dunst.nix
+  ./keyring.nix
  ./flameshot.nix
  #./picom.nix
  #./polybar.nix
  #./sxhkd.nix
  #./udiskie.nix
  #./redshift.nix
  ./kanshi.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/dmz/default.nix
+++ b/modules/services/dmz/default.nix
@@ -12,7 +12,7 @@
 [
  ./microvm.nix
-  ./hydra.nix
+#  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -1,11 +1,91 @@
 { lib, config, pkgs, ... }:
 {
-    services.hydra = {
+    services = {
-      enable = true;
+      hydra = {
-      hydraURL = "http://localhost:3000";
+        enable = true;
-      notificationSender = "hydra@localhost";
+        hydraURL = "https://hydra.home.opel-online.de";
-      useSubstitutes = true;
+        listenHost = "127.0.0.1";
        notificationSender = "hydra@localhost";
        useSubstitutes = true;
        minimumDiskFree = 30;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "home.opel-online.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.home.opel-online.de" = {
            useACMEHost = "home.opel-online.de";
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@opel-online.de";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
        dnsResolver = "9.9.9.9:53";
      };
      certs = {
        "home.opel-online.de" = {
          domain = "*.home.opel-online.de";
          dnsProvider = "netcup";
          environmentFile = config.age.secrets."services/acme/opel-online".path;
          webroot = null;
        };
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = "http:// https://";
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
    age.secrets."services/acme/opel-online" = {
      file = ../../../secrets/services/acme/opel-online.age;
      owner = "acme";
    };
 }
--- a/modules/services/dmz/microvm.nix
+++ b/modules/services/dmz/microvm.nix
@@ -84,6 +84,7 @@ in
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/nixos"
                "/var/lib/private"
              ];
@@ -95,6 +96,7 @@ in
          microvm = {
            hypervisor = "cloud-hypervisor";
            vsock.cid = 3;
            vcpu = 4;
            mem = 4096;
            interfaces = [
@@ -103,7 +105,7 @@ in
              id = "vm-${name}";
              mac = "04:00:00:00:00:01";
              macvtap = {
-                  link = "enp6s18";
+                  link = "ens18";
                  mode = "bridge";
              };
            } ];
--- a/modules/services/dunst.nix
+++ b/modules/services/dunst.nix
@@ -1,76 +0,0 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 let
  colors = import ../themes/colors.nix;                 # Import colors theme
  dunst-volume-notification = pkgs.writeShellScriptBin "volume-notify" ''
    if [ "$(pulsemixer --get-mute)" = "0" ]; then dunstify -u low -r 1 " 🔊 $(pulsemixer --get-volume | awk '{print $1}')%"
    else dunstify -u low -r 1 "🔈 Muted"; fi
  '';
  dunst-brightness-notification = pkgs.writeShellScriptBin "brightness-notify" ''    
    dunstify -u low -r 1 " $(light -G)%"
  '';
 in
 {
  cmds.notifications.volume = "volume-notify";
  cmds.notifications.brightness = "brightness-notify";
  home.packages = [
    dunst-volume-notification
    dunst-brightness-notification
    pkgs.libnotify
  ];
  services.dunst = {
    enable = true;
    settings = {
      global = {
        monitor = 0;
        follow = "keyboard";
        indicate_hidden = "yes";
        shrink = true;
        transparency = 0;
        origin = "top-center";
        offset = "0x20";
        seperator_height = 0;
        padding = 12;
        horizontal_padding = 20;
        frame_width = 4;
        seperator_color = "auto";
        font = "${config.theme.font}";
        markup = "full";
        format = "<span foreground='#b3cfa7'><b>%s</b>%p</span>\n%b";
        alignment = "center";
        show_age_threshold = 60;
        word_wrap = "yes";
        ellipsize = "middle";
        ignore_newline = "no";
        stack_duplicates = true;
        hide_duplicate_count = true;
        show_indicators = "yes";
        icon_position = "off";
        sticky_history = "yes";
        history_length = 20;
        always_run_script = true;
        browser = "/usr/bin/xdg-open";
        corner_radius = 12;
        force_xinerama = false;
        mouse_left_click = "close_current";
        mouse_middle_click = "do_action";
        mouse_right_click = "close_all";
        progress_bar_min_width = "200";
        enable_recursive_icon_lookup = true;
      };
      urgency_low.timeout = 4;
      urgency_normal.timeout = 8;
      urgency_critical.timeout = 0;
    };
  };
  xdg.dataFile."dbus-1/services/org.knopwob.dunst.service".source = "${pkgs.dunst}/share/dbus-1/services/org.knopwob.dunst.service";
 }
--- a/modules/services/flameshot.nix
+++ b/modules/services/flameshot.nix
@@ -1,22 +0,0 @@
 #
 # Screenshots
 #
 { pkgs, user, ... }:
 {
  services = {                                    # sxhkd shortcut = Printscreen button (Print)
    flameshot = {
      enable = true;
      settings = {
        General = {                               # Settings
          savePath = "/home/${user}/";
          saveAsFileExtension = ".png";
          uiColor = "#2d0096";
          showHelp = "false";
          disabledTrayIcon = "true";              # Hide from systray
        };
      };
    };
  };
 }
--- a/modules/services/kabtopci/default.nix
+++ b/modules/services/kabtopci/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./microvm.nix
  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/kabtopci/gitea_runner.nix
+++ b/modules/services/kabtopci/gitea_runner.nix
@@ -0,0 +1,59 @@
 { lib, config, pkgs, ... }:
 {
    virtualisation = {
      podman ={
        enable = true;
        autoPrune.enable = true;
        dockerCompat = true;
      };
      containers.containersConf.settings = {
        # podman seems to not work with systemd-resolved
        containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
      };
    };
    services.gitea-actions-runner.instances = {
        cirunner = {
            enable = true;
            url = "https://git.kabtop.de";
            name = "CI Kabtop runner";
            tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
            labels = [ 
              "ci"
              "debian-latest:docker://node:18-bullseye"
              "ubuntu-latest:docker://node:16-bullseye"
              "ubuntu-22.04:docker://node:16-bullseye"
              "ubuntu-20.04:docker://node:16-bullseye"
              "ubuntu-18.04:docker://node:16-buster"
              "native:host"
            ];
            hostPackages = with pkgs; [
              bash
              coreutils
              curl
              gawk
              gitMinimal
              gnused
              nodejs
              wget
            ];
            settings = {
             # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
               # the default network that also respects our dns server settings
              container.network = "host";
              container.privileged = false;
             # container.valid_volumes = [
             #   "/nix"
             #   "${storeDeps}/bin"
             #   "${storeDeps}/etc/ssl"
             # ];
            };
        };
    };
    age.secrets."services/gitea/cirunner-token" = {
      file = ../../../secrets/services/gitea/cirunner-token.age;
      owner = "gitea-runner";
    };
 }
--- a/modules/services/kabtopci/hydra.nix
+++ b/modules/services/kabtopci/hydra.nix
@@ -0,0 +1,82 @@
 { lib, config, pkgs, ... }:
 {
    services = {
      hydra = {
        enable = true;
        hydraURL = "https://hydra.ci.kabtop.de";
        listenHost = "127.0.0.1";
        notificationSender = "hydra@kabtop.de";
        useSubstitutes = true;
        minimumDiskFree = 8;
      };
      nix-serve = {
          enable = true;
          port = 5001;
          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        virtualHosts = {
          "ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            default = true;
            locations."/".return = "503";
          };
          "hydra.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/" = {
              proxyPass = "http://localhost:3000";
              extraConfig = ''
                proxy_set_header X-Forwarded-Port 443;
              '';
            };
          };
          "cache.ci.kabtop.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
          };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "webmaster@kabtop.de";
        webroot = "/var/lib/acme/acme-challenge";
        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      };
    };
    nix = {
      settings = {
        trusted-users = [
          "hydra"
        ];
        allowed-uris = [
 	  "github:"
 	  "https://github.com/"
  	  "git+ssh://github.com/"
  	];
      };
      extraOptions = ''
        secret-key-files = ${config.age.secrets."keys/nixsign".path}
      '';
    };
    age.secrets."keys/nixsign" = {
      file = ../../../secrets/keys/nixservepriv.age;
      owner = "hydra";
    };
 }
--- a/modules/services/kabtopci/microvm.nix
+++ b/modules/services/kabtopci/microvm.nix
@@ -0,0 +1,129 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
            [( ./gitea_runner.nix )];
          networking = {
            hostName = "${name}";
            firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
            };
          };
          systemd.network = {
              enable = true;
              networks = {
                  "10-lan" = {
                      matchConfig.Name = "*";
                      networkConfig = {
                        DHCP = "yes";
                        IPv6AcceptRA = true;
                      };
                  };
              };
          };
          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
            uid = 2000;
            openssh.authorizedKeys.keys = [
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
            ];
          };
          services = {
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
              hostKeys = [
              {
                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
                  type = "ed25519";
              }
              {
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
              }];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
            systemPackages = with pkgs; [           # Default packages install system-wide
               bash
               coreutils
               curl
               gawk
               gitMinimal
               gnused
               nodejs
               wget
            ];
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/nixos"
                "/var/lib/private"
              ];
              files = [
                "/etc/machine-id"
              ];
            };
          };
          microvm = {
            hypervisor = "qemu";
            vcpu = 4;
            mem = 3096;
            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
              type = "user";
              id = "vm-${name}";
              mac = "04:00:00:00:00:02";
            } ];
             shares = [{
              source = "/nix/store";
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
            }
            {
              source = "/etc/vm-persist/${name}";
              mountPoint = "/persist";
              tag = "persist";
              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
          system.stateVersion = "23.05";
        };
      };
    };
  };
 }
--- a/modules/services/kanshi.nix
+++ b/modules/services/kanshi.nix
@@ -1,37 +0,0 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
    services.kanshi = {
        enable = true;
        profiles = {
            undocked = {
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                ];
            };
            #docked_c = {
            #    outputs = [
            #        { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
            #        { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
            #    ];
            #};
            docked_c = {
                outputs = [
                    { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
            };
            docked_triple = {
                outputs = [
                    { criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
                    { criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
                    { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
                ];
            };
        };
    };
 }
--- a/modules/services/keyring.nix
+++ b/modules/services/keyring.nix
@@ -0,0 +1,14 @@
 #
 # Screenshots
 #
 { pkgs, user, ... }:
 {
  services = {                                    # sxhkd shortcut = Printscreen button (Print)
    gnome-keyring = {
      enable = true;
    };
  };
  home.packages = with pkgs; [ gcr seahorse ];
 }
--- a/modules/services/kubemaster/default.nix
+++ b/modules/services/kubemaster/default.nix
@@ -0,0 +1,19 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
 #  ./microvm.nix
 #  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/nas/default.nix
+++ b/modules/services/nas/default.nix
@@ -12,6 +12,10 @@
 [
  ./nfs.nix
  ./nginx.nix
  ./vaultwarden.nix
  ./syncthing.nix
  ./paperless.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
--- a/modules/services/nas/nfs.nix
+++ b/modules/services/nas/nfs.nix
@@ -11,7 +11,7 @@
  };
  # open the firewall
  networking.firewall = {
-    interfaces.enp6s18 = {
+    interfaces.ens18 = {
      allowedTCPPorts = [ 2049 ];
    };
  };
--- a/modules/services/nas/nginx.nix
+++ b/modules/services/nas/nginx.nix
@@ -0,0 +1,91 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    appendHttpConfig = ''
      proxy_cache_path /mnt/Pluto/nix-cache
        levels=1:2
        keys_zone=nix_cache:10m
        max_size=100g
        inactive=14d
        use_temp_path=off;
    '';
    virtualHosts = {
      "home.opel-online.de" = {
        enableACME = true;
        forceSSL = true;
        default = true;
        locations."/".return = "503";
      };
      "cache.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/" = {
          extraConfig = ''
            proxy_pass              https://cache.ci.kabtop.de;
            proxy_ssl_server_name   on;
            proxy_http_version      1.1;
            proxy_set_header        Connection "";
            proxy_set_header        Host cache.ci.kabtop.de;
            proxy_cache             nix_cache;
            proxy_cache_valid       200 14d;
            proxy_cache_valid       404 1m;
            proxy_cache_use_stale   error timeout updating;
            proxy_cache_lock        on;
            proxy_cache_lock_timeout 1h;
            add_header              X-Cache-Status $upstream_cache_status;
            proxy_buffering         on;
            proxy_buffer_size       128k;
            proxy_buffers           8 1m;
            proxy_max_temp_file_size 0;
          '';
        };
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "webmaster@opel-online.de";
 #      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      dnsResolver = "9.9.9.9:53";
    };
    certs = {
      "home.opel-online.de" = {
        domain = "*.home.opel-online.de";
        dnsProvider = "netcup";
        environmentFile = config.age.secrets."services/acme/opel-online".path;
        webroot = null;
      };
    };
  };
  systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/mnt/Pluto/nix-cache" ];
  networking.firewall = {
    enable = true;
    allowedUDPPorts = [  ];
    allowedTCPPorts = [ 80 443 ];
  };
  age.secrets."services/acme/opel-online" = {
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/nas/paperless.nix
+++ b/modules/services/nas/paperless.nix
@@ -0,0 +1,38 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.paperless = {
    enable = true;
    domain = "paperless.home.opel-online.de";
    passwordFile = config.age.secrets."services/paperless/pwFile".path;
 #    environmentFile = config.age.secrets."services/paperless/environment".path;
    configureTika = true;
    settings = {
      PAPERLESS_OCR_LANGUAGE = "deu+eng";
      PAPERLESS_OCR_USER_ARGS = {
        optimize = 1;
        pdfa_image_compression = "lossless";
      };
    };
  };
  services.nginx = {
    virtualHosts = {
      "paperless.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
      };
    };
  };
  age.secrets."services/paperless/pwFile" = {
      file = ../../../secrets/services/paperless/pwFile.age;
      owner = "paperless";
  };
 }
--- a/modules/services/nas/syncthing.nix
+++ b/modules/services/nas/syncthing.nix
@@ -0,0 +1,53 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.syncthing = {
    enable = true;
    group = "users";
    user = "kabbone";
    dataDir = "/home/${config.services.syncthing.user}/Sync";
    configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
    overrideDevices = true;     # overrides any devices added or deleted through the WebUI
    overrideFolders = true;     # overrides any folders added or deleted through the WebUI
    openDefaultPorts = true;
    settings = {
      devices = {
        "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
        "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
      };
      folders = {
        "Sync" = {         # Name of folder in Syncthing, also the folder ID
          path = "/mnt/Mars/${config.services.syncthing.user}/Sync";    # Which folder to add to Syncthing
          devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ];      # Which devices to share the folder with
          ignorePerms = false;  # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
        };
      };
    };
  };
  services.nginx = {
    virtualHosts = {
      "syncthing.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/" = {
 	  recommendedProxySettings = false;
 	  proxyPass = "http://${toString config.services.syncthing.guiAddress}";
          extraConfig = ''
          proxy_set_header        Host localhost;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_set_header        X-Forwarded-Host $host;
          proxy_set_header        X-Forwarded-Server $host;
          '';
        };
      };
    };
  };
 }
--- a/modules/services/nas/vaultwarden.nix
+++ b/modules/services/nas/vaultwarden.nix
@@ -0,0 +1,38 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
    backupDir = "/var/backup/vaultwarden";
    environmentFile = config.age.secrets."services/vaultwarden/environment".path;
    config = {
      DOMAIN = "https://vault.home.opel-online.de";
      SIGNUPS_ALLOWED = false;
      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8222;
      ROCKET_LOG = "critical";
    };
  };
  services.nginx = {
    virtualHosts = {
      "vault.home.opel-online.de" = {
        useACMEHost = "home.opel-online.de";
        forceSSL = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
      };
    };
  };
  age.secrets."services/vaultwarden/environment" = {
      file = ../../../secrets/services/vaultwarden/environment.age;
      owner = "vaultwarden";
  };
 }
--- a/modules/services/printer/cfgs/CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/CALIBRATION.cfg
@@ -0,0 +1,50 @@
 [gcode_macro PID_TEST_BED]
 gcode:
    # Parameters
    {% set TARGETTEMP = params.TEMP|default(70)|int %}
    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
    G28
    G90
    G1 X{max_x/2} Y{max_y/2} Z40 F6000
    PID_CALIBRATE HEATER=heater_bed TARGET={TARGETTEMP}
 [gcode_macro PID_TEST_HOTEND]
 gcode:
    # Parameters
    {% set TARGETTEMP = params.TEMP|default(245)|int %}
    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
    G28
    G90
    G1 X{max_x/2} Y{max_y/2} Z10 F6000
    M106 S64
    PID_CALIBRATE HEATER=extruder TARGET={TARGETTEMP}
    M107 ; Turn off print cooling fan
 # TODO test this
 [gcode_macro PID_TEST_ALL]
 gcode:
    PID_TEST_BED
    PID_TEST_HOTEND
    SAVE_CONFIG
 [gcode_macro DO_PROBE_CALIBRATE]
 gcode:
    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
    G28
    PROBE_CALIBRATE
 [gcode_macro DO_CREATE_MESH]
 gcode:
    SET_HEATER_TEMPERATURE HEATER=heater_bed TARGET=60
    SET_HEATER_TEMPERATURE HEATER=extruder TARGET=180
    TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM=60
    TEMPERATURE_WAIT SENSOR=extruder MINIMUM=180
    G28
    _BED_MESH_CALIBRATE
--- a/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
+++ b/modules/services/printer/cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg
@@ -0,0 +1,110 @@
 ###############################################################################
 #  Source https://github.com/strayr/strayr-k-macros/blob/e0807570a66d28735cf05143b105ab4ea6d9798f/mechanical_level_tmc2209.cfg
 # 
 #  Mechanical Gantry Calibration
 #  
 #  Requires TMC2209 drivers with UART control, some tuning and perhaps 
 #  some printed endstops.
 #
 #  Based on on (depricated) M915 and now alternate G34 from Marlin
 #  I beleive Prusa use this, certainly there's older videos advising to just
 #  ram the gantry at full current into the the z-max stops.
 #
 #  It moves the gantry to the top of the travel, drops the current and then
 #  does a force move to force the steppers to stall against the physical end
 #  stops, transfering the level of the frame to the gantry. 
 #
 #  This is the only way to programatically level a multi-stepper single-driver 
 #  gantry. It may also help with a dual-driver gantry on a bed-slinger design
 #  or where the plane of the bed is less trustworthy than the frame.
 #
 #  It's particularly risky doing Z_TILT_ADJUST and SCREWS_TILT_CALCULATE
 #  without a mechanical reference as if one side of the gantry or bed is prone
 #  to droop, over time both bed and gantry will skew excessively but still read
 #  as level, so this can help transfer "level" from the frame to the gantry and
 #  then to the bed.
 #
 #  I don't recommend doing this in a START_PRINT, I call this if a 
 #  SCREWS_TILT_CALCULATE shows some drift, althoughon an Ender 3 type printer
 #  it's prudent to check the v-slot rollers for correct adjustment if drift is
 #  observed.
 #
 #  It's probably best to run this and then do SCREWS_TILT_CALCULATE
 #  until the bed is really level. IF you have dual Z steppers you can then
 #  use Z_TILT_ADJUST for subsequent leveling of the gantry but make sure you
 #  use the same points for gantry level as you use in SCREWS_TILT_CALCULATE
 #
 #  It may damage your printer if you do this at too high a current, or don't
 #  have proper endstops.
 #  
 #            HERE BE DRAGONS!
 #            YOU WERE WARNED!
 #
 #  Here's a video of this in action
 #  https://www.youtube.com/watch?v=aVdIeIIpUAk
 #  and the endstops for 2020 v-slot
 #  https://www.thingiverse.com/thing:4848479
 [gcode_macro MECHANICAL_GANTRY_CALIBRATION]
 gcode:
    ### SET THIS DEFAULT CARFULLY - start really low
    {% set my_current = params.CURRENT|default(0.20)|float %} ; adjust crash current on the fly :D
    ###
    {% set oldcurrent = printer.configfile.settings["tmc2209 stepper_z"].run_current %}
    {% set oldhold = printer.configfile.settings["tmc2209 stepper_z"].hold_current %} 
    {% set x_max = printer.toolhead.axis_maximum.x %} 
    {% set y_max = printer.toolhead.axis_maximum.y %} 
    {% set z_max = printer.toolhead.axis_maximum.z %} 
    {% set fast_move_z = printer.configfile.settings["printer"].max_z_velocity %}
    {% set fast_move = printer.configfile.settings["printer"].max_velocity %}
    M117 {printer.homed_axes}
    {% if printer.homed_axes != 'xyz' %}
        G28 ; Home All Axes
    {% endif %}
    G90 ; absolute
    G0 X{x_max / 2} Y{y_max / 2} F{fast_move * 30 } ;put toolhead in the center of the gantry
    G0 Z{z_max -5} F{fast_move_z * 60 } ; go to the Z-max - 5 at speed max z speed ; CHANGED
    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={my_current} ; drop current on Z stepper
    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={my_current} ; drop current
    {% endif %}
    CONDITIONAL_BEEP I=1
    G4 P200 ; Probably not necessary, it is here just for sure
    SET_KINEMATIC_POSITION Z={z_max - 25} ; Trick printer into beleiving the gantry is 25mm lower than it is ; CHANGED
    G1 Z{z_max} F{6 * 60} ; based on above figures, there will be 20mm worth of grinding ; CHANGED
    CONDITIONAL_BEEP I=2
    G4 P10000 ; wait 10 seconds
    G1 Z{z_max -6} F{6 * 60} ; move 4mm down
    CONDITIONAL_BEEP I=3
    G4 P200 ; same as the first one
    SET_TMC_CURRENT STEPPER=stepper_z CURRENT={oldcurrent} HOLDCURRENT={oldhold}
    {% if printer.configfile.settings["stepper_z1"] %} ; test for dual Z
        SET_TMC_CURRENT STEPPER=stepper_z1 CURRENT={oldcurrent} HOLDCURRENT={oldhold} ; reset current
    {% endif %}
    G1 Z{z_max -30} F{6 * 60} ; move to 30mm below z-max to allow homing movement
    G4 P200 ; same as the first one
    G28 Z ; we MUST home again as the ganty is really in the wrong place.
 [gcode_macro G34]
 gcode:
    MECHANICAL_GANTRY_CALIBRATION
 [menu __main __setup __calib __mech_gantry_calibrate]
 type: command
 enable: {not printer.idle_timeout.state == "Printing"}
 name: G34 Gantry Level
 gcode:
    G34
 [force_move]
 enable_force_move: true ; enable FORCE_MOVE and SET_KINEMATIC_POSITION
--- a/modules/services/printer/cfgs/PARKING.cfg
+++ b/modules/services/printer/cfgs/PARKING.cfg
@@ -0,0 +1,54 @@
 # Park front center
 [gcode_macro PARKFRONT]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKFRONT
    G90                               ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z{printer.toolhead.axis_maximum.z/2} F6000        
    RESTORE_GCODE_STATE NAME=PARKFRONT
 # Park front center, but low down.
 [gcode_macro PARKFRONTLOW]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKFRONT
    G90                              ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} Z20 F6000                                     
    RESTORE_GCODE_STATE NAME=PARKFRONT
 # Park top rear left
 [gcode_macro PARKREAR]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKREAR
    G90                              ; absolute positioning
    G0 X{printer.toolhead.axis_minimum.x+10} Y{printer.toolhead.axis_maximum.y-10} Z{printer.toolhead.axis_maximum.z-50} F6000     
    RESTORE_GCODE_STATE NAME=PARKREAR
 # Park at center of build volume
 [gcode_macro PARKCENTER]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKCENTER
    G90                               ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z{printer.toolhead.axis_maximum.z/2} F6000    
    RESTORE_GCODE_STATE NAME=PARKCENTER
 # Park 15mm above center of bed
 [gcode_macro PARKBED]
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28                           ; home if not already homed
    {% endif %}
    SAVE_GCODE_STATE NAME=PARKBED
    G90                                ; absolute positioning
    G0 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_maximum.y/2} Z15 F6000                                     
    RESTORE_GCODE_STATE NAME=PARKBED
--- a/modules/services/printer/cfgs/TEST_SPEED.cfg
+++ b/modules/services/printer/cfgs/TEST_SPEED.cfg
@@ -0,0 +1,124 @@
 [gcode_macro TEST_SPEED]
 # Home, get position, throw around toolhead, home again.
 # If MCU stepper positions (first line in GET_POSITION) are greater than a full step different (your number of microsteps), then skipping occured.
 # We only measure to a full step to accomodate for endstop variance.
 # Example: TEST_SPEED SPEED=300 ACCEL=5000 ITERATIONS=10
 description: Test for max speed and acceleration parameters for the printer. Procedure: Home -> ReadPositionFromMCU -> MovesToolhead@Vel&Accel -> Home -> ReadPositionfromMCU
 gcode:
    # Speed
    {% set speed  = params.SPEED|default(printer.configfile.settings.printer.max_velocity)|int %}
    # Iterations
    {% set iterations = params.ITERATIONS|default(5)|int %}
    # Acceleration
    {% set accel  = params.ACCEL|default(printer.configfile.settings.printer.max_accel)|int %}
    # Minimum Cruise Ratio
    {% set min_cruise_ratio = params.MIN_CRUISE_RATIO|default(0.5)|float %}
    # Bounding inset for large pattern (helps prevent slamming the toolhead into the sides after small skips, and helps to account for machines with imperfectly set dimensions)
    {% set bound = params.BOUND|default(20)|int %}
    # Size for small pattern box
    {% set smallpatternsize = SMALLPATTERNSIZE|default(20)|int %}
    # Large pattern
        # Max positions, inset by BOUND
        {% set x_min = printer.toolhead.axis_minimum.x + bound %}
        {% set x_max = printer.toolhead.axis_maximum.x - bound %}
        {% set y_min = printer.toolhead.axis_minimum.y + bound %}
        {% set y_max = printer.toolhead.axis_maximum.y - bound %}
    # Small pattern at center
        # Find X/Y center point
        {% set x_center = (printer.toolhead.axis_minimum.x|float + printer.toolhead.axis_maximum.x|float ) / 2 %}
        {% set y_center = (printer.toolhead.axis_minimum.y|float + printer.toolhead.axis_maximum.y|float ) / 2 %}
        # Set small pattern box around center point
        {% set x_center_min = x_center - (smallpatternsize/2) %}
        {% set x_center_max = x_center + (smallpatternsize/2) %}
        {% set y_center_min = y_center - (smallpatternsize/2) %}
        {% set y_center_max = y_center + (smallpatternsize/2) %}
    # Save current gcode state (absolute/relative, etc)
    SAVE_GCODE_STATE NAME=TEST_SPEED
    # Output parameters to g-code terminal
    { action_respond_info("TEST_SPEED: starting %d iterations at speed %d, accel %d" % (iterations, speed, accel)) }
    # Home and get position for comparison later:
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28
        # QGL if not already QGLd (only if QGL section exists in config)
        {% if printer.configfile.settings.quad_gantry_level %}
            {% if printer.quad_gantry_level.applied == False %}
                QUAD_GANTRY_LEVEL
                G28 Z
            {% endif %}
        {% endif %} 
        # Move 50mm away from max position and home again (to help with hall effect endstop accuracy - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/24)
        G90
        G1 X{printer.toolhead.axis_maximum.x-50} Y{printer.toolhead.axis_maximum.y-50} F{30*60}
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28 X Y
        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
        G4 P1000 
        GET_POSITION
    # Go to starting position
    G0 X{x_min} Y{y_min} Z{bound + 10} F{speed*60}
    # Set new limits
    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} MINIMUM_CRUISE_RATIO={min_cruise_ratio}
    {% else %}
        SET_VELOCITY_LIMIT VELOCITY={speed} ACCEL={accel} ACCEL_TO_DECEL={accel / 2}
    {% endif %}
    {% for i in range(iterations) %}
        # Large pattern diagonals
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_max} Y{y_max} F{speed*60}
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        G0 X{x_min} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        # Large pattern box
        G0 X{x_min} Y{y_min} F{speed*60}
        G0 X{x_min} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_max} F{speed*60}
        G0 X{x_max} Y{y_min} F{speed*60}
        # Small pattern diagonals
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_max} Y{y_center_max} F{speed*60}
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
        G0 X{x_center_min} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
        # Small pattern box
        G0 X{x_center_min} Y{y_center_min} F{speed*60}
        G0 X{x_center_min} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_max} F{speed*60}
        G0 X{x_center_max} Y{y_center_min} F{speed*60}
    {% endfor %}
    # Restore max speed/accel/accel_to_decel to their configured values
    {% if printer.configfile.settings.printer.minimum_cruise_ratio is defined %}
        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} MINIMUM_CRUISE_RATIO={printer.configfile.settings.printer.minimum_cruise_ratio} 
    {% else %}
        SET_VELOCITY_LIMIT VELOCITY={printer.configfile.settings.printer.max_velocity} ACCEL={printer.configfile.settings.printer.max_accel} ACCEL_TO_DECEL={printer.configfile.settings.printer.max_accel_to_decel}
    {% endif %}
    # Re-home and get position again for comparison:
        M400 # Finish moves - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/66
        G28 # This is a full G28 to fix an issue with CoreXZ - https://github.com/AndrewEllis93/Print-Tuning-Guide/issues/12
        # Go to XY home positions (in case your homing override leaves it elsewhere)
        G90
        G0 X{printer.toolhead.axis_maximum.x-1} Y{printer.toolhead.axis_maximum.y-1} F{30*60}
        G4 P1000 
        GET_POSITION
    # Restore previous gcode state (absolute/relative, etc)
    RESTORE_GCODE_STATE NAME=TEST_SPEED
--- a/modules/services/printer/cfgs/adxl-direct.cfg
+++ b/modules/services/printer/cfgs/adxl-direct.cfg
@@ -0,0 +1,13 @@
 # Documentation https://www.klipper3d.org/Measuring_Resonances.html?h=adxl#configure-adxl345-with-rpi
 # Documentation https://www.klipper3d.org/RPi_microcontroller.html
 [mcu rpi]
 serial: /tmp/klipper_host_mcu
 [adxl345]
 cs_pin: rpi:None
 [resonance_tester]
 accel_chip: adxl345
 probe_points: 111.5, 111.5, 20
 max_smoothing: 0.13
--- a/modules/services/printer/cfgs/adxl-rp2040.cfg
+++ b/modules/services/printer/cfgs/adxl-rp2040.cfg
@@ -0,0 +1,29 @@
 #####################################################################
 #   Find my instructions here: 
 #   https://github.com/bassamanator/rp2040-zero-adxl345-klipper
 #   ADXL345 related Settings 
 #   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
 #####################################################################
 [mcu RP2040]
 baud: 115200 # 250000
 restart_method: command
 # Obtain definition by "ls -l /dev/serial/by-id/"
 serial: /dev/serial/by-id/usb-Klipper_rp2040_E6614C311B773B36-if00
 [adxl345]
 cs_pin: RP2040:gpio1
 spi_bus: spi0a
 axes_map: x,z,y
 [resonance_tester]
 accel_chip: adxl345
 probe_points: 111.5, 111.5, 20
 [output_pin power_mode] # Improve power stability
 pin: RP2040:gpio23
 [gcode_macro ADX]
 description: Shortcut to ACCELEROMETER_QUERY
 gcode:
    ACCELEROMETER_QUERY
--- a/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
+++ b/modules/services/printer/cfgs/adxl-rpi-pico-2x.cfg
@@ -0,0 +1,43 @@
 #####################################################################
 #   Config that supports a print head and a bed sensor at the same time
 #   This requires a Raspberry Pi Pico.
 #   Instructions: https://klipper.discourse.group/t/raspberry-pi-pico-adxl345-portable-resonance-measurement/1757/9
 #   TLDR Instructions: The two sensors should use the spi0a (GPIO 0-3) and spi1a (GPIO 9-12) buses, respectively.
 #
 #   Recommended mounts: 
 #   https://www.printables.com/model/385334-sovol-sv06-adxl345-mount-printhead-and-bed
 #
 #   ADXL345 related Settings 
 #   https://www.klipper3d.org/Measuring_Resonances.html#adxl345
 #####################################################################
 [mcu RP2040]
 baud: 115200
 restart_method: command
 # Obtain definition by "ls -l /dev/serial/by-id/"
 serial: /dev/serial/by-id/usb-Klipper_rp2040_E66138935F154C28-if00
 [adxl345 head]
 cs_pin: RP2040:gpio1
 spi_bus: spi0a
 # update axes_map if your sensor is oriented differently. Note the print on your sensor.
 # -y, -z, x means that
 #  - the x axis of your printer corresponds to the sensor's negative y axis
 #  - the y axis of your printer corresponds to the sensor's negative z axis
 #  - the z axis of your printer corresponds to the sensor's x axis
 axes_map: -y, -z, x
 [adxl345 bed]
 cs_pin: RP2040:gpio9
 spi_bus: spi1a
 [resonance_tester]
 accel_chip_x: adxl345 head
 accel_chip_y: adxl345 bed
 probe_points: 111.5, 111.5, 20
 [gcode_macro ADX]
 description: Shortcut to ACCELEROMETER_QUERY for both sensors
 gcode:
    ACCELEROMETER_QUERY CHIP=head
    ACCELEROMETER_QUERY CHIP=bed
--- a/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
+++ b/modules/services/printer/cfgs/kamp/Adaptive_Meshing.cfg
@@ -0,0 +1,120 @@
 # # # Klipper Adaptive Meshing # # #
 # Heads up! If you have any other BED_MESH_CALIBRATE macros defined elsewhere in your config, you will need to comment out / remove them for this to work. (Klicky/Euclid Probe)
 # You will also need to be sure that [exclude_object] is defined in printer.cfg, and your slicer is labeling objects.
 # This macro will parse information from objects in your gcode to define a min and max mesh area to probe, creating an adaptive mesh!
 # This macro will not increase probe_count values in your [bed_mesh] config. If you want richer meshes, be sure to increase probe_count. We recommend at least 5,5.
 [gcode_macro BED_MESH_CALIBRATE]
 rename_existing: _BED_MESH_CALIBRATE
 gcode:
    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}                                # Gather all object points
    {% set bed_mesh_min = printer.configfile.settings.bed_mesh.mesh_min %}                                                          # Get bed mesh min from printer.cfg
    {% set bed_mesh_max = printer.configfile.settings.bed_mesh.mesh_max %}                                                          # Get bed mesh max from printer.cfg
    {% set probe_count = printer.configfile.settings.bed_mesh.probe_count %}                                                        # Get probe count from printer.cfg
    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}                                                                 # Pull variables from _KAMP_Settings
    {% set verbose_enable = kamp_settings.verbose_enable | abs %}                                                                   # Pull verbose setting from _KAMP_Settings
    {% set probe_dock_enable = kamp_settings.probe_dock_enable | abs %}                                                             # Pull probe dockable probe settings from _KAMP_Settings
    {% set attach_macro = kamp_settings.attach_macro | string %}                                                                    # Pull attach probe command from _KAMP_Settings
    {% set detach_macro = kamp_settings.detach_macro | string %}                                                                    # Pull detach probe command from _KAMP_Settings
    {% set mesh_margin = kamp_settings.mesh_margin | float %}                                                                       # Pull mesh margin setting from _KAMP_Settings
    {% set fuzz_amount = kamp_settings.fuzz_amount | float %}                                                                       # Pull fuzz amount setting from _KAMP_Settings
    {% set probe_count = probe_count if probe_count|length > 1 else probe_count * 2  %}                                             # If probe count is only a single number, convert it to 2. E.g. probe_count:7 = 7,7
    {% set max_probe_point_distance_x = ( bed_mesh_max[0] - bed_mesh_min[0] ) / (probe_count[0] - 1)  %}                            # Determine max probe point distance
    {% set max_probe_point_distance_y = ( bed_mesh_max[1] - bed_mesh_min[1] ) / (probe_count[1] - 1)  %}                            # Determine max probe point distance
    {% set x_min = all_points | map(attribute=0) | min | default(bed_mesh_min[0]) %}                                                # Set x_min from smallest object x point
    {% set y_min = all_points | map(attribute=1) | min | default(bed_mesh_min[1]) %}                                                # Set y_min from smallest object y point
    {% set x_max = all_points | map(attribute=0) | max | default(bed_mesh_max[0]) %}                                                # Set x_max from largest object x point
    {% set y_max = all_points | map(attribute=1) | max | default(bed_mesh_max[1]) %}                                                # Set y_max from largest object y point
    {% set fuzz_range = range((0) | int, (fuzz_amount * 100) | int + 1) %}                                                          # Set fuzz_range between 0 and fuzz_amount
    {% set adapted_x_min = x_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt x_min to margin and fuzz constraints
    {% set adapted_y_min = y_min - mesh_margin - (fuzz_range | random / 100.0) %}                                                   # Adapt y_min to margin and fuzz constraints
    {% set adapted_x_max = x_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt x_max to margin and fuzz constraints
    {% set adapted_y_max = y_max + mesh_margin + (fuzz_range | random / 100.0) %}                                                   # Adapt y_max to margin and fuzz constraints
    {% set adapted_x_min = [adapted_x_min , bed_mesh_min[0]] | max %}                                                               # Compare adjustments to defaults and choose max
    {% set adapted_y_min = [adapted_y_min , bed_mesh_min[1]] | max %}                                                               # Compare adjustments to defaults and choose max
    {% set adapted_x_max = [adapted_x_max , bed_mesh_max[0]] | min %}                                                               # Compare adjustments to defaults and choose min
    {% set adapted_y_max = [adapted_y_max , bed_mesh_max[1]] | min %}                                                               # Compare adjustments to defaults and choose min
    {% set points_x = (((adapted_x_max - adapted_x_min) / max_probe_point_distance_x) | round(method='ceil') | int) + 1 %}          # Define probe_count's x point count and round up
    {% set points_y = (((adapted_y_max - adapted_y_min) / max_probe_point_distance_y) | round(method='ceil') | int) + 1 %}          # Define probe_count's y point count and round up
    {% if (([points_x, points_y]|max) > 6) %}                                                                                       # 
        {% set algorithm = "bicubic" %}                                                                                             # 
        {% set min_points = 4 %}                                                                                                    # 
    {% else %}                                                                                                                      # Calculate if algorithm should be bicubic or lagrange
        {% set algorithm = "lagrange" %}                                                                                            # 
        {% set min_points = 3 %}                                                                                                    # 
    {% endif %}                                                                                                                     # 
    {% set points_x = [points_x , min_points]|max %}                                                                                # Set probe_count's x points to fit the calculated algorithm
    {% set points_y = [points_y , min_points]|max %}                                                                                # Set probe_count's y points to fit the calculated algorithm
    {% set points_x = [points_x , probe_count[0]]|min %}
    {% set points_y = [points_y , probe_count[1]]|min %}
    {% if verbose_enable == True %}                                                                                                 # If verbose is enabled, print information about KAMP's calculations
        {% if printer.exclude_object.objects != [] %}
            { action_respond_info( "Algorithm: {}.".format(                                                                              
                (algorithm),                                                                                                            
            )) }
            { action_respond_info("Default probe count: {},{}.".format(                                                                  
                (probe_count[0]),                                                                                                       
                (probe_count[1]),                                                                                                       
            )) }
            { action_respond_info("Adapted probe count: {},{}.".format(                                                                  
                (points_x),                                                                                                             
                (points_y),                                                                                                             
            )) }                                                                                                              
            {action_respond_info("Default mesh bounds: {}, {}.".format(                                                                  
                (bed_mesh_min[0],bed_mesh_min[1]),                                                                                      
                (bed_mesh_max[0],bed_mesh_max[1]),                                                                                      
            )) }
            {% if mesh_margin > 0 %}                                                                                                    
                {action_respond_info("Mesh margin is {}, mesh bounds extended by {}mm.".format(                                       
                    (mesh_margin),                                                                                                      
                    (mesh_margin),                                                                                       
                )) }                                                                                                                    
            {% else %}                                                                                                                  
                {action_respond_info("Mesh margin is 0, margin not increased.")}                                                        
            {% endif %}                                                                                                                 
            {% if fuzz_amount > 0 %}                                                                                                    
                {action_respond_info("Mesh point fuzzing enabled, points fuzzed up to {}mm.".format(                                     
                    (fuzz_amount),                                                                                                      
                )) }                                                                                                                    
            {% else %}                                                                                                                  
                {action_respond_info("Fuzz amount is 0, mesh points not fuzzed.")}                                                      
            {% endif %}                                                                                                                 
            { action_respond_info("Adapted mesh bounds: {}, {}.".format(                                                                 
                (adapted_x_min, adapted_y_min),                                                                                         
                (adapted_x_max, adapted_y_max),                                                                                         
            )) }
            {action_respond_info("KAMP adjustments successful. Happy KAMPing!")}
        {% else %}
            {action_respond_info("No objects detected! Check your gcode and make sure that EXCLUDE_OBJECT_DEFINE is happening before BED_MESH_CALIBRATE is called. Defaulting to regular meshing.")}
            G4 P5000                                                                                                                # Wait 5 seconds to make error more visible
        {% endif %}
    {% endif %}
    {% if probe_dock_enable == True %}
        {attach_macro}                                                                                                              # Attach/deploy a probe if the probe is stored somewhere outside of the print area
    {% endif %}
    _BED_MESH_CALIBRATE mesh_min={adapted_x_min},{adapted_y_min} mesh_max={adapted_x_max},{adapted_y_max} ALGORITHM={algorithm} PROBE_COUNT={points_x},{points_y}
    {% if probe_dock_enable == True %}
        {detach_macro}                                                                                                              # Detach/stow a probe if the probe is stored somewhere outside of the print area
    {% endif %}                                                                                                                     # End of verbose
--- a/modules/services/printer/cfgs/kamp/KAMP_Settings.cfg
+++ b/modules/services/printer/cfgs/kamp/KAMP_Settings.cfg
@@ -0,0 +1,37 @@
 # Below you can include specific configuration files depending on what you want KAMP to do:
 # NOTE bassamanator: uncomment the functionality that you want to use from KAMP
 [include ./Adaptive_Meshing.cfg]       # Include to enable adaptive meshing configuration.
 [include ./Line_Purge.cfg]             # Include to enable adaptive line purging configuration.
 # [include ./Voron_Purge.cfg]            # Include to enable adaptive Voron logo purging configuration.
 # [include ./Smart_Park.cfg]             # Include to enable the Smart Park function, which parks the printhead near the print area for final heating.
 [gcode_macro _KAMP_Settings]
 description: This macro contains all adjustable settings for KAMP 
 # The following variables are settings for KAMP as a whole.
 variable_verbose_enable: True               # Set to True to enable KAMP information output when running. This is useful for debugging.
 # The following variables are for adjusting adaptive mesh settings for KAMP.
 variable_mesh_margin: 0                     # Expands the mesh size in millimeters if desired. Leave at 0 to disable.
 variable_fuzz_amount: 0                     # Slightly randomizes mesh points to spread out wear from nozzle-based probes. Leave at 0 to disable.
 # The following variables are for those with a dockable probe like Klicky, Euclid, etc.                 # ----------------  Attach Macro | Detach Macro
 variable_probe_dock_enable: False           # Set to True to enable the usage of a dockable probe.      # ---------------------------------------------
 variable_attach_macro: 'Attach_Probe'       # The macro that is used to attach the probe.               # Klicky Probe:   'Attach_Probe' | 'Dock_Probe'
 variable_detach_macro: 'Dock_Probe'         # The macro that is used to store the probe.                # Euclid Probe:   'Deploy_Probe' | 'Stow_Probe'
                                                                                                        # Legacy Gcode:   'M401'         | 'M402'
 # The following variables are for adjusting adaptive purge settings for KAMP.
 variable_purge_height: 0.8                  # Z position of nozzle during purge, default is 0.8.
 variable_tip_distance: 0                    # Distance between tip of filament and nozzle before purge. Should be similar to PRINT_END final retract amount.
 variable_purge_margin: 10                   # Distance the purge will be in front of the print area, default is 10.
 variable_purge_amount: 30                   # Amount of filament to be purged prior to printing.
 variable_flow_rate: 12                      # Flow rate of purge in mm3/s. Default is 12.
 # The following variables are for adjusting the Smart Park feature for KAMP, which will park the printhead near the print area at a specified height.
 variable_smart_park_height: 10              # Z position for Smart Park, default is 10.
 gcode: # Gcode section left intentionally blank. Do not disturb.
    {action_respond_info(" Running the KAMP_Settings macro does nothing, it is only used for storing KAMP settings. ")}
--- a/modules/services/printer/cfgs/kamp/Line_Purge.cfg
+++ b/modules/services/printer/cfgs/kamp/Line_Purge.cfg
@@ -0,0 +1,119 @@
 [gcode_macro LINE_PURGE]
 description: A purge macro that adapts to be near your actual printed objects
 gcode:
    # Get relevant printer params
    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}
    {% set cross_section = printer.configfile.settings.extruder.max_extrude_cross_section | float %}
    # Use firmware retraction if it is defined
    {% if printer.firmware_retraction is defined %}
        {% set RETRACT = G10 | string %}
        {% set UNRETRACT = G11 | string %}
    {% else %}
        {% set RETRACT = 'G1 E-.5 F2100' | string %}
        {% set UNRETRACT = 'G1 E.5 F2100' | string %}
    {% endif %}
    # Get purge settings from _Kamp_Settings
    {% set verbose_enable = printer["gcode_macro _KAMP_Settings"].verbose_enable | abs %}
    {% set purge_height = printer["gcode_macro _KAMP_Settings"].purge_height | float %}
    {% set tip_distance = printer["gcode_macro _KAMP_Settings"].tip_distance | float %}
    {% set purge_margin = printer["gcode_macro _KAMP_Settings"].purge_margin | float %}
    {% set purge_amount = printer["gcode_macro _KAMP_Settings"].purge_amount | float %}
    {% set flow_rate = printer["gcode_macro _KAMP_Settings"].flow_rate | float %}
    # Calculate purge origins and centers from objects
    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}    # Get all object points
    {% set purge_x_min = (all_points | map(attribute=0) | min | default(0)) %}                          # Object x min
    {% set purge_x_max = (all_points | map(attribute=0) | max | default(0)) %}                          # Object x max
    {% set purge_y_min = (all_points | map(attribute=1) | min | default(0)) %}                          # Object y min
    {% set purge_y_max = (all_points | map(attribute=1) | max | default(0)) %}                          # Object y max
    {% set purge_x_center = ([((purge_x_max + purge_x_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on X axis
    {% set purge_y_center = ([((purge_y_max + purge_y_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on Y axis
    {% set purge_x_origin = ([purge_x_min - purge_margin, 0] | max) %}                                  # Add margin to x min, compare to 0, and choose the larger
    {% set purge_y_origin = ([purge_y_min - purge_margin, 0] | max) %}                                  # Add margin to y min, compare to 0, and choose the larger
    # Calculate purge speed
    {% set purge_move_speed = (flow_rate / 5.0) * 60 | float %}
    {% if cross_section < 5 %}
        {action_respond_info("[Extruder] max_extrude_cross_section is insufficient for purge, please set it to 5 or greater. Purge skipped.")}
    {% else %}
        {% if verbose_enable == True %}
        {action_respond_info("Moving filament tip {}mms".format(                                                                 
            (tip_distance),                                                                                      
        )) }
        {% endif %}
        {% if printer.firmware_retraction is defined %}
            {action_respond_info("KAMP purge is using firmware retraction.")}
        {% else %}
            {action_respond_info("KAMP purge is not using firmware retraction, it is recommended to configure it.")}
        {% endif %}
        {% if purge_y_origin > 0 %}
            {action_respond_info("KAMP purge starting at {}, {} and purging {}mm of filament, requested flow rate is {}mm/s3.".format(                                                                 
                (purge_x_center),
                (purge_y_origin),
                (purge_amount),
                (flow_rate),
            )) }
        {% else %}
            {action_respond_info("KAMP purge starting at {}, {} and purging {}mm of filament, requested flow rate is {}mm/s3.".format(                                                                 
                (purge_x_origin),
                (purge_y_center),
                (purge_amount),
                (flow_rate),
            )) }
        {% endif %}
        SAVE_GCODE_STATE NAME=Prepurge_State                                                    # Create gcode state
        {% if purge_y_origin > 0 %}                                                             # If there's room on Y, purge along X axis in front of print area
            G92 E0                                                                              # Reset extruder
            G0 F{travel_speed}                                                                  # Set travel speed
            G90                                                                                 # Absolute positioning
            G0 X{purge_x_center} Y{purge_y_origin}                                              # Move to purge position
            G0 Z{purge_height}                                                                  # Move to purge Z height
            M83                                                                                 # Relative extrusion mode
            G1 E{tip_distance} F{purge_move_speed}                                              # Move filament tip
            G1 X{purge_x_center + purge_amount} E{purge_amount} F{purge_move_speed}             # Purge line
            {RETRACT}                                                                           # Retract
            G0 X{purge_x_center + purge_amount + 10} F{travel_speed}                            # Rapid move to break string
            G92 E0                                                                              # Reset extruder distance
            M82                                                                                 # Absolute extrusion mode
            G0 Z{purge_height * 2} F{travel_speed}                                              # Z hop
        {% else %}                                                                              # If there's room on X, purge along Y axis to the left of print area
            G92 E0                                                                              # Reset extruder
            G0 F{travel_speed}                                                                  # Set travel speed
            G90                                                                                 # Absolute positioning
            G0 X{purge_x_origin} Y{purge_y_center}                                              # Move to purge position
            G0 Z{purge_height}                                                                  # Move to purge Z height
            M83                                                                                 # Relative extrusion mode
            G1 E{tip_distance} F{purge_move_speed}                                              # Move filament tip
            G1 Y{purge_y_center + purge_amount} E{purge_amount} F{purge_move_speed}             # Purge line
            {RETRACT}                                                                           # Retract
            G0 Y{purge_y_center + purge_amount + 10} F{travel_speed}                            # Rapid move to break string
            G92 E0                                                                              # Reset extruder distance
            M82                                                                                 # Absolute extrusion mode
            G0 Z{purge_height * 2} F{travel_speed}                                              # Z hop
        {% endif %}
        RESTORE_GCODE_STATE NAME=Prepurge_State                                                 # Restore gcode state
    {% endif %}
--- a/modules/services/printer/cfgs/kamp/Smart_Park.cfg
+++ b/modules/services/printer/cfgs/kamp/Smart_Park.cfg
@@ -0,0 +1,38 @@
 [gcode_macro SMART_PARK]
 description: Parks your printhead near the print area for pre-print hotend heating.
 gcode:
    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}                                                                 # Pull all variables from _KAMP_Settings
    {% set z_height = kamp_settings.smart_park_height | float %}                                                                    # Set Z height variable
    {% set purge_margin = kamp_settings.purge_margin | float %}                                                                     # Set purge margin variable
    {% set verbose_enable = kamp_settings.verbose_enable | abs %}                                                                   # Set verbosity
    {% set center_x = printer.toolhead.axis_maximum.x / 2 | float %}                                                                # Create center point of x for fallback
    {% set center_y = printer.toolhead.axis_maximum.y / 2 | float %}                                                                # Create center point of y for fallback
    {% set axis_minimum_x = printer.toolhead.axis_minimum.x | float %}
    {% set axis_minimum_y = printer.toolhead.axis_minimum.y | float %}
    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}                                # Gather all object points
    {% set x_min = all_points | map(attribute=0) | min | default(center_x) %}                                                       # Set x_min from smallest object x point
    {% set y_min = all_points | map(attribute=1) | min | default(center_y) %}                                                       # Set y_min from smallest object y point
    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}                                                           # Set travel speed from config
    {% if purge_margin > 0 and x_min != center_x and y_min != center_y %}                                                           # If objects are detected and purge margin 
        {% set x_min = [ x_min - purge_margin , x_min ] | min %}                                                                    # value is greater than 0, move
        {% set y_min = [ y_min - purge_margin , y_min ] | min %}                                                                    # to purge location + margin
        {% set x_min = [ x_min , axis_minimum_x ] | max %}
        {% set y_min = [ y_min , axis_minimum_y ] | max %}
    {% endif %}
    {% if verbose_enable == True %}                                                                                                 # Verbose park location
    { action_respond_info("Smart Park location: {},{}.".format(
        (x_min),
        (y_min),
    )) }
    {% endif %}
    {% if printer.toolhead.position.z < z_height %}
        G0 Z{z_height}                                                                                                              # Move Z to park height if current Z position is lower than z_height
    {% endif %}
    G0 X{x_min} Y{y_min} F{travel_speed}                                                                                            # Move near object area
    G0 Z{z_height}                                                                                                                  # Move Z to park height 
--- a/modules/services/printer/cfgs/kamp/Voron_Purge.cfg
+++ b/modules/services/printer/cfgs/kamp/Voron_Purge.cfg
@@ -0,0 +1,91 @@
 [gcode_macro VORON_PURGE]
 description: A purge macro that adapts to be near your actual printed objects
 gcode:
    # Get relevant printer params
    {% set travel_speed = (printer.toolhead.max_velocity) * 60 | float %}
    {% set cross_section = printer.configfile.settings.extruder.max_extrude_cross_section | float %}
    # Use firmware retraction if it is defined
    {% if printer.firmware_retraction is defined %}
        {% set RETRACT = G10 | string %}
        {% set UNRETRACT = G11 | string %}
    {% else %}
        {% set RETRACT = 'G1 E-.5 F2100' | string %}
        {% set UNRETRACT = 'G1 E.5 F2100' | string %}
    {% endif %}
    # Get purge settings from _Kamp_Settings
    {% set kamp_settings = printer["gcode_macro _KAMP_Settings"] %}
    {% set verbose_enable = kamp_settings.verbose_enable | abs %}
    {% set purge_height = kamp_settings.purge_height | float %}
    {% set tip_distance = kamp_settings.tip_distance | float %}
    {% set purge_margin = kamp_settings.purge_margin | float %}
    {% set purge_amount = kamp_settings.purge_amount | float %}
    {% set flow_rate = kamp_settings.flow_rate | float %}
    {% set size = 10 | float %}
    # Calculate purge origins and centers from objects
    {% set all_points = printer.exclude_object.objects | map(attribute='polygon') | sum(start=[]) %}    # Get all object points
    {% set purge_x_min = (all_points | map(attribute=0) | min | default(0)) %}                          # Object x min
    {% set purge_x_max = (all_points | map(attribute=0) | max | default(0)) %}                          # Object x max
    {% set purge_y_min = (all_points | map(attribute=1) | min | default(0)) %}                          # Object y min
    {% set purge_y_max = (all_points | map(attribute=1) | max | default(0)) %}                          # Object y max
    {% set purge_x_center = ([((purge_x_max + purge_x_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on X axis
    {% set purge_y_center = ([((purge_y_max + purge_y_min) / 2) - (purge_amount / 2), 0] | max) %}      # Create center point of purge line relative to print on Y axis
    {% set purge_x_origin = ([purge_x_min - purge_margin, 0] | max) %}                                  # Add margin to x min, compare to 0, and choose the larger
    {% set purge_y_origin = ([purge_y_min - purge_margin, 0] | max) %}                                  # Add margin to y min, compare to 0, and choose the larger
    # Calculate purge speed
    {% set purge_move_speed = (flow_rate / 5.0) * 60 | float %}
    {% if cross_section < 5 %}
        {action_respond_info("[Extruder] max_extrude_cross_section is insufficient for purge, please set it to 5 or greater. Purge skipped.")}
    {% else %}
        {% if verbose_enable == True %}
        {action_respond_info("Moving filament tip {}mms".format(                                                                 
            (tip_distance),                                                                                      
        )) }
        {% endif %}
        {% if printer.firmware_retraction is defined %}
            {action_respond_info("KAMP purge is using firmware retraction.")}
        {% else %}
            {action_respond_info("KAMP purge is not using firmware retraction, it is recommended to configure it.")}
        {% endif %}
            SAVE_GCODE_STATE NAME=Prepurge_State                                                            # Create gcode state
            G92 E0                                                                                          # Reset extruder
            G0 F{travel_speed}                                                                              # Set travel speed
            G90                                                                                             # Absolute positioning
            G0 X{purge_x_origin} Y{purge_y_origin+size/2}                                                   # Move to purge position
            G0 Z{purge_height}                                                                              # Move to purge Z height
            M83                                                                                             # Relative extrusion mode
            G1 E{tip_distance} F{purge_move_speed}                                                          # Move tip of filament to nozzle
            G1 X{purge_x_origin+size*0.289} Y{purge_y_origin+size} E{purge_amount/4} F{purge_move_speed}    # Purge first line of logo
            {RETRACT}                                                                                       # Retract
            G0 Z{purge_height*2}                                                                            # Z hop
            G0 X{purge_x_origin+size*0.789} Y{purge_y_origin+size}                                          # Move to second purge line origin
            G0 Z{purge_height}                                                                              # Move to purge Z height
            {UNRETRACT}                                                                                     # Recover
            G1 X{purge_x_origin+size*0.211} Y{purge_y_origin} E{purge_amount/2} F{purge_move_speed}         # Purge second line of logo
            {RETRACT}                                                                                       # Retract
            G0 Z{purge_height*2}                                                                            # Z hop
            G0 X{purge_x_origin+size*0.711} Y{purge_y_origin}                                               # Move to third purge line origin
            G0 Z{purge_height}                                                                              # Move to purge Z height
            {UNRETRACT}                                                                                     # Recover
            G1 X{purge_x_origin+size} Y{purge_y_origin+size/2}  E{purge_amount/4} F{purge_move_speed}       # Purge third line of logo
            {RETRACT}                                                                                       # Retract
            G92 E0                                                                                          # Reset extruder distance
            M82                                                                                             # Absolute extrusion mode
            G0 Z{purge_height*2} F{travel_speed}                                                            # Z hop
            RESTORE_GCODE_STATE NAME=Prepurge_State                                                         # Restore gcode state
    {% endif %}
--- a/modules/services/printer/cfgs/misc-macros.cfg
+++ b/modules/services/printer/cfgs/misc-macros.cfg
@@ -0,0 +1,330 @@
 [force_move]
 enable_force_move: True
 # NOTE If you're using a Raspberry Pi, you can uncomment the next 2 lines, optionally.
 #[temperature_sensor raspberry_pi]
 #sensor_type: temperature_host
 # NOTE If you're using a an Orange Pi, you can uncomment the next 3 lines, optionally.
 # [temperature_sensor Orange_Pi]
 # sensor_type: temperature_host
 # sensor_path: /sys/class/thermal/thermal_zone0/temp
 [virtual_sdcard]
 path: /var/lib/moonraker/gcodes
 # NOTE Cancel objects feature is enabled. If you're using a low powered device, comment out [exclude_object].
 # Also see [file_manager] section in moonraker.conf.
 [exclude_object]
 [pause_resume]
 [display_status]
 [delayed_gcode DISABLEFILAMENTSENSOR]
 initial_duration: 1
 gcode:
    SET_FILAMENT_SENSOR SENSOR=filament_sensor ENABLE=0
 [gcode_macro _globals]
 variable_filament_sensor_enabled: 1 # NOTE Enable(1) or disable(0) the filament sensor, if one is connected
 variable_beeping_enabled: 1 # NOTE Enable(1) or disable(0) beeping everywhere except during gantry calibration
 variable_bed_temp_over: 10 # NOTE Start print if bed temperature is over by this amount, otherwise wait for temperature drop
 variable_kamp_enable: 1 # NOTE Enable(1) or disable(0) KAMP (adaptive mesh)
 variable_pre_purge_prime_length: 1.40
 gcode:
    # Don't delete this section
 [gcode_macro CONDITIONAL_BEEP]
 gcode:
    # Parameters
    {% set i = params.I|default(1)|int %}           ; Iterations (number of times to beep).
    {% set dur = params.DUR|default(100)|int %}     ; Duration/wait of each beep in ms. Default 100ms.
    {% set freq = params.FREQ|default(2000)|int %}  ; Frequency in Hz. Default 2kHz.
    {% set BEEPING_ENABLED=printer["gcode_macro _globals"].beeping_enabled|default(-1)|int %}
    {% if BEEPING_ENABLED == 1 %}
        BEEP I={i} DUR={dur} FREQ={freq}
    {% endif %}
 [gcode_macro ADJUST_FILAMENT_SENSOR_STATUS]
 gcode:
    # Parameters
    {% set NEWSTATUS = params.ENABLE|default(-1)|int %}
    {% set FILAMENT_SENSOR_ENABLED=printer["gcode_macro _globals"].filament_sensor_enabled|default(-1)|int %}
    {% if FILAMENT_SENSOR_ENABLED == 1 and NEWSTATUS != -1 %}
        SET_FILAMENT_SENSOR SENSOR=filament_sensor ENABLE={NEWSTATUS}
    {% endif %}
 [gcode_macro M109]
 rename_existing: M99109
 gcode:
    #Parameters
    {% set s = params.S|float %}
    M104 {% for p in params %}{'%s%s' % (p, params[p])}{% endfor %}  ; Set hotend temp
    {% if s != 0 %}
        TEMPERATURE_WAIT SENSOR=extruder MINIMUM={s} MAXIMUM={s+1}   ; Wait for hotend temp (within 1 degree)
    {% endif %}
 [gcode_macro M190]
 rename_existing: M99190
 gcode:
    #Parameters
    {% set s = params.S|float %}
    M140 {% for p in params %}{'%s%s' % (p, params[p])}{% endfor %}   ; Set bed temp
    {% if s != 0 %}
        TEMPERATURE_WAIT SENSOR=heater_bed MINIMUM={s} MAXIMUM={s+1}  ; Wait for bed temp (within 1 degree)
    {% endif %}
 [gcode_macro PURGE_LINE]
 gcode:
    {% set PRE_PURGE_PRIME_LENGTH=printer["gcode_macro _globals"].pre_purge_prime_length|default(1.40)|float %}
    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
    #   Misc variables
    {% set extrudeAmount = 26.6 %}
    {% set movementLength = 100.0 %}
    {% set movementSpeed = 15 * 60 %}
    {% set xStart = 0.5 %}
    {% set yStart = 0.5 %}
    #   Set safe speeds
    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
    {% set maxVelocityAdjusted =  (0.95 * maxVelocity * 60)|int  %}
    G92 E0.0                                ; reset extruder
    G90                                     ; Absolute positioning
    G0 X{xStart} Y{yStart} F{maxVelocityAdjusted}         ; move to purge position
    G1 Z0.4 F500.0                          ; move to purge height
    M83                                     ; Relative extrusion mode
    G1 E{PRE_PURGE_PRIME_LENGTH} F500       ; pre-purge prime LENGTH SHOULD MATCH YOUR PRINT_END RETRACT
    G1 X{xStart + movementLength} E{extrudeAmount} F{movementSpeed}       ; intro line 1
    G92 E0.0                                ; reset extruder
    M82                                     ; Absolute extrusion mode
    G1 Z5.0                                 ; move nozzle to prevent scratch
 [gcode_macro CANCEL_PRINT]
 rename_existing: BASE_CANCEL_PRINT
 gcode:
    SET_IDLE_TIMEOUT TIMEOUT={printer.configfile.settings.idle_timeout.timeout} ; set timeout back to configured value
    CLEAR_PAUSE
    SDCARD_RESET_FILE
    PRINT_END
    BASE_CANCEL_PRINT
 [gcode_macro PRINT_START]
 gcode:
    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
    # Parameters
    {% set bedtemp = params.BED|int %}
    {% set hotendtemp = params.HOTEND|int %}
    {% set chambertemp = params.CHAMBER|default(0)|int %}
    # Other variables
    {% set bedtempSlicer = bedtemp %}
    {% set bedtempOver = printer["gcode_macro _globals"].bed_temp_over|default(0)|int %}
    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
    {% set maxVelocityAdjusted =  (0.90 * maxVelocity * 60)|int %}
    {% set kampEnabled=printer["gcode_macro _globals"].kamp_enable|default(0)|int %}
    {% if printer.configfile.settings.safe_z_home %}
        {% set startX = printer.configfile.settings.safe_z_home.home_xy_position[0]|float %}
        {% set startY = printer.configfile.settings.safe_z_home.home_xy_position[1]|float %}
    {% endif %}
    {% set bedtempAlmost = ((bedtemp - 2, 0, printer.heater_bed.temperature|int)|max, bedtemp)|max %}
    {% set hotendtempStepOne = ((hotendtemp, printer[printer.toolhead.extruder].temperature|int)|min, 150)|max %}
    {% set hotendtempStepTwo = ((hotendtemp, printer[printer.toolhead.extruder].temperature|int)|min, 170)|max %}
    # If bed-temp-almost is higher than bed-temp by a maximum of bed-temp-over
    {% if bedtempAlmost > bedtemp %}
        {% if (bedtempAlmost - bedtempOver) <= bedtemp %}
            {% set bedtemp = bedtempAlmost %}
        {% endif %}
    {% endif %}
    G90                                                  ; absolute positioning
    M140 S{bedtempAlmost}                                ; set & don't wait for bed temp
    M104 S{hotendtempStepOne}                            ; set & don't wait for hotend temp
    G28 X Y
    {% if printer.configfile.settings.safe_z_home %}
        G1 X{startX} Y{startY} F{maxVelocityAdjusted}
    {% endif %}
    M190 S{bedtempAlmost}                                ; set & wait for bed temp
    {% if kampEnabled == 0 %}
        M104 S{hotendtempStepTwo}                            ; set & don't wait for hotend temp
    {% endif %}
    M190 S{bedtemp}                                      ; set & wait for bed temp
    M140 S{bedtempSlicer}                                ; set & don't wait for bed temp ; set temp to sliced setting regardless
    {% if kampEnabled == 0 %}
        BED_MESH_PROFILE LOAD=default                        ; NOTE if not using a mesh, comment out this line
        SKEW_PROFILE LOAD=CaliFlower
        M104 S{hotendtemp}                                   ; set & don't wait for hotend temp
        G28 Z                                                ; final z homing
    {% else %}
        G28 Z                                                ; final z homing
        BED_MESH_CALIBRATE                                   ; KAMP mesh
        M104 S{hotendtemp}                                   ; set & don't wait for hotend temp
    {% endif %}
    G1 X0 Y0 F{maxVelocityAdjusted}
    M109 S{hotendtemp}                                   ; set & wait for hotend temp
    G1 Z20 F3000                                         ; move nozzle away from bed
 [gcode_macro PRINT_END]
 gcode:
    SET_SKEW CLEAR=1
    ADJUST_FILAMENT_SENSOR_STATUS ENABLE=0
    CONDITIONAL_BEEP I=2 DUR=30 FREQ=8500
    {% set PRE_PURGE_PRIME_LENGTH=printer["gcode_macro _globals"].pre_purge_prime_length|default(1.40)|float %}
    M400                                    ; wait for buffer to clear
    G92 E0                                  ; zero the extruder
    G1 E-{PRE_PURGE_PRIME_LENGTH} F400      ; retract filament
    G91                                     ; relative positioning
    #   Set safe speeds
    {% set zVelocity = printer.configfile.settings.printer.max_z_velocity|default(15)|int %}
    {% set maxVelocity = printer.configfile.settings.printer.max_velocity|default(200)|int %}
    {% set zVelocityAdjusted =  (0.95 * zVelocity * 60)|int  %}
    {% set maxVelocityAdjusted =  (0.95 * maxVelocity * 60)|int  %}
    #   Get Boundaries
    {% set max_x = printer.configfile.config["stepper_x"]["position_max"]|float %}
    {% set max_y = printer.configfile.config["stepper_y"]["position_max"]|float %}
    {% set max_z = printer.configfile.config["stepper_z"]["position_max"]|float %}
    #   Check end position to determine safe direction to move
    {% if printer.toolhead.position.x < (max_x - 20) %}
        {% set x_safe = 20.0 %}
    {% else %}
        {% set x_safe = -20.0 %}
    {% endif %}
    {% if printer.toolhead.position.y < (max_y - 20) %}
        {% set y_safe = 20.0 %}
    {% else %}
        {% set y_safe = -20.0 %}
    {% endif %}
    {% set lift_height = 25.0 %}
    {% if printer.toolhead.position.z < (max_z - lift_height) %}
        {% set z_safe = lift_height %}
    {% else %}
        {% set z_safe = max_z - printer.toolhead.position.z %}
    {% endif %}
    G0 Z{z_safe} F{zVelocityAdjusted}             ; move nozzle up
    G0 X{x_safe} Y{y_safe} F{maxVelocityAdjusted}   ; move nozzle to remove stringing
    TURN_OFF_HEATERS
    M107                           ; turn off fan
    G90                            ; absolute positioning
    G0 X60 Y{max_y} F3600          ; park nozzle at rear
    M84
 [gcode_macro LOAD_FILAMENT]
 gcode:
    M83                            ; set extruder to relative
    G1 E30 F300                    ; load
    G1 E15 F150                    ; prime nozzle with filament
    M82                            ; set extruder to absolute
 [gcode_macro UNLOAD_FILAMENT]
 gcode:
    M83                            ; set extruder to relative
    G1 E10 F300                    ; extrude a little to soften tip
    G1 E-40 F1800                  ; retract some, but not too much or it will jam
    M82                            ; set extruder to absolute
 [gcode_macro M600]
 gcode:
    CONDITIONAL_BEEP i=1 dur=300
    CONDITIONAL_BEEP i=1 dur=100
    CONDITIONAL_BEEP i=1 dur=100
    PAUSE                ; Pause
 [gcode_macro PAUSE]
 rename_existing: BASE_PAUSE
 gcode:
    # Parameters
    {% set z = params.Z|default(10)|int %}                                                   ; z hop amount
    {% if printer['pause_resume'].is_paused|int == 0 %}
        SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=zhop VALUE={z}                              ; set z hop variable for reference in resume macro
        SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=etemp VALUE={printer['extruder'].target}    ; set hotend temp variable for reference in resume macro
        ADJUST_FILAMENT_SENSOR_STATUS ENABLE=0
        SAVE_GCODE_STATE NAME=PAUSE                                                          ; save current print position for resume
        BASE_PAUSE                                                                           ; pause print
        {% if (printer.gcode_move.position.z + z) < printer.toolhead.axis_maximum.z %}       ; check that zhop doesn't exceed z max
            G91                                                                              ; relative positioning
            G1 Z{z} F900                                                                     ; raise Z up by z hop amount
        {% else %}
            { action_respond_info("Pause zhop exceeds maximum Z height.") }                  ; if z max is exceeded, show message and set zhop value for resume to 0
            SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=zhop VALUE=0
        {% endif %}
        G90                                                                                  ; absolute positioning
        G1 X{printer.toolhead.axis_maximum.x/2} Y{printer.toolhead.axis_minimum.y+5} F6000   ; park toolhead at front center
        SAVE_GCODE_STATE NAME=PAUSEPARK                                                      ; save parked position in case toolhead is moved during the pause (otherwise the return zhop can error)
        M104 S0                                                                              ; turn off hotend
        SET_IDLE_TIMEOUT TIMEOUT=43200                                                       ; set timeout to 12 hours
    {% endif %}
 [gcode_macro RESUME]
 rename_existing: BASE_RESUME
 variable_zhop: 0
 variable_etemp: 0
 gcode:
    # Parameters
    {% set e = params.E|default(2.5)|int %}                                          ; hotend prime amount (in mm)
    {% if printer['pause_resume'].is_paused|int == 1 %}
        ADJUST_FILAMENT_SENSOR_STATUS ENABLE=1
        SET_IDLE_TIMEOUT TIMEOUT={printer.configfile.settings.idle_timeout.timeout}  ; set timeout back to configured value
        {% if etemp > 0 %}
            M109 S{etemp|int}                                                        ; wait for hotend to heat back up
        {% endif %}
        RESTORE_GCODE_STATE NAME=PAUSEPARK MOVE=1 MOVE_SPEED=100                     ; go back to parked position in case toolhead was moved during pause (otherwise the return zhop can error)
        G91                                                                          ; relative positioning
        M83                                                                          ; relative extruder positioning
        {% if printer[printer.toolhead.extruder].temperature >= printer.configfile.settings.extruder.min_extrude_temp %}
            G1 Z{zhop * -1} E{e} F900                                                ; prime nozzle by E, lower Z back down
        {% else %}
            G1 Z{zhop * -1} F900                                                     ; lower Z back down without priming (just in case we are testing the macro with cold hotend)
        {% endif %}
        RESTORE_GCODE_STATE NAME=PAUSE MOVE=1 MOVE_SPEED=60                          ; restore position
        BASE_RESUME                                                                  ; resume print
    {% endif %}
 [gcode_macro _CG28]
 # Conditional homing
 gcode:
    {% if "xyz" not in printer.toolhead.homed_axes %}
        G28
    {% endif %}
 [gcode_macro BEEP]
 description: BEEP I=3 DUR=200 FREQ=2000: Beep 3 times, for 200ms each, at 2kHz frequency.
 gcode:
    # Parameters
    {% set i = params.I|default(1)|int %}           ; Iterations (number of times to beep).
    {% set dur = params.DUR|default(100)|int %}     ; Duration/wait of each beep in ms. Default 100ms.
    {% set freq = params.FREQ|default(2000)|int %}  ; Frequency in Hz. Default 2kHz.
    {% for iteration in range(i|int) %}
        SET_PIN PIN=beeper VALUE=0.8 CYCLE_TIME={ 1.0/freq if freq > 0 else 1 }
        G4 P{dur}
        SET_PIN PIN=beeper VALUE=0
        G4 P{dur}
    {% endfor %}
--- a/modules/services/printer/default.nix
+++ b/modules/services/printer/default.nix
@@ -0,0 +1,18 @@
 #
 #  Services
 #
 #  flake.nix
 #   ├─ ./hosts
 #   │   └─ home.nix
 #   └─ ./modules
 #       └─ ./services
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./klipper.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/printer/firmware.conf
+++ b/modules/services/printer/firmware.conf
@@ -0,0 +1,110 @@
 CONFIG_LOW_LEVEL_OPTIONS=y
 # CONFIG_MACH_AVR is not set
 # CONFIG_MACH_ATSAM is not set
 # CONFIG_MACH_ATSAMD is not set
 # CONFIG_MACH_LPC176X is not set
 CONFIG_MACH_STM32=y
 # CONFIG_MACH_HC32F460 is not set
 # CONFIG_MACH_RP2040 is not set
 # CONFIG_MACH_PRU is not set
 # CONFIG_MACH_AR100 is not set
 # CONFIG_MACH_LINUX is not set
 # CONFIG_MACH_SIMU is not set
 CONFIG_BOARD_DIRECTORY="stm32"
 CONFIG_MCU="stm32f103xe"
 CONFIG_CLOCK_FREQ=72000000
 CONFIG_SERIAL=y
 CONFIG_FLASH_SIZE=0x10000
 CONFIG_FLASH_BOOT_ADDRESS=0x8000000
 CONFIG_RAM_START=0x20000000
 CONFIG_RAM_SIZE=0x5000
 CONFIG_STACK_SIZE=512
 CONFIG_FLASH_APPLICATION_ADDRESS=0x8007000
 CONFIG_STM32_SELECT=y
 CONFIG_MACH_STM32F103=y
 # CONFIG_MACH_STM32F207 is not set
 # CONFIG_MACH_STM32F401 is not set
 # CONFIG_MACH_STM32F405 is not set
 # CONFIG_MACH_STM32F407 is not set
 # CONFIG_MACH_STM32F429 is not set
 # CONFIG_MACH_STM32F446 is not set
 # CONFIG_MACH_STM32F765 is not set
 # CONFIG_MACH_STM32F031 is not set
 # CONFIG_MACH_STM32F042 is not set
 # CONFIG_MACH_STM32F070 is not set
 # CONFIG_MACH_STM32F072 is not set
 # CONFIG_MACH_STM32G070 is not set
 # CONFIG_MACH_STM32G071 is not set
 # CONFIG_MACH_STM32G0B0 is not set
 # CONFIG_MACH_STM32G0B1 is not set
 # CONFIG_MACH_STM32G431 is not set
 # CONFIG_MACH_STM32G474 is not set
 # CONFIG_MACH_STM32H723 is not set
 # CONFIG_MACH_STM32H743 is not set
 # CONFIG_MACH_STM32H750 is not set
 # CONFIG_MACH_STM32L412 is not set
 # CONFIG_MACH_N32G452 is not set
 # CONFIG_MACH_N32G455 is not set
 # CONFIG_MACH_STM32F103x6 is not set
 CONFIG_MACH_STM32F1=y
 CONFIG_HAVE_STM32_USBFS=y
 CONFIG_HAVE_STM32_CANBUS=y
 CONFIG_STM32F103GD_DISABLE_SWD=y
 CONFIG_STM32_DFU_ROM_ADDRESS=0
 # CONFIG_STM32_FLASH_START_2000 is not set
 # CONFIG_STM32_FLASH_START_5000 is not set
 CONFIG_STM32_FLASH_START_7000=y
 # CONFIG_STM32_FLASH_START_8000 is not set
 # CONFIG_STM32_FLASH_START_8800 is not set
 # CONFIG_STM32_FLASH_START_9000 is not set
 # CONFIG_STM32_FLASH_START_10000 is not set
 # CONFIG_STM32_FLASH_START_800 is not set
 # CONFIG_STM32_FLASH_START_1000 is not set
 # CONFIG_STM32_FLASH_START_4000 is not set
 # CONFIG_STM32_FLASH_START_0000 is not set
 CONFIG_STM32_CLOCK_REF_8M=y
 # CONFIG_STM32_CLOCK_REF_12M is not set
 # CONFIG_STM32_CLOCK_REF_16M is not set
 # CONFIG_STM32_CLOCK_REF_20M is not set
 # CONFIG_STM32_CLOCK_REF_24M is not set
 # CONFIG_STM32_CLOCK_REF_25M is not set
 # CONFIG_STM32_CLOCK_REF_INTERNAL is not set
 CONFIG_CLOCK_REF_FREQ=8000000
 CONFIG_STM32F0_TRIM=16
 # CONFIG_STM32_USB_PA11_PA12 is not set
 CONFIG_STM32_SERIAL_USART1=y
 # CONFIG_STM32_SERIAL_USART1_ALT_PB7_PB6 is not set
 # CONFIG_STM32_SERIAL_USART2 is not set
 # CONFIG_STM32_SERIAL_USART2_ALT_PD6_PD5 is not set
 # CONFIG_STM32_SERIAL_USART3 is not set
 # CONFIG_STM32_SERIAL_USART3_ALT_PD9_PD8 is not set
 # CONFIG_STM32_CANBUS_PA11_PA12 is not set
 # CONFIG_STM32_CANBUS_PA11_PB9 is not set
 # CONFIG_STM32_MMENU_CANBUS_PB8_PB9 is not set
 # CONFIG_STM32_MMENU_CANBUS_PD0_PD1 is not set
 CONFIG_SERIAL_BAUD=250000
 CONFIG_USB_VENDOR_ID=0x1d50
 CONFIG_USB_DEVICE_ID=0x614e
 CONFIG_USB_SERIAL_NUMBER="12345"
 CONFIG_WANT_GPIO_BITBANGING=y
 CONFIG_WANT_DISPLAYS=y
 CONFIG_WANT_SENSORS=y
 CONFIG_WANT_LIS2DW=y
 CONFIG_WANT_LDC1612=y
 CONFIG_WANT_HX71X=y
 CONFIG_WANT_ADS1220=y
 CONFIG_WANT_SOFTWARE_I2C=y
 CONFIG_WANT_SOFTWARE_SPI=y
 CONFIG_NEED_SENSOR_BULK=y
 CONFIG_CANBUS_FREQUENCY=1000000
 CONFIG_INITIAL_PINS=""
 CONFIG_HAVE_GPIO=y
 CONFIG_HAVE_GPIO_ADC=y
 CONFIG_HAVE_GPIO_SPI=y
 CONFIG_HAVE_GPIO_I2C=y
 CONFIG_HAVE_GPIO_HARD_PWM=y
 CONFIG_HAVE_STRICT_TIMING=y
 CONFIG_HAVE_CHIPID=y
 CONFIG_HAVE_STEPPER_BOTH_EDGE=y
 CONFIG_HAVE_BOOTLOADER_REQUEST=y
 CONFIG_INLINE_STEPPER_HACK=y
--- a/modules/services/printer/klipper.nix
+++ b/modules/services/printer/klipper.nix
@@ -0,0 +1,101 @@
 { lib, config, pkgs, ... }:
 {
    environment = {
      systemPackages = with pkgs; [
         klipperscreen
      ];
    };
    services = {
      klipper = {
        enable = true;
 	user = "moonraker";
 	group = "moonraker";
 	configFile = ./printer.cfg;
 	mutableConfig = true;
 	configDir = "/var/lib/moonraker/config";
 	firmwares."sovol06" = {
 	  serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
 	  enableKlipperFlash = true;
 	  enable = true;
 	  configFile = ./firmware.conf;
 	};
      };
      mainsail = {
        enable = true;
 	nginx = {
 	  enableACME = false;
 	  #useACMEHost = "home.opel-online.de";
 	  serverName = "nbf5.home.opel-online.de";
 	  #onlySSL = true;
 	  #listenAddresses = [ "0.0.0.0" "::" ];
 	  #forceSSL = true;
        };
      };
      moonraker = {
        enable = true;
 	allowSystemControl = true;
        address = "0.0.0.0";
        settings = {
          authorization = {
            force_logins = true;
            cors_domains = [
              "*://nbf5.home.opel-online.de"
              "*.local"
            ];
            trusted_clients = [
              "127.0.0.0/8"
              "192.168.2.0/24"
            ];
          };
 	  file_manager = {
 	    enable_object_processing = true;
 	  };
        };
      };
 #      nginx = {
 #        enable = true;
 #        recommendedProxySettings = true;
 #        recommendedTlsSettings = true;
 #        recommendedGzipSettings = true;
 #        recommendedOptimisation = true;
 #        virtualHosts = {
 #          "ci.kabtop.de" = {
 #            enableACME = true;
 #            forceSSL = true;
 #            default = true;
 #            locations."/".return = "503";
 #          };
 #          "hydra.ci.kabtop.de" = {
 #            enableACME = true;
 #            forceSSL = true;
 #            locations."/" = {
 #              proxyPass = "http://localhost:3000";
 #              extraConfig = ''
 #                proxy_set_header X-Forwarded-Port 443;
 #              '';
 #            };
 #          };
 #          "cache.ci.kabtop.de" = {
 #            enableACME = true;
 #            forceSSL = true;
 #            locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
 #          };
 #        };
 #      };
 #    };
 #
 #    security.acme = {
 #      acceptTerms = true;
 #      defaults = {
 #        email = "webmaster@kabtop.de";
 #        webroot = "/var/lib/acme/acme-challenge";
 #        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 #      };
    };
 }
--- a/modules/services/printer/mainsail.cfg
+++ b/modules/services/printer/mainsail.cfg
@@ -0,0 +1,313 @@
 ## Client klipper macro definitions
 ##
 ## Copyright (C) 2022 Alex Zellner <alexander.zellner@googlemail.com>
 ##
 ## This file may be distributed under the terms of the GNU GPLv3 license
 ##
 ## !!! This file is read-only. Maybe the used editor indicates that. !!!
 ##
 ## Customization:
 ##   1) copy the gcode_macro _CLIENT_VARIABLE (see below) to your printer.cfg
 ##   2) remove the comment mark (#) from all lines
 ##   3) change any value in there to your needs
 ##
 ## Use the PAUSE macro direct in your M600:
 ##  e.g. with a different park position front left and a minimal height of 50 
 ##    [gcode_macro M600]
 ##    description: Filament change
 ##    gcode: PAUSE X=10 Y=10 Z_MIN=50
 ##  Z_MIN will park the toolhead at a minimum of 50 mm above to bed to make it easier for you to swap filament.
 ##
 ## Client variable macro for your printer.cfg
 #[gcode_macro _CLIENT_VARIABLE]
 #variable_use_custom_pos   : False ; use custom park coordinates for x,y [True/False]
 #variable_custom_park_x    : 0.0   ; custom x position; value must be within your defined min and max of X
 #variable_custom_park_y    : 0.0   ; custom y position; value must be within your defined min and max of Y
 #variable_custom_park_dz   : 2.0   ; custom dz value; the value in mm to lift the nozzle when move to park position
 #variable_retract          : 1.0   ; the value to retract while PAUSE
 #variable_cancel_retract   : 5.0   ; the value to retract while CANCEL_PRINT
 #variable_speed_retract    : 35.0  ; retract speed in mm/s
 #variable_unretract        : 1.0   ; the value to unretract while RESUME
 #variable_speed_unretract  : 35.0  ; unretract speed in mm/s
 #variable_speed_hop        : 15.0  ; z move speed in mm/s
 #variable_speed_move       : 100.0 ; move speed in mm/s
 #variable_park_at_cancel   : False ; allow to move the toolhead to park while execute CANCEL_PRINT [True/False]
 #variable_park_at_cancel_x : None  ; different park position during CANCEL_PRINT [None/Position as Float]; park_at_cancel must be True
 #variable_park_at_cancel_y : None  ; different park position during CANCEL_PRINT [None/Position as Float]; park_at_cancel must be True
 ## !!! Caution [firmware_retraction] must be defined in the printer.cfg if you set use_fw_retract: True !!!
 #variable_use_fw_retract   : False ; use fw_retraction instead of the manual version [True/False]
 #variable_idle_timeout     : 0     ; time in sec until idle_timeout kicks in. Value 0 means that no value will be set or restored
 #variable_runout_sensor    : ""    ; If a sensor is defined, it will be used to cancel the execution of RESUME in case no filament is detected.
 ##                                   Specify the config name of the runout sensor e.g "filament_switch_sensor runout". Hint use the same as in your printer.cfg
 ## !!! Custom macros, please use with care and review the section of the corresponding macro.
 ## These macros are for simple operations like setting a status LED. Please make sure your macro does not interfere with the basic macro functions.
 ## Only  single line commands are supported, please create a macro if you need more than one command.
 #variable_user_pause_macro : ""    ; Everything inside the "" will be executed after the klipper base pause (PAUSE_BASE) function
 #variable_user_resume_macro: ""    ; Everything inside the "" will be executed before the klipper base resume (RESUME_BASE) function
 #variable_user_cancel_macro: ""    ; Everything inside the "" will be executed before the klipper base cancel (CANCEL_PRINT_BASE) function
 #gcode:
 [virtual_sdcard]
 path: ~/printer_data/gcodes
 on_error_gcode: CANCEL_PRINT
 [pause_resume]
 #recover_velocity: 50.
 #   When capture/restore is enabled, the speed at which to return to
 #   the captured position (in mm/s). Default is 50.0 mm/s.
 [display_status]
 [respond]
 [gcode_macro CANCEL_PRINT]
 description: Cancel the actual running print
 rename_existing: CANCEL_PRINT_BASE
 gcode:
  ##### get user parameters or use default #####
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set allow_park = client.park_at_cancel|default(false)|lower == 'true' %}
  {% set retract = client.cancel_retract|default(5.0)|abs %}
  ##### define park position #####
  {% set park_x = "" if (client.park_at_cancel_x|default(none) is none)
            else "X=" ~ client.park_at_cancel_x %}
  {% set park_y = "" if (client.park_at_cancel_y|default(none) is none)
            else "Y=" ~ client.park_at_cancel_y %}
  {% set custom_park = park_x|length > 0 or park_y|length > 0 %}
  ##### end of definitions #####
  # restore idle_timeout time if needed
  {% if printer['gcode_macro RESUME'].restore_idle_timeout > 0 %}
    SET_IDLE_TIMEOUT TIMEOUT={printer['gcode_macro RESUME'].restore_idle_timeout}
  {% endif %}
  {% if (custom_park or not printer.pause_resume.is_paused) and allow_park %} _TOOLHEAD_PARK_PAUSE_CANCEL {park_x} {park_y} {% endif %}
  _CLIENT_RETRACT LENGTH={retract}
  TURN_OFF_HEATERS
  M106 S0
  {client.user_cancel_macro|default("")}
  SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=idle_state VALUE=False
  # clear pause_next_layer and pause_at_layer as preparation for next print
  SET_PAUSE_NEXT_LAYER ENABLE=0
  SET_PAUSE_AT_LAYER ENABLE=0 LAYER=0
  CANCEL_PRINT_BASE
 [gcode_macro PAUSE]
 description: Pause the actual running print
 rename_existing: PAUSE_BASE
 gcode:
  ##### get user parameters or use default ##### 
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set idle_timeout = client.idle_timeout|default(0) %}
  {% set temp = printer[printer.toolhead.extruder].target if printer.toolhead.extruder != '' else 0 %}
  {% set restore = False if printer.toolhead.extruder == ''
              else True  if params.RESTORE|default(1)|int == 1 else False %}
  ##### end of definitions #####
  SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=last_extruder_temp VALUE="{{'restore': restore, 'temp': temp}}"
  # set a new idle_timeout value
  {% if idle_timeout > 0 %}
    SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=restore_idle_timeout VALUE={printer.configfile.settings.idle_timeout.timeout}
    SET_IDLE_TIMEOUT TIMEOUT={idle_timeout}
  {% endif %}
  PAUSE_BASE
  {client.user_pause_macro|default("")}
  _TOOLHEAD_PARK_PAUSE_CANCEL {rawparams}
 [gcode_macro RESUME]
 description: Resume the actual running print
 rename_existing: RESUME_BASE
 variable_last_extruder_temp: {'restore': False, 'temp': 0}
 variable_restore_idle_timeout: 0
 variable_idle_state: False
 gcode:
  ##### get user parameters or use default #####
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set velocity = printer.configfile.settings.pause_resume.recover_velocity %}
  {% set sp_move = client.speed_move|default(velocity) %}
  {% set runout_resume = True if client.runout_sensor|default("") == ""     # no runout
                    else True if not printer[client.runout_sensor].enabled  # sensor is disabled
                    else printer[client.runout_sensor].filament_detected %} # sensor status
  {% set can_extrude = True if printer.toolhead.extruder == ''           # no extruder defined in config
                  else printer[printer.toolhead.extruder].can_extrude %} # status of active extruder
  {% set do_resume = False %}
  {% set prompt_txt = [] %}
  ##### end of definitions #####
  #### Printer comming from timeout idle state ####
  {% if printer.idle_timeout.state|upper == "IDLE" or idle_state %}
    SET_GCODE_VARIABLE MACRO=RESUME VARIABLE=idle_state VALUE=False
    {% if last_extruder_temp.restore %}
      # we need to use the unicode (\u00B0) for the ° as py2 env's would throw an error otherwise 
      RESPOND TYPE=echo MSG='{"Restoring \"%s\" temperature to %3.1f\u00B0C, this may take some time" % (printer.toolhead.extruder, last_extruder_temp.temp) }'
      M109 S{last_extruder_temp.temp}
      {% set do_resume = True %}
    {% elif can_extrude %}
      {% set do_resume = True %}
    {% else %} 
      RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder}'
      {% set _d = prompt_txt.append("\"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder) %}
    {% endif %}
  #### Printer comming out of regular PAUSE state ####
  {% elif can_extrude %}
    {% set do_resume = True %}
  {% else %}
    RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder}'
    {% set _d = prompt_txt.append("\"%s\" not hot enough, please heat up again and press RESUME" % printer.toolhead.extruder) %}
  {% endif %}
  {% if runout_resume %}
    {% if do_resume %}
      {% if restore_idle_timeout > 0 %} SET_IDLE_TIMEOUT TIMEOUT={restore_idle_timeout} {% endif %} # restore idle_timeout time
      {client.user_resume_macro|default("")}
      _CLIENT_EXTRUDE
      RESUME_BASE VELOCITY={params.VELOCITY|default(sp_move)}
    {% endif %}
  {% else %}
    RESPOND TYPE=error MSG='{"Resume aborted !!! \"%s\" detects no filament, please load filament and press RESUME" % (client.runout_sensor.split(" "))[1]}'
    {% set _d = prompt_txt.append("\"%s\" detects no filament, please load filament and press RESUME" % (client.runout_sensor.split(" "))[1]) %}
  {% endif %}
  ##### Generate User Information box in case of abort #####
  {% if not (runout_resume and do_resume) %} 
    RESPOND TYPE=command MSG="action:prompt_begin RESUME aborted !!!"
    {% for element in prompt_txt %}
      RESPOND TYPE=command MSG='{"action:prompt_text %s" % element}' 
    {% endfor %}
    RESPOND TYPE=command MSG="action:prompt_footer_button Ok|RESPOND TYPE=command MSG=action:prompt_end|info"
    RESPOND TYPE=command MSG="action:prompt_show"
  {% endif %}
 # Usage: SET_PAUSE_NEXT_LAYER [ENABLE=[0|1]] [MACRO=<name>]
 [gcode_macro SET_PAUSE_NEXT_LAYER]
 description: Enable a pause if the next layer is reached
 gcode:
  {% set pause_next_layer = printer['gcode_macro SET_PRINT_STATS_INFO'].pause_next_layer %}
  {% set ENABLE = params.ENABLE|default(1)|int != 0 %}
  {% set MACRO = params.MACRO|default(pause_next_layer.call, True) %}
  SET_GCODE_VARIABLE MACRO=SET_PRINT_STATS_INFO VARIABLE=pause_next_layer VALUE="{{ 'enable': ENABLE, 'call': MACRO }}"
 # Usage: SET_PAUSE_AT_LAYER [ENABLE=[0|1]] [LAYER=<number>] [MACRO=<name>]
 [gcode_macro SET_PAUSE_AT_LAYER]
 description: Enable/disable a pause if a given layer number is reached
 gcode:
  {% set pause_at_layer = printer['gcode_macro SET_PRINT_STATS_INFO'].pause_at_layer %}
  {% set ENABLE = params.ENABLE|int != 0 if params.ENABLE is defined
             else params.LAYER is defined %}
  {% set LAYER = params.LAYER|default(pause_at_layer.layer)|int %}
  {% set MACRO = params.MACRO|default(pause_at_layer.call, True) %}
  SET_GCODE_VARIABLE MACRO=SET_PRINT_STATS_INFO VARIABLE=pause_at_layer VALUE="{{ 'enable': ENABLE, 'layer': LAYER, 'call': MACRO }}"
 # Usage: SET_PRINT_STATS_INFO [TOTAL_LAYER=<total_layer_count>] [CURRENT_LAYER= <current_layer>]
 [gcode_macro SET_PRINT_STATS_INFO]
 rename_existing: SET_PRINT_STATS_INFO_BASE
 description: Overwrite, to get pause_next_layer and pause_at_layer feature
 variable_pause_next_layer: { 'enable': False, 'call': "PAUSE" }
 variable_pause_at_layer  : { 'enable': False, 'layer': 0, 'call': "PAUSE" }
 gcode:
  {% if pause_next_layer.enable %}
    RESPOND TYPE=echo MSG='{"%s, forced by pause_next_layer" % pause_next_layer.call}'
    {pause_next_layer.call} ; execute the given gcode to pause, should be either M600 or PAUSE
    SET_PAUSE_NEXT_LAYER ENABLE=0
  {% elif pause_at_layer.enable and params.CURRENT_LAYER is defined and params.CURRENT_LAYER|int == pause_at_layer.layer %}
    RESPOND TYPE=echo MSG='{"%s, forced by pause_at_layer [%d]" % (pause_at_layer.call, pause_at_layer.layer)}'
    {pause_at_layer.call} ; execute the given gcode to pause, should be either M600 or PAUSE
    SET_PAUSE_AT_LAYER ENABLE=0
  {% endif %}
  SET_PRINT_STATS_INFO_BASE {rawparams}
 ##### internal use #####
 [gcode_macro _TOOLHEAD_PARK_PAUSE_CANCEL]
 description: Helper: park toolhead used in PAUSE and CANCEL_PRINT
 gcode:
  ##### get user parameters or use default #####
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set velocity = printer.configfile.settings.pause_resume.recover_velocity %}
  {% set use_custom     = client.use_custom_pos|default(false)|lower == 'true' %}
  {% set custom_park_x  = client.custom_park_x|default(0.0) %}
  {% set custom_park_y  = client.custom_park_y|default(0.0) %}
  {% set park_dz        = client.custom_park_dz|default(2.0)|abs %}
  {% set sp_hop         = client.speed_hop|default(15) * 60 %}
  {% set sp_move        = client.speed_move|default(velocity) * 60 %}
  ##### get config and toolhead values #####
  {% set origin    = printer.gcode_move.homing_origin %}
  {% set act       = printer.gcode_move.gcode_position %}
  {% set max       = printer.toolhead.axis_maximum %}
  {% set cone      = printer.toolhead.cone_start_z|default(max.z) %} ; height as long the toolhead can reach max and min of an delta
  {% set round_bed = True if printer.configfile.settings.printer.kinematics is in ['delta','polar','rotary_delta','winch']
                else False %}
  ##### define park position #####
  {% set z_min = params.Z_MIN|default(0)|float %}
  {% set z_park = [[(act.z + park_dz), z_min]|max, (max.z - origin.z)]|min %}
  {% set x_park = params.X       if params.X is defined
             else custom_park_x  if use_custom
             else 0.0            if round_bed
             else (max.x - 5.0) %}
  {% set y_park = params.Y       if params.Y is defined
             else custom_park_y  if use_custom
             else (max.y - 5.0)  if round_bed and z_park < cone
             else 0.0            if round_bed
             else (max.y - 5.0) %}
  ##### end of definitions #####
  _CLIENT_RETRACT
  {% if "xyz" in printer.toolhead.homed_axes %}
    G90
    G1 Z{z_park} F{sp_hop}
    G1 X{x_park} Y{y_park} F{sp_move}
    {% if not printer.gcode_move.absolute_coordinates %} G91 {% endif %}
  {% else %}
    RESPOND TYPE=echo MSG='Printer not homed'
  {% endif %}
 [gcode_macro _CLIENT_EXTRUDE]
 description: Extrudes, if the extruder is hot enough
 gcode:
  ##### get user parameters or use default #####
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set use_fw_retract = (client.use_fw_retract|default(false)|lower == 'true') and (printer.firmware_retraction is defined) %}
  {% set length = params.LENGTH|default(client.unretract)|default(1.0)|float %}
  {% set speed = params.SPEED|default(client.speed_unretract)|default(35) %}
  {% set absolute_extrude = printer.gcode_move.absolute_extrude %}
  ##### end of definitions #####
  {% if printer.toolhead.extruder != '' %}
    {% if printer[printer.toolhead.extruder].can_extrude %}
      {% if use_fw_retract %}
        {% if length < 0 %}
          G10
        {% else %}
          G11
        {% endif %}
      {% else %}
        M83
        G1 E{length} F{(speed|float|abs) * 60}
        {% if absolute_extrude %}
          M82
        {% endif %}
      {% endif %}
    {% else %}
      RESPOND TYPE=echo MSG='{"\"%s\" not hot enough" % printer.toolhead.extruder}'
    {% endif %}
  {% endif %}
 [gcode_macro _CLIENT_RETRACT]
 description: Retracts, if the extruder is hot enough
 gcode:
  {% set client = printer['gcode_macro _CLIENT_VARIABLE']|default({}) %}
  {% set length = params.LENGTH|default(client.retract)|default(1.0)|float %}
  {% set speed = params.SPEED|default(client.speed_retract)|default(35) %}
  _CLIENT_EXTRUDE LENGTH=-{length|float|abs} SPEED={speed|float|abs}
 [gcode_macro _CLIENT_LINEAR_MOVE]
 description: Linear move with save and restore of the gcode state
 gcode:
  {% set x_move = "X" ~ params.X if params.X is defined else "" %}
  {% set y_move = "Y" ~ params.Y if params.Y is defined else "" %}
  {% set z_move = "Z" ~ params.Z if params.Z is defined else "" %}
  {% set e_move = "E" ~ params.E if params.E is defined else "" %}
  {% set rate = "F" ~ params.F if params.F is defined else "" %}
  {% set ABSOLUTE = params.ABSOLUTE | default(0) | int != 0 %}
  {% set ABSOLUTE_E = params.ABSOLUTE_E | default(0) | int != 0 %}
  SAVE_GCODE_STATE NAME=_client_movement
  {% if x_move or y_move or z_move %}
    G9{ 0 if ABSOLUTE else 1 }
  {% endif %}
  {% if e_move %}
    M8{ 2 if ABSOLUTE_E else 3 }
  {% endif %}
  G1 { x_move } { y_move } { z_move } { e_move } { rate }
  RESTORE_GCODE_STATE NAME=_client_movement
--- a/modules/services/printer/nginx.nix
+++ b/modules/services/printer/nginx.nix
@@ -0,0 +1,53 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    virtualHosts = {
      "home.opel-online.de" = {
        enableACME = true;
        forceSSL = true;
        default = true;
        locations."/".return = "503";
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "webmaster@opel-online.de";
 #      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      dnsResolver = "9.9.9.9:53";
    };
    certs = {
      "home.opel-online.de" = {
        domain = "*.home.opel-online.de";
        dnsProvider = "netcup";
        environmentFile = config.age.secrets."services/acme/opel-online".path;
        webroot = null;
      };
    };
  };
  networking.firewall = {
    enable = true;
    allowedUDPPorts = [  ];
    allowedTCPPorts = [ 80 443 ];
  };
  age.secrets."services/acme/opel-online" = {
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/printer/osskc.cfg
+++ b/modules/services/printer/osskc.cfg
@@ -0,0 +1,11 @@
 [include ./cfgs/misc-macros.cfg]
 [include ./cfgs/PARKING.cfg]
 [include ./cfgs/MECHANICAL_GANTRY_CALIBRATION.cfg]
 [include ./cfgs/CALIBRATION.cfg]
 [include ./cfgs/kamp/KAMP_Settings.cfg]
 [include ./cfgs/TEST_SPEED.cfg]
 # NOTE Uncomment the ONE of the following lines if you're using an adxl345
 # [include ./cfgs/adxl-rp2040.cfg]
 # [include ./cfgs/adxl-rpi-pico-2x.cfg]
 # [include ./cfgs/adxl-direct.cfg]
--- a/Show More
+++ b/Show More