Merge branch 'main' of codeberg.org:muon/home

hosts/muho/configuration.nix

@@ -1,5 +1,11 @@
 { config, lib, pkgs, inputs, system, ... }:
-let cfg = config.mods;
+let
+  cfg = config.mods;
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEio+Y5wBVD1wILaH2R3wV10FvVjiqy/4gGBWHOITTB muon@muon"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKevYmkH7xvYoquBjnYZ7PJiVqf+GOh9fxAJBN6wZGBB gin4@hi.is"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmAOd9VbhyJeibt6Vrb101MNTk5W8+rh94Djv/C+pyu muon@muho"
+  ];
 in {
   # Hardware
   imports = [ ./hardware-configuration.nix ../ports.nix ];
@@ -29,16 +35,37 @@ in {
   mods.server.reddit.enable = true;
 
   mods.server.grav.enable = true;
+  mods.server.homebox.enable = true;
+  mods.server.share.enable = false;
+  mods.server.vault.enable = true;
+  mods.server.git.enable = true;
+  mods.server.cal.enable = true;
+  mods.server.chat.enable = false;
+  mods.server.ntfy.enable = true;
+  mods.server.lemmy.enable = true;
+  mods.server.audio.enable = true;
+  mods.server.atuin.enable = true;
+
+  mods.server.dash.enable = false;
+  mods.server.nginx.ports.dash = 3009;
 
   mods.tailscale.enable = true;
   mods.wireguard.id = 3;
 
   services.xserver.windowManager.i3.enable = false;
 
+  users.users.muon.openssh.authorizedKeys.keys = keys;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+
   # Proprietary </3
   mods.unfree.steam.enable = false;
   mods.unfree.nvidia.enable = false;
-  mods.unfree.minecraft.enable = false;
+  mods.unfree.minecraft.enable = true;
+
+  mods.unfree.valheim.enable = false;
+  mods.server.vrising.enable = false;
+  # mods.server.statech.enable = true;
+  # mods.server.astral.enable = true;
 
   # Hardware preferences
 
@@ -103,5 +130,5 @@ in {
   # hardware.nvidia.powerManagement.enable = false;
 
   # Version of first install
-  system.stateVersion = "23.05";
+  system.stateVersion = "23.11";
 }

hosts/muho/hardware-configuration.nix

@@ -65,6 +65,12 @@
     options = [ "subvol=base" "compress=zstd" "noatime" ];
   };
 
+  fileSystems."/srv" = {
+    device = "/dev/disk/by-uuid/9067ce83-2520-4543-8b7f-38949e1b8b8b";
+    fsType = "btrfs";
+    options = [ "subvol=base" "compress=zstd" "noatime" ];
+  };
+
   fileSystems."/storage1" = {
     device = "storage1";
     fsType = "zfs";

hosts/muho/home.nix

@@ -1,9 +1,9 @@
-{ pkgs, lib, osConfig, ... }:
+{ pkgs, lib, osConfig, sources, ... }:
 let cfg = osConfig.mods;
 in {
   # Modules
   mods.xdg.enable = true;
-  mods.social.enable = true;
+  mods.social.enable = false;
   mods.i3.enable = false;
   mods.terminal.zsh.enable = true;
   mods.terminal.emulator.enable = false;

hosts/muin/configuration.nix

@@ -0,0 +1,49 @@
+{
+  inputs,
+  system,
+  config,
+  lib,
+  ...
+}: {
+  # Hardware
+  imports = [
+    ./hardware-configuration.nix
+    (inputs.nixpkgs
+      + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+  ];
+
+  # Install
+  environment.etc.sops-key = {
+    source = "/home/muon/.config/sops-nix/secrets/sops-key";
+    target = "sops-nix/key.txt";
+  };
+  sops.age.keyFile = lib.mkForce "/etc/sops-nix/key.txt";
+
+  # System
+  mods.user.name = "muon";
+  networking.hostName = "murk";
+  networking.hostId = "a2309090";
+  mods.home.file = ./home.nix;
+
+  # Modules
+  mods.desktop.enable = true;
+  mods.boot.enable = false;
+
+  mods.theme.enable = true;
+  mods.theme.scheme = "woodland";
+  mods.theme.wallpaper = ./wallpaper.png;
+
+  services.xserver.windowManager.i3.enable = true;
+
+  # Hardware preferences
+  environment.variables = {
+    WINIT_HIDPI_FACTOR = "1";
+    WINIT_X11_SCALE_FACTOR = "1";
+  };
+
+  ## Mouse
+  services.libinput.mouse.accelProfile = "flat";
+
+  # Version of first install
+  system.stateVersion = "23.05";
+}

hosts/muin/disk-config.nix

@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                # settings = {
+                #   allowDiscards = true;
+                #   keyFile = "/tmp/secret.key";
+                # };
+                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "4G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}

hosts/muin/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  boot.supportedFilesystems = ["btrfs"];
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  networking.useDHCP = lib.mkForce true;
+
+  # imports = [
+  #   (modulesPath + "/profiles/qemu-guest.nix")
+  # ];
+  #
+  # virtualisation.vmVariant = {
+  #   # following configuration is added only when building VM with build-vm
+  #   virtualisation = {
+  #     memorySize = 4096; # Use 2048MiB memory.
+  #     cores = 3;
+  #   };
+  # };
+}

hosts/muin/home.nix

@@ -0,0 +1,148 @@
+{
+  pkgs,
+  lib,
+  config,
+  osConfig,
+  inputs,
+  ...
+}: let
+  cfg = osConfig.mods;
+  installScript = pkgs.writeShellApplication {
+    name = "install-flake";
+    text = ''
+      msg() {
+        printf "\033[01;32minstall-flake: \033[0m%s\n" "$1"
+      }
+
+      msg "Cloning config..."
+      if [[ ! "$PWD" == "$HOME" ]]; then
+        cd
+      fi
+      if [[ ! -d "home" ]]; then
+        git clone https://codeberg.org/muon/home
+      else
+        msg "Already cloned!"
+      fi
+      cd home
+      nvim hosts/"$(hostname)"/disk-config.nix
+
+      msg "Running disko..."
+      if ! mount | grep "on /mnt" ; then
+        sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/"$(hostname)"/disk-config.nix
+      else
+        msg "Already mounted!"
+      fi
+
+      msg "Making blank root snapshot..."
+      sudo mkdir -p /tmp/mnt
+      sudo mount /dev/mapper/crypted /tmp/mnt
+      if [[ ! -e /tmp/mnt/root-blank ]]; then
+        sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank
+      else
+        msg "Already snapshotted!"
+      fi
+      sudo umount /tmp/mnt
+
+      msg "Retrieving sops key..."
+      sudo mkdir -p /mnt/persist/var/lib/sops-nix
+      if [[ ! -e /mnt/persist/var/lib/sops-nix/key.txt ]]; then
+        rbw config set email admin@muon.host
+        rbw config set base_url https://vault.muon.host
+        rbw login
+        rbw get sops | sudo tee /mnt/persist/var/lib/sops-nix/key.txt
+        # sudo cp /etc/sops-nix/key.txt /mnt/persist/var/lib/sops-nix/key.txt
+        sudo chown muon:users /mnt/persist/var/lib/sops-nix -R
+      else
+        msg "Already retrieved!"
+      fi
+
+      msg "Setting hardware config..."
+      sudo nixos-generate-config --no-filesystems --root /mnt
+      cp /mnt/etc/nixos/hardware-configuration.nix hosts/"$(hostname)"/hardware-configuration.nix
+
+      msg "Installing NixOS config..."
+      sudo nixos-install --root /mnt --no-root-passwd --flake .#"$(hostname)"
+
+      msg "Edit persistent filesystem..."
+      PERSIST="$HOME/persist.sh"
+      if [[ ! -e $PERSIST ]]; then
+        sudo cp "$HOME/persist.txt" "$PERSIST"
+        sudo chmod +w "$PERSIST"
+      fi
+      nvim "$PERSIST"
+
+      msg "Copying persistent filesystem..."
+      make_persist() {
+        F="$1"
+        P="/mnt/persist''${1#/mnt}"
+        echo "$P"
+        if [[ -e "$F" ]]; then
+          sudo mkdir -p "$(dirname "$P")"
+        else
+          msg "Error: $F does not exist!"
+          return 0
+        fi
+        if [[ -d "$F" ]]; then
+          if [[ -n "$( ls -A "$F")" ]]; then
+            sudo cp -r "$F/"* "$P"
+          fi
+        elif [[ -f "$F" ]]; then
+          sudo cp "$F" "$P"
+        fi
+      }
+      grep -v '^#' "$PERSIST" | while read -r file ; do
+        make_persist "$file"
+      done
+    '';
+  };
+in {
+  # Install
+  # sops.age.keyFile = lib.mkForce "/etc/sops-nix/key.txt";
+  programs.atuin.enable = lib.mkForce false;
+  home.file.persist = {
+    target = "persist.txt";
+    text = ''
+      /mnt/var/lib/nixos
+      /mnt/var/lib/systemd/coredump
+      /mnt/etc/machine-id
+      /etc/NetworkManager
+      /var/lib/NetworkManager
+    '';
+  };
+  home.packages = with pkgs;
+    [
+      installScript
+    ]
+    # Modules
+    ++ [
+      pulseaudio
+      pavucontrol
+      alsa-utils
+    ];
+
+  mods.xdg.enable = true;
+  mods.i3.enable = true;
+  mods.battery.enable = true;
+  mods.terminal.zsh.enable = true;
+  mods.terminal.emulator.enable = true;
+  mods.terminal.development.enable = true;
+  mods.terminal.tools.enable = true;
+  mods.desktop.development.enable = true;
+  mods.desktop.productivity.enable = false;
+
+  # Hardware preferences
+  ## Monitors
+  services.autorandr.enable = true;
+  programs.autorandr = {
+    enable = true;
+    hooks.postswitch = {
+      "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
+      "set-wallpaper" = ''
+        ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
+      '';
+    };
+  };
+
+  # Version of first install
+  home.stateVersion = "23.05";
+}

hosts/muon/configuration.nix

@@ -1,37 +1,55 @@
-{ config, lib, pkgs, inputs, system, ... }:
-let cfg = config.mods;
-
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  system,
+  sources,
+  ...
+}: let
+  cfg = config.mods;
 in {
   # Hardware
-  imports = [
-    ./hardware-configuration.nix
-    inputs.shabitica.nixosModules."x86_64-linux".default
-    inputs.actual.nixosModules.default
-  ];
+  imports = [./hardware-configuration.nix ./openrgb.nix];
 
   environment.systemPackages = with inputs.nix-alien.packages.${system};
-    [ nix-alien ];
+  with pkgs; [
+    nix-alien
+    r2modman
+    lutris
+    godot
+    rustdesk-flutter
+    motion
+    qmk
+    gnumeric
+    opensnitch
+    opensnitch-ui
+  ];
 
   # System
   mods.user.name = "muon";
   networking.hostName = cfg.user.name;
+  networking.hostId = "a230906f";
   mods.home.file = ./home.nix;
+  nix.settings.trusted-users = ["root" "muon"];
 
   # Modules
   mods.desktop.enable = true;
   mods.desktop.wayland.enable = false;
   mods.desktop.gaming.enable = true;
   mods.boot.enable = true;
+  mods.clamav.enable = true;
 
   mods.theme.enable = true;
   mods.theme.scheme = "woodland";
   mods.theme.wallpaper = ./wallpaper.png;
 
   mods.containers.steam.enable = false;
-  mods.server.media.enable = true;
-  mods.server.astral.enable = true;
+  mods.server.astral.enable = false;
   mods.server.astral.autoStart = false;
+  mods.server.nvr.enable = false;
 
+  mods.docker.enable = true;
   mods.docker.media.enable = false;
 
   mods.server.sync.enable = true;
@@ -43,6 +61,12 @@ in {
   services.xserver.windowManager.i3.enable = true;
   services.actual.enable = true;
 
+  virtualisation.virtualbox.host.enable = true;
+  users.extraGroups.vboxusers.members = ["user-with-access-to-virtualbox"];
+
+  services.picom.enable = true;
+  services.picom.opacityRules = ["50:name *= '^Cheat$'"];
+
   # Proprietary </3
   mods.unfree.steam.enable = true;
   mods.unfree.nvidia.enable = true;
@@ -53,6 +77,9 @@ in {
   ## Mouse
   services.libinput.mouse.accelProfile = "flat";
 
+  ## Keyboard
+  hardware.keyboard.qmk.enable = true;
+
   ## Monitors
   mods.monitors = {
     primary = {

hosts/muon/hardware-configuration.nix

@@ -1,16 +1,20 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
 
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  virtualisation.libvirtd.enable = true;
+  boot.supportedFilesystems = ["zfs" "ntfs" "btrfs"];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/03e49688-cc62-49c9-a906-e2ea87a38891";
@@ -18,10 +22,8 @@
   };
 
   boot.initrd.luks.devices = {
-    "luks-root".device =
-      "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260";
-    "luks-swap".device =
-      "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3";
+    "luks-root".device = "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260";
+    "luks-swap".device = "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3";
   };
 
   fileSystems."/mnt/bulk" = {
@@ -32,11 +34,11 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/CCCC-449E";
     fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
+    options = ["fmask=0022" "dmask=0022"];
   };
 
   swapDevices = [
-    { device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722"; }
+    {device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722";}
     {
       device = "/var/lib/swapfile";
       size = 8 * 1024;
@@ -50,7 +52,7 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
   networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s31f6.mtu = 1200;
+  networking.interfaces.enp0s31f6.mtu = 1280;
   # networking.interfaces.tun0.useDHCP = lib.mkDefault true;
   # networking.interfaces.vboxnet0.useDHCP = lib.mkDefault true;
 

hosts/muon/openrgb.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  no-rgb = pkgs.writeScriptBin "no-rgb" ''
+    #!/bin/sh
+    NUM_DEVICES=$(${pkgs.openrgb}/bin/openrgb --noautoconnect --list-devices | grep -E '^[0-9]+: ' | wc -l)
+
+    for i in $(seq 0 $(($NUM_DEVICES - 1))); do
+      ${pkgs.openrgb}/bin/openrgb --noautoconnect --device $i --mode static --color 000000
+    done
+  '';
+in {
+  config = {
+    services.udev.packages = [pkgs.openrgb];
+    boot.kernelModules = ["i2c-dev"];
+    hardware.i2c.enable = true;
+
+    systemd.services.no-rgb = {
+      description = "no-rgb";
+      serviceConfig = {
+        ExecStart = "${no-rgb}/bin/no-rgb";
+        Type = "oneshot";
+      };
+      wantedBy = ["multi-user.target"];
+    };
+  };
+}

hosts/mups/configuration.nix

@@ -29,9 +29,9 @@ in {
   mods.server.astral.enable = false;
   mods.server.astral.memory = "3G";
 
-  mods.server.sync.enable = true;
-  mods.server.sync.address = "100.85.27.29";
-  mods.server.sync.port = "8385";
+  # mods.server.sync.enable = false;
+  # mods.server.sync.address = "100.85.27.29";
+  # mods.server.sync.port = "8385";
 
   mods.server.headscale.enable = false;
   mods.server.wireguard.enable = true;
@@ -55,6 +55,11 @@ in {
       default = true;
       locations."/" = { proxyPass = "http://localhost:8008"; };
     };
+    "nvr.muon.host" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = { proxyPass = "http://10.0.0.2:8095"; };
+    };
     "tetterodesportcomplex.nl" = {
       enableACME = true;
       forceSSL = true;

hosts/mups/hardware-configuration.nix

@@ -1,4 +1,5 @@
-{ config, lib, pkgs, modulesPath, ... }: let
+{ config, lib, pkgs, modulesPath, ... }:
+let
   ip = "93.95.230.11";
   gateway = "93.95.230.1";
   hostname = "vpsorvhm2v";
@@ -6,33 +7,38 @@
   dns1 = "93.95.224.29";
 
 in {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/031e2049-33ed-4d21-a208-8da3fc250260";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/031e2049-33ed-4d21-a208-8da3fc250260";
+    fsType = "ext4";
+  };
 
-  swapDevices = [{
-    device = "/dev/disk/by-uuid/bc6acd1f-98bb-4f94-b52c-40aa7312e838";
-  } {
-    device = "/var/lib/swapfile";
-    size = 2*1024;
-  }];
+  # swapDevices = [{
+  #   device = "/dev/disk/by-uuid/bc6acd1f-98bb-4f94-b52c-40aa7312e838";
+  # } {
+  #   device = "/var/lib/swapfile";
+  #   size = 2*1024;
+  # }];
 
   networking.useDHCP = lib.mkForce false;
   networking.domain = "";
 
-  networking.interfaces.ens3.ipv4.addresses = [{ address = ip; prefixLength = 24; }];
-  networking.defaultGateway  = { address = gateway; interface = "ens3"; };
-  networking.nameservers     = [ dns0 dns1 ];
+  networking.interfaces.ens3.ipv4.addresses = [{
+    address = ip;
+    prefixLength = 24;
+  }];
+  networking.defaultGateway = {
+    address = gateway;
+    interface = "ens3";
+  };
+  networking.nameservers = [ dns0 dns1 ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

hosts/murk/configuration.nix

@@ -0,0 +1,142 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  system,
+  sources,
+  modulesPath,
+  ...
+}: let
+  cfg = config.mods;
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEio+Y5wBVD1wILaH2R3wV10FvVjiqy/4gGBWHOITTB muon@muon"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKevYmkH7xvYoquBjnYZ7PJiVqf+GOh9fxAJBN6wZGBB gin4@hi.is"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmAOd9VbhyJeibt6Vrb101MNTk5W8+rh94Djv/C+pyu muon@muho"
+  ];
+in {
+  # Hardware
+  imports = [
+    ./hardware-configuration.nix
+    "${
+      builtins.fetchTarball {
+        url = "https://github.com/nix-community/disko/archive/refs/tags/v1.12.0.tar.gz";
+        sha256 = "0wbx518d2x54yn4xh98cgm65wvj0gpy6nia6ra7ns4j63hx14fkq";
+      }
+    }/module.nix"
+    ./disk-config.nix
+    # (inputs.nixpkgs
+    #   + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+  ];
+
+  environment.systemPackages = with inputs.nix-alien.packages.${system}; [
+    nix-alien
+    pkgs.libratbag
+    pkgs.piper
+    pkgs.libpq
+    pkgs.qmk
+    pkgs.jq
+    pkgs.wireguard-tools
+  ];
+
+  boot.binfmt = {
+    emulatedSystems = ["aarch64-linux"];
+    preferStaticEmulators = true; # Make it work with Docker
+  };
+
+  # System
+  mods.user.name = "muon";
+  networking.hostName = "murk";
+  networking.hostId = "a2309090";
+  mods.home.file = ./home.nix;
+  nix.settings.trusted-users = ["root" "muon"];
+  users.users.muon.extraGroups = ["docker"];
+
+  # Modules
+  mods.desktop.enable = true;
+  mods.boot.enable = true;
+
+  mods.theme.enable = true;
+  mods.theme.scheme = "woodland";
+  mods.theme.wallpaper = ./wallpaper.png;
+
+  services.xserver.windowManager.i3.enable = true;
+  # mods.desktop.wayland.enable = true;
+
+  mods.impermanence.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  users.users.muon.openssh.authorizedKeys.keys = keys;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+
+  # Persist
+  environment.persistence."/persist" = {
+    directories = ["/etc/NetworkManager" "/var/lib/NetworkManager"];
+  };
+
+  # Hardware preferences
+  environment.variables = {
+    WINIT_HIDPI_FACTOR = "1";
+    WINIT_X11_SCALE_FACTOR = "1";
+  };
+
+  ## Laptop
+  powerManagement.enable = true;
+  services.thermald.enable = true;
+  services.tlp.enable = true;
+  # services.xserver.dpi = lib.mkForce 180;
+  # environment.variables = {
+  #   GDK_SCALE = "2";
+  #   GDK_DPI_SCALE = "0.5";
+  #   _JAVA_OPTIONS = "-Dsun.java2d.uiScale=2";
+  # };
+
+  ## Monitors
+  mods.monitors = {
+    primary = {
+      name = "eDP-1";
+      config = {
+        enable = true;
+        mode = "2560x1600";
+        position = "1264x1440";
+        primary = true;
+        rate = "60.00";
+        dpi = 96;
+        scale = {
+          x = 0.5;
+          y = 0.5;
+        };
+      };
+    };
+    left = {
+      name = "DP-3-2";
+      config = {
+        enable = true;
+        mode = "2560x1440";
+        position = "0x0";
+        rate = "60.00";
+        dpi = 72;
+      };
+    };
+    right = {
+      name = "DP-3-1";
+      config = {
+        enable = true;
+        mode = "2560x1440";
+        position = "2560x0";
+        rate = "60.00";
+        dpi = 72;
+      };
+    };
+  };
+
+  ## Mouse
+  services.libinput.mouse.accelProfile = "flat";
+
+  ## Keyboard
+  hardware.keyboard.qmk.enable = true;
+
+  # Version of first install
+  system.stateVersion = "23.05";
+}

hosts/murk/disk-config.nix

@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                # settings = {
+                #   allowDiscards = true;
+                #   keyFile = "/tmp/secret.key";
+                # };
+                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "4G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}

hosts/murk/hardware-configuration.nix

@@ -0,0 +1,18 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/murk/home.nix

@@ -0,0 +1,90 @@
+{
+  pkgs,
+  lib,
+  config,
+  osConfig,
+  inputs,
+  ...
+}: let
+  cfg = osConfig.mods;
+in {
+  imports = [inputs.impermanence.homeManagerModules.impermanence];
+
+  # Modules
+  mods.xdg.enable = true;
+  mods.i3.enable = true;
+  # mods.hyprland.enable = true;
+  mods.battery.enable = true;
+  mods.terminal.zsh.enable = true;
+  mods.terminal.emulator.enable = true;
+  mods.terminal.development.enable = true;
+  mods.terminal.tools.enable = true;
+  mods.desktop.development.enable = true;
+  mods.desktop.productivity.enable = false;
+
+  home.packages = with pkgs;
+    [
+      thunderbird
+      pulseaudio
+      pavucontrol
+      alsa-utils
+      rustdesk-flutter
+
+      # tools
+      docker
+      fish
+      devenv
+      dbeaver-bin
+      ruff
+      just
+      go
+      rainfrog
+      tealdeer
+      gh
+      (callPackage ./packages/mender-cli.nix {})
+    ]
+    # Non-free </3
+    ++ [google-cloud-sdk google-cloud-sql-proxy];
+
+  # Hardware preferences
+  ## Monitors
+  xsession.windowManager.i3.config.workspaceOutputAssign = [
+    {
+      workspace = "1";
+      output = "${cfg.monitors.left.name}";
+    }
+    {
+      workspace = "2";
+      output = "${cfg.monitors.right.name}";
+    }
+    {
+      workspace = "4";
+      output = "${cfg.monitors.primary.name}";
+    }
+  ];
+  services.autorandr.enable = true;
+  programs.autorandr = {
+    enable = true;
+    hooks.postswitch = {
+      "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
+      "set-wallpaper" = ''
+        ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
+      '';
+    };
+    profiles.default = {
+      fingerprint = {
+        "${cfg.monitors.right.name}" = "00ffffffffffff0030aef465010101011e1e0103803c22782a31d5a65453a0240a5054bfcf00d1c0d100b300a9c09500818081c08100e973006aa0a034504220680055502100001a565e00a0a0a029503020350055502100001a000000fd00304b0f6e1e000a202020202020000000fc00513237712d31300a202020202001ff020329f04b10050403021f1413121101230907078301000067030c001000183c681a00000101304b00023a801871382d40582c450055502100001e662156aa51001e30468f330055502100001eab22a0a050841a303020360055502100001a7c2e90a0601a1e403020360055502100001a000000000000000000000000000026";
+        "${cfg.monitors.left.name}" = "00ffffffffffff0005e30427b11a0000321f0104a53c22783be445a554529e260d5054bfef00d1c0b30095008180814081c001010101565e00a0a0a029503020350055502100001e000000ff005141424d434841303036383333000000fc00513237563447350a2020202020000000fd00304b72721e010a2020202020200163020318f14b0103051404131f120211902309070783010000a073006aa0a029500820350055502100001a2a4480a0703827403020350055502100001a023a801871382d40582c450055502100001ef03c00d051a0355060883a0055502100001c000000000000000000000000000000000000000000000000000000000000005f";
+        "${cfg.monitors.primary.name}" = "00ffffffffffff0026cfab050000000000200104b51f147803de50a3544c99260f505400000001010101010101010101010101010101b29f00a0a04089631830760a38c310000019b29f00a0a040466018303c0038c310000019000000fd00285a969629010a202020202020000000fe004d3134354e574b31205230200a00ad";
+      };
+      config = {
+        "${cfg.monitors.primary.name}" = cfg.monitors.primary.config;
+        "${cfg.monitors.left.name}" = cfg.monitors.left.config;
+        "${cfg.monitors.right.name}" = cfg.monitors.right.config;
+      };
+    };
+  };
+
+  # Version of first install
+  home.stateVersion = "23.05";
+}

hosts/murk/packages/mender-cli.nix

@@ -0,0 +1,54 @@
+{
+  lib,
+  stdenv,
+  buildGoModule,
+  fetchFromGitHub,
+  makeWrapper,
+  installShellFiles,
+  xz,
+  go,
+}:
+buildGoModule rec {
+  pname = "mender-cli";
+  version = "1.12.0";
+
+  src = fetchFromGitHub {
+    owner = "mendersoftware";
+    repo = "mender-cli";
+    rev = version;
+    sha256 = "sha256-Pf87wTHXcFlnYsgx7ieiIJ9PWJFPUkFJYTkKJKmMFEQ=";
+  };
+
+  vendorHash = "sha256-MqyBa+wsbuXqtM4DL/QGBUWuEYlG8BRxIXq7O1LJUyM=";
+
+  nativeBuildInputs = [
+    makeWrapper
+    installShellFiles
+  ];
+
+  buildInputs = [
+    xz
+  ];
+
+  allowGoReference = true;
+
+  postFixup = ''
+    wrapProgram "$out/bin/mender-cli" \
+      --prefix PATH : ${go}/bin
+  '';
+
+  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
+    installShellCompletion --cmd mender-cli \
+      --bash <($out/bin/mender-cli completion bash) \
+      --fish <($out/bin/mender-cli completion fish) \
+      --zsh <($out/bin/mender-cli completion zsh) \
+  '';
+
+  meta = {
+    description = "Mender CLI tool to simplify integration between the Mender server and cloud services like continuous integration (CI)/build automation";
+    mainProgram = "mender-cli";
+    homepage = "https://github.com/mendersoftware/mender-cli/";
+    changelog = "https://github.com/mendersoftware/mender-cli/releases/tag/${version}";
+    license = lib.licenses.asl20;
+  };
+}

hosts/ports.nix

@@ -1,9 +1,38 @@
 { pkgs, lib, config, ... }: {
-  mods.server.nginx.ports = {
-    photos = 3001;
+  options.mods.server = with lib; {
+    local.ports = mkOption {
+      type = types.attrsOf (types.ints.u16);
+      default = { };
+    };
+  };
+  config = {
+    mods.server.nginx.ports = {
+      photos = 3001;
+      homebox = 3002;
+      # immich-machine-learning = 3003;
+      share = 3004;
+      vault = 3005;
+      git = 3006;
+      cal = 3007;
+      chat = 3008;
+      # dash = 3009;
+      ntfy = 3010;
+      audio = 3011;
+      atuin = 3012;
 
-    search = 8081;
-    videos = 8082;
-    reddit = 8083;
+      search = 8081;
+      videos = 8082;
+      reddit = 8083;
+    };
+    mods.server.local.ports = {
+      # grav = 5001
+      lemmy-api = 5002;
+      lemmy-ui = 5003;
+      pict-rs = 5004;
+      readarr = 5005;
+      prowlarr = 5006;
+      flaresolverr = 5007;
+      torrent = 5008;
+    };
   };
 }