ollama

flake.nix

@@ -1,83 +1,165 @@
 {
   description = "dandellion's home-manager profiles";
-  
-  nixConfig.extra-substituters = ["https://cache.dodsorf.as"];
-  nixConfig.exta-trusted-public-keys = "cache.dodsorf.as:FYKGadXTyI2ax8mirBTOjEqS/8PZKAWxiJVOBjESQXc=";
 
   inputs  = {
-    home-manager-2205.url = "github:nix-community/home-manager/release-22.05";
-    nixos-2205.url = "github:nixos/nixpkgs/nixos-22.05";
-    home-manager-2205.inputs.nixpkgs.follows = "nixos-2205";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
 
-    nur.url = "github:nix-community/NUR";
-    nur.inputs.nixpkgs.follows = "unstable";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
-    dan.url = "gitlab:Dandellion/NUR?host=git.dodsorf.as"; #"git+https://git.dodsorf.as/Dandellion/NUR";
+    nur.url = "github:nix-community/NUR";
+
+    dan.url = "git+https://git.dodsorf.as/Dandellion/NUR.git?ref=master"; #"git+https://git.dodsorf.as/Dandellion/NUR";
     dan.inputs.nixpkgs.follows = "unstable";
-    
-    helix.url = "github:helix-editor/helix";
-    helix.inputs.nixpkgs.follows = "unstable";
+
+    wack-server-conf.url = "github:WackAttackCTF/wack-server-conf";
+    wack-server-conf.inputs.nixpkgs.follows = "nixpkgs";
+
+    wack-ctf.url = "github:WackAttackCTF/wack-ctf-flake";
+    wack-ctf.inputs.nixpkgs.follows = "nixpkgs";
+
+    greg-clients.url = "git+https://git.pvv.ntnu.no/grzegorz/grzegorz-clients";
+    greg-clients.inputs.nixpkgs.follows = "unstable";
+
+    warez.url = "git+https://git.pvv.ntnu.no/tnug/nix-warez";
 
     nixgl.url = "github:guibou/nixGL";
-    nixgl.inputs.nixpkgs.follows = "nixos-2205";
+    nixgl.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = {self, home-manager-2205, unstable, nur, dan, nixgl, ... }@inputs:
+  outputs = {self, nixpkgs, home-manager, unstable, nixos-hardware, nur, dan, nixgl, ... }@inputs:
   let
     nixlib = unstable.lib;
 
-    mkHome =
-      { machine
-      , hmChannel ? home-manager-2205
-      , configuration ? self.nixosModules.home-manager.${machine}
-      , system ? "x86_64-linux"
-      , username ? "daniel"
-      , homeDirectory ? "/home/${username}"
-      , stateVersion ? "22.05"
-      , extraSpecialArgs ? { inherit (self) overlays; }
-      }:
-      hmChannel.lib.homeManagerConfiguration {
-        inherit configuration system username homeDirectory stateVersion extraSpecialArgs;
-      };
-
-      mkHomes = machines: extraArgs: nixlib.genAttrs machines (machine: mkHome ({inherit machine; } // extraArgs));
-      
-      allMachines = [ "laptop" "desktop" "headless" "pvv-terminal" ];
-  in
-  {
-    
-    homeConfigurations = mkHomes [ "laptop" "headless" ] { }
-      // mkHomes [ "desktop" ] { username = "dan"; }
-      // mkHomes [ "pvv-terminal" ] { username = "danio"; homeDirectory = "/home/pvv/d/danio"; };
-
-    nixosModules = {
-      home-manager = nixlib.genAttrs allMachines (machine: import ./machines/${machine}.nix);
-    };
-
-    overlays = [
+    defaultOverlays = [
       (final: prev: {
         unstable = import unstable {
           inherit (prev) system config;
         };
         dan = dan.packages.${prev.system};
-        helix = inputs.helix.packages.${prev.system}.helix;
+        grzegorz-clients = inputs.greg-clients.packages.${prev.system}.grzegorz-clients;
+        gregctl = inputs.greg-clients.packages.${prev.system}.grzegorzctl;
+        # helix = inputs.helix.packages.${prev.system}.helix;
+        wack = inputs.wack-ctf.packages.${prev.system}.wack;
       })
-      nur.overlay
-      nixgl.overlay
+      nur.overlays.default
+      nixgl.overlays.default
+      inputs.warez.overlays.default
     ];
 
+    mkHome =
+      { machine
+      , configuration ? self.nixosModules.home-manager.${machine}
+      , system ? "x86_64-linux"
+      , username ? "daniel"
+      , homeDirectory ? "/home/${username}"
+      , stateVersion ? "22.05"
+      , extraSpecialArgs ? { overlays = defaultOverlays; }
+      }:
+      home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.${system};
+        modules = [
+          configuration
+          {
+            home = {
+              inherit username homeDirectory stateVersion;
+            };
+          }
+        ];
+        inherit extraSpecialArgs;
+      };
+
+      mkHomes = machines: extraArgs: nixlib.genAttrs machines (machine: mkHome ({inherit machine; } // extraArgs));
+
+      allMachines = [ "laptop" "desktop" "headless" "pvv-terminal" "ikari" ];
+  in
+  {
+
+    homeConfigurations = mkHomes [ "laptop" "headless" "ikari" ] { }
+      // mkHomes [ "desktop" ] { username = "dan"; }
+      // mkHomes [ "pvv-terminal" ] { username = "danio"; homeDirectory = "/home/pvv/d/danio"; };
+
+    nixosConfigurations = {
+      ayanami = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          ./hosts/ayanami/configuration.nix
+          nixos-hardware.nixosModules.lenovo-thinkpad-l480
+        ];
+      };
+
+      soryu-old = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          ./hosts/asuka/soryu-old/configuration.nix
+        ];
+      };
+      soryu = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = false;
+            home-manager.useUserPackages = true;
+            home-manager.users.daniel = import ./home/machines/soryu.nix;
+            home-manager.extraSpecialArgs = {
+              overlays = defaultOverlays;
+            };
+          }
+
+          ./hosts/asuka/soryu/configuration.nix
+        ];
+      };
+      # langley = nixpkgs.lib.nixosSystem {
+      #   system = "x86_64-linux";
+      #   specialArgs = {
+      #     inherit inputs;
+      #   };
+      #   modules = [
+      #     ./hosts/asuka/langley/configuration.nix
+      #   ];
+      # };
+
+      ikari = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {
+          inherit inputs;
+        };
+        modules = [
+          ./hosts/ikari/configuration.nix
+        ];
+      };
+    };
+
+    nixosModules = {
+      home-manager = nixlib.genAttrs allMachines (machine: import ./home/machines/${machine}.nix);
+    };
+
     homeActivations = nixlib.genAttrs allMachines (machine: self.homeConfigurations.${machine}.activationPackage);
 
     apps.x86_64-linux = nixlib.genAttrs allMachines (machine: {
       type = "app";
       program = "${self.homeActivations.${machine}}/activate";
     });
-    
-    hydraJobs = {
-      laptop.x86_64-linux = self.homeActivations.laptop;
-      desktop.x86_64-linux = self.homeActivations.desktop;
-    };
+
+    inherit defaultOverlays;
+
+    # hydraJobs = {
+    #   laptop.x86_64-linux = self.homeActivations.laptop;
+    #   desktop.x86_64-linux = self.homeActivations.desktop;
+    # };
   };
 }

home/machines/desktop.nix

@@ -19,4 +19,10 @@
   profiles.zsh.enable = true;
 
   profiles.games.enable = true;
+
+  profiles.timetracking.enable = true;
+
+  home.packages = [
+      pkgs.unstable.osu-lazer-bin
+  ];
 }

home/machines/headless.nix

@@ -12,7 +12,5 @@
   };
 
   profiles.base.enable = true;
-  profiles.base.enable = false;
-
   profiles.zsh.enable = true;
 }

home/machines/ikari.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, overlays, ... }:
+{
+  nixpkgs.overlays = overlays;
+  nixpkgs.config.allowUnfreePredicate = (pkg: true);
+  nixpkgs.config.allowUnfree = true;
+
+  imports = [ ../profiles ];
+
+  machine = {
+    name = "ikari";
+    eth = "eno1";
+    wlan = null;
+  };
+  profiles.base.enable = true;
+  profiles.base.plus = true;
+  profiles.xsession.enable = true;
+  profiles.audio.fancy = true;
+  profiles.zsh.enable = true;
+
+  profiles.games.enable = true;
+
+  home.packages = [
+      pkgs.unstable.osu-lazer
+  ];
+}

home/machines/laptop.nix

@@ -10,6 +10,7 @@
     name = "DanixLaptop";
     eth = "enp0s31f6";
     wlan = "wlp5s0";
+    cores = 4;
   };
   profiles.base.enable = true;
   profiles.base.plus = true;
@@ -17,11 +18,14 @@
   profiles.xsession.enable = true;
   profiles.zsh.enable = true;
 
+  profiles.games.enable = true;
+
+  profiles.timetracking.enable = true;
+  
   services.gammastep =  {
     enable = true;
     dawnTime = "7:00-8:15";
     duskTime = "21:30-22:30";
   };
 
-  profiles.games.enable = true;
 }

home/machines/soryu.nix

@@ -0,0 +1,31 @@
+{ config, lib, pkgs, overlays, ... }:
+{
+  nixpkgs.overlays = overlays;
+  nixpkgs.config.allowUnfreePredicate = (pkg: true);
+  nixpkgs.config.allowUnfree = true;
+
+  imports = [ ../profiles ];
+
+  machine = {
+    name = "Soryu";
+    eth = "enp9s0";
+    wlan = null;
+    secondary-fs = null;
+  };
+
+  profiles.base.enable = true;
+  profiles.base.plus = true;
+  profiles.xsession.enable = true;
+  profiles.audio.fancy = true;
+  profiles.zsh.enable = true;
+
+  profiles.games.enable = true;
+
+  profiles.timetracking.enable = true;
+
+  home.packages = [
+      pkgs.unstable.osu-lazer-bin
+  ];
+
+  home.stateVersion = "24.11";
+}

home/profiles/base/default.nix

@@ -2,27 +2,20 @@
 
 let
   cfg = config.profiles.base;
-
-  helixDesktop = pkgs.makeDesktopItem {
-    name = "Helix";
-    type = "Application";
-    desktopName = "Helix";
-    genericName = "Text Editor";
-    comment = "Edit text files";
-    tryExec = "hx";
-    exec = "kitty hx %F";
-    terminal = false; # Until you can globally set a prefered terminal we hardcoding this
-    mimeTypes = [ "ext/english" "text/plain" "text/x-makefile" "text/x-c++hdr" "text/x-c++src" "text/x-chdr" "text/x-csrc" "text/x-java" "text/x-moc" "text/x-pascal" "text/x-tcl" "text/x-tex" "application/x-shellscript" "text/x-c" "text/x-c++" ];
-    categories = [ "Utility" "TextEditor" ];
-    keywords = [ "Text" "editor" ];
-    startupNotify = false;
-  };
 in
 {
   options.machine = {
     name = lib.mkOption {
       type = lib.types.str;
     };
+    cores = lib.mkOption {
+      type = lib.types.ints.positive;
+      default = 1;
+    };
+    systemd = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
     eth = lib.mkOption { };
     wlan = lib.mkOption { };
     secondary-fs = lib.mkOption {
@@ -49,24 +42,35 @@ in
       nix-top
       nix-index
       nix-tree
-      unstable.comma
+      # unstable.comma
+      nixd
 
-      rnix-lsp
-      helixDesktop
+      openvpn
 
       ldns
       mtr
+      nmap
+      inetutils
+      httpie
 
       lsof
 
       htop
+      progress
 
       file
+      bintools
+
+      gh
       tmux
 
+      timewarrior
+
       unzip
       p7zip
 
+      yt-dlp
+
       parallel
       sshfs
       jq
@@ -74,13 +78,19 @@ in
       ncdu
 
       bat
-      exa
+      eza
       ripgrep
+
+      gregctl
+#      wack
+#
+      unstable.ollama
     ] ++ lib.optionals cfg.plus [
       ffmpeg-full
     ] ++ lib.optionals config.profiles.gui.enable [
       mpv
       sxiv
+      eog
 
       dolphin
       plasma5Packages.dolphin-plugins
@@ -88,10 +98,9 @@ in
       plasma5Packages.kdegraphics-thumbnailers
       plasma5Packages.kio
       plasma5Packages.kio-extras
-      krename
       konsole # https://bugs.kde.org/show_bug.cgi?id=407990 reeee
 
-      gnome3.gedit
+      gedit
 
       gimp
     ] ++ lib.optionals (config.profiles.gui.enable && cfg.plus) [
@@ -105,12 +114,12 @@ in
       kdenlive
       frei0r
       audacity
-      inkscape
+      # inkscape
       blender
 
       mkvtoolnix
-    ] ++ lib.optionals (config.nixpkgs.config.allowUnfree && config.profiles.gui.enable) [
-      geogebra
+    ] ++ lib.optionals (config.profiles.gui.enable && (config ? nixpkgs && config.nixpkgs.config.allowUnfree) ) [
+      # geogebra
     ];
 
     programs.firefox = {
@@ -122,11 +131,11 @@ in
           };
           bookmarks = {
             "NixOS Options" = {
-              keyword = "no";
+              keyword = "nxo";
               url = "https://search.nixos.org/options?query=%s";
             };
             "NixOS Packages" = {
-              keyword = "np";
+              keyword = "nxp";
               url = "https://search.nixos.org/packages?query=%s";
             };
             "Home-Manager Options" = {
@@ -134,14 +143,17 @@ in
               url = "https://rycee.gitlab.io/home-manager/options.html#opt-%s";
             };
           };
+          extensions = with pkgs.nur.repos.rycee.firefox-addons; [ cookies-txt no-pdf-download sponsorblock ublock-origin ];
         };
       };
-      extensions = with pkgs.nur.repos.rycee.firefox-addons; [ bitwarden cookies-txt https-everywhere metamask no-pdf-download sponsorblock ublock-origin ];
     };
 
+
     programs.obs-studio.enable = (config.profiles.gui.enable && cfg.plus);
 
 
+    programs.tealdeer.enable = true;
+
     programs.helix = {
       enable = true;
       package = pkgs.helix;
@@ -181,7 +193,7 @@ in
         keys.insert = {
           "S-tab" = "unindent";
           # Poor man's US-Keyboard
-          "Å" = [(c "{}") "move_char_left"];
+          "Å" = [(c "{}") "move_char_right"];
           "º" = c "Å";
           "^" = c "}";
           "¤" = c "^";
@@ -189,23 +201,44 @@ in
       };
     };
 
-    programs.vscode = {
+    programs.zed-editor = {
       enable = config.profiles.gui.enable;
-      package = pkgs.vscodium;
-      extensions = with pkgs.vscode-extensions; [
-        bbenoist.nix
-        
-        matklad.rust-analyzer
-        vadimcn.vscode-lldb
-      ] ++ lib.optionals config.nixpkgs.config.allowUnfree [
-        ms-vsliveshare.vsliveshare
+      package = pkgs.unstable.zed-editor;
+      extensions = [
+        "nix"
       ];
       userSettings = {
-        "editor.insertSpaces" = false;
-        "terminal.integrated.fontFamily" = "MesloLGS NF";
+        telemetry.metrics = false;
+        telemetry.diagnostics = false;
+        features = {
+          copilot = false;
+        };
+        buffer_font_family = "MesloLGS NF";
+        base_keymap = "VSCode";
+        language_overrides = {
+          Rust = {
+            inlay_hints.enabled = true;
+          };
+        };
       };
     };
 
+    # programs.vscode = {
+    #   enable = config.profiles.gui.enable;
+    #   package = pkgs.vscodium;
+    #   extensions = with pkgs.vscode-extensions; [
+    #     bbenoist.nix        
+    #     rust-lang.rust-analyzer
+    #     vadimcn.vscode-lldb
+    #   ] ++ lib.optionals config.nixpkgs.config.allowUnfree [
+    #     ms-vsliveshare.vsliveshare
+    #   ];
+    #   userSettings = {
+    #     "editor.insertSpaces" = false;
+    #     "terminal.integrated.fontFamily" = "MesloLGS NF";
+    #   };
+    # };
+
     programs.git = {
       enable = true;
       userEmail = "daniel.olsen99@gmail.com";
@@ -217,25 +250,32 @@ in
         n = "!git commit --all --amend --no-edit && git rc";
       };
       ignores = [
+        ".envrc"
         ".direnv"
+        ".devenv"
+        ".vscode"
       ];
       extraConfig = {
         pull.rebase = true;
         sequence.editor = let 
-          girt = pkgs.unstable.git-interactive-rebase-tool.overrideAttrs (old: rec {
-            src = pkgs.fetchFromGitHub {
-              owner = "Dali99";
-              repo = "git-interactive-rebase-tool";
-              rev = "590f87d8ed16992373e214bca5994f89c69fa942";
-              sha256 = "sha256-vUjqnt5ZSpzoohkzDXEqTMhMEkYzPMUZiaYWS0ZQcPQ=";
-            };
-            cargoDeps = old.cargoDeps.overrideAttrs (oldB: {
-              name = "${oldB.name}";
-              inherit src;
-              outputHash = "197dv8hbj4vd9grvhiinpsww3vfmmbl9b8gxk7la4gs8535s08x7";
-            });
-          });
+          # girt = pkgs.unstable.git-interactive-rebase-tool.overrideAttrs (old: rec {
+          #   src = pkgs.fetchFromGitHub {
+          #     owner = "Dali99";
+          #     repo = "git-interactive-rebase-tool";
+          #     rev = "590f87d8ed16992373e214bca5994f89c69fa942";
+          #     sha256 = "sha256-vUjqnt5ZSpzoohkzDXEqTMhMEkYzPMUZiaYWS0ZQcPQ=";
+          #   };
+          #   cargoDeps = old.cargoDeps.overrideAttrs (oldB: {
+          #     name = "${oldB.name}";
+          #     inherit src;
+          #     outputHash = "sha256-/I465/PlOckvov9PgSCg7CN5hEKeeQCw8rPsvpKJons=";
+          #   });
+          # });
+          girt = pkgs.git-interactive-rebase-tool;
         in "${girt}/bin/interactive-rebase-tool";
+        branch.sort = "-committerdate";
+        gpg.format = "ssh";
+        user.signingKey = "~/.ssh/id_rsa.pub";
       };
       delta.enable = true;
     };
@@ -245,32 +285,46 @@ in
       enable = true;
       matchBlocks = {
         "lilith" = {
-          hostname = "lilith.d.d.dodsorf.as";
+          hostname = "lilith.tn.dodsorf.as";
           user = "dandellion";
         };
         "desktop" = {
-          hostname = "10.42.42.10";
-          proxyJump = "lilith";
+          hostname = "soryu.tn.dodsorf.as";
           user = "dan";
         };
-        "laptop" = {
-          hostname = "10.42.42.13";
+        "ubuntu-ai" = {
+          hostname = "soryu.tn.dodsorf.as";
+          port = 2222;
           user = "daniel";
         };
+        "laptop" = {
+          hostname = "ayanami.tn.dodsorf.as";
+          user = "daniel";
+        };
+        "login.pvv.ntnu.no" = {
+          user = "danio";
+        };
         "pvv.ntnu.no" = {
           user = "danio";
+          proxyJump = "login.pvv.ntnu.no";
         };
-        "*.pvv.ntnu.no" = {
+        "*.pvv.ntnu.no !login.pvv.ntnu.no" = {
           user = "danio";
+          proxyJump = "login.pvv.ntnu.no";
+        };
+        "pascal" = {
+          hostname = "wiki.wackattack.eu";
+          port = 1337;
+          user = "dandellion";
+        };
+        "ireul" = {
+          hostname = "62.92.111.85";
+          port = 1337;
+          user = "dandellion";
         };
         "gitlab.stud.idi.ntnu.no" = {
           proxyJump = "login.pvv.ntnu.no";
         };
-        "workshop" = {
-          user = "student";
-          hostname = "129.241.99.15";
-          proxyJump = "hildring.pvv.ntnu.no";
-        };
       };
     };
 
@@ -282,6 +336,8 @@ in
 
     home.sessionVariables = {
       EDITOR = "hx";
+      GRZEGORZ_DEFAULT_API_BASE = "https://georg.pvv.ntnu.no/api";
+      OLLAMA_HOST="100.64.0.19";
     };
 
     xdg.mimeApps = {

home/profiles/default.nix

@@ -7,5 +7,6 @@
     ./gui.nix
     ./non-nixos.nix
     ./games
+    ./timetracking
   ];
 }

home/profiles/games/default.nix

@@ -12,20 +12,17 @@ in {
   config = lib.mkIf cfg.enable {
     home.packages = with pkgs; [
       fortune
-      lolcat
-      neofetch
-      pipes
     ] ++ lib.optionals config.profiles.gui.enable [
       steam
 
-      unstable.polymc
+      prismlauncher
+      fjordlauncher
 #     minetest
 #     dwarf-fortress-packages.dwarf-fortress-full
 #     superTuxKart
 #     warsow
 #      xonotic
       # zeroad
-      unstable.osu-lazer
 
 #      nur.repos.ivar.sm64ex
 #     dolphinEmuMaster

home/profiles/timetracking/default.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, overlays, ... }:
+let
+  cfg = config.profiles.timetracking;
+in {
+  options.profiles.timetracking = {
+    enable = lib.mkEnableOption "doin timetracking";
+  };
+
+  config = lib.mkIf cfg.enable {  
+    services.activitywatch = {
+      enable = true;
+      watchers = {
+        aw-watcher-afk = {
+          package = pkgs.activitywatch;
+          settings = {
+            timeout = 300;
+            poll_time = 2;
+          };
+        };
+        aw-watcher-window = {
+          package = pkgs.activitywatch;
+          settings = {
+            poll_time = 1;
+            # exclude_title = true;
+          };
+        };
+      };
+    };
+  };
+}

home/profiles/xsession/default.nix

@@ -4,6 +4,7 @@ let
   cfg = config.profiles.xsession;
   non-nixos = config.profiles.non-nixos;
   mkGL = program: "${lib.strings.optionalString non-nixos.enable "${pkgs.nixgl.auto.nixGLDefault}/bin/nixGL "}${program}";
+  execScope = program: "exec bash -c \"systemd-run --user --scope --unit='app-i3-exec-$RANDOM' -p CollectMode=inactive-or-failed -p MemoryHigh=85% -p MemoryMax=92% -p MemorySwapMax=5G -p MemoryAccounting=true \"${program}\"\"";
 in
 {
   imports = [ ./dunstrc.nix ./terminal.nix ./polybar.nix ];
@@ -16,6 +17,14 @@ in
   config = lib.mkIf cfg.enable {
     profiles.gui.enable = true;
 
+    systemd.user.slices.app.Slice = {
+      MemoryHigh="90%";
+      MemoryMax="94%";
+      MemorySwapMax="8G";
+      CPUQuota="${toString ((config.machine.cores - 1)*100)}%";
+      MemoryAccounting = true;
+    };
+
     home.keyboard = {
       layout = "no";
       variant = "nodeadkeys";
@@ -38,8 +47,6 @@ in
 
         export XDG_CURRENT_DESKTOP=kde
         export DESKTOP_SESSION=kde
-
-        export QT_STYLE_OVERRIDE="breeze"
       '';
 
       windowManager = {
@@ -49,6 +56,7 @@ in
           terminal = "${pkgs.kitty}/bin/kitty";
           keybindings = let
             modifier = config.xsession.windowManager.i3.config.modifier;
+            dmenu = if config.machine.systemd then "${../../scripts/dmenu_run_systemd}" else "dmenu_run";
           in lib.mkOptionDefault {
             "${modifier}+0" = "workspace 10";
             "${modifier}+Shift+0" = "move container to workspace 10";
@@ -61,23 +69,53 @@ in
             "XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute 0 toggle";
             "XF86AudioMicMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute 1 toggle";
 
+            # Georg volume controls
+            "Shift+XF86AudioRaiseVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- +5%";
+            "Shift+XF86AudioLowerVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- -5%";
+            "Shift+XF86AudioMute" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} toggle";
+
             "XF86MonBrightnessUp" = "exec --no-startup-id brightnessctl set +5%";
             "XF86MonBrightnessDown" = "exec --no-startup-id brightnessctl set 5%-";
 
-            "XF86Display" = "exec arandr";
-
             "Print" = "exec scrot %Y-%m-%d_$wx$h_scrot.png -z -e 'mv $f /home/daniel/Pictures/screenshots/'";
             "${modifier}+Print" = "exec scrot /home/daniel/Pictures/Screenshots/%Y-%m-%d_$wx$h_scrot.png -z";
+
+            "${modifier}+l" = "exec ${pkgs.writers.writeBash "hello_world" ''
+              dunstctl set-paused true
+              ${pkgs.i3lock}/bin/i3lock -n -i ~/images/wallpapers/locked.png
+              dunstctl set-paused false
+            ''}";
+
+            "XF86Display" = "exec arandr";
+
             "${modifier}+Shift+U" = "exec $HOME/.config/nixpkgs/nix-dotfiles/scripts/dmenuunicode";
-
-            "${modifier}+n" = "exec dolphin";
-            "${modifier}+b" = "exec firefox";
-            "${modifier}+t" = "exec gedit";
-
             "${modifier}+Shift+s" = "exec $HOME/.config/nixpkgs/nix-dotfiles/scripts/dmenuaudio";
+            "${modifier}+Shift+v" = "exec ${pkgs.writers.writeBash "switch_audio" ''
+              if pw-link -l | grep "^VirtualMic:input_FL" -A 2 | grep FilteredMic; then
+                ${pkgs.pipewire}/bin/pw-link -d "FilteredMic:capture_MONO" "VirtualMic:input_FL"
+                ${pkgs.pipewire}/bin/pw-link -d "FilteredMic:capture_MONO" "VirtualMic:input_FR"
+                ${pkgs.pipewire}/bin/pw-link "VoiceChanger:monitor_FL" "VirtualMic:input_FL"
+                ${pkgs.pipewire}/bin/pw-link "VoiceChanger:monitor_FR" "VirtualMic:input_FR"
+                ${pkgs.pipewire}/bin/pw-link "VoiceChanger:monitor_FL" "VirtualHeadset:playback_FL"
+                ${pkgs.pipewire}/bin/pw-link "VoiceChanger:monitor_FR" "VirtualHeadset:playback_FR"
+              else
+                ${pkgs.pipewire}/bin/pw-link "FilteredMic:capture_MONO" "VirtualMic:input_FL"
+                ${pkgs.pipewire}/bin/pw-link "FilteredMic:capture_MONO" "VirtualMic:input_FR"
+                ${pkgs.pipewire}/bin/pw-link -d "VoiceChanger:monitor_FL" "VirtualMic:input_FL"
+                ${pkgs.pipewire}/bin/pw-link -d "VoiceChanger:monitor_FR" "VirtualMic:input_FR"
+                ${pkgs.pipewire}/bin/pw-link -d "VoiceChanger:monitor_FL" "VirtualHeadset:playback_FL"
+                ${pkgs.pipewire}/bin/pw-link -d "VoiceChanger:monitor_FR" "VirtualHeadset:playback_FR"
+              fi
+            ''}";
 
-            # "${modifier}+Return" = lib.mkForce "exec kitty";
-            "${modifier}+Shift+Return" = "exec kitty -e ssh dandellion@lilith";
+            "${modifier}+d" = "exec ${dmenu}";
+
+            "${modifier}+n" = execScope "dolphin";
+            "${modifier}+b" = execScope "firefox";
+            "${modifier}+t" = execScope "gedit";
+
+            "${modifier}+Return" = execScope "kitty";
+            "${modifier}+Shift+Return" = execScope "kitty -e ssh dandellion@lilith";
           };
           startup = [
             { 
@@ -90,19 +128,24 @@ in
             titlebar = false;
             hideEdgeBorders = "smart";
           };
+          floating.criteria = [
+            { title = "Steam - Update News"; }
+          ];
         };
+        i3.extraConfig = ''
+          for_window [title="Steam Big Picture Mode"] floating enable, resize set 1920 1080, move position 0 0, border pixel 0
+        '';
       };
     };
 
     services.picom = {
       enable = true;
       backend = "xrender";
-      experimentalBackends = true;
     };
 
 
     gtk = {
-      enable = false;
+      enable = true;
       theme = {
         package = pkgs.breeze-gtk;
         name = "Breeze";
@@ -112,11 +155,10 @@ in
         name = "breeze";
       };
     };
-    qt = {
-      enable = true;
-      #useGtkTheme = true;
-      platformTheme = "gtk";
-    };
+    # qt = {
+    #   enable = true;
+    #   platformTheme = "gtk";
+    # };
 
     xsession.windowManager.command = lib.mkIf non-nixos.enable (lib.mkForce "${pkgs.nixgl.auto.nixGLDefault}/bin/nixGL ${config.xsession.windowManager.i3.package}/bin/i3");
 
@@ -131,7 +173,7 @@ in
       pkgs.dmenu
 
       pkgs.scrot
-      pkgs.neofetch
+      # pkgs.neofetch
       #pkgs.dan.colors
       pkgs.xclip
 

home/profiles/xsession/terminal.nix

@@ -0,0 +1,26 @@
+{ pkgs, config, lib, ...}:
+{
+
+  config = lib.mkIf config.profiles.xsession.enable {
+
+    programs.kitty = {
+      enable = true;
+      font.name = "MesloLGS NF";
+      font.size = 12;
+      keybindings = {
+        "ctrl+shift+c" = "copy_to_clipboard";
+        "ctrl+shift+v" = "paste_from_clipboard";
+
+        "ctrl+plus" = "change_font_size all +2.0";
+        "ctrl+shift+plus" = "change_font_size all -2.0";
+      };
+      settings = {
+        "background_opacity" = 0.7;
+      };
+    };
+
+   home.packages = [
+      pkgs.ncurses.dev
+    ];
+  };
+}

home/profiles/zsh/default.nix

@@ -12,7 +12,7 @@ in
     programs.zsh = {
       enable = true;
       dotDir = ".config/zsh";
-      enableAutosuggestions = true;
+      autosuggestion.enable = true;
       enableCompletion = true;
       history = {
         expireDuplicatesFirst = true;
@@ -20,9 +20,9 @@ in
         share = false;
       };
       shellAliases = {
-        cat = "bat";
-        ls = "exa";
-        tree = "exa -T";
+        cat = "bat -pp";
+        ls = "eza";
+        tree = "eza -T";
         df = "df -h";
 
         sysu = "systemctl --user";
@@ -67,9 +67,21 @@ in
 
     programs.direnv = {
       enable = true;
+      nix-direnv.enable = true;
+    };
+    
+    programs.atuin = {
+      enable = true;
+      enableZshIntegration = true;
+      settings = {
+        filter_mode = "directory";
+        filter_mode_shell_up_key_binding = "session";
+      };
     };
 
-    home.packages = [
+    programs.zoxide.enable = true;
+
+    home.packages = lib.optionals (config.profiles.gui.enable && config ? nixpkgs) [
        pkgs.dan.mesloNFp10k
     ];
   };

home/scripts/dmenu_run_systemd

@@ -0,0 +1,140 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: MIT
+#
+# dmenu_run_systemd: start a program from dmenu as transient systemd .scope
+# (C) Copyright Benjamin Block 2021
+# (C) Copyright Daniel Olsen 2023
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice (including the next
+# paragraph) shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+# Requirements:
+#   - Package: bash
+#   - Package: dmenu
+#     - dmenu_path
+#     - dmenu
+#   - Package: coreutils
+#     - basenc
+#     - tr
+#   - Package: systemd
+#     - systemd-run
+#   - Package: util-linux
+#     - getopt
+#
+# Usage: dmenu_run_systemd
+#
+#   Start demnu to select program to execute, then start selected program in
+#   background.
+#
+# Usage: dmenu_run_systemd [Options] [--] <command> [<arg1>[, <arg2>[...]]]
+#
+#   Start <command> with <arg1..N> without involving dmenu.
+#   E.g. in i3 config: `bindsym $mod+Return exec dmenu_run_systemd alacritty`.
+#
+#   Options:
+#    -f, --forground  Start <command> as forground task (default: no)
+#    -p, --pwd        Use the current ${PWD} as working directory (default:
+#                     ${HOME})
+
+declare -g prefix forground=false cpwd=false
+declare -ga selection
+if [ "${#}" -lt 1 ]; then
+     prefix="dmenu-"
+     selection=("$(dmenu_path | dmenu)")                     || exit 127
+else
+     prefix="xrun-"
+
+     declare opts
+     opts="$(getopt --shell bash                                     \
+                     -o "fp"                                         \
+                     -l "forground,pwd"                              \
+                     -n "dmenu_run_systemd" -- "${@}")"      || exit 122
+     eval set -- "${opts}"
+     unset opts
+
+     while true; do
+             case "${1}" in
+             '-f'|'--forground')
+                     forground=true
+             ;;
+             '-p'|'--pwd')
+                     cpwd=true
+             ;;
+             '--')   shift; break;;
+             esac
+             shift
+     done
+
+     selection=("${@}")
+fi
+readonly selection prefix
+
+declare -g name
+# Max unit name length:     256
+#        -    ".scope"   -    6
+#        - "<prefix>-"   -    6
+#        -   "-<rand>"   -   33
+#                        ------
+#            "<name>" <=    211
+read -r -d '' -n 192 name < <(
+     echo -n "${selection[*]}" | tr -c 'a-zA-Z0-9_-' '[_*]'  || exit 1
+     echo -e '\0'                                            || exit 2
+)                                                            || exit 126
+readonly name
+{ [ "${#name}" -gt 0 ] && [ "${#name}" -le 211 ]; }          || exit 125
+
+declare -g rand
+# ~5 bits per character => 32*5 = ~160 bits random number
+read -r -N 32 rand < <(basenc --base32 < /dev/urandom)               || exit 124
+readonly rand
+[ "${#rand}" -eq 32 ]                                                || exit 123
+
+declare -ga runargs=(
+     --quiet
+     --user                          # run in per-User slice
+     --scope                         # create transient `.scope` unit,
+                                     # instead of `.service`
+     --collect                       # garbage collect everything after run,
+                                     # even on failure
+     --slice="app.slice"             # run as part of `app.slice`
+     --unit="${prefix}${name}-${rand}"
+
+     -p MemoryHigh=85%
+     -p MemoryMax=92%
+     -p MemorySwapMax=5G
+                                     # unit name
+     --description="dmenu selection ${selection[*]@Q}"
+)
+
+if ${cpwd}; then
+     runargs+=( --working-directory="${PWD:-/}" )
+else
+     runargs+=( --working-directory="${HOME:-/}" )
+fi
+
+readonly runargs
+
+## Debugging:
+#declare -p prefix selection name rand runargs
+
+if ${forground}; then
+     systemd-run "${runargs[@]}" -- "${selection[@]}"
+else
+     systemd-run "${runargs[@]}" -- "${selection[@]}" &
+fi

hosts/asuka/soryu-old/0001-gnunet-fs-log.patch

@@ -0,0 +1,14 @@
+diff --git a/src/fs/gnunet-service-fs.c b/src/fs/gnunet-service-fs.c
+index 597e89e..aaade99 100644
+--- a/src/fs/gnunet-service-fs.c
++++ b/src/fs/gnunet-service-fs.c
+@@ -1234,7 +1234,8 @@ peer_init_handler (void *cls,
+                           my_identity))
+   {
+     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+-                "Peer identity mismatch, refusing to start!\n");
++                "Peer identity mismatch, refusing to start! Core delivered %s.\n",
++                GNUNET_i2s (my_identity));
+     GNUNET_SCHEDULER_shutdown ();
+   }
+ }

hosts/asuka/soryu-old/ai.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+  systemd.nspawn.ubuntu-ai = {
+    execConfig = {
+      Boot = true;
+    };
+    networkConfig = {
+      Private = false;
+    };
+    filesConfig = {
+      BindReadOnly = [
+        "/etc/resolv.conf:/etc/resolv.conf"
+      ];
+      Bind = [
+        "/dev/dri:/dev/dri"
+        "/dev/kfd:/dev/kfd"
+        "/mnt/human/llama:/llama:idmap"
+        "/mnt/human/sd:/sd:idmap"
+      ];
+    };
+  };
+
+  systemd.services."systemd-nspawn@ubuntu-ai" = {
+    environment = {
+      SYSTEMD_NSPAWN_TMPFS_TMP = "0";
+    };
+    serviceConfig = {
+      CPUQuota = "1400%";
+      MemoryHigh = "90G";
+      MemoryMax = "94G";
+      MemorySwapMax = "40G";
+      ExecStart = "systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i -D /mnt/human/machines/ubuntu-ai";
+    };
+  #  overrideStrategy = "asDropin";
+  };
+
+  
+
+}

hosts/asuka/soryu-old/configuration.nix

@@ -0,0 +1,235 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./tahoe.nix
+      ./gnunet-module.nix
+      ./wack.nix
+      ./ai.nix
+    ];
+
+#  programs.adb.enable = true;
+
+  systemd.enableEmergencyMode = false;
+
+  networking.hostName = "soryu";
+  networking.extraHosts = ''
+    127.0.0.1 modules-cdn.eac-prod.on.epicgames.com #Star Citizen EAC workaround
+  '';
+
+  # Star Citizen resource limits
+  boot.kernel.sysctl = {
+    "vm.max_map_count" = 16777216;
+    "fs.file-max" = 524288;
+  };
+
+  zramSwap = {
+    enable = true;
+    memoryMax = 96 * 1024 * 1024 * 1024;  # 96 GB ZRAM
+  };
+
+  disabledModules = [
+    "services/network-filesystems/tahoe.nix"
+    "services/networking/gnunet.nix"
+  ];
+
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
+
+  services.gnome.gnome-keyring.enable = true;
+
+#  services.tahoe.nodes.pvv-danio-desktop = {
+#    settings = {
+#      storage.enabled = true;
+#      storage.storage_dir = "/mnt/human/tahoe-lafs/pvv";
+#      client."shares.total" = 10;
+#      client."shares.needed" = 4;
+#      client."shares.happy" = 1;
+#    };
+#  };
+
+
+#  services.gnunet = {
+#    enable = true;
+#    package = pkgs.callPackage ./gnunet.nix { };
+#    settings = {
+#      hostlist = {
+#        OPTIONS = "-b -e";
+#        SERVERS = "http://v15.gnunet.org/hostlist https://gnunet.io/hostlist";
+#      };
+##      nat = {
+##        BEHIND_NAT = "YES";
+##        ENABLE_UPNP = "NO";
+##        DISABLEV6 = "YES";
+##      };
+#       ats = {
+#         WAN_QUOTA_IN = "unlimited";
+#         WAN_QUOTA_OUT = "unlimited";
+#       };
+#    };
+#  };
+
+  ids.gids.gnunetdns = 327;
+
+
+  # services.gnunet = {
+  #   enable = true;
+  #   extraOptions = ''
+  #     [hostlist]
+  #     OPTIONS = -b -e
+  #     SERVERS = http://v11.gnunet.org:58080/
+  #     HTTPPORT = 8080
+  #     HOSTLISTFILE = $SERVICEHOME/hostlists.file
+  #     [arm]
+  #     START_SYSTEM_SERVICES = YES
+  #     START_USER_SERVICES = NO
+  #   '';
+  # };
+
+
+  services.murmur = {
+    enable = true;
+    # registerName = "DODSORFAS";
+    welcometext = "Dans PC at singsaker smh backup mumble server";
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  #boot.kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1"];
+  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelModules = [ "kvm-intel" ];
+
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+  };
+
+  services.tailscale.enable = true;
+
+  networking.firewall.interfaces."tailscale0" = let
+    all = { from = 0; to = 65535; };
+  in {
+    allowedUDPPortRanges = [ all ];
+    allowedTCPPortRanges = [ all ];
+  };
+
+  # Select internationalisation properties.
+  console.keyMap = "no-latin1";
+
+  time.timeZone = "Europe/Oslo";
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+   wget vim git
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [ 8000 6007 5001 config.services.murmur.port ];
+  networking.firewall.allowedUDPPorts = [ 5001 21977 config.services.murmur.port ];
+
+  
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+    
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+
+
+#  systemd.tmpfiles.rules = [
+#    "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.hip}"
+#  ];
+
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.graphics.extraPackages = with pkgs; [
+    libva
+  ];
+  hardware.amdgpu.opencl.enable = true;
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.xkb.layout = "no";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.videoDrivers = ["amdgpu"];
+
+
+
+  programs.zsh.enable = true;
+
+  virtualisation.docker.enable = true;
+  virtualisation.libvirtd.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+
+
+#  networking.nameservers = lib.mkForce [ "192.168.0.25" ];
+
+
+
+#  services.ipfs.enable = true;
+#  services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002";
+
+  nix.trustedUsers = [ "dan" ];
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  users.users.dan = {
+    isNormalUser = true;
+    uid = 1001;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" "networkmanager" "docker" "video" "gnunet" "libvirtd" ];
+    initialPassword = "Abc123";
+  };
+
+  programs.dconf.enable = true;
+  services.dbus.packages = with pkgs; [ dconf ];
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+
+}
+

hosts/asuka/soryu-old/gnunet-module.nix

@@ -0,0 +1,109 @@
+{config, lib, pkgs, ...}:
+let
+  cfg = config.services.gnunet;
+  format = pkgs.formats.ini { };
+
+  configFile = format.generate "gnunet-config.conf" cfg.settings;
+in
+{
+  options = {
+    services.gnunet = {
+      enable = lib.mkEnableOption "GNUnet daemon";
+      package = lib.mkPackageOption pkgs "gnunet" { };
+      settings = lib.mkOption {
+        type = lib.types.submodule {
+          freeformType = format.type;
+          options = {
+            transport-udp.PORT = lib.mkOption {
+              default = 2086;
+              type = lib.types.port;
+              description = "The UDP port for use by GNUnet.";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users.gnunet = {
+      group = "gnunet";
+      description = "GNUnet User";
+      uid = config.ids.uids.gnunet;
+    };
+    users.groups.gnunet.gid = config.ids.gids.gnunet;
+    users.groups.gnunetdns.gid = config.ids.gids.gnunetdns;
+
+    # TODO: Avoid putting these in $PATH
+    security.wrappers = let
+      mkGnunetSuid = source: {
+        setuid = true;
+        owner = "root";
+        group = "gnunet";
+        permissions = "o+rx,o-w,g+rx,g-w,o-rwx";
+        inherit source;
+      };
+      helpers = b: "${cfg.package}/lib/gnunet/libexec/${b}";
+    in {
+      gnunet-helper-vpn = mkGnunetSuid (helpers "gnunet-helper-vpn");
+      # These don't exist
+      #gnunet-helper-transport-wlan = mkGnunetSuid (helpers "gnunet-helper-transport-wlan");
+      #gnunet-helper-transport-bluetooth = mkGnunetSuid (helpers "gnunet-helper-transport-bluetooth");
+      gnunet-helper-exit = mkGnunetSuid (helpers "gnunet-helper-exit");
+      gnunet-helper-nat-server = mkGnunetSuid (helpers "gnunet-helper-nat-server");
+      gnunet-helper-nat-client = mkGnunetSuid (helpers "gnunet-helper-nat-client");
+      # > The binary should then be owned by root and be in group "gnunetdns"
+      # > and be installed SUID and only be group-executable (2750).
+      # But logically it should be 4750
+      gnunet-helper-dns = {
+        setuid = true;
+        owner = "root";
+        group = "gnunetdns";
+        permissions = "o+rx,o-w,g+rx,g-w,o-rwx";
+        source = (helpers "gnunet-helper-dns");
+      };
+      gnunet-service-dns = {
+        setgid = true;
+        owner = "root";
+        group = "gnunetdns";
+        permissions = "o+rx,o-w,g-rwx,o-rwx";
+        source = (helpers "gnunet-service-dns");
+      };
+    };
+
+    services.gnunet.settings = {
+      arm = {
+        START_SYSTEM_SERVICES = lib.mkDefault "YES";
+        START_USER_SERVICES = lib.mkDefault "NO";
+      };
+      dns = {
+        BINARY = lib.mkDefault "/run/wrappers/bin/gnunet-service-dns";
+      };
+      PATHS = {
+        SUID_BINARY_PATH = lib.mkDefault "/run/wrappers/bin";
+        GNUNET_HOME = lib.mkDefault "/var/lib/gnunet";
+        GNUNET_RUNTIME_DIR = lib.mkDefault "/run/gnunet";
+        GNUNET_USER_RUNTIME_DIR = lib.mkDefault "/run/gnunet";
+        GNUNET_DATA_HOME = lib.mkDefault "/var/lib/gnunet/data";
+      };
+    };
+
+    systemd.services.gnunet = {
+      description = "GNUnet system deamon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ cfg.package pkgs.miniupnpc ];
+      serviceConfig = {
+        ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
+        User = "gnunet";
+        Group = "gnunet";
+        StateDirectory = "gnunet";
+        StateDirectoryMode = "0700";
+        WorkingDirectory = "/var/lib/gnunet";
+        RuntimeDirectory = "gnunet";
+      };
+    };
+
+    environment.systemPackages = [ cfg.package ];
+  };
+}

hosts/asuka/soryu-old/gnunet.nix

@@ -0,0 +1,82 @@
+{ lib, stdenv, fetchurl, adns, curlWithGnuTls, gettext, gmp, gnutls, libextractor
+, libgcrypt, libgnurl, libidn, libmicrohttpd, libtool, libunistring
+, makeWrapper, ncurses, pkg-config, libxml2, sqlite, zlib
+, libpulseaudio, libopus, libogg, jansson, libsodium
+
+, postgresqlSupport ? true, postgresql }:
+
+stdenv.mkDerivation rec {
+  pname = "gnunet";
+  version = "0.19.4";
+
+  src = fetchurl {
+    url = "mirror://gnu/gnunet/${pname}-${version}.tar.gz";
+    sha256 = "sha256-AKY99AjVmH9bqaUEQfKncYK9n7MvHjAq5WOslOesAJs=";
+  };
+
+  patches = [
+    ./0001-gnunet-fs-log.patch
+  ];
+
+  enableParallelBuilding = true;
+
+  nativeBuildInputs = [ pkg-config libtool makeWrapper ];
+  buildInputs = [
+    adns curlWithGnuTls gmp gnutls libextractor libgcrypt libgnurl libidn
+    libmicrohttpd libunistring libxml2 ncurses gettext libsodium
+    sqlite zlib libpulseaudio libopus libogg jansson
+  ] ++ lib.optional postgresqlSupport postgresql;
+
+
+  configureFlags = ["--enable-logging=verbose"];
+
+  preConfigure = ''
+    # Brute force: since nix-worker chroots don't provide
+    # /etc/{resolv.conf,hosts}, replace all references to `localhost'
+    # by their IPv4 equivalent.
+    find . \( -name \*.c -or -name \*.conf \) | \
+      xargs sed -ie 's|\<localhost\>|127.0.0.1|g'
+
+    # Make sure the tests don't rely on `/tmp', for the sake of chroot
+    # builds.
+    find . \( -iname \*test\*.c -or -name \*.conf \) | \
+      xargs sed -ie "s|/tmp|$TMPDIR|g"
+
+    sed -ie 's|@LDFLAGS@|@LDFLAGS@ $(Z_LIBS)|g' \
+      src/regex/Makefile.in \
+      src/fs/Makefile.in
+  '';
+
+  # unfortunately, there's still a few failures with impure tests
+  doCheck = false;
+  checkPhase = ''
+    export GNUNET_PREFIX="$out"
+    export PATH="$out/bin:$PATH"
+    make -k check
+  '';
+
+  meta = with lib; {
+    description = "GNU's decentralized anonymous and censorship-resistant P2P framework";
+
+    longDescription = ''
+      GNUnet is a framework for secure peer-to-peer networking that
+      does not use any centralized or otherwise trusted services.  A
+      first service implemented on top of the networking layer
+      allows anonymous censorship-resistant file-sharing.  Anonymity
+      is provided by making messages originating from a peer
+      indistinguishable from messages that the peer is routing.  All
+      peers act as routers and use link-encrypted connections with
+      stable bandwidth utilization to communicate with each other.
+      GNUnet uses a simple, excess-based economic model to allocate
+      resources.  Peers in GNUnet monitor each others behavior with
+      respect to resource usage; peers that contribute to the
+      network are rewarded with better service.
+    '';
+
+    homepage = "https://gnunet.org/";
+    license = licenses.agpl3Plus;
+    maintainers = with maintainers; [ pstn vrthra ];
+    platforms = platforms.gnu ++ platforms.linux;
+    changelog = "https://git.gnunet.org/gnunet.git/tree/ChangeLog?h=v${version}";
+  };
+}

hosts/asuka/soryu-old/hardware-configuration.nix

@@ -0,0 +1,53 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ea6aa4dc-47bd-499c-8b51-c5d99a5a5a5e";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/EE37-4B85";
+      fsType = "vfat";
+    };
+
+  fileSystems."/mnt/henning" =
+    { device = "/dev/disk/by-uuid/0c16a107-fe7a-472e-881d-a28bc305988b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/mnt/human" =
+    { device = "/dev/disk/by-uuid/2d2b84b2-58b4-47a9-b328-cd4984927e48";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/9969ac13-32c6-4f44-a706-cc810fe8339b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+}

hosts/asuka/soryu-old/tahoe.nix

@@ -0,0 +1,293 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.services.tahoe;
+  format = pkgs.formats.ini { };
+in
+  {
+    options.services.tahoe = {
+      introducers = mkOption {
+        default = {};
+        type = with types; attrsOf (submodule {
+          options = {
+            settings = mkOption {
+              type = types.submodule {
+                freeformType = format.type;
+                options = {
+                  node.nickname = mkOption {
+                    type = types.str;
+                    description = "The nickname of this Tahoe introducer.";
+                  };
+                  node."tub.port" = mkOption {
+                    default = 3458;
+                    type = types.port;
+                    description = "The port on which the introducer will listen.";
+                  };
+                  node."tub.location" = mkOption {
+                    type = types.nullOr types.str;
+                    description = ''
+                      The external location that the introducer should listen on.
+                      If specified, the port should be included.
+                    '';
+                  };
+                };
+              };
+              description = "Freeform settings for the introducer";
+            };
+            package = mkOption {
+              default = pkgs.tahoe-lafs;
+              defaultText = literalExpression "pkgs.tahoe-lafs";
+              type = types.package;
+              description = "The package to use for the Tahoe LAFS daemon.";
+            };
+          };
+        });
+        description = lib.mdDoc "The Tahoe introducers.";
+      };
+      nodes = mkOption {
+        default = {};
+        type = with types; attrsOf (submodule ({name, config, ...}: {
+          options = {
+            settings = mkOption {
+              type = types.submodule {
+                freeformType = format.type;
+                options = {
+                  node.nickname = mkOption {
+                    type = types.str;
+                    description = "Value to display in management tools.";
+                    default = name;
+                  };
+                  node."tub.port" = mkOption {
+                    type = types.oneOf [ types.str types.port (types.enum [ "disabled" null ]) ];
+                    description = "A twisted server endpoint specification for receiving connections from other nodes.";
+                    example = "tcp:12345:interface=127.0.0.1";
+                    default = 3457;
+                  };
+                  node."tub.location" = mkOption {
+                    type = types.either types.str (types.enum [ "disabled" null ]);
+                    description = "comma separated connection strings that can be reached publically.";
+                    example = "tcp:mynode.example.com:3457,AUTO";
+                    default = "AUTO";
+                  };
+                  node."web.port" = mkOption {
+                    type = types.nullOr (types.either types.str types.port);
+                    description = "Twisted strport specification for webui and REST-api.";
+                    example = "tcp:3456:interface=127.0.0.1";
+                    default = 3456;
+                  };
+                  client."shares.needed" = mkOption {
+                    type = types.ints.between 1 256;
+                    description = "Default amount of shares needed to reconstruct an uploaded file.";
+                    default = 3;
+                  };
+                  client."shares.total" = mkOption {
+                    type = types.ints.between 1 256;
+                    description = "Default amount of shares a file is split into.";
+                    default = 10;
+                  };
+                  client."shares.happy" = mkOption {
+                    type = types.ints.positive;
+                    description = ''
+                      How spread out should your shares be.
+                      Can be smaller than needed, but not more than amount of servers available.";
+                    '';
+                    default = 7;
+                  };
+                  client."mutable.format" = mkOption {
+                    type = types.enum [ "sdmf" "mdmf" ];
+                    description = ''
+                      What format to save mutable files in.
+                      SDMF is useful when some nodes on your network run an older version of Tahoe-LAFS.
+                      MDMF supports inplace modification and streaming downloads.
+                    '';
+                    default = "sdmf";
+                  };
+                  storage.enabled = mkEnableOption "storage service";
+                  storage.anonymous = mkOption {
+                    type = types.bool;
+                    description = "Whether to expose storage with just the FURL and no other authentication.";
+                    default = true;
+                  };
+                  storage.reserved_space = mkOption {
+                    type = types.str;
+                    description = "The minimum amount of free disk space to keep.";
+                    default = "1G";
+                  };
+                  helper.enabled = mkEnableOption "helper service";
+                  sftpd.enabled = mkEnableOption "sftpd service";
+                  sftpd.port = mkOption {
+                    type = types.nullOr types.str;
+                    description = "A twisted connection string to listen on for the sftpd service.";
+                    example = "tcp:8022:interface=127.0.0.1";
+                    default = null;
+                  };
+                  sftpd.host_pubkey_file = mkOption {
+                    type = types.nullOr types.path;
+                    description = "Path to ssh public key to use for the service.";
+                    default = null;
+                  };
+                  sftpd.host_privkey_file = mkOption {
+                    type = types.nullOr types.path;
+                    description = "Path to ssh private key to use for the service.";
+                    default = null;
+                  };
+                };
+              };
+              description = "freeform options for a normal tahoe-lafs node";
+            };
+            client.introducersFile = mkOption {
+              type = types.nullOr types.path;
+              description = "Path to a secret file containing introducers, will be placed in private/introducers.yaml";
+              default = null;
+            };
+            client.helperFile = mkOption {
+              type = types.nullOr types.path;
+              description = "Secret file containing a furl to use as a helper.";
+              default = null;
+            };
+            sftpd.accountsFile = mkOption {
+              type = types.nullOr types.path;
+              description = "Path to the accounts file. Will be copied to private/accounts";
+              default = null;
+            };
+            package = mkOption {
+              default = pkgs.tahoe-lafs;
+              defaultText = literalExpression "pkgs.tahoelafs";
+              type = types.package;
+              description = lib.mdDoc ''
+                The package to use for the Tahoe LAFS daemon.
+              '';
+            };
+          };
+        }));
+        description = "The Tahoe nodes.";
+      };
+    };
+    config = mkMerge [
+      (mkIf (cfg.introducers != {}) {
+        environment = {
+          etc = flip mapAttrs' cfg.introducers (node: settings:
+            nameValuePair "tahoe-lafs/introducer-${node}.cfg" {
+              mode = "0444";
+              source = format.generate "tahoe-lafs-introducer" settings.settings;
+            });
+          # Actually require Tahoe, so that we will have it installed.
+          systemPackages = flip mapAttrsToList cfg.introducers (node: settings:
+            settings.package
+          );
+        };
+        systemd.services = flip mapAttrs' cfg.introducers (node: settings:
+          let
+            pidfile = "/run/tahoe.introducer-${node}.pid";
+            # This is a directory, but it has no trailing slash. Tahoe commands
+            # get antsy when there's a trailing slash.
+            nodedir = "/var/db/tahoe-lafs/introducer-${node}";
+          in nameValuePair "tahoe.introducer-${node}" {
+            description = "Tahoe LAFS node ${node}";
+            wantedBy = [ "multi-user.target" ];
+            path = [ settings.package ];
+            restartTriggers = [
+              config.environment.etc."tahoe-lafs/introducer-${node}.cfg".source ];
+            serviceConfig = {
+              Type = "simple";
+              PIDFile = pidfile;
+              # Believe it or not, Tahoe is very brittle about the order of
+              # arguments to $(tahoe run). The node directory must come first,
+              # and arguments which alter Twisted's behavior come afterwards.
+              ExecStart = ''
+                ${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
+              '';
+            };
+            preStart = ''
+              if [ ! -d ${lib.escapeShellArg nodedir} ]; then
+                mkdir -p /var/db/tahoe-lafs
+                # See https://github.com/NixOS/nixpkgs/issues/25273
+                tahoe create-introducer \
+                  --hostname="${config.networking.hostName}" \
+                  ${lib.escapeShellArg nodedir}
+              fi
+
+              # Tahoe has created a predefined tahoe.cfg which we must now
+              # scribble over.
+              # XXX I thought that a symlink would work here, but it doesn't, so
+              # we must do this on every prestart. Fixes welcome.
+              # rm ${nodedir}/tahoe.cfg
+              # ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg
+              cp /etc/tahoe-lafs/introducer-"${node}".cfg ${lib.escapeShellArg nodedir}/tahoe.cfg
+            '';
+          });
+        users.users = flip mapAttrs' cfg.introducers (node: _:
+          nameValuePair "tahoe.introducer-${node}" {
+            description = "Tahoe node user for introducer ${node}";
+            isSystemUser = true;
+            group = "tahoe.introducer-${node}";
+          });
+        users.groups = flip mapAttrs' cfg.nodes (node: _:
+          nameValuePair "tahoe.introducer-${node}" { });
+      })
+      (mkIf (cfg.nodes != {}) {
+        environment = {
+          etc = flip mapAttrs' cfg.nodes (node: settings:
+            nameValuePair "tahoe-lafs/${node}.cfg" {
+              mode = "0444";
+              source = let placeholderFile = lib.pipe settings.settings [
+                (s: lib.recursiveUpdate
+                  (lib.optionalAttrs (settings.client.helperFile != null) { client."helper.furl" = "@CLIENT_HELPER_FURL@"; })
+                  s)
+              ];
+              in format.generate "tahoe-lafs-node" placeholderFile;
+            });
+          # Actually require Tahoe, so that we will have it installed.
+#          systemPackages = flip mapAttrsToList cfg.nodes (node: settings:
+#            settings.package
+#          );
+        };
+        systemd.services = flip mapAttrs' cfg.nodes (node: settings:
+          let
+            pidfile = "/run/tahoe.${node}.pid";
+            # This is a directory, but it has no trailing slash. Tahoe commands
+            # get antsy when there's a trailing slash.
+            nodedir = "/var/db/tahoe-lafs/${node}";
+          in nameValuePair "tahoe.${node}" {
+            description = "Tahoe LAFS node ${node}";
+            wantedBy = [ "multi-user.target" ];
+            path = [ settings.package ];
+            restartTriggers = [
+              config.environment.etc."tahoe-lafs/${node}.cfg".source ];
+            serviceConfig = {
+              Type = "simple";
+              PIDFile = pidfile;
+              # Believe it or not, Tahoe is very brittle about the order of
+              # arguments to $(tahoe run). The node directory must come first,
+              # and arguments which alter Twisted's behavior come afterwards.
+              ExecStart = ''
+                ${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
+              '';
+            };
+            preStart = ''
+              if [ ! -d ${lib.escapeShellArg nodedir} ]; then
+                mkdir -p /var/db/tahoe-lafs
+                tahoe create-node --hostname=localhost ${lib.escapeShellArg nodedir}
+              fi
+
+              cp /etc/tahoe-lafs/${lib.escapeShellArg node}.cfg ${lib.escapeShellArg nodedir}/tahoe.cfg
+            '' + lib.optionalString (settings.client.helperFile != null) ''
+              ${pkgs.replace-secret}/bin/replace-secret '@CLIENT_HELPER_FURL@' ${settings.client.helperFile} ${lib.escapeShellArg nodedir}/tahoe.cfg
+            '' + lib.optionalString (settings.client.introducersFile != null) ''
+              cp "${config.settings.client.introducersFile}" ${lib.escapeShellArg nodedir}/private/introducers.yaml
+            '' + lib.optionalString (settings.sftpd.accountsFile != null) ''
+              cp "${config.settings.client.introducersFile}" ${lib.escapeShellArg nodedir}/private/accounts
+            '';
+          });
+        users.users = flip mapAttrs' cfg.nodes (node: _:
+          nameValuePair "tahoe.${node}" {
+            description = "Tahoe node user for node ${node}";
+            isSystemUser = true;
+            group = "tahoe.${node}";
+          });
+        users.groups = flip mapAttrs' cfg.nodes (node: _:
+          nameValuePair "tahoe.${node}" { });
+      })
+    ];
+  }

hosts/asuka/soryu-old/wack.nix

@@ -0,0 +1,71 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+
+  networking.firewall.allowedTCPPorts = [ 1337 ];
+
+  networking.nat.forwardPorts = [
+    {
+      destination = "${config.containers.ireul.hostAddress}:1337";
+      proto = "tcp";
+      sourcePort = 1337;
+    }
+  ];
+
+  containers.ireul = {
+    bindMounts."/wordlists" = {
+      hostPath = "/mnt/human/wordlists";
+      isReadOnly = false;
+    };
+    privateNetwork = true;
+    hostAddress = "192.168.10.1";
+    localAddress = "192.168.10.2";
+    forwardPorts = [
+      { containerPort = 1337;
+        hostPort = 1337;
+        protocol = "tcp";
+      }
+    ];
+
+    bindMounts."/dev/dri" = {
+      hostPath = "/dev/dri";
+      isReadOnly = false;
+    };
+    bindMounts."/dev/kfd" = {
+      hostPath = "/dev/kfd";
+      isReadOnly = false;
+    };
+    bindMounts."/run/opengl-driver" = {
+      hostPath = "/run/opengl-driver";
+      isReadOnly = false;
+    };
+
+    allowedDevices = [
+      { node = "/dev/dri/card0"; modifier = "rw"; }
+      { node = "/dev/dri/renderD128"; modifier = "rw"; }
+      { node = "/dev/kfd"; modifier = "rw"; }
+    ];
+
+    config = { config, pkgs, ... }: {
+      services.openssh.enable = true;
+      services.openssh.ports = [ 1337 ];
+
+      environment.systemPackages = with pkgs; [
+        hashcat
+        hashcat-utils
+        john
+
+        kitty.terminfo
+      ];
+
+      users.groups.video.members = builtins.attrNames config.users.users;
+
+
+      programs.zsh.enable = true;
+      imports = [ (inputs.wack-server-conf + /users/default.nix) ];
+
+      system.stateVersion = "24.11";
+    };
+  };
+
+}

hosts/asuka/soryu/configuration.nix

@@ -0,0 +1,207 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+#      ./wack.nix
+      ./ollama.nix
+      ../../common/builder.nix
+    ];
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    rocmSupport = true;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot = {
+    enable = true;
+    netbootxyz = { enable = true; sortKey = "y_netbootxyz"; };
+    edk2-uefi-shell = { enable = true; sortKey = "z_edk2-uefi-shell"; };
+    extraEntries = {
+      "old-soryuu.conf" = ''
+        title Old Soryuu;
+        efi /efi/edk2-uefi-shell/shell.efi
+        options -nointerrupt -nomap -noversion HD1b65535a:\EFI\systemd\systemd-bootx64.efi
+        sort-key o_soryuu-old
+      '';
+    };
+  };
+
+  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  #  programs.adb.enable = true;
+
+  systemd.enableEmergencyMode = false;
+
+  networking.hostName = "soryu";
+  networking.extraHosts = ''
+    127.0.0.1 modules-cdn.eac-prod.on.epicgames.com #Star Citizen EAC workaround
+  '';
+
+  # Star Citizen resource limits
+  boot.kernel.sysctl = {
+    "vm.max_map_count" = 16777216;
+    "fs.file-max" = 524288;
+  };
+
+  zramSwap = {
+    enable = true;
+    memoryMax = 96 * 1024 * 1024 * 1024;  # 96 GB ZRAM
+  };
+
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
+
+  services.gnome.gnome-keyring.enable = true;
+
+  services.murmur = {
+    enable = true;
+    # registerName = "DODSORFAS";
+    welcometext = "Dans PC at singsaker smh backup mumble server";
+  };
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = false;
+    dedicatedServer.openFirewall = false;
+  };
+
+  services.tailscale.enable = true;
+
+  networking.firewall.interfaces."tailscale0" = let
+    all = { from = 0; to = 65535; };
+  in {
+    allowedUDPPortRanges = [ all ];
+    allowedTCPPortRanges = [ all ];
+  };
+
+  # Select internationalisation properties.
+  console.keyMap = "no-latin1";
+
+  time.timeZone = "Europe/Oslo";
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+   wget vim git
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
+  networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
+
+
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.graphics.extraPackages = with pkgs; [
+    libva rocmPackages.clr.icd
+  ];
+  hardware.amdgpu.opencl.enable = true;
+
+  systemd.tmpfiles.rules = 
+  let
+    rocmEnv = pkgs.symlinkJoin {
+      name = "rocm-combined";
+      paths = with pkgs.rocmPackages; [
+        rocblas
+        hipblas
+        clr
+      ];
+    };
+  in [
+    "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+  ];
+
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.displayManager = {
+    defaultSession = "xsession";
+    session = [
+      { manage = "desktop";
+        name = "xsession";
+        start = "exec $HOME/.xsession";
+      }
+    ];
+  };
+  services.xserver.xkb.layout = "no";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.videoDrivers = ["amdgpu"];
+
+
+
+  programs.zsh.enable = true;
+
+  virtualisation.docker.enable = true;
+  virtualisation.libvirtd.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+
+
+#  networking.nameservers = lib.mkForce [ "192.168.0.25" ];
+
+
+
+#  services.ipfs.enable = true;
+#  services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002";
+
+  nix.trustedUsers = [ "daniel" ];
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  users.users.daniel = {
+    isNormalUser = true;
+    uid = 1000;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" "networkmanager" "docker" "video" "libvirtd" ];
+    initialPassword = "Abc123";
+  };
+
+  programs.dconf.enable = true;
+  services.dbus.packages = with pkgs; [ dconf ];
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}

hosts/asuka/soryu/hardware-configuration.nix

@@ -0,0 +1,56 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "thunderbolt" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices."crypted-main".device = "/dev/disk/by-uuid/2f59c91a-6765-439a-bc8d-6a84d662ba0c";
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749";
+      fsType = "btrfs";
+      options = [ "subvol=nix" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2285-60E9";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ { device = "/dev/disk/by-partlabel/swap"; randomEncryption.enable = true; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp10s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/asuka/soryu/ollama.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  services.ollama = {
+    enable = true;
+    acceleration = "rocm";
+    package = inputs.unstable.legacyPackages.x86_64-linux.ollama;
+    rocmOverrideGfx = "10.3.0";
+    environmentVariables = {
+      ROCR_VISIBLE_DEVICES = "GPU-5ecd14c0d670740b";
+    };
+    host = "100.64.0.19";
+    loadModels = [
+      "gemma3:4b"
+      "gemma3:12b"
+      "gemma3:27b"
+      "deepseek-r1:7b"
+      "deepseek-r1:14b"
+      "qwq:32b"
+      "codestral:22b"
+    ];
+  };
+
+  systemd.services.ollama = {
+    serviceConfig = {
+      SupplementaryGroups = [ "video" ];
+    };
+  };
+}

hosts/asuka/soryu/wack.nix

@@ -0,0 +1,72 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+
+  networking.firewall.allowedTCPPorts = [ 1337 ];
+
+  networking.nat.forwardPorts = [
+    {
+      destination = "${config.containers.ireul.hostAddress}:1337";
+      proto = "tcp";
+      sourcePort = 1337;
+    }
+  ];
+
+  containers.ireul = {
+    bindMounts."/wordlists" = {
+      hostPath = "/mnt/human/wordlists";
+      isReadOnly = false;
+    };
+    privateNetwork = true;
+    hostAddress = "192.168.10.1";
+    localAddress = "192.168.10.2";
+    forwardPorts = [
+      { containerPort = 1337;
+        hostPort = 1337;
+        protocol = "tcp";
+      }
+    ];
+
+    bindMounts."/dev/dri" = {
+      hostPath = "/dev/dri";
+      isReadOnly = false;
+    };
+    bindMounts."/dev/kfd" = {          
+      hostPath = "/dev/kfd";
+      isReadOnly = false;
+    };
+    bindMounts."/run/opengl-driver" = {          
+      hostPath = "/run/opengl-driver";
+      isReadOnly = false;
+    };
+
+    allowedDevices = [
+      { node = "/dev/dri/card0"; modifier = "rw"; }
+      { node = "/dev/dri/renderD128"; modifier = "rw"; }
+      { node = "/dev/kfd"; modifier = "rw"; }
+    ];
+
+    config = { config, pkgs, ... }: {
+      services.openssh.enable = true;
+      services.openssh.ports = [ 1337 ];
+
+      environment.systemPackages = with pkgs; [
+        hashcat
+        hashcat-utils
+        john
+
+        kitty.terminfo
+      ];
+
+      users.groups.video.members = builtins.attrNames config.users.users;
+
+
+      programs.zsh.enable = true;
+      imports = [ (inputs.wack-server-conf + /users/default.nix) ];
+
+      system.stateVersion = "23.05";
+    };
+  };
+
+}
+

hosts/ayanami/configuration.nix

@@ -0,0 +1,261 @@
+#n Edit this configuration file to define what should be installed on your system.  
+# Help is available in the configuration.nix(5) man page and in the NixOS manual 
+# (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  networking.hosts = {
+   # "10.10.111.103" = [ "snowbell.htb" "legacy.snowbell.htb" "management.snowbell.htb" ];
+  };
+
+  services.restic.backups."main" = {
+    repositoryFile = "/root/restic-main-repo";
+    passwordFile = "/root/restic-main-password";
+    pruneOpts = [
+      "--keep-last 2"
+      "--keep-within 3d"
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 12"
+      "--keep-yearly 5"
+    ];
+    paths = [
+      "/home/daniel"
+      "/var/lib"
+    ];
+    exclude = [
+      "/home/*/.cache"
+
+      "/home/*/.local/share/Trash"
+
+      "/home/*/.cargo"
+
+      "/home/*/.local/share/Steam/*"
+      "!/home/*/.local/share/Steam/compatdata"
+
+      "/home/*/mnt"
+    ];
+    extraBackupArgs = [
+      "--one-file-system"
+    ];
+  };
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  virtualisation.podman.enable = true;
+  virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+
+  programs.wireshark.enable = true;
+  programs.wireshark.package = pkgs.wireshark;
+
+  services.mysql.enable = true;
+  services.mysql.package = pkgs.mariadb;
+  services.mysql.settings.mysqld = {
+    bind-address = "127.0.0.1";
+    port = 3306;
+  };
+  services.mysql.ensureUsers = [
+    {
+      name = "daniel";
+      ensurePermissions = {
+        "lab1.*" = "ALL PRIVILEGES";
+        "lab2.*" = "ALL PRIVILEGES";
+        "lab3.*" = "ALL PRIVILEGES";
+        "lab4.*" = "ALL PRIVILEGES";
+        "lab5.*" = "ALL PRIVILEGES";
+      };
+    }
+  ];
+
+  # services.create_ap.enable = false;
+  # services.create_ap.settings = {
+  #   INTERNET_IFACE = "enp0s31f6";
+  #   PASSPHRASE = "12345678";
+  #   SSID = "DOTA2ERBEST";
+  #   WIFI_IFACE = "wlp5s0";
+  #   MAC_FILTER = 0;
+  #   HIDDEN = 0;
+  # };
+
+  boot.kernelModules = [ "v4l2loopback" ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "ayanami"; # Define your hostname.
+  networking.networkmanager.enable = true;
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  
+  # Set your time zone.
+  time.timeZone = "Europe/Oslo";
+
+  services.tailscale.enable = true;
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.enp0s31f6.useDHCP = false;
+  networking.interfaces.wlp5s0.useDHCP = false;
+
+  services.avahi.enable = false;
+
+  # services.atftpd = {
+  #   enable = false;
+  # };
+
+  # Select internationalisation properties.
+  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "nb_NO.UTF-8/UTF-8" ];
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_TIME = "nb_NO.UTF-8";
+    LC_PAPER = "nb_NO.UTF-8";
+    LC_NAME = "nb_NO.UTF-8";
+    LC_ADDRESS = "nb_NO.UTF-8";
+    LC_TELEPHONE = "nb_NO.UTF-8";
+    LC_MEASUREMENT = "nb_NO.UTF-8";
+    LC_IDENTIFICATION = "nb_NO.UTF-8";
+};
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "no-latin1";
+  };
+
+  services.xserver.displayManager.lightdm.enable = true;
+  services.displayManager.defaultSession = "xsession";
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.displayManager = {
+    session = [
+      {
+        manage = "desktop";
+        name = "xsession";
+        start = "exec $HOME/.xsession";
+      }
+    ];
+  };
+
+  # Disable cups we will just not print anything :))
+  services.printing.enable = false;
+
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  hardware.opengl.driSupport32Bit = true;
+  hardware.opengl.extraPackages = with pkgs; [ libva ];
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput.enable = true;
+  services.xserver.xkb.layout = "no";
+
+
+  programs.zsh.enable = true;
+
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.daniel = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" "networkmanager" "wireshark" "libvirtd" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+    wget
+    virt-manager
+    podman-compose
+  ];
+
+
+  services.dbus.packages = with pkgs; [ pkgs.dconf ];
+
+  services.openssh.enable = true;
+  services.openssh.openFirewall = false;
+
+  networking.firewall.interfaces."tailscale0" = let
+    all = { from = 0; to = 65535; };
+  in {
+    allowedUDPPortRanges = [ all ];
+    allowedTCPPortRanges = [ all ];
+  };
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 69 8010 9090 ];
+  networking.firewall.allowedUDPPorts = [ 69 8010 9090 ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  nix.settings.trusted-users = [ "daniel" ];
+
+  nix.buildMachines = [
+    { hostName = "soryu";
+      system = "x86_64-linux";
+      maxJobs = 16;
+      supportedFeatures = [ "big-parallel" ];
+      speedFactor = 66317;
+    }
+    # { hostName = "bob.pvv.ntnu.no";
+    #   system = "x86_64-linux";
+    #   maxJobs = 12;
+    #   supportedFeatures = [ "big-parallel" ];
+    #   speedFactor = 129270;
+    # }
+    # { hostName = "bolle.pbsds.net";
+    #   system = "x86_64-linux";
+    #   maxJobs = 6;
+    #   speedFactor = 12857;
+    # }
+    # { hostName = "garp.pbsds.net";
+    #   system = "x86_64-linux";
+    #   maxJobs = 4;
+    #   # i7-6700
+    #   speedFactor = 8088;
+    # }
+    # { hostName = "lilith";
+    #   system = "x86_64-linux";
+    #   maxJobs = 6;
+    #   #speedFactor = 13199;
+    #   speedFactor = 6000;
+    # }
+    # {
+    #   hostName = "isvegg.pvv.ntnu.no";
+    #   system = "x86_64-linux";
+    #   maxJobs = 4;
+    #   speedFactor = 4961;
+    #   supportedFeatures = [ "big-parallel" ];
+    #   mandatoryFeatures = [ ];
+    # }
+  ];
+  nix.distributedBuilds = true;
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+    experimental-features = nix-command flakes impure-derivations ca-derivations
+  '';
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
+

hosts/ayanami/hardware-configuration.nix

@@ -0,0 +1,61 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  boot.initrd.luks.devices."enc" = {
+    allowDiscards = true;
+    device = "/dev/disk/by-uuid/27c2e6ae-d9ec-4bbd-9ebe-6ec2e63dd139";
+  };
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
+      fsType = "btrfs";
+      options = [ "subvol=nix" ];
+    };
+
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
+      fsType = "btrfs";
+      options = [ "subvol=persist" ];
+    };
+
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
+      fsType = "btrfs";
+      options = [ "subvol=log" ];
+      neededForBoot = true;
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/503B-1BC9";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/28c04c57-b026-471f-a7bf-366cbc102b78"; }
+    ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/common/builder.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+{
+  users.users.nixbuilder = {
+    group = "nixbuilder";
+    isSystemUser = true;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpGSDczzDOhTETCj+uB5e3/9QbOCaVW1knM+n1ey0n6LXH7uiPPmzuZiqfzmfbB1z4bjM2zpn3D6Et6zRCrBUjhTZqf/5GoNlvhVA6QYmBmBp98b8oY7juj5cmu55voxD0S5rC1mQMnWAAf8e8OPbkhs9Lt0XlOYdotLNIZQubzWqE2DK45g/h17ELJs+jkNXoalFjLvLXWzE/C+3pYoeNJVGHfVMTIwt7o64E6JXhxuYTYdSIuzd+BjntkSCXzcAzBFMRwkdlFVoBtLUMMcMQl39kcXv7lAQ8pv+8b1j1N9WuQVf1qEAcZguaimI1ifbXP5d841pZPApCj5KXectIEldfTrcwg8rZpd2UfYS/3XCcOuidBGprY7XsU/jz8wHbH68UjUrsLyaOMnG2ChYztnf63vm3gRs3Fc6FqTycpgYOPDeZBVTcMyPGgtiZvhnTeY20xFS5lK6M+dmgaDqH24kPLiwYSpUF2NK+Rg/2bZxvt/GaSr4U6fJGi3FCJOM= root@DanixLaptop"
+    ];
+  };
+
+  users.groups.nixbuilder = {};
+
+  nix.settings.trusted-users = [ "nixbuilder" ];
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+}

hosts/ikari/configuration.nix

@@ -0,0 +1,199 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+
+  services.restic.backups."main" = {
+    repositoryFile = "/root/restic-main-repo";
+    passwordFile = "/root/restic-main-password";
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 12"
+      "--keep-yearly 2"
+    ];
+    paths = [
+      "/var/lib"
+      "/home/daniel"
+    ];
+    exclude = [
+      "/home/*/.cache"
+    
+      "/home/*/.local/Trash"
+      
+      "/home/*/.local/share/Steam/*"
+      "!/home/*/.local/share/Steam/steamapps/compatdata"
+
+      "/home/*/.cargo"
+      "/home/*/**/target"
+    ];
+  };
+
+
+  services.postgresql.enable = true;
+  services.postgresql.package = pkgs.postgresql_15;
+  services.postgresql.authentication = ''
+    host all all 192.168.10.0/24 md5
+  '';
+
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      # Add additional package names here
+      "nvidia-x11"
+      "nvidia-settings"
+      "nvidia-persistenced"
+
+      "steam"
+      "steam-original"
+      "steam-run"
+      "steam-unwrapped"
+    ];
+  
+
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    modesetting.enable = true;
+    nvidiaSettings = true;
+    powerManagement.finegrained = false;
+    open = false;
+  };
+  #hardware.graphics.enable = true;
+  hardware.opengl.driSupport32Bit = true;
+
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = false;
+    dedicatedServer.openFirewall = false;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "ikari"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  services.tailscale.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Oslo";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "nb_NO.UTF-8/UTF-8" ];
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_TIME = "nb_NO.UTF-8";
+    LC_PAPER = "nb_NO.UTF-8";
+    LC_NAME = "nb_NO.UTF-8";
+    LC_ADDRESS = "nb_NO.UTF-8";
+    LC_TELEPHONE = "nb_NO.UTF-8";
+    LC_MEASUREMENT = "nb_NO.UTF-8";
+    LC_IDENTIFICATION = "nb_NO.UTF-8";
+  };
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true; # use xkb.options in tty.
+  };
+
+
+  services.displayManager.defaultSession = "xsession";
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.displayManager = {
+    session = [
+      {
+        manage = "desktop";
+        name = "xsession";
+        start = "exec $HOME/.xsession";
+      }
+    ];
+  };
+
+  services.dbus.packages = with pkgs; [ pkgs.dconf ];
+  programs.dconf.enable = true;
+
+  
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "no";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    jack.enable = true;
+  };
+
+
+  programs.zsh.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.daniel = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp8iMOx3eTiG5AmDh2KjKcigf7xdRKn9M7iZQ4RqP0np0UN2NUbu+VAMJmkWFyi3JpxmLuhszU0F1xY+3qM3ARduy1cs89B/bBE85xlOeYhcYVmpcgPR5xduS+TuHTBzFAgp+IU7/lgxdjcJ3PH4K0ruGRcX1xrytmk/vdY8IeSk3GVWDRrRbH6brO4cCCFjX0zJ7G6hBQueTPQoOy3jrUvgpRkzZY4ZCuljXtxbuX5X/2qWAkp8ca0iTQ5FzNA5JUyj+DWeEzjIEz6GrckOdV2LjWpT9+CtOqoPZOUudE1J9mJk4snNlMQjE06It7Kr50bpwoPqnxjo7ZjlHFLezl"
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    git
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.openFirewall = false;
+
+  networking.firewall.interfaces."tailscale0" = let
+    all = { from = 0; to = 65535; };
+  in {
+    allowedUDPPortRanges = [ all ];
+    allowedTCPPortRanges = [ all ];
+  };
+
+  networking.firewall.trustedInterfaces = [ "eno1" ];
+
+  nix.settings.trusted-users = [ "daniel" ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+
+
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
+

hosts/ikari/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/92bec2f5-9ae6-40c1-9c7b-a7b03ef8b79f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/8FB1-1C05";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

overlays/libaom.nix

@@ -1,19 +0,0 @@
-self: super:
-{
-  mylibaom = super.libaom.overrideAttrs (old: rec {
-    version = "1.0.0-a5e3f02b186";
-    src = super.fetchgit {
-      url = "https://aomedia.googlesource.com/aom";
-      rev = "a5e3f02b18668957bbd054a1058cb190f298ca6f";
-      sha256 = "1i7lk91rdwviqnmxc6k2ihjqx5glf6siirnlhyi50vbqwgpjiyv4";
-    };
-
-
-    cmakeFlags = [
-      "-DCMAKE_INSTALL_LIBDIR=lib"
-      "-DCMAKE_INSTALL_BINDIR=bin"
-      "-DCMAKE_INSTALL_INCLUDEDIR=include"
-    ];
-  });
-
-}

overlays/mumble.nix

@@ -1,6 +0,0 @@
-self: super:
-{
-   mumble = super.mumble.override (OldAttr: {
-     pulseSupport = true;
-   });
-}

profiles/xsession/terminal.nix

@@ -1,32 +0,0 @@
-{ pkgs, config, lib, ...}:
-{
-
-  config = lib.mkIf config.profiles.xsession.enable {
-
-    home.file.kitty = {
-      target = ".config/kitty/kitty.conf";
-      text = ''
-        #term               xterm-256color
-        font_family         MesloLGS NF
-        font_size           12.0
-        background_opacity  0.7
-
-        clear_all_shortcuts yes
-
-        map ctrl+shift+c copy_to_clipboard
-        map ctrl+shift+v paste_from_clipboard
-
-
-
-        map ctrl+plus change_font_size all +2.0
-        map ctrl+shift+plus change_font_size all -2.0
-      '';
-    };
-
-
-   home.packages = [
-      pkgs.kitty
-      pkgs.ncurses.dev
-    ];
-  };
-}