Update

2024-05-05 14:53:09 -04:00 · 2024-05-05 14:53:09 -04:00 · 57807f31e5
parent 9555f1115c
commit 57807f31e5
72 changed files with 845 additions and 1899 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,2 @@
 sensitives/*
-configuration.nix
+!sensitives/.gitkeep
 hardware-configuration.nix
--- a/0
+++ b/0
--- a/common.nix
+++ b/common.nix
@ -1,6 +1,6 @@
 { pkgs, home-manager, unstable, ... }:
 {
-  system.stateVersion = "22.11";
+  system.stateVersion = "23.11";
  system.autoUpgrade.enable = true;
  home-manager.useGlobalPkgs = true;
@ -9,9 +9,11 @@
  time = {
    timeZone = "America/New_York";
-    hardwareClockInLocalTime = true;
+    hardwareClockInLocalTime = false;
  };
  systemd.services.NetworkManager-wait-online.enable = pkgs.lib.mkForce false;
  i18n.defaultLocale = "en_US.UTF-8";
  nix.extraOptions = ''
@ -24,11 +26,16 @@
  ];
  age.secrets.serverwg-priv.file = ./secrets/serverwg-priv.age;
  age.secrets.vpnboxwg-priv.file = ./secrets/vpnboxwg-priv.age;
 #  age.secrets.lab-ip.file = ./secrets/lab-ip.age;
-  nixpkgs.overlays = [
+#  nixpkgs.overlays = [
-    (import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
+#    (import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
-  ];
+#  ];
  boot.supportedFilesystems = [ "ntfs" ];
  imports = [
    ./options.nix
  ];
 }
--- a/config/zsh/p10k/p10k.zsh
+++ b/config/zsh/p10k/p10k.zsh
--- a/flake.lock
+++ b/flake.lock
@ -2,14 +2,17 @@
  "nodes": {
    "agenix": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1673301561,
+        "lastModified": 1712079060,
-        "narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
+        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
+        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
        "type": "github"
      },
      "original": {
@ -18,35 +21,113 @@
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1700795494,
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "flake-utils": {
      "locked": {
        "lastModified": 1622445595,
        "narHash": "sha256-m+JRe6Wc5OZ/mKw2bB3+Tl0ZbtyxxxfnAWln8Q5qs+Y=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "7d706970d94bc5559077eb1a6600afddcd25a7c8",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
-        ],
+        ]
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1672244468,
+        "lastModified": 1703113217,
-        "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-22.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1712386041,
        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
          "openconnect-sso",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1703863825,
        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-github-actions",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1665732960,
+        "lastModified": 1703013332,
-        "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=",
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
        "type": "github"
      },
      "original": {
@ -58,35 +139,180 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1673704454,
+        "lastModified": 1713725259,
-        "narHash": "sha256-5Wdj1MgdOgn3+dMFIBtg+IAYZApjF8JzwLWDPieg0C4=",
+        "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a83ed85c14fcf242653df6f4b0974b7e1c73c6c6",
+        "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nur": {
      "locked": {
        "lastModified": 1713903158,
        "narHash": "sha256-dWOrSgYhyuwLcJHa+/VU05i0Qg64TaGXdFJDgXtGELs=",
        "owner": "nix-community",
        "repo": "NUR",
        "rev": "01e811e23bec13e9ecaed7d64ebbee56c8df9d93",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "NUR",
        "type": "github"
      }
    },
    "openconnect-sso": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nix-github-actions": "nix-github-actions",
        "nixpkgs": [
          "nixpkgs"
        ],
        "poetry2nix": "poetry2nix",
        "systems": "systems_2",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
        "lastModified": 1701455376,
        "narHash": "sha256-FMLrMdi6JY7ZfqV5XnNj64jnDcGKznKZLn7O6OMO3u0=",
        "owner": "ThinkChaos",
        "repo": "openconnect-sso",
        "rev": "20c0015c4264c72cc19ac272de0dc534309bd21b",
        "type": "github"
      },
      "original": {
        "owner": "ThinkChaos",
        "ref": "fix/nix-flake",
        "repo": "openconnect-sso",
        "type": "github"
      }
    },
    "poetry2nix": {
      "inputs": {
        "flake-utils": [
          "openconnect-sso",
          "flake-utils"
        ],
        "nix-github-actions": [
          "openconnect-sso",
          "nix-github-actions"
        ],
        "nixpkgs": [
          "openconnect-sso",
          "nixpkgs"
        ],
        "systems": [
          "openconnect-sso",
          "systems"
        ],
        "treefmt-nix": [
          "openconnect-sso",
          "treefmt-nix"
        ]
      },
      "locked": {
        "lastModified": 1714113962,
        "narHash": "sha256-7nVz2XUgVtnTQIYcuuqdLjZL8ifb7W8jciT+Szsx920=",
        "owner": "nix-community",
        "repo": "poetry2nix",
        "rev": "9245811b58905453033f1ef551f516cbee71c42c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "poetry2nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs_2",
        "nur": "nur",
        "openconnect-sso": "openconnect-sso",
        "sensitives": "sensitives",
        "unstable": "unstable"
      }
    },
    "sensitives": {
      "flake": false,
      "locked": {
        "lastModified": 1713547745,
        "narHash": "sha256-/5Mi03yx16RBz6cxkUak7a4/zdgChvHCRPdBommGKwI=",
        "path": "/etc/nixos/sensitives",
        "type": "path"
      },
      "original": {
        "path": "/etc/nixos/sensitives",
        "type": "path"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "openconnect-sso",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1714058656,
        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "unstable": {
      "locked": {
-        "lastModified": 1673631141,
+        "lastModified": 1713714899,
-        "narHash": "sha256-AprpYQ5JvLS4wQG/ghm2UriZ9QZXvAwh1HlgA/6ZEVQ=",
+        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "befc83905c965adfd33e5cae49acb0351f6e0404",
+        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
        "type": "github"
      },
      "original": {
@ -95,21 +321,6 @@
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -2,17 +2,34 @@
  description = "NixOS configuration";
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    home-manager.url = "github:nix-community/home-manager/release-22.11";
+    home-manager = {
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:nix-community/home-manager/release-23.11";
-
+      inputs.nixpkgs.follows = "nixpkgs";
    agenix.url = "github:ryantm/agenix";
    };
-  outputs = inputs@{ nixpkgs, unstable, home-manager, agenix, ... }:
+    agenix.url = "github:ryantm/agenix";
    sensitives = {
      url = "path:/etc/nixos/sensitives";
      flake = false;
    };
    nur = {
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    openconnect-sso = {
      url = "github:ThinkChaos/openconnect-sso/fix/nix-flake";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = inputs@{ nixpkgs, unstable, home-manager, agenix, sensitives, nur, openconnect-sso, ... }:
  let
    system = "x86_64-linux";
  in
@ -21,26 +38,48 @@
      let
        # Inject unstable for inputs for modules
        defaults = { pkgs, ... }: {
-          _module.args.unstable = import inputs.unstable {
+          _module.args = {
            inherit sensitives;
            unstable = import inputs.unstable {
              inherit (pkgs.stdenv.targetPlatform) system;
              config.allowUnfree = true;
            };
          };
        };
      in {
-        smallinux = nixpkgs.lib.nixosSystem {
+        artemis = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
-            defaults
+            ({ config, lib, sensitives, ... }:
-            home-manager.nixosModules.home-manager
+            {
-            agenix.nixosModule
+              config.wireguard.lab.remote = lib.fileContents "${sensitives}/homeip";
            })
            {
-              networking.hostName = "smallinux";
+              environment.systemPackages = [
                inputs.openconnect-sso.packages.x86_64-linux.default
              ];
              nixpkgs.overlays = [
                # add nur overlay for Firefox addons
                nur.overlay
 #                (import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix")
              ];
            }
            defaults
            home-manager.nixosModules.home-manager
            agenix.nixosModules.default
            {
              networking.hostName = "artemis";
              networking.networkmanager.enable = true;
              environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
            }
            ./common.nix
-            ./hosts/smallinux.nix
+            ./hosts/artemis
          ];
        };
        xps15 = nixpkgs.lib.nixosSystem {
@ -49,7 +88,7 @@
          modules = [
            defaults
            home-manager.nixosModules.home-manager
-            agenix.nixosModule
+            agenix.nixosModules.default
            {
              networking.hostName = "xps15";
--- a/home/betterdiscord-plugins.nix
+++ b/home/betterdiscord-plugins.nix
@ -0,0 +1,32 @@
 { pkgs, ... }:
 {
  home = let
    pluginRepoPlugin = pkgs.fetchurl {
      url = "https://betterdiscord.app/Download?id=200";
      hash = "sha256-gOo7q/N8B2SEXrVfAgQ4EUewv69bZ4guc8BR1X0xOZY=";
    };
    fetchPlugin = { id, hash }:
      pkgs.fetchurl {
        url = "https://betterdiscord.app/Download?id=" + id;
        inherit hash;
      };
  in {
 #    file.".local/share/nemo/actions/vscode.nemo_action".source = ../vscode.nemo_action;
    file.".config/BetterDiscord/plugins/PluginRepo.plugin.js".source = fetchPlugin {
      id = "200";
      hash = "sha256-gOo7q/N8B2SEXrVfAgQ4EUewv69bZ4guc8BR1X0xOZY=";
    };
 #    activation = {
 #      downloadBetterDiscordPlugins = {
 #        after = [ "writeBoundary" ];
 #        before = [ ];
 #        data = ''
 #          ${pkgs.curl}/bin/curl "https://betterdiscord.app/Download?id=200" -o 
 #        '';
 #      };
 #    };
  };
 }
--- a/home/emulators.nix
+++ b/home/emulators.nix
@ -3,5 +3,6 @@
  home.packages = with pkgs; [
    rpcs3
    citra
    yuzu-mainline
  ];
 }
--- a/home/firefox.nix
+++ b/home/firefox.nix
@ -0,0 +1,94 @@
 { pkgs, ... }:
 {
  programs.firefox = {
    enable = true;
    # Install extensions from NUR
    extensions = with pkgs.nur.repos.rycee.firefox-addons; [
      ublock-origin
      facebook-container
      clearurls
      bitwarden
      sponsorblock
      enhancer-for-youtube
      return-youtube-dislikes
      tab-session-manager
      darkreader
      tampermonkey
      to-google-translate
      h264ify
      betterttv
    ];
    # Privacy about:config settings
    profiles.seanomik = {
      search = {
        force = true;
        default = "DuckDuckGo";
        order = [ "DuckDuckGo" "Google" ];
        engines = {
          "Amazon.com".metaData.alias = "@a";
          "Bing".metaData.hidden = true;
          "eBay".metaData.hidden = true;
          "Google".metaData.alias = "@g";
          "Wikipedia (en)".metaData.alias = "@w";
          "GitHub" = {
            urls = [{
              template = "https://github.com/search";
              params = [
                { name = "q"; value = "{searchTerms}"; }
              ];
            }];
            icon = "${pkgs.fetchurl {
              url = "https://github.githubassets.com/favicons/favicon.svg";
              sha256 = "sha256-apV3zU9/prdb3hAlr4W5ROndE4g3O1XMum6fgKwurmA=";
            }}";
            definedAliases = [ "@gh" ];
          };
          "Nix Packages" = {
            urls = [{
              template = "https://search.nixos.org/packages";
              params = [
                { name = "channel"; value = "unstable"; }
                { name = "query"; value = "{searchTerms}"; }
              ];
            }];
            icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
            definedAliases = [ "@np" ];
          };
        };
      };
      settings = {
        "browser.toolbars.bookmarks.visibility" = "always";
        # Disable telemetry
        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
        "browser.ping-centre.telemetry" = false;
        "browser.tabs.crashReporting.sendReport" = false;
        "devtools.onboarding.telemetry.logged" = false;
        "toolkit.telemetry.enabled" = false;
        "toolkit.telemetry.unified" = false;
        "toolkit.telemetry.server" = "";
        # Disable Pocket
        "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
        "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
        "browser.newtabpage.activity-stream.showSponsored" = false;
        "extensions.pocket.enabled" = false;
        "media.autoplay.enabled" = false;
        "privacy.firstparty.isolate" = true;
        "network.http.sendRefererHeader" = 0;
      };
    };
  };
 }
--- a/home/fish.nix
+++ b/home/fish.nix
@ -0,0 +1,37 @@
 { pkgs, ... }:
 {
  home = {
    packages = with pkgs; [
      meslo-lgs-nf
    ];
  };
  programs.fish = {
    enable = true;
    shellInit = ''
      set -x GPG_TTY (tty)
      set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
      gpgconf --launch gpg-agent
      # ctrl-del for deleting word
      bind [3\;5~ kill-word
    '';
    shellAliases = {
      cd = "z";
    };
  };
  programs.starship = {
    enable = true;
  };
  programs.fzf = {
    enable = true;
  };
  programs.zoxide = {
    enable = true;
  };
 }
--- a/home/omz-zsh.nix
+++ b/home/omz-zsh.nix
--- a/home/programs/alacritty.nix
+++ b/home/programs/alacritty.nix
@ -8,7 +8,7 @@
        columns = 88;
      };
      font.normal.family = "MesloLGS NF";
-      #shell.program = "/bin/zsh";
+#      shell.program = "/b";
    };
  };
--- a/home/programs/default.nix
+++ b/home/programs/default.nix
--- a/home/root/default.nix
+++ b/home/root/default.nix
@ -0,0 +1,13 @@
 { pkgs, home-manager, unstable, config, ... }:
 {
  home-manager.users.root = { pkgs, ... }: {
    home.stateVersion = "23.11";
    programs.vim = {
      enable = true;
      settings = {
        mouse = "v";
      };
    };
  };
 }
--- a/home/seanomik/default.nix
+++ b/home/seanomik/default.nix
@ -1,4 +1,4 @@
-{ pkgs, home-manager, unstable, ... }:
+{ pkgs, home-manager, unstable, config, SystemConfiguration, ... }:
 {
  imports = [
    ./wireguard.nix
@ -7,7 +7,8 @@
  users.users.seanomik = {
    isNormalUser = true;
-    extraGroups = [ "wheel" "openrazer" "plugdev" "docker" ];
+    shell = pkgs.fish;
    extraGroups = [ "wheel" "openrazer" "plugdev" "docker" "networkmanager" "libvirtd" ];
    initialPassword = "pw123";
  };
@ -15,61 +16,89 @@
    gcc clang
  ]; 
-  networking.wireguard.enable = true;
+#  networking.wireguard.enable = true;
-  services.mullvad-vpn.enable = true;
+#  services.mullvad-vpn.enable = true;
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    #dedicatedServer.openFirewall = true;
  };
  system.activationScripts.installBetterDiscord = 
    ''
      nix run nixpkgs#betterdiscordctl install || true
    '';
  home-manager.users.seanomik = { pkgs, ... }: {
-    home.stateVersion = "22.11";
+    home.stateVersion = "23.11";
    imports = [
      ./gnome-dconf.nix
      ../omz-zsh.nix # oh-my-zsh zsh config
      ../programs
      ../fish.nix
 #      ../firefox.nix
      ../emulators.nix
-      ../vscode.nix
+      ../vscode-fhs.nix
-#      ../vscode-fhs.nix
+
      ../betterdiscord-plugins.nix
    ];
    # Add open-in-vscode button to nemo
    home = {
      file.".local/share/nemo/actions/vscode.nemo_action".source = ../vscode.nemo_action;
-#      activation = {
+      activation = {
-#        afterWriteBoundary = {
+        installBetterDiscord = {
-#          after = [ "writeBoundary" ];
+          after = [ "writeBoundary" ];
-#          before = [ ];
+          before = [ ];
-#          data = ''
+          data = ''
-#            find ~/.vscode/extensions/ | while read -r path
+            ${pkgs.betterdiscordctl}/bin/betterdiscordctl install > /tmp/betterdiscord-install.txt || true
-#            do
+          '';
-#              $DRY_RUN_CMD chmod --recursive +w \
+        };
-#                "$(readlink --canonicalize "$path")"
+        defaultApplications = {
-#            done
+          after = [ "writeBoundary" ];
-#          '';
+          before = [ ];
-#        };
+          data = ''
-#      };
+            ${pkgs.xdg-utils}/bin/xdg-mime default nemo.desktop inode/directory
            ${pkgs.glib}/bin/gsettings set org.gnome.desktop.default-applications.terminal exec alacritty 
          '';
        };
      };
    };
-#    home.programs.git = {
+    programs.vim = {
-#      enable = true;
+      enable = true;
-#      userName = "SeanOMik";
+      settings = {
-#      userEmail = "seanomik@gmail.com";
+        mouse = "v";
-#    };
+      };
    };
-#    pkgs.overlays = [
+    programs.git = {
-#      (import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
+      enable = true;
-#    ];
+      userName = "SeanOMik";
      userEmail = "seanomik@gmail.com";
      signing = {
        signByDefault = true;
        key = "BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD";
      };
      aliases = {
        lg1 = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all";
        lg2 = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n''          %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'";
        lg = "lg1";
        s = "status";
      };
      extraConfig = {
        core.editor = "${pkgs.vim}/bin/vim";
        init.defaultBranch = "main";
      };
    };
    programs.direnv = {
      enable = true;
      enableBashIntegration = true;
      enableZshIntegration = true;
      # readOnly but defaults to true
      # enableFishIntegration = true;
    };
    home.packages = let
 #      pkgs.overlays = [
@ -78,48 +107,67 @@
 #      openconnectOverlay = import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix";
 #      pkgss = import <nixpkgs> { overlays = [ openconnectOverlay ]; };
    in with pkgs; [
 #     with pkgss; [
      (callPackage ../../modules/applications/discord.nix { })
      zip
      unzip
      rar
      minio-client
-      retroarch
+#      openconnect-sso
      openconnect-sso
      vlc
      lutris
      valgrind
      protontricks
 #      unstable.polymc
 #      (callPackage ../../modules/pkgs/polymc.nix { })
 #      polymc
      prismlauncher
      minecraft
      zoom-us
      mullvad-vpn
      flameshot
      obs-studio
      #vscode
      qbittorrent
      okular
-      libreoffice-fresh-unwrapped      
+      libreoffice      
      betterdiscordctl
      gimp
      blender
      slack
      google-chrome
-      (callPackage ../../modules/pkgs/upwork.nix { inherit runCommandLocal; })
+#      (callPackage ../../modules/pkgs/upwork.nix { inherit runCommandLocal; })
-      (libsForQt5.callPackage ../../modules/pkgs/jellyfin-media-player.nix { })
+#      (libsForQt5.callPackage ../../modules/pkgs/jellyfin-media-player.nix { })
-      (callPackage ../../modules/pkgs/ytmdesktop.nix { })
+#      (callPackage ../../modules/pkgs/ytmdesktop.nix { })
-      jetbrains.idea-community
+#      jetbrains.idea-community
      renderdoc
      virt-manager
      hexchat
      kdenlive
      aria2
      github-desktop
      direnv
      cargo-flamegraph
      protonup-qt
      unstable.trilium-desktop
      ouch
      zoxide
      fzf
      plex-media-player
      plexamp
      chiaki
      tracy
      helvum
      audacity
      gittyup
      lapce
      yubikey-manager
      yubikey-manager-qt
      yubikey-touch-detector
      yubikey-personalization-gui
      unstable.protonvpn-gui
      unstable.networkmanagerapplet
      unstable.gnome.networkmanager-openvpn
      # zed.dev whenever its linux support is better
      openconnect
      go-task
    ];
  };
 }
--- a/home/seanomik/gnome-dconf.nix
+++ b/home/seanomik/gnome-dconf.nix
--- a/home/seanomik/k8s-tools.nix
+++ b/home/seanomik/k8s-tools.nix
@ -3,4 +3,19 @@
  home-manager.users.seanomik.home.packages = with pkgs; [
    kubectl kubernetes-helm kustomize fluxcd kustomize-sops sops
  ];
  home-manager.users.seanomik.home = {
    sessionVariables = {
      KUBE_EDITOR = "vim";
      EDITOR = "vim";
    };
    shellAliases = {
      k = "kubectl";
      kg = "kubectl get";
      kgpo = "kubectl get pod";
      krm = "kubectl delete";
      kgwf = "kubectl get --watch -f";
      kn = "kubectl config set-context --current --namespace";
    };
  };
 }
--- a/home/seanomik/wireguard.nix
+++ b/home/seanomik/wireguard.nix
@ -1,30 +1,32 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  networking.wireguard.interfaces = 
  let
-    homeip = builtins.readFile ../../sensitives/homeip;
+#    homeip = lib.fileContents config.age.secrets.lab-ip.path;
 #    homeip = lib.fileContents ../../sensitives/homeip;
    homeip = config.wireguard.lab.remote;
  in {
-    server = {
+#    server = {
-      ips = [ "10.0.0.2/32" ];
+#      ips = [ "10.0.0.2/32" ];
-      listenPort = 2751;
+#      listenPort = 2751;
 #
 #      privateKeyFile = config.age.secrets.serverwg-priv.path;
 #
 #      peers = [
 #        {
 #          publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
 #          allowedIPs = [ "10.0.0.1/32" ];
 #          endpoint = homeip + ":2751";
 #          persistentKeepalive = 25;
 #        }
 #      ];
 #    };
-      privateKeyFile = config.age.secrets.serverwg-priv.path;
+    lab = {
-
+      ips = [ config.wireguard.lab.ip ];
      peers = [
        {
          publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
          allowedIPs = [ "10.0.0.1/32" ];
          endpoint = homeip + ":2751";
          persistentKeepalive = 25;
        }
      ];
    };
    vpnbox = {
      ips = [ "10.0.1.4/32" ];
      listenPort = 2752;
-      privateKeyFile = config.age.secrets.vpnboxwg-priv.path;
+      privateKeyFile = config.wireguard.lab.privateKeyFile; #config.age.secrets.vpnboxwg-priv.path;
      peers = [
        {
--- a/home/vscode-fhs.nix
+++ b/home/vscode-fhs.nix
--- a/home/vscode.nix
+++ b/home/vscode.nix
--- a/home/yubikey-ssh.nix
+++ b/home/yubikey-ssh.nix
@ -4,11 +4,11 @@
  # Depending on the details of your configuration, this section might be necessary or not;
  # feel free to experiment
-  environment.shellInit = ''
+#  environment.shellInit = ''
-    export GPG_TTY="$(tty)"
+#    export GPG_TTY="$(tty)"
-    gpg-connect-agent /bye
+#    gpg-connect-agent /bye
-    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+#    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-  '';
+#  '';
  programs.gnupg.agent = {
    enable = true;
--- a/hosts/artemis/default.nix
+++ b/hosts/artemis/default.nix
@ -0,0 +1,66 @@
 { pkgs, nixpkgs-unstable, home-manager, ... }:
 {
  # Mount the data drive
  fileSystems."/media/data_drive" = {
    device = "/dev/disk/by-uuid/93861f2f-b63c-4201-8ae2-a533edd1c064";
    fsType = "btrfs";
  };
  fileSystems."/media/windows_disk" = {
    device = "/dev/disk/by-uuid/F4AAF639AAF5F846";
    fsType = "ntfs3";
    options = [ "rw" "uid=1000"];
  };
  services.openssh.enable = true;
  # Other modules
  imports = [
    ({ config, ...}: {
      config.wireguard = {
        lab = {
          ip = "10.0.1.4/32";
          privateKeyFile = config.age.secrets.vpnboxwg-priv.path;
        };
      };
    })
    ./hardware-configuration.nix
    ../../modules/boot/plymouth.nix
    ../../modules/boot/efi-grub.nix
 #    ../../modules/kernel/lqx.nix
    ../../modules/kernel/linux.nix
    # Hardware stuff
    ../../modules/hardware/nvidia.nix
    ../../modules/hardware/xone.nix
    ../../modules/hardware/razer.nix
    ../../modules/audio/pipewire.nix
    # Desktop stuff
    ../../modules/fonts
    ../../modules/desktop/gnome.nix
    ../../modules/desktop_manager/gdm.nix
    ../../modules/virtualisation
    ../../modules/flatpak
    # Applications
    ../../modules/cli-tools.nix
    ../../modules/applications
    # Development
    ../../modules/development
    ../../modules/switch-udev.nix
    # ssh
    ../../modules/ssh/yubikey.nix
    # Per-user stuff
    ../../home/seanomik
    ../../home/root
  ];
 }
--- a/hosts/artemis/hardware-configuration.nix
+++ b/hosts/artemis/hardware-configuration.nix
@ -0,0 +1,40 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/f4daaf6a-d296-4c4d-9964-df1322e8be0c";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/00B9-9EF5";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/4a48d6cb-b87d-4bb0-b342-cc3fccdddc9e"; }
    ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
--- a/hosts/smallinux.nix
+++ b/hosts/smallinux.nix
@ -1,55 +0,0 @@
 { pkgs, nixpkgs-unstable, home-manager, ... }:
 {
  # Mount the data drive
  fileSystems."/mnt/data_drive" = {
    device = "/dev/disk/by-uuid/93861f2f-b63c-4201-8ae2-a533edd1c064";
    fsType = "btrfs";
  };
  fileSystems."/mnt/windows_disk" = {
    device = "/dev/disk/by-uuid/3402E4B102E4796E";
    fsType = "ntfs3";
    options = [ "rw" "uid=1000"];
  };
  services.openssh.enable = true;
  # Other modules
  imports = [
    ../hardware-configuration.nix
    ../modules/boot/plymouth.nix
    ../modules/boot/efi-grub.nix
    ../modules/kernel/lqx.nix
    # Hardware stuff
    ../modules/hardware/nvidia.nix
    ../modules/hardware/xone.nix
    ../modules/hardware/razer.nix
    ../modules/audio/pipewire.nix
    # Desktop stuff
    ../modules/fonts
    ../modules/desktop/gnome.nix
    ../modules/desktop_manager/gdm.nix
    ../modules/virtualisation
    ../modules/flatpak
    # Applications
    ../modules/cli-tools.nix
    ../modules/applications
    # Development
    ../modules/development
    ../modules/switch-udev.nix
    # ssh
    ../modules/ssh/yubikey.nix
    # Per-user stuff
    ../home/seanomik
  ];
 }
--- a/hosts/xps15.nix
+++ b/hosts/xps15.nix
--- a/modules/applications/default.nix
+++ b/modules/applications/default.nix
@ -2,7 +2,8 @@
 {
  imports = [
    ./firefox.nix
-    ./zsh.nix
+#    ./zsh.nix
    ./fish.nix
    ./git.nix
    ./yubikey.nix
    ./java.nix
--- a/modules/applications/discord.nix
+++ b/modules/applications/discord.nix
--- a/modules/applications/docker.nix
+++ b/modules/applications/docker.nix
--- a/modules/applications/firefox.nix
+++ b/modules/applications/firefox.nix
--- a/modules/applications/fish.nix
+++ b/modules/applications/fish.nix
@ -0,0 +1,4 @@
 { pkgs, ... }:
 {
  programs.fish.enable = true;
 }
--- a/modules/applications/git.nix
+++ b/modules/applications/git.nix
--- a/modules/applications/hashicorp.nix
+++ b/modules/applications/hashicorp.nix
--- a/modules/applications/java.nix
+++ b/modules/applications/java.nix
--- a/modules/applications/wine.nix
+++ b/modules/applications/wine.nix
--- a/modules/applications/yubikey.nix
+++ b/modules/applications/yubikey.nix
@ -3,6 +3,6 @@
  services.pcscd.enable = true;
  environment.systemPackages = with pkgs; [
-    yubioath-desktop
+    yubioath-flutter
  ];
 }
--- a/modules/applications/zsh.nix
+++ b/modules/applications/zsh.nix
--- a/modules/audio/pipewire.nix
+++ b/modules/audio/pipewire.nix
--- a/modules/audio/pulseaudio.nix
+++ b/modules/audio/pulseaudio.nix
--- a/modules/boot/efi-grub.nix
+++ b/modules/boot/efi-grub.nix
@ -1,7 +1,6 @@
 {pkgs, ... }:
 {
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.efiSupport = true;
  boot.loader.grub.efiInstallAsRemovable = true;
  boot.loader.grub.useOSProber = true;
--- a/modules/boot/plymouth.nix
+++ b/modules/boot/plymouth.nix
--- a/modules/cli-tools.nix
+++ b/modules/cli-tools.nix
--- a/modules/default.nix
+++ b/modules/default.nix
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@ -35,9 +35,11 @@
    # Gnome extensions
    gnomeExtensions.appindicator
    gnomeExtensions.dash-to-dock
 #    gnomeExtensions.dash-to-dock-for-cosmic
    gnomeExtensions.tray-icons-reloaded
    gnome.gnome-tweaks
    gnome.gnome-keyring
    gnome.gnome-settings-daemon
    dconf
 #    qtstyleplugin-kvantum-qt4
--- a/modules/desktop_manager/gdm.nix
+++ b/modules/desktop_manager/gdm.nix
@ -1,6 +1,9 @@
 { pkgs, ... }:
 {
  services.xserver.enable = true;
  services.xserver.excludePackages = [
    pkgs.xterm
  ];
  services.xserver.displayManager.gdm = {
    enable = true;
    wayland = false; # ew, its something new (gaming performance, screensharing, alacritty).
--- a/modules/development/c-cpp.nix
+++ b/modules/development/c-cpp.nix
--- a/modules/development/default.nix
+++ b/modules/development/default.nix
@ -5,8 +5,7 @@
    lldb
    clang-tools
-    (callPackage ./lldb-mi/default.nix { })
+#    (callPackage ./lldb-mi/default.nix { })
 #    (callPackage ../pkgs/lldb-mi.nix { })
  ];
  imports = [
--- a/modules/development/javascript.nix
+++ b/modules/development/javascript.nix
--- a/modules/development/lldb-mi/default.nix
+++ b/modules/development/lldb-mi/default.nix
@ -39,7 +39,7 @@ in stdenv.mkDerivation rec {
  meta = with lib; {
    description = "LLDB's machine interface driver.";
    homepage = "https://github.com/lldb-tools/lldb-mi";
-    license = licenses.llvm-exception;
+    license = licenses.asl20-llvm;
    platforms = platforms.unix;
    maintainers = with maintainers; [ seanomik ];
  };
--- a/modules/development/rust.nix
+++ b/modules/development/rust.nix
--- a/modules/flatpak/default.nix
+++ b/modules/flatpak/default.nix
--- a/modules/fonts/default.nix
+++ b/modules/fonts/default.nix
@ -1,6 +1,6 @@
 {pkgs, ... }:
 {
-  fonts.fonts = with pkgs; [
+  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk
    noto-fonts-emoji
--- a/modules/hardware/.xone.nix.swp
+++ b/modules/hardware/.xone.nix.swp
--- a/modules/hardware/mesa-vulkan-layer-nvidia.patch
+++ b/modules/hardware/mesa-vulkan-layer-nvidia.patch
@ -1,17 +0,0 @@
 diff b/src/vulkan/device-select-layer/device_select_layer.c a/src/vulkan/device-select-layer/device_select_layer.c
 --- b/src/vulkan/device-select-layer/device_select_layer.c
 +++ a/src/vulkan/device-select-layer/device_select_layer.c
@@ -454,12 +454,8 @@
       exit(0);
    } else {
       unsigned selected_index = get_default_device(info, selection, physical_device_count, physical_devices);
 -      selected_physical_device_count = physical_device_count;
 +      selected_physical_device_count = 1;
       selected_physical_devices[0] = physical_devices[selected_index];
 -      for (unsigned i = 0; i < physical_device_count - 1; ++i) {
 -         unsigned  this_idx = i < selected_index ? i : i + 1;
 -         selected_physical_devices[i + 1] = physical_devices[this_idx];
 -      }
    }
    if (selected_physical_device_count == 0) {
--- a/modules/hardware/nvidia-prime.nix
+++ b/modules/hardware/nvidia-prime.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
--- a/modules/hardware/nvidia.nix
+++ b/modules/hardware/nvidia.nix
@ -7,36 +7,5 @@
  hardware.opengl.enable = true;
  hardware.opengl.driSupport32Bit = true;
  # This enables vulkan layers
 #  hardware = {
 #    opengl =
 #      let
 #        fn = oa: {
 #          nativeBuildInputs = oa.nativeBuildInputs ++ [ pkgs.glslang ];
 #          mesonFlags = oa.mesonFlags ++ [ "-Dvulkan-layers=device-select,overlay" ];
 #          patches = oa.patches ++ [ ./mesa-vulkan-layer-nvidia.patch ];
 #          postInstall = oa.postInstall + ''
 #              mv $out/lib/libVkLayer* $drivers/lib
              #Device Select layer
 #              layer=VkLayer_MESA_device_select
 #              substituteInPlace $drivers/share/vulkan/implicit_layer.d/''${layer}.json \
 #                --replace "lib''${layer}" "$drivers/lib/lib''${layer}"
              #Overlay layer
 #              layer=VkLayer_MESA_overlay
 #              substituteInPlace $drivers/share/vulkan/explicit_layer.d/''${layer}.json \
 #                --replace "lib''${layer}" "$drivers/lib/lib''${layer}"
 #            '';
 #        };
 #      in
 #      with pkgs; {
 #        enable = true;
 #        driSupport32Bit = true;
 #        package = (mesa.overrideAttrs fn).drivers;
 #        package32 = (pkgsi686Linux.mesa.overrideAttrs fn).drivers;
 #      };
 #  };
  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
 }
--- a/modules/hardware/razer.nix
+++ b/modules/hardware/razer.nix
--- a/modules/hardware/xone.nix
+++ b/modules/hardware/xone.nix
@ -1,4 +1,10 @@
-{ pkgs, ... }:
+{ pkgs, unstable, config, ... }:
 {
-  hardware.xone.enable = true;
+  boot = {
    blacklistedKernelModules = [ "xpad" "mt76x2u" ];
 #    extraModulePackages = with unstable.linuxPackages_latest; [ xone ];
    extraModulePackages = with config.boot.kernelPackages; [ xone ];
  };
  #hardware.firmware = [ unstable.xow_dongle-firmware ];
  hardware.firmware = with unstable; [ xow_dongle-firmware ];
 }
--- a/modules/kernel/linux.nix
+++ b/modules/kernel/linux.nix
@ -0,0 +1,4 @@
 { pkgs, unstable, ... }:
 {
  boot.kernelPackages = unstable.linuxPackages_latest;
 }
--- a/modules/kernel/lqx.nix
+++ b/modules/kernel/lqx.nix
--- a/modules/pkgs/clangd.nix
+++ b/modules/pkgs/clangd.nix
--- a/modules/pkgs/ftb-app.nix
+++ b/modules/pkgs/ftb-app.nix
--- a/modules/pkgs/lldb-mi.nix
+++ b/modules/pkgs/lldb-mi.nix
--- a/modules/pkgs/ouch.nix
+++ b/modules/pkgs/ouch.nix
@ -0,0 +1,33 @@
 { lib
 , rustPlatform
 , fetchCrate
 , stdenv
 , darwin
 }:
 rustPlatform.buildRustPackage rec {
  pname = "ouch";
  version = "0.5.1";
  src = fetchCrate {
    inherit pname version;
    hash = "sha256-5peaWpXf1I6uKNlZkt/Y81DAKPOcvnQHXJZJ7+OTXhU=";
  };
  cargoHash = "sha256-OdAu7fStTJCF1JGJG9TRE1Qosy6yjKsWq01MYpbXZcg=";
  buildInputs = lib.optionals stdenv.isDarwin [
    darwin.apple_sdk.frameworks.Security
  ];
  # some examples fail to compile
  #cargoTestFlags = [ "--tests" ];
  meta = with lib; {
    description = "Painless compression and decompression in the terminal";
    homepage = "https://github.com/ouch-org/ouch";
    changelog = "https://github.com/ouch-org/ouch/releases/tag/${version}";
    license = licenses.mit;
    maintainers = with maintainers; [ seanomik ];
  };
 }
--- a/modules/pkgs/upwork.nix
+++ b/modules/pkgs/upwork.nix
--- a/modules/ssh/yubikey.nix
+++ b/modules/ssh/yubikey.nix
@ -6,11 +6,11 @@
  # Depending on the details of your configuration, this section might be necessary or not;
  # feel free to experiment
-  environment.shellInit = ''
+#  environment.shellInit = ''
-    export GPG_TTY="$(tty)"
+#    export GPG_TTY="$(tty)"
-    gpg-connect-agent /bye
+#    gpg-connect-agent /bye
-    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+#    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-  '';
+#  '';
  programs.gnupg.agent = {
    enable = true;
--- a/modules/switch-udev.nix
+++ b/modules/switch-udev.nix
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation/default.nix
@ -1,7 +1,23 @@
 { pkgs, ... }:
 {
-  virtualisation.libvirtd.enable = true;
+  virtualisation.libvirtd = {
    enable = true;
    qemu = {
      package = pkgs.qemu_kvm;
      runAsRoot = true;
      swtpm.enable = true;
      ovmf = {
        enable = true;
        packages = [(pkgs.OVMF.override {
          secureBoot = true;
          tpmSupport = true;
        }).fd];
      };
    };
  };
  virtualisation.spiceUSBRedirection.enable = true;
  boot.kernelModules = [ "kvm-amd" ];
  environment.systemPackages = with pkgs; [
    spice-gtk
--- a/options.nix
+++ b/options.nix
@ -0,0 +1,25 @@
 { lib, ... }:
 {
  options = {
    wireguard = {
 #      remote = lib.mkOption {
 #        type = lib.types.str;
 #      };
      lab = {
        remote = lib.mkOption {
          type = lib.types.str;
        };
        ip = lib.mkOption {
          type = lib.types.str;
 #        default = { };
        };
        privateKeyFile = lib.mkOption {
          type = lib.types.path;
        };
      };
    };
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
--- a/secrets/vpnboxwg-priv.age
+++ b/secrets/vpnboxwg-priv.age
--- a/sensitives/.gitkeep
+++ b/sensitives/.gitkeep