common/cloudsync.nix

@@ -57,7 +57,7 @@ in
                 let
                   remote_clean = lib.strings.concatStrings (builtins.match "/*(.+)" remote);
                 in
-                "${cloud_cmd} /${remote_clean} ${local} ${sync_server} 1> /dev/null"
+                "${cloud_cmd} /${remote_clean} ${local} ${sync_server}"
               ) paths
             );
           in

common/firefox.nix

@@ -38,13 +38,11 @@ in
       policies = {
         ExtensionSettings =
           # (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) // 
-          (
+          (mapAttrs (guid: shortId: {
-            mapAttrs (guid: shortId: {
             # explicit plugins by config 
             install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
             installation_mode = "force_installed";
-            }) config.grimmShared.firefox.plugins
+          }) config.grimmShared.firefox.plugins);
-          );
         DisableTelemetry = true;
         DisableFirefoxStudies = true;
         EnableTrackingProtection = {

common/graphics/opengl.nix

@@ -50,9 +50,7 @@ in
       ];
     };
 
-    environment.sessionVariables = {
+    environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
-      LIBVA_DRIVER_NAME = "iHD";
-    }; # Force intel-media-driver
 
 #    chaotic.mesa-git.enable = true;
     boot.kernelParams = [ "nouveau.config=NvGspRm=1" ];

common/graphics/sway.nix

@@ -87,9 +87,7 @@ let
         export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
         if [[ -e "$SWAYSOCK" ]] ; then
           echo "sock is $SWAYSOCK"
-          ${getExe' config.programs.sway.package "swaymsg"} '${
+          ${getExe' config.programs.sway.package "swaymsg"} '${concatMapStrings (s: s + " ; ") output_def}'
-            concatMapStrings (s: s + " ; ") output_def
-          }'
         fi
       done
     '';

common/hardware/laptop.nix

@@ -32,9 +32,6 @@ in
     # hardware.i2c.enable = true;
     services.libinput.enable = true;
     hardware.opentabletdriver.enable = true;
-
-    systemd.user.services.opentabletdriver.after = [ "local-fs.target" ];
-
     services.udisks2.enable = true;
 
     #services.udev.extraRules = ''
@@ -45,29 +42,25 @@ in
     #    ENV{SYSTEMD_WANTS}+="ddcci@$kernel.service"
     #'';
 
-    # systemd.services."ddcci@" = {
+    systemd.services."ddcci@" = {
-    #  scriptArgs = "%i";
+      scriptArgs = "%i";
-    #  script = ''
+      script = ''
-    #    sleep 20
+        sleep 20
-    #    echo Trying to attach ddcci to $1
+        echo Trying to attach ddcci to $1
-    #    i=0
+        i=0
-    #    id=$(echo $1 | cut -d "-" -f 2)
+        id=$(echo $1 | cut -d "-" -f 2)
-    #    if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
+        if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
-    #      echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
+          echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
-    #    fi
+        fi
-    #  '';
+      '';
-    #  serviceConfig.Type = "oneshot";
+      serviceConfig.Type = "oneshot";
-    #};
+    };
 
     systemd.enableCgroupAccounting = true;
     # systemd.enableUnifiedCgroupHierarchy = false;
     
     boot = {
-      kernelParams = [
+      kernelParams = [ "intel_iommu=on" "nohibernate" ];
-        "intel_iommu=on"
-        "nohibernate"
-        "pcie_aspm=off"
-      ];
       loader.efi.canTouchEfiVariables = true;
       initrd.availableKernelModules = [
         "xhci_pci"
@@ -81,8 +74,8 @@ in
       loader.systemd-boot.enable = true;
       #      extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
       kernelModules = [
-        #        "ddcci_backlight"
+        "ddcci_backlight"
-        #        "i2c-dev"
+        "i2c-dev"
         "ec_sys"
       ];
     };

common/sound/spotifyd.nix

@@ -61,17 +61,9 @@ in
         password_cmd =
           let
             pass = spotify.spotifyd.pass;
-            inherit (lib)
+            inherit (lib) isPath isString getExe getExe';
-              isPath
-              isString
-              getExe
-              getExe'
-              ;
           in
-          if (isPath pass || isString pass) then
+          if (isPath pass || isString pass) then "${getExe' pkgs.coreutils-full "cat"} ${pass}" else (getExe pass);
-            "${getExe' pkgs.coreutils-full "cat"} ${pass}"
-          else
-            (getExe pass);
         device_type = "computer";
         dbus_type = "system";
         device = "default";

common/tooling/apparmor/apparmor-d-module.nix

@@ -5,13 +5,7 @@
   ...
 }:
 let
-  inherit (lib)
+  inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile mkForce;
-    mkIf
-    mapAttrs
-    assertMsg
-    pathIsRegularFile
-    mkForce
-    ;
 
   cfg = config.security.apparmor_d;
   apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
@@ -21,13 +15,7 @@ in
     enable = mkEnableOption "enable apparmor.d support";
 
     profiles = mkOption {
-      type = types.attrsOf (
+      type = types.attrsOf (types.enum [ "disable" "complain" "enforce" ]);
-        types.enum [
-          "disable"
-          "complain"
-          "enforce"
-        ]
-      );
       default = {};
       description = "set of apparmor profiles to include from apparmor.d";
     };
@@ -37,8 +25,7 @@ in
     security.apparmor.packages = [ apparmor-d ];
     security.apparmor.policies = mapAttrs (name: state: {
       inherit state;
-      path =
+      path = let
-        let
         file = "${apparmor-d}/etc/apparmor.d/${name}";
       in
         assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";

common/tooling/apparmor/apparmor-d-package.nix

@@ -1,10 +1,4 @@
-{
+{ buildGoModule, fetchFromGitHub, git, lib, unstableGitUpdater }: 
-  buildGoModule,
-  fetchFromGitHub,
-  git,
-  lib,
-  unstableGitUpdater,
-}:
 buildGoModule {
   pname = "apparmor-d";
   version = "unstable-2024-10-12";

common/tooling/apparmor/default.nix

@@ -51,6 +51,7 @@ in
       };
     };
     
+
     security.apparmor.includes = {
       "abstractions/base" = ''
         /nix/store/*/bin/** mr,
@@ -66,6 +67,7 @@ in
 #        alias /bin/ -> /nix/store/*/bin/,
 #      '';
 
+
       "local/speech-dispatcher" = ''
         @{nix_store}/libexec/speech-dispatcher-modules/* ix,
         @{PROC}/@{pid}/stat r,
@@ -216,6 +218,7 @@ in
 #}        '';
 #      };
 
+
       sleep = {
         state = "enforce";
         profile = ''

common/tooling/nix.nix

@@ -11,7 +11,6 @@
     nix-output-monitor
     nix-search-cli
     niv
-    nvd
     vulnix
     nix-init
   ];

common/tooling/opensnitch/block_lists.nix

@@ -1,8 +1,4 @@
-{
+{ stdenv, fetchFromGitHub, lib }:
-  stdenv,
-  fetchFromGitHub,
-  lib,
-}:
 stdenv.mkDerivation rec {
   pname = "stevenblack_block";
   version = "3.14.116";

common/tooling/security.nix

@@ -70,9 +70,7 @@ in
       enableSSHSupport = true;
     };
 
-    grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) {
+    grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) { "passff@invicem.pro" = "passff"; };
-      "passff@invicem.pro" = "passff";
-    };
   };
 
   options.grimmShared.tooling.pass = mkEnableOption "Enables password-store, gnupg and such secret handling";

common/tooling/wine.nix

@@ -1,9 +1,4 @@
-{
+{ pkgs, config, lib, ... }:
-  pkgs,
-  config,
-  lib,
-  ...
-}:
 let
   inherit (config.grimmShared) enable tooling;
   inherit (lib)
@@ -27,6 +22,7 @@ in
 #      };
 #    };
 
+  
     environment.systemPackages = with pkgs; [
       winetricks
       wineWow64Packages.stagingFull

custom/ncspot/package.nix

@@ -1,32 +1,22 @@
-{
+{ stdenv
-  stdenv,
+, lib
-  lib,
+, fetchFromGitHub
-  fetchFromGitHub,
+, rustPlatform
-  rustPlatform,
+, pkg-config
-  pkg-config,
+, ncurses
-  ncurses,
+, openssl
-  openssl,
+, darwin
-  darwin,
+, withALSA ? stdenv.isLinux, alsa-lib
-  withALSA ? stdenv.isLinux,
+, withClipboard ? true, libxcb, python3
-  alsa-lib,
+, withCover ? false, ueberzug
-  withClipboard ? true,
+, withPulseAudio ? stdenv.isLinux, libpulseaudio
-  libxcb,
+, withPortAudio ? stdenv.isDarwin, portaudio
-  python3,
+, withMPRIS ? stdenv.isLinux, withNotify ? true, dbus
-  withCover ? false,
+, withCrossterm ? true
-  ueberzug,
+, nix-update-script
-  withPulseAudio ? stdenv.isLinux,
+, testers
-  libpulseaudio,
+, ncspot
-  withPortAudio ? stdenv.isDarwin,
+}: let 
-  portaudio,
-  withMPRIS ? stdenv.isLinux,
-  withNotify ? true,
-  dbus,
-  withCrossterm ? true,
-  nix-update-script,
-  testers,
-  ncspot,
-}:
-let
   inherit (darwin.apple_sdk.frameworks) Cocoa;
 in
 rustPlatform.buildRustPackage rec {
@@ -47,10 +37,10 @@ rustPlatform.buildRustPackage rec {
     };
   };
 
-  nativeBuildInputs = [ pkg-config ] ++ lib.optional withClipboard python3;
+  nativeBuildInputs = [ pkg-config ]
+    ++ lib.optional withClipboard python3;
 
-  buildInputs =
+  buildInputs = [ ncurses ]
-    [ ncurses ]
     ++ lib.optional stdenv.isLinux openssl
     ++ lib.optional withALSA alsa-lib
     ++ lib.optional withClipboard libxcb
@@ -64,8 +54,7 @@ rustPlatform.buildRustPackage rec {
 
   buildNoDefaultFeatures = true;
 
-  buildFeatures =
+  buildFeatures = [ "cursive/pancurses-backend" ]
-    [ "cursive/pancurses-backend" ]
     ++ lib.optional withALSA "alsa_backend"
     ++ lib.optional withClipboard "share_clipboard"
     ++ lib.optional withCover "cover"

flake.nix

@@ -34,18 +34,7 @@
     };
   };
 
-  outputs =
+  outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, aa-alias-manager, ... }:
-    inputs@{
-      self,
-      agenix,
-      nixpkgs,
-      chaotic,
-      aagl-gtk-on-nix,
-      nixos-mailserver,
-      nixos-matrix-modules,
-      aa-alias-manager,
-      ...
-    }:
     let
       patches = [
         ./aa_mod.patch
@@ -55,8 +44,7 @@
         }
       ];
 
-      customNixosSystem =
+      customNixosSystem = system: definitions:
-        system: definitions:
         let
           unpatched = nixpkgs.legacyPackages.${system};
           patched = unpatched.applyPatches {
@@ -66,15 +54,10 @@
           };
           nixosSystem = import (patched + "/nixos/lib/eval-config.nix");
         in
-        nixosSystem (
+        nixosSystem ({
-          {
           inherit system;
-            specialArgs = {
+          specialArgs = { inherit inputs system; };
-              inherit inputs system;
+        } // definitions);
-            };
-          }
-          // definitions
-        );
     in
     {
       nixosConfigurations = {

modules/matrix_legacy.nix

@@ -11,9 +11,7 @@ let
   fqdn = vhosts.matrix_host.host;
   base_url = "https://${fqdn}";
 
-  clientConfig."m.homeserver" = {
+  clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}";
-    inherit base_url;
-  }; # = "https://${vhosts.matrix_host.host}";
   serverConfig."m.server" = "${vhosts.matrix_host.host}:443";
   mkWellKnown = data: ''
     default_type application/json;
@@ -35,6 +33,7 @@ in
     ];
   };
 
+  
   services.matrix-synapse = {
     enable = true;
     settings.server_name = domain;
@@ -44,30 +43,21 @@ in
     # in client applications.
     settings.public_baseurl = base_url;
     settings.listeners = [
-      {
+      { port = 8008;
-        port = 8008;
         bind_addresses = [ "::1" ];
         type = "http";
         tls = false;
         x_forwarded = true;
-        resources = [
+        resources = [ {
-          {
+          names = [ "client" "federation" ];
-            names = [
-              "client"
-              "federation"
-            ];
           compress = true;
-          }
+        } ];
-        ];
       }
     ];
 
     settings.database = {
       name = "psycopg2";
-      args = {
+      args = { user="synapse"; database= "synapse"; };
-        user = "synapse";
-        database = "synapse";
-      };
     };
     settings.log_config = ./matrix_synapse_log_config.yaml;
     settings.enable_registration = false;
@@ -151,6 +141,7 @@ in
     matrix-synapse
   ];
 
+
     services.nginx = {
       enable = true;
       recommendedTlsSettings = true;

modules/wireguard.nix

@@ -1,10 +1,7 @@
-{ pkgs, ... }:
+ {pkgs, ...}: {
-{
   # enable NAT
-  networking.nat.enable = true;
+  networking.nat.enable = true; networking.nat.externalInterface = "eth0"; 
-  networking.nat.externalInterface = "eth0";
+  networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = {
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.firewall = {
     allowedUDPPorts = [ 51820 ];
   };
 
@@ -21,12 +18,10 @@
       # This allows the wireguard server to route your traffic to the internet and 
       # hence be like a VPN For this to work you have to set the dnsserver IP of 
       # your router (or dnsserver of choice) in your clients
-      postSetup = ''
+      postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
       '';
       # This undoes the above command
-      postShutdown = ''
+      postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
       '';
       
       generatePrivateKeyFile = true;
@@ -34,8 +29,7 @@
         {
 publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk=";
  allowedIPs = [ "10.100.0.2/32"  ];
-        }
+ } ];
-      ];
     };
   };
   environment.systemPackages = with pkgs; [ wireguard-tools ];

overlays/factorio.nix

@@ -4,9 +4,6 @@ let
 in
 {
   factorio = prev.factorio.override (
-    {
+    { versionsJson = ./versions.json; } // lib.optionalAttrs (builtins.pathExists loginFile) (import loginFile)
-      versionsJson = ./versions.json;
-    }
-    // lib.optionalAttrs (builtins.pathExists loginFile) (import loginFile)
   );
 }

specific/grimm-nixos-laptop/configuration.nix

@@ -9,6 +9,7 @@
 
   age.identityPaths = [ "/home/grimmauld/.ssh/id_ed25519" ];
 
+
   services.zfs.trim.enable = true;
   boot.supportedFilesystems.zfs = true;
   networking.hostId = "2ea79333";

specific/grimm-nixos-ssd/configuration.nix

@@ -1,9 +1,4 @@
-{
+{ config, lib, pkgs, ... }:
-  config,
-  lib,
-  pkgs,
-  ...
-}:
 {
   imports = [
     # Include the results of the hardware scan.
@@ -19,8 +14,7 @@
   
   # security.pam.yubico.control = "required";
 
-  services.udev.extraRules =
+  services.udev.extraRules = let 
-    let
     inherit (lib) getExe' getExe;
     inherit (pkgs) procps writeShellScriptBin;
     exitSway = writeShellScriptBin "kill-sway" ''
@@ -34,8 +28,7 @@
         fi
       done
     '';
-    in
+  in ''
-    ''
       ACTION=="remove",\
        ENV{SUBSYSTEM}=="usb",\
        ENV{PRODUCT}=="1050/407/543",\

specific/grimm-nixos-ssd/hardware-configuration.nix

@@ -1,36 +1,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }:
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
 
 {
-  imports = [
+  imports =
-    (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" "kvm-intel" ];
-    "xhci_pci"
+  boot.initrd.kernelModules = [ "zfs" "nls_cp437" "nls_iso8859-1" "usbhid" "usb_storage" "nvme" ];
-    "ahci"
-    "nvme"
-    "usbhid"
-    "uas"
-    "sd_mod"
-    "kvm-intel"
-  ];
-  boot.initrd.kernelModules = [
-    "zfs"
-    "nls_cp437"
-    "nls_iso8859-1"
-    "usbhid"
-    "usb_storage"
-    "nvme"
-  ];
   boot.zfs = {
     forceImportRoot = false;
     requestEncryptionCredentials = false; # none of the zfs datasets that should be mounted are encrypted. User homes happen later.
@@ -50,23 +29,23 @@
   boot.kernelParams = [ "mds=full,nosmt" ];
   services.homed.enable = true;
 
-  fileSystems."/" = {
+  fileSystems."/" =
-    device = "zpool/root";
+    { device = "zpool/root";
       fsType = "zfs";
     };
 
-  fileSystems."/nix" = {
+  fileSystems."/nix" =
-    device = "zpool/nix";
+    { device = "zpool/nix";
       fsType = "zfs";
     };
 
-  fileSystems."/var" = {
+  fileSystems."/var" =
-    device = "zpool/var";
+    { device = "zpool/var";
       fsType = "zfs";
     };
   
-  fileSystems."/etc/nixos" = {
+  fileSystems."/etc/nixos" =
-    device = "zpool/nix_conf";
+    { device = "zpool/nix_conf";
       fsType = "zfs";
       options = [ "noacl" ];
     };
@@ -76,16 +55,13 @@
 #      fsType = "zfs";
 #    };
 
-  fileSystems."/boot" = {
+  fileSystems."/boot" =
-    device = "/dev/disk/by-uuid/12CE-A600";
+    { device = "/dev/disk/by-uuid/12CE-A600";
       fsType = "vfat";
-    options = [
+      options = [ "fmask=0022" "dmask=0022" "umask=077" ];
-      "fmask=0022"
-      "dmask=0022"
-      "umask=077"
-    ];
     };
 
+
   grimmShared = {
     screens = {
       external = {
@@ -104,6 +80,7 @@
     laptop_hardware.enable = true;
   };
 
+
 #  fileSystems."/crypt-storage" =
 #     { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb";
 #      fsType = "ext4";

sway/default.nix

@@ -1,9 +1,4 @@
-{
+{ pkgs, lib, config, ... }:
-  pkgs,
-  lib,
-  config,
-  ...
-}:
 {
   imports = [ ./bar ];
 
@@ -56,8 +51,7 @@
           urgentcol = "#9e3c3c";
           realwhite = "#C7D3E3";
         };
-        keybinds =
+        keybinds = {
-          {
           "$mod+d" = "exec $menu";
           "$mod+Shift+d" = "exec $menu_run";
           "$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
@@ -160,18 +154,10 @@
             in
             "exec ${getExe open}";
           # XF86Bluetooth = "exec blueman-manager";
-          }
+        } // (let inherit (builtins) toString; in lib.mergeAttrsList (map (n: {
-          // (
-            let
-              inherit (builtins) toString;
-            in
-            lib.mergeAttrsList (
-              map (n: {
           "$mod+${toString n}" = "workspace number ${toString n}";
           "$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
-              }) (lib.range 0 9)
+        }) (lib.range 0 9)));
-            )
-          );
         autolaunch = [
           (getExe' pkgs.dbus "dbus-update-activation-environment")
           (getExe' pkgs.xdg-user-dirs "xdg-user-dirs-update")

users.nix

@@ -10,6 +10,7 @@
     # shell = pkgs.xonsh;
     description = "grimmauld";
 
+
     openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
     extraGroups = lib.intersectLists (lib.attrNames config.users.groups) [
       "networkmanager"