move all expressions to nix/; include modularized home-manager config

nix/home-manager/configuration/fullblown-workstation.nix

@@ -0,0 +1,394 @@
+{ pkgs
+, config, 
+... }:
+
+let
+  # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+  unstablepkgs = import <nixos-unstable> {};
+
+in {
+  imports = [
+    ../profiles/common.nix
+    ../profiles/qtile-desktop.nix
+    ../programs/emacs.nix
+    ../programs/firefox.nix
+    ../programs/chromium.nix
+    ../programs/homeshick.nix
+    ../programs/libreoffice.nix
+    ../programs/neovim.nix
+    ../programs/pass.nix
+    ../programs/zsh.nix
+  ];
+
+  nixpkgs.config = {
+    pidgin = {
+      openssl = true;
+      gnutls = true;
+    };
+
+    packageOverrides = pkgs: with pkgs; {
+      busyboxStatic =  busybox.override {
+        enableStatic = true;
+        extraConfig = ''
+           CONFIG_STATIC y
+           CONFIG_INSTALL_APPLET_DONT y
+           CONFIG_INSTALL_APPLET_SYMLINKS n
+         '';
+      };
+
+      dropbearStatic = dropbear.override {
+        enableStatic = true;
+      };
+
+      myPython36 = python36Full.withPackages (ps: with ps; [ 
+        pylint pep8 yapf flake8
+        # autopep8 (broken)
+        # pylint (broken)
+        ipython
+        llfuse
+        dugong
+        defusedxml
+        wheel
+        pip
+        virtualenv
+        pypi2nix
+        cffi
+        pyopenssl
+        urllib3
+        mistune
+
+        flask
+
+        pyaml
+      ] ++ [
+        pkgs.libffi
+      ]);
+
+      staruml = callPackage ../../pkgs/staruml.nix { inherit (gnome2) GConf; libgcrypt = libgcrypt_1_5; };
+    };
+  };
+
+  home.sessionVariables = {
+    GOPATH="$HOME/src/go";
+
+    PATH=pkgs.lib.concatStringsSep ":" [ 
+      "$HOME/.local/bin"
+      "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin"
+      "$HOME/.cargo/bin"
+      "$HOME/.gem/ruby/2.3.0/bin"
+      "$HOME/.npm-packages/bin"
+      "$GOPATH/bin"
+      "$PATH"
+    ];
+  };
+
+  home.packages = []
+    ++ (with pkgs; [
+      # Authentication
+      cacert
+      fprintd
+      openssl
+      mkpasswd
+
+      # Nix package related tools
+      patchelf
+      nix-index
+      nox
+      nix-prefetch-scripts
+
+      # Version Control Systems
+      git-crypt
+      unstablepkgs.pijul
+      gitFull
+      gitless
+      mr
+
+      gitRepo
+
+      # Cloud/Remote System Management
+      google-cloud-sdk
+      ansible
+      nixops
+      unstablepkgs.terraform
+      awscli
+      hcloud
+
+      # Process/System Administration
+      htop
+      gnome3.gnome-tweak-tool
+      xorg.xhost
+      dmidecode
+      python36Packages.glances
+      evtest
+
+      # Archive Managers
+      sshfsFuse
+      xarchive
+      p7zip
+      zip
+      unzip
+      gzip
+      lzop
+
+      # Password Management
+      gnupg
+      yubikey-neo-manager
+      yubikey-personalization
+      yubikey-personalization-gui
+      gnome3.gnome_keyring
+      gnome3.seahorse
+
+      # Security
+      tpm-tools
+      tpmmanager
+
+      # Web Browsers
+      links2
+
+      # Language Support
+      hunspellDicts.en-us
+      hunspellDicts.de-de
+
+      # Messaging/Communication
+      pidgin
+      hexchat
+      aspellDicts.en
+      aspellDicts.de
+      unstablepkgs.skype
+      zoom-us
+      unstablepkgs.bluejeans-gui
+      thunderbird
+      gnome3.evolution # gnome4.glib_networking
+      tdesktop
+      gnome3.cheese
+
+      # Virtualization
+      virtmanager
+      qemu
+      # virtualbox
+      vagrant
+      unstablepkgs.rkt
+      python27Packages.docker_compose
+      # unstablepkgs.kubernetes
+      unstablepkgs.minikube
+      unstablepkgs.openshift
+      # (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
+      #   patches = oldAttrs.patches ++ [
+      #     (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
+      #   ];
+      # }))
+
+      # Remote Control Tools
+      remmina
+      freerdp
+      x2goclient
+      teamviewer
+
+      # Audio/Video Players
+      ffmpeg
+      vlc
+      audacity
+      spotify
+      smtube
+      python27Packages.youtube-dl-light
+      screenkey
+      quvi
+
+      # Network Tools
+      openvpn
+      tcpdump
+      iftop
+      iperf
+      bind
+      socat 
+
+      # samba
+      iptables
+      nftables
+      wireshark
+
+      # Code Editors
+      xclip
+      xsel
+      unstablepkgs.vscode
+      # (vscode-with-extensions.override {
+      #   # When the extension is already available in the default extensions set.
+      #   vscodeExtensions = with vscode-extensions; [
+      #   ]   
+      #   # Concise version from the vscode market place when not available in the default set.
+      #   ++ vscode-utils.extensionsFromVscodeMarketplace [
+      #     {
+      #       name = "vsliveshare";
+      #       publisher = "MS-vsliveshare";
+      #       version = "0.3.198";
+      #       sha256 = "019ffyxca3qnqyz1fr7vh0plfdkc3ikr8v295z846lghvwlzjqdh";
+      #     }
+      #   ];
+      # })
+
+      unstablepkgs.atom
+
+      # Image/Graphic/Design Tools
+      gnome3.eog
+      gimp
+      imagemagick
+      exiv2
+      graphviz
+      inkscape
+      ## barcode
+      qrencode
+      zbar
+      feh
+      # digikam
+
+
+      # Modelling Tools
+      plantuml
+      umlet
+      staruml
+      eclipses.eclipse-modeling
+      dia
+      astah-community
+      
+      # Misc Development Tools
+      qrcode
+      travis
+      jq
+      prometheus
+      cdrtools
+
+      # Document Processing and Management
+      unstablepkgs.zathura
+      mendeley
+      jabref
+      zotero
+      hugo
+      pandoc
+
+      # LaTeX
+      perlPackages.YAMLTiny
+      perlPackages.FileHomeDir
+      perlPackages.UnicodeLineBreak
+      (texlive.combine {
+        inherit (texlive) 
+          scheme-small
+          texlive-de
+          texlive-en
+          texlive-scripts
+          collection-langgerman 
+
+          latexindent
+          latexmk
+
+          algorithms
+          cm-super
+
+          preprint
+          enumitem
+          draftwatermark
+          everypage
+          ulem
+          placeins
+          minted ifplatform fvextra xstring framed
+          ;
+      })
+
+      pdftk
+      masterpdfeditor
+
+      # File Synchronzation
+      seafile-client
+      syncthing
+      grive2
+      dropbox
+      # gocryptfs
+      # hubicfuse
+      # s3ql
+      # rclone
+      rsync
+
+      # Filesystem Tools
+      ntfs3g
+      ddrescue
+      ncdu
+      unstablepkgs.woeusb
+      unetbootin
+      pcmanfm
+      hdparm
+      testdisk
+      python27Packages.binwalk
+      gptfdisk
+
+      # games
+      zeroad
+
+      # Compilers & Toolchains
+      autoconf
+      automake
+      libtool
+      gcc
+      pkgconfig
+      binutils
+      valgrind
+      gdb
+      cgdb
+      man-pages
+      gnumake
+      shellcheck
+      bazel
+
+      ## Android
+      androidsdk
+
+      ## Java
+      jre
+      openjdk
+
+      ## Ruby
+      ruby
+
+      ## Python
+      myPython36
+      pypi2nix
+
+      ## Webdev
+      nodejs-8_x
+      npm2nix
+      emscripten
+      etcd
+      sigal
+
+      # Code generators
+      unstablepkgs.swagger-codegen
+
+      # Misc Desktop Tools
+      ltunify
+      solaar
+      dex
+      roxterm
+      # kitty
+      busyboxStatic 
+      xorg.xbacklight
+      coreutils
+      lsof
+      pavucontrol
+      x11_ssh_askpass
+      xdotool
+      xdg_utils
+      xdg-user-dirs
+      gnome3.dconf
+      picocom
+      glib.dev # contains gdbus tool
+
+      # Screen recording
+      gtk-recordmydesktop # can't select the window
+      qt-recordmydesktop
+      vokoscreen
+      shutter
+      # kazam # doesn't start
+      # xvidcap # doesn't keep the recording rectangle
+      obs-studio
+      shotcut
+      openshot-qt
+  ]); 
+}

nix/home-manager/configuration/removable-desktop.nix

@@ -0,0 +1,161 @@
+{ pkgs
+, config, 
+... }:
+
+let
+  # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+  unstablepkgs = import <nixos-unstable> {};
+
+in {
+  imports = [
+    ../profiles/common.nix
+    ../profiles/qtile-desktop.nix
+    ../programs/emacs.nix
+    ../programs/firefox.nix
+    ../programs/chromium.nix
+    ../programs/homeshick.nix
+    ../programs/libreoffice.nix
+    ../programs/neovim.nix
+    ../programs/pass.nix
+    ../programs/zsh.nix
+  ];
+
+  nixpkgs.config = {
+    pidgin = {
+      openssl = true;
+      gnutls = true;
+    };
+
+    packageOverrides = pkgs: with pkgs; {
+      myPython36 = python36Full.withPackages (ps: with ps; [ 
+        pylint pep8 yapf flake8
+        # autopep8 (broken)
+        # pylint (broken)
+        ipython
+        llfuse
+        dugong
+        defusedxml
+        wheel
+        pip
+        virtualenv
+        pypi2nix
+        cffi
+        pyopenssl
+        urllib3
+        mistune
+
+        flask
+
+        pyaml
+      ] ++ [
+        pkgs.libffi
+      ]);
+    };
+  };
+
+  home.sessionVariables = {
+  };
+
+  home.packages = []
+    ++ (with pkgs; [
+      # Authentication
+      cacert
+      fprintd
+      openssl
+      mkpasswd
+
+      # Nix package related tools
+      patchelf
+      nix-index
+      nox
+      nix-prefetch-scripts
+
+      # Version Control Systems
+      git-crypt
+      unstablepkgs.pijul
+      gitFull
+      gitless
+      mr
+      gitRepo
+
+      # Process/System Administration
+      htop
+      gnome3.gnome-tweak-tool
+      xorg.xhost
+      dmidecode
+      python36Packages.glances
+      evtest
+
+      # Archive Managers
+      sshfsFuse
+      xarchive
+      p7zip
+      zip
+      unzip
+      gzip
+      lzop
+
+      # Password Management
+      gnupg
+      gnome3.gnome_keyring
+      gnome3.seahorse
+
+      # Remote Control Tools
+      remmina
+      freerdp
+      x2goclient
+
+      # Network Tools
+      openvpn
+      tcpdump
+      iftop
+      iperf
+      bind
+      socat 
+
+      # samba
+      iptables
+      nftables
+      wireshark
+
+      # Code Editors
+      xclip
+      xsel
+      unstablepkgs.vscode
+
+      # Image/Graphic/Design Tools
+      gnome3.eog
+      gimp
+      inkscape
+
+      # Misc Development Tools
+      qrcode
+      jq
+      cdrtools
+
+      # Document Processing and Management
+      unstablepkgs.zathura
+
+      # File Synchronzation
+      rsync
+
+      # Filesystem Tools
+      ntfs3g
+      ddrescue
+      ncdu
+      unstablepkgs.woeusb
+      unetbootin
+      pcmanfm
+      hdparm
+      testdisk
+      python27Packages.binwalk
+      gptfdisk
+
+      androidsdk
+
+      ## Python
+      myPython36
+
+      busyboxStatic 
+  ]); 
+}

nix/home-manager/configuration/steveej-qtile-desktop.nix

@@ -0,0 +1,381 @@
+{ pkgs
+, config, 
+... }:
+
+let
+  # gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+  unstablepkgs = import <nixos-unstable> {};
+
+in {
+  imports = [
+    ../profiles/common.nix
+    ../profiles/qtile-desktop.nix
+    ../programs/emacs.nix
+    ../programs/firefox.nix
+    ../programs/chromium.nix
+    ../programs/homeshick.nix
+    ../programs/libreoffice.nix
+    ../programs/neovim.nix
+    ../programs/pass.nix
+    ../programs/zsh.nix
+  ];
+
+  nixpkgs.config = {
+    pidgin = {
+      openssl = true;
+      gnutls = true;
+    };
+
+    packageOverrides = pkgs: with pkgs; {
+      myPython36 = python36Full.withPackages (ps: with ps; [ 
+        pylint pep8 yapf flake8
+        # autopep8 (broken)
+        # pylint (broken)
+        ipython
+        llfuse
+        dugong
+        defusedxml
+        wheel
+        pip
+        virtualenv
+        pypi2nix
+        cffi
+        pyopenssl
+        urllib3
+        mistune
+
+        flask
+
+        pyaml
+      ] ++ [
+        pkgs.libffi
+      ]);
+
+      staruml = callPackage ../../pkgs/staruml.nix { inherit (gnome2) GConf; libgcrypt = libgcrypt_1_5; };
+    };
+  };
+
+  home.sessionVariables = {
+    GOPATH="$HOME/src/go";
+
+    PATH=pkgs.lib.concatStringsSep ":" [ 
+      "$HOME/.local/bin"
+      "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin"
+      "$HOME/.cargo/bin"
+      "$HOME/.gem/ruby/2.3.0/bin"
+      "$HOME/.npm-packages/bin"
+      "$GOPATH/bin"
+      "$PATH"
+    ];
+  };
+
+  home.packages = []
+    ++ (with pkgs; [
+      # Authentication
+      cacert
+      fprintd
+      openssl
+      mkpasswd
+
+      # Nix package related tools
+      patchelf
+      nix-index
+      nox
+      nix-prefetch-scripts
+
+      # Version Control Systems
+      git-crypt
+      unstablepkgs.pijul
+      gitFull
+      gitless
+      mr
+
+      gitRepo
+
+      # Cloud/Remote System Management
+      google-cloud-sdk
+      ansible
+      nixops
+      unstablepkgs.terraform
+      awscli
+      hcloud
+
+      # Process/System Administration
+      htop
+      gnome3.gnome-tweak-tool
+      xorg.xhost
+      dmidecode
+      python36Packages.glances
+      evtest
+
+      # Archive Managers
+      sshfsFuse
+      xarchive
+      p7zip
+      zip
+      unzip
+      gzip
+      lzop
+
+      # Password Management
+      gnupg
+      yubikey-neo-manager
+      yubikey-personalization
+      yubikey-personalization-gui
+      gnome3.gnome_keyring
+      gnome3.seahorse
+
+      # Security
+      tpm-tools
+      tpmmanager
+
+      # Web Browsers
+      links2
+
+      # Language Support
+      hunspellDicts.en-us
+      hunspellDicts.de-de
+
+      # Messaging/Communication
+      pidgin
+      hexchat
+      aspellDicts.en
+      aspellDicts.de
+      unstablepkgs.skype
+      zoom-us
+      unstablepkgs.bluejeans-gui
+      thunderbird
+      gnome3.evolution # gnome4.glib_networking
+      tdesktop
+      gnome3.cheese
+
+      # Virtualization
+      virtmanager
+      qemu
+      # virtualbox
+      vagrant
+      unstablepkgs.rkt
+      python27Packages.docker_compose
+      # unstablepkgs.kubernetes
+      unstablepkgs.minikube
+      unstablepkgs.openshift
+      # (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
+      #   patches = oldAttrs.patches ++ [
+      #     (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
+      #   ];
+      # }))
+
+      # Remote Control Tools
+      remmina
+      freerdp
+      x2goclient
+      teamviewer
+
+      # Audio/Video Players
+      ffmpeg
+      vlc
+      audacity
+      spotify
+      smtube
+      python27Packages.youtube-dl-light
+      screenkey
+      quvi
+
+      # Network Tools
+      openvpn
+      tcpdump
+      iftop
+      iperf
+      bind
+      socat 
+
+      # samba
+      iptables
+      nftables
+      wireshark
+
+      # Code Editors
+      xclip
+      xsel
+      unstablepkgs.vscode
+      # (vscode-with-extensions.override {
+      #   # When the extension is already available in the default extensions set.
+      #   vscodeExtensions = with vscode-extensions; [
+      #   ]   
+      #   # Concise version from the vscode market place when not available in the default set.
+      #   ++ vscode-utils.extensionsFromVscodeMarketplace [
+      #     {
+      #       name = "vsliveshare";
+      #       publisher = "MS-vsliveshare";
+      #       version = "0.3.198";
+      #       sha256 = "019ffyxca3qnqyz1fr7vh0plfdkc3ikr8v295z846lghvwlzjqdh";
+      #     }
+      #   ];
+      # })
+
+      unstablepkgs.atom
+
+      # Image/Graphic/Design Tools
+      gnome3.eog
+      gimp
+      imagemagick
+      exiv2
+      graphviz
+      inkscape
+      ## barcode
+      qrencode
+      zbar
+      feh
+      # digikam
+
+
+      # Modelling Tools
+      plantuml
+      umlet
+      staruml
+      eclipses.eclipse-modeling
+      dia
+      astah-community
+      
+      # Misc Development Tools
+      qrcode
+      travis
+      jq
+      prometheus
+      cdrtools
+
+      # Document Processing and Management
+      unstablepkgs.zathura
+      mendeley
+      jabref
+      zotero
+      hugo
+      pandoc
+
+      # LaTeX
+      perlPackages.YAMLTiny
+      perlPackages.FileHomeDir
+      perlPackages.UnicodeLineBreak
+      (texlive.combine {
+        inherit (texlive) 
+          scheme-small
+          texlive-de
+          texlive-en
+          texlive-scripts
+          collection-langgerman 
+
+          latexindent
+          latexmk
+
+          algorithms
+          cm-super
+
+          preprint
+          enumitem
+          draftwatermark
+          everypage
+          ulem
+          placeins
+          minted ifplatform fvextra xstring framed
+          ;
+      })
+
+      pdftk
+      masterpdfeditor
+
+      # File Synchronzation
+      seafile-client
+      syncthing
+      grive2
+      dropbox
+      # gocryptfs
+      # hubicfuse
+      # s3ql
+      # rclone
+      rsync
+
+      # Filesystem Tools
+      ntfs3g
+      ddrescue
+      ncdu
+      unstablepkgs.woeusb
+      unetbootin
+      pcmanfm
+      hdparm
+      testdisk
+      python27Packages.binwalk
+      gptfdisk
+
+      # games
+      zeroad
+
+      # Compilers & Toolchains
+      autoconf
+      automake
+      libtool
+      gcc
+      pkgconfig
+      binutils
+      valgrind
+      gdb
+      cgdb
+      man-pages
+      gnumake
+      shellcheck
+      bazel
+
+      ## Android
+      androidsdk
+
+      ## Java
+      jre
+      openjdk
+
+      ## Ruby
+      ruby
+
+      ## Python
+      myPython36
+      pypi2nix
+
+      ## Webdev
+      nodejs-8_x
+      npm2nix
+      emscripten
+      etcd
+      sigal
+
+      # Code generators
+      unstablepkgs.swagger-codegen
+
+      # Misc Desktop Tools
+      ltunify
+      solaar
+      dex
+      roxterm
+      # kitty
+      busyboxStatic 
+      xorg.xbacklight
+      coreutils
+      lsof
+      pavucontrol
+      x11_ssh_askpass
+      xdotool
+      xdg_utils
+      xdg-user-dirs
+      gnome3.dconf
+      picocom
+      glib.dev # contains gdbus tool
+
+      # Screen recording
+      gtk-recordmydesktop # can't select the window
+      qt-recordmydesktop
+      vokoscreen
+      shutter
+      # kazam # doesn't start
+      # xvidcap # doesn't keep the recording rectangle
+      obs-studio
+      shotcut
+      openshot-qt
+  ]); 
+}

nix/home-manager/lib.nix

@@ -0,0 +1,22 @@
+{ 
+}:
+
+let 
+
+in {
+  mkSimpleTrayService = { execStart }: {
+    Unit = {
+      Description = "pasystray applet";
+      After = [ "graphical-session-pre.target" ];
+      PartOf = [ "graphical-session.target" ];
+    };
+
+    Install = {
+      WantedBy = [ "graphical-session.target" ];
+    };
+
+    Service = {
+      ExecStart = execStart;
+    };
+  };
+}

nix/home-manager/profiles/common.nix

@@ -0,0 +1,52 @@
+{ pkgs,
+...
+}:
+
+let 
+in {
+  programs.home-manager.enable = true;
+  programs.home-manager.path = https://github.com/rycee/home-manager/archive/master.tar.gz;
+
+  nixpkgs.config = {
+    allowBroken = true;
+    allowUnfree = true;
+
+    # TODO: move this to a pkgs overlay
+    packageOverrides = pkgs: with pkgs; {
+      busyboxStatic =  busybox.override {
+        enableStatic = true;
+        extraConfig = ''
+           CONFIG_STATIC y
+           CONFIG_INSTALL_APPLET_DONT y
+           CONFIG_INSTALL_APPLET_SYMLINKS n
+         '';
+      };
+
+      dropbearStatic = dropbear.override {
+        enableStatic = true;
+      };
+    };
+  };
+
+  home.keyboard = {
+    layout = "us";
+    variant = "altgr-intl";
+    options = [ 
+      "nodeadkeys"
+     # "caps:swapescape"
+    ];
+  };
+
+  programs.direnv.enable = true;
+
+  home.sessionVariables = {
+    NIXPKGS_ALLOW_UNFREE = "1";
+    # Don't create .pyc files.
+    PYTHONDONTWRITEBYTECODE = "1";
+
+    HOMESHICK_DIR="${pkgs.homeshick}";
+  };
+
+  programs.command-not-found.enable = true;
+  programs.fzf.enable = true;
+}

nix/home-manager/profiles/qtile-desktop.nix

@@ -0,0 +1,278 @@
+{ pkgs
+, ...
+}:
+
+let
+  inherit (import ../lib.nix { })
+    mkSimpleTrayService
+    ;
+      
+  qtileConfig = pkgs.writeScript "config.py" ''
+from libqtile.config import Key, Screen, Group, Drag, Click
+from libqtile.command import lazy
+from libqtile import layout, bar, widget
+from libqtile import hook
+
+import logging, os
+logger = logging.getLogger()
+logger.setLevel(logging.WARN)
+
+handler = logging.handlers.RotatingFileHandler(
+    os.path.join(os.getenv('HOME'), '.qtilelog'), maxBytes=10240000,
+    backupCount=7
+)
+handler.setLevel(logging.WARN)
+logger.addHandler(handler)
+
+@hook.subscribe.screen_change
+def restart_on_randr(qtile, ev):
+    import time
+
+    with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "w"):
+        pass
+
+    lastRestart = 0
+    with open(os.path.join(os.environ['HOME'], ".qtilelastrestart"), "r+") as lastRestartFile:
+        lastRestartStr = lastRestartFile.read()
+        if len(lastRestartStr) > 0:
+            lastRestart = float(lastRestartStr)
+
+        print("screen changed. (last change: %s)" % lastRestart)
+
+        delta=time.time()-lastRestart
+        if delta > 3:
+            import subprocess
+            lastRestartFile.seek(0)
+            lastRestartFile.write("%s" % time.time())
+            lastRestartFile.truncate()
+
+            subprocess.call(["autorandr","-c"])
+            qtile.cmd_restart()
+        else:
+            print("screen is changing too fast: %s" % delta)
+
+active_screen = 0
+@hook.subscribe.client_focus
+def focus_changed(window):
+    global active_screen
+    pass
+    active_screen = window.group.screen.index
+
+@hook.subscribe.current_screen_change
+def move_widget(): 
+    global active_screen
+    systray = widget.Systray()
+    logging.warn("Screen changed to %i" % active_screen)
+
+key_super = "mod4"
+key_alt = "mod1"
+key_control = "control"
+
+keys = [
+    # https://github.com/qtile/qtile/blob/develop/libqtile/xkeysyms.py
+    Key([key_super], "Return", lazy.spawn("${pkgs.roxterm}/bin/roxterm")),
+    Key([key_super], "backslash", lazy.spawn("${pkgs.roxterm}/bin/roxterm")),
+    Key([key_super], "apostrophe", lazy.spawn("${pkgs.roxterm}/bin/roxterm")),
+    Key([key_super], "r", lazy.spawncmd()),
+    Key([key_super], "w", lazy.window.kill()),
+
+#    Key([key_alt, key_super], "l", lazy.spawn("xscreensaver-command -lock")),
+#    Key([key_alt, key_super], "l", lazy.spawn("sh -c '(sleep 1; xset dpms force off) & xautolock -locknow'")),
+#     Key([key_alt, key_super], "l", lazy.spawn("light-locker-command -l")),
+#    Key([key_alt, key_super], "l", lazy.spawn("dm-tool lock")),
+    Key([key_alt, key_super], "l", lazy.spawn('${pkgs.bash}/bin/sh -c "loginctl lock-session $XDG_SESSION_ID"')),
+    Key([key_alt, key_super], "s", lazy.spawn("${pkgs.systemd}/bin/systemctl suspend")),
+
+    Key([key_super, key_control], "r", lazy.restart()),
+    Key([key_super, key_control], "q", lazy.shutdown()),
+
+    # Toggle between different layouts as defined below
+    Key([key_super], "Tab", lazy.next_layout()),
+
+    # MonadTall keybindings
+    Key([key_super], "h", lazy.layout.left()),
+    Key([key_super], "l", lazy.layout.right()),
+    Key([key_super], "j", lazy.layout.down()),
+    Key([key_super], "k", lazy.layout.up()),
+    Key([key_super, key_control], "h", lazy.layout.shuffle_left()),
+    Key([key_super, key_control], "l", lazy.layout.shuffle_right()),
+    Key([key_super, key_control], "j", lazy.layout.shuffle_down()),
+    Key([key_super, key_control], "k", lazy.layout.shuffle_up()),
+    Key([key_super, key_control], "space", lazy.layout.toggle_split()),
+    Key([key_control, key_alt], "h", lazy.layout.grow_left()),
+    Key([key_control, key_alt], "j", lazy.layout.grow_down()),
+    Key([key_control, key_alt], "k", lazy.layout.grow_up()),
+    Key([key_control, key_alt], "l", lazy.layout.grow_right()),
+    Key([key_super], "n", lazy.layout.normalize()),
+    Key([key_super], "o", lazy.layout.maximize()),
+
+    # Stack
+    Key([key_super], "h", lazy.layout.previous().when('stack')),
+    Key([key_super], "l", lazy.layout.next().when('stack')),
+    Key([key_super], "j", lazy.layout.up().when('stack')),
+    Key([key_super], "k", lazy.layout.down().when('stack')),
+    Key([key_super, key_control], "j", lazy.layout.shuffle_up().when('stack')),
+    Key([key_super, key_control], "k", lazy.layout.shuffle_down().when('stack')),
+    Key([key_super, key_control], "h", lazy.layout.client_to_previous().when('stack')),
+    Key([key_super, key_control], "l", lazy.layout.client_to_next().when('stack')),
+
+    # Columns
+    Key([key_super], "h", lazy.layout.left().when('columns')),
+    Key([key_super], "l", lazy.layout.right().when('columns')),
+    Key([key_super], "j", lazy.layout.down().when('columns')),
+    Key([key_super], "k", lazy.layout.up().when('columns')),
+    Key([key_super, key_control], "j", lazy.layout.shuffle_down().when('columns')),
+    Key([key_super, key_control], "k", lazy.layout.shuffle_up().when('columns')),
+    Key([key_super, key_control], "h", lazy.layout.shuffle_left().when('columns')),
+    Key([key_super, key_control], "l", lazy.layout.shuffle_right().when('columns')),
+
+    # Max
+    Key([key_super], "j", lazy.layout.next()),
+    Key([key_super], "k", lazy.layout.previous()),
+
+    # Multimedia Keys
+    Key([], "XF86AudioPlay", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause")),
+    Key([], "XF86AudioPrev", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")),
+    Key([], "XF86AudioNext", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")),
+    ## Microsoft Comfort Curve specific 
+    Key([key_super, "shift"], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous")),
+    Key([key_alt, key_super], "XF86TouchpadToggle", lazy.spawn("${pkgs.dbus}/bin/dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next")),
+
+    # FIXME: Backlight currently broken
+#    Key([], "XF86MonBrightnessDown", lazy.spawn("xbacklight -inc -5")),
+#    Key([], "XF86MonBrightnessUp", lazy.spawn("xbacklight -inc 5")),
+
+    Key([], "Print", lazy.spawn("${pkgs.flameshot}/bin/flameshot gui")),
+]
+groups = [Group(i) for i in "1234567890"]
+
+for i in groups:
+    # super + letter of group = switch to group
+    keys.append(
+        Key([key_super], i.name, lazy.group[i.name].toscreen())
+    )
+
+    # super + shift + letter of group = switch to & move focused window to group
+    keys.append(
+        Key([key_super, key_control], i.name, lazy.window.togroup(i.name))
+    )
+
+layouts = [
+    layout.Columns(num_columns=3, border_focus='#00ff00', border_width=2),
+    layout.Max(),
+    # layout.Stack(num_stacks=3, border_focus='#00ff00', border_width=2, autosplit=True, previous_on_rm=True),
+   # layout.Wmii(border_focus='#00ff00'),
+   # layout.MonadTall(ratio=0.6, border_focus='#00ff00'),
+]
+
+widget_defaults = dict(
+    font='Arial',
+    fontsize=16,
+    padding=3,
+)
+
+screens_count = 4
+screens = []
+for i in range(0, screens_count+1):
+    j = i+1
+    widgets = [
+        widget.TextBox("Screen %i" % j, name="Screen %i" % j),
+        widget.GroupBox(),
+        widget.WindowName(),
+        widget.Prompt(),
+        widget.CPUGraph(),
+        widget.MemoryGraph(),
+        widget.NetGraph(bandwidth_type='down'),
+        widget.NetGraph(bandwidth_type='up'),
+        widget.Clock(format='%Y-%m-%d %a %I:%M %p'),
+    ]
+    if i is 0:
+        widgets.insert(-1, widget.Systray())
+
+    screens.append(Screen(bottom=bar.Bar(widgets, 30)))
+
+    keys.append(Key([key_super, "shift"], "%i" % (i+1), lazy.to_screen(i)))
+
+# subscribe.current_screen_change(func)
+
+dgroups_key_binder = None
+dgroups_app_rules = []
+main = None
+follow_mouse_focus = False
+bring_front_click = True
+cursor_warp = False
+auto_fullscreen = True
+focus_on_window_activation = "urgent"
+
+
+# Drag floating layouts.
+mouse = [
+    Drag([key_super,key_control], "Button1", lazy.window.set_position_floating(), start=lazy.window.get_position()),
+    Drag([key_super,key_control], "Button2", lazy.window.set_size_floating(), start=lazy.window.get_size()),
+    Click([key_super,key_control], "Button3", lazy.window.disable_floating())
+]
+floating_layout = layout.Floating()
+
+wmname = "LG3D"
+  '';
+in {
+  systemd.user = {
+    startServices = true;
+    services = {
+      redshift-gtk = mkSimpleTrayService {
+        execStart = "${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr";
+      };
+
+      pasystray = mkSimpleTrayService {
+        execStart = "${pkgs.pasystray}/bin/pasystray"; 
+      };
+
+      cbatticon = mkSimpleTrayService {
+        execStart = "${pkgs.cbatticon}/bin/cbatticon";
+      };
+    };
+  };
+
+  services = {
+    gnome-keyring.enable = true;
+    blueman-applet.enable = true;
+    screen-locker = {
+      enable = true;
+      inactiveInterval = 7;
+      lockCmd = "${pkgs.xscreensaver}/bin/xscreensaver-command -lock";
+    };
+    xscreensaver.enable = true;
+    network-manager-applet.enable = true;
+    syncthing.enable = true;
+    gpg-agent = {
+      enable = true;
+      enableScDaemon = true;
+      enableSshSupport = true;
+      grabKeyboardAndMouse = true;
+    };
+    flameshot.enable = true;
+  };
+
+  xsession = {
+    enable = true;
+    windowManager.command = "${pkgs.qtile}/bin/qtile -c ${qtileConfig}";
+    initExtra = ''
+      ${pkgs.autorandr}/bin/autorandr -c
+      ${pkgs.feh}/bin/feh --bg-scale ${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png
+    '';
+  };
+
+  home.packages = with pkgs; [
+    # X Tools/Libraries
+    lightdm
+    qtile
+    xscreensaver
+    gnome3.networkmanagerapplet
+    autorandr
+    arandr
+    gnome3.gnome_themes_standard
+    gnome3.adwaita-icon-theme
+    lxappearance
+    xorg.xcursorthemes
+  ];
+}

nix/home-manager/programs/chromium.nix

@@ -0,0 +1,23 @@
+{ 
+...
+}:
+
+{
+  programs.chromium = {
+    enable = true;
+  };
+
+  nixpkgs.config = {
+    chromium = {
+      enablePepperPDF = true;
+      enablePepperFlash = false;
+    };
+  };
+
+  programs.browserpass = {
+    browsers = [
+      "chromium"
+    ];
+  };
+}
+

nix/home-manager/programs/emacs.nix

@@ -0,0 +1,24 @@
+{ pkgs,
+...
+}:
+
+{
+  programs.emacs = {
+    enable = true;
+    extraPackages = epkgs: (with epkgs; [
+      nix-mode
+      magit          # ; Integrate git <C-x g>
+      zerodark-theme # ; Nicolas' theme
+      undo-tree      # ; <C-x u> to show the undo tree
+      # zoom-frm       # ; increase/decrease font size for all buffers %lt;C-x C-+>
+    ]) ++ (with epkgs.melpaPackages; [
+      evil
+    ]) ++ (with epkgs.elpaPackages; [
+      auctex         # ; LaTeX mode
+      beacon         # ; highlight my cursor when scrolling
+      nameless       # ; hide current package name everywhere in elisp code
+    ]) ++ (with pkgs; [
+      pkgs.notmuch   # From main packages set
+    ]);
+  };
+}

nix/home-manager/programs/firefox.nix

@@ -0,0 +1,19 @@
+{ 
+...
+}:
+
+{
+  programs.firefox = {
+    enable = true;
+    enableAdobeFlash = false;
+    enableGoogleTalk = true;
+    enableIcedTea = true;
+  };
+
+  programs.browserpass = {
+    browsers = [
+      "firefox"
+    ];
+  };
+}
+

nix/home-manager/programs/homeshick.nix

@@ -0,0 +1,38 @@
+{ pkgs
+, config
+, ...
+}:
+
+let 
+  bootstrapRepos = pkgs.writeScript "bootstrapRepos" ''
+    set -e
+    echo home-manager path is ${config.home.path}
+    echo home is $HOME
+
+    source ${pkgs.homeshick}/homeshick.sh
+    type homeshick
+      
+    # echo Updating homeshick
+    # ln -sfT ${pkgs.homeshick} "$HOMESICK_REPOS"/.homeshick
+    # mv -Tf "$HOMESICK_REPOS"/{.,}homeshick
+    '';
+
+in {
+  home.sessionVariables = {
+    HOMESHICK_DIR="${pkgs.homeshick}";
+  };
+
+  home.activation.bootstrapRepos = config.lib.dag.entryAfter ["writeBoundary"] ''
+    $DRY_RUN_CMD ${bootstrapRepos}
+  '';
+
+  nixpkgs.config = {
+
+    packageOverrides = pkgs: with pkgs; {
+      homeshick = builtins.fetchGit {
+        url = "https://github.com/andsens/homeshick.git";
+        ref = "master";
+      };
+    };
+  };
+}

nix/home-manager/programs/libreoffice.nix

@@ -0,0 +1,14 @@
+{ pkgs,
+...
+}:
+
+{
+  home.sessionVariables = {
+    # Workaround for Libreoffice to force gtk3
+    SAL_USE_VCLPLUGIN = "gtk3";
+  };
+
+  home.packages = with pkgs; [
+    libreoffice-fresh
+  ];
+}

nix/home-manager/programs/neovim.nix

@@ -0,0 +1,152 @@
+{ pkgs,
+...
+}:
+
+let
+  unstablepkgs = import <nixos-unstable> {};
+
+in {
+  home.sessionVariables = {
+    EDITOR = "nvim";
+  };
+
+  nixpkgs.config = {
+    pidgin = {
+      openssl = true;
+      gnutls = true;
+    };
+
+    packageOverrides = pkgs: with pkgs; {
+      neovim = unstablepkgs.neovim;
+      vimPlugins = unstablepkgs.vimPlugins;
+    };
+  };
+
+  programs.neovim = {
+    enable = true;
+
+    extraPythonPackages = (ps: with ps; [ ]);
+    extraPython3Packages = (ps: with ps; [ ]);
+
+    configure = {
+      customRC = builtins.readFile ./neovim/vimrc;
+      vam = {
+        knownPlugins = with pkgs; vimPlugins // {
+          delimitMate = vimUtils.buildVimPlugin {
+            name = "delimitMate-vim";
+            src = fetchFromGitHub {
+              owner = "Raimondi";
+              repo = "delimitMate";
+              rev = "728b57a6564c1d2bdfb9b9e0f2f8c5ba3d7e0c5c";
+              sha256 = "0fskm9gz81dk8arcidrm71mv72a7isng1clssqkqn5wnygbiimsn";
+            };
+            buildInputs = [ zip vim ];
+          };
+
+          yaml-folds = vimUtils.buildVimPlugin {
+            name = "vim-yaml-folds";
+            src = fetchFromGitHub {
+              owner = "pedrohdz";
+              repo = "vim-yaml-folds";
+              rev = "0672d9a3b685b51b4c49d8716c2ad4e27cfa5abd";
+              sha256 = "0yp2jgaqiria79lh75fkrs77rw7nk518bq63w9bvyy814i7s4scn";
+            };
+            buildInputs = [ zip vim ];
+          };
+
+          vim-markdown-toc = vimUtils.buildVimPlugin {
+            name = "vim-markdown-toc";
+            src = fetchFromGitHub {
+              owner = "mzlogin";
+              repo = "vim-markdown-toc";
+              rev = "a6e227023f405a7c39590a8aaf0d54dde5614a2e";
+              sha256 = "1vpsnjzc7hvrkp6mq68myxl3k1x363iif58rrd17njcsa4jh1zwy";
+            };
+          };
+          vim-perl = vimUtils.buildVimPlugin {
+            name = "vim-perl";
+            src = fetchFromGitHub {
+              owner = "vim-perl";
+              repo = "vim-perl";
+              rev = "21d0a0d795336acf8a9306da35f379c32cfc5e08";
+              sha256 = "0f2sa0v3djd89k16n4saji9n7grziyhkljq75dskcbv8r19m8i1j";
+            };
+          };
+
+          git-blame = vimUtils.buildVimPlugin {
+            name = "git-blame";
+            src = fetchFromGitHub {
+              "owner" = "zivyangll";
+              "repo" = "git-blame.vim";
+              "rev" = "a5b666840eead1b1ea1c351038da6ce026716bb6";
+              "sha256" = "181siphb87yzln9433159ssa6vmm1h2dd0kqhlx7bgsi51gng4rv";
+            };
+          };
+        };
+
+        pluginDictionaries = let 
+          default = [
+            "delimitMate"
+            "vim-airline"
+            "ctrlp"
+            "vim-css-color"
+            "rainbow_parentheses"
+            "vim-colorschemes"
+            "vim-colorstepper"
+            "vim-signify"
+            "fugitive"
+            "ctrlp"
+            "vim-indent-guides"
+            "UltiSnips"
+            "fzfWrapper"
+
+            "ncm2"
+            "ncm2-bufword"
+            "ncm2-path"
+            "ncm2-tmux"
+            "ncm2-ultisnips"
+            "nvim-yarp"
+
+            "LanguageClient-neovim"
+
+            "Improved-AnsiEsc"
+            "tabular"
+            "git-blame"
+
+            # Nix
+            "vim-addon-nix"
+            "vim-addon-vim2nix"
+
+            # LaTeX
+            "vim-latex-live-preview"
+            "vimtex"
+
+            # YAML
+            "yaml-folds"
+
+            # Perl
+            # "vim-perl"
+
+
+            # markdown
+            "vim-markdown"
+            "vim-markdown-toc"
+
+            # misc syntax support
+            "vim-bazel"
+          ];
+        in [
+          { names = default; }
+          { names = default ++ [
+            ];
+            filename_regex = ".*\.nix\$";
+          }
+          { names = default ++ [
+            ];
+            filename_regex = ".*\.tex\$";
+          }
+        ];
+      };
+    };
+  };
+}

nix/home-manager/programs/neovim/vimrc

@@ -0,0 +1,246 @@
+set nocompatible
+set mouse=
+
+" Enable Elite mode, No ARRRROWWS!!!!
+let g:elite_mode=1
+if get(g:, 'elite_mode')
+nnoremap <Up>    :resize +2<CR>
+nnoremap <Down>  :resize -2<CR>
+nnoremap <Left>  :vertical resize +2<CR>
+nnoremap <Right> :vertical resize -2<CR>
+endif
+
+nnoremap <expr>K getline('.')[col('.')-1]==' ' ? "r<CR>" : "i<CR><Esc>"
+
+" Enable highlighting of the current line
+set cursorline
+
+" leader
+let mapleader = ','
+let maplocalleader = ','
+
+" save on ctrl-s
+nnoremap <c-s> :w<CR>
+inoremap <c-s> <Esc>:w<CR>
+
+set hidden
+syntax on
+set hlsearch
+set ignorecase
+set smartcase
+set number
+
+" mappings to stop insert mode
+imap jjj <ESC>
+imap kkk <ESC>
+imap lll <ESC>
+imap hhh <ESC>
+set scroll=11
+
+" new mappings
+noremap <C-j> <C-f>
+noremap <C-k> <C-u>
+
+noremap <C-n> :tabn<CR>
+noremap <C-p> :tabp<CR>
+let g:ctrlp_map = '<tab>'
+set wildignore+=*/site/*,*.so,*.swp,*.zip
+let g:ctrlp_custom_ignore = {
+\ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
+\ 'file': '\v\.(exe|so|dll)$$',
+\ }
+
+"let g:ctrlp_match_func = { 'match': 'pymatcher#PyMatch' }
+"let g:pydiction_location = '~/.vim/bundle/pydiction/complete-dict'
+
+" allways show status line
+set ls=2
+set tabstop=4
+set shiftwidth=4
+set softtabstop=4
+set expandtab
+"set textwidth=80
+
+set backspace=indent,eol,start
+
+set wildignore+=*/site/*,*.so,*.swp,*.zip
+let g:ctrlp_custom_ignore = {
+\ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
+\ 'file': '\v\.(exe|so|dll)$$',
+\ }
+" }
+
+" spelling {{{
+au BufRead,BufNewFile *.txt,*.tex,*.md,*.markdown setlocal spell spelllang=en_us,de_de
+" }}}
+
+" sync default register to clipboard {
+if has('unnamedplus')
+set clipboard=unnamedplus
+else
+set clipboard=unnamed
+endif
+" }
+
+" colored brackets {
+let g:rbpt_colorpairs = [
+\ ['brown',       'RoyalBlue3'],
+\ ['Darkblue',    'SeaGreen3'],
+\ ['darkgray',    'DarkOrchid3'],
+\ ['darkgreen',   'firebrick3'],
+\ ['darkcyan',    'RoyalBlue3'],
+\ ['darkred',     'SeaGreen3'],
+\ ['darkmagenta', 'DarkOrchid3'],
+\ ['brown',       'firebrick3'],
+\ ['gray',        'RoyalBlue3'],
+\ ['black',       'SeaGreen3'],
+\ ['darkmagenta', 'DarkOrchid3'],
+\ ['Darkblue',    'firebrick3'],
+\ ['darkgreen',   'RoyalBlue3'],
+\ ['darkcyan',    'SeaGreen3'],
+\ ['darkred',     'DarkOrchid3'],
+\ ['red',         'firebrick3'],
+\ ]
+let g:rbpt_max = 16
+let g:rbpt_loadcmd_toggle = 0
+
+au VimEnter * RainbowParenthesesToggle
+au Syntax * RainbowParenthesesLoadRound
+au Syntax * RainbowParenthesesLoadSquare
+au Syntax * RainbowParenthesesLoadBraces
+" }
+
+set t_ut=
+colorscheme PaperColor
+
+" Python {{{
+augroup ft_python
+au!
+au FileType python setlocal omnifunc=pythoncomplete#Complete
+au FileType python setlocal define=^\s*\\(def\\\\|class\\)
+augroup END
+" }}}
+
+" YAML {{{
+augroup ft_yaml
+au!
+setlocal autoindent sw=2 et tabstop=2 shiftwidth=2 softtabstop=2
+augroup END
+" }}}
+
+" markdown {
+augroup filetypedetect
+" gitit page files
+au BufRead,BufNewFile *.page set filetype=markdown
+augroup END
+
+
+" Cycle between the valid list item markers *, - and + in the TOC
+let g:vmt_cycle_list_item_markers = 1
+
+" } markdown
+
+let g:indent_guides_enable_on_vim_startup = 1
+
+
+"bazel
+augroup filetypedetect
+au BufRead,BufNewFile *.bazel set filetype=bzl
+augroup END
+
+"Justfile
+augroup filetypedetect
+au BufRead,BufNewFile Justfile set filetype=make
+augroup END
+
+
+augroup VCenterCursor
+au!
+au BufEnter,WinEnter,WinNew,VimResized *,*.*
+\ let &scrolloff=winheight(win_getid())/2
+augroup END
+
+" " deoplete {
+" let g:deoplete#enable_at_startup = 1
+" let g:deoplete#num_processes = 1
+" let g:deoplete#enable_smart_case = 1
+"
+" if !exists('g:deoplete#omni#input_patterns')
+"   let g:deoplete#omni#input_patterns = {}
+" endif
+" let g:deoplete#omni#input_patterns.tex = g:vimtex#re#deoplete
+" " } deoplete
+
+" enable ncm2 for all buffers
+autocmd BufEnter * call ncm2#enable_for_buffer()
+set completeopt=noinsert,menuone,noselect
+
+" LanguageClient {
+set hidden
+
+let g:LanguageClient_serverCommands = {
+\ 'rust': ['rustup', 'run', 'stable', 'rls'],
+\ 'javascript.jsx': ['tcp://127.0.0.1:2089'],
+\ }
+" \ 'javascript': ['/usr/local/bin/javascript-typescript-stdio'],
+" \ 'python': ['/usr/local/bin/pyls'],
+nnoremap <F5> :call LanguageClient_contextMenu()<CR>
+" Or map each action separately
+nnoremap <silent> K :call LanguageClient#textDocument_hover()<CR>
+nnoremap <silent> gd :call LanguageClient#textDocument_definition()<CR>
+nnoremap <silent> <F2> :call LanguageClient#textDocument_rename()<CR>
+" }
+
+let g:vimtex_view_method = 'zathura'
+let g:vimtex_complete_enabled = 1
+let g:vimtex_complete_close_braces = 1
+let g:vimtex_complete_recursive_bib = 1
+let g:vimtex_indent_enabled = 1
+let g:vimtex_indent_bib_enabled = 1
+let g:vimtex_fold_enabled = 1
+let g:vimtex_fold_comments = 1
+let g:vimtex_fold_preamble = 1
+let g:vimtex_compiler_latexmk = {
+\ 'options' : [
+\   '-shell-escape',
+\   '-pdf',
+\   '-verbose',
+\   '-file-line-error',
+\   '-synctex=1',
+\   '-interaction=nonstopmode',
+\ ],
+\}
+let g:vimtex_quickfix_latexlog = {
+\ 'default' : 1,
+\ 'general' : 1,
+\ 'references' : 1,
+\ 'overfull' : 0,
+\ 'underfull' : 0,
+\ 'font' : 0,
+\ 'packages' : {
+\   'default' : 1,
+\   'natbib' : 1,
+\   'biblatex' : 1,
+\   'babel' : 1,
+\   'hyperref' : 1,
+\   'scrreprt' : 1,
+\   'fixltx2e' : 1,
+\   'titlesec' : 1,
+\ },
+\}
+
+function! ViewerCallback() dict
+call self.forward_search(self.out())
+endfunction
+let g:vimtex_view_zathura_hook_callback = 'ViewerCallback'
+let g:vimtex_view_general_callback = 'ViewerCallback'
+let g:vimtex_compiler_progname = '${pkgs.neovim-remote}/bin/nvr'
+" } latex
+
+" terminal {
+tnoremap <Esc> <C-\><C-n>
+" } terminal
+
+" allow per-project vimrc
+" TODO: only source if it exists
+" source .vimrc

nix/home-manager/programs/pass.nix

@@ -0,0 +1,24 @@
+{ pkgs
+, ...
+}:
+
+{
+  home.sessionVariables = {
+    EDITOR = "nvim";
+
+    # required by pass-otp
+    PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
+    PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
+  };
+  
+  programs.browserpass = {
+    enable = true;
+  };
+
+  home.packages = with pkgs; [
+    pass-otp
+    qtpass
+    rofi-pass
+  ];
+}
+

nix/home-manager/programs/zsh.nix

@@ -0,0 +1,79 @@
+{ pkgs
+, config
+, ...
+}:
+
+let 
+in {
+  programs.zsh = {
+    enable = true;
+
+    # will be called again by oh-my-zsh
+    enableCompletion = false;
+    enableAutosuggestions = true;
+    initExtra = ''
+      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
+%_%F{%(!.red.green)}$(prompt_char)%f '
+      RPROMPT=""
+
+      # Automatic rehash 
+      zstyle ':completion:*' rehash true
+
+      if [ -f $HOME/.shrc.d/sh_aliases ]; then
+        . $HOME/.shrc.d/sh_aliases 
+      fi
+
+      source ${pkgs.homeshick}/homeshick.sh
+      fpath=(${pkgs.homeshick}/completions $fpath)
+
+      # Disable intercepting of ctrl-s and ctrl-q as flow control.
+      stty stop ''' -ixoff -ixon
+
+      # don't cd into directories when executed
+      unsetopt AUTO_CD
+    '';
+
+    sessionVariables = {
+      # Add more envrionment variables here
+    };
+
+    plugins = [
+      {
+        # will source zsh-autosuggestions.plugin.zsh
+        name = "zsh-autosuggestions";
+        src = pkgs.fetchFromGitHub {
+          owner = "zsh-users";
+          repo = "zsh-autosuggestions";
+          rev = "v0.4.0";
+          sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
+        };
+      }
+      {
+        name = "enhancd";
+        file = "init.sh";
+        src = pkgs.fetchFromGitHub {
+          owner = "b4b4r07";
+          repo = "enhancd";
+          rev = "v2.2.1";
+          sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g";
+        };
+      }
+      {
+        name = "pass";
+        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass";
+      }
+      {
+        name = "minikube";
+        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube";
+      }
+    ];
+    oh-my-zsh = {
+      enable = true;
+      theme = "tjkirch";
+      plugins = [
+        "git"
+        "sudo"
+      ];
+    };
+  };
+}

nix/ops/nano/configuration.nix

@@ -0,0 +1,65 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ n, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sdb";
+
+  networking.hostName = "nano${toString n}"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Select internationalisation properties.
+  # i18n = {
+  #   consoleFont = "Lat2-Terminus16";
+  #   consoleKeyMap = "us";
+  #   defaultLocale = "en_US.UTF-8";
+  # };
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # List packages installed in system profile. To search by name, run:
+  # $ nix-env -qaP | grep wget
+  # environment.systemPackages = with pkgs; [
+  #   wget
+  # ];
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = false;
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = false;
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable the KDE Desktop Environment.
+  # services.xserver.displayManager.kdm.enable = true;
+  # services.xserver.desktopManager.kde4.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.extraUsers.guest = {
+  #   isNormalUser = true;
+  #   uid = 1000;
+  # };
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "16.03";
+
+}

nix/ops/nano/hardware-configuration.nix

@@ -0,0 +1,23 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e02a410e-5044-440f-90e9-b573e51f1315";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = 2;
+}

nix/ops/nanos@kn.nix

@@ -0,0 +1,26 @@
+{ nixpkgs ? import <nixpkgs> {}
+, nrNanos ? 1 # Number of nanos
+}:
+
+let 
+  pkgs = nixpkgs;
+  webserver = { services.httpd.enable = true;
+      services.httpd.adminAddr = "mail@stefanjunker.de";
+      services.httpd.documentRoot = "${pkgs.nixops}/share/doc/nixops/";
+      networking.firewall.allowedTCPPorts = [ 80 ];
+  };
+
+  mkNano = { n }: {
+      imports = [
+        (import ./nano/configuration.nix {inherit pkgs n;})
+        ../configuration/common/user/root.nix
+      ];
+      deployment.targetEnv = "none";
+      deployment.targetHost = "nano${toString n}";
+  };
+
+  mkNanos = n: nixpkgs.lib.nameValuePair "nano${toString n}" (
+    mkNano { inherit n; } 
+  );
+
+in nixpkgs.lib.listToAttrs (map mkNanos (nixpkgs.lib.range 0 (nrNanos - 1)))

nix/os/devices/default.nix

@@ -0,0 +1,64 @@
+{ pkgs ? import <nixpkgs> {}
+, dir
+, rebuildarg ? null
+}:
+
+let
+  diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
+
+in {
+  rebuild = pkgs.writeScript "script" ''
+    #!/usr/bin/env bash
+    set -xe
+
+    pushd ${dir}
+    export NIXOS_CONFIG="$PWD"/configuration.nix
+    export INSTALL_ROOT="/mnt/$ID-root"
+
+    [[ -e "''${NIXOS_CONFIG}" ]]
+
+    nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg}
+    if test -L result; then
+      rm result
+    fi
+  '';
+
+  diskMount = pkgs.writeScript "script" ''
+    #!/usr/bin/env bash
+    set -xe
+    ID=${diskId}
+    echo Mounting $ID
+    set -xe
+    cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3
+    vgchange -ay $ID
+    mkdir -p /mnt/$ID-root
+    mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
+    mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
+    mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot
+  '';
+
+  diskUmount = pkgs.writeScript "script" ''
+    #!/usr/bin/env bash
+    set -xe
+      ID=${diskId}
+    umount -R /mnt/$ID-root
+    rmdir /mnt/$ID-root
+    vgchange -an $ID
+    cryptsetup luksClose $ID-part3
+    sync
+  '';
+
+  diskInstall = pkgs.writeScript "script" ''
+    #!/usr/bin/env bash
+    set -xe
+    ID=${diskId}
+    pushd ${dir}
+    export NIXOS_CONFIG="$PWD"/configuration.nix
+    export INSTALL_ROOT="/mnt/$ID-root"
+
+    [[ -e "''${NIXOS_CONFIG}" ]]
+    [[ -e "''${INSTALL_ROOT}" ]]
+
+    nixos-install --max-jobs 5 --cores 4  --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
+  '';
+}

nix/os/devices/steveej-laptop/boot.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # workaround to disable CPU wining
+  # current CPU has 9 idle cstates.
+  boot.kernelParams = [ "intel_idle.max_cstate=9" ];
+
+  # Workaround for nm-pptp to enforce module load
+  boot.kernelModules = [ 
+      "nf_conntrack_proto_gre"
+      "nf_conntrack_pptp"
+  ];
+}

nix/os/devices/steveej-laptop/configuration.nix

@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  imports = [ 
+    ../../profiles/common/configuration.nix
+    ../../profiles/graphical/configuration.nix
+
+    ./pkg.nix
+    ./system.nix
+    ./hw.nix
+    ./user.nix
+    ./boot.nix
+  ];
+}

nix/os/devices/steveej-laptop/hw.nix

@@ -0,0 +1,67 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+    nix.maxJobs = 3;
+    nix.buildCores = 3;
+
+    hardware.enableAllFirmware = true;
+    hardware.trackpoint.emulateWheel = true;
+
+    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+    boot.kernelModules = [ "kvm-intel" ];
+    boot.extraModprobeConfig = ''
+      options kvm-intel nested=1
+      options kvm-intel enable_shadow_vmcs=1
+      options kvm-intel enable_apicv=1
+      options kvm-intel ept=1
+    '';
+    boot.extraModulePackages = [ ];
+
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    fileSystems."/boot" = { 
+        device = "/dev/disk/by-uuid/445D-DBAA";
+        fsType = "vfat";
+    };
+
+    fileSystems."/" = {
+        device = "/dev/disk/by-uuid/948e84dc-5c4f-4051-8a13-efb30155839f";
+        fsType = "btrfs";
+        options = [ "subvol=nixos" ];
+    };
+
+    fileSystems."/home" = {
+        device = "/dev/disk/by-uuid/948e84dc-5c4f-4051-8a13-efb30155839f";
+        fsType = "btrfs";
+        options = [ "subvol=home" ];
+    };
+
+    fileSystems."/var/lib/rkt" = {
+        fsType = "tmpfs";
+    };
+
+    fileSystems."/var/lib/cni" = {
+        fsType = "tmpfs";
+    };
+
+    swapDevices = [
+        { label = "vg0swap"; }
+    ];
+
+    boot.loader.grub = {
+        device = "/dev/sda";
+        efiSupport = true;
+    };
+
+    boot.initrd.luks.devices = [ {
+            name = "btrfsroot";
+            device = "/dev/disk/by-uuid/0e6b5751-0e6d-4de7-84c3-17fe525c4c72";
+            preLVM = true;
+            allowDiscards = true;
+        }
+    ];
+}

nix/os/devices/steveej-laptop/pkg.nix

@@ -0,0 +1,63 @@
+{ config,
+  pkgs,
+  ... }:
+
+let
+  gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
+  unstablepkgs = import <nixos-unstable> {};
+
+in
+{
+  nixpkgs.config = {
+    allowBroken = false;
+    allowUnfree = true;
+
+    packageOverrides = pkgs: rec {
+      # libvirt = unstablepkgs.libvirt;
+
+      myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor
+        (pkgs.linux_latest.override {
+        kernelPatches = pkgs.linux_latest.kernelPatches ++ [
+          {
+            name = "bfq1";
+            patch = pkgs.fetchurl {
+              url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0001-block-cgroups-kconfig-build-bits-for-BFQ-v7r11-4.7.0.patch";
+              sha256 = "116jfdgjgmy1fv6kzz7dm1c7rjy1pbsfzzcjv5mgsb7pnaxq3gd6";
+            };
+          }
+          {
+            name = "bfq2";
+            patch = pkgs.fetchurl {
+              url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0002-block-introduce-the-BFQ-v7r11-I-O-sched-for-4.7.0.patch";
+              sha256 = "0wjmnym2ycglx42f513n97b45x3xqi33q7z4cs0aiz0zbblm8jql";
+            };
+          }
+          {
+            name = "bfq3";
+            patch = pkgs.fetchurl {
+              url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0003-block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-v7r11-for.patch";
+              sha256 = "0898aklynxb9dr0nb0kdhc2incjkjihds9dakxvdy0mwjqr0jd6v";
+            };
+          }
+          {
+            name = "bfq4";
+            patch = pkgs.fetchurl {
+              url = "ftp://teambelgium.net/bfq/patches/4.7.0-v8r3/0004-block-bfq-turn-BFQ-v7r11-for-4.7.0-into-BFQ-v8r3-for.patch";
+              sha256 = "09ya3g39zk9k3hzjx4fkl60qkxdgzllnx3kk9dyi7lvydmhp4y6v";
+            };
+          }
+        ];
+        extraConfig  = ''
+          BFQ_GROUP_IOSCHED y
+          IOSCHED_BFQ y
+          DEFAULT_BFQ y
+        '';
+        })
+        pkgs.linuxPackages_latest
+      );
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+  ];
+}

nix/os/devices/steveej-laptop/system.nix

@@ -0,0 +1,57 @@
+{ config
+, lib
+, pkgs
+, ... 
+}:
+
+let
+  unstablepkgs = import <nixos-unstable> {};
+
+in rec {
+  # The NixOS release to be compatible with for stateful data such as databases.
+  # system.stateVersion = "unstable";
+
+  networking.hostName = "steveej-laptop"; # Define your hostname.
+
+  # Used for testing local Tectonic clusters
+  environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
+    server=/tt.testing/192.168.124.1
+    server=/tectonic-ci.de/192.168.124.1
+    server=/tectonic-ci.lan/192.168.124.1
+  '';
+  networking.firewall.checkReversePath = false;
+
+  networking.bridges."virbr1".interfaces = [];
+  networking.interfaces."virbr1".ipv4.addresses = [
+      { address = "10.254.254.254"; prefixLength = 24; }
+  ];
+
+  services.printing = {
+    enable = true;
+    drivers = [
+      pkgs.hplip
+      unstablepkgs.cups-kyodialog3
+      unstablepkgs.mfcj6510dwlpr
+      unstablepkgs.mfcj6510dw-cupswrapper
+    ];
+  };
+
+  services.nix-serve.enable = true;
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
+  # virtualization
+  virtualisation = {
+    libvirtd.enable = true;
+    virtualbox.host.enable = true;
+    virtualbox.host.addNetworkInterface = true;
+    docker.enable = true;
+  };
+}

nix/os/devices/steveej-laptop/user.nix

@@ -0,0 +1,18 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in
+{
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+  };
+
+  users.extraUsers.steveej3 = mkUser {
+    uid = 1002;
+  };
+}
+

nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [
+    ../../profiles/common/configuration.nix
+    ../../profiles/graphical/configuration.nix
+    ../../profiles/removable-medium/configuration.nix
+
+    ./system.nix
+    ./hw.nix
+  ];
+}

nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6";
+}

nix/os/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname.
+}

nix/os/devices/steveej-utilitepro/configuration.nix

@@ -0,0 +1,279 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+let
+  passwords = import ../common/passwords.crypt.nix;
+in
+{
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "16.03";
+ nix.maxJobs = 4; 
+ nix.buildCores = 4;
+
+ nix.extraOptions = ''
+    gc-keep-outputs = true
+    gc-keep-derivations = true
+ '';
+
+
+
+ nixpkgs.config = {
+
+   packageOverrides = super: let self = super.pkgs; in {
+      linux_4_1 = super.linux_4_1.override {
+        kernelPatches = super.linux_4_1.kernelPatches ++ [
+          { patch = ./patches/utilitepro-kernel-dts.patch; name = "utilitepro-dts"; }
+          { patch = ./patches/utilitepro-kernel-dts-Makefile.patch; name = "utilitepro-dts-Makefile"; }
+        ];
+        # add "CONFIG_PPP_FILTER y" option to the set of kernel options
+        extraConfig = ''
+	    BTRFS_FS y
+	    BTRFS_FS_POSIX_ACL y
+            FUSE_FS y
+            OVERLAY_FS y
+
+	    BLK_DEV_DM y
+            DM_THIN_PROVISIONING y
+
+	    NAMESPACES y
+	    NET_NS y
+	    PID_NS y
+	    IPC_NS y
+	    UTS_NS y
+	    DEVPTS_MULTIPLE_INSTANCES y
+	    CGROUPS y
+	    CGROUP_CPUACCT y
+	    CGROUP_DEVICE y
+	    CGROUP_FREEZER y
+	    CGROUP_SCHED y
+	    CPUSETS y
+	    MEMCG y
+	    POSIX_MQUEUE y
+
+	    MACVLAN m
+	    VETH m
+	    BRIDGE m
+
+	    NF_TABLES m
+            NETFILTER y
+            NETFILTER_ADVANCED y
+	    NF_NAT_IPV4 m
+	    IP_NF_FILTER m
+	    IP_NF_TARGET_MASQUERADE m
+	    NETFILTER_XT_MATCH_ADDRTYPE m
+	    NETFILTER_XT_MATCH_CONNTRACK m
+	    NF_NAT m
+	    NF_NAT_NEEDED m
+            BRIDGE_NETFILTER m
+            NETFILTER_INGRESS y
+            NETFILTER_NETLINK m
+            NETFILTER_NETLINK_ACCT m
+            NETFILTER_NETLINK_QUEUE m
+            NETFILTER_NETLINK_LOG m
+            NETFILTER_SYNPROXY m
+            NETFILTER_XTABLES m
+            NETFILTER_XT_MARK m
+            NETFILTER_XT_CONNMARK m
+            NETFILTER_XT_SET m
+            NETFILTER_XT_TARGET_AUDIT m
+            NETFILTER_XT_TARGET_CHECKSUM m
+            NETFILTER_XT_TARGET_CLASSIFY m
+            NETFILTER_XT_TARGET_CONNMARK m
+            NETFILTER_XT_TARGET_CONNSECMARK m
+            NETFILTER_XT_TARGET_CT m
+            NETFILTER_XT_TARGET_DSCP m
+            NETFILTER_XT_TARGET_HL m
+            NETFILTER_XT_TARGET_HMARK m
+            NETFILTER_XT_TARGET_IDLETIMER m
+            NETFILTER_XT_TARGET_LED m
+            NETFILTER_XT_TARGET_LOG m
+            NETFILTER_XT_TARGET_MARK m
+            NETFILTER_XT_NAT m
+            NETFILTER_XT_TARGET_NETMAP m
+            NETFILTER_XT_TARGET_NFLOG m
+            NETFILTER_XT_TARGET_NFQUEUE m
+            NETFILTER_XT_TARGET_NOTRACK m
+            NETFILTER_XT_TARGET_RATEEST m
+            NETFILTER_XT_TARGET_REDIRECT m
+            NETFILTER_XT_TARGET_TEE m
+            NETFILTER_XT_TARGET_TPROXY m
+            NETFILTER_XT_TARGET_TRACE m
+            NETFILTER_XT_TARGET_SECMARK m
+            NETFILTER_XT_TARGET_TCPMSS m
+            NETFILTER_XT_TARGET_TCPOPTSTRIP m
+            NETFILTER_XT_MATCH_ADDRTYPE m
+            NETFILTER_XT_MATCH_BPF m
+            NETFILTER_XT_MATCH_CGROUP m
+            NETFILTER_XT_MATCH_CLUSTER m
+            NETFILTER_XT_MATCH_COMMENT m
+            NETFILTER_XT_MATCH_CONNBYTES m
+            NETFILTER_XT_MATCH_CONNLABEL m
+            NETFILTER_XT_MATCH_CONNLIMIT m
+            NETFILTER_XT_MATCH_CONNMARK m
+            NETFILTER_XT_MATCH_CONNTRACK m
+            NETFILTER_XT_MATCH_CPU m
+            NETFILTER_XT_MATCH_DCCP m
+            NETFILTER_XT_MATCH_DEVGROUP m
+            NETFILTER_XT_MATCH_DSCP m
+            NETFILTER_XT_MATCH_ECN m
+            NETFILTER_XT_MATCH_ESP m
+            NETFILTER_XT_MATCH_HASHLIMIT m
+            NETFILTER_XT_MATCH_HELPER m
+            NETFILTER_XT_MATCH_HL m
+            NETFILTER_XT_MATCH_IPCOMP m
+            NETFILTER_XT_MATCH_IPRANGE m
+            NETFILTER_XT_MATCH_IPVS m
+            NETFILTER_XT_MATCH_L2TP m
+            NETFILTER_XT_MATCH_LENGTH m
+            NETFILTER_XT_MATCH_LIMIT m
+            NETFILTER_XT_MATCH_MAC m
+            NETFILTER_XT_MATCH_MARK m
+            NETFILTER_XT_MATCH_MULTIPORT m
+            NETFILTER_XT_MATCH_NFACCT m
+            NETFILTER_XT_MATCH_OSF m
+            NETFILTER_XT_MATCH_OWNER m
+            NETFILTER_XT_MATCH_POLICY m
+            NETFILTER_XT_MATCH_PHYSDEV m
+            NETFILTER_XT_MATCH_PKTTYPE m
+            NETFILTER_XT_MATCH_QUOTA m
+            NETFILTER_XT_MATCH_RATEEST m
+            NETFILTER_XT_MATCH_REALM m
+            NETFILTER_XT_MATCH_RECENT m
+            NETFILTER_XT_MATCH_SCTP m
+            NETFILTER_XT_MATCH_SOCKET m
+            NETFILTER_XT_MATCH_STATE m
+            NETFILTER_XT_MATCH_STATISTIC m
+            NETFILTER_XT_MATCH_STRING m
+            NETFILTER_XT_MATCH_TCPMSS m
+            NETFILTER_XT_MATCH_TIME m
+            NETFILTER_XT_MATCH_U32 m
+
+
+
+            MEMCG_KMEM y
+            MEMCG_SWAP y
+            MEMCG_SWAP_ENABLED y
+            BLK_CGROUP y
+            IOSCHED_CFQ y
+            BLK_DEV_THROTTLING y
+            CGROUP_PERF y
+            CGROUP_HUGETLB y
+            NET_CLS_CGROUP y
+            CGROUP_NET_PRIO y
+            CFS_BANDWIDTH y
+            FAIR_GROUP_SCHED y
+            RT_GROUP_SCHED y
+            EXT3_FS y
+            EXT3_FS_XATTR y
+            EXT3_FS_POSIX_ACL y
+            EXT3_FS_SECURITY y
+
+            PPP_FILTER y
+            HAVE_IMX_ANATOP y
+            HAVE_IMX_GPC y
+            HAVE_IMX_MMDC y
+            HAVE_IMX_SRC y
+            SOC_IMX6 y
+            SOC_IMX6Q y
+            SOC_IMX6SL y
+            PCI_IMX6 y
+            ARM_IMX6Q_CPUFREQ y
+            IMX_WEIM y
+            AHCI_IMX y
+            SERIAL_IMX y
+            SERIAL_IMX_CONSOLE y
+            I2C_IMX y
+            SPI_IMX y
+            PINCTRL_IMX y
+            PINCTRL_IMX6Q y
+            PINCTRL_IMX6SL y
+            POWER_RESET_IMX y
+            IMX_THERMAL y
+            IMX2_WDT y
+            IMX_IPUV3_CORE y
+            DRM_IMX y
+            DRM_IMX_FB_HELPER y
+            DRM_IMX_PARALLEL_DISPLAY y
+            DRM_IMX_TVE y
+            DRM_IMX_LDB y
+            DRM_IMX_IPUV3 y
+            DRM_IMX_HDMI y
+            MMC_SDHCI_ESDHC_IMX y
+            IMX_SDMA y
+            PWM_IMX y
+            DEBUG_IMX6Q_UART y
+
+        '';
+      };
+#   pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
+   };
+   allowUnfree = true;
+ };
+
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  networking.hostName = "steveej-utilitepro"; # Define your hostname.
+#networking.wireless.enable = true;  # Enables wireless support viawpa_supplicant.
+
+  boot.kernelPackages = pkgs.linuxPackages_4_1; 
+  boot.extraKernelParams = [
+    "cm_fx6_v4l_msize=128M"
+    "vmalloc=256M"
+    "root=/dev/sda3"
+    "rootflags=subvol=nixos"
+    "console=ttymxc3,115200"
+  ];
+
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.loader.grub.enable = false;
+
+  # Select internationalisation properties.
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # List packages installed in system profile. To search by name, run:
+  environment.systemPackages = with pkgs; [
+    iptables
+    wget
+    vim
+    sshfsFuse
+    pastebinit
+    git
+  ];
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+
+  # Disable CUPS to print documents.
+  services.printing.enable = false;
+
+  users.mutableUsers = false;
+  users.extraUsers.root = {
+    hashedPassword = passwords.users.root;
+    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
+  };
+  users.extraUsers.steveej = {
+    uid = 1000;
+    isNormalUser = true;
+    home = "/home/steveej";
+    extraGroups = [ "wheel" "libvirtd" ];
+    hashedPassword = passwords.users.steveej;
+    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
+  }; 
+
+  networking.firewall.enable = false;
+  networking.useNetworkd = true; 
+}

nix/os/devices/steveej-utilitepro/hardware-configuration.nix

@@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  hardware.enableAllFirmware = true;
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
+      fsType = "btrfs";
+      options = "subvol=nixos";
+    };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
+    };
+
+  swapDevices = [ ];
+}

nix/os/devices/steveej-utilitepro/patches/utilitepro-kernel-dts-Makefile.patch

@@ -0,0 +1,13 @@
+diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
+index 992736b..6ff9735 100644
+--- a/arch/arm/boot/dts/Makefile
++++ b/arch/arm/boot/dts/Makefile
+@@ -296,6 +296,8 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
+ 	imx6q-sabreauto.dtb \
+ 	imx6q-sabrelite.dtb \
+ 	imx6q-sabresd.dtb \
++	imx6q-sbc-fx6.dtb \
++	imx6q-sbc-fx6m.dtb \
+ 	imx6q-sbc6x.dtb \
+ 	imx6q-tbs2910.dtb \
+ 	imx6q-tx6q-1010.dtb \

nix/os/lib/default.nix

@@ -0,0 +1,28 @@
+{ keys ?  import ../../variables/keys.nix
+, passwords ? import ../../variables/passwords.crypt.nix 
+}:
+
+{
+  mkRoot = { } @ args: {
+    hashedPassword = passwords.users.root;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  } // args;
+
+  mkUser = {uid, hashedPassword ? passwords.users.steveej, ... } @ args: {
+    inherit uid hashedPassword;
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+      "wheel"
+      "libvirtd"
+      "networkmanager"
+      "vboxusers"
+      "users"
+      "input"
+      "audio"
+      "video"
+      "cdrom"
+    ];
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  } // args;
+}

nix/os/modules/encryptedDisk.nix

@@ -0,0 +1,63 @@
+{ lib
+, config
+, ... }:
+with lib;                      
+
+let
+  cfg = config.hardware.encryptedDisk;
+
+  volumeGroup = cfg.diskId;
+  bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
+  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
+  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ];
+  rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
+  swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
+
+in {
+  options.hardware.encryptedDisk = {
+    enable = mkEnableOption "Enable encrypted filesystem layout";
+    diskId = mkOption {
+      type = types.string;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    fileSystems."/boot" = { 
+      device = bootFsDevice;
+      fsType = "vfat";
+    };
+
+    fileSystems."/" = {
+      device = rootFsDevice;
+      fsType = "btrfs";
+      options = [ "subvol=nixos" ];
+    };
+
+    fileSystems."/home" = {
+      device = rootFsDevice;
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+    swapDevices = [ { device = swapFsDevice; } ];
+
+    boot.loader.grub = {
+      device = bootGrubDevice;
+      enableCryptodisk = true;
+    };
+
+    boot.initrd.luks.devices = [ 
+      {
+        name = 
+          let 
+            splitstring = builtins.split "/" bootLuksDevice;
+            lastelem = (builtins.length splitstring)-1;
+          in 
+            builtins.elemAt splitstring lastelem; 
+        device = bootLuksDevice;
+        preLVM = true;
+        allowDiscards = true;
+      }
+    ];
+  };
+}

nix/os/modules/natrouter.nix

@@ -0,0 +1,26 @@
+{ lib
+, config
+, ... }:
+with lib;                      
+
+{
+  # TODO
+  # Provide a NAT/DHCP Router
+  #
+  # networking.nat.enable = true;
+  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
+  # networking.nat.externalInterface = "wlp1s0";
+  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
+  #     { address = "10.254.253.254"; prefixLength = 24; }
+  # ];
+  # services.dnsmasq = {
+  #   enable = true;
+  #   servers = [ "8.8.8.8" "8.8.4.4" ];
+  #   extraConfig = ''
+  #     domain=lan
+  #     interface=enp0s20f0u4u1u3
+  #     bind-interfaces
+  #     dhcp-range=10.254.253.100,10.254.253.199,1h
+  #   '';
+  # };
+}

nix/os/profiles/common/boot.nix

@@ -0,0 +1,17 @@
+{ pkgs
+, ...
+}:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = false;
+    enable = true;
+    version = 2;
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.tmpOnTmpfs = true;
+}
+

nix/os/profiles/common/configuration.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  imports = [ 
+    ./boot.nix
+    ./pkg.nix
+    ./user.nix
+    ./system.nix
+  ];
+}

nix/os/profiles/common/pkg.nix

@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{
+  # Package configuration
+  environment.systemPackages = with pkgs; [
+    elfutils
+    exfat
+    file
+    tree
+    pwgen
+    proot
+
+    parted
+    pv
+    tmux
+    wget
+    curl
+
+    git
+    pastebinit
+    gist
+
+    usbutils
+    pciutils
+  ];
+}

nix/os/profiles/common/system.nix

@@ -0,0 +1,88 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+{
+  nix.binaryCachePublicKeys = [
+    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+  ];
+  nix.binaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    # "https://hydra.nixos.org"
+  ];
+
+  nix.daemonNiceLevel = lib.mkDefault 19;
+  nix.daemonIONiceLevel = lib.mkDefault 7;
+  nix.maxJobs = lib.mkDefault 3;
+  nix.buildCores = lib.mkDefault 3;
+  nix.useSandbox = true;
+
+  environment.etc."lvm/lvm.conf".text = ''
+    devices {
+      issue_discards = 1
+    }
+  '';
+
+  # Fonts, I18N, Date ...
+  fonts = {
+    enableCoreFonts = true;
+  };
+
+  i18n = {
+    consoleFont = "lat9w-16";
+    defaultLocale = "en_US.UTF-8";
+  };
+  time.timeZone = "Europe/Berlin";
+  services.gpm.enable = true;
+
+  services.packagekit.enable = true;
+  services.openssh.enable = true;
+  networking.firewall.enable = true;
+
+  # Activation scripts for impure set up of paths in /
+  system.activationScripts.bin = ''
+    echo "setting up /bin..."
+    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
+    mv -Tf /bin/.bash /bin/bash
+  '';
+  system.activationScripts.etcX11sessinos = ''
+    echo "setting up /etc/X11/sessions..."
+    mkdir -p /etc/X11
+    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
+    mv -Tf /etc/X11/.sessions /etc/X11/sessions
+  '';
+  system.activationScripts.lib64 = ''
+    echo "setting up /lib64..."
+    mkdir -p /lib64
+    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
+    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+  '';
+
+  programs.zsh = {
+    enable = false;
+# TODO: basic zsh config
+#    enableAutosuggestions = true; #    enableCompletion = true;
+#    syntaxHighlighting.enable = true;
+#    syntaxHighlighting.patterns = {};
+#    ohMyZsh = {
+#      enable = true;
+#      theme = "tjkirch";
+#    };
+#    promptInit = ''
+#      autoload -U promptinit
+#      promptinit
+#      ZSH_THEME_GIT_PROMPT_PREFIX='@ '
+#      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
+#%_%F{%(!.red.green)}$(prompt_char)%f '
+#      RPROMPT=""
+#    '';
+#    interactiveShellInit = ''
+#    '';
+  };
+}

nix/os/profiles/common/user.nix

@@ -0,0 +1,19 @@
+{ config
+, pkgs
+, ... }:
+
+let 
+  passwords = import ../../../variables/passwords.crypt.nix;
+  libinfraos = import ../../lib/default.nix { };
+  inherit (import ../../lib/default.nix { }) mkUser mkRoot;
+in {
+  users.mutableUsers = false;
+
+  users.extraUsers.root = mkRoot { };
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+  };
+
+  security.pam.enableU2F = true;
+  security.pam.services.steveej.u2fAuth = true;
+}

nix/os/profiles/graphical/configuration.nix

@@ -0,0 +1,9 @@
+{ pkgs
+, ... 
+}:
+
+{
+  imports = [ 
+    ./system.nix
+  ];
+}

nix/os/profiles/graphical/system.nix

@@ -0,0 +1,112 @@
+{ pkgs
+, ... 
+}:
+
+{
+  networking.networkmanager = {
+    enable = true;
+    dns = "dnsmasq";
+    unmanaged = [
+      "interface-name:veth*"
+      "interface-name:virbr*"
+      "interface-name:br*"
+      "interface-name:*vbox*"
+      "interface-name:*cni*"
+    ];
+  };
+  services.resolved.enable = false;
+
+  users.defaultUserShell = pkgs.zsh;
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  # hardware related services
+  services.illum.enable = true;
+  services.pcscd.enable = true;
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+      support32Bit = true;
+    };
+  };
+  # required for running blueman-applet in user sessions
+  services.dbus.packages = with pkgs; [ 
+    blueman
+  ];
+
+  services.xserver = {
+    enable = true;
+    libinput.enable = true;
+    libinput.naturalScrolling = true;
+
+    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
+    xkbVariant = "altgr-intl";
+    xkbOptions = "nodeadkeys";
+
+    desktopManager = {
+      # FIXME: gnome should be moved to user session
+      gnome3.enable = true;
+
+      xterm.enable = true;
+      plasma5.enable = false;
+    };
+
+    displayManager = {
+      gdm.enable = false;
+
+      lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "steveej";
+        };
+        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
+      };
+
+      sessionCommands = ''
+      '';
+    };
+  };
+
+  services.gnome3 = {
+    gnome-disks.enable = false;
+    gnome-documents.enable = false;
+    gnome-online-miners.enable = false;
+    gnome-user-share.enable = false;
+    gnome-terminal-server.enable = false;
+    gpaste.enable = false;
+    sushi.enable = false;
+    tracker.enable = false;
+
+    # FIXME: gnome should be moved to user session
+    seahorse.enable = true;
+    gvfs.enable = true;
+    at-spi2-core.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+    gnome-keyring.enable = true;
+  };
+
+  # More Services
+  services.udev.packages = [
+    pkgs.libu2f-host
+    pkgs.yubikey-personalization
+  ];
+  services.udev.extraRules = ''
+    # OnePlusOne
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
+
+    # Plantronics BackBeat PRO
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
+  '';
+
+
+  services.samba.enable = true;
+  services.samba.extraConfig = ''
+    client max protocol = SMB3
+  '';
+}

nix/os/profiles/install-medium/iso/Justfile

@@ -0,0 +1,2 @@
+build:
+  nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

nix/os/profiles/install-medium/iso/iso.nix

@@ -0,0 +1,92 @@
+# This module defines a small NixOS installation CD.  It does not
+# contain any graphical stuff.
+{config, pkgs, lib, ...}:
+
+let nixos-init-script = ''
+  #!${pkgs.stdenv.shell}
+
+  export HOME=/root
+  export PATH=${pkgs.lib.makeBinPath [ 
+    config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild
+    config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm
+  ]}:$PATH
+  export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
+
+  set -xe
+
+  fdisk -w always -W always /dev/vda <<EOF
+g
+n
+1
+
++8M
+n
+2
+
++1G
+n
+3
+
+
+t
+1
+4
+w
+EOF
+  lsblk
+
+  mkfs.ext4 -m0 -L nixos /dev/vda3
+  mount -L nixos /mnt
+  mkswap -L swap /dev/vda2
+  swapon -L swap
+
+  mkdir /mnt/etc/nixos -p
+  cp /dev/vdb /mnt/etc/nixos/configuration.nix
+
+  nix-channel --update
+  nixos-install
+  reboot
+  '';
+in {
+  imports = [
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix>
+
+    # Provide an initial copy of the NixOS channel so that the user
+    # doesn't need to run "nix-channel --update" first.
+    # <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+  ];
+
+  isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
+  boot.loader.timeout = lib.mkForce 0;
+  boot.postBootCommands = ''
+  '';
+
+  environment.systemPackages = [];
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ];
+  };
+
+  services.gpm.enable = true;
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+
+  systemd.services.nixos-init = {
+    script = nixos-init-script;
+    path = with pkgs; [ ];
+
+    description = "Initialize /dev/vda from configuration.nix found at /dev/vdb";
+    enable = true;
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "multi-user.target" ];
+    requires = [ "network-online.target" ];
+ 
+    restartIfChanged = false;
+    unitConfig.X-StopOnRemoval = false;
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+  };
+}

nix/os/profiles/removable-medium/boot.nix

@@ -0,0 +1,37 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false; 
+
+  boot.initrd.availableKernelModules = [ 
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+    "aes_x86_64"
+    "aesni_intel"
+    "cryptd"
+  ];
+
+  boot.kernelModules = [ 
+    "kvm-intel"
+
+    # Workaround for nm-pptp to enforce module load
+    "nf_conntrack_proto_gre"
+    "nf_conntrack_pptp"
+  ];
+
+  boot.extraModprobeConfig = ''
+    options kvm-intel nested=1
+    options kvm-intel enable_shadow_vmcs=1
+    options kvm-intel enable_apicv=1
+    options kvm-intel ept=1
+  '';
+  boot.extraModulePackages = [ ];
+
+  boot.loader.systemd-boot.enable = true;
+}

nix/os/profiles/removable-medium/configuration.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [ 
+    ../../modules/encryptedDisk.nix
+
+    ./pkg.nix
+    ./hw.nix
+    ./system.nix
+    ./boot.nix
+  ];
+}

nix/os/profiles/removable-medium/hw.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  hardware.encryptedDisk.enable = true;
+  hardware.enableAllFirmware = true;
+  hardware.trackpoint.emulateWheel = true;
+}

nix/os/profiles/removable-medium/pkg.nix

@@ -0,0 +1,27 @@
+{ 
+...
+}:
+
+{
+  imports = [
+    "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
+  ];
+  
+  nixpkgs.config = {
+    allowBroken = false;
+    allowUnfree = true;
+
+    packageOverrides = pkgs: with pkgs; {
+      busyboxStatic =  busybox.override {
+        enableStatic = true;
+        extraConfig = ''
+           CONFIG_STATIC y
+           CONFIG_INSTALL_APPLET_DONT y
+           CONFIG_INSTALL_APPLET_SYMLINKS n
+         '';
+      };
+    };
+  };
+
+  home-manager.users.steveej = import ../../../home-manager/configuration/removable-desktop.nix;
+}

nix/os/profiles/removable-medium/system.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+in {
+  services.printing = {
+    enable = false;
+  };
+
+  virtualisation = {
+    libvirtd.enable = false;
+    virtualbox.host.enable = false;
+    docker.enable = true;
+  };
+}

nix/pkgs/browserpass/default.nix

@@ -0,0 +1,28 @@
+with import <nixpkgs> {};
+
+stdenv.mkDerivation rec {
+    broken = true;
+
+    name = "browserpass";
+    version = "2.0.9";
+
+    src = fetchzip {
+      url = "https://github.com/dannyvankooten/browserpass/releases/download/${version}/${name}-linux64.zip";
+      sha256 = "1nygcfjhyrcvbdmz4hjphcnmr4lm9y24lpdkdcjix6vbsjs0hipw";
+      stripRoot = false;
+    };
+
+    buildPhase = '':'';
+
+    libPath = lib.makeLibraryPath [ ];
+    installPhase = ''
+      set -x
+      patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 browserpass-linux64
+
+      mkdir -p $out/bin
+      cp -a * $out/bin/
+#      wrapProgram $out/bin/browserpass-linux64 \
+#        --prefix LD_LIBRARY_PATH : "${libPath}"
+#
+    '';
+}

nix/pkgs/nomad/default.nix

@@ -0,0 +1,29 @@
+with import <nixpkgs> {};
+
+stdenv.mkDerivation rec {
+    name = "nomad";
+    version = "0.1.2";
+    filename = "nomad_${version}_linux_amd64.zip";
+
+    src = fetchurl {
+      url = "https://releases.hashicorp.com/nomad/${version}/${filename}";
+      sha256 = "0d3r3n1wwlic1kg3hgghds7f3b0qhh97v8xf36mcmsnmn2ngfd9k";
+    };
+
+    unpackPhase = ''
+      unzip ${src}
+    '';
+
+
+    buildInputs = [ makeWrapper unzip ];
+    libPath = lib.makeLibraryPath [ ];
+    installPhase = ''
+      patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 ./nomad
+
+      mkdir -p $out/bin
+      cp ./nomad $out/bin/nomad
+#      wrapProgram $out/bin/nomad \
+#        --prefix LD_LIBRARY_PATH : "${libPath}"
+#
+    '';
+}

nix/pkgs/nozbe/default.nix

@@ -0,0 +1,61 @@
+with import <nixpkgs> {};
+
+stdenv.mkDerivation rec {
+    name = "nozbe";
+    version = "3.6.3";
+
+    src = fetchzip {
+      url = "https://files.nozbe.com/linux/linux64_newest.tar.gz";
+      sha256 = "08hag0kv23psqa1pl9kardz90scgk21rsr5xxfg8jvmnxy2nc858";
+      stripRoot = false;
+    };
+
+    buildInputs = [ makeWrapper ];
+
+    buildPhase = '':'';
+
+    libPath = lib.makeLibraryPath [ 
+      alsaLib
+      atk
+      cairo
+      cups
+      dbus
+      expat
+      freetype
+      fontconfig
+      gnome3.gconf
+      gcc.cc
+      gdk_pixbuf
+      gtk2-x11
+      glib
+      pango
+      nss
+      nspr
+      systemd.lib
+      xorg.libX11
+      xorg.libXcursor
+      xorg.libXcomposite
+      xorg.libXext
+      xorg.libXfixes
+      xorg.libXdamage
+      xorg.libXi
+      xorg.libXrandr
+      xorg.libXrender
+      xorg.libXtst
+      xorg.libXScrnSaver
+    ];
+    installPhase = ''
+      pushd Nozbe-${version}
+      ls -lha
+
+      patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 Nozbe
+
+      mkdir -p $out/bin
+      cp -a * $out/
+
+      wrapProgram $out/Nozbe \
+        --prefix LD_LIBRARY_PATH : "${libPath}"
+
+      ln -sf ../Nozbe $out/bin/
+    '';
+}

nix/pkgs/staruml.nix

@@ -0,0 +1,57 @@
+{ stdenv, fetchurl, makeWrapper
+, dpkg, patchelf
+, gtk2, glib, gdk_pixbuf, alsaLib, nss, nspr, GConf, cups, libgcrypt, dbus, systemd
+}:
+
+let
+  inherit (stdenv) lib;
+  LD_LIBRARY_PATH = lib.makeLibraryPath
+    [ glib gtk2 gdk_pixbuf alsaLib nss nspr GConf cups libgcrypt dbus ];
+in
+stdenv.mkDerivation rec {
+  version = "2.8.1";
+  name = "staruml-${version}";
+
+  src =
+    if stdenv.system == "i686-linux" then fetchurl {
+      url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb";
+      sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n";
+    } else fetchurl {
+      url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb";
+      sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0";
+    };
+
+  buildInputs = [ dpkg ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  unpackPhase = ''
+    mkdir pkg
+    dpkg-deb -x $src pkg
+    sourceRoot=pkg
+  '';
+
+  installPhase = ''
+    mkdir $out
+    mv opt/staruml $out/bin
+
+    mkdir -p $out/lib
+    ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/
+    ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0
+
+    for binary in StarUML Brackets-node; do
+      ${patchelf}/bin/patchelf \
+        --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+        $out/bin/$binary
+      wrapProgram $out/bin/$binary \
+        --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH}
+    done
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A sophisticated software modeler";
+    homepage = http://staruml.io/;
+    license = licenses.unfree;
+    platforms = [ "i686-linux" "x86_64-linux" ];
+  };
+}

nix/tests/buildvmwithbootloader/build-vm.nix

@@ -0,0 +1,32 @@
+{ system ? builtins.currentSystem
+, vmPkgsPath
+, buildPkgsPath
+, nixosConfigPath
+}:
+
+let
+  buildPkgs = import buildPkgsPath {};
+  vmPkgs'= import vmPkgsPath {};
+  vmPkgs = vmPkgs' // {
+    runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}";
+  };
+
+  importWithPkgs = { path, pkgs }: args: import path (args // { inherit pkgs; });
+ 
+  nixosConfig = importWithPkgs { path = "${nixosConfigPath}"; pkgs = vmPkgs; };
+  vmConfig = importWithPkgs { path = "${buildPkgsPath}/nixos/modules/virtualisation/qemu-vm.nix"; pkgs = vmPkgs; };
+  evalConfig = importWithPkgs { path = "${vmPkgsPath}/nixos/lib/eval-config.nix"; pkgs = null; };
+
+  vmWithBootLoaderConfigMixed = (evalConfig {
+    modules = [
+      nixosConfig
+      vmConfig
+      {
+        virtualisation.useBootLoader = true; 
+      }
+
+    ];
+  }).config;
+in {
+  vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm;
+}

nix/tests/buildvmwithbootloader/build-vm.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -x
+rm *.qcow2
+rm result*
+set -e
+
+BUILD_NIXPKGS="${BUILD_NIXPKGS:-${HOME}/src/github/NixOS/nixpkgs.dev}"
+NIXOS_CONFIG="${NIXOS_CONFIG_OVERRIDE:-${PWD}/configuration.nix}"
+
+nix-build -K --show-trace build-vm.nix \
+    --arg vmPkgsPath '<nixos-18.03>' \
+    --argstr buildPkgsPath "${BUILD_NIXPKGS}" \
+    --argstr nixosConfigPath "${NIXOS_CONFIG}" \
+    -A vmWithBootLoaderMixed
+
+./result/bin/run-*-vm 

nix/tests/buildvmwithbootloader/configuration.nix

@@ -0,0 +1,38 @@
+{ pkgs, lib, ... }:
+let
+
+in
+
+{
+  boot.loader.grub = {
+    enable = true;
+    version = 2;
+    device = "/dev/vda";
+    efiSupport = true;
+    enableCryptodisk = true;
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+
+  boot.initrd.luks.devices = [ {
+      name = "crypt";
+      device = "/dev/disk/uuid/463d886d-7dfe-421b-8cef-f9af3a3fa09d";
+      preLVM = true;
+      allowDiscards = true;
+    }
+  ];
+  fileSystems."/" = {
+      label = "root";
+  };
+
+  fileSystems."/boot" = {
+      label = "boot";
+  };
+
+  boot.tmpOnTmpfs = true;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  
+  users.extraUsers.root.initialPassword = lib.mkForce "toorroot";
+  users.mutableUsers = false;
+}

nix/tests/buildvmwithbootloader/debug-vm.sh

@@ -0,0 +1,30 @@
+# /nix/store/lya9qyl9z5xb4vzdzh4vzcr7gfssk47z-qemu-host-cpu-only-for-vm-tests-2.12.0/bin/qemu-kvm \
+# -cpu \
+# kvm64 \
+# -name \
+# nixos \
+# -m \
+# 384 \
+# -smp \
+# 1 \
+# -device \
+# virtio-rng-pci \
+# -net \
+# nic,netdev=user.0,model=virtio \
+# -netdev \
+# user,id=user.0 \
+# -virtfs \
+# local,path=/nix/store,security_model=none,mount_tag=store \
+# -virtfs \
+# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=xchg \
+# -virtfs \
+# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=shared \
+# -drive \
+# index=1,id=drive2,file=/tmp/nix-vm.j7eRAzkZvB/disk.img,media=disk,if=virtio \
+# -drive \
+# index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/nixos.qcow2,cache=writeback,werror=report,if=virtio \
+
+
+/nix/store/0i6fr8vv559a50w0vipvd22r0kkg1kx1-qemu-host-cpu-only-for-vm-tests-3.0.0/bin/qemu-kvm -cpu kvm64 -name nixos -m 384 -smp 1 -device virtio-rng-pci -net nic,netdev=user.0,model=virtio -netdev user,id=user.0 -virtfs local,path=/nix/store,security_model=none,mount_tag=store -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=xchg -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=shared \
+    -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \
+    -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio \

nix/tests/buildvmwithbootloader/result

@@ -0,0 +1 @@
+/nix/store/xh6p394kh1bncmc3lr6l9fb81284ckhf-nixos-vm

nix/tests/test-vm.nix

@@ -0,0 +1,7 @@
+{ lib, config, pkgs, fetchgit, ... }:
+{
+  boot.consoleLogLevel=6;
+  users.users.root.initialPassword = "root";
+  systemd.services."serial-getty@ttyS0".enable = true;
+  networking.firewall.enable = false;
+}

nix/variables/keys.nix

@@ -0,0 +1,10 @@
+{
+  users = {
+    steveej = {
+      openssh = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnrvnvECGpBU4OXK7m7oJOOu7aJzAxOQyvEWhkRBEEyme8/eIiTJMi99wX5kKMWtpbUvinIyZ37VIrnVZv0bJ3WpJQJQkrqAkV1Bs3m5dE7AGIH0BrxgLXHuNxkW3BwmAaqUOq21r4MaYVu2xF38xwKrrk57nQkNjuZ2eiv7XyHaDn+n352jULJzcIXVKyJExhsiGomrwEXq/cmmD+s6M3yUp559fw4cQTdg6iaK76gUAFukL35HCWN3sFKPVEC/yxvfKUIhVsKuwjHfvsSxJgSjcS5yXEtJOB1RhlJ3dLfSyJzuY/AHSqSpMwUSCksMn4xTUKHLGD4wJJI8tRHbsp cardno:000605247559"
+      ];
+    };
+  };
+}