2018-10-31 00:29:08 +00:00
75 changed files with 1410 additions and 1253 deletions
--- a/.git-crypt/.gitattributes
+++ b/.git-crypt/.gitattributes
@ -0,0 +1,3 @@
 # Do not edit this file.  To specify the files to encrypt, create your own
 # .gitattributes file in the directory where your files are.
 * !filter !diff
--- a/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg
+++ b/.git-crypt/keys/default/0/6F7069FE6B96E894E60EC45C6EEFA706CB17E89B.gpg
--- a/16
+++ b/16
@ -0,0 +1,16 @@
 devices action dir +moreargs="":
 	#!/usr/bin/env bash
 	set -x
 	sudo $(nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}} )
 diskMount dir:
 	just -v devices diskMount {{dir}}
 diskUmount dir:
 	just -v devices diskUmount {{dir}}
 diskInstall dir:
 	just -v devices diskInstall {{dir}}
 device-rebuild dir rebuildarg="build":
 	just -v devices rebuild {{dir}} --argstr rebuildarg {{rebuildarg}}
--- a/README.md
+++ b/README.md
@ -0,0 +1,42 @@
 # steveej's infra
 This repository helps me to manage all computer infrastructure.
 This is mostly achieved with the help of [Nix](https://nixos.org).
 In the unlikely case that you actually read this and have any questions please don't hesitate to reach out.
 ## Roadmap
 - All graphical systems (incl. install media) must have
  - [x] Full-disk encryption by default 
  - [x] Yubikey support with SSH auth
 - [ ] Migrate all devices to new structure
  - [x] Encrypted Install media
  - [ ] steveej-laptop
  - [ ] steveej-laptop-work
 - [ ] Toplevel Justfile for simple actions
  - [x] mount/umount disks
  - [x] install to mounted disk
  - [x] rebuild running system
  - [ ] update running system
  - [ ] partition/encrypt/format disks
  - [ ] annotate recipes with some documentation
  - [ ] declare shell.nix with runtime deps
 - [ ] Document bootstrap process
 - [ ] Incorporate home environment 
  - [ ] home-manager
  - [ ] dotfiles
  - [ ] Modification strategy for tracked dotfiles
  - [ ] pkgs-configuration 
  - [ ] development environments
 - [ ] Automatic backups
  - [ ] tracked dotfiles
  - [ ] detect new and untracked dotfiles?
 - [ ] Design disaster recovery
 - [ ] Recycle *\_archived*
 - [ ] Maybe make this a nix-overlay
 ## Usage
 *(These are reminders for my future self)*
 ```
 just --list
 ```
--- a/_archive/container-images/build.sh
+++ b/_archive/container-images/build.sh
--- a/_archive/container-images/default.nix
+++ b/_archive/container-images/default.nix
--- a/_archive/environments/dev/cross.nix
+++ b/_archive/environments/dev/cross.nix
--- a/_archive/environments/dev/go/default.nix
+++ b/_archive/environments/dev/go/default.nix
--- a/_archive/environments/dev/go/neovim-go.nix
+++ b/_archive/environments/dev/go/neovim-go.nix
--- a/_archive/environments/dev/pandoc.nix
+++ b/_archive/environments/dev/pandoc.nix
--- a/_archive/environments/dev/rkt.nix
+++ b/_archive/environments/dev/rkt.nix
--- a/_archive/environments/dev/rust/.envrc
+++ b/_archive/environments/dev/rust/.envrc
--- a/_archive/environments/dev/rust/default.nix
+++ b/_archive/environments/dev/rust/default.nix
--- a/_archive/environments/dev/vim-go.nix
+++ b/_archive/environments/dev/vim-go.nix
--- a/_archive/environments/dev/vim-pandoc.nix
+++ b/_archive/environments/dev/vim-pandoc.nix
--- a/_archive/environments/dev/vim-rust.nix
+++ b/_archive/environments/dev/vim-rust.nix
--- a/_archive/environments/fhs/android.nix
+++ b/_archive/environments/fhs/android.nix
--- a/_archive/environments/fhs/vscode.nix
+++ b/_archive/environments/fhs/vscode.nix
--- a/_archive/nixos-configuration/common/pkg/neovim.nix
+++ b/_archive/nixos-configuration/common/pkg/neovim.nix
--- a/_archive/nixos-configuration/common/pkg/vim.nix
+++ b/_archive/nixos-configuration/common/pkg/vim.nix
--- a/_archive/nixos-configuration/common/user/steveej.nix
+++ b/_archive/nixos-configuration/common/user/steveej.nix
@ -0,0 +1,20 @@
 { config
 , pkgs
 , ... }:
 let 
  passwords = import ../passwords.crypt.nix;
  keys = import ../keys.nix;
  inherit (import ../lib) mkUser;
 in {
  users.mutableUsers = false;
  users.defaultUserShell = pkgs.zsh;
  users.extraUsers.steveej = mkUser {
    uid = 1000;
    hashedPassword = passwords.users.steveej;
  };
  security.pam.enableU2F = true;
  security.pam.services.steveej.u2fAuth = true;
 }
--- a/nixops/nano/configuration.nix
+++ b/nixops/nano/configuration.nix
--- a/nixops/nano/hardware-configuration.nix
+++ b/nixops/nano/hardware-configuration.nix
--- a/nixops/nanos@kn.nix
+++ b/nixops/nanos@kn.nix
--- a/nixos-configuration/common/passwords.crypt.nix
+++ b/nixos-configuration/common/passwords.crypt.nix
--- a/nixos-configuration/common/user/root.nix
+++ b/nixos-configuration/common/user/root.nix
@ -1,16 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 let 
  passwords = import ../passwords.crypt.nix;
 in
 {
  users.mutableUsers = false;
  users.extraUsers.root = {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
  };
 }
--- a/nixos-configuration/live-usb/boot.nix
+++ b/nixos-configuration/live-usb/boot.nix
@ -1,21 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # Bootloader, initrd and Kernel
  boot.loader.grub.enable = true;
  boot.loader.grub.enableCryptodisk = true;
  boot.loader.grub.version = 2;
  # workaround to disable CPU wining
  # current CPU has 9 idle cstates.
  # Workaround for nm-pptp to enforce module load
  boot.kernelModules = [ 
      "nf_conntrack_proto_gre"
      "nf_conntrack_pptp"
  ];
  boot.tmpOnTmpfs = true;
 }
--- a/nixos-configuration/live-usb/configuration.nix
+++ b/nixos-configuration/live-usb/configuration.nix
@ -1,15 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [ 
    ./pkg.nix
    ./hw.nix
    ./system.nix
    ./user.nix
    ./boot.nix
  ];
 }
--- a/nixos-configuration/live-usb/hw.nix
+++ b/nixos-configuration/live-usb/hw.nix
@ -1,59 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, ... }:
 {
    nix.maxJobs = lib.mkDefault 3;
    nix.buildCores = 3;
    hardware.enableAllFirmware = true;
    hardware.trackpoint.emulateWheel = true;
    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
    boot.kernelModules = [ "kvm-intel" ];
    boot.extraModprobeConfig = ''
      options kvm-intel nested=1
      options kvm-intel enable_shadow_vmcs=1
      options kvm-intel enable_apicv=1
      options kvm-intel ept=1
    '';
    boot.extraModulePackages = [ ];
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    fileSystems."/boot" = { 
        device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part2";
        fsType = "vfat";
    };
    fileSystems."/" = {
        device = "/dev/mapper/live--usb-live--usb--root";
        fsType = "btrfs";
        options = [ "subvol=nixos" ];
    };
    fileSystems."/home" = {
        device = "/dev/mapper/live--usb-live--usb--root";
        fsType = "btrfs";
        options = [ "subvol=home" ];
    };
    swapDevices = [
        { device = "/dev/mapper/live--usb-live--usb--root"; }
    ];
    boot.loader.grub = {
        device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0";
        efiSupport = true;
    };
    boot.initrd.luks.devices = [ {
            name = "crypt-live-usb";
            device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part3";
            preLVM = true;
            allowDiscards = true;
        }
    ];
 }
--- a/nixos-configuration/live-usb/pkg.nix
+++ b/nixos-configuration/live-usb/pkg.nix
@ -1,29 +0,0 @@
 { config,
  pkgs,
  ... }:
 let
 in
 {
  nixpkgs.config = {
    allowBroken = false;
    allowUnfree = true;
    packageOverrides = pkgs: rec {
    };
  };
  imports =
    [
      ../common/pkg/default.nix
    ];
  environment.systemPackages = with pkgs; [
    firefox
    gitFull
    gpg2
    nvim
  ];
 }
--- a/nixos-configuration/live-usb/system.nix
+++ b/nixos-configuration/live-usb/system.nix
@ -1,242 +0,0 @@
 { config, lib, pkgs, ... }:
 let
 in 
 rec {
  nix.binaryCachePublicKeys = [
    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;
  nix.useSandbox = true;
  # The NixOS release to be compatible with for stateful data such as databases.
  # system.stateVersion = "unstable";
  networking.hostName = "steveej-liveusb"; # Define your hostname.
  networking.firewall.enable = true;
  networking.firewall.checkReversePath = false;
  # Provide a NAT/DHCP Router
  #
  # networking.nat.enable = true;
  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
  # networking.nat.externalInterface = "wlp1s0";
  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
  #     { address = "10.254.253.254"; prefixLength = 24; }
  # ];
  # services.dnsmasq = {
  #   enable = true;
  #   servers = [ "8.8.8.8" "8.8.4.4" ];
  #   extraConfig = ''
  #     domain=lan
  #     interface=enp0s20f0u4u1u3
  #     bind-interfaces
  #     dhcp-range=10.254.253.100,10.254.253.199,1h
  #   '';
  # };
  networking.networkmanager = {
    enable = true;
    dns = "dnsmasq";
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };
  programs.zsh = {
    enable = false;
  };
  environment.sessionVariables = {
    NIXPKGS_ALLOW_UNFREE = "1";
    # Don't create .pyc files.
    PYTHONDONTWRITEBYTECODE = "1";
  };
  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  environment.pathsToLink = [ "/share/zsh" ];
  # Fonts, I18N, Date ...
  fonts = {
    enableCoreFonts = true;
  };
  i18n = {
    consoleFont = "lat9w-16";
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Berlin";
  #time.timeZone = "America/Los_Angeles";
  # Services
  services.gpm.enable = true;
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";
  services.gnome3 = {
    gnome-disks.enable = false;
    gnome-documents.enable = false;
    gnome-online-miners.enable = false;
    gnome-user-share.enable = false;
    gnome-terminal-server.enable = false;
    gpaste.enable = false;
    sushi.enable = false;
    tracker.enable = false;
    # FIXME: gnome should be moved to user session
    seahorse.enable = true;
    gvfs.enable = true;
    at-spi2-core.enable = true;
    evolution-data-server.enable = true;
    gnome-online-accounts.enable = true;
    gnome-keyring.enable = true;
  };
  services.teamviewer.enable = false;
  services.printing = {
    enable = false;
  };
  services.pcscd.enable = true;
  services.xserver = {
    enable = true;
    libinput.enable = true;
    libinput.naturalScrolling = true;
    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys";
    desktopManager = {
      # FIXME: gnome should be moved to user session
      gnome3.enable = true;
      xterm.enable = true;
      plasma5.enable = false;
    };
    displayManager = {
      gdm.enable = false;
      lightdm = {
        enable = true;
        autoLogin = {
          enable = true;
          user = "steveej";
        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };
      sessionCommands = ''
      '';
    };
  };
 # Package configuration
  environment.systemPackages = with pkgs; [
  ];
  # More Services
  services.udev.packages = [
    pkgs.libu2f-host
    pkgs.yubikey-personalization
  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    # Plantronics BackBeat PRO
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
  ''
      ;
  services.packagekit.enable = true;
  services.resolved.enable = false;
  services.nix-serve.enable = false;
  services.samba.enable = true;
  services.samba.extraConfig = ''
  client max protocol = SMB3
  '';
  # hardware related services
  services.illum.enable = true;
  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
      support32Bit = true;
    };
  };
  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };
  # required for running blueman-applet in user sessions
  services.dbus.packages = with pkgs; [ 
    blueman
  ];
  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];
  # virtualization
  virtualisation = {
    libvirtd.enable = false;
    virtualbox.enable = false;
    docker.enable = true;
  };
  # Activation scripts for impure set up of paths in /
  system.activationScripts.bin = ''
    echo "setting up /bin..."
    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
    mv -Tf /bin/.bash /bin/bash
  '';
  system.activationScripts.etcX11sessinos = ''
    echo "setting up /etc/X11/sessions..."
    mkdir -p /etc/X11
    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
    mv -Tf /etc/X11/.sessions /etc/X11/sessions
  '';
  system.activationScripts.lib64 = ''
    echo "setting up /lib64..."
    mkdir -p /lib64
    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
  '';
 }
--- a/nixos-configuration/live-usb/user.nix
+++ b/nixos-configuration/live-usb/user.nix
@ -1,51 +0,0 @@
 { config
 , pkgs
 , ... }:
 let 
  passwords = import ../common/passwords.crypt.nix;
  mkUser = {uid, hashedPassword, ... } @ args: args // {
    inherit uid hashedPassword;
    isNormalUser = true;
    extraGroups = [
      "docker"
      "wheel"
      "libvirtd"
      "networkmanager"
      "vboxusers"
      "users"
      "input"
      "audio"
      "video"
      "cdrom"
    ];
  };
 in
 {
  users.mutableUsers = false;
  users.defaultUserShell = pkgs.zsh;
  users.extraUsers.root = {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
  };
  users.extraUsers.steveej = mkUser {
    uid = 1000;
    hashedPassword = passwords.users.steveej;
  };
  users.extraUsers.steveej2 = mkUser {
    uid = 1001;
    hashedPassword = passwords.users.steveej2;
  };
  users.extraUsers.steveej3 = mkUser {
    uid = 1002;
    hashedPassword = passwords.users.steveej;
  };
  security.pam.enableU2F = true;
  security.pam.services.steveej.u2fAuth = true;
 }
--- a/nixos-configuration/steveej-laptop/configuration.nix
+++ b/nixos-configuration/steveej-laptop/configuration.nix
@ -1,15 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [ 
    ./pkg.nix
    ./hw.nix
    ./system.nix
    ./user.nix
    ./boot.nix
  ];
 }
--- a/nixos-configuration/steveej-laptop/system.nix
+++ b/nixos-configuration/steveej-laptop/system.nix
@ -1,320 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {};
  unstablepkgs = import <nixos-unstable> {};
 in
 rec {
  nix.binaryCachePublicKeys = [
    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;
  nix.package = unstablepkgs.nixStable;
  nix.useSandbox = true;
  # The NixOS release to be compatible with for stateful data such as databases.
  # system.stateVersion = "unstable";
  networking.hostName = "steveej-laptop"; # Define your hostname.
  networking.hosts = {
    "160.85.37.177" = [ "splabchat" ];
  };
  networking.firewall.enable = true;
  networking.firewall.checkReversePath = false;
  # Provide a NAT/DHCP Router
  #
  # networking.nat.enable = true;
  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
  # networking.nat.externalInterface = "wlp1s0";
  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
  #     { address = "10.254.253.254"; prefixLength = 24; }
  # ];
  # services.dnsmasq = {
  #   enable = true;
  #   servers = [ "8.8.8.8" "8.8.4.4" ];
  #   extraConfig = ''
  #     domain=lan
  #     interface=enp0s20f0u4u1u3
  #     bind-interfaces
  #     dhcp-range=10.254.253.100,10.254.253.199,1h
  #   '';
  # };
  networking.networkmanager = {
    enable = true;
    dns = "dnsmasq";
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };
  # Used for testing local Tectonic clusters
  environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
    server=/tt.testing/192.168.124.1
    server=/tectonic-ci.de/192.168.124.1
    server=/tectonic-ci.lan/192.168.124.1
  '';
  networking.bridges."virbr1".interfaces = [];
  networking.interfaces."virbr1".ipv4.addresses = [
      { address = "10.254.254.254"; prefixLength = 24; }
  ];
  programs.zsh = {
    enable = false;
 #    enableAutosuggestions = true; #    enableCompletion = true;
 #    syntaxHighlighting.enable = true;
 #    syntaxHighlighting.patterns = {};
 #    ohMyZsh = {
 #      enable = true;
 #      theme = "tjkirch";
 #    };
 #    promptInit = ''
 #      autoload -U promptinit
 #      promptinit
 #      ZSH_THEME_GIT_PROMPT_PREFIX='@ '
 #      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
 #%_%F{%(!.red.green)}$(prompt_char)%f '
 #      RPROMPT=""
 #    '';
 #    interactiveShellInit = ''
 #    '';
  };
  programs.bash = {
    enableCompletion = true;
    promptInit = ''
      function exitstatus() {
        if [[ $? -eq 0 ]]; then
          printf '✓'
        else
          printf '✗'
        fi
      }
      function nixshellEval {
        if [[ "$1" != "" ]]; then
          printf "»$1« "
        fi
      }
      function setPS1 {
        if test "$TERM" != "dumb"; then
          # Provide a nice prompt.
          BLUE="\[\033[0;34m\]"
          RED="\[\033[1;31m\]"
          GREEN="\[\033[1;32m\]"
          NO_COLOR="\[\033[0m\]"
          PROMPT_COLOR=$RED
          let $UID && PROMPT_COLOR=$GREEN
          PS1="$PROMPT_COLOR\u$NO_COLOR@\h \$(exitstatus) \$(nixshellEval $1)$BLUE\w$NO_COLOR\n$PROMPT_COLOR\\$ $NO_COLOR"
          if test "$TERM" = "xterm"; then
            PS1="\[\033]2;\h:\u:\w\007\]$PS1"
          fi
        fi
      }
      setPS1
    '';
  };
  environment.sessionVariables = {
    NIXPKGS_ALLOW_UNFREE = "1";
    # Don't create .pyc files.
    PYTHONDONTWRITEBYTECODE = "1";
  };
  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  environment.pathsToLink = [ "/share/zsh" ];
  # Fonts, I18N, Date ...
  fonts = {
    enableCoreFonts = true;
  };
  i18n = {
    consoleFont = "lat9w-16";
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Berlin";
  #time.timeZone = "America/Los_Angeles";
  # Services
  services.gpm.enable = true;
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";
  services.gnome3 = {
    gnome-disks.enable = false;
    gnome-documents.enable = false;
    gnome-online-miners.enable = false;
    gnome-user-share.enable = false;
    gnome-terminal-server.enable = false;
    gpaste.enable = false;
    sushi.enable = false;
    tracker.enable = false;
    # FIXME: gnome should be moved to user session
    seahorse.enable = true;
    gvfs.enable = true;
    at-spi2-core.enable = true;
    evolution-data-server.enable = true;
    gnome-online-accounts.enable = true;
    gnome-keyring.enable = true;
  };
  services.teamviewer.enable = false;
  services.printing = {
    enable = true;
    drivers = [
      pkgs.hplip
      unstablepkgs.cups-kyodialog3
      unstablepkgs.mfcj6510dwlpr
      unstablepkgs.mfcj6510dw-cupswrapper
    ];
  };
  services.pcscd.enable = true;
  services.xserver = {
    enable = true;
    libinput.enable = true;
    libinput.naturalScrolling = true;
    videoDrivers = [ "qxl" "modesetting" ];
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys";
    desktopManager = {
      # FIXME: gnome should be moved to user session
      gnome3.enable = true;
      xterm.enable = true;
      plasma5.enable = false;
    };
    displayManager = {
      gdm.enable = false;
      lightdm = {
        enable = true;
        autoLogin = {
          enable = true;
          user = "steveej";
        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };
      sessionCommands = ''
      '';
    };
  };
 # Package configuration
  environment.systemPackages = with pkgs; [
  ];
  # More Services
  services.udev.packages = [
    pkgs.libu2f-host
    pkgs.yubikey-personalization
  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    # Plantronics BackBeat PRO
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
  ''
      ;
  services.packagekit.enable = true;
  services.resolved.enable = false;
  services.nix-serve.enable = true;
  services.samba.enable = true;
  services.samba.extraConfig = ''
  client max protocol = SMB3
  '';
  # hardware related services
  services.illum.enable = true;
  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
      support32Bit = true;
    };
  };
  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };
  # required for running blueman-applet in user sessions
  services.dbus.packages = with pkgs; [
    blueman
  ];
  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];
  # virtualization
  virtualisation = {
    libvirtd.enable = true;
    virtualbox.host.enable = true;
    virtualbox.host.addNetworkInterface = true;
    docker.enable = true;
  };
  # Activation scripts for impure set up of paths in /
  system.activationScripts.bin = ''
    echo "setting up /bin..."
    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
    mv -Tf /bin/.bash /bin/bash
  '';
  system.activationScripts.etcX11sessinos = ''
    echo "setting up /etc/X11/sessions..."
    mkdir -p /etc/X11
    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
    mv -Tf /etc/X11/.sessions /etc/X11/sessions
  '';
  system.activationScripts.lib64 = ''
    echo "setting up /lib64..."
    mkdir -p /lib64
    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
  '';
 }
--- a/nixos-configuration/steveej-laptop/user.nix
+++ b/nixos-configuration/steveej-laptop/user.nix
@ -1,51 +0,0 @@
 { config
 , pkgs
 , ... }:
 let 
  passwords = import ../common/passwords.crypt.nix;
  mkUser = {uid, hashedPassword, ... } @ args: args // {
    inherit uid hashedPassword;
    isNormalUser = true;
    extraGroups = [
      "docker"
      "wheel"
      "libvirtd"
      "networkmanager"
      "vboxusers"
      "users"
      "input"
      "audio"
      "video"
      "cdrom"
    ];
  };
 in
 {
  users.mutableUsers = false;
  users.defaultUserShell = pkgs.zsh;
  users.extraUsers.root = {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
  };
  users.extraUsers.steveej = mkUser {
    uid = 1000;
    hashedPassword = passwords.users.steveej;
  };
  users.extraUsers.steveej2 = mkUser {
    uid = 1001;
    hashedPassword = passwords.users.steveej2;
  };
  users.extraUsers.steveej3 = mkUser {
    uid = 1002;
    hashedPassword = passwords.users.steveej;
  };
  security.pam.enableU2F = true;
  security.pam.services.steveej.u2fAuth = true;
 }
--- a/nixos-configuration/steveej-laptop2/configuration.nix
+++ b/nixos-configuration/steveej-laptop2/configuration.nix
@ -1,154 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 let
  passwords = import ../common/passwords.crypt.nix;
 in
 {
  nixpkgs.config.allowUnfree = true;
  nix.binaryCachePublicKeys = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
  nix.binaryCaches = [ 
    "https://cache.nixos.org"
    "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [ 
    "https://cache.nixos.org"
    "https://hydra.nixos.org"
  ];
  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  networking.hostName = "steveej-laptop2"; # Define your hostname.
  fonts = {
    enableCoreFonts = true;
  };
  i18n = {
    defaultLocale = "en_US.UTF-8";
  };
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
  networking.firewall.enable = false;
  networking.networkmanager = {
    enable = true;
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };
  programs.bash = {
    enableCompletion = true;
    promptInit = ''
      function exitstatus() {
        if [[ $? -eq 0 ]]; then
          printf '✓'
        else
          printf '✗'
        fi
      }
      function nixshellEval {
        if [[ "$1" != "" ]]; then
          printf "»$1« "
        fi
      }
      function setPS1 {
        if test "$TERM" != "dumb"; then
          # Provide a nice prompt.
          BLUE="\[\033[0;34m\]"
          RED="\[\033[1;31m\]"
          GREEN="\[\033[1;32m\]"
          NO_COLOR="\[\033[0m\]"
          PROMPT_COLOR=$RED
          let $UID && PROMPT_COLOR=$GREEN
          PS1="$PROMPT_COLOR\u$NO_COLOR@\h \$(exitstatus) \$(nixshellEval $1)$BLUE\w$NO_COLOR\n$PROMPT_COLOR\\$ $NO_COLOR"
          if test "$TERM" = "xterm"; then
            PS1="\[\033]2;\h:\u:\w\007\]$PS1"
          fi
        fi
      }
      setPS1
    '';
  };
  services.xserver = {
    libinput.enable = true;
    libinput.naturalScrolling = true;
    videoDrivers = [ "qxl" "intel" ];
    enable = true;
    layout = "us";
    windowManager.qtile.enable = true;
    desktopManager = {
      xterm.enable = false;
      gnome3.enable = true;
    };
    displayManager = {
      slim = {
        enable = true;
        theme = pkgs.fetchFromGitHub {
          owner = "steveej";
          repo = "nixos-slim-theme";
          rev = "eec04a624113db835f2b5960d305e242da9dbc2a";
          sha256 = "146zmr5rzwxq5mz6b7108a3ksf3nvqxrr8bvi82jsw6xqji4i5f5";
        };
        autoLogin = false;
        defaultUser = "steveej";
      };
 #      sessionCommands = ''
 #        xscreensaver -no-splash &
 #        ${pkgs.networkmanagerapplet}/bin/nm-applet &
 #        $(sleep 2; xmodmap /home/steveej/.Xmodmap) &
 #      '';
    };
  };
  users.mutableUsers = false;
  users.extraUsers.root = {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
  };
  users.extraUsers.steveej = {
    uid = 1000;
    isNormalUser = true;
    home = "/home/steveej";
    extraGroups = [ "wheel" "libvirtd" "networkmanager" "vboxusers" ];
    hashedPassword = passwords.users.steveej;
  };
  services.gpm.enable = true;
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";
  # List packages installed in system profile. To search by name, run:
  # $ nix-env -qaP | grep wget
  environment.systemPackages = with pkgs; [
    xorg.xmodmap
    wget
    vim
    roxterm
  ];
  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "16.09";
 }
--- a/nixos-configuration/steveej-laptop2/hardware-configuration.nix
+++ b/nixos-configuration/steveej-laptop2/hardware-configuration.nix
@ -1,71 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, ... }:
 {
  boot.initrd.availableKernelModules = [
    "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod"
  ];
  boot.kernelModules = [ 
      "nf_conntrack_proto_gre"
      "nf_conntrack_pptp"
      "kvm-intel"
  ];
  boot.extraModulePackages = [ ];
  nix.maxJobs = lib.mkDefault 2;
  nix.buildCores = 2;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # Bootloader, initrd and Kernel
  boot.loader.grub.enable = true;
  boot.loader.grub.enableCryptodisk = true;
  boot.loader.grub.version = 2;
  # Workaround for nm-pptp
  boot.tmpOnTmpfs = true;
  hardware.enableAllFirmware = true;
  hardware.trackpoint.emulateWheel = true;
  fileSystems."/" = { device = "/dev/disk/by-uuid/c428a7e0-cd80-4ae7-90fb-530a9676278e";
      fsType = "btrfs";
      options = [
        "defaults"
        "compress=lzo"
        "subvol=nixos"
      ];
  };
  fileSystems."/home" = { device = "/dev/disk/by-uuid/c428a7e0-cd80-4ae7-90fb-530a9676278e";
      fsType = "btrfs";
      options = [
        "defaults"
        "compress=lzo"
        "subvol=home"
      ];
  };
  fileSystems."/var/lib/rkt" = {
      fsType = "tmpfs";
  };
  fileSystems."/var/lib/cni" = {
      fsType = "tmpfs";
  };
  swapDevices = [ ];
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda";
  boot.initrd.luks.devices = [ { 
          name = "luksroot";
          device = "/dev/disk/by-uuid/4ac7f8ba-4dea-41e8-99ea-b794aace24a1";
          preLVM = false;
          allowDiscards = true;
      }
  ];
 }
--- a/nixos/devices/default.nix
+++ b/nixos/devices/default.nix
@ -0,0 +1,62 @@
 { pkgs ? import <nixpkgs> {}
 , dir
 , rebuildarg ? null
 }:
 let
  diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
 in {
  rebuild = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
    pushd ${dir}
    export NIXOS_CONFIG="$PWD"/configuration.nix
    export INSTALL_ROOT="/mnt/$ID-root"
    [[ -e "''${NIXOS_CONFIG}" ]]
    nixos-rebuild -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg}
    rm result
  '';
  diskMount = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
    ID=${diskId}
    echo Mounting $ID
    set -xe
    cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3
    vgchange -ay $ID
    mkdir -p /mnt/$ID-root
    mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
    mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
    mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot
  '';
  diskUmount = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
      ID=${diskId}
    umount -R /mnt/$ID-root
    rmdir /mnt/$ID-root
    vgchange -an $ID
    cryptsetup luksClose $ID-part3
    sync
  '';
  diskInstall = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
    ID=${diskId}
    pushd ${dir}
    export NIXOS_CONFIG="$PWD"/configuration.nix
    export INSTALL_ROOT="/mnt/$ID-root"
    [[ -e "''${NIXOS_CONFIG}" ]]
    [[ -e "''${INSTALL_ROOT}" ]]
    nixos-install --max-jobs 5 --cores 4  --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
  '';
 }
--- a/nixos-configuration/steveej-laptop/boot.nix
+++ b/nixos-configuration/steveej-laptop/boot.nix
--- a/nixos/devices/steveej-laptop/configuration.nix
+++ b/nixos/devices/steveej-laptop/configuration.nix
@ -0,0 +1,14 @@
 { ... }:
 {
  imports = [ 
    ../../profiles/common/configuration.nix
    ../../profiles/graphical/configuration.nix
    ./pkg.nix
    ./system.nix
    ./hw.nix
    ./user.nix
    ./boot.nix
  ];
 }
--- a/nixos-configuration/steveej-laptop/hw.nix
+++ b/nixos-configuration/steveej-laptop/hw.nix
@ -4,7 +4,7 @@
 { config, lib, pkgs, ... }:
 {
-    nix.maxJobs = lib.mkDefault 3;
+    nix.maxJobs = 3;
    nix.buildCores = 3;
    hardware.enableAllFirmware = true;
--- a/nixos-configuration/steveej-laptop/pkg.nix
+++ b/nixos-configuration/steveej-laptop/pkg.nix
@ -13,17 +13,6 @@ in
    allowUnfree = true;
    packageOverrides = pkgs: rec {
      # Version override example:
      # rustracerd = pkgs.lib.overrideDerivation pkgs.rustracerd (attrs: rec {
      #   version = "2016-08-23";
      #   name = "racerd-${version}";
      #   src = pkgs.fetchgit {
      #     url = "git://github.com/jwilm/racerd.git";
      #     rev = "813d8214f50e8f77b5d8adf5173173209c8f6d74";
      #     sha256 = "07p4kvrc529khb1afrgwfkdb9nh3nvsk1v2p2b1rdaqvkpgwqr74";
      #   };
      # });
      libvirt = unstablepkgs.libvirt;
      myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor
@ -69,11 +58,6 @@ in
    };
  };
  imports =
    [
      ../common/pkg/default.nix
    ];
  environment.systemPackages = with pkgs; [
  ];
 }
--- a/nixos/devices/steveej-laptop/system.nix
+++ b/nixos/devices/steveej-laptop/system.nix
@ -0,0 +1,57 @@
 { config
 , lib
 , pkgs
 , ... 
 }:
 let
  unstablepkgs = import <nixos-unstable> {};
 in rec {
  # The NixOS release to be compatible with for stateful data such as databases.
  # system.stateVersion = "unstable";
  networking.hostName = "steveej-laptop"; # Define your hostname.
  # Used for testing local Tectonic clusters
  environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = ''
    server=/tt.testing/192.168.124.1
    server=/tectonic-ci.de/192.168.124.1
    server=/tectonic-ci.lan/192.168.124.1
  '';
  networking.firewall.checkReversePath = false;
  networking.bridges."virbr1".interfaces = [];
  networking.interfaces."virbr1".ipv4.addresses = [
      { address = "10.254.254.254"; prefixLength = 24; }
  ];
  services.printing = {
    enable = true;
    drivers = [
      pkgs.hplip
      unstablepkgs.cups-kyodialog3
      unstablepkgs.mfcj6510dwlpr
      unstablepkgs.mfcj6510dw-cupswrapper
    ];
  };
  services.nix-serve.enable = true;
  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };
  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];
  # virtualization
  virtualisation = {
    libvirtd.enable = true;
    virtualbox.host.enable = true;
    virtualbox.host.addNetworkInterface = true;
    docker.enable = true;
  };
 }
--- a/nixos/devices/steveej-laptop/user.nix
+++ b/nixos/devices/steveej-laptop/user.nix
@ -0,0 +1,18 @@
 { config
 , pkgs
 , ... }:
 let
  inherit (import ../../lib/default.nix { }) mkUser;
 in
 {
  users.extraUsers.steveej2 = mkUser {
    uid = 1001;
  };
  users.extraUsers.steveej3 = mkUser {
    uid = 1002;
  };
 }
--- a/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix
+++ b/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/configuration.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  imports = [
    ../../profiles/common/configuration.nix
    ../../profiles/graphical/configuration.nix
    ../../profiles/removable-medium/configuration.nix
    ./system.nix
    ./hw.nix
  ];
 }
--- a/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix
+++ b/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/hw.nix
@ -0,0 +1,5 @@
 { ... }:
 {
  hardware.encryptedDisk.diskId = "mmc-SL32G_0x259093f6";
 }
--- a/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix
+++ b/nixos/devices/steveej-live-mmc-SL32G_0x259093f6/system.nix
@ -0,0 +1,5 @@
 { ... }:
 {
  networking.hostName = "mmc-sandiskultra32gb"; # Define your hostname.
 }
--- a/nixos-configuration/steveej-utilitepro/configuration.nix
+++ b/nixos-configuration/steveej-utilitepro/configuration.nix
--- a/nixos-configuration/steveej-utilitepro/hardware-configuration.nix
+++ b/nixos-configuration/steveej-utilitepro/hardware-configuration.nix
--- a/nixos-configuration/steveej-utilitepro/patches/utilitepro-kernel-dts-Makefile.patch
+++ b/nixos-configuration/steveej-utilitepro/patches/utilitepro-kernel-dts-Makefile.patch
--- a/nixos-configuration/steveej-utilitepro/patches/utilitepro-kernel-dts.patch
+++ b/nixos-configuration/steveej-utilitepro/patches/utilitepro-kernel-dts.patch
--- a/nixos/lib/default.nix
+++ b/nixos/lib/default.nix
@ -0,0 +1,28 @@
 { keys ?  import ../../variables/keys.nix
 , passwords ? import ../../variables/passwords.crypt.nix 
 }:
 {
  mkRoot = { } @ args: {
    hashedPassword = passwords.users.root;
    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
  } // args;
  mkUser = {uid, hashedPassword ? passwords.users.steveej, ... } @ args: {
    inherit uid hashedPassword;
    isNormalUser = true;
    extraGroups = [
      "docker"
      "wheel"
      "libvirtd"
      "networkmanager"
      "vboxusers"
      "users"
      "input"
      "audio"
      "video"
      "cdrom"
    ];
    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
  } // args;
 }
--- a/nixos/modules/encryptedDisk.nix
+++ b/nixos/modules/encryptedDisk.nix
@ -0,0 +1,64 @@
 { lib
 , config
 , ... }:
 with lib;                      
 let
  cfg = config.hardware.encryptedDisk;
  volumeGroup = cfg.diskId;
  bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ];
  rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
  swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
 in {
  options.hardware.encryptedDisk = {
    enable = mkEnableOption "Enable encrypted filesystem layout";
    diskId = mkOption {
      type = types.string;
    };
  };
  config = lib.mkIf cfg.enable {
    fileSystems."/boot" = { 
      device = bootFsDevice;
      fsType = "vfat";
    };
    fileSystems."/" = {
      device = rootFsDevice;
      fsType = "btrfs";
      options = [ "subvol=nixos" ];
    };
    fileSystems."/home" = {
      device = rootFsDevice;
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
    swapDevices = [ { device = swapFsDevice; } ];
    boot.loader.grub = {
      device = bootGrubDevice;
      efiSupport = true;
      efiInstallAsRemovable = true;
    };
    boot.initrd.luks.devices = [ 
      {
        name = 
          let 
            splitstring = builtins.split "/" bootLuksDevice;
            lastelem = (builtins.length splitstring)-1;
          in 
            builtins.elemAt splitstring lastelem; 
        device = bootLuksDevice;
        preLVM = true;
        allowDiscards = true;
      }
    ];
  };
 }
--- a/nixos/modules/natrouter.nix
+++ b/nixos/modules/natrouter.nix
@ -0,0 +1,26 @@
 { lib
 , config
 , ... }:
 with lib;                      
 {
  # TODO
  # Provide a NAT/DHCP Router
  #
  # networking.nat.enable = true;
  # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ];
  # networking.nat.externalInterface = "wlp1s0";
  # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [
  #     { address = "10.254.253.254"; prefixLength = 24; }
  # ];
  # services.dnsmasq = {
  #   enable = true;
  #   servers = [ "8.8.8.8" "8.8.4.4" ];
  #   extraConfig = ''
  #     domain=lan
  #     interface=enp0s20f0u4u1u3
  #     bind-interfaces
  #     dhcp-range=10.254.253.100,10.254.253.199,1h
  #   '';
  # };
 }
--- a/nixos/profiles/common/configuration.nix
+++ b/nixos/profiles/common/configuration.nix
@ -0,0 +1,9 @@
 { ... }:
 {
  imports = [ 
    ./pkg.nix
    ./user.nix
    ./system.nix
  ];
 }
--- a/nixos-configuration/common/pkg/default.nix
+++ b/nixos-configuration/common/pkg/default.nix
--- a/nixos/profiles/common/system.nix
+++ b/nixos/profiles/common/system.nix
@ -0,0 +1,88 @@
 { config
 , pkgs
 , lib
 , ...
 }:
 {
  nix.binaryCachePublicKeys = [
    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.daemonNiceLevel = lib.mkDefault 19;
  nix.daemonIONiceLevel = lib.mkDefault 7;
  nix.maxJobs = lib.mkDefault 3;
  nix.buildCores = lib.mkDefault 3;
  nix.useSandbox = true;
  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  # Fonts, I18N, Date ...
  fonts = {
    enableCoreFonts = true;
  };
  i18n = {
    consoleFont = "lat9w-16";
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Berlin";
  services.gpm.enable = true;
  services.packagekit.enable = true;
  services.openssh.enable = true;
  networking.firewall.enable = true;
  # Activation scripts for impure set up of paths in /
  system.activationScripts.bin = ''
    echo "setting up /bin..."
    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
    mv -Tf /bin/.bash /bin/bash
  '';
  system.activationScripts.etcX11sessinos = ''
    echo "setting up /etc/X11/sessions..."
    mkdir -p /etc/X11
    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
    mv -Tf /etc/X11/.sessions /etc/X11/sessions
  '';
  system.activationScripts.lib64 = ''
    echo "setting up /lib64..."
    mkdir -p /lib64
    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
  '';
  programs.zsh = {
    enable = false;
 # TODO: basic zsh config
 #    enableAutosuggestions = true; #    enableCompletion = true;
 #    syntaxHighlighting.enable = true;
 #    syntaxHighlighting.patterns = {};
 #    ohMyZsh = {
 #      enable = true;
 #      theme = "tjkirch";
 #    };
 #    promptInit = ''
 #      autoload -U promptinit
 #      promptinit
 #      ZSH_THEME_GIT_PROMPT_PREFIX='@ '
 #      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
 #%_%F{%(!.red.green)}$(prompt_char)%f '
 #      RPROMPT=""
 #    '';
 #    interactiveShellInit = ''
 #    '';
  };
 }
--- a/nixos/profiles/common/user.nix
+++ b/nixos/profiles/common/user.nix
@ -0,0 +1,19 @@
 { config
 , pkgs
 , ... }:
 let 
  passwords = import ../../../variables/passwords.crypt.nix;
  libinfraos = import ../../lib/default.nix { };
  inherit (import ../../lib/default.nix { }) mkUser mkRoot;
 in {
  users.mutableUsers = false;
  users.extraUsers.root = mkRoot { };
  users.extraUsers.steveej = mkUser {
    uid = 1000;
  };
  security.pam.enableU2F = true;
  security.pam.services.steveej.u2fAuth = true;
 }
--- a/nixos/profiles/graphical/configuration.nix
+++ b/nixos/profiles/graphical/configuration.nix
@ -0,0 +1,9 @@
 { pkgs
 , ... 
 }:
 {
  imports = [ 
    ./system.nix
  ];
 }
--- a/nixos/profiles/graphical/system.nix
+++ b/nixos/profiles/graphical/system.nix
@ -0,0 +1,112 @@
 { pkgs
 , ... 
 }:
 {
  networking.networkmanager = {
    enable = true;
    dns = "dnsmasq";
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };
  services.resolved.enable = false;
  users.defaultUserShell = pkgs.zsh;
  environment.pathsToLink = [ "/share/zsh" ];
  # hardware related services
  services.illum.enable = true;
  services.pcscd.enable = true;
  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
      support32Bit = true;
    };
  };
  # required for running blueman-applet in user sessions
  services.dbus.packages = with pkgs; [ 
    blueman
  ];
  services.xserver = {
    enable = true;
    libinput.enable = true;
    libinput.naturalScrolling = true;
    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys";
    desktopManager = {
      # FIXME: gnome should be moved to user session
      gnome3.enable = true;
      xterm.enable = true;
      plasma5.enable = false;
    };
    displayManager = {
      gdm.enable = false;
      lightdm = {
        enable = true;
        autoLogin = {
          enable = true;
          user = "steveej";
        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };
      sessionCommands = ''
      '';
    };
  };
  services.gnome3 = {
    gnome-disks.enable = false;
    gnome-documents.enable = false;
    gnome-online-miners.enable = false;
    gnome-user-share.enable = false;
    gnome-terminal-server.enable = false;
    gpaste.enable = false;
    sushi.enable = false;
    tracker.enable = false;
    # FIXME: gnome should be moved to user session
    seahorse.enable = true;
    gvfs.enable = true;
    at-spi2-core.enable = true;
    evolution-data-server.enable = true;
    gnome-online-accounts.enable = true;
    gnome-keyring.enable = true;
  };
  # More Services
  services.udev.packages = [
    pkgs.libu2f-host
    pkgs.yubikey-personalization
  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    # Plantronics BackBeat PRO
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
  '';
  services.samba.enable = true;
  services.samba.extraConfig = ''
    client max protocol = SMB3
  '';
 }
--- a/nixos-configuration/vm-install-iso/Justfile
+++ b/nixos-configuration/vm-install-iso/Justfile
--- a/nixos-configuration/vm-install-iso/iso.nix
+++ b/nixos-configuration/vm-install-iso/iso.nix
--- a/nixos/profiles/removable-medium/boot.nix
+++ b/nixos/profiles/removable-medium/boot.nix
@ -0,0 +1,47 @@
 { config, lib, pkgs, ... }:
 {
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # Bootloader, initrd and Kernel
  boot.loader.grub = {
    enable = true;
    enableCryptodisk = true;
    version = 2;
  };
  boot.initrd.availableKernelModules = [ 
    "xhci_pci"
    "ahci"
    "usb_storage"
    "sd_mod"
    "rtsx_pci_sdmmc"
    "aes_x86_64"
    "aesni_intel"
    "cryptd"
  ];
  boot.kernelModules = [ 
    "kvm-intel"
    # Workaround for nm-pptp to enforce module load
    "nf_conntrack_proto_gre"
    "nf_conntrack_pptp"
  ];
  boot.extraModprobeConfig = ''
    options kvm-intel nested=1
    options kvm-intel enable_shadow_vmcs=1
    options kvm-intel enable_apicv=1
    options kvm-intel ept=1
  '';
  boot.extraModulePackages = [ ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false; 
  # workaround to disable CPU wining
  # current CPU has 9 idle cstates.
  boot.tmpOnTmpfs = true;
 }
--- a/nixos/profiles/removable-medium/configuration.nix
+++ b/nixos/profiles/removable-medium/configuration.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  imports = [ 
    ../../modules/encryptedDisk.nix
    ./pkg.nix
    ./hw.nix
    ./system.nix
    ./boot.nix
  ];
 }
--- a/nixos/profiles/removable-medium/hw.nix
+++ b/nixos/profiles/removable-medium/hw.nix
@ -0,0 +1,7 @@
 { ... }:
 {
  hardware.encryptedDisk.enable = true;
  hardware.enableAllFirmware = true;
  hardware.trackpoint.emulateWheel = true;
 }
--- a/nixos/profiles/removable-medium/pkg.nix
+++ b/nixos/profiles/removable-medium/pkg.nix
@ -0,0 +1,332 @@
 { config,
  pkgs,
  ... }:
 let
  environmentVariables = {
    EDITOR = "nvim";
  };
  dotfiles = builtins.fetchGit {
    url = "https://gitlab.com/steveeJ/dotfiles.git";
    ref = "master";
  };
  mkSimpleTrayService = { execStart, description }: {
    Unit = {
      Description = description;
      After = [ "graphical-session-pre.target" ];
      PartOf = [ "graphical-session.target" ];
    };
    Install = {
      WantedBy = [ "graphical-session.target" ];
    };
    Service = {
      ExecStart = execStart;
    };
  };
 in {
  imports = [
    "${builtins.fetchGit { url = "https://github.com/rycee/home-manager.git"; ref = "master"; }}/nixos"
  ];
  nixpkgs.config = {
    allowBroken = false;
    allowUnfree = true;
    packageOverrides = pkgs: with pkgs; {
      busyboxStatic =  busybox.override {
        enableStatic = true;
        extraConfig = ''
           CONFIG_STATIC y
           CONFIG_INSTALL_APPLET_DONT y
           CONFIG_INSTALL_APPLET_SYMLINKS n
         '';
      };
    };
  };
  environment.systemPackages = with pkgs; [
  ];
  home-manager.users.steveej = {
  programs.firefox = {
    enable = true;
    enableAdobeFlash = false;
    enableGoogleTalk = true;
    enableIcedTea = true;
  };
  programs.command-not-found.enable = true;
  programs.zsh = {
    enable = true;
    # will be called again by oh-my-zsh
    enableCompletion = false;
    enableAutosuggestions = true;
    initExtra = ''
      PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f %F{magenta}$(git_prompt_info)%f
 %_%F{%(!.red.green)}$(prompt_char)%f '
      RPROMPT=""
      # Automatic rehash
      zstyle ':completion:*' rehash true
      if [ -f $HOME/.shrc.d/sh_aliases ]; then
        . $HOME/.shrc.d/sh_aliases
      fi
      # source "$HOME/.homesick/repos/homeshick/homeshick.sh"
      # fpath=($HOME/.homesick/repos/homeshick/completions $fpath)
      # Disable intercepting of ctrl-s and ctrl-q as flow control.
      stty stop ''' -ixoff -ixon
      # don't cd into directories when executed
      unsetopt AUTO_CD
      # Load direnv
      eval "$(direnv hook zsh)"
    '';
    sessionVariables = environmentVariables // {
      # Add more envrionment variables here
    };
    plugins = [
      {
        # will source zsh-autosuggestions.plugin.zsh
        name = "zsh-autosuggestions";
        src = pkgs.fetchFromGitHub {
          owner = "zsh-users";
          repo = "zsh-autosuggestions";
          rev = "v0.4.0";
          sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
        };
      }
      {
        name = "enhancd";
        file = "init.sh";
        src = pkgs.fetchFromGitHub {
          owner = "b4b4r07";
          repo = "enhancd";
          rev = "v2.2.1";
          sha256 = "0iqa9j09fwm6nj5rpip87x3hnvbbz9w9ajgm6wkrd5fls8fn8i5g";
        };
      }
      {
        name = "pass";
        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/pass";
      }
      {
        name = "minikube";
        src = "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/minikube";
      }
    ];
    oh-my-zsh = {
      enable = true;
      theme = "tjkirch";
      plugins = [
        "git"
        "sudo"
      ];
    };
  };
  programs.neovim = {
    enable = true;
  };
  programs.git = {
    enable = true;
    userName = "Stefan Junker";
    userEmail = "mail@stefanjunker.de";
    extraConfig = ''
      [push]
          default = simple
      [color]
          ui = auto
      [gpg]
          program = gpg2
      [alias]
        mr = !sh -c 'git fetch $1 merge-requests/$2/head:mr-$1-$2 && git checkout mr-$1-$2' -
      [diff]
          tool = nvimdiff
      [merge]
          tool = nvimdiff
      [mergetool]
        path = nvim
      [difftool "nvimdiff"]
        cmd = "nvim -d \"$LOCAL\" \"$REMOTE\""
      [remote "origin"]
          prune = true
      [remote "upstream"]
          prune = true
          '';
  };
  home.keyboard = {
    layout = "us";
    variant = "altgr-intl";
    options = [
      "nodeadkeys"
     # "caps:swapescape"
    ];
  };
  xsession = {
    enable = true;
    windowManager.command = "${pkgs.qtile}/bin/qtile";
    initExtra = ''
      ${pkgs.autorandr}/bin/autorandr -c
      ${pkgs.feh}/bin/feh --bg-scale ${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png
      # Workaround for Libreoffice to force gtk3
      export SAL_USE_VCLPLUGIN=gtk3
    '';
  };
  home.file = {
    ".config/qtile/config.py" = {
      source = "${dotfiles}/home/.config/qtile/config.py";
    };
    ".config/roxterm.sourceforge.net" = {
      source = "${dotfiles}/home/.config/roxterm.sourceforge.net";
      recursive = false;
    };
    ".config/autorandr" = {
      source = "${dotfiles}/home/.config/autorandr";
      recursive = true;
    };
  };
  services = {
    gnome-keyring.enable = true;
    blueman-applet.enable = true;
    screen-locker = {
      enable = true;
      inactiveInterval = 7;
      lockCmd = "${pkgs.xscreensaver}/bin/xscreensaver-command -lock";
    };
    xscreensaver.enable = true;
    network-manager-applet.enable = true;
    syncthing.enable = true;
    gpg-agent = {
      enable = true;
      enableScDaemon = true;
      enableSshSupport = true;
      grabKeyboardAndMouse = true;
    };
    flameshot.enable = true;
  };
  systemd.user = {
    startServices = true;
    services = {
      redshift-gtk = mkSimpleTrayService {
        execStart = "${pkgs.redshift}/bin/redshift-gtk -v -l 47.6691:9.1698 -t 7000:4500 -m randr";
 	description = "redshift gtk applet";
      };
      pasystray = mkSimpleTrayService {
        execStart = "${pkgs.pasystray}/bin/pasystray"; 
 	description = "pasystray applet";
      };
      cbatticon = mkSimpleTrayService {
        execStart = "${pkgs.cbatticon}/bin/cbatticon";
 	description = "cbatticon applet";
      };
    };
  };
  home.packages = []
    ++ (with pkgs; [
      # Version Control Systems
      git-crypt
      gitless
      # Filesystem Tools
      ntfs3g
      ddrescue
      ncdu
      unetbootin
      pcmanfm
      hdparm
      testdisk
      python27Packages.binwalk
      gptfdisk
      # Password Management
      gnupg
      (hiPrio pass)
      pass-otp
      qtpass
      rofi-pass
      yubikey-neo-manager
      yubikey-personalization
      yubikey-personalization-gui
      gnome3.gnome_keyring
      gnome3.seahorse
      # Code Editors
      xclip
      xsel
      # Archive Managers
      sshfsFuse
      xarchive
      p7zip
      zip
      unzip
      gzip
      lzop
      # X Tools/Libraries
      lightdm
      qtile
      feh
      xscreensaver
      gnome3.networkmanagerapplet
      autorandr
      arandr
      gnome3.gnome_themes_standard
      gnome3.adwaita-icon-theme
      lxappearance
      xorg.xcursorthemes
      # Misc Desktop Tools
      direnv
      ltunify
      solaar
      dex
      roxterm
      busyboxStatic 
      xorg.xbacklight
      coreutils
      lsof
      pavucontrol
      x11_ssh_askpass
      xdotool
      xdg_utils
      xdg-user-dirs
      gnome3.dconf
      picocom
      glib.dev # contains gdbus tool
      # Misc Development Tools
      jq
      direnv
    ]);
  };
 }
--- a/nixos/profiles/removable-medium/system.nix
+++ b/nixos/profiles/removable-medium/system.nix
@ -0,0 +1,16 @@
 { config, lib, pkgs, ... }:
 let
 in {
  services.printing = {
    enable = false;
  };
  virtualisation = {
    libvirtd.enable = false;
    virtualbox.host.enable = false;
    docker.enable = true;
  };
 }
--- a/pkg-configuration/vim-derivates/commonrc.nix
+++ b/pkg-configuration/vim-derivates/commonrc.nix
@ -1,124 +0,0 @@
 {}:
 ''
 set nocompatible
 set mouse=
 " leader
 let mapleader = ','
 let maplocalleader = ','
 " save on ctrl-s
 nnoremap <c-s> :w<CR>
 inoremap <c-s> <Esc>:w<CR>
 set hidden
 syntax on
 set hlsearch
 set number
 " mappings to stop insert mode
 imap jjj <ESC>
 imap kkk <ESC>
 imap lll <ESC>
 imap hhh <ESC>
 set scroll=11
 " new mappings
 noremap <C-j> <C-f>
 noremap <C-k> <C-u>
 noremap <C-n> :tabn<CR>
 noremap <C-p> :tabp<CR>
 let g:ctrlp_map = '<tab>'
 set wildignore+=*/site/*,*.so,*.swp,*.zip
 let g:ctrlp_custom_ignore = {
  \ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
  \ 'file': '\v\.(exe|so|dll)$$',
  \ }
 "let g:ctrlp_match_func = { 'match': 'pymatcher#PyMatch' }
 "let g:pydiction_location = '~/.vim/bundle/pydiction/complete-dict'
 " allways show status line
 set ls=2
 set tabstop=4
 set shiftwidth=4
 set softtabstop=4
 set expandtab
 "set textwidth=80
 set backspace=indent,eol,start
 set wildignore+=*/site/*,*.so,*.swp,*.zip
 let g:ctrlp_custom_ignore = {
  \ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
  \ 'file': '\v\.(exe|so|dll)$$',
  \ }
 " }
 " spelling {{{
 au BufRead,BufNewFile *.txt,*.tex,*.md,*.markdown setlocal spell spelllang=en_us,de_de
 " }}}
 " sync default register to clipboard {
 if has('unnamedplus')
  set clipboard=unnamedplus
 else
  set clipboard=unnamed
 endif
 " }
 " colored brackets {
 let g:rbpt_colorpairs = [
    \ ['brown',       'RoyalBlue3'],
    \ ['Darkblue',    'SeaGreen3'],
    \ ['darkgray',    'DarkOrchid3'],
    \ ['darkgreen',   'firebrick3'],
    \ ['darkcyan',    'RoyalBlue3'],
    \ ['darkred',     'SeaGreen3'],
    \ ['darkmagenta', 'DarkOrchid3'],
    \ ['brown',       'firebrick3'],
    \ ['gray',        'RoyalBlue3'],
    \ ['black',       'SeaGreen3'],
    \ ['darkmagenta', 'DarkOrchid3'],
    \ ['Darkblue',    'firebrick3'],
    \ ['darkgreen',   'RoyalBlue3'],
    \ ['darkcyan',    'SeaGreen3'],
    \ ['darkred',     'DarkOrchid3'],
    \ ['red',         'firebrick3'],
    \ ]
 let g:rbpt_max = 16
 let g:rbpt_loadcmd_toggle = 0
 au VimEnter * RainbowParenthesesToggle
 au Syntax * RainbowParenthesesLoadRound
 au Syntax * RainbowParenthesesLoadSquare
 au Syntax * RainbowParenthesesLoadBraces
 " }
 set t_ut=
 colorscheme PaperColor
 " Python {{{
 augroup ft_python
    au!
    au FileType python setlocal omnifunc=pythoncomplete#Complete
    au FileType python setlocal define=^\s*\\(def\\\\|class\\)
 augroup END
 " }}}
 " YAML {{{
 augroup ft_yaml
    au!
    setlocal autoindent sw=2 et tabstop=2 shiftwidth=2 softtabstop=2
 augroup END
 " }}}
 " markdown {
 augroup filetypedetect
  " gitit page files
  au BufRead,BufNewFile *.page set filetype=markdown
 augroup END
 " } markdown
 ''
--- a/pkg-configuration/vim-derivates/neovim.nix
+++ b/pkg-configuration/vim-derivates/neovim.nix
@ -1,38 +0,0 @@
 { pkgs
 , additionalRC ? ""
 , additionalPlugins ? []
 , ... }:
 pkgs.neovim.override {
  vimAlias = true;
  configure = {
    # add custom .vimrc lines like this:
    customRC = (import ./commonrc.nix {}) + ''
      let g:indent_guides_enable_on_vim_startup = 1
      " deoplete {
      let g:deoplete#enable_at_startup = 1
      let g:deoplete#enable_smart_case = 1
      " }
    '' + additionalRC;
    vam.knownPlugins = pkgs.vimPlugins; # optional
    vam.pluginDictionaries = [ # full ducomentation at github.com/MarcWeber/vim-addon-manager
      "vim-addon-vim2nix"
      "vim-airline"
      "vim-addon-nix"
      "ctrlp"
      "vim-css-color"
      "rainbow_parentheses"
      "vim-colorschemes"
      "vim-colorstepper"
      "vim-signify"
      "deoplete-nvim"
      "fugitive"
      "ctrlp"
      "vim-indent-guides"
    ] ++ additionalPlugins;
  };
  extraPythonPackages = [];
  withPython3 = true;
 }
--- a/pkg-configuration/vim-derivates/vim.nix
+++ b/pkg-configuration/vim-derivates/vim.nix
@ -1,30 +0,0 @@
 { pkgs
 , name
 , additionalRC ? ""
 , additionalPlugins ? []
 , ... } @ args :
 pkgs.vim_configurable.customize {
  inherit name;
  # add custom .vimrc lines like this:
  vimrcConfig.customRC = (import ./commonrc.nix {}) + ''
  '' + additionalRC;
  vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; # optional
  vimrcConfig.vam.pluginDictionaries = [{ 
    # full ducomentation at github.com/MarcWeber/vim-addon-manager
    names = [
      "vim-addon-vim2nix"
      "vim-airline"
      "vim-addon-nix"
      "ctrlp"
      "syntastic"
      "vim-css-color"
      "rainbow_parentheses"
      "vim-colorschemes"
      "vim-colorstepper"
      "vim-signify"
 #      "youcompleteme"
    ] ++ additionalPlugins;
  }];
 }
--- a/pkgs-configuration/config.nix
+++ b/pkgs-configuration/config.nix
--- a/pkgs-configuration/home-manager/steveej/neovim/default.nix
+++ b/pkgs-configuration/home-manager/steveej/neovim/default.nix
@ -0,0 +1,130 @@
 { pkgs }:
 {
  enable = true;
  extraPythonPackages = (ps: with ps; [ ]);
  extraPython3Packages = (ps: with ps; [ ]);
  configure = {
    customRC = builtins.readFile ./vimrc;
    vam = {
      knownPlugins = with pkgs; vimPlugins // {
        delimitMate = vimUtils.buildVimPlugin {
          name = "delimitMate-vim";
          src = fetchFromGitHub {
            owner = "Raimondi";
            repo = "delimitMate";
            rev = "728b57a6564c1d2bdfb9b9e0f2f8c5ba3d7e0c5c";
            sha256 = "0fskm9gz81dk8arcidrm71mv72a7isng1clssqkqn5wnygbiimsn";
          };
          buildInputs = [ zip vim ];
        };
        yaml-folds = vimUtils.buildVimPlugin {
          name = "vim-yaml-folds";
          src = fetchFromGitHub {
            owner = "pedrohdz";
            repo = "vim-yaml-folds";
            rev = "0672d9a3b685b51b4c49d8716c2ad4e27cfa5abd";
            sha256 = "0yp2jgaqiria79lh75fkrs77rw7nk518bq63w9bvyy814i7s4scn";
          };
          buildInputs = [ zip vim ];
        };
        vim-markdown-toc = vimUtils.buildVimPlugin {
          name = "vim-markdown-toc";
          src = fetchFromGitHub {
            owner = "mzlogin";
            repo = "vim-markdown-toc";
            rev = "a6e227023f405a7c39590a8aaf0d54dde5614a2e";
            sha256 = "1vpsnjzc7hvrkp6mq68myxl3k1x363iif58rrd17njcsa4jh1zwy";
          };
        };
        vim-perl = vimUtils.buildVimPlugin {
          name = "vim-perl";
          src = fetchFromGitHub {
            owner = "vim-perl";
            repo = "vim-perl";
            rev = "21d0a0d795336acf8a9306da35f379c32cfc5e08";
            sha256 = "0f2sa0v3djd89k16n4saji9n7grziyhkljq75dskcbv8r19m8i1j";
          };
        };
        git-blame = vimUtils.buildVimPlugin {
          name = "git-blame";
          src = fetchFromGitHub {
            "owner" = "zivyangll";
            "repo" = "git-blame.vim";
            "rev" = "a5b666840eead1b1ea1c351038da6ce026716bb6";
            "sha256" = "181siphb87yzln9433159ssa6vmm1h2dd0kqhlx7bgsi51gng4rv";
          };
        };
      };
      pluginDictionaries = let 
        default = [
          "delimitMate"
          "vim-airline"
          "ctrlp"
          "vim-css-color"
          "rainbow_parentheses"
          "vim-colorschemes"
          "vim-colorstepper"
          "vim-signify"
          "fugitive"
          "ctrlp"
          "vim-indent-guides"
          "UltiSnips"
          "fzfWrapper"
          "ncm2"
          "ncm2-bufword"
          "ncm2-path"
          "ncm2-tmux"
          "ncm2-ultisnips"
          "nvim-yarp"
          "LanguageClient-neovim"
          "Improved-AnsiEsc"
          "tabular"
          "git-blame"
          # Nix
          "vim-addon-nix"
          "vim-addon-vim2nix"
          # LaTeX
          "vim-latex-live-preview"
          "vimtex"
          # YAML
          "yaml-folds"
          # Perl
          # "vim-perl"
          # markdown
          "vim-markdown"
          "vim-markdown-toc"
          # misc syntax support
          "vim-bazel"
        ];
      in [
        { names = default; }
        { names = default ++ [
          ];
          filename_regex = ".*\.nix\$";
        }
        { names = default ++ [
          ];
          filename_regex = ".*\.tex\$";
        }
      ];
    };
  };
 }
--- a/pkgs-configuration/home-manager/steveej/neovim/vimrc
+++ b/pkgs-configuration/home-manager/steveej/neovim/vimrc
@ -0,0 +1,246 @@
 set nocompatible
 set mouse=
 " Enable Elite mode, No ARRRROWWS!!!!
 let g:elite_mode=1
 if get(g:, 'elite_mode')
 nnoremap <Up>    :resize +2<CR>
 nnoremap <Down>  :resize -2<CR>
 nnoremap <Left>  :vertical resize +2<CR>
 nnoremap <Right> :vertical resize -2<CR>
 endif
 nnoremap <expr>K getline('.')[col('.')-1]==' ' ? "r<CR>" : "i<CR><Esc>"
 " Enable highlighting of the current line
 set cursorline
 " leader
 let mapleader = ','
 let maplocalleader = ','
 " save on ctrl-s
 nnoremap <c-s> :w<CR>
 inoremap <c-s> <Esc>:w<CR>
 set hidden
 syntax on
 set hlsearch
 set ignorecase
 set smartcase
 set number
 " mappings to stop insert mode
 imap jjj <ESC>
 imap kkk <ESC>
 imap lll <ESC>
 imap hhh <ESC>
 set scroll=11
 " new mappings
 noremap <C-j> <C-f>
 noremap <C-k> <C-u>
 noremap <C-n> :tabn<CR>
 noremap <C-p> :tabp<CR>
 let g:ctrlp_map = '<tab>'
 set wildignore+=*/site/*,*.so,*.swp,*.zip
 let g:ctrlp_custom_ignore = {
 \ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
 \ 'file': '\v\.(exe|so|dll)$$',
 \ }
 "let g:ctrlp_match_func = { 'match': 'pymatcher#PyMatch' }
 "let g:pydiction_location = '~/.vim/bundle/pydiction/complete-dict'
 " allways show status line
 set ls=2
 set tabstop=4
 set shiftwidth=4
 set softtabstop=4
 set expandtab
 "set textwidth=80
 set backspace=indent,eol,start
 set wildignore+=*/site/*,*.so,*.swp,*.zip
 let g:ctrlp_custom_ignore = {
 \ 'dir':  '\v[\/]\.(git|hg|svn|)$$',
 \ 'file': '\v\.(exe|so|dll)$$',
 \ }
 " }
 " spelling {{{
 au BufRead,BufNewFile *.txt,*.tex,*.md,*.markdown setlocal spell spelllang=en_us,de_de
 " }}}
 " sync default register to clipboard {
 if has('unnamedplus')
 set clipboard=unnamedplus
 else
 set clipboard=unnamed
 endif
 " }
 " colored brackets {
 let g:rbpt_colorpairs = [
 \ ['brown',       'RoyalBlue3'],
 \ ['Darkblue',    'SeaGreen3'],
 \ ['darkgray',    'DarkOrchid3'],
 \ ['darkgreen',   'firebrick3'],
 \ ['darkcyan',    'RoyalBlue3'],
 \ ['darkred',     'SeaGreen3'],
 \ ['darkmagenta', 'DarkOrchid3'],
 \ ['brown',       'firebrick3'],
 \ ['gray',        'RoyalBlue3'],
 \ ['black',       'SeaGreen3'],
 \ ['darkmagenta', 'DarkOrchid3'],
 \ ['Darkblue',    'firebrick3'],
 \ ['darkgreen',   'RoyalBlue3'],
 \ ['darkcyan',    'SeaGreen3'],
 \ ['darkred',     'DarkOrchid3'],
 \ ['red',         'firebrick3'],
 \ ]
 let g:rbpt_max = 16
 let g:rbpt_loadcmd_toggle = 0
 au VimEnter * RainbowParenthesesToggle
 au Syntax * RainbowParenthesesLoadRound
 au Syntax * RainbowParenthesesLoadSquare
 au Syntax * RainbowParenthesesLoadBraces
 " }
 set t_ut=
 colorscheme PaperColor
 " Python {{{
 augroup ft_python
 au!
 au FileType python setlocal omnifunc=pythoncomplete#Complete
 au FileType python setlocal define=^\s*\\(def\\\\|class\\)
 augroup END
 " }}}
 " YAML {{{
 augroup ft_yaml
 au!
 setlocal autoindent sw=2 et tabstop=2 shiftwidth=2 softtabstop=2
 augroup END
 " }}}
 " markdown {
 augroup filetypedetect
 " gitit page files
 au BufRead,BufNewFile *.page set filetype=markdown
 augroup END
 " Cycle between the valid list item markers *, - and + in the TOC
 let g:vmt_cycle_list_item_markers = 1
 " } markdown
 let g:indent_guides_enable_on_vim_startup = 1
 "bazel
 augroup filetypedetect
 au BufRead,BufNewFile *.bazel set filetype=bzl
 augroup END
 "Justfile
 augroup filetypedetect
 au BufRead,BufNewFile Justfile set filetype=make
 augroup END
 augroup VCenterCursor
 au!
 au BufEnter,WinEnter,WinNew,VimResized *,*.*
 \ let &scrolloff=winheight(win_getid())/2
 augroup END
 " " deoplete {
 " let g:deoplete#enable_at_startup = 1
 " let g:deoplete#num_processes = 1
 " let g:deoplete#enable_smart_case = 1
 "
 " if !exists('g:deoplete#omni#input_patterns')
 "   let g:deoplete#omni#input_patterns = {}
 " endif
 " let g:deoplete#omni#input_patterns.tex = g:vimtex#re#deoplete
 " " } deoplete
 " enable ncm2 for all buffers
 autocmd BufEnter * call ncm2#enable_for_buffer()
 set completeopt=noinsert,menuone,noselect
 " LanguageClient {
 set hidden
 let g:LanguageClient_serverCommands = {
 \ 'rust': ['rustup', 'run', 'stable', 'rls'],
 \ 'javascript.jsx': ['tcp://127.0.0.1:2089'],
 \ }
 " \ 'javascript': ['/usr/local/bin/javascript-typescript-stdio'],
 " \ 'python': ['/usr/local/bin/pyls'],
 nnoremap <F5> :call LanguageClient_contextMenu()<CR>
 " Or map each action separately
 nnoremap <silent> K :call LanguageClient#textDocument_hover()<CR>
 nnoremap <silent> gd :call LanguageClient#textDocument_definition()<CR>
 nnoremap <silent> <F2> :call LanguageClient#textDocument_rename()<CR>
 " }
 let g:vimtex_view_method = 'zathura'
 let g:vimtex_complete_enabled = 1
 let g:vimtex_complete_close_braces = 1
 let g:vimtex_complete_recursive_bib = 1
 let g:vimtex_indent_enabled = 1
 let g:vimtex_indent_bib_enabled = 1
 let g:vimtex_fold_enabled = 1
 let g:vimtex_fold_comments = 1
 let g:vimtex_fold_preamble = 1
 let g:vimtex_compiler_latexmk = {
 \ 'options' : [
 \   '-shell-escape',
 \   '-pdf',
 \   '-verbose',
 \   '-file-line-error',
 \   '-synctex=1',
 \   '-interaction=nonstopmode',
 \ ],
 \}
 let g:vimtex_quickfix_latexlog = {
 \ 'default' : 1,
 \ 'general' : 1,
 \ 'references' : 1,
 \ 'overfull' : 0,
 \ 'underfull' : 0,
 \ 'font' : 0,
 \ 'packages' : {
 \   'default' : 1,
 \   'natbib' : 1,
 \   'biblatex' : 1,
 \   'babel' : 1,
 \   'hyperref' : 1,
 \   'scrreprt' : 1,
 \   'fixltx2e' : 1,
 \   'titlesec' : 1,
 \ },
 \}
 function! ViewerCallback() dict
 call self.forward_search(self.out())
 endfunction
 let g:vimtex_view_zathura_hook_callback = 'ViewerCallback'
 let g:vimtex_view_general_callback = 'ViewerCallback'
 let g:vimtex_compiler_progname = '${pkgs.neovim-remote}/bin/nvr'
 " } latex
 " terminal {
 tnoremap <Esc> <C-\><C-n>
 " } terminal
 " allow per-project vimrc
 " TODO: only source if it exists
 " source .vimrc
--- a/variables/keys.nix
+++ b/variables/keys.nix
@ -0,0 +1,10 @@
 {
  users = {
    steveej = {
      openssh = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382"
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnrvnvECGpBU4OXK7m7oJOOu7aJzAxOQyvEWhkRBEEyme8/eIiTJMi99wX5kKMWtpbUvinIyZ37VIrnVZv0bJ3WpJQJQkrqAkV1Bs3m5dE7AGIH0BrxgLXHuNxkW3BwmAaqUOq21r4MaYVu2xF38xwKrrk57nQkNjuZ2eiv7XyHaDn+n352jULJzcIXVKyJExhsiGomrwEXq/cmmD+s6M3yUp559fw4cQTdg6iaK76gUAFukL35HCWN3sFKPVEC/yxvfKUIhVsKuwjHfvsSxJgSjcS5yXEtJOB1RhlJ3dLfSyJzuY/AHSqSpMwUSCksMn4xTUKHLGD4wJJI8tRHbsp cardno:000605247559"
      ];
    };
  };
 }
--- a/variables/passwords.crypt.nix
+++ b/variables/passwords.crypt.nix