Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles

configuration.nix

@@ -9,6 +9,7 @@
     ./system-modules/cache.nix
     ./system-modules/calendar.nix
     ./system-modules/dm.nix
+    ./system-modules/davfs.nix
     ./system-modules/docker.nix
     ./system-modules/fcitx5.nix
     ./system-modules/fonts.nix
@@ -45,11 +46,12 @@
 
     ./system-modules/simple-postgres.nix
   ] ++ (if hyper.isServer then [ 
+    ./system-modules/stay-up.nix
+
     ./system-modules/nx2site.nix
     ./system-modules/hugo.nix
     ./system-modules/postgres.nix
     ./system-modules/nx2site/proxy.nix
-
     # ./system-modules/nx2site/smtp.nix
     # ./system-modules/nx2site/imap.nix
     # ./system-modules/nx2site/vmail.nix
@@ -57,6 +59,7 @@
 
     ./system-modules/nx2site/audiobookshelf.nix
     # ./system-modules/nx2site/baikal.nix
+    ./system-modules/nx2site/nextcloud.nix
     ./system-modules/nx2site/nxcaldav.nix
     ./system-modules/nx2site/copyparty.nix
     ./system-modules/nx2site/gitea.nix

flake-modules/colors.json

@@ -1,15 +1,15 @@
 {
     "NxXPS": {
         "base": {
-            "foreground": "#fecccc",
+            "foreground": "#fccee9",
-            "background": "#190000"
+            "background": "#18010e"
         },
         "to_alter": {
-            "accent": "#ff3232",
+            "accent": "#f43da7",
-            "secondary": "#6632ff",
+            "secondary": "#3269ff",
-            "tertiary": "#dd32dd",
+            "tertiary": "#d744ed",
-            "special": "#31feff",
+            "special": "#3cf48a",
-            "weird": "#baff31"
+            "weird": "#f4c63c"
         }
     },
     "NxACE": {
@@ -27,15 +27,15 @@
     },
     "NxNORTH": {
         "base": {
-            "foreground": "#d7e3f3",
+            "foreground": "#dbe7ef",
-            "background": "#050b13"
+            "background": "#070d11"
         },
         "to_alter": {
-            "accent": "#6291cf",
+            "accent": "#72a2bf",
-            "secondary": "#5f5fd2",
+            "secondary": "#fc3535",
-            "tertiary": "#999999",
+            "tertiary": "#83ae8a",
-            "special": "#cf9f61",
+            "special": "#bf8f71",
-            "weird": "#c461cf"
+            "weird": "#a871bf"
         }
     },
     "NxDCS": {

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775558810,
+        "lastModified": 1778857089,
-        "narHash": "sha256-fy95EdPnqQlpbP8+rk0yWKclWShCUS5VKs6P7/1MF2c=",
+        "narHash": "sha256-TclWRW2SdFeETLaiTG4BA8C8C4m/LppQEldncqyTzAQ=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "7371b669b22aa2af980f913fc312a786d2f1abb2",
+        "rev": "ab2b0af63fbc9fb779d684f19149b790978be8a8",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1776339486,
+        "lastModified": 1779740183,
-        "narHash": "sha256-6V6fHUYCwM8SajDQVp9/X3AwLZGltve32mVqbin3awA=",
+        "narHash": "sha256-WgZFCa8mutaHzVVdS9QedtDWpVKsOGtqou8LNqHwvn4=",
         "owner": "9001",
         "repo": "copyparty",
-        "rev": "a997455b5a3d937f53ad40f431534a0e3865e9f7",
+        "rev": "e32718303cd7560f60d3e0ddd473a8a69d7dfa81",
         "type": "github"
       },
       "original": {
@@ -220,11 +220,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775425411,
+        "lastModified": 1779506708,
-        "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
+        "narHash": "sha256-QOD/CNm196nCJRheux/URi4/HE66fthdOMqCJoPP1Y0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
+        "rev": "3ee51fbdac8c8bdfe1e7e1fcaba6520a563f394f",
         "type": "github"
       },
       "original": {
@@ -271,11 +271,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772461003,
+        "lastModified": 1776511930,
-        "narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
+        "narHash": "sha256-fCpwFiTW0rT7oKJqr3cqHMnkwypSwQKpbtUEtxdkgrM=",
         "owner": "hyprwm",
         "repo": "hyprcursor",
-        "rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
+        "rev": "39435900785d0c560c6ae8777d29f28617d031ef",
         "type": "github"
       },
       "original": {
@@ -300,11 +300,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775496928,
+        "lastModified": 1776426399,
-        "narHash": "sha256-Ds759WU03mGWtu3I43J+5GF5Ni8TvF+GYQUFD+fVeMo=",
+        "narHash": "sha256-RUESLKNikIeEq9ymGJ6nmcDXiSFQpUW1IhJ245nL3xM=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "cf95d93d17baa18f1d9b016b3afe27f820521a6e",
+        "rev": "68d064434787cf1ed4a2fe257c03c5f52f33cf84",
         "type": "github"
       },
       "original": {
@@ -330,11 +330,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1776514109,
+        "lastModified": 1779729308,
-        "narHash": "sha256-WkUvIWPUrZxR4oSCiExhuMFCjFMQ0cRnZk9e0+ZqhC0=",
+        "narHash": "sha256-tMt7oeAahwHGDgSIf5XKZoUXenOvlxjI0KBPku97tzM=",
         "ref": "refs/heads/main",
-        "rev": "889ee4f26d77ff0c36f5c4767ef0629371fd2c18",
+        "rev": "bb3353f864be97e9236cfafca68ce71d7cf590dc",
-        "revCount": 7163,
+        "revCount": 7364,
         "submodules": true,
         "type": "git",
         "url": "https://github.com/hyprwm/Hyprland"
@@ -378,11 +378,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774710575,
+        "lastModified": 1776426575,
-        "narHash": "sha256-p7Rcw13+gA4Z9EI3oGYe3neQ3FqyOOfZCleBTfhJ95Q=",
+        "narHash": "sha256-KI6nIfVihn/DPaeB5Et46Xg3dkNHrrEtUd5LBBVomB0=",
         "owner": "hyprwm",
         "repo": "hyprland-guiutils",
-        "rev": "0703df899520001209646246bef63358c9881e36",
+        "rev": "a968d211048e3ed538e47b84cb3649299578f19d",
         "type": "github"
       },
       "original": {
@@ -432,11 +432,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772459629,
+        "lastModified": 1777320127,
-        "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
+        "narHash": "sha256-Qu+Wf2Bp5qUjyn2YpZNq8a7JyzTGowhT1knrwE38a9U=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
+        "rev": "090117506ddc3d7f26e650ff344d378c2ec329cc",
         "type": "github"
       },
       "original": {
@@ -509,11 +509,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774911391,
+        "lastModified": 1779475241,
-        "narHash": "sha256-c4YVwO33Mmw+FIV8E0u3atJZagHvGTJ9Jai6RtiB8rE=",
+        "narHash": "sha256-Nw4DN0A5krWNcPBvuWe5Gz2yuxsUUPiDgtu6SVPJQeU=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "e6caa3d4d1427eedbdf556cf4ceb70f2d9c0b56d",
+        "rev": "3cd3972b2ee658a14d2610d8494e09259e530124",
         "type": "github"
       },
       "original": {
@@ -534,11 +534,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772459835,
+        "lastModified": 1777159683,
-        "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
+        "narHash": "sha256-Jxixw6wZphUp+nHYxOKUYSckL17QMBx2d5Zp0rJHr1g=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
+        "rev": "b8632713a6beaf28b56f2a7b0ab2fb7088dbb404",
         "type": "github"
       },
       "original": {
@@ -563,11 +563,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775414057,
+        "lastModified": 1778410714,
-        "narHash": "sha256-mDpHnf+MkdOxEqIM1TnckYYh9p1SXR8B3KQfNZ12M8s=",
+        "narHash": "sha256-o6RzFj4nJXaPRY7EM01siuCQeT41RfwwmcmFQqwFJJg=",
         "owner": "hyprwm",
         "repo": "hyprwire",
-        "rev": "86012ee01b0fdd8bf3101ef38816f2efbee42490",
+        "rev": "85148a8e612808cf5ddb25d0b3c5840f3498a7dc",
         "type": "github"
       },
       "original": {
@@ -657,11 +657,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1776255237,
+        "lastModified": 1777732699,
-        "narHash": "sha256-LQjlc0VEn55WAT4BiI8sIsokb/2FNlcbBD+Xr3MTE24=",
+        "narHash": "sha256-2uX/XtOWZ/oy2rerRynVhqVA//ZXZ3Fo60PikLHEPQc=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "9a8c2a85f1ffdcecfb0f9c52c5a73c49ceb43911",
+        "rev": "5482f113fd31ebac131d1ebeb2ae90bf0d5e41f5",
         "type": "github"
       },
       "original": {
@@ -720,11 +720,11 @@
     },
     "nixpkgs-latest": {
       "locked": {
-        "lastModified": 1776537029,
+        "lastModified": 1779791687,
-        "narHash": "sha256-9FKP6FEh4Q2a39wclFTj1WIZrb4EoSRgKzWcFDdllM8=",
+        "narHash": "sha256-ynEmhfOI9cWkI8AUiFimNWutJ+RNibt1Ge4azZVbTQ8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "97de37b9cc32c3b67befd37034d415204a1d77f8",
+        "rev": "8d10ccfc5381d4129e7730b5bfbe67709f06777e",
         "type": "github"
       },
       "original": {
@@ -752,11 +752,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1776169885,
+        "lastModified": 1779560665,
-        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
         "type": "github"
       },
       "original": {
@@ -783,11 +783,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1775423009,
+        "lastModified": 1779357205,
-        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
+        "narHash": "sha256-cCO8aTqss5x9Ky8GWkpY0Hy5fyTZEbtifSUV8QjSzic=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
+        "rev": "f83fc3c307e74bc5fd5adb7eb6b8b13ffd2a36e1",
         "type": "github"
       },
       "original": {
@@ -815,11 +815,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1773734432,
+        "lastModified": 1776169885,
-        "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
         "type": "github"
       },
       "original": {
@@ -831,11 +831,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1776434932,
+        "lastModified": 1779467186,
-        "narHash": "sha256-gyqXNMgk3sh+ogY5svd2eNLJ6oEwzbAeaoBrrxD0lKk=",
+        "narHash": "sha256-nOesoDCiXcUftqbRBMz9tt4blI5PvljMWbm3kuCA+0s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c7f47036d3df2add644c46d712d14262b7d86c0c",
+        "rev": "b77b3de8775677f84492abe84635f87b0e153f0f",
         "type": "github"
       },
       "original": {
@@ -846,11 +846,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1772419343,
+        "lastModified": 1776329215,
-        "narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=",
+        "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9",
+        "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
         "type": "github"
       },
       "original": {
@@ -924,11 +924,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775036584,
+        "lastModified": 1778507602,
-        "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
+        "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
+        "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
         "type": "github"
       },
       "original": {
@@ -1010,11 +1010,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772420823,
+        "lastModified": 1776741231,
-        "narHash": "sha256-q3oVwz1Rx41D1D+F6vg41kpOkk3Zi3KwnkHEZp7DCGs=",
+        "narHash": "sha256-k9G98qzn+7npROUaks8VqCFm7cFtEG8ulQLBBo5lItg=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "458eea8d905c609e9d889423e6b8a1c7bc2f792c",
+        "rev": "02061303f7c4c964f7b4584dabd9e985b4cd442b",
         "type": "github"
       },
       "original": {
@@ -1046,11 +1046,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1776119890,
+        "lastModified": 1777944972,
-        "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
         "type": "github"
       },
       "original": {
@@ -1117,11 +1117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773601989,
+        "lastModified": 1778265244,
-        "narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=",
+        "narHash": "sha256-8jlPtGSsv/CQY6tVVyLF4Jjd0gnS+Zbn9yk/V13A9nM=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "a9b862d1aa000a676d310cc62d249f7ad726233d",
+        "rev": "813ea5ca9a1702a9a2d1f5836bc00172ef698968",
         "type": "github"
       },
       "original": {
@@ -1137,11 +1137,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1776356189,
+        "lastModified": 1779676204,
-        "narHash": "sha256-VzBmJuQfi3iRC9rkHZ5QeWYZtMHffko3iYqFzMVsrFk=",
+        "narHash": "sha256-/DLVKPqrU3WuY99jrHjYuIR0yGl98mGS6izK5rC1gZM=",
         "owner": "sxyazi",
         "repo": "yazi",
-        "rev": "ae4c138f49e00a64b478318ed9c7e9072fef8c52",
+        "rev": "cf8b54179ea0de392629d93081afca9e5587225e",
         "type": "github"
       },
       "original": {

home-modules/bar/caldav-event.nix

@@ -1,6 +1,8 @@
-{ pkgs, ... }@all: with all; {
+{ pkgs, ... }@all: with all; let
+  username = "lennart";
+in {
   sops.secrets = {
-    "nx2site/radicale/password" = { };
+    "nx2site/nextcloud/lennart_pass" = { };
   };
   home.packages = [
     (pkgs.writers.writePython3Bin "caldav_event" {
@@ -90,10 +92,10 @@ def is_too_old(event_dict: dict) -> bool:
     return now - last_checked >= timedelta(minutes=10)
 
 if __name__ == "__main__":
-    password_file = "${config.sops.secrets."nx2site/radicale/password".path}"  # Path to password file
+    password_file = "${config.sops.secrets."nx2site/nextcloud/lennart_pass".path}"  # Path to password file
     cache_file = "/tmp/caldav_event_cache.json"  # Path to cache file
-    url = "https://dav.${hyper.domain}/"
+    url = "https://n.${hyper.domain}/remote.php/dav/calendars/${username}/"
-    username = "nx2"
+    username = "${username}"
     password = get_password(password_file)
     now = datetime.now(timezone.utc).timestamp()
 

home-modules/calendar.nix

@@ -2,33 +2,43 @@
   v = "nxc";
   user = "lennart";
   domain = hyper.domain;
-  calendars =  [
+  calendars = let
+    bs = "https://n.${domain}/remote.php/dav/calendars/lennart";
+  in [
     {
       name = "Preservation";
       primary = true;
-      url = "https://${v}.${domain}/${user}/preservation/";
+      url = "${bs}/preservation/";
       color = "#dddddd";
     }
     {
       name = "Effort";
-      url = "https://${v}.${domain}/${user}/effort/";
+      url = "${bs}/effort/";
       color = "#dd2222";
     }
     {
       name = "Experience";
-      url = "https://${v}.${domain}/${user}/experience/";
+      url = "${bs}/experience/";
       color = "#2222dd";
     }
     {
-      name = "Exposure";
+      name = "Leisure";
-      url = "https://${v}.${domain}/${user}/exposure/";
+      # name = "Exposure";
+      url = "${bs}/leisure/";
+      # url = "https://${v}.${domain}/${user}/exposure/";
       color = "#22aa22";
     }
-    {
+    # {
-      name = "Engagement";
+    #   name = "Engagement";
-      url = "https://${v}.${domain}/${user}/engagement/";
+    #   url = "https://${v}.${domain}/${user}/engagement/";
-      color = "#8800CC";
+    #   color = "#8800CC";
-    }
+    # }
+    # {
+    # {
+    #   name = "Family";
+    #   url = "${bs}/family/";
+    #   color = "#dddd22";
+    # }
     {
       name = "Sleep as Android";
       url = secrets.calendar.sleep-as-android-url;
@@ -71,7 +81,7 @@ in {
       inherit primary;
       remote = {
         inherit url name;
-        userName = hyper.user; # my globally set username
+        userName = user;
       };
     };
   in lib.attrsets.mergeAttrsList (
@@ -91,7 +101,7 @@ in {
       "calendar.registry.${to_safe_name calendar.name}.name" = name;
       "calendar.registry.${to_safe_name calendar.name}.type" = type;
       "calendar.registry.${to_safe_name calendar.name}.uri" = url;
-      "calendar.registry.${to_safe_name calendar.name}.username" = hyper.user;
+      "calendar.registry.${to_safe_name calendar.name}.username" = user;
       "calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only;
     }) calendars
   ) // {

home-modules/chatterino.nix

@@ -2,33 +2,34 @@
 let
   channels = [
     "Caedrel"
+    "Caedrel247"
     # "agurin"
     # "asmongold"
     # "Caedrel"
     # "EintrachtSpandau"
     # "GamesDoneQuick"
     # "Odoamne"
-    "iwdominate"
+    # "iwdominate"
     # "imls"
-    "gdolphn"
+    # "gdolphn"
     "GRONKH"
-    "handofblood"
+    # "handofblood"
-    "HisWattson"
+    # "HisWattson"
     # "Jankos"
     # "KuruHS"
     "LEC"
     "lol_nemesis"
     # "NASA"
-    "nattynattlol"
+    # "nattynattlol"
-    "NoWay4u_Sir"
+    # "NoWay4u_Sir"
     # "OfficialMikeShinoda"
-    "Rekkles"
+    # "Rekkles"
     "riotgames"
-    "thebausffs"
+    # "thebausffs"
-    "ThePrimeagen"
+    # "ThePrimeagen"
-    "Tolkin"
+    # "Tolkin"
-    "imperialhal__"
+    # "imperialhal__"
-    "velja_lol"
+    # "velja_lol"
     # "Xisuma"
     "zackrawrr"
   ];
@@ -52,7 +53,7 @@ in {
   home = {
     packages = with pkgs; [
       unstable.chatterino2
-      streamlink
+      unstable.streamlink
       # mpv
     ];
     file = {

home-modules/contact.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
+  # sops.secrets."nx2site/nextcloud/lennart_pass".path = "nx2site/nextcloud/lennart_pass";
+  # accounts.contact = {
+  #   basePath = "~/.local/share/contacts";
+    # accounts = let
+    #   nc = name: { "${name}" = let
+    #     un = "lennart";
+    #   in {
+    #     inherit name;
+    #     remote = {
+    #       url = "https://n.${hyper.domain}/remote.php/dav/addressbooks/users/${un}/${name}/";
+    #       type = "carddav";
+    #       username = un;
+    #       passwordCommand = "cat /run/user/1000/secrets/nx2site/nextcloud/lennart_pass";
+    #       thunderbird = {
+    #         enable = builtins.trace config.programs.thunderbird.enable config.programs.thunderbird.enable; 
+    #         prifiles = [ hyper.user ];
+    #       };
+    #     };
+    #     local = {
+    #       type = "filesystem";
+    #       path = "${name}";
+    #     };
+    #   };};
+    # in (pkgs.lib.mergeAttrsList (builtins.map nc [ "TUDa" "CWG" "HSMW" "DICOS" "Accounts" "Familie & Freunde" "Friedrich Schiller Grundschule" "Handball" "Phönix" "Util & Miscellaneous" ]));
+    # };
+  # };
+}

home-modules/email.nix

@@ -1,100 +1,12 @@
 { pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
-  home.packages = with pkgs; [
-    thunderbird
-  ];
-
-  programs.thunderbird = let
-    inherit (lib.generators) toJSON;
-    extensions = toJSON {} {
-      "addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d";
-    };
-  in {
-    enable = true;
-    profiles = {
-      "${hyper.user}" = {
-        isDefault = true;
-        settings = with rice.color; {
-          "calendar.alarms.showmissed" = false;
-          "calendar.alarms.playsound" = false;
-          "calendar.alarms.show" = false;
-          "extensions.webextensions.uuids" = extensions;
-          "mail.startup.enabledMailCheckOnce" = true;
-          "mailnews.mark_message_read.delay" = true;
-          "mailnews.mark_message_read.delay.interval" = 3;
-          "mailnews.tags.$label1.color" = red.base;
-          "mailnews.tags.$label1.tag" = "Important";
-          "mailnews.tags.$label2.color" = yellow.base;
-          "mailnews.tags.$label2.tag" = "Work";
-          "mailnews.tags.$label3.color" = green.base;
-          "mailnews.tags.$label3.tag" = "Personal";
-          "mailnews.tags.$label4.color" = cyan.base;
-          "mailnews.tags.$label4.tag" = "To Do";
-          "mailnews.tags.$label5.color" = blue.base;
-          "mailnews.tags.$label5.tag" = "Later";
-          "mailnews.headers.showMessageId" = true;
-          "mailnews.headers.showOrganization" = true;
-          "mailnews.headers.showReferences" = true;
-          "mailnews.headers.showSender" = true;
-          "mailnews.headers.showUserAgent" = true;
-          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;         
-        };
-        userChrome = with rice.color; /* css */ ''
-          body,
-          #navigation-toolbox,
-          #calendarContent,
-          #calSidebar,
-          #tabpanelcontainer,
-          #spacesToolbar,
-          #tabs-toolbar,
-          #calMinimonth,
-          #primaryButtonSidePanel *,
-          .minimonth-week,
-          .multiday-header-corner, .day-column-heading, calendar-header-container, calendar-event-column, .multiday-hour-box,
-          #view-box,
-          #tabs-toolbar,
-          #status-bar,
-          .calview-toggle,
-          #calview-toggle-item,
-          #folderPaneHeaderBar,
-          #folderPane,
-          #threadPaneHeaderBar,
-          #threadTree,
-          #tabs-toolbar {
-            color: ${foreground} !important;
-            font-family: ${rice.font.base.name} !important;
-            background-color: transparent !important;
-            background-image: none !important;
-            border: none !important;
-            -moz-appearance: none !important;
-          }
-          .minimonth-nav-section {
-            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
-            border: ${builtins.toString rice.border-width}px solid ${border};
-          }
-          .button,
-          .button-primary,
-          .tab-content[selected] {
-            background-color: ${accent.base}; 
-            color: ${background};
-            background-image: none; 
-          }
-          html {
-            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
-          }
-        '';
-      }; 
-    }; 
-  };
-
-
   accounts.email.accounts = let
     OAuth2Settings = id: {
       "mail.smtpserver.smtp_${id}.authMethod" = 10;
       "mail.server.server_${id}.authMethod" = 10;
     };
   in {
-    gmail-online = {
+    gmail-online-accounts = {
-      address = secrets.email.gmail-online.mail;
+      address = secrets.email.gmail-online-accounts.mail;
       realName = "Lennart J. Kurzweg";
       flavor = "gmail.com";
       primary = true;
@@ -115,8 +27,8 @@
       };
     };
 
-    gmail-business = {
+    gmail-ljk = {
-      address = secrets.email.gmail-business.mail;
+      address = secrets.email.gmail-ljk.mail;
       realName = "Lennart J. Kurzweg";
       flavor = "gmail.com";
       signature = {
@@ -187,14 +99,17 @@
       userName = "lennart@${hyper.domain}";
       realName = "Lennart J. Kurzweg";
       imap = {
-        port = 143;
+        port = 993;
-        host = "mail.${hyper.domain}";
+        host = "ssh.${hyper.domain}";
-        tls.useStartTls = true;
+        tls.enable = true;
       };
       smtp = {
-        port = 587;
+        port = 465;
-        host = "mail.${hyper.domain}";
+        host = "mail-eu.smtp2go.com";
-        tls.useStartTls = true;
+        tls.enable = true;
+        # port = 587;
+        # host = "mail.${hyper.domain}";
+        # tls.useStartTls = true;
       };
       signature = {
         text = ''

home-modules/firefox/userChrome.nix

@@ -63,8 +63,22 @@ in /* css */ ''
     --newtab-background-card                 : ${accent.dark} !important;
     --tabpanel-background-color              : transparent !important;
 
-    background                               : linear-gradient(180deg,rgba(${f secondary.dark}, ${builtins.toString rice.transparency}) 0%, rgba(${f accent.dark}, ${builtins.toString rice.transparency}) 100%) !important;
+    background                               : transparent !important;
   }
+  body { 
+    background-color: unset !important;
+    background-color: transparent !important;
+    background-image: linear-gradient(0deg,rgba(${f accent.dark}, ${builtins.toString rice.transparency}) 0%, rgba(${f secondary.dark}, ${builtins.toString rice.transparency}) 100%) !important;
+    background-size: 100% 150% !important;
+    background-position: 0% 0% !important; 
+    will-change: background-position;
+    transition: background-position 300ms !important;
+    &:-moz-window-inactive {
+      background-position: 0% 50% !important;
+      background-color: transparent !important;
+    }
+  }
+
   .tabbrowser-tab[selected="true"], .tab-text[selected=""],
   .tab-close-button[selected=""] {
     color: ${background} !important;

home-modules/firefox/userContent.nix

@@ -31,6 +31,29 @@ in /* css */ ''
     }
   }
 
+  @-moz-document url-prefix("https://n.nx2.site/") {
+    :root, [data-theme-dark] {
+      --color-main-background: #00000055;
+      --color-main-background-rgb: 0,0,0;
+      --color-primary-element-light: #550000;
+    }
+    .app-navigation, .app-content {
+      background: rgba(0,0,0,0.8) !important;
+      backdrop-filter: blur(5px) !important;
+    }
+    .files-list__row-head, .files-list__tfoot {
+      background: rgba(0,0,0,0.5) !important;
+    }
+    .fc-day-today {
+      background: #ff000055 !important;
+    }
+    .files-list__thead {
+      background: transparent !important;
+    }
+  }
+
+  
+
   @-moz-document domain(reddit.com) {
     header {
       background-color: rgba(${f background},${builtins.toString rice.transparency}) !important;
@@ -81,8 +104,11 @@ in /* css */ ''
     }
   }
   @-moz-document domain(gemini.google.com) {
-    input-container::before {
+    input-container, input-container::before  {
-      background: none !important;
+      background: transparent !important;
+    }
+    bard-sidenav  {
+      background: rgba(${rice.lib.hex-to-rgb-comma-string background},0.5) !important;
     }
   }
 
@@ -231,6 +257,7 @@ in /* css */ ''
       border: ${toString rice.border-width}px solid ${border} !important;
     }
   }     
+
 ''
   # @-moz-document domain(chatgpt.com) {
   #   body, html , .bg-token-sidebar-surface-primary {

home-modules/hyprland.nix

@@ -5,6 +5,11 @@
   terminal-exec = "ghostty --command=";
   monitors = {
     xps = {
+      # def
+      # main   = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; };
+      # second = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; };
+      # third  = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; }; 
+
       # Home
       main   = { name = "eDP-1";                         resolution = "1920x1200"; position = "0x1080"; scale = "1.0"; };
       second = { name = "desc:Sony SONY TV 0x01010101";  resolution = "1920x1080"; position = "0x0";    scale = "1.0"; };
@@ -46,17 +51,18 @@ in {
 
   wayland.windowManager.hyprland = {
     enable = true;
-    # package = pkgs-unstable.hyprland;
     # package = pkgs.hyprland;
     package = inputs.hyprland.packages.${hyper.system}.hyprland;
+    # package = config.programs.hyprland.package;
     xwayland.enable = true;
     systemd.enable = true;
-    plugins = [
+    plugins = let s = pkgs.stdenv.hostPlatform.system; in [
-      # inputs.hyprland-plugins.packages.${pkgs.system}.hyprexpo
+      # inputs.hyprland-plugins.packages.${s}.hyprexpo
-      # inputs.hyprfocus.packages.${pkgs.system}.hyprfocus
+      # inputs.hyprfocus.packages.${s}.hyprfocus
-      # inputs.hycov.packages.${pkgs.system}.hycov
+      # inputs.hycov.packages.${s}.hycov
-      # pkgs.hyprlandPlugins.hyprspace
+      # inputs.hyprspace.packages.${s}.Hyprspace
-      # inputs.hyprspace.packages.${pkgs.system}.Hyprspace
+      # inputs.hyprtasking.packages.${s}.hyprtasking
+      # inputs.hyprland-easymotion.packages.${s}.hyprland-easymotion
     ];
 
     settings = {
@@ -382,6 +388,8 @@ in {
         # "SUPER,       TAB, hycov:toggleoverview"
         # "SUPER,       TAB, overview:toggle"
         # "SUPER,       TAB, hyprexpo:expo, toggle"
+        # "SUPER,       TAB, hyprtasking:killhovered"
+        # ",            Escape, hyprtasking:if_active, hyprtasking:toggle cursor"
         "ALT,         TAB, focuscurrentorlast"
         # "SUPER,       TAB, exec, hyprswitch --daemon"
         "SUPER,       Q, killactive"
@@ -415,7 +423,7 @@ in {
         "SUPER,       D, exec, vesktop"
         # "SUPER,       D, exec, discord"
         "SUPER,       F, fullscreen"
-        # "SUPER,       G,"
+        # "SUPER,       G, action:hyprctl dispatch focuswindow address:{}"
         "SUPER,       H, movefocus, l"
         "SUPER,       J, movefocus, d"
         "SUPER,       K, movefocus, u"
@@ -544,6 +552,59 @@ in {
           reverseSwipe = true;  # reverses the direction of swipe gesture, for macOS peeps?
           exitKey = true;
         };
+        hypertasking = {
+          layout = "grid";
+          gap_size = 20;
+          bg_color = "0xff${rice.color.background}";
+          border_size = 4;
+          exit_on_hovered = false;
+          warp_on_move_window = 1;
+          close_overview_on_reload = true;
+
+          drag_button = "0x110"; # left mouse button
+          select_button = "0x111"; # right mouse button
+          # for other mouse buttons see <linux/input-event-codes.h>
+
+          gestures = {
+            enabled = true;
+            move_fingers = 3;
+            move_distance = 300;
+            open_fingers = 4;
+            open_distance = 300;
+            open_positive = true;
+          };
+          grid = {
+            rows = 3;
+            cols = 3;
+            loop = false;
+            layers = 2;
+            loop_layers = true;
+            gaps_use_aspect_ratio = false;
+          };
+          linear ={
+            top = false;
+            height = 400;
+            scroll_speed = 1.0;
+            blur = false;
+          };
+        };
+        easymotion = {
+          textsize = 15;
+          textcolor = "rgba(ffffffff)";
+          bgcolor = "rgba(000000ff)";
+          blur = 0;
+          blurA = 1.0;
+          xray = 0;
+          textfont = "Sans";
+          textpadding = 0;
+          bordersize = 0;
+          bordercolor = "rgba(ffffffff)";
+          rounding = 0;
+          fullscreen_action = "none";
+          motionkeys = "abcdefghijklmnopqrstuvwxyz1234567890";
+          motionlabels = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
+          only_special = "true";
+        };
       };
     };
 

home-modules/pkgs-list/shell.nix

@@ -24,6 +24,7 @@
     lynx
     mediainfo
     neofetch
+    nmap
     pastel
     pdfgrep
     pdftk
@@ -37,10 +38,10 @@
     systemctl-tui
     tldr
     unstable.gemini-cli
+    unstable.gemini-cli
+    unstable.yt-dlp
     unstable.yt-dlp
     w3m
     which
-    unstable.gemini-cli
-    unstable.yt-dlp
   ];
 }

home-modules/spotify.nix

@@ -2,6 +2,7 @@
 {
   home.packages = with pkgs; [
     unstable.spotify
+    unstable.spicetify-cli
   ];
   services.librespot = {
     enable = true;
@@ -46,7 +47,7 @@
         playback_progress_bar = { fg = accent.brighter; bg = accent.dark; modifiers = ["Bold"];  };
         playback_status       = { fg = accent.bright;                                            };
         playback_track        = { fg = accent.bright;                     modifiers = ["Bold"];  };
-        secondary_row         = { fg = secondary.base;                                           };
+        secondary_row         = { fg = accent.brighter;                                       };
         selection             = {                       bg = accent.dark;                        };
         table_header          = { fg = tertiary.bright;                                          };
         # playback_progress_bar_unfilled (Specific to progress_bar_type as Line) = "";

home-modules/ssh.nix

@@ -36,6 +36,12 @@
       "nxace"                            = (nxace "nxace" );
       "nxacel"                           = (nxace "nxacel") // { hostname = "10.0.1.1"; };
       "nxrpli"                           = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
+      "nx2s-email-relay" = default // {
+        identityFile = "${hyper.home}/vault/ssh/nx2s-email-relay";
+        hostname = "35.243.218.208";
+        port = 22;
+        user = secrets.ssh.nx2s-email-relay-user;
+      };
     };
   };
   services.ssh-agent = {

home-modules/thunderbird.nix

@@ -0,0 +1,84 @@
+{ pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
+  programs.thunderbird = let
+    inherit (lib.generators) toJSON;
+    extensions = toJSON {} {
+      "addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d";
+    };
+  in {
+    enable = true;
+    profiles = {
+      "${hyper.user}" = {
+        isDefault = true;
+        settings = with rice.color; {
+          "calendar.alarms.showmissed" = false;
+          "calendar.alarms.playsound" = false;
+          "calendar.alarms.show" = false;
+          "extensions.webextensions.uuids" = extensions;
+          "mail.startup.enabledMailCheckOnce" = true;
+          "mailnews.mark_message_read.delay" = true;
+          "mailnews.mark_message_read.delay.interval" = 3;
+          "mailnews.tags.$label1.color" = red.base;
+          "mailnews.tags.$label1.tag" = "Important";
+          "mailnews.tags.$label2.color" = yellow.base;
+          "mailnews.tags.$label2.tag" = "Work";
+          "mailnews.tags.$label3.color" = green.base;
+          "mailnews.tags.$label3.tag" = "Personal";
+          "mailnews.tags.$label4.color" = cyan.base;
+          "mailnews.tags.$label4.tag" = "To Do";
+          "mailnews.tags.$label5.color" = blue.base;
+          "mailnews.tags.$label5.tag" = "Later";
+          "mailnews.headers.showMessageId" = true;
+          "mailnews.headers.showOrganization" = true;
+          "mailnews.headers.showReferences" = true;
+          "mailnews.headers.showSender" = true;
+          "mailnews.headers.showUserAgent" = true;
+          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;         
+        };
+        userChrome = with rice.color; /* css */ ''
+          body,
+          #navigation-toolbox,
+          #calendarContent,
+          #calSidebar,
+          #tabpanelcontainer,
+          #spacesToolbar,
+          #tabs-toolbar,
+          #calMinimonth,
+          #primaryButtonSidePanel *,
+          .minimonth-week,
+          .multiday-header-corner, .day-column-heading, calendar-header-container, calendar-event-column, .multiday-hour-box,
+          #view-box,
+          #tabs-toolbar,
+          #status-bar,
+          .calview-toggle,
+          #calview-toggle-item,
+          #folderPaneHeaderBar,
+          #folderPane,
+          #threadPaneHeaderBar,
+          #threadTree,
+          #tabs-toolbar {
+            color: ${foreground} !important;
+            font-family: ${rice.font.base.name} !important;
+            background-color: transparent !important;
+            background-image: none !important;
+            border: none !important;
+            -moz-appearance: none !important;
+          }
+          .minimonth-nav-section {
+            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
+            border: ${builtins.toString rice.border-width}px solid ${border};
+          }
+          .button,
+          .button-primary,
+          .tab-content[selected] {
+            background-color: ${accent.base}; 
+            color: ${background};
+            background-image: none; 
+          }
+          html {
+            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
+          }
+        '';
+      }; 
+    }; 
+  };
+}

home-modules/yazi.nix

@@ -88,8 +88,8 @@ in {
       	{ on = ";";         run = "shell --interactive";         desc = "Run a shell command";                            }
       	{ on = ":";         run = "shell --block --interactive"; desc = "Run a shell command (block until finishes)";     }
       	{ on = ".";         run = "hidden toggle";               desc = "Toggle the visibility of hidden files";          }
-      	{ on = "s";         run = "search fd";                   desc = "Search files by name using fd";                  }
+      	{ on = "s";         run = "search --via=fd";             desc = "Search files by name using fd";                  }
-      	{ on = "S";         run = "search rg";                   desc = "Search files by content using ripgrep";          }
+      	{ on = "S";         run = "search --via=rg";             desc = "Search files by content using ripgrep";          }
       	{ on = "<C-s>";     run = "escape --search";             desc = "Cancel the ongoing search";                      }
       	{ on = "z";         run = "plugin zoxide";               desc = "Jump to a directory using zoxide";               }
       	{ on = "Z";         run = "plugin fzf";                  desc = "Jump to a directory or reveal a file using fzf"; }
@@ -277,8 +277,8 @@ in {
         { mime = "text/*";                                          use = "edit"; }
         { mime = "text";                                            use = "edit"; }
 
-        { mine = "inode/x-empty";                                   use = "directory"; }
+        { mime = "inode/x-empty";                                   use = "directory"; }
-        { mine = "inode/directory";                                 use = "directory"; }
+        { mime = "inode/directory";                                 use = "directory"; }
 
         { mime = "image/*";                                         use = "image"; }
         { mime = "image/svg";                                       use = [ "image" "edit" ]; }

home.nix

@@ -8,6 +8,7 @@
     ./home-modules/chatterino.nix
     ./home-modules/clipboard.nix
     ./home-modules/color-pallete.nix
+    ./home-modules/contact.nix
     ./home-modules/direnv.nix
     ./home-modules/discord.nix
     ./home-modules/email.nix
@@ -42,7 +43,7 @@
     ./home-modules/pkgs-list/desktop.nix
     ./home-modules/pkgs-list/programs.nix
     ./home-modules/pkgs-list/shell.nix
-    ./home-modules/pnx.nix
+    # ./home-modules/pnx.nix
     ./home-modules/programming.nix
     ./home-modules/qt.nix
     ./home-modules/rclone.nix
@@ -53,6 +54,7 @@
     ./home-modules/spotify.nix
     ./home-modules/ssh.nix
     ./home-modules/starship.nix
+    ./home-modules/thunderbird.nix
     ./home-modules/tts.nix
     ./home-modules/typst.nix
     ./home-modules/vale.nix

system-modules/boot.nix

@@ -27,7 +27,11 @@
     kernelPackages = pkgs.linuxPackages;
     extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
     kernelModules = [ "v4l2loopback" ];
-    extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1'';
+    extraModprobeConfig = ''
+      options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1
+      options snd_hda_intel power_save=0
+      options snd_ac97_codec power_save=0
+    '';
     loader = {
       efi.canTouchEfiVariables = true;
       grub = {

system-modules/davfs.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }@all: with all; let
+  # user = "lennart";
+in {
+	services.davfs2 = {
+	  enable = true;
+	  settings = {
+	    globalSection = {
+	      use_locks = true;
+	    };
+	    sections = {
+	      "${hyper.home}/webdav" = {
+	        gui_optimize = true;
+	      };
+	    };
+	  };
+	};
+	users.users."${hyper.user}".extraGroups = [ "davfs2" ];
+}
+

system-modules/dm.nix

@@ -18,8 +18,8 @@
     package = pkgs.ly;
     settings = with rice.color; let h = rice.lib.nohash; in {
       allow_empty_password = false;
-      # animation = "matrix";
+      animation = "matrix";
-      animation = "gameoflife";
+      # animation = "gameoflife";
       animation_timeout_sec = 0; # forever
       asterisk = "*";
       auth_fails = 10;

system-modules/networking.nix

@@ -10,13 +10,15 @@
     };
     enableIPv6 = true;
     firewall.allowedTCPPorts = [ 
-      (pkgs.lib.mkIf config.services.ollama.enable 11434)
-      80
-      443
       8000
       8080
-      (pkgs.lib.mkIf config.services.postfix.enable 587)
+      (pkgs.lib.mkIf config.services.nginx.enable 80)
-      (pkgs.lib.mkIf config.services.dovecot2.enable 993)
+      (pkgs.lib.mkIf config.services.nginx.enable 443)
+      (pkgs.lib.mkIf config.services.ollama.enable 11434)
+      (pkgs.lib.mkIf config.services.maddy.enable 587)
+      (pkgs.lib.mkIf config.services.maddy.enable 465)
+      (pkgs.lib.mkIf config.services.maddy.enable 993)
+      (pkgs.lib.mkIf config.services.maddy.enable 25025)
     ];
   };
 }

system-modules/nx2site.nix

@@ -91,12 +91,12 @@ def main():
     print(f"*.${hyper.domain}:    {update_record(record_id="${record_id.sub}",   record_name="*.${hyper.domain}",    ip=my_ip,  type="A",    proxied=True,  pw=pw).status_code}")
     print(f"ssh.${hyper.domain}:  {update_record(record_id="${record_id.ssh}",   record_name="ssh.${hyper.domain}",  ip=my_ip,  type="A",    proxied=False, pw=pw).status_code}")
     print(f"dev.${hyper.domain}:  {update_record(record_id="${record_id.dev}",   record_name="dev.${hyper.domain}",  ip=my_ip,  type="A",    proxied=False, pw=pw).status_code}")
-    print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.dev}",   record_name="mail.${hyper.domain}", ip=my_ip,  type="A",    proxied=False, pw=pw).status_code}")
+    # print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail}",   record_name="mail.${hyper.domain}", ip=my_ip,  type="A",    proxied=False, pw=pw).status_code}")
 
     print(f"${hyper.domain}:      {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}",      ip=my_ip6, type="AAAA", proxied=True,  pw=pw).status_code}")
     print(f"*.${hyper.domain}:    {update_record(record_id="${record_id.sub6}",  record_name="*.${hyper.domain}",    ip=my_ip6, type="AAAA", proxied=True,  pw=pw).status_code}")
     print(f"ssh.${hyper.domain}:  {update_record(record_id="${record_id.ssh6}",  record_name="ssh.${hyper.domain}",  ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
-    print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.ssh6}",  record_name="mail.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
+    # print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail6}",  record_name="mail.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
 
 if __name__ == "__main__":
     main()

system-modules/nx2site/maddy.nix

@@ -1,8 +1,14 @@
-{ config, pkgs, ... }@all: with all; {
+{ config, pkgs, ... }@all: with all; let
+  users = [ "nxcaldav" "nextcloud" "lennart" "daniel" "diane" "georg" "tessa" ];
+in {
   sops.secrets = {
     "nx2site/maddy/nxcaldav_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
+    "nx2site/maddy/nextcloud_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
     "nx2site/maddy/lennart_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
     "nx2site/maddy/daniel_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
+    "nx2site/maddy/diane_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
+    "nx2site/maddy/georg_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
+    "nx2site/maddy/tessa_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
   };
   users.users."maddy" = {
     extraGroups = [ "acme" "nginx" ];
@@ -12,16 +18,24 @@
     primaryDomain = hyper.domain;
     user = "maddy";
     group = "maddy";
-    hostname = "mail.${hyper.domain}";
+    hostname = "ssh.${hyper.domain}";
     ensureAccounts = [
       "nxcaldav@${hyper.domain}"
+      "nextcloud@${hyper.domain}"
       "lennart@${hyper.domain}"
       "daniel@${hyper.domain}"
+      "diane@${hyper.domain}"
+      "georg@${hyper.domain}"
+      "tessa@${hyper.domain}"
     ];
     ensureCredentials = {
       "nxcaldav@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/nxcaldav_password".path;
+      "nextcloud@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
       "lennart@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/lennart_password".path;
       "daniel@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/daniel_password".path;
+      "diane@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/diane_password".path;
+      "georg@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/georg_password".path;
+      "tessa@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/tessa_password".path;
     };
 
     openFirewall = true;
@@ -34,12 +48,187 @@
     };
     # Enable TLS listeners. Configuring this via the module is not yet
     # implemented, see https://github.com/NixOS/nixpkgs/pull/153372
-    config = builtins.replaceStrings [
+    config = let
-      "imap tcp://0.0.0.0:143"
+      admin = "lennart@${hyper.domain}";
-      "submission tcp://0.0.0.0:587"
+      domains = hyper.domain; # could be more
-    ] [
+      inherit (hyper) domain;
-      "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+      # nix adds 3 variables, hostname, and tls info before the file (see /etc/maddy/maddy.conf)
-      "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+    in /* ini */''
-    ] options.services.maddy.config.default;
+      auth.pass_table local_authdb {
+        table sql_table {
+          driver sqlite3
+          dsn credentials.db
+          table_name passwords
+        }
+      }
+
+      storage.imapsql local_mailboxes {
+        driver sqlite3
+        dsn imapsql.db
+      }
+
+      table.chain local_rewrites {
+        # tagging with - or +
+        # alice-something@${domain} or alice+something@${domain} lands in inbox alice@${domain}
+        optional_step regexp "(.+)[\+-](.+)@(.+)" "$1@$3"
+        optional_step static {
+          entry postmaster ${admin}
+          entry admin ${admin}
+        }
+      }
+
+      msgpipeline local_routing {
+        destination ${domains} {
+          modify {
+            replace_rcpt &local_rewrites
+          }
+          reroute {
+            destination_in &local_mailboxes {
+              deliver_to &local_mailboxes
+            }
+            default_destination {
+              modify {
+                replace_rcpt regexp ".*" "${admin}"
+              }
+              deliver_to &local_mailboxes
+            }
+          }
+        }
+        # should never happen
+        default_destination {
+          reject 550 5.1.1 "User doesn't exist"
+        }
+      }
+
+      smtp tcp://0.0.0.0:25 {
+        limits {
+          all rate 20 1s
+          all concurrency 10
+        }
+        dmarc yes
+        check {
+          require_mx_record
+          dkim
+          spf
+        }
+        source ${domains} {
+          reject 501 5.1.8 "Use Submission for outgoing SMTP"
+        }
+        default_source {
+          destination postmaster ${domains} {
+            deliver_to &local_routing
+          }
+          default_destination {
+            reject 550 5.1.1 "User doesn't exist"
+          }
+        }
+      }
+
+      submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+        limits {
+          all rate 50 1s
+        }
+        auth &local_authdb
+        source ${domains} {
+          check {
+              authorize_sender {
+                  prepare_email &local_rewrites
+                  user_to_email identity
+              }
+          }
+          destination postmaster ${domains} {
+              deliver_to &local_routing
+          }
+          default_destination {
+              modify {
+                  dkim ${domain} ${domains} default
+              }
+              deliver_to &remote_queue
+          }
+        }
+        default_source {
+          reject 501 5.1.8 "Non-local sender domain"
+        }
+      }
+
+      target.remote outbound_delivery {
+        limits {
+          destination rate 20 1s
+          destination concurrency 10
+        }
+        mx_auth {
+          dane
+          mtasts {
+            cache fs
+            fs_dir mtasts_cache/
+          }
+          local_policy {
+              min_tls_level encrypted
+              min_mx_level none
+          }
+        }
+      }
+
+      target.queue remote_queue {
+        target &outbound_delivery
+        autogenerated_msg_domain ${domain}
+        bounce {
+          destination postmaster ${domains} {
+            deliver_to &local_routing
+          }
+          default_destination {
+              reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+          }
+        }
+      }
+
+      imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
+        auth &local_authdb
+        storage &local_mailboxes
+      }
+
+      # localhost only - test purposes only (->spam!)
+      smtp tcp://127.0.0.1:2525 {
+          tls off
+          destination postmaster ${domains} {
+              deliver_to &local_routing
+          }
+          default_destination {
+              modify {
+                  dkim ${domain} ${domains} default
+              }
+              deliver_to &remote_queue
+          }
+      }
+      # nx2s-email-relay backdor
+      smtp tcp://0.0.0.0:25025 {
+
+          # 1. Allow incoming mail from the VM for your domains
+          destination postmaster ${domains} {
+              deliver_to &local_routing
+          }
+          # 2. Prevent the world from using you as an open relay
+          default_destination {
+              reject 521 5.0.0 "User not local"
+          }
+      }
+
+    '';
   };
 }
+
+
+# --- Receive
+# 1. mx to mail.nx2.site
+# 2. mail.nx2.site to nx2s-email-relay (google e2-micro)
+# 3. nx2s-email-relay uses emaul-relay.service to socat 25 to 25025 home
+# 4. home gets 25025 and handles it
+
+# -- Send
+# 1. Via Smtp2go (mail-eu.smtp2go.com)
+# SPF is coverd by CNAME (return) (somehow)
+
+
+
+
+

system-modules/nx2site/nextcloud.nix

@@ -1,27 +1,108 @@
-{ pkgs, ...}@all: with all;
+{ config, pkgs, ... }@all: with all; let 
-{
+  user = "nextcloud";
-  sops.secrets = { 
+in {
-    "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
+  sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in {
-    "nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
+    "nx2site/nextcloud/admin_pass" = ss;
-    # "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
+    "nx2site/nextcloud/db_pass" = ss;
+    "nx2site/nextcloud/lennart_pass" = ss;
+    "nx2site/nextcloud/daniel_pass" = ss;
+    "nx2site/nextcloud/diane_pass" = ss;
+    "nx2site/nextcloud/georg_pass" = ss;
+    "nx2site/nextcloud/tessa_pass" = ss;
+    "nx2site/smtp2go/nextcloud_api_key" = ss;
   };
-
+  users.users."${user}" = {
-  services = {
+    isSystemUser = true;
-    nextcloud = {
+    isNormalUser = false;
+    group = user;
+  };
+  # users.groups."${user}" = {};
+  users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
+  services.nextcloud = {
     enable = true;
-      package = pkgs.nextcloud;
+    hostName = "n.${hyper.domain}";
-      hostName = "nc.${hyper.domain}";
+    # Need to manually increment with every major upgrade.
-      https = true;
+    package = pkgs.nextcloud33;
+    # Let NixOS install and configure the database automatically.
+    # database.createLocally = false;
+    # Let NixOS install and configure Redis caching automatically.
     configureRedis = true;
-      config = {
+    # Increase the maximum file upload size.
-        adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
+    maxUploadSize = "16G";
-        adminuser = "nx2";
+    https = true;
+    # autoUpdateApps.enable = true;
+    appstoreEnable = false;
+    extraAppsEnable = true;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit calendar contacts mail notes tasks;
+    };
+    settings = {
+      overwriteProtocol = "https";
+      default_phone_region = "DE";
       
+      # # local
+      # "mail_smtpmode" = "smtp";
+      # "mail_smtphost" = "127.0.0.1";
+      # "mail_smtpport" = 2525;
+      # "mail_from_address" = "nextcloud";
+      # "mail_domain" = hyper.domain;
+      # "mail_smtpsecure" = ""; # = STARTTLS
+
+      "mail_smtpmode" = "smtp";
+      "mail_smtphost" = "mail-eu.smtp2go.com";
+      "mail_smtpport" = 2525;
+      "mail_from_address" = "nextcloud";
+      "mail_domain" = hyper.domain;
+      "mail_smtpsecure" = ""; # = STARTTLS
+      "mail_smtpauth" = true;
+      "mail_smtpauthtype" = "LOGIN";
+      "mail_smtpname" = "nextcloud@${hyper.domain}";
+      "simpleSignUpLink.shown" = false;
+    };
+    secrets."mail_smtppassword" = config.sops.secrets."nx2site/smtp2go/nextcloud_api_key".path;
+    # secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
+    config = {
+      adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path;
       dbtype = "pgsql";
-        # dbhost = config.services.postgresql.settings.port; # using usix socket
+      adminuser = "nextcloud";
+      # dbhost     = "localhost:5432";
+      dbhost     = "/run/postgresql";
       dbname     = "nextcloud";
-        dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
+      dbuser     = "nextcloud";
+      dbpassFile = config.sops.secrets."nx2site/nextcloud/db_pass".path;
+    };
+    phpOptions = {
+      "memory_limit" = pkgs.lib.mkForce "2G";
+      "opcache.interned_strings_buffer" = "16";
     };
   };
+  systemd.services.nextcloud-ensure-users = let
+    users = pkgs.lib.mergeAttrsList (pkgs.lib.map (name: {
+      "${name}" = {
+        email = "${name}@nx2.site";
+        passwordFile = config.sops.secrets."nx2site/nextcloud/${name}_pass".path;
+      };
+    }) [ "lennart" "daniel" "diane" "georg" "tessa" ]);
+  in {
+    enable = true;
+    script = let occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; in /* bash */ ''
+      ${pkgs.lib.optionalString (users != {}) ''
+        ${pkgs.lib.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (name: cfg: ''
+          if ${occ} user:info "${name}" | grep "user not found"; then
+            export OC_PASS="$(cat ${pkgs.lib.escapeShellArg cfg.passwordFile})"
+            ${occ} user:add --password-from-env "${name}"
+          fi
+          ${pkgs.lib.optionalString (cfg.email != null) ''
+            ${occ} user:setting "${name}" settings email "${cfg.email}"
+          ''}
+        '') users)}
+      ''}
+    '';
+    wantedBy = [ "multi-user.target" ];
+    after = [ "nextcloud-setup.service" ];
+  };
+  services.phpfpm.pools.nextcloud.settings = pkgs.lib.mkIf config.services.nextcloud.enable {
+    "listen.owner" = config.services.nginx.user;
+    "listen.group" = config.services.nginx.group;
   };
 }

system-modules/nx2site/nxcaldav.nix

@@ -112,6 +112,10 @@
       User = user;
       Group = user;
       ExecStart = ''${nxc}/bin/nxcaldav -c ${cfg}'';
+      Restart = "on-failure";
+      RestartSec = 5;
+      StartLimitBurst = 5;
+      StartLimitIntervalSec = 60;
     };
   };
 }

system-modules/nx2site/proxy.nix

@@ -15,7 +15,8 @@
       "${hyper.domain}" = {
         extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [
           "sync"
-          "mail"
+          "ssh"
+          # "mail"
         ];
       };
     };
@@ -116,6 +117,13 @@
         ];
         locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
       };
+      "ssh.${hyper.domain}" = {
+        listen = [
+          { addr = "0.0.0.0"; port = 80; }
+          { addr = "[::0]"; port = 80; }
+        ];
+        locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
+      };
       "matrix.${hyper.domain}" = {
         listen = dl;
         locations."~.*".return = "502";
@@ -173,6 +181,14 @@
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:14243"; }; }; 
       });
+
+      "n.${hyper.domain}" = {
+        listen = dl;
+        forceSSL = true;
+        enableACME = true;
+        # rest is done by the nextcloud module
+      };
+
       # "nc.${hyper.domain}" = vh // {
       #   # directly to nc 
       # };
@@ -196,11 +212,13 @@
       };
       "dev.${hyper.domain}" = vh // {
         listen = dl;
-        locations."/" = { 
+        locations = {
+          "/" = { 
             proxyPass = "http://127.0.0.1:8080";
             proxyWebsockets = true;
           }; 
         };
+      };
       # is done atomatically
       # "owc.${hyper.domain}" = vh // { 
       #   listen = dl;
@@ -240,7 +258,7 @@
           };
         };
       };
-      "~^(.*).${hyper.domain}$" = {
+      "~^(?!n\.)(.*)\.${hyper.domain}$" = {
         listen = dl;
         root = "/var/nginx/webroot";
         locations."~.*".return = "502";

system-modules/postgres.nix

@@ -27,8 +27,8 @@
 				"gitea"
 				"vaultwarden"
 				"paperless"
-				"nextcloud"
 				"nxcaldav"
+				"nextcloud"
 			];
 			settings = {
 				port = 5432; # default
@@ -47,10 +47,6 @@
 					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
-				{
-					name = "nextcloud";
-					ensureDBOwnership = true;
-				}
 				{
 					name = "paperless";
 					ensureDBOwnership = true;
@@ -59,6 +55,10 @@
 					name = "nxcaldav";
 					ensureDBOwnership = true;
 				}
+				{
+				  name = "nextcloud";
+				  ensureDBOwnership = true;
+				}
 			];
 		};
 		postgresqlBackup = {

system-modules/stay-up.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }@all: with all; let
+  target = "1.1.1.1";
+  timeoutMinutes = 5;
+  logFile = "/var/log/stay-up.log";
+in {
+  systemd.services.wifi-watchdog = {
+    description = "Wi-Fi Watchdog Service";
+    after = [ "network.target" "NetworkManager.service" ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [ iputils networkmanager coreutils ];
+    script = /* bash */ ''
+      FAIL_COUNT=0
+      touch "${logFile}"
+      while true; do
+        if ping -c 1 -W 5 "${target}" > /dev/null 2>&1; then
+          FAIL_COUNT=0
+        else
+          FAIL_COUNT=$((FAIL_COUNT + 1))
+          if [ "$FAIL_COUNT" -ge "${toString timeoutMinutes}" ]; then
+            echo "$(date -Iseconds): Network unreachable for ${toString timeoutMinutes} minutes. Restarting Wi-Fi." >> "${logFile}"
+            nmcli radio wifi off
+            sleep 5
+            nmcli radio wifi on
+            FAIL_COUNT=0
+          fi
+        fi
+        sleep 60
+      done
+    '';
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = "10";
+      User = "root"; # Root is required to execute nmcli radio commands and write to /var/log/
+    };
+  };
+}

system-modules/tuda.nix

@@ -12,17 +12,16 @@
   environment.systemPackages = with pkgs; [
     openconnect
     networkmanager-openconnect
+    (pkgs.writeShellScriptBin "connect_to_tuda" ''
+      sudo $(grep ExecStart /etc/systemd/system/openconnect-tuda.service | cut -c 11-)
+    '')
   ];
   networking.openconnect = {
     package = pkgs.openconnect;
     interfaces = {
-      openconnect0 = {
+      tuda = {
         autoStart = false;
-        certificate = "/home/nx2/tuda-rootcert.crt";
-        # extraOptions = { compression = "stateless"; no-dtls = true; no-http-keepalive = true; };
         gateway = "vpn.hrz.tu-darmstadt.de";
-        # passwordFile = "/var/lib/secrets/openconnect-passwd";
-        # privateKey = "/var/lib/secrets/openconnect_private_key.pem";
         protocol = "anyconnect";
         user = secrets.email.tuda.tuid;
       };