changes saved (doesnt built)

configuration.nix

@@ -1,4 +1,4 @@
-{  pkgs, pkgs-unstable, inputs, ... }:
+{ pkgs, pkgs-unstable, lib, inputs, allowed, nvidia, ... }:
 {
   imports = [
     inputs.sops-nix.nixosModules.sops
@@ -12,12 +12,12 @@
     ./system-modules/gc.nix
     ./system-modules/dm.nix
     ./system-modules/networking.nix
-    ./system-modules/virtualisation.nix
+    # ./system-modules/virtualisation.nix
     ./system-modules/sshd.nix
     ./system-modules/gpg.nix
     ./system-modules/sops.nix
     ./system-modules/syncthing.nix
-    # ./system-modules/hsmw.nix # old
+    ./system-modules/hsmw.nix # old
     ./system-modules/docker.nix
     ./system-modules/health_reminder.nix
     ./system-modules/ydotool.nix
@@ -60,13 +60,20 @@
   hardware.bluetooth.powerOnBoot = true; # 
   services.blueman.enable = true;
 
-  nixpkgs.config.allowUnfree = true;
+  # nixpkgs.config.allowUnfree = true;
-  # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
+  nixpkgs.config = {
-
+    # allowUnfree = true;
+    # allowUnfreePredicate = (pkg: true);
+    allowUnfreePredicate = let 
+      string-list = allowed.unfree-packages ++ (if nvidia.enable == true then nvidia.unfree else []); 
+    in pkg: builtins.elem (lib.getName pkg) string-list;
+    cudaSupport = nvidia.enable;
+    enableParallelBuildingByDefault = true;
+  };
  
   # List packages installed in system profile. To search, run:
   # $ nix search wget
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; ([
     git
     lazygit # home-manager module is bugged
     git-crypt
@@ -84,8 +91,8 @@
     blueman
     dmidecode
     file
-  ] ++ (with pkgs-unstable; [
+  # ]) ++ (with pkgs-unstable; [
-    sendme
+  # # sendme
   ]);
 
   environment.variables = {
@@ -104,7 +111,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-
   programs.bash.shellInit = ''
     source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh
   '';

flake.nix

@@ -28,10 +28,6 @@
     };
     hyprswitch.url = "github:h3rmt/hyprswitch/release";
 
-    # nixvim = {
-    #   url = "github:nix-community/nixvim/nixos-23.11";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    # };
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.3.0";
       # inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -50,8 +46,19 @@
   outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs:
     let
       system = "x86_64-linux";
-      pkgs = nixpkgs.legacyPackages.${system};
+      pkgs-config = {
-      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
+        allowUnfree = true;
+        # cudaSupport = nvidia.enable;
+        # enableParallelBuildingByDefault = true;
+      };
+      pkgs = import nixpkgs { 
+        system = system; 
+        config = pkgs-config;
+      };
+      pkgs-unstable = import nixpkgs-unstable {
+        system = system;
+        config = pkgs-config;
+      };
 
       user = "nx2";
 
@@ -60,46 +67,43 @@
         prime = true;
         # unfree = if enable then [
         unfree = [
-          "nvidia-x11"
+          "cuda_cccl"
-          "nvidia-settings"
+          "cuda_cudart"
-          "nvidia-persistenced"
+          "cuda_cuobjdump"
+          "cuda_cupti"
+          "cuda_cuxxfilt"
+          "cuda_gdb"
+          "cuda-merged"
+          "cuda_nvcc"
+          "cuda_nvdisasm"
+          "cuda_nvml_dev"
+          "cuda_nvprune"
+          "cuda_nvrtc"
+          "cuda_nvtx"
+          "cuda_profiler_api"
+          "cuda_sanitizer_api"
           "cudatoolkit"
-          "cudatoolkit-11.8.0"
+          "libcublas"
-          "cudatoolkit-12.2.2"
+          "libcufft"
+          "libcurand"
+          "libcusolver"
+          "libcusparse"
+          "libnpp"
+          "libnvjitlink"
+          "nviaia-x11"
+          "nvidia-persistenced"
+          "nvidia-settings"
+          "nvidia-x11"
         ];
         # ] else [];
       };
       allowed = {
         unfree-packages = [
-          "cudatoolkit"
-          "cuda-merged"
-          "cuda_cuobjdump"
-          "cuda_gdb"
-          "cuda_nvcc"
-          "cuda_nvdisasm"
-          "cuda_nvprune"
-          "cuda_cccl"
-          "cuda_cudart"
-          "cuda_cupti"
-          "cuda_cuxxfilt"
-          "cuda_nvml_dev"
-          "cuda_nvrtc"
-          "cuda_nvtx"
-          "cuda_profiler_api"
-          "cuda_sanitizer_api"
-          "libcublas"
-          "libcufft"
-          "libcurand"
-          "libcusolver"
-          "libnvjitlink"
-          "libcusparse"
-          "libnpp"
-
           "discord"
-          "spotify"
           "obsidian"
-          "zoom-us"
+          "spotify"
           "zoom"
+          "zoom-us"
         ] ++ nvidia.unfree;
 
         inecure-packages = [

home-modules/email.nix

@@ -102,9 +102,9 @@ lib.mkIf (host != "NxACE")
       };
     };
 
-    hsmw = {
+    hsmw = with secrets.email.hsmw; {
-      address = secrets.email.hsmw.mail;
+      address = "${un}@hs-mittweida.de";
-      userName = secrets.email.hsmw.mail;
+      userName = "${un}@hs-mittweida.de";
       realName = "Lennart J. Kurzweg";
       imap = {
         port = 993;
@@ -117,8 +117,8 @@ lib.mkIf (host != "NxACE")
       };
       signature = {
         text = ''
-          MatNr: ${secrets.email.hsmw.mnr}
+          MatNr: ${mnr}
-          SemGr: ${secrets.email.hsmw.semgr}
+          SemGr: ${semgr}
           About Me: https://nx2.site/about-me
           Contact: https://nx2.site/contact
           GPG: https://nx2.site/gpg
@@ -128,6 +128,9 @@ lib.mkIf (host != "NxACE")
       thunderbird = {
         enable = true;
         profiles = [ "default" ];
+        settings = id: {
+          "mail.server.server_${id}.fcc_folder" = "imap://${un}%40hs-mittweida.de@xc.hs-mittweida.de/Sent";
+        };
       };
     };
   };

home-modules/helix.nix

@@ -99,7 +99,7 @@
         "constant" = accent.bright; 
         "constant.character.escape" = special.bright;
         "constant.numeric" = foreground; 
-        "constructor" = blue.dark; 
+        "constructor" = weird.base;
         "debug" = yellow.base;
         "diagnostic.modifiers" = [ "underlined" ];
         "diff.delta" = blue.bright; 

home-modules/hyprland-autoname-workspaces.nix

@@ -49,6 +49,7 @@ lib.mkIf (user != "tv")
     "leagueclientux.exe" = "󰰌"
     zathura = "󰈦"
     code-oss = "󰨞"
+    codium-url-handler = "󰨞"
     discord = "󰙯"
     vesktop = "󰙯"
     blueman-manager = "󰂯"

home-modules/nvidia.nix

@@ -1,4 +1,5 @@
-{ pkgs, ... }:
+{ pkgs, lib, nvidia, ... }:
+lib.mkIf (nvidia.enable == true)
 {
   home = {
     packages = with pkgs; [

home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, pkgs-unstable, lib, system, inputs, host, user, rice, allowed, secrets, ... }:
+{ config, pkgs, pkgs-unstable, lib, system, nvidia, host, user, rice, allowed, secrets, ... }:
 {
   imports = [
 
@@ -63,9 +63,14 @@
   home.homeDirectory = "/home/${user}";
   home.stateVersion = "24.05";
   nixpkgs.config = {
-    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
+    allowUnfree = true;
+    # allowUnfreePredicate = (pkg: true);
+    # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
     permittedInsecurePackages = allowed.inecure-packages;
+    # cudaSupport = nvidia.enable;
+    # enableParallelBuildingByDefault = true;
   };
+  
   home.packages = with pkgs; [
     chromium 
     
@@ -78,7 +83,8 @@
     swww playerctl
     
     imv mpv mediainfo exiftool ffmpeg
-    pavucontrol fontpreview gtk2fontsel
+    pavucontrol
+    fontpreview gtk2fontsel
     lynx w3m browsh
     bat du-dust eza neofetch tldr fzf figlet ripgrep lolcat jq glow
     brightnessctl wev 

system-modules/hsmw.nix

@@ -1,24 +1,31 @@
 { pkgs, lib, host, secrets, ... }: 
 lib.mkIf (host != "NxACE") 
 {
-  environment.systemPackages = [
+  environment.systemPackages = with pkgs; [
-    pkgs.strongswanNM
+    strongswanNM
   ];
   
   environment.etc = {
 
-    # Easyroam 
+  #   # Easyroam 
-    "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
+  #   "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
-    "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
+  #   "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
-    "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
+  #   "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
-    "NetworkManager/system-connections/eduroam.nmconnection" = {
+  #   "NetworkManager/system-connections/eduroam.nmconnection" = {
-      text = secrets.easyroamHSMW.nmconfig; 
+  #     text = secrets.easyroamHSMW.nmconfig; 
-      mode = "0600";
+  #     mode = "0600";
-    };
+  #   };
 
-    "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
+    # "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
-    "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
+  #   "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
-    "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+  #   "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+  };
+
+
+  sops.secrets = {
+    "USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
+    "USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
+    "hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
   };
   
   networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
           left = "%defaultroute";
           leftid = "%any";
           leftauth = "eap";
-          eap_identity = secrets.email.hsmw.mail;
+          eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
           leftsourceip = "%config";
           leftdns = "%config4";
           leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
       "openssl"
       "resolve"
     ];
-    secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
+    secrets = [ "/etc/ipsec.d/hsmw.secret" ];
     ca = {
       hsmw = {
         auto = "add";

system-modules/kodi.nix

@@ -1,12 +1,13 @@
 { pkgs, lib, host, ... }:
 lib.mkIf (host == "NxACE")
-{
+{}
-  services.xserver.desktopManager.kodi = {
+# {
-    enable = true;
+#   services.xserver.desktopManager.kodi = {
-  };
+#     enable = true;
-  services.cage = {
+#   };
-    user = "kodi";
+#   services.cage = {
-    program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
+#     user = "kodi";
-    enable = true;
+#     program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
-  };
+#     enable = true;
-}
+#   };
+# }

system-modules/nx2site.nix

@@ -1,6 +1,10 @@
-{ pkgs, lib, user, host, ... }:
+{ config, pkgs, lib, user, host, ... }:
 lib.mkIf (host == "NxACE")
 {
+  sops.secrets = {
+    "nx2site/namecheap.pw" = { };
+  };
+
   systemd = {
     timers."namecheap-dynamic-dns" = {
       wantedBy = [ "timers.target" ];
@@ -12,33 +16,63 @@ lib.mkIf (host == "NxACE")
     };
     services."namecheap-dynamic-dns" = 
     let 
-      u = pkgs.writeScriptBin "update_namecheap" ''
+      u = let
-        my_ip=$(${pkgs.curl}/bin/curl -s https://ipinfo.io/ip)
+        domain = "nx2.site";
-        dns_ip=$(${pkgs.dig}/bin/nslookup nx2.site | grep -E "Address: [0-9]" | cut -c 10-)
+        passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
-        fdc="/home/nx2/nx2site/domain/count.txt"
+        log-file-path = "/var/log/update_namecheap.log";
+        count-file-path = "/var/log/update_namecheap-count.txt";
+      in
+      pkgs.writers.writePython3Bin "update_namecheap" {
+        libraries = with pkgs.python311Packages; [ 
+          requests
+        ];
+        flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
+      } ''
+        import requests
+        import argparse
+        import socket
+        from datetime import datetime
 
-        force_update=false
+        def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
 
-        while getopts "f" opt; do
+        def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
-          case $opt in
-            f)
-              force_update=true
-              ;;
-            \?)
-              echo "Invalid option: -$OPTARG" >&2
-              exit 1
-              ;;
-          esac
-        done
 
-        if [ "$force_update" == true ] || [ "$my_ip" != "$dns_ip" ]; then
+        def main(force_update):
-            count=$(<$fdc)
+            my_ip = get_public_ip()
-            echo [ $count times ] $(date) from $dns_ip to $my_ip  >> /home/nx2/nx2site/domain/updates.log
+            dns_ip = get_dns_ip()
-            pw=$(cat /home/nx2/nx2site/domain/pw.txt)
+
-            ${pkgs.curl}/bin/curl -s "https://dynamicdns.park-your-domain.com/update?host=@&domain=nx2.site&password=$pw&ip=$my_ip"
+            with open("${count-file-path}", "r") as f:
-            ${pkgs.curl}/bin/curl -s "https://dynamicdns.park-your-domain.com/update?host=*&domain=nx2.site&password=$pw&ip=$my_ip"
+                content = f.read()
-            echo 0 > $fdc
+                if content == "": count = 0
-        fi
+                else: count = int(content)
+            count += 1
+            with open("${count-file-path}", "w") as f:
+                f.write(str(count))
+
+            if not (force_update or my_ip != dns_ip):
+                print(f"Host IP and DNS response are both {my_ip} --> No Action")
+                exit(0)
+            else:
+                with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
+
+                # Perform DNS updates
+                resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
+                resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
+    
+                # Reset the count file
+                with open("${count-file-path}", 'w') as f: f.write('0')
+
+                now_str = datetime.now().strftime('%Y/%m/%d-%R')
+                log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else '           '}\n"
+                print(log_entry, end="")
+                with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
+
+        if __name__ == "__main__":
+            parser = argparse.ArgumentParser()
+            parser.add_argument('-f', '--force', action='store_true', help='Force update')
+            args = parser.parse_args()
+  
+            main(args.force)
       '';
     in
     {
@@ -48,7 +82,7 @@ lib.mkIf (host == "NxACE")
       '';
       serviceConfig = {
         Type = "oneshot";
-        User = "nx2";
+        # User = "nx2";
       };
     };
   };

system-modules/ollama.nix

@@ -1,7 +1,7 @@
-{ pkgs, lib, host, nvidia, ... }: 
+{ pkgs, pkgs-unstable, lib, host, nvidia, ... }: 
 
 {
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs-unstable; [
     ollama
   ];
   
@@ -41,6 +41,7 @@
   #   '';
   # };
   services.ollama = {
+    # package = pkgs-unstable.ollama;
     enable = true;
     acceleration = lib.mkIf nvidia.enable "cuda";
     listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434";