wip

common/pc/default.nix

@@ -6,20 +6,19 @@ in
 {
   imports = [
     ./kde.nix
-    #    ./xfce.nix
+    # ./xfce.nix
     ./yubikey.nix
     ./chromium.nix
     #    ./firefox.nix
     ./audio.nix
     #    ./torbrowser.nix
     ./pithos.nix
+    ./spotify.nix
     ./vscodium.nix
     ./discord.nix
     ./steam.nix
     ./touchpad.nix
     ./mount-samba.nix
-    ./udev.nix
-    ./virtualisation.nix
   ];
 
   options.de = {
@@ -45,7 +44,8 @@ in
       gparted
       libreoffice-fresh
       thunderbird
-      spotify
+      spotifyd
+      spotify-qt
       arduino
       yt-dlp
       jellyfin-media-player
@@ -76,18 +76,5 @@ in
     # Security
     services.gnome.gnome-keyring.enable = true;
     security.pam.services.googlebot.enableGnomeKeyring = true;
-
-    # Android dev
-    programs.adb.enable = true;
-
-    # Mount personal SMB stores
-    services.mount-samba.enable = true;
-
-    # allow building ARM derivations
-    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-    # for luks onlock over tor
-    services.tor.enable = true;
-    services.tor.client.enable = true;
   };
 }

common/pc/spotify.nix

@@ -0,0 +1,85 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.spotifyd;
+  toml = pkgs.formats.toml { };
+  spotifydConf = toml.generate "spotify.conf" cfg.settings;
+in
+{
+  disabledModules = [
+    "services/audio/spotifyd.nix"
+  ];
+
+  options = {
+    services.spotifyd = {
+      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
+
+      settings = mkOption {
+        default = { };
+        type = toml.type;
+        example = { global.bitrate = 320; };
+        description = ''
+          Configuration for Spotifyd. For syntax and directives, see
+          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
+        '';
+      };
+
+      users = mkOption {
+        type = with types; listOf str;
+        default = [ ];
+        description = ''
+          Usernames to be added to the "spotifyd" group, so that they
+          can start and interact with the userspace daemon.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    # username specific stuff because i'm lazy...
+    services.spotifyd.users = [ "googlebot" ];
+    users.users.googlebot.packages = with pkgs; [
+      spotify
+    ];
+
+    users.groups.spotifyd = {
+      members = cfg.users;
+    };
+
+    age.secrets.spotifyd = {
+      file = ../../secrets/spotifyd.age;
+      group = "spotifyd";
+      mode = "0440"; # group can read
+    };
+
+    # spotifyd to read secrets and run as user service
+    services.spotifyd = {
+      settings.global = {
+        username_cmd = "sed '1q;d' /run/agenix/spotifyd";
+        password_cmd = "sed '2q;d' /run/agenix/spotifyd";
+        bitrate = 320;
+        backend = "pulseaudio";
+        device_name = config.networking.hostName;
+        device_type = "computer";
+        # on_song_change_hook = "command_to_run_on_playback_events"
+        autoplay = true;
+      };
+    };
+
+    systemd.user.services.spotifyd-daemon = {
+      enable = true;
+      wantedBy = [ "graphical-session.target" ];
+      partOf = [ "graphical-session.target" ];
+      description = "spotifyd, a Spotify playing daemon";
+      environment.SHELL = "/bin/sh";
+      serviceConfig = {
+        ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
+        Restart = "always";
+        CacheDirectory = "spotifyd";
+      };
+    };
+  };
+}

common/pc/udev.nix

@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.de;
-in
-{
-  config = lib.mkIf cfg.enable {
-    services.udev.extraRules = ''
-      # depthai
-      SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
-
-      # Moonlander
-      # Rules for Oryx web flashing and live training
-      KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-      KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-      # Wally Flashing rules for the Moonlander and Planck EZ
-      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-    '';
-    services.udev.packages = [ pkgs.platformio ];
-
-    users.groups.plugdev = {
-      members = [ "googlebot" ];
-    };
-  };
-}

common/pc/use-meson-v57.patch

@@ -0,0 +1,22 @@
+diff --git a/meson.build b/meson.build
+index dace367..8c0e290 100644
+--- a/meson.build
++++ b/meson.build
+@@ -8,7 +8,7 @@ project(
+         'warning_level=0',
+     ],
+     license: 'MIT',
+-    meson_version: '>= 0.58.0',
++    meson_version: '>= 0.57.0',
+ )
+ 
+ cc = meson.get_compiler('c')
+@@ -47,8 +47,3 @@ shared_library(
+     gnu_symbol_visibility: 'hidden',
+ )
+ 
+-meson.add_devenv(environment({
+-    'NVD_LOG': '1',
+-    'LIBVA_DRIVER_NAME': 'nvidia',
+-    'LIBVA_DRIVERS_PATH': meson.project_build_root(),
+-}))

common/pc/virtualisation.nix

@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.de;
-in
-{
-  config = lib.mkIf cfg.enable {
-    # AppVMs
-    virtualisation.appvm.enable = true;
-    virtualisation.appvm.user = "googlebot";
-
-    # Use podman instead of docker
-    virtualisation.podman.enable = true;
-    virtualisation.podman.dockerCompat = true;
-
-    # virt-manager
-    virtualisation.libvirtd.enable = true;
-    programs.dconf.enable = true;
-    virtualisation.spiceUSBRedirection.enable = true;
-    environment.systemPackages = with pkgs; [ virt-manager ];
-    users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
-  };
-}

machines/howl/default.nix

@@ -1,13 +1,68 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, nixos-hardware, ... }:
 
 {
   imports = [
     ./hardware-configuration.nix
+    nixos-hardware.nixosModules.framework-13-7040-amd
   ];
 
+
+  # for luks onlock over tor
+  services.tor.enable = true;
+  services.tor.client.enable = true;
+
   # don't use remote builders
   nix.distributedBuilds = lib.mkForce false;
 
+  services.udev.extraRules = ''
+    # depthai
+    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
+
+    # Moonlander
+    # Rules for Oryx web flashing and live training
+    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
+    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
+    # Wally Flashing rules for the Moonlander and Planck EZ
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
+  '';
+  services.udev.packages = [ pkgs.platformio ];
+  users.groups.plugdev = {
+    members = [ "googlebot" ];
+  };
+
+  # virt-manager
+  virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+  environment.systemPackages = with pkgs; [ virt-manager ];
+  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
+
+  # allow building ARM derivations
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  services.spotifyd.enable = true;
+
+  virtualisation.podman.enable = true;
+  virtualisation.podman.dockerCompat = true;
+
+  virtualisation.appvm.enable = true;
+  virtualisation.appvm.user = "googlebot";
+
+  services.mount-samba.enable = true;
+
   de.enable = true;
   de.touchpad.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    # barrier
+    24800
+  ];
+
+  programs.adb.enable = true;
+
+  services.fwupd.enable = true;
+
+  # fingerprint reader has initially shown to be more of a nuisance than a help
+  # it makes sddm log in fail most of the time and take several minutes to finish
+  services.fprintd.enable = false;
 }

machines/howl/hardware-configuration.nix

@@ -1,19 +1,12 @@
-{ config, lib, pkgs, modulesPath, nixos-hardware, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [
+  imports =
-    (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
-    nixos-hardware.nixosModules.framework-13-7040-amd
+    ];
-  ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  hardware.framework.amd-7040.preventWakeOnAC = true;
-  services.fwupd.enable = true;
-  # fingerprint reader has initially shown to be more of a nuisance than a help
-  # it makes sddm log in fail most of the time and take several minutes to finish
-  services.fprintd.enable = false;
-
   # boot
   boot.loader.systemd-boot.enable = true;
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
@@ -34,18 +27,17 @@
     allowDiscards = true;
   };
   fileSystems."/" =
-    {
+    { device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
-      device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
       fsType = "btrfs";
     };
   fileSystems."/boot" =
-    {
+    { device = "/dev/disk/by-uuid/B087-2C20";
-      device = "/dev/disk/by-uuid/B087-2C20";
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
   swapDevices =
-    [{ device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }];
+    [ { device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }
+    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

machines/ray/default.nix

@@ -7,6 +7,10 @@
 
   nixpkgs.config.cudaSupport = true;
 
+  # for luks onlock over tor
+  services.tor.enable = true;
+  services.tor.client.enable = true;
+
   # don't use remote builders
   nix.distributedBuilds = lib.mkForce false;
 
@@ -17,6 +21,49 @@
   hardware.openrazer.devicesOffOnScreensaver = false;
   users.users.googlebot.packages = [ pkgs.polychromatic ];
 
+  services.udev.extraRules = ''
+    # depthai
+    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
+
+    # Moonlander
+    # Rules for Oryx web flashing and live training
+    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
+    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
+    # Wally Flashing rules for the Moonlander and Planck EZ
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
+  '';
+  services.udev.packages = [ pkgs.platformio ];
+  users.groups.plugdev = {
+    members = [ "googlebot" ];
+  };
+
+  # virt-manager
+  virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+  environment.systemPackages = with pkgs; [ virt-manager ];
+  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
+
+  # allow building ARM derivations
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  services.spotifyd.enable = true;
+
+  virtualisation.podman.enable = true;
+  virtualisation.podman.dockerCompat = true;
+
+  virtualisation.appvm.enable = true;
+  virtualisation.appvm.user = "googlebot";
+
+  services.mount-samba.enable = true;
+
   de.enable = true;
   de.touchpad.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    # barrier
+    24800
+  ];
+
+  programs.adb.enable = true;
 }

secrets/secrets.nix

@@ -36,6 +36,7 @@ with roles;
 
   # services
   "searx.age".publicKeys = nobody;
+  "spotifyd.age".publicKeys = personal;
   "wolframalpha.age".publicKeys = dailybot;
 
   # hostapd