Consolidate common PC config

.gitea/workflows/check-flake.yaml

@@ -16,4 +16,4 @@ jobs:
           fetch-depth: 0
 
       - name: Check Flake
-        run: nix flake check --print-build-logs --log-format raw --show-trace
+        run: nix flake check --all-systems --print-build-logs --log-format raw --show-trace

common/pc/default.nix

@@ -6,19 +6,20 @@ in
 {
   imports = [
     ./kde.nix
-    ./xfce.nix
+    #    ./xfce.nix
     ./yubikey.nix
     ./chromium.nix
     #    ./firefox.nix
     ./audio.nix
     #    ./torbrowser.nix
     ./pithos.nix
-    ./spotify.nix
     ./vscodium.nix
     ./discord.nix
     ./steam.nix
     ./touchpad.nix
     ./mount-samba.nix
+    ./udev.nix
+    ./virtualisation.nix
   ];
 
   options.de = {
@@ -41,12 +42,10 @@ in
       mpv
       nextcloud-client
       signal-desktop
-      minecraft
       gparted
       libreoffice-fresh
       thunderbird
-      spotifyd
+      spotify
-      spotify-qt
       arduino
       yt-dlp
       jellyfin-media-player
@@ -70,12 +69,25 @@ in
     ];
     # Printer discovery
     services.avahi.enable = true;
-    services.avahi.nssmdns = true;
+    services.avahi.nssmdns4 = true;
 
     programs.file-roller.enable = true;
 
     # Security
     services.gnome.gnome-keyring.enable = true;
     security.pam.services.googlebot.enableGnomeKeyring = true;
+
+    # Android dev
+    programs.adb.enable = true;
+
+    # Mount personal SMB stores
+    services.mount-samba.enable = true;
+
+    # allow building ARM derivations
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+    # for luks onlock over tor
+    services.tor.enable = true;
+    services.tor.client.enable = true;
   };
 }

common/pc/kde.nix

@@ -5,12 +5,9 @@ let
 in
 {
   config = lib.mkIf cfg.enable {
-    # kde plasma
+    services.displayManager.sddm.enable = true;
-    services.xserver = {
+    services.displayManager.sddm.wayland.enable = true;
-      enable = true;
+    services.desktopManager.plasma6.enable = true;
-      desktopManager.plasma5.enable = true;
-      displayManager.sddm.enable = true;
-    };
 
     # kde apps
     nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
@@ -20,7 +17,5 @@ in
       # plasma5Packages.kmail-account-wizard
       kate
     ];
-
-    services.xserver.desktopManager.plasma5.useQtScaling = true;
   };
 }

common/pc/spotify.nix

@@ -1,86 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.spotifyd;
-  toml = pkgs.formats.toml { };
-  spotifydConf = toml.generate "spotify.conf" cfg.settings;
-in
-{
-  disabledModules = [
-    "services/audio/spotifyd.nix"
-  ];
-
-  options = {
-    services.spotifyd = {
-      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
-
-      settings = mkOption {
-        default = { };
-        type = toml.type;
-        example = { global.bitrate = 320; };
-        description = ''
-          Configuration for Spotifyd. For syntax and directives, see
-          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
-        '';
-      };
-
-      users = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-        description = ''
-          Usernames to be added to the "spotifyd" group, so that they
-          can start and interact with the userspace daemon.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-
-    # username specific stuff because i'm lazy...
-    services.spotifyd.users = [ "googlebot" ];
-    users.users.googlebot.packages = with pkgs; [
-      spotify
-      spotify-tui
-    ];
-
-    users.groups.spotifyd = {
-      members = cfg.users;
-    };
-
-    age.secrets.spotifyd = {
-      file = ../../secrets/spotifyd.age;
-      group = "spotifyd";
-      mode = "0440"; # group can read
-    };
-
-    # spotifyd to read secrets and run as user service
-    services.spotifyd = {
-      settings.global = {
-        username_cmd = "sed '1q;d' /run/agenix/spotifyd";
-        password_cmd = "sed '2q;d' /run/agenix/spotifyd";
-        bitrate = 320;
-        backend = "pulseaudio";
-        device_name = config.networking.hostName;
-        device_type = "computer";
-        # on_song_change_hook = "command_to_run_on_playback_events"
-        autoplay = true;
-      };
-    };
-
-    systemd.user.services.spotifyd-daemon = {
-      enable = true;
-      wantedBy = [ "graphical-session.target" ];
-      partOf = [ "graphical-session.target" ];
-      description = "spotifyd, a Spotify playing daemon";
-      environment.SHELL = "/bin/sh";
-      serviceConfig = {
-        ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
-        Restart = "always";
-        CacheDirectory = "spotifyd";
-      };
-    };
-  };
-}

common/pc/touchpad.nix

@@ -9,7 +9,7 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    services.xserver.libinput.enable = true;
+    services.libinput.enable = true;
-    services.xserver.libinput.touchpad.naturalScrolling = true;
+    services.libinput.touchpad.naturalScrolling = true;
   };
 }

common/pc/udev.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.de;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.udev.extraRules = ''
+      # depthai
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
+
+      # Moonlander
+      # Rules for Oryx web flashing and live training
+      KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
+      KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
+      # Wally Flashing rules for the Moonlander and Planck EZ
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
+    '';
+    services.udev.packages = [ pkgs.platformio ];
+
+    users.groups.plugdev = {
+      members = [ "googlebot" ];
+    };
+  };
+}

common/pc/use-meson-v57.patch

@@ -1,22 +0,0 @@
-diff --git a/meson.build b/meson.build
-index dace367..8c0e290 100644
---- a/meson.build
-+++ b/meson.build
-@@ -8,7 +8,7 @@ project(
-         'warning_level=0',
-     ],
-     license: 'MIT',
--    meson_version: '>= 0.58.0',
-+    meson_version: '>= 0.57.0',
- )
- 
- cc = meson.get_compiler('c')
-@@ -47,8 +47,3 @@ shared_library(
-     gnu_symbol_visibility: 'hidden',
- )
- 
--meson.add_devenv(environment({
--    'NVD_LOG': '1',
--    'LIBVA_DRIVER_NAME': 'nvidia',
--    'LIBVA_DRIVERS_PATH': meson.project_build_root(),
--}))

common/pc/virtualisation.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.de;
+in
+{
+  config = lib.mkIf cfg.enable {
+    # AppVMs
+    virtualisation.appvm.enable = true;
+    virtualisation.appvm.user = "googlebot";
+
+    # Use podman instead of docker
+    virtualisation.podman.enable = true;
+    virtualisation.podman.dockerCompat = true;
+
+    # virt-manager
+    virtualisation.libvirtd.enable = true;
+    programs.dconf.enable = true;
+    virtualisation.spiceUSBRedirection.enable = true;
+    environment.systemPackages = with pkgs; [ virt-manager ];
+    users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
+  };
+}

common/server/mailserver.nix

@@ -63,7 +63,7 @@ in
           "cris@runyan.org"
         ];
       };
-      certificateScheme = 3; # use let's encrypt for certs
+      certificateScheme = "acme-nginx"; # use let's encrypt for certs
     };
     age.secrets.hashed-email-pw.file = ../../secrets/hashed-email-pw.age;
     age.secrets.cris-hashed-email-pw.file = ../../secrets/cris-hashed-email-pw.age;

common/server/nextcloud.nix

@@ -8,7 +8,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       https = true;
-      package = pkgs.nextcloud28;
+      package = pkgs.nextcloud29;
       hostName = "neet.cloud";
       config.dbtype = "sqlite";
       config.adminuser = "jeremy";

common/server/samba.nix

@@ -97,7 +97,7 @@
     # Printer discovery
     # (is this needed?)
     services.avahi.enable = true;
-    services.avahi.nssmdns = true;
+    services.avahi.nssmdns4 = true;
 
     # printer sharing
     systemd.tmpfiles.rules = [

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1707830867,
+        "lastModified": 1716561646,
-        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
+        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
+        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
         "type": "github"
       },
       "original": {
@@ -96,11 +96,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708091384,
+        "lastModified": 1715699772,
-        "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
+        "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
+        "rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
         "type": "github"
       },
       "original": {
@@ -125,6 +125,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems_2"
@@ -171,11 +187,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710120787,
+        "lastModified": 1716772633,
-        "narHash": "sha256-tlLuB73OCOKtU2j83bQzSYFyzjJo3rjpITZE5MoofG8=",
+        "narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "e76ff2df6bfd2abe06abd8e7b9f217df941c1b07",
+        "rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac",
         "type": "github"
       },
       "original": {
@@ -202,35 +218,20 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1710420202,
+        "lastModified": 1717144377,
-        "narHash": "sha256-MvFKESbq4rUWuaf2RKPNYENaSZEw/jaCLo2gU6oREcM=",
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "878ef7d9721bee9f81f8a80819f9211ad1f993da",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-22_05": {
-      "locked": {
-        "lastModified": 1654936503,
-        "narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "dab6df51387c3878cdea09f43589a15729cae9f4",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-22.05",
-        "type": "indirect"
-      }
-    },
     "nixpkgs-frigate": {
       "locked": {
         "lastModified": 1695825837,
@@ -247,18 +248,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-xone-fix": {
-      "flake": false,
-      "locked": {
-        "narHash": "sha256-nP+aGV0wrdRcOSlxlr2XaUczHeAHtLVpn2pefn5nhQE=",
-        "type": "file",
-        "url": "https://github.com/NixOS/nixpkgs/pull/296470.diff"
-      },
-      "original": {
-        "type": "file",
-        "url": "https://github.com/NixOS/nixpkgs/pull/296470.diff"
-      }
-    },
     "radio": {
       "inputs": {
         "flake-utils": [
@@ -310,7 +299,6 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-frigate": "nixpkgs-frigate",
-        "nixpkgs-xone-fix": "nixpkgs-xone-fix",
         "radio": "radio",
         "radio-web": "radio-web",
         "simple-nixos-mailserver": "simple-nixos-mailserver"
@@ -319,23 +307,23 @@
     "simple-nixos-mailserver": {
       "inputs": {
         "blobs": "blobs",
+        "flake-compat": "flake-compat_2",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-22_05": "nixpkgs-22_05",
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1655930346,
+        "lastModified": 1714720456,
-        "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=",
+        "narHash": "sha256-e0WFe1BHqX23ADpGBc4ZRu38Mg+GICCZCqyS6EWCbHc=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d",
+        "rev": "41059fc548088e49e3ddb3a2b4faeb5de018e60f",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-22.05",
+        "ref": "master",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }

flake.nix

@@ -1,6 +1,6 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgs-frigate.url = "github:NixOS/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e";
 
     flake-utils.url = "github:numtide/flake-utils";
@@ -8,7 +8,7 @@
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
     # mail server
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
     simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
 
     # agenix
@@ -35,9 +35,6 @@
     # prebuilt nix-index database
     nix-index-database.url = "github:Mic92/nix-index-database";
     nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
-
-    nixpkgs-xone-fix.url = "https://github.com/NixOS/nixpkgs/pull/296470.diff";
-    nixpkgs-xone-fix.flake = false;
   };
 
   outputs = { self, nixpkgs, ... }@inputs:
@@ -85,8 +82,6 @@
                 src = nixpkgs;
                 patches = [
                   ./patches/gamepadui.patch
-                  ./patches/esphome.patch
-                  inputs.nixpkgs-xone-fix
                 ];
               };
               patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; });

machines/howl/default.nix

@@ -1,73 +1,13 @@
-{ config, pkgs, lib, nixos-hardware, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports = [
     ./hardware-configuration.nix
-    nixos-hardware.nixosModules.framework-13-7040-amd
   ];
 
-
-  # for luks onlock over tor
-  services.tor.enable = true;
-  services.tor.client.enable = true;
-
   # don't use remote builders
   nix.distributedBuilds = lib.mkForce false;
 
-  services.udev.extraRules = ''
-    # depthai
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
-
-    # Moonlander
-    # Rules for Oryx web flashing and live training
-    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-    # Wally Flashing rules for the Moonlander and Planck EZ
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-  '';
-  services.udev.packages = [ pkgs.platformio ];
-  users.groups.plugdev = {
-    members = [ "googlebot" ];
-  };
-
-  # virt-manager
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-  environment.systemPackages = with pkgs; [ virt-manager ];
-  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
-
-  # allow building ARM derivations
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  services.spotifyd.enable = true;
-
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerCompat = true;
-
-  virtualisation.appvm.enable = true;
-  virtualisation.appvm.user = "googlebot";
-
-  services.mount-samba.enable = true;
-
   de.enable = true;
   de.touchpad.enable = true;
-
-  networking.firewall.allowedTCPPorts = [
-    # barrier
-    24800
-  ];
-
-  programs.adb.enable = true;
-
-  # thunderbolt
-  users.users.googlebot.packages = with pkgs; [
-    kdePackages.plasma-thunderbolt
-  ];
-
-  services.fwupd.enable = true;
-
-  # fingerprint reader has initially shown to be more of a nuisance than a help
-  # it makes sddm log in fail most of the time and take several minutes to finish
-  services.fprintd.enable = false;
 }

machines/howl/hardware-configuration.nix

@@ -1,12 +1,19 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, nixos-hardware, ... }:
 
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+    nixos-hardware.nixosModules.framework-13-7040-amd
+  ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
+  hardware.framework.amd-7040.preventWakeOnAC = true;
+  services.fwupd.enable = true;
+  # fingerprint reader has initially shown to be more of a nuisance than a help
+  # it makes sddm log in fail most of the time and take several minutes to finish
+  services.fprintd.enable = false;
+
   # boot
   boot.loader.systemd-boot.enable = true;
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
@@ -27,17 +34,18 @@
     allowDiscards = true;
   };
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
+    {
+      device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
       fsType = "btrfs";
     };
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B087-2C20";
+    {
+      device = "/dev/disk/by-uuid/B087-2C20";
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }
+    [{ device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

machines/phil/properties.nix

@@ -9,7 +9,6 @@
   systemRoles = [
     "server"
     "nix-builder"
-    "gitea-actions-runner"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlgRPpuUkZqe8/lHugRPm/m2vcN9psYhh5tENHZt9I2";

machines/ray/default.nix

@@ -7,10 +7,6 @@
 
   nixpkgs.config.cudaSupport = true;
 
-  # for luks onlock over tor
-  services.tor.enable = true;
-  services.tor.client.enable = true;
-
   # don't use remote builders
   nix.distributedBuilds = lib.mkForce false;
 
@@ -21,49 +17,6 @@
   hardware.openrazer.devicesOffOnScreensaver = false;
   users.users.googlebot.packages = [ pkgs.polychromatic ];
 
-  services.udev.extraRules = ''
-    # depthai
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
-
-    # Moonlander
-    # Rules for Oryx web flashing and live training
-    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-    # Wally Flashing rules for the Moonlander and Planck EZ
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-  '';
-  services.udev.packages = [ pkgs.platformio ];
-  users.groups.plugdev = {
-    members = [ "googlebot" ];
-  };
-
-  # virt-manager
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-  environment.systemPackages = with pkgs; [ virt-manager ];
-  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
-
-  # allow building ARM derivations
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  services.spotifyd.enable = true;
-
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerCompat = true;
-
-  virtualisation.appvm.enable = true;
-  virtualisation.appvm.user = "googlebot";
-
-  services.mount-samba.enable = true;
-
   de.enable = true;
   de.touchpad.enable = true;
-
-  networking.firewall.allowedTCPPorts = [
-    # barrier
-    24800
-  ];
-
-  programs.adb.enable = true;
 }

machines/storage/s0/home-automation.nix

@@ -146,7 +146,8 @@ in
     };
   };
 
-  services.oauth2_proxy =
+  # TODO need services.oauth2-proxy.cookie.domain ?
+  services.oauth2-proxy =
     let
       nextcloudServer = "https://neet.cloud/";
     in
@@ -155,9 +156,10 @@ in
 
       httpAddress = "http://0.0.0.0:4180";
 
-      nginx.virtualHosts = [
+      nginx.domain = frigateHostname;
-        frigateHostname
+      # nginx.virtualHosts = [
-      ];
+      #   frigateHostname
+      # ];
 
       email.domains = [ "*" ];
 

machines/zoidberg/default.nix

@@ -63,7 +63,7 @@
   };
 
   # Login into X11 plasma so barrier works well
-  services.xserver.displayManager.defaultSession = "plasma";
+  services.displayManager.defaultSession = "plasma";
 
   users.users.cris = {
     isNormalUser = true;
@@ -83,7 +83,7 @@
   };
 
   # Auto login into Plasma in john zoidberg account
-  services.xserver.displayManager.sddm.settings = {
+  services.displayManager.sddm.settings = {
     Autologin = {
       Session = "plasma";
       User = "john";

overlays/kernel-modules/gasket.nix

@@ -2,16 +2,16 @@
 
 stdenv.mkDerivation rec {
   pname = "gasket";
-  version = "1.0-18";
+  version = "1.0-18-unstable-2023-09-05";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = "gasket-driver";
-    rev = "09385d485812088e04a98a6e1227bf92663e0b59";
+    rev = "5815ee3908a46a415aac616ac7b9aedcb98a504c";
-    sha256 = "fcnqCBh04e+w8g079JyuyY2RPu34M+/X+Q8ObE+42i4=";
+    sha256 = "sha256-O17+msok1fY5tdX1DvqYVw6plkUDF25i8sqwd6mxYf8=";
   };
 
-  makeFlags = [
+  makeFlags = kernel.makeFlags ++ [
     "-C"
     "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
     "M=$(PWD)"
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ];
   installTargets = [ "modules_install" ];
 
-  sourceRoot = "source/src";
+  sourceRoot = "${src.name}/src";
   hardeningDisable = [ "pic" "format" ];
   nativeBuildInputs = kernel.moduleBuildDependencies;
 
@@ -31,5 +31,6 @@ stdenv.mkDerivation rec {
     license = licenses.gpl2;
     maintainers = [ lib.maintainers.kylehendricks ];
     platforms = platforms.linux;
+    broken = versionOlder kernel.version "5.15";
   };
 }

patches/esphome.patch

@@ -1,19 +0,0 @@
-diff --git a/pkgs/tools/misc/esphome/default.nix b/pkgs/tools/misc/esphome/default.nix
-index a8ab91f8f329..81bf135a023f 100644
---- a/pkgs/tools/misc/esphome/default.nix
-+++ b/pkgs/tools/misc/esphome/default.nix
-@@ -5,6 +5,7 @@
- , platformio
- , esptool
- , git
-+, stdenv
- }:
- 
- let
-@@ -76,6 +77,7 @@ python.pkgs.buildPythonApplication rec {
-     # git is used in esphomeyaml/writer.py
-     "--prefix PATH : ${lib.makeBinPath [ platformio esptool git ]}"
-     "--prefix PYTHONPATH : $PYTHONPATH" # will show better error messages
-+    "--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}"
-     "--set ESPHOME_USE_SUBPROCESS ''"
-   ];

patches/gamepadui.patch

@@ -6,8 +6,8 @@ index 29c449c16946..f6c728eb7f0c 100644
    in
      pkgs.writeShellScriptBin "steam-gamescope" ''
        ${builtins.concatStringsSep "\n" exports}
--      gamescope --steam ${toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
+-      gamescope --steam ${builtins.toString cfg.gamescopeSession.args} -- steam -tenfoot -pipewire-dmabuf
-+      gamescope --steam ${toString cfg.gamescopeSession.args} -- steam -gamepadui -steamdeck -pipewire-dmabuf &> /tmp/steamlog
++      gamescope --steam ${builtins.toString cfg.gamescopeSession.args} -- steam -gamepadui -steamdeck -pipewire-dmabuf &> /tmp/steamlog
      '';
  
    gamescopeSessionFile =

secrets/secrets.nix

@@ -36,7 +36,6 @@ with roles;
 
   # services
   "searx.age".publicKeys = nobody;
-  "spotifyd.age".publicKeys = personal;
   "wolframalpha.age".publicKeys = dailybot;
 
   # hostapd