many changes

hosts/fw/modules/unbound.nix

@@ -23,9 +23,9 @@ let
   cfg = {
     remote-control.control-enable = true;
     server = {
-      include = [
-        "\"${adblockLocalZones}\""
-      ];
+      # include = [
+      #   "\"${adblockLocalZones}\""
+      # ];
       interface = [ "0.0.0.0" "::0" ];
       interface-automatic = "yes";
       access-control = [
@@ -47,6 +47,8 @@ let
         "\"fw.cloonar.com A ${config.networkPrefix}.97.1\""
         "\"fw A ${config.networkPrefix}.97.1\""
 
+        "\"www.7-zip.org A 49.12.202.237\""
+
         "\"pc.cloonar.com IN A ${config.networkPrefix}.96.5\""
         "\"omada.cloonar.com IN A ${config.networkPrefix}.97.2\""
         "\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\""

hosts/gpd-win4/configuration.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./sway/sway.nix
+    ./nvim/default.nix
+    ./utils/bento.nix
+    ./utils/modules/sops.nix
+    ./utils/modules/nur.nix
+    ./utils/modules/autoupgrade.nix
+    ./users
+
+    # Import our new steam-deck-mode module
+    ./modules/steam-deck-mode.nix
+  ];
+
+  networking.hostName = "gpd-win4";
+  time.timeZone = "Europe/Vienna";
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowBroken = true;
+  console.keyMap = "de";
+
+  services.openssh.enable = true;
+  security.polkit.enable = true;
+  networking.networkmanager.enable = true;
+
+  users.users.dominik = {
+    isNormalUser = true;
+    hashedPassword = "";  # Replace with real hash
+    extraGroups = [ "wheel" "video" "audio" "input" ];
+  };
+
+  powerManagement.cpuFreqGovernor = "powersave";
+
+  # In case you want a persistent /home or other directories:
+  # environment.persistence."/nix/persist" = {
+  #   hideMounts = true;
+  #   directories = [ "/home" ];
+  # };
+
+  # This system tries to unify the "Steam Deck Mode" and "Sway" approach
+  # with toggling via systemd user services.
+  system.stateVersion = "24.05";
+}

hosts/gpd-win4/hardware-configuration.nix

@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.kernelModules = [ "amdgpu" "kvm-amd" ];
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault true;
+
+  fileSystems."/" =
+    {
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "size=16G" "mode=755" ];
+    };
+  fileSystems."/nix" =
+    {
+      device = "/dev/disk/by-uuid/856e1ebe-832f-422d-8d91-d43a5d852abb";
+      fsType = "f2fs";
+    };
+
+  boot.initrd = {
+    luks.devices."enc" = {
+      crypttabExtraOpts = [ "fido2-device=auto" ];
+      device = "/dev/disk/by-uuid/08897ecb-23ce-4352-a1fc-fa442b9e0f72";
+    };
+    systemd.enable = true;
+  };
+
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/1521-B173";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      vaapiVdpau
+      libvdpau-va-gl
+      libva
+      libva-utils
+    ];
+  };
+}

hosts/gpd-win4/modules/nvim

@@ -0,0 +1 @@
+../../nb/modules/nvim

hosts/gpd-win4/modules/steam-deck-mode.nix

@@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+let
+  cfgUser = "dominik"; # Adjust to your username
+in {
+  #### 1) Provide two scripts:
+  ####    - `steam-deck-mode.sh`: Runs Steam Big Picture with Gamescope (Wayland).
+  ####    - `sway-session.sh`: Starts Sway.
+  environment.etc."steam-deck-mode.sh".text = ''
+    #!/usr/bin/env bash
+
+    # This script launches Steam in Big Picture mode under Gamescope (Wayland).
+    # Once Steam (or Gamescope) exits, the systemd user service stops.
+    # The ExecStopPost hook in the user service will then start Sway automatically.
+
+    # For safety, kill any existing Steam instance
+    pgrep steam && steam -shutdown || true
+    sleep 1
+
+    # Use Gamescope in fullscreen mode, exit on Steam exit, run Steam in Gamepad UI
+    exec gamescope -W 1280 -H 800 -f -e -- steam -gamepadui
+  '';
+
+  environment.etc."sway-session.sh".text = ''
+    #!/usr/bin/env bash
+
+    # This script starts a Sway session. When Sway exits, the user service stops,
+    # which triggers ExecStopPost to start Steam Big Picture again.
+
+    exec sway
+  '';
+
+  #### Make these scripts executable via a simple systemd service:
+  systemd.services."make-scripts-executable" = {
+    description = "Make steam-deck-mode.sh and sway-session.sh executable";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.ExecStart = [
+      "${pkgs.coreutils}/bin/chmod +x /etc/steam-deck-mode.sh"
+      "${pkgs.coreutils}/bin/chmod +x /etc/sway-session.sh"
+    ];
+  };
+
+  #### 2) Create two systemd *user* services:
+  ####    - steam-deck-mode: On stop, automatically start sway
+  ####    - sway: On stop, automatically start steam-deck-mode
+  systemd.user.services."steam-deck-mode" = {
+    description = "Steam Deck Mode (Wayland Gamescope + Steam Big Picture)";
+    wantedBy = [ "default.target" ];  # So we can enable it for the user
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "/etc/steam-deck-mode.sh";
+      # On exit, automatically trigger Sway
+      ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start sway";
+      Restart = "no";  # If Steam crashes, you can change to 'on-failure' if desired
+    };
+  };
+
+  systemd.user.services."sway" = {
+    description = "Sway WM Session";
+    wantedBy = [ ];  # We won't start this on login by default, but from steam or a script
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "/etc/sway-session.sh";
+      # On exit, automatically trigger Steam Deck Mode
+      ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start steam-deck-mode";
+      Restart = "no";
+    };
+  };
+
+  #### 3) Provide a script & desktop entry to let you switch from Sway to Game Mode easily
+  ####    (i.e., stop the 'sway' service, which triggers Steam).
+  environment.etc."switch-to-game-mode.sh".text = ''
+    #!/usr/bin/env bash
+    # This script stops Sway, causing the user service to exit
+    # The ExecStopPost of that service will start steam-deck-mode automatically.
+    ${pkgs.systemd}/bin/systemctl --user stop sway
+  '';
+
+  systemd.services."make-switch-to-game-mode-executable" = {
+    description = "Make switch-to-game-mode.sh executable";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.ExecStart = [
+      "${pkgs.coreutils}/bin/chmod +x /etc/switch-to-game-mode.sh"
+    ];
+  };
+
+  environment.etc."xdg/applications/switch-to-game-mode.desktop".text = ''
+    [Desktop Entry]
+    Name=Switch to Game Mode
+    Comment=Stop Sway and start Steam Big Picture (Gamescope)
+    Exec=/etc/switch-to-game-mode.sh
+    Terminal=false
+    Type=Application
+    Categories=Game;
+  '';
+
+  #### 4) If you want to start directly in Steam Deck Mode on boot (no display manager),
+  ####    enable auto-login on TTY and run the user service for "dominik".
+  ####    For example (uncomment if you want an immediate console login):
+  # services.getty.autologinUser = cfgUser;
+  # systemd.user.services."steam-deck-mode".wantedBy = [ "default.target" ];  # already set
+  # You'd do 'systemctl --user enable steam-deck-mode' as that user to start it on login.
+
+  #### 5) Additional recommended gaming packages if not set elsewhere:
+  environment.systemPackages = with pkgs; [
+    steam
+    gamemode
+    mangohud
+    vulkan-tools
+    vulkan-loader
+    vulkan-headers
+    # ...
+  ];
+
+  #### 6) Enable 32-bit support for Steam
+  hardware.opengl.enable = true;
+  hardware.opengl.driSupport32Bit = true;
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.graphics.extraPackages = [
+    pkgs.amdvlk
+    pkgs.driversi686Linux.amdvlk
+  ];
+
+  #### 7) Optionally handle udev rules for Steam/Controllers if needed
+  environment.etc."udev/rules.d/99-steamdeck-controller.rules".text = ''
+    SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
+    KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
+  '';
+}

hosts/gpd-win4/modules/steam.nix

@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+let
+  # For GPD Win4’s AMD APU, we assume AMD Vulkan drivers:
+  amdPackages = [
+    pkgs.amdvlk
+    pkgs.driversi686Linux.amdvlk
+  ];
+in
+{
+  options.services.steamDeckMode = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Launch Steam in a ‘Deck-like’ session upon login (auto-logins and starts Steam in gamepad UI mode).";
+    };
+  };
+
+  config = {
+    # Enable Steam and Gamescope
+    programs.gamescope = {
+      enable = true;
+      capSysNice = true;
+    };
+    programs.steam = {
+      enable = true;
+      # The ‘gamescopeSession’ creates a special session for Steam on Wayland
+      gamescopeSession.enable = true;
+    };
+
+    # Add some helpful gaming utilities
+    environment.systemPackages = with pkgs; [
+      mangohud
+      steam-tui
+      steamcmd
+      vulkan-tools
+      vulkan-headers
+      vulkan-loader
+      wlroots
+      libdecor
+      gamemode
+    ];
+
+    # Enable 32-bit support for libraries (often required by Steam)
+    hardware.opengl.enable = true;
+    hardware.opengl.driSupport32Bit = true;
+
+    # Additional AMD drivers if needed
+    hardware.graphics.enable = true;
+    hardware.graphics.enable32Bit = true;
+    hardware.graphics.extraPackages = amdPackages;
+
+    # Example udev rules for Steam Deck controllers, optional
+    environment.etc."udev/rules.d/99-steamdeck-controller.rules".text = ''
+      # Valve Controller devices
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
+      KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
+    '';
+
+    # Provide a “Steam Deck Mode” session in the display manager
+    services.xserver.displayManager.session = {
+      "steam-deck-mode" = {
+        name = "Steam Deck Mode";
+        start = ''
+          #!/usr/bin/env bash
+          # On X11, you could also remove or adjust the following env variable if you prefer Wayland
+          export XDG_SESSION_TYPE=x11
+
+          # Fullscreen + close gamescope on exit, then run Steam in gamepad UI
+          exec gamescope -f -e -- steam -gamepadui
+        '';
+      };
+    };
+  }
+  // lib.mkIf config.services.steamDeckMode.enable {
+    # Auto-login to the user of your choice and start in Steam Deck Mode
+    services.xserver.displayManager.autoLogin.enable = true;
+    services.xserver.displayManager.autoLogin.user = "dominik"; # or your preferred user
+    services.xserver.autoRestartXServer = true;
+    services.xserver.displayManager.defaultSession = "steam-deck-mode";
+  };

hosts/gpd-win4/modules/sway

@@ -0,0 +1 @@
+../../nb/modules/sway

hosts/gpd-win4/users

@@ -0,0 +1 @@
+../nb/users

hosts/gpd-win4/utils

@@ -0,0 +1 @@
+../../utils

hosts/nb/configuration.nix

@@ -31,7 +31,7 @@ in {
       ./cachix.nix
       ./users
 
-      ./modules/steam.nix
+      # ./modules/steam.nix
 
       ./hardware-configuration.nix
 
@@ -41,6 +41,8 @@ in {
     (import ./utils/overlays/packages.nix)
   ];
 
+  services.gvfs.enable = true;
+
   fonts.packages = with pkgs; [
     git
     git-lfs
@@ -52,6 +54,7 @@ in {
     zsh-completions
     zsh-syntax-highlighting
     zsh-history-substring-search
+    creality-print
   ];
 
   programs.zsh = {
@@ -172,7 +175,6 @@ in {
 
   environment.systemPackages = with pkgs; [
     bento
-    creality-print
     docker-compose
     drone-cli
     git-filter-repo
@@ -184,7 +186,7 @@ in {
     wineWowPackages.stable
     wineWowPackages.fonts
     winetricks
-    ykfde
+    # ykfde
   ];
 
   environment.variables = {

hosts/nb/modules/nvim/chatgpt.nix

@@ -5,8 +5,8 @@ self: super: {
       version = "1.0.0";
       src = super.fetchgit {
         url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git";
-        rev = "162ab2d82054897ac0d371d7047811abcd510ab5";
-        sha256 = "sha256-0BvVCGXO4GAUumv36+/9/S8pGMKCl/V3rxEKeiKW5xo=";
+        rev = "59540981edeebd7faf9894e2ba40cbe4fb02f31c";
+        sha256 = "sha256-uBfdR8ezwrcPJeCs+hAnz0w7nE9N8rfqST/SuGlcoTs=";
       };
     };
   };

hosts/nb/modules/nvim/config/init.lua

@@ -42,7 +42,7 @@ vim.opt.titlestring = "%<%F%=%l/%L - nvim" -- what the title of the window will
 vim.opt.undodir = vim.fn.stdpath "cache" .. "/undo"
 vim.opt.undofile = true -- enable persistent undo
 vim.opt.updatetime = 300 -- faster completion
-vim.opt.writebackup = false -- if a file is being edited by another program (or was written to file while editing with another program) it is not allowed to be edited
+vim.opt.writebackup = false -- if a file is being edited by another program it is not allowed to be edited
 vim.opt.expandtab = true -- convert tabs to spaces
 vim.opt.shiftwidth = 2 -- the number of spaces inserted for each indentation
 vim.opt.tabstop = 2 -- insert 2 spaces for a tab
@@ -50,9 +50,38 @@ vim.opt.cursorline = true -- highlight the current line
 vim.opt.number = true -- set numbered lines
 vim.opt.relativenumber = false -- set relative numbered lines
 vim.opt.numberwidth = 4 -- set number column width to 2 {default 4}
-vim.opt.signcolumn = "yes" -- always show the sign column otherwise it would shift the text each time
+vim.opt.signcolumn = "yes" -- always show the sign column otherwise text shifts each time
 vim.opt.wrap = false -- display lines as one long line
 vim.opt.spell = false
 vim.opt.spelllang = "en"
-vim.opt.scrolloff = 8 -- is one of my fav
+vim.opt.scrolloff = 8 -- keep 8 lines above/below the cursor
 vim.opt.sidescrolloff = 8
+
+-- Automatically disable heavy features for very large files
+local largefile_group = vim.api.nvim_create_augroup("LargeFile", { clear = true })
+vim.api.nvim_create_autocmd("BufReadPre", {
+  group = largefile_group,
+  pattern = "*",
+  callback = function(args)
+    local max_filesize = 1 * 1024 * 1024 -- 1 MB in bytes
+    local file = vim.fn.expand("<afile>")
+    if vim.fn.getfsize(file) > max_filesize then
+      -- Turn off syntax highlighting
+      vim.cmd("syntax off")
+      -- Disable Treesitter's highlight for this buffer
+      pcall(vim.cmd, "TSBufDisable highlight")
+
+      -- Optionally disable LSP for this buffer
+      for _, client in pairs(vim.lsp.get_active_clients()) do
+        if client ~= nil and client.attached_buffers[args.buf] then
+          client.detach(args.buf)
+        end
+      end
+
+      -- You can also disable or reduce other settings if needed, e.g.:
+      vim.opt.foldmethod = "manual"
+      vim.opt.wrap = false
+      vim.opt.hlsearch = false
+    end
+  end,
+})

hosts/nb/modules/sway/bitwarden.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    bitwarden
+    bitwarden-cli
+  ];
+
+  environment.shellAliases = {
+    bw-epicenter = "BITWARDENCLI_APPDATA_DIR=~/.config/bitwarden-cli-epicenter ${pkgs.bitwarden-cli}/bin/bw";
+    bw-cloonar = "BITWARDENCLI_APPDATA_DIR=~/.config/bitwarden-cli-cloonar ${pkgs.bitwarden-cli}/bin/bw";
+  };
+
+  environment.shellInit = ''
+    mkdir -p ~/.config/bitwarden-cli-epicenter ~/.config/bitwarden-cli-cloonar
+  '';
+}

hosts/nb/modules/sway/sway.nix

@@ -28,9 +28,6 @@ let
   apache-ds-pin = import (builtins.fetchTarball {
     url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
   }) {};
-  # ddev-pin = import (builtins.fetchTarball {
-  #   url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz";
-  # }) {};
 in {
   imports = [
     ./social.nix
@@ -38,6 +35,7 @@ in {
     # ./parsec.nix
     # ./rustdesk.nix
     ./thunderbird.nix
+    ./bitwarden.nix
   ];
 
   environment.variables.XCURSOR_SIZE = "24";
@@ -78,11 +76,11 @@ in {
     alsa-utils
     audacity
     apache-ds-pin.apache-directory-studio
-    bitwarden
-    bitwarden-cli
     rofi-rbw-wayland
-    # cryptomator
+    # TODO: remove at 25.05
+    unstable.cryptomator
     fontforge
+    hypnotix
 
     code-cursor
 

hosts/nb/users/configs/project_history

@@ -1,5 +1,8 @@
 /home/dominik/projects/cloonar/chatgpt.vim
 /home/dominik/projects/cloonar/gitea.nvim
+/home/dominik/projects/cloonar/glazewm
+/home/dominik/projects/cloonar/phishguard
+/home/dominik/projects/cloonar/phishguard-frontend
 /home/dominik/projects/cloonar/typo3-basic
 /home/dominik/projects/cloonar/renovate-config
 /home/dominik/projects/cloonar/bento
@@ -27,5 +30,7 @@
 /home/dominik/projects/epicenter.works/spenden.akvorrat.at
 /home/dominik/projects/epicenter.works/dearmep-website
 /home/dominik/projects/epicenter.works/padexporter
+/home/dominik/projects/epicenter.works/ansible-pull
 /home/dominik/projects/cloonar/lena-schilling-website
+/home/dominik/projects/cloonar/imperfect-perfect.com
 /home/dominik/projects/cloonar/yaapi

hosts/nb/users/dominik.nix

@@ -317,6 +317,12 @@ in
         # https://git-scm.com/book/en/v2/Git-Tools-Rerere
         rerere.enabled = true;
       };
+      extraConfig = {
+        "url.gitea@git.cloonar.com:" = {
+          insteadOf = "https://git.cloonar.com/";
+        };
+      };
+
     };
 
     programs.thunderbird = {
@@ -542,6 +548,9 @@ in
       git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null
       git clone gitea@git.cloonar.com:Cloonar/gitea.nvim.git ${persistHome}/cloonar/gitea.nvim 2>/dev/null
       git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null
+      git clone git@github.com:dpolakovics/glazewm.git ${persistHome}/cloonar/glazewm 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null
 
       git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
       git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null
@@ -561,6 +570,7 @@ in
       git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null
       git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null
       git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null
 
 
       git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null
@@ -574,6 +584,7 @@ in
       git clone git@github.com:AKVorrat/spenden.akvorrat.at.git ${persistHome}/projects/epicenter.works/spenden.akvorrat.at 2>/dev/null
       git clone git@github.com:AKVorrat/dearmep-website.git ${persistHome}/projects/epicenter.works/dearmep-website 2>/dev/null
       git clone git@github.com:AKVorrat/padexporter.git ${persistHome}/projects/epicenter.works/padexporter 2>/dev/null
+      git clone git@github.com:AKVorrat/ansible-config.git ${persistHome}/projects/epicenter.works/ansible-pull 2>/dev/null
       set -eu
     '';
 

hosts/web-arm/sites/lena-schilling.at.nix

@@ -7,4 +7,20 @@
     ];
     phpPackage = pkgs.php83;
   };
+
+  services.nginx.virtualHosts."www.lena-schilling.at" = {
+    enableACME = true;
+    forceSSL = true;
+    acmeRoot = "/var/lib/acme/acme-challenge";
+    locations."/" = {
+      return = "301 https://lena-schilling.at$request_uri";
+    };
+    serverAliases = [
+      "lena-schilling.com"
+      "lena-schilling.eu"
+      "lenaschilling.at"
+      "lenaschilling.com"
+      "lenaschilling.eu"
+    ];
+  };
 }