refactor: notebook configration

hosts/nb/configuration.nix

@@ -21,7 +21,7 @@ in {
       ./utils/modules/nur.nix
       ./modules/appimage.nix
       ./modules/desktop
-      ./modules/sway/sway.nix
+      ./modules/development/default.nix
       # ./modules/printer.nix
       # ./modules/cyberghost.nix
       ./utils/modules/autoupgrade.nix
@@ -33,8 +33,6 @@ in {
       ./users
 
       # coding
-      ./modules/nvim/default.nix
-      ./modules/coding.nix
 
       # ./modules/steam.nix
       ./modules/fingerprint.nix
@@ -67,20 +65,6 @@ in {
     creality-print
   ];
 
-  services.mysql = {
-    enable = true;              # Enable the MySQL service
-    package = pkgs.mariadb;     # Use MariaDB as the package
-    dataDir = "/var/lib/mysql"; # Specify the data directory
-  };
-  services.mysql.ensureUsers = [
-    {
-      name = "dominik";
-      ensurePermissions = {
-        "*.*" = "ALL PRIVILEGES";
-      };
-    }
-  ];
-
   programs.zsh = {
     enable = true;
     ohMyZsh = {
@@ -200,6 +184,7 @@ in {
   };
 
   environment.systemPackages = with pkgs; [
+    alsa-utils
     bento
     docker-compose
     drone-cli
@@ -207,6 +192,7 @@ in {
     nix-prefetch-git
     openaudible
     openmanus
+    unzip
     vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
     wget
     wireguard-tools
@@ -223,7 +209,16 @@ in {
   
   services.blueman.enable = true;
 
-  system.stateVersion = "24.05"; # Did you read the comment?
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  hardware.sane.enable = true;
 
   security.polkit.enable = true;
   systemd = {
@@ -244,13 +239,7 @@ in {
 
   networking.wireguard.interfaces = {
     wg0 = {
-      # Determines the IP address and subnet of the client's end of the tunnel interface.
       ips = [ "10.42.98.201/32" ];
-      # Path to the private key file.
-      #
-      # Note: The private key can also be included inline via the privateKey option,
-      # but this makes the private key world-readable; thus, using privateKeyFile is
-      # recommended.
       # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=
       privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
 
@@ -264,7 +253,8 @@ in {
             "10.254.235.0/24"
             # epicenter.works
             "10.14.0.0/16"
-            "10.25.0.0/16" ];
+            "10.25.0.0/16"
+          ];
           endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
           persistentKeepalive = 25;
         }
@@ -283,46 +273,6 @@ in {
      pinentryPackage = pkgs.pinentry-curses;
   };
 
-  # networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
-  # services.avahi.enable = false;
-  # networking.resolvconf.enable = lib.mkForce false;
-  # services.resolved = {
-  #   enable = true;
-  #   dnssec = "true";
-  #   domains = [ "~." ];
-  #   fallbackDns = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
-  #   dnsovertls = "true";
-  # };
-  # networking.wg-quick.interfaces = {
-  #   wg0 = {
-  #     address = [ "10.42.98.201/32" ];
-  #     privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
-  #
-  #     postUp = ''
-  #       ${pkgs.systemd}/bin/resolvectl dns wg0 10.42.97.1
-  #       ${pkgs.systemd}/bin/resolvectl domain wg0 cloonar.com
-  #       ${pkgs.systemd}/bin/resolvectl dnsovertls wg0 true
-  #     '';
-  #
-  #     peers = [
-  #       {
-  #         publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-  #       allowedIPs = [
-  #         "10.42.96.0/20"
-  #         # wohnservice-wien
-  #         "10.254.240.0/24"
-  #         # epicenter.works
-  #         "10.14.0.0/16"
-  #         "10.25.0.0/16"
-  #       ];
-  #         endpoint = "vpn.cloonar.com:51822";
-  #         persistentKeepalive = 25;
-  #       }
-  #     ];
-  #   };
-  # };
-
-
   nix = {
     settings.auto-optimise-store = true;
     settings.experimental-features = [ "nix-command" "flakes" ];
@@ -344,5 +294,6 @@ in {
     cursor-size=24
   '';
 
+  system.stateVersion = "24.05"; # Did you read the comment?
 
 }

hosts/nb/hardware-configuration.nix

@@ -59,6 +59,7 @@
   hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [
+      amdvlk
       vaapiVdpau
       libvdpau-va-gl
       libva

hosts/nb/modules/desktop/default.nix

@@ -1,4 +1,169 @@
-{ pkgs, ... }: {
+{ config, pkgs, lib, ... }:
+let
+  apache-ds-pin = import (builtins.fetchTarball {
+    url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
+  }) {};
+in {
   imports = [
+    ../sway/sway.nix
+    ./social.nix
+    ./signal-work.nix
+    ./thunderbird.nix
+    ./bitwarden.nix
   ];
+
+  environment.systemPackages = with pkgs; [
+    alacritty
+    apache-ds-pin.apache-directory-studio
+    cryptomator
+    fontforge
+    freecad
+    openscad
+
+    (where-is-my-sddm-theme.override {
+      themeConfig.General = {
+        showUsersByDefault = true;
+        background = "/nix/persist/system/wallpaper.png";
+        backgroundFill = "#252525";
+        backgroundFillMode="Image.Pad";
+        passwordInputWidth = 0.25;
+        passwordInputBackground = "#60ffffff";
+        passwordFontSize = 28;
+        showSessionsByDefault = true;
+        sessionsFontSize=24;
+        usersFontSize=32;
+      };
+      variants = ["qt5"];
+    })
+
+    vscode
+
+
+    dracula-theme
+    foot
+    fractal
+
+    gimp
+    seahorse
+    adwaita-icon-theme
+    grim
+    hunspell
+    hunspellDicts.de_DE
+    hunspellDicts.en_US
+    libreoffice
+    libsForQt5.qtgraphicaleffects
+    mako
+    moonlight-qt
+    nautilus
+    netflix
+    networkmanagerapplet
+    nextcloud-client
+    onlyoffice-bin
+    obs-studio
+    pavucontrol
+    pinentry
+    rbw
+    rofi-rbw
+    # unstable.rustdesk
+    rustdesk-flutter
+    thunderbird
+    vlc
+    wl-clipboard
+    wtype
+    xfce.thunar
+    xfce.thunar-volman
+    xfce.thunar-archive-plugin
+    xorg.libX11
+    xorg.libXcursor
+    xorg.libXi
+    xorg.libXrandr
+    yubioath-flutter
+  ];
+
+  environment.variables.XCURSOR_SIZE = "24";
+
+  services.displayManager.defaultSession = "sway";
+  services.displayManager.sddm = {
+    enable = true;
+    wayland.enable = true;
+    theme = "where_is_my_sddm_theme_qt5";
+  };
+
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
+  services.gnome.gnome-keyring.enable = true;
+  services.gvfs.enable = true;
+
+  virtualisation.virtualbox.host.enable = true;
+  users.extraGroups.vboxusers.members = [ "dominik" ];
+
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk-sans
+    noto-fonts-emoji
+    nerd-fonts._0xproto
+    nerd-fonts.droid-sans-mono
+    open-sans
+  ];
+
+  programs.light.enable = true;
+
+  hardware.graphics.extraPackages = [ pkgs.amdvlk ];
+
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+  hardware.bluetooth.settings = {
+    General = { ControllerMode = "bredr"; };
+  };
+  services.blueman.enable = true;
+
+  services.tlp.enable = true;
+  services.tlp.settings = {
+    CPU_SCALING_GOVERNOR_ON_AC = "performance";
+    CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+    CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+    CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+    START_CHARGE_THRESH_BAT0 = 60;
+    STOP_CHARGE_THRESH_BAT0 = 80;
+  };
+
+  boot.plymouth = {
+    enable = true;
+    theme = "spin";
+    themePackages = with pkgs; [
+      (adi1090x-plymouth-themes.override {
+        selected_themes = [ "spin" ];
+      })
+    ];
+  };
+
+  security.polkit.enable = true;
+  systemd.user.services.polkit-gnome-authentication-agent-1 = {
+    description = "polkit-gnome-authentication-agent-1";
+    wantedBy = [ "graphical-session.target" ];
+    wants = [ "graphical-session.target" ];
+    after = [ "graphical-session.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      Restart = "on-failure";
+      RestartSec = 1;
+      TimeoutStopSec = 10;
+    };
+  };
+
+  services.flatpak.enable = true;
+  systemd.services.flatpak-repo = {
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
+
+  environment.variables.TERMINAL_COMMAND = "alacritty";
 }

hosts/nb/modules/desktop/firefox-container-controller-extension.nix

@@ -1,67 +0,0 @@
-# firefox-container-controller-extension.nix
-# Import this file in your configuration.nix to build and install the Container Controller extension.
-# Usage in configuration.nix:
-#
-# let
-#   containerControllerXpi = import ./firefox-container-controller-extension.nix { inherit pkgs; };
-# in {
-#   programs.firefox = {
-#     enable = true;
-#     profiles.default = {
-#       extensions = [ containerControllerXpi ];
-#     };
-#   };
-# }
-
-{ pkgs }:
-
-pkgs.runCommand "firefox-containercontroller-xpi" {
-  nativeBuildInputs = [ pkgs.zip ];
-} ''
-  # Create temp dir for packaging
-  TMPDIR=$(mktemp -d)
-  cd "$TMPDIR"
-
-  # Write manifest.json without leading spaces
-  cat > manifest.json << 'EOF'
-{
-  "manifest_version": 2,
-  "name": "Container Controller",
-  "version": "1.0",
-  "applications": { "gecko": { "id": "containercontroller@cloonar.com" } },
-  "permissions": ["containers", "nativeMessaging"],
-  "background": { "scripts": ["background.js"] }
-}
-EOF
-
-  # Write background.js without indentation
-  cat > background.js << 'EOF'
-async function poll() {
-  const resp = await browser.runtime.sendNativeMessage(
-    "com.firefox.containercontroller", {}
-  );
-  if (resp.userContextId && resp.action) {
-    try {
-      if (resp.action === "hide") {
-        await browser.containers.hideContainer({ userContextId: resp.userContextId });
-      } else if (resp.action === "show") {
-        await browser.containers.showContainer({ userContextId: resp.userContextId });
-      }
-    } catch (e) {}
-  }
-}
-
-// Poll every second
-setInterval(poll, 1000);
-EOF
-
-  # Ensure the Firefox extensions directory exists in the output
-  mkdir -p "$out/share/firefox/extensions"
-
-  # Create ZIP archive at root of package
-  # and use the updated extension id for the filename
-  zip -r "$out/share/firefox/extensions/containercontroller@cloonar.com.xpi" manifest.json background.js
-
-  # Clean up
-  rm -rf "$TMPDIR"
-''

hosts/nb/modules/desktop/firefox-container-controller-host.nix

@@ -1,59 +0,0 @@
-{ pkgs, lib, ... }:
-
-let
-  # 1) Native‐messaging host: reads and clears the queued JSON command
-  containerControllerHost = pkgs.writeScriptBin "firefox-containercontroller-host" ''
-    #!/usr/bin/env bash
-    CMD_FILE="$HOME/.cache/firefox-container-command.json"
-    if [ -f "$CMD_FILE" ]; then
-      cat "$CMD_FILE"
-      rm "$CMD_FILE"
-    else
-      echo '{}'
-    fi
-  '';
-
-  # 2) CLI helper to enqueue a “hide” command
-  hideContainer = pkgs.writeScriptBin "hide-container" ''
-    #!/usr/bin/env bash
-    if [ -z "$1" ]; then
-      echo "Usage: $0 <userContextId>" >&2
-      exit 1
-    fi
-    ID="$1"
-    mkdir -p "$HOME/.cache"
-    printf '{"userContextId": %s, "action": "hide"}' "$ID" \
-      > "$HOME/.cache/firefox-container-command.json"
-  '';
-
-  # 3) CLI helper to enqueue a “show” command
-  showContainer = pkgs.writeScriptBin "show-container" ''
-    #!/usr/bin/env bash
-    if [ -z "$1" ]; then
-      echo "Usage: $0 <userContextId>" >&2
-      exit 1
-    fi
-    ID="$1"
-    mkdir -p "$HOME/.cache"
-    printf '{"userContextId": %s, "action": "show"}' "$ID" \
-      > "$HOME/.cache/firefox-container-command.json"
-  '';
-in
-{
-  # Install host + helpers
-  environment.systemPackages = [
-    containerControllerHost
-    hideContainer
-    showContainer
-  ];
-
-  # Register the native‐messaging host for our extension
-  environment.etc."mozilla/native-messaging-hosts/com.firefox.containercontroller.json".text =
-    builtins.toJSON {
-      name               = "com.firefox.containercontroller";
-      description        = "Native messaging host for Container Controller";
-      path               = containerControllerHost;
-      type               = "stdio";
-      allowed_extensions = [ "containercontroller@cloonar.com" ];
-    };
-}

hosts/nb/modules/development/default.nix

@@ -8,6 +8,32 @@ let
   };
 in {
   imports = [
-    ./mcp.nix
+    # ./mcp.nix
+    ./coding.nix
+    ./nvim/default.nix
   ];
+  environment.systemPackages = with pkgs; [
+    ddev
+    gcc
+    git
+    glib
+    go
+    nodejs_22
+    rbw
+    bento
+    docker-compose
+    drone-cli
+    git-filter-repo
+    nix-prefetch-git
+    jq
+    mkcert
+    mqttui
+    vim
+    wget
+    wireguard-tools
+    unzip
+    wol
+  ];
+
+  virtualisation.docker.enable = true;
 }

hosts/nb/modules/sway/parsec.nix

@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-
-let
-  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
-    config = { allowUnfree = true; };
-  };
-  parsecDesktopItem = pkgs.makeDesktopItem {
-    name = "parsec";
-    desktopName = "Parsec Gaming";
-    exec = "parsecd";
-  };
-in {
-    environment.systemPackages = with pkgs; [
-      unstable.parsec-bin
-      parsecDesktopItem
-    ];
-}

hosts/nb/modules/sway/rustdesk.nix

@@ -1,19 +0,0 @@
-
-{ pkgs, ... }:
-let
-  rustDeskDesktopItem = pkgs.makeDesktopItem {
-    name = "rustdesk-xorg";
-    desktopName = "RustDesk Xorg";
-    icon = "rustdesk";
-    exec = "env -u WAYLAND_DISPLAY rustdesk";
-    genericName = "Remote Desktop";
-    categories = [ "Network" ];
-    mimeTypes = [ "x-scheme-handler/rustdesk" ];
-  };
-in
-{
-  environment.systemPackages = [ 
-    pkgs.rustdesk-flutter
-    # rustDeskDesktopItem
-  ];
-}

hosts/nb/modules/sway/sway.conf

@@ -70,7 +70,7 @@ bindsym $mod+d exec foot -a launcher -e env TERMINAL_COMMAND="foot -c /etc/xdg/f
 #bindsym $mod+d exec --no-startup-id bemenu --dmenu="dmenu -i -fn 'Source Sans Pro-10' -nb '#212121' -sb '#2b83a6' -sf '#ffffff'
 
 # start an explorer
-bindsym $mod+e exec --no-startup-id pcmanfm
+bindsym $mod+e exec --no-startup-id thunar
 
 # switching window with win+tab
 bindsym $mod+Tab exec --no-startup-id wofi  -show window

hosts/nb/modules/sway/sway.nix

@@ -22,172 +22,19 @@ let
   sway-conf = builtins.readFile ./sway.conf + ''
     exec swaybg -m center -c 252525 -i ~/.wallpaper.png
   '';
-  # unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
-  #   config = { allowUnfree = true; };
-  # };
-  apache-ds-pin = import (builtins.fetchTarball {
-    url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
-  }) {};
 in {
-  imports = [
-    ./social.nix
-    ./signal-work.nix
-    # ./parsec.nix
-    # ./rustdesk.nix
-    ./thunderbird.nix
-    ./bitwarden.nix
-    # ./vscode.nix
-  ];
-
-  environment.variables.XCURSOR_SIZE = "24";
-
-  hardware.graphics.extraPackages = [ pkgs.amdvlk ];
-  environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
-
-  hardware.sane.enable = true;
-
-  virtualisation.virtualbox.host.enable = true;
-  users.extraGroups.vboxusers.members = [ "dominik" ];
-
-  services.gnome.gnome-keyring.enable = true;
-
-  # services.xserver = {
-  #   enable = true;
-  #   displayManager.gdm.enable = true;
-  #   desktopManager.gnome.enable = true;
-  # };
-
-  services.displayManager.defaultSession = "sway";
-  services.displayManager.sddm = {
-    enable = true;
-    wayland.enable = true;
-    theme = "where_is_my_sddm_theme_qt5";
-  };
-
-  xdg.portal = {
-    enable = true;
-    wlr.enable = true;
-    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
-  };
-
   environment.systemPackages = with pkgs; [
-    alsa-utils
-    audacity
-    apache-ds-pin.apache-directory-studio
-    rofi-rbw-wayland
-    # TODO: remove at 25.05
-    cryptomator
-    fontforge
-    hypnotix
-
-    code-cursor
-    windsurf
-    codex
-    # vscode-insiders
-    # unstable.vscode-fhs
-
-    quickemu
-
-    firefox
-
-    # unstable.cura
-    freecad
-    openscad
-
-    (where-is-my-sddm-theme.override {
-      themeConfig.General = {
-        showUsersByDefault = true;
-        background = "/nix/persist/system/wallpaper.png";
-        backgroundFill = "#252525";
-        backgroundFillMode="Image.Pad";
-        passwordInputWidth = 0.25;
-        passwordInputBackground = "#60ffffff";
-        passwordFontSize = 28;
-        showSessionsByDefault = true;
-        sessionsFontSize=24;
-        usersFontSize=32;
-      };
-      variants = ["qt5"];
-    })
-
     dbus-sway-environment
-    ddev
+    rofi-rbw-wayland
-    dracula-theme
-    foot
-    fractal
-    gcc
-    git
-    glib
-    gimp
-    seahorse
-    adwaita-icon-theme
-    go
-    grim
-    hunspell
-    hunspellDicts.de_DE
-    hunspellDicts.en_US
-    inkscape
-    jmeter
-    libreoffice
-    libsForQt5.qtgraphicaleffects
-    mako
-    mqttui
-    moonlight-qt
-    nautilus
-    netflix
-    networkmanagerapplet
-    nextcloud-client
-    nodejs_22
-    onlyoffice-bin
-    obs-studio
-    pavucontrol
-    pcmanfm
-    pinentry
-    rbw
-    rofi-rbw
-    # unstable.rustdesk
-    rustdesk-flutter
-    slurp
-    sway
     swaybg
     sway-launcher-desktop
     swayidle
     swaylock
-    thunderbird
-    unzip
-    vlc
     waybar
     wayland
-    wl-clipboard
     wofi
-    wol
-    wtype
-    xorg.libX11
-    xorg.libXcursor
-    xorg.libXi
-    xorg.libXrandr
-    yubioath-flutter
   ];
 
-  programs.light.enable = true;
-
-  fonts.packages = with pkgs; [
-    noto-fonts
-    noto-fonts-cjk-sans
-    noto-fonts-emoji
-    nerd-fonts._0xproto
-    nerd-fonts.droid-sans-mono
-  ];
-
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    jack.enable = true;
-  };
-
   programs.sway = {
     enable = true;
     wrapperFeatures.gtk = true;

hosts/nb/modules/sway/vscode.nix

@@ -1,16 +0,0 @@
-{ pkgs, ... }: let
-  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
-    config = { allowUnfree = true; };
-  };
-  vscode-insiders = (unstable.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
-    src = (builtins.fetchTarball {
-      url = "https://update.code.visualstudio.com/1.98.2-insider/linux-x64/insider";
-      sha256 = "sha256-tV0VxDLJJPD4jfNEgVh3wMXg899VJxCS5a3putdetkA=";
-    });
-    version = "1.98.0";
-  });
-in {
-  environment.systemPackages = with pkgs; [
-    vscode-insiders
-  ];
-}

hosts/nb/users/dominik.nix

@@ -179,18 +179,6 @@ in
       '';
     };
 
-    programs.vscode = {
-      enable = true;
-      # package = (unstable.vscode.override { isInsiders = true; });
-      package = (pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
-        src = builtins.fetchTarball {
-          url = "https://update.code.visualstudio.com/1.99.0-insider/linux-x64/insider";
-          sha256 = "0z3x9m9pndzka9gzm2phnks453d2mwbdid9yd7qw3bvv965h71j5";
-        };
-        version = "1.99.3";
-      });
-    };
-
     /* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
     # home.persistence."/nix/persist/user/dominik" = {
     #   allowOther = true;
@@ -730,12 +718,6 @@ in
             TERM = "xterm-256color";
           };
         };
-        "*.lenaschilling.at" = {
-          user = "root";
-          setEnv = {
-            TERM = "xterm-256color";
-          };
-        };
         "amz-websrv-01.amz.at" = {
           user = "ebs";
           setEnv = {