[gitea] init

Networking still needs to be done but the vm boots using ```nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner```

.gitea/workflows/eval-hydra-jobs.yml

@@ -0,0 +1,15 @@
+name: "Evaluate Hydra Jobs"
+on:
+  pull_request:
+  push:
+jobs:
+  eval-hydra-jobs:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install dependencies for Nix setup action
+      run: |
+        apt update -y
+        apt install sudo -y        
+    - uses: cachix/install-nix-action@v27
+    - run: nix eval --no-update-lock-file --accept-flake-config .\#hydraJobs

.gitignore

@@ -3,3 +3,5 @@
 *.log
 result
 *.qcow2
+.direnv/
+book/

README.md

@@ -11,7 +11,7 @@ the file structure is based on this [blog post](https://samleathers.com/posts/20
 - login via ```ssh -p 222 malobeo@5.9.153.217```
 - if rebuild switch fails due to biglock do ```mount -o remount,rw /nix/var/nix/db```
 - currently is running tasklist in detached tmux session
-  - [ ] make module with systemd service out of that
+  - [x] make module with systemd service out of that
 
 ## creating a new host
 
@@ -98,32 +98,3 @@ for documentation we currently just use README.md files.
 
 the devshell provides the python package ['grip'](https://github.com/joeyespo/grip) which can be used to preview different README.md files in the browser.
 the usage is simple, just run ```grip``` in the same folder as the README.md you wanna preview. then open your browser at ```http://localhost:6419 ```.
-
-## todos...
-
-#### infrastructure
-* [ ] host a local wiki with public available information about the space, for example:
-  * [ ] how to use coffe machine
-  * [ ] how to turn on/off electricity
-  * [ ] how to use beamer
-  * [ ] how to buecher ausleihen
-  * ...
-* [ ] host some pad (codimd aka hedgedoc)
-* [ ] some network fileshare for storing the movies and streaming them within the network
-* [ ] malobeo network infrastructure rework
-  * [ ] request mulvad acc
-  * [ ] remove freifunk, use openwrt with mulvad configured
-
-#### external services
-we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system.
-- [ ] analyse best way to include our stuff into external nixOs server
-  - [ ] writing some module that is included by the server
-  - [ ] directly use nixOs container on host
-  - [ ] combination of both (module that manages nginx blabla + nixOs container for the services
-
-#### bots&progrmaming
-* [ ] create telegram bot automatically posting tuesday events
-* [x] create webapp/interface replacing current task list pad
-  * could be a simple form for every tuesday
-  * [ ] element bot should send updates if some tasks are not filled out
-

doc/.gitignore

@@ -0,0 +1 @@
+book

doc/book.toml

@@ -0,0 +1,6 @@
+[book]
+authors = ["ahtlon"]
+language = "de"
+multilingual = false
+src = "src"
+title = "Malobeo Infrastruktur Dokumentation"

doc/src/Index.md

@@ -0,0 +1 @@
+# Index

doc/src/SUMMARY.md

@@ -0,0 +1,17 @@
+# Summary
+
+- [Index](./Index.md)
+    - [Info]()
+        - [Aktuelle Server]()
+            - [Durruti](./server/durruti.md)
+            - [Lucia](./server/lucia.md)
+        - [Hardware]()
+        - [Netzwerk]()
+        - [Seiten]()
+            - [Website](./server/website.md)
+            - [musik](./projekte/musik.md)
+        - [TODO](./todo.md)
+    - [How-to]()
+        - [Updates](./anleitung/updates.md)
+        - [Rollbacks](./anleitung/rollback.md)
+        - [MicroVM](./anleitung/microvm.md)

doc/src/anleitung/microvm.md

@@ -0,0 +1,39 @@
+### Declaring a MicroVM
+
+The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function.
+Use durruti as orientation:
+``` nix
+    modules = makeMicroVM "durruti" "10.0.0.5" [
+      ./durruti/configuration.nix
+    ];
+```
+
+"durruti" is the hostname.  
+"10.0.0.5" is the IP assigned to its tap interface.  
+
+### Testing MicroVMs locally
+MicroVMs can be built and run easily on your local host.
+For durruti this is done by:
+``` bash
+sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner
+```
+
+It seems to be necessary to run this as root so that the according tap interface can be created.
+To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below.
+
+### Host Setup
+To provide network access to the VMs a bridge interface needs to be created on your host.
+For that:
+- Add the infrastructure flake as input to your hosts flake  
+- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports
+- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;```
+
+If you want to provide Internet access to the VM it is necessary to create a nat.
+This could be done like this:
+``` nix
+networking.nat = {
+  enable = true;
+  internalInterfaces = [ "microvm" ];
+  externalInterface = "eth0"; #change to your interface name
+};
+```

doc/src/anleitung/rollback.md

@@ -0,0 +1 @@
+# Rollbacks

doc/src/anleitung/updates.md

@@ -0,0 +1 @@
+# Updates

doc/src/projekte/musik.md

@@ -0,0 +1 @@
+# musik

doc/src/server/durruti.md

@@ -0,0 +1,2 @@
+# Durruti
+Hetzner Server

doc/src/server/lucia.md

@@ -0,0 +1,2 @@
+# Lucia
+Lokaler Raspberry Pi 3

doc/src/server/website.md

@@ -0,0 +1,7 @@
+#Website
+
+hosted on uberspace  
+runs malobeo.org(wordpress) and forum.malobeo.org(phpbb)  
+access via ssh with public key or password  
+Files under /var/www/virtual/malobeo/html
+

doc/src/todo.md

@@ -0,0 +1,32 @@
+# TODO
+- [ ] Dieses wiki schreiben
+#### infrastructure
+* [ ] host a local wiki with public available information about the space, for example:
+  * [ ] how to use coffe machine
+  * [ ] how to turn on/off electricity
+  * [ ] how to use beamer
+  * [ ] how to buecher ausleihen
+  * ...
+- [x] host a local wiki with infrastructure information
+* [x] host some pad (codimd aka hedgedoc)
+* [ ] some network fileshare for storing the movies and streaming them within the network
+  - Currently developed in the 'fileserver' branch
+    - NFSV4 based
+* [x] malobeo network infrastructure rework
+  * [x] request mulvad acc
+  * [x] remove freifunk, use openwrt with mulvad configured
+* [ ] evaluate imposing solutions
+    * [ ] pdfarranger
+
+#### external services
+we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system.
+- [x] analyse best way to include our stuff into external nixOs server
+  - [x] writing some module that is included by the server
+  - [x] directly use nixOs container on host
+  - [x] combination of both (module that manages nginx blabla + nixOs container for the services
+
+#### bots&progrmaming
+* [ ] create telegram bot automatically posting tuesday events
+* [x] create webapp/interface replacing current task list pad
+  * could be a simple form for every tuesday
+  * [x] element bot should send updates if some tasks are not filled out

flake.lock

@@ -8,11 +8,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1706278226,
-        "narHash": "sha256-PfLIjoCzTp/wBxEA1/lxH0worupATAHW2bM8qerm59M=",
+        "lastModified": 1719395767,
+        "narHash": "sha256-Uu7dhaTBdPplKsxQx37xGKihXbQymh80nNlxofjsEw4=",
         "ref": "refs/heads/master",
-        "rev": "5ea5fa2f15ab5eedce812c36546247494a73ed3c",
-        "revCount": 18,
+        "rev": "a4128e9603f9decbdf531dbfc6131d238742c211",
+        "revCount": 20,
         "type": "git",
         "url": "https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"
       },
@@ -21,6 +21,24 @@
         "url": "https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -28,16 +46,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1706981411,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "lastModified": 1726989464,
+        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -61,13 +79,35 @@
         "type": "github"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1731240174,
+        "narHash": "sha256-HYu+bPoV3UILhwc4Ar5iQ7aF+DuQWHXl4mljN6Bwq6A=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "dd89404e1885b8d7033106f3898eaef8db660cb2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nixlib": {
       "locked": {
-        "lastModified": 1709426687,
-        "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
+        "lastModified": 1729386149,
+        "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
+        "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
         "type": "github"
       },
       "original": {
@@ -84,11 +124,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709557527,
-        "narHash": "sha256-PV8oYqhTHX6FGZMQ1m5dhRuS914AhofPwgnAMhUZtwE=",
+        "lastModified": 1729472750,
+        "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "d048d6fc4bada612ff08d4b9d5edc48d45389431",
+        "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
         "type": "github"
       },
       "original": {
@@ -99,11 +139,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1709410583,
-        "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
+        "lastModified": 1730919458,
+        "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
+        "rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
         "type": "github"
       },
       "original": {
@@ -131,27 +171,27 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1709428628,
-        "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=",
+        "lastModified": 1730602179,
+        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555",
+        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1709237383,
-        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
+        "lastModified": 1730785428,
+        "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
+        "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
         "type": "github"
       },
       "original": {
@@ -163,16 +203,16 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1709309926,
-        "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
+        "lastModified": 1730883749,
+        "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
+        "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -182,6 +222,7 @@
         "ep3-bs": "ep3-bs",
         "home-manager": "home-manager",
         "mfsync": "mfsync",
+        "microvm": "microvm",
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",
@@ -199,11 +240,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1709434911,
-        "narHash": "sha256-UN47hQPM9ijwoz7cYq10xl19hvlSP/232+M5vZDOMs4=",
+        "lastModified": 1731047660,
+        "narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "075df9d85ee70cfb53e598058045e1738f05e273",
+        "rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f",
         "type": "github"
       },
       "original": {
@@ -212,6 +253,22 @@
         "type": "github"
       }
     },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1729945407,
+        "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=",
+        "ref": "refs/heads/main",
+        "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa",
+        "revCount": 764,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -242,6 +299,36 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tasklist": {
       "inputs": {
         "nixpkgs": [
@@ -249,11 +336,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1696525932,
-        "narHash": "sha256-LVnz6uIOR1QUPWERBe+nx8fM1wRM1SJf1WMuis9eh6E=",
+        "lastModified": 1729717517,
+        "narHash": "sha256-Gul0Zqy0amouh8Hs8BL/DIKFYD6BmdTo4H8+5K5+mTo=",
         "ref": "refs/heads/master",
-        "rev": "74e2f4e0a2a54fb11df59023fe0f188d0b5c3515",
-        "revCount": 10,
+        "rev": "610269a14232c2888289464feb5227e284eef336",
+        "revCount": 27,
         "type": "git",
         "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
       },
@@ -263,12 +350,15 @@
       }
     },
     "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1678901627,
-        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -279,7 +369,7 @@
     },
     "utils_2": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1701680307,
@@ -297,14 +387,14 @@
     },
     "utils_3": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "lastModified": 1726560853,
+        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,13 +2,18 @@
   description = "malobeo infrastructure";
 
   inputs = {
-    utils.url = "github:numtide/flake-utils";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
     mfsync.url = "github:k4lipso/mfsync";
+    microvm.url = "github:astro/microvm.nix";
+    microvm.inputs.nixpkgs.follows = "nixpkgs";
+
+    utils = {
+      url = "github:numtide/flake-utils";
+    };
 
     tasklist = {
       url = "git+https://git.dynamicdiscord.de/kalipso/tasklist";
@@ -26,12 +31,21 @@
     };
 
     home-manager=  {
-      url = "github:nix-community/home-manager/release-23.11";
+      url = "github:nix-community/home-manager/release-24.05";
       inputs = {
         nixpkgs.follows = "nixpkgs";
       };
     };
   };
 
+  nixConfig = {
+    extra-substituters = [
+      "https://cache.dynamicdiscord.de"
+    ];
+    extra-trusted-public-keys = [
+      "cache.dynamicdiscord.de:DKueZicqi2NhJJXz9MYgUbiyobMs10fTyHCgAUibRP4="
+    ];
+  };
+
   outputs = { ... } @ args: import ./outputs.nix args;
 }

machines/.sops.yaml

@@ -7,6 +7,7 @@ keys:
   - &admin_kalipso_dsktp aef8d6c7e4761fc297cda833df13aebb1011b5d4
   - &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
   - &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db
+  - &machine_durruti 4095412245b6efc14cf92ca25911def5a4218567
 creation_rules:
   - path_regex: moderatio/secrets/secrets.yaml$
     key_groups:
@@ -20,3 +21,9 @@ creation_rules:
       - *admin_kalipso
       - *admin_kalipso_dsktp
       - *machine_lucia
+  - path_regex: durruti/secrets.yaml$
+    key_groups:
+    - pgp:
+      - *admin_kalipso
+      - *admin_kalipso_dsktp
+      - *machine_durruti

machines/configuration.nix

@@ -17,9 +17,22 @@ let
     {
       imports = [
         ({ pkgs, ... }: {
-          nix.extraOptions = ''
-            experimental-features = nix-command flakes
-          '';
+          nix = {
+            extraOptions = ''
+              experimental-features = nix-command flakes
+            '';
+
+            settings = {
+              substituters = [
+                "https://cache.dynamicdiscord.de"
+                "https://cache.nixos.org/"
+              ];
+              trusted-public-keys = [
+                "cache.dynamicdiscord.de:DKueZicqi2NhJJXz9MYgUbiyobMs10fTyHCgAUibRP4="
+              ];
+              trusted-users = [ "root" "@wheel" ];
+            };
+          };
         })
 
         sops-nix.nixosModules.sops
@@ -27,16 +40,36 @@ let
     }
   ];
   defaultModules = baseModules;
+
+  makeMicroVM = hostName: ipv4Addr: modules: [
+    inputs.microvm.nixosModules.microvm
+    {
+      microvm = {
+        hypervisor = "qemu";
+        interfaces = [
+          {
+            type = "tap";
+            id = "vm-${hostName}";
+            mac = "02:00:00:00:00:01";
+          }
+        ];
+      };
+      
+      systemd.network.enable = true;
+      
+      systemd.network.networks."20-lan" = {
+        matchConfig.Type = "ether";
+        networkConfig = {
+          Address = [ "${ipv4Addr}/24" ];
+          Gateway = "10.0.0.1";
+          DNS = ["1.1.1.1"];
+          DHCP = "no";
+        };
+      };
+    }
+  ] ++ defaultModules ++ modules;
 in
 {
-  moderatio = nixosSystem {
-    system = "x86_64-linux";
-    specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
-      ./moderatio/configuration.nix
-    ];
-  };
-
   louise = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
@@ -48,7 +81,7 @@ in
   durruti = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
+    modules = makeMicroVM "durruti" "10.0.0.5" [
       ./durruti/configuration.nix
     ];
   };
@@ -62,15 +95,11 @@ in
     ];
   };
 
-  sdImageLucia = nixosSystem {
-    system = "aarch64-linux";
+  gitea = nixosSystem {
+    system = "x86_64-linux";
     specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
-      "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
-      ./lucia/configuration.nix
-      {
-        sdImage.compressImage = false;
-      }
+    modules = makeMicroVM "gitea" "10.0.0.6" [
+      ./gitea/configuration.nix
     ];
   };
 }

machines/durruti/configuration.nix

@@ -3,7 +3,8 @@
 with lib;
 
 {
-  boot.isContainer = true;
+  sops.defaultSopsFile = ./secrets.yaml;
+
   networking = {
     hostName = mkDefault "durruti";
     useDHCP = false;
@@ -24,8 +25,17 @@ with lib;
     ../modules/malobeo_user.nix
     ../modules/sshd.nix
     ../modules/minimal_tools.nix
+    ../modules/autoupdate.nix
   ];
 
+  malobeo.autoUpdate = {
+    enable = true;
+    url = "https://hydra.dynamicdiscord.de";
+    project = "malobeo";
+    jobset = "infrastructure";
+    cacheurl = "https://cache.dynamicdiscord.de";
+  };
+
   services.malobeo-tasklist.enable = true;
 
   services.ep3-bs = {
@@ -39,17 +49,28 @@ with lib;
       address = "dynamicdiscorddresden@systemli.org";
       host = "mail.systemli.org";
       user = "dynamicdiscorddresden@systemli.org";
-      password = "E4XaTzv5hi0ClsMRtzy58uQ6D";
+      passwordFile = config.sops.secrets.ep3bsMail.path;
       auth = "plain";
     };
 
 
     database = {
       user = "malodbuser";
-      password = "aAljwdlaKQWhdakwLHdalkhwdhalaWLKhdaoiu";
+      passwordFile = config.sops.secrets.ep3bsDb.path;
     };
   };
 
+  sops.secrets.ep3bsDb = {
+    owner = config.services.ep3-bs.user;
+    key = "ep3bsDb";
+  };
+
+  sops.secrets.ep3bsMail = {
+    owner = config.services.ep3-bs.user;
+    key = "ep3bsMail";
+  };
+
+
   system.stateVersion = "22.11"; # Did you read the comment?
 }
 

machines/durruti/host_config.nix

@@ -44,6 +44,5 @@ in
       enableACME= true;
       locations."/".proxyPass = "http://${cfg.host_ip}:80";
     };
-
   };
 }

machines/durruti/secrets.yaml

@@ -0,0 +1,72 @@
+hello: ENC[AES256_GCM,data:MKKsvoFlHX6h4qazxcjl/RE1ZsK64G926k4hgFW3AkoJgXO1QXmTaRG7ZBgS8A==,iv:hoFbcNRkge24xJfLZJH651jB4NnXCjYAdTrirkans+4=,tag:68AyEHamlGxdmSJGkTGbsA==,type:str]
+ep3bsDb: ENC[AES256_GCM,data:Z4ZYRaV/eCkaW5Ma+88hbl1o8qsI7PANrIHXoLdIOqIGFLPt7dw=,iv:BCVM+PeGm2NRcvBBy0kId1iVOD/uoiVKKBDA03p0QFM=,tag:CMypO3RLOhvHdVG5YvWewg==,type:str]
+ep3bsMail: ENC[AES256_GCM,data:rZhRb/+gs0Lm8Gdi2P2FMe15A344b88TRg==,iv:hEIG2CBcMslg3hmH3ST3bu6tmes01jncQ3V7h5KcuhA=,tag:XAHdMAlVZNyMdp4TznWDQQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-06-26T10:07:26Z"
+    mac: ENC[AES256_GCM,data:TfN80Hffm+Lf/5Cz7T37bBxMgJCAnk2aBxxW1/lr89N2p3cckcSOGAKoLWNIsdOkqOjAs4kft0nQ+xyfdLehG1WPo6OlOwZhJexfUUcS7GJ0QGNEVntkehQiHGw9TIv08/WHRbjnKTOGHLn1vuJAIJmSyff0hncGR7nxcwghZUU=,iv:TfidjsiqDx4SCbtb6ksNYOSz/EwzwnYieeWOaBrvA7Y=,tag:e8Vaycv9bxrVBn2QjRyfSw==,type:str]
+    pgp:
+        - created_at: "2024-06-26T10:06:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA5HdvEwzh/H7AQv8D3vncBeC4Kq+Vzk6XOMV6gRRGOZp+w2e/055sZ40IUu+
+            43Yi5giVL0I7PZkZD787LNiKy6kTcI6D9tJIp9YSMRVJb4x8oDJWS8NbVZZOUCwT
+            d9KYaMO6hN8VobhUKsu7uAKCrgVzPWrWPNmZPvwZ6pxL+cBFK2W/GEvQsXvaELUc
+            5mNlB4k5S9oG4ZMli3WWhVJRMZgdjGWDKiFVGCSenEkhua/5TUUefV8urf1IBjoN
+            MB8TPwsm3PBEG6/zrfXls/7Zhbv7mtl1uB9nWBC9M4EL9euzC83X+IiFAlThpoPu
+            eylOhEkAq60tQglk2SRsdFpHvEwaijqSKL0ieDQjvLxLNCdtCQS3yM21S4SkfRvv
+            pDGQROqjhtgZSF7MZqD67mA9tMwYGlZLfkzjpYrErbG6G4xYGO2ZODPNZ4FH/2Zf
+            Yf9xpAd0/m4mmg+py041nas8lgJzOXn5mKIxX/kLkV1U/ccrZXB9DTsWbuRVxh3W
+            CZTzgT0VdZWd88cUcYIR0lgBz0vCxDRgyPhc3B3ivoOHBisoBWbYURv+6rYE84Qs
+            6nDtCt4fUqrfKqnw1b++L1II+QjEBkhawOWNbqE9AxESOLAVwkn4cCOqeWDP8DBq
+            OBN3luBRDDAj
+            =+dua
+            -----END PGP MESSAGE-----
+          fp: c4639370c41133a738f643a591ddbc4c3387f1fb
+        - created_at: "2024-06-26T10:06:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA98TrrsQEbXUARAAmj8h6g8Knwg5c/Ugfxcb4nuWuLydyzNZpKJ9YcQ4VTAo
+            HA38lHH79JbnIoZ9kvxHzUONBLfnW3KekomUdmj1a2DjWllnsIOH8/16JCpFPXbx
+            hcWQFLxXzJcUEbVfONih4Zmb/2OTzSYoDjNzGaBJUx6x3AwJ0jTzCTxF9WIU1ieh
+            9u+ovry7bcHPTn3RS0gQPGRx9gN0A8OSPScKpvz2CRtUA2Uzs0/fIe3NbKQSj6g3
+            rZYityYC7uFoE792dkJ3rG9GZneIwWB8sp1remHyRhxaRN4YNPKmje/Pe/fe7sxQ
+            lWPmW4wa2uSI7/2PAkIjafoDmnpaLxQ+qY9hXobpL7OlyAuA+Sy8Ns2z6nXfPSSj
+            fQE4OS3hhUStv7PdVVvlH6JVGZK/cJOjOX0lF69A5R5XKQlasRq/t5CKBjxDWnb1
+            2bb3YavIUKWbf/DdlGNb9aKeiYX4RsaMbdc6vU5EOp69S66dF5l5W6+EDLICQEdl
+            TRNxzofVqjroeQeK9xFd+SXHVwnU9FGPr9cN7803/r17hONDxfL7o7cL1sKfX1tC
+            3nRqV3fxSfosz19jmIDu/6lqvJhBBQ8zQeKz/yWxUKowP6WUNAWsMWC7w89Ie1vA
+            UOy+xO0epIGLJSRU5YBNr9z7854NATnxRWRTya+CyFAgPVoBUxd/+2CjlkUeQWnS
+            WAELWSqQ4zsAryLhEqSWVg6nwSDCIvF/U56/vIacXwoKMqLYra5gxV78cCU6gcMt
+            08O8qM7cxHy5tGzTm6LQZvXTb8W6ybcPvPw695TirUjq9zYVnaT2lmQ=
+            =7OG0
+            -----END PGP MESSAGE-----
+          fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
+        - created_at: "2024-06-26T10:06:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA1kR3vWkIYVnAQ//RZM4ifHThNFNV6pTCGKHdkF7BMHB4gv7BBkXT9cWTGcf
+            XxH3tH/kFPBSoWWfmtmHbN1bw77vpKda2lLHyOETGCusOFwuFe0+cz7sWStnf/T6
+            GVoaCRljhRxlXS2PY9gSG5fLi1uUjmCn9EshdCQdz1ix46kgSe17I+UJYRxi9r4U
+            e1R0ky4md8tLGGXg2cz1z48+kS7QX6TA1L5jjrW6MEa5ld2wywXD1g7UKpaP6QAc
+            B5xo4G+6zZNYk6x5i0NJ4EJalyyEXBvJDgsFzW4luqBGjMU2zLkq5VTQjssCbp6l
+            aE1ZZtMJYDa3IdEV/gEIF7/WmODMopO2hfTWFCx9fZ2cp0gK2d6ffo7vum4WkAMv
+            FjsbRLCmoZrlwD+/y38Hru2Ok/2cDF+QiEHq0cx+XMjgRrV6vCYrg67kOGjXZ+0v
+            eZMPGo5506cp/0cbo6eIoG9XzdNirp9mXQHMBb47/dETr+mBAyVzImuHJVmUgXlK
+            0nScCjrE2BPfsphMlQKMV007znA8QB65wEuoQ9QWTfgUfxVqzqJxdnFHKSSKAciU
+            fxAJTGN2RnbBDcehvch+QZAnIHznz3c+2WKetmFMpymqL1OKQKjhnEFewOK8rXKM
+            cEFRo1BOMkaccBBFHt/A/IQJt2+RuADbkxI9rPqPU9iPi3Ts4jFqfNzZp+m+ADHS
+            WAGHQuVbo0oQ5RLEOMPheNbr2eL+uyuMLMNsv41G4Mr+lSjN2/KvBoMQEQvpPasG
+            HDYyoe7JdYbVs+08h465+L+cbi0LzaBUxTm44GliJXVbrz6eqy6lRto=
+            =GiUe
+            -----END PGP MESSAGE-----
+          fp: 4095412245b6efc14cf92ca25911def5a4218567
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

machines/gitea/configuration.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, inputs, ... }:
+
+with lib;
+
+{
+  #sops.defaultSopsFile = ./secrets.yaml;
+
+  networking = {
+    hostName = mkDefault "gitea";
+    useDHCP = false;
+    nameservers = [ "1.1.1.1" ];
+  };
+
+  imports = [
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+    ../modules/minimal_tools.nix
+    ../modules/autoupdate.nix
+  ];
+
+  services.gitea = {
+    enable = true;
+    appName = "malobeo git instance";
+
+    settings.server = {
+      DOMAIN = "git.malobeo.org";
+      HTTP_PORT = 3001;
+      SSH_PORT = 22;
+      ROOT_URL = "https://git.malobeo.org/";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 3001 ];
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

machines/louise/configuration.nix

@@ -8,10 +8,21 @@
       ../modules/malobeo_user.nix
       ../modules/sshd.nix
       ../modules/minimal_tools.nix
+      ../modules/autoupdate.nix
     ];
 
+  malobeo.autoUpdate = {
+    enable = true;
+    url = "https://hydra.dynamicdiscord.de";
+    project = "malobeo";
+    jobset = "infrastructure";
+    cacheurl = "https://cache.dynamicdiscord.de";
+  };
+
   boot.loader.systemd-boot.enable = true;
 
+  hardware.sane.enable = true; #scanner support
+
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   users.users.malobeo = {
@@ -29,6 +40,7 @@
       chromium
       mpv
       vlc
+      simple-scan
     ];
   };
 
@@ -38,7 +50,17 @@
   };
 
   services.printing.enable = true;
-  services.printing.drivers = [ pkgs.brlaser ];
+  services.printing.drivers = [
+    (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd))
+    pkgs.gutenprint
+    pkgs.gutenprintBin
+    pkgs.brlaser
+    pkgs.brgenml1lpr 
+    pkgs.brgenml1cupswrapper
+  ];
+
+  # needed for printing drivers
+  nixpkgs.config.allowUnfree = true; 
 
   services.acpid.enable = true;
 
@@ -46,7 +68,18 @@
   networking.networkmanager.enable = true;
 
   sound.enable = true;
-  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio = {
+    enable = true;
+    zeroconf.discovery.enable = true;
+    extraConfig = ''
+      load-module module-zeroconf-discover
+    '';
+  };
+
+  services.avahi = {
+    enable = true;
+  };
+
 
   time.timeZone = "Europe/Berlin";
   system.stateVersion = "23.05"; # Do.. Not.. Change..

machines/lucia/configuration.nix

@@ -14,7 +14,7 @@ in
 
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.passwordAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "prohibit-password";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 
@@ -44,37 +44,6 @@ in
 
   services = {
 
-  #mopidy = {
-  #  enable = true;
-  #  configuration = ''
-  #    [audio]
-  #    output = alsasink
-
-  #    [mpd]
-  #    enabled = true
-  #    hostname = ::
-  #
-  #    [core]
-  #    restore_state = true
-
-  #    
-  #    [http]
-  #    allowed_origins =
-  #      music.malobeo.org
-  #      https://music.malobeo.org
-
-  #
-  #    [youtube]
-  #    allow_cache = true
-  #    youtube_dl_package = yt_dlp
-  #
-  #    [file]
-  #    enabled = true
-  #    media_dirs = /var/lib/mpd/music/
-  #  '';
-  #  extensionPackages = with pkgs; [ mopidy-iris mopidy-mpd mopidy-youtube python3Packages.yt-dlp ];
-  #};
-
 
   dokuwiki.sites."wiki.malobeo.org" = {
     enable = true;
@@ -130,6 +99,111 @@ in
   ympd = {
     enable = true;
   };
+
+  #samba = {
+  #  enable = true;
+  #  securityType = "user";
+  #  openFirewall = true;
+  #  extraConfig = ''
+  #    workgroup = maloinfra
+  #    server string = smbmalo
+  #    netbios name = smbmalo
+  #    security = user 
+  #    #use sendfile = yes
+  #    max protocol = smb2
+  #    # note: localhost is the ipv6 localhost ::1
+  #    hosts allow = 192.168.1. 127.0.0.1 localhost
+  #    hosts deny = 0.0.0.0/0
+  #    guest account = nobody
+  #    map to guest = bad user
+  #  '';
+  #  shares = {
+  #    zines = {
+  #      comment = "malobeo Zines";
+  #      path = "/var/sambaShares/zines";
+  #      browseable = "yes";
+  #      "read only" = "no";
+  #      "guest ok" = "yes";
+  #      "create mask" = "0644";
+  #      "directory mask" = "0755";
+  #      #"force user" = "username";
+  #      #"force group" = "groupname";
+  #      "write list" = "malobeo";
+  #      "read list" = "guest nobody";
+  #    };
+  #    #private = {
+  #    #  path = "/mnt/Shares/Private";
+  #    #  browseable = "yes";
+  #    #  "read only" = "no";
+  #    #  "guest ok" = "no";
+  #    #  "create mask" = "0644";
+  #    #  "directory mask" = "0755";
+  #    #  "force user" = "username";
+  #    #  "force group" = "groupname";
+  #    #};
+  #  };
+  #};
+
+  #samba-wsdd = {
+  #  enable = true;
+  #  openFirewall = true;
+  #};
+
+  hedgedoc = {
+    enable = true;
+    settings = {
+      #allowAnonymousEdits = true;
+      #allowEmailRegister = false;
+      #allowFreeURL = true;
+      allowOrigin = [ "localhost" "pad.malobeo.org" ];
+      db = {
+        dialect = "sqlite";
+        storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
+      };
+      domain = "pad.malobeo.org";
+      port = 3333;
+      useSSL = false;
+      protocolUseSSL = false;
+    };
+  };
+  };
+
+  environment.systemPackages = with pkgs; [
+    mpd
+    mpv
+    ncmpcpp
+    ncpamixer
+    # pulseaudio
+    vim
+    htop
+    wget
+    git
+    pciutils
+    nix-tree
+  ];
+
+  #hardware.pulseaudio = {
+  #  enable = true;
+  #  systemWide = true;
+  #  tcp = {
+  #    enable = true;
+  #    anonymousClients.allowedIpRanges = [
+  #      "127.0.0.0/8"
+  #      "192.168.1.0/24"
+  #    ];
+  #  };
+
+  #  zeroconf.publish.enable = true;
+  #};
+
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      userServices = true;
+    };
   };
 
   security.acme = {
@@ -153,18 +227,30 @@ in
         proxyWebsockets = true;
       };
     };
+
+    virtualHosts."pad.malobeo.org" = {
+      enableACME = true;
+      forceSSL = true;
+      acmeRoot = null;
+
+      locations."/" = {
+        proxyPass = "http://localhost:3333";
+        #proxyWebsockets = true;
+      };
+
+      locations."/socket.io/" = {
+        proxyPass = "http://localhost:3333";
+        proxyWebsockets = true;
+        extraConfig = 
+          "proxy_ssl_server_name on;"
+          ;
+      };
+    };
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    wget
-    git
-    pciutils
-    nix-tree
-  ];
+  networking.firewall.allowedTCPPorts = [ 80 443 4713 ];
+  networking.firewall.allowedUDPPorts = [ 5353 9875 ];
 
   system.stateVersion = "23.05";
 }

machines/moderatio/configuration.nix

@@ -1,92 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  services.acpid.enable = true;
-
-  boot.kernelPackages = pkgs.linuxPackages_5_4;
-  services.xserver.videoDrivers = [ "intel" ];
-  services.xserver.deviceSection = ''
-    Option "DRI" "2"
-    Option "TearFree" "true"
-  '';
-
-  zramSwap.enable = true;
-  zramSwap.memoryPercent = 150;
-
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./zfs.nix
-
-      ../modules/xserver.nix
-      ../modules/malobeo_user.nix
-      ../modules/sshd.nix
-      ../modules/minimal_tools.nix
-    ];
-
-  users.users.malobeo = {
-    packages = with pkgs; [
-      firefox
-      thunderbird
-    ];
-  };
-
-  networking.hostName = "moderatio"; # Define your hostname.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.05"; # Did you read the comment?
-
-}
-

machines/moderatio/hardware-configuration.nix

@@ -1,53 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "rpool/nixos/root";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/home" =
-    { device = "rpool/nixos/home";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "bpool/nixos/root";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1" =
-    { device = "/dev/disk/by-uuid/A0D1-00C1";
-      fsType = "vfat";
-    };
-
-  fileSystems."/boot/efi" =
-    { device = "/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1";
-      fsType = "none";
-      options = [ "bind" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

machines/moderatio/zfs.nix

@@ -1,34 +0,0 @@
-{ config, pkgs, ... }:
-
-{ boot.supportedFilesystems = [ "zfs" ];
-  networking.hostId = "ae749b82";
-  #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
-boot.loader.efi.efiSysMountPoint = "/boot/efi";
-boot.loader.efi.canTouchEfiVariables = false;
-boot.loader.generationsDir.copyKernels = true;
-boot.loader.grub.efiInstallAsRemovable = true;
-boot.loader.grub.enable = true;
-boot.loader.grub.version = 2;
-boot.loader.grub.copyKernels = true;
-boot.loader.grub.efiSupport = true;
-boot.loader.grub.zfsSupport = true;
-boot.loader.grub.extraPrepareConfig = ''
-  mkdir -p /boot/efis
-  for i in  /boot/efis/*; do mount $i ; done
-
-  mkdir -p /boot/efi
-  mount /boot/efi
-'';
-boot.loader.grub.extraInstallCommands = ''
-ESP_MIRROR=$(mktemp -d)
-cp -r /boot/efi/EFI $ESP_MIRROR
-for i in /boot/efis/*; do
- cp -r $ESP_MIRROR/EFI $i
-done
-rm -rf $ESP_MIRROR
-'';
-boot.loader.grub.devices = [
-      "/dev/disk/by-id/ata-ST250LT003-9YG14C_W041QXCA"
-    ];
-users.users.root.initialHashedPassword = "$6$PmoyhSlGGT6SI0t0$.cFsLyhtO1ks1LUDhLjG0vT44/NjuWCBrv5vUSXqwrU5WpaBvvthnLp0Dfwfyd6Zcdx/4izDcjQAgEWs4QdzW0";
-}

machines/modules/BR5350_2_GPL.ppd

@@ -0,0 +1,640 @@
+*PPD-Adobe: "4.3"
+*% This program is free software; you can redistribute it and/or modify it
+*% under the terms of the GNU General Public License as published by the Free
+*% Software Foundation; either version 2 of the License, or (at your option)
+*% any later version.
+*%
+*% This program is distributed in the hope that it will be useful, but WITHOUT
+*% ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+*% FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+*% more details.
+*%
+*% You should have received a copy of the GNU General Public License along with
+*% this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+*% Place, Suite 330, Boston, MA  02111-1307  USA
+*%
+
+
+*%================================================
+*%	Copyright(C) 2008 Brother Industries, Ltd.
+*%	"Brother HL-5350DN BR-Script3"
+*%================================================
+
+*%==== General Information Keywords ========================
+*FormatVersion: "4.3"
+*FileVersion: "1.06"
+*LanguageEncoding: ISOLatin1
+*LanguageVersion: English
+*Manufacturer: "Brother"
+*PCFileName: "BR5350_2.PPD"
+*Product: "(Brother HL-5350DN series)"
+*PSVersion: "(3010.106) 5"
+*ShortNickName: "Brother HL-5350DN BR-Script3"
+*ModelName: "Brother HL-5350DN BR-Script3"
+*NickName: "Brother HL-5350DN BR-Script3"
+
+*%==== Basic Device Capabilities =============
+*LanguageLevel: "3"
+*TTRasterizer: Type42
+*ColorDevice: False
+*DefaultColorSpace: Gray
+*FileSystem: True
+*?FileSystem:"
+save 
+	/devname (%disk0%) def 
+	/ret false def 
+	0 1 7{ 
+		devname exch 48 add 5 exch put 
+		devname devstatus { 
+			0 ne {/ret true def}if 
+			pop pop pop pop pop pop pop 
+		}if 
+	}for 
+	ret {(True)}{(False)} ifelse = flush 
+restore 
+" 
+*End
+
+*Throughput: "28"
+*FreeVM: "6050000"
+
+*%==== Emulations and Protocols ==========
+*Protocols: PJL TBCP
+
+*SuggestedJobTimeout: "0"
+*SuggestedWaitTimeout: "300"
+*PrintPSErrors: True
+
+*%==== PostScript Patches ==========
+*%*JobPatchFile 1: "statusdict/setusbbinary known{statusdict begin true setusbbinary end}if"
+
+*%==== JCL Features ==========================
+*JCLBegin:           "<1B>%-12345X@PJL JOB<0A>"
+*JCLToPSInterpreter: "@PJL ENTER LANGUAGE = POSTSCRIPT <0A>"
+*JCLEnd:             "<1B>%-12345X@PJL EOJ <0A><1B>%-12345X"
+
+*%==== Installable Options ===================
+
+*OpenGroup: InstallableOptions/Options Installed
+
+*OpenUI *OptionTrays/Number of Input Trays: PickOne
+*DefaultOptionTrays: 3Trays
+*OptionTrays 1Trays/ 1: ""
+*OptionTrays 2Trays/ 2: ""
+*OptionTrays 3Trays/ 3: ""
+*?OptionTrays:"
+save
+    <</BRFeeder 2>>setpagedevice currentpagedevice/BRFeeder get
+    2 eq{(3Trays)}{
+      <</BRFeeder 1>>setpagedevice currentpagedevice/BRFeeder get
+      1 eq{(2Trays)}{(1Trays)}ifelse
+    }ifelse
+  = flush 
+restore 
+"
+*End
+*CloseUI: *OptionTrays
+
+*CloseGroup: InstallableOptions
+
+*UIConstraints: *OptionTrays 1Trays *InputSlot Tray2
+*UIConstraints: *InputSlot Tray2 *OptionTrays 1Trays
+*UIConstraints: *OptionTrays 1Trays *InputSlot Tray3
+*UIConstraints: *InputSlot Tray3 *OptionTrays 1Trays
+*UIConstraints: *OptionTrays 2Trays *InputSlot Tray3
+*UIConstraints: *InputSlot Tray3 *OptionTrays 2Trays
+
+*UIConstraints: *CAPT Fine *TonerSaveMode True
+*UIConstraints: *TonerSaveMode True *CAPT Fine
+*UIConstraints: *CAPT SFine *TonerSaveMode True
+*UIConstraints: *TonerSaveMode True *CAPT SFine
+
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -6
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -5
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -4
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -3
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -2
+*UIConstraints: *CAPT Fine *BRDensityAdjustment -1
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 0
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 1
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 2
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 3
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 4
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 5
+*UIConstraints: *CAPT Fine *BRDensityAdjustment 6
+
+*%==== Media Selection ======================
+
+*OpenUI *PageSize: PickOne
+*OrderDependency: 30 AnySetup *PageSize
+*DefaultPageSize: A4
+*PageSize Letter/Letter: "<< /PageSize [612 792] /ImagingBBox null >> setpagedevice"
+*PageSize Legal/Legal: "<< /PageSize [612 1008] /ImagingBBox null >> setpagedevice"
+*PageSize Executive/Executive: "<< /PageSize [522 756] /ImagingBBox null >> setpagedevice"
+*PageSize A4/A4: "<< /PageSize [595 842] /ImagingBBox null >> setpagedevice"
+*PageSize A4Long/A4 Long: "<< /PageSize [595 1147] /ImagingBBox null >> setpagedevice"
+*PageSize A5/A5: "<< /PageSize [420 595] /ImagingBBox null >> setpagedevice"
+*PageSize A5L/A5 Long Edge: "<< /PageSize [595 419] /ImagingBBox null >> setpagedevice"
+*PageSize A6/A6: "<< /PageSize [297 420] /ImagingBBox null >> setpagedevice"
+*PageSize Env10/Com-10: "<< /PageSize [297 684] /ImagingBBox null >> setpagedevice"
+*PageSize EnvMonarch/Monarch: "<</PageSize [279 540] /ImagingBBox null>> setpagedevice"
+*PageSize EnvDL/DL: "<< /PageSize [312 624] /ImagingBBox null >> setpagedevice"
+*PageSize EnvDLRotated/DL Long Edge: "<< /PageSize [624 312] /ImagingBBox null >> setpagedevice"
+*PageSize EnvC5/C5: "<</PageSize [459 649] /ImagingBBox null>> setpagedevice"
+*PageSize EnvISOB5/B5 : "<< /PageSize [499 709] /ImagingBBox null >> setpagedevice"
+*PageSize EnvISOB6/B6 : "<< /PageSize [354 499] /ImagingBBox null >> setpagedevice"
+*PageSize FanFoldGermanLegal/Folio: "<< /PageSize [612 936] /ImagingBBox null >> setpagedevice"
+*PageSize 3x5/3x5: "<< /PageSize [216 360] /ImagingBBox null >> setpagedevice"
+*CloseUI: *PageSize
+
+*OpenUI *PageRegion: PickOne
+*OrderDependency: 40 AnySetup *PageRegion
+*DefaultPageRegion: A4
+*PageRegion Letter/Letter: "<< /PageSize [612 792] /ImagingBBox null >> setpagedevice"
+*PageRegion Legal/Legal: "<< /PageSize [612 1008] /ImagingBBox null >> setpagedevice"
+*PageRegion Executive/Executive: "<< /PageSize [522 756] /ImagingBBox null >> setpagedevice"
+*PageRegion A4/A4: "<< /PageSize [595 842] /ImagingBBox null >> setpagedevice"
+*PageRegion A4Long/A4 Long: "<< /PageSize [595 1147] /ImagingBBox null >> setpagedevice"
+*PageRegion A5/A5: "<< /PageSize [420 595] /ImagingBBox null >> setpagedevice"
+*PageRegion A5L/A5 Long Edge: "<< /PageSize [595 419] /ImagingBBox null >> setpagedevice"
+*PageRegion A6/A6: "<< /PageSize [297 420] /ImagingBBox null >> setpagedevice"
+*PageRegion Env10/Com-10: "<< /PageSize [297 684] /ImagingBBox null >> setpagedevice"
+*PageRegion EnvMonarch/Monarch: "<</PageSize [279 540] /ImagingBBox null>> setpagedevice"
+*PageRegion EnvDL/DL: "<< /PageSize [312 624] /ImagingBBox null >> setpagedevice"
+*PageRegion EnvDLRotated/DL Long Edge: "<< /PageSize [624 312] /ImagingBBox null >> setpagedevice"
+*PageRegion EnvC5/C5: "<</PageSize [459 649] /ImagingBBox null>> setpagedevice"
+*PageRegion EnvISOB5/B5 : "<< /PageSize [499 709] /ImagingBBox null >> setpagedevice"
+*PageRegion EnvISOB6/B6 : "<< /PageSize [354 499] /ImagingBBox null >> setpagedevice"
+*PageRegion FanFoldGermanLegal/Folio: "<< /PageSize [612 936] /ImagingBBox null >> setpagedevice"
+*PageRegion 3x5/3x5: "<< /PageSize [216 360] /ImagingBBox null >> setpagedevice"
+*CloseUI: *PageRegion
+
+*DefaultImageableArea: A4
+*ImageableArea Letter/Letter: "12.0 12.12 599.88 780.0"
+*ImageableArea Legal/Legal: "12.0 12.12 599.88 996.0"
+*ImageableArea Executive/Executive: "11.99 12.12 510.0 744.0"
+*ImageableArea A4/A4: "12.0 12.24 583.08 829.92"
+*ImageableArea A4Long/A4 Long: "12.0 12.12 583.08 1134.96"
+*ImageableArea A5/A5: "12.0 11.88 407.4 582.96"
+*ImageableArea A5L/A5 Long Edge: "12.0 11.88 407.4 582.96"
+*ImageableArea A6/A6: "12.0 12.6 285.48 408.0"
+*ImageableArea Env10/Com-10: "12.0 12.12 284.88 672.0"
+*ImageableArea EnvMonarch/Monarch: "12.0 12.12 266.76 528.0"
+*ImageableArea EnvDL/DL: "12.0 12.24 299.88 612.0"
+*ImageableArea EnvDLRotated/DL Long Edge: "12.0 12.12 611.76 300.0"
+*ImageableArea EnvC5/C5: "12.0 12.24 446.76 636.96"
+*ImageableArea EnvISOB5/B5 : "12.0 12.48 486.72 696.96"
+*ImageableArea EnvISOB6/B6 : "12.0 12.24 342.12 486.96"
+*ImageableArea FanFoldGermanLegal/Folio: "12.0 12.12 599.88 924.0"
+*ImageableArea 3x5/3x5: "12.0 12.12 204.00 348.00"
+
+*%==== Information About Media Sizes ========
+
+*DefaultPaperDimension: A4
+*PaperDimension Letter/Letter: "612 792"
+*PaperDimension Legal/Legal: "612 1008"
+*PaperDimension Executive/Executive: "522 756"
+*PaperDimension A4/A4: "595 842"
+*PaperDimension A4Long/A4 Long: "595 1147"
+*PaperDimension A5/A5: "420 595"
+*PaperDimension A5L/A5 Long Edge: "420 595"
+*PaperDimension A6/A6: "297 420"
+*PaperDimension Env10/Com-10: "297 684"
+*PaperDimension EnvMonarch/Monarch: "279 540"
+*PaperDimension EnvDL/DL: "312 624"
+*PaperDimension EnvDLRotated/DL Long Edge: "624 312"
+*PaperDimension EnvC5/C5: "459 649"
+*PaperDimension EnvISOB5/B5 : "499 709"
+*PaperDimension EnvISOB6/B6 : "354 499"
+*PaperDimension FanFoldGermanLegal/Folio: "612 936"
+*PaperDimension 3x5/3x5: "216 360"
+
+*%==== Custom Page Sizes ====================
+*NonUIOrderDependency: 40 AnySetup *CustomPageSize
+*VariablePaperSize: True
+*LeadingEdge Short: ""
+*LeadingEdge Long: ""
+*DefaultLeadingEdge: Short
+*MaxMediaWidth: "612"
+*MaxMediaHeight: "1152"
+*HWMargins: 13 13 13 13
+*CustomPageSize True: "
+	<</BRCustomPageSize true>> setpagedevice 
+	exch pop exch pop 0 eq{exch}if 
+	<< /PageSize [ 5 -2 roll ] /ImagingBBox null >> 
+	setpagedevice 
+"
+*End
+*ParamCustomPageSize Width: 1 points 197 612
+*ParamCustomPageSize Height: 2 points 328 1152
+*ParamCustomPageSize WidthOffset: 3 points 0 0
+*ParamCustomPageSize HeightOffset: 4 points 0 0
+*ParamCustomPageSize Orientation: 5 int 0 1
+
+*%==== 5.14 Finishing Features =================================
+*%%%%% Resolution and Appearance Control %%%%%
+*DefaultResolution: 600dpi
+*OpenUI *CAPT/Print Quality:PickOne
+*OrderDependency: 10 AnySetup *CAPT
+*DefaultCAPT: Middle
+*CAPT	SFine/1200 dpi: "<</HWResolution [1200 1200] >> setpagedevice 
+statusdict/true1200 known{statusdict begin true true1200 end}if
+"
+*CAPT	Fine/HQ 1200: "<</HWResolution [1200 1200] >> setpagedevice
+statusdict/true1200 known{statusdict begin false true1200 end}if
+"
+*CAPT	Middle/600 dpi: "<</HWResolution [600 600] >> setpagedevice"
+*CAPT Low/300 dpi: "<</HWResolution [300 300] >> setpagedevice"
+*CloseUI: *CAPT
+
+*%==== 5.13 Media Handling Features ============================
+*OpenUI *BRMediaType/Media Type: PickOne
+*OrderDependency: 28 AnySetup *BRMediaType
+*DefaultBRMediaType:Plain 
+*BRMediaType Plain/Plain Paper: "<</MediaType (REGULAR)>>setpagedevice"
+*BRMediaType Thin/Thin Paper: "<</MediaType (THIN)>>setpagedevice"
+*BRMediaType Thick/Thick Paper: "<</MediaType (THICK)>>setpagedevice"
+*BRMediaType ThickPaper2/Thicker Paper: "<</MediaType (THICK2)>>setpagedevice"
+*BRMediaType BOND/Bond Paper: "<</MediaType (BOND)>>setpagedevice"
+*BRMediaType Transparency/Transparencies: "<</MediaType (TRANSPARENCY)>>setpagedevice"
+*BRMediaType Env/Envelopes: "<</MediaType (ENVELOPES)>>setpagedevice"
+*BRMediaType EnvThick/Env. Thick: "<</MediaType (ENVTHICK)>>setpagedevice"
+*BRMediaType EnvThin/Env. Thin: "<</MediaType (ENVTHIN)>>setpagedevice"
+*BRMediaType Recycled/Recycled Paper: "<</MediaType (RECYCLED)>>setpagedevice"
+*CloseUI: *BRMediaType
+
+*OpenUI *InputSlot: PickOne
+*OrderDependency: 19 AnySetup *InputSlot
+*DefaultInputSlot: AutoSelect
+*InputSlot AutoSelect/Auto Select: "<</ManualFeed false /BRTraysw true >> setpagedevice"
+*InputSlot Tray1/Tray1: "<</ManualFeed false /BRTraysw false /BRFeeder 0>> setpagedevice"
+*InputSlot Tray2/Tray2: "<</ManualFeed false /BRTraysw false /BRFeeder 1>> setpagedevice"
+*InputSlot Tray3/Tray3: "<</ManualFeed false /BRTraysw false /BRFeeder 2>> setpagedevice"
+*InputSlot MPTray/MP Tray: "<</ManualFeed false /BRTraysw false /BRFeeder 4>> setpagedevice"
+*CloseUI: *InputSlot
+
+*RequiresPageRegion All:True
+
+*OpenUI *ManualFeed/Manual Feed: Boolean
+*OrderDependency: 19 AnySetup *ManualFeed
+*DefaultManualFeed: False
+*ManualFeed True:  "<</ManualFeed true>> setpagedevice"
+*ManualFeed False: "<</ManualFeed false>> setpagedevice"
+*CloseUI: *ManualFeed
+
+*%=== Duplex ================================
+*OpenUI *Duplex: PickOne
+*OrderDependency: 25 AnySetup *Duplex
+*DefaultDuplex: None
+*Duplex DuplexTumble: "<</Duplex true /Tumble true>>setpagedevice"
+*Duplex DuplexNoTumble: "<</Duplex true /Tumble false>>setpagedevice"
+*Duplex None: "<</Duplex false /Tumble false>>setpagedevice"
+*CloseUI: *Duplex
+
+*%=== Output Bin =============================
+*DefaultOutputBin: OnlyOne
+
+*% === Collate ==========
+
+
+*%=== JobHold ================================
+
+*%==== BR-Script Color Original UI  ==================================
+*OpenUI *TonerSaveMode/Toner Save: Boolean
+*DefaultTonerSaveMode: False
+*OrderDependency: 10 AnySetup  *TonerSaveMode
+*TonerSaveMode False/Off: "
+	statusdict/tonersave known{statusdict begin false tonersave end}if
+"
+*End
+*TonerSaveMode True/On: "
+	statusdict/tonersave known{statusdict begin true tonersave end}if
+"
+*End
+*CloseUI: *TonerSaveMode
+
+*OpenUI *Sleep/Sleep Time [Min.]: PickOne
+*DefaultSleep: PrinterDefault
+*OrderDependency: 10 AnySetup  *Sleep
+*Sleep PrinterDefault/Printer Default: ""
+*Sleep 2minutes/2: "statusdict/powersavetime known{statusdict begin 2 powersavetime end}if"
+*Sleep 10minutes/10: "statusdict/powersavetime known{statusdict begin 10 powersavetime end}if"
+*Sleep 30minutes/30: "statusdict/powersavetime known{statusdict begin 30 powersavetime end}if"
+*CloseUI: *Sleep
+
+*% Halftone Screen Lock Information ===============
+*OpenUI *ScreenLock/Halftone Screen Lock: Boolean
+*OrderDependency: 90 AnySetup *ScreenLock
+*DefaultScreenLock: True
+*ScreenLock True/On: "
+    <</HalftoneMode 1>>setuserparams 
+"
+*End
+*ScreenLock False/Off: "
+    <</HalftoneMode 0>>setuserparams
+"
+*End
+*CloseUI: *ScreenLock
+
+*% Reduced Image ===============
+*OpenUI *BRReducedImage/High Quality Image Printing: Boolean
+*OrderDependency: 131.0 AnySetup *BRReducedImage
+*DefaultBRReducedImage: False
+*BRReducedImage False/Off: "
+	<</BRReduceImage true>>setpagedevice
+"
+*End
+*BRReducedImage True/On: "
+	<</BRReduceImage false>>setpagedevice
+"
+*End
+*CloseUI: *BRReducedImage
+
+*% Improve Print Output ===============
+*OpenUI *ImprovePrintOutput/Improve Print Output: PickOne
+*OrderDependency: 135.0 AnySetup *ImprovePrintOutput
+*DefaultImprovePrintOutput: None
+*ImprovePrintOutput None/Off: "
+	<</BRReducePaperCurl false /BRImproveTonerFixing false>>setpagedevice
+"
+*End
+*ImprovePrintOutput ReducePaperCurl/Reduce Paper Curl: "
+	<</BRReducePaperCurl true /BRImproveTonerFixing false>>setpagedevice
+"
+*End
+*ImprovePrintOutput ImproveTonerFixing/Improve Toner Fixing: "
+	<</BRReducePaperCurl false /BRImproveTonerFixing true>>setpagedevice
+"
+*End
+*CloseUI: *ImprovePrintOutput
+
+*% Density adjustment ===============
+*OpenUI *BRDensityAdjustment/Density Adjustment: PickOne
+*OrderDependency: 145.0 AnySetup *BRDensityAdjustment
+*DefaultBRDensityAdjustment: None
+*BRDensityAdjustment None/Printer Default: ""
+*BRDensityAdjustment -6/-6: "
+	<</BRDensityAdjustment -6>>setpagedevice
+"
+*End
+*BRDensityAdjustment -5/-5: "
+	<</BRDensityAdjustment -5>>setpagedevice
+"
+*End
+*BRDensityAdjustment -4/-4: "
+	<</BRDensityAdjustment -4>>setpagedevice
+"
+*End
+*BRDensityAdjustment -3/-3: "
+	<</BRDensityAdjustment -3>>setpagedevice
+"
+*End
+*BRDensityAdjustment -2/-2: "
+	<</BRDensityAdjustment -2>>setpagedevice
+"
+*End
+*BRDensityAdjustment -1/-1: "
+	<</BRDensityAdjustment -1>>setpagedevice
+"
+*End
+*BRDensityAdjustment 0/0: "
+	<</BRDensityAdjustment 0>>setpagedevice
+"
+*End
+*BRDensityAdjustment 1/1: "
+	<</BRDensityAdjustment 1>>setpagedevice
+"
+*End
+*BRDensityAdjustment 2/2: "
+	<</BRDensityAdjustment 2>>setpagedevice
+"
+*End
+*BRDensityAdjustment 3/3: "
+	<</BRDensityAdjustment 3>>setpagedevice
+"
+*End
+*BRDensityAdjustment 4/4: "
+	<</BRDensityAdjustment 4>>setpagedevice
+"
+*End
+*BRDensityAdjustment 5/5: "
+	<</BRDensityAdjustment 5>>setpagedevice
+"
+*End
+*BRDensityAdjustment 6/6: "
+	<</BRDensityAdjustment 6>>setpagedevice
+"
+*End
+*CloseUI: *BRDensityAdjustment
+
+*%==== 5.17 Gray Levels and Halftoninig ========================
+*AccurateScreenSupport: False
+*ScreenFreq:  "60.0"
+*ScreenAngle: "45.0"
+*DefaultScreenProc: Dot
+*ScreenProc Dot: "{1.0 add 180 mul 1 add sin 0.001 add exch 1.0 add 180 mul 2 add sin mul}"
+
+*DefaultTransfer: Null
+*Transfer Null:		"{}"
+*Transfer Null.Inverse:	"{1 exch sub}"
+
+*%==== 5.18 Color Issues =======================================
+*% BlackSubstitution -> Original UI
+
+*%==== 5.19 Color Separation Keywords ==========================
+*DefaultColorSep: ProcessBlack
+*ColorSepScreenFreq ProcessBlack.71lpi.600dpi/71 lpi / 600 dpi: "70.7107"
+*ColorSepScreenFreq CustomColor.71lpi.600dpi/71 lpi / 600 dpi: "70.7107"
+*ColorSepScreenFreq ProcessCyan.71lpi.600dpi/71 lpi / 600 dpi: "63.2456"
+*ColorSepScreenFreq ProcessMagenta.71lpi.600dpi/71 lpi / 600 dpi: "63.2456"
+*ColorSepScreenFreq ProcessYellow.71lpi.600dpi/71 lpi / 600 dpi: "66.6667"
+*ColorSepScreenFreq ProcessBlack.60lpi.300dpi/60 lpi / 300 dpi: "60"
+*ColorSepScreenFreq CustomColor.60lpi.300dpi/60 lpi / 300 dpi: "60"
+*ColorSepScreenFreq ProcessCyan.60lpi.300dpi/60 lpi / 300 dpi: "60"
+*ColorSepScreenFreq ProcessMagenta.60lpi.300dpi/60 lpi / 300 dpi: "60"
+*ColorSepScreenFreq ProcessYellow.60lpi.300dpi/60 lpi / 300 dpi: "60"
+*ColorSepScreenFreq ProcessBlack.53lpi.300dpi/53 lpi / 300 dpi: "53.033"
+*ColorSepScreenFreq CustomColor.53lpi.300dpi/53 lpi / 300 dpi: "53.033"
+*ColorSepScreenFreq ProcessCyan.53lpi.300dpi/53 lpi / 300 dpi: "47.4342"
+*ColorSepScreenFreq ProcessMagenta.53lpi.300dpi/53 lpi / 300 dpi:"47.4342"
+*ColorSepScreenFreq ProcessYellow.53lpi.300dpi/53 lpi / 300 dpi: "50.0"
+*ColorSepScreenAngle ProcessBlack.71lpi.600dpi/71 lpi / 600 dpi: "45.0"
+*ColorSepScreenAngle CustomColor.71lpi.600dpi/71 lpi / 600 dpi: "45.0"
+*ColorSepScreenAngle ProcessCyan.71lpi.600dpi/71 lpi / 600 dpi: "71.5651"
+*ColorSepScreenAngle ProcessMagenta.71lpi.600dpi/71 lpi / 600 dpi: "18.4349"
+*ColorSepScreenAngle ProcessYellow.71lpi.600dpi/71 lpi / 600 dpi: "0.0"
+*ColorSepScreenAngle ProcessBlack.60lpi.300dpi/60 lpi / 300 dpi: "45"
+*ColorSepScreenAngle CustomColor.60lpi.300dpi/60 lpi / 300 dpi: "45"
+*ColorSepScreenAngle ProcessCyan.60lpi.300dpi/60 lpi / 300 dpi: "15"
+*ColorSepScreenAngle ProcessMagenta.60lpi.300dpi/60 lpi / 300 dpi: "75"
+*ColorSepScreenAngle ProcessYellow.60lpi.300dpi/60 lpi / 300 dpi: "0"
+*ColorSepScreenAngle ProcessBlack.53lpi.300dpi/53 lpi / 300 dpi: "45.0"
+*ColorSepScreenAngle CustomColor.53lpi.300dpi/53 lpi / 300 dpi:  "45.0"
+*ColorSepScreenAngle ProcessCyan.53lpi.300dpi/53 lpi / 300 dpi:  "71.5651"
+*ColorSepScreenAngle ProcessMagenta.53lpi.300dpi/53 lpi / 300 dpi: "18.4349"
+*ColorSepScreenAngle ProcessYellow.53lpi.300dpi/53 lpi / 300 dpi: "0.0"
+*End
+
+*InkName: ProcessBlack/Process Black
+*InkName: CustomColor/Custom Color
+*InkName: ProcessCyan/Process Cyan
+*InkName: ProcessMagenta/Process Magenta
+*InkName: ProcessYellow/Process Yellow
+
+*%==== 5.20 Font Related Keywords ==============================
+*DefaultFont: Courier
+*Font AvantGarde-Book: Standard "(001.006S)" Standard ROM
+*Font AvantGarde-BookOblique: Standard "(001.006S)" Standard ROM
+*Font AvantGarde-Demi: Standard "(001.007S)" Standard ROM
+*Font AvantGarde-DemiOblique: Standard "(001.007S)" Standard ROM
+*Font Bookman-Demi: Standard "(001.004S)" Standard ROM
+*Font Bookman-DemiItalic: Standard "(001.004S)" Standard ROM
+*Font Bookman-Light: Standard "(001.004S)" Standard ROM
+*Font Bookman-LightItalic: Standard "(001.004S)" Standard ROM
+*Font Courier: Standard "(002.004S)" Standard ROM
+*Font Courier-Bold: Standard "(002.004S)" Standard ROM
+*Font Courier-BoldOblique: Standard "(002.004S)" Standard ROM
+*Font Courier-Oblique: Standard "(002.004S)" Standard ROM
+*Font Helvetica: Standard "(001.006S)" Standard ROM
+*Font Helvetica-Bold: Standard "(001.007S)" Standard ROM
+*Font Helvetica-BoldOblique: Standard "(001.007S)" Standard ROM
+*Font Helvetica-Narrow: Standard "(001.006S)" Standard ROM
+*Font Helvetica-Narrow-Bold: Standard "(001.007S)" Standard ROM
+*Font Helvetica-Narrow-BoldOblique: Standard "(001.007S)" Standard ROM
+*Font Helvetica-Narrow-Oblique: Standard "(001.006S)" Standard ROM
+*Font Helvetica-Oblique: Standard "(001.006S)" Standard ROM
+*Font NewCenturySchlbk-Bold: Standard "(001.009S)" Standard ROM
+*Font NewCenturySchlbk-BoldItalic: Standard "(001.007S)" Standard ROM
+*Font NewCenturySchlbk-Italic: Standard "(001.006S)" Standard ROM
+*Font NewCenturySchlbk-Roman: Standard "(001.007S)" Standard ROM
+*Font Palatino-Bold: Standard "(001.005S)" Standard ROM
+*Font Palatino-BoldItalic: Standard "(001.005S)" Standard ROM
+*Font Palatino-Italic: Standard "(001.005S)" Standard ROM
+*Font Palatino-Roman: Standard "(001.005S)" Standard ROM
+*Font Times-Bold: Standard "(001.007S)" Standard ROM
+*Font Times-BoldItalic: Standard "(001.009S)" Standard ROM
+*Font Times-Italic: Standard "(001.007S)" Standard ROM
+*Font Times-Roman: Standard "(001.007S)" Standard ROM
+*Font ZapfChancery-MediumItalic: Standard "(001.007S)" Standard ROM
+*Font ZapfDingbats: Special "(001.004S)" Special ROM
+*Font Symbol: Special "(001.007S)" Special ROM
+*Font Alaska: Standard "(001.005)" Standard ROM
+*Font AlaskaExtrabold: Standard "(001.005)" Standard ROM
+*Font AntiqueOakland: Standard "(001.005)" Standard ROM
+*Font AntiqueOakland-Bold: Standard "(001.005)" Standard ROM
+*Font AntiqueOakland-Oblique: Standard "(001.005)" Standard ROM
+*Font ClevelandCondensed: Standard "(001.005)" Standard ROM
+*Font Connecticut: Standard "(001.005)" Standard ROM
+*Font Guatemala-Antique: Standard "(001.005)" Standard ROM
+*Font Guatemala-Bold: Standard "(001.005)" Standard ROM
+*Font Guatemala-Italic: Standard "(001.005)" Standard ROM
+*Font Guatemala-BoldItalic: Standard "(001.005)" Standard ROM
+*Font LetterGothic: Standard "(001.005)" Standard ROM
+*Font LetterGothic-Bold: Standard "(001.005)" Standard ROM
+*Font LetterGothic-Oblique: Standard "(001.005)" Standard ROM
+*Font Maryland: Standard "(001.005)" Standard ROM
+*Font Oklahoma: Standard "(001.005)" Standard ROM
+*Font Oklahoma-Bold: Standard "(001.005)" Standard ROM
+*Font Oklahoma-Oblique: Standard "(001.005)" Standard ROM
+*Font Oklahoma-BoldOblique: Standard "(001.005)" Standard ROM
+*Font Utah: Standard "(001.005)" Standard ROM
+*Font Utah-Bold: Standard "(001.005)" Standard ROM
+*Font Utah-Oblique: Standard "(001.005)" Standard ROM
+*Font Utah-BoldOblique: Standard "(001.005)" Standard ROM
+*Font UtahCondensed: Standard "(001.005)" Standard ROM
+*Font UtahCondensed-Bold: Standard "(001.005)" Standard ROM
+*Font UtahCondensed-Oblique: Standard "(001.004)" Standard ROM
+*Font UtahCondensed-BoldOblique: Standard "(001.005)" Standard ROM
+*Font BermudaScript: Standard "(001.005)" Standard ROM
+*Font Germany: Standard "(001.005)" Standard ROM
+*Font SanDiego: Standard "(001.005)" Standard ROM
+*Font US-Roman: Standard "(001.005)" Standard ROM
+*?FontQuery: "
+save
+count 1 gt
+  {exch dup dup
+   =string cvs (/) print print (:) print
+   FontDirectory exch known
+     {pop(Yes)}
+     {(fonts/)AppendName exch pop mark exch
+      {}=string filenameforall counttomark
+      0 gt
+        {cleartomark(Yes)}
+        {cleartomark(No)}ifelse
+     }ifelse
+   =
+  }if
+  (*) = flush
+restore
+"
+*End
+*?FontList: "
+save
+  FontDirectory{pop ==}forall
+  (fonts/*)
+  {dup length 6 sub 6 exch getinterval cvn ==
+  }=string filenameforall
+  (*) = flush
+restore
+"
+*End
+
+
+*%==== 5.21 Printer Messages ===================================
+*% 
+*% Printer Message 
+*%
+*PrinterError: "service call"
+*PrinterError: "cover open"
+*PrinterError: "end of ink"
+*PrinterError: "out of maintenance paper"
+*PrinterError: "out of paper"
+*PrinterError: "paper jam"
+*PrinterError: "manual feed time out"
+*PrinterError: "load paper letter size"
+*PrinterError: "load paper legal size"
+*PrinterError: "load paper B5 size"
+*PrinterError: "load paper A4 size"
+*PrinterError: "offline"
+
+*Status: "idle"
+*Status: "busy"
+*Status: "waiting"
+*Status: "printing"
+*Status: "warming up"
+*Status: "PrinterError: service call"
+*Status: "PrinterError: cover open"
+*Status: "PrinterError: end of ink"
+*Status: "PrinterError: out of paper"
+*Status: "PrinterError: paper jam"
+*Status: "PrinterError: manual feed time out"
+*Status: "PrinterError: load paper letter size"
+*Status: "PrinterError: load paper legal size"
+*Status: "PrinterError: load paper B5 size"
+*Status: "PrinterError: load paper A4 size"
+*Status: "PrinterError: offline"
+
+*% Input Sources (format: %%[ status: <stat>; source: <one of these> ]%% )
+*Source: "Serial"
+*Source: "Parallel"
+*Source: "EtherTalk"
+*Source: "LPR"
+*Source: "PrintServer"
+*Source: "Internal"
+
+*Message: "%%[ exitserver: permanent state may be changed ]%%"
+*Message: "%%[ Flushing: rest of job (to end-of-file) will be ignored ]%%"
+*Message: "\FontName\ not found, using BR-03B."
+*%==== 5.22 System Management ==================================
+*Password: "0"
+*ExitServer: "
+	serverdict begin 0 exitserver
+"
+*End
+*Reset: "
+	clear cleardictstack
+	serverdict begin 0 exitserver
+	systemdict /quit get exec
+ "
+*End
+

machines/modules/autoupdate.nix

@@ -0,0 +1,139 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.malobeo.autoUpdate;
+in
+{
+  options.malobeo.autoUpdate = {
+    enable = mkOption {
+      description = ''
+        Enables a timer that periodically checks a hydra instance for the last build of the local system, and switches to it if it is different.
+  
+        Also enables periodical /nix/store GC.
+      '';
+      type = types.bool;
+      default = false;
+    };
+
+    # https://hydra.dynamicdiscord.de/job/malobeo/infrastructure/louise/latest
+    url = mkOption {
+      description = lib.mdDoc ''
+        Url to your hydra instace. like https://hydra.example.de
+      '';
+      type = types.str;
+      default = "";
+    };
+
+    project = mkOption {
+      description = lib.mdDoc ''
+        Name of the project at the hydra instace
+      '';
+      type = types.str;
+      default = "";
+    };
+
+    jobset = mkOption {
+      description = lib.mdDoc ''
+        Name of the jobset at the hydra instace
+      '';
+      type = types.str;
+      default = "";
+    };
+
+    cacheurl = mkOption {
+      description = lib.mdDoc ''
+        Url of the binary cache
+      '';
+      type = types.str;
+      default = cfg.url;
+    };
+  };
+
+  config = {
+    # the presence of this .service file signifies that the system is
+    # autoupdate-enabled. it is checked to prevent autoupdating back
+    # to a system without autoupdate when deploying with autoupdate
+    # for the first time.
+    systemd.services.autoupdate = lib.mkIf config.malobeo.autoUpdate.enable {
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ nix nettools curl jq ];
+      serviceConfig = {
+        Type = "oneshot";
+        # switch-to-configuration may not return. HACK: cap running
+        # time so that the timer can be scheduled again.
+        TimeoutStartSec = "30min";
+      };
+      script = ''
+        OLD=$(readlink /run/current-system)
+        echo Current system: $(basename $OLD)
+        NEW=$(curl -sLH "Accept: application/json" ${cfg.url}/job/${cfg.project}/${cfg.jobset}/${config.networking.hostName}/latest | jq -er .buildoutputs.out.path)
+        if [ -z "$NEW" ] || [ "$NEW" = "null" ]; then
+          echo "Unable to obtain updated system"
+          exit 1
+        fi
+        echo New system: $(basename $NEW)
+
+        if [ "$OLD" != "$NEW" ]; then
+          echo "Fetching new system built by ${cfg.url}/job/${cfg.project}/${cfg.jobset}"
+          # this should fetch the new system from the binary cache
+          nix copy --from ${cfg.cacheurl} "$NEW"
+          if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
+            echo "Switch to the new system..."
+            nix-env -p /nix/var/nix/profiles/system --set $NEW
+            "$NEW/bin/switch-to-configuration" switch
+          else
+            echo "New system is not yet autoupdate-enabled. Refusing to switch into a dead end."
+          fi
+        else
+          echo "No update required"
+        fi
+      '';
+      # don't let the switch kill this service, aborting the switch
+      restartIfChanged = false;
+      unitConfig.X-StopOnRemoval = false;
+      # create timer
+      startAt = "hourly";
+    };
+
+    nix = {
+      # Show a diff when activating a new system except for microvms which handle this seperately
+      #diffSystem = config.malobeo.deployment.server or "" == "";
+      #TODO: THIS WIPES HOSTS NIX STORE FROM WITHIN NIXOS-CONTAINER
+      #gc = lib.mkIf config.malobeo.autoUpdate.enable {
+      #  automatic = true;
+      #  randomizedDelaySec = "6h";
+      #  options = "--delete-older-than 21d";
+      #};
+    };
+
+    environment.systemPackages = [ (
+      # Provide a manual updating script that fetches the latest
+      # updated+built system from Hydra
+      pkgs.writeScriptBin "update-from-hydra" ''
+        #! ${pkgs.runtimeShell} -e
+
+        OLD=$(readlink /run/current-system)
+        echo Current system: $(basename $OLD)
+        NEW=$(curl -sLH "Accept: application/json" ${cfg.url}/job/${cfg.project}/${cfg.jobset}/${config.networking.hostName}/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
+        if [ -z "$NEW" ] || [ "$NEW" = "null" ]; then
+          echo "Unable to obtain updated system"
+          exit 1
+        fi
+        echo New system: $(basename $NEW)
+
+        if [ "$OLD" != "$NEW" ]; then
+          echo "Fetching new system built by ${cfg.url}/job/${cfg.project}/${cfg.jobset}"
+          # this should fetch the new system from the binary cache
+          nix copy --from ${cfg.cacheurl} "$NEW"
+          echo "Switch to the new system..."
+          nix-env -p /nix/var/nix/profiles/system --set $NEW
+          "$NEW/bin/switch-to-configuration" switch
+        else
+          echo "No update required"
+        fi
+      ''
+    ) ];
+  };
+}

machines/modules/malobeo/microvm_host.nix

@@ -0,0 +1,52 @@
+{ config, lib, options, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.malobeo.microvm;
+in
+{
+  options = {
+    services.malobeo.microvm = {
+      enableHostBridge = mkOption {
+        default = false;
+        type = types.bool;
+        description = lib.mdDoc "Setup bridge device for microvms.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enableHostBridge
+  { 
+    systemd.network = {
+      enable = true;
+      # create a bride device that all the microvms will be connected to
+      netdevs."10-microvm".netdevConfig = {
+        Kind = "bridge";
+        Name = "microvm";
+      };
+
+      networks."10-microvm" = {
+        matchConfig.Name = "microvm";
+        networkConfig = {
+          DHCPServer = true;
+          IPv6SendRA = true;
+        };
+        addresses = [ {
+          Address = "10.0.0.1/24";
+        } {
+          Address = "fd12:3456:789a::1/64";
+        } ];
+        ipv6Prefixes = [ {
+          Prefix = "fd12:3456:789a::/64";
+        } ];
+      };
+
+      # connect the vms to the bridge
+      networks."11-microvm" = {
+        matchConfig.Name = "vm-*";
+        networkConfig.Bridge = "microvm";
+      };
+    };
+  };
+}

machines/modules/malobeo_user.nix

@@ -6,7 +6,7 @@ in
 {
   users.users.malobeo = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = [ "wheel" "pulse-access" "scanner" "lp" ];
     openssh.authorizedKeys.keys = sshKeys.admins;
     initialPassword = "test";
   };

machines/modules/sshd.nix

@@ -6,7 +6,7 @@ in
 {
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.passwordAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "no";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 }

machines/modules/xserver.nix

@@ -7,7 +7,6 @@
       xterm.enable = false;
       cinnamon.enable = true;
     };
-
-    displayManager.defaultSession = "cinnamon";
   };
+  services.displayManager.defaultSession = "cinnamon";
 }

machines/secrets/keys/hosts/durruti.asc

@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEADh28tGiUsmPPbsQYKSi9WiI4UCPO4qd7hEoER34Ku5w+kpy1MI
+ymJHNlZODjrjvznRidyYt+1vpED941LawzsujBV7pSfIBY0cQWYTbF/euuQFJYxN
+sBLG4kek5IhdnIsav2f7fMv6Rhfkau7p20AYkWUkpoUxBJTxixIkxrO90ODSzMMe
+tLI9MnqPcMASy6dbAGKXSABaYi9bwggIgyYHNaXThEuEAWPMPMMj8Wlo0H0X/B9O
+UEOHSA4N3TBKJXuDhsKgUo6ADLAA5op+YG+JtAdvdjW0XxtDamLkkrEx/fsYWsn2
+LjiX7z6cCQjYy+GG6LV82cavyF9sBAs8kEl4AVXVYsaB0g99rpY91EYLAD2Ddh4d
+lHPwPVQ52Ht3QeEPAsqeXRh+gZOp/xx6EJXXaH7aorXoWlbUFcCnTTEFAM0HibZg
+ChZEX+pl9RxdPeIwU4kd9LxNygDwp4YhdJzbcpHkp7RrkHJHgmAxUEVCxZfw/P2c
+GDIBHQSS4FZ5PIhh+aejYCo4BrisGuAjwlaH26BRNraM8EImaLwLuQZ1TOWm97tI
+BEI0JFscrTi2RSPgDCg1Cu78ocbcpqC3cRclXzRohvp83NpWnAQFCAdNaTttQsio
+lQTXxmJlaeo/0vHAN+Llukchh6sFzzNP3v4B8vLvdXkE3s5XYxJungblTwARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQWRHe9aQhhWcCGw8CGQEAALRQEABVEYsIn5zGV84caxE/LXN7
+7nDsUEyo3lCetStM7JT7uDdMl5t33pUAIbm4gv6/BrvVZ6pBtPfTrVrTKKDornKJ
+VU/tKims+CbnuPUIbOmuXcPbQIa/IF4WVop8XJTzMOSW636/eH1D2VTLI8Jmw35s
+qDmqx72hISUBGCszTJkThp8xUFMW5NcJc6zGB9I4vdac6Sf6yuZqmdfDm0MzcvmA
+tDASc6ZLeffPkJxUA+x2WouAYkfdV1CdVS6ob6owrSza/T+wQ3DgzO5AVZ31HXTa
+gDkVIBgdZYR2H8IaaTetb4m2+SgdXr7s9WCOR2i8DiSKpnUAJKoVIOl6pBd13jCu
+PHQzkKq6kqn4bRYCZil3fKDB90mVDIyixJJCt//VA5y9Tgggp9o7a+l35I9hCJ2F
+6AYtpfXkTbI9wqmk33TJX2litqqPZkhEERv25UDvnZ7Mm0my9QXJZ1Fp1nRLIKZg
+VABDS/wIB1QHtOldDLMeRD7Fnrnjgnyuk4/HmCem0wFDPHDo/ppa2QtCUk1xxywu
+fa7hs/oDVUMsofpDm6Ls4IgFXbSD9GUTDdB+UvZi5vITaZ1f1QLcrShhSUHkLIpc
+65Fj79r9cdHKdUhnM2+pTuVM6Az3huMkZ+abgjSHWSni2njowRUd2P7pG+ZhaUk3
+Rj7jxxXh1KQ7X8Rbbce8Mg==
+=sb6Z
+-----END PGP PUBLIC KEY BLOCK-----

outputs.nix

@@ -18,12 +18,44 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     devShells.default = pkgs.callPackage ./shell.nix {
       inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
     };
+
+    packages = {
+      docs = pkgs.stdenv.mkDerivation {
+        name = "malobeo-docs";
+        phases = [ "buildPhase" ];
+        buildInputs = [ pkgs.mdbook ];
+      
+        inputs = pkgs.lib.sourceFilesBySuffices ./doc/. [ ".md" ".toml" ];
+      
+        buildPhase = ''
+          dest=$out/share/doc
+          mkdir -p $dest
+          cp -r --no-preserve=all $inputs/* ./
+          mdbook build
+          ls
+          cp -r ./book/* $dest
+        '';
+      };
+    };
+
+    apps = {
+      docs = {
+        type = "app";
+        program = builtins.toString (pkgs.writeShellScript "docs" ''
+          ${pkgs.mdbook}/bin/mdbook serve --open ./doc
+        '');
+      };
+    };
+
   })) // rec {
     nixosConfigurations = import ./machines/configuration.nix (inputs // {
       inherit inputs;
     });
 
-    nixosModules.malobeo = import ./machines/durruti/host_config.nix;
+    nixosModules.malobeo.imports = [
+      ./machines/durruti/host_config.nix
+      ./machines/modules/malobeo/microvm_host.nix
+    ];
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (
       let
@@ -36,26 +68,4 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       nixpkgs.lib.mapAttrs getBuildEntry self.nixosConfigurations
 
       );
-
-      #lucia = self.nixosConfigurations.lucia.config.system.build.toplevel;
-    
-
-    #images.lucia_base_image = nixosConfigurations.lucia.config.system.build.sdImage;
-
-    #packages.x86_64-linux = {
-    #  lucia_base_img = nixos-generators.nixosGenerate {
-    #    system = "aarch64-linux";
-    #    modules = [
-    #      #"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
-    #      ./machines/modules/sshd.nix
-    #      {
-    #        nixpkgs.config.allowUnsupportedSystem = true;
-    #        nixpkgs.crossSystem.system = "aarch64-linux";
-    #        networking.dhcpcd.enable = true;
-    #      }
-    #    ];
-
-    #    format = "sd-aarch64-installer";
-    #  };
-    #};
 }

shell.nix

@@ -18,5 +18,6 @@ mkShell {
     sops-init-gpg-key
     sops
     pkgs.python310Packages.grip
+    pkgs.mdbook
   ];
 }