Integrate hummelberg desktop configuration

defaults/base/default.nix

@@ -2,7 +2,7 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [ ../../modules ];
+  imports = [ ../../modules ./unfree.nix ];
 
   nixpkgs.overlays = [ (import ../../overlays) ];
 
@@ -14,29 +14,80 @@
 
   console = {
     font = "Lat2-Terminus16";
-    keyMap = "sg-latin1";
+    keyMap = "de_CH-latin1";
   };
 
   i18n.defaultLocale = "en_US.UTF-8";
 
-  environment.systemPackages = with pkgs; [
-    wget
-    curl
-    vim
-    tmux
-    git
-    ncat
-    bind
-    ack
-    fwupd
-    pciutils
-    dmidecode
-    smartmontools
-    parted
-    borgbackup
-    nixfmt
-    iw
-  ];
+  environment.systemPackages = with pkgs;
+    [
+      vim
+      tmux
+      fwupd
+      pciutils
+      dmidecode
+      smartmontools
+      borgbackup
+      iw
+      killall
+      bc
+      efibootmgr
+      efitools
+      efivar
+      mkpasswd
+      rename
+      wipe
+      gnupg
+      pass
+      pwgen
+      units
+      powertop
+      lm_sensors
+    ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ]
+    ++ [ autojump powerline-go ] ++ [ # File Utilities
+      ack
+      unzip
+      unrar
+      perl530Packages.DigestSHA3
+      borgbackup
+      iotop
+      cabextract
+      tree # p7zip
+      vim
+      vimPlugins.pathogen
+      vimPlugins.airline
+      git
+      git-lfs
+    ] ++ [ # Filesystem & Disk Utilities
+      fuse_exfat
+      cifs-utils
+      keyutils # required for cifs kerberos auth
+      smbclient
+      exfat-utils
+      sshfs-fuse
+      hdparm
+      mtpfs
+      ntfs3g
+      smartmontools
+      parted
+    ] ++ [ # Networking Utilities
+      nmap
+      bind
+      curl
+      wget
+      ncat
+      tor
+      tor-arm
+      mosh
+      whois
+      wol
+      rsync
+      sshuttle
+      iftop
+      mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound
+      imapsync
+      bluez-tools
+    ];
 
   services.fwupd.enable = true;
 
@@ -54,16 +105,24 @@
 
   nix.trustedUsers = [ "root" "@wheel" ];
 
+  users.groups = {
+    fhauser.gid = 1000;
+    das-g.gid = 1001;
+    empty0.gid = 1002;
+  };
+
   users.mutableUsers = false;
-  users.users = rec {
+  users.users = rec { # TODO: Migrate to meta
     root.openssh.authorizedKeys.keys =
       lib.flatten (map (u: u.openssh.authorizedKeys.keys) [ fhauser das-g ]);
 
     fhauser = {
+      uid = 1000;
       isNormalUser = true;
       description = "Fabian Hauser";
-      extraGroups = [ "wheel" ];
-      uid = 1000;
+      group = "fhauser";
+      extraGroups = [ "wheel" "video" ]
+        ++ (if config.virtualisation.docker.enable then [ "docker" ] else [ ]);
       hashedPassword =
         "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
       openssh.authorizedKeys.keys = [
@@ -72,16 +131,27 @@
     };
 
     das-g = {
+      uid = 1001;
       isNormalUser = true;
       description = "Raphael Das Gupta";
+      group = "das-g";
       extraGroups = [ "wheel" ];
-      uid = 1001;
       hashedPassword =
         "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0";
       openssh.authorizedKeys.keys = [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon"
       ];
     };
+
+    empty0 = {
+      uid = 1002;
+      isNormalUser = true;
+      description = "Testuser empty0";
+      group = "empty0";
+      extraGroups = [ "video" ];
+      hashedPassword =
+        "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
+    };
   };
 
   nix.gc = {
@@ -90,10 +160,14 @@
     options = "--delete-older-than 30d";
   };
 
+  services.btrfs.autoScrub.enable = true;
+
   environment.etc = {
     gitconfig.source = ./etc/gitconfig;
     vimrc.source = ./etc/vimrc;
   };
+  programs.autojump.enable = true;
+  programs.vim.defaultEditor = true;
 
   security.acme = {
     acceptTerms = true;

defaults/base/unfree.nix

@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+{
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "unrar"
+
+      "hplip"
+
+      "google-chrome"
+      "spotify"
+      "skypeforlinux"
+      "slack"
+      "teams"
+      "discord"
+      "teamviewer"
+      "unity-editor"
+
+      "corefonts"
+      "camingo-code"
+      "helvetica-neue-lt-std"
+      #"kochi-substitute-naga10"
+      "ttf-envy-code-r"
+      "vista-fonts"
+      "vista-fonts-chs"
+      "xkcd-font-unstable"
+      "ricty"
+
+      "pycharm-professional"
+      "idea-ultimate"
+      "android-studio-stable"
+
+      "vmware-view"
+    ];
+}

defaults/cifs-auth-fix/default.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  # Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved
+  # The TL;DR is: the kernel calls out to the hard-coded path of
+  # /sbin/request-key as part of its CIFS auth process, which of course does
+  # not exist on NixOS due to the usage of Nix store paths.
+  system.activationScripts.symlink-requestkey = ''
+    if [ ! -d /sbin ]; then
+      mkdir /sbin
+    fi
+    ln -sfn /run/current-system/sw/bin/request-key /sbin/request-key
+  '';
+  # request-key expects a configuration file under /etc
+  environment.etc."request-key.conf" = {
+    text = let
+      upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
+      keyctl = "${pkgs.keyutils}/bin/keyctl";
+    in ''
+      #OP     TYPE          DESCRIPTION  CALLOUT_INFO  PROGRAM
+      # -t is required for DFS share servers...
+      create  cifs.spnego   *            *             ${upcall} -t %k
+      create  dns_resolver  *            *             ${upcall} %k
+      # Everything below this point is essentially the default configuration,
+      # modified minimally to work under NixOS. Notably, it provides debug
+      # logging.
+      create  user          debug:*      negate        ${keyctl} negate %k 30 %S
+      create  user          debug:*      rejected      ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      expired       ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      revoked       ${keyctl} reject %k 30 %c %S
+      create  user          debug:loop:* *             |${pkgs.coreutils}/bin/cat
+      create  user          debug:*      *             ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
+      negate  *             *            *             ${keyctl} negate %k 30 %S
+    '';
+  };
+}

defaults/desktop/applications.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  environment.systemPackages = with pkgs;
+    [ # Networking
+      unison
+      transmission # GUI Tools, maybe extract...
+    ] ++ [ # Desktop Environment Applications
+      firefox
+      google-chrome
+      chromium
+      midori
+      qutebrowser
+      gnome3.evolution # TODO: Evolution EWS
+      synergy
+      quicksynergy
+      simple-scan
+      nextcloud-client
+      owncloud-client
+    ] ++ [ # office # TODO: Migrate to office.nix
+      libreoffice-fresh # TODO: Dictionaries, nixos/nixpkgs#14430
+      pdfgrep
+      pdftk
+      calibre
+      tectonic
+      texstudio
+      pandoc
+      system-config-printer
+      cups-pk-helper
+      cups-bjnp
+      gutenprint
+      gutenprintBin
+      hplipWithPlugin
+      gnome3.gnome-online-accounts
+      gnome3.gnome-control-center
+    ] ++ [ # Communication
+      signal-desktop
+      tdesktop
+      discord
+      mattermost-desktop
+      # pidgin pidgin-otr pidgin-with-plugins #TODO: Pidgin needed?
+      #TODO: ekiga?
+      skype
+      slack
+      teams
+      teamviewer
+      rdesktop
+      vmware-horizon-client
+    ];
+
+}

defaults/desktop/default.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, lib, ... }: {
+
+  imports = [
+    ./applications.nix
+    ./desktop-environment.nix
+    ./desktop-i3.nix
+    ./hardware.nix
+    ./multimedia.nix
+    ./office-suite.nix
+    ./scripts.nix
+    ./security.nix
+    ./webapps.nix
+  ];
+
+}

defaults/desktop/desktop-environment.nix

@@ -0,0 +1,53 @@
+{ config, pkgs, lib, ... }: {
+
+  environment.systemPackages = with pkgs;
+    [ # Utilities
+      freetype
+      light
+      xorg.xbacklight
+      feh
+      redshift
+      numlockx # TODO: Does this work?
+      lxappearance
+    ] ++ [ # Networking
+      gnome3.networkmanager-openconnect
+    ] ++ [ # Various
+      xfce.thunar
+      xfce.thunar-archive-plugin
+      xfce.xfce4-appfinder # xfce.thunar-volman # needed?
+      xfce.terminal
+      gnome3.gnome-screenshot
+      pinentry-gtk2 # Required by gnupg
+    ];
+
+  programs = {
+    gnome-terminal.enable = false;
+    geary.enable = false;
+    light.enable = true;
+
+    gnupg.agent.pinentryFlavor = "gtk2";
+
+    dconf.enable = true;
+  };
+
+  services.gnome3 = {
+    # TODO: Do this manually and not all at once.
+    core-utilities.enable = true;
+
+    gnome-keyring.enable = true;
+    evolution-data-server.enable = true;
+    gnome-online-accounts.enable = true;
+
+    sushi.enable = false;
+  };
+
+  services.gvfs.enable = true;
+
+  services.flatpak.enable = true;
+  xdg.portal = {
+    enable = true;
+    gtkUsePortal = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
+}

defaults/desktop/desktop-i3.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }: {
+
+  services.xserver = {
+    enable = true;
+    desktopManager.xterm.enable = false;
+    displayManager = {
+      startx.enable = false;
+      lightdm.enable = true;
+      defaultSession = "none+i3";
+    };
+    windowManager.i3 = {
+      enable = true;
+      extraPackages = with pkgs; [
+        xdotool # for passmenu
+        python37Packages.py3status
+        file # TODO: py3status dependencies that should be added to nixpkgs
+        i3status
+        i3lock
+        redshift
+        rofi # TODO: add themes to global shared
+        feh
+        gnome3.networkmanagerapplet
+        pulseaudioLight.out
+        gnome3.gnome-screenshot
+      ];
+    };
+  };
+
+  # Enable touchpad support.
+  services.xserver.libinput.enable = true;
+
+  # i18n
+  services.xserver.layout = "ch,de";
+  services.xserver.xkbOptions = "eurosign:e";
+
+}

defaults/desktop/hardware.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.blueman.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+
+  hardware = {
+    pulseaudio.enable = true;
+    opengl.enable = true;
+    u2f.enable = true;
+    acpilight.enable = true;
+    bluetooth.enable = true;
+  };
+
+}

defaults/desktop/multimedia.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  environment.systemPackages = with pkgs;
+    [ vlc v4l-utils calibre blender openshot-qt playerctl youtube-dl ]
+    ++ [ # Audio
+      audacity
+      enblend-enfuse
+      ffmpeg
+      mplayer
+      sox # TODO: mencoder?
+      vorbis-tools
+      vorbisgain
+      opusTools
+      flac
+      lame
+      id3lib
+      id3v2 # TODO: icedax?
+      pasystray
+      pavucontrol
+      spotify
+    ] ++ [ # Imaging
+      gimp
+      hugin
+      lensfun
+      luminanceHDR
+      darktable
+      geeqie
+      gphoto2
+      # ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts
+      inkscape
+      ghostscript
+      stellarium
+      unity3d
+    ] ++ [ # Codecs for Audio and Video
+      vobcopy
+      libdv
+      libdvbpsi # TODO: librtmp?
+      xvidcore
+      x264
+      gst-plugins-base
+      gst-plugins-bad
+      gst-plugins-good
+      gst-plugins-ugly
+      gst_all_1.gstreamer
+      gst_all_1.gst-vaapi
+      gst_all_1.gst-rtsp-server
+      gst_all_1.gst-libav
+      gst_all_1.gst-plugins-base
+      gst_all_1.gst-plugins-bad
+      gst_all_1.gst-plugins-good
+      gst_all_1.gst-plugins-ugly
+    ];
+
+}

defaults/desktop/office-suite.nix

@@ -0,0 +1,177 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  # Hamster
+  environment.systemPackages = with pkgs; [ hamster ];
+  programs.hamster.enable = true;
+
+  # Fonts
+  fonts.fonts = with pkgs; [
+    google-fonts
+    lalezar-fonts
+    nahid-fonts
+    fontconfig-penultimate
+    nika-fonts
+    agave
+    aileron
+    amiri
+    andagii
+    #andika # Breaks Font-Awesome
+    ankacoder
+    ankacoder-condensed
+    aurulent-sans
+    caladea
+    cantarell-fonts
+    carlito
+    cascadia-code
+    #charis-sil # Breaks Font-Awesome
+    cherry
+    cnstrokeorder
+    comfortaa
+    comic-neue
+    comic-relief
+    corefonts
+    culmus
+    clearlyU
+    creep
+    crimson
+    dejavu_fonts
+    dina-font
+    dina-font-pcf
+    #doulos-sil # Breaks Font-Awesome
+    cabin
+    camingo-code
+    cooper-hewitt
+    d2coding
+    dosis
+    dosemu_fonts
+    eb-garamond
+    eunomia
+    ferrum
+    fixedsys-excelsior
+    emacs-all-the-icons-fonts
+    emojione
+    encode-sans
+    envypn-font
+    fantasque-sans-mono
+    fira
+    fira-code
+    fira-code-symbols
+    fira-mono
+    #gentium
+    #gentium-book-basic
+    #gohufont
+    #go-font
+    #gubbi-font
+    #gyre-fonts
+    #hack-font
+    ##helvetica-neue-lt-std
+    #hanazono
+    #hermit
+    #hyperscrypt-font
+    #ia-writer-duospace
+    #inconsolata
+    #inconsolata-lgc
+    ##input-fonts
+    #inriafonts
+    #iosevka
+    #iosevka-bin
+    #ipafont
+    #ipaexfont
+    #iwona
+    #jetbrains-mono
+    #jost
+    #kanji-stroke-order-font
+    #latinmodern-math
+    #lato
+    #league-of-moveable-type
+    ##liberation-sans-narrow
+    #libertine
+    #libertinus
+    #libre-baskerville
+    #libre-bodoni
+    #libre-caslon
+    #libre-franklin
+    #lmmath
+    #lmodern
+    #luculent
+    #marathi-cursive
+    #manrope
+    #material-design-icons
+    #material-icons
+    #meslo-lg
+    #migmix
+    #migu
+    #medio
+    #mno16
+    #monoid
+    #mononoki
+    #montserrat
+    #mph_2b_damase
+    #mplus-outline-fonts
+    #mro-unicode
+    #myrica
+    #nafees
+    #nanum-gothic-coding
+    #national-park-typeface
+    #office-code-pro
+    #oldstandard
+    #oldsindhi
+    #open-dyslexic
+    open-sans
+    orbitron
+    overpass
+    oxygenfonts
+    #pecita
+    paratype-pt-mono
+    paratype-pt-sans
+    paratype-pt-serif
+    penna
+    poly
+    powerline-fonts
+    profont
+    proggyfonts
+    public-sans
+    redhat-official-fonts
+    route159
+    #sarasa-gothic
+    seshat
+    scheherazade
+    #signwriting
+    stix-otf
+    stix-two
+    quattrocento
+    quattrocento-sans
+    raleway
+    recursive
+    rhodium-libre
+    roboto
+    roboto-mono
+    roboto-slab
+    hasklig
+    siji
+    source-code-pro
+    source-sans-pro
+    source-serif-pro
+    tamsyn
+    theano
+    tenderness
+    terminus_font
+    tipa
+    twemoji-color-font
+    twitter-color-emoji
+    ubuntu_font_family
+    #ucs-fonts
+    ultimate-oldschool-pc-font-pack
+    victor-mono
+    work-sans
+    wqy_microhei
+    wqy_zenhei
+    xits-math
+    xkcd-font
+    yanone-kaffeesatz
+    norwester-font
+    font-awesome
+  ]; # Generated with `cd /home/fhauser/projects/nixos/nixpkgs/pkgs/data/fonts; echo *`
+}

defaults/desktop/scripts.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, lib, ... }:
+
+let
+  locksuspend = pkgs.writeScriptBin "locksuspend" ''
+    #!${pkgs.stdenv.shell}
+    set -euo pipefail
+    IFS=$'\n\t'
+    i3lock --ignore-empty-password --show-failed-attempts --color=000000
+    sleep 0.5
+    exec systemctl suspend
+  '';
+in {
+
+  environment.homeBinInPath = true;
+
+  environment.systemPackages = [ locksuspend ];
+}

defaults/desktop/security.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, lib, ... }:
+
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  services.pcscd.enable = true;
+
+  # Ignore Broadcom smartcard
+  # See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html
+  systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES =
+    "Broadcom";
+}

defaults/desktop/webapps.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+
+let
+  web-app = name: url:
+    pkgs.writeScriptBin name ''
+      #!${pkgs.stdenv.shell}
+      exec ${pkgs.chromium}/bin/chromium --app="${url}"
+    '';
+  whatsapp = web-app "whatsapp" "https://web.whatsapp.com/";
+  threema = web-app "threema" "https://web.threema.ch/";
+  netflix = web-app "netflix" "https://netflix.com/";
+in { environment.systemPackages = with pkgs; [ whatsapp netflix threema ]; }

defaults/development-tools/default.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  virtualisation = { # TODO: This should probably be somewhere else.
+    docker.enable = true;
+    libvirtd.enable = true;
+  };
+
+  environment.systemPackages = with pkgs;
+    [
+      vscodium
+      jetbrains.webstorm
+      jetbrains.pycharm-professional
+      jetbrains.idea-ultimate
+      android-studio
+      #umlet
+      #hugo # TODO: Is this the extended version?
+      #kubernetes-helm # TODO: is this the client?
+      #wireshark # sslscan aircrack-ng # Network
+      pipenv # Python
+      yubikey-manager # cracklib genisoimage # Security
+      gitlab-runner
+    ] ++ [ # Virtualisation, Docker & Kubernetes # TODO: MOoe
+      virt-manager
+      docker-compose
+      kubectl
+      vagrant # TODO: Supports libvirtd?
+    ];
+
+}

defaults/games/default.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    neverball
+    wesnoth
+    pingus
+    superTux
+    superTuxKart
+    extremetuxracer
+    zeroad
+    #TODO: smc
+  ];
+
+  services.gnome3.games.enable = true;
+}

defaults/printing/default.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [ gutenprint hplip splix cups-googlecloudprint ];
+  };
+
+  services.system-config-printer.enable = true;
+  programs.system-config-printer.enable = true;
+}

hardware/apu.nix

@@ -22,7 +22,7 @@
   boot.extraModulePackages = [ ];
   boot.kernelParams = [ "console=ttyS0,115200n8" ];
 
+  # CPU Configuration
   hardware.cpu.amd.updateMicrocode = true;
-
   nix.maxJobs = lib.mkDefault 4;
 }

hardware/dell-precision-3530.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }: {
+
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+  ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  # CPU Configuration
+  hardware.cpu.amd.updateMicrocode = true;
+  nix.maxJobs = lib.mkDefault 12;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

host/hummelberg/default.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, ... }: {
+
+  imports = [
+    ./filesystems.nix
+    ./networking.nix
+    ./printing.nix
+    #./backup.nix #TODO: Extract applications from desktop role
+
+    ../../hardware/dell-precision-3530.nix
+
+    ../../defaults/base
+    ../../defaults/cifs-auth-fix
+    ../../defaults/desktop
+    ../../defaults/development-tools
+    ../../defaults/games
+    ../../defaults/printing
+  ];
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.03"; # Did you read the comment?
+
+}

host/hummelberg/filesystems.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, lib, ... }:
+let
+  networkShares = let
+    hsr_options = [
+      "defaults"
+      "noauto"
+      #"iocharset=utf8"
+      "soft"
+      "user=fhauser"
+      "domain=hsr.ch"
+      "uid=1000"
+      "gid=1000"
+    ];
+    hsr_share = share_name:
+      { domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }:
+      lib.nameValuePair "/mnt/hsr/${share_name}" {
+        device = "//${domain}/${path}";
+        fsType = "cifs";
+        options = hsr_options ++ extra_options;
+        noCheck = true;
+      };
+  in lib.mapAttrs' hsr_share {
+    "skripte".path = "alg/skripte";
+    "scratch".path = "alg/scratch";
+    "fhauser".domain = "c101.hsr.ch";
+    #"fabian.hauser".domain = "svm-c113.ost.ch"; # User!
+    "afe" = { };
+    "auw" = { };
+    "ebooks" = {
+      path = "alg/ebooks";
+      extra_options = [ "ro" ];
+    };
+  };
+
+in {
+  boot.initrd.luks.devices = {
+    "root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772";
+    "swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c";
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35";
+      fsType = "btrfs";
+      options = [ "subvol=nixos" ];
+    };
+    "/home" = {
+      device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/E86E-3C6C";
+      fsType = "vfat";
+    };
+  } // networkShares;
+
+  swapDevices = [{ device = "/dev/mapper/swap"; }];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+}

host/hummelberg/networking.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = false;
+    #wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    hostName = "hummelberg";
+  };
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+}

host/hummelberg/printing.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261";
+  hardware.printers.ensurePrinters = [{
+    name = "hsr-mfp-8261";
+    deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp";
+    location = "HSR 8.261";
+    model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz";
+    ppdOptions = {
+      Duplex = "DuplexNoTumble";
+      PageSize = "A4";
+      auth-info-required = "username,password";
+    };
+  }];
+}