Massive rework to rebase on hexchen's new nixfiles deploy stuffs.

.gitignore

@@ -1,2 +1,2 @@
-result
-secrets.nix
+/result
+/config/hosts/beltane/secrets.nix

README.md

@@ -1,58 +0,0 @@
-# nixfiles
-
-Nix deployment related stuff.
-
-## How to use
-
-* Change SSH port for ./result's SSH connection to 62954 `export NIX_SSHOPTS="-p 62954"`
-* Change SSH port for ./result's SSH connection to 22: `export NIX_SSHOPTS="-p 22"`
-* Build all devices and execute the resulting deploy script: `nix build -f . deploy.all && ./result`
-* Build all devices in \<group\> and execute the resulting deploy script:  `nix build -f . deploy.\<group\> && ./result`
-* Build \<hostname\> and execute the resulting deploy script: `nix build -f . deploy.\<hostname\> && ./result`
-
-## Hosts
-
-* beltane - Hetzner VPS.
-* samhain - Desktop.
-* yule - Laptop.
-* litha - Relatively unused netbook.
-
-## To-do
-
-### Overall
-- [ ] Migrate the secrets file currently in use to be usable for each host.
-- [ ] DNS provider migration. (Cloudflare -> Glauca)
-  - [ ] Fancy wildcard certificate shenanigans?
-
-### Host: beltane
-- [ ] Reinstall with a ZFS root filesystem.
-  - [ ] Backup data from current install.
-- [ ] Secrets management for Beltane.
-- [ ] Additional services configuration for Beltane
-  - [ ] Self-hosted mail using [this](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver).
-  - [ ] matrix-synapse
-  - [ ] matrix-puppet-discord
-  - [ ] mautrix-whatsapp
-  - [ ] mautrix-telegram
-  - [ ] Nextcloud
-  - [ ] syncserver
-  - [ ] bitwarden_rs
-
-### Group: graphical
-- [ ] Move all devices to using Sway. 
-  - [ ] Write a Sway profile using [this](http://blog.patapon.info/nixos-systemd-sway/) as reference material? 
-    - [ ] Move to using LightDM instead of GDM or start using CLI for session management.
-  - [ ] Migrate graphical group host configurations to using the Sway profile instead of the GNOME / XFCE profiles.
-  - [ ] Remove GNOME / XFCE profiles.
-- [ ] Include redshift in the desktop profile. Configure using secrets file post-migration if required.
-- [ ] Firefox configuration refactors
-  - [ ] See if a 1password NUR package exists. If not, create one.
-  - [ ] See if a tree style tabs NUR package exists. If not, create one.
-  - [ ] Check [here](https://rycee.gitlab.io/home-manager/options.html) for reference to Firefox configuration options under home-manager. Write a config involving the required addons:
-    - 1password
-    - uBlock Origin
-    - Privacy Badger
-    - HTTPS Everywhere
-    - Tampermonkey
-  - [ ] Attach self-hosted syncserver to profile.
-  - [ ] Import into graphical group host configurations.

config/hosts/beltane/configuration.nix

@@ -3,17 +3,12 @@
 let unstable = import <nixos-unstable> { };
 in {
   imports = [
-    ../../profiles/common
     ./hardware-configuration.nix
-    #./services/postgres.nix
     ./services/znc.nix
     ./services/weechat.nix
-    #./services/gitea.nix
-    #./services/matrix.nix
-    #./services/nextcloud.nix
-    #./services/bitwarden.nix
     ./services/nginx.nix
   ];
+  meta.deploy.ssh.host = "beltane.dork.dev";
 
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;

config/hosts/samhain/configuration.nix

@@ -2,25 +2,17 @@
 
 {
   imports = [
+    ../../services/zfs.nix
     ./hardware-configuration.nix
-    ../../profiles/common
-    ../../profiles/desktop
-    ../../profiles/xfce
-    ../../profiles/sway
-    ../../profiles/gaming
-    ../../profiles/development
-    ../../profiles/network
-    ../../profiles/yubikey
     ./services/nginx.nix
     ./services/thermal/thermal.nix
     ./services/torrenting.nix
   ];
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.supportedFilesystems = [ "zfs" "xfs" ];
-  boot.extraModulePackages = [ config.boot.kernelPackages.vendor-reset ];
+  meta.deploy.profiles = [ "desktop" "development" "sway" "gaming" "network" "yubikey" ];
+  meta.deploy.ssh.host = "192.168.1.135";
   
+  # libvirtd is used for our virtual machine
   virtualisation.libvirtd = {
     enable = true;
     qemuOvmf = true;
@@ -28,8 +20,12 @@
     onBoot = "ignore";
     onShutdown = "shutdown";
   };
-  
-  users.users.kat.extraGroups = [ "libvirtd" ];
+
+  # required for guest reboots with the 580
+  boot.extraModulePackages = [ (pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset ];
+
+  # required groups for various intentions  
+  users.users.kat.extraGroups = [ "libvirtd" "input" "qemu-libvirtd" ];
 
   # video=efifb:off allows the 580 to be passed through regardless of being the boot display and allows the 560 to act as a console device
   # pci=noats means that it doesn't kernel panic on my specific configuration
@@ -43,6 +39,8 @@
   boot.kernelModules =
     [ "i2c-dev" "kvm-amd" ]; # i2c-dev is required for DDC/CI for screenstub
 
+  # this section makes vfio-pci be injected as the driver for the 580 and its audio thingy
+  # it should be replaced as mentioned with vfio-pci.ids
   # the script provided: https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html can be used to find iommu groups
   boot.initrd.preDeviceCommands = ''
     DEVS="0000:26:00.0 0000:26:00.1"
@@ -52,6 +50,7 @@
     modprobe -i vfio-pci
   '';
 
+  # the nur is used for arc's packages, so we include it here
   nixpkgs.config.packageOverrides = pkgs: {
     nur = import (builtins.fetchTarball
       "https://github.com/nix-community/NUR/archive/master.tar.gz") {
@@ -59,23 +58,20 @@
       };
   };
 
-    services.udev.extraRules = let
-      localGroup = "users";
-      assignLocalGroup = ''GROUP="${localGroup}"'';
-      i2c = ''
-        SUBSYSTEM=="i2c-dev", ${assignLocalGroup}, MODE="0660"
-      ''; # for DDC/monitor control
-      uinput = ''
-        ACTION=="add", SUBSYSTEM=="input", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd"
-        ACTION=="add", SUBSYSTEM=="input", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
-        SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
-      '';
-    in ''
-      ${i2c}
-      ${uinput}
-    '';
+  # rules are for:
+  # * monitor ddc/ci
+  # * input for qemu
+  # * rule for event-mouse (i hope?)
+  # * uinput rule
+  services.udev.extraRules = ''
+    SUBSYSTEM=="i2c-dev", GROUP="users", MODE="0660"
+    SUBSYSTEM=="input", ACTION=="add", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd"
+    SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
+    SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
+  '';
+
   environment.systemPackages = [
-    #pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding
+    # pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding (currently disabled due to using changed source)
     pkgs.nur.repos.arc.packages.scream-arc # for audio forwarding
     pkgs.ddcutil # for diagnostics on DDC/CI
     pkgs.virt-manager # obvious reasons
@@ -92,26 +88,31 @@
   # audio for vm on startup
   systemd.user.services.scream-arc = {
     enable = true;
-    description = "Scream Arc";
+    wantedBy = [ "multi-user.target" ];
+    description = "Scream - Audio forwarding from the VM.";
     serviceConfig = {
       ExecStart =
-        "${pkgs.nur.repos.arc.packages.scream-arc}/bin/scream -i virbr0 -o pulse -v";
+        "${pkgs.nur.repos.arc.packages.scream-arc}/bin/scream -i virbr0 -o alsa";
       Restart = "always";
     };
-    wantedBy = [ "multi-user.target" ];
-    requires = [ "pulseaudio.service" ];
   };
 
-  networking.hostName = "samhain";
-  networking.hostId = "617050fc";
-
+  # BusId is used to specify the graphics card used for X / lightdm / wayland
+  # BusId must be decimal conversion of the equivalent but matching the format, this was 0000:25:00.0
   services.xserver.deviceSection = lib.mkDefault ''
     Option "TearFree" "true"
     BusID "PCI:37:0:0"
-  ''; # busId must be decimal conversion of the equivalent but matching the format, this was 0000:25:00.0
+  '';
 
+  # graphics tablet
   services.xserver.wacom.enable = true;
 
+  # other stuffs
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = [ "zfs" "xfs" ];
+  networking.hostName = "samhain";
+  networking.hostId = "617050fc";
   networking.useDHCP = false;
   networking.interfaces.enp34s0.useDHCP = true;
   networking.firewall.allowPing = true;

config/hosts/yule/configuration.nix

@@ -3,15 +3,11 @@
 {
   imports = [
     ./hardware-configuration.nix
-    ../../profiles/common
-    ../../profiles/desktop
-    ../../profiles/gnome
-    ../../profiles/gaming
-    ../../profiles/development
-    ../../profiles/network
-    ../../profiles/yubikey
   ];
 
+  meta.deploy.profiles = [ "desktop" "development" "sway" "gaming" "network" "yubikey" ];
+  meta.deploy.ssh.host = "192.168.1.92";
+  
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.supportedFilesystems = [ "zfs" ];

config/hosts/yule/hardware-configuration.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/safe/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/safe/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D680-ED0E";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }
+    ];
+
+}

config/profiles/common/default.nix

@@ -1,19 +1,20 @@
 { config, lib, pkgs, ... }:
 
 let
-  home-manager = fetchGit {
-    url = "https://github.com/nix-community/home-manager";
-    rev = "a98ec6ec158686387d66654ea96153ec06be33d7";
-  };
-  nixpkgs-master = import
-    (fetchTarball "https://github.com/NixOS/nixpkgs/archive/master.tar.gz") {
-      config.allowUnfree = true;
-    };
+  sources = import ../../../nix/sources.nix;
+  unstable = import sources.nixpkgs-unstable { };
 in {
-  imports = [ ../../../modules "${home-manager}/nixos" ./pbb.nix ./users.nix ];
-
-  nixpkgs.overlays =
-    [ (self: super: import ../../../pkgs { nixpkgs = super.path; self = self; super = super; }) ];
+  imports = [
+    ../../../modules
+    ../../users
+    ../desktop
+    ../development
+    ../gaming
+    ../network
+    ../sway
+    ../yubikey
+    (sources.home-manager + "/nixos")
+  ];
 
   #boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
   #boot.kernelParams = [ "quiet" ];

config/profiles/desktop/default.nix

@@ -0,0 +1,98 @@
+{ config, lib, pkgs, ... }:
+
+let
+  sources = import ../../../nix/sources.nix;
+  unstable = import sources.nixpkgs-unstable { inherit (pkgs) config; };
+in {
+  config = lib.mkIf (lib.elem "desktop" config.meta.deploy.profiles) {
+
+    nixpkgs.config = { mumble.speechdSupport = true; pulseaudio = true;};
+
+    environment.systemPackages = [ pkgs.redshift ];
+
+    services.xserver.enable = true;
+    services.xserver.displayManager.lightdm.enable = true;
+    programs.light.enable = true;
+
+    home-manager.users.kat = {
+      home.packages = [
+        pkgs._1password
+        pkgs.mpv
+        pkgs.mumble
+        pkgs.obs-studio
+        pkgs.avidemux
+        pkgs.gnome3.networkmanagerapplet
+        pkgs.vlc
+        unstable.syncplay
+        unstable.youtube-dl
+        unstable.google-chrome
+        pkgs.v4l-utils
+        pkgs.transmission-gtk
+        pkgs.jdk11
+        pkgs.lm_sensors
+        unstable.discord
+        pkgs.tdesktop
+        pkgs.dino
+        pkgs.vegur
+        pkgs.nitrogen
+        pkgs.terminator
+        pkgs.pavucontrol
+        pkgs.appimage-run
+        pkgs.gparted
+        pkgs.scrot
+        pkgs.gimp-with-plugins
+        pkgs.vscode
+        pkgs.cryptsetup
+        pkgs.neofetch
+        pkgs.htop
+      ];
+
+      programs.fish = { interactiveShellInit = "set -g fish_greeting ''"; };
+
+      programs.firefox = { enable = true; };
+      
+      services.kdeconnect = {
+        enable = true;
+        indicator = true;
+      };
+
+      services.redshift = {
+        enable = true;
+        latitude = "51.5074";
+        longitude = "0.1278";
+      };
+
+      gtk = {
+        enable = true;
+        iconTheme = {
+          name = "Numix-Square";
+          package = pkgs.numix-icon-theme-square;
+        };
+        theme = {
+          name = "Arc";
+          package = pkgs.arc-theme;
+        };
+      };
+    };
+
+    fonts.fontconfig.enable = true;
+    fonts.fonts = [ pkgs.nerdfonts pkgs.corefonts ];
+
+    # KDE Connect
+    networking.firewall = {
+      allowedTCPPortRanges = [{
+        from = 1714;
+        to = 1764;
+      }];
+      allowedUDPPortRanges = [{
+        from = 1714;
+        to = 1764;
+      }];
+    };
+
+    sound.enable = true;
+    hardware.pulseaudio.enable = true;
+    hardware.opengl.enable = true;
+    services.xserver.libinput.enable = true;
+  };
+}

config/profiles/development/default.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf (lib.elem "development" config.meta.deploy.profiles) {
+    environment.systemPackages = let
+      python-env = python-packages:
+        with pkgs.python38Packages; [
+          pip
+          setuptools
+          psutil
+        ];
+      python-with-env = pkgs.python3.withPackages python-env;
+    in [ pkgs.php pkgs.php74Packages.composer2 python-with-env ];
+
+    home-manager.users.kat = {
+      programs.go.enable = true;
+
+      programs.fish = {
+        interactiveShellInit = ''
+          set fish_user_paths $fish_user_paths $HOME/.config/composer/vendor/bin
+        '';
+      };
+
+      home.packages = [
+        pkgs.jetbrains.clion
+        pkgs.jetbrains.idea-ultimate
+        pkgs.jetbrains.goland
+        pkgs.jetbrains.phpstorm
+        pkgs.nixfmt
+        pkgs.carnix
+        pkgs.rustup
+        pkgs.gcc
+      ];
+    };
+  };
+}

config/profiles/gaming/default.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }: {
+
+  config = lib.mkIf (lib.elem "gaming" config.meta.deploy.profiles) {
+    hardware.opengl.driSupport32Bit = true;
+    hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
+    hardware.pulseaudio.support32Bit = true;
+
+    home-manager.users.kat = {
+      home.packages = [ pkgs.lutris pkgs.steam-run ];
+    };
+  };
+}

config/profiles/network/default.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }: {
+  config = lib.mkIf (lib.elem "network" config.meta.deploy.profiles) {
+    networking = {
+      networkmanager.enable = true;
+      resolvconf.useLocalResolver = true;
+      networkmanager.dns = "none";
+    };
+
+    services.dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        ipv6_servers = true;
+        require_dnssec = true;
+
+        sources.public-resolvers = {
+          urls = [
+            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
+            "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
+          ];
+          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+          minisign_key =
+            "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        };
+
+        # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
+        server_names = [
+          "acsacsar-ams-ipv4"
+          "acsacsar-ams-ipv6"
+          "dnscrypt.eu-dk"
+          "dnscrypt.eu-dk-ipv6"
+          "dnscrypt.eu-nl"
+          "dnscrypt.eu-nl-ipv6"
+          "meganerd"
+          "meganerd-ipv6"
+        ];
+      };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy2";
+    };
+  };
+}

config/profiles/sway/colors.nix

@@ -1,22 +1,22 @@
 rec {
   base16 = {
-    color0 = "#333333";
-    color1 = "#ff3399";
-    color2 = "#00ff99";
-    color3 = "#ffcc33";
-    color4 = "#00ccff";
-    color5 = "#9977ff";
-    color6 = "#3cd8d8";
-    color7 = "#f8f8f2";
+    color0 = "#292a44";
+    color1 = "#a0a0c5";
+    color2 = "#6dfedf";
+    color3 = "#ae81ff";
+    color4 = "#2de0a7";
+    color5 = "#7aa5ff";
+    color6 = "#8eaee0";
+    color7 = "#f1eff8";
 
-    color8 = "#707070";
-    color9 = "#ff6699";
-    color10 = "#99ff99";
-    color11 = "#ffee66";
-    color12 = "#99ccff";
-    color13 = "#9977ff";
-    color14 = "#78e4e4";
-    color15 = "#f8f8f2";
+    color8 = "#666699";
+    color9 = "#efe4a1";
+    color10 = "#663399";
+    color11 = "#383a62";
+    color12 = "#a0a0c5";
+    color13 = "#ccccff";
+    color14 = "#ff79c6";
+    color15 = "#53495d";
 
     color16 = "#fd971f";
     color17 = "#cc6633";

config/profiles/sway/default.nix

@@ -0,0 +1,284 @@
+{ config, pkgs, lib, ... }:
+
+let colors = import ./colors.nix;
+in {
+  config = lib.mkIf (lib.elem "sway" config.meta.deploy.profiles) {
+    fonts.fonts = with pkgs; [
+      font-awesome
+      nerdfonts
+      iosevka
+      emacs-all-the-icons-fonts
+    ];
+    users.users.kat.packages = with pkgs; [ grim slurp ];
+    programs.sway.enable = true;
+
+    systemd.user.services.mako = {
+      serviceConfig.ExecStart = "${pkgs.mako}/bin/mako";
+      restartTriggers =
+        [ config.home-manager.users.kat.xdg.configFile."mako/config".source ];
+    };
+
+    home-manager.users.kat = {
+      programs.kitty = {
+        enable = true;
+        font.name = "Iosevka Term";
+        settings = {
+          font_size = "10.0";
+          background = colors.black;
+          foreground = colors.white;
+          background_opacity = "0.8";
+          selection_background = colors.white;
+          selection_foreground = colors.black;
+          url_color = colors.yellow;
+          cursor = colors.white;
+          active_border_color = "#75715e";
+          active_tab_background = "#9900ff";
+          active_tab_foreground = colors.white;
+          inactive_tab_background = "#3a3a3a";
+          inactive_tab_foreground = "#665577";
+        } // colors.base16;
+      };
+
+      programs.mako = {
+        enable = true;
+        defaultTimeout = 3000;
+        borderColor = colors.white;
+        backgroundColor = "${colors.black}70";
+        textColor = colors.white;
+      };
+
+      wayland.windowManager.sway = {
+        enable = true;
+        config = let
+          dmenu =
+            "${pkgs.bemenu}/bin/bemenu --fn 'Iosevka 12' --nb '${colors.black}' --nf '${colors.white}' --sb '${colors.red}' --sf '${colors.white}' -l 5 -m -1 -i";
+          lockCommand = "swaylock -i ${./middle.jpg} -s fill";
+          cfg = config.home-manager.users.kat.wayland.windowManager.sway.config;
+        in {
+          bars = [{ command = "${pkgs.waybar}/bin/waybar"; }];
+
+          output = let
+            left = {
+              res = "1920x1080";
+              pos = "0 0";
+              bg = "${./left.jpg} fill";
+            };
+            middle = {
+              res = "1920x1080";
+              pos = "1920 0";
+              bg = "${./middle.jpg} fill";
+            };
+            right = {
+              res = "1920x1080";
+              pos = "3840 0";
+              bg = "${./right.jpg} fill";
+            };
+          in {
+            "DP-1" = left;
+            "DVI-D-1" = middle;
+            "HDMI-A-1" = right;
+          };
+
+          input = {
+            # "1739:0:Synaptics_TM3075-002" = {
+            #   dwt = "enabled";
+            #   tap = "enabled";
+            #   natural_scroll = "enabled";
+            #   middle_emulation = "enabled";
+            #   click_method = "clickfinger";
+            # };
+            "*" = {
+              xkb_layout = "gb";
+              # xkb_variant = "nodeadkeys";
+              #   xkb_options = "ctrl:nocaps";
+            };
+          };
+
+          fonts = [ "Iosevka Nerd Font 10" ];
+          terminal = "${pkgs.kitty}/bin/kitty";
+          # TODO: replace with wofi
+          menu =
+            "${pkgs.j4-dmenu-desktop}/bin/j4-dmenu-desktop --dmenu=\"${dmenu}\" --term='${cfg.terminal}'";
+          modifier = "Mod4";
+
+          startup = [
+            {
+              command = "systemctl --user restart mako";
+              always = true;
+            }
+            {
+              command =
+                "${pkgs.swayidle}/bin/swayidle -w before-sleep '${lockCommand}'";
+            }
+          ];
+
+          window = {
+            border = 1;
+            titlebar = true;
+          };
+
+          keybindings = {
+            "${cfg.modifier}+Return" = "exec ${cfg.terminal}";
+
+            "${cfg.modifier}+Left" = "focus left";
+            "${cfg.modifier}+Down" = "focus down";
+            "${cfg.modifier}+Up" = "focus up";
+            "${cfg.modifier}+Right" = "focus right";
+
+            "${cfg.modifier}+Shift+Left" = "move left";
+            "${cfg.modifier}+Shift+Down" = "move down";
+            "${cfg.modifier}+Shift+Up" = "move up";
+            "${cfg.modifier}+Shift+Right" = "move right";
+
+            "${cfg.modifier}+Shift+space" = "floating toggle";
+            "${cfg.modifier}+space" = "focus mode_toggle";
+
+            "${cfg.modifier}+1" = "workspace 1";
+            "${cfg.modifier}+2" = "workspace 2";
+            "${cfg.modifier}+3" = "workspace 3";
+            "${cfg.modifier}+4" = "workspace 4";
+            "${cfg.modifier}+5" = "workspace 5";
+            "${cfg.modifier}+6" = "workspace 6";
+            "${cfg.modifier}+7" = "workspace 7";
+            "${cfg.modifier}+8" = "workspace 8";
+            "${cfg.modifier}+9" = "workspace 9";
+            "${cfg.modifier}+0" = "workspace 10";
+
+            "${cfg.modifier}+Shift+1" = "move container to workspace 1";
+            "${cfg.modifier}+Shift+2" = "move container to workspace 2";
+            "${cfg.modifier}+Shift+3" = "move container to workspace 3";
+            "${cfg.modifier}+Shift+4" = "move container to workspace 4";
+            "${cfg.modifier}+Shift+5" = "move container to workspace 5";
+            "${cfg.modifier}+Shift+6" = "move container to workspace 6";
+            "${cfg.modifier}+Shift+7" = "move container to workspace 7";
+            "${cfg.modifier}+Shift+8" = "move container to workspace 8";
+            "${cfg.modifier}+Shift+9" = "move container to workspace 9";
+            "${cfg.modifier}+Shift+0" = "move container to workspace 10";
+
+            "XF86AudioRaiseVolume" =
+              "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
+            "XF86AudioLowerVolume" =
+              "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
+            "XF86AudioMute" =
+              "exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
+            "XF86AudioMicMute" =
+              "exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
+            "XF86MonBrightnessDown" = "exec ${pkgs.light}/bin/light -U 5";
+            "XF86MonBrightnessUp" = "exec ${pkgs.light}/bin/light -A 5";
+            "${cfg.modifier}+Print" =
+              "exec ${pkgs.bash}/bin/bash -c '~/.local/bin/elixiremanager.sh -w'";
+
+            "${cfg.modifier}+d" = "exec ${cfg.menu}";
+            "${cfg.modifier}+x" = "exec ${lockCommand}";
+
+            "${cfg.modifier}+i" = "move workspace to output left";
+            "${cfg.modifier}+o" = "move workspace to output left";
+            "${cfg.modifier}+b" = "splith";
+            "${cfg.modifier}+v" = "splitv";
+            "${cfg.modifier}+s" = "layout stacking";
+            "${cfg.modifier}+w" = "layout tabbed";
+            "${cfg.modifier}+e" = "layout toggle split";
+            "${cfg.modifier}+f" = "fullscreen";
+
+            "${cfg.modifier}+Shift+q" = "kill";
+            "${cfg.modifier}+Shift+c" = "reload";
+
+            "${cfg.modifier}+r" = "mode resize";
+            "${cfg.modifier}+Delete" = ''
+              mode "System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown"'';
+          };
+
+          #   keycodebindings = {
+          #     "--no-repeat 107" = "exec dbus-send --session --type=method_call --dest=net.sourceforge.mumble.mumble / net.sourceforge.mumble.Mumble.startTalking";
+          #     "--release 107" = "exec dbus-send --session --type=method_call --dest=net.sourceforge.mumble.mumble / net.sourceforge.mumble.Mumble.stopTalking";
+          #   };
+
+          modes = {
+            "System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown" =
+              {
+                "l" = "exec ${lockCommand}, mode default";
+                "e" = "exec swaymsg exit, mode default";
+                "s" = "exec systemctl suspend, mode default";
+                "h" = "exec systemctl hibernate, mode default";
+                "r" = "exec systemctl reboot, mode default";
+                "Shift+s" = "exec systemctl shutdown, mode default";
+                "Return" = "mode default";
+                "Escape" = "mode default";
+              };
+          };
+
+          colors = {
+            focused = {
+              border = colors.bright.black;
+              background = colors.yellow;
+              text = colors.black;
+              indicator = colors.green;
+              childBorder = colors.bright.black;
+            };
+            focusedInactive = {
+              border = colors.bright.black;
+              background = colors.bright.green;
+              text = colors.black;
+              indicator = colors.green;
+              childBorder = colors.bright.black;
+            };
+            unfocused = {
+              border = colors.bright.black;
+              background = colors.black;
+              text = colors.bright.black;
+              indicator = colors.bright.black;
+              childBorder = colors.bright.black;
+            };
+            urgent = {
+              border = colors.bright.black;
+              background = colors.bright.red;
+              text = colors.black;
+              indicator = colors.red;
+              childBorder = colors.bright.black;
+            };
+          };
+        };
+        wrapperFeatures.gtk = true;
+        extraConfig = ''
+          seat seat0 xcursor_theme breeze_cursors 20
+        '';
+      };
+      programs.waybar = {
+        enable = true;
+        #       style = ''
+        #         * {
+        #           font-family: "Iosevka";
+        #         }
+        #       '';
+        settings = [{
+          modules-left = [ "sway/workspaces" "sway/mode" ];
+          modules-center = [ "sway/window" ];
+          modules-right = [
+            "pulseaudio"
+            "network"
+            "cpu"
+            "memory"
+            "temperature"
+            "clock"
+            "tray"
+          ];
+
+          modules = {
+            pulseaudio = {
+              format = "{volume}%";
+              on-click = "pavucontrol";
+            };
+            network = {
+              format-wifi = "{essid} ({signalStrength}%) ";
+              format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
+              format-linked = "{ifname} (No IP) ";
+              format-disconnected = "Disconnected ⚠";
+              format-alt = "{ifname}: {ipaddr}/{cidr}";
+            };
+            clock = { format = "{:%A, %F %T %Z}"; };
+          };
+        }];
+      };
+    };
+  };
+}

config/profiles/yubikey/default.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }: {
+  config = lib.mkIf (lib.elem "yubikey" config.meta.deploy.profiles) {
+    services.pcscd.enable = true;
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+
+    programs.gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryFlavor = "curses";
+    };
+  };
+}

config/services/zfs.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.zfs = {
+    autoScrub.enable = true;
+    autoSnapshot.enable = true;
+  };
+}

config/users/default.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./kat ];
+}

config/users/kat/default.nix

@@ -1,15 +1,6 @@
 { config, pkgs, ... }:
 
 {
-  users.users.root = {
-    openssh.authorizedKeys.keys = with pkgs.lib;
-      concatLists (mapAttrsToList (name: user:
-        if elem "wheel" user.extraGroups then
-          user.openssh.authorizedKeys.keys
-        else
-          [ ]) config.users.users);
-  };
-
   users.users.kat = {
     uid = 1000;
     isNormalUser = true;
@@ -23,8 +14,6 @@
 
   home-manager.useGlobalPkgs = true;
   home-manager.users.kat = {
-    programs.firefox = { enable = true; };
-
     programs.fish = {
       enable = true;
       plugins = [{

configuration/hosts/default.nix

@@ -1,35 +0,0 @@
-let
-  hosts = {
-    yule = {
-      ssh.host = "kat@yule";
-      groups = [ "laptop" "personal" "graphical" ];
-    };
-    beltane = {
-      ssh.host = "kat@beltane";
-      groups = [ "server" "personal" ];
-    };
-    samhain = {
-      ssh.host = "kat@samhain";
-      groups = [ "desktop" "personal" "graphical" ];
-    };
-    litha = {
-      ssh.host = "root@litha";
-      groups = [ "laptop" "personal" "graphical" ];
-    };
-    mabon = {
-      ssh.host = "root@192.168.1.218";
-      groups = [ "laptop" "personal" "graphical" ];
-    };
-  };
-  pkgs = import <nixpkgs> { };
-  evalConfig = import <nixpkgs/nixos/lib/eval-config.nix>;
-  lib = pkgs.lib;
-in lib.mapAttrs (name: host:
-  host // {
-    config = if (host ? config) then
-      host.config
-    else
-      (evalConfig {
-        modules = [ (import "${toString ./.}/${name}/configuration.nix") ];
-      }).config;
-  }) hosts

configuration/hosts/litha/configuration.nix

@@ -1,28 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-    ../../profiles/common
-    ../../profiles/desktop
-    ../../profiles/xfce
-    ../../profiles/network
-    ../../profiles/yubikey
-  ];
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "litha";
-
-  networking.useDHCP = false;
-  networking.interfaces.enp34s0.useDHCP = true;
-
-  system.stateVersion = "20.09";
-
-}

configuration/hosts/litha/hardware-configuration.nix

@@ -1,29 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/fa06ba90-ffc9-4ca6-b1cf-1205340a975e";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/BF39-2AA3";
-    fsType = "vfat";
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/9c88235e-9705-4b80-a988-e95eda06124f"; }];
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}

configuration/hosts/yule/hardware-configuration.nix

@@ -1,33 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "zpool/safe/root";
-    fsType = "zfs";
-  };
-
-  fileSystems."/home" = {
-    device = "zpool/safe/home";
-    fsType = "zfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/4683-4139";
-    fsType = "vfat";
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/7e6f47fd-bedb-4012-8072-5e3a556e2f45"; }];
-
-}

configuration/profiles/desktop/default.nix

@@ -1,89 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  nixpkgs-master = import
-    (fetchTarball "https://github.com/NixOS/nixpkgs/archive/master.tar.gz") {
-      config.allowUnfree = true;
-    };
-in {
-  nixpkgs.config = { mumble.speechdSupport = true; };
-
-  environment.systemPackages = [ pkgs.redshift ];
-
-  home-manager.users.kat = {
-    home.packages = [
-      pkgs._1password
-      pkgs.mpv
-      pkgs.mumble
-      pkgs.obs-studio
-      pkgs.avidemux
-      pkgs.vlc
-      nixpkgs-master.syncplay
-      nixpkgs-master.youtube-dl
-      nixpkgs-master.google-chrome
-      pkgs.v4l-utils
-      pkgs.transmission-gtk
-      pkgs.jdk11
-      pkgs.lm_sensors
-      nixpkgs-master.discord
-      pkgs.tdesktop
-      pkgs.dino
-      pkgs.vegur
-      pkgs.nitrogen
-      pkgs.terminator
-      pkgs.appimage-run
-      pkgs.gparted
-      pkgs.scrot
-      pkgs.gimp-with-plugins
-      pkgs.vscode
-      pkgs.cryptsetup
-      pkgs.neofetch
-      pkgs.htop
-    ];
-
-    programs.fish = { interactiveShellInit = "set -g fish_greeting ''"; };
-
-    services.kdeconnect = {
-      enable = true;
-      indicator = true;
-    };
-
-    services.redshift = {
-      enable = true;
-      latitude = "51.5074";
-      longitude = "0.1278";
-    };
-
-    gtk = {
-      enable = true;
-      iconTheme = {
-        name = "Numix-Square";
-        package = pkgs.numix-icon-theme-square;
-      };
-      theme = {
-        name = "Arc";
-        package = pkgs.arc-theme;
-      };
-    };
-  };
-
-  fonts.fontconfig.enable = true;
-  fonts.fonts = [ pkgs.nerdfonts pkgs.corefonts ];
-
-  # KDE Connect
-  networking.firewall = {
-    allowedTCPPortRanges = [{
-      from = 1714;
-      to = 1764;
-    }];
-    allowedUDPPortRanges = [{
-      from = 1714;
-      to = 1764;
-    }];
-  };
-
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-  hardware.opengl.enable = true;
-  services.xserver.libinput.enable = true;
-}

configuration/profiles/development/default.nix

@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
-  environment.systemPackages = let
-    python-env = python-packages:
-      with pkgs.python38Packages; [
-        pip
-        setuptools
-        psutil
-      ];
-    python-with-env = pkgs.python3.withPackages python-env;
-  in [ pkgs.php pkgs.php74Packages.composer2 python-with-env ];
-
-  home-manager.users.kat = {
-    programs.go.enable = true;
-
-    programs.fish = {
-      interactiveShellInit = ''
-        set fish_user_paths $fish_user_paths $HOME/.config/composer/vendor/bin
-      '';
-    };
-
-    home.packages = [
-      pkgs.jetbrains.clion
-      pkgs.jetbrains.idea-ultimate
-      pkgs.jetbrains.goland
-      pkgs.jetbrains.phpstorm
-      pkgs.nixfmt
-      pkgs.carnix
-      pkgs.rustup
-      pkgs.gcc
-    ];
-  };
-}

configuration/profiles/gaming/default.nix

@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  hardware.opengl.driSupport32Bit = true;
-  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
-  hardware.pulseaudio.support32Bit = true;
-
-  home-manager.users.kat = { home.packages = [ pkgs.lutris pkgs.steam-run ]; };
-}

configuration/profiles/gnome/default.nix

@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  services.xserver.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome3.enable = true;
-
-  home-manager.users.kat = {
-    home.packages = [
-      pkgs.dconf2nix
-      pkgs.gnome3.gnome-tweak-tool
-      pkgs.gnomeExtensions.caffeine
-      pkgs.gnomeExtensions.emoji-selector
-      pkgs.gnomeExtensions.dash-to-panel
-      pkgs.gnomeExtensions.appindicator
-      pkgs.gnomeExtensions.dash-to-dock
-      pkgs.gnomeExtensions.arc-menu
-      pkgs.pcmanfm
-      pkgs.xfce.thunar
-      pkgs.xfce.thunar-volman
-    ];
-  };
-
-  services.gvfs = {
-    enable = true;
-    package = pkgs.gnome3.gvfs;
-  };
-}

configuration/profiles/network/default.nix

@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  networking = {
-    networkmanager.enable = true;
-    resolvconf.useLocalResolver = true;
-    networkmanager.dns = "none";
-  };
-
-  services.dnscrypt-proxy2 = {
-    enable = true;
-    settings = {
-      ipv6_servers = true;
-      require_dnssec = true;
-
-      sources.public-resolvers = {
-        urls = [
-          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
-          "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
-        ];
-        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
-        minisign_key =
-          "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
-      };
-
-      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
-      server_names = [
-        "acsacsar-ams-ipv4"
-        "acsacsar-ams-ipv6"
-        "dnscrypt.eu-dk"
-        "dnscrypt.eu-dk-ipv6"
-        "dnscrypt.eu-nl"
-        "dnscrypt.eu-nl-ipv6"
-        "meganerd"
-        "meganerd-ipv6"
-      ];
-    };
-  };
-
-  systemd.services.dnscrypt-proxy2.serviceConfig = {
-    StateDirectory = "dnscrypt-proxy2";
-  };
-}

configuration/profiles/sway/default.nix

@@ -1,253 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  colors = import ./colors.nix;
-in {
-fonts.fonts = with pkgs; [ font-awesome nerdfonts iosevka emacs-all-the-icons-fonts ];
-users.users.kat.packages = with pkgs; [ ];
-programs.sway.enable = true;
-
-systemd.user.services.mako = {
-    serviceConfig.ExecStart = "${pkgs.mako}/bin/mako";
-    restartTriggers = [
-    config.home-manager.users.kat.xdg.configFile."mako/config".source
-    ];
-};
-
-home-manager.users.kat = {
-          programs.kitty = {
-        enable = true;
-        font.name = "Iosevka Term";
-        settings = {
-          font_size = "10.0";
-          background = colors.black;
-          foreground = colors.white;
-          background_opacity = "0.8";
-          selection_background = colors.white;
-          selection_foreground = colors.black;
-          url_color = colors.yellow;
-          cursor = colors.white;
-          active_border_color = "#75715e";
-          active_tab_background = "#9900ff";
-          active_tab_foreground = colors.white;
-          inactive_tab_background = "#3a3a3a";
-          inactive_tab_foreground = "#665577";
-        } // colors.base16;
-      };
-
-    programs.mako = {
-    enable = true;
-    defaultTimeout = 3000;
-    borderColor = colors.white;
-    backgroundColor = "${colors.black}70";
-    textColor = colors.white;
-    };
-    wayland.windowManager.sway = {
-    enable = true;
-    config = let
-        dmenu = "${pkgs.bemenu}/bin/bemenu --fn 'Iosevka 12' --nb '${colors.black}' --nf '${colors.white}' --sb '${colors.red}' --sf '${colors.white}' -l 5 -m 0 -i";
-        lockCommand = "swaylock -i ${./middle.jpg} -s fill";
-        cfg = config.home-manager.users.kat.wayland.windowManager.sway.config;
-    in {
-        bars = [{ command = "${pkgs.waybar}/bin/waybar"; }];
-
-        output = let
-        left = {
-            res = "1920x1080";
-            pos = "0 0";
-            bg = "${./left.jpg} fill";
-        };
-        middle = {
-            res = "1920x1080";
-            pos = "1920 0";
-            bg = "${./middle.jpg} fill";
-        };
-        right = {
-            res = "1920x1080";
-            pos = "3840 0";
-            bg = "${./right.jpg} fill";
-        };
-        in {
-        "DP-1" = left;
-        "DVI-D-1" = middle;
-        "HDMI-A-1" = right;
-        };
-
-        input = {
-        # "1739:0:Synaptics_TM3075-002" = {
-        #   dwt = "enabled";
-        #   tap = "enabled";
-        #   natural_scroll = "enabled";
-        #   middle_emulation = "enabled";
-        #   click_method = "clickfinger";
-        # };
-        "*" = {
-            xkb_layout = "gb";
-            # xkb_variant = "nodeadkeys";
-        #   xkb_options = "ctrl:nocaps";
-        };
-        };
-
-        fonts = [ "Iosevka Nerd Font 10" ];
-        terminal = "${pkgs.kitty}/bin/kitty";
-        # TODO: replace with wofi
-        menu = "${pkgs.j4-dmenu-desktop}/bin/j4-dmenu-desktop --dmenu=\"${dmenu}\" --term='${cfg.terminal}'";
-        modifier = "Mod4";
-
-        startup = [
-        { command = "systemctl --user restart mako"; always = true; }
-        { command = "${pkgs.swayidle}/bin/swayidle -w before-sleep '${lockCommand}'"; }
-        ];
-
-        window = {
-        border = 1;
-        titlebar = true;
-        };
-
-        keybindings = {
-        "${cfg.modifier}+Return" = "exec ${cfg.terminal}";
-
-        "${cfg.modifier}+Left" = "focus left";
-        "${cfg.modifier}+Down" = "focus down";
-        "${cfg.modifier}+Up" = "focus up";
-        "${cfg.modifier}+Right" = "focus right";
-
-        "${cfg.modifier}+Shift+Left" = "move left";
-        "${cfg.modifier}+Shift+Down" = "move down";
-        "${cfg.modifier}+Shift+Up" = "move up";
-        "${cfg.modifier}+Shift+Right" = "move right";
-
-        "${cfg.modifier}+Shift+space" = "floating toggle";
-        "${cfg.modifier}+space" = "focus mode_toggle";
-
-        "${cfg.modifier}+1" = "workspace 1";
-        "${cfg.modifier}+2" = "workspace 2";
-        "${cfg.modifier}+3" = "workspace 3";
-        "${cfg.modifier}+4" = "workspace 4";
-        "${cfg.modifier}+5" = "workspace 5";
-        "${cfg.modifier}+6" = "workspace 6";
-        "${cfg.modifier}+7" = "workspace 7";
-        "${cfg.modifier}+8" = "workspace 8";
-        "${cfg.modifier}+9" = "workspace 9";
-        "${cfg.modifier}+0" = "workspace 10";
-
-        "${cfg.modifier}+Shift+1" = "move container to workspace 1";
-        "${cfg.modifier}+Shift+2" = "move container to workspace 2";
-        "${cfg.modifier}+Shift+3" = "move container to workspace 3";
-        "${cfg.modifier}+Shift+4" = "move container to workspace 4";
-        "${cfg.modifier}+Shift+5" = "move container to workspace 5";
-        "${cfg.modifier}+Shift+6" = "move container to workspace 6";
-        "${cfg.modifier}+Shift+7" = "move container to workspace 7";
-        "${cfg.modifier}+Shift+8" = "move container to workspace 8";
-        "${cfg.modifier}+Shift+9" = "move container to workspace 9";
-        "${cfg.modifier}+Shift+0" = "move container to workspace 10";
-
-        "XF86AudioRaiseVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
-        "XF86AudioLowerVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
-        "XF86AudioMute" = "exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
-        "XF86AudioMicMute" = "exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
-        "XF86MonBrightnessDown" = "exec ${pkgs.light}/bin/light -U 5";
-        "XF86MonBrightnessUp" = "exec ${pkgs.light}/bin/light -A 5";
-        "${cfg.modifier}+Print" = "exec ${pkgs.bash}/bin/bash -c '~/.local/bin/elixiremanager.sh -w'";
-
-        "${cfg.modifier}+d" = "exec ${cfg.menu}";
-        "${cfg.modifier}+x" = "exec ${lockCommand}";
-
-        "${cfg.modifier}+i" = "move workspace to output left";
-        "${cfg.modifier}+o" = "move workspace to output left";
-        "${cfg.modifier}+b" = "splith";
-        "${cfg.modifier}+v" = "splitv";
-        "${cfg.modifier}+s" = "layout stacking";
-        "${cfg.modifier}+w" = "layout tabbed";
-        "${cfg.modifier}+e" = "layout toggle split";
-        "${cfg.modifier}+f" = "fullscreen";
-
-        "${cfg.modifier}+Shift+q" = "kill";
-        "${cfg.modifier}+Shift+c" = "reload";
-
-        "${cfg.modifier}+r" = "mode resize";
-        "${cfg.modifier}+Delete" = "mode \"System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown\"";
-        };
-
-    #   keycodebindings = {
-    #     "--no-repeat 107" = "exec dbus-send --session --type=method_call --dest=net.sourceforge.mumble.mumble / net.sourceforge.mumble.Mumble.startTalking";
-    #     "--release 107" = "exec dbus-send --session --type=method_call --dest=net.sourceforge.mumble.mumble / net.sourceforge.mumble.Mumble.stopTalking";
-    #   };
-
-        modes = {
-        "System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown" = {
-            "l" = "exec ${lockCommand}, mode default";
-            "e" = "exec swaymsg exit, mode default";
-            "s" = "exec systemctl suspend, mode default";
-            "h" = "exec systemctl hibernate, mode default";
-            "r" = "exec systemctl reboot, mode default";
-            "Shift+s" = "exec systemctl shutdown, mode default";
-            "Return" = "mode default";
-            "Escape" = "mode default";
-        };
-        };
-
-        colors = {
-        focused = {
-            border = colors.bright.black;
-            background = colors.bright.green;
-            text = colors.black;
-            indicator = colors.green;
-            childBorder = colors.bright.black;
-        };
-        focusedInactive = {
-            border = colors.bright.black;
-            background = colors.green;
-            text = colors.black;
-            indicator = colors.green;
-            childBorder = colors.bright.black;
-        };
-        unfocused = {
-            border = colors.bright.black;
-            background = colors.black;
-            text = colors.bright.black;
-            indicator = colors.bright.black;
-            childBorder = colors.bright.black;
-        };
-        urgent = {
-            border = colors.bright.black;
-            background = colors.bright.red;
-            text = colors.black;
-            indicator = colors.red;
-            childBorder = colors.bright.black;
-        };
-        };
-    };
-    wrapperFeatures.gtk = true;
-    extraConfig = ''
-        seat seat0 xcursor_theme breeze_cursors 20
-    '';
-    };
-    programs.waybar = {
-    enable = true;
-    #       style = ''
-    #         * {
-    #           font-family: "Iosevka";
-    #         }
-    #       '';
-    settings = [{
-        modules-left = [ "sway/workspaces" "sway/mode" ];
-        modules-center = [ "sway/window" ];
-        modules-right = [ "pulseaudio" "network" "cpu" "memory" "temperature" "clock" "tray" ];
-
-        modules = {
-        network = {
-            format-wifi = "{essid} ({signalStrength}%) ";
-            format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
-            format-linked = "{ifname} (No IP) ";
-            format-disconnected = "Disconnected ⚠";
-            format-alt = "{ifname}: {ipaddr}/{cidr}";
-        };
-        clock = {
-            format = "{:%F %T %Z}";
-        };
-        };
-    }];
-    };
-};
-}

configuration/profiles/xfce/default.nix

@@ -1,23 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  services.xserver.enable = true;
-  services.xserver.displayManager.lightdm.enable = true;
-  services.xserver.desktopManager.xfce.enable = true;
-  services.gvfs = {
-    enable = true;
-    package = lib.mkForce pkgs.gnome3.gvfs;
-  };
-
-  environment.systemPackages = [
-    pkgs.xfce.xfce4-terminal
-    pkgs.xfce.thunar
-    pkgs.xfce.orage
-    pkgs.xfce.xfce4-battery-plugin
-    pkgs.xfce.xfce4-sensors-plugin
-    pkgs.xfce.xfce4-weather-plugin
-    pkgs.xfce.xfce4-pulseaudio-plugin
-    pkgs.xfce.xfce4-whiskermenu-plugin
-    pkgs.xfce.xfce4-genmon-plugin
-    pkgs.xfce.xfce4-screenshooter
-    pkgs.xfce.thunar-volman
-  ];
-}

configuration/profiles/yubikey/default.nix

@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  services.pcscd.enable = true;
-  services.udev.packages = [ pkgs.yubikey-personalization ];
-
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-    pinentryFlavor = "curses";
-  };
-}

default.nix

@@ -1,4 +1,13 @@
-{
-  inherit (import ./lib/deploy.nix) deploy;
-  pkgs = import ./pkgs;
+let
+  pkgs = import ./pkgs { };
+  hosts = import ./lib/hosts.nix { inherit pkgs; };
+in {
+  inherit pkgs;
+  inherit (pkgs) lib;
+  inherit (hosts) hosts profiles;
+  deploy = import ./lib/deploy.nix {
+    inherit pkgs;
+    inherit (hosts) hosts profiles;
+  };
+  sources = import ./nix/sources.nix;
 }

lib/deploy.nix

@@ -1,74 +1,18 @@
-let
-  pkgs = import <nixpkgs> { };
-  lib = pkgs.lib;
+{ pkgs, hosts, profiles }:
 
-  hosts = import ../configuration/hosts;
-  nixosHosts = lib.filterAttrs (name: host: host ? ssh) hosts;
+with pkgs.lib;
 
-  allGroups = lib.unique
-    (lib.flatten (lib.mapAttrsToList (name: host: host.groups) hosts));
-
-  hostsInGroup = group:
-    lib.filterAttrs (k: v: builtins.elem group v.groups) hosts;
-
-  hostsInAllGroups = lib.listToAttrs
-    (map (group: lib.nameValuePair group (lib.attrNames (hostsInGroup group)))
-      allGroups);
-
-  mkDeploy = hostnames:
-    pkgs.writeScript "deploy-${lib.concatStringsSep "-" hostnames}" ''
-      #!${pkgs.stdenv.shell}
-      set -e -o pipefail
-      export PATH=/run/wrappers/bin/:${
-        with pkgs;
-        lib.makeBinPath [
-          coreutils
-          openssh
-          nix
-          gnutar
-          findutils
-          nettools
-          gzip
-          git
-        ]
-      }
-
-      MODE=$1
-      shift || true
-      ARGS=$@
-
-      [ "$MODE" == "" ] && MODE="switch"
-
-      ${lib.concatMapStrings (hostname:
-        let
-          hostAttrs = nixosHosts.${hostname};
-          nixosSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
-            modules = [
-              "${toString ../configuration}/hosts/${hostname}/configuration.nix"
-            ];
-            system =
-              if hostAttrs ? system then hostAttrs.system else "x86_64-linux";
-          }).config.system.build.toplevel;
-        in ''
-          (
-            echo "deploying ${hostname}..."
-            nix copy --no-check-sigs --to ssh://${hostAttrs.ssh.host} ${nixosSystem}
-            ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo nix-env -p /nix/var/nix/profiles/system -i ${nixosSystem}"
-            ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $MODE"
-          ) &
-          PID_LIST+=" $!"
-        '') hostnames}
-
-      echo "deploys started, waiting for them to finish..."
-
-      trap "kill $PID_LIST" SIGINT
-      wait $PID_LIST
-    '';
-
-in {
-  deploy =
-    (lib.mapAttrs (hostname: hostAttrs: mkDeploy [ hostname ]) nixosHosts)
-    // (lib.mapAttrs (group: hosts: mkDeploy hosts) hostsInAllGroups) // {
-      all = mkDeploy (lib.attrNames nixosHosts);
-    };
-}
+(mapAttrs (name: hosts:
+  pkgs.writeScript "deploy-profile-${name}" ''
+    #!${pkgs.runtimeShell}
+    export PATH=
+    ${concatMapStrings (host: ''
+      echo "deploying ${host.config.networking.hostName}..."
+      ${host.config.system.build.deployScript} $1 &
+      PID_LIST+=" $!"
+    '') hosts}
+    # FIXME: remove jobs from PIDLIST once they finish
+    trap "kill $PID_LIST" SIGINT
+    wait $PID_LIST
+  '') profiles)
+// (mapAttrs (name: host: host.config.system.build.deployScript) hosts)

lib/hosts.nix

@@ -0,0 +1,34 @@
+{ pkgs, hostsDir ? ../config/hosts
+, commonImports ? [ ../config/profiles/common ../modules ], pkgsPath ? ../pkgs
+}:
+
+with pkgs.lib;
+
+rec {
+  hostNames = attrNames
+    (filterAttrs (name: type: type == "directory") (builtins.readDir hostsDir));
+
+  hostConfig = hostName:
+    { config, ... }: {
+      _module.args = { inherit hosts profiles; };
+      imports = [
+        (import (hostsDir + "/${hostName}/configuration.nix"))
+        ../modules/deploy
+      ] ++ commonImports;
+      networking = { inherit hostName; };
+      nixpkgs.pkgs = import pkgsPath { inherit (config.nixpkgs) config; };
+    };
+
+  hosts = listToAttrs (map (hostName:
+    nameValuePair hostName
+    (import (pkgs.path + "/nixos") { configuration = hostConfig hostName; }))
+    hostNames);
+
+  profileNames = unique (concatLists
+    (mapAttrsToList (name: host: host.config.meta.deploy.profiles) hosts));
+
+  profiles = listToAttrs (map (profileName:
+    nameValuePair profileName
+    (filter (host: elem profileName host.config.meta.deploy.profiles)
+      (attrValues hosts))) profileNames);
+}

modules/default.nix

@@ -1,5 +1,5 @@
 { ... }:
 
 {
-  imports = [ ];
+  imports = [ ./deploy ];
 }

modules/deploy/default.nix

@@ -0,0 +1,49 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let cfg = config.meta.deploy;
+
+in {
+  options = {
+    meta.deploy = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+      };
+      ssh.host = mkOption {
+        type = types.str;
+        default = "${config.networking.hostName}.${config.networking.domain}";
+      };
+      ssh.port = mkOption {
+        type = types.int;
+        default = head config.services.openssh.ports;
+      };
+      substitute = mkOption {
+        type = types.bool;
+        default = true;
+      };
+      profiles = mkOption {
+        type = with types; listOf str;
+        default = [ ];
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    meta.deploy.profiles = [ "all" ];
+
+    system.build.deployScript =
+      pkgs.writeScript "deploy-${config.networking.hostName}" ''
+        #!${pkgs.runtimeShell}
+        set -xeo pipefail
+        export PATH=${with pkgs; lib.makeBinPath [ coreutils openssh nix ]}
+        export NIX_SSHOPTS="$NIX_SSHOPTS -p${toString cfg.ssh.port}"
+        nix copy ${
+          if cfg.substitute then "-s" else ""
+        } --no-check-sigs --to ssh://${cfg.ssh.host} ${config.system.build.toplevel}
+        ssh $NIX_SSHOPTS ${cfg.ssh.host} "sudo nix-env -p /nix/var/nix/profiles/system -i ${config.system.build.toplevel}" 
+        ssh $NIX_SSHOPTS ${cfg.ssh.host} "sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $1" 
+      '';
+  };
+}

nix/sources.json

@@ -0,0 +1,73 @@
+{
+    "home-manager": {
+        "branch": "release-20.09",
+        "description": "Manage a user environment using Nix  [maintainer=@rycee] ",
+        "homepage": "https://nix-community.github.io/home-manager/",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "22f6736e628958f05222ddaadd7df7818fe8f59d",
+        "sha256": "1j4hyjd3kgvwym5jjazzyn554ngrm05ca9wl1a7z1bid22asr99p",
+        "type": "tarball",
+        "url": "https://github.com/nix-community/home-manager/archive/22f6736e628958f05222ddaadd7df7818fe8f59d.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "niv": {
+        "branch": "master",
+        "description": "Easy dependency management for Nix projects",
+        "homepage": "https://github.com/nmattia/niv",
+        "owner": "nmattia",
+        "repo": "niv",
+        "rev": "3cd7914b2c4cff48927e11c216dadfab7d903fe5",
+        "sha256": "1agq4nvbhrylf2s77kb4xhh9k7xcwdwggq764k4jgsbs70py8cw3",
+        "type": "tarball",
+        "url": "https://github.com/nmattia/niv/archive/3cd7914b2c4cff48927e11c216dadfab7d903fe5.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "nixos-mailserver": {
+        "ref": "nixos-20.09",
+        "repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
+        "rev": "fb1cc04c0a517d4200237b02c3472bcaf9104afb",
+        "sha256": "0vsvgxxg5cgmzwj98171j7h5l028f1yq784alb3lxgbk8znfk51y",
+        "type": "tarball",
+        "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/fb1cc04c0a517d4200237b02c3472bcaf9104afb/nixos-mailserver-fb1cc04c0a517d4200237b02c3472bcaf9104afb.tar.gz",
+        "url_template": "<repo>/-/archive/<rev>.tar.gz"
+    },
+    "nixpkgs": {
+        "branch": "release-20.09",
+        "description": "Nix Packages collection",
+        "homepage": "",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "cacb9ac7a5157363a91a1dfb31607024db3bb717",
+        "sha256": "136lc1lsahv03aqbp36xiszfrsi86dhw56dvzi72iczci7bvz4p2",
+        "type": "tarball",
+        "url": "https://github.com/nixos/nixpkgs/archive/cacb9ac7a5157363a91a1dfb31607024db3bb717.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "nixpkgs-unstable": {
+        "branch": "nixos-unstable-small",
+        "description": "Nix Packages collection",
+        "homepage": "",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ec334a1b01c491faa3463c96717b71921dddef2c",
+        "sha256": "0rcsqnnbaqrl010lv0cnvckimng2w3agm675c3dvcfvxyqlc2z2k",
+        "type": "tarball",
+        "url": "https://github.com/nixos/nixpkgs/archive/ec334a1b01c491faa3463c96717b71921dddef2c.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "pbb-nixfiles": {
+        "ref": "main",
+        "repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
+        "rev": "0720c5dba283d782f2f887bf97aad339137d95dc",
+        "type": "git"
+    },
+    "qyliss-nixlib": {
+        "repo": "https://git.qyliss.net/nixlib",
+        "rev": "e14330c5be9b005d4310cd4dc0d384cff882aedc",
+        "sha256": "0nan14ixhdzxxddnckqqhaxhr96yw08rgcmxssddhji6aq5a445j",
+        "type": "tarball",
+        "url": "https://git.qyliss.net/nixlib/snapshot/nixlib-e14330c5be9b005d4310cd4dc0d384cff882aedc.tar.gz",
+        "url_template": "https://git.qyliss.net/nixlib/snapshot/nixlib-<rev>.tar.gz"
+    }
+}

nix/sources.nix

@@ -0,0 +1,169 @@
+# This file has been generated by Niv.
+
+let
+
+  #
+  # The fetchers. fetch_<type> fetches specs of type <type>.
+  #
+
+  fetch_file = pkgs: spec:
+    if spec.builtin or true then
+      builtins_fetchurl { inherit (spec) url sha256; }
+    else
+      pkgs.fetchurl { inherit (spec) url sha256; };
+
+  fetch_tarball = pkgs: name: spec:
+    let
+      ok = str: !builtins.isNull (builtins.match "[a-zA-Z0-9+-._?=]" str);
+      # sanitize the name, though nix will still fail if name starts with period
+      name' = stringAsChars (x: if !ok x then "-" else x) "${name}-src";
+    in if spec.builtin or true then
+      builtins_fetchTarball {
+        name = name';
+        inherit (spec) url sha256;
+      }
+    else
+      pkgs.fetchzip {
+        name = name';
+        inherit (spec) url sha256;
+      };
+
+  fetch_git = spec:
+    builtins.fetchGit {
+      url = spec.repo;
+      inherit (spec) rev ref;
+    };
+
+  fetch_local = spec: spec.path;
+
+  fetch_builtin-tarball = name:
+    throw ''
+      [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
+              $ niv modify ${name} -a type=tarball -a builtin=true'';
+
+  fetch_builtin-url = name:
+    throw ''
+      [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
+              $ niv modify ${name} -a type=file -a builtin=true'';
+
+  #
+  # Various helpers
+  #
+
+  # The set of packages used when specs are fetched using non-builtins.
+  mkPkgs = sources:
+    let
+      sourcesNixpkgs =
+        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; })
+        { };
+      hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+      hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+    in if builtins.hasAttr "nixpkgs" sources then
+      sourcesNixpkgs
+    else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
+      import <nixpkgs> { }
+    else
+      abort ''
+        Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
+        add a package called "nixpkgs" to your sources.json.
+      '';
+
+  # The actual fetching function.
+  fetch = pkgs: name: spec:
+
+    if !builtins.hasAttr "type" spec then
+      abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+    else if spec.type == "file" then
+      fetch_file pkgs spec
+    else if spec.type == "tarball" then
+      fetch_tarball pkgs name spec
+    else if spec.type == "git" then
+      fetch_git spec
+    else if spec.type == "local" then
+      fetch_local spec
+    else if spec.type == "builtin-tarball" then
+      fetch_builtin-tarball name
+    else if spec.type == "builtin-url" then
+      fetch_builtin-url name
+    else
+      abort
+      "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
+
+  # If the environment variable NIV_OVERRIDE_${name} is set, then use
+  # the path directly as opposed to the fetched source.
+  replace = name: drv:
+    let
+      saneName = stringAsChars
+        (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
+      ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
+    in if ersatz == "" then drv else ersatz;
+
+  # Ports of functions for older nix versions
+
+  # a Nix version of mapAttrs if the built-in doesn't exist
+  mapAttrs = builtins.mapAttrs or (f: set:
+    with builtins;
+    listToAttrs (map (attr: {
+      name = attr;
+      value = f attr set.${attr};
+    }) (attrNames set)));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+  range = first: last:
+    if first > last then
+      [ ]
+    else
+      builtins.genList (n: first + n) (last - first + 1);
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+  stringToCharacters = s:
+    map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+  stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatStrings = builtins.concatStringsSep "";
+
+  # fetchTarball version that is compatible between all the versions of Nix
+  builtins_fetchTarball = { url, name, sha256 }@attrs:
+    let inherit (builtins) lessThan nixVersion fetchTarball;
+    in if lessThan nixVersion "1.12" then
+      fetchTarball { inherit name url; }
+    else
+      fetchTarball attrs;
+
+  # fetchurl version that is compatible between all the versions of Nix
+  builtins_fetchurl = { url, sha256 }@attrs:
+    let inherit (builtins) lessThan nixVersion fetchurl;
+    in if lessThan nixVersion "1.12" then
+      fetchurl { inherit url; }
+    else
+      fetchurl attrs;
+
+  # Create the final "sources" from the config
+  mkSources = config:
+    mapAttrs (name: spec:
+      if builtins.hasAttr "outPath" spec then
+        abort
+        "The values in sources.json should not have an 'outPath' attribute"
+      else
+        spec // { outPath = replace name (fetch config.pkgs name spec); })
+    config.sources;
+
+  # The "config" used by the fetchers
+  mkConfig = { sourcesFile ?
+      if builtins.pathExists ./sources.json then ./sources.json else null
+    , sources ? if isNull sourcesFile then
+      { }
+    else
+      builtins.fromJSON (builtins.readFile sourcesFile), pkgs ? mkPkgs sources
+    }: rec {
+      # The sources, i.e. the attribute set of spec name to spec
+      inherit sources;
+
+      # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+      inherit pkgs;
+    };
+
+in mkSources (mkConfig { }) // {
+  __functor = _: settings: mkSources (mkConfig settings);
+}

pkgs/default.nix

@@ -1,11 +1,24 @@
-{ nixpkgs ? <nixpkgs>, self, super, ... }:
+{ config ? { }, system ? builtins.currentSystem, ... }@args:
 
 let
-  pkgs = import nixpkgs { };
+  sources = import ../nix/sources.nix;
+  pkgs = import sources.nixpkgs args;
+
   callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);
-  newpkgs = { 
-    linuxPackagesFor = kernel: (super.linuxPackagesFor kernel).extend (_: ksuper: {
-      vendor-reset = (callPackage ./vendor-reset {kernel = ksuper.kernel;}).out;
-    });
+
+  newpkgs = {
+    dino = callPackage "${sources.qyliss-nixlib}/overlays/patches/dino" {
+      inherit (pkgs) dino;
+    };
+
+    linuxPackagesFor = kernel:
+      (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
+        vendor-reset =
+          (callPackage ./vendor-reset { kernel = ksuper.kernel; }).out;
+      });
+
+    inherit callPackage;
+    appendOverlays = overlays: (pkgs.appendOverlays overlays) // newpkgs;
   };
-in newpkgs
+
+in pkgs // newpkgs

pkgs/vendor-reset/default.nix

@@ -3,10 +3,10 @@
 let
   version = "0.0.18";
   rev = "765b05cdbd4de854c05f771c954ecee0e019d734";
-  sha256 = "0ayn8128i0bfwzcmkn0x2alfplbsmvp0c63z56w11ywyysf342qw"; # TODO add this
-in
+  sha256 =
+    "0ayn8128i0bfwzcmkn0x2alfplbsmvp0c63z56w11ywyysf342qw"; # TODO add this
 
-stdenv.mkDerivation {
+in stdenv.mkDerivation {
   name = "vendor-reset-${version}-${kernel.version}";
   inherit version;
 
@@ -32,4 +32,4 @@ stdenv.mkDerivation {
     description = "Vendor Reset kernel module";
     homepage = "https://github.com/gnif/vendor-reset";
   };
-}
+}