configurations: refactor

commit a9bfd3b14473180ca00bb1c6339065ef2828e7bd
parent 41aa1a3063439e31a63f2a22b70db63a71fbf65a
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 16 Sep 2022 09:59:10 +0200

configurations: refactor

78 files changed, 554 insertions(+), 716 deletions(-)

configurations/common/darwin.nix

------------------------------------------

configurations/common/default.nix

+++++++++++-----------

configurations/programs/cli/ansible.nix -> configurations/common/programs/ansible.nix

configurations/common/programs/bash.nix

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

configurations/common/programs/git.nix

+++++++++++++++++++++++++++++++++

configurations/common/programs/gpg.nix

108

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

configurations/programs/cli/htop.nix -> configurations/common/programs/htop.nix

configurations/programs/cli/mcfly.nix -> configurations/common/programs/mcfly.nix

configurations/common/programs/micro.nix

+++++++++++++++++++++++

configurations/common/programs/network-utilities.nix

++++++++++++++++++++++++++

configurations/programs/cli/password-store.nix -> configurations/common/programs/password-store.nix

configurations/programs/cli/scripts.nix -> configurations/common/programs/scripts.nix

configurations/programs/cli/ssh.nix -> configurations/common/programs/ssh.nix

configurations/programs/cli/starship.nix -> configurations/common/programs/starship.nix

configurations/programs/cli/texlive.nix -> configurations/common/programs/texlive.nix

configurations/programs/cli/tmux.nix -> configurations/common/programs/tmux.nix

configurations/common/programs/utilities.nix

+++++++++++++++++++++++++++++++++++++++++++++++++

configurations/syncthing.nix -> configurations/common/syncthing-config.nix

configurations/darwin/appIcons.nix

+++++++++++++---------------------------------------

configurations/darwin/default.nix

++++++++++++++++++++++++++++++++++++++++++

configurations/darwin/syncthing.nix

configurations/common/linux.nix -> configurations/linux/default.nix

configurations/linux/desktop-sway.nix

+++++++++++++++++++++++++-------------------------

configurations/programs/alacritty.nix -> configurations/linux/programs/alacritty.nix

configurations/programs/ddcutil.nix -> configurations/linux/programs/ddcutil.nix

configurations/programs/firefox.nix -> configurations/linux/programs/firefox.nix

configurations/programs/gammastep.nix -> configurations/linux/programs/gammastep.nix

configurations/programs/gimp/default.nix -> configurations/linux/programs/gimp/default.nix

configurations/programs/gimp/remove-cc-reference.patch -> configurations/linux/programs/gimp/remove-cc-reference.patch

configurations/programs/imv.nix -> configurations/linux/programs/imv.nix

configurations/programs/libreoffice.nix -> configurations/linux/programs/libreoffice.nix

configurations/programs/mako.nix -> configurations/linux/programs/mako.nix

configurations/programs/mpv.nix -> configurations/linux/programs/mpv.nix

configurations/programs/physlock.nix -> configurations/linux/programs/physlock.nix

configurations/programs/sublime-text3.nix -> configurations/linux/programs/sublime-text3.nix

configurations/programs/sway.nix -> configurations/linux/programs/sway.nix

configurations/programs/swaylock.nix -> configurations/linux/programs/swaylock.nix

configurations/programs/systemd-lock-handler.nix -> configurations/linux/programs/systemd-lock-handler.nix

configurations/programs/thunar.nix -> configurations/linux/programs/thunar.nix

configurations/programs/thunderbird.nix -> configurations/linux/programs/thunderbird.nix

configurations/linux/programs/utilities.nix

++++++++++

configurations/programs/waybar/default.nix -> configurations/linux/programs/waybar/default.nix

configurations/programs/waybar/style.css -> configurations/linux/programs/waybar/style.css

configurations/programs/wofi/config -> configurations/linux/programs/wofi/config

configurations/programs/wofi/style.css -> configurations/linux/programs/wofi/style.css

configurations/services/avahi.nix -> configurations/linux/services/avahi.nix

configurations/services/dns/default.nix -> configurations/linux/services/dns.nix

configurations/programs/easyeffects.nix -> configurations/linux/services/easyeffects.nix

configurations/services/gvfs.nix -> configurations/linux/services/gvfs.nix

configurations/services/pipewire.nix -> configurations/linux/services/pipewire.nix

configurations/services/prometheus-node-exporter.nix -> configurations/linux/services/prometheus-node-exporter.nix

configurations/linux/services/restic-server.nix

+++++++++++++++++++++++++++++++++++++++

configurations/services/spotifyd.nix -> configurations/linux/services/spotifyd.nix

configurations/linux/services/syncthing-nginx.nix

++++++++++++++++++++++++++++

configurations/linux/services/syncthing.nix

+++++++++++++++++++++++++++++++++++++++

configurations/programs/usbmuxd.nix -> configurations/linux/services/usbmuxd.nix

configurations/programs/AusweisApp2.nix

-------------------------------

configurations/programs/archbox.nix

--------------------------------

configurations/programs/cli/bash.nix

-------------------------------------------------------------------------------

configurations/programs/cli/git.nix

---------------------------------

configurations/programs/cli/gpg.nix

110

-------------------------------------------------------------------------------

configurations/programs/cli/micro.nix

------------------------

configurations/programs/cli/network-utilities.nix

--------------------------

configurations/programs/cli/utilities.nix

--------------------------------------------------

configurations/programs/utilities.nix

---------

configurations/services/restic-server.nix

---------------------------------------

configurations/services/syncthing.nix

---------------------------------------

machines/desastro/configuration.nix

++++++++++----------------

machines/desastro/syncthing.nix

+----------------------

machines/hector/configuration.nix

++------

machines/lollo/configuration.nix

+++++-------

machines/lollo/syncthing.nix

----------------------------

machines/osterei/configuration.nix

+++++---------

machines/osterei/git/default.nix

machines/osterei/syncthing.nix

----------------------------

machines/wanderduene/configuration.nix

++------

modules/default.nix

machines/osterei/git/options.nix -> modules/linux/gitolite.nix

diff --git a/configurations/common/darwin.nix b/configurations/common/darwin.nix
@@ -1,42 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-
-  imports = [
-    ../darwin/systemSettings.nix
-    ../darwin/appSettings.nix
-    ../darwin/keyboard.nix
-    ../darwin/trackpad.nix
-    ../darwin/homebrew.nix
-    ../darwin/finder.nix
-    ../darwin/skhd.nix
-    ../darwin/yabai.nix
-    ../darwin/speakers.nix
-    ../darwin/syncthing.nix
-
-    ../programs/cli/gpg.nix
-    ../programs/cli/password-store.nix
-    ../programs/cli/texlive.nix
-  ];
-
-  services.nix-daemon.enable = true;
-
-  home-manager = {
-    useUserPackages = true;
-
-    users.leah.home.homeDirectory = lib.mkForce "/Users/leah/";
-    users.leah.home.packages      = with pkgs; [
-      bgiparser
-      asitop
-    ];
-  };
-
-  environment = {
-    loginShell     = "${pkgs.bashInteractive}/bin/bash";
-    shells         = [ pkgs.bashInteractive ];
-    systemPackages = with pkgs; [
-      bashInteractive
-    ];
-  };
-
-}

diff --git a/configurations/common/default.nix b/configurations/common/default.nix
@@ -7,25 +7,25 @@
       ../../pkgs
       ../../modules
 
-      ../programs/cli/bash.nix
-      ../programs/cli/micro.nix
-      ../programs/cli/tmux.nix
-      ../programs/cli/ssh.nix
-      ../programs/cli/git.nix
-      ../programs/cli/htop.nix
-      ../programs/cli/utilities.nix
-      ../programs/cli/network-utilities.nix
-      ../programs/cli/scripts.nix
+      ./programs/bash.nix
+      ./programs/micro.nix
+      ./programs/tmux.nix
+      ./programs/ssh.nix
+      ./programs/git.nix
+      ./programs/htop.nix
+      ./programs/utilities.nix
+      ./programs/network-utilities.nix
+      ./programs/scripts.nix
     ]
     (if (currentSystem == "x86_64-linux") then [
       inputs.home-manager.nixosModules.home-manager
 
-      ./linux.nix
+      ../linux
     ] else [])
     (if (currentSystem == "aarch64-darwin") then [
       inputs.home-manager.darwinModules.home-manager
 
-      ./darwin.nix
+      ../darwin
     ] else [])
   ]);

diff --git a/configurations/programs/cli/ansible.nix b/configurations/common/programs/ansible.nix

diff --git a/configurations/common/programs/bash.nix b/configurations/common/programs/bash.nix
@@ -0,0 +1,81 @@
+{ pkgs, lib, ... }:
+
+{
+  imports = [
+    ./starship.nix
+    ./mcfly.nix
+  ];
+
+  home-manager.users.leah = {
+    programs = {
+      bash = {
+        enable               = true;
+        enableVteIntegration = lib.mkIf pkgs.stdenv.isLinux true;
+
+        historyFileSize = 999999;
+        historyIgnore   = [ "ls" "clear" "exit" ];
+
+        shellAliases    = {
+          ".."         = "cd ..";
+          "..."        = "cd ../..";
+
+          ls           = "exa";
+          ll           = "exa -l";
+          la           = "exa -a";
+          lt           = "exa --tree";
+          lla          = "exa -la";
+
+          cat          = "bat -p";
+          grep         = "rg";
+          find         = "fd";
+
+          diff         = "diff --color";
+
+          killall      = "pkill";
+
+          reinitgit    = "rm -rf .git && git init && git add -A && git commit -m 'init'";
+
+          use          = "nix-shell -p ";
+
+          zzz          = (
+            if pkgs.stdenv.isLinux then
+              "sleep 1 && systemctl suspend"
+            else
+              "pmset sleepnow"
+          );
+
+          backup-garmin-activities = "garmin-backup --password \"$(pass garmin.com/garmin@ctu.cx)\" --backup-dir $HOME/proj/biketracks -f 'gpx' 'garmin@ctu.cx'";
+
+          backgrounditems     = "bgiparser -f  \"\$HOME/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm\" -c";
+
+          eval-system-config  = "nix-instantiate \"<nixpkgs/nixos>\" -A config.system.build.toplevel -I /etc/nixos/configuration.nix";
+
+          yt-dlp-audio        = "yt-dlp --format bestaudio -x --audio-format opus --add-metadata --embed-thumbnail";
+
+          nix-collect-garbage = "sudo nix-collect-garbage";
+        };
+
+        bashrcExtra = lib.mkIf pkgs.stdenv.isDarwin ''
+          if [ "$TERM" != "dumb" ]; then
+            source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh"
+            nullglobStatus=$(shopt -p nullglob)
+            shopt -s nullglob
+            for p in $NIX_PROFILES; do
+              for m in "$p/etc/bash_completion.d/"*; do
+                source $m
+              done
+            done
+            eval "$nullglobStatus"
+            unset nullglobStatus p m
+          fi
+
+          # Make bash check its window size after a process completes
+          shopt -s checkwinsize
+
+          eval "$(/opt/homebrew/bin/brew shellenv)"
+        '';
+
+      };
+    };
+  };
+}

diff --git a/configurations/common/programs/git.nix b/configurations/common/programs/git.nix
@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+
+{
+  home-manager.users.leah = {
+#    home.packages = [ pkgs.gitui ];
+
+    programs = {
+#      bash.shellAliases.lazygit = "gitui";
+
+      lazygit.enable = true;
+      git = {
+        enable    = true;
+
+        package = pkgs.gitFull;
+
+        userName  = "Leah (ctucx)";
+        userEmail = "git@ctu.cx";
+
+        delta.enable = true;
+
+        ignores = [
+          ".DS_Store"
+          "*.swp"
+        ];
+
+        aliases = {
+          log-gpg = "log --show-signature";
+          pfusch  = "push";
+        };
+      };
+    };
+  };
+}

diff --git a/configurations/common/programs/gpg.nix b/configurations/common/programs/gpg.nix
@@ -0,0 +1,108 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services = {
+    pcscd.enable  = (if pkgs.stdenv.isLinux then true else false);
+    udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []);
+    dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []);
+  };
+
+  home-manager.users.leah = {
+    home = {
+      packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ];
+
+      sessionVariables = {
+        GNUPGHOME     = "$HOME/.gnupg";
+        SSH_AUTH_SOCK = (
+          if pkgs.stdenv.isLinux then
+            "/run/user/1000/gnupg/S.gpg-agent.ssh"
+          else
+            null
+        );
+      };
+
+      shellAliases = {
+        gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye";
+      };
+
+      file = lib.mkIf pkgs.stdenv.isDarwin {
+        ".gnupg/gpg-agent.conf".text = ''
+          enable-ssh-support
+          pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac
+        '';
+      };
+    };
+
+    wayland.windowManager.sway.extraConfig = ''
+      exec_always 'gpgconf --kill gpg-agent'
+    '';
+
+    programs = {
+      gpg = {
+        enable       = true;
+        mutableTrust = false;
+        mutableKeys  = false;
+
+        publicKeys = [
+
+          # my own key
+          {
+            trust = "ultimate";
+            source = (pkgs.fetchurl {
+              url    = "https://ctu.cx/gpg_pubkey.asc";
+              sha256 = "sha256-xsLpZkcTDPpXrX9gRki5z13KxwBDznJr/mn9MZIo5CQ";
+            });
+          }
+
+          # f2k1de's key
+          {
+            trust = "full";
+            source = (pkgs.fetchurl {
+              url    = "https://f2k1.de/gpg-key.asc";
+              sha256 = "sha256-N5Y3knDtsF9KNnhHiRFTTtjvLkPEIMfFxYigh9z1fSI";
+            });
+          }
+
+        ];
+
+        settings = {
+          keyserver = "hkps://keyserver.ubuntu.com:443";
+        };
+
+        scdaemonSettings = {
+          disable-ccid = true;
+        };
+      };
+
+      git = {
+        signing = {
+          key           = "725B65F21DB1C2C4";
+          signByDefault = true;
+        };
+      };
+
+      bash.initExtra = lib.mkIf pkgs.stdenv.isDarwin ''
+        export GPG_TTY=$(tty)
+        export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+        gpgconf --launch gpg-agent
+      '';
+  	};
+
+    services = lib.mkIf pkgs.stdenv.isLinux {
+      gpg-agent = {
+        enable             = true;
+        enableSshSupport   = true;
+        enableExtraSocket  = true;
+
+        pinentryFlavor     = "gnome3";
+
+        defaultCacheTtl    = 600;
+        defaultCacheTtlSsh = 600;
+
+        sshKeys = [
+          "8C11B9BF8B535049F6C87A9CF0C595421E6B8798"
+        ];
+      };
+    };
+  };
+}

diff --git a/configurations/programs/cli/htop.nix b/configurations/common/programs/htop.nix

diff --git a/configurations/programs/cli/mcfly.nix b/configurations/common/programs/mcfly.nix

diff --git a/configurations/common/programs/micro.nix b/configurations/common/programs/micro.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, ... }:
+
+{
+  home-manager.users.leah = {
+    home = {
+      packages = (
+        if pkgs.stdenv.isLinux then
+          [
+            (pkgs.micro.overrideAttrs(oldAttrs: {
+              postInstall = "";
+            }))
+          ]
+        else
+          [
+            pkgs.micro
+          ]
+      );
+
+      sessionVariables.EDITOR = "micro";
+      shellAliases.nano       = "micro";
+    };
+  };
+}

diff --git a/configurations/common/programs/network-utilities.nix b/configurations/common/programs/network-utilities.nix
@@ -0,0 +1,26 @@
+{ pkgs, lib, ... }:
+
+{
+
+  programs.mtr.enable        = (if pkgs.stdenv.isLinux then true else false);
+  programs.traceroute.enable = (if pkgs.stdenv.isLinux then true else false);
+
+  home-manager.users.leah.home = {
+    packages = with pkgs; [
+      dnsutils
+      whois
+      nmap-unfree
+      tcpdump
+    ] ++ (if pkgs.stdenv.isDarwin then [
+      mtr
+      spoof-mac
+    ] else [
+      macchanger
+    ]);
+
+    shellAliases = lib.mkIf pkgs.stdenv.isDarwin {
+      mtr = "sudo mtr";
+    };
+  };
+
+}

diff --git a/configurations/programs/cli/password-store.nix b/configurations/common/programs/password-store.nix

diff --git a/configurations/programs/cli/scripts.nix b/configurations/common/programs/scripts.nix

diff --git a/configurations/programs/cli/ssh.nix b/configurations/common/programs/ssh.nix

diff --git a/configurations/programs/cli/starship.nix b/configurations/common/programs/starship.nix

diff --git a/configurations/programs/cli/texlive.nix b/configurations/common/programs/texlive.nix

diff --git a/configurations/programs/cli/tmux.nix b/configurations/common/programs/tmux.nix

diff --git a/configurations/common/programs/utilities.nix b/configurations/common/programs/utilities.nix
@@ -0,0 +1,49 @@
+{ pkgs, ... }:
+
+{
+  home-manager.users.leah = {
+    home = {
+      packages = with pkgs; [
+        colmena
+        agenix
+        age
+
+        wget
+        curl
+        rsync
+
+        yt-dlp
+        (pkgs.writeShellScriptBin "youtube-dl" ''
+          exec ${pkgs.yt-dlp}/bin/yt-dlp --compat-options youtube-dl "$@"
+        '')
+
+        exa
+        bat
+        ripgrep
+        fd
+        file
+        bc
+
+        unzip
+
+        smartmontools
+
+        phockup
+        garminexport
+      ] ++ (if pkgs.stdenv.isLinux then [
+        usbutils
+        pciutils
+
+        lm_sensors
+
+        gptfdisk
+      ] else []);
+    };
+
+    programs = {
+      bat.enable      = true;
+
+      jq.enable       = true;
+    };
+  };
+}

diff --git a/configurations/syncthing.nix b/configurations/common/syncthing-config.nix

diff --git a/configurations/darwin/appIcons.nix b/configurations/darwin/appIcons.nix
@@ -31,48 +31,22 @@ let
     end setIcon
   '';
 
-  TelegramAppIcon       = pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/8f18e7156bb932429ec99016d765f95a_Telegram.icns";       sha256 = "sha256-lPsU5ih/ubg1NJHsrOr1SqgQQ4WN2BKacd5fp26gZa4"; }; 
-  coconutBatteryAppIcon = pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/740fe98d7cb4e087ef45459d60a2b745_coconutBattery.icns"; sha256 = "sha256-Yxg0LBf+7Rdx1Fvwib3I3UnoVC0bwjb7r9r8Cj3I4Pc"; };
-  LibreOfficeAppIcon    = pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/ce3097d5c5ce2322c7a868ed29f61cd8_Libre_Office.icns";   sha256 = "sha256-g78sDw366lkiJKfS6pgeTjxrpX2mSROkNTXmLaBZw1c"; };
-  FirefoxAppIcon        = pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/3e2e434eb31e1d096e4fe6d87857ad0b_Firefox.icns";        sha256 = "sha256-0XU8hgUm8oBs5TrApHqE1yfYD8rzC55NxC2b+v3eg74"; };
-  ThunderbirdAppIcon    = pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/d05f6c9df12594a119f87ba6b30d663f_Thunderbird.icns";    sha256 = "sha256-3mW22LfQQ+rAMki5LgnvlG3fa2Ct8EefYP4rQqI9HoI"; };
+  apps = {
+    "Telegram.app"       = (pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/8f18e7156bb932429ec99016d765f95a_Telegram.icns";       sha256 = "sha256-lPsU5ih/ubg1NJHsrOr1SqgQQ4WN2BKacd5fp26gZa4"; });
+    "coconutBattery.app" = (pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/740fe98d7cb4e087ef45459d60a2b745_coconutBattery.icns"; sha256 = "sha256-Yxg0LBf+7Rdx1Fvwib3I3UnoVC0bwjb7r9r8Cj3I4Pc"; });
+    "LibreOffice.app"    = (pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/ce3097d5c5ce2322c7a868ed29f61cd8_Libre_Office.icns";   sha256 = "sha256-g78sDw366lkiJKfS6pgeTjxrpX2mSROkNTXmLaBZw1c"; });
+    "Firefox.app"        = (pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/3e2e434eb31e1d096e4fe6d87857ad0b_Firefox.icns";        sha256 = "sha256-0XU8hgUm8oBs5TrApHqE1yfYD8rzC55NxC2b+v3eg74"; });
+    "Thunderbird.app"    = (pkgs.fetchurl { url = "https://media.macosicons.com/parse/files/macOSicons/d05f6c9df12594a119f87ba6b30d663f_Thunderbird.icns";    sha256 = "sha256-3mW22LfQQ+rAMki5LgnvlG3fa2Ct8EefYP4rQqI9HoI"; });
+  };
 
 in {
 
-  system.activationScripts.postActivation.text = ''
-    #
-    # Update app-icons
-    #
-
-    # Telegram
-    if [ ! -e $'/Applications/Telegram.app/Icon\r' ]; then
-      echo -n "Update Telegram.app Icon: "
-      ${setIcon} ${TelegramAppIcon} /Applications/Telegram.app;
-    fi
-
-    # coconutBattery
-    if [ ! -e $'/Applications/coconutBattery.app/Icon\r' ]; then
-      echo -n "Update coconutBattery.app Icon: "
-      ${setIcon} ${coconutBatteryAppIcon} /Applications/coconutBattery.app;
-    fi
-
-    # LibreOffice
-    if [ ! -e $'/Applications/LibreOffice.app/Icon\r' ]; then
-      echo -n "Update LibreOffice.app Icon: "
-      ${setIcon} ${LibreOfficeAppIcon} /Applications/LibreOffice.app;
+  system.activationScripts.postActivation.text = (lib.concatStringsSep "\n\n" (lib.mapAttrsToList (app: icon: ''
+    # Change app-icon for: ${app}
+    if [ ! -e $'/Applications/${app}/Icon\r' ]; then
+      echo -n "Update ${app} Icon: "
+      ${setIcon} ${icon} /Applications/${app};
     fi
-
-    # Firefox
-    if [ ! -e $'/Applications/Firefox.app/Icon\r' ]; then
-      echo -n "Update Firefox.app Icon: "
-      ${setIcon} ${FirefoxAppIcon} /Applications/Firefox.app;
-    fi
-
-    # Thunderbird
-    if [ ! -e $'/Applications/Thunderbird.app/Icon\r' ]; then
-      echo -n "Update Thunderbird.app Icon: "
-      ${setIcon} ${ThunderbirdAppIcon} /Applications/Thunderbird.app;
-    fi
-  '';
+  '') apps));
 
 }

diff --git a/configurations/darwin/default.nix b/configurations/darwin/default.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  imports = [
+    ./systemSettings.nix
+    ./appSettings.nix
+    ./keyboard.nix
+    ./trackpad.nix
+    ./homebrew.nix
+    ./finder.nix
+    ./skhd.nix
+    ./yabai.nix
+    ./speakers.nix
+    ./syncthing.nix
+
+    ../common/programs/gpg.nix
+    ../common/programs/password-store.nix
+    ../common/programs/texlive.nix
+  ];
+
+  services.nix-daemon.enable = true;
+
+  home-manager = {
+    useUserPackages = true;
+
+    users.leah.home.homeDirectory = lib.mkForce "/Users/leah/";
+    users.leah.home.packages      = with pkgs; [
+      bgiparser
+      asitop
+    ];
+  };
+
+  environment = {
+    loginShell     = "${pkgs.bashInteractive}/bin/bash";
+    shells         = [ pkgs.bashInteractive ];
+    systemPackages = with pkgs; [
+      bashInteractive
+    ];
+  };
+
+}

diff --git a/configurations/darwin/syncthing.nix b/configurations/darwin/syncthing.nix
@@ -1,7 +1,7 @@
 { inputs, pkgs, config, lib, ... }:
 
 let
-  syncthingConfig = import ../../configurations/syncthing.nix { inherit inputs; inherit pkgs; inherit config; inherit lib; };
+  syncthingConfig = import ../common/syncthing-config.nix { inherit inputs pkgs config lib; };
 
 in {

diff --git a/configurations/common/linux.nix b/configurations/linux/default.nix

diff --git a/configurations/linux/desktop-sway.nix b/configurations/linux/desktop-sway.nix
@@ -1,6 +1,7 @@
 { config, lib, pkgs, home-manager, ... }:
 
 {
+
   nixpkgs.config.allowUnfree = true;
   environment.noXlibs        = false;
 

@@ -46,41 +47,40 @@
     ./qt.nix
     ./xdg.nix
 
-    ../programs/systemd-lock-handler.nix
+    ./programs/systemd-lock-handler.nix
 
-    ../programs/cli/gpg.nix
-    ../programs/cli/password-store.nix
+    ../common/programs/gpg.nix
+    ../common/programs/password-store.nix
+    ../common/programs/ansible.nix
+    ../common/programs/texlive.nix
 
-    ../services/pipewire.nix
-    ../programs/easyeffects.nix
-    ../programs/usbmuxd.nix
+    ./services/pipewire.nix
+    ./services/easyeffects.nix
+    ./services/usbmuxd.nix
 
-    ../programs/sway.nix
+    ./programs/sway.nix
 
-    ../programs/swaylock.nix
-    ../programs/gammastep.nix
-    ../programs/waybar
-    ../programs/mako.nix
-    ../programs/AusweisApp2.nix
+    ./programs/swaylock.nix
+    ./programs/gammastep.nix
+    ./programs/waybar
+    ./programs/mako.nix
 
-    ../programs/alacritty.nix
+    ./programs/alacritty.nix
 
-    ../programs/firefox.nix
-    ../programs/thunderbird.nix
+    ./programs/firefox.nix
+    ./programs/thunderbird.nix
 
-    ../programs/mpv.nix
-    ../programs/imv.nix
+    ./programs/mpv.nix
+    ./programs/imv.nix
 
-    ../programs/cli/ansible.nix
-    ../programs/cli/texlive.nix
-    ../programs/sublime-text3.nix
-    ../programs/libreoffice.nix
-    ../programs/gimp
+    ./programs/sublime-text3.nix
+    ./programs/libreoffice.nix
+    ./programs/gimp
 
-    ../programs/thunar.nix
-    ../programs/utilities.nix
+    ./programs/thunar.nix
+    ./programs/utilities.nix
 
-    ../services/syncthing.nix
+    ./services/syncthing.nix
   ];
 
 }

diff --git a/configurations/programs/alacritty.nix b/configurations/linux/programs/alacritty.nix

diff --git a/configurations/programs/ddcutil.nix b/configurations/linux/programs/ddcutil.nix

diff --git a/configurations/programs/firefox.nix b/configurations/linux/programs/firefox.nix

diff --git a/configurations/programs/gammastep.nix b/configurations/linux/programs/gammastep.nix

diff --git a/configurations/programs/gimp/default.nix b/configurations/linux/programs/gimp/default.nix

diff --git a/configurations/programs/gimp/remove-cc-reference.patch b/configurations/linux/programs/gimp/remove-cc-reference.patch

diff --git a/configurations/programs/imv.nix b/configurations/linux/programs/imv.nix

diff --git a/configurations/programs/libreoffice.nix b/configurations/linux/programs/libreoffice.nix

diff --git a/configurations/programs/mako.nix b/configurations/linux/programs/mako.nix

diff --git a/configurations/programs/mpv.nix b/configurations/linux/programs/mpv.nix

diff --git a/configurations/programs/physlock.nix b/configurations/linux/programs/physlock.nix

diff --git a/configurations/programs/sublime-text3.nix b/configurations/linux/programs/sublime-text3.nix

diff --git a/configurations/programs/sway.nix b/configurations/linux/programs/sway.nix

diff --git a/configurations/programs/swaylock.nix b/configurations/linux/programs/swaylock.nix

diff --git a/configurations/programs/systemd-lock-handler.nix b/configurations/linux/programs/systemd-lock-handler.nix

diff --git a/configurations/programs/thunar.nix b/configurations/linux/programs/thunar.nix

diff --git a/configurations/programs/thunderbird.nix b/configurations/linux/programs/thunderbird.nix

diff --git a/configurations/linux/programs/utilities.nix b/configurations/linux/programs/utilities.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  home-manager.users.leah = {
+    home.packages = with pkgs; [
+      pavucontrol
+      AusweisApp2
+    ];
+  };
+}

diff --git a/configurations/programs/waybar/default.nix b/configurations/linux/programs/waybar/default.nix

diff --git a/configurations/programs/waybar/style.css b/configurations/linux/programs/waybar/style.css

diff --git a/configurations/programs/wofi/config b/configurations/linux/programs/wofi/config

diff --git a/configurations/programs/wofi/style.css b/configurations/linux/programs/wofi/style.css

diff --git a/configurations/services/avahi.nix b/configurations/linux/services/avahi.nix

diff --git a/configurations/services/dns/default.nix b/configurations/linux/services/dns.nix

diff --git a/configurations/programs/easyeffects.nix b/configurations/linux/services/easyeffects.nix

diff --git a/configurations/services/gvfs.nix b/configurations/linux/services/gvfs.nix

diff --git a/configurations/services/pipewire.nix b/configurations/linux/services/pipewire.nix

diff --git a/configurations/services/prometheus-node-exporter.nix b/configurations/linux/services/prometheus-node-exporter.nix

diff --git a/configurations/linux/services/restic-server.nix b/configurations/linux/services/restic-server.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ...}:
+
+{
+
+  age.secrets.restic-server-htpasswd = {
+    file  = ../../../secrets + "/${config.networking.hostName}/restic-server-htpasswd.age";
+    owner = "nginx";
+  };
+
+  dns.zones."${config.networking.domain}".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
+
+  systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ];
+
+  services = {
+    restic.server = {
+      enable     = true;
+      appendOnly = true;
+      extraFlags = [ "--no-auth" ];
+      dataDir    = "/var/lib/restic";
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."restic.${config.networking.fqdn}" = {
+        enableACME = true;
+        forceSSL   = true;
+        locations."/" = {
+          proxyPass   = "http://127.0.0.1:8000/";
+          extraConfig = ''
+            client_max_body_size 10G;
+            auth_basic           Auth;
+            auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path};
+          '';
+        };
+      };
+    };
+  };
+
+}

diff --git a/configurations/services/spotifyd.nix b/configurations/linux/services/spotifyd.nix

diff --git a/configurations/linux/services/syncthing-nginx.nix b/configurations/linux/services/syncthing-nginx.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports = [
+    ./syncthing.nix
+  ];
+
+  dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
+
+  systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ];
+
+  services = {
+    syncthing = {
+      guiAddress = "127.0.0.1:8384";
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."syncthing.${config.networking.fqdn}" = {
+        enableACME = true;
+        forceSSL   = true;
+        locations."/".proxyPass = "http://127.0.0.1:8384/";
+      };
+    };
+  };
+
+}

diff --git a/configurations/linux/services/syncthing.nix b/configurations/linux/services/syncthing.nix
@@ -0,0 +1,39 @@
+{ inputs, config, pkgs, lib, ... }:
+
+let
+  syncthingConfig = import ../../common/syncthing-config.nix { inherit inputs pkgs config lib; };
+
+in {
+
+  age.secrets = {
+    syncthing-key = {
+      file  = ../../../secrets + "/${config.networking.hostName}/syncthing/key.age";
+      owner = "leah";
+    };
+    syncthing-cert = {
+      file  = ../../../secrets + "/${config.networking.hostName}/syncthing/cert.age";
+      owner = "leah";
+    };
+  };
+
+  services = {
+    syncthing = {
+      enable           = true;
+      openDefaultPorts = true;
+
+      user             = "leah";
+      group            = "users";
+
+      key              = config.age.secrets.syncthing-key.path;
+      cert             = config.age.secrets.syncthing-cert.path;
+
+      dataDir          = syncthingConfig.dataDir;
+      configDir        = "/home/leah/.config/syncthing";
+
+      devices          = syncthingConfig.devices;
+
+      folders          = syncthingConfig.folders;
+
+    };
+  };
+}

diff --git a/configurations/programs/usbmuxd.nix b/configurations/linux/services/usbmuxd.nix

diff --git a/configurations/programs/AusweisApp2.nix b/configurations/programs/AusweisApp2.nix
@@ -1,31 +0,0 @@
-{ pkgs, ... }:
-
-{
-  home-manager.users.leah = {
-    home.packages = with pkgs; [
-      AusweisApp2
-    ];
-
-    systemd.user.services.AusweisApp2 = {
-      Unit = {
-        After  = [ "graphical-session-pre.target" ];
-        PartOf = [ "graphical-session.target" ];
-      };
-
-      Service = {
-        Environment = "PATH=/run/wrappers/bin:/home/leah/.nix-profile/bin:/etc/profiles/per-user/leah/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin";
-        ExecStart = "${pkgs.AusweisApp2}/bin/AusweisApp2";
-        Restart = "always";
-        RestartSec = 5;
-      };
-
-      Install = {
-        WantedBy = [ "graphical-session.target" ];
-      };
-    };
-
-    wayland.windowManager.sway.extraConfig = ''
-      exec_always 'systemctl --user restart AusweisApp2'
-    '';
-  };
-}

diff --git a/configurations/programs/archbox.nix b/configurations/programs/archbox.nix
@@ -1,32 +0,0 @@
-{ pkgs, ... }:
-
-let
-    archbox = pkgs.stdenv.mkDerivation rec {
-        name = "archbox";
-        src = pkgs.fetchFromGitHub {
-            owner = "lemniskett";
-            repo = "archbox";
-            rev = "6ab44021605ff7592692562871aa654eec1ed6bb";
-            sha256 = "0qgar6w2q1wsglx3zyj02mygypxs6bplrj43k61bkwz9g9d31yw5";
-        };
-        sourceRoot = ".";
-        installPhase = ''
-            mkdir -p $out
-            cd source
-            export FORCE_INSTALL_CONFIG=1
-            export ETC_DIR=$out/etc
-            export PREFIX=$out
-            export ARCHBOX_USER=your_user_here
-            export MOUNT_RUN=no
-            ${pkgs.bash}/bin/bash install.sh
-        '';
-    };
-in
-{
-    home-manager.users.leah.home.packages = [ archbox ];
-    environment.etc = {
-        "archbox.conf" = {
-            source = "${archbox}/etc/archbox.conf";
-        };
-    };
-}

diff --git a/configurations/programs/cli/bash.nix b/configurations/programs/cli/bash.nix
@@ -1,82 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
-  imports = [
-    ./starship.nix
-    ./mcfly.nix
-  ];
-
-  home-manager.users.leah = {
-    programs = {
-      bash = {
-        enable               = true;
-        enableVteIntegration = lib.mkIf pkgs.stdenv.isLinux true;
-
-        historyFileSize = 999999;
-        historyIgnore   = [ "ls" "clear" "exit" ];
-
-        shellAliases    = {
-          ".."         = "cd ..";
-          "..."        = "cd ../..";
-
-          ls           = "exa";
-          ll           = "exa -l";
-          la           = "exa -a";
-          lt           = "exa --tree";
-          lla          = "exa -la";
-
-          cat          = "bat -p";
-          grep         = "rg";
-          find         = "fd";
-          nano         = "micro";
-
-          diff         = "diff --color";
-
-          killall      = "pkill";
-
-          reinitgit    = "rm -rf .git && git init && git add -A && git commit -m 'init'";
-
-          use          = "nix-shell -p ";
-
-          zzz          = (
-            if pkgs.stdenv.isLinux then
-              "sleep 1 && systemctl suspend"
-            else
-              "pmset sleepnow"
-          );
-
-          backup-garmin-activities = "garmin-backup --password \"$(pass garmin.com/garmin@ctu.cx)\" --backup-dir $HOME/proj/biketracks -f 'gpx' 'garmin@ctu.cx'";
-
-          backgrounditems     = "bgiparser -f  \"\$HOME/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm\" -c";
-
-          eval-system-config  = "nix-instantiate \"<nixpkgs/nixos>\" -A config.system.build.toplevel -I /etc/nixos/configuration.nix";
-
-          yt-dlp-audio        = "yt-dlp --format bestaudio -x --audio-format opus --add-metadata --embed-thumbnail";
-
-          nix-collect-garbage = "sudo nix-collect-garbage";
-        };
-
-        bashrcExtra = lib.mkIf pkgs.stdenv.isDarwin ''
-          if [ "$TERM" != "dumb" ]; then
-            source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh"
-            nullglobStatus=$(shopt -p nullglob)
-            shopt -s nullglob
-            for p in $NIX_PROFILES; do
-              for m in "$p/etc/bash_completion.d/"*; do
-                source $m
-              done
-            done
-            eval "$nullglobStatus"
-            unset nullglobStatus p m
-          fi
-
-          # Make bash check its window size after a process completes
-          shopt -s checkwinsize
-
-          eval "$(/opt/homebrew/bin/brew shellenv)"
-        '';
-
-      };
-    };
-  };
-}

diff --git a/configurations/programs/cli/git.nix b/configurations/programs/cli/git.nix
@@ -1,33 +0,0 @@
-{ pkgs, ... }:
-
-{
-  home-manager.users.leah = {
-#    home.packages = [ pkgs.gitui ];
-
-    programs = {
-#      bash.shellAliases.lazygit = "gitui";
-
-      lazygit.enable = true;
-      git = {
-        enable    = true;
-
-        package = pkgs.gitFull;
-
-        userName  = "Leah (ctucx)";
-        userEmail = "leah@ctu.cx";
-
-        delta.enable = true;
-
-        ignores = [
-          ".DS_Store"
-          "*.swp"
-        ];
-
-        aliases = {
-          log-gpg = "log --show-signature";
-          pfusch  = "push";
-        };
-      };
-    };
-  };
-}

diff --git a/configurations/programs/cli/gpg.nix b/configurations/programs/cli/gpg.nix
@@ -1,110 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services = {
-    pcscd.enable  = (if pkgs.stdenv.isLinux then true else false);
-    udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []);
-    dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []);
-  };
-
-  home-manager.users.leah = {
-    home = {
-      packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ];
-
-      sessionVariables = {
-        GNUPGHOME     = "$HOME/.gnupg";
-        SSH_AUTH_SOCK = (
-          if pkgs.stdenv.isLinux then
-            "/run/user/1000/gnupg/S.gpg-agent.ssh"
-          else
-            null
-        );
-      };
-
-      file = lib.mkIf pkgs.stdenv.isDarwin {
-        ".gnupg/gpg-agent.conf".text = ''
-          enable-ssh-support
-          pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac
-        '';
-      };
-    };
-
-    wayland.windowManager.sway.extraConfig = ''
-      exec_always 'gpgconf --kill gpg-agent'
-    '';
-
-    programs = {
-      gpg = {
-        enable       = true;
-        mutableTrust = false;
-        mutableKeys  = false;
-
-        publicKeys = [
-
-          # my own key
-          {
-            trust = "ultimate";
-            source = (pkgs.fetchurl {
-              url    = "https://ctu.cx/gpg_pubkey.asc";
-              sha256 = "sha256-xsLpZkcTDPpXrX9gRki5z13KxwBDznJr/mn9MZIo5CQ";
-            });
-          }
-
-          # f2k1de's key
-          {
-            trust = "full";
-            source = (pkgs.fetchurl {
-              url    = "https://f2k1.de/gpg-key.asc";
-              sha256 = "sha256-N5Y3knDtsF9KNnhHiRFTTtjvLkPEIMfFxYigh9z1fSI";
-            });
-          }
-
-        ];
-
-        settings = {
-          keyserver = "hkps://keyserver.ubuntu.com:443";
-        };
-
-        scdaemonSettings = {
-          disable-ccid = true;
-        };
-      };
-
-      git = {
-        signing = {
-          key           = "725B65F21DB1C2C4";
-          signByDefault = true;
-        };
-      };
-
-      bash = {
-        initExtra = lib.mkIf pkgs.stdenv.isDarwin ''
-          export GPG_TTY=$(tty)
-          export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
-          gpgconf --launch gpg-agent
-        '';
-
-        shellAliases = {
-          gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye";
-        };
-      };
-	};
-
-    services = lib.mkIf pkgs.stdenv.isLinux {
-      gpg-agent = {
-        enable             = true;
-        enableSshSupport   = true;
-        enableExtraSocket  = true;
-
-        pinentryFlavor     = "gnome3";
-
-        defaultCacheTtl    = 600;
-        defaultCacheTtlSsh = 600;
-
-        sshKeys = [
-          "8C11B9BF8B535049F6C87A9CF0C595421E6B8798"
-        ];
-      };
-    };
-  };
-}

diff --git a/configurations/programs/cli/micro.nix b/configurations/programs/cli/micro.nix
@@ -1,24 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
-  home-manager.users.leah = {
-    home = {
-      packages = (
-        if pkgs.stdenv.isLinux then
-          [
-            (pkgs.micro.overrideAttrs(oldAttrs: {
-              postInstall = "";
-            }))
-          ]
-        else 
-          [
-            pkgs.micro
-          ]
-      );
-
-      sessionVariables = {
-        EDITOR        = "micro";
-      };
-    };
-  };
-}

diff --git a/configurations/programs/cli/network-utilities.nix b/configurations/programs/cli/network-utilities.nix
@@ -1,26 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
-
-  programs.mtr.enable        = (if pkgs.stdenv.isLinux then true else false);
-  programs.traceroute.enable = (if pkgs.stdenv.isLinux then true else false);
-
-  home-manager.users.leah = {
-    home.packages = with pkgs; [
-      dnsutils
-      whois
-      nmap-unfree
-      tcpdump
-    ] ++ (if pkgs.stdenv.isDarwin then [
-      mtr
-      spoof-mac
-    ] else [
-      macchanger
-    ]);
-
-    programs.bash.shellAliases = lib.mkIf pkgs.stdenv.isDarwin {
-      mtr = "sudo mtr";
-    };
-  };
-
-}

diff --git a/configurations/programs/cli/utilities.nix b/configurations/programs/cli/utilities.nix
@@ -1,50 +0,0 @@
-{ pkgs, ... }:
-
-{
-  home-manager.users.leah = {
-    home = {
-      packages = with pkgs; [
-        colmena
-        agenix
-
-        wget
-        curl
-        rsync
-
-        yt-dlp
-        (pkgs.writeShellScriptBin "youtube-dl" ''
-          exec ${pkgs.yt-dlp}/bin/yt-dlp --compat-options youtube-dl "$@"
-        '')
-
-        exa
-        bat
-        ripgrep
-        fd
-        file
-        bc
-
-        age
-
-        unzip
-
-        smartmontools
-
-        phockup
-        garminexport
-      ] ++ (if pkgs.stdenv.isLinux then [
-        usbutils
-        pciutils
-
-        lm_sensors
-
-        gptfdisk
-      ] else []);
-    };
-
-    programs = {
-      bat.enable      = true;
-
-      jq.enable       = true;
-    };
-  };
-}

diff --git a/configurations/programs/utilities.nix b/configurations/programs/utilities.nix
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
-  home-manager.users.leah = {
-    home.packages = with pkgs; [
-      pavucontrol
-    ];
-  };
-}

diff --git a/configurations/services/restic-server.nix b/configurations/services/restic-server.nix
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ...}:
-
-{
-
-  age.secrets.restic-server-htpasswd = {
-    file  = ../../secrets + "/${config.networking.hostName}/restic-server-htpasswd.age";
-    owner = "nginx";
-  };
-
-  dns.zones."${config.networking.domain}".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
-
-  systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ];
-
-  services = {
-    restic.server = {
-      enable     = true;
-      appendOnly = true;
-      extraFlags = [ "--no-auth" ];
-      dataDir    = "/var/lib/restic";
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts."restic.${config.networking.fqdn}" = {
-        enableACME = true;
-        forceSSL   = true;
-        locations."/" = {
-          proxyPass   = "http://127.0.0.1:8000/";
-          extraConfig = ''
-            client_max_body_size 10G;
-            auth_basic           Auth;
-            auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path};
-          '';
-        };
-      };
-    };
-  };
-
-}

diff --git a/configurations/services/syncthing.nix b/configurations/services/syncthing.nix
@@ -1,39 +0,0 @@
-{ inputs, config, pkgs, lib, ... }:
-
-let
-  syncthingConfig = import ../syncthing.nix { inherit inputs pkgs config lib; };
-
-in {
-
-  age.secrets = {
-    syncthing-key = {
-      file  = ../../secrets + "/${config.networking.hostName}/syncthing/key.age";
-      owner = "leah";
-    };
-    syncthing-cert = {
-      file  = ../../secrets + "/${config.networking.hostName}/syncthing/cert.age";
-      owner = "leah";
-    };
-  };
-
-  services = {
-    syncthing = {
-      enable           = true;
-      openDefaultPorts = true;
-
-      user             = "leah";
-      group            = "users";
-
-      key              = config.age.secrets.syncthing-key.path;
-      cert             = config.age.secrets.syncthing-cert.path;
-
-      dataDir          = syncthingConfig.dataDir;
-      configDir        = "/home/leah/.config/syncthing";
-
-      devices          = syncthingConfig.devices;
-
-      folders          = syncthingConfig.folders;
-
-    };
-  };
-}

diff --git a/machines/desastro/configuration.nix b/machines/desastro/configuration.nix
@@ -2,15 +2,13 @@
 
 {
 
-  deployment = {
-    tags = [ "servers" "router" ];
-  };
+  deployment.tags = [ "router" ];
 
   imports = [
     ./hardware-configuration.nix
 
-    ../../configurations/services/prometheus-node-exporter.nix
-    ../../configurations/services/restic-server.nix
+    ../../configurations/linux/services/prometheus-node-exporter.nix
+    ../../configurations/linux/services/restic-server.nix
 
     ./syncthing.nix
   ];

@@ -36,9 +34,7 @@
         authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
       };
 
-      postCommands = ''
-        echo 'cryptsetup-askpass' >> /root/.profile
-      '';
+      postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
     };
   };
 

@@ -48,10 +44,10 @@
   dns.zones."ctu.cx".subdomains.desastro.CNAME = [ "desastro.wolfsburg.petabyte.dev." ];
 
   networking = {
-    useDHCP                          = false;
-	resolvconf.useLocalResolver      = lib.mkForce false;
+    useDHCP                     = false;
+    resolvconf.useLocalResolver = lib.mkForce false;
 
-    interfaces.enp1s0.useDHCP        = true;
+    interfaces.enp1s0.useDHCP   = true;
 
     wireguard = {
       enable = true;

@@ -64,16 +60,14 @@
 
         peers = [
           {
-	        allowedIPs = [ "195.39.246.32/28" "2a0f:4ac0:acab::1/62" ];
-	        publicKey  = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY=";
+            allowedIPs = [ "195.39.246.32/28" "2a0f:4ac0:acab::1/62" ];
+            publicKey  = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY=";
           }
         ];
       };
     };
 
-    firewall = {
-      allowedUDPPorts = [ 51820 ];
-    };
+    firewall.allowedUDPPorts = [ 51820 ];
   };
 
   services = {

diff --git a/machines/desastro/syncthing.nix b/machines/desastro/syncthing.nix
@@ -20,11 +20,9 @@ let
 in {
 
   imports = [
-    ../../configurations/services/syncthing.nix
+    ../../configurations/linux/services/syncthing-nginx.nix
   ];
 
-  dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
-
   age.secrets = lib.mapAttrs' (
     name: path: lib.nameValuePair "restic-syncthing-${name}" {
       file = ../../secrets/desastro/restic + "/syncthing-${name}.age";

@@ -46,23 +44,4 @@ in {
       targets      = [ "hector.ctu.cx" ];
     }
   ) backups;
-
-  services = {
-    syncthing = {
-      guiAddress = "0.0.0.0:8384";
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts."syncthing.desastro.ctu.cx" = {
-        enableACME = true;
-        forceSSL   = true;
-        locations."/" = {
-          proxyPass   = "http://127.0.0.1:8384/";
-        };
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts  = [ 80 443 ];
 }

diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix
@@ -2,15 +2,11 @@
 
 {
 
-  deployment = {
-    tags = [ "servers" ];
-  };
-
   imports = [
     ./hardware-configuration.nix
 
-    ../../configurations/services/prometheus-node-exporter.nix
-    ../../configurations/services/restic-server.nix
+    ../../configurations/linux/services/prometheus-node-exporter.nix
+    ../../configurations/linux/services/restic-server.nix
   ];
 
   boot = {

diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -2,9 +2,7 @@
 
 {
 
-  deployment = {
-    tags = [ "servers" "router" ];
-  };
+  deployment.tags = [ "router" ];
 
   imports = [
     ./hardware-configuration.nix

@@ -13,13 +11,13 @@
     ./smarthome
     ./websites
 
-    ../../configurations/programs/usbmuxd.nix
+    ../../configurations/linux/services/usbmuxd.nix
 
-    ../../configurations/services/prometheus-node-exporter.nix
-    ../../configurations/services/restic-server.nix
+    ../../configurations/linux/services/prometheus-node-exporter.nix
+    ../../configurations/linux/services/restic-server.nix
+    ../../configurations/linux/services/syncthing-nginx.nix
 
     ./backup-vnstat.nix
-    ./syncthing.nix
     ./gotosocial.nix
     ./scanner-sftp.nix
     ./airsane.nix

diff --git a/machines/lollo/syncthing.nix b/machines/lollo/syncthing.nix
@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
-  imports = [
-    ../../configurations/services/syncthing.nix
-  ];
-
-  dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
-
-  systemd.services.sycnthing.onFailure = [ "email-notify@%i.service" ];
-
-  services = {
-    syncthing = {
-      guiAddress = "0.0.0.0:8384";
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts."syncthing.${config.networking.fqdn}" = {
-        enableACME = true;
-        forceSSL   = true;
-        locations."/".proxyPass = "http://127.0.0.1:8384/";
-      };
-    };
-  };
-
-}

diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix
@@ -2,27 +2,23 @@
 
 {
 
-  deployment = {
-    tags = [ "servers" ];
-  };
-
   imports = [
     ./hardware-configuration.nix
 
     # dns server
-    ../../configurations/services/dns
+    ../../configurations/linux/services/dns.nix
+
+    # syncthing
+    ../../configurations/linux/services/syncthing-nginx.nix
 
     # monitoring
-    ../../configurations/services/prometheus-node-exporter.nix
+    ../../configurations/linux/services/prometheus-node-exporter.nix
     ./prometheus.nix
     ./grafana
 
     # git server (gitolite+stagit)
     ./git
 
-    # syncthing
-    ./syncthing.nix
-
     # communication
     ./matrix-synapse.nix
     ./pleroma

diff --git a/machines/osterei/git/default.nix b/machines/osterei/git/default.nix
@@ -5,7 +5,6 @@
   imports = [
 #    ./cgit.nix
     ./stagit.nix
-    ./options.nix
   ];
 
   age.secrets.restic-gitolite.file = ../../../secrets/osterei/restic/gitolite.age;

diff --git a/machines/osterei/syncthing.nix b/machines/osterei/syncthing.nix
@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
-  imports = [
-    ../../configurations/services/syncthing.nix
-  ];
-
-  dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ];
-
-  systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ];
-
-  services = {
-    syncthing = {
-      guiAddress = "0.0.0.0:8384";
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts."syncthing.${config.networking.fqdn}" = {
-        enableACME = true;
-        forceSSL   = true;
-        locations."/".proxyPass = "http://127.0.0.1:8384/";
-      };
-    };
-  };
-
-}

diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix
@@ -2,15 +2,11 @@
 
 {
 
-  deployment = {
-    tags = [ "servers" ];
-  };
-
   imports = [
     ./hardware-configuration.nix
 
-    ../../configurations/services/prometheus-node-exporter.nix
-    ../../configurations/services/dns
+    ../../configurations/linux/services/prometheus-node-exporter.nix
+    ../../configurations/linux/services/dns.nix
   ];
 
   boot = {

diff --git a/modules/default.nix b/modules/default.nix
@@ -8,6 +8,7 @@
      ./linux/restic-backups.nix
      ./linux/vnstati
      ./linux/desktop-speakers.nix
+     ./linux/gitolite.nix
      ./linux/email-notify.nix
      ./linux/dns.nix
      ./linux/gotosocial.nix

diff --git a/machines/osterei/git/options.nix b/modules/linux/gitolite.nix