flake.lock: Update

Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7c656856e9eb863c4d21c83e2601dd77f95f6941' (2023-04-02) → 'github:NixOS/nixpkgs/9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e' (2023-04-05)
flake.lock: Update
2023-04-05 22:31:46 +02:00 · 2023-04-03 22:31:58 +02:00 · 2023-04-03 10:57:03 +02:00 · 2023-04-02 22:43:36 +02:00 · 2023-04-02 02:20:01 +02:00 · 2023-03-31 22:32:48 +02:00
27 changed files with 576 additions and 909 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,4 @@
 secrets/soundcloud_token filter=git-crypt diff=git-crypt
-secrets/bandcamp_token filter=git-crypt diff=git-crypt
 assets/bitwig/activation.bwreg filter=lfs diff=lfs merge=lfs -text
 assets/bitwig/bitwig-studio.deb filter=lfs diff=lfs merge=lfs -text
 assets/bitwig/bitwig.jar filter=lfs diff=lfs merge=lfs -text
--- a/5
+++ b/5
@@ -1,9 +1,8 @@
 switch:
-	nixos-rebuild switch --target-host root@localhost \
-    --build-host root@localhost --flake path://$(PWD)#panacea
+	sudo nixos-rebuild switch --flake path://$(PWD)#

 update:
-	nix flake update --commit-lock-file
+	nix flake update . --commit-lock-file

 upgrade:
 	make update && make switch
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,59 +1,53 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
+{ config, lib, pkgs, inputs, ... }:

 with pkgs;

 {
  # Kernel configuration
  boot = {
-    blacklistedKernelModules = [
-      "btusb"
-      "bluetooth"
-    ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
    kernelParams = [
-      "zfs.zfs_arc_max=8589934592"
-      "zfs.zfs_arc_min=1073741824"
+      "zfs.zfs_arc_max=2147483648"
+      "zfs.zfs_arc_meta_limit_percent=90"
+      "workqueue.power_efficient=y"
+      "ipv6.disable=1"
+      "ahci.mobile_lpm_policy=3"
+      "nmi_watchdog=0"
    ];
+    kernelModules = [ "i915" ];
+    blacklistedKernelModules = [ "btusb" "bluetooth" ];
    supportedFilesystems = [ "zfs" ];
    zfs = {
      requestEncryptionCredentials = true;
-      package = zfs_unstable;
+      enableUnstable = true;
    };
  };

-  # Device firmware updates
+  # Intel CPU tweaks
+  hardware = {
+    enableRedistributableFirmware = true;
+    cpu.intel.updateMicrocode = true;
+  };
  services.fwupd.enable = true;

-  # Secure boot using lanzaboote
+  hardware.opengl.extraPackages = [ vaapiIntel vaapiVdpau libvdpau-va-gl ];
+
+  # Bootloader configuration
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot = {
-      enable = false;
+      enable = true;
      configurationLimit = 50;
      editor = false;
    };
    timeout = 3;
  };
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/etc/secureboot";
-  };

  # Run Nix garbage collector and enable flakes
  nix = {
    settings = {
      auto-optimise-store = true;
-      trusted-users = [
-        "root"
-        "coolneng"
-      ];
-      lazy-trees = true;
-      eval-cores = 2;
+      trusted-users = [ "root" "coolneng" ];
    };
    gc = {
      automatic = true;
@@ -66,13 +60,20 @@ with pkgs;
      gc-keep-outputs = true
      experimental-features = nix-command flakes
    '';
+    package = nixUnstable;
  };

  # Clean tmp directory on shutdown
-  boot.tmp.cleanOnBoot = true;
+  boot.cleanTmpDir = true;

-  # Keep logs for a month
-  services.journald.extraConfig = "MaxRetentionSec=4week";
+  # Keep logs for a week
+  services.journald.extraConfig = "MaxRetentionSec=1week";
+
+  # Allow propietary software and build packages with Pulseaudio support
+  nixpkgs.config = {
+    allowUnfree = true;
+    pulseaudio = true;
+  };

  # Scrub zpool monthly
  services.zfs.autoScrub = {
@@ -85,18 +86,13 @@ with pkgs;
  services.chrony.enable = true;

  # NixOS version
-  system.stateVersion = "24.05";
+  system.stateVersion = "22.05";

  # Create coolneng user
  users.users.coolneng = {
    isNormalUser = true;
    home = "/home/coolneng";
-    extraGroups = [
-      "wheel"
-      "video"
-      "audio"
-      "lp"
-    ];
+    extraGroups = [ "wheel" "video" "audio" "libvirtd" "lp" ];
    shell = fish;
  };

@@ -111,19 +107,14 @@ with pkgs;
      group = "systemd-network";
    };
    secrets.syncthing.file = secrets/syncthing.age;
+    secrets.samba-ugent.file = secrets/samba-ugent.age;
    secrets.msmtp.file = secrets/msmtp.age;
    identityPaths = [ "/etc/ssh/id_ed25519" ];
  };

  # Use same version of nixpkgs for nix-shell
-  nix.nixPath =
-    let
-      path = toString ./.;
-    in
-    [
-      "nixpkgs=${inputs.nixpkgs}"
-      "nixos-config=${path}/configuration.nix"
-    ];
+  nix.nixPath = let path = toString ./.;
+  in [ "nixpkgs=${inputs.nixpkgs}" "nixos-config=${path}/configuration.nix" ];

  # Auto-upgrade the system
  system.autoUpgrade = {
@@ -131,6 +122,8 @@ with pkgs;
    dates = "22:30";
    flake = "/home/coolneng/Projects/panacea";
    flags = [
+      "--update-input"
+      "agenix"
      "--update-input"
      "nixpkgs"
      "--commit-lock-file"
@@ -147,8 +140,7 @@ with pkgs;
    config.nix.package.out
    config.programs.ssh.package
    git-crypt
-    git-lfs
-    inputs.agenix.packages.${config.nixpkgs.localSystem.system}.default
+    inputs.agenix.packages.x86_64-linux.default
  ];

  # Configure git for auto-upgrade
@@ -184,7 +176,11 @@ with pkgs;
    ./modules/periodic.nix
    ./modules/power.nix
    ./modules/monitoring.nix
-    ./modules/latest-zfs-kernel.nix
+    ./overlays/nix-direnv.nix
+    ./overlays/openconnect-sso.nix
+    ./overlays/cyrus-sasl-oauth2.nix
+    ./overlays/isync-oauth2.nix
+    ./overlays/emacs-vterm.nix
  ];

 }
--- a/flake.lock
+++ b/flake.lock
@@ -3,18 +3,16 @@
    "agenix": {
      "inputs": {
        "darwin": "darwin",
-        "home-manager": "home-manager",
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "systems": "systems"
+        ]
      },
      "locked": {
-        "lastModified": 1762618334,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "lastModified": 1680281360,
+        "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "e64961977f60388dd0b49572bb0fc453b871f896",
        "type": "github"
      },
      "original": {
@@ -23,21 +21,6 @@
        "type": "github"
      }
    },
-    "crane": {
-      "locked": {
-        "lastModified": 1765739568,
-        "narHash": "sha256-gQYx35Of4UDKUjAYvmxjUEh/DdszYeTtT6MDin4loGE=",
-        "owner": "ipetkov",
-        "repo": "crane",
-        "rev": "67d2baff0f9f677af35db61b32b5df6863bcc075",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ipetkov",
-        "repo": "crane",
-        "type": "github"
-      }
-    },
    "cyrus-sasl-xoauth2": {
      "flake": false,
      "locked": {
@@ -62,11 +45,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744478979,
-        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
        "type": "github"
      },
      "original": {
@@ -76,213 +59,11 @@
        "type": "github"
      }
    },
-    "determinate": {
-      "inputs": {
-        "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
-        "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
-        "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
-        "nix": "nix",
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1765254444,
-        "narHash": "sha256-kAO/ZeBnjaF+uqOP6qweXlRk2ylocLuv/9Dn8FsuPlU=",
-        "rev": "3ccc0297525e51ac3d7905509e0616c9c8350108",
-        "revCount": 316,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.14.0/019b0160-c5de-7941-9c26-cb47bc17eec3/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A"
-      }
-    },
-    "determinate-nixd-aarch64-darwin": {
-      "flake": false,
-      "locked": {
-        "narHash": "sha256-6PWoqx52nvlWzlElTjcn7KAPKitfcKZYEFSsC3PoEoE=",
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
-      },
-      "original": {
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
-      }
-    },
-    "determinate-nixd-aarch64-linux": {
-      "flake": false,
-      "locked": {
-        "narHash": "sha256-b1e25BUPL7Qf0QVbYlfZ/+QiClrP/SHIjMPtA47aOLc=",
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
-      },
-      "original": {
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
-      }
-    },
-    "determinate-nixd-x86_64-linux": {
-      "flake": false,
-      "locked": {
-        "narHash": "sha256-8EI2f8IftPcRFlR6K4+cpIEAVf5UIeMCjHysEtVqDw0=",
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
-      },
-      "original": {
-        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1761588595,
-        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "determinate",
-          "nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1748821116,
-        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
-        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
-        "revCount": 377,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
-      }
-    },
-    "git-hooks-nix": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": [
-          "determinate",
-          "nix"
-        ],
-        "nixpkgs": [
-          "determinate",
-          "nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1747372754,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
-        "revCount": 1026,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "lanzaboote",
-          "pre-commit",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1745494811,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "lanzaboote": {
-      "inputs": {
-        "crane": "crane",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "pre-commit": "pre-commit",
-        "rust-overlay": "rust-overlay"
-      },
-      "locked": {
-        "lastModified": 1765887029,
-        "narHash": "sha256-s6LGO6kMlHRdnspV0LReSi47iaYaJ/Oveb4rM9fklPM=",
-        "owner": "nix-community",
-        "repo": "lanzaboote",
-        "rev": "5a8c9b5339588bb6ec388da5d0a6e701a46a82c4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "lanzaboote",
-        "type": "github"
-      }
-    },
    "local-bitwig": {
      "flake": false,
      "locked": {
-        "lastModified": 1765321606,
-        "narHash": "sha256-WteEWi5GPrGGfzLNTEmgQaH5/DAT/zeZofbBE6D+Po8=",
+        "lastModified": 1680095020,
+        "narHash": "sha256-n8gLgN6QEVuHe30kQZ/gCWInDHwDpPWOB5RgVh1tSt8=",
        "path": "/home/coolneng/Projects/panacea/assets/bitwig",
        "type": "path"
      },
@@ -291,27 +72,6 @@
        "type": "path"
      }
    },
-    "nix": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "git-hooks-nix": "git-hooks-nix",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-23-11": "nixpkgs-23-11",
-        "nixpkgs-regression": "nixpkgs-regression"
-      },
-      "locked": {
-        "lastModified": 1765252170,
-        "narHash": "sha256-p98D44tYJMgB5Qet5S8cTQFdffk/GmoaGkpQtZ3hqJU=",
-        "rev": "1ddd28880651054346c34009d7bb9de36f1db2c1",
-        "revCount": 23362,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.14.0/019b0159-8907-7fab-a120-9d287c7e6d2e/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
-      }
-    },
    "nix-index-database": {
      "inputs": {
        "nixpkgs": [
@@ -319,11 +79,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765267181,
-        "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
+        "lastModified": 1679224439,
+        "narHash": "sha256-QkvcuC4b67FUkkxlMsLTMPbwoD7yZr0UvJpu6jkFuLo=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
+        "rev": "2f5e6e915d70c04d673a8930f94591595c73eb84",
        "type": "github"
      },
      "original": {
@@ -332,117 +92,34 @@
        "type": "github"
      }
    },
-    "nixos-hardware": {
-      "locked": {
-        "lastModified": 1764440730,
-        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1761597516,
-        "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
-        "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
-        "revCount": 811874,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505"
-      }
-    },
-    "nixpkgs-23-11": {
-      "locked": {
-        "lastModified": 1717159533,
-        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
+        "lastModified": 1680669251,
+        "narHash": "sha256-AVNE+0u4HlI3v96KCXE9risH7NKqj0QDLLfSckYXIbA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "rev": "9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1764611609,
-        "narHash": "sha256-yU9BNcP0oadUKupw0UKmO9BKDOVIg9NStdJosEbXf8U=",
-        "rev": "8c29968b3a942f2903f90797f9623737c215737c",
-        "revCount": 905078,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.905078%2Brev-8c29968b3a942f2903f90797f9623737c215737c/019add91-3add-7a0d-8a25-9569cbe01efe/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1766309749,
-        "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
+        "id": "nixpkgs",
        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "indirect"
      }
    },
-    "pre-commit": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "lanzaboote",
-          "nixpkgs"
-        ]
-      },
+    "openconnect-sso": {
+      "flake": false,
      "locked": {
-        "lastModified": 1765464257,
-        "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509",
+        "lastModified": 1680271746,
+        "narHash": "sha256-qerm3HzTP0xnfOim0eEmUZa/MMll6VuS0IEKfiUysgU=",
+        "owner": "vlaci",
+        "repo": "openconnect-sso",
+        "rev": "c3f67e2b037e71c193b3c7b1f90ec9a5a440856f",
        "type": "github"
      },
      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "owner": "vlaci",
+        "repo": "openconnect-sso",
        "type": "github"
      }
    },
@@ -450,48 +127,10 @@
      "inputs": {
        "agenix": "agenix",
        "cyrus-sasl-xoauth2": "cyrus-sasl-xoauth2",
-        "determinate": "determinate",
-        "lanzaboote": "lanzaboote",
        "local-bitwig": "local-bitwig",
        "nix-index-database": "nix-index-database",
-        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_3"
-      }
-    },
-    "rust-overlay": {
-      "inputs": {
-        "nixpkgs": [
-          "lanzaboote",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1765680428,
-        "narHash": "sha256-fyPmRof9SZeI14ChPk5rVPOm7ISiiGkwGCunkhM+eUg=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "eb3898d8ef143d4bf0f7f2229105fc51c7731b2f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
+        "nixpkgs": "nixpkgs",
+        "openconnect-sso": "openconnect-sso"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@@ -2,21 +2,23 @@
  description = "System configuration for panacea";

  nixConfig = {
-    extra-substituters = "https://cachix.cachix.org https://nix-community.cachix.org https://install.determinate.systems";
+    extra-substituters =
+      "https://cachix.cachix.org https://nix-community.cachix.org";
    extra-trusted-public-keys = ''
      cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=
-      nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
-      cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=
-    '';
+            nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs='';
  };

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixpkgs.url = "nixpkgs/nixos-unstable";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    openconnect-sso = {
+      url = "github:vlaci/openconnect-sso";
+      flake = false;
+    };
    cyrus-sasl-xoauth2 = {
      url = "github:robn/sasl2-oauth";
      flake = false;
@@ -25,57 +27,29 @@
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    lanzaboote = {
-      url = "github:nix-community/lanzaboote";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
    local-bitwig = {
      url = "path:/home/coolneng/Projects/panacea/assets/bitwig";
      flake = false;
    };
  };

-  outputs =
-    { self, nixpkgs, ... }@inputs:
+  outputs = { self, nixpkgs, agenix, nix-index-database, ... }@inputs:
    let
      system = "x86_64-linux";

-      pkgs = import nixpkgs {
-        inherit system;
-        config.allowUnfree = true;
-        overlays = [
-          (final: prev: {
-            emacs-vterm = (
-              (pkgs.emacsPackagesFor pkgs.emacs-pgtk).emacsWithPackages (
-                epkgs: with epkgs; [
-                  vterm
-                  mu4e
-                ]
-              )
-            );
-          })
-        ];
-      };
+      pkgs = import pkgs { inherit system; };

      lib = nixpkgs.lib;

-    in
-    {
+    in {
      nixosConfigurations.panacea = lib.nixosSystem {
        inherit system;
        modules = [
          (import ./configuration.nix)
-          inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-amd
-          inputs.agenix.nixosModules.age
-          inputs.nix-index-database.nixosModules.nix-index
-          inputs.lanzaboote.nixosModules.lanzaboote
-          inputs.determinate.nixosModules.default
+          agenix.nixosModules.age
+          nix-index-database.nixosModules.nix-index
        ];
-        specialArgs = {
-          inherit inputs;
-          inherit pkgs;
-        };
+        specialArgs = { inherit inputs; };
      };

    };
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -1,26 +1,34 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
+{ config, lib, pkgs, inputs, ... }:

 with pkgs;

 let
  # HACK Replace youtube-dl with yt-dlp in mopidy-youtube
  mopidy-youtube-yt_dlp = mopidy-youtube.overrideAttrs (old: rec {
-    propagatedBuildInputs = old.propagatedBuildInputs ++ [
-      python3.pkgs.yt-dlp
-      python3.pkgs.ytmusicapi
-    ];
+    propagatedBuildInputs = old.propagatedBuildInputs
+      ++ [ python3.pkgs.yt-dlp python310Packages.ytmusicapi ];
+  });
+  latest-mopidy-somafm = mopidy-somafm.overrideAttrs (old: rec {
+    src = python3Packages.fetchPypi {
+      version = "2.0.2";
+      pname = "Mopidy-SomaFM";
+      sha256 = "DC0emxkoWfjGHih2C8nINBFByf521Xf+3Ks4JRxNPLM=";
+    };
  });
  soundcloud_token = builtins.readFile ../secrets/soundcloud_token;
-  bandcamp_token = builtins.readFile ../secrets/bandcamp_token;
+  latest-mopidy-soundcloud = mopidy-soundcloud.overrideAttrs (old: rec {
+    src = fetchFromGitHub {
+      owner = "mopidy";
+      repo = "mopidy-soundcloud";
+      rev = "fc766b0bf17feb4fc989029b92a315a10ff453ee";
+      sha256 = "sha256-LftBbfs5KqqkhFQVZRh/AQKQQ+18x8RapRU1mTB7FD8=";
+    };

-in
-{
+    propagatedBuildInputs = old.propagatedBuildInputs
+      ++ [ python3.pkgs.beautifulsoup4 ];
+  });
+
+in {
  # Configure pipewire as sound server
  services.pipewire = {
    enable = true;
@@ -30,18 +38,19 @@ in
    };
    pulse.enable = true;
    wireplumber.enable = true;
-    # Enable pipewire-pulse's audio via TCP
-    extraConfig.pipewire-pulse.tcp-server = {
-      "pulse.properties" = {
-        "server.address" = [
-          "unix:native"
-          "tcp:127.0.0.1:4713"
-        ];
-      };
-    };
  };
  security.rtkit.enable = true;

+  # Enable pipewire-pulse's audio via TCP
+  environment.etc."pipewire/pipewire-pulse.conf.d/pulse-server.conf".text = ''
+    pulse.properties = {
+      server.address = [
+        "unix:native"
+        "tcp:127.0.0.1:4713"
+      ]
+    }
+  '';
+
  # Set up Mopidy
  services.mopidy = {
    enable = true;
@@ -50,56 +59,50 @@ in
      mopidy-local
      mopidy-youtube-yt_dlp
      mopidy-bandcamp
-      mopidy-somafm
-      mopidy-soundcloud
+      latest-mopidy-somafm
+      latest-mopidy-soundcloud
    ];
-    settings = {
-      audio.output = "pulsesink server=127.0.0.1";
+    configuration = ''
+      [audio]
+      output = pulsesink server=127.0.0.1

-      local = {
-        media_dir = "/home/coolneng/Music";
-        directories = ''
-          Album Artists       local:directory?type=artist&role=albumartist
-          Albums              local:directory?type=album
-          Artists             local:directory?type=artist
-          Genres              local:directory?type=genre
-        '';
-        excluded_file_extensions = ''
-          .directory
-          .html
-          .jpeg
-          .jpg
-          .log
-          .nfo
-          .png
-          .txt
-        '';
-        scan_timeout = 3000;
-      };
+      [local]
+      media_dir = /home/coolneng/Music
+      directories =
+        Album Artists       local:directory?type=artist&role=albumartist
+        Albums              local:directory?type=album
+        Artists             local:directory?type=artist
+        Genres              local:directory?type=genre
+      excluded_file_extensions =
+        .directory
+        .html
+        .jpeg
+        .jpg
+        .log
+        .nfo
+        .png
+        .txt
+      scan_timeout = 3000

-      mpd.zeroconf = "";
+      [mpd]
+      zeroconf = ""

-      m3u = {
-        playlists_dir = "/home/coolneng/.config/mpd/playlists";
-        base_dir = "/home/coolneng/Music";
-      };
+      [m3u]
+      playlists_dir = /home/coolneng/.config/mpd/playlists
+      base_dir = /home/coolneng/Music

-      youtube = {
-        search_results = 50;
-        youtube_dl_package = "yt_dlp";
-        musicapi_enabled = true;
-      };
+      [youtube]
+      search_results = 50
+      youtube_dl_package = yt_dlp
+      musicapi_enabled = true

-      somafm = {
-        encoding = "aac";
-        quality = "highest";
-      };
+      [somafm]
+      encoding = aac
+      quality = highest

-      soundcloud = {
-        auth_token = soundcloud_token;
-        explore_songs = 100;
-      };
-      bandcamp.identity = bandcamp_token;
-    };
+      [soundcloud]
+      auth_token = ${soundcloud_token}
+      explore_songs = 100
+    '';
  };
 }
--- a/modules/cachix.nix
+++ b/modules/cachix.nix
@@ -5,9 +5,9 @@ let
  folder = ../cachix;
  toImport = name: value: folder + ("/" + name);
  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
-  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
-in
-{
+  imports = lib.mapAttrsToList toImport
+    (lib.filterAttrs filterCaches (builtins.readDir folder));
+in {
  inherit imports;
  nix.binaryCaches = [ "https://cache.nixos.org/" ];
 }
--- a/modules/datasync.nix
+++ b/modules/datasync.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 {
  # ZFS automatic snapshots
@@ -21,76 +16,114 @@
    enable = true;
    user = "coolneng";
    dataDir = "/home/coolneng";
-    settings = {
-      devices.zion = {
-        id = "FLI2RS7-GNI5PDM-SQRNF7P-YJIOXJ7-46FRPEI-NRLQGBC-HXRWG7O-RKOVLAF";
-        addresses = [ "tcp://192.168.128.2:22000" ];
+    key = config.age.secrets.syncthing.path;
+    devices.zion = {
+      id = "FLI2RS7-GNI5PDM-SQRNF7P-YJIOXJ7-46FRPEI-NRLQGBC-HXRWG7O-RKOVLAF";
+      addresses = [ "tcp://192.168.13.2:22000" ];
+    };
+    folders = {
+      Documents = {
+        id = "wusdj-bfjkr";
+        path = "/home/coolneng/Documents";
+        devices = [ "zion" ];
+        versioning = {
+          type = "simple";
+          params.keep = "5";
+        };
      };
-      folders = {
-        Documents = {
-          id = "wusdj-bfjkr";
-          path = "/home/coolneng/Documents";
-          devices = [ "zion" ];
-          versioning = {
-            type = "simple";
-            params.keep = "5";
-          };
-        };

-        Notes = {
-          id = "kafhz-bfmzm";
-          path = "/home/coolneng/Notes";
-          devices = [ "zion" ];
-          versioning = {
-            type = "simple";
-            params.keep = "5";
-          };
+      Notes = {
+        id = "kafhz-bfmzm";
+        path = "/home/coolneng/Notes";
+        devices = [ "zion" ];
+        versioning = {
+          type = "simple";
+          params.keep = "5";
        };
+      };

-        Music = {
-          id = "2aqt7-vpprc";
-          path = "/home/coolneng/Music";
-          devices = [ "zion" ];
-        };
+      Music = {
+        id = "2aqt7-vpprc";
+        path = "/home/coolneng/Music";
+        devices = [ "zion" ];
+      };

-        Photos = {
-          id = "mjibc-ustcg";
-          path = "/home/coolneng/Photos";
-          devices = [ "zion" ];
-        };
+      Photos = {
+        id = "mjibc-ustcg";
+        path = "/home/coolneng/Photos";
+        devices = [ "zion" ];
+      };

-        Projects = {
-          id = "cjhmu-avy9v";
-          path = "/home/coolneng/Projects";
-          devices = [ "zion" ];
-        };
+      Projects = {
+        id = "cjhmu-avy9v";
+        path = "/home/coolneng/Projects";
+        devices = [ "zion" ];
+      };

-        Phone = {
-          id = "m2007j20cg_vc7r-photos";
-          type = "receiveonly";
-          path = "/home/coolneng/Photos/Phone";
-          devices = [ "zion" ];
-        };
+      Phone = {
+        id = "m2007j20cg_vc7r-photos";
+        type = "receiveonly";
+        path = "/home/coolneng/Photos/Phone";
+        devices = [ "zion" ];
+      };

-        Phone-screenshots = {
-          id = "pp70r-pbr70";
-          type = "receiveonly";
-          path = "/home/coolneng/Photos/Phone-screenshots";
-          devices = [ "zion" ];
-        };
+      Phone-screenshots = {
+        id = "pp70r-pbr70";
+        type = "receiveonly";
+        path = "/home/coolneng/Photos/Phone-screenshots";
+        devices = [ "zion" ];
+      };

-        Files = {
-          id = "tsk52-u6rbk";
-          path = "/home/coolneng/Files";
-          devices = [ "zion" ];
-        };
-        Audio = {
-          id = "tarrs-5mxck";
-          path = "/home/coolneng/Audio";
-          devices = [ "zion" ];
-        };
+      Files = {
+        id = "tsk52-u6rbk";
+        path = "/home/coolneng/Files";
+        devices = [ "zion" ];
      };
    };
  };

+  # Automount external storage
+  systemd.mounts = [
+    # UGent Samba
+    {
+      what = "//files.ugent.be/akasroua/home";
+      type = "cifs";
+      where = "/ugent";
+      options =
+        "credentials=${config.age.secrets.samba-ugent.path},noperm,vers=3.11,sec=ntlmv2i,noserverino";
+      mountConfig = { TimeoutSec = "5"; };
+    }
+  ];
+  systemd.automounts = [
+    # UGent Samba
+    {
+      where = "/ugent";
+      automountConfig = { TimeoutIdleSec = "5"; };
+      wantedBy = [ "default.target" ];
+    }
+  ];
+
+  # HACK Workaround to change the configuration of keyutils in order to get CIFS working
+  environment.etc."request-key.conf" = {
+    text = let
+      upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
+      keyctl = "${pkgs.keyutils}/bin/keyctl";
+    in ''
+      #OP     TYPE          DESCRIPTION  CALLOUT_INFO  PROGRAM
+      # -t is required for DFS share servers...
+      create  cifs.spnego   *            *             ${upcall} -t %k
+      create  dns_resolver  *            *             ${upcall} %k
+      # Everything below this point is essentially the default configuration,
+      # modified minimally to work under NixOS. Notably, it provides debug
+      # logging.
+      create  user          debug:*      negate        ${keyctl} negate %k 30 %S
+      create  user          debug:*      rejected      ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      expired       ${keyctl} reject %k 30 %c %S
+      create  user          debug:*      revoked       ${keyctl} reject %k 30 %c %S
+      create  user          debug:loop:* *             |${pkgs.coreutils}/bin/cat
+      create  user          debug:*      *             ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
+      negate  *             *            *             ${keyctl} negate %k 30 %S
+    '';
+  };
+
 }
--- a/modules/development.nix
+++ b/modules/development.nix
@@ -1,14 +1,8 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 {
  # Improve nix-shell and direnv integration
  environment.pathsToLink = [ "/share/nix-direnv" ];
-  programs.direnv.enable = true;

  # Set up podman
  virtualisation = {
--- a/modules/gui.nix
+++ b/modules/gui.nix
@@ -1,22 +1,19 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 with pkgs;

 {
  # Display manager
-  services.greetd = {
-    enable = true;
-    settings = rec {
-      initial_session = {
-        command = "${sway}/bin/sway";
-        user = "coolneng";
-      };
-      default_session = initial_session;
+  services.xserver.enable = true;
+  services.xserver.displayManager = {
+    defaultSession = "sway";
+    autoLogin = {
+      enable = true;
+      user = "coolneng";
+    };
+    lightdm = {
+      enable = true;
+      greeter.enable = false;
    };
  };

@@ -28,13 +25,13 @@ with pkgs;
      swaylock
      swayidle
      swaybg
-      rofi
+      rofi-wayland
      waybar
-      cliphist
+      clipman
      wl-clipboard
      grim
      slurp
-      swayimg
+      imv
      kanshi
      kitty
      qt5.qtwayland
@@ -51,7 +48,6 @@ with pkgs;
      export NVIM_LISTEN_ADDRESS=/tmp/nvimsocket
      export GIT_CONFIG_NOSYSTEM=true
      export SYSTEMD_LESS=FRSMK
-      export WLR_RENDERER=vulkan
    '';
    wrapperFeatures.gtk = true;
  };
@@ -75,7 +71,7 @@ with pkgs;
  # GPG agent
  programs.gnupg.agent = {
    enable = true;
-    pinentryPackage = pinentry-gnome3;
+    pinentryFlavor = "gnome3";
  };

  # Tmux
@@ -90,7 +86,6 @@ with pkgs;

  # Integrate pass with the browser
  programs.browserpass.enable = true;
-  programs.firefox.enable = true;

  # Enable WebRTC screensharing
  xdg.portal = {
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@@ -1,76 +1,72 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];

-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "usbhid"
-  ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" = {
-    device = "syscea/stateful/root";
-    fsType = "zfs";
-  };
+  fileSystems."/" =
+    { device = "syscea/stateful/root";
+      fsType = "zfs";
+    };

-  fileSystems."/nix" = {
-    device = "syscea/ephemeral/nix";
-    fsType = "zfs";
-  };
+  fileSystems."/nix" =
+    { device = "syscea/ephemeral/nix";
+      fsType = "zfs";
+    };

-  fileSystems."/ugent" = {
-    device = "systemd-1";
-    fsType = "autofs";
-  };
+  fileSystems."/ugent" =
+    { device = "systemd-1";
+      fsType = "autofs";
+    };

-  fileSystems."/home/coolneng" = {
-    device = "syscea/stateful/home";
-    fsType = "zfs";
-  };
+  fileSystems."/tmp" =
+    { device = "syscea/ephemeral/tmp";
+      fsType = "zfs";
+    };

-  fileSystems."/tmp" = {
-    device = "syscea/ephemeral/tmp";
-    fsType = "zfs";
-  };
+  fileSystems."/home/coolneng" =
+    { device = "syscea/stateful/home";
+      fsType = "zfs";
+    };

-  fileSystems."/home/coolneng/Downloads" = {
-    device = "syscea/stateful/home/downloads";
-    fsType = "zfs";
-  };
+  fileSystems."/home/coolneng/Downloads" =
+    { device = "syscea/stateful/home/downloads";
+      fsType = "zfs";
+    };

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/C374-A2FD";
-    fsType = "vfat";
-  };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/4851-6B40";
+      fsType = "vfat";
+    };

-  swapDevices = [
-    { device = "/dev/disk/by-uuid/1231a42f-a71a-4c67-b4d8-7506c02a8328"; }
-  ];
+  fileSystems."/home/coolneng/Videos" =
+    { device = "syscea/stateful/home/videos";
+      fsType = "zfs";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/1f0ea09c-e655-4a9f-83d4-9d396de01720"; }
+    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/modules/latest-zfs-kernel.nix
+++ b/modules/latest-zfs-kernel.nix
@@ -1,28 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-
-let
-  isUnstable = config.boot.zfs.package == pkgs.zfs_unstable;
-  zfsCompatibleKernelPackages = lib.filterAttrs (
-    name: kernelPackages:
-    (builtins.match "linux_[0-9]+_[0-9]+" name) != null
-    && (builtins.tryEval kernelPackages).success
-    && (
-      (!isUnstable && !kernelPackages.zfs.meta.broken)
-      || (isUnstable && !kernelPackages.zfs_unstable.meta.broken)
-    )
-  ) pkgs.linuxKernel.packages;
-  latestKernelPackage = lib.last (
-    lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
-      builtins.attrValues zfsCompatibleKernelPackages
-    )
-  );
-in
-{
-  # Note this might jump back and worth as kernel get added or removed.
-  boot.kernelPackages = lib.mkIf (lib.meta.availableOn pkgs.hostPlatform pkgs.zfs) latestKernelPackage;
-}
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 with pkgs;

@@ -11,14 +6,13 @@ let
  sender = "akasroua@disroot.org";
  recipient = "akasroua+smart@disroot.org";

-in
-{
+in {
  # Notify when a disk starts going haywire
  services.smartd = {
    enable = true;
    defaults.monitored = "-H -f -t -C 197 -U 198 -d nvme";
    autodetect = false;
-    devices = [ { device = "/dev/nvme0"; } ];
+    devices = [{ device = "/dev/nvme0"; }];
    notifications.mail = {
      enable = true;
      sender = sender;
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,15 +1,8 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

-let
-  wireguard_port = "1194";
+let wireguard_port = "1194";

-in
-{
+in {
  # Set hostname, hostid and enable WiFi
  networking = {
    hostName = "panacea";
@@ -29,9 +22,10 @@ in
  };
  systemd.network.wait-online.enable = false;

-  # Enable mDNS
+  # Disable DNSSEC and enable mDNS
  services.resolved = {
    enable = true;
+    dnssec = "false";
    llmnr = "false";
    extraConfig = ''
      MulticastDNS=yes
@@ -53,24 +47,15 @@ in
    name = "wlan0";
    matchConfig = {
      Name = "wlan0";
-      SSID = "anakinosi-5GHz";
+      SSID = "WiFi-5.0-CE42";
    };
-    address = [ "192.168.129.3/23" ];
-    gateway = [ "192.168.128.1" ];
-    dns = [ "192.168.128.2" ];
-    networkConfig.MulticastDNS = "yes";
-  };
-
-  systemd.network.networks."25-home" = {
-    name = "wlan0";
-    matchConfig = {
-      Name = "wlan0";
-      SSID = "Aminkas-5Ghz";
-    };
-    address = [ "192.168.13.3/24" ];
+    address = [ "192.168.13.131/24" ];
    gateway = [ "192.168.13.1" ];
-    dns = [ "1.1.1.1" ];
-    networkConfig.MulticastDNS = "yes";
+    dns = [ "192.168.13.2" ];
+    networkConfig = {
+      DNSSEC = "no";
+      MulticastDNS = "yes";
+    };
  };

  # VPN setup
@@ -84,45 +69,38 @@ in
      PrivateKeyFile = config.age.secrets.wireguard.path;
      FirewallMark = 34952;
    };
-    wireguardPeers = [
-      {
+    wireguardPeers = [{
+      wireguardPeerConfig = {
        PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
-        AllowedIPs = [
-          "0.0.0.0/0"
-          "::0"
-        ];
-        Endpoint = "psydnd.org:1194";
-      }
-    ];
+        AllowedIPs = [ "0.0.0.0/0" ];
+        Endpoint = "coolneng.duckdns.org:1194";
+      };
+    }];
  };
  systemd.network.networks."wg0" = {
    matchConfig.Name = "wg0";
+    linkConfig.ActivationPolicy = "manual";
    networkConfig = {
-      Address = [
-        "10.8.0.2/32"
-        "fd00::2/128"
-      ];
-      DNS = [
-        "10.8.0.1"
-        "fd00::2"
-      ];
+      Address = "10.8.0.2/32";
+      DNS = "10.8.0.1";
      DNSDefaultRoute = true;
+      Domains = "~.";
    };
-    routingPolicyRules = [
-      {
+    routingPolicyRules = [{
+      routingPolicyRuleConfig = {
        FirewallMark = 34952;
        InvertRule = true;
        Table = 1000;
        Priority = 10;
-      }
-    ];
-    routes = [
-      {
+      };
+    }];
+    routes = [{
+      routeConfig = {
        Gateway = "10.8.0.1";
        GatewayOnLink = true;
        Table = 1000;
-      }
-    ];
+      };
+    }];
  };

  # Firewall configuration
@@ -144,15 +122,4 @@ in
      iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${wireguard_port} -j RETURN || true
    '';
  };
-
-  # Enable localhost SSH
-  services.openssh = {
-    enable = true;
-    openFirewall = false;
-    startWhenNeeded = true;
-    settings = {
-      PermitRootLogin = "without-password";
-      PasswordAuthentication = false;
-    };
-  };
 }
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -1,65 +1,92 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 with pkgs;

-let
-  isync-oauth2 = (isync.override { withCyrusSaslXoauth2 = true; });
-
-in
 {
  # Upgrade Doom Emacs daily
  systemd.user.services.doom-upgrade = {
    description = "Upgrade Doom Emacs";
-    path = [
-      bash
-      emacs-vterm
-      git
-      coreutils
-    ];
+    path = [ bash emacs-vterm git coreutils ];
    script = ''
-      /home/coolneng/.emacs.d/bin/doom -! upgrade
+      ${pkgs.bash}/bin/bash -c "/home/coolneng/.emacs.d/bin/doom -! upgrade"
    '';
    serviceConfig.Type = "oneshot";
    startAt = "22:00:00";
    after = [ "network-online.target" ];
  };

+  # Upgrade Neovim plugins weekly
+  systemd.user.services.vim-plug-upgrade = {
+    description = "Upgrade Vim-Plug";
+    path = [ git neovim ];
+    script = "${pkgs.neovim}/bin/nvim +PlugUpgrade +PlugUpdate +qa";
+    serviceConfig.Type = "oneshot";
+    startAt = "Wed 18:00:00";
+    after = [ "network-online.target" ];
+  };
+
  # Push password-store changes to git daily
  systemd.user.services.password-store-push = {
    description = "Push password-store changes to git";
-    path = [
-      pass-wayland
-      git
-      pass-git-helper
-    ];
+    path = [ pass-wayland git gitAndTools.pass-git-helper ];
    script = "${pkgs.pass-wayland}/bin/pass git push";
    serviceConfig.Type = "oneshot";
    startAt = "18:00:00";
    after = [ "network-online.target" ];
  };

-  # Sync mail using IMAP IDLE
-  systemd.user.services.goimapnotify = {
-    description = "Sync mail using IMAP IDLE";
+  # Sync mail using IDLE
+  systemd.user.services.goimapnotify-ugent = {
+    description = "Sync UGent mail using IMAP IDLE";
    wantedBy = [ "default.target" ];
    path = [
      goimapnotify
      pass-wayland
      isync-oauth2
      mu
+      python39
+      gnupg
+      nix
      procps
      emacs-vterm
    ];
    script = ''
-      ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/goimapnotify.yaml
+      ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/ugent.conf
    '';
    serviceConfig = {
-      ExecStartPre = "/home/coolneng/.local/share/scripts/mail-sync";
+      ExecStartPre = "/home/coolneng/.local/share/scripts/mail-sync ugent";
+      Type = "simple";
+      Restart = "always";
+      RestartSec = 20;
+    };
+    after = [ "network-online.target" ];
+  };
+
+  systemd.user.services.goimapnotify-gmail = {
+    description = "Sync gmail mail using IMAP IDLE";
+    wantedBy = [ "default.target" ];
+    path = [ goimapnotify pass-wayland isync-oauth2 mu procps emacs-vterm ];
+    script = ''
+      ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/gmail.conf
+    '';
+    serviceConfig = {
+      ExecStartPre = "/home/coolneng/.local/share/scripts/mail-sync gmail";
+      Type = "simple";
+      Restart = "always";
+      RestartSec = 20;
+    };
+    after = [ "network-online.target" ];
+  };
+
+  systemd.user.services.goimapnotify-disroot = {
+    description = "Sync disroot mail using IMAP IDLE";
+    wantedBy = [ "default.target" ];
+    path = [ goimapnotify pass-wayland isync-oauth2 mu procps emacs-vterm ];
+    script = ''
+      ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/disroot.conf
+    '';
+    serviceConfig = {
+      ExecStartPre = "/home/coolneng/.local/share/scripts/mail-sync disroot";
      Type = "simple";
      Restart = "always";
      RestartSec = 20;
@@ -71,21 +98,13 @@ in
  systemd.user.services.periodic-mail-sync = {
    description = "Run a mail sync operation periodically";
    wantedBy = [ "default.target" ];
-    path = [
-      pass-wayland
-      isync-oauth2
-      mu
-      procps
-      emacs-vterm
-      python3
-      gnupg
-      nix
-    ];
+    path =
+      [ pass-wayland isync-oauth2 mu procps emacs-vterm python39 gnupg nix ];
    script = ''
      /home/coolneng/.local/share/scripts/mail-sync -a
    '';
    after = [ "network-online.target" ];
-    startAt = "*-*-* *:00,30:00";
+    startAt = "*-*-* *:00,15,30,45:00";
  };

  # HACK Change home partition permissions for mopidy
@@ -95,34 +114,26 @@ in
    script = "chmod 751 /home/coolneng";
    serviceConfig.Type = "oneshot";
    after = [ "home-coolneng.mount" ];
-    before = [
-      "mopidy.service"
-      "mopidy-scan.service"
-    ];
+    before = [ "mopidy.service" "mopidy-scan.service" ];
  };

  # Push panacea changes to git daily
  systemd.user.services.panacea-push = {
    description = "Push panacea changes to git";
-    path = [
-      pass-wayland
-      git
-      pass-git-helper
-    ];
+    path = [ pass-wayland git gitAndTools.pass-git-helper ];
    script = "${pkgs.git}/bin/git -C /home/coolneng/Projects/panacea push";
    serviceConfig.Type = "oneshot";
-    startAt = "18:00:00";
+    startAt = "14:00:00";
    after = [ "network-online.target" ];
  };

-  # Show notification when the battery is low
-  systemd.user.services.swaynag-battery = {
-    description = "Show notification when the battery is low";
-    path = [
-      swaynag-battery
-      sway
-    ];
-    script = "${pkgs.swaynag-battery}/bin/swaynag-battery --threshold 10";
-    wantedBy = [ "sway-session.target" ];
+  # Pull changes from zion daily
+  systemd.user.services.zion-pull = {
+    description = "Pull zion changes to git";
+    path = [ git ];
+    script = "${pkgs.git}/bin/git -C /home/coolneng/Projects/zion pull";
+    serviceConfig.Type = "oneshot";
+    startAt = "10:00:00";
+    after = [ "network-online.target" ];
  };
 }
--- a/modules/power.nix
+++ b/modules/power.nix
@@ -1,16 +1,64 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 {
-  # Enable power-profiles-daemon
-  services.power-profiles-daemon.enable = true;
+  # Enable the TLP daemon
+  services.tlp = {
+    enable = true;
+    settings = {
+      PCIE_ASPM_ON_AC = "performance";
+      PCIE_ASPM_ON_BAT = "powersave";
+      USB_AUTOSUSPEND = 1;
+    };
+  };

-  # Suspend when the battery is critical
+  # Enable the auto-cpufreq daemon
+  services.auto-cpufreq.enable = true;
+
+  # Suspend when the battery is critical and autosuspend USB and PCI
  services.udev.extraRules = ''
    SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{model_name}=="01AV405", ATTR{capacity}=="[0-5]", RUN+="${config.systemd.package}/bin/systemctl suspend -i"
+    ACTION=="add", SUBSYSTEM=="usb", TEST=="power/control", ATTR{power/control}="auto"
+    ACTION=="add", SUBSYSTEM=="pci", TEST=="power/control", ATTR{power/control}="auto"
  '';
+
+  # Undervolt CPU and GPU
+  services.undervolt = {
+    enable = true;
+    coreOffset = -100;
+    gpuOffset = -75;
+  };
+
+  # Prevent overheating of the CPU
+  services.thermald.enable = true;
+
+  # HACK Enable internal microphone when headphones are plugged in and add workaround for frequent WiFi disconnects
+  hardware.firmware = [
+    (pkgs.writeTextDir "/lib/firmware/hda-jack-retask.fw" ''
+      [codec]
+      0x10ec0293 0x17aa2233 0
+
+      [pincfg]
+      0x12 0x90a60130
+      0x13 0x40000000
+      0x14 0x90170110
+      0x15 0x03211040
+      0x16 0x21211010
+      0x18 0x411111f0
+      0x19 0x21a11010
+      0x1a 0x40f000f0
+      0x1b 0x411111f0
+      0x1d 0x40738105
+      0x1e 0x411111f0
+    '')
+  ];
+
+  # Power saving features for multiple devices
+  boot.extraModprobeConfig = ''
+    options snd-hda-intel patch=hda-jack-retask.fw power_save=1
+    options mac80211 beacon_loss_count=500
+    options iwlwifi power_save=1
+    options iwlmvm power_scheme=3
+    options i915 enable_dc=4 enable_fbc=1 enable_psr=1 enable_psr2_sel_fetch=1 disable_power_well=1
+  '';
+
 }
--- a/modules/printing.nix
+++ b/modules/printing.nix
@@ -1,18 +1,10 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:

 {
  # Enable CUPS
  services.printing = {
    enable = true;
-    drivers = with pkgs; [
-      brgenml1cupswrapper
-      hplip
-    ];
+    drivers = with pkgs; [ brgenml1cupswrapper ];
  };

  # Enable SANE
--- a/modules/software.nix
+++ b/modules/software.nix
@@ -1,33 +1,20 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
+{ config, lib, pkgs, inputs, ... }:

 with pkgs;

 let
-  custom-mpv = (
-    mpv-unwrapped.wrapper {
-      mpv = mpv-unwrapped;
-      scripts = with mpvScripts; [
-        sponsorblock-minimal
-        mpv-cheatsheet
-      ];
-    }
-  );
+  mpv-sponsorblock = (pkgs.wrapMpv pkgs.mpv-unwrapped {
+    scripts = [ mpvScripts.sponsorblock ];
+  });

  patched-bitwig = bitwig-studio.overrideAttrs (old: rec {
-    src = "${inputs.local-bitwig}/bitwig-studio.deb";
+    src = ../assets/bitwig/bitwig-studio.deb;
    postInstall = ''
      cp -r ${inputs.local-bitwig}/bitwig.jar $out/libexec/bin/bitwig.jar
    '';
  });

-in
-{
+in {
  environment.systemPackages = [
    # Monitoring
    htop
@@ -36,11 +23,12 @@ in
    gnupg
    pass-wayland
    passff-host
-    pass-git-helper
-    inputs.agenix.packages.${config.nixpkgs.localSystem.system}.default
+    gitAndTools.pass-git-helper
+    inputs.agenix.packages.x86_64-linux.default
    git-crypt
    git-lfs
    # Browsers
+    firefox-wayland
    ungoogled-chromium
    # LaTeX
    texlive.combined.scheme-full
@@ -48,6 +36,7 @@ in
    texlab
    # Text editors
    neovim
+    neovim-remote
    emacs-vterm
    # Emacs dependencies
    (ripgrep.override { withPCRE2 = true; })
@@ -63,55 +52,56 @@ in
    direnv
    nix-direnv
    gnumake
-    pre-commit
-    emacs-lsp-booster
+    gitAndTools.pre-commit
    # Rice
    adapta-gtk-theme
    paper-icon-theme
    # Audio
    mopidy
    ncmpcpp
-    mpc
+    mpc_cli
    pulsemixer
    easyeffects
    patched-bitwig
    # Productivity
    zathura
    libreoffice-fresh
-    simple-scan
+    gnome.simple-scan
    bc
+    citrix_workspace
+    teams
    pdfgrep
    # Mail stack
    mu
-    (isync.override { withCyrusSaslXoauth2 = true; })
+    isync-oauth2
    msmtp
    # Media
    gimp
-    custom-mpv
+    mpv-sponsorblock
+    nodePackages.webtorrent-cli
    deluge
    yt-dlp-light
-    ffmpeg
    calibre
    beets
    # File management
    zip
    unzip
    unar
+    cifs-utils
+    keyutils
    # Overlays
    cachix
-    # Budgeting
-    beancount
-    beancount-language-server
-    fava
+    # Networking
+    openconnect-sso
    # Programming tools
    ## Shell
    shellcheck
    shfmt
    ## Nix
-    nixfmt-rfc-style
+    nixfmt
    ## Python
-    ty
-    ruff
+    nodePackages.pyright
+    black
    ## C/C++
    clang-tools
    ## Go
@@ -122,13 +112,13 @@ in
  ];

  # Fonts declaration
-  fonts.packages = with pkgs; [
+  fonts.fonts = with pkgs; [
    google-fonts
+    inconsolata-nerdfont
    terminus_font_ttf
    iosevka-bin
    libertine
-    nerd-fonts.inconsolata
-    nerd-fonts.symbols-only
+    emacs-all-the-icons-fonts
  ];

 }
--- a/overlays/cyrus-sasl-oauth2.nix
+++ b/overlays/cyrus-sasl-oauth2.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, inputs, ... }:
+
+let
+  cyrus-sasl-xoauth2 = with pkgs;
+    stdenv.mkDerivation {
+      name = "cyrus-sasl-xoauth2";
+      src = inputs.cyrus-sasl-xoauth2;
+      nativeBuildInputs =
+        [ autoreconfHook inputs.nixpkgs.legacyPackages."${system}".cyrus_sasl ];
+    };
+
+in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      patched-cyrus-sasl-oauth2 = prev.cyrus_sasl.overrideAttrs (div: rec {
+        postInstall = ''
+          for lib in ${cyrus-sasl-xoauth2}/lib/sasl2/*; do
+            ln -sf $lib $out/lib/sasl2/
+          done
+        '';
+      });
+    })
+  ];
+}
--- a/overlays/emacs-vterm.nix
+++ b/overlays/emacs-vterm.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+
+{
+  nixpkgs.overlays = [
+    (final: prev: {
+      emacs-vterm = ((emacsPackagesFor emacs28NativeComp).emacsWithPackages
+        (epkgs: with epkgs; [ vterm pdf-tools ]));
+    })
+  ];
+}
--- a/overlays/isync-oauth2.nix
+++ b/overlays/isync-oauth2.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+
+{
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      isync-oauth2 = isync.overrideAttrs (div: rec {
+        buildInputs = [ openssl db patched-cyrus-sasl-oauth2 zlib ];
+      });
+    })
+  ];
+}
--- a/overlays/nix-direnv.nix
+++ b/overlays/nix-direnv.nix
@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+
+{
+  nixpkgs.overlays = [
+    (self: super: {
+      nix-direnv = super.nix-direnv.override { enableFlakes = true; };
+    })
+  ];
+}
--- a/overlays/openconnect-sso.nix
+++ b/overlays/openconnect-sso.nix
@@ -0,0 +1,3 @@
+{ config, lib, pkgs, inputs, ... }: {
+  nixpkgs.overlays = [ (import "${inputs.openconnect-sso}/overlay.nix") ];
+}
--- a/secrets/bandcamp_token
+++ b/secrets/bandcamp_token
--- a/secrets/samba-ugent.age
+++ b/secrets/samba-ugent.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,8 +1,9 @@
 let
-  coolneng = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
-in
-{
+  coolneng =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
+in {
  "wireguard.age".publicKeys = [ coolneng ];
  "syncthing.age".publicKeys = [ coolneng ];
+  "samba-ugent.age".publicKeys = [ coolneng ];
  "msmtp.age".publicKeys = [ coolneng ];
 }
--- a/secrets/soundcloud_token
+++ b/secrets/soundcloud_token
Author	SHA1	Message	Date
coolneng	5d217cf5cc	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7c656856e9eb863c4d21c83e2601dd77f95f6941' (2023-04-02) → 'github:NixOS/nixpkgs/9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e' (2023-04-05)	2023-04-05 22:31:46 +02:00
coolneng	7e5a6c013d	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30) → 'github:NixOS/nixpkgs/7c656856e9eb863c4d21c83e2601dd77f95f6941' (2023-04-02)	2023-04-03 22:31:58 +02:00
coolneng	bd46f5708c	Add pdfgrep to packages	2023-04-03 10:57:03 +02:00
coolneng	1f6b5b7c4e	Add required dependencies to auto-upgrade service	2023-04-02 22:43:36 +02:00
coolneng	3652e18804	flake.lock: Update Flake lock file updates: • Updated input 'local-bitwig': 'path:/home/coolneng/Projects/panacea/assets/bitwig?lastModified=0&narHash=sha256-n8gLgN6QEVuHe30kQZ/gCWInDHwDpPWOB5RgVh1tSt8%3D' (1970-01-01) → 'path:/home/coolneng/Projects/panacea/assets/bitwig?lastModified=1680095020&narHash=sha256-n8gLgN6QEVuHe30kQZ/gCWInDHwDpPWOB5RgVh1tSt8%3D' (2023-03-29) • Updated input 'openconnect-sso': 'github:vlaci/openconnect-sso/c0bbc9ff7d9477cb721c4b6e44482903fe81791a' (2022-10-26) → 'github:vlaci/openconnect-sso/c3f67e2b037e71c193b3c7b1f90ec9a5a440856f' (2023-03-31)	2023-04-02 02:20:01 +02:00
coolneng	c6c168ea12	flake.lock: Update Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/03b51fe8e459a946c4b88dcfb6446e45efb2c24e' (2023-03-04) → 'github:ryantm/agenix/e64961977f60388dd0b49572bb0fc453b871f896' (2023-03-31) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9a6aabc4740790ef3bbb246b86d029ccf6759658' (2023-03-29) → 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30)	2023-03-31 22:32:48 +02:00
coolneng	ca39df021b	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4bb072f0a8b267613c127684e099a70e1f6ff106' (2023-03-27) → 'github:NixOS/nixpkgs/9a6aabc4740790ef3bbb246b86d029ccf6759658' (2023-03-29)	2023-03-30 22:31:35 +02:00
coolneng	628766e55d	Add patched bitwig-studio to packages	2023-03-29 15:03:40 +02:00