Gitea: Disable Jupyter notebook rendering

base/defaults.nix

@@ -3,7 +3,7 @@
     config = lib.mkDefault {
         i18n.defaultLocale = "en_GB.UTF-8";
         console.keyMap = "us";
-        services.xserver.xkb.layout = "us-fruchti";
+        services.xserver.layout = "us-fruchti";
         services.openssh = {
             enable = true;
             settings = {

base/neovim.nix

@@ -19,7 +19,7 @@
                     changeColorScheme-vim
                     vim-dispatch
                     vimtex
-                    vim-suda
+                    suda-vim
                 ]; 
                 opt = [];
             };

base/packages.nix

@@ -5,8 +5,7 @@
         tmux zellij
         wget
         rsync
-        magic-wormhole
+        git
-        git git-lfs
         gnupg
         file
         ripgrep
@@ -14,7 +13,7 @@
         htop
         ncdu
         killall
-        ranger nnn # joshuto
+        ranger nnn joshuto
         hexyl
         rink
 
@@ -38,7 +37,7 @@
         xsel
     ];
 
-    fonts.packages = with pkgs; [
+    fonts.fonts = with pkgs; [
         vollkorn
         alegreya alegreya-sans
         b612

base/users.nix

@@ -24,7 +24,7 @@ in
             groups = [ "wheel" ];
             commands = [
                 {
-                    command = "/run/current-system/sw/bin/nixos-rebuild";
+                    command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild *";
                     options = [ "NOPASSWD" ];
                 }
             ];

base/xkb/default.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
-    services.xserver.xkb.extraLayouts = {
+    services.xserver.extraLayouts = {
         de-x270 = {
             description = "DE layout with some small changes for Thinkpad X270";
             languages   = [ "deu" ];

hosts/Disco.nix

@@ -2,17 +2,16 @@
 {
     imports = [
         ./development.nix
-        ./xfce.nix
+        ./gnome.nix
         ./x270.nix
         ./scanner.nix
         ./printer.nix
-        # ./clamav.nix
     ];
 
     boot.loader.systemd-boot.enable = true;
     boot.loader.efi.canTouchEfiVariables = true;
     console.keyMap = "de";
-    services.xserver.xkb.layout = "de-x270";
+    services.xserver.layout = "de-x270";
     i18n.defaultLocale = "de_DE.UTF-8";
     networking.hostName = "Disco";
     networking.networkmanager.enable = true;
@@ -64,24 +63,19 @@
 
         zathura
         inkscape
-        vlc mpv a52dec
+        vlc
         gthumb
         gimp
-        darktable
         tenacity
-
         openscad
         freecad
         solvespace
-        dune3d
-
         vscodium
         marktext
         tor-browser-bundle-bin
         libreoffice-fresh
         tdesktop
         horizon-eda
-        kicad-small
         cura
         pulseview
         nextcloud-client
@@ -118,9 +112,8 @@
 
     programs.steam = {
         enable = true;
-        remotePlay.openFirewall = true;
+        # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-        dedicatedServer.openFirewall = true;
+        # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
-        localNetworkGameTransfers.openFirewall = true;
     };
 
     nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
@@ -128,7 +121,6 @@
         "steam-original"
         "steam-runtime"
         "steam-run"
-        "steam-unwrapped"
     ];
 
     fileSystems."/windows" = {
@@ -180,16 +172,6 @@
         LidSwitchIgnoreInhibited = no
     '';
 
-    services.earlyoom = {
-        enable = true;
-        enableNotifications = true;
-    };
-
-    swapDevices = [{
-        device = "/swapfile";
-        size = 16 * 1024;
-    }];
-
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/Emitter.nix

@@ -1,12 +1,12 @@
 { config, pkgs, ... }:
 {
     imports = [
-        ./forgejo.nix
+        ./gitea.nix
         ./tls_sni.nix
     ];
 
     boot.loader.grub.enable = true;
-    boot.loader.grub.device = "/dev/sda";
+    boot.loader.grub.device = "/dev/vda";
 
     networking.hostName = "Emitter";
 
@@ -14,12 +14,12 @@
     networking.useDHCP = false;
     networking = {
         defaultGateway = {
-            address = "176.96.139.1";
+            address = "2.59.133.1";
-            interface = "ens18";
+            interface = "ens3";
         };
         defaultGateway6 = {
-            address = "2a0d:5940:80:4e::1";
+            address = "2a0d:5940:7::1";
-            interface = "ens18";
+            interface = "ens3";
         };
         nameservers = [
             "9.9.9.10"
@@ -27,38 +27,38 @@
             "2606:4700:4700::1111"
             "2001:4860:4860::8888"
         ];
-        interfaces.ens18 = {
+        interfaces.ens3 = {
             ipv4 = {
                 addresses = [
                     {
-                        address = "176.96.139.54";
+                        address = "2.59.133.12";
                         prefixLength = 24;
                     }
                 ];
                 routes = [
                     {
-                        address = "176.96.139.0";
+                        address = "2.59.133.0";
                         prefixLength = 24;
-                        via = "176.96.139.1";
+                        via = "2.59.133.1";
                     }
                 ];
             };
             ipv6 = {
                 addresses = [
                     {
-                        address = "2a0d:5940:80:4e::2";
+                        address = "2a0d:5940:7:16f:216:3cff:fe63:9a54";
                         prefixLength = 64;
                     }
                     {
-                        address = "fe80::4874:40ff:fe38:7a45";
+                        address = "fe80::216:3cff:fe63:9a54";
                         prefixLength = 64;
                     }
                 ];
                 routes = [
                     {
-                        address = "2a0d:5940:80:4e::2";
+                        address = "2a0d:5940:7:16f:216:3cff:fe63:9a54";
                         prefixLength = 64;
-                        via = "2a0d:5940:80:4e::1";
+                        via = "2a0d:5940:7::1";
                     }
                 ];
             };
@@ -98,12 +98,9 @@
                     cat > $out/sbin/burp <<-EOF
                     #!/${pkgs.bash}/bin/bash
                     set -e
-                    echo "Ensuring rupert.gvfr.de is up."
                     ${pkgs.dig}/bin/nslookup rupert.gvfr.de
                     ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null
-                    echo "Opening SSH tunnel."
+                    ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
-                    ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
-                    echo "Beginning backup operation."
                     $out/sbin/burp-untunneled \$@
                     EOF
                     chmod +x $out/sbin/burp
@@ -134,16 +131,10 @@
         };
         serviceConfig = {
             Restart = "on-failure";
-
             RestartSec = retryDelay;
-            # Skip transitions through failed state, i.e. don’t send a e-mail
-            # before the maximum number of retries is exhausted
-            RestartMode = "direct";
         };
     };
 
-    services.postgresql.package = pkgs.postgresql_13;
-
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It’s perfectly fine and recommended to leave

hosts/Rupert.nix

@@ -17,39 +17,10 @@ in
         # ./open-pgsql.nix
     ];
 
-    nixpkgs.overlays = [
-        (
-            self: super: {
-                libbluray = super.libbluray.override {
-                    withAACS = true;
-                    withBDplus = true;
-                };
-            }
-        )
-    ];
-
     boot.loader.systemd-boot.enable = true;
     boot.loader.efi.canTouchEfiVariables = true;
     boot.kernelParams = [ "acpi=force" "reboot=bios" ];
 
-    boot.initrd.kernelModules = [ "i915" ];
-    nixpkgs.config.packageOverrides = pkgs: {
-        vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-    };
-    hardware.graphics = {
-        enable = true;
-        extraPackages = with pkgs; [
-            (if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then vaapiIntel else intel-vaapi-driver)
-            libvdpau-va-gl
-            vaapiVdpau
-            # intel-media-driver
-        ];
-    };
-    environment.variables = {
-        VDPAU_DRIVER = "va_gl";
-    };
-    hardware.cpu.intel.updateMicrocode = true;
-
     networking.hostName = "Rupert";
 
     users.users = {
@@ -71,7 +42,6 @@ in
 
     environment.systemPackages = with pkgs; [
         ntfsprogs
-        smartmontools
         texlive.combined.scheme-full
         ncmpcpp
     ];
@@ -86,7 +56,6 @@ in
     services.flatpak.enable = true;
     xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
     xdg.portal.enable = true;
-    xdg.portal.config.common.default = "*";
 
     hardware.bluetooth = {
         enable = true;
@@ -100,6 +69,9 @@ in
         enableSSHSupport = true;
     };
 
+    # List services that you want to enable:
+
+    # Enable the OpenSSH daemon.
     services.openssh = {
         enable = true;
         settings = {
@@ -116,6 +88,11 @@ in
         4971  # BURP
     ];
 
+    # Copy the NixOS configuration file and link it from the resulting system
+    # (/run/current-system/configuration.nix). This is useful in case you
+    # accidentally delete configuration.nix.
+    # system.copySystemConfiguration = true;
+
     system.autoUpgrade = {
         enable = true;
         allowReboot = true;
@@ -123,21 +100,10 @@ in
         gitPull = true;
         gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration";
         gitUser = "fruchti";
-        rebootIgnoreUsersActive = [ "waldi" ];
     };
 
     # systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ];
 
-    services.smartd = {
-        enable = true;
-        notifications.x11.enable = false;
-        notifications.mail = {
-            enable = true;
-            sender = config.email.fromAddress;
-            recipient = config.email.adminEmail;
-            mailer = "${pkgs.system-sendmail}/bin/sendmail";
-        };
-    };
     services.btrfsScrub = {
         enable = true;
         paths = {
@@ -149,22 +115,6 @@ in
             };
         };
     };
-    services.beesd = {
-        filesystems = {
-            "data" = {
-                spec = "/data";
-                hashTableSizeMB = 1024;
-                verbosity = "alert";
-            };
-            "backup-disk" = {
-                spec = "/mnt/backup";
-                hashTableSizeMB = 1024;
-                verbosity = "alert";
-            };
-        };
-    };
-    # Don’t start automatically
-    systemd.services."beesd@backup-disk".wantedBy = lib.mkForce [];
 
     security.acme = {
         defaults = {
@@ -177,11 +127,6 @@ in
           SUBSYSTEM=="video4linux", ATTRS{idProduct}=="0002", ATTRS{idVendor}=="1d6b", SYMLINK+="hdmi_capture"
     '';
 
-    swapDevices = [{
-        device = "/swapfile";
-        size = 8 * 1024;
-    }];
-
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/bspwm.nix

@@ -4,14 +4,12 @@
         enable = true;
         windowManager.bspwm.enable = true;
         displayManager = {
+            defaultSession = "none+bspwm";
             lightdm.enable = true;
+            autoLogin.enable = true;
+            autoLogin.user = "waldi";
         };
     };
-    services.displayManager = {
-        defaultSession = "none+bspwm";
-        autoLogin.enable = true;
-        autoLogin.user = "waldi";
-    };
 
     services.unclutter-xfixes = {
         enable = true;

hosts/burp-server.nix

@@ -19,7 +19,6 @@
             "Berthold"
             "Ernesto"
             "Emitter"
-            "Adelheid"
         ]);
         superClients = [
             config.networking.hostName

hosts/clamav.nix

@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
-    environment.systemPackages = [
-        pkgs.clamav
-    ];
-    services.clamav.daemon.enable = true;
-
-    services.clamav.updater.enable = true;
-}

hosts/development.nix

@@ -31,7 +31,7 @@
         SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="0660", GROUP="plugdev"
 
         # WCH-LinkE
-        SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8010", MODE="0660", GROUP="plugdev"
+        SUBSYSTEM=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8010", MODE="0660", GROUP="plugdev"
 
         # Glasgow
         SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="plugdev"

hosts/gitea.nix

@@ -2,17 +2,18 @@
 
 let
     domain = "git.25120.org";
-    forgejoCustom = pkgs.callPackage ../packages/directory.nix {
+    giteaCustom = pkgs.callPackage ../packages/directory.nix {
-        name = "forgejo-custom";
+        name = "gitea-custom";
-        source = ./forgejo-custom;
+        source = ./gitea-custom;
     };
 in
 {
-    services.forgejo = {
+    services.gitea = {
         enable = true;
+        appName = "${domain}";
         database = {
             type = "postgres";
-            passwordFile = "/secrets/forgejo_db_password";
+            passwordFile = "/secrets/gitea_db_password";
             createDatabase = false;
         };
         repositoryRoot = "/data/git/repositories";
@@ -41,7 +42,7 @@ in
                 input_file="$1"
 
                 command="${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic"
-                cache_directory="${config.services.forgejo.stateDir}/markup_cache/jupyter"
+                cache_directory="${config.services.gitea.stateDir}/markup_cache/jupyter"
                 max_cache_file_count="${toString max_cached_jupyter_notebooks}"
 
                 cache_file="$cache_directory/$(md5sum "$input_file" | cut -d' ' -f1)"
@@ -64,7 +65,6 @@ in
             '';
         in
         {
-            DEFAULT.APP_NAME = "${domain}";
             server = {
                 SSH_PORT = lib.head config.services.openssh.ports;
                 ROOT_URL = "https://${domain}/";
@@ -73,43 +73,42 @@ in
             };
             service.DISABLE_REGISTRATION = true;
             session.COOKIE_SECURE = true;
-            UI.DEFAULT_THEME = "forgejo-auto";
             "markup.restructuredtext" = {
                 ENABLED = true;
                 FILE_EXTENSIONS = ".rst";
                 RENDER_COMMAND = "${docutils}/bin/rst2html.py";
                 IS_INPUT_FILE = false;
             };
-            "markup.jupyter" = {
+            # "markup.jupyter" = {
-                ENABLED = true;
+            #     ENABLED = true;
-                FILE_EXTENSIONS = ".ipynb";
+            #     FILE_EXTENSIONS = ".ipynb";
-                # RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \"";
+            #     # RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \"";
-                RENDER_COMMAND = "\"${cached_jupyter_preview} \"";
+            #     RENDER_COMMAND = "\"${cached_jupyter_preview} \"";
-                IS_INPUT_FILE = true;
+            #     IS_INPUT_FILE = true;
-                # RENDER_CONTENT_MODE = "iframe";
+            #     # RENDER_CONTENT_MODE = "iframe";
-            };
+            # };
-            "markup.sanitizer.jupyter.div" = { ELEMENT = "div"; ALLOW_ATTR = "class"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.div" = { ELEMENT = "div"; ALLOW_ATTR = "class"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.span" = { ELEMENT = "span"; ALLOW_ATTR = "class"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.span" = { ELEMENT = "span"; ALLOW_ATTR = "class"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.img" = { ELEMENT = "img"; ALLOW_ATTR = "class"; REGEXP = ""; ALLOW_DATA_URI_IMAGES = "true"; };
+            # "markup.sanitizer.jupyter.img" = { ELEMENT = "img"; ALLOW_ATTR = "class"; REGEXP = ""; ALLOW_DATA_URI_IMAGES = "true"; };
-            "markup.sanitizer.jupyter.svg.width" = { ELEMENT = "svg"; ALLOW_ATTR = "width"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.width" = { ELEMENT = "svg"; ALLOW_ATTR = "width"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.height" = { ELEMENT = "svg"; ALLOW_ATTR = "height"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.height" = { ELEMENT = "svg"; ALLOW_ATTR = "height"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.viewbox" = { ELEMENT = "svg"; ALLOW_ATTR = "viewbox"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.viewbox" = { ELEMENT = "svg"; ALLOW_ATTR = "viewbox"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.use" = { ELEMENT = "use"; ALLOW_ATTR = "transform"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.use" = { ELEMENT = "use"; ALLOW_ATTR = "transform"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.g" = { ELEMENT = "g"; ALLOW_ATTR = "class"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.g" = { ELEMENT = "g"; ALLOW_ATTR = "class"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.path.style" = { ELEMENT = "path"; ALLOW_ATTR = "style"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.path.style" = { ELEMENT = "path"; ALLOW_ATTR = "style"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.path.d" = { ELEMENT = "path"; ALLOW_ATTR = "d"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.path.d" = { ELEMENT = "path"; ALLOW_ATTR = "d"; REGEXP = ""; };
-            "markup.sanitizer.jupyter.svg.path.transform" = { ELEMENT = "path"; ALLOW_ATTR = "transform"; REGEXP = ""; };
+            # "markup.sanitizer.jupyter.svg.path.transform" = { ELEMENT = "path"; ALLOW_ATTR = "transform"; REGEXP = ""; };
         };
     };
 
     services.postgresql = {
         enable = true;
         authentication = ''
-          local forgejo all ident map=forgejo-users
+          local gitea all ident map=gitea-users
         '';
-        # Map the forgejo user to postgresql
+        # Map the gitea user to postgresql
         identMap = ''
-            forgejo-users forgejo forgejo
+            gitea-users gitea gitea
         '';
     };
 
@@ -123,21 +122,17 @@ in
             enableACME = true;
             forceSSL = true;
             locations."/".proxyPass = "http://localhost:3001/";
-            extraConfig = ''
-                # Maximum upload file size for git-lfs
-                client_max_body_size 100M;
-            '';
         };
     };
 
-    # users.users.forgejo.extraGroups = [ "keys" ];
+    # users.users.gitea.extraGroups = [ "keys" ];
-    systemd.services.forgejo = {
+    systemd.services.gitea = {
         serviceConfig = {
             ReadOnlyPaths = [ "/secrets" ];
         };
         preStart = ''
-            cp -frT "${forgejoCustom}/" "${config.services.forgejo.stateDir}/custom/"
+            cp -frT "${giteaCustom}/" "${config.services.gitea.stateDir}/custom/"
-            find  "${config.services.forgejo.stateDir}/custom/" -type d -exec chmod 0750 '{}' + -or -type f -exec chmod 0640 '{}' +
+            find  "${config.services.gitea.stateDir}/custom/" -type d -exec chmod 0750 '{}' + -or -type f -exec chmod 0640 '{}' +
         '';
     };
 

hosts/gnome.nix

@@ -11,7 +11,6 @@
     autoLogin.user = "fruchti";
   };
   security.pam.services.gdm.enableGnomeKeyring = true;
-  services.gnome.gnome-keyring.enable = true;
 
   services.touchegg.enable = true;
   services.gnome.gnome-settings-daemon.enable = true;

hosts/hedgedoc.nix

@@ -5,6 +5,7 @@ in
 {
     services.hedgedoc = {
         enable = true;
+        workDir = "/data/hedgedoc";
         environmentFile = "/secrets/hedgedoc.env";
         settings = {
             port = 7000;
@@ -38,7 +39,9 @@ in
         ensureUsers = [
             {
                 name = "hedgedoc";
-                ensureDBOwnership = true;
+                ensurePermissions = {
+                    "DATABASE hedgedoc" = "ALL PRIVILEGES";
+                };
             }
         ];
         ensureDatabases = [ "hedgedoc" ];

hosts/mpd.nix

@@ -44,7 +44,6 @@ in
         tcp.enable = true;
         tcp.anonymousClients.allowedIpRanges = [ "127.0.0.1" ];
     };
-    services.pipewire.enable = false;
 
     users.extraGroups.pulse-access = {
         members = [ "mpd" ];

hosts/nextcloud.nix

@@ -6,23 +6,20 @@ in
     services.nextcloud = {
         enable = true;
         https = true;
-        package = pkgs.nextcloud30;
+        package = pkgs.nextcloud26;
         hostName = hostName;
         datadir = "/data/nextcloud";
-        settings = {
-            trusted_domains = [
-                ((lib.toLower config.networking.hostName) + ".lan")
-                (lib.toLower config.networking.hostName)
-            ];
-            blacklisted_files = [];
-            trashbin_retention_obligation = "auto, 14";
-        };
         config = {
             dbtype = "pgsql";
             dbhost = "/run/postgresql";
             adminpassFile = "/secrets/nextcloud_admin_password.txt";
+            extraTrustedDomains = [
+                ((lib.toLower config.networking.hostName) + ".lan")
+                (lib.toLower config.networking.hostName)
+            ];
         };
         caching.redis = true;
+        enableBrokenCiphersForSSE = false;
     };
 
     services.postgresql = {
@@ -30,14 +27,16 @@ in
         ensureUsers = [
             {
                 name = "nextcloud";
-                ensureDBOwnership = true;
+                ensurePermissions = {
+                    "DATABASE nextcloud" = "ALL PRIVILEGES";
+                };
+            }
+            {
+                name = "superuser";
+                ensurePermissions = {
+                    "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+                };
             }
-            # {
-            #     name = "superuser";
-            #     ensurePermissions = {
-            #         "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-            #     };
-            # }
         ];
         ensureDatabases = [ "nextcloud" ];
     };

hosts/tls_sni.nix

@@ -4,7 +4,6 @@
         streamConfig = ''
             map $ssl_preread_server_name $target_backend {
                 md.gvfr.de rupert;
-                rupert.gvfr.de rupert;
                 default localserv;
             }
 

hosts/x270.nix

@@ -6,17 +6,6 @@
         speed = 170;
     };
 
-    # Ensure that trackpoint mouse buttons work after suspend without having
-    # to touch the trackpoint first
-    powerManagement = {
-        powerDownCommands = ''
-            modprobe -r psmouse
-        '';
-        resumeCommands = ''
-            modprobe psmouse
-        '';
-    };
-
     services.xserver.videoDrivers = [ "modesetting" ];
 
     boot.initrd.kernelModules = [ "i915" ];

hosts/xfce.nix

@@ -1,45 +0,0 @@
-{ config, pkgs, ... }:
-{
-    services.xserver = {
-        enable = true;
-        desktopManager = {
-            xfce.enable = true;
-            xterm.enable = false;
-        };
-        displayManager = {
-            lightdm.enable = true;
-        };
-    };
-    services.displayManager = {
-        defaultSession = "xfce";
-        autoLogin.enable = true;
-        autoLogin.user = "fruchti";
-    };
-    services.libinput.enable = true;
-    nixpkgs.config.pulseaudio = true;
-    hardware.pulseaudio.enable = true;
-    hardware.bluetooth.enable = true;
-    services.blueman.enable = true;
-    # environment.xfce.excludePackages = with pkgs.xfce; [
-    #     xfce4-terminal
-    # ];
-    environment.systemPackages = with pkgs; [
-        xfce.xfce4-whiskermenu-plugin
-        xfce.xfce4-pulseaudio-plugin
-        xfce.xfce4-volumed-pulse
-        xfce.xfwm4-themes
-        pinentry-gtk2
-        lounge-gtk-theme
-        hackneyed
-        blueman
-        gnome.file-roller
-    ];
-    security.pam.services.lightdm.enableGnomeKeyring = true;
-    services.gnome.gnome-keyring.enable = true;
-
-    services.cpupower-gui.enable = true;
-
-    programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
-    services.pcscd.enable = true;
-    services.dbus.packages = [ pkgs.gcr ];
-}

options/auto-upgrade.nix

@@ -36,13 +36,6 @@ in
                 User used for the `git pull` operation (if `gitPull` is enabled).
             '';
         };
-        rebootIgnoreUsersActive = mkOption {
-            type = types.listOf types.str;
-            default = [];
-            description = mdDoc ''
-                If reboots are allowed, active users will prohibit a reboot. Users listed here are ignored from that check.
-            '';
-        };
     };
 
     config = mkIf cfg.enable {
@@ -163,14 +156,6 @@ in
                 EOF
                         )"
                         activate_configuration="no"
-
-                        # Check if any user sessions are open
-                        active_users=$(users | tr ' ' '\n' | sort | uniq | grep -vE '^(${concatStringsSep "|" cfg.rebootIgnoreUsersActive})$')
-                        if [ "$reboot_allowed" = "yes" ] && [ -n "$active_users" ] ; then
-                            reboot_allowed=no
-                            email_body="$(printf "%s\n%s\n%s" "$email_body" "The system cannot reboot since the following users are active:" "$active_users")"
-                        fi
-
                         if [ "$reboot_allowed" = "yes" ] && [ $exit_code -eq 0 ] ; then
                             email_body="$(printf "%s\n%s" "$email_body" "The system will reboot now.")"
                             do_reboot="yes"
@@ -193,7 +178,7 @@ in
                 upgrade_output="$(cat "$output_file")"
                 rm -f "$output_file"
 
-                possible_warnings="$(grep -e "^\(warning\|trace\|evaluation warning\):" <<<"$upgrade_output" || true)"
+                possible_warnings="$(grep -e "^\(warning\|trace\):" <<<"$upgrade_output" || true)"
                 if [ "$possible_warnings" != "" ] ; then
                     send_email=yes
                     email_subject_additions="$email_subject_additions with warnings"

options/dyndns.nix

@@ -63,7 +63,7 @@ in
                 dyndns_user="${cfg.username}"
                 dyndns_password="$(cat "${cfg.passwordFile}")"
 
-                new_ip=$(${pkgs.iproute2}/bin/ip -6 a show scope global -temporary dev "$interface" | ${pkgs.gnused}/bin/sed -n -E 's/^\ *inet6\ (2001(:[0-9a-f]+)+).*$/\1/p' | head -1)
+                new_ip=$(${pkgs.iproute}/bin/ip -6 a show scope global -temporary dev "$interface" | ${pkgs.gnused}/bin/sed -n -E 's/^\ *inet6\ (2001(:[0-9a-f]+)+).*$/\1/p' | head -1)
 
                 if [ -z "$new_ip" ] ; then
                     echo "Could not determine IP address."

options/email.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 with lib;
 let
     cfg = config.email;
@@ -37,7 +37,7 @@ in
             default = {
                 auth = true;
                 host = "gvfr.de";
-                passwordeval = "${pkgs.coreutils}/bin/cat /secrets/email_password.txt";
+                passwordeval = "cat /secrets/email_password.txt";
                 user = cfg.fromAddress;
                 from = cfg.fromAddress;
                 port = 465;

options/status-email.nix

@@ -20,7 +20,7 @@ in
                 to="${toAddress}"
                 service="$1"
                 full_status="$(systemctl status --full --lines 200 "$service")"
-                exit_code="$(echo "$full_status" | head -n5 | tail -1 | sed -e 's/.*ExecStart=.*status=\(.*\))$/\1/g')"
+                exit_code="$(echo "$full_status" | head -n5 | tail -1 | sed -e 's/.*status=\(.*\))$/\1/g')"
                 # state="$(systemctl is-failed "$service")"
 
                 fail_priority=1

overlays/default.nix

@@ -2,6 +2,5 @@
 {
     imports = [
         ./burp.nix
-        ./horizon-eda.nix
     ];
 }

overlays/horizon-eda.nix

@@ -1,13 +0,0 @@
-{ config, ... }:
-{
-    nixpkgs.overlays = [
-        (self: super: {
-            horizon-eda = (super.horizon-eda.overrideAttrs (old: {
-                # Add an environment variable to fix redraw issues on Intel Graphics
-                patches = [
-                    ./horizon_software_draw_surface.patch
-                ];
-            }));
-        })
-    ];
-}

overlays/horizon_software_draw_surface.patch

@@ -1,10 +0,0 @@
-diff --git a/org.horizon_eda.HorizonEDA.desktop b/org.horizon_eda.HorizonEDA.desktop
-index 7551df54..d8df7800 100644
---- a/org.horizon_eda.HorizonEDA.desktop
-+++ b/org.horizon_eda.HorizonEDA.desktop
-@@ -5,4 +5,4 @@ Categories=Development;Engineering;Electronics;
- Type=Application
- Terminal=false
- Icon=org.horizon_eda.HorizonEDA
--Exec=horizon-eda %U
-+Exec=env GDK_GL=software-draw-surface horizon-eda %U