Update

flake.lock

@@ -52,11 +52,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746981801,
-        "narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
+        "lastModified": 1748134483,
+        "narHash": "sha256-5PBK1nV8X39K3qUj8B477Aa2RdbLq3m7wRxUKRtggX4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
+        "rev": "c1e671036224089937e111e32ea899f59181c383",
         "type": "github"
       },
       "original": {
@@ -74,11 +74,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747526922,
-        "narHash": "sha256-NmBP0W4RJ8NTkeaMKy/NNzMBIQDa8n161Igbu7zWM2E=",
+        "lastModified": 1747581338,
+        "narHash": "sha256-/+H9qce+NPsEcAC31s3pbD64nB6GKC3+3ZNLV1+tffk=",
         "owner": "Jan-Bulthuis",
         "repo": "nix-minecraft",
-        "rev": "566b5218ff51d80da60873fe3b5930b8da12091c",
+        "rev": "44b6b40d7a3e0a114567b38a203029a5bc67e838",
         "type": "github"
       },
       "original": {
@@ -109,11 +109,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746576598,
-        "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
+        "lastModified": 1747958103,
+        "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
+        "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1",
         "type": "github"
       },
       "original": {

hosts/20212060/configuration.nix

@@ -10,8 +10,21 @@
   # Admin users
   users.users.jan.extraGroups = [ "wheel" ];
 
+  # Enable virtualisation for VMs
   virtualisation.libvirtd.enable = true;
 
+  # Set up wstunnel client
+  services.wstunnel = {
+    enable = true;
+    clients.wg-tunnel = {
+      connectTo = "wss://wstunnel.bulthuis.dev:443";
+      localToRemote = [
+        "udp://51820:10.10.40.100:51820"
+      ];
+    };
+  };
+
+  # Module setup
   modules = {
     profiles.laptop.enable = true;
   };

hosts/20212060/users/jan.nix

@@ -1,98 +1,9 @@
 {
-  pkgs,
   ...
 }:
 
 {
   home.stateVersion = "24.11";
 
-  home.packages = with pkgs; [
-    libreoffice-still
-    remmina
-    thunderbird
-    signal-desktop
-    prusa-slicer
-    freecad-wayland
-    inkscape
-    ente-auth
-    bitwarden
-    carla
-    winbox
-    whatsapp-for-linux
-    discord
-    steam
-    spotify
-    # feishin # TODO: Fix or replace as insecure
-    eduvpn-client
-    river # TODO: Move
-    firefox # TODO: Move to dediated module
-    ryubing
-    dconf-editor
-    bottles
-  ];
-
-  modules = {
-    # Desktop environment
-    desktop.gnome.enable = true;
-    # desktop.tiling.enable = true;
-
-    # Browser
-    # firefox = {
-    #   enable = true;
-    #   default = false;
-    # };
-    # qutebrowser = {
-    #   enable = true;
-    #   default = true;
-    # };
-
-    # Gaming
-    # retroarch.enable = true;
-    # ryujinx.enable = true;
-
-    # Tools
-    git = {
-      enable = true;
-      user = "Jan-Bulthuis";
-      email = "git@bulthuis.dev";
-      # TODO: Move
-      ignores = [
-        ".envrc"
-        ".direnv"
-        "flake.nix"
-        "flake.lock"
-      ];
-    };
-    # btop.enable = true;
-    direnv.enable = true;
-    fish.enable = true;
-    # bluetuith.enable = false;
-    # obsidian.enable = true;
-    # zathura.enable = true;
-    # keyring.enable = true;
-    # scripts.enable = true;
-    xpra = {
-      enable = true;
-      hosts = [
-        "mixer@10.20.60.251"
-      ];
-    };
-
-    # Development
-    # neovim.enable = true;
-    vscode.enable = true;
-    # docker.enable = true;
-    # matlab.enable = true;
-    # mathematica.enable = true;
-
-    # Languages
-    haskell.enable = false;
-    js.enable = true;
-    nix.enable = true;
-    rust.enable = true;
-    python.enable = true;
-    cpp.enable = true;
-    tex.enable = true;
-    jupyter.enable = false;
-  };
+  modules.profiles.jan.enable = true;
 }

hosts/20212060/users/test.nix

@@ -1,17 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-
-{
-  home.stateVersion = "24.11";
-
-  home.packages = with pkgs; [
-  ];
-
-  modules = {
-    # Desktop environment
-    # desktop.gnome.enable = true;
-    # desktop.tiling.enable = true;
-  };
-}

hosts/vm-audio/configuration.nix

@@ -0,0 +1,241 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.11";
+
+  # Machine hostname
+  networking.hostName = "vm-audio";
+
+  # Enabled modules
+  modules = {
+    profiles.vm.enable = true;
+    sound.enable = true;
+    # spotifyd.enable = true; # TODO: Add this as a local module
+  };
+
+  # Install system packages
+  environment.systemPackages = with pkgs; [
+    carla
+    xpra
+    alsa-utils
+    pulsemixer
+    adwaita-icon-theme
+    open-stage-control
+    carla_osc_bridge
+
+    # Add LV2 plugins
+    lsp-plugins
+    airwindows-lv2
+    distrho-ports
+    cardinal
+    calf
+  ];
+
+  # Setup firewall
+  networking.firewall = {
+    allowedTCPPorts = [
+      8080
+      10402
+      15151
+      22752
+    ];
+    allowedUDPPorts = [
+      8080
+      10402
+      15151
+      22752
+    ];
+  };
+
+  # Setup dependencies
+  environment.variables.LD_LIBRARY_PATH = lib.mkForce "${lib.makeLibraryPath (
+    with pkgs;
+    [
+      cairo
+      pipewire.jack
+    ]
+  )}";
+  qt = {
+    enable = true;
+    style = "adwaita";
+  };
+  xdg.icons = {
+    enable = true;
+    fallbackCursorThemes = [ "Adwaita" ];
+  };
+  hardware.graphics.enable = true;
+
+  # User for audio mixing
+  users.users.mixer = {
+    isNormalUser = true;
+    group = "mixer";
+    extraGroups = [ "systemd-journal" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxoQSxfYqf9ITN8Fhckk8WbY4dwtBAXOhC9jxihJvq jan@bulthuis.dev"
+    ];
+  };
+  users.groups.mixer = { };
+  users.groups.audio = {
+    members = [
+      "mixer"
+    ];
+  };
+  users.groups.bluetooth = {
+    members = [
+      "mixer"
+    ];
+  };
+
+  # Xpra service
+  systemd.user.services.xpra = {
+    description = "Xpra Service";
+    wantedBy = [ "default.target" ];
+    after = [
+      "network.target"
+    ];
+    unitConfig = {
+      ConditionUser = "mixer";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.xpra}/bin/xpra start :7 --bind-tcp=0.0.0.0:15151 --daemon=no";
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+
+  # Carla service
+  systemd.user.services.carla = {
+    description = "Carla Service";
+    wantedBy = [ "default.target" ];
+    after = [
+      "network.target"
+      "sound.target"
+    ];
+    requires = [
+      "xpra.service"
+    ];
+    unitConfig = {
+      ConditionUser = "mixer";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.carla}/bin/carla /home/mixer/Default.carxp -platform xcb";
+      Environment = "\"DISPLAY=:7\"";
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+
+  # Carla service
+  systemd.user.services.carla-bridge = {
+    description = "Carla OSC Bridge";
+    wantedBy = [ "default.target" ];
+    after = [
+      "network.target"
+      "sound.target"
+    ];
+    requires = [
+      "carla.service"
+    ];
+    unitConfig = {
+      ConditionUser = "mixer";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.carla_osc_bridge}/bin/carla_osc_bridge --clients \"127.0.0.1:8080\"";
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+
+  # Open stage control service
+  systemd.user.services.osc = {
+    description = "OSC Service";
+    wantedBy = [ "default.target" ];
+    after = [
+      "network.target"
+    ];
+    requires = [
+      "carla.service"
+    ];
+    unitConfig = {
+      ConditionUser = "mixer";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.open-stage-control}/bin/open-stage-control --no-gui --send 127.0.0.1:10402 --load /home/mixer/open-stage-control/session.json --theme /home/mixer/open-stage-control/theme.css";
+      Environment = "\"ELECTRON_RUN_AS_NODE=1\"";
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+
+  # Create bluetooth A2DP source
+  hardware.bluetooth = {
+    enable = true;
+    disabledPlugins = [ "hostname" ];
+    settings.General = {
+      Name = "Linox";
+      Class = "0x240414";
+      DiscoverableTimeout = 0;
+      AlwaysPairable = true;
+      PairableTimeout = 0;
+      FastConnectable = true;
+      JustWorksRepairing = "always";
+    };
+  };
+  services.pipewire.wireplumber.extraConfig."50-bluetooth-a2dp" = {
+    "monitor.bluez.properties" = {
+      "bluez5.roles" = [ "a2dp_source" ];
+    };
+  };
+
+  # Create null sinks
+  services.pipewire.extraConfig.pipewire."91-null-sinks" = {
+    "context.objects" = [
+      {
+        factory = "adapter";
+        args = {
+          "factory.name" = "support.null-audio-sink";
+          "node.name" = "Speaker-Proxy";
+          "node.description" = "Proxy for Speaker Output";
+          "media.class" = "Audio/Sink";
+          "audio.position" = "L,R";
+        };
+      }
+      {
+        factory = "adapter";
+        args = {
+          "factory.name" = "support.null-audio-sink";
+          "node.name" = "Headphone-Proxy";
+          "node.description" = "Proxy for Headphone Output";
+          "media.class" = "Audio/Sink";
+          "audio.position" = "L,R";
+        };
+      }
+      {
+        factory = "adapter";
+        args = {
+          "factory.name" = "support.null-audio-sink";
+          "node.name" = "SpotifyD-Proxy";
+          "node.description" = "Proxy for SpotifyD";
+          "media.class" = "Audio/Sink";
+          "audio.position" = "L,R";
+        };
+      }
+      {
+        factory = "adapter";
+        args = {
+          "factory.name" = "support.null-audio-sink";
+          "node.name" = "AnalogIn-Proxy";
+          "node.description" = "Proxy for the analog input";
+          "media.class" = "Audio/Source/Virtual";
+          "audio.position" = "L,R";
+        };
+      }
+    ];
+  };
+}

hosts/vm-audio/users/local.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  home.stateVersion = "24.11";
+
+  modules.profiles.base.enable = true;
+}

hosts/vm-vpn/configuration.nix

@@ -0,0 +1,42 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.11";
+
+  # Machine hostname
+  networking.hostName = "vm-vpn";
+
+  # Enabled modules
+  modules = {
+    profiles.vm.enable = true;
+  };
+
+  # Setup wstunnel server
+  services.wstunnel = {
+    enable = true;
+    servers.wg-tunnel = {
+      enableHTTPS = true;
+      listen = {
+        host = "0.0.0.0";
+        port = 8080;
+      };
+      restrictTo = [
+        {
+          host = "10.10.40.100";
+          port = 51820;
+        }
+      ];
+      tlsCertificate = "/var/lib/secrets/fullchain.pem";
+      tlsKey = "/var/lib/secrets/key.pem";
+    };
+  };
+  networking.firewall = {
+    allowedTCPPorts = [ 8080 ];
+  };
+}

hosts/vm-vpn/users/local.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  home.stateVersion = "24.11";
+
+  modules.profiles.base.enable = true;
+}

modules/home/desktop/gnome.nix

@@ -38,7 +38,7 @@ in
         blackbox-terminal
         baobab
         gnome-disk-utility
-        evince
+        papers
         nautilus
         gnome-font-viewer
         loupe
@@ -48,6 +48,8 @@ in
         gnome-text-editor
         showtime
         file-roller
+        mission-center
+        dconf-editor
 
         # For theming gtk3
         adw-gtk3
@@ -56,6 +58,8 @@ in
         gsconnect
         disable-workspace-animation
         wallpaper-slideshow
+        media-progress
+        # luminus-desktop
       ]);
 
     # Enable and set the gtk themes

modules/home/profiles/base.nix

@@ -0,0 +1,31 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.modules.profiles.base;
+in
+{
+  options.modules.profiles.base = {
+    enable = mkEnableOption "Base home-manager profile";
+  };
+
+  config = mkIf cfg.enable {
+    modules = {
+      # btop.enable = true;
+      direnv.enable = true;
+      fish.enable = true;
+      # scripts.enable = true;
+
+      # Development
+      # neovim.enable = true;
+
+      # Languages
+      nix.enable = true;
+    };
+  };
+}

modules/home/profiles/gnome.nix

@@ -0,0 +1,48 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.modules.profiles.gnome;
+in
+{
+  options.modules.profiles.gnome = {
+    enable = mkEnableOption "Graphical GNOME environment";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      firefox # TODO: Move to dediated module
+    ];
+
+    modules = {
+      profiles.base.enable = true;
+
+      # Desktop environment
+      desktop.gnome.enable = true;
+      # desktop.tiling.enable = true;
+
+      # Browser
+      # firefox = {
+      #   enable = true;
+      #   default = false;
+      # };
+      # qutebrowser = {
+      #   enable = true;
+      #   default = true;
+      # };
+
+      # Tools
+      # obsidian.enable = true;
+      # zathura.enable = true;
+
+      # Development
+      # neovim.enable = true;
+      vscode.enable = true;
+    };
+  };
+}

modules/home/profiles/jan.nix

@@ -0,0 +1,86 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.modules.profiles.jan;
+in
+{
+  options.modules.profiles.jan = {
+    enable = mkEnableOption "Jan's personal profile";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      libreoffice-still
+      remmina
+      thunderbird
+      signal-desktop
+      prusa-slicer
+      freecad-wayland
+      inkscape
+      ente-auth
+      bitwarden
+      carla
+      winbox
+      whatsapp-for-linux
+      discord
+      steam
+      spotify
+      # feishin # TODO: Fix or replace as insecure
+      eduvpn-client
+      river # TODO: Move
+      ryubing
+      bottles
+      prismlauncher
+      foliate
+    ];
+
+    modules = {
+      profiles.gnome.enable = true;
+
+      # Gaming
+      # retroarch.enable = true;
+      # ryujinx.enable = true;
+
+      # Tools
+      git = {
+        enable = true;
+        user = "Jan-Bulthuis";
+        email = "git@bulthuis.dev";
+        # TODO: Move
+        ignores = [
+          ".envrc"
+          ".direnv"
+          "flake.nix"
+          "flake.lock"
+        ];
+      };
+      xpra = {
+        enable = true;
+        hosts = [
+          "mixer@10.20.60.251"
+        ];
+      };
+
+      # Development
+      # docker.enable = true;
+      # matlab.enable = true;
+      mathematica.enable = true;
+
+      # Languages
+      haskell.enable = false;
+      js.enable = true;
+      nix.enable = true;
+      rust.enable = true;
+      python.enable = true;
+      cpp.enable = true;
+      tex.enable = true;
+      jupyter.enable = false;
+    };
+  };
+}

modules/nixos/printing.nix

@@ -18,5 +18,8 @@ in
       nssmdns4 = true;
       openFirewall = true;
     };
+
+    # For SMB network printers
+    services.samba.enable = true;
   };
 }

modules/nixos/profiles/vm.nix

@@ -0,0 +1,69 @@
+{
+  mkModule,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.modules.profiles.vm;
+in
+{
+  options.modules.profiles.vm = {
+    enable = mkEnableOption "Base VM profile";
+  };
+
+  config = mkIf cfg.enable {
+    # Enabled modules
+    modules = {
+      profiles.base.enable = true;
+      ssh.enable = true;
+    };
+
+    # Enable qemu guest agent
+    services.qemuGuest.enable = true;
+
+    # Machine platform
+    nixpkgs.hostPlatform = "x86_64-linux";
+
+    # Hardware configuration
+    hardware.enableRedistributableFirmware = true;
+    boot.initrd.availableKernelModules = [
+      "ata_piix"
+      "uhci_hcd"
+      "virtio_pci"
+      "virtio_scsi"
+      "sd_mod"
+      "sr_mod"
+    ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ "kvm-intel" ];
+    boot.extraModulePackages = [ ];
+    hardware.cpu.intel.updateMicrocode = true;
+
+    # Filesystems
+    fileSystems."/" = {
+      device = "/dev/disk/by-partlabel/root";
+      fsType = "ext4";
+    };
+
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-partlabel/EFI";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+
+    # Swapfile
+    swapDevices = [
+      {
+        device = "/var/lib/swapfile";
+        size = 6 * 1024;
+      }
+    ];
+  };
+}