first commit

hosts/server/ca.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSzCCAzOgAwIBAgIUHUOaGhxpyfBqp26tObthWeSavXIwDQYJKoZIhvcNAQEL
+BQAwNTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoM
+CG1hZHJpZ2FsMB4XDTI1MDkxNjE1NTA1MloXDTM1MDkxNDE1NTA1MlowNTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoMCG1hZHJpZ2Fs
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyxyH1uvcTq+ZuQbu22gW
+TsAjY2xHbnW9toLtR+ifn+OJPR850964zhTZ+755b+IF46mw4ToKXhrUhwFmy9uh
+dNP5tAHysqrTOh+60hjxO/RC3fyOWWAxy2+a/D5dB15GZ1JqLV/lysLvfb3BJ0ZO
+JFddsbNPbijIQlA6ntkpc1rv0UVPnus6MrTksXU8UOGmD/ldlu5u/3u/pYWU0n1C
+3JJyW2nFOgx1MpT0fku3Xx5HIG41S4PWJ/50vwkmVoXDE1cmxoO4SmbvLNPpw41C
+pnVucL3b4mwBsnYMXUiygwdupxnfNfX6EblG7cGF93/R90MWp5pfQyByjVlZ6E/J
+2xZJCWLMguSSfVF+NBuprUFhPzxBDpGdHBMHag8B5rRPdw9QwKGV2K4fskDxk4X4
+HswHXbXB+oYL7yKNttVP2+dua9eGT8xZI6te0ppxK5E7uoFdsQHQN+riRSC50VuT
+IQPuNByE0Tkdu1Sa8+jsiL/wCpmLSs1kLq15IOlAAEZSta6ZWw24Ua0kwb1F7LZt
+BLgWAucAHkTJasopJl6IPOxGdfl9tpFzQ+I1izQuhRgfXTBJRbcemA8dJw6qVEe4
+ppJFykiopmAi8L33f6l7VbJU/M4l9FcB0kpA5lrZ6EICDxsihc568mWrdg3Kj1pW
+56mKar5r0oZgCuxfj3zvdr0CAwEAAaNTMFEwHQYDVR0OBBYEFL6gtvcLz11vGar6
+smDnBp2fbVzZMB8GA1UdIwQYMBaAFL6gtvcLz11vGar6smDnBp2fbVzZMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAMPb5lOh9/SFcnAM7pOO+8H8
+X7ID/yDAeiU43NV0PHnvcyKQM6s+22ZlAxqe3rZ3Ajx5yb2ED4cV+iA4W7Pt88j4
+MuriFU8sUh209XwRXCtigw5hwtNyLmdYmyFS2azikLMg9fJ/oHYY8GnOg4JSp0tO
+nX63FID1bCuN/kU7RSjb3HVSuoQcEizQbE9DE1Fo9JA36qyagKCzvfW1KNhqPkUu
+ofTgjVnmTcbRtkUSxp9bzvYZOgnwLSyoCVYAnNSZjmM7DZMGtvJjgoEOlV1OBtFR
+4IasRoczElscXr2NEH967HO8P/4XJDr17wJaQpnZ8Plsw/7TXfSNH6EG+eU1fREn
+hSCZOogGMNZHi/L7i4UlvZhwm/I6Lt7IkH8zCCMp0Ilr9gexLmGPMus7kolmQxCG
+4d1AT5CY1/z+hPQAyepErvy9EynHE+yYhfbV2YV8u+sxqnCZsvGaStCe6xV6o/UK
+gKXkVgW/ulD1nvcrMmsGrWTCMYwO0zefxJtZqXB3ICBnTV5cwj0g88EqPQP9yvcr
+nyXNQfg4dnCj63tylfE/v23RPpXmNnE0kjjpL8znNDoizrUV58aC/JwwkFCTV6MY
+aeof4jzsHa7LPiYrIIr+zNX+MoCPaaRxGifBE0i4uY0yvka7eJHFtB35aPMojnnz
+LZ4GGlHmVuUac04JUcKT
+-----END CERTIFICATE-----

hosts/server/configuration.nix

@@ -0,0 +1,178 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, inputs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      inputs.home-manager.nixosModules.default
+      ../../modules/nixos/smad.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nova"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+  networking.networkmanager.dns= "none";
+  networking.useDHCP = false;
+  networking.dhcpcd.enable = false;
+  networking.nameservers =["192.168.178.43"];
+  networking.dhcpcd.extraConfig = ''
+  nohook resolv.conf
+'';
+  networking.firewall.allowedTCPPorts = [ 80 443 8080];
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "de_DE.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the XFCE Desktop Environment.
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.xfce.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "de";
+    variant = "";
+  };
+
+  # Configure console keymap
+  console.keyMap = "de";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  
+  #Enable WG
+
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Dont forget to set a password with ‘passwd’.
+#  users.users.smad = {
+#    isNormalUser = true;
+#    description = "superuser madrigal";
+#    extraGroups = [ "networkmanager" "wheel" "docker"];
+#    shell = pkgs.fish;
+#    packages = with pkgs; [
+    #  thunderbird
+#    ];
+#  };
+  home-manager = {
+  # also inputs to home-manager modules
+  extraSpecialArgs = { inherit inputs;};
+  users = {
+     "smad" = import ./home.nix;
+    };
+  };
+  
+  # Enable automatic login for the user.
+  services.displayManager.autoLogin.enable = true;
+  services.displayManager.autoLogin.user = "smad";
+  # security
+  security.pki.certificateFiles = [
+  ./fullchain.pem
+  ./ca.pem
+  ];
+
+  # Install firefox.
+  programs.firefox.enable = true;
+  programs.fish.enable = true;
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    kitty 
+    fish
+    wget
+    git
+    ranger
+    fastfetch
+    docker-compose
+    dysk
+    brave
+    rustdesk
+    zoxide
+   bind
+   lynx
+   openssl
+   wireguard-tools
+   nettools
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+   services.openssh.enable = true;
+   virtualisation.docker.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

hosts/server/fullchain.pem

@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIIFzjCCA7agAwIBAgIUaqLdBL4bX5sEJlkOxCsjSFeOQM0wDQYJKoZIhvcNAQEL
+BQAwgYQxCzAJBgNVBAYTAkRFMR8wHQYDVQQIDBZOb3J0aCBSaGluZS1XZXN0cGhh
+bGlhMREwDwYDVQQHDAhEdWlzYnVyZzEpMCcGA1UECgwgTWVpc3RlcmJldHJpZWIg
+VGhvbWFzIFRlcGFzcyBTSEsxFjAUBgNVBAMMDVRob21hcyBUZXBhc3MwIBcNMjUw
+OTA5MTUyMTMzWhgPMjA2MzAxMjMxNTIxMzNaMBgxFjAUBgNVBAMMDW1hZHJpZ2Fs
+LmhvbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8qfL1vPz7xKKQ
+lERS8gCOS+F7xXGYiNrNkhEsiyQINGb6SIz6QJKVUy6cXUs1YFQFirPCDwT3xh3J
+UAcPSuAIaiHAZYE1TOC9OJUhR3+ckKK+zMq3Qigjo8Y42W2rSZafjsG2Qcr3UYky
+9tV4fPkNx9/HwPIoKihz5MhqUs9HowvkHAFq8WLTAmpiVkNChM0qll9CtQJzyiSB
+qffgIWzgx6GhbdEFseuV718v7RoXAHNltZO+C7jqkiSrVd7kH3cQBYuorFIxKeFq
+qs0yOg73ilmbfvzNIpIkHwcDBnzwdILmr/wEdXtBnuepc/rXabJx7NrthIwMF7In
+VjQ1Gc9bETG2ZUDJ6wVW+7jOT1fMNTLYvfTst9Vjb0JSo5LPxpPQv0bcD22g9mp0
+pj4AutQaWAPAJMExs+ClV6HwfVGJFXcKpiGt9ZtGRcVvQvfym/L9iuoFE+VCz2bt
+mDjId/SrC0baB6a0OwpAsh5Bxahu6mDKht5sJXO0D5aizDQmA5gaTBtx044ZAkzq
+Fj4qqA19UxbeXnWWN81xjYOK5kwFpnjwTM6KdsazUGcA+aM3xYRRAjczlCIbzg6o
+TrqOzLJV2ea2TpPkggJQ6XOs0KVqtBwjuwbCnX4+NJca/Sygq3Cqu20XBeawH4bp
+KlxhZl/qU4CpOzje1AzCMmLLQINlGQIDAQABo4GgMIGdMFsGA1UdEQRUMFKCDyou
+bWFkcmlnYWwuaG9tZYINKi50ZXBhc3MuaG9tZYIKKi5uYXMuaG9tZYINbWFkcmln
+YWwuaG9tZYILdGVwYXNzLmhvbWWCCG5hcy5ob21lMB0GA1UdDgQWBBTuFkhjY7Qr
+BkQqlHuaOQsLBvsS5DAfBgNVHSMEGDAWgBR4lUkjIMJjZ/zjE7X3Ckx3ufzVJjAN
+BgkqhkiG9w0BAQsFAAOCAgEAb5KXejT/moh+nPtpNgwleK47gh/Th3ZY8x1kpFP+
+I8xPLzVIJIdjtU1g5XDwY/i3tPAfu+LBhu+xrLL7EyZrT6atCTNWo09nK++sgYA7
+VwpTKvsaiM4j7LQAK9NeYaBlK2GThnTy0wGPCV1Vm5R4UQ0UeI9btAtg+TLp/5V2
+qG+IvMyyCkt12buRKw7wV29t7If3AJPkOw/LFqNVow0QFU49i9flVJzE7odbH2bj
+4jdgJnH8TbYKi30VnRmysIgglVUt69TDINZRf9dTmvritTlDmNZyjBCOL42b8HXQ
+vhXwnItPr4AQvc19+1x1FHczvaHCRtpS5rdvCg50/q+NBJW7+BFXeU7jXOS7Dlcl
+C+Dq185DU1fx0Pl3t20FNdoe9ek4S7L58H/DXujhfX5men0xlRujfJDUHxtgX1SA
+GpAY60HS9BN5k+CzS3IOGEQwIJnaADuCb3HTV+6Dwy8dGe7cKVWa0ur3D0MMHan/
+d2rzdtW88ZJ1K7/8q+rEBbrWBU11IBSJQDIKVgHFW6oWiczHms6FBGnXp9P8gp2K
+vOtpgRvqtKJOpVvJE4OFU3tGWG9M3O/c71Rslae6zLO033MEx7Vq3oI1GSVgXHk4
+XVGEoqt9psi7kEqn5CHzVnnOrtXObikA52XD2vXvbBnTggYQ9JfBEkyA12j5dDwS
+WZk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIUTPMzEwxNcX2E8na24Kmeo2eFwR4wDQYJKoZIhvcNAQEL
+BQAwgYQxCzAJBgNVBAYTAkRFMR8wHQYDVQQIDBZOb3J0aCBSaGluZS1XZXN0cGhh
+bGlhMREwDwYDVQQHDAhEdWlzYnVyZzEpMCcGA1UECgwgTWVpc3RlcmJldHJpZWIg
+VGhvbWFzIFRlcGFzcyBTSEsxFjAUBgNVBAMMDVRob21hcyBUZXBhc3MwHhcNMjUw
+OTA5MTUwODA5WhcNMzUwOTA3MTUwODA5WjCBhDELMAkGA1UEBhMCREUxHzAdBgNV
+BAgMFk5vcnRoIFJoaW5lLVdlc3RwaGFsaWExETAPBgNVBAcMCER1aXNidXJnMSkw
+JwYDVQQKDCBNZWlzdGVyYmV0cmllYiBUaG9tYXMgVGVwYXNzIFNISzEWMBQGA1UE
+AwwNVGhvbWFzIFRlcGFzczCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOPXp1FfICsnsJ4ZVAKx4iurfF2hVnrAhPHZ02qQW8APCrp2JjH00HqpOM9s0kIr
+CiVzN2rKoLAEhe8LHlaM1ncQ4ui5UHcbGeyxv3xrhyYAD85joevSNnku01q1MpPr
+G2xSC5v5iXEQPr1x8ZaJAu6ajUeqQDQbKSs62dCA8H1x64qMigIIvpdLvD2/C67u
+o5W4p1oGeOnjr1VRyqpbt052BLWFvGiGbMSa2VOSCHzbTTEEs79ODYqRgnaJRVz3
+Np9DQQdcglrAytta/8vTvBDik8XKpUzWCJVnfQiaLr4/2oSoBQMI9qlspVkm43oL
+z1nTWJ8NRdgHXlf6GXKqdQQSXn5EgqVDHZLHh8qgQADAE/LQpWEcBosEJmeao4LH
+Dv6fjfepAjxlcdFxjITzL2LCnS30mMl/XT+wfdF8KUBioeLscvyxoXJd4JOT5wJD
+jokH50llajNW/1SIeXTt2/VPSzVkgHBMq3YTbsp0XL7vfBQabT6Sb+Bk7jc46bkk
+O5rK2+ULVVC9wR7AkPNhzX4+Z9AOGaahHtzMBWypzYcanHYyxazwP3oswi8lJm2V
+2TPAodRP8Abvp/DFdne6F8CEDZZHmabSFbDWb5hu6HVsmWEWuFc8a7+AJ6AXwixG
+Q4MtnGjR5Cq2/XPsxOlKqpjnOnrmG+6uHqnCIYJO8p2bAgMBAAGjUzBRMB0GA1Ud
+DgQWBBR4lUkjIMJjZ/zjE7X3Ckx3ufzVJjAfBgNVHSMEGDAWgBR4lUkjIMJjZ/zj
+E7X3Ckx3ufzVJjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBR
+t/rQdRDoSObgtLYEgzJZdxYtfgEYNUdXTPCDYpu7qblQsoCmxw98Kw1g5H4Kuy/q
+sWxFAB3y/Xue5MdWldryMYrOyJ4gT0tjprxz209AtaaRRHrcIVIUVmCU6lYXVL72
+QLE8Ja7Et6l4Ta+z41o6blhDZQBUrWCCSWWHatXDb6xuswUu4sniIv2I0Bkb9bas
+z3sZtBAftBFopZbo+o/KHmzxGUNLEpt5zcoLH0dgJ6vbh2IDl8p361KoDlaFCyq4
+HHTODWGsJFuYtmeCFUBIOB0zn2ABd5PLNn+FPG88LZBWKjy25bI9kEjSSsux5JO5
+mF0oTpjOrtJcPj0rlDjgVzhJtewAUHhGgXTM0e451YmoQk/kDcZ/GawUhBrnW5nQ
+QcNzSoIGtPiAcvl0B/11KCtBeXJnSi62yr5z1w+MyyYYGJRlahA+wKqAUJT8/TD1
+bN8Wvv+7G7MFAs9zx3ycyD79o0jLHbnAIKb2CJO8EByTR2MJZlwV+RBi9byZZpmT
+p6ss0nZT5wsSNful4iWvs+abA/ywm42u8a98fzVNlqO/q4ippF5ezBm2nLcHil3r
+4dtN8Hwk3iEKrzBkV81UK8Gx/KXPq+qKl6g+YANBBLrQvh/FgHPLa3NXr7Xd3IP7
+3L+W0Cr/jrVHUtty4Znfxeat2+DmhEuz/ihk/wmqSw==
+-----END CERTIFICATE-----

hosts/server/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bcdf8feb-de2c-45db-b929-7c91a1f79ce4";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/F794-8574";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/server/home.nix

@@ -0,0 +1,87 @@
+{ config, pkgs, ... }:
+
+{
+imports =[
+../../modules/home-manager/btop.nix
+];
+  # Home Manager needs a bit of information about you and the paths it should
+  # manage.
+  home.username = "smad";
+  home.homeDirectory = "/home/smad";
+
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "25.05"; # Please read the comment before changing.
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  home.packages = [
+    # # Adds the 'hello' command to your environment. It prints a friendly
+    # # "Hello, world!" when run.
+    # pkgs.hello
+    pkgs.tmux
+    # # It is sometimes useful to fine-tune packages, for example, by applying
+    # # overrides. You can do that directly here, just don't forget the
+    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
+    # # fonts?
+    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    # (pkgs.writeShellScriptBin "my-hello" ''
+    #   echo "Hello, ${config.home.username}!"
+    # '')
+  ];
+#  programs.btop = {
+#    enable = true;
+#    settings = {
+      #color_theme = "gruvbox_dark_v2";
+#      color_theme = "catpucchin_mocha";
+#      vim_keys = true;
+#      };
+#      };
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. These will be explicitly sourced when using a
+  # shell provided by Home Manager. If you don't want to manage your shell
+  # through Home Manager then you have to manually source 'hm-session-vars.sh'
+  # located at either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/discubed/etc/profile.d/hm-session-vars.sh
+  #
+  home.sessionVariables = {
+    # EDITOR = "emacs";
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}
+

hosts/worker/ca.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSzCCAzOgAwIBAgIUHUOaGhxpyfBqp26tObthWeSavXIwDQYJKoZIhvcNAQEL
+BQAwNTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoM
+CG1hZHJpZ2FsMB4XDTI1MDkxNjE1NTA1MloXDTM1MDkxNDE1NTA1MlowNTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoMCG1hZHJpZ2Fs
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyxyH1uvcTq+ZuQbu22gW
+TsAjY2xHbnW9toLtR+ifn+OJPR850964zhTZ+755b+IF46mw4ToKXhrUhwFmy9uh
+dNP5tAHysqrTOh+60hjxO/RC3fyOWWAxy2+a/D5dB15GZ1JqLV/lysLvfb3BJ0ZO
+JFddsbNPbijIQlA6ntkpc1rv0UVPnus6MrTksXU8UOGmD/ldlu5u/3u/pYWU0n1C
+3JJyW2nFOgx1MpT0fku3Xx5HIG41S4PWJ/50vwkmVoXDE1cmxoO4SmbvLNPpw41C
+pnVucL3b4mwBsnYMXUiygwdupxnfNfX6EblG7cGF93/R90MWp5pfQyByjVlZ6E/J
+2xZJCWLMguSSfVF+NBuprUFhPzxBDpGdHBMHag8B5rRPdw9QwKGV2K4fskDxk4X4
+HswHXbXB+oYL7yKNttVP2+dua9eGT8xZI6te0ppxK5E7uoFdsQHQN+riRSC50VuT
+IQPuNByE0Tkdu1Sa8+jsiL/wCpmLSs1kLq15IOlAAEZSta6ZWw24Ua0kwb1F7LZt
+BLgWAucAHkTJasopJl6IPOxGdfl9tpFzQ+I1izQuhRgfXTBJRbcemA8dJw6qVEe4
+ppJFykiopmAi8L33f6l7VbJU/M4l9FcB0kpA5lrZ6EICDxsihc568mWrdg3Kj1pW
+56mKar5r0oZgCuxfj3zvdr0CAwEAAaNTMFEwHQYDVR0OBBYEFL6gtvcLz11vGar6
+smDnBp2fbVzZMB8GA1UdIwQYMBaAFL6gtvcLz11vGar6smDnBp2fbVzZMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAMPb5lOh9/SFcnAM7pOO+8H8
+X7ID/yDAeiU43NV0PHnvcyKQM6s+22ZlAxqe3rZ3Ajx5yb2ED4cV+iA4W7Pt88j4
+MuriFU8sUh209XwRXCtigw5hwtNyLmdYmyFS2azikLMg9fJ/oHYY8GnOg4JSp0tO
+nX63FID1bCuN/kU7RSjb3HVSuoQcEizQbE9DE1Fo9JA36qyagKCzvfW1KNhqPkUu
+ofTgjVnmTcbRtkUSxp9bzvYZOgnwLSyoCVYAnNSZjmM7DZMGtvJjgoEOlV1OBtFR
+4IasRoczElscXr2NEH967HO8P/4XJDr17wJaQpnZ8Plsw/7TXfSNH6EG+eU1fREn
+hSCZOogGMNZHi/L7i4UlvZhwm/I6Lt7IkH8zCCMp0Ilr9gexLmGPMus7kolmQxCG
+4d1AT5CY1/z+hPQAyepErvy9EynHE+yYhfbV2YV8u+sxqnCZsvGaStCe6xV6o/UK
+gKXkVgW/ulD1nvcrMmsGrWTCMYwO0zefxJtZqXB3ICBnTV5cwj0g88EqPQP9yvcr
+nyXNQfg4dnCj63tylfE/v23RPpXmNnE0kjjpL8znNDoizrUV58aC/JwwkFCTV6MY
+aeof4jzsHa7LPiYrIIr+zNX+MoCPaaRxGifBE0i4uY0yvka7eJHFtB35aPMojnnz
+LZ4GGlHmVuUac04JUcKT
+-----END CERTIFICATE-----

hosts/worker/configuration.nix

@@ -0,0 +1,174 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, inputs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      inputs.home-manager.nixosModules.default
+      ../../modules/nixos/baal.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+  networking.networkmanager.dns= "none";
+  networking.useDHCP = false;
+  networking.dhcpcd.enable = false;
+  networking.nameservers =["192.168.178.43"];
+  networking.dhcpcd.extraConfig = ''
+  nohook resolv.conf
+'';
+  networking.firewall.allowedTCPPorts = [ 80 443 8080];
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "de_DE.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the XFCE Desktop Environment.
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.xfce.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "de";
+    variant = "";
+  };
+
+  # Configure console keymap
+  console.keyMap = "de";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  
+  #Enable WG
+
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Dont forget to set a password with ‘passwd’.
+#  users.users.smad = {
+#    isNormalUser = true;
+#    description = "superuser madrigal";
+#    extraGroups = [ "networkmanager" "wheel" "docker"];
+#    shell = pkgs.fish;
+#    packages = with pkgs; [
+    #  thunderbird
+#    ];
+#  };
+  home-manager = {
+  # also inputs to home-manager modules
+  extraSpecialArgs = { inherit inputs;};
+  users = {
+     "smad" = import ./home.nix;
+    };
+  };
+  
+  # Enable automatic login for the user.
+  services.displayManager.autoLogin.enable = true;
+  services.displayManager.autoLogin.user = "smad";
+  # security
+  security.pki.certificateFiles = [
+  ./fullchain.pem
+  ./ca.pem
+  ];
+
+  # Install firefox.
+  programs.firefox.enable = true;
+  programs.fish.enable = true;
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    kitty 
+    fish
+    wget
+    git
+    ranger
+    fastfetch
+    docker-compose
+    dysk
+    zoxide
+   bind
+   openssl
+   wireguard-tools
+   nettools
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+   services.openssh.enable = true;
+   virtualisation.docker.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

hosts/worker/fullchain.pem

@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIIFzjCCA7agAwIBAgIUaqLdBL4bX5sEJlkOxCsjSFeOQM0wDQYJKoZIhvcNAQEL
+BQAwgYQxCzAJBgNVBAYTAkRFMR8wHQYDVQQIDBZOb3J0aCBSaGluZS1XZXN0cGhh
+bGlhMREwDwYDVQQHDAhEdWlzYnVyZzEpMCcGA1UECgwgTWVpc3RlcmJldHJpZWIg
+VGhvbWFzIFRlcGFzcyBTSEsxFjAUBgNVBAMMDVRob21hcyBUZXBhc3MwIBcNMjUw
+OTA5MTUyMTMzWhgPMjA2MzAxMjMxNTIxMzNaMBgxFjAUBgNVBAMMDW1hZHJpZ2Fs
+LmhvbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8qfL1vPz7xKKQ
+lERS8gCOS+F7xXGYiNrNkhEsiyQINGb6SIz6QJKVUy6cXUs1YFQFirPCDwT3xh3J
+UAcPSuAIaiHAZYE1TOC9OJUhR3+ckKK+zMq3Qigjo8Y42W2rSZafjsG2Qcr3UYky
+9tV4fPkNx9/HwPIoKihz5MhqUs9HowvkHAFq8WLTAmpiVkNChM0qll9CtQJzyiSB
+qffgIWzgx6GhbdEFseuV718v7RoXAHNltZO+C7jqkiSrVd7kH3cQBYuorFIxKeFq
+qs0yOg73ilmbfvzNIpIkHwcDBnzwdILmr/wEdXtBnuepc/rXabJx7NrthIwMF7In
+VjQ1Gc9bETG2ZUDJ6wVW+7jOT1fMNTLYvfTst9Vjb0JSo5LPxpPQv0bcD22g9mp0
+pj4AutQaWAPAJMExs+ClV6HwfVGJFXcKpiGt9ZtGRcVvQvfym/L9iuoFE+VCz2bt
+mDjId/SrC0baB6a0OwpAsh5Bxahu6mDKht5sJXO0D5aizDQmA5gaTBtx044ZAkzq
+Fj4qqA19UxbeXnWWN81xjYOK5kwFpnjwTM6KdsazUGcA+aM3xYRRAjczlCIbzg6o
+TrqOzLJV2ea2TpPkggJQ6XOs0KVqtBwjuwbCnX4+NJca/Sygq3Cqu20XBeawH4bp
+KlxhZl/qU4CpOzje1AzCMmLLQINlGQIDAQABo4GgMIGdMFsGA1UdEQRUMFKCDyou
+bWFkcmlnYWwuaG9tZYINKi50ZXBhc3MuaG9tZYIKKi5uYXMuaG9tZYINbWFkcmln
+YWwuaG9tZYILdGVwYXNzLmhvbWWCCG5hcy5ob21lMB0GA1UdDgQWBBTuFkhjY7Qr
+BkQqlHuaOQsLBvsS5DAfBgNVHSMEGDAWgBR4lUkjIMJjZ/zjE7X3Ckx3ufzVJjAN
+BgkqhkiG9w0BAQsFAAOCAgEAb5KXejT/moh+nPtpNgwleK47gh/Th3ZY8x1kpFP+
+I8xPLzVIJIdjtU1g5XDwY/i3tPAfu+LBhu+xrLL7EyZrT6atCTNWo09nK++sgYA7
+VwpTKvsaiM4j7LQAK9NeYaBlK2GThnTy0wGPCV1Vm5R4UQ0UeI9btAtg+TLp/5V2
+qG+IvMyyCkt12buRKw7wV29t7If3AJPkOw/LFqNVow0QFU49i9flVJzE7odbH2bj
+4jdgJnH8TbYKi30VnRmysIgglVUt69TDINZRf9dTmvritTlDmNZyjBCOL42b8HXQ
+vhXwnItPr4AQvc19+1x1FHczvaHCRtpS5rdvCg50/q+NBJW7+BFXeU7jXOS7Dlcl
+C+Dq185DU1fx0Pl3t20FNdoe9ek4S7L58H/DXujhfX5men0xlRujfJDUHxtgX1SA
+GpAY60HS9BN5k+CzS3IOGEQwIJnaADuCb3HTV+6Dwy8dGe7cKVWa0ur3D0MMHan/
+d2rzdtW88ZJ1K7/8q+rEBbrWBU11IBSJQDIKVgHFW6oWiczHms6FBGnXp9P8gp2K
+vOtpgRvqtKJOpVvJE4OFU3tGWG9M3O/c71Rslae6zLO033MEx7Vq3oI1GSVgXHk4
+XVGEoqt9psi7kEqn5CHzVnnOrtXObikA52XD2vXvbBnTggYQ9JfBEkyA12j5dDwS
+WZk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIUTPMzEwxNcX2E8na24Kmeo2eFwR4wDQYJKoZIhvcNAQEL
+BQAwgYQxCzAJBgNVBAYTAkRFMR8wHQYDVQQIDBZOb3J0aCBSaGluZS1XZXN0cGhh
+bGlhMREwDwYDVQQHDAhEdWlzYnVyZzEpMCcGA1UECgwgTWVpc3RlcmJldHJpZWIg
+VGhvbWFzIFRlcGFzcyBTSEsxFjAUBgNVBAMMDVRob21hcyBUZXBhc3MwHhcNMjUw
+OTA5MTUwODA5WhcNMzUwOTA3MTUwODA5WjCBhDELMAkGA1UEBhMCREUxHzAdBgNV
+BAgMFk5vcnRoIFJoaW5lLVdlc3RwaGFsaWExETAPBgNVBAcMCER1aXNidXJnMSkw
+JwYDVQQKDCBNZWlzdGVyYmV0cmllYiBUaG9tYXMgVGVwYXNzIFNISzEWMBQGA1UE
+AwwNVGhvbWFzIFRlcGFzczCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOPXp1FfICsnsJ4ZVAKx4iurfF2hVnrAhPHZ02qQW8APCrp2JjH00HqpOM9s0kIr
+CiVzN2rKoLAEhe8LHlaM1ncQ4ui5UHcbGeyxv3xrhyYAD85joevSNnku01q1MpPr
+G2xSC5v5iXEQPr1x8ZaJAu6ajUeqQDQbKSs62dCA8H1x64qMigIIvpdLvD2/C67u
+o5W4p1oGeOnjr1VRyqpbt052BLWFvGiGbMSa2VOSCHzbTTEEs79ODYqRgnaJRVz3
+Np9DQQdcglrAytta/8vTvBDik8XKpUzWCJVnfQiaLr4/2oSoBQMI9qlspVkm43oL
+z1nTWJ8NRdgHXlf6GXKqdQQSXn5EgqVDHZLHh8qgQADAE/LQpWEcBosEJmeao4LH
+Dv6fjfepAjxlcdFxjITzL2LCnS30mMl/XT+wfdF8KUBioeLscvyxoXJd4JOT5wJD
+jokH50llajNW/1SIeXTt2/VPSzVkgHBMq3YTbsp0XL7vfBQabT6Sb+Bk7jc46bkk
+O5rK2+ULVVC9wR7AkPNhzX4+Z9AOGaahHtzMBWypzYcanHYyxazwP3oswi8lJm2V
+2TPAodRP8Abvp/DFdne6F8CEDZZHmabSFbDWb5hu6HVsmWEWuFc8a7+AJ6AXwixG
+Q4MtnGjR5Cq2/XPsxOlKqpjnOnrmG+6uHqnCIYJO8p2bAgMBAAGjUzBRMB0GA1Ud
+DgQWBBR4lUkjIMJjZ/zjE7X3Ckx3ufzVJjAfBgNVHSMEGDAWgBR4lUkjIMJjZ/zj
+E7X3Ckx3ufzVJjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBR
+t/rQdRDoSObgtLYEgzJZdxYtfgEYNUdXTPCDYpu7qblQsoCmxw98Kw1g5H4Kuy/q
+sWxFAB3y/Xue5MdWldryMYrOyJ4gT0tjprxz209AtaaRRHrcIVIUVmCU6lYXVL72
+QLE8Ja7Et6l4Ta+z41o6blhDZQBUrWCCSWWHatXDb6xuswUu4sniIv2I0Bkb9bas
+z3sZtBAftBFopZbo+o/KHmzxGUNLEpt5zcoLH0dgJ6vbh2IDl8p361KoDlaFCyq4
+HHTODWGsJFuYtmeCFUBIOB0zn2ABd5PLNn+FPG88LZBWKjy25bI9kEjSSsux5JO5
+mF0oTpjOrtJcPj0rlDjgVzhJtewAUHhGgXTM0e451YmoQk/kDcZ/GawUhBrnW5nQ
+QcNzSoIGtPiAcvl0B/11KCtBeXJnSi62yr5z1w+MyyYYGJRlahA+wKqAUJT8/TD1
+bN8Wvv+7G7MFAs9zx3ycyD79o0jLHbnAIKb2CJO8EByTR2MJZlwV+RBi9byZZpmT
+p6ss0nZT5wsSNful4iWvs+abA/ywm42u8a98fzVNlqO/q4ippF5ezBm2nLcHil3r
+4dtN8Hwk3iEKrzBkV81UK8Gx/KXPq+qKl6g+YANBBLrQvh/FgHPLa3NXr7Xd3IP7
+3L+W0Cr/jrVHUtty4Znfxeat2+DmhEuz/ihk/wmqSw==
+-----END CERTIFICATE-----

hosts/worker/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bcdf8feb-de2c-45db-b929-7c91a1f79ce4";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/F794-8574";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/worker/home.nix

@@ -0,0 +1,87 @@
+{ config, pkgs, ... }:
+
+{
+imports =[
+../../modules/home-manager/btop.nix
+];
+  # Home Manager needs a bit of information about you and the paths it should
+  # manage.
+  home.username = "smad";
+  home.homeDirectory = "/home/smad";
+
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "25.05"; # Please read the comment before changing.
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  home.packages = [
+    # # Adds the 'hello' command to your environment. It prints a friendly
+    # # "Hello, world!" when run.
+    # pkgs.hello
+    pkgs.tmux
+    # # It is sometimes useful to fine-tune packages, for example, by applying
+    # # overrides. You can do that directly here, just don't forget the
+    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
+    # # fonts?
+    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    # (pkgs.writeShellScriptBin "my-hello" ''
+    #   echo "Hello, ${config.home.username}!"
+    # '')
+  ];
+#  programs.btop = {
+#    enable = true;
+#    settings = {
+      #color_theme = "gruvbox_dark_v2";
+#      color_theme = "catpucchin_mocha";
+#      vim_keys = true;
+#      };
+#      };
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. These will be explicitly sourced when using a
+  # shell provided by Home Manager. If you don't want to manage your shell
+  # through Home Manager then you have to manually source 'hm-session-vars.sh'
+  # located at either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/discubed/etc/profile.d/hm-session-vars.sh
+  #
+  home.sessionVariables = {
+    # EDITOR = "emacs";
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}
+