lock: update

This reverts commit b1e0daf1e3.

.gitignore

@@ -1,4 +1,4 @@
-device-configuration.nix
-hardware-configuration.nix
+repl-result-*
 result
+result-*
 *.qcow2

default.nix

@@ -3,49 +3,45 @@
 # if evaluating inside the store, import the outputs.nix file
 
 let
-  contains = str: substr: let
-    str_length = builtins.stringLength str;
-    substr_length = builtins.stringLength substr;
-    listOfPossibleSubstrings = builtins.genList (i: builtins.substring i substr_length str) (str_length - substr_length + 1);
-  in if substr_length > str_length then false else builtins.any (x: x == substr) listOfPossibleSubstrings;
-
-  endsWith = str: substr: let
-    str_length = builtins.stringLength str;
-    substr_length = builtins.stringLength substr;
-  in if substr_length > str_length then false else builtins.substring (str_length - substr_length) str_length str == substr;
-
-  gitignore = builtins.filter (v:
-      # ignore comments and empty lines
-      if !(builtins.isString v) then false
-      else if !builtins.isNull(builtins.match "^#.*" v) then false
-      else if !builtins.isNull(builtins.match "^$" v) then false
-      else true
-    ) (builtins.split "\n" (builtins.readFile ./.gitignore));
-  
-  # checks if a given path matches a gitignore pattern
-  # string -> bool
-  matchesGitIgnore = path: builtins.any (pattern:
-    let
-      patternLength = builtins.stringLength pattern;
-      unsupportedPatternMessage = "matchesGitIgnore: Unsupported pattern: ${pattern}";
-    in
-      if pattern == "*" then true
-      else if pattern == ".*" then true
-      else if pattern == "*.*" then true
-      else if builtins.substring 0 2 pattern == "*." then endsWith path (builtins.substring 0 2 pattern)
-      else if contains pattern "*" then abort unsupportedPatternMessage
-      else if patternLength > 2 && builtins.substring 0 2 pattern == "./" then abort unsupportedPatternMessage
-      else if patternLength > 1 && builtins.substring 0 1 pattern == "/" then abort unsupportedPatternMessage
-      else contains path pattern
-  ) gitignore;
+  # Ideally this file should be selfcontained, but I like the utilities in nixpkgs lib
+  lib = (import "${(import ./inputs.nix {}).nixpkgs}/lib").extend (self: super: {
+    proot = import ./lib/gitignore-filter.nix { lib = self; };
+    inherit (self.proot) parseGitignore runGitignoreFilter toGitignoreMatcher;
+  });
 
   currentFilePath = (builtins.unsafeGetAttrPos "any" { any = "any"; }).file;
   storePathLength = builtins.stringLength (builtins.toString builtins.storeDir);
   evaluatingInStore = (builtins.substring 0 storePathLength currentFilePath) == builtins.storeDir;
 
-  selfInStore = builtins.filterSource (path: type:
-      type != "unknown" && builtins.baseNameOf path != ".git" && !matchesGitIgnore path
-    ) ./.;
+  gitlessSelfInStore = {
+    outPath = builtins.path {
+      path = ./.;
+      name = "source";
+      filter = path: type:
+        let
+          selfPath = builtins.dirOf currentFilePath;
+          gitIgnoreFilters = lib.parseGitignore selfPath path;
+          result = type != "unknown"
+            && type != "symlink"
+            && builtins.baseNameOf path != ".git"
+            && lib.runGitignoreFilter gitIgnoreFilters path type;
+        in result;
+    };
+    selfMode = "path";
+  };
+  gitfullSelfInStore = builtins.fetchGit "file://${builtins.toString ./.}" // {
+    selfMode = "git";
+  };
+
+  selfInStore' = builtins.tryEval gitfullSelfInStore;
+  selfInStore = if selfInStore'.success then selfInStore'.value else gitlessSelfInStore;
 in
-if !(evaluatingInStore) then { ... }@args: import selfInStore ({ selfPath = selfInStore; } // args )
-else { ... }@args: import ./outputs.nix ({ selfPath = selfInStore; } // args)
+if !(evaluatingInStore) then { ... }@args: import selfInStore ({
+  selfPath = selfInStore;
+} // args )
+else { ... }@args: import ./outputs.nix ({
+  selfPath = {
+    outPath = builtins.toString ./.;
+    selfMode = "store";
+  };
+} // args)

hosts/main/default.nix

@@ -1,64 +0,0 @@
-{ inputs, pkgs, ... }:
-
-{
-  imports = [
-    ../../nix-os/core.nix
-    ../../nix-os/core-desktop.nix
-    ../../nix-os/nvidia.nix
-    ../../nix-os/docker.nix
-    ../../nix-os/razer.nix
-    ../../nix-os/desktopManagers/gnome.nix
-    ../../nix-os/displayManagers/gdm.nix
-    ../../nix-os/shell.nix
-    ../../nix-os/virtualization.nix
-    ../../nix-os/polkit/disable-shutdown.nix
-    ../../nix-os/locale.nix
-    ../../nix-os/adb.nix
-    ../../nix-os/account.nix
-    ../../nix-os/xdg-default-apps.nix
-    ../../nix-os/services/nix-binary-cache.nix
-    ../../nix-os/udev.nix
-    ../../nix-os/gnupg.nix
-
-    "${inputs.nixos-vscode-server}"
-  ];
-
-  config = {
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
-    networking.hostName = "wroclaw-main";
-
-    services.xrdp.enable = true;
-    users.groups."tsusers".members = [ "wroclaw" ];
-
-    services.printing.drivers = with pkgs; [
-      hplip
-    ];
-
-    # nixos-vscode-server module needs this
-    programs.nix-ld.enable = true;
-    services.vscode-server = {
-      enable = true;
-      extraRuntimeDependencies = with pkgs; [
-        docker
-      ];
-    };
-
-    services.pipewire.wireplumber.configPackages = [(
-      pkgs.stdenvNoCC.mkDerivation {
-        name = "wireplumber-config";
-        src = ./wireplumber;
-        phases = [ "installPhase" ];
-        installPhase = ''
-          mkdir -p $out/share/wireplumber/wireplumber.conf.d
-          cp -r $src/* $out/share/wireplumber/wireplumber.conf.d
-        '';
-      }
-    )];
-
-    services.printing.startWhenNeeded = false;
-
-    system.stateVersion = "23.05";
-  };
-}

hosts/tablet.nix

@@ -1,50 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ../nix-os/core.nix
-    ../nix-os/core-desktop.nix
-    ../nix-os/account.nix
-    ../nix-os/adb.nix
-    ../nix-os/locale.nix
-    ../nix-os/shell.nix
-    ../nix-os/gnupg.nix
-
-    ../nix-os/desktopManagers/gnome.nix
-    ../nix-os/displayManagers/gdm.nix
-    ../nix-os/udev.nix
-  ];
-
-  config = {
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
-    networking.hostName = "wroclaw-hp";
-    networking.networkmanager.enable = true;
-    networking.firewall.enable = true;
-    hardware.sensor.iio.enable = true;
-
-    networking.firewall.allowedTCPPortRanges = [
-      # KDE Connect
-      rec { from = 1714; to = from + 50; }
-    ];
-
-    networking.firewall.allowedUDPPortRanges = [
-      # KDE Connect
-      rec { from = 1714; to = from + 50; }
-    ];
-
-    services.logind.extraConfig = ''
-      HandlePowerKey=suspend
-      HandlePowerKeyLongPress=poweroff
-      HandleSuspendKey=suspend-then-hibernate
-      HandleSuspendKeyLongPress=hibernate
-      HandleLidSwitch=lock
-      HandleLidSwitchDocked=ignore
-      HandleLidSwitchExternalPower=lock
-    '';
-
-    system.stateVersion = "23.11";
-  };
-}
-

hosts/vm-base.nix

@@ -1,21 +0,0 @@
-{ lib, modulesPath, ... }:
-
-{
-  imports = [
-    "${modulesPath}/virtualisation/qemu-vm.nix"
-    ../nix-os/account.nix
-    ../nix-os/core.nix
-    ../nix-os/locale.nix
-    ../nix-os/polkit/disable-shutdown.nix
-    ../nix-os/shell.nix
-    ../nix-os/udev.nix
-    ../nix-os/xdg-default-apps.nix
-  ];
-
-  config = {
-    services.syncthing.enable = lib.mkForce false;
-    virtualisation = {
-      memorySize = 4096;
-    };
-  };
-}

hosts/vm-gnome.nix

@@ -1,9 +0,0 @@
-{ lib, ... }:
-
-{
-  imports = [
-    ./vm-base.nix
-    ../nix-os/desktopManagers/gnome.nix
-    ../nix-os/displayManagers/gdm.nix
-  ];
-}

inputs.nix

@@ -1,24 +1,111 @@
-let self = {
-  lock ? import ./lock.nix
-, lib ? import "${(self {}).nixpkgs}/lib"
+{
+  lock ? import lockFile,
+  lockFile ? ./lock.nix,
+  pkgs ? throw "inputs called without pkgs",
 }:
 
-{
+let
+
+self = {
   inherit lock;
-  nixos-vscode-server = builtins.fetchTarball {
-    name = "nixos-vscode-server";
+  nixos-vscode-server = rec {
     url = "https://github.com/nix-community/nixos-vscode-server/archive/${lock.nixos-vscode-server.revision}.tar.gz";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousVersion = lock.nixos-vscode-server.revision;
+      versionUrl = "https://api.github.com/repos/nix-community/nixos-vscode-server/commits";
+      contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
+      prefetchList = [{
+        previousHash = lock.nixos-vscode-server.sha256;
+        prefetchUrlLocation = {
+          file = ./inputs.nix;
+          attrpath = "nixos-vscode-server.url";
+        };
+      }];
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
       sha256 = "${lock.nixos-vscode-server.sha256}";
     };
-  nixpkgs = builtins.fetchTarball {
-    name = "nixpkgs";
+  };
+  nixpkgs = rec {
     url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs.revision}.tar.gz";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousVersion = lock.nixpkgs.revision;
+      versionUrl = "https://channels.nixos.org/nixos-25.05/git-revision";
+      prefetchList = [{
+        previousHash = lock.nixpkgs.sha256;
+        prefetchUrlLocation = {
+          file = ./inputs.nix;
+          attrpath = "nixpkgs.url";
+        };
+      }];
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
       sha256 = "${lock.nixpkgs.sha256}";
     };
-  cosmic-modules = builtins.fetchTarball {
-    name = "cosmic-modules";
+  };
+  nixpkgs-unstable = rec {
+    url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs-unstable.revision}.tar.gz";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousVersion = lock.nixpkgs-unstable.revision;
+      versionUrl = "https://channels.nixos.org/nixos-unstable/git-revision";
+      prefetchList = [{
+        previousHash = lock.nixpkgs-unstable.sha256;
+        prefetchUrlLocation = {
+          file = ./inputs.nix;
+          attrpath = "nixpkgs-unstable.url";
+        };
+      }];
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      sha256 = "${lock.nixpkgs-unstable.sha256}";
+    };
+  };
+  nix-bitcoin = rec {
+    url = "https://github.com/fort-nix/nix-bitcoin/archive/${lock.nix-bitcoin.revision}.tar.gz";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousVersion = lock.nix-bitcoin.revision;
+      versionUrl = "https://api.github.com/repos/fort-nix/nix-bitcoin/commits";
+      contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
+      prefetchList = [{
+        previousHash = lock.nix-bitcoin.sha256;
+        prefetchUrlLocation = {
+          file = ./inputs.nix;
+          attrpath = "nix-bitcoin.url";
+        };
+      }];
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      sha256 = "${lock.nix-bitcoin.sha256}";
+    };
+  };
+  cosmic-modules = rec {
     url = "https://github.com/lilyinstarlight/nixos-cosmic/archive/${lock.cosmic-modules.revision}.tar.gz";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousVersion = lock.cosmic-modules.revision;
+      versionUrl = "https://api.github.com/repos/amozeo/nixos-cosmic/commits";
+      contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
+      prefetchList = [{
+        previousHash = lock.cosmic-modules.sha256;
+        prefetchUrlLocation = {
+          file = ./inputs.nix;
+          attrpath = "cosmic-modules.url";
+        };
+      }];
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
       sha256 = "${lock.cosmic-modules.sha256}";
     };
   };
+};
+
 in self

lib/gitignore-filter.nix

@@ -0,0 +1,112 @@
+{ lib }: {
+  # function that takes gitignore file pattern and returns filter function
+  # true - include file
+  # false - exclude file
+  # null - no match
+  # string -> string -> [(string -> string -> (bool | null))]
+  toGitignoreMatcher = gitignorePath: pattern: lib.pipe pattern [
+    (v: { pattern = v; invalid = false; })
+    # trim whitespaces not preceded by backslash
+    (v: v // { pattern = let
+      stringLength = builtins.stringLength v.pattern;
+      leftPaddingLength = builtins.stringLength (lib.trimWith { start = true; end = false; } v.pattern) - stringLength;
+      rightPaddingLength = builtins.stringLength (lib.trimWith { start = false; end = true; } v.pattern) - stringLength;
+      isLastCharBackslash = if stringLength == 0 then false
+        else builtins.substring (stringLength - rightPaddingLength - 1) 1 v.pattern == "\\";
+      trimmedString = builtins.substring leftPaddingLength (stringLength - leftPaddingLength - rightPaddingLength) v.pattern;
+    in if isLastCharBackslash && rightPaddingLength > 0 then trimmedString + " " else trimmedString; })
+    # ignore empty lines
+    (v: if v.pattern != "" then v else v // { invalid = true; })
+    # ignore comments
+    (v: if !v.invalid && builtins.substring 0 1 v.pattern != "#" then v else v // { invalid = true; })
+    # mark negated patterns
+    (v:
+      if !v.invalid && builtins.substring 0 1 v.pattern == "!"
+      then v // {
+        negated = true;
+        pattern = builtins.substring 1 (builtins.stringLength v) v;
+      }
+      else v // { negated = false; }
+    )
+    # ignore escapes
+    (v: if v.invalid then v else v // { pattern = builtins.replaceStrings ["\\"] [""] v.pattern; })
+    # convert parsed pattern to matchers
+    ({ pattern, negated, invalid }: {
+      __functor = _: path: type: let
+        relative = builtins.match "^/.+[^/]$" pattern == [];
+        directory = builtins.match "/$" pattern == [];
+        regexPattern = lib.pipe pattern [
+          (v: if relative then "${gitignorePath}/${v}" else v)
+          (builtins.split "/")
+          (builtins.filter (v: v != []))
+          (builtins.map (builtins.split "(\\*\\*|\\*)"))
+          (builtins.concatMap (v:
+            # v: (string | [string])[]
+            if v == [ "" ] then []
+            # TODO: check and add support for .. <directory-up> if git supports
+            else if v == [ "." ] then []
+            else [( builtins.foldl' (acc: vp:
+              # vp: string | [string]
+              if builtins.isString vp then acc + lib.escapeRegex vp
+              else if vp == [ "**" ] then acc + ".*"
+              else if vp == [ "*" ] then acc + "[^/]*"
+              else throw "unreachable"
+            ) "" v )]
+          ))
+          (builtins.concatStringsSep "/" )
+          (v: if relative then v else ".*/${v}")
+        ];
+        matches = (!directory || type == "directory")
+          && (builtins.match regexPattern path == []);
+      in if invalid then null
+        else if matches then negated
+        else null;
+      # for debug purposes
+      inherit pattern negated;
+      # for filtering purposes
+      inherit invalid;
+    })
+  ];
+
+  # TODO: optimize this so if match is found in a given gitignore,
+  #       no further checks in gitignores in parent directories are performed
+
+  parseGitignore = gitRepositoryPath: filePath: lib.pipe filePath [
+    (builtins.dirOf)
+    (builtins.split "/" )
+    (builtins.filter (v: v != [] && v != ""))
+    # ["a" "b" "c"] -> ["/" "/a/" "/a/b/" "/a/b/c/"]
+    (
+      builtins.foldl' (acc: v: acc ++ [(
+        (builtins.elemAt acc (builtins.length acc - 1)) + "${v}/"
+      )] ) ["/"]
+    )
+    (builtins.map (v: "${v}.gitignore"))
+    # Filter out paths that are not part of git repository and don't exist
+    (builtins.filter (v: lib.hasPrefix gitRepositoryPath v && builtins.pathExists v))
+    (builtins.map (v: {
+      path = v;
+      # Split gitignore files into lines
+      contents = lib.pipe v [
+        builtins.readFile
+        (builtins.split "\n")
+        # builtins.split uses lists for matches
+        (builtins.filter (v: v != []))
+      ];
+    }))
+    # Convert gitignore patterns to matchers
+    (builtins.map (v:
+      builtins.map (lib.toGitignoreMatcher v.path) v.contents)
+    )
+    lib.flatten
+    (lib.filter (v: !v.invalid))
+  ];
+
+  runGitignoreFilter = filters: path: type: lib.pipe filters [
+    (builtins.map (v: v path type))
+    (builtins.filter (v: v != null))
+    # If any filter didn't match anything, include the file
+    (v: if v == [] then [ true ] else v)
+    (v: builtins.elemAt v (builtins.length v - 1))
+  ];
+}

lib/overlays/version-info-fixup.nix

@@ -1,8 +1,8 @@
-{ inputs ? import ../../inputs.nix {} }:
+{ revision }:
 
 selfLib: superLib: {
   trivial = superLib.trivial // {
-    versionSuffix = ".git.${builtins.substring 0 12 inputs.lock.nixpkgs.revision}";
-    revisionWithDefault = default: inputs.lock.nixpkgs.revision or default;
+    versionSuffix = ".git.${builtins.substring 0 12 revision}";
+    revisionWithDefault = default: revision;
   };
 }

lock.nix

@@ -1,14 +1,22 @@
 {
   nixos-vscode-server = {
-    revision = "fc900c16efc6a5ed972fb6be87df018bcf3035bc";
-    sha256 = "1rq8mrlmbzpcbv9ys0x88alw30ks70jlmvnfr2j8v830yy5wvw7h";
+    revision = "4ec4859b12129c0436b0a471ed1ea6dd8a317993";
+    sha256 = "sha256-Bx7DOPLhkr8Z60U9Qw4l0OidzHoqLDKQH5rDV5ef59A=";
   };
   nixpkgs = {
-    revision = "883180e6550c1723395a3a342f830bfc5c371f6b";
-    sha256 = "01axrf25mahbxmp6vgfgx09dflbyaavr5liynkp6rpm4lkacr27f";
+    revision = "b43c397f6c213918d6cfe6e3550abfe79b5d1c51";
+    sha256 = "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=";
+  };
+  nixpkgs-unstable = {
+    revision = "3016b4b15d13f3089db8a41ef937b13a9e33a8df";
+    sha256 = "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=";
+  };
+  nix-bitcoin = {
+    revision = "aec8331f261dacc116a17f034d0dd2fde8ef66eb";
+    sha256 = "sha256-rEppXe8E4q0GWB3uU3I/tzdeu4tDOy6O3jB6yDW7KaE=";
   };
   cosmic-modules = {
-    revision = "d8b2b9aee034c10ca67848653171f576f87434a8";
-    sha256 = "03i8smxgx2fdb9kkys81dihb5yja3nk9wjs1rx5h7f3b5kii1fd7";
+    revision = "7e3fc3ea3e05fd90632433d02674cd9afe0513c9";
+    sha256 = "sha256-OBmdkDj6jhkO5W76ZSSUZLfKt+TrQtxxYlcvXS+6cAs=";
   };
 }

nix-os/account.nix

@@ -1,45 +0,0 @@
-{ config, lib, pkgs, unstablePkgs, ... }:
-
-{
-  imports = [
-    ./unstable-packages.nix
-  ];
-  users.users.wroclaw = {
-    isNormalUser = true;
-    description = "Rafał";
-    group = "wroclaw";
-    extraGroups = [
-      "users"
-      "wheel"
-    ] ++ lib.optional config.programs.adb.enable "adbusers";
-    linger = true;
-    initialPassword = "nixos";
-    packages = with pkgs; [
-      firefox
-      (vivaldi.override {
-        proprietaryCodecs = true;
-        commandLineArgs = [ "--ozone-platform=wayland" ];
-      })
-      vesktop
-      unstablePkgs.vscode
-      gimp
-      inkscape
-      krita
-      unstablePkgs.zettlr
-    ];
-  };
-  users.groups.wroclaw.gid = 1000;
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = true;
-  };
-
-  services.syncthing = {
-    enable = true;
-    user = "wroclaw";
-    group = "wroclaw";
-    dataDir = "/home/wroclaw";
-    configDir = "/home/wroclaw/.config/syncthing";
-  };
-}

nix-os/core-desktop.nix

@@ -1,35 +0,0 @@
-{config, lib, pkgs, ... }:
-
-{
-  config = {
-    services.printing.enable = true;
-
-    sound.enable = false;
-    hardware.pulseaudio.enable = false;
-    security.rtkit.enable = true;
-    services.pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-
-      # Enable audio interfaces renaming
-      wireplumber.enable = true;
-    };
-
-    environment.systemPackages = with pkgs; [
-      mpv
-    ];
-
-    services.openssh.extraConfig = ''
-      X11Forwarding yes
-    '';
-
-    # Fonts
-    fonts.packages = with pkgs; [
-      corefonts
-      nerdfonts
-      roboto
-    ];
-  };
-}

nix-os/core.nix

@@ -1,96 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running 'nixos-help').
-
-{ inputs, lib, pkgs, ... }:
-
-let
-  inherit (pkgs) mkWrappedExecutable;
-
-  # bool -> nixpkgs[]
-  wrappedNixExecutables = inEnvironment: assert builtins.isBool inEnvironment; [
-    (mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-build"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar${lib.optionalString inEnvironment "-with-logs"}"];})
-    (mkWrappedExecutable {pkg = pkgs.nix; exe = "nix-shell"; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar"];})
-  ];
-  wrappedNixosExecutables = [
-    (mkWrappedExecutable {pkg = pkgs.nixos-rebuild; wrapperArgs = ["--add-flags" "\"--log-format\"" "--add-flags" "bar"];})
-  ];
-  wrappedNix = (pkgs.buildEnv {
-    name = "wrappedNix-${pkgs.nix.version}";
-    paths = [ pkgs.nix ] ++ wrappedNixExecutables false;
-  }).overrideAttrs {
-    version = pkgs.nix.version;
-  };
-in
-{
-  # kernel
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-  nix = {
-    package = wrappedNix;
-    channel.enable = false;
-    settings.nix-path = [
-      "nixpkgs=${pkgs.selfExpr { useConfig = false; }}"
-      "systemNixpkgs=${pkgs.selfExpr { useConfig = true; name = "systemNixpkgs-self"; }}"
-      # don't garbage collect the nixpkgs input
-      "inputsNixpkgs=${inputs.nixpkgs}"
-    ];
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    wget
-    ffmpeg
-    yt-dlp
-    htop
-    btop
-    fastfetch
-    smartmontools
-    ddrescue
-  ] ++ wrappedNixExecutables true
-    ++ wrappedNixosExecutables;
-
-  programs.git.enable = true;
-  programs.git.config = {
-    init.defaultBranch = "main";
-    merge.conflictstyle = "diff3";
-    rerere.enabled = true;
-  };
-
-  # Use nix-index for command-not-found handler
-  programs.command-not-found.enable = false;
-  programs.nix-index = {
-    package = pkgs.nix-index.override {
-      nix-index-unwrapped = pkgs.nix-index-unwrapped.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [] ++ [
-          ../pkgs/by-name/ni/nix-index/cnfOutput.patch
-        ];
-      });
-
-    };
-    enable = true;
-    enableBashIntegration = true;
-  };
-
-  # Enable fail2ban because of the OpenSSH server
-  services.fail2ban = {
-    enable = true;
-    maxretry = 10;
-    bantime = "7d";
-  };
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    ports = [
-      22
-      8022
-    ];
-  };
-}

nix-os/desktopManagers/cosmic.nix

@@ -1,10 +0,0 @@
-{ inputs, lib, pkgs, ... }:
-
-{
-  imports = [
-    "${inputs.cosmic-modules}/nixos/cosmic/module.nix"
-  ];
-  config = {
-    services.desktopManager.cosmic.enable = true;
-  };
-}

nix-os/docker.nix

@@ -1,39 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-{
-  config.virtualisation.docker = {
-    enable = true;
-    enableOnBoot = true;
-    storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
-    rootless.enable = true;
-    rootless.setSocketVariable = true;
-    daemon.settings = {
-      default-address-pools = [
-        {base = "10.64.0.0/10"; size = 24;}
-      ];
-      bip = "10.127.0.1/16";
-    };
-  };
-  config.users.users.indocker = {
-    isSystemUser = true;
-    hashedPassword = "!";
-    uid = 900;
-    group = "indocker";
-  };
-  config.users.groups.indocker = {
-    gid = 900;
-  };
-  config.environment.systemPackages = with pkgs; [
-    docker-compose
-  ];
-
-  # Docker enables firewall anyway, let's enable the firewall for it if it's disabled
-  # TODO: Apply only when config.networking.firewall is false
-  config.networking.firewall = {
-    enable = lib.mkOverride 90 true;
-    allowedTCPPorts = lib.mkOverride 90 [];
-    allowedUDPPorts = lib.mkOverride 90 [];
-    allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
-    allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
-  };
-}

nix-os/nvidia.nix

@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ...}:
-
-{
-  hardware.opengl = {
-    enable = true;
-    driSupport = true;
-    driSupport32Bit = true;
-  };
-  services.xserver.videoDrivers = ["nvidia"];
-  hardware.nvidia = {
-    modesetting.enable = true;
-    powerManagement.enable = true;
-    open = false;
-    nvidiaSettings = true;
-    package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
-      version = "555.58.02";
-      sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
-      sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
-      openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
-      settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
-      persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
-    };
-  };
-  nixpkgs.config.nvidia.acceptLicense = true;
-}

nix-os/polkit/disable-shutdown.nix

@@ -1,46 +0,0 @@
-{ ... }:
-
-{
-  security.polkit.extraConfig = ''
-    polkit.addRule(function(action, subject) {
-      polkit.log("action=" + action);
-      polkit.log("subject=" + subject);
-      if (
-        action.id == "org.freedesktop.login1.halt" ||
-        action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
-        action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
-        action.id == "org.freedesktop.login1.hibernate" ||
-        action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
-        action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
-        action.id == "org.freedesktop.login1.inhibit-block-idle" ||
-        action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
-        action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
-        action.id == "org.freedesktop.login1.inhibit-delay-shutdown" ||
-        action.id == "org.freedesktop.login1.inhibit-delay-sleep" ||
-        action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
-        action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
-        action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
-        action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
-        action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
-        action.id == "org.freedesktop.login1.power-off" ||
-        action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
-        action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
-        action.id == "org.freedesktop.login1.reboot" ||
-        action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
-        action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
-        action.id == "org.freedesktop.login1.set-reboot-parameter" ||
-        action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
-        action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
-        action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
-        action.id == "org.freedesktop.login1.set-self-linger" ||
-        action.id == "org.freedesktop.login1.set-user-linger" ||
-        action.id == "org.freedesktop.login1.set-wall-message" ||
-        action.id == "org.freedesktop.login1.suspend" ||
-        action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
-        action.id == "org.freedesktop.login1.suspend-multiple-sessions"
-      ) {
-        return subject.active ? polkit.Result.AUTH_ADMIN : polkit.Result.NO;
-      };
-    });
-  '';
-}

nix-os/razer.nix

@@ -1,16 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
-  hardware.openrazer = {
-    enable = true;
-    users = [
-      "wroclaw"
-    ];
-  };
-#  users.groups.openrazer.members = [
-#    "wroclaw"
-#  ];
-  environment.systemPackages = with pkgs; [
-    openrazer-daemon
-    polychromatic
-  ];
-}

nix-os/services/nix-binary-cache.nix

@@ -1,8 +0,0 @@
-{
-  config = {
-    services.nix-serve = {
-      enable = true;
-      secretKeyFile = "/var/cache-priv-key.pem";
-    };
-  };
-}

nix-os/shell.nix

@@ -1,159 +0,0 @@
-{ config, pkgs, unstablePkgs, lib, ... }:
-
-let
-  rangerGit = pkgs.ranger.overrideAttrs (old: {
-    version = "git";
-    src = pkgs.fetchFromGitHub {
-      owner = "ranger";
-      repo = "ranger";
-      rev = "c7777d558d5b69843b21f986e9af1af311c83887";
-      hash = "sha256-DTVoEfc4dAaBTDLFujvWIYj5KHL89YknUiinIs9Rkeg=";
-    };
-    propagatedBuildInputs = with pkgs.python3Packages; [
-      # required for test suite, it's being ran during package build for some reason
-      flake8
-      pylint
-      pytest
-      setuptools
-    ] ++ old.propagatedBuildInputs;
-  });
-  aliasDrag = pkgs.writeScriptBin "drag" ''
-    ${unstablePkgs.ripdrag}/bin/ripdrag -Axd $@
-  '';
-in
-{
-  imports = [
-    ./unstable-packages.nix
-  ];
-  environment.systemPackages = with pkgs; [
-    aliasDrag
-    rangerGit
-    kitty
-    zoxide
-  ];
-
-  programs.bash.shellInit = ''
-    HISTCONTROL=ignoreboth
-  '';
-
-  programs.bash.interactiveShellInit = ''
-    HISTCONTROL=ignoreboth
-    if test -n "$KITTY_INSTALLATION_DIR"; then
-      export KITTY_SHELL_INTEGRATION="enabled,no-sudo"
-      source "$KITTY_INSTALLATION_DIR/shell-integration/bash/kitty.bash"
-    fi
-    eval "''$(zoxide init bash)"
-    alias bye=exit
-  '';
-
-  environment.etc."xdg/kitty/kitty.conf".text = ''
-    font_family MesloLGS Nerd Font
-    font_size 10.0
-    scrollback_lines 10000
-    window_border_width 0.5
-    window_padding_width 3
-    ${if config.services.xserver.desktopManager.gnome.enable then "hide_window_decorations yes" else ""}
-    background_opacity 0.8
-    dynamic_background_opacity yes
-
-    map kitty_mod+alt+c copy_ansi_to_clipboard
-  '';
-
-  environment.etc."ranger/rc.conf".text = ''
-    eval import os; fm.set_option_from_string("preview_images", "true") if "KITTY_INSTALLATION_DIR" in os.environ else None;
-    eval import os; fm.set_option_from_string("preview_images_method", "kitty") if "KITTY_INSTALLATION_DIR" in os.environ else None;
-    set vcs_aware true
-    set show_hidden true
-
-    alias drag shell ${unstablePkgs.ripdrag}/bin/ripdrag -Axd %p &
-    map <C-d> drag
-  '';
-
-  environment.etc."ranger/plugins/zoxide.py".source = pkgs.fetchFromGitHub {
-    owner = "jchook";
-    repo = "ranger-zoxide";
-    rev = "281828de060299f73fe0b02fcabf4f2f2bd78ab3";
-    hash = "sha256-JEuyYSVa1NS3aftezEJx/k19lwwzf7XhqBCL0jH6VT4=";
-  } + /__init__.py;
-
-  programs.direnv.enable = true;
-
-  programs.neovim = {
-    enable = true;
-    viAlias = true;
-    vimAlias = true;
-    configure = {
-      customRC = ''
-        set number
-        set hlsearch
-        set incsearch
-        set tabstop=4
-        set softtabstop=4
-        set shiftwidth=4
-        set expandtab
-        set autoindent
-        set updatetime=500
-
-        syntax on
-        set encoding=utf-8
-        set wildmode=longest,list,full
-        set listchars=space:·,tab:┄┄»
-        set indentkeys-=0#
-
-        " rainbow-delimeters-nvim
-        let g:rainbow_delimiters = {
-          \ 'strategy': {
-            \ ${"''"}: rainbow_delimiters#strategy.global,
-          \ },
-        \ }
-
-        " vim-gitguter
-        set signcolumn=yes
-        highlight SignColumn ctermbg=NONE
-        highlight GitGutterAdd ctermfg=2
-        highlight GitGutterChange ctermfg=4
-        highlight GitGutterDelete ctermfg=1
-
-        lua require('guess-indent').setup {}
-      '';
-      packages.myVimPackage = with pkgs.vimPlugins; {
-        start = [
-          guess-indent-nvim
-          vim-visual-multi
-          autoclose-nvim
-          rainbow-delimiters-nvim
-          vimagit
-          vim-gitgutter
-        ];
-      };
-    };
-  };
-
-  environment.variables = lib.mkIf config.programs.neovim.enable rec {
-    EDITOR = "/run/current-system/sw/bin/nvim";
-    VISUAL = EDITOR;
-  };
-
-  programs.starship = {
-    enable = true;
-    settings = {
-      format = "$all$line_break\${custom.ranger}$jobs$battery$time$status$os$container$shell$character";
-      directory = {
-        truncation_length = 5;
-        truncation_symbol = "…/";
-      };
-      hostname = {
-        ssh_only = false;
-      };
-      username = {
-        show_always = true;
-      };
-      status.disabled = false;
-      custom.ranger = {
-        when = "test $RANGER_LEVEL";
-        command = "echo \"✦\"";
-        style = "bold 208";
-      };
-    };
-  };
-}

nix-os/virtualization.nix

@@ -1,16 +0,0 @@
-
-{ lib, config, pkgs, ... }:
-
-{
-  #virtualisation.waydroid.enable = true;
-  programs.virt-manager.enable = true;
-  virtualisation.libvirtd = {
-    enable = true;
-    qemu.ovmf = {
-      enable = true;
-      packages = [
-        pkgs.OVMFFull.fd
-      ];
-    };
-  };
-}

nix-os/xdg-default-apps.nix

@@ -1,136 +0,0 @@
-{ ... }:
-
-{
-  xdg.mime.enable = true;
-  xdg.mime.defaultApplications = {
-    # Browser
-    "x-scheme-handler/http" = "vivaldi-stable.desktop";
-    "application/xhtml+xml" = "vivaldi-stable.desktop";
-    "text/html" = "vivaldi-stable.desktop";
-    "x-scheme-handler/https" = "vivaldi-stable.desktop";
-
-    # Audio
-    "audio/aiff" = "mpv.desktop";
-    "audio/basic" = "mpv.desktop";
-    "audio/it" = "mpv.desktop";
-    "audio/make" = "mpv.desktop";
-    "audio/make.my.funk" = "mpv.desktop";
-    "audio/mid" = "mpv.desktop";
-    "audio/midi" = "mpv.desktop";
-    "audio/mod" = "mpv.desktop";
-    "audio/mpeg" = "mpv.desktop";
-    "audio/mpeg3" = "mpv.desktop";
-    "audio/nspaudio" = "mpv.desktop";
-    "audio/s3m" = "mpv.desktop";
-    "audio/tsp-audio" = "mpv.desktop";
-    "audio/tsplayer" = "mpv.desktop";
-    "audio/vnd.qcelp" = "mpv.desktop";
-    "audio/voc" = "mpv.desktop";
-    "audio/voxware" = "mpv.desktop";
-    "audio/wav" = "mpv.desktop";
-    "audio/x-adpcm" = "mpv.desktop";
-    "audio/x-aiff" = "mpv.desktop";
-    "audio/x-au" = "mpv.desktop";
-    "audio/x-gsm" = "mpv.desktop";
-    "audio/x-jam" = "mpv.desktop";
-    "audio/x-liveaudio" = "mpv.desktop";
-    "audio/x-mid" = "mpv.desktop";
-    "audio/x-midi" = "mpv.desktop";
-    "audio/x-mod" = "mpv.desktop";
-    "audio/x-mpeg" = "mpv.desktop";
-    "audio/x-mpeg-3" = "mpv.desktop";
-    "audio/x-mpequrl" = "mpv.desktop";
-    "audio/x-nspaudio" = "mpv.desktop";
-    "audio/x-pn-realaudio" = "mpv.desktop";
-    "audio/x-pn-realaudio-plugin" = "mpv.desktop";
-    "audio/x-psid" = "mpv.desktop";
-    "audio/x-realaudio" = "mpv.desktop";
-    "audio/x-twinvq" = "mpv.desktop";
-    "audio/x-twinvq-plugin" = "mpv.desktop";
-    "audio/x-vnd.audioexplosion.mjuicemediafile" = "mpv.desktop";
-    "audio/x-voc" = "mpv.desktop";
-    "audio/x-wav" = "mpv.desktop";
-    "audio/xm" = "mpv.desktop";
-
-    # Video
-    "video/animaflex" = "mpv.desktop";
-    "video/avi" = "mpv.desktop";
-    "video/avs-video" = "mpv.desktop";
-    "video/dl" = "mpv.desktop";
-    "video/fli" = "mpv.desktop";
-    "video/gl" = "mpv.desktop";
-    "video/mpeg" = "mpv.desktop";
-    "video/msvideo" = "mpv.desktop";
-    "video/quicktime" = "mpv.desktop";
-    "video/vdo" = "mpv.desktop";
-    "video/vivo" = "mpv.desktop";
-    "video/vnd.rn-realvideo" = "mpv.desktop";
-    "video/vnd.vivo" = "mpv.desktop";
-    "video/vosaic" = "mpv.desktop";
-    "video/x-amt-demorun" = "mpv.desktop";
-    "video/x-amt-showrun" = "mpv.desktop";
-    "video/x-atomic3d-feature" = "mpv.desktop";
-    "video/x-dl" = "mpv.desktop";
-    "video/x-dv" = "mpv.desktop";
-    "video/x-fli" = "mpv.desktop";
-    "video/x-gl" = "mpv.desktop";
-    "video/x-isvideo" = "mpv.desktop";
-    "video/x-motion-jpeg" = "mpv.desktop";
-    "video/x-mpeg" = "mpv.desktop";
-    "video/x-mpeq2a" = "mpv.desktop";
-    "video/x-ms-asf" = "mpv.desktop";
-    "video/x-ms-asf-plugin" = "mpv.desktop";
-    "video/x-msvideo" = "mpv.desktop";
-    "video/x-qtc" = "mpv.desktop";
-    "video/x-scm" = "mpv.desktop";
-    "video/x-sgi-movie" = "mpv.desktop";
-
-    # Image
-    "image/bmp" = "org.gnome.Loupe.desktop";
-    "image/cmu-raster" = "org.gnome.Loupe.desktop";
-    "image/fif" = "org.gnome.Loupe.desktop";
-    "image/florian" = "org.gnome.Loupe.desktop";
-    "image/g3fax" = "org.gnome.Loupe.desktop";
-    "image/gif" = "org.gnome.Loupe.desktop";
-    "image/ief" = "org.gnome.Loupe.desktop";
-    "image/jpeg" = "org.gnome.Loupe.desktop";
-    "image/jutvision" = "org.gnome.Loupe.desktop";
-    "image/naplps" = "org.gnome.Loupe.desktop";
-    "image/pict" = "org.gnome.Loupe.desktop";
-    "image/pjpeg" = "org.gnome.Loupe.desktop";
-    "image/png" = "org.gnome.Loupe.desktop";
-    "image/tiff" = "org.gnome.Loupe.desktop";
-    "image/vasa" = "org.gnome.Loupe.desktop";
-    "image/vnd.dwg" = "org.gnome.Loupe.desktop";
-    "image/vnd.fpx" = "org.gnome.Loupe.desktop";
-    "image/vnd.net-fpx" = "org.gnome.Loupe.desktop";
-    "image/vnd.rn-realflash" = "org.gnome.Loupe.desktop";
-    "image/vnd.rn-realpix" = "org.gnome.Loupe.desktop";
-    "image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop";
-    "image/vnd.xiff" = "org.gnome.Loupe.desktop";
-    "image/x-cmu-raster" = "org.gnome.Loupe.desktop";
-    "image/x-dwg" = "org.gnome.Loupe.desktop";
-    "image/x-icon" = "org.gnome.Loupe.desktop";
-    "image/x-jg" = "org.gnome.Loupe.desktop";
-    "image/x-jps" = "org.gnome.Loupe.desktop";
-    "image/x-niff" = "org.gnome.Loupe.desktop";
-    "image/x-pcx" = "org.gnome.Loupe.desktop";
-    "image/x-pict" = "org.gnome.Loupe.desktop";
-    "image/x-portable-anymap" = "org.gnome.Loupe.desktop";
-    "image/x-portable-bitmap" = "org.gnome.Loupe.desktop";
-    "image/x-portable-graymap" = "org.gnome.Loupe.desktop";
-    "image/x-portable-greymap" = "org.gnome.Loupe.desktop";
-    "image/x-portable-pixmap" = "org.gnome.Loupe.desktop";
-    "image/x-quicktime" = "org.gnome.Loupe.desktop";
-    "image/x-rgb" = "org.gnome.Loupe.desktop";
-    "image/x-tiff" = "org.gnome.Loupe.desktop";
-    "image/x-windows-bmp" = "org.gnome.Loupe.desktop";
-    "image/x-xbitmap" = "org.gnome.Loupe.desktop";
-    "image/x-xbm" = "org.gnome.Loupe.desktop";
-    "image/x-xpixmap" = "org.gnome.Loupe.desktop";
-    "image/x-xwd" = "org.gnome.Loupe.desktop";
-    "image/x-xwindowdump" = "org.gnome.Loupe.desktop";
-    "image/xbm" = "org.gnome.Loupe.desktop";
-    "image/xpm" = "org.gnome.Loupe.desktop";
-  };
-}

nixos/hosts/main/cryptocurrency.nix

@@ -0,0 +1,57 @@
+{
+  inputs,
+  ...
+}:
+
+{
+  imports = [
+    "${inputs.nix-bitcoin}/modules/modules.nix"
+  ];
+
+  config = {
+
+    services.bitcoind = {
+      enable = true;
+      listen = true;
+      txindex = true;
+      disablewallet = true;
+      extraConfig = ''
+        coinstatsindex=1
+        maxmempool=2048
+        persistmempool=1
+      '';
+      tor.proxy = true;
+      rpc.address = "0.0.0.0";
+      rpc.allowip = [
+        "10.0.0.0/8"
+        "172.16.0.0/12"
+        "192.168.0.0/16"
+      ];
+    };
+
+    services.electrs = {
+      enable = true;
+    };
+
+    services.monero = {
+      enable = true;
+      extraConfig = ''
+        proxy=127.0.0.1:9050
+        igd=disabled
+      '';
+    };
+
+    services.tor.client.enable = true;
+
+    nix-bitcoin = {
+      onionServices = {
+        bitcoind = {
+          public = true;
+        };
+      };
+      generateSecrets = true;
+      secretsDir = "/var/nix-bitcoin";
+      configVersion = "0.0.121";
+    };
+  };
+}

nixos/hosts/main/default.nix

@@ -0,0 +1,98 @@
+{
+  inputs,
+  config,
+  pkgs,
+  self,
+  ...
+}:
+
+{
+  imports = [
+    ../../modules/core.nix
+    ../../modules/core-desktop.nix
+    ../../modules/nvidia.nix
+    ../../modules/docker.nix
+    ../../modules/razer.nix
+    ../../modules/desktopManagers/cosmic.nix
+    ../../modules/displayManagers/cosmic-greeter.nix
+    ../../modules/shell.nix
+    ../../modules/virtualization.nix
+    ../../modules/polkit/disable-shutdown.nix
+    ../../modules/locale.nix
+    ../../modules/adb.nix
+    ../../modules/account.nix
+    ../../modules/services/nix-binary-cache.nix
+    ../../modules/udev.nix
+    ../../modules/gnupg.nix
+
+    "${inputs.nixos-vscode-server}"
+
+    ./cryptocurrency.nix
+  ];
+
+  config = {
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    networking.hostName = "wroclaw-main";
+
+    services.printing.drivers = with pkgs; [
+      hplip
+    ];
+
+    nixpkgs.overlays = [
+      self.overlays.cosmicPackages
+    ];
+    nixpkgs.config = {
+      cudaSupport = true;
+    };
+
+    # nixos-vscode-server module needs this
+    programs.nix-ld.enable = true;
+    services.vscode-server = {
+      enable = true;
+      extraRuntimeDependencies = with pkgs; [
+        docker
+      ];
+    };
+
+    services.pipewire.wireplumber.configPackages = [(
+      pkgs.stdenvNoCC.mkDerivation {
+        name = "wireplumber-config";
+        src = ./wireplumber;
+        phases = [ "installPhase" ];
+        installPhase = ''
+          mkdir -p $out/share/wireplumber/wireplumber.conf.d
+          cp -r $src/* $out/share/wireplumber/wireplumber.conf.d
+        '';
+      }
+    )];
+
+    services.printing.startWhenNeeded = false;
+
+    # rgb control for razer, graphics card and motherboard
+    hardware.i2c.enable = true;
+    services.hardware.openrgb.enable = true;
+
+    services.ollama = {
+      enable = true;
+      port = 1434;
+      acceleration = "cuda";
+      package = pkgs.unstable.ollama;
+      host = "0.0.0.0";
+    };
+
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+    };
+
+    environment.sessionVariables = {
+      OLLAMA_HOST = "127.0.0.1:${builtins.toString config.services.ollama.port}";
+    };
+
+    nixpkgs.hostPlatform = "x86_64-linux";
+
+    system.stateVersion = "24.11";
+  };
+}

nixos/hosts/tablet.nix

@@ -0,0 +1,60 @@
+{
+  self,
+  ...
+}:
+
+{
+  imports = [
+    ../modules/core.nix
+    ../modules/core-desktop.nix
+    ../modules/account.nix
+    ../modules/adb.nix
+    ../modules/locale.nix
+    ../modules/shell.nix
+    ../modules/gnupg.nix
+    ../modules/polkit/network.nix
+
+    ../modules/desktopManagers/cosmic.nix
+    ../modules/displayManagers/cosmic-greeter.nix
+    ../modules/udev.nix
+  ];
+
+  config = {
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    networking.hostName = "wroclaw-hp";
+    networking.networkmanager.enable = true;
+    networking.firewall.enable = true;
+    hardware.sensor.iio.enable = true;
+
+    nixpkgs.overlays = [
+      self.overlays.cosmicPackages
+    ];
+
+    networking.firewall.allowedTCPPortRanges = [
+      # KDE Connect
+      rec { from = 1714; to = from + 50; }
+    ];
+
+    networking.firewall.allowedUDPPortRanges = [
+      # KDE Connect
+      rec { from = 1714; to = from + 50; }
+    ];
+
+    services.logind = {
+      powerKey = "suspend";
+      powerKeyLongPress = "poweroff";
+      suspendKey = "suspend-then-hibernate";
+      suspendKeyLongPress = "hibernate";
+      lidSwitch = "lock";
+      lidSwitchDocked = "ignore";
+      lidSwitchExternalPower = "lock";
+    };
+
+    nixpkgs.hostPlatform = "x86_64-linux";
+
+    system.stateVersion = "24.11";
+  };
+}
+

nixos/hosts/vm-base.nix

@@ -0,0 +1,25 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [
+    "${modulesPath}/virtualisation/qemu-vm.nix"
+    ../modules/account.nix
+    ../modules/core.nix
+    ../modules/core-desktop.nix
+    ../modules/locale.nix
+    ../modules/polkit/disable-shutdown.nix
+    ../modules/shell.nix
+    ../modules/udev.nix
+  ];
+
+  config = {
+    services.syncthing.enable = lib.mkForce false;
+    virtualisation = {
+      memorySize = 4096;
+    };
+    virtualisation.forwardPorts = [
+      { from = "host"; host.port = 2222; guest.port = 22; }
+    ];
+    nixpkgs.hostPlatform = "x86_64-linux";
+  };
+}

nixos/hosts/vm-cosmic.nix

@@ -3,8 +3,8 @@
 {
   imports = [
     ./vm-base.nix
-    ../nix-os/desktopManagers/cosmic.nix
-    ../nix-os/displayManagers/cosmic-greeter.nix
+    ../modules/desktopManagers/cosmic.nix
+    ../modules/displayManagers/cosmic-greeter.nix
   ];
 
   config = {

nixos/hosts/vm-gnome.nix

@@ -0,0 +1,9 @@
+{ lib, ... }:
+
+{
+  imports = [
+    ./vm-base.nix
+    ../modules/desktopManagers/gnome.nix
+    ../modules/displayManagers/gdm.nix
+  ];
+}

nixos/modules/account.nix

@@ -0,0 +1,49 @@
+{ config, lib, pkgs, unstablePkgs, ... }:
+
+{
+  imports = [
+    ./unstable-packages.nix
+  ];
+  config = {
+    users.users.wroclaw = {
+      isNormalUser = true;
+      description = "Rafał";
+      group = "wroclaw";
+      extraGroups = [
+        "users"
+        "wheel"
+      ] ++ lib.optional config.programs.adb.enable "adbusers";
+      linger = true;
+      initialPassword = "nixos";
+      packages = with pkgs; [
+        firefox
+        (vivaldi.override {
+          proprietaryCodecs = true;
+          commandLineArgs = [ "--ozone-platform=wayland" ];
+        })
+        vesktop
+        unstablePkgs.vscode
+        gimp3
+        inkscape
+        jitsi-meet-electron
+        krita
+        telegram-desktop
+        unstablePkgs.zettlr
+      ];
+    };
+    users.groups.wroclaw.gid = 1000;
+
+    programs.steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+    };
+
+    services.syncthing = {
+      enable = true;
+      user = "wroclaw";
+      group = "wroclaw";
+      dataDir = "/home/wroclaw";
+      configDir = "/home/wroclaw/.config/syncthing";
+    };
+  };
+}

nixos/modules/core-desktop.nix

@@ -0,0 +1,176 @@
+{config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./generic/mpv.nix
+    ./xdg-default-apps.nix
+  ];
+  config = {
+    services.printing.enable = true;
+
+    services.pulseaudio.enable = false;
+    security.rtkit.enable = true;
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+
+      # Enable audio interfaces renaming
+      wireplumber.enable = true;
+      wireplumber.extraConfig = {
+        "dont-switch-device-profiles"."wireplumber.settings"."bluetooth.autoswitch-to-headset-profile" = false;
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      kdePackages.kdeconnect-kde
+      pcmanfm
+      pwvucontrol
+      qimgv
+    ];
+
+    programs.mpv = let
+      fetchMpvScript = {url, hash, scriptName}: pkgs.fetchurl {
+        inherit url hash;
+        name = "mpv-script-${scriptName}";
+        recursiveHash = true;
+        downloadToTemp = true;
+        postFetch = ''
+          mkdir -p $out/share/mpv/scripts
+          mv $downloadedFile $out/share/mpv/scripts/${scriptName}
+        '';
+        passthru.scriptName = scriptName;
+      };
+    in {
+      enable = true;
+      scripts = [
+        pkgs.mpvScripts.sponsorblock
+        pkgs.mpvScripts.mpris
+      ] ++ lib.map (script: fetchMpvScript {
+        url = "https://raw.githubusercontent.com/occivink/mpv-scripts/d0390c8e802c2e888ff4a2e1d5e4fb040f855b89/scripts/${script.name}";
+        hash = script.hash;
+        scriptName = script.name;
+      }) [
+        { name = "crop.lua"; hash = "sha256-/uaTCtV8Aanvnxrt8afBbO4uu2xp8Ec6DxApMb+fg2s="; }
+        { name = "encode.lua"; hash = "sha256-yK/DV0cpGhl4Uobl7xA1myZiECJpsShrHnsJftBqzAY="; }
+      ];
+      settings = {
+        mpv = {
+          keep-open = "yes";
+          volume = "40";
+          osd-fractions = "yes";
+          background = "none";
+          border = "no";
+        };
+        input = lib.mkMerge [
+          # mpv core
+          ''
+            Alt+1 set window-scale 0.125
+            Alt+2 set window-scale 0.25
+            Alt+3 set window-scale 0.5
+            Alt+4 set window-scale 1
+            Alt+5 set window-scale 2
+          ''
+          # crop.lua
+          ''
+            c script-message-to crop start-crop hard
+            alt+c script-message-to crop start-crop soft
+            ctrl+shift+c script-message-to crop start-crop delogo
+            C script-message-to crop toggle-crop hard
+          ''
+          # encode.lua
+          ''
+            b script-message-to encode encode_default
+            alt+b script-message-to encode set-timestamp encode_default
+          ''
+        ];
+        script-opts = {
+          "encode_default.conf" = {
+            only_active_tracks = "no";
+            preserve_filters = "yes";
+            append_filder = "";
+            codec = "";
+            output_format = "$f_$n.$x";
+            output_dir = "/tmp";
+            detached = "no";
+            ffmpeg_command = lib.getExe pkgs.ffmpeg;
+          };
+        };
+      };
+    };
+
+    # Fonts
+    fonts.packages = with pkgs; [
+      corefonts
+      nerd-fonts.meslo-lg
+      roboto
+    ];
+
+    # Pcmanfm configuration
+    environment.etc."xdg/pcmanfm/default/pcmanfm.conf".text = ''
+      [config]
+      bm_open_method=0
+
+      [volume]
+      mount_on_startup=0
+      mount_removable=0
+      autorun=0
+
+      [ui]
+      always_show_tabs=1
+      max_tab_chars=32
+      media_in_new_tab=0
+      desktop_folder_new_win=0
+      change_tab_on_drop=1
+      close_on_unmount=1
+      focus_previous=1
+      side_pane_mode=places
+      view_mode=list
+      show_hidden=1
+      sort=name;ascending;
+      toolbar=newwin;newtab;navigation;home;
+      show_statusbar=1
+      pathbar_mode_buttons=0
+    '';
+
+    environment.etc."xdg/libfm/libfm.conf".text = ''
+      [config]
+      single_click=0
+      use_trash=1
+      confirm_del=1
+      confirm_trash=1
+      advanced_mode=0
+      si_unit=0
+      force_startup_notify=1
+      backup_as_hidden=1
+      no_usb_trash=1
+      no_child_non_expandable=0
+      show_full_names=0
+      only_user_templates=0
+      drop_default_action=auto
+      terminal=${lib.optionalString (lib.elem pkgs.kitty config.environment.systemPackages) "kitty"}
+      archiver=file-roller
+      thumbnail_local=1
+      thumbnail_max=16384
+
+      [ui]
+      big_icon_size=48
+      small_icon_size=16
+      pane_icon_size=16
+      thumbnail_size=128
+      show_thumbnail=1
+      shadow_hidden=1
+
+      [places]
+      places_home=1
+      places_desktop=1
+      places_root=1
+      places_computer=1
+      places_trash=1
+      places_applications=1
+      places_network=1
+      places_unmounted=1
+    '';
+  };
+}

nixos/modules/core.nix

@@ -0,0 +1,93 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+{
+  imports = [
+    ./module-overrides.nix
+    ./nix.nix
+  ];
+  config = {
+
+    # kernel
+    boot.kernelPackages = pkgs.linuxPackages_latest;
+
+    # Enable networking
+    networking.networkmanager.enable = true;
+
+    # Allow unfree packages
+    nixpkgs.config.allowUnfree = true;
+    nix = {
+      channel.enable = false;
+      settings = {
+        auto-optimise-store = true;
+        experimental-features = [
+          "no-url-literals"
+        ];
+      };
+      nixPath = [
+        "nixpkgs=${pkgs.selfExpr { useConfig = false; }}"
+        "systemNixpkgs=${pkgs.selfExpr { useConfig = true; name = "systemNixpkgs-self"; }}"
+        # don't garbage collect the nixpkgs input
+        "inputsNixpkgs=${inputs.nixpkgs}"
+        "nixos-system=/etc/nixos/default.nix"
+      ];
+    };
+
+    # List packages installed in system profile. To search, run:
+    # $ nix search wget
+    environment.systemPackages = with pkgs; [
+      waypipe
+      wget
+      ffmpeg
+      yt-dlp
+      htop
+      btop
+      fastfetch
+      smartmontools
+      ddrescue
+    ];
+    programs.git.enable = true;
+    programs.git.config = {
+      commit.verbose = true;
+      init.defaultBranch = "main";
+      merge.conflictstyle = "diff3";
+      rerere.enabled = true;
+    };
+
+    # Use nix-index for command-not-found handler
+    programs.command-not-found.enable = false;
+    programs.nix-index = {
+      package = pkgs.nix-index.override {
+        nix-index-unwrapped = pkgs.nix-index-unwrapped.overrideAttrs (oldAttrs: {
+          patches = oldAttrs.patches or [] ++ [
+            ( builtins.path { path = "${self}/pkgs/by-name/ni/nix-index/cnfOutput.patch"; } )
+          ];
+        });
+
+      };
+      enable = true;
+      enableBashIntegration = true;
+    };
+
+    # Enable fail2ban because of the OpenSSH server
+    services.fail2ban = {
+      enable = true;
+      maxretry = 10;
+      bantime = "7d";
+    };
+
+    # Enable the OpenSSH daemon.
+    services.openssh = {
+      enable = true;
+      ports = [
+        22
+        8022
+      ];
+    };
+  };
+}

nixos/modules/dconf-common.nix

@@ -59,18 +59,17 @@
           "workspace-indicator@gnome-shell-extensions.gcampax.github.com"
           "Vitals@CoreCoding.com"
           "trayIconsReloaded@selfmade.pl"
-          "places-menu@gnome-shell-extensions.gcampax.github.com"
-          "apps-menu@gnome-shell-extensions.gcampax.github.com"
           "top-bar-organizer@julian.gse.jsts.xyz"
           "color-picker@tuberry"
         ];
         favorite-apps = [
           "kitty.desktop"
+          "pcmanfm.desktop"
           "vivaldi-stable.desktop"
           "code.desktop"
           "org.gnome.Nautilus.desktop"
           "steam.desktop"
-          "pavucontrol.desktop"
+          "com.saivert.pwvucontrol.desktop"
         ];
       };
 
@@ -92,6 +91,7 @@
         active-hint-border-radius = mkUint32 1;
         gap-inner = mkUint32 2;
         gap-outer = mkUint32 1;
+        hint-color-rgba = "rgb(161,192,235)";
         show-skip-taskbar = true;
         show-title = true;
         smart-gaps = false;

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicAppList/v1/enable_drag_source

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicAppList/v1/favorites

@@ -0,0 +1,11 @@
+[
+    "kitty",
+    "vivaldi-stable",
+    "pcmanfm",
+    "code",
+    "steam",
+    "vesktop",
+    "org.telegram.desktop",
+    "jitsi-meet-electron",
+    "com.saivert.pwvucontrol",
+]

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicAppList/v1/filter_top_levels

@@ -0,0 +1 @@
+None

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicAppletTime/v1/military_time

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicAppletTime/v1/show_seconds

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicBackground/v1/all

@@ -0,0 +1,9 @@
+(
+    output: "all",
+    source: Path("@wallpaper@"),
+    filter_by_theme: true,
+    rotation_frequency: 300,
+    filter_method: Lanczos,
+    scaling_mode: Zoom,
+    sampling_method: Alphanumeric,
+)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicBackground/v1/same-on-all

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicComp/v1/autotile

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicComp/v1/autotile_behavior

@@ -0,0 +1 @@
+PerWorkspace

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicComp/v1/focus_follows_cursor

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicComp/v1/focus_follows_cursor_delay

@@ -0,0 +1 @@
+50

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicComp/v1/workspaces

@@ -0,0 +1,4 @@
+(
+    workspace_mode: OutputBound,
+    workspace_layout: Horizontal,
+)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicFiles/v1/desktop

@@ -0,0 +1,5 @@
+(
+    show_content: false,
+    show_mounted_drives: false,
+    show_trash: false,
+)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/anchor

@@ -0,0 +1 @@
+Bottom

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/anchor_gap

@@ -0,0 +1 @@
+false

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/autohide

@@ -0,0 +1,5 @@
+Some((
+    wait_time: 1000,
+    transition_time: 200,
+    handle_size: 4,
+))

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/border_radius

@@ -0,0 +1 @@
+@corner_radii_panel@

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/exclusive_zone

@@ -0,0 +1 @@
+false

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/layer

@@ -0,0 +1 @@
+Top

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/plugins_center

@@ -0,0 +1,5 @@
+Some([
+    "com.system76.CosmicAppList",
+    "com.system76.CosmicAppletMinimize",
+    "com.system76.CosmicPanelAppButton",
+])

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Dock/v1/plugins_wings

@@ -0,0 +1 @@
+None

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Panel/v1/anchor

@@ -0,0 +1 @@
+Top

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Panel/v1/anchor_gap

@@ -0,0 +1 @@
+false

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Panel/v1/layer

@@ -0,0 +1 @@
+Top

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Panel/v1/plugins_center

@@ -0,0 +1,3 @@
+Some([
+    "com.system76.CosmicAppletTime",
+])

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicPanel.Panel/v1/plugins_wings

@@ -0,0 +1,14 @@
+Some(([
+    "com.system76.CosmicPanelAppButton",
+    "com.system76.CosmicAppletWorkspaces",
+], [
+    "com.system76.CosmicAppletStatusArea",
+    "com.system76.CosmicAppletInputSources",
+    "com.system76.CosmicAppletTiling",
+    "com.system76.CosmicAppletAudio",
+    "com.system76.CosmicAppletNetwork",
+    "com.system76.CosmicAppletBattery",
+    "com.system76.CosmicAppletNotifications",
+    "com.system76.CosmicAppletBluetooth",
+    "com.system76.CosmicAppletPower",
+]))

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicSettings.Shortcuts/v1/custom

@@ -0,0 +1,36 @@
+{
+    (
+        modifiers: [
+            Ctrl,
+            Alt,
+        ],
+        key: "t",
+        description: Some("Open terminal"),
+    ): Spawn("kitty"),
+    (
+        modifiers: [
+            Super,
+            Shift,
+        ],
+        key: "s",
+    ): System(Screenshot),
+    (
+        modifiers: [
+            Super,
+            Ctrl,
+        ],
+        key: "l",
+    ): System(LockScreen),
+    (
+        modifiers: [
+            Super,
+        ],
+    ): System(Launcher),
+    (
+        modifiers: [
+            Super,
+            Alt,
+        ],
+        key: "g",
+    ): ToggleSticky,
+}

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Dark/v1/active_hint

@@ -0,0 +1 @@
+2

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Dark/v1/corner_radii

@@ -0,0 +1,8 @@
+(
+    radius_0: (0.0, 0.0, 0.0, 0.0),
+    radius_xs: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_s: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_m: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_l: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_xl: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Dark/v1/gaps

@@ -0,0 +1 @@
+(0, 4)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Light/v1/active_hint

@@ -0,0 +1 @@
+2

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Light/v1/corner_radii

@@ -0,0 +1,8 @@
+(
+    radius_0: (0.0, 0.0, 0.0, 0.0),
+    radius_xs: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_s: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_m: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_l: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+    radius_xl: (@corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@, @corner_radii_theme@),
+)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Light/v1/gaps

@@ -0,0 +1 @@
+(0, 4)

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTheme.Mode/v1/is_dark

@@ -0,0 +1 @@
+true

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTk/v1/show_maximize

@@ -0,0 +1 @@
+false

nixos/modules/desktopManagers/cosmic-config/com.system76.CosmicTk/v1/show_minimize

@@ -0,0 +1 @@
+false

nixos/modules/desktopManagers/cosmic.nix

@@ -0,0 +1,67 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+let
+  cosmic-configuration = pkgs.stdenv.mkDerivation {
+    name = "cosmic-configuration";
+    src = ./cosmic-config;
+    outputs = [ "out" "share" ];
+    dontConfigure = true;
+    buildPhase = ''
+      for file in $(find . -type f); do
+        substituteInPlace "$file" \
+          --subst-var-by wallpaper "${builtins.path { path = "${self}/media/wallpaper.png"; }}" \
+          --subst-var-by corner_radii_theme "2.0" \
+          --subst-var-by corner_radii_panel "2"
+      done
+    '';
+    installPhase = ''
+      mkdir -p $out $share/share/cosmic
+      cp -r ./* $out/
+      cp -r ./* $share/share/cosmic/
+    '';
+  };
+in
+
+{
+  imports = [
+    "${inputs.cosmic-modules}/nixos/cosmic/module.nix"
+    "${self}/nixos/modules/generic/dconf.nix"
+  ];
+  config = {
+    services.desktopManager.cosmic.enable = true;
+    environment.cosmic.excludePackages = with pkgs; [
+      cosmic-edit
+      cosmic-player
+      cosmic-term
+    ];
+    environment.systemPackages = with pkgs; [
+      (lib.hiPrio cosmic-configuration.share)
+      google-cursor
+    ];
+    services.gnome.gnome-keyring.enable = true;
+
+    proot.dconf = {
+      rules."org/gnome/desktop/interface".cursor-theme = "GoogleDot-White";
+      profiles.user.rulesToApply = [
+        "org/gnome/desktop/interface"
+      ];
+    };
+
+    environment.sessionVariables = {
+      XCURSOR_SIZE = "16";
+      XCURSOR_THEME = "GoogleDot-White";
+    };
+
+    environment.etc."xdg/gtk-3.0/settings.ini".text = ''
+      [Settings]
+      gtk-cursor-theme-name=GoogleDot-White
+      gtk-application-prefer-dark-theme=true
+    '';
+  };
+}

nixos/modules/desktopManagers/gnome.nix

@@ -68,6 +68,7 @@ in
       gnome.seahorse
       gnome.totem
       gnome.yelp
+      gnome.nautilus
     ];
 
     environment.systemPackages = with pkgs; [
@@ -79,9 +80,14 @@ in
       gnomeExtensions.top-bar-organizer
       # unstablePkgs.gnomeExtensions.translate-indicator
       # translate-shell
-      pavucontrol
-      #FIXME: Apply the cursor theme also in GTK3 config
       google-cursor
     ];
+
+    environment.etc."xdg/gtk-3.0/settings.ini".text = ''
+      [Settings]
+      gtk-cursor-theme-name=${config.proot.dconf.rules."org/gnome/desktop/interface".cursor-theme}
+    '' + lib.optionalString (lib.hasInfix "dark" config.proot.dconf.rules."org/gnome/desktop/interface".color-scheme) ''
+      gtk-application-prefer-dark-theme=true
+    '';
   };
 }

nixos/modules/docker.nix

@@ -0,0 +1,41 @@
+{ lib, config, pkgs, ... }:
+
+{
+  config = {
+    virtualisation.docker = {
+      enable = true;
+      enableOnBoot = true;
+      storageDriver = if config.fileSystems."/".fsType == "btrfs" then "btrfs" else null;
+      rootless.enable = true;
+      rootless.setSocketVariable = true;
+      daemon.settings = {
+        default-address-pools = [
+          {base = "10.64.0.0/10"; size = 24;}
+        ];
+        bip = "10.127.0.1/16";
+      };
+    };
+    users.users.indocker = {
+      isSystemUser = true;
+      hashedPassword = "!";
+      uid = 900;
+      group = "indocker";
+    };
+    users.groups.indocker = {
+      gid = 900;
+    };
+    environment.systemPackages = with pkgs; [
+      docker-compose
+    ];
+
+    # Docker enables firewall anyway, let's enable the firewall for it if it's disabled
+    # TODO: Apply only when config.networking.firewall is false
+    networking.firewall = {
+      enable = lib.mkOverride 90 true;
+      allowedTCPPorts = lib.mkOverride 90 [];
+      allowedUDPPorts = lib.mkOverride 90 [];
+      allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
+      allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
+    };
+  };
+}

nixos/modules/generic/dconf.nix

@@ -10,12 +10,12 @@ let
       rulesToApply = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         default = lib.attrNames cfg.rules;
-        description = lib.mdDoc "A list of rules keys to apply for profile";
+        description = "A list of rules keys to apply for profile";
       };
       extraRules = lib.mkOption {
         type = lib.types.attrs;
         default = {};
-        description = lib.mdDoc "An attrset of additional dconf rules to apply ontop of selected";
+        description = "An attrset of additional dconf rules to apply ontop of selected";
       };
     };
   };
@@ -31,12 +31,12 @@ in
     rules = lib.mkOption {
       type = lib.types.attrs;
       default = {};
-      description = lib.mdDoc "An attrset of dconf rules to pull from";
+      description = "An attrset of dconf rules to pull from";
     };
     profiles = lib.mkOption {
       type = lib.types.attrsOf profileOpts;
       default = {};
-      description = lib.mdDoc "An attret of profiles to create, with pulled rules";
+      description =  "An attret of profiles to create, with pulled rules";
     };
   };
 

nixos/modules/generic/mpv.nix

@@ -0,0 +1,91 @@
+{config, lib, options, pkgs, ...  }:
+
+let
+  cfg = config.programs.mpv;
+  opts = options.programs.mpv;
+
+  toMpvIniString = attrset: lib.pipe attrset [
+    (lib.mapAttrsToList (name: value: "${name}=${value}"))
+    (lib.concatStringsSep "\n")
+  ];
+
+  configDir = pkgs.symlinkJoin {
+    name = "mpv-config-dir";
+    paths = lib.optional opts.settings.mpv.isDefined (pkgs.writeTextFile {
+      name = "mpv-config-dir-mpv.conf";
+      destination = "/share/mpv/mpv.conf";
+      text = toMpvIniString cfg.settings.mpv;
+    }) ++ lib.optional opts.settings.input.isDefined (pkgs.writeTextFile {
+      name = "mpv-config-dir-input.conf";
+      destination = "/share/mpv/input.conf";
+      text = cfg.settings.input;
+    }) ++ lib.mapAttrsToList (filename: opts: pkgs.writeTextFile {
+      name = "mpv-config-dir-script-opts-${filename}";
+      destination = "/share/mpv/script-opts/${filename}";
+      text = toMpvIniString opts;
+    }) cfg.settings.script-opts;
+  };
+
+  wrappedMpv = cfg.package.wrapper {
+    mpv = cfg.package;
+    youtubeSupport = cfg.youtubeSupport;
+    scripts = cfg.scripts;
+    extraMakeWrapperArgs = lib.optionals (lib.any (x: x) [
+      opts.settings.mpv.isDefined
+      opts.settings.input.isDefined
+      (lib.length (lib.attrNames cfg.settings.script-opts) > 0)
+    ]) [
+      "--add-flags" "--config-dir='${configDir}/share/mpv'"
+    ];
+  };
+in
+{
+  options.programs.mpv = {
+    enable = lib.mkEnableOption "mpv";
+    package = lib.mkPackageOption pkgs "mpv-unwrapped" {};
+    scripts = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      default = [];
+    };
+    youtubeSupport = lib.mkEnableOption "yt-dlp support for mpv" // {
+      default = true;
+    };
+    settings = let
+      mpvini = lib.types.attrsOf lib.types.str;
+    in {
+      script-opts = lib.mkOption {
+        type = lib.types.attrsOf mpvini;
+        default = {};
+        example = {
+          "crop.conf".draw_crosshair = "yes";
+        };
+        description = ''
+          A map of script options for mpv scripts.
+          The key is the filename of the script, and the value is a map of options.
+        '';
+      };
+      input = lib.mkOption {
+        type = lib.types.separatedString "\n";
+        example = ''
+          Alt+1 set window-scale 0.125
+        '';
+        description = ''
+          A list of input commands to be added to the input.conf file.
+        '';
+      };
+      mpv = lib.mkOption {
+        type = mpvini;
+        example = {
+          keep-open = "yes";
+          osd-fractions = "yes";
+        };
+        description = ''
+          A map of mpv options.
+        '';
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ wrappedMpv ];
+  };
+}

nixos/modules/gnupg.nix

@@ -5,11 +5,15 @@
     # Use pcscd for smartcard support
     services.pcscd.enable = true;
 
-    environment.systemPackages = [(
-      pkgs.gnupg.overrideAttrs (superAttrs: {
+    programs.gnupg = {
+      package = pkgs.gnupg.overrideAttrs (superAttrs: {
         configureFlags = superAttrs.configureFlags or []
           ++ [ "--disable-ccid-driver" ];
-      })
-    )];
+      });
+      agent = {
+        enable = true;
+        pinentryPackage = pkgs.pinentry-qt;
+      };
+    };
   };
 }

nixos/modules/locale.nix

@@ -1,5 +1,3 @@
-{ ... }:
-
 {
   config = {
     # Set your time zone.

nixos/modules/module-overrides.nix

@@ -0,0 +1,43 @@
+{
+  lib,
+  modulesPath,
+  ...
+}:
+
+let
+  moduleOverrides = [
+    # NIXPKGS-PR: 359882
+    {
+      disabledModules = [
+        "${modulesPath}/system/boot/luksroot.nix"
+      ];
+      replacementModules = [(builtins.fetchurl {
+          url = "https://raw.githubusercontent.com/amozeo/nixpkgs/728d5806fe6f975ba3843297332d12e13119fe86/nixos/modules/system/boot/luksroot.nix";
+          sha256 = "0s2k8k6rrlwn2zb02q6fkvswln8w4hvh02hm4krqvkh46amyasyy";
+      })];
+    }
+    # NIXPKGS-PR: 394300
+    {
+      disabledModules = [
+        "${modulesPath}/hardware/openrazer.nix"
+      ];
+      replacementModules = [
+        (builtins.fetchurl {
+          url = "https://raw.githubusercontent.com/NixOS/nixpkgs/4a11562c20fbe7af7d5ac139dbf0f8d50ce276f6/nixos/modules/hardware/openrazer.nix";
+          sha256 = "0n6kzrcwlmxgws4pmffyqagp2rxpfxmfjl11vgvlkjcbglg6fs7y";
+        })
+      ];
+    }
+  ];
+
+  toModule = entry: {
+    imports = entry.replacementModules;
+    disabledModules = entry.disabledModules;
+    _file = let
+      info = builtins.unsafeGetAttrPos "disabledModules" entry;
+    in "${info.file}:L${info.line}";
+  };
+in
+{
+  imports = lib.map toModule moduleOverrides;
+}

nixos/modules/nix.nix

@@ -0,0 +1,66 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  # bool -> nixpkgs[]
+  wrappedNixExecutables = inEnvironment: assert builtins.isBool inEnvironment; pkgs.symlinkJoin {
+    name = "${pkgs.nix.name}-wrap";
+    paths = [ pkgs.nix ];
+    nativeBuildInputs = [
+      pkgs.makeWrapper
+    ];
+    postBuild = ''
+      wrapProgram $out/bin/nix-build \
+        --add-flags "--log-format" \
+        --add-flags "bar${lib.optionalString inEnvironment "-with-logs"}"
+      wrapProgram $out/bin/nix-shell \
+        --add-flags "--log-format" \
+        --add-flags "bar"
+      wrapProgram $out/bin/nix-env \
+        --add-flags "--log-format" \
+        --add-flags "bar"
+    '';
+    passthru = {
+      inherit (pkgs.nix) man meta version;
+    };
+  };
+
+  # NIXPKGS-PR: 389487
+  futureNixosExecutables = let
+    nixpkgs = builtins.fetchTarball {
+      url = "https://github.com/NixOS/nixpkgs/archive/53a47a1c57b35bb5850cfb137d5c51ec6581152d.tar.gz";
+      sha256 = "sha256-B2nuArKny9jHqEZewqlu61f/4/9lh65iGF9IKjeTc+c=";
+    };
+  in pkgs.callPackage "${nixpkgs}/pkgs/os-specific/linux/nixos-rebuild/default.nix" {};
+
+  wrappedNixosExecutables = pkgs.symlinkJoin {
+    name = "${pkgs.nixos-rebuild.name}-wrap";
+    paths = [ futureNixosExecutables ];
+    nativeBuildInputs = [
+      pkgs.makeWrapper
+    ];
+    postBuild = ''
+      wrapProgram $out/bin/nixos-rebuild \
+        --add-flags "--log-format" \
+        --add-flags "bar" \
+        --add-flags "--use-remote-sudo"
+    '';
+  };
+in {
+  config = {
+    nix.package = wrappedNixExecutables false;
+    environment.systemPackages = [
+      pkgs.nix-output-monitor
+      pkgs.nix-diff
+      pkgs.nix-tree
+    ] ++ lib.map (lib.hiPrio) [
+      (wrappedNixExecutables true)
+      wrappedNixosExecutables
+    ];
+    system.build.nixos-rebuild = lib.mkForce wrappedNixosExecutables;
+    system.tools.nixos-rebuild.enable = false;
+  };
+}

nixos/modules/nvidia.nix

@@ -0,0 +1,107 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+{
+  config = {
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+
+    # Workaround for nvidia driver ghost display
+    boot.kernelParams = [ "nvidia_drm.fbdev=1" ];
+
+    services.xserver.videoDrivers = ["nvidia"];
+    hardware.nvidia = {
+      modesetting.enable = true;
+      powerManagement.enable = true;
+      open = false;
+      nvidiaSettings = true;
+      package = let
+        mkDriverArgs = {
+          version = "575.64";
+          sha256_64bit = "sha256-6wG8/nOwbH0ktgg8J+ZBT2l5VC8G5lYBQhtkzMCtaLE=";
+          sha256_aarch64 = "sha256-uHj8fB1sSJfX0NWZEE1eZN1LQQkf7J0jPV3EeQCSG10=";
+          openSha256 = "sha256-y93FdR5TZuurDlxc/p5D5+a7OH93qU4hwQqMXorcs/g=";
+          settingsSha256 = "sha256-3BvryH7p0ioweNN4S8oLDCTSS47fQPWVYwNq4AuWQgQ=";
+          persistencedSha256 = "sha256-QkDNQKwCsakZOLcSie1NBiFCM5e5NFGiIKtPSFeWdXs=";
+          patches = [
+            (pkgs.fetchpatch {
+              url = "https://raw.githubusercontent.com/rpmfusion/nvidia-kmod/020f5fabfb067150f8dd0d6e470a7a694f59eb59/Workaround-nv_vm_flags_-calling-GPL-only-code.patch";
+              hash = "sha256-2WQs8WDVzNivwUSWn7t2hoduUVvmem5e+JpGt04380c=";
+            })
+          ];
+        };
+      in ( config.boot.kernelPackages.nvidiaPackages.mkDriver mkDriverArgs ).overrideAttrs (super: {
+        passthru = super.passthru or {} // {
+          urls = {
+            x86_64 = [
+              "https://download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run"
+              "https://us.download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run"
+            ];
+            aarch64 = [
+              "https://us.download.nvidia.com/XFree86/aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run"
+              "https://download.nvidia.com/XFree86/Linux-aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run"
+            ];
+          };
+          updateScript = pkgs.den-http-get-updater {
+            fileLocation = ( builtins.unsafeGetAttrPos "any" { any = null; } ).file;
+            previousVersion = mkDriverArgs.version;
+            versionUrl = "https://raw.githubusercontent.com/aaronp24/nvidia-versions/master/nvidia-versions.txt";
+            extraPackages = with pkgs; [
+              coreutils
+              gawk
+              gnugrep
+            ];
+            contentParser = lib.concatStringsSep " | " [
+              "echo \"$newVersion\""
+              "grep current"
+              "awk '{print $3}'"
+              "sort -V"
+              "tail -n 1"
+            ];
+            unpack = false;
+            prefetchList = lib.map (x: {
+              inherit (x) previousHash;
+              unpack = x.unpack or true;
+              prefetchUrlLocation = {
+                file = builtins.toString self + "/outputs.nix";
+                # TODO: don't use already existing NixOS configuration
+                attrpath = "nixosConfigurations.main.config.hardware.nvidia.package.${x.locationAttrpath}";
+              };
+            }) [
+              {
+                previousHash = mkDriverArgs.sha256_64bit;
+                locationAttrpath = "urls.x86_64";
+                unpack = false;
+              }
+              {
+                previousHash = mkDriverArgs.sha256_aarch64;
+                locationAttrpath = "urls.aarch64";
+                unpack = false;
+              }
+              {
+                previousHash = mkDriverArgs.openSha256;
+                locationAttrpath = "open.src.urls";
+              }
+              {
+                previousHash = mkDriverArgs.settingsSha256;
+                locationAttrpath = "settings.src.urls";
+              }
+              {
+                previousHash = mkDriverArgs.persistencedSha256;
+                locationAttrpath = "persistenced.src.urls";
+              }
+            ];
+          };
+        };
+      });
+    };
+    nixpkgs.config.nvidia.acceptLicense = true;
+  };
+}

nixos/modules/polkit/disable-shutdown.nix

@@ -0,0 +1,44 @@
+{
+  config = {
+    security.polkit.extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        polkit.log("action=" + action);
+        polkit.log("subject=" + subject);
+        if (
+          action.id == "org.freedesktop.login1.halt" ||
+          action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.hibernate" ||
+          action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.inhibit-block-idle" ||
+          action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
+          action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
+          action.id == "org.freedesktop.login1.power-off" ||
+          action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.reboot" ||
+          action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.set-reboot-parameter" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
+          action.id == "org.freedesktop.login1.set-self-linger" ||
+          action.id == "org.freedesktop.login1.set-user-linger" ||
+          action.id == "org.freedesktop.login1.set-wall-message" ||
+          action.id == "org.freedesktop.login1.suspend" ||
+          action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.suspend-multiple-sessions"
+        ) {
+          return subject.active ? polkit.Result.AUTH_ADMIN : polkit.Result.NO;
+        };
+      });
+    '';
+  };
+}

nixos/modules/polkit/network.nix

@@ -0,0 +1,17 @@
+{
+  config = {
+    security.polkit.extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        // Allow to start and stop wireguard client services
+        if (
+          action.id == "org.freedesktop.systemd1.manage-units" &&
+          subject.isInGroup("users") &&
+          action.lookup("unit") &&
+          action.lookup("unit").match(/^wg-quick-.*\.service$/)
+        ) {
+          return polkit.Result.YES;
+        };
+      });
+    '';
+  };
+}

nixos/modules/razer.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  config = {
+    hardware.openrazer = {
+      enable = true;
+      users = [
+        "wroclaw"
+      ];
+      # NIXPKGS-PR: 384992
+      packages = let
+        oldVersion = pkgs.python3Packages.openrazer-daemon.version;
+        version = "3.10.3";
+      in lib.mapAttrs (_: package: package.overrideAttrs (oldAttrs: {
+        version = lib.replaceStrings [ oldVersion ] [ version ] oldAttrs.version;
+        src = pkgs.fetchFromGitHub {
+          owner = "openrazer";
+          repo = "openrazer";
+          tag = "v${version}";
+          hash = "sha256-M5g3Rn9WuyudhWQfDooopjexEgGVB0rzfJsPg+dqwn4=";
+        };
+      })) {
+        kernel = config.boot.kernelPackages.openrazer;
+        daemon = pkgs.python3Packages.openrazer-daemon;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      polychromatic
+    ];
+  };
+}

nixos/modules/services/nix-binary-cache.nix

@@ -0,0 +1,54 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  options = {
+    services.nix-serve = {
+      keyName = lib.mkOption {
+        type = lib.types.str;
+        default = config.networking.fqdnOrHostName;
+        defaultText = "config.networking.fqdnOrHostName";
+        description = "Name of the key when generating (usually domain name)";
+      };
+      publicKeyFile = lib.mkOption {
+        type = lib.types.path;
+        default = "/var/cache-pub-key.pem";
+        description = "Path to the public key file";
+      };
+    };
+  };
+  config = {
+    services.nix-serve = {
+      enable = true;
+      package = pkgs.nix-serve-ng;
+      secretKeyFile = "/var/cache-priv-key.pem";
+    };
+    systemd.services.nix-serve-generate-key = let
+      inherit (config.services.nix-serve) keyName secretKeyFile publicKeyFile;
+    in {
+      description = "Ensure existence of nix binary cache signing key";
+      wantedBy = [ config.systemd.services.nix-serve.name ];
+      script = ''
+        if [ -f ${secretKeyFile} ]; then
+          echo "File ${secretKeyFile} already exists, nothing to do" >&2
+          exit 0
+        fi
+        if [ -a ${secretKeyFile} ]; then
+          echo "File ${secretKeyFile} is not a regular file" >&2
+          exit 1
+        fi
+        echo "Generating nix binary cache signing key" >&2
+        touch ${secretKeyFile}
+        chmod 600 ${secretKeyFile}
+        mkdir -p $(dirname ${secretKeyFile})
+        ${lib.getExe' pkgs.nix "nix-store"} --generate-binary-cache-key \
+          ${keyName} ${secretKeyFile} ${publicKeyFile}
+      '';
+      restartIfChanged = true;
+    };
+  };
+}

nixos/modules/shell.nix

@@ -0,0 +1,187 @@
+{ config, pkgs, unstablePkgs, lib, ... }:
+
+let
+  aliasDrag = pkgs.writeScriptBin "drag" ''
+    ${pkgs.ripdrag}/bin/ripdrag -Axd $@
+  '';
+in
+{
+  imports = [
+    ./unstable-packages.nix
+  ];
+
+  config = {
+    environment.systemPackages = ( with pkgs; [
+      aliasDrag
+      ranger-git
+      ripgrep
+      (kitty.overrideAttrs (superAttrs: {
+        patches = superAttrs.patches or [] ++ [
+          (fetchpatch {
+            url = "https://github.com/AmirulAndalib/kitty/commit/61fd8c4003b361503160424cbed1960153f40290.patch";
+            excludes = lib.map lib.escapeRegex [
+              "docs/changelog.rst"
+            ];
+            hash = "sha256-TqO/pLRkxN+Mz4nfNfTntGpPoy6OgbtAGmdohG/1BFs=";
+          })
+        ];
+      }))
+      zoxide
+    ]) ++ [
+      (
+        pkgs.writeScriptBin "nix-convert-hash" ''
+          ${lib.getExe' config.nix.package "nix"} --extra-experimental-features "nix-command" hash convert "$@"
+        ''
+      )
+    ];
+
+    programs.bash.shellInit = ''
+      HISTCONTROL=ignoreboth
+    '';
+
+    programs.bash.interactiveShellInit = lib.mkMerge [
+      ''
+        HISTCONTROL=ignoreboth
+        if test -n "$KITTY_INSTALLATION_DIR"; then
+          export KITTY_SHELL_INTEGRATION="enabled,no-sudo"
+          source "$KITTY_INSTALLATION_DIR/shell-integration/bash/kitty.bash"
+        fi
+        alias bye=exit
+      ''
+      (lib.mkAfter ''
+        eval "''$(${lib.getExe pkgs.zoxide} init bash)"
+      '')
+    ];
+
+    environment.etc."xdg/kitty/kitty.conf".text = ''
+      font_family MesloLGS Nerd Font
+      font_size 10.0
+      scrollback_lines 10000
+      window_border_width 0.5
+      window_padding_width 3
+      ${if config.services.xserver.desktopManager.gnome.enable then "hide_window_decorations yes" else ""}
+      background_opacity 0.8
+      dynamic_background_opacity yes
+
+      map kitty_mod+alt+c copy_ansi_to_clipboard
+    '';
+
+    environment.etc."ranger/rc.conf".text = ''
+      eval import os; fm.set_option_from_string("preview_images", "true") if "KITTY_INSTALLATION_DIR" in os.environ else None;
+      eval import os; fm.set_option_from_string("preview_images_method", "kitty") if "KITTY_INSTALLATION_DIR" in os.environ else None;
+      set vcs_aware true
+      set show_hidden true
+
+      alias drag shell ${pkgs.ripdrag}/bin/ripdrag -Axd %p &
+      map <C-d> drag
+    '';
+
+    environment.etc."ranger/plugins/zoxide.py".source = pkgs.fetchFromGitHub {
+      owner = "jchook";
+      repo = "ranger-zoxide";
+      rev = "281828de060299f73fe0b02fcabf4f2f2bd78ab3";
+      hash = "sha256-JEuyYSVa1NS3aftezEJx/k19lwwzf7XhqBCL0jH6VT4=";
+    } + /__init__.py;
+
+    programs.direnv.enable = true;
+
+    programs.neovim = {
+      enable = true;
+      viAlias = true;
+      vimAlias = true;
+      configure = {
+        customRC = ''
+          set number
+          set hlsearch
+          set incsearch
+          set tabstop=4
+          set softtabstop=4
+          set shiftwidth=4
+          set expandtab
+          set autoindent
+          set updatetime=500
+          colorscheme vim
+
+          syntax on
+          set encoding=utf-8
+          set wildmode=longest,list,full
+          set listchars=space:·,tab:┄┄»
+          set indentkeys-=0#
+
+          " rainbow-delimeters-nvim
+          let g:rainbow_delimiters = {
+            \ 'strategy': {
+              \ ${"''"}: rainbow_delimiters#strategy.global,
+            \ },
+          \ }
+
+          " vim-gitguter
+          set signcolumn=yes
+          highlight SignColumn NONE
+          highlight GitGutterAdd ctermfg=2 guifg=#2ea043
+          highlight GitGutterChange ctermfg=4 guifg=#0078d4
+          highlight GitGutterDelete ctermfg=1 guifg=#f85149
+
+          lua require('guess-indent').setup {}
+        '';
+        packages.myVimPackage = with pkgs.vimPlugins; {
+          start = [
+            guess-indent-nvim
+            vim-visual-multi
+            autoclose-nvim
+            rainbow-delimiters-nvim
+            vimagit
+            vim-gitgutter
+          ];
+        };
+      };
+    };
+
+    environment.variables = lib.mkIf config.programs.neovim.enable rec {
+      EDITOR = "/run/current-system/sw/bin/nvim";
+      VISUAL = EDITOR;
+    };
+
+    programs.starship = {
+      enable = true;
+      settings = {
+        format = lib.concatStrings [
+          "$all"
+          "\${custom.sshAuthSocket}"
+          "$line_break"
+          "\${custom.ranger}"
+          "$jobs"
+          "$battery"
+          "$time"
+          "$status"
+          "$os"
+          "$container"
+          "$shell"
+          "$character"
+        ];
+        directory = {
+          truncation_length = 5;
+          truncation_symbol = "…/";
+        };
+        hostname = {
+          ssh_only = false;
+        };
+        username = {
+          show_always = true;
+        };
+        status.disabled = false;
+        custom.ranger = {
+          when = "test $RANGER_LEVEL";
+          command = "echo \"✦\"";
+          style = "bold 208";
+        };
+        custom.sshAuthSocket = {
+          when = "test -S \"$SSH_AUTH_SOCK\"";
+          command = "echo -e \"SSH Auth Agent\"";
+          style = "124";
+          format = "with [$output]($style) ";
+        };
+      };
+    };
+  };
+}

nixos/modules/unstable-packages.nix

@@ -1,14 +1,20 @@
-{config, pkgs, lib, ...}:
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
 
 let
   cfg = config.unstable;
-  unstableOverlay = import ../pkgs/overlays/unstable.nix;
+  unstableOverlay = self.overlays.unstableWithMeta;
 in
 {
   options.unstable = {
-    enable = lib.mkEnableOption (lib.mkDoc ''
+    enable = lib.mkEnableOption ''
       use of unstable packages in configuration. You can use `unstablePkgs` in configuration modules
-    '') // { default = true; };
+    '' // { default = true; };
   };
   config = {
     _module.args.unstablePkgs = if config.unstable.enable then pkgs.unstable else pkgs;

nixos/modules/virtualization.nix

@@ -0,0 +1,18 @@
+
+{ lib, config, pkgs, ... }:
+
+{
+  config = {
+    #virtualisation.waydroid.enable = true;
+    programs.virt-manager.enable = true;
+    virtualisation.libvirtd = {
+      enable = true;
+      qemu.ovmf = {
+        enable = true;
+        packages = [
+          pkgs.OVMFFull.fd
+        ];
+      };
+    };
+  };
+}

nixos/modules/xdg-default-apps.nix

@@ -0,0 +1,137 @@
+{
+  config = {
+    xdg.mime.enable = true;
+    xdg.mime.defaultApplications = {
+      # Browser
+      "x-scheme-handler/http" = "vivaldi-stable.desktop";
+      "application/xhtml+xml" = "vivaldi-stable.desktop";
+      "text/html" = "vivaldi-stable.desktop";
+      "x-scheme-handler/https" = "vivaldi-stable.desktop";
+      "application/pdf" = "vivaldi-stable.desktop";
+
+      # Audio
+      "audio/aiff" = "mpv.desktop";
+      "audio/basic" = "mpv.desktop";
+      "audio/it" = "mpv.desktop";
+      "audio/make" = "mpv.desktop";
+      "audio/make.my.funk" = "mpv.desktop";
+      "audio/mid" = "mpv.desktop";
+      "audio/midi" = "mpv.desktop";
+      "audio/mod" = "mpv.desktop";
+      "audio/mpeg" = "mpv.desktop";
+      "audio/mpeg3" = "mpv.desktop";
+      "audio/nspaudio" = "mpv.desktop";
+      "audio/s3m" = "mpv.desktop";
+      "audio/tsp-audio" = "mpv.desktop";
+      "audio/tsplayer" = "mpv.desktop";
+      "audio/vnd.qcelp" = "mpv.desktop";
+      "audio/voc" = "mpv.desktop";
+      "audio/voxware" = "mpv.desktop";
+      "audio/wav" = "mpv.desktop";
+      "audio/x-adpcm" = "mpv.desktop";
+      "audio/x-aiff" = "mpv.desktop";
+      "audio/x-au" = "mpv.desktop";
+      "audio/x-gsm" = "mpv.desktop";
+      "audio/x-jam" = "mpv.desktop";
+      "audio/x-liveaudio" = "mpv.desktop";
+      "audio/x-mid" = "mpv.desktop";
+      "audio/x-midi" = "mpv.desktop";
+      "audio/x-mod" = "mpv.desktop";
+      "audio/x-mpeg" = "mpv.desktop";
+      "audio/x-mpeg-3" = "mpv.desktop";
+      "audio/x-mpequrl" = "mpv.desktop";
+      "audio/x-nspaudio" = "mpv.desktop";
+      "audio/x-pn-realaudio" = "mpv.desktop";
+      "audio/x-pn-realaudio-plugin" = "mpv.desktop";
+      "audio/x-psid" = "mpv.desktop";
+      "audio/x-realaudio" = "mpv.desktop";
+      "audio/x-twinvq" = "mpv.desktop";
+      "audio/x-twinvq-plugin" = "mpv.desktop";
+      "audio/x-vnd.audioexplosion.mjuicemediafile" = "mpv.desktop";
+      "audio/x-voc" = "mpv.desktop";
+      "audio/x-wav" = "mpv.desktop";
+      "audio/xm" = "mpv.desktop";
+
+      # Video
+      "video/animaflex" = "mpv.desktop";
+      "video/avi" = "mpv.desktop";
+      "video/avs-video" = "mpv.desktop";
+      "video/dl" = "mpv.desktop";
+      "video/fli" = "mpv.desktop";
+      "video/gl" = "mpv.desktop";
+      "video/mpeg" = "mpv.desktop";
+      "video/msvideo" = "mpv.desktop";
+      "video/quicktime" = "mpv.desktop";
+      "video/vdo" = "mpv.desktop";
+      "video/vivo" = "mpv.desktop";
+      "video/vnd.rn-realvideo" = "mpv.desktop";
+      "video/vnd.vivo" = "mpv.desktop";
+      "video/vosaic" = "mpv.desktop";
+      "video/x-amt-demorun" = "mpv.desktop";
+      "video/x-amt-showrun" = "mpv.desktop";
+      "video/x-atomic3d-feature" = "mpv.desktop";
+      "video/x-dl" = "mpv.desktop";
+      "video/x-dv" = "mpv.desktop";
+      "video/x-fli" = "mpv.desktop";
+      "video/x-gl" = "mpv.desktop";
+      "video/x-isvideo" = "mpv.desktop";
+      "video/x-motion-jpeg" = "mpv.desktop";
+      "video/x-mpeg" = "mpv.desktop";
+      "video/x-mpeq2a" = "mpv.desktop";
+      "video/x-ms-asf" = "mpv.desktop";
+      "video/x-ms-asf-plugin" = "mpv.desktop";
+      "video/x-msvideo" = "mpv.desktop";
+      "video/x-qtc" = "mpv.desktop";
+      "video/x-scm" = "mpv.desktop";
+      "video/x-sgi-movie" = "mpv.desktop";
+
+      # Image
+      "image/bmp" = "qimgv.desktop";
+      "image/cmu-raster" = "qimgv.desktop";
+      "image/fif" = "qimgv.desktop";
+      "image/florian" = "qimgv.desktop";
+      "image/g3fax" = "qimgv.desktop";
+      "image/gif" = "qimgv.desktop";
+      "image/ief" = "qimgv.desktop";
+      "image/jpeg" = "qimgv.desktop";
+      "image/jutvision" = "qimgv.desktop";
+      "image/naplps" = "qimgv.desktop";
+      "image/pict" = "qimgv.desktop";
+      "image/pjpeg" = "qimgv.desktop";
+      "image/png" = "qimgv.desktop";
+      "image/tiff" = "qimgv.desktop";
+      "image/vasa" = "qimgv.desktop";
+      "image/vnd.dwg" = "qimgv.desktop";
+      "image/vnd.fpx" = "qimgv.desktop";
+      "image/vnd.net-fpx" = "qimgv.desktop";
+      "image/vnd.rn-realflash" = "qimgv.desktop";
+      "image/vnd.rn-realpix" = "qimgv.desktop";
+      "image/vnd.wap.wbmp" = "qimgv.desktop";
+      "image/vnd.xiff" = "qimgv.desktop";
+      "image/x-cmu-raster" = "qimgv.desktop";
+      "image/x-dwg" = "qimgv.desktop";
+      "image/x-icon" = "qimgv.desktop";
+      "image/x-jg" = "qimgv.desktop";
+      "image/x-jps" = "qimgv.desktop";
+      "image/x-niff" = "qimgv.desktop";
+      "image/x-pcx" = "qimgv.desktop";
+      "image/x-pict" = "qimgv.desktop";
+      "image/x-portable-anymap" = "qimgv.desktop";
+      "image/x-portable-bitmap" = "qimgv.desktop";
+      "image/x-portable-graymap" = "qimgv.desktop";
+      "image/x-portable-greymap" = "qimgv.desktop";
+      "image/x-portable-pixmap" = "qimgv.desktop";
+      "image/x-quicktime" = "qimgv.desktop";
+      "image/x-rgb" = "qimgv.desktop";
+      "image/x-tiff" = "qimgv.desktop";
+      "image/x-windows-bmp" = "qimgv.desktop";
+      "image/x-xbitmap" = "qimgv.desktop";
+      "image/x-xbm" = "qimgv.desktop";
+      "image/x-xpixmap" = "qimgv.desktop";
+      "image/x-xwd" = "qimgv.desktop";
+      "image/x-xwindowdump" = "qimgv.desktop";
+      "image/xbm" = "qimgv.desktop";
+      "image/xpm" = "qimgv.desktop";
+    };
+  };
+}

outputs.nix

@@ -1,47 +1,49 @@
 {
-  inputs ? import ./inputs.nix {},
-  selfPath ? ./.
+  inputsPath ? ./inputs.nix,
+  inputs ? import inputsPath {},
+  selfPath ? {
+    outPath = builtins.toString ./.;
+    selfMode = "impure";
+  },
 }:
 
 let
 
-lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib/overlays/version-info-fixup.nix { inherit inputs; });
+lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib/overlays/version-info-fixup.nix { revision = inputs.lock.nixpkgs.revision; });
+
+systems = [
+  "x86_64-linux"
+  "aarch64-linux"
+];
+
+# (system -> x) -> { [system] := x }
+forEachSystem = lib.genAttrs systems;
 
 self = {
-  inherit inputs lib self;
-  __toString = _: selfPath;
+  inherit inputs inputsPath lib self;
+  outPath = selfPath;
   modifiedNixpkgs     = import ./pkgs/top-level/impure.nix;
   modifiedNixpkgsPure = import ./pkgs/top-level/default.nix;
+  packagesForSystem = system: self.modifiedNixpkgsPure { localSystem = system; };
+  packages = forEachSystem (system: let
+    nixpkgs = import "${inputs.nixpkgs}/pkgs/top-level/default.nix" { localSystem = system; };
+    attrnames = builtins.attrNames nixpkgs;
+  in
+    builtins.removeAttrs (self.packagesForSystem system) attrnames
+  );
   overlays = {
+    cosmicPackages = import ./pkgs/overlays/cosmic-packages.nix { inherit inputs; };
     selfExpr = import ./pkgs/overlays/selfExpr.nix { nixpkgsPath = inputs.nixpkgs; };
-    unstable = import ./pkgs/overlays/unstable.nix;
+    unstableWithMeta = import ./pkgs/overlays/unstable-with-meta.nix { unstableSource = inputs.nixpkgs-unstable; revision = inputs.lock.nixpkgs-unstable.revision; };
     versionInfoFixup = import ./pkgs/overlays/version-info-fixup.nix { inherit inputs; };
   };
   nixosConfigurations = let
-    # list nix file paths in ./hosts to attributes in nixosConfigurations
-    filePaths = lib.pipe ./hosts [
-      builtins.readDir
-      ( lib.filterAttrs (name: type:
-        ( # regular .nix files
-          (type == "regular" && lib.hasSuffix ".nix" name)
-          || # directories that contain a default.nix file
-          (type == "directory" && builtins.pathExists "${./hosts}/${name}/default.nix")
-        )
-        # filter out files that start with .
-        && !lib.hasPrefix "." name
-      ))
-    ];
     nixosSystem = import "${inputs.nixpkgs}/nixos/lib/eval-config.nix";
-  in
-    # mapped list of nix file paths to attrSet with initialized NixOS configurations,
-    # whose names are derived from file names
-    lib.pipe filePaths [
-      (builtins.mapAttrs (name: type: {
-        name = if type == "directory" then name else builtins.substring 0 (builtins.stringLength name - 4) name;
-        value = nixosSystem {
+    mkNixosSystem = path: nixosSystem {
       inherit lib;
+      system = null;
       modules = [
-            ./hosts/${name}
+        path
         {
           config.nixpkgs.overlays = [
             ( import ./pkgs/overlays/selfExpr.nix { nixpkgsPath = "${self}/pkgs/top-level/impure.nix"; } )
@@ -52,10 +54,52 @@ self = {
       ];
       specialArgs = { inherit self inputs; };
     };
+    baseHostsDir = ./nixos/hosts;
+  in
+    # mapped attrset of nix file paths to attrSet with initialized NixOS configurations,
+    # whose names are derived from file names
+    lib.pipe baseHostsDir [
+      builtins.readDir
+      # filter out files that are not .nix files, directories with default.nix or starting with . (dot, hidden files)
+      ( lib.filterAttrs (name: type:
+        (
+          (type == "regular" && lib.hasSuffix ".nix" name)
+          || (type == "directory" && builtins.pathExists (baseHostsDir + "/${name}/default.nix"))
+        )
+        && !lib.hasPrefix "." name
+      ))
+      (builtins.mapAttrs (name: type: {
+        # remove .nix extension
+        name = if type == "directory" then name else builtins.substring 0 (builtins.stringLength name - 4) name;
+        # initialize NixOS configuration
+        value = mkNixosSystem (baseHostsDir + "/${name}");
       }))
       builtins.attrValues
       builtins.listToAttrs
     ];
+  updateList = import ./update-list.nix self;
+  # FIXME: currently impure
+  # NOTE: to run, you need to evaluate outputs.nix instead of default.nix
+  #       nix-shell outputs.nix -A update
+  update = let
+    updateScript = (self.packagesForSystem (builtins.currentSystem)).den-update-script;
+  in updateScript {
+    path = "";
+    packages = lib.pipe self.updateList [
+      lib.attrsToList
+      (lib.imap1 (i: {name, value}: {
+        name = builtins.toString i;
+        value = value // {
+          # hack to pass isDerivation check in nixpkgs maintainers/scripts/update.nix
+          # https://github.com/NixOS/nixpkgs/blob/a1185f4064c18a5db37c5c84e5638c78b46e3341/maintainers/scripts/update.nix#L85
+          type = "derivation";
+          name = name;
+        };
+      }))
+      builtins.listToAttrs
+      lib.recurseIntoAttrs
+    ];
+  };
 };
 
 in self

pkgs/by-name/de/den-http-get-updater/package.nix

@@ -0,0 +1,180 @@
+{
+  lib,
+
+  curl,
+  gnused,
+  jq,
+  nix,
+  uutils-coreutils-noprefix,
+  writeScript,
+}:
+
+{
+  # location of file to modify
+  fileLocation,
+  previousVersion,
+  versionUrl,
+
+  # {
+  #   fileLocation: string?;
+  #   previousHash: string;
+  #   prefetchUrlLocation: {
+  #     file: string;
+  #     attrpath: string[]'
+  #   };
+  #   prefetchHash: string?;
+  #   targetHash: string?;
+  #   unpack: bool?;
+  #   name: string?;
+  # }[]
+  #
+  prefetchList ? [],
+
+  # extra packages to add to the path
+  extraPackages ? [],
+
+  # change newVersion variable in it, if the contents of the page
+  # is not plaintext version
+  # (json for example)
+  contentParser ? "echo \"$newVersion\"",
+
+  unpack ? true,
+  hashAlgo ? "sha256",
+  hashFormat ? "sri",
+}:
+
+let
+  assertNoStorePathPrefix = path:
+    assert lib.assertMsg (!lib.hasPrefix builtins.storeDir path) ''
+      The path '${path}' is a store path.
+
+      den-http-get-updater must be evaluated in impure mode,
+      in order to modify target files, and this cannot be done
+      with files in the store.
+    ''; path;
+
+  realFileLocation = assertNoStorePathPrefix (builtins.toString fileLocation);
+
+  prefetchList' = lib.map (x:
+    assert builtins.isNull x.prefetchUrlLocation || lib.isAttrs x.prefetchUrlLocation;
+    assert lib.isAttrs x.prefetchUrlLocation && (
+      lib.isString x.prefetchUrlLocation.file or null ||
+      lib.isPath x.prefetchUrlLocation.file or null
+    );
+    assert lib.isAttrs x.prefetchUrlLocation && lib.isString x.prefetchUrlLocation.attrpath or null;
+    rec {
+      inherit fileLocation hashAlgo hashFormat unpack;
+      name = if x.unpack or unpack then "source" else null;
+      mark = builtins.hashString "sha256" x.previousHash;
+      markRegexEscape = lib.escapeRegex mark;
+      realFileLocation = assertNoStorePathPrefix (builtins.toString x.realFileLocation or fileLocation);
+      realFileLocationShellEscape = lib.escapeShellArg realFileLocation;
+      prefetchUrlLocationShellEscape = lib.mapAttrs (_: lib.escapeShellArg) x.prefetchUrlLocation;
+      previousHashRegexEscape = lib.escapeRegex x.previousHash;
+  } // x) prefetchList;
+
+  realFileLocationShellEscape = lib.escapeShellArg realFileLocation;
+  versionUrlShellEscape = lib.escapeShellArg versionUrl;
+
+  previousVersionRegexEscape = lib.escapeRegex previousVersion;
+
+
+  path = lib.makeBinPath ([
+    curl
+    gnused
+    jq
+    nix
+  ] ++ extraPackages);
+in
+
+writeScript "den-http-get-updater" (''
+  PATH="${lib.escapeShellArg path}"
+  prefetchFailed=
+
+  newVersion=$(curl -L "${versionUrlShellEscape}")
+  if [[ "$?" != 0 ]]; then
+    echo "error: fetching new version failed" 1>&2
+    exit 1
+  fi
+  newVersion=$(${contentParser})
+  sed -Ei "s!${previousVersionRegexEscape}!$newVersion!g" "${realFileLocationShellEscape}"
+''
+
+# invalidate hashes
++ lib.concatStringsSep "\n" (lib.map ({
+  mark,
+  previousHash,
+  previousHashRegexEscape,
+  realFileLocationShellEscape,
+  ...
+}: ''
+  sed -Ei "s!${previousHashRegexEscape}!${mark}!g" "${realFileLocationShellEscape}"
+'') prefetchList')
+
++ lib.concatStringsSep "\n" (lib.map ({
+  fileLocation,
+  markRegexEscape,
+  name,
+  prefetchUrlLocationShellEscape,
+  realFileLocationShellEscape,
+  unpack,
+  ...
+}: let
+  nixUnpack = lib.optionalString unpack "--unpack";
+  nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\"";
+in ''
+  for i in {1..30}; do
+    nixUrlsResult=$(nix-instantiate --eval --json --strict \
+        "${prefetchUrlLocationShellEscape.file}" \
+        -A "${prefetchUrlLocationShellEscape.attrpath}"
+      )
+      if [[ "$?" == "0" ]]; then
+          break
+      elif [[ "$i" == 30 ]]; then
+          echo "error: prefetchUrlLocation failed - attempts exhausted" 1>&2
+          exit 1
+      fi
+      echo "prefetchUrlLocation failed (attempt $i)" 1>&2
+      ${lib.getExe' uutils-coreutils-noprefix "sleep"} 2
+  done
+
+
+  urlsType=$(jq -rc 'type' <<< "$nixUrlsResult")
+  if [ "$urlsType" = "array" ]; then
+      readarray -t prefetchUrls < <(
+          jq -rc '.[]' <<< "$nixUrlsResult"
+      )
+  elif [ "$urlsType" = "string" ]; then
+      readarray -t prefetchUrls < <(
+          jq -rc '.' <<< "$nixUrlsResult"
+      )
+  fi
+
+  prefetchSucceeded=1
+  for url in "''${prefetchUrls[@]}"; do
+      echo "trying prefetch '$url'...";
+      expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName} --type "${hashAlgo}")
+      expectedHash=$(nix --extra-experimental-features "nix-command" hash convert \
+        --hash-algo "${hashAlgo}" \
+        --to "${hashFormat}" \
+        "$expectedHash"
+      )
+      if [[ -n $expectedHash ]]; then
+          echo "prefetch succeeded!"
+          echo "hash: $expectedHash"
+          sed -Ei "s!${markRegexEscape}!$expectedHash!g" "${realFileLocationShellEscape}"
+          prefetchSucceeded=
+          break
+      fi
+  done
+  if [[ -n "$prefetchSucceeded" ]]; then
+      echo "warning: prefetch failed" 1>&2
+      prefetchFailed=1
+  fi
+'') (lib.filter (x: !builtins.isNull x.prefetchUrlLocation) prefetchList'))
+
++ ''
+  if [[ -n "$prefetchFailed" ]]; then
+      exit 1
+  fi
+'')

pkgs/by-name/de/den-update-script/package.nix

@@ -0,0 +1,39 @@
+{
+  lib,
+  path,
+
+  overlayAttrname ? "den-outputs",
+}:
+
+assert lib.assertMsg (!lib.hasInfix "." overlayAttrname) (lib.pipe ''
+  overlayAttrname must not contain a dot (.),
+  because dot is used to reference package in a package set
+  inside nix-update-script.
+'' [
+  lib.lines
+  (lib.concatStringsSep " ")
+]);
+
+let
+  updateScript = import (path + /maintainers/scripts/update.nix);
+  functionArgs = lib.functionArgs updateScript;
+  nameInFunctionArgs = name: lib.elem name (lib.attrNames functionArgs);
+in
+{
+  __functionArgs = functionArgs // { packages = false; };
+  __functor = _: args: let
+    # args.outputs should be an attrset of packages to update
+    overlay = _: _: {
+      "${overlayAttrname}" = args.packages;
+    };
+  in updateScript (lib.filterAttrs (name: _: nameInFunctionArgs name) args // {
+    include-overlays =
+      if !args ? updateScript then [ overlay ]
+      else if lib.isList args.updateScript then [ overlay ] ++ args.updateScript
+      else args.updateScript;
+  } // lib.optionalAttrs (args ? package) {
+    package = "${overlayAttrname}.${args.package}";
+  } // lib.optionalAttrs (args ? path) {
+    path = if lib.stringLength args.path == 0 then overlayAttrname else "${overlayAttrname}.${args.path}";
+  });
+}

pkgs/by-name/mk/mkScriptOverride/package.nix

@@ -1,29 +0,0 @@
-{
-  lib,
-  stdenv,
-}:
-
-{
-  src,
-  script,
-  ...
-} @ args:
-lib.hiPrio (stdenv.mkDerivation (
-  {
-    src = src;
-    name = "${src.name}-script-override";
-    phases = [ "installPhase" "scriptOverridePhase" ];
-    installPhase = ''
-      runHook preInstall
-
-      cp -r $src $out
-      chmod u+w -R $out
-
-      runHook postInstall
-    '';
-    scriptOverridePhase = script;
-  } // lib.removeAttrs args [
-    "pkg"
-    "commands"
-  ]
-))

pkgs/by-name/mk/mkWrappedExecutable/package.nix

@@ -1,22 +0,0 @@
-{
-  lib,
-  makeWrapper,
-  stdenv
-}:
-
-/*
-  pkg: package - nixpkgs package
-  exe: string - executable (under bin) in pkg
-  wrapperArgs: string[] - arguments to pass to the wrapper
-*/
-{ pkg, exe ? pkg.meta.mainProgram, wrapperArgs }:
-lib.hiPrio (stdenv.mkDerivation {
-  inherit wrapperArgs;
-  name = "${pkg.name}-wrap-${exe}";
-  nativeBuildInputs = [ makeWrapper ];
-  phases = ["installPhase"];
-  installPhase = ''
-    mkdir -p $out/bin
-    makeWrapper ${pkg}/bin/${exe} $out/bin/${exe} $wrapperArgs
-  '';
-})