Starting my literate config and hiding secrets

2022-05-08 06:16:34 -05:00 · 2022-05-08 06:16:34 -05:00 · c2e30c84bd
parent 0c92894205
commit c2e30c84bd
7 changed files with 633 additions and 33 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -19,3 +19,9 @@
 [submodule "rubato"]
 	path = awesome/rubato
 	url = https://github.com/andOrlando/rubato.git
 [submodule "awesome/awesome/rubato"]
 	path = awesome/awesome/rubato
 	url = https://github.com/andOrlando/rubato.git
 [submodule "awesome/rubato"]
 	path = awesome/rubato
 	url = https://github.com/andOrlando/rubato.git
--- a/README.org
+++ b/README.org
@ -2,10 +2,591 @@
 #+AUTHOR: Chris Cochrun mailto:chris@tfcconnection.org
 * Welcome
-This repository contains all of my dotfiles for the strange and odd configurations I make to the many programs I like to use on Linux.
+This repository contains all of my dotfiles to the many programs I like to use on Linux. This is primarily built with NixOS and Emacs. This is done through literate programming. So basically this README file has all the source code for the entire system. (or at least it will once I get it all finished)
-Hopefully many of them will be of some use to you. I plan on eventually making these all literate so that you are able to see many comments in line with the configs and why they are the way they are but, I'm a chump and haven't done it yet.
+* NixOS
 The biggest part of this is through NixOS. NixOS is a declarative way of building an OS for Linux and allows an immutable and reproducible system. I really like that last part. I enjoy my config to be the same no matter how many machines I place it on. I'd also one day like this to be modular so that I'll have some switches that can turn on and off certain features.
 Let's start with the core of this, the flake.
 ** flake.nix
 This is not a wholly complex setup with flakes. I've seen far more complex and unique ones. But the basic idea is to have a few of our inputs setup to bring in the expected pkgs and then output things to the correct system/user.
 Note how in the outputs I do have some duplicated code. That is will disappear as I grow more accustomed to flakes and nix. Anyhow, the important things to gather in this file are that I'm making sure to use non-free software by making pkgs =config = { allowUnfree = true; }=. This ensures that things like the non-free linux kernel are accessible.
 Also, syl is my laptop and kaladin is my desktop. So those are going to be unique in the future.
 Both include the home-manager module. Primarily I chose that route so that I could use the same command to update the entire system without needing to update the system and user stuff seperately.
 #+begin_src nix :tangle flake.nix
 {
  description = "The Flake";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    home-manager.url = "github:nix-community/home-manager/master";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = { nixpkgs, home-manager, ... }:
    let
      system = "x86_64-linux";
      username = "chris";
      pkgs = import nixpkgs {
        inherit system;
        config = { allowUnfree = true; };
      };
      lib = nixpkgs.lib;
    in  {
      nixosConfigurations = {
        syl = lib.nixosSystem {
          inherit system;
          modules = [
            ./system/syl/configuration.nix
            home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.users.chris = import ./user/home.nix;
          }
          ];
        };
        kaladin = lib.nixosSystem {
          inherit system;
          modules = [
            ./system/kaladin/configuration.nix
            home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.users.chris = import ./user/home.nix;
          }
          ];
        };
      };
    };
 }
 #+end_src
 ** Syl
 Syl is my laptop and has some configuration unique to that. In particular, it's a Framework Laptop. Honestly a great piece of tech. Love it.
 Notice how I am including all of my software here. It may be a big file, but having all of it in one place means I can easily grok through it and remove something.
 #+begin_src nix :tangle system/syl/configuration.nix
 { config, pkgs, callPackage, ... }:
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  nix = {
    extraOptions = "experimental-features = nix-command flakes";
    package = pkgs.nixFlakes;
  };
  # Use the systemd-boot EFI boot loader.
  boot.kernelPackages = pkgs.linuxPackages_zen;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  nixpkgs.config.allowUnfree = true;
  boot.kernelParams = [ "mem_sleep_default=deep" ];
  networking.hostName = "syl"; # Define your hostname.
  networking.networkmanager.enable = true;
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Set your time zone.
  time.timeZone = "America/Chicago";
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.wlp170s0.useDHCP = true;
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  # Set default shell to be dash for speed
  environment.binsh = "${pkgs.dash}/bin/dash";
  hardware.uinput.enable = true;
  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;
    windowManager.awesome = {
      enable = true;
      package = pkgs.myAwesome;
    };
  };
  # Enable the Plasma 5 Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
  # Configure keymap in X11
  services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";
  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ]; 
  # Enabel fingerprint
  services.fprintd.enable = true;
  # Enable sound.
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    wireplumber.enable = true;
  };
  # Needed for some pipewire progs
  programs.dconf.enable = true;
  # Turn on flatpak
  services.flatpak.enable = true;
  # Some other things
  services.thermald.enable = true;
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC="performance";
      CPU_SCALING_GOVERNOR_ON_BAT="powersave";
      CPU_ENERGY_PERF_POLICY_ON_AC="balance_performance";
      CPU_ENERGY_PERF_POLICY_ON_BAT="power";
      SCHED_POWERSAVE_ON_AC=0;
      SCHED_POWERSAVE_ON_BAT=1;
      START_CHARGE_THRESH_BAT1=70;
      STOP_CHARGE_THRESH_BAT1=80;
      USB_ALLOWLIST="32ac:0002";
    };
  };
  services.usbmuxd.enable = true;
  services.fstrim.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  services.xserver.libinput.enable = true;
  programs.fish.enable = true;
  programs.zsh.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.chris = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "input" ]; # Enable ‘sudo’ for the user.
  };
  programs.partition-manager.enable = true;
  programs.kdeconnect.enable = true;
  security.pam.services.kwallet = {
    name = "kwallet";
    enableKwallet = true;
  };
  security.pam.services.sddm.enableKwallet = true;
  virtualisation.waydroid.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim
    wget
    killall
    discover
    lightly-qt
    pinentry
    pinentry-qt
    unzip
    unrar
    p7zip
    zip
    gzip
    usbutils
    git
    ark
    kget
    krename
    kwallet-pam
    plasma5Packages.kwallet
    libimobiledevice
    sddm-kcm
    ydotool
    bottles
    exa mpv yt-dlp rofi-emoji
    nerdfonts latte-dock bat
    libsForQt5.bismuth libnotify
    rofi-wayland ripgrep bc 
    sysstat procs papirus-icon-theme
    phinger-cursors plasma-hud kde-cli-tools
    macchina meson ninja cmake 
    extra-cmake-modules gzip 
    htop btop firefox kate kdialog openlp
    libreoffice-fresh vlc
    neochat haskellPackages.greenclip
    pulsemixer any-nix-shell wtype
    spotdl kdenlive ffmpeg neofetch
    xdotool fennel
  ];
  # EMACS
  services.emacs.package = pkgs.emacsPgtkNativeComp;
  nixpkgs.overlays = [
    (import (builtins.fetchTarball {
      url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
      sha256 = "1pd14gigm5bznzd8k88dq9scicw1zqknm87bnqmd0z556g9ir60f";
    }))
    (self: super:
      {
        myAwesome = super.awesome.overrideAttrs (old: rec {
          pname = "myAwesome";
          version = "git-20220508-c539e0e";
          src = super.fetchFromGitHub {
            owner = "awesomeWM";
            repo = "awesome";
            rev = "c539e0e4350a42f813952fc28dd8490f42d934b3";
            sha256 = "EDAL7NnLF2BiVI8DAlEciiZtDmwXOzCPypGTrlN/OoQ=";
          };
        });
      }
    )
  ];
  services.emacs.enable = true;
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
 }
 #+end_src
 Now in the =hardware-configuration.nix= file, I didn't change much because I wanted to keep it roughly the same in case things do get overwritten, but this is another nice feature of literate programming, should things change in the /etc folder, I'll have this readme as a backup of what it was before the changes.
 #+begin_src nix :tangle system/syl/hardware-configuration.nix
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" "acpi_call" ];
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/500ad375-8fe0-4888-8f57-ee9d5ea1fd9f";
      fsType = "btrfs";
      options = [ "subvol=root" "noatime" "nodiratime" "ssd" "compress=zstd" "space_cache" ];
    };
  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/5db54453-8ae9-4ba0-b381-01255ac7d7f7";
  fileSystems."/home" =
    { device = "/dev/disk/by-uuid/500ad375-8fe0-4888-8f57-ee9d5ea1fd9f";
      fsType = "btrfs";
      options = [ "subvol=home" "noatime" "nodiratime" "ssd" "compress=zstd" "space_cache" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-uuid/500ad375-8fe0-4888-8f57-ee9d5ea1fd9f";
      fsType = "btrfs";
      options = [ "subvol=nix" "noatime" "nodiratime" "ssd" "compress=zstd" "space_cache" ];
    };
  fileSystems."/var/log" =
    { device = "/dev/disk/by-uuid/500ad375-8fe0-4888-8f57-ee9d5ea1fd9f";
      fsType = "btrfs";
      options = [ "subvol=log" "noatime" "nodiratime" "ssd" "compress=zstd" "space_cache" ];
      neededForBoot = true;
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/E9C0-3E97";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/4f3c6d93-3be2-480c-8be8-fb9200c06b0c"; }
    ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
 }
 #+end_src
 ** Kaladin
 Kaladin is my desktop machine. A powerhouse for the most part with a recent i7 and 64gb of memory and an Nvidia 1080. Basically I use this for video editing, animation, and some other things. Here is it's configuration.
 #+begin_src nix :tangle system/kaladin/configuration.nix
 { config, pkgs, ... }:
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  nix = {
    extraOptions = "experimental-features = nix-command flakes";
    package = pkgs.nixFlakes;
  };
  # Use the systemd-boot EFI boot loader.
  boot.kernelPackages = pkgs.linuxPackages_zen;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  nixpkgs.config.allowUnfree = true;
  boot.kernelParams = [ "mem_sleep_default=deep" ];
  networking.hostName = "kaladin"; # Define your hostname.
  networking.networkmanager.enable = true;
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Set your time zone.
  time.timeZone = "America/Chicago";
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.enp0s31f6.useDHCP = true;
  networking.interfaces.wlp7s0.useDHCP = true;
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  # Set default shell to be dash for speed
  environment.binsh = "${pkgs.dash}/bin/dash";
  # NVIDIA
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.opengl.enable = true;
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  # Enable the Plasma 5 Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
  # Configure keymap in X11
  services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";
  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.printing.drivers = [ pkgs.gutenprint pkgs.gutenprintBin pkgs.hplipWithPlugin ]; 
  # Enabel fingerprint
  services.fprintd.enable = true;
  # Enable sound.
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    wireplumber.enable = true;
  };
  # Needed for some pipewire progs
  programs.dconf.enable = true;
  # Turn on flatpak
  services.flatpak.enable = true;
  services.usbmuxd.enable = true;
  services.fstrim.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  services.xserver.libinput.enable = true;
  #programs.fish.enable = true;
  programs.zsh.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.chris = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "input" ]; # Enable ‘sudo’ for the user.
    shell = pkgs.zsh;
  };
  programs.partition-manager.enable = true;
  programs.kdeconnect.enable = true;
  security.pam.services.kwallet = {
    name = "kwallet";
    enableKwallet = true;
  };
  security.pam.services.sddm.enableKwallet = true;
  virtualisation.waydroid.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim
    wget
    killall
    discover
    lightly-qt
    pinentry
    pinentry-qt
    unzip
    unrar
    p7zip
    zip
    gzip
    usbutils
    git
    ark
    kget
    krename
    kwallet-pam
    plasma5Packages.kwallet
    libimobiledevice
    sddm-kcm
    ydotool
    bottles
    qutebrowser
    exa mpv yt-dlp rofi-emoji
    nerdfonts latte-dock bat
    libsForQt5.bismuth bc libnotify
    rofi-wayland ripgrep
    sysstat procs papirus-icon-theme
    phinger-cursors plasma-hud kde-cli-tools
    macchina meson ninja cmake gnumake
    extra-cmake-modules gcc gzip 
    htop btop firefox kate kdialog openlp
    easyeffects libreoffice-fresh vlc
    neochat haskellPackages.greenclip
    pulsemixer any-nix-shell wtype
    spotdl kdenlive ffmpeg neofetch
    xdotool fennel blender
  ];
  # EMACS
  services.emacs.package = pkgs.emacsPgtkNativeComp;
  nixpkgs.overlays = [
    (import (builtins.fetchTarball {
      url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
      sha256 = "04dgvgsb0bg3k20j7y0y7yn7yks5cfgwmxhlbh6d9aa9asvnbzil";
    }))
  ];
  services.emacs.enable = true;
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
 }
 #+end_src
 And here is it's hardware config.
 #+begin_src nix :tangle system/kaladin/hardware-configuration.nix
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/nvme0n1p2";
      fsType = "btrfs";
      options = [ "subvol=root" "noatime" "ssd" "space_cache" "compress=zstd" ];
    };
  fileSystems."/home" =
    { device = "/dev/nvme0n1p2";
      fsType = "btrfs";
      options = [ "subvol=home" "noatime" "ssd" "space_cache" "compress=zstd" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/F9BD-D185";
      fsType = "vfat";
    };
  swapDevices = [ ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
 #+end_src
 Kaladin is still not fullly setup, so I'll be working on that more and more as time goes.
 * Thanks!
 * EXTRA
--- a/awesome/rubato
+++ b/awesome/rubato
@ -0,0 +1 @@
 Subproject commit 51b4f760c9601254f4817ac90441ccd1ad0a0616
--- a/flake.nix
+++ b/flake.nix
@ -1,5 +1,5 @@
 {
-  description = "A very basic flake";
+  description = "The Flake";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
@ -19,19 +19,6 @@
      lib = nixpkgs.lib;
    in  {
      # homeConfigurations = {
      #   chris = home-manager.lib.homeManagerConfiguration {
      #     inherit system pkgs username;
      #     homeDirectory = "/home/chris";
      #     configuration = {
      #       imports = [
      #         ./user/home.nix
      #       ];
      #     };
      #     stateVersion = "22.05";
      #   };
      # };
      nixosConfigurations = {
        syl = lib.nixosSystem {
          inherit system;
--- a/system/syl/configuration.nix
+++ b/system/syl/configuration.nix
@ -1,7 +1,3 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, callPackage, ... }:
 {
@ -42,8 +38,16 @@
  # Set default shell to be dash for speed
  environment.binsh = "${pkgs.dash}/bin/dash";
  hardware.uinput.enable = true;
  # Enable the X11 windowing system.
-  services.xserver.enable = true;
+  services.xserver = {
    enable = true;
    windowManager.awesome = {
      enable = true;
      package = pkgs.myAwesome;
    };
  };
  # Enable the Plasma 5 Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
@ -76,7 +80,6 @@
  # Turn on flatpak
  services.flatpak.enable = true;
  #NEWS!!!
  # Some other things
  services.thermald.enable = true;
  services.tlp = {
@ -84,8 +87,13 @@
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC="performance";
      CPU_SCALING_GOVERNOR_ON_BAT="powersave";
      CPU_ENERGY_PERF_POLICY_ON_AC="balance_performance";
      CPU_ENERGY_PERF_POLICY_ON_BAT="power";
      SCHED_POWERSAVE_ON_AC=0;
      SCHED_POWERSAVE_ON_BAT=1;
      START_CHARGE_THRESH_BAT1=70;
      STOP_CHARGE_THRESH_BAT1=80;
      USB_ALLOWLIST="32ac:0002";
    };
  };
@ -153,16 +161,32 @@
    neochat haskellPackages.greenclip
    pulsemixer any-nix-shell wtype
    spotdl kdenlive ffmpeg neofetch
-    xdotool 
+    xdotool fennel
  ];
  # EMACS
  services.emacs.package = pkgs.emacsPgtkNativeComp;
  nixpkgs.overlays = [
    (import (builtins.fetchTarball {
      url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
      sha256 = "1pd14gigm5bznzd8k88dq9scicw1zqknm87bnqmd0z556g9ir60f";
    }))
    (self: super:
      {
        myAwesome = super.awesome.overrideAttrs (old: rec {
          pname = "myAwesome";
          version = "git-20220508-c539e0e";
          src = super.fetchFromGitHub {
            owner = "awesomeWM";
            repo = "awesome";
            rev = "c539e0e4350a42f813952fc28dd8490f42d934b3";
            sha256 = "EDAL7NnLF2BiVI8DAlEciiZtDmwXOzCPypGTrlN/OoQ=";
          };
        });
      }
    )
  ];
  services.emacs.enable = true;
@ -194,4 +218,3 @@
  system.stateVersion = "21.11"; # Did you read the comment?
 }
--- a/system/syl/hardware-configuration.nix
+++ b/system/syl/hardware-configuration.nix
@ -1,6 +1,3 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
@ -10,8 +7,8 @@
  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" "acpi_call" ];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/500ad375-8fe0-4888-8f57-ee9d5ea1fd9f";
--- a/user/home.nix
+++ b/user/home.nix
@ -76,7 +76,7 @@
    IMAPAccount gmail
    Host imap.gmail.com
    User ccochrun21@gmail.com
-    Pass spveovqcgxpnaodn
+    PassCmd "rbw get gmail"
    AuthMechs LOGIN
    SSLType IMAPS
    SSLVersions SSLv3
@ -85,21 +85,21 @@
    IMAPAccount office
    Host outlook.office365.com
    User chris@tfcconnection.org
-    Pass Gr@$$B00ts#21
+    PassCmd "rbw get 'Office 365'"
    AuthMechs LOGIN
    SSLType IMAPS
    IMAPAccount outlook
    Host outlook.office365.com
    User chris.cochrun@outlook.com
-    Pass GrassR00ts21
+    PassCmd "rbw get outlook"
    AuthMechs LOGIN
    SSLType IMAPS
    IMAPAccount cochrun
    Host mail.cochrun.xyz
    User chris@cochrun.xyz
-    Pass Gr@$$B00ts#21
+    PassCmd "rbw get 'Office 365'"
    AuthMechs LOGIN
    SSLType IMAPS
    # SSLVersions SSLv3
@ -323,6 +323,11 @@
    recursive = true;
  };
  home.file.".config/awesome" = {
    source = ../awesome;
    recursive = true;
  };
  home.file."scripts" = {
    source = ../scripts;
    recursive = true;
		`@ -0,0 +1 @@`
							`Subproject commit 51b4f760c9601254f4817ac90441ccd1ad0a0616`