revamp with nix flakes + desktop config

37 files changed, 1378 insertions, 174 deletions

diff --git a/common/commandline.nix b/common/commandline.nix
index 36fae26..73dbb51 100644
--- a/common/commandline.nix
+++ b/common/commandline.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, pkgs, lib, ... }:
 
 with import ../lib/theme.nix { inherit lib; };
@@ -8,11 +10,11 @@ let
 in
 {
   imports = [
-    ./commandline/dircolors.nix
-    ./commandline/git.nix
-    ./commandline/htop.nix
-    ./commandline/tmux.nix
-    ./commandline/zsh.nix
+    (import ./commandline/dircolors.nix inputs)
+    (import ./commandline/git.nix inputs)
+    (import ./commandline/htop.nix inputs)
+    (import ./commandline/tmux.nix inputs)
+    (import ./commandline/zsh.nix inputs)
   ];
 
   environment.shellAliases = {
@@ -24,8 +26,6 @@ in
   programs.bash = {
     enableCompletion = true;
     interactiveShellInit = ''
-      eval "$(${pkgs.starship}/bin/starship init bash)"
-
       PATH="${pkgs.pazi}/bin:$PATH"
       eval "$(pazi init bash)"
     '';
@@ -42,67 +42,67 @@ in
   };
 
   security.sudo.extraConfig =
-  let
-    lectureFile = builtins.toFile "sudoers.lecture" ''
-    
-         ${dominantEscapeCode}"Bee" careful    __
-           ${dominantEscapeCode}with sudo!    // \
-                         \\_/ //
-       '''-.._.-'''-.._.. -(||)(')
-                         ''''
+    let
+      lectureFile = builtins.toFile "sudoers.lecture" ''
+        
+             ${dominantEscapeCode}"Bee" careful    __
+               ${dominantEscapeCode}with sudo!    // \
+                             \\_/ //
+           '''-.._.-'''-.._.. -(||)(')
+                             ''''
 
-    '';
-  in
+      '';
+    in
     ''
-    Defaults lecture = always
-    Defaults lecture_file = "${lectureFile}"
+      Defaults lecture = always
+      Defaults lecture_file = "${lectureFile}"
     '';
 
-    home-manager.users.minijackson = { ... }:
-    {
-      # TODO
-      xdg.configFile."starship.toml".text = ''
-        [directory]
-        fish_style_pwd_dir_length = 2
-        style = "bold blue"
-
-        [git_branch]
-        symbol = "branch "
+  home-manager.users.minijackson = { ... }: {
+    programs.bash.enable = true;
 
-        [git_status]
-        ahead = "^"
-        behind = "v"
-        deleted = "x"
-
-        [jobs]
-        symbol = "+ "
-
-        [package]
-        symbol = "version "
-        style = "bold green"
-        disabled = true
-
-        [rust]
-        symbol = "rust "
-        style = "bold dimmed yellow"
+    programs.bat = {
+      enable = true;
+      config = {
+        theme = "TwoDark";
+      };
+    };
 
-        [nix_shell]
-        style = "bold blue"
+    programs.pazi.enable = true;
 
-        [character]
-        symbol = ">"
-      '';
+    programs.starship = {
+      enable = true;
+      enableZshIntegration = false;
 
-      programs.bat = {
-        enable = true;
-        config = {
-          theme = "TwoDark";
+      settings = {
+        character.symbol = ">";
+        directory = {
+          fish_style_pwd_dir_length = 2;
+          style = "bold blue";
+        };
+        git_branch.symbol = "branch ";
+        git_status = {
+          ahead = "^";
+          behind = "v";
+          deleted = "x";
+        };
+        jobs.symbol = "+ ";
+        nix_shell.style = "bold blue";
+        package = {
+          disabled = true;
+          style = "bold green";
+          symbol = "version ";
+        };
+        rust = {
+          style = "bold dimmed yellow";
+          symbol = "rust ";
         };
       };
     };
+  };
 
-    home-manager.users.root = { ... }:
-    {
-      programs.bat = config.home-manager.users.minijackson.programs.bat;
-    };
+  home-manager.users.root = { ... }: {
+    programs.bash.enable = true;
+    programs.bat = lib.mkDefault config.home-manager.users.minijackson.programs.bat;
+  };
 }
diff --git a/common/commandline/dircolors.nix b/common/commandline/dircolors.nix
index 7ef3a4d..f7bdae1 100644
--- a/common/commandline/dircolors.nix
+++ b/common/commandline/dircolors.nix
@@ -1,4 +1,6 @@
-{ config, ... }:
+inputs:
+
+{ config, lib, ... }:
 
 {
   home-manager.users.minijackson = { ... }:
@@ -69,6 +71,7 @@
 
   home-manager.users.root = { ... }:
   {
-    programs.dircolors = config.home-manager.users.minijackson.programs.dircolors;
+    programs.dircolors =
+      lib.mkDefault config.home-manager.users.minijackson.programs.dircolors;
   };
 }
diff --git a/common/commandline/git.nix b/common/commandline/git.nix
index 597ef64..e231356 100644
--- a/common/commandline/git.nix
+++ b/common/commandline/git.nix
@@ -1,58 +1,61 @@
-{ config, pkgs, ... }:
+inputs:
+
+{ config, pkgs, lib, ... }:
 
 {
   # TODO: add signing
-  home-manager.users.minijackson = { ... }:
-  {
+  home-manager.users.minijackson = { ... }: {
     programs.git = {
       enable = true;
       package = pkgs.gitAndTools.gitFull;
       userEmail = "minijackson@riseup.net";
       userName = "Minijackson";
 
-      extraConfig = let
-        deltaCommand = "${pkgs.gitAndTools.delta}/bin/delta";
-      in {
-        core = {
-          whitespace = "trailing-space,space-before-tab";
-          pager = deltaCommand;
-          interactive.diffFilter = "${deltaCommand} --color-only";
-        };
-        merge = { tool = "nvimdiff"; };
-        "mergetool \"nvimdiff\"" = { cmd = "nvim -d \"$LOCAL\" \"$MERGED\" \"$REMOTE\""; };
-
-        delta = with config.theme.colors; {
-          features = "line-numbers decorations";
-          whitespace-error-style = "22 reverse";
-          decorations = {
-            minus-style = "normal red";
-            minus-non-emph-style = "normal red";
-            minus-emph-style = "normal brightred";
-            minus-empty-line-marker-style = "normal red";
-
-            plus-style = "reverse green";
-            plus-non-emph-style = "reverse green";
-            plus-emph-style = "reverse brightgreen";
-            plus-empty-line-marker-style = "reverse green";
-
-            whitespace-error-style = "reverse green";
-
-            line-numbers-minus-style = "brightred";
-            line-numbers-zero-style = "brightblack";
-            line-numbers-plus-style = "brightgreen";
-
-            file-style = "bright${dominantName}";
-            line-numbers-left-style = dominantName;
-            line-numbers-right-style = dominantName;
+      extraConfig =
+        let
+          deltaCommand = "${pkgs.gitAndTools.delta}/bin/delta";
+        in
+        {
+          core = {
+            whitespace = "trailing-space,space-before-tab";
+            pager = deltaCommand;
+            interactive.diffFilter = "${deltaCommand} --color-only";
+          };
+          merge = { tool = "nvimdiff"; };
+          "mergetool \"nvimdiff\"" = { cmd = "nvim -d \"$LOCAL\" \"$MERGED\" \"$REMOTE\""; };
+
+          delta = with config.theme.colors; {
+            features = "line-numbers decorations";
+            whitespace-error-style = "22 reverse";
+            decorations = {
+              minus-style = "normal red";
+              minus-non-emph-style = "normal red";
+              minus-emph-style = "normal brightred";
+              minus-empty-line-marker-style = "normal red";
+
+              plus-style = "reverse green";
+              plus-non-emph-style = "reverse green";
+              plus-emph-style = "reverse brightgreen";
+              plus-empty-line-marker-style = "reverse green";
+
+              whitespace-error-style = "reverse green";
+
+              line-numbers-minus-style = "brightred";
+              line-numbers-zero-style = "brightblack";
+              line-numbers-plus-style = "brightgreen";
+
+              file-style = "bright${dominantName}";
+              line-numbers-left-style = dominantName;
+              line-numbers-right-style = dominantName;
+            };
           };
-        };
 
-      };
+        };
     };
   };
 
-  home-manager.users.root = { ... }:
-  {
-    programs.git = config.home-manager.users.minijackson.programs.git;
+  home-manager.users.root = { ... }: {
+    programs.git =
+      lib.mkDefault config.home-manager.users.minijackson.programs.git;
   };
 }
diff --git a/common/commandline/htop.nix b/common/commandline/htop.nix
index f9732a6..95763a0 100644
--- a/common/commandline/htop.nix
+++ b/common/commandline/htop.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, ... }:
 
 {
diff --git a/common/commandline/tmux.nix b/common/commandline/tmux.nix
index aa4de9c..84d2cc8 100644
--- a/common/commandline/tmux.nix
+++ b/common/commandline/tmux.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, pkgs, ... } :
 
 let
diff --git a/common/commandline/zsh.nix b/common/commandline/zsh.nix
index 3376321..28899b1 100644
--- a/common/commandline/zsh.nix
+++ b/common/commandline/zsh.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, lib, pkgs, ... }:
 
 with import ../../lib/theme.nix { inherit lib; };
@@ -13,9 +15,6 @@ in
       source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
       is4 && xsource "${pkgs.grml-zsh-config}/etc/zsh/keephack"
 
-      PATH="${pkgs.pazi}/bin:$PATH"
-      eval "$(pazi init zsh)"
-
       source "${pkgs.zsh-history-substring-search}/share/zsh-history-substring-search/zsh-history-substring-search.zsh"
 
       function () {
@@ -30,8 +29,6 @@ in
         (mapAttrsToList
           (variable: value: "${variable}=\"${value}\"")
           config.programs.less.envVariables)}
-
-      #eval "$(${pkgs.starship}/bin/starship init zsh)"
     '';
 
     # otherwise it'll override the grml prompt
@@ -56,4 +53,18 @@ in
   };
 
   users.defaultUserShell = pkgs.zsh;
+
+  home-manager.users.minijackson = { ... }: {
+    # Allows zsh config from home-manager
+    programs.zsh = {
+      enable = true;
+      # Completion is already handled by the GRML conf
+      enableCompletion = false;
+    };
+  };
+
+  home-manager.users.root = { ... }: {
+    programs.zsh =
+      lib.mkDefault config.home-manager.users.minijackson.programs.zsh;
+  };
 }
diff --git a/common/default.nix b/common/default.nix
index fc9086b..d4e2e39 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -1,11 +1,21 @@
-{ ... }:
+inputs:
+
+{ config, ... }:
 
 {
   imports = [
-    <home-manager/nixos>
-    ./commandline.nix
-    ./theme.nix
-    ./tinc.nix
-    ./vim.nix
+    (import ./commandline.nix inputs)
+    (import ./localization.nix inputs)
+    (import ./nix.nix inputs)
+    (import ./ssh.nix inputs)
+    (import ./theme.nix inputs)
+    (import ./tinc.nix inputs)
+    (import ./vim.nix inputs)
+  ];
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      unstable = inputs.nixpkgs-unstable.legacyPackages.${config.nixpkgs.system};
+    })
   ];
 }
diff --git a/common/localization.nix b/common/localization.nix
new file mode 100644
index 0000000..958b36e
--- /dev/null
+++ b/common/localization.nix
@@ -0,0 +1,11 @@
+inputs:
+
+{ ... }:
+
+{
+  time.timeZone = "Europe/Paris";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = { LC_TIME = "en_DK.UTF-8"; };
+  };
+}
diff --git a/common/nix.nix b/common/nix.nix
new file mode 100644
index 0000000..f16e1d9
--- /dev/null
+++ b/common/nix.nix
@@ -0,0 +1,19 @@
+inputs:
+
+{ pkgs, ... }:
+
+{
+  nix = {
+    autoOptimiseStore = true;
+    gc = {
+      automatic = true;
+      dates = "03:15";
+      options = "--delete-older-than 30d";
+    };
+
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+}
diff --git a/common/ssh.nix b/common/ssh.nix
new file mode 100644
index 0000000..8bdabc2
--- /dev/null
+++ b/common/ssh.nix
@@ -0,0 +1,15 @@
+inputs:
+
+{ config, pkgs, modulesPath, lib, ... }:
+
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
+}
diff --git a/common/theme.nix b/common/theme.nix
index 675bc33..cadd65d 100644
--- a/common/theme.nix
+++ b/common/theme.nix
@@ -5,6 +5,8 @@
 # - https://github.com/morhetz/gruvbox
 # - https://github.com/morhetz/gruvbox-contrib
 
+inputs:
+
 { config, lib, ... }:
 
 with lib;
diff --git a/common/tinc.nix b/common/tinc.nix
index d86b19c..e06bd27 100644
--- a/common/tinc.nix
+++ b/common/tinc.nix
@@ -1,11 +1,15 @@
+inputs:
+
 { config, lib, ... }:
 
 with lib;
 with builtins;
-let
-  networks = attrNames (readDir ./tinc/private);
-in {
-  imports = map (network: (./tinc/private + "/${network}")) networks;
+{
+  imports = [
+    (inputs.nixpkgs-unstable.outPath + "/nixos/modules/services/networking/tinc.nix")
+  ];
+
+  disabledModules = [ "services/networking/tinc.nix" ];
 
   options.topology = {
     mainVpn = {
@@ -27,16 +31,33 @@ in {
   };
 
   config = {
-    services.tinc.networks = genAttrs networks (network: {
-      name = config.networking.hostName;
-
-      hosts = let
-        hosts = attrNames (readDir (./tinc/private + "/${network}/hosts"));
-        config = hostname: readFile (./tinc/private + "/${network}/hosts/${hostname}");
-      in genAttrs hosts config;
-    });
+    # Tinc configuration is in downstream repo
 
     networking.firewall.allowedUDPPorts = [ 655 ];
     networking.firewall.allowedTCPPorts = [ 655 ];
+
+    networking.hosts =
+      with builtins;
+      with lib;
+      let
+        networks = config.services.tinc.networks;
+        hosts = (flatten
+          (mapAttrsToList
+            (name: network: mapAttrsToList
+              (host: settings: {
+                host = "${host}.${name}.vpn";
+                addresses = map (subnet: subnet.address) settings.subnets;
+              })
+              network.hostSettings)
+            networks));
+
+        addresses =
+          zipAttrs
+            (flatten
+              (forEach hosts ({ host, addresses }:
+                (forEach addresses (address:
+                  { "${address}" = host; })))));
+      in
+      addresses;
   };
 }
diff --git a/common/vim.nix b/common/vim.nix
index 821d43b..aa74a39 100644
--- a/common/vim.nix
+++ b/common/vim.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, pkgs, lib, ... }:
 
 let myNeovim = (pkgs.neovim.override {
diff --git a/configuration.nix b/configuration.nix
index 1a5530f..b95c631 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,28 +1,15 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+inputs:
 
-{ config, pkgs, modulesPath, ... }:
+{ config, pkgs, modulesPath, lib, ... }:
 
-{
+let
+  optionalImport = path:
+    lib.optional (builtins.pathExists path) path;
+in {
   imports = [
-    ./hardware-configuration.nix
-    ./host-secret.nix
-    ./common/default.nix
+    (import ./common/default.nix inputs)
   ];
 
-  # Set your time zone.
-  time.timeZone = "Europe/Paris";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  # };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
     wget
     vim tmux
@@ -36,37 +23,11 @@
     shellcheck
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    passwordAuthentication = false;
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
   users.extraUsers.minijackson = {
     isNormalUser = true;
     extraGroups = [ "users" "wheel" ];
     openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmyjB5yuU8GK3ZVFznELVEwXN7zzjQJcPYZ89YCGTANjPHpHxZv5R9/kgjTtIKrqqHdTvfr8V8sao9Nr7PhtcV9UywrFn+kplyGf9WDl2oDF9eZprX3beR9zwDj/YIcFRx3wXk4JK/ioZJjcVZ3+xWPixiFplvHIyMsTjKfgRplntHpvoyLM8vURjLOCdPr6SRPReVXuSR2DRlVO7q7y+4FwA1FKAndg9YACoM1g2bEJ6eGyCPp2kFde+GvMv1y6FlBS1OFddGmBpUJzJ4mQ4ebqDVFsKQMx1xCkiz0l7tfVpXqXToHF+baTESEKbC4654PunD99BC0J4otHKrerdmX0HdTgHKtAnslSwRD5NZVAojk/CR3DiSQYFSO9OhFVjHNQsc1zpoKPtJYMe1ax3pcvc+XLCrKLUdHH8x9rVGefZXwIyLrrGrB7fVlyIyX7j04dNALQZiuFOKCInaYypVLHLy0k+buhQlVqKCS6N1xP5O6JiWUKXFYYyoRmSoX9+bfPiwsMrPL+rYXkee0K67BI1NiFAYPmdFFM0jtdFaYuvgEAWw7b9WyWyO/JAdHRwtlqfAqraPBrb4sldvQfLBm8RdORBYMaVbg4EUKMOJjIeAAK+7xWPtg2XeJNnsje/IsWaVXIBx2IAC50uAnIZ/ksw5lyAZP+HyGIHhCAQChQ== minijackson@riseup.net"];
   };
 
-  nix = {
-    autoOptimiseStore = true;
-    gc = {
-      automatic = true;
-      dates = "03:15";
-      options = "--delete-older-than 30d";
-    };
-  };
-
   system.autoUpgrade.enable = true;
 }
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..c0fde98
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,82 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1618217525,
+        "narHash": "sha256-WGrhVczjXTiswQaoxQ+0PTfbLNeOQM6M36zvLn78AYg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c6169a2772643c4a93a0b5ac1c61e296cba68544",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1617824794,
+        "narHash": "sha256-UGkvzx0nIXHhNq/KwJLjXvKAQRE2V33MuX+UirvqrkQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-20.09",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1618750622,
+        "narHash": "sha256-AfRXbXH1t7WgDiHt+CWofoLuy12nfFTY4pZoGfPueQo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b2a189a8618fc1ba61593016fe5699b38971b89f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-20.09",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1618755104,
+        "narHash": "sha256-boqugaFW1nRuyu0w774WGgaaCEfCxn0Nf8z8GJziVmU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5a333c5f091b88007caf1041bbb651867a449c5a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..4c31b37
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,110 @@
+{
+  description = "My NixOS configurations";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/release-20.09";
+  inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.home-manager = {
+    url = "github:nix-community/home-manager/release-20.09";
+    inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager }: {
+
+    nixosModules = {
+      default = { ... }: {
+        imports = [
+          home-manager.nixosModules.home-manager
+          (import ./configuration.nix inputs)
+        ];
+      };
+
+      test = { config, ... }: {
+        imports = [ self.nixosModules.default ];
+
+        home-manager.users.minijackson.home.stateVersion = "20.09";
+        home-manager.users.root.home.stateVersion = "20.09";
+
+        users.users.minijackson.initialHashedPassword = "";
+        users.users.root.initialHashedPassword = "";
+
+        topology.mainVpn = {
+          interfaceName = "tinc.testNet";
+          subnet = "fd1f:340c:c5eb:9b18::/64";
+          currentNodeIP = "fd1f:340c:c5eb:9b18::1";
+        };
+
+        services.tinc.networks.testNet = { };
+
+        # TODO: automate that? {{{
+        networking.interfaces."tinc.testNet" = {
+          virtual = true;
+          virtualType = "tun";
+          ipv6.addresses = [{
+            address = config.topology.mainVpn.currentNodeIP;
+            prefixLength = 64;
+          }];
+        };
+
+        systemd.services."tinc.testNet" = {
+          after = [ "network-addresses-tinc.testNet.service" ];
+          requires = [ "network-addresses-tinc.testNet.service" ];
+        };
+        # }}}
+      };
+
+      usecases.common = {
+        backupClient = (import ./usecases/common/backup-client.nix inputs);
+      };
+
+      usecases.desktop = {
+        default = (import ./usecases/desktop/default.nix inputs);
+      };
+
+      usecases.server = {
+        default = (import ./usecases/server/default.nix inputs);
+        fail2ban = (import ./usecases/server/fail2ban.nix inputs);
+        monitoringTarget = (import ./usecases/server/monitoring-target.nix inputs);
+      };
+
+      profiles = {
+        desktop = (import ./profiles/desktop.nix inputs);
+        server = (import ./profiles/server.nix inputs);
+      };
+    };
+
+    nixosConfigurations = {
+      testDefault = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          self.nixosModules.test
+        ];
+      };
+
+      testDesktop = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          self.nixosModules.test
+          self.nixosModules.profiles.desktop
+          ({ modulesPath, ... }: {
+            imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
+
+            virtualisation = {
+              memorySize = 2048;
+              cores = 3;
+            };
+          })
+        ];
+      };
+
+      testServer = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          self.nixosModules.test
+          self.nixosModules.profiles.server
+        ];
+      };
+    };
+
+  };
+}
diff --git a/profiles/desktop.nix b/profiles/desktop.nix
new file mode 100644
index 0000000..2546b76
--- /dev/null
+++ b/profiles/desktop.nix
@@ -0,0 +1,35 @@
+inputs:
+
+{ pkgs, ... }:
+
+{
+  imports = [
+    inputs.self.nixosModules.usecases.desktop.default
+  ];
+
+  users.extraUsers.minijackson.packages = with pkgs; [
+    pass
+    tmuxp
+    taskwarrior
+    tokei
+    neofetch
+    ffmpeg
+    youtube-dl
+    pavucontrol
+    pandoc
+    poppler_utils
+    # TODO: on development workstation
+    /*
+    rr
+    rtags
+    gcc
+    clang
+    clang-tools
+    */
+    aspell
+    aspellDicts.en
+    aspellDicts.en-computers
+    aspellDicts.en-science
+    aspellDicts.fr
+  ];
+}
diff --git a/profiles/server.nix b/profiles/server.nix
index 3084d26..ec4b1c6 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -1,9 +1,13 @@
+inputs:
+
 { modulesPath, ... }:
 
 {
   imports = [
     (modulesPath + "/profiles/headless.nix")
     (modulesPath + "/profiles/hardened.nix")
+
+    inputs.self.nixosModules.usecases.server.default
   ];
 
 }
diff --git a/res/wallpapers/wallpaper-1920x1080-gnu-linux-card-black.png b/res/wallpapers/wallpaper-1920x1080-gnu-linux-card-black.png
new file mode 100644
index 0000000..ebc37e8
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-gnu-linux-card-black.png
diff --git a/res/wallpapers/wallpaper-1920x1080-install-gentoo.png b/res/wallpapers/wallpaper-1920x1080-install-gentoo.png
new file mode 100644
index 0000000..bf2b8c2
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-install-gentoo.png
diff --git a/res/wallpapers/wallpaper-1920x1080-kali-dragon.png b/res/wallpapers/wallpaper-1920x1080-kali-dragon.png
new file mode 100644
index 0000000..da384f3
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-kali-dragon.png
diff --git a/res/wallpapers/wallpaper-1920x1080-kernel-card-black.png b/res/wallpapers/wallpaper-1920x1080-kernel-card-black.png
new file mode 100644
index 0000000..33758f7
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-kernel-card-black.png
diff --git a/res/wallpapers/wallpaper-1920x1080-kill-card-black.png b/res/wallpapers/wallpaper-1920x1080-kill-card-black.png
new file mode 100644
index 0000000..30d06ec
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-kill-card-black.png
diff --git a/res/wallpapers/wallpaper-1920x1080-root-card-black.png b/res/wallpapers/wallpaper-1920x1080-root-card-black.png
new file mode 100644
index 0000000..7691360
--- /dev/null
+++ b/res/wallpapers/wallpaper-1920x1080-root-card-black.png
diff --git a/usecases/common/backup-client.nix b/usecases/common/backup-client.nix
index 39e4ca1..a9acd7a 100644
--- a/usecases/common/backup-client.nix
+++ b/usecases/common/backup-client.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, lib, ... }:
 
 with lib;
diff --git a/usecases/desktop/default.nix b/usecases/desktop/default.nix
new file mode 100644
index 0000000..8b6687a
--- /dev/null
+++ b/usecases/desktop/default.nix
@@ -0,0 +1,11 @@
+# A reasonable set of defaults for desktop
+
+inputs:
+
+{ ... }:
+
+{
+  imports = [
+    (import ./graphical.nix inputs)
+  ];
+}
diff --git a/usecases/desktop/graphical.nix b/usecases/desktop/graphical.nix
new file mode 100644
index 0000000..29b2db6
--- /dev/null
+++ b/usecases/desktop/graphical.nix
@@ -0,0 +1,73 @@
+inputs:
+
+{ pkgs, ... }:
+
+{
+  imports = [
+    (import ./pipewire.nix inputs)
+
+    (import ./graphical/alacritty.nix inputs)
+    (import ./graphical/mpv.nix inputs)
+    (import ./graphical/rofi.nix inputs)
+    (import ./graphical/sway.nix inputs)
+    (import ./graphical/waybar.nix inputs)
+    (import ./graphical/zathura.nix inputs)
+  ];
+
+  fonts = {
+    enableDefaultFonts = true;
+    fonts = with pkgs; [
+      fira
+      fira-mono
+      dejavu_fonts
+      freefont_ttf
+      liberation_ttf
+      noto-fonts-cjk
+      #fira-mono-italic
+      lmodern
+      # Symbols
+      unifont
+      siji
+      font-awesome_5
+      #joypixels
+      # Collections
+      league-of-moveable-type
+    ];
+
+    fontconfig = {
+      #ultimate.enable = true;
+
+      defaultFonts = {
+        serif = [ "DejaVu Serif" ];
+        sansSerif = [ "DejaVu Sans" ];
+        monospace = [ "Fira Mono" ];
+        #emoji = [ "JoyPixels" ];
+      };
+    };
+  };
+
+  hardware.opengl.enable = true;
+  programs.dconf.enable = true;
+
+  xdg = {
+    sounds.enable = true;
+    portal = {
+      enable = true;
+      extraPortals = with pkgs; [
+        xdg-desktop-portal-gtk
+      ];
+      gtkUsePortal = true;
+    };
+  };
+
+  # For KDEConnect
+  networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
+  networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }];
+
+  home-manager.users.minijackson = {
+    services.kdeconnect = {
+      enable = true;
+      indicator = true;
+    };
+  };
+}
diff --git a/usecases/desktop/graphical/alacritty.nix b/usecases/desktop/graphical/alacritty.nix
new file mode 100644
index 0000000..3e5795b
--- /dev/null
+++ b/usecases/desktop/graphical/alacritty.nix
@@ -0,0 +1,49 @@
+inputs:
+
+{ config, ... }:
+
+{
+  home-manager.users.minijackson.programs.alacritty = {
+    enable = true;
+    settings = {
+      window = {
+        padding.x = 2;
+        padding.y = 2;
+      };
+
+      font = {
+        size = 8.0;
+        italic.style = "Regular Italic";
+      };
+
+      colors = with config.theme.colors; {
+        primary.background = softBackground;
+        primary.foreground = foreground;
+
+        normal = {
+          black = background;
+          # TODO: bright white is same
+          #white = "0xa89984";
+          white = foreground;
+          red = neutralRed;
+          green = neutralGreen;
+          yellow = neutralYellow;
+          blue = neutralBlue;
+          magenta = neutralMagenta;
+          cyan = neutralCyan;
+        };
+
+        bright = {
+          black = dimForeground;
+          white = foreground;
+          red = brightRed;
+          green = brightGreen;
+          yellow = brightYellow;
+          blue = brightBlue;
+          magenta = brightMagenta;
+          cyan = brightCyan;
+        };
+      };
+    };
+  };
+}
diff --git a/usecases/desktop/graphical/mpv.nix b/usecases/desktop/graphical/mpv.nix
new file mode 100644
index 0000000..381b893
--- /dev/null
+++ b/usecases/desktop/graphical/mpv.nix
@@ -0,0 +1,16 @@
+inputs:
+
+{ pkgs, ... }:
+
+{
+  home-manager.users.minijackson.programs.mpv = {
+    enable = true;
+    config = {
+      hwdec = "auto";
+      profile = "gpu-hq";
+    };
+    # TODO: for 21.05
+    #defaultProfiles = [ "gpu-hq" ];
+    scripts = with pkgs.mpvScripts; [ mpris sponsorblock ];
+  };
+}
diff --git a/usecases/desktop/graphical/rofi.nix b/usecases/desktop/graphical/rofi.nix
new file mode 100644
index 0000000..0013f5c
--- /dev/null
+++ b/usecases/desktop/graphical/rofi.nix
@@ -0,0 +1,102 @@
+inputs:
+
+{ config, ... }:
+
+{
+  home-manager.users.minijackson.programs.rofi = {
+    enable = true;
+
+    # TODO: there is a better way
+    theme = with config.theme.colors; builtins.toFile "theme.rasi" ''
+      * {
+        dominant: ${dominant};
+
+        foreground: ${foreground};
+        dim-foreground: ${dimForeground};
+
+        text-color: @foreground;
+        border-color: @dim-foreground;
+
+        background-color: ${background};
+        light-background: ${lightBackground};
+      }
+
+      #window {
+        padding: 8px;
+
+        border:  1px solid;
+        background-color: @background;
+      }
+
+      #mainbox {
+        border:  0;
+        padding: 0;
+      }
+
+      #inputbar {
+        spacing: 0;
+        padding: 5px;
+        border: 0 0 1px 0;
+        margin: 0 0 8px 0;
+        children: [ prompt, textbox-prompt-sep, entry ];
+      }
+
+      #prompt {
+        background-color: @background;
+        text-color: @dim-foreground;
+      }
+
+      textbox-prompt-sep {
+        expand: false;
+        str: ":";
+        text-color: @dim-foreground;
+        margin: 0 8px 0 0;
+      }
+
+      #message {
+        spacing: 0;
+        padding: 5px;
+        border: 0 0 1px 0;
+        margin: 0 0 8px 0;
+      }
+
+      #listview {
+        spacing: 0;
+      }
+
+      #element {
+        border:  0;
+        padding: 5px;
+
+        background-color: @background;
+      }
+
+      #element.selected.normal {
+        background-color: @dominant;
+      }
+
+      #element.urgent {
+        background-color: ${fadedRed};
+      }
+
+      #element.selected.urgent {
+        background-color: ${neutralRed};
+      }
+
+      #element.active {
+        background-color: ${dimForeground};
+        text-color: ${background};
+      }
+
+      #element.selected.active {
+        background-color: ${foreground};
+        text-color: ${background};
+      }
+
+      #scrollbar {
+        width: 4px;
+        handle-width: 8px;
+      }
+    '';
+  };
+}
diff --git a/usecases/desktop/graphical/sway.nix b/usecases/desktop/graphical/sway.nix
new file mode 100644
index 0000000..6c5b2ed
--- /dev/null
+++ b/usecases/desktop/graphical/sway.nix
@@ -0,0 +1,263 @@
+inputs:
+
+{ config, lib, pkgs, system, ... }:
+let
+  globalConfig = config;
+in
+{
+  home-manager.users.minijackson = { config, ... }: {
+    wayland.windowManager.sway = {
+      enable = true;
+
+      extraSessionCommands = ''
+        # https://github.com/emersion/xdg-desktop-portal-wlr/issues/20
+        export XDG_CURRENT_DESKTOP=sway
+        # https://github.com/emersion/xdg-desktop-portal-wlr/pull/11
+        export XDG_SESSION_TYPE=wayland
+
+        export SDL_VIDEODRIVER=wayland
+
+        export QT_QPA_PLATFORM=wayland
+        export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
+      '';
+
+      # Implemented below in startup, due to global import-environment failing
+      # when not specifying variables.
+      #
+      # TODO: make PR
+      #systemdIntegration = true;
+      wrapperFeatures.gtk = true;
+
+      config = {
+        # Using waybar
+        bars = [ ];
+
+        bindkeysToCode = true;
+
+        colors = with globalConfig.theme.colors; {
+          focused = {
+            border = lightBackground;
+            background = lightBackground;
+            text = foreground;
+            indicator = dominant;
+            childBorder = dominant;
+          };
+
+          focusedInactive = {
+            border = background;
+            background = background;
+            text = dimForeground;
+            indicator = dominant;
+            childBorder = background;
+          };
+
+          unfocused = {
+            border = background;
+            background = background;
+            text = dimForeground;
+            indicator = dominant;
+            childBorder = background;
+          };
+
+          urgent = {
+            border = brightRed;
+            background = brightRed;
+            text = foreground;
+            indicator = brightRed;
+            childBorder = brightRed;
+          };
+
+          placeholder = {
+            border = background0;
+            background = background0;
+            text = foreground;
+            indicator = background0;
+            childBorder = background0;
+          };
+        };
+
+        floating.criteria = [
+          { title = "Steam - News"; }
+        ];
+
+        input = {
+          "1:1:AT_Translated_Set_2_keyboard" = {
+            xkb_layout = "fr";
+            xkb_variant = "oss";
+            xkb_options = "compose:caps";
+            xkb_numlock = "enabled";
+          };
+
+          "1452:514:Alps_Electric_M2452" = {
+            xkb_layout = "fr";
+            xkb_variant = "oss";
+            xkb_options = "compose:caps,lv3:rwin_switch";
+            xkb_numlock = "enabled";
+          };
+
+          "7764:8240:TypeMatrix.com_USB_Keyboard" = {
+            xkb_layout = "dvorak";
+            xkb_options = "eurosign:e,compose:caps";
+          };
+
+
+          "1133:49948:Logitech_USB_Keyboard" = {
+            xkb_layout = "fr";
+            xkb_variant = "oss";
+            xkb_options = "eurosign:e,compose:caps";
+            xkb_numlock = "enabled";
+          };
+
+          "1102:4639:DELL0817:00_044E:121F_Mouse" = {
+            scroll_method = "on_button_down";
+            scroll_button = "button2";
+          };
+        };
+
+        keybindings =
+          let
+            modifier = config.wayland.windowManager.sway.config.modifier;
+          in
+          lib.mkOptionDefault {
+            "${modifier}+ampersand" = "workspace 1";
+            "${modifier}+eacute" = "workspace 2";
+            "${modifier}+quotedbl" = "workspace 3";
+            "${modifier}+apostrophe" = "workspace 4";
+            "${modifier}+parenleft" = "workspace 5";
+            "${modifier}+minus" = "workspace 6";
+            "${modifier}+egrave" = "workspace 7";
+            "${modifier}+underscore" = "workspace 8";
+            "${modifier}+ccedilla" = "workspace 9";
+            "${modifier}+agrave" = "workspace 10";
+
+            "${modifier}+Shift+ampersand" = "move container to workspace 1";
+            "${modifier}+Shift+eacute" = "move container to workspace 2";
+            "${modifier}+Shift+quotedbl" = "move container to workspace 3";
+            "${modifier}+Shift+apostrophe" = "move container to workspace 4";
+            "${modifier}+Shift+parenleft" = "move container to workspace 5";
+            "${modifier}+Shift+minus" = "move container to workspace 6";
+            "${modifier}+Shift+egrave" = "move container to workspace 7";
+            "${modifier}+Shift+underscore" = "move container to workspace 8";
+            "${modifier}+Shift+ccedilla" = "move container to workspace 9";
+            "${modifier}+Shift+agrave" = "move container to workspace 10";
+
+            "${modifier}+m" = "exec ${pkgs.swaylock}/bin/swaylock";
+          };
+
+        menu = ''
+          ${pkgs.rofi}/bin/rofi -show drun -terminal ${pkgs.alacritty}/bin/alacritty
+        '';
+
+        modifier = "Mod4";
+
+        output."*".bg =
+          "${../../../res/wallpapers/wallpaper-1920x1080-kernel-card-black.png} fill";
+
+        startup = [
+          { command = "${pkgs.mako}/bin/mako"; always = true; }
+          {
+            command = "systemctl --user import-environment ${
+              builtins.toString (lib.unique config.xsession.importedVariables)
+            }; systemctl --user start sway-session.target";
+          }
+        ];
+
+        terminal = "${pkgs.alacritty}/bin/alacritty";
+
+        window = {
+          border = 2;
+          hideEdgeBorders = "smart";
+          titlebar = true;
+        };
+      };
+    };
+
+    # TODO: 21.05
+    /*
+    services.wlsunset = {
+      enable = true;
+      latitude = "48.864716";
+      longitude = "2.349014";
+      # Reduce blue light anyways
+      temperature = {
+        day = 4000;
+        night = 2500;
+      };
+      systemdTarget = "sway-session.target";
+    };
+    */
+
+    # TODO: upstream a PR to beautify this
+    xdg.configFile."swaylock/config".text = with globalConfig.theme.colors; ''
+      ignore-empty-password
+      image=${../../../res/wallpapers/wallpaper-1920x1080-install-gentoo.png}
+
+      font=monospace
+
+      inside-color=${lib.removePrefix "#" dominant}dd
+      inside-clear-color=${lib.removePrefix "#" neutralOrange}dd
+      inside-ver-color=${lib.removePrefix "#" neutralOrange}dd
+      inside-wrong-color=${lib.removePrefix "#" neutralRed}dd
+
+      key-hl-color=${lib.removePrefix "#" brightGreen}ee
+      bs-hl-color=${lib.removePrefix "#" neutralRed}ee
+
+      line-color=${lib.removePrefix "#" background}ee
+      line-clear-color=${lib.removePrefix "#" background}ee
+      line-ver-color=${lib.removePrefix "#" background}ee
+      line-wrong-color=${lib.removePrefix "#" background}ee
+
+      ring-color=${lib.removePrefix "#" dominant}ee
+      ring-clear-color=${lib.removePrefix "#" brightOrange}ee
+      ring-ver-color=${lib.removePrefix "#" brightOrange}ee
+      ring-wrong-color=${lib.removePrefix "#" brightRed}ee
+
+      separator-color=${lib.removePrefix "#" background}ee
+
+      text-color=${lib.removePrefix "#" background}ff
+      text-clear-color=${lib.removePrefix "#" background}ff
+      text-ver-color=${lib.removePrefix "#" background}ff
+      text-wrong-color=${lib.removePrefix "#" background}ff
+
+      indicator-radius=75
+      indicator-thickness=10
+    '';
+
+    xsession.importedVariables = [
+      "DBUS_SESSION_BUS_ADDRESS"
+      "DISPLAY"
+      "SSH_AUTH_SOCK"
+      "XAUTHORITY"
+      "XDG_DATA_DIRS"
+      "XDG_RUNTIME_DIR"
+      "XDG_SESSION_ID"
+
+      "WAYLAND_DISPLAY"
+      "SWAYSOCK"
+      "I3SOCK"
+
+      "XDG_CURRENT_DESKTOP"
+      "XDG_SESSION_TYPE"
+    ];
+
+    systemd.user.targets.sway-session = {
+      Unit = {
+        Description = "sway compositor session";
+        Documentation = [ "man:systemd.special(7)" ];
+        BindsTo = [ "graphical-session.target" ];
+        Wants = [ "graphical-session-pre.target" ];
+        After = [ "graphical-session-pre.target" ];
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ qt5.qtwayland ];
+
+  # TODO: in 21.05
+  #programs.xwayland.enable = true;
+  security.pam.services.swaylock = { };
+
+  xdg.portal.extraPortals = with pkgs; [
+    unstable.xdg-desktop-portal-wlr
+  ];
+}
diff --git a/usecases/desktop/graphical/waybar.nix b/usecases/desktop/graphical/waybar.nix
new file mode 100644
index 0000000..dca43a2
--- /dev/null
+++ b/usecases/desktop/graphical/waybar.nix
@@ -0,0 +1,288 @@
+inputs:
+
+{ config, lib, pkgs, ... }:
+
+{
+  home-manager.users.minijackson = {
+    programs.waybar = {
+      enable = true;
+
+      settings = [{
+        layer = "top";
+        position = "bottom";
+        height = 25;
+
+        modules-left = [ "sway/workspaces" "sway/mode" ];
+        modules-center = [ "mpd" ];
+        modules-right = [
+          "idle_inhibitor"
+          "pulseaudio"
+          "network#eth"
+          "network#wlan"
+          "cpu"
+          "memory"
+          "temperature"
+          "backlight"
+          "battery"
+          "clock"
+          "tray"
+        ];
+
+        modules = {
+          mpd = {
+            format = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S}) <span font_desc='Font Awesome 5 Free'></span>";
+            format-stopped = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped <span font_desc='Font Awesome 5 Free'></span>";
+            format-disconnected = "Disconnected <span font_desc='Font Awesome 5 Free'></span>";
+
+            on-click-middle = "${pkgs.alacritty}/bin/alacritty --command ncmpcpp";
+
+            consume-icons = {
+              on = " ";
+            };
+
+            random-icons = {
+              on = " ";
+            };
+
+            repeat-icons = {
+              on = " ";
+            };
+
+            single-icons = {
+              on = "1 ";
+            };
+
+            state-icons = {
+              playing = "";
+              paused = "";
+            };
+          };
+
+          idle_inhibitor = {
+            format = "{icon}";
+            format-icons = {
+              activated = "";
+              deactivated = "";
+            };
+          };
+
+          clock = {
+            tooltip-format = "{:%Y-%m-%d | %H:%M}";
+            format-alt = "{:%Y-%m-%d}";
+          };
+
+          cpu = { format = "{usage}% "; };
+
+          memory = { format = "{}% "; };
+
+          battery = {
+            states = { good = 90; };
+            format = "{capacity}% {icon}";
+            format-icons = [
+              "<span font_desc='Font Awesome 5 Free'></span>"
+              "<span font_desc='Font Awesome 5 Free'></span>"
+              "<span font_desc='Font Awesome 5 Free'></span>"
+              "<span font_desc='Font Awesome 5 Free'></span>"
+              "<span font_desc='Font Awesome 5 Free'></span>"
+            ];
+          };
+
+          "network#eth" = {
+            interface = "enp*";
+            format-ethernet = "{ipaddr}/{cidr} ";
+            format-disconnected = "Disconnected ";
+          };
+
+          "network#wlan" = {
+            interface = "wlp*";
+            format-wifi = "{essid} ({signalStrength}%) <span font_desc='Font Awesome 5 Free'></span>";
+            format-disconnected = "Disconnected <span font_desc='Font Awesome 5 Free'></span>";
+            tooltip = true;
+            tooltip-format-wifi = "{ipaddr}/{cidr}";
+          };
+
+          temperature = {
+            hwmon-path = "/sys/class/hwmon/hwmon0/temp1_input";
+            format = "{temperatureC} °C ";
+          };
+
+          backlight = {
+            format = "{percent}% <span font_desc='Font Awesome 5 Free'>{icon}</span>";
+            format-icons = [ "" "" ];
+          };
+
+          pulseaudio = {
+            format = "{volume}% {icon}";
+            format-bluetooth = "{volume}% {icon}";
+            format-muted = "";
+            format-icons = {
+              headphones = "";
+              handsfree = "";
+              headset = "";
+              phone = "";
+              portable = "";
+              car = "";
+              default = [ "" "" ];
+            };
+            on-click = "pavucontrol";
+          };
+        };
+      }];
+
+      style = with config.theme.colors; ''
+        * {
+            border: none;
+            border-radius: 0;
+            font-family: mono;
+            font-size: 11px;
+            min-height: 0;
+        }
+
+        window#waybar {
+            background: ${background};
+            border-bottom: 3px solid ${lightBackground};
+            color: ${foreground};
+        }
+
+        /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
+        #workspaces button {
+            padding: 0 5px;
+            background: transparent;
+            color: ${foreground};
+            border-bottom: 3px solid transparent;
+        }
+
+        #workspaces button.focused {
+            background: ${dominant};
+            border-bottom: 3px solid ${foreground};
+        }
+
+        #mode {
+            background: ${lightBackground};
+            border-bottom: 3px solid ${foreground};
+        }
+
+        #clock, #battery, #cpu, #memory, #temperature, #backlight, #network, #pulseaudio, #custom-mpd, #mpd, #tray, #mode, #idle_inhibitor {
+            padding: 0 10px;
+            margin: 0 5px;
+        }
+
+        #clock {
+            background-color: ${neutralMagenta};
+            color: ${background};
+        }
+
+        #battery {
+            background-color: ${neutralYellow};
+            color: ${background};
+        }
+
+        /*
+        #battery.charging {
+            color: ${foreground};
+            background-color: #26A65B;
+        }
+        */
+
+        @keyframes blink {
+            to {
+                background-color: ${foreground};
+                color: ${background};
+            }
+        }
+
+        #battery.critical:not(.charging) {
+            background: ${fadedRed};
+            color: ${foreground};
+            animation-name: blink;
+            animation-duration: 0.5s;
+            animation-timing-function: linear;
+            animation-iteration-count: infinite;
+            animation-direction: alternate;
+        }
+
+        #cpu {
+            background: ${neutralOrange};
+            color: ${background};
+        }
+
+        #memory {
+            background: ${brightBlue};
+            color: ${background};
+        }
+
+        #backlight {
+            background: ${background6};
+            color: ${background};
+        }
+
+        #network {
+            background: ${neutralGreen};
+            color: ${background};
+        }
+
+        #network.disconnected {
+            background: ${lightBackground};
+            color: ${foreground};
+        }
+
+        #pulseaudio {
+            background: ${neutralCyan};
+            color: ${background};
+        }
+
+        #pulseaudio.muted {
+            background: ${foreground};
+        }
+
+        #temperature {
+            background: ${brightCyan};
+            color: ${background};
+        }
+
+        #temperature.critical {
+            background: ${fadedRed};
+            color: ${foreground};
+        }
+
+        #tray {
+            background-color: #2980b9;
+        }
+
+        #idle_inhibitor {
+            background-color: ${lightBackground};
+        }
+
+        #custom-mpd {
+            background-color: ${dominant};
+        }
+
+        #mpd {
+            background: ${dominant};
+        }
+
+        #mpd.disconnected {
+            background: ${lightBackground};
+            color: ${foreground};
+        }
+
+        #mpd.stopped {
+            background: ${foreground};
+            color: ${background};
+        }
+
+        #mpd.paused {
+            background: ${dimDominant};
+        }
+      '';
+
+      systemd.enable = true;
+    };
+
+    # Fix https://github.com/nix-community/home-manager/pull/1628
+    systemd.user.services.waybar.Unit = {
+      Requisite = lib.mkForce [];
+      After = lib.mkForce [];
+    };
+  };
+}
diff --git a/usecases/desktop/graphical/zathura.nix b/usecases/desktop/graphical/zathura.nix
new file mode 100644
index 0000000..d1832d8
--- /dev/null
+++ b/usecases/desktop/graphical/zathura.nix
@@ -0,0 +1,55 @@
+inputs:
+
+{ config, ... }:
+
+{
+  home-manager.users.minijackson.programs.zathura = {
+    enable = true;
+
+    options = with config.theme.colors; {
+      guioptions = "";
+      adjust-open = "width";
+
+      smooth-scroll = true;
+      scroll-step = 100;
+      #scroll-full-overlap = 0.05;
+
+      selection-clipboard = "clipboard";
+
+      default-bg = softBackground;
+      default-fg = foreground;
+
+      notification-error-bg = neutralRed;
+      notification-error-fg = foreground;
+
+      notification-warning-bg = background;
+      notification-warning-fg = brightRed;
+
+      highlight-color        = fadedYellow;
+      highlight-active-color = brightYellow;
+
+      inputbar-bg = background;
+      inputbar-fg = dominant;
+
+      completion-bg = background;
+      completion-fg = neutralBlue;
+
+      completion-highlight-bg = dominant;
+      completion-highlight-fg = background;
+
+      notification-bg = dominant;
+      notification-fg = background;
+
+      index-bg = background;
+      index-fg = foreground;
+
+      index-active-bg = dominant;
+      index-active-fg = background;
+
+      recolor-lightcolor = background;
+      recolor-darkcolor  = foreground;
+      recolor-keephue = true;
+      recolor = true;
+    };
+  };
+}
diff --git a/usecases/desktop/pipewire.nix b/usecases/desktop/pipewire.nix
new file mode 100644
index 0000000..e742ba9
--- /dev/null
+++ b/usecases/desktop/pipewire.nix
@@ -0,0 +1,44 @@
+inputs:
+
+{ pkgs, ... }:
+
+{
+  imports = [
+    (inputs.nixpkgs-unstable.outPath + "/nixos/modules/services/desktops/pipewire/pipewire.nix")
+    (inputs.nixpkgs-unstable.outPath + "/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix")
+  ];
+
+  disabledModules = [ "services/desktops/pipewire.nix" ];
+
+  services.pipewire = {
+    enable = true;
+    package = pkgs.unstable.pipewire;
+
+    alsa.enable = true;
+    jack.enable = true;
+    pulse.enable = true;
+
+    config = {
+      pipewire-pulse = {
+        "context.modules" = [
+          { name = "libpipewire-module-rtkit"; flags = [ "ifexists" "nofail" ]; }
+          { name = "libpipewire-module-protocol-native"; }
+          { name = "libpipewire-module-client-node"; }
+          { name = "libpipewire-module-adapter"; }
+          { name = "libpipewire-module-metadata"; }
+          {
+            name = "libpipewire-module-protocol-pulse";
+            args = {
+              # TODO: set it in MPD?
+              "server.address" = [ "unix:native" "tcp:127.0.0.1:4713" ];
+            };
+          }
+        ];
+      };
+    };
+
+    media-session.package = pkgs.unstable.pipewire.mediaSession;
+  };
+
+  security.rtkit.enable = true;
+}
diff --git a/usecases/server/default.nix b/usecases/server/default.nix
index 1b47ee4..f32728a 100644
--- a/usecases/server/default.nix
+++ b/usecases/server/default.nix
@@ -1,8 +1,12 @@
+# A reasonable set of defaults for a server
+
+inputs:
+
 { ... }:
 
 {
   imports = [
-    ./fail2ban.nix
-    ./monitoring-target.nix
+    (import ./fail2ban.nix inputs)
+    (import ./monitoring-target.nix inputs)
   ];
 }
diff --git a/usecases/server/fail2ban.nix b/usecases/server/fail2ban.nix
index 1c2912c..3870a32 100644
--- a/usecases/server/fail2ban.nix
+++ b/usecases/server/fail2ban.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, ... }:
 
 {
diff --git a/usecases/server/monitoring-target.nix b/usecases/server/monitoring-target.nix
index 1ddeb25..2ccd160 100644
--- a/usecases/server/monitoring-target.nix
+++ b/usecases/server/monitoring-target.nix
@@ -1,3 +1,5 @@
+inputs:
+
 { config, ... }:
 
 {
@@ -6,7 +8,7 @@
       enable = true;
       enabledCollectors = [ "logind" "systemd" ];
       disabledCollectors = [ "textfile" ];
-      listenAddress = config.topology.mainVpn.currentNodeIP;
+      listenAddress = "[${config.topology.mainVpn.currentNodeIP}]";
     };
   };