From 806b3433681e47200fc775db0f0a400b2c1901f0 Mon Sep 17 00:00:00 2001
From: kB01 <kb01@kb-one.de>
Date: Wed, 29 Oct 2025 00:18:18 +0100
Subject: [PATCH 1/5] Added HW Keys to Ohybkes SSH-Config

---
 homes/x86_64-linux/kb@Ohybke/ssh.nix | 130 +++++++++++++++++++++------
 1 file changed, 103 insertions(+), 27 deletions(-)

diff --git a/homes/x86_64-linux/kb@Ohybke/ssh.nix b/homes/x86_64-linux/kb@Ohybke/ssh.nix
index 8ca45ce..27fbc8b 100644
--- a/homes/x86_64-linux/kb@Ohybke/ssh.nix
+++ b/homes/x86_64-linux/kb@Ohybke/ssh.nix
@@ -3,6 +3,94 @@
   # SSH Configuration
   services.ssh-agent.enable = true;
   programs.ssh.enable = true;
+
+  # SSH Shell Connections
+  programs.ssh.matchBlocks."master@pkpnafs-m1ni" = {
+    host = "pkpnafs";
+    hostname = "pkpnafs.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
+    port = 3422;
+  };
+  programs.ssh.matchBlocks."master@pkpnafs-ho2o" = {
+    host = "pkpnafs";
+    hostname = "pkpnafs.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@ho2o";
+    port = 3422;
+  };
+  programs.ssh.matchBlocks."master@pkpnafs-lar3" = {
+    host = "pkpnafs";
+    hostname = "pkpnafs.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3";
+    port = 3422;
+  };
+  programs.ssh.matchBlocks."master@senfnvp-m1ni" = {
+    host = "senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@senfnvp-ho2o" = {
+    host = "senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@ho2o";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@senfnvp-lar3" = {
+    host = "senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@mow0m-m1ni" = {
+    host = "mow0m";
+    hostname = "mow0m";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@mow0m-ho2o" = {
+    host = "mow0m";
+    hostname = "mow0m";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@ho2o";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@mow0m-lar3" = {
+    host = "mow0m";
+    hostname = "mow0m";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3";
+    port = 9553;
+  };
+  programs.ssh.matchBlocks."master@web-m1ni" = {
+    host = "web";
+    hostname = "kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
+    port = 2222;
+  };
+  programs.ssh.matchBlocks."master@web-ho2o" = {
+    host = "web";
+    hostname = "kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@ho2o";
+    port = 2222;
+  };
+  programs.ssh.matchBlocks."master@web-lar3" = {
+    host = "web";
+    hostname = "kb-one.de";
+    user = "master";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3t.";
+    port = 2222;
+  };
+
+  # SSH Git Connections
   programs.ssh.matchBlocks."kb01@kb-one-git" = {
     host = "git.kb-one.de";
     user = "git";
@@ -14,39 +102,27 @@
     user = "git";
     identityFile = "~/.ssh/kb01@0x90-git";
   };
-  programs.ssh.matchBlocks."master@pkpnafs" = {
-    host = "pkpnafs";
-    hostname = "pkpnafs.kb-one.de";
-    user = "master";
-    identityFile = "~/.ssh/master@pkpnafs";
-    port = 3422;
-  };
-  programs.ssh.matchBlocks."master@kb-web-01" = {
-    host = "kb-web-01";
-    hostname = "kb-one.de";
-    user = "master";
-    identityFile = "~/.ssh/master@kb-web-01";
-    port = 2222;
-  };
-  programs.ssh.matchBlocks."remoteunlock-senfnvp" = {
+
+  # SSH Remoteunlock Connections
+  programs.ssh.matchBlocks."remoteunlock@senfnvp-m1ni" = {
     host = "remoteunlock-senfnvp";
     hostname = "senfnvp.kb-one.de";
     user = "root";
-    identityFile = "~/.ssh/remoteunlock-senfnvp";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
     port = 7299;
   };
-  programs.ssh.matchBlocks."master@senfnvp" = {
-    host = "senfnvp";
+  programs.ssh.matchBlocks."remoteunlock@senfnvp-ho2o" = {
+    host = "remoteunlock-senfnvp";
     hostname = "senfnvp.kb-one.de";
-    user = "master";
-    identityFile = "~/.ssh/master@senfnvp";
-    port = 9553;
+    user = "root";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@ho2o";
+    port = 7299;
   };
-  programs.ssh.matchBlocks."master@mow0m" = {
-    host = "mow0m";
-    hostname = "mow0m";
-    user = "master";
-    identityFile = "~/.ssh/master@mow0m";
-    port = 9553;
+  programs.ssh.matchBlocks."remoteunlock@senfnvp-lar3" = {
+    host = "remoteunlock-senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "root";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3";
+    port = 7299;
   };
 }

From 1e517b499ccf32684190d9fd8f5c601523e3a636 Mon Sep 17 00:00:00 2001
From: kB01 <kb01@kb-one.de>
Date: Wed, 29 Oct 2025 14:59:02 +0100
Subject: [PATCH 2/5] Configured HW Key

---
 systems/i686-linux/Rubtrm/default.nix  |  8 +++++++-
 systems/i686-linux/Rubtrm/hardware.nix | 26 ++++++++++++--------------
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/systems/i686-linux/Rubtrm/default.nix b/systems/i686-linux/Rubtrm/default.nix
index 2aa3497..fa78ede 100644
--- a/systems/i686-linux/Rubtrm/default.nix
+++ b/systems/i686-linux/Rubtrm/default.nix
@@ -60,9 +60,15 @@
     variant = "";
   };
 
+  # Security
+  security.rtkit.enable = true;
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+
   # Enable sound with pipewire.
   services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
     alsa.enable = true;
diff --git a/systems/i686-linux/Rubtrm/hardware.nix b/systems/i686-linux/Rubtrm/hardware.nix
index 31c278b..62731cf 100644
--- a/systems/i686-linux/Rubtrm/hardware.nix
+++ b/systems/i686-linux/Rubtrm/hardware.nix
@@ -1,29 +1,27 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
   boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usbhid" "usb_storage" "ums_realtek" "sd_mod" ];
   boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
   boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/NIXOS_LUKS";
+  boot.initrd.luks.devices."cryptroot".crypttabExtraOpts = [ "fido2-device=auto" ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
   boot.kernelParams = [ "i915.force_probe=27ae" ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-label/NIXOS_ROOT";
-      fsType = "ext4";
-    };
+  fileSystems."/" = { 
+    device = "/dev/disk/by-label/NIXOS_ROOT";
+    fsType = "ext4";
+  };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-label/NIXOS_BOOT";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXOS_BOOT";
+    fsType = "vfat";
+  };
 
   swapDevices = [ 
     {

From e0bead4ced7185e9e153c9fa695aed422ef34957 Mon Sep 17 00:00:00 2001
From: Kaybee <kb01@kb-one.de>
Date: Thu, 30 Oct 2025 18:40:23 +0100
Subject: [PATCH 3/5] Organized Properties, Added HW Token support

---
 systems/i686-linux/Rubtrm/hardware.nix | 45 ++++++++++++++++++--------
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/systems/i686-linux/Rubtrm/hardware.nix b/systems/i686-linux/Rubtrm/hardware.nix
index 62731cf..052bc18 100644
--- a/systems/i686-linux/Rubtrm/hardware.nix
+++ b/systems/i686-linux/Rubtrm/hardware.nix
@@ -5,38 +5,57 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
+  # Nix Config
+  nixpkgs.hostPlatform = lib.mkDefault "i686-linux";
+
+  # Kernel
   boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usbhid" "usb_storage" "ums_realtek" "sd_mod" ];
   boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/NIXOS_LUKS";
-  boot.initrd.luks.devices."cryptroot".crypttabExtraOpts = [ "fido2-device=auto" ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
   boot.kernelParams = [ "i915.force_probe=27ae" ];
 
-  fileSystems."/" = { 
-    device = "/dev/disk/by-label/NIXOS_ROOT";
-    fsType = "ext4";
-  };
 
+  # Boot Process
+  boot.loader.grub = {
+    enable = true;
+    copyKernels = true;
+  };
+  boot.initrd.systemd.enable = true;
+  #boot.plymouth.enable = true;
+  #boot.plymouth.logo = pkgs.fetchurl {
+  #  url = "https://forum.auxolotl.org/uploads/default/original/1X/be37690f0748737fc813dd3592848f5323a7f277.png";
+  #  hash = "sha256-+E7mAoEMnHsavKzEdTosli08Oohq+yt3WB4Uhwpi0Vg=";
+  #};
+
+  # Filesystems
   fileSystems."/boot" = {
     device = "/dev/disk/by-label/NIXOS_BOOT";
     fsType = "vfat";
   };
-
+  fileSystems."/" = { 
+    device = "/dev/disk/by-label/NIXOS_ROOT";
+    fsType = "ext4";
+  };
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/NIXOS_LUKS";
+  boot.initrd.luks.devices."cryptroot".crypttabExtraOpts = [ "fido2-device=auto" ];
   swapDevices = [ 
     {
       device = "/.swapfile";
     }
   ];
 
+  # Misc
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
 
-  nixpkgs.hostPlatform = lib.mkDefault "i686-linux";
-  # networking.enableIntel3945ABGFirmware = true;
-  hardware.graphics.extraPackages = [ pkgs.intel-vaapi-driver ];
-  hardware.graphics.extraPackages32 = [ pkgs.intel-vaapi-driver ];
+  # Firmware
+  # intel-media-driver
+  # intel-vaapi-driver
+  # libva-vdpau-drivemesar
+  # libvdpau-va-gl
+  # mesa
+  hardware.graphics.extraPackages = [ pkgs.driversi686Linux.mesa ];
+  hardware.graphics.extraPackages32 = [ pkgs.driversi686Linux.mesa ];
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   hardware.enableAllFirmware = true;
 }

From 0b190f8e4c855d2c7047ab50c12a7aa06059d2e1 Mon Sep 17 00:00:00 2001
From: kB01 <kb01@kb-one.de>
Date: Sat, 1 Nov 2025 19:37:42 +0100
Subject: [PATCH 4/5] Added Binary-Caches and Builders#

---
 homes/x86_64-linux/kb@Ohybke/ssh.nix    | 37 ++++++++++++++++++++++++-
 systems/x86_64-linux/Ohybke/default.nix |  9 +++---
 2 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/homes/x86_64-linux/kb@Ohybke/ssh.nix b/homes/x86_64-linux/kb@Ohybke/ssh.nix
index 27fbc8b..1eb9959 100644
--- a/homes/x86_64-linux/kb@Ohybke/ssh.nix
+++ b/homes/x86_64-linux/kb@Ohybke/ssh.nix
@@ -3,6 +3,9 @@
   # SSH Configuration
   services.ssh-agent.enable = true;
   programs.ssh.enable = true;
+  programs.ssh.extraConfig = ''
+    IdentitiesOnly=yes
+  '';
 
   # SSH Shell Connections
   programs.ssh.matchBlocks."master@pkpnafs-m1ni" = {
@@ -94,7 +97,7 @@
   programs.ssh.matchBlocks."kb01@kb-one-git" = {
     host = "git.kb-one.de";
     user = "git";
-    identityFile = "~/.ssh/kb01@kb-one-git";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
     port = 9522;
   };
   programs.ssh.matchBlocks."kb01@0x90-git" = {
@@ -125,4 +128,36 @@
     identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@lar3";
     port = 7299;
   };
+
+  # Nix Build Hosts
+  programs.ssh.matchBlocks."nix-builder@pkpnafs" = {
+    host = "pkpnafs";
+    hostname = "pkpnafs.kb-one.de";
+    user = "nix-builder";
+    identityFile = "~/.ssh/nix-builder@pkpnafs";
+    port = 3422;
+  };
+  programs.ssh.matchBlocks."nix-builder@senfnvp" = {
+    host = "senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "nix-builder";
+    identityFile = "~/.ssh/nix-builder@senfnvp";
+    port = 9553;
+  };
+
+  # Nix Caches
+  programs.ssh.matchBlocks."nix-ssh@pkpnafs" = {
+    host = "pkpnafs";
+    hostname = "pkpnafs.kb-one.de";
+    user = "nix-ssh";
+    identityFile = "~/.ssh/nix-ssh@pkpnafs";
+    port = 3422;
+  };
+  programs.ssh.matchBlocks."nix-ssh@senfnvp" = {
+    host = "senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "nix-ssh";
+    identityFile = "~/.ssh/nix-ssh@senfnvp";
+    port = 9553;
+  };
 }
diff --git a/systems/x86_64-linux/Ohybke/default.nix b/systems/x86_64-linux/Ohybke/default.nix
index 5bd4650..b404c07 100644
--- a/systems/x86_64-linux/Ohybke/default.nix
+++ b/systems/x86_64-linux/Ohybke/default.nix
@@ -10,6 +10,10 @@
   nix.settings = {
     experimental-features = [ "nix-command" "flakes" ];
   };
+  nix.extraOptions = ''
+    secret-key-files = /root/secrets/cache-Ohybke.sec
+    builders-use-substitutes = true
+  '';
   nixpkgs.config.allowUnfree = true;
   nixpkgs.config.permittedInsecurePackages = [
     "electron-27.3.11"
@@ -28,9 +32,6 @@
     }
   ];
   nix.distributedBuilds = true;
-  nix.extraOptions = ''
-    builders-use-substitutes = true
-  '';
 
   # Networking
   networking.hostName = "Ohybke";
@@ -123,7 +124,7 @@
 
   services.numen = {
     enable = true;
-    autoStart = true;
+    autoStart = false;
     phrasesPkg = pkgs.kb-one.numen-phrases.override {
       customWakeWords-en = [ "cyber" "writer" "activate" ];
       customWakeWords-de = [ "aktivier" "cyber" "schreiber" ];

From d4803d1aa17a4fc14567dea8875664da2076452e Mon Sep 17 00:00:00 2001
From: kB01 <kb01@kb-one.de>
Date: Sat, 1 Nov 2025 19:43:15 +0100
Subject: [PATCH 5/5] Fixed SSH-Key for Git

---
 homes/x86_64-linux/kb@Ohybke/ssh.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/homes/x86_64-linux/kb@Ohybke/ssh.nix b/homes/x86_64-linux/kb@Ohybke/ssh.nix
index 1eb9959..7dbc361 100644
--- a/homes/x86_64-linux/kb@Ohybke/ssh.nix
+++ b/homes/x86_64-linux/kb@Ohybke/ssh.nix
@@ -97,7 +97,7 @@
   programs.ssh.matchBlocks."kb01@kb-one-git" = {
     host = "git.kb-one.de";
     user = "git";
-    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-ssh@m1ni";
+    identityFile = "~/.ssh/id_ed25519_sk_rk_kb-git@m1ni";
     port = 9522;
   };
   programs.ssh.matchBlocks."kb01@0x90-git" = {