[TASK] Improve config

config/common.nix

@@ -1,42 +1,23 @@
 { pkgs, ... }:
 
 {
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    wget
-    curl
-    htop
-  ];
-
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.systemd-boot.configurationLimit = 5;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  # System-Tuning für JetBrains Tools
+  boot.kernel.sysctl = {
+    "fs.inotify.max_user_watches" = 1048576;
+  };
+
+  # Network
   networking.hostName = "cesium"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Enable networking
   networking.networkmanager.enable = true;
 
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
   i18n.defaultLocale = "de_DE.UTF-8";
-
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";
     LC_IDENTIFICATION = "de_DE.UTF-8";
@@ -49,26 +30,8 @@
     LC_TIME = "de_DE.UTF-8";
   };
 
-  # Some programs need SUID wrappers, can be configured further or are
+  # Configure console keymap
-  # started in user sessions.
+  console.keyMap = "de";
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-    channel = "https://channels.nixos.org/nixos-25.11";
-  };
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-  #services.xserver.videoDrivers = [ "nvidia" ];
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
 
   # Configure keymap in X11
   services.xserver.xkb = {
@@ -76,48 +39,66 @@
     variant = "";
   };
 
-  # Enable the GNOME Desktop Environment.
-  services.displayManager.gdm.enable = true;
-  services.desktopManager.gnome.enable = true;
 
-  # Enable the OpenSSH daemon.
+  # List packages installed in system profile. To search, run:
-  services.openssh.enable = true;
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+    wget
+    curl
+    htop
+    stow
 
-  # Configure console keymap
+    cifs-utils
-  console.keyMap = "de";
+  ];
 
-  # Enable CUPS to print documents.
+  # Shell-Programme
-  services.printing.enable = true;
+  programs.zsh.enable = true;
+  programs.git.enable = true;
 
-  # Enable sound with pipewire.
+  # Flatpak Support
-  services.pulseaudio.enable = false;
+  services.flatpak.enable = true;
+
+  # Sound
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
   };
 
-
+  # Sound
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  sound.enable = true;
-  users.users.sebastian = {
+  hardware.pulseaudio.enable = false;
-    isNormalUser = true;
+  security.rtkit.enable = true;
-    description = "Sebastian Fischer";
+  services.pipewire = {
-    extraGroups = [ "networkmanager" "wheel" ];
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
   };
 
-  # Install firefox.
+  # 32-bit Support für Steam
-  programs.firefox.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.pulseaudio.support32Bit = true;
 
-  # Allow unfree packages
+  # Desktop Environment / Window Manager
-  nixpkgs.config.allowUnfree = true;
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+    channel = "https://channels.nixos.org/nixos-25.11";
+  };
 
   nix.gc = {
     automatic = true;

config/configuration.nix

@@ -4,18 +4,19 @@
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./common.nix
-    # ./vm.nix
+    ./services.nix
+    ./users.nix
+    # ./vm-guest.nix
     <home-manager/nixos>
   ];
 
-  nixpkgs.config.allowUnfree = true;
-
   # Home Manager Konfiguration
   home-manager.useGlobalPkgs = true;
   home-manager.useUserPackages = true;
-
-  # Dein(e) Benutzer mit Home Manager
   home-manager.users.sebastian = import ./home.nix;
 
+  # NixOS Version (nicht ändern nach Erstinstallation)
   system.stateVersion = "25.11";
+
+  nixpkgs.config.allowUnfree = true;
 }

config/home.nix

@@ -1,6 +1,52 @@
 # In deiner home.nix
 { config, pkgs, ... }:
 
+let
+  # Jameica/Hibiscus Custom Package
+  jameica = pkgs.stdenv.mkDerivation rec {
+    pname = "jameica";
+    version = "2.12.0";
+
+    src = pkgs.fetchurl {
+      url = "https://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64-${version}.zip";
+      # Hash ermitteln mit: nix-prefetch-url <URL>
+      sha256 = "d5abbd1f8ce4c799e50669e6f4cb7deebf7af3343891e24ff36377ac4ea4192a";
+    };
+
+    nativeBuildInputs = [ pkgs.unzip pkgs.makeWrapper ];
+    buildInputs = [ pkgs.jre ];
+
+    unpackPhase = ''
+      unzip $src
+    '';
+
+    installPhase = ''
+      mkdir -p $out/opt/jameica
+      cp -r jameica/* $out/opt/jameica/ || true
+
+      mkdir -p $out/bin
+      makeWrapper $out/opt/jameica/jameica.sh $out/bin/jameica \
+        --prefix PATH : ${pkgs.jre}/bin
+
+      mkdir -p $out/share/applications
+      cat > $out/share/applications/jameica.desktop <<EOF
+      [Desktop Entry]
+      Name=Jameica
+      Exec=$out/bin/jameica
+      Terminal=false
+      Type=Application
+      Icon=$out/opt/jameica/jameica-icon.png
+      Categories=Office;Finance;
+      EOF
+    '';
+
+    meta = with pkgs.lib; {
+      description = "Jameica Homebanking";
+      homepage = "https://www.willuhn.de/products/jameica/";
+      platforms = platforms.linux;
+    };
+  };
+in
 {
   home.stateVersion = "25.11";
 
@@ -11,9 +57,11 @@
     gimp
     filezilla
     solaar
+
     libreoffice-fresh
     hunspell
     hunspellDicts.de_DE
+
     darktable
 
     # Browser
@@ -31,11 +79,66 @@
 
     # Entwicklung
     jetbrains-toolbox
-    jetbrains.phpstorm
     mkcert
     gitflow
-
-    # Tools
-    stow
   ];
+
+
+
+  # Powerlevel10k Theme installieren
+  home.activation.installPowerlevel10k = config.lib.dag.entryAfter ["writeBoundary"] ''
+    P10K_DIR="$HOME/.oh-my-zsh/custom/themes/powerlevel10k"
+    if [ ! -d "$P10K_DIR" ]; then
+      $DRY_RUN_CMD mkdir -p "$HOME/.oh-my-zsh/custom/themes"
+      $DRY_RUN_CMD ${pkgs.git}/bin/git clone --depth=1 \
+        https://github.com/romkatv/powerlevel10k.git "$P10K_DIR" || true
+    fi
+  '';
+
+  # Flatpak Apps installieren
+  # HINWEIS: Diese werden beim ersten home-manager switch installiert
+  # Dandanch werden sie von Flatpak selbst verwaltet
+  home.activation.installFlatpakApps = config.lib.dag.entryAfter ["writeBoundary"] ''
+    # Flathub Remote hinzufügen (falls noch nicht vorhanden)
+    $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists --user \
+      flathub https://dl.flathub.org/repo/flathub.flatpakrepo || true
+
+    # Extension Manager
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "com.mattjakeman.ExtensionManager"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        com.mattjakeman.ExtensionManager || true
+    fi
+
+    # Kdenlive (Video-Bearbeitung)
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "org.kde.kdenlive"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        org.kde.kdenlive || true
+    fi
+
+    # PrismLauncher (Minecraft)
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "org.prismlauncher.PrismLauncher"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        org.prismlauncher.PrismLauncher || true
+
+      # Minecraft-Verzeichnis Zugriff gewähren
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak override --user \
+        org.prismlauncher.PrismLauncher --filesystem=/home/Programme/Minecraft/ || true
+    fi
+  '';
+
+  # mkcert installieren (für lokale SSL-Zertifikate)
+  home.activation.setupMkcert = config.lib.dag.entryAfter ["writeBoundary"] ''
+    if [ ! -f "$HOME/.local/share/mkcert/rootCA.pem" ]; then
+      $DRY_RUN_CMD ${pkgs.mkcert}/bin/mkcert -install || true
+    fi
+  '';
+
+  # GTK Theme (optional, für besseres Aussehen)
+  gtk = {
+    enable = true;
+    theme = {
+      name = "Adwaita-dark";
+      package = pkgs.gnome-themes-extra;
+    };
+  };
 }

config/services.nix

@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  # Docker
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    ddev
+  ];
+}

config/users.nix

@@ -0,0 +1,24 @@
+# /etc/nixos/users.nix
+# Benutzer-Konfiguration
+
+{ config, pkgs, ... }:
+
+{
+  # Benutzer sebastian
+  users.users.sebastian = {
+    isNormalUser = true;
+    description = "Sebastian Fischer";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "docker"
+      "libvirtd"
+    ];
+    shell = pkgs.zsh;
+
+    hashedPassword = "$6$CAuppl9g4RL/0BpQ$njjjKs2MFlHRCxlBk.34f2z.wJ3nEOI4xOdOBEds59Adcr3ngJ1lVFpOS0v0pg4/k5pTg0Lgj.88w/RgR2/MS.";
+  };
+
+  # SSH für ssh-askpass (verwendet von Git, etc.)
+  programs.ssh.askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
+}

config/vm-guest.nix

@@ -14,7 +14,9 @@
   services.qemuGuest.enable = true;
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 9843 ];
+  networking.firewall.allowedTCPPorts = [ 9843 22 ];
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
 
   environment.etc."xdg/autostart/spice-vdagent-custom.desktop".text = ''
     [Desktop Entry]

config/vm-host.nix

@@ -0,0 +1,67 @@
+# /etc/nixos/vm-guest.nix
+# Erweiterte Virtualisierungs-Konfiguration
+# Diese Datei ist optional und kann in configuration.nix importiert werden
+
+{ config, pkgs, ... }:
+
+{
+  # QEMU/KVM mit erweiterten Optionen
+  virtualisation.libvirtd = {
+    enable = true;
+
+    qemu = {
+      package = pkgs.qemu_kvm;
+      runAsRoot = true;
+
+      # TPM Emulation für Windows 11 VMs
+      swtpm.enable = true;
+
+      # UEFI Support
+      ovmf = {
+        enable = true;
+        packages = [ pkgs.OVMFFull.fd ];
+      };
+    };
+  };
+
+  # Virt-Manager und virtuelle Netzwerke
+  programs.virt-manager.enable = true;
+
+  # Networking für VMs
+  networking.firewall = {
+    # Erlaube Bridged Networking
+    checkReversePath = false;
+  };
+
+  # libvirt Netzwerk-Bridge
+  # Erstellt ein "default" NAT-Netzwerk für VMs
+  systemd.services.libvirtd-config = {
+    description = "Setup libvirt default network";
+    after = [ "libvirtd.service" ];
+    requires = [ "libvirtd.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+
+    script = ''
+      ${pkgs.libvirt}/bin/virsh net-autostart default || true
+      ${pkgs.libvirt}/bin/virsh net-start default || true
+    '';
+  };
+
+  # Zusätzliche VM-Tools
+  environment.systemPackages = with pkgs; [
+    virt-viewer    # VNC/SPICE Viewer
+    spice-gtk      # SPICE Client
+    win-virtio     # Windows VirtIO Treiber
+  ];
+
+  # Performance-Tuning für VMs
+  boot.kernelModules = [ "kvm-amd" ];  # Für AMD CPUs (für Intel: "kvm-intel")
+
+  # Hugepages für bessere VM Performance (optional)
+  # boot.kernelParams = [ "hugepagesz=2M" "hugepages=2048" ];
+}