19 changed files with 462 additions and 613 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,11 +1,9 @@
 keys:
  - &xps13 age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
  - &pi age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2
  - &server age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u
 creation_rules:
  - path_regex: secrets/secrets.yaml$
    key_groups:
      - age:
        - *xps13
        - *pi
        - *server
--- a/2
+++ b/2
@ -6,4 +6,4 @@ rebuild-pi:
 	NIX_SSHOPTS="-o IdentitiesOnly=yes -i ~/.ssh/id_rsa" nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo
 deploy-server:
-	nixos-rebuild switch --flake .#server --target-host server --build-host server --sudo --ask-sudo-password
+	nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo --ask-sudo-password
--- a/devices/asus/configuration.nix
+++ b/devices/asus/configuration.nix
@ -1,7 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, ... }: {
+{
  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@ -33,7 +38,13 @@
  users.users.polen = {
    isNormalUser = true;
    extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [ neovim tree htop git ranger ];
+    packages = with pkgs; [
      neovim
      tree
      htop
      git
      ranger
    ];
  };
  # List packages installed in system profile.
--- a/devices/asus/hardware-configuration.nix
+++ b/devices/asus/hardware-configuration.nix
@ -4,32 +4,34 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
    [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" = {
+  fileSystems."/" =
-    device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5";
+    { device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5";
      fsType = "ext4";
    };
-  fileSystems."/boot" = {
+  fileSystems."/boot" =
-    device = "/dev/disk/by-uuid/9267-2ED4";
+    { device = "/dev/disk/by-uuid/9267-2ED4";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
-  fileSystems."/data" = {
+  fileSystems."/data" =
-    device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f";
+    { device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f";
      fsType = "ext4";
    };
  swapDevices =
-    [{ device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }];
+    [ { device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }
    ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -40,6 +42,5 @@
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/devices/latoure/configuration.nix
+++ b/devices/latoure/configuration.nix
@ -1,7 +1,11 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running 'nixos-help').
-{ config, pkgs, ... }: {
+{
  config,
  pkgs,
  ...
 }: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@ -105,7 +109,13 @@
  # List packages installed in system profile. To search, run:
  # $ nix search wget
-  environment.systemPackages = with pkgs; [ htop-vim ranger neovim wget git ];
+  environment.systemPackages = with pkgs; [
    htop-vim
    ranger
    neovim
    wget
    git
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
--- a/devices/latoure/hardware-configuration.nix
+++ b/devices/latoure/hardware-configuration.nix
@ -4,52 +4,44 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
-
+    [ (modulesPath + "/installer/scan/not-detected.nix")
  boot.initrd.availableKernelModules = [
    "uhci_hcd"
    "ehci_pci"
    "ahci"
    "xhci_pci"
    "pata_marvell"
    "firewire_ohci"
    "usb_storage"
    "usbhid"
    "sd_mod"
    "sr_mod"
    ];
  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "xhci_pci" "pata_marvell" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" = {
+  fileSystems."/" =
-    device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5";
+    { device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5";
      fsType = "ext4";
    };
-  fileSystems."/boot" = {
+  fileSystems."/boot" =
-    device = "/dev/disk/by-uuid/9B7B-A012";
+    { device = "/dev/disk/by-uuid/9B7B-A012";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
-  fileSystems."/data" = {
+  fileSystems."/data" =
-    device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83";
+    { device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83";
      fsType = "ext4";
    };
-  fileSystems."/data1" = {
+  fileSystems."/data1" =
-    device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8";
+    { device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8";
      fsType = "ext4";
    };
-  fileSystems."/home" = {
+  fileSystems."/home" =
-    device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827";
+    { device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827";
      fsType = "ext4";
    };
  swapDevices =
-    [{ device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }];
+    [ { device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }
    ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -60,6 +52,5 @@
  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/devices/macbook/configuration.nix
+++ b/devices/macbook/configuration.nix
@ -1,5 +1,11 @@
-{ pkgs, inputs, system, config, ... }:
+{
-let my-emacs = pkgs.emacsNativeComp;
+  pkgs,
  inputs,
  system,
  config,
  ...
 }: let
  my-emacs = pkgs.emacsNativeComp;
 in {
  nixpkgs.config.allowUnfree = true;
@ -50,28 +56,23 @@ in {
      "brave-browser"
      "qutebrowser"
      "stremio"
      "firefox"
      # work
      "slack"
      "tunnelblick"
      "dbeaver-community"
      "claude"
      "adobe-acrobat-reader"
      # doom emacs
      "font-symbols-only-nerd-font"
      # media
      "inkscape"
      "obs"
    ];
  };
  nix = {
    # Necessary for using flakes on this system.
    settings.experimental-features = "nix-command flakes";
    extraOptions = ''
-      extra-platforms = x86_64-darwin aarch64-darwin aarch64-linux
+      extra-platforms = x86_64-darwin aarm64-darwin
    '';
    gc = {
      automatic = true;
@ -82,31 +83,6 @@ in {
      };
      options = "--delete-older-than 15d";
    };
    linux-builder = {
      enable = true;
    };
    distributedBuilds = true;
    buildMachines = [
      {
        hostName = "server.local";
        sshUser = "polen";
        sshKey = "/Users/charles/.ssh/id_ed25519";
        systems = [ "x86_64-linux" "aarch64-linux" ];
        # optional but recommended:
        maxJobs = 4;              # how many concurrent builds to send
        speedFactor = 1;          # relative priority vs other builders
        supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
      }
    ];
    settings.builders-use-substitutes = true;
    settings = {
      extra-substituters = [ "s3://rc-nix-binary-cache?region=ca-central-1" ];
      extra-trusted-public-keys = [ "rc-nix-cache:3nJzc2e0wK0zpTmiphHLYJWOMuKJ0Fj/TOF5ulUxr/Q=" ];
      secret-key-files = [ "/Users/charles/.config/nix/rc-nix-cache-priv-key.pem" ];
    };
  };
  # Create /etc/zshrc that loads the nix-darwin environment.
@ -114,7 +90,9 @@ in {
  programs.direnv.enable = true;
  programs.gnupg.agent.enable = true;
-  services.yabai = { enable = true; };
+  services.yabai = {
    enable = true;
  };
  services.skhd.enable = true;
  services.emacs = {
@ -135,7 +113,9 @@ in {
    tilesize = 32;
  };
-  system.defaults.menuExtraClock = { Show24Hour = true; };
+  system.defaults.menuExtraClock = {
    Show24Hour = true;
  };
  launchd.user.agents.remap-keys = {
    serviceConfig = {
@ -143,8 +123,7 @@ in {
        "/usr/bin/hidutil"
        "property"
        "--set"
-        ''
+        ''          {
          {
                    "UserKeyMapping":[
                    {"HIDKeyboardModifierMappingSrc":0x700000039,"HIDKeyboardModifierMappingDst":0x7000000E7}
                    ]
--- a/devices/pi/configuration.nix
+++ b/devices/pi/configuration.nix
@ -1,5 +1,10 @@
-{ inputs, config, pkgs, lib, ... }:
+{
-let
+  inputs,
  config,
  pkgs,
  lib,
  ...
 }: let
  user = "polen";
  hostname = "pi";
 in {
@ -20,10 +25,12 @@ in {
    };
  };
-  swapDevices = [{
+  swapDevices = [
    {
      device = "/var/lib/swapfile";
      size = 10 * 1024;
-  }];
+    }
  ];
  #sops.defaultSopsFile = ../../secrets/secrets.yaml;
  #sops.defaultSopsFormat = "yaml";
@ -34,6 +41,12 @@ in {
    networkmanager.enable = true;
    wireless.enable = false;
    hostName = hostname;
    firewall.allowedTCPPorts = [80 443];
  };
  services.pihole-ftl = {
    enable = true;
    openFirewallDHCP = true;
  };
  services.prometheus.exporters = {
@ -43,19 +56,22 @@ in {
  nix.settings.trusted-users = [user];
-  environment.systemPackages = with pkgs; [ htop-vim neovim curl wget ranger ];
+  environment.systemPackages = with pkgs; [
    htop-vim
    neovim
    curl
    wget
    ranger
  ];
  services.openssh.enable = true;
  users = {
    mutableUsers = false;
-    users = {
+    users."${user}" = {
      "${user}" = {
      isNormalUser = true;
      #hashedPasswordFile = config.sops.secrets.pi_user_pass.path;
-        extraGroups = [ "wheel" ];
+      extraGroups = ["wheel" "pihole"];
      };
      lauria = { isNormalUser = true; };
    };
  };
--- a/devices/server/configuration.nix
+++ b/devices/server/configuration.nix
@ -1,7 +1,13 @@
-{ config, pkgs, ... }:
+{
-let user = "polen";
+  config,
  pkgs,
  ...
 }: let
  user = "polen";
 in {
-  imports = [ ./hardware-configuration.nix ];
+  imports = [
    ./hardware-configuration.nix
  ];
  boot.loader = {
    grub = {
@ -40,14 +46,6 @@ in {
      reverse_proxy http://127.0.0.1:8096
    '';
    virtualHosts."grafana.polensky.me".extraConfig = ''
      reverse_proxy http://127.0.0.1:3000
    '';
    virtualHosts."git.polensky.me".extraConfig = ''
      reverse_proxy http://127.0.0.1:3001
    '';
    virtualHosts."pb.polensky.me".extraConfig = ''
      request_body {
        max_size 10MB
@ -64,33 +62,6 @@ in {
      file_server
      try_files {path} /index.html
    '';
    virtualHosts."prixdugaz.ca".extraConfig = ''
      reverse_proxy http://127.0.0.1:8080
    '';
  };
  services.prixdugaz = {
    enable = true;
    openFirewall = true; # 8080
  };
  services.forgejo = {
    enable = true;
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "git.polensky.me";
        ROOT_URL = "https://git.polensky.me/";
        HTTP_PORT = 3001;
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
      actions = {
        ENABLED = true;
      };
    };
  };
  # observability
@ -98,7 +69,6 @@ in {
    grafana = {
      enable = true;
      settings = {
        security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
        server = {
          http_addr = "0.0.0.0";
          http_port = 3000;
@ -109,29 +79,27 @@ in {
      enable = true;
      exporters = {
        node.enable = true;
        systemd.enable = true;
      };
      scrapeConfigs = [
        {
          job_name = "node-exporters-lan";
-          static_configs = [{
+          static_configs = [
            targets = [ "127.0.0.1:9100" ];
            labels = { instance = "server"; };
          }];
        }
            {
-          job_name = "systemd-exporters-lan";
+              targets = ["127.0.0.1:9100"];
-          static_configs = [{
+              labels = {
-            targets = [ "127.0.0.1:9558" ];
+                instance = "server";
-            labels = { instance = "server"; };
+              };
-          }];
+            }
          ];
        }
      ];
    };
  };
  systemd.services.jellyfin = {
-    environment = { DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; };
+    environment = {
      DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1";
    };
  };
  # media
@ -199,7 +167,6 @@ in {
      9000 # mealie
      8989 # sonarr
      10222 # taskchampion-sync-server
      51966 # for ssh
    ];
    firewall.allowedUDPPorts = [
      5353 # mDNS
@ -209,23 +176,12 @@ in {
  time.timeZone = "America/Toronto";
  users.users."${user}" = {
    isNormalUser = true;
    group = "polen";
    extraGroups = ["wheel" "transmission" "jellyfin" "polensky" "docker"];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6O2MJqR+P/FwRyVSz1HWYhMtIwh16ozBU71Y2vf0oNDQ6DZ5T8Bvp5/4uSJgS8lOl3qYyNy0e0zJMIyfFVJnu89ycKBEdixA4HqWOUQGiyvn1C4s740jHolOzN1xNB24PDXFz0vHcVb+G5nU/xeKeaq0vrszrkK2zctqXshw94/x3ah0m3fr5CwM4S2RY/VODOdt11fllFEvN8HGE2mQTPn5sJzwtGW20npQ5iJ7ShugPbC4D1G2JU1R7MqkvWEpq9OFVb1prTpJM+i/lcqCn3lBv8XxpKKnD3q+48eeO1geosAsG/kgUWPDildbzcSfytgj7/TCTujx2ow4ZUfS4kWUrNaXM3M99SG61rFN7zLMAv14SOSsgegmX3q0ZAwOieUhCifqIqdfFr5QjEUP11ALofYRC6567X1YrEVXZFFnZSXMKGkBKpTxx0jaTTGnFSd6F49kDlI30cKJnVUgAK5nESissdEFn3UGRSFfxmjZkYvhY5l3LqtbO3kEutJU= polen@polen-xps"
    ];
  };
  users.groups.polen = { };
  # SOPS secrets
  sops = {
    defaultSopsFile = ../../secrets/secrets.yaml;
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    secrets = { };
  };
  environment.systemPackages = with pkgs; [
    neovim
    htop-vim
--- a/devices/server/hardware-configuration.nix
+++ b/devices/server/hardware-configuration.nix
@ -1,11 +1,18 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }: {
+{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod"];
    [ "uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
@ -15,8 +22,9 @@
    fsType = "ext4";
  };
-  swapDevices =
+  swapDevices = [
-    [{ device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711"; }];
+    {device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711";}
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -29,6 +37,5 @@
  # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/devices/xps13/assets/avatar.jpg
+++ b/devices/xps13/assets/avatar.jpg
--- a/devices/xps13/configuration.nix
+++ b/devices/xps13/configuration.nix
@ -1,7 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running 'nixos-help').
-{ config, pkgs, inputs, ... }: {
+{
  config,
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@ -11,13 +16,13 @@
  hardware.bluetooth = {
    enable = true;
-    powerOnBoot = false;
+    powerOnBoot = true;
  };
  services.blueman.enable = true;
  services.openssh.enable = true;
-  services.power-profiles-daemon.enable = false;
+  services.power-profiles-daemon.enable = true;
  services.upower.enable = true;
  # Bootloader.
@ -26,10 +31,6 @@
  boot.kernelModules = ["msr"];
  boot.extraModprobeConfig = ''
    options snd_hda_intel power_save=1
  '';
  networking.hostName = "xps13"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@ -68,7 +69,6 @@
  services.displayManager.sddm = {
    enable = true;
    theme = "${import ./sddm-theme.nix {inherit pkgs;}}";
    package = pkgs.kdePackages.sddm;
  };
  # Define a user account. Don't forget to set a password with 'passwd'.
@ -97,7 +97,7 @@
    # Desktop
    waybar
    mako
-    awww
+    swww
    wdisplays
    libnotify
    bemenu
@ -105,10 +105,12 @@
    pamixer
    networkmanagerapplet
    wl-clipboard
    libsForQt5.qt5.qtquickcontrols2
    libsForQt5.qt5.qtgraphicaleffects
    ntfs3g
-    kdePackages.qtdeclarative
+    # Nix related
-    kdePackages.qtsvg
+    nixfmt-classic
  ];
  programs.zsh.enable = true;
@ -119,12 +121,6 @@
    withUWSM = true;
  };
  programs.weylus = {
    enable = true;
    users = [ "polen" ];
    openFirewall = true;
  };
  services.gvfs.enable = true;
  # to make pass work
--- a/devices/xps13/hardware-configuration.nix
+++ b/devices/xps13/hardware-configuration.nix
@ -4,26 +4,27 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" = {
+  fileSystems."/" =
-    device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6";
+    { device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6";
      fsType = "ext4";
    };
-  fileSystems."/boot" = {
+  fileSystems."/boot" =
-    device = "/dev/disk/by-uuid/A769-2F96";
+    { device = "/dev/disk/by-uuid/A769-2F96";
      fsType = "vfat";
    };
-  fileSystems."/home" = {
+  fileSystems."/home" =
-    device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450";
+    { device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450";
      fsType = "ext4";
    };
@ -37,6 +38,5 @@
  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/devices/xps13/sddm-theme.nix
+++ b/devices/xps13/sddm-theme.nix
@ -1,21 +1,19 @@
-{ pkgs }:
+{pkgs}: let
 let 
  image = ./assets/a_forest_of_trees_with_fog.jpg;
-  avatar = ./assets/avatar.jpg;
+in
-in pkgs.stdenv.mkDerivation {
+  pkgs.stdenv.mkDerivation {
    name = "sddm-theme";
    src = pkgs.fetchFromGitHub {
-    owner = "xCaptaiN09";
+      owner = "MarianArlt";
-    repo = "pixie-sddm";
+      repo = "sddm-sugar-dark";
-    rev = "12a5f459ebd6d699be42c188c10976c8bb7076d7";
+      rev = "ceb2c455663429be03ba62d9f898c571650ef7fe";
-    sha256 = "sha256-lmE/49ySuAZDh5xLochWqfSw9qWrIV+fYaK5T2Ckck8=";
+      sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ=";
    };
    installPhase = ''
      mkdir -p $out
      cp -R ./* $out/
-    rm $out/assets/background.jpg
+      cd $out/
-    rm $out/assets/avatar.jpg
+      rm Background.jpg
-    cp ${image} $out/assets/background.jpg
+      cp -r ${image} $out/Background.jpg
    cp ${avatar} $out/assets/avatar.jpg
    '';
  }
--- a/flake.lock
+++ b/flake.lock
@ -2,38 +2,19 @@
  "nodes": {
    "disko": {
      "inputs": {
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs"
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1773889306,
+        "lastModified": 1760701190,
-        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
+        "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
+        "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "id": "disko",
-        "repo": "disko",
+        "type": "indirect"
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1751685974,
        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
        "ref": "refs/heads/main",
        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
        "revCount": 92,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/flake-compat.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.lix.systems/lix-project/flake-compat.git"
      }
    },
    "flake-parts": {
@ -41,11 +22,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1777898446,
+        "lastModified": 1730504689,
-        "narHash": "sha256-tTEOTTjMHd8Vffn4hehLTPgOXXxJ27xfkf4DoyZgD7s=",
+        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "5d82aa3d6b5da25dbfec1a995750a70a03b8c659",
+        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
        "type": "github"
      },
      "original": {
@ -56,18 +37,14 @@
    },
    "flake-parts_2": {
      "inputs": {
-        "nixpkgs-lib": [
+        "nixpkgs-lib": "nixpkgs-lib_2"
          "vimix",
          "nvf",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1769996383,
+        "lastModified": 1741352980,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
        "type": "github"
      },
      "original": {
@ -78,7 +55,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
@ -94,33 +71,13 @@
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1776184304,
        "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "3c7524c68348ef79ce48308e0978611a050089b2",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "mnw": {
      "locked": {
-        "lastModified": 1777828893,
+        "lastModified": 1742255973,
-        "narHash": "sha256-gVWVnmyNr74BVKfhMMZDWkhx2699dhmZ2g0W8TTHtkk=",
+        "narHash": "sha256-XfEGVKatTgEMMOVb4SNp1LYLQOSzzrFTDMVDTZFyMVE=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "c1c0b544bfabe6669b5a6a0383ccb475fe60258b",
+        "rev": "b982dbd5e6d55d4438832b3567c09bc2a129649d",
        "type": "github"
      },
      "original": {
@ -129,39 +86,44 @@
        "type": "github"
      }
    },
-    "ndg": {
+    "nil": {
      "inputs": {
        "flake-utils": [
          "vimix",
          "nvf",
          "flake-utils"
        ],
        "nixpkgs": [
          "vimix",
          "nvf",
          "nixpkgs"
-        ]
+        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1776882296,
+        "lastModified": 1741118843,
-        "narHash": "sha256-DWZozXwMsgvUqfVlL1mQ8dOxW7GJ/8CdyaDN+1niZRg=",
+        "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=",
-        "owner": "feel-co",
+        "owner": "oxalica",
-        "repo": "ndg",
+        "repo": "nil",
-        "rev": "ab7d78d4884b3a34968cf9fa3d16c0c1246d5c6e",
+        "rev": "577d160da311cc7f5042038456a0713e9863d09e",
        "type": "github"
      },
      "original": {
-        "owner": "feel-co",
+        "owner": "oxalica",
-        "ref": "refs/tags/v2.6.0",
+        "repo": "nil",
        "repo": "ndg",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1775037210,
+        "lastModified": 1761339987,
-        "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
+        "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "06648f4902343228ce2de79f291dd5a58ee12146",
+        "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de",
        "type": "github"
      },
      "original": {
@ -170,29 +132,13 @@
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1775490113,
        "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1765934234,
+        "lastModified": 1752596105,
-        "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
+        "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
+        "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708",
        "type": "github"
      },
      "original": {
@ -204,11 +150,23 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1777168982,
+        "lastModified": 1730504152,
-        "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
+        "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
        "type": "tarball",
        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
      }
    },
    "nixpkgs-lib_2": {
      "locked": {
        "lastModified": 1740877520,
        "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
+        "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
        "type": "github"
      },
      "original": {
@ -219,31 +177,31 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1775710090,
+        "lastModified": 1747728033,
-        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
+        "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
+        "rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1775036866,
+        "lastModified": 1761114652,
-        "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
+        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
+        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
@ -251,11 +209,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1775888245,
+        "lastModified": 1760596604,
-        "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
+        "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "13043924aaa7375ce482ebe2494338e058282925",
+        "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43",
        "type": "github"
      },
      "original": {
@ -267,11 +225,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1777578337,
+        "lastModified": 1744098102,
-        "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
+        "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
+        "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7",
        "type": "github"
      },
      "original": {
@ -283,16 +241,16 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1774386573,
+        "lastModified": 1743076231,
-        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
+        "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
+        "rev": "6c5963357f3c1c840201eda129a99d455074db04",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -301,15 +259,14 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
+        ]
        "noctalia-qs": "noctalia-qs"
      },
      "locked": {
-        "lastModified": 1776240823,
+        "lastModified": 1769187095,
-        "narHash": "sha256-QAdipw26rtLJWKY7EWX7k+pyvCQwF4+PObggxWbiT74=",
+        "narHash": "sha256-1EpJcnYSIpkHnMChluK6LoDtOkjkPOl/zqhZyqGefqs=",
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
-        "rev": "76b03be48965cb01faabe167f80a8995fb76a92e",
+        "rev": "ee2e9cdb0c7618e00d4c78b359d461733416a673",
        "type": "github"
      },
      "original": {
@ -318,94 +275,72 @@
        "type": "github"
      }
    },
    "noctalia-qs": {
      "inputs": {
        "nixpkgs": [
          "noctalia",
          "nixpkgs"
        ],
        "systems": "systems",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
        "lastModified": 1775957204,
        "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=",
        "owner": "noctalia-dev",
        "repo": "noctalia-qs",
        "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86",
        "type": "github"
      },
      "original": {
        "owner": "noctalia-dev",
        "repo": "noctalia-qs",
        "type": "github"
      }
    },
    "nvf": {
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts_2",
        "mnw": "mnw",
        "ndg": "ndg",
        "nixpkgs": "nixpkgs_6",
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1777837065,
        "narHash": "sha256-uRD6a4uNno3SsAw0E0E6xqbiK7pX63Ad1F37q5fyz9g=",
        "owner": "notashelf",
        "repo": "nvf",
        "rev": "7ec206a5d9a7d5d27900d81a6bb382823902276d",
        "type": "github"
      },
      "original": {
        "owner": "notashelf",
        "repo": "nvf",
        "type": "github"
      }
    },
    "prixdugaz": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_3"
+        "mnw": "mnw",
        "nil": "nil",
        "nixpkgs": "nixpkgs_6",
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1777505579,
+        "lastModified": 1744192993,
-        "narHash": "sha256-e1oq8b4hFTH/C2zyGdRB4X4BdFg+wrf3yw7JjHav++w=",
+        "narHash": "sha256-dvMcjQ2yKD21qnP6ylgo5Gj6d0FYKvATe6S6Zf8X0J4=",
-        "ref": "refs/heads/main",
+        "owner": "notashelf",
-        "rev": "ed8b91db4647564f21b376fea6390c1167dcc027",
+        "repo": "nvf",
-        "revCount": 35,
+        "rev": "67d9aa7cb585b315473b9558c307db5ccdc9f9bb",
-        "type": "git",
+        "type": "github"
        "url": "ssh://git@github.com/Polensky/prixdugaz"
      },
      "original": {
-        "type": "git",
+        "owner": "notashelf",
-        "url": "ssh://git@github.com/Polensky/prixdugaz"
+        "repo": "nvf",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "disko": "disko",
        "home-manager": "home-manager",
        "nix-darwin": "nix-darwin",
-        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_3",
        "nixpkgs": "nixpkgs_2",
        "noctalia": "noctalia",
        "prixdugaz": "prixdugaz",
        "sops-nix": "sops-nix",
        "vimix": "vimix"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "vimix",
          "nvf",
          "nil",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1741055476,
        "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "aefb7017d710f150970299685e8d8b549d653649",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1776119890,
+        "lastModified": 1760998189,
-        "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
        "type": "github"
      },
      "original": {
@ -416,16 +351,16 @@
    },
    "systems": {
      "locked": {
-        "lastModified": 1689347949,
+        "lastModified": 1681028828,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
-        "repo": "default-linux",
+        "repo": "default",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
-        "repo": "default-linux",
+        "repo": "default",
        "type": "github"
      }
    },
@ -444,43 +379,6 @@
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "noctalia",
          "noctalia-qs",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1775636079,
        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "vimix": {
      "inputs": {
        "flake-parts": "flake-parts",
@ -488,11 +386,11 @@
        "nvf": "nvf"
      },
      "locked": {
-        "lastModified": 1777899228,
+        "lastModified": 1752113669,
-        "narHash": "sha256-BtBQzhkhBEIpPfx6gEOo84tIPQmJecqSE3WyDvCfE3Y=",
+        "narHash": "sha256-Szf9YJ9u51zK7tGdX39e/7mGjgFX8oa5S/ro6+AoJlY=",
        "owner": "Polensky",
        "repo": "vimix",
-        "rev": "1bc9e35738fb9dc50ef0935bc9c03f734dd8426b",
+        "rev": "7dc2e5e1050ca567809a228eacc8da381778cc05",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -10,26 +10,20 @@
      url = "github:noctalia-dev/noctalia-shell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    prixdugaz.url = "git+ssh://git@github.com/Polensky/prixdugaz";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
  };
-  outputs = { nixpkgs, nix-darwin, sops-nix, disko, home-manager
+  outputs = {
-    , nixos-hardware, ... }@inputs: {
+    nixpkgs,
    nix-darwin,
    sops-nix,
    disko,
    ...
  } @ inputs: {
    nixosConfigurations = {
      default = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs;};
        system = "x86_64-linux";
        modules = [
            nixos-hardware.nixosModules.dell-xps-13-9370
          ./devices/xps13/configuration.nix
          ./modules
        ];
@ -37,22 +31,26 @@
      latoure = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs;};
        system = "x86_64-linux";
-          modules = [ ./devices/latoure/configuration.nix ./modules ];
+        modules = [
          ./devices/latoure/configuration.nix
          ./modules
        ];
      };
      asus = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs;};
        system = "x86_64-linux";
-          modules = [ ./devices/asus/configuration.nix ./modules ];
+        modules = [
          ./devices/asus/configuration.nix
          ./modules
        ];
      };
      server = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs;};
        system = "x86_64-linux";
        modules = [
          disko.nixosModules.disko
            sops-nix.nixosModules.sops
          ./devices/server/configuration.nix
          ./modules
            inputs.prixdugaz.nixosModules.default
        ];
      };
      pi = nixpkgs.lib.nixosSystem {
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1 +1,5 @@
-{ ... }: { imports = [ ./pocketbase.nix ]; }
+{...}: {
  imports = [
    ./pocketbase.nix
  ];
 }
--- a/modules/pocketbase.nix
+++ b/modules/pocketbase.nix
@ -1,5 +1,10 @@
-{ config, pkgs, lib, ... }:
+{
-let cfg = config.services.pocketbase;
+  config,
  pkgs,
  lib,
  ...
 }: let
  cfg = config.services.pocketbase;
 in {
  options.services.pocketbase = {
    enable = lib.mkEnableOption "PocketBase backend";
@ -7,8 +12,7 @@ in {
    dataDir = lib.mkOption {
      type = lib.types.path;
      default = "/var/lib/pocketbase";
-      description =
+      description = "Working directory containing the PocketBase binary and data.";
        "Working directory containing the PocketBase binary and data.";
    };
    openFirewall = lib.mkOption {
@ -48,8 +52,9 @@ in {
  config = lib.mkIf cfg.enable {
    # Optional: ensure the directory exists with proper ownership
-    systemd.tmpfiles.rules =
+    systemd.tmpfiles.rules = [
-      [ "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" ];
+      "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -"
    ];
    systemd.services.pocketbase = {
      description = "PocketBase";
@ -66,11 +71,7 @@ in {
        WorkingDirectory = cfg.dataDir;
        ExecStart = ''
-          ${
+          ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port}
            lib.getExe cfg.package
          } serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${
            toString cfg.port
          }
        '';
        # Switch to systemd stdout/stderr logging by default
@ -79,7 +80,8 @@ in {
        StandardError = "append:${cfg.logFile}";
      };
    };
-    networking.firewall =
+    networking.firewall = lib.mkIf cfg.openFirewall {
-      lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
+      allowedTCPPorts = [cfg.port];
    };
  };
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -1,37 +1,21 @@
 pi_user_pass: ENC[AES256_GCM,data:X5u07UvEov5eYWks,iv:SPDFU01/5WThCSZjj1pExNZENhmIG2W6LvHfpPH5TS0=,tag:z5bhJ2TrX6Bevd40O1nPxg==,type:str]
 luna_telegram_token: ENC[AES256_GCM,data:LWzEamz5SFK4HC+zR+6seTrVsTR0kQGETD6DSHMW3fMeFbUQm6/K+d8mc6Wg7w==,iv:LqvyTIkniNiqEAK76+Uqq4cYHnddmjMId+HQBjHk68o=,tag:knP6aqkLwGeEIAYMyET3Xg==,type:str]
 luna_gateway_token: ENC[AES256_GCM,data:NV13qS8Vj0/HcvPM34Z90kFBoezpKeyhYKIWfU8zkHbOK7pHkl8yNACmUBszgjhbP4baqmO61isd94TxN4AjoA==,iv:j+9SfQoRMWeZbCjAm6/D5hwDBLl/0IOyu34DYphWz2o=,tag:od78mpifFMajv9eQfmnp1w==,type:str]
 ollama_api_key: ENC[AES256_GCM,data:ZaTeAcipRZBsZ0krHhc/UNZ0+P4AaA2aT3WHGKkg4PaikYB+TWXPGYV+BjTbn2KOXynabwwNwIyT,iv:Po25iPPd7VlYfaYqtDrLEbjZBdJ7af8mgEW8tYgs3iM=,tag:CMl2ECJxRTIB+AFND+9tKQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRy9DblE4WnhEc1kvcjcw
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y
-            ZVBEeVVoRUMxNUZ6Q09QZXdYcEZaSGp0UHpFCnc3UnZOZThLdDYwN05GUjJqYnhK
+            dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj
-            Z0tZMXo2N0J4R2ZPLzRLcS83QVRBZncKLS0tICs3dDVIV0s2ZTRBQk5wMVE3WjVP
+            V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi
-            NENYZHlvR3U3Um5XWm90RW01eEM3eHMKewyXEa9TInEFz65LoDo8BHBdjibdYF4r
+            b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb
-            DGQtPlYF5yuVd8PVMATxMBhs/6hXJLfK2Y54NEeJo2gydyq11Lpm2Q==
+            glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2
+    lastmodified: "2024-11-07T04:04:03Z"
-          enc: |
+    mac: ENC[AES256_GCM,data:7UGKhfZg3SNg1f74nQiax4F7CB8NC12uIpTlQDtb8d1iiu5AdPZHwzlkpXbzkIp26g61pI8qXcvdjmToWjaWzsbUZ2Mo8/HEzOtV8HzxAeQFAyYBhIFAS0q0WzN/yijI7fQeHKnhZ/YCUuHQAZ94bBBSnkVTVOKf6mR7Pu1klr4=,iv:DzOwKxrcJse6yyOw+l7+wgEGBI36HWnebLE7js4VRiE=,tag:BIR67kZzZJZo+Kfie4wIvw==,type:str]
-            -----BEGIN AGE ENCRYPTED FILE-----
+    pgp: []
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMlBaWURCSTd6cjRYTTB1
            VWQvTHBFaDgrMFRpb0crRld6ZjVOUXkrb0cwCnFpcE1nSERwUlowRW54SnEwTk9u
            S2N1Rm9kUCtWM3pEWmh1aE1HU3oxT1UKLS0tIE5HSXdFT29XazloR0VjVDVqQWVq
            RURoYXdtZFh2djVaem15Qjk4UFhBOEEKEjAuKJ8vpVKoBO8ioyH4EcXVmEkfwrQh
            JtDzik9QwZgUNdamWu5BhDlNA1Jmu87VYchhR4CXIS5OG4ticUqr7g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodExKajhTZzRZdWlXWG9n
            V09sRDZrK0gvaDI4TmtzUmR0cUF0OFl1OGxJCmNUMk5aWkV3LzYzeTJJMDFlR0p4
            Qlp0STk4dFN3WGswb05BRHlOQit2VGMKLS0tIGJTVkp0Y1Yrd2pqMm1yUlJaYkMy
            TzlCMWpMQ1hRMTRObWNyN2Q0YWtsZmcKFHVmvu6U0Qw+EUsBEmdST2cyQ3rZyh6w
            62vmALGxE2NWDYQmwtHJmYqeO14HHEDclUErQiCmUt+hLgOLF2MxwA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-04-09T02:00:03Z"
    mac: ENC[AES256_GCM,data:2/JIsd2iOg2yTMzxwnVuk1pKxNJy80g09SgcCLLP0rwziKNORELQw5z8ipgVxRee2irqPSNFsAPfvjQFnq3nGOKuf1zbSATOzt4yySWigS7Q7il1OEtf6rdNXPruTQU+R8R3ZpqE0IhYZ1iPyCU+vIlBdHzgLEThdnQeWE3XvAc=,iv:Xc7uCgvHysg3w/fAC1aPLozU1tROcywRlWQLS/kUCYQ=,tag:c5NF6cjqaCJ8r6tfPVuUxw==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.8.1