darwin stuff

.sops.yaml

@@ -1,9 +1,11 @@
 keys:
   - &xps13 age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
   - &pi age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2
+  - &server age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u
 creation_rules:
   - path_regex: secrets/secrets.yaml$
     key_groups:
       - age:
         - *xps13
         - *pi
+        - *server

Makefile

@@ -6,4 +6,4 @@ rebuild-pi:
 	NIX_SSHOPTS="-o IdentitiesOnly=yes -i ~/.ssh/id_rsa" nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo
 
 deploy-server:
-	nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo --ask-sudo-password
+	nixos-rebuild switch --flake .#server --target-host server --build-host server --sudo --ask-sudo-password

devices/asus/configuration.nix

@@ -1,12 +1,7 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{
+{ config, lib, pkgs, ... }: {
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -32,19 +27,13 @@
   services.desktopManager.cosmic.enable = true;
   services.displayManager.cosmic-greeter.enable = true;
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.polen = {
     isNormalUser = true;
-    extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
+    packages = with pkgs; [ neovim tree htop git ranger ];
-      neovim
-      tree
-      htop
-      git
-      ranger
-    ];
   };
 
   # List packages installed in system profile.
@@ -73,7 +62,7 @@
   };
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [2283];
+  networking.firewall.allowedTCPPorts = [ 2283 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;

devices/asus/hardware-configuration.nix

@@ -4,34 +4,32 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5";
+    device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/9267-2ED4";
+    device = "/dev/disk/by-uuid/9267-2ED4";
-      fsType = "vfat";
+    fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
+    options = [ "fmask=0077" "dmask=0077" ];
-    };
+  };
 
-  fileSystems."/data" =
+  fileSystems."/data" = {
-    { device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f";
+    device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }
+    [{ device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -42,5 +40,6 @@
   # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

devices/latoure/configuration.nix

@@ -1,11 +1,7 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running 'nixos-help').
-{
+{ config, pkgs, ... }: {
-  config,
-  pkgs,
-  ...
-}: {
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -35,7 +31,7 @@
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
   #nix.settings.trusted-users = [ "polen" "polensky" ];
   #nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
   #boot.binfmt.emulatedSystems = ["aarch64-linux"];
@@ -98,7 +94,7 @@
   users.users.polensky = {
     isNormalUser = true;
     description = "polensky";
-    extraGroups = ["networkmanager" "wheel"];
+    extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.zsh;
   };
 
@@ -109,13 +105,7 @@
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ htop-vim ranger neovim wget git ];
-    htop-vim
-    ranger
-    neovim
-    wget
-    git
-  ];
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.

devices/latoure/hardware-configuration.nix

@@ -4,44 +4,52 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "xhci_pci" "pata_marvell" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "uhci_hcd"
+    "ehci_pci"
+    "ahci"
+    "xhci_pci"
+    "pata_marvell"
+    "firewire_ohci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5";
+    device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/9B7B-A012";
+    device = "/dev/disk/by-uuid/9B7B-A012";
-      fsType = "vfat";
+    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = [ "fmask=0022" "dmask=0022" ];
-    };
+  };
 
-  fileSystems."/data" =
+  fileSystems."/data" = {
-    { device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83";
+    device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/data1" =
+  fileSystems."/data1" = {
-    { device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8";
+    device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827";
+    device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }
+    [{ device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -52,5 +60,6 @@
   # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

devices/macbook/configuration.nix

@@ -1,11 +1,5 @@
-{
+{ pkgs, inputs, system, config, ... }:
-  pkgs,
+let my-emacs = pkgs.emacsNativeComp;
-  inputs,
-  system,
-  config,
-  ...
-}: let
-  my-emacs = pkgs.emacsNativeComp;
 in {
   nixpkgs.config.allowUnfree = true;
 
@@ -24,7 +18,7 @@ in {
     colima
     git
     gnupg
-    (pass.withExtensions (exts: [exts.pass-otp]))
+    (pass.withExtensions (exts: [ exts.pass-otp ]))
 
     # emacs
     my-emacs
@@ -56,23 +50,28 @@ in {
       "brave-browser"
       "qutebrowser"
       "stremio"
+      "firefox"
 
       # work
       "slack"
       "tunnelblick"
       "dbeaver-community"
       "claude"
+      "adobe-acrobat-reader"
 
       # doom emacs
       "font-symbols-only-nerd-font"
+
+      # media
+      "inkscape"
+      "obs"
     ];
   };
-
   nix = {
     # Necessary for using flakes on this system.
     settings.experimental-features = "nix-command flakes";
     extraOptions = ''
-      extra-platforms = x86_64-darwin aarm64-darwin
+      extra-platforms = x86_64-darwin aarch64-darwin aarch64-linux
     '';
     gc = {
       automatic = true;
@@ -83,6 +82,31 @@ in {
       };
       options = "--delete-older-than 15d";
     };
+
+    linux-builder = {
+      enable = true;
+    };
+
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "server.local";
+        sshUser = "polen";
+        sshKey = "/Users/charles/.ssh/id_ed25519";
+        systems = [ "x86_64-linux" "aarch64-linux" ];
+        # optional but recommended:
+        maxJobs = 4;              # how many concurrent builds to send
+        speedFactor = 1;          # relative priority vs other builders
+        supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
+      }
+    ];
+    settings.builders-use-substitutes = true;
+
+    settings = {
+      extra-substituters = [ "s3://rc-nix-binary-cache?region=ca-central-1" ];
+      extra-trusted-public-keys = [ "rc-nix-cache:3nJzc2e0wK0zpTmiphHLYJWOMuKJ0Fj/TOF5ulUxr/Q=" ];
+      secret-key-files = [ "/Users/charles/.config/nix/rc-nix-cache-priv-key.pem" ];
+    };
   };
 
   # Create /etc/zshrc that loads the nix-darwin environment.
@@ -90,9 +114,7 @@ in {
   programs.direnv.enable = true;
   programs.gnupg.agent.enable = true;
 
-  services.yabai = {
+  services.yabai = { enable = true; };
-    enable = true;
-  };
   services.skhd.enable = true;
 
   services.emacs = {
@@ -107,15 +129,13 @@ in {
 
   system.defaults.dock = {
     autohide = true;
-    persistent-apps = [];
+    persistent-apps = [ ];
     show-recents = false;
     static-only = true;
     tilesize = 32;
   };
 
-  system.defaults.menuExtraClock = {
+  system.defaults.menuExtraClock = { Show24Hour = true; };
-    Show24Hour = true;
-  };
 
   launchd.user.agents.remap-keys = {
     serviceConfig = {
@@ -123,7 +143,8 @@ in {
         "/usr/bin/hidutil"
         "property"
         "--set"
-        ''          {
+        ''
+          {
                     "UserKeyMapping":[
                     {"HIDKeyboardModifierMappingSrc":0x700000039,"HIDKeyboardModifierMappingDst":0x7000000E7}
                     ]

devices/pi/configuration.nix

@@ -1,16 +1,11 @@
-{
+{ inputs, config, pkgs, lib, ... }:
-  inputs,
+let
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
   user = "polen";
   hostname = "pi";
 in {
   boot = {
     kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
-    initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
+    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
     loader = {
       grub.enable = false;
       generic-extlinux-compatible.enable = true;
@@ -21,16 +16,14 @@ in {
     "/" = {
       device = "/dev/disk/by-label/NIXOS_SD";
       fsType = "ext4";
-      options = ["noatime"];
+      options = [ "noatime" ];
     };
   };
 
-  swapDevices = [
+  swapDevices = [{
-    {
+    device = "/var/lib/swapfile";
-      device = "/var/lib/swapfile";
+    size = 10 * 1024;
-      size = 10 * 1024;
+  }];
-    }
-  ];
 
   #sops.defaultSopsFile = ../../secrets/secrets.yaml;
   #sops.defaultSopsFormat = "yaml";
@@ -41,12 +34,6 @@ in {
     networkmanager.enable = true;
     wireless.enable = false;
     hostName = hostname;
-    firewall.allowedTCPPorts = [80 443];
-  };
-
-  services.pihole-ftl = {
-    enable = true;
-    openFirewallDHCP = true;
   };
 
   services.prometheus.exporters = {
@@ -54,24 +41,21 @@ in {
     node.openFirewall = true;
   };
 
-  nix.settings.trusted-users = [user];
+  nix.settings.trusted-users = [ user ];
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ htop-vim neovim curl wget ranger ];
-    htop-vim
-    neovim
-    curl
-    wget
-    ranger
-  ];
 
   services.openssh.enable = true;
 
   users = {
     mutableUsers = false;
-    users."${user}" = {
+    users = {
-      isNormalUser = true;
+      "${user}" = {
-      #hashedPasswordFile = config.sops.secrets.pi_user_pass.path;
+        isNormalUser = true;
-      extraGroups = ["wheel" "pihole"];
+        #hashedPasswordFile = config.sops.secrets.pi_user_pass.path;
+        extraGroups = [ "wheel" ];
+      };
+      lauria = { isNormalUser = true; };
     };
   };
 

devices/server/configuration.nix

@@ -1,23 +1,17 @@
-{
+{ config, pkgs, ... }:
-  config,
+let user = "polen";
-  pkgs,
-  ...
-}: let
-  user = "polen";
 in {
-  imports = [
+  imports = [ ./hardware-configuration.nix ];
-    ./hardware-configuration.nix
-  ];
 
   boot.loader = {
     grub = {
       enable = true;
-      devices = ["/dev/sda"];
+      devices = [ "/dev/sda" ];
     };
   };
   #boot.kernelModules = ["msr"];
 
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   virtualisation.docker.enable = true;
 
@@ -46,6 +40,14 @@ in {
       reverse_proxy http://127.0.0.1:8096
     '';
 
+    virtualHosts."grafana.polensky.me".extraConfig = ''
+      reverse_proxy http://127.0.0.1:3000
+    '';
+
+    virtualHosts."git.polensky.me".extraConfig = ''
+      reverse_proxy http://127.0.0.1:3001
+    '';
+
     virtualHosts."pb.polensky.me".extraConfig = ''
       request_body {
         max_size 10MB
@@ -62,6 +64,33 @@ in {
       file_server
       try_files {path} /index.html
     '';
+
+    virtualHosts."prixdugaz.ca".extraConfig = ''
+      reverse_proxy http://127.0.0.1:8080
+    '';
+  };
+
+  services.prixdugaz = {
+    enable = true;
+    openFirewall = true; # 8080
+  };
+
+  services.forgejo = {
+    enable = true;
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.polensky.me";
+        ROOT_URL = "https://git.polensky.me/";
+        HTTP_PORT = 3001;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+      actions = {
+        ENABLED = true;
+      };
+    };
   };
 
   # observability
@@ -69,6 +98,7 @@ in {
     grafana = {
       enable = true;
       settings = {
+        security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
         server = {
           http_addr = "0.0.0.0";
           http_port = 3000;
@@ -77,29 +107,31 @@ in {
     };
     prometheus = {
       enable = true;
-      exporters = {
+      exporters = { 
-        node.enable = true;
+        node.enable = true; 
+        systemd.enable = true;
       };
       scrapeConfigs = [
         {
           job_name = "node-exporters-lan";
-          static_configs = [
+          static_configs = [{
-            {
+            targets = [ "127.0.0.1:9100" ];
-              targets = ["127.0.0.1:9100"];
+            labels = { instance = "server"; };
-              labels = {
+          }];
-                instance = "server";
+        }
-              };
+        {
-            }
+          job_name = "systemd-exporters-lan";
-          ];
+          static_configs = [{
+            targets = [ "127.0.0.1:9558" ];
+            labels = { instance = "server"; };
+          }];
         }
       ];
     };
   };
 
   systemd.services.jellyfin = {
-    environment = {
+    environment = { DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1"; };
-      DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "1";
-    };
   };
 
   # media
@@ -145,13 +177,13 @@ in {
   fileSystems."/mnt/latoure-data" = {
     device = "latoure.local:/data";
     fsType = "nfs";
-    options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
+    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
   };
 
   fileSystems."/mnt/latoure-data1" = {
     device = "latoure.local:/data1";
     fsType = "nfs";
-    options = ["_netdev"];
+    options = [ "_netdev" ];
   };
 
   networking = {
@@ -167,6 +199,7 @@ in {
       9000 # mealie
       8989 # sonarr
       10222 # taskchampion-sync-server
+      51966 # for ssh
     ];
     firewall.allowedUDPPorts = [
       5353 # mDNS
@@ -176,12 +209,23 @@ in {
   time.timeZone = "America/Toronto";
 
   users.users."${user}" = {
-    extraGroups = ["wheel" "transmission" "jellyfin" "polensky" "docker"];
+    isNormalUser = true;
+    group = "polen";
+    extraGroups = [ "wheel" "transmission" "jellyfin" "polensky" "docker" ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6O2MJqR+P/FwRyVSz1HWYhMtIwh16ozBU71Y2vf0oNDQ6DZ5T8Bvp5/4uSJgS8lOl3qYyNy0e0zJMIyfFVJnu89ycKBEdixA4HqWOUQGiyvn1C4s740jHolOzN1xNB24PDXFz0vHcVb+G5nU/xeKeaq0vrszrkK2zctqXshw94/x3ah0m3fr5CwM4S2RY/VODOdt11fllFEvN8HGE2mQTPn5sJzwtGW20npQ5iJ7ShugPbC4D1G2JU1R7MqkvWEpq9OFVb1prTpJM+i/lcqCn3lBv8XxpKKnD3q+48eeO1geosAsG/kgUWPDildbzcSfytgj7/TCTujx2ow4ZUfS4kWUrNaXM3M99SG61rFN7zLMAv14SOSsgegmX3q0ZAwOieUhCifqIqdfFr5QjEUP11ALofYRC6567X1YrEVXZFFnZSXMKGkBKpTxx0jaTTGnFSd6F49kDlI30cKJnVUgAK5nESissdEFn3UGRSFfxmjZkYvhY5l3LqtbO3kEutJU= polen@polen-xps"
     ];
   };
+  users.groups.polen = { };
+
+  # SOPS secrets
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = { };
+  };
+
   environment.systemPackages = with pkgs; [
     neovim
     htop-vim
@@ -205,8 +249,8 @@ in {
 
   nixpkgs.config.allowUnfree = true;
   nix = {
-    settings.experimental-features = ["nix-command" "flakes"];
+    settings.experimental-features = [ "nix-command" "flakes" ];
-    settings.trusted-users = ["polen"];
+    settings.trusted-users = [ "polen" ];
     # settings.extra-platforms = config.boot.binfmt.emulatedSystems;
     gc = {
       automatic = true;

devices/server/hardware-configuration.nix

@@ -1,30 +1,22 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }: {
-  config,
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
 
-  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod"];
+  boot.initrd.availableKernelModules =
-  boot.initrd.kernelModules = [];
+    [ "uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod" ];
-  boot.kernelModules = ["kvm-intel"];
+  boot.initrd.kernelModules = [ ];
-  boot.extraModulePackages = [];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/a4ba3cce-bbdd-470d-9874-71f3aea9ea13";
     fsType = "ext4";
   };
 
-  swapDevices = [
+  swapDevices =
-    {device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711";}
+    [{ device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711"; }];
-  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -37,5 +29,6 @@
   # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

devices/xps13/configuration.nix

@@ -1,12 +1,7 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running 'nixos-help').
-{
+{ config, pkgs, inputs, ... }: {
-  config,
-  pkgs,
-  inputs,
-  ...
-}: {
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -16,27 +11,31 @@
 
   hardware.bluetooth = {
     enable = true;
-    powerOnBoot = true;
+    powerOnBoot = false;
   };
   services.blueman.enable = true;
 
   services.openssh.enable = true;
 
-  services.power-profiles-daemon.enable = true;
+  services.power-profiles-daemon.enable = false;
   services.upower.enable = true;
 
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.kernelModules = ["msr"];
+  boot.kernelModules = [ "msr" ];
+
+  boot.extraModprobeConfig = ''
+    options snd_hda_intel power_save=1
+  '';
 
   networking.hostName = "xps13"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
   nix = {
-    settings.experimental-features = ["nix-command" "flakes"];
+    settings.experimental-features = [ "nix-command" "flakes" ];
-    settings.trusted-users = ["polen"];
+    settings.trusted-users = [ "polen" ];
     settings.extra-platforms = config.boot.binfmt.emulatedSystems;
     gc = {
       automatic = true;
@@ -44,7 +43,7 @@
       options = "--delete-older-than 15d";
     };
   };
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
@@ -68,14 +67,15 @@
 
   services.displayManager.sddm = {
     enable = true;
-    theme = "${import ./sddm-theme.nix {inherit pkgs;}}";
+    theme = "${import ./sddm-theme.nix { inherit pkgs; }}";
+    package = pkgs.kdePackages.sddm;
   };
 
   # Define a user account. Don't forget to set a password with 'passwd'.
   users.users.polen = {
     isNormalUser = true;
     description = "polen";
-    extraGroups = ["networkmanager" "wheel"];
+    extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.zsh;
   };
 
@@ -97,7 +97,7 @@
     # Desktop
     waybar
     mako
-    swww
+    awww
     wdisplays
     libnotify
     bemenu
@@ -105,12 +105,10 @@
     pamixer
     networkmanagerapplet
     wl-clipboard
-    libsForQt5.qt5.qtquickcontrols2
-    libsForQt5.qt5.qtgraphicaleffects
     ntfs3g
 
-    # Nix related
+    kdePackages.qtdeclarative
-    nixfmt-classic
+    kdePackages.qtsvg
   ];
 
   programs.zsh.enable = true;
@@ -121,6 +119,12 @@
     withUWSM = true;
   };
 
+  programs.weylus = {
+    enable = true;
+    users = [ "polen" ];
+    openFirewall = true;
+  };
+
   services.gvfs.enable = true;
 
   # to make pass work
@@ -134,7 +138,7 @@
   programs.seahorse.enable = true;
 
   xdg.portal.enable = true;
-  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
 
   environment.sessionVariables = {
     NIXOS_OZONE_WL = "1";

devices/xps13/hardware-configuration.nix

@@ -4,29 +4,28 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6";
+    device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/A769-2F96";
+    device = "/dev/disk/by-uuid/A769-2F96";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
 
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450";
+    device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
   swapDevices = [ ];
 
@@ -38,5 +37,6 @@
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

devices/xps13/sddm-theme.nix

@@ -1,19 +1,21 @@
-{pkgs}: let
+{ pkgs }:
+let 
   image = ./assets/a_forest_of_trees_with_fog.jpg;
-in
+  avatar = ./assets/avatar.jpg;
-  pkgs.stdenv.mkDerivation {
+in pkgs.stdenv.mkDerivation {
-    name = "sddm-theme";
+  name = "sddm-theme";
-    src = pkgs.fetchFromGitHub {
+  src = pkgs.fetchFromGitHub {
-      owner = "MarianArlt";
+    owner = "xCaptaiN09";
-      repo = "sddm-sugar-dark";
+    repo = "pixie-sddm";
-      rev = "ceb2c455663429be03ba62d9f898c571650ef7fe";
+    rev = "12a5f459ebd6d699be42c188c10976c8bb7076d7";
-      sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ=";
+    sha256 = "sha256-lmE/49ySuAZDh5xLochWqfSw9qWrIV+fYaK5T2Ckck8=";
-    };
+  };
-    installPhase = ''
+  installPhase = ''
-      mkdir -p $out
+    mkdir -p $out
-      cp -R ./* $out/
+    cp -R ./* $out/
-      cd $out/
+    rm $out/assets/background.jpg
-      rm Background.jpg
+    rm $out/assets/avatar.jpg
-      cp -r ${image} $out/Background.jpg
+    cp ${image} $out/assets/background.jpg
-    '';
+    cp ${avatar} $out/assets/avatar.jpg
-  }
+  '';
+}

flake.lock

@@ -2,19 +2,38 @@
   "nodes": {
     "disko": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1760701190,
+        "lastModified": 1773889306,
-        "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
+        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
+        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
         "type": "github"
       },
       "original": {
-        "id": "disko",
+        "owner": "nix-community",
-        "type": "indirect"
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1751685974,
+        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
+        "ref": "refs/heads/main",
+        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
+        "revCount": 92,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/flake-compat.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/flake-compat.git"
       }
     },
     "flake-parts": {
@@ -22,11 +41,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1730504689,
+        "lastModified": 1777898446,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "narHash": "sha256-tTEOTTjMHd8Vffn4hehLTPgOXXxJ27xfkf4DoyZgD7s=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "5d82aa3d6b5da25dbfec1a995750a70a03b8c659",
         "type": "github"
       },
       "original": {
@@ -37,14 +56,18 @@
     },
     "flake-parts_2": {
       "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib_2"
+        "nixpkgs-lib": [
+          "vimix",
+          "nvf",
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1741352980,
+        "lastModified": 1769996383,
-        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
         "type": "github"
       },
       "original": {
@@ -55,7 +78,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -71,13 +94,33 @@
         "type": "github"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1776184304,
+        "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3c7524c68348ef79ce48308e0978611a050089b2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "mnw": {
       "locked": {
-        "lastModified": 1742255973,
+        "lastModified": 1777828893,
-        "narHash": "sha256-XfEGVKatTgEMMOVb4SNp1LYLQOSzzrFTDMVDTZFyMVE=",
+        "narHash": "sha256-gVWVnmyNr74BVKfhMMZDWkhx2699dhmZ2g0W8TTHtkk=",
         "owner": "Gerg-L",
         "repo": "mnw",
-        "rev": "b982dbd5e6d55d4438832b3567c09bc2a129649d",
+        "rev": "c1c0b544bfabe6669b5a6a0383ccb475fe60258b",
         "type": "github"
       },
       "original": {
@@ -86,44 +129,39 @@
         "type": "github"
       }
     },
-    "nil": {
+    "ndg": {
       "inputs": {
-        "flake-utils": [
-          "vimix",
-          "nvf",
-          "flake-utils"
-        ],
         "nixpkgs": [
           "vimix",
           "nvf",
           "nixpkgs"
-        ],
+        ]
-        "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1741118843,
+        "lastModified": 1776882296,
-        "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=",
+        "narHash": "sha256-DWZozXwMsgvUqfVlL1mQ8dOxW7GJ/8CdyaDN+1niZRg=",
-        "owner": "oxalica",
+        "owner": "feel-co",
-        "repo": "nil",
+        "repo": "ndg",
-        "rev": "577d160da311cc7f5042038456a0713e9863d09e",
+        "rev": "ab7d78d4884b3a34968cf9fa3d16c0c1246d5c6e",
         "type": "github"
       },
       "original": {
-        "owner": "oxalica",
+        "owner": "feel-co",
-        "repo": "nil",
+        "ref": "refs/tags/v2.6.0",
+        "repo": "ndg",
         "type": "github"
       }
     },
     "nix-darwin": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1761339987,
+        "lastModified": 1775037210,
-        "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=",
+        "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de",
+        "rev": "06648f4902343228ce2de79f291dd5a58ee12146",
         "type": "github"
       },
       "original": {
@@ -132,13 +170,29 @@
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1775490113,
+        "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1752596105,
+        "lastModified": 1765934234,
-        "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=",
+        "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708",
+        "rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
         "type": "github"
       },
       "original": {
@@ -150,23 +204,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1730504152,
+        "lastModified": 1777168982,
-        "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
+        "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
-      }
-    },
-    "nixpkgs-lib_2": {
-      "locked": {
-        "lastModified": 1740877520,
-        "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
+        "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
         "type": "github"
       },
       "original": {
@@ -177,27 +219,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1747728033,
+        "lastModified": 1775710090,
-        "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=",
+        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1761114652,
-        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
         "type": "github"
       },
       "original": {
@@ -207,13 +233,29 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
       "locked": {
-        "lastModified": 1760596604,
+        "lastModified": 1775036866,
-        "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=",
+        "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43",
+        "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1775888245,
+        "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "13043924aaa7375ce482ebe2494338e058282925",
         "type": "github"
       },
       "original": {
@@ -225,11 +267,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1744098102,
+        "lastModified": 1777578337,
-        "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=",
+        "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7",
+        "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
         "type": "github"
       },
       "original": {
@@ -241,16 +283,16 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1743076231,
+        "lastModified": 1774386573,
-        "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=",
+        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6c5963357f3c1c840201eda129a99d455074db04",
+        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -259,14 +301,15 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "noctalia-qs": "noctalia-qs"
       },
       "locked": {
-        "lastModified": 1769187095,
+        "lastModified": 1776240823,
-        "narHash": "sha256-1EpJcnYSIpkHnMChluK6LoDtOkjkPOl/zqhZyqGefqs=",
+        "narHash": "sha256-QAdipw26rtLJWKY7EWX7k+pyvCQwF4+PObggxWbiT74=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "ee2e9cdb0c7618e00d4c78b359d461733416a673",
+        "rev": "76b03be48965cb01faabe167f80a8995fb76a92e",
         "type": "github"
       },
       "original": {
@@ -275,21 +318,44 @@
         "type": "github"
       }
     },
+    "noctalia-qs": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "nixpkgs"
+        ],
+        "systems": "systems",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1775957204,
+        "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86",
+        "type": "github"
+      },
+      "original": {
+        "owner": "noctalia-dev",
+        "repo": "noctalia-qs",
+        "type": "github"
+      }
+    },
     "nvf": {
       "inputs": {
+        "flake-compat": "flake-compat",
         "flake-parts": "flake-parts_2",
-        "flake-utils": "flake-utils",
         "mnw": "mnw",
-        "nil": "nil",
+        "ndg": "ndg",
         "nixpkgs": "nixpkgs_6",
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1744192993,
+        "lastModified": 1777837065,
-        "narHash": "sha256-dvMcjQ2yKD21qnP6ylgo5Gj6d0FYKvATe6S6Zf8X0J4=",
+        "narHash": "sha256-uRD6a4uNno3SsAw0E0E6xqbiK7pX63Ad1F37q5fyz9g=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "67d9aa7cb585b315473b9558c307db5ccdc9f9bb",
+        "rev": "7ec206a5d9a7d5d27900d81a6bb382823902276d",
         "type": "github"
       },
       "original": {
@@ -298,49 +364,48 @@
         "type": "github"
       }
     },
+    "prixdugaz": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1777505579,
+        "narHash": "sha256-e1oq8b4hFTH/C2zyGdRB4X4BdFg+wrf3yw7JjHav++w=",
+        "ref": "refs/heads/main",
+        "rev": "ed8b91db4647564f21b376fea6390c1167dcc027",
+        "revCount": 35,
+        "type": "git",
+        "url": "ssh://git@github.com/Polensky/prixdugaz"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@github.com/Polensky/prixdugaz"
+      }
+    },
     "root": {
       "inputs": {
         "disko": "disko",
+        "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
-        "nixpkgs": "nixpkgs_3",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_2",
         "noctalia": "noctalia",
+        "prixdugaz": "prixdugaz",
         "sops-nix": "sops-nix",
         "vimix": "vimix"
       }
     },
-    "rust-overlay": {
-      "inputs": {
-        "nixpkgs": [
-          "vimix",
-          "nvf",
-          "nil",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1741055476,
-        "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "aefb7017d710f150970299685e8d8b549d653649",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1760998189,
+        "lastModified": 1776119890,
-        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
+        "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
+        "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
         "type": "github"
       },
       "original": {
@@ -351,16 +416,16 @@
     },
     "systems": {
       "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347949,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
         "type": "github"
       }
     },
@@ -379,6 +444,43 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "noctalia",
+          "noctalia-qs",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775636079,
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
     "vimix": {
       "inputs": {
         "flake-parts": "flake-parts",
@@ -386,11 +488,11 @@
         "nvf": "nvf"
       },
       "locked": {
-        "lastModified": 1752113669,
+        "lastModified": 1777899228,
-        "narHash": "sha256-Szf9YJ9u51zK7tGdX39e/7mGjgFX8oa5S/ro6+AoJlY=",
+        "narHash": "sha256-BtBQzhkhBEIpPfx6gEOo84tIPQmJecqSE3WyDvCfE3Y=",
         "owner": "Polensky",
         "repo": "vimix",
-        "rev": "7dc2e5e1050ca567809a228eacc8da381778cc05",
+        "rev": "1bc9e35738fb9dc50ef0935bc9c03f734dd8426b",
         "type": "github"
       },
       "original": {

flake.nix

@@ -10,76 +10,78 @@
       url = "github:noctalia-dev/noctalia-shell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    prixdugaz.url = "git+ssh://git@github.com/Polensky/prixdugaz";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
   };
 
-  outputs = {
+  outputs = { nixpkgs, nix-darwin, sops-nix, disko, home-manager
-    nixpkgs,
+    , nixos-hardware, ... }@inputs: {
-    nix-darwin,
+      nixosConfigurations = {
-    sops-nix,
+        default = nixpkgs.lib.nixosSystem {
-    disko,
+          specialArgs = { inherit inputs; };
-    ...
+          system = "x86_64-linux";
-  } @ inputs: {
+          modules = [
-    nixosConfigurations = {
+            nixos-hardware.nixosModules.dell-xps-13-9370
-      default = nixpkgs.lib.nixosSystem {
+            ./devices/xps13/configuration.nix
-        specialArgs = {inherit inputs;};
+            ./modules
-        system = "x86_64-linux";
+          ];
-        modules = [
+        };
-          ./devices/xps13/configuration.nix
+        latoure = nixpkgs.lib.nixosSystem {
-          ./modules
+          specialArgs = { inherit inputs; };
-        ];
+          system = "x86_64-linux";
+          modules = [ ./devices/latoure/configuration.nix ./modules ];
+        };
+        asus = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs; };
+          system = "x86_64-linux";
+          modules = [ ./devices/asus/configuration.nix ./modules ];
+        };
+        server = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs; };
+          system = "x86_64-linux";
+          modules = [
+            disko.nixosModules.disko
+            sops-nix.nixosModules.sops
+            ./devices/server/configuration.nix
+            ./modules
+            inputs.prixdugaz.nixosModules.default
+          ];
+        };
+        pi = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs; };
+          system = "aarch64-linux";
+          modules = [
+            "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
+            ./devices/pi/configuration.nix
+            sops-nix.nixosModules.sops
+            {
+              sdImage.compressImage = false;
+              nixpkgs.overlays = [
+                (final: super: {
+                  makeModulesClosure = x:
+                    super.makeModulesClosure (x // { allowMissing = true; });
+                })
+              ];
+            }
+          ];
+        };
       };
-      latoure = nixpkgs.lib.nixosSystem {
+      darwinConfigurations = {
-        specialArgs = {inherit inputs;};
+        "mbp-m4" = nix-darwin.lib.darwinSystem {
-        system = "x86_64-linux";
+          modules = [ ./devices/macbook/configuration.nix ];
-        modules = [
+          specialArgs = {
-          ./devices/latoure/configuration.nix
+            inherit inputs;
-          ./modules
+            system = "aarch64-darwin";
-        ];
+          };
-      };
-      asus = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
-        system = "x86_64-linux";
-        modules = [
-          ./devices/asus/configuration.nix
-          ./modules
-        ];
-      };
-      server = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
-        system = "x86_64-linux";
-        modules = [
-          disko.nixosModules.disko
-          ./devices/server/configuration.nix
-          ./modules
-        ];
-      };
-      pi = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
-        system = "aarch64-linux";
-        modules = [
-          "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
-          ./devices/pi/configuration.nix
-          sops-nix.nixosModules.sops
-          {
-            sdImage.compressImage = false;
-            nixpkgs.overlays = [
-              (final: super: {
-                makeModulesClosure = x:
-                  super.makeModulesClosure (x // {allowMissing = true;});
-              })
-            ];
-          }
-        ];
-      };
-    };
-    darwinConfigurations = {
-      "mbp-m4" = nix-darwin.lib.darwinSystem {
-        modules = [./devices/macbook/configuration.nix];
-        specialArgs = {
-          inherit inputs;
-          system = "aarch64-darwin";
         };
       };
     };
-  };
 }

modules/default.nix

@@ -1,5 +1 @@
-{...}: {
+{ ... }: { imports = [ ./pocketbase.nix ]; }
-  imports = [
-    ./pocketbase.nix
-  ];
-}

modules/pocketbase.nix

@@ -1,10 +1,5 @@
-{
+{ config, pkgs, lib, ... }:
-  config,
+let cfg = config.services.pocketbase;
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.services.pocketbase;
 in {
   options.services.pocketbase = {
     enable = lib.mkEnableOption "PocketBase backend";
@@ -12,7 +7,8 @@ in {
     dataDir = lib.mkOption {
       type = lib.types.path;
       default = "/var/lib/pocketbase";
-      description = "Working directory containing the PocketBase binary and data.";
+      description =
+        "Working directory containing the PocketBase binary and data.";
     };
 
     openFirewall = lib.mkOption {
@@ -47,19 +43,18 @@ in {
       description = "Log file used for both stdout and stderr.";
     };
 
-    package = lib.mkPackageOption pkgs "pocketbase" {};
+    package = lib.mkPackageOption pkgs "pocketbase" { };
   };
 
   config = lib.mkIf cfg.enable {
     # Optional: ensure the directory exists with proper ownership
-    systemd.tmpfiles.rules = [
+    systemd.tmpfiles.rules =
-      "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -"
+      [ "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" ];
-    ];
 
     systemd.services.pocketbase = {
       description = "PocketBase";
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
-      after = ["network.target"];
+      after = [ "network.target" ];
 
       serviceConfig = {
         Type = "simple";
@@ -71,7 +66,11 @@ in {
         WorkingDirectory = cfg.dataDir;
 
         ExecStart = ''
-          ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port}
+          ${
+            lib.getExe cfg.package
+          } serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${
+            toString cfg.port
+          }
         '';
 
         # Switch to systemd stdout/stderr logging by default
@@ -80,8 +79,7 @@ in {
         StandardError = "append:${cfg.logFile}";
       };
     };
-    networking.firewall = lib.mkIf cfg.openFirewall {
+    networking.firewall =
-      allowedTCPPorts = [cfg.port];
+      lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
-    };
   };
 }

secrets/secrets.yaml

@@ -1,21 +1,37 @@
 pi_user_pass: ENC[AES256_GCM,data:X5u07UvEov5eYWks,iv:SPDFU01/5WThCSZjj1pExNZENhmIG2W6LvHfpPH5TS0=,tag:z5bhJ2TrX6Bevd40O1nPxg==,type:str]
+luna_telegram_token: ENC[AES256_GCM,data:LWzEamz5SFK4HC+zR+6seTrVsTR0kQGETD6DSHMW3fMeFbUQm6/K+d8mc6Wg7w==,iv:LqvyTIkniNiqEAK76+Uqq4cYHnddmjMId+HQBjHk68o=,tag:knP6aqkLwGeEIAYMyET3Xg==,type:str]
+luna_gateway_token: ENC[AES256_GCM,data:NV13qS8Vj0/HcvPM34Z90kFBoezpKeyhYKIWfU8zkHbOK7pHkl8yNACmUBszgjhbP4baqmO61isd94TxN4AjoA==,iv:j+9SfQoRMWeZbCjAm6/D5hwDBLl/0IOyu34DYphWz2o=,tag:od78mpifFMajv9eQfmnp1w==,type:str]
+ollama_api_key: ENC[AES256_GCM,data:ZaTeAcipRZBsZ0krHhc/UNZ0+P4AaA2aT3WHGKkg4PaikYB+TWXPGYV+BjTbn2KOXynabwwNwIyT,iv:Po25iPPd7VlYfaYqtDrLEbjZBdJ7af8mgEW8tYgs3iM=,tag:CMl2ECJxRTIB+AFND+9tKQ==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRy9DblE4WnhEc1kvcjcw
-            dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj
+            ZVBEeVVoRUMxNUZ6Q09QZXdYcEZaSGp0UHpFCnc3UnZOZThLdDYwN05GUjJqYnhK
-            V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi
+            Z0tZMXo2N0J4R2ZPLzRLcS83QVRBZncKLS0tICs3dDVIV0s2ZTRBQk5wMVE3WjVP
-            b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb
+            NENYZHlvR3U3Um5XWm90RW01eEM3eHMKewyXEa9TInEFz65LoDo8BHBdjibdYF4r
-            glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A==
+            DGQtPlYF5yuVd8PVMATxMBhs/6hXJLfK2Y54NEeJo2gydyq11Lpm2Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-07T04:04:03Z"
+        - recipient: age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2
-    mac: ENC[AES256_GCM,data:7UGKhfZg3SNg1f74nQiax4F7CB8NC12uIpTlQDtb8d1iiu5AdPZHwzlkpXbzkIp26g61pI8qXcvdjmToWjaWzsbUZ2Mo8/HEzOtV8HzxAeQFAyYBhIFAS0q0WzN/yijI7fQeHKnhZ/YCUuHQAZ94bBBSnkVTVOKf6mR7Pu1klr4=,iv:DzOwKxrcJse6yyOw+l7+wgEGBI36HWnebLE7js4VRiE=,tag:BIR67kZzZJZo+Kfie4wIvw==,type:str]
+          enc: |
-    pgp: []
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMlBaWURCSTd6cjRYTTB1
+            VWQvTHBFaDgrMFRpb0crRld6ZjVOUXkrb0cwCnFpcE1nSERwUlowRW54SnEwTk9u
+            S2N1Rm9kUCtWM3pEWmh1aE1HU3oxT1UKLS0tIE5HSXdFT29XazloR0VjVDVqQWVq
+            RURoYXdtZFh2djVaem15Qjk4UFhBOEEKEjAuKJ8vpVKoBO8ioyH4EcXVmEkfwrQh
+            JtDzik9QwZgUNdamWu5BhDlNA1Jmu87VYchhR4CXIS5OG4ticUqr7g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodExKajhTZzRZdWlXWG9n
+            V09sRDZrK0gvaDI4TmtzUmR0cUF0OFl1OGxJCmNUMk5aWkV3LzYzeTJJMDFlR0p4
+            Qlp0STk4dFN3WGswb05BRHlOQit2VGMKLS0tIGJTVkp0Y1Yrd2pqMm1yUlJaYkMy
+            TzlCMWpMQ1hRMTRObWNyN2Q0YWtsZmcKFHVmvu6U0Qw+EUsBEmdST2cyQ3rZyh6w
+            62vmALGxE2NWDYQmwtHJmYqeO14HHEDclUErQiCmUt+hLgOLF2MxwA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-09T02:00:03Z"
+    mac: ENC[AES256_GCM,data:2/JIsd2iOg2yTMzxwnVuk1pKxNJy80g09SgcCLLP0rwziKNORELQw5z8ipgVxRee2irqPSNFsAPfvjQFnq3nGOKuf1zbSATOzt4yySWigS7Q7il1OEtf6rdNXPruTQU+R8R3ZpqE0IhYZ1iPyCU+vIlBdHzgLEThdnQeWE3XvAc=,iv:Xc7uCgvHysg3w/fAC1aPLozU1tROcywRlWQLS/kUCYQ=,tag:c5NF6cjqaCJ8r6tfPVuUxw==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.11.0