feat: remove depreciated options

.sops.yaml

@@ -9,6 +9,7 @@ keys:
     - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
     - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
     - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
+    - &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
     - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
 
 creation_rules:
@@ -22,6 +23,7 @@ creation_rules:
           - *arcturus
           - *alpha
           - *vega
+          - *node
           - *capella
   - path_regex: hosts/sirius/secrets.yaml$
     key_groups:

README.md

@@ -23,7 +23,7 @@
 ## Hosts
 
 |     | Hostname   | Board             | CPU                | RAM   | GPU                       | Purpose                                                                          |
-| --- | ---------- | ----------------- | ------------------ | ---- | ------------------------- | ---------------------------------------------------------------------------------- |
+| --- | ---------- | ----------------- | ------------------ | ----- | ------------------------- | -------------------------------------------------------------------------------- |
 | 🖥️  | `sirius`   | MSI X570-A Pro    | Ryzen 7 5700X3D    | 64GB  | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux.                      |
 | 💻  | `canopus`  | Asus Zephyrus G15 | Ryzen 9 5900HS     | 16GB  | RTX 3060                  | Optimized for productivity on the go and some gaming.                            |
 | ☁️  | `homelab`  | Minisforum MS-A1  | Ryzen 7 8700G      | 32GB  | Radeon 780M               | WIP                                                                              |
@@ -32,38 +32,122 @@
 | 🥔  | `vega`     | Raspberry Pi 3B+  | Cortex A53         | 1GB   |                           | Running AdGuard Home for network-wide ad blocking.                               |
 | 📱  | `capella`  | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB  | Adreno 830                | Primary mobile for daily usage. (Locked)                                         |
 | 📱  | `rigel`    | Motorola Edge 30  | Snapdragon 778G+   | 8GB   | Adreno 642L               | Secondary mobile for some fun. (Rooted)                                          |
-| ☁️  | `node`     | KVM               | i9-13900           | 64GB |                           | Running Ethereum and BSC nodes. Currently in the process of migrating from Ubuntu. |
+| ☁️  | `node`     | ASRock B565D4     | Ryzen 9 5950X      | 128GB |                           | Running Ethereum and BSC nodes.                                                  |
 
 ## Installation
 
-Boot into NixOS bootable USB and then enter the following commands
+> [!NOTE]  
+> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
+
+### Prerequisites
+
+Boot into the NixOS bootable USB before proceeding with the installation steps.
+
+### Installation Steps
+
+#### 1. Clone the repository
+
+```bash
+git clone https://github.com/tuxdotrs/nix-config.git
+cd nix-config
+```
+
+#### 2. Gain root privileges
+
+```bash
+sudo su
 
 ```
-# Clone this repositry
-git clone https://github.com/tuxdotrs/nix-config.git
 
-# Navigate to the repository directory
+#### 3. Set up disk partitioning
-cd nix-config
 
-# Install disko for disk partitioning
+Install the required tools:
-nix-shell -p disko
 
-# Partition the disk and make sure to replace DISK_PATH (eg. /dev/vda)
+```bash
+nix-shell -p disko neovim
+```
+
+Partition your disk using disko. **This will wipe your drive.** Replace `DISK_PATH` with your actual disk path (e.g., `/dev/vda` or `/dev/nvme0n1`):
+
+```bash
 disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"'
+```
 
-# Generate the hardware.nix file for your system
+#### 4. Configure your disk
+
+Edit the configuration file:
+
+```bash
+nvim ./hosts/canopus/default.nix
+```
+
+In the imports statement, replace:
+
+```nix
+(import ./disko.nix {device = "/dev/nvme0n1";})
+```
+
+with:
+
+```nix
+(import ./disko.nix {device = "DISK_PATH";})
+```
+
+Make sure to replace `DISK_PATH` with your actual disk path.
+
+#### 5. Generate hardware configuration
+
+```bash
 nixos-generate-config --no-filesystems --root /mnt
+```
 
-# Replace the hardware.nix with generated one
+Copy the generated hardware configuration to the repository:
+
+```bash
 cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix
+```
 
-# Install
+#### 6. Install NixOS
+
+```bash
 nixos-install --root /mnt --flake .#canopus
+```
 
-# Reboot to your beautiful DE
+#### 7. Enter into the new system
+
+```bash
+nixos-enter --root /mnt
+```
+
+#### 8. Set up directories and permissions
+
+```bash
+mkdir -p /persist/home
+chown -R tux:users /persist/home
+```
+
+#### 9. Set passwords
+
+Set the root password:
+
+```bash
+passwd root
+```
+
+Set the user password:
+
+```bash
+passwd tux
+```
+
+#### 10. Reboot
+
+```bash
 reboot
 ```
 
+Your NixOS system should now boot into a beautiful DE.
+
 ## Components
 
 |               | Wayland  | Xorg             |

flake.nix

@@ -66,6 +66,7 @@
       alpha = nixosSystem (mkNixOSConfig "alpha");
       sirius = nixosSystem (mkNixOSConfig "sirius");
       vega = nixosSystem (mkNixOSConfig "vega");
+      node = nixosSystem (mkNixOSConfig "node");
       vps = nixosSystem (mkNixOSConfig "vps");
       isoImage = nixosSystem (mkNixOSConfig "isoImage");
       homelab = nixosSystem (mkNixOSConfig "homelab");
@@ -85,6 +86,7 @@
         alpha = mkNixOSNode "alpha";
         sirius = mkNixOSNode "sirius";
         vega = mkNixOSNode "vega";
+        node = mkNixOSNode "node";
         homelab = mkNixOSNode "homelab";
         capella = mkDroidNode "capella";
         rigel = mkDroidNode "rigel";
@@ -166,5 +168,6 @@
     impermanence.url = "github:nix-community/impermanence";
     deploy-rs.url = "github:serokell/deploy-rs";
     nixcord.url = "github:kaylorben/nixcord";
+    lan-mouse.url = "github:feschber/lan-mouse";
   };
 }

hosts/alpha/default.nix

@@ -153,6 +153,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/arcturus/default.nix

@@ -19,7 +19,7 @@
     ../../modules/nixos/selfhosted/headscale.nix
     ../../modules/nixos/selfhosted/vaultwarden.nix
     ../../modules/nixos/selfhosted/gitea.nix
-    ../../modules/nixos/selfhosted/plausible.nix
+    ../../modules/nixos/selfhosted/umami.nix
     ../../modules/nixos/selfhosted/monitoring/grafana.nix
     ../../modules/nixos/selfhosted/monitoring/loki.nix
     ../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -35,6 +35,18 @@
   ];
 
   tux.services.openssh.enable = true;
+  tux.containers.aiostreams = {
+    enable = true;
+    port = 4567;
+    environment = {
+      ADDON_ID = "aiostreams.tux.rs";
+      BASE_URL = "https://aiostreams.tux.rs";
+    };
+
+    environmentFiles = [
+      config.sops.secrets."aiostreams".path
+    ];
+  };
 
   sops.secrets = {
     borg_encryption_key = {
@@ -81,6 +93,14 @@
     "cs2_secrets/CS2_PW" = {
       sopsFile = ./secrets.yaml;
     };
+
+    aiostreams = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    umami = {
+      sopsFile = ./secrets.yaml;
+    };
   };
 
   nixpkgs = {
@@ -144,7 +164,13 @@
 
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443 22 3333 8081];
+      allowedTCPPorts = [
+        80
+        443
+        22
+        3333
+        8081
+      ];
     };
   };
 
@@ -207,6 +233,9 @@
     ];
   };
 
+  users.users.${username} = {
+    linger = true;
+  };
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/arcturus/secrets.yaml

@@ -11,11 +11,9 @@ cs2_secrets:
     SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
     CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
     CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
+aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
+umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -35,8 +33,7 @@ sops:
             NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
             uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-24T12:59:25Z"
+    lastmodified: "2025-11-14T08:22:34Z"
-    mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
+    mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.11.0

hosts/canopus/default.nix

@@ -21,8 +21,9 @@
     ../../modules/nixos/steam.nix
   ];
 
+  hardware.nvidia-container-toolkit.enable = true;
   tux.services.openssh.enable = true;
-
+  tux.packages.distrobox.enable = true;
   nixpkgs.config.cudaSupport = true;
 
   sops.secrets = {
@@ -60,7 +61,7 @@
       ];
 
       # Facilitate firewall punching
-      allowedUDPPorts = [41641];
+      allowedUDPPorts = [41641 4242];
 
       allowedTCPPortRanges = [
         {
@@ -183,7 +184,6 @@
   programs = {
     ssh.startAgent = true;
     xfconf.enable = true;
-    file-roller.enable = true;
     thunar = {
       enable = true;
       plugins = with pkgs.xfce; [
@@ -193,7 +193,7 @@
     };
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
     nm-applet.enable = true;
     noisetorch.enable = true;
@@ -235,14 +235,6 @@
       openDefaultPorts = true;
     };
 
-    xserver = {
-      enable = true;
-      xkb = {
-        layout = "in";
-        variant = "eng";
-      };
-    };
-
     libinput.touchpad.naturalScrolling = true;
     libinput.mouse.accelProfile = "flat";
 

hosts/canopus/home.nix

@@ -11,7 +11,7 @@
     ../../modules/home/wezterm
     ../../modules/home/ghostty
     ../../modules/home/desktop/rofi
-    ../../modules/home/barrier
+    ../../modules/home/lan-mouse
     ../../modules/home/firefox
     ../../modules/home/brave
     ../../modules/home/vs-code
@@ -28,6 +28,7 @@
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   qt = {
@@ -76,7 +77,6 @@
     copyq
     vlc
     tor-browser
-    distrobox
     bluetui
     impala
   ];
@@ -90,12 +90,14 @@
       "Videos"
       "Projects"
       "Stuff"
+      "Distrobox"
       "go"
       ".mozilla"
       ".ssh"
       ".wakatime"
       ".rustup"
       ".cargo"
+      ".steam"
       ".cache/spotify-player"
       ".config/BraveSoftware"
       ".config/copyq"

hosts/common/default.nix

@@ -15,7 +15,9 @@
     ../../modules/nixos/selfhosted/upstream-proxy.nix
     ../../modules/nixos/selfhosted/tfolio.nix
     ../../modules/nixos/selfhosted/cyber-tux.nix
+    ../../modules/nixos/selfhosted/containers/aiostreams.nix
     ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/distrobox.nix
   ];
 
   sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
   home-manager = {
     backupFileExtension = "hm-backup";
     useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs username email;};
+    extraSpecialArgs = {
+      inherit
+        inputs
+        outputs
+        username
+        email
+        ;
+    };
     users.${username} = {
       imports = [
         ./home.nix

hosts/common/secrets.yaml

@@ -1,79 +1,88 @@
-tux-password: ENC[AES256_GCM,data:68ZXKJMBBLV1mkNP9LFf+xC5arsARqKPFQAtmfag3ftip1suuZ1FmQICqsuCqXgGuwcSfH4ACkuiQ769u4aI7+jPxs0A62hFig==,iv:Yx9EfqChjBtgxxkWmayfKWoE498w4wUYoS353cMUMsI=,tag:Zr3KuIiXsi2VahRZ7Ncpig==,type:str]
+tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str]
 sops:
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWblJrWjErZC81d1IzTHV6
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6
-            ZUkwTEhRdVdTTlJQb1pocnpnSkdZSWNTelVFCkJLR3VwT2dwM3IydCtkZ24yLzVF
+            Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO
-            ei9xMG51djNldnZkSnVqeEtsVFNSMkEKLS0tIGNEdi9OV0ZjVW93SUUyVURpT2tR
+            R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK
-            U3ZybTNac1JvVW9zTy9ocE5FUkpQTjAK2lAp5MC3B779uSWaOOxbnfdAa9xYDCL2
+            WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS
-            TloXlxfuYKe0j9Z2TIlYOa6z+/m8upOpE42Ux0qjZprE1LBq3g5uMA==
+            Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZGdNSG5ER0JxbWhNanJU
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj
-            WGlCZlIyT3JLWnFkSnBaakkyMXZBU0o0cjFVCml5VDB2d2dJTGkvVDh5M1NweXl1
+            RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03
-            ajl3R2RUWmtwWU5RUlpsVFIvM3R0cUUKLS0tIFNkbmtrRGdrcUFibDlldncrbjg2
+            T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr
-            TWJ1UFh5RnI2VDRocnZ0VVNmd2JRSVEKmqNV4dADO9ZxTjlDgMC5fNdioJrO6vrN
+            UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r
-            vTg3lTrwOTZ/TCg9PS2T5QEX9fZh2UthCEisPO7p1Q81Gyk7ySg2ow==
+            x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWRuaHIvT3BSZ2M0OUla
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV
-            YWhSa2Q5SDJNbkRLQUZxaVFISmJENTIxc0hrCjlKTVBCK2g2WWNNNlNJQ25sMjVY
+            MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV
-            TURsSkNsbTQwRGlyU3NySis5azNvTVUKLS0tIGZHUEh3NHMyVXN5T0pXOWpOT1JP
+            VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0
-            UmZSM1J0elprbVBUZzU5QjVLRnVxNWsKFVdUQcKiHaSDR2+GqafXvoRQ0yyiKMcy
+            b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA
-            /UP/yCMoNUYIpiv4ocRhtDj4QrrO6NdJJTUifMkB9I1B6R7B7NG/gw==
+            CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeEpwakIyMkRYN1c0bUNy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F
-            eDFpUGlkTW02NWE1VlYxYnNsQTJ1NHIyWVY4ClI3VHlSWW1IK3I3SHY5YXN5S09q
+            d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT
-            OU5aSXVXU0FVU1VrNGlCTzFKWm95ZkkKLS0tIGV0Sy9LYlBuTm4xa2Zkc3JoaWo0
+            V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1
-            ZXllYnMwaXBXTW5vVVhoNXVFcEwvdlEKbuiT2/Isi3nsx/r3whpX6RiLEtsLMm6f
+            Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA
-            2A3bKpz1+MUupE6umEIBCXc+k58W6VhBkdrMxGtxZt1ZeA8ftz4bVA==
+            C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFUwbXoyUnZGMElMdldX
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE
-            UkJseC9XWEU3Vks2eGdYbHFjUjZMUVVGbkY0ClNIWFMvWEl1eDRncEt1dy9iVS81
+            NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16
-            ZE1rN25lR0w0Wno2OHZDZTRhSTVXVDgKLS0tIG9jNmFkdGxoRmRCT1RJQjVlOUJa
+            V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx
-            R0kxbllzMXZML1J6MitXSGhSTkF0MEkK8g7s87t956UTDtQO+IUEXe2B6WNM+KfH
+            aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4
-            aRobwCjvXcv5I8G+gkNll23MYlLMBRZ1qkeq24R0xA7cMYXj5APUsA==
+            i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bTBEck44R2ZxS0M3Ris1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R
-            VllxeEgyTjRWcHp3RUdpMytFQ0podkxXT1JrCi9VU2U2SHFrd1dPb3RESkQ4OGhi
+            QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv
-            RjZVVTZWQUVXSUxqaG5KVkJxQ0RCQncKLS0tIDJiVGpIU0NjelVCZkloOGhxQTdV
+            bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6
-            eHlaVm9iUFk2YThXZnU5SVpHUVVHbkEKcmUvbINRqmkkvXyyskNJ4eYD7VdQnxqg
+            Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o
-            7VuWV7zUK5ZVPv9kJiUl3OB3vNU8U15sNIdAjCp8//RtNkRyDJMgEQ==
+            /+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVjU1Vy9tMkp5MS96Si9v
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4
-            bnB4OHpzdktPeStYZHFZTXVmSWphMkxFQkRZCjEvTEpZY1I4TWNlM0c4Wi9nUVhx
+            T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G
-            dktvOXdXQ0M1YzhVU3BlOUZ4Tjkrd28KLS0tIC9NT0NKZTd0VUVUQTB6UHhDSVVw
+            ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG
-            eFM1Q1JOVXZoSXltRVZpaTNTUWhNa3MKFoY5bWWQS9qh0j8sgIgRA4jT6sl0xRkC
+            ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr
-            Tu0WUz344TzkJFuy7MgOpviQMqAijmbyYjaRSdS3CLGHvTKY8GcpOA==
+            cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr
+            aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp
+            QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2
+            emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx
+            XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYlpXRGNpQVZTQ3hZK2lr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw
-            L2xodmhycTlRczN1c2Zib3RoeGlxQTAwTVRRCkJ1aWc3bzAyNnlMbUhuK2YwTXBq
+            aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv
-            Q1VhUUtWWXU0RXY2NG5jMG90dis4bEUKLS0tIHlkRkdCV0ZvU2pLZDRlN2h6c0JO
+            QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G
-            TTNtbGY1UWV5K3VQWjk5WlgyNUd1UVkK+XeX8vK4K2DJaWtFE91YGg/58M09rwuj
+            bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL
-            VVcMIPPPO1+KD16HTe1b8bVPeNfpIj9p3ybew3ILducyrYiRrxzGwg==
+            5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-10T10:14:47Z"
+    lastmodified: "2025-11-04T09:28:17Z"
-    mac: ENC[AES256_GCM,data:fmBWLOOCvJLfKSNG14zd9cBEa9+M4dJ7UtR+SZfGEcoGtBPmX1c6ZR8OgB+I45WkpT+Ho8kwQMcnD0n6IWzg946OEzIZjNuCds/wM1cCd3LjjlqwKnN1QGL5DNSIyi5CFzrjvvFtZCsw2acNjxtK86JujhpOivdVKC/kGkJzF0M=,iv:g0jXzrtU53YpW/NIb8ulmOGSJIXMA1Wady6DlOMA9aU=,tag:zf7WmNNYcFO9Rtynm5vaUg==,type:str]
+    mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0

hosts/homelab/default.nix

@@ -23,6 +23,21 @@
     discord_token = {
       sopsFile = ./secrets.yaml;
     };
+
+    hyperbolic_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    gemini_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    open_router_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
   };
 
   tux.services.cyber-tux = {
@@ -109,7 +124,7 @@
   programs = {
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
   };
 
@@ -141,6 +156,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/homelab/secrets.yaml

@@ -1,9 +1,8 @@
 discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
+hyperbolic_api_key: ENC[AES256_GCM,data:t8xjjzhgvM9BXiB5jDc2RR384d+mL5zXr+/obDLMm2J+IN+Xw9fr4iz50CTQ5ZMWWMoPjxzY5vgiJ+h71BsDRM0TvBMWuXd2ihKOIZOVo6OQmCX/SeKUgkjunFqz+YKcxsLsF7ZG/tOgWGqMmxom8iGV7LELKG/8MLDCF50YgJNO568MJMUU,iv:Cf+mSG2dxsRclDy8k7gK+hi+Qd5J7wqfS9SQztRob80=,tag:Io4aAFa29SUsfuPFI2/+DA==,type:str]
+gemini_api_key: ENC[AES256_GCM,data:GJWo7dXSaUbl2Q9h+Sc1sRF0g+82LyHk3mKFqDaBmRdalvyGwMvp,iv:odLpACXHVqxWIj7e/u6AY1pxjYX+e10Lezne1BlHl60=,tag:qO3zcz/93eHuEzG66zwwdA==,type:str]
+open_router_api_key: ENC[AES256_GCM,data:ETiZEngQRnOrJtDXSDfBanzbUyThTAu9BSQCL1tuVv07CCWJaXUui9Y0kS9oIO5to655FON3C0RxovTGx6rWQwOMKeEn5bHUHA==,iv:ePJzHKFWddkLGfydPi6uEzvksm7Djln/DBV88Jc1ugA=,tag:Eb7eYPMC0DlqtT7OFK4UuA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -23,8 +22,7 @@ sops:
             Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
             vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-15T12:45:59Z"
+    lastmodified: "2025-10-14T06:52:16Z"
-    mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
+    mac: ENC[AES256_GCM,data:/p5Mbonr1YcrDgBIi+wFFPnNKsn74kuWf/EloNDnVWg59LuBy3nhrfXHUvbwlX7vLbSLozbuAHKTDcQ0+OUXJTYvMRApAGVh9HrvQFEQuOPOkwN8/qtdvwduInetX3t7PLWu4vbCVhl1v2BzJyEVQ9tzn7+8zEJhDDS7cPsZ9Is=,iv:GPJxjmOQPAqh0TulLhhX4UX+5FrZizCtDOkQa9xxaXY=,tag:Vv33D3wubWBDVOxdKOMENQ==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2

hosts/isoImage/default.nix

@@ -35,7 +35,10 @@
     ssh.startAgent = true;
     thunar = {
       enable = true;
-      plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
+      plugins = with pkgs.xfce; [
+        thunar-archive-plugin
+        thunar-volman
+      ];
     };
     nm-applet.enable = true;
   };
@@ -51,16 +54,10 @@
     };
 
     logind = {
-      extraConfig = "HandlePowerKey=suspend";
+      settings.Login = {
-      lidSwitch = "suspend";
+        HandlePowerKey = "suspend";
-      lidSwitchExternalPower = "suspend";
+        HanldeLidSwitch = "suspend";
-    };
+        HandleLidSwitchExternalPower = "suspend";
-
-    xserver = {
-      enable = true;
-      xkb = {
-        layout = "in";
-        variant = "eng";
       };
     };
 
@@ -76,6 +73,7 @@
   fonts.packages = with pkgs.nerd-fonts; [
     fira-code
     jetbrains-mono
+    bigblue-terminal
   ];
 
   home-manager.users.${username} = {

hosts/isoImage/home.nix

@@ -3,21 +3,16 @@
     ../../modules/home/desktop/awesome
     ../../modules/home/desktop/hyprland
     ../../modules/home/picom
-    ../../modules/home/alacritty
     ../../modules/home/wezterm
-    ../../modules/home/ghostty
     ../../modules/home/desktop/rofi
-    ../../modules/home/barrier
     ../../modules/home/firefox
     ../../modules/home/brave
-    ../../modules/home/vs-code
-    ../../modules/home/mopidy
-    ../../modules/home/thunderbird
   ];
 
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   home.stateVersion = "24.11";

hosts/node/default.nix

@@ -0,0 +1,55 @@
+{
+  inputs,
+  username,
+  ...
+}:
+{
+  imports = [
+    inputs.disko.nixosModules.default
+
+    (import ./disko.nix {
+      device = "/dev/nvme0n1";
+      device2 = "/dev/nvme1n1";
+      device3 = "/dev/sda";
+    })
+    ./hardware.nix
+
+    ../common
+  ];
+
+  tux.services.openssh.enable = true;
+
+  boot.loader.grub.enable = true;
+
+  networking = {
+    hostName = "node";
+    networkmanager = {
+      enable = true;
+      wifi.powersave = false;
+    };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        8545
+        8546
+        9545
+        9546
+      ];
+    };
+  };
+
+  security.rtkit.enable = true;
+
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
+  home-manager.users.${username} = {
+    imports = [
+      ./home.nix
+    ];
+  };
+
+  system.stateVersion = "25.05";
+}

hosts/node/disko.nix

@@ -0,0 +1,87 @@
+{
+  device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
+  device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
+  device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1",
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      disk1 = {
+        type = "disk";
+        device = "${device}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      disk2 = {
+        type = "disk";
+        device = "${device2}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      hdd = {
+        type = "disk";
+        device = "${device3}";
+        content = {
+          type = "gpt";
+          partitions = {
+            data = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/mnt/hdd";
+              };
+            };
+          };
+        };
+      };
+    };
+    mdadm = {
+      raid0 = {
+        type = "mdadm";
+        level = 0;
+        content = {
+          type = "gpt";
+          partitions = {
+            primary = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/node/hardware.nix

@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/node/home.nix

@@ -0,0 +1,3 @@
+{...}: {
+  home.stateVersion = "25.05";
+}

hosts/sirius/default.nix

@@ -12,6 +12,11 @@
     ../../modules/nixos/virtualisation/docker.nix
   ];
 
+  hardware.nvidia-container-toolkit = {
+    enable = true;
+    suppressNvidiaDriverAssertion = true;
+  };
+
   tux.services.openssh.enable = true;
 
   sops.secrets = {
@@ -42,6 +47,7 @@
     enable = true;
     defaultUser = "${username}";
     useWindowsDriver = true;
+    interop.register = true;
   };
 
   networking.hostName = "sirius";
@@ -53,7 +59,7 @@
     nix-ld = {
       enable = true;
       libraries = config.hardware.graphics.extraPackages;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
 
     dconf.enable = true;

hosts/vega/default.nix

@@ -56,6 +56,7 @@
     enable = false;
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/vps/default.nix

@@ -91,6 +91,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

modules/home/barrier/default.nix

@@ -1,7 +0,0 @@
-{pkgs, ...}: {
-  # services.barrier.client.enable = true;
-
-  home.packages = with pkgs; [
-    barrier
-  ];
-}

modules/home/desktop/hyprland/default.nix

@@ -150,7 +150,6 @@
         mfact = 0.5;
         new_on_top = false;
         orientation = "left";
-        inherit_fullscreen = true;
         smart_resizing = true;
         drop_at_cursor = true;
       };

modules/home/desktop/hyprland/hyprpaper.nix

@@ -8,11 +8,11 @@
       splash_offset = 2.0;
 
       preload = [
-        "~/Wallpapers/mountain.jpg"
+        "~/Wallpapers/new/sunset-pixel.png"
       ];
 
       wallpaper = [
-        ", ~/Wallpapers/mountain.jpg"
+        ", ~/Wallpapers/new/sunset-pixel.png"
       ];
     };
   };

modules/home/git/default.nix

@@ -5,13 +5,15 @@
 }: {
   programs.git = {
     enable = true;
-    userName = "${username}";
-    userEmail = "${email}";
     signing = {
       key = "~/.ssh/id_ed25519.pub";
       signByDefault = true;
     };
-    extraConfig = {
+    settings = {
+      user = {
+        name = "${username}";
+        email = "${email}";
+      };
       init.defaultBranch = "main";
       commit.gpgSign = true;
       gpg.format = "ssh";

modules/home/lan-mouse/default.nix

@@ -0,0 +1,19 @@
+{inputs, ...}: {
+  imports = [
+    inputs.lan-mouse.homeManagerModules.default
+  ];
+
+  programs.lan-mouse = {
+    enable = true;
+    systemd = true;
+    settings = {
+      # release_bind = ["KeyA" "KeyS" "KeyD" "KeyF"];
+
+      port = 4242;
+
+      authorized_fingerprints = {
+        "30:66:b3:95:dc:6b:55:a4:9f:30:31:9c:3e:4d:70:03:33:c3:f0:6f:df:31:35:58:36:6e:80:2f:32:b2:ce:48" = "pc";
+      };
+    };
+  };
+}

modules/home/picom/default.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   services.picom = {
     enable = true;
-    package = pkgs.picom-next;
+    package = pkgs.picom;
 
     backend = "glx";
     vSync = true;

modules/home/wezterm/default.nix

@@ -1,11 +1,7 @@
-{
+{pkgs, ...}: {
-  inputs,
-  pkgs,
-  ...
-}: {
   programs.wezterm = {
     enable = true;
-    package = inputs.wezterm-flake.packages."${pkgs.system}".default;
+    package = pkgs.wezterm-git;
     enableZshIntegration = false;
 
     extraConfig = ''

modules/nixos/distrobox.nix

@@ -0,0 +1,112 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.packages.distrobox;
+in {
+  options.tux.packages.distrobox = {
+    enable = mkEnableOption "Enable DistroBox";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      distrobox
+
+      (writeShellScriptBin "dbox-create" ''
+        #!/usr/bin/env bash
+
+        # 1. Initialize variables
+        IMAGE=""
+        NAME=""
+
+        # Array to hold optional arguments (like volumes)
+        declare -a EXTRA_ARGS
+
+        # 2. Parse arguments
+        while [[ $# -gt 0 ]]; do
+          case $1 in
+            -i|--image)
+              IMAGE="$2"
+              shift 2
+              ;;
+            -n|--name)
+              NAME="$2"
+              shift 2
+              ;;
+            -p|--profile)
+              echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
+              # Add volume flags to the array
+              EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
+              shift 1
+              ;;
+            *)
+              echo "Unknown option $1"
+              exit 1
+              ;;
+          esac
+        done
+
+        if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
+            echo "Usage: dbox-create -i <image> -n <name> [-p]"
+            exit 1
+        fi
+
+        # 3. Define the custom home path
+        CUSTOM_HOME="$HOME/Distrobox/$NAME"
+
+        echo "------------------------------------------------"
+        echo "Creating Distrobox: $NAME"
+        echo "Location: $CUSTOM_HOME"
+        echo "------------------------------------------------"
+
+        # 4. Run Distrobox Create
+        # We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
+        ${pkgs.distrobox}/bin/distrobox create \
+          --image "$IMAGE" \
+          --name "$NAME" \
+          --home "$CUSTOM_HOME" \
+          "''${EXTRA_ARGS[@]}"
+
+        # Check exit code
+        if [ $? -ne 0 ]; then
+            echo "Error: Distrobox creation failed."
+            exit 1
+        fi
+
+        # 5. Post-Creation: Symlink Config Files
+        echo "--> Linking configurations to $NAME..."
+
+        # Helper function to symlink
+        link_config() {
+            SRC="$1"
+            DEST="$2"
+            DEST_DIR=$(dirname "$DEST")
+
+            # Create parent directory if it doesn't exist
+            mkdir -p "$DEST_DIR"
+
+            if [ -e "$SRC" ]; then
+                # ln -sf: symbolic link, force overwrite
+                ln -sf "$SRC" "$DEST"
+                echo "    [LINK] $DEST -> $SRC"
+            else
+                echo "    [SKIP] $SRC not found on host"
+            fi
+        }
+
+        # Create Symlinks
+        link_config "$HOME/.zshrc"                "$CUSTOM_HOME/.zshrc"
+        link_config "$HOME/.zshenv"               "$CUSTOM_HOME/.zshenv"
+        link_config "$HOME/.config/fastfetch"     "$CUSTOM_HOME/.config/fastfetch"
+        link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
+
+        echo "--> Done! Enter via: distrobox enter $NAME"
+      '')
+    ];
+  };
+}

modules/nixos/selfhosted/containers/aiostreams.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.containers.aiostreams;
+in {
+  options.tux.containers.aiostreams = {
+    enable = mkEnableOption "Enable AIOStreams";
+
+    port = mkOption {
+      type = types.int;
+      default = 3000;
+    };
+
+    environment = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
+
+    environmentFiles = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.aiostreams = {
+      autoStart = true;
+      image = "ghcr.io/viren070/aiostreams:latest";
+      ports = [
+        "${toString cfg.port}:3000"
+      ];
+
+      environment = cfg.environment;
+      environmentFiles = cfg.environmentFiles;
+    };
+
+    services.nginx.virtualHosts = {
+      "${cfg.environment.ADDON_ID}" = {
+        forceSSL = true;
+        useACMEHost = "tux.rs";
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/selfhosted/nextcloud.nix

@@ -19,7 +19,7 @@
     nextcloud = {
       enable = true;
       hostName = "cloud.tux.rs";
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud32;
       database.createLocally = true;
       configureRedis = true;
       maxUploadSize = "16G";

modules/nixos/selfhosted/umami.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  services = {
+    umami = {
+      enable = true;
+      settings = {
+        APP_SECRET_FILE = config.sops.secrets.umami.path;
+        PORT = 4645;
+      };
+      createPostgresqlDatabase = true;
+    };
+
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "umami.tux.rs" = {
+          forceSSL = true;
+          useACMEHost = "tux.rs";
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/virtualisation/qemu.nix

@@ -8,8 +8,6 @@
       enable = true;
       qemu = {
         swtpm.enable = true;
-        ovmf.enable = true;
-        ovmf.packages = [pkgs.OVMFFull.fd];
       };
     };
   };

overlays/default.nix

@@ -2,24 +2,25 @@
   additions = final: _prev: import ../pkgs {pkgs = final;};
 
   modifications = final: prev: {
-    awesome = inputs.nixpkgs-f2k.packages.${prev.system}.awesome-git;
+    awesome = inputs.nixpkgs-f2k.packages.${prev.stdenv.hostPlatform.system}.awesome-git;
-    ghostty = inputs.ghostty.packages.${prev.system}.default;
+    ghostty = inputs.ghostty.packages.${prev.stdenv.hostPlatform.system}.default;
-    tawm = inputs.tawm.packages.${prev.system}.default;
+    tawm = inputs.tawm.packages.${prev.stdenv.hostPlatform.system}.default;
-    tnvim = inputs.tnvim.packages.${prev.system}.default;
+    tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
-    tpanel = inputs.tpanel.packages.${prev.system}.default;
+    tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
-    ags = inputs.tpanel.packages.${prev.system}.ags.default;
+    ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
-    tfolio = inputs.tfolio.packages.${prev.system}.default;
+    tfolio = inputs.tfolio.packages.${prev.stdenv.hostPlatform.system}.default;
-    trok = inputs.trok.packages.${prev.system}.default;
+    trok = inputs.trok.packages.${prev.stdenv.hostPlatform.system}.default;
-    cyber-tux = inputs.cyber-tux.packages.${prev.system}.default;
+    cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
-    hyprland-git = inputs.hyprland.packages.${prev.system};
+    hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
-    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.system};
+    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.stdenv.hostPlatform.system};
+    wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
   };
 
   # When applied, the stable nixpkgs set (declared in the flake inputs) will
   # be accessible through 'pkgs.stable'
   stable-packages = final: _prev: {
     stable = import inputs.nixpkgs-stable {
-      system = final.system;
+      system = final.stdenv.hostPlatform.system;
       config.allowUnfree = true;
     };
   };

pkgs/firefox-mod-blur/default.nix

@@ -11,7 +11,7 @@ stdenv.mkDerivation {
     owner = "datguypiko";
     repo = "Firefox-Mod-Blur";
     rev = "refs/heads/master";
-    sha256 = "sha256-BZ1NvKQwUDTMxQHEKX61PvD99cTDmBURSUKEKZNQDR4=";
+    sha256 = "sha256-J/SBMxDWxDC7o8P0t/3surUod52uUwy+xaD5dzZPGq0=";
   };
 
   installPhase = ''