feat: setup spotifyd

.sops.yaml

@@ -9,6 +9,7 @@ keys:
     - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
     - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
     - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
+    - &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
     - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
 
 creation_rules:
@@ -22,6 +23,7 @@ creation_rules:
           - *arcturus
           - *alpha
           - *vega
+          - *node
           - *capella
   - path_regex: hosts/sirius/secrets.yaml$
     key_groups:

README.md

@@ -23,7 +23,7 @@
 ## Hosts
 
 |     | Hostname   | Board             | CPU                | RAM   | GPU                       | Purpose                                                                          |
-| --- | ---------- | ----------------- | ------------------ | ---- | ------------------------- | ---------------------------------------------------------------------------------- |
+| --- | ---------- | ----------------- | ------------------ | ----- | ------------------------- | -------------------------------------------------------------------------------- |
 | 🖥️  | `sirius`   | MSI X570-A Pro    | Ryzen 7 5700X3D    | 64GB  | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux.                      |
 | 💻  | `canopus`  | Asus Zephyrus G15 | Ryzen 9 5900HS     | 16GB  | RTX 3060                  | Optimized for productivity on the go and some gaming.                            |
 | ☁️  | `homelab`  | Minisforum MS-A1  | Ryzen 7 8700G      | 32GB  | Radeon 780M               | WIP                                                                              |
@@ -32,38 +32,122 @@
 | 🥔  | `vega`     | Raspberry Pi 3B+  | Cortex A53         | 1GB   |                           | Running AdGuard Home for network-wide ad blocking.                               |
 | 📱  | `capella`  | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB  | Adreno 830                | Primary mobile for daily usage. (Locked)                                         |
 | 📱  | `rigel`    | Motorola Edge 30  | Snapdragon 778G+   | 8GB   | Adreno 642L               | Secondary mobile for some fun. (Rooted)                                          |
-| ☁️  | `node`     | KVM               | i9-13900           | 64GB |                           | Running Ethereum and BSC nodes. Currently in the process of migrating from Ubuntu. |
+| ☁️  | `node`     | ASRock B565D4     | Ryzen 9 5950X      | 128GB |                           | Running Ethereum and BSC nodes.                                                  |
 
 ## Installation
 
-Boot into NixOS bootable USB and then enter the following commands
+> [!NOTE]  
+> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
+
+### Prerequisites
+
+Boot into the NixOS bootable USB before proceeding with the installation steps.
+
+### Installation Steps
+
+#### 1. Clone the repository
+
+```bash
+git clone https://github.com/tuxdotrs/nix-config.git
+cd nix-config
+```
+
+#### 2. Gain root privileges
+
+```bash
+sudo su
 
 ```
-# Clone this repositry
-git clone https://github.com/tuxdotrs/nix-config.git
 
-# Navigate to the repository directory
+#### 3. Set up disk partitioning
-cd nix-config
 
-# Install disko for disk partitioning
+Install the required tools:
-nix-shell -p disko
 
-# Partition the disk and make sure to replace DISK_PATH (eg. /dev/vda)
+```bash
+nix-shell -p disko neovim
+```
+
+Partition your disk using disko. **This will wipe your drive.** Replace `DISK_PATH` with your actual disk path (e.g., `/dev/vda` or `/dev/nvme0n1`):
+
+```bash
 disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"'
+```
 
-# Generate the hardware.nix file for your system
+#### 4. Configure your disk
+
+Edit the configuration file:
+
+```bash
+nvim ./hosts/canopus/default.nix
+```
+
+In the imports statement, replace:
+
+```nix
+(import ./disko.nix {device = "/dev/nvme0n1";})
+```
+
+with:
+
+```nix
+(import ./disko.nix {device = "DISK_PATH";})
+```
+
+Make sure to replace `DISK_PATH` with your actual disk path.
+
+#### 5. Generate hardware configuration
+
+```bash
 nixos-generate-config --no-filesystems --root /mnt
+```
 
-# Replace the hardware.nix with generated one
+Copy the generated hardware configuration to the repository:
+
+```bash
 cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix
+```
 
-# Install
+#### 6. Install NixOS
+
+```bash
 nixos-install --root /mnt --flake .#canopus
+```
 
-# Reboot to your beautiful DE
+#### 7. Enter into the new system
+
+```bash
+nixos-enter --root /mnt
+```
+
+#### 8. Set up directories and permissions
+
+```bash
+mkdir -p /persist/home
+chown -R tux:users /persist/home
+```
+
+#### 9. Set passwords
+
+Set the root password:
+
+```bash
+passwd root
+```
+
+Set the user password:
+
+```bash
+passwd tux
+```
+
+#### 10. Reboot
+
+```bash
 reboot
 ```
 
+Your NixOS system should now boot into a beautiful DE.
+
 ## Components
 
 |               | Wayland  | Xorg             |

flake.nix

@@ -66,6 +66,7 @@
       alpha = nixosSystem (mkNixOSConfig "alpha");
       sirius = nixosSystem (mkNixOSConfig "sirius");
       vega = nixosSystem (mkNixOSConfig "vega");
+      node = nixosSystem (mkNixOSConfig "node");
       vps = nixosSystem (mkNixOSConfig "vps");
       isoImage = nixosSystem (mkNixOSConfig "isoImage");
       homelab = nixosSystem (mkNixOSConfig "homelab");
@@ -85,6 +86,7 @@
         alpha = mkNixOSNode "alpha";
         sirius = mkNixOSNode "sirius";
         vega = mkNixOSNode "vega";
+        node = mkNixOSNode "node";
         homelab = mkNixOSNode "homelab";
         capella = mkDroidNode "capella";
         rigel = mkDroidNode "rigel";
@@ -166,5 +168,6 @@
     impermanence.url = "github:nix-community/impermanence";
     deploy-rs.url = "github:serokell/deploy-rs";
     nixcord.url = "github:kaylorben/nixcord";
+    lan-mouse.url = "github:feschber/lan-mouse";
   };
 }

hosts/alpha/default.nix

@@ -153,6 +153,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/alpha/home.nix

@@ -1,11 +1,10 @@
-{username, ...}: {
+{...}: {
-  home.persistence."/persist/home/${username}" = {
+  home.persistence."/persist" = {
     directories = [
       "Projects"
       ".ssh"
       ".local/share/zsh"
     ];
-    allowOther = true;
   };
 
   home.stateVersion = "24.11";

hosts/arcturus/default.nix

@@ -19,7 +19,7 @@
     ../../modules/nixos/selfhosted/headscale.nix
     ../../modules/nixos/selfhosted/vaultwarden.nix
     ../../modules/nixos/selfhosted/gitea.nix
-    ../../modules/nixos/selfhosted/plausible.nix
+    ../../modules/nixos/selfhosted/umami.nix
     ../../modules/nixos/selfhosted/monitoring/grafana.nix
     ../../modules/nixos/selfhosted/monitoring/loki.nix
     ../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -29,12 +29,24 @@
     ../../modules/nixos/selfhosted/nextcloud.nix
     ../../modules/nixos/selfhosted/silver-bullet.nix
     ../../modules/nixos/selfhosted/rustdesk-server.nix
-    ../../modules/nixos/selfhosted/kasmweb.nix
+    # ../../modules/nixos/selfhosted/kasmweb.nix
     ../../modules/nixos/selfhosted/open-webui.nix
     ../../modules/nixos/selfhosted/glance
   ];
 
   tux.services.openssh.enable = true;
+  tux.containers.aiostreams = {
+    enable = true;
+    port = 4567;
+    environment = {
+      ADDON_ID = "aiostreams.tux.rs";
+      BASE_URL = "https://aiostreams.tux.rs";
+    };
+
+    environmentFiles = [
+      config.sops.secrets."aiostreams".path
+    ];
+  };
 
   sops.secrets = {
     borg_encryption_key = {
@@ -81,6 +93,14 @@
     "cs2_secrets/CS2_PW" = {
       sopsFile = ./secrets.yaml;
     };
+
+    aiostreams = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    umami = {
+      sopsFile = ./secrets.yaml;
+    };
   };
 
   nixpkgs = {
@@ -144,7 +164,13 @@
 
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443 22 3333 8081];
+      allowedTCPPorts = [
+        80
+        443
+        22
+        3333
+        8081
+      ];
     };
   };
 
@@ -207,6 +233,9 @@
     ];
   };
 
+  users.users.${username} = {
+    linger = true;
+  };
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/arcturus/home.nix

@@ -1,12 +1,11 @@
-{username, ...}: {
+{...}: {
-  home.persistence."/persist/home/${username}" = {
+  home.persistence."/persist" = {
     directories = [
       "Projects"
       "Stuff"
       ".ssh"
       ".local/share/zsh"
     ];
-    allowOther = true;
   };
 
   home.stateVersion = "24.11";

hosts/arcturus/secrets.yaml

@@ -11,11 +11,9 @@ cs2_secrets:
     SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
     CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
     CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
+aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
+umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -35,8 +33,7 @@ sops:
             NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
             uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-24T12:59:25Z"
+    lastmodified: "2025-11-14T08:22:34Z"
-    mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
+    mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.11.0

hosts/canopus/default.nix

@@ -21,8 +21,9 @@
     ../../modules/nixos/steam.nix
   ];
 
+  hardware.nvidia-container-toolkit.enable = true;
   tux.services.openssh.enable = true;
-
+  tux.packages.distrobox.enable = true;
   nixpkgs.config.cudaSupport = true;
 
   sops.secrets = {
@@ -60,7 +61,7 @@
       ];
 
       # Facilitate firewall punching
-      allowedUDPPorts = [41641];
+      allowedUDPPorts = [41641 4242];
 
       allowedTCPPortRanges = [
         {
@@ -102,7 +103,14 @@
     kernelPackages = pkgs.linuxPackages_zen;
     supportedFilesystems = ["ntfs"];
 
-    initrd.systemd = {
+    initrd = {
+      kernelModules = [
+        "vfio_pci"
+        "vfio"
+        "vfio_iommu_type1"
+      ];
+
+      systemd = {
         enable = lib.mkForce true;
 
         services.wipe-my-fs = {
@@ -138,6 +146,7 @@
           '';
         };
       };
+    };
 
     loader = {
       systemd-boot = {
@@ -183,17 +192,16 @@
   programs = {
     ssh.startAgent = true;
     xfconf.enable = true;
-    file-roller.enable = true;
     thunar = {
       enable = true;
-      plugins = with pkgs.xfce; [
+      plugins = with pkgs; [
         thunar-archive-plugin
         thunar-volman
       ];
     };
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
     nm-applet.enable = true;
     noisetorch.enable = true;
@@ -393,6 +401,7 @@
       "/var/lib/docker"
       "/var/lib/waydroid"
       "/var/lib/iwd"
+      "/var/lib/libvirt"
       "/etc/NetworkManager/system-connections"
     ];
     files = [

hosts/canopus/hardware.nix

@@ -1,17 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

hosts/canopus/home.nix

@@ -1,17 +1,14 @@
-{
+{pkgs, ...}: {
-  pkgs,
-  username,
-  ...
-}: {
   imports = [
     ../../modules/home/desktop/awesome
     ../../modules/home/desktop/hyprland
+    ../../modules/home/desktop/vicinae
     ../../modules/home/picom
     ../../modules/home/alacritty
     ../../modules/home/wezterm
     ../../modules/home/ghostty
     ../../modules/home/desktop/rofi
-    ../../modules/home/barrier
+    ../../modules/home/lan-mouse
     ../../modules/home/firefox
     ../../modules/home/brave
     ../../modules/home/vs-code
@@ -28,6 +25,7 @@
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   qt = {
@@ -62,9 +60,11 @@
   };
 
   home.packages = with pkgs; [
+    antigravity
     telegram-desktop
     anydesk
-    stable.rustdesk-flutter
+    rustdesk-flutter
+    moonlight-qt
     rawtherapee
     stable.beekeeper-studio
     libreoffice-qt
@@ -76,12 +76,13 @@
     copyq
     vlc
     tor-browser
-    distrobox
+    vivaldi
     bluetui
     impala
+    pulseaudio
   ];
 
-  home.persistence."/persist/home/${username}" = {
+  home.persistence."/persist" = {
     directories = [
       "Downloads"
       "Music"
@@ -90,14 +91,19 @@
       "Videos"
       "Projects"
       "Stuff"
+      "Distrobox"
       "go"
       ".mozilla"
       ".ssh"
       ".wakatime"
       ".rustup"
       ".cargo"
+      ".steam"
+      ".cache/spotifyd"
       ".cache/spotify-player"
       ".config/BraveSoftware"
+      ".config/vivaldi"
+      ".config/Antigravity"
       ".config/copyq"
       ".config/discord"
       ".config/Vencord"
@@ -106,6 +112,7 @@
       ".config/obs-studio"
       ".config/rustdesk"
       ".config/kdeconnect"
+      ".config/Moonlight\ Game\ Streaming\ Project"
       ".local/share/nvim"
       ".local/share/opencode"
       ".local/share/zsh"
@@ -114,12 +121,13 @@
       ".local/share/GalaxyBudsClient"
       ".local/share/TelegramDesktop"
       ".local/state/lazygit"
+      ".local/share/steam"
+      ".local/share/vicinae"
     ];
     files = [
       ".wakatime.cfg"
       ".config/aichat/.env"
     ];
-    allowOther = true;
   };
 
   home.stateVersion = "24.11";

hosts/common/default.nix

@@ -15,7 +15,9 @@
     ../../modules/nixos/selfhosted/upstream-proxy.nix
     ../../modules/nixos/selfhosted/tfolio.nix
     ../../modules/nixos/selfhosted/cyber-tux.nix
+    ../../modules/nixos/selfhosted/containers/aiostreams.nix
     ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/distrobox.nix
   ];
 
   sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
   home-manager = {
     backupFileExtension = "hm-backup";
     useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs username email;};
+    extraSpecialArgs = {
+      inherit
+        inputs
+        outputs
+        username
+        email
+        ;
+    };
     users.${username} = {
       imports = [
         ./home.nix

hosts/common/home.nix

@@ -5,7 +5,6 @@
   ...
 }: {
   imports = [
-    inputs.impermanence.nixosModules.home-manager.impermanence
     inputs.nix-index-database.homeModules.nix-index
 
     ../../modules/home/shell

hosts/common/secrets.yaml

@@ -1,79 +1,88 @@
-tux-password: ENC[AES256_GCM,data:68ZXKJMBBLV1mkNP9LFf+xC5arsARqKPFQAtmfag3ftip1suuZ1FmQICqsuCqXgGuwcSfH4ACkuiQ769u4aI7+jPxs0A62hFig==,iv:Yx9EfqChjBtgxxkWmayfKWoE498w4wUYoS353cMUMsI=,tag:Zr3KuIiXsi2VahRZ7Ncpig==,type:str]
+tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str]
 sops:
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWblJrWjErZC81d1IzTHV6
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6
-            ZUkwTEhRdVdTTlJQb1pocnpnSkdZSWNTelVFCkJLR3VwT2dwM3IydCtkZ24yLzVF
+            Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO
-            ei9xMG51djNldnZkSnVqeEtsVFNSMkEKLS0tIGNEdi9OV0ZjVW93SUUyVURpT2tR
+            R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK
-            U3ZybTNac1JvVW9zTy9ocE5FUkpQTjAK2lAp5MC3B779uSWaOOxbnfdAa9xYDCL2
+            WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS
-            TloXlxfuYKe0j9Z2TIlYOa6z+/m8upOpE42Ux0qjZprE1LBq3g5uMA==
+            Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZGdNSG5ER0JxbWhNanJU
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj
-            WGlCZlIyT3JLWnFkSnBaakkyMXZBU0o0cjFVCml5VDB2d2dJTGkvVDh5M1NweXl1
+            RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03
-            ajl3R2RUWmtwWU5RUlpsVFIvM3R0cUUKLS0tIFNkbmtrRGdrcUFibDlldncrbjg2
+            T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr
-            TWJ1UFh5RnI2VDRocnZ0VVNmd2JRSVEKmqNV4dADO9ZxTjlDgMC5fNdioJrO6vrN
+            UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r
-            vTg3lTrwOTZ/TCg9PS2T5QEX9fZh2UthCEisPO7p1Q81Gyk7ySg2ow==
+            x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWRuaHIvT3BSZ2M0OUla
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV
-            YWhSa2Q5SDJNbkRLQUZxaVFISmJENTIxc0hrCjlKTVBCK2g2WWNNNlNJQ25sMjVY
+            MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV
-            TURsSkNsbTQwRGlyU3NySis5azNvTVUKLS0tIGZHUEh3NHMyVXN5T0pXOWpOT1JP
+            VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0
-            UmZSM1J0elprbVBUZzU5QjVLRnVxNWsKFVdUQcKiHaSDR2+GqafXvoRQ0yyiKMcy
+            b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA
-            /UP/yCMoNUYIpiv4ocRhtDj4QrrO6NdJJTUifMkB9I1B6R7B7NG/gw==
+            CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeEpwakIyMkRYN1c0bUNy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F
-            eDFpUGlkTW02NWE1VlYxYnNsQTJ1NHIyWVY4ClI3VHlSWW1IK3I3SHY5YXN5S09q
+            d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT
-            OU5aSXVXU0FVU1VrNGlCTzFKWm95ZkkKLS0tIGV0Sy9LYlBuTm4xa2Zkc3JoaWo0
+            V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1
-            ZXllYnMwaXBXTW5vVVhoNXVFcEwvdlEKbuiT2/Isi3nsx/r3whpX6RiLEtsLMm6f
+            Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA
-            2A3bKpz1+MUupE6umEIBCXc+k58W6VhBkdrMxGtxZt1ZeA8ftz4bVA==
+            C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFUwbXoyUnZGMElMdldX
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE
-            UkJseC9XWEU3Vks2eGdYbHFjUjZMUVVGbkY0ClNIWFMvWEl1eDRncEt1dy9iVS81
+            NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16
-            ZE1rN25lR0w0Wno2OHZDZTRhSTVXVDgKLS0tIG9jNmFkdGxoRmRCT1RJQjVlOUJa
+            V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx
-            R0kxbllzMXZML1J6MitXSGhSTkF0MEkK8g7s87t956UTDtQO+IUEXe2B6WNM+KfH
+            aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4
-            aRobwCjvXcv5I8G+gkNll23MYlLMBRZ1qkeq24R0xA7cMYXj5APUsA==
+            i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bTBEck44R2ZxS0M3Ris1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R
-            VllxeEgyTjRWcHp3RUdpMytFQ0podkxXT1JrCi9VU2U2SHFrd1dPb3RESkQ4OGhi
+            QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv
-            RjZVVTZWQUVXSUxqaG5KVkJxQ0RCQncKLS0tIDJiVGpIU0NjelVCZkloOGhxQTdV
+            bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6
-            eHlaVm9iUFk2YThXZnU5SVpHUVVHbkEKcmUvbINRqmkkvXyyskNJ4eYD7VdQnxqg
+            Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o
-            7VuWV7zUK5ZVPv9kJiUl3OB3vNU8U15sNIdAjCp8//RtNkRyDJMgEQ==
+            /+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVjU1Vy9tMkp5MS96Si9v
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4
-            bnB4OHpzdktPeStYZHFZTXVmSWphMkxFQkRZCjEvTEpZY1I4TWNlM0c4Wi9nUVhx
+            T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G
-            dktvOXdXQ0M1YzhVU3BlOUZ4Tjkrd28KLS0tIC9NT0NKZTd0VUVUQTB6UHhDSVVw
+            ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG
-            eFM1Q1JOVXZoSXltRVZpaTNTUWhNa3MKFoY5bWWQS9qh0j8sgIgRA4jT6sl0xRkC
+            ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr
-            Tu0WUz344TzkJFuy7MgOpviQMqAijmbyYjaRSdS3CLGHvTKY8GcpOA==
+            cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr
+            aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp
+            QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2
+            emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx
+            XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYlpXRGNpQVZTQ3hZK2lr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw
-            L2xodmhycTlRczN1c2Zib3RoeGlxQTAwTVRRCkJ1aWc3bzAyNnlMbUhuK2YwTXBq
+            aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv
-            Q1VhUUtWWXU0RXY2NG5jMG90dis4bEUKLS0tIHlkRkdCV0ZvU2pLZDRlN2h6c0JO
+            QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G
-            TTNtbGY1UWV5K3VQWjk5WlgyNUd1UVkK+XeX8vK4K2DJaWtFE91YGg/58M09rwuj
+            bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL
-            VVcMIPPPO1+KD16HTe1b8bVPeNfpIj9p3ybew3ILducyrYiRrxzGwg==
+            5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-10T10:14:47Z"
+    lastmodified: "2025-11-04T09:28:17Z"
-    mac: ENC[AES256_GCM,data:fmBWLOOCvJLfKSNG14zd9cBEa9+M4dJ7UtR+SZfGEcoGtBPmX1c6ZR8OgB+I45WkpT+Ho8kwQMcnD0n6IWzg946OEzIZjNuCds/wM1cCd3LjjlqwKnN1QGL5DNSIyi5CFzrjvvFtZCsw2acNjxtK86JujhpOivdVKC/kGkJzF0M=,iv:g0jXzrtU53YpW/NIb8ulmOGSJIXMA1Wady6DlOMA9aU=,tag:zf7WmNNYcFO9Rtynm5vaUg==,type:str]
+    mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0

hosts/homelab/default.nix

@@ -23,6 +23,21 @@
     discord_token = {
       sopsFile = ./secrets.yaml;
     };
+
+    hyperbolic_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    gemini_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    open_router_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
   };
 
   tux.services.cyber-tux = {
@@ -109,7 +124,7 @@
   programs = {
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
   };
 
@@ -141,6 +156,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/homelab/hardware.nix

@@ -1,17 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

hosts/homelab/home.nix

@@ -1,5 +1,5 @@
-{username, ...}: {
+{...}: {
-  home.persistence."/persist/home/${username}" = {
+  home.persistence."/persist" = {
     directories = [
       "Projects"
       "Stuff"
@@ -15,7 +15,6 @@
     files = [
       ".wakatime.cfg"
     ];
-    allowOther = true;
   };
 
   home.stateVersion = "24.11";

hosts/homelab/secrets.yaml

@@ -1,9 +1,8 @@
 discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
+hyperbolic_api_key: ENC[AES256_GCM,data:t8xjjzhgvM9BXiB5jDc2RR384d+mL5zXr+/obDLMm2J+IN+Xw9fr4iz50CTQ5ZMWWMoPjxzY5vgiJ+h71BsDRM0TvBMWuXd2ihKOIZOVo6OQmCX/SeKUgkjunFqz+YKcxsLsF7ZG/tOgWGqMmxom8iGV7LELKG/8MLDCF50YgJNO568MJMUU,iv:Cf+mSG2dxsRclDy8k7gK+hi+Qd5J7wqfS9SQztRob80=,tag:Io4aAFa29SUsfuPFI2/+DA==,type:str]
+gemini_api_key: ENC[AES256_GCM,data:GJWo7dXSaUbl2Q9h+Sc1sRF0g+82LyHk3mKFqDaBmRdalvyGwMvp,iv:odLpACXHVqxWIj7e/u6AY1pxjYX+e10Lezne1BlHl60=,tag:qO3zcz/93eHuEzG66zwwdA==,type:str]
+open_router_api_key: ENC[AES256_GCM,data:ETiZEngQRnOrJtDXSDfBanzbUyThTAu9BSQCL1tuVv07CCWJaXUui9Y0kS9oIO5to655FON3C0RxovTGx6rWQwOMKeEn5bHUHA==,iv:ePJzHKFWddkLGfydPi6uEzvksm7Djln/DBV88Jc1ugA=,tag:Eb7eYPMC0DlqtT7OFK4UuA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -23,8 +22,7 @@ sops:
             Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
             vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-15T12:45:59Z"
+    lastmodified: "2025-10-14T06:52:16Z"
-    mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
+    mac: ENC[AES256_GCM,data:/p5Mbonr1YcrDgBIi+wFFPnNKsn74kuWf/EloNDnVWg59LuBy3nhrfXHUvbwlX7vLbSLozbuAHKTDcQ0+OUXJTYvMRApAGVh9HrvQFEQuOPOkwN8/qtdvwduInetX3t7PLWu4vbCVhl1v2BzJyEVQ9tzn7+8zEJhDDS7cPsZ9Is=,iv:GPJxjmOQPAqh0TulLhhX4UX+5FrZizCtDOkQa9xxaXY=,tag:Vv33D3wubWBDVOxdKOMENQ==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2

hosts/isoImage/default.nix

@@ -35,7 +35,7 @@
     ssh.startAgent = true;
     thunar = {
       enable = true;
-      plugins = with pkgs.xfce; [
+      plugins = with pkgs; [
         thunar-archive-plugin
         thunar-volman
       ];

hosts/isoImage/home.nix

@@ -12,6 +12,7 @@
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   home.stateVersion = "24.11";

hosts/node/default.nix

@@ -0,0 +1,54 @@
+{
+  inputs,
+  username,
+  ...
+}: {
+  imports = [
+    inputs.disko.nixosModules.default
+
+    (import ./disko.nix {
+      device = "/dev/nvme0n1";
+      device2 = "/dev/nvme1n1";
+      device3 = "/dev/sda";
+    })
+    ./hardware.nix
+
+    ../common
+  ];
+
+  tux.services.openssh.enable = true;
+
+  boot.loader.grub.enable = true;
+
+  networking = {
+    hostName = "node";
+    networkmanager = {
+      enable = true;
+      wifi.powersave = false;
+    };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        8545
+        8546
+        9545
+        9546
+      ];
+    };
+  };
+
+  security.rtkit.enable = true;
+
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
+  home-manager.users.${username} = {
+    imports = [
+      ./home.nix
+    ];
+  };
+
+  system.stateVersion = "25.05";
+}

hosts/node/disko.nix

@@ -0,0 +1,87 @@
+{
+  device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
+  device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
+  device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1",
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      disk1 = {
+        type = "disk";
+        device = "${device}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      disk2 = {
+        type = "disk";
+        device = "${device2}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      hdd = {
+        type = "disk";
+        device = "${device3}";
+        content = {
+          type = "gpt";
+          partitions = {
+            data = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/mnt/hdd";
+              };
+            };
+          };
+        };
+      };
+    };
+    mdadm = {
+      raid0 = {
+        type = "mdadm";
+        level = 0;
+        content = {
+          type = "gpt";
+          partitions = {
+            primary = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/node/hardware.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/node/home.nix

@@ -0,0 +1,3 @@
+{...}: {
+  home.stateVersion = "25.05";
+}

hosts/sirius/default.nix

@@ -12,6 +12,11 @@
     ../../modules/nixos/virtualisation/docker.nix
   ];
 
+  hardware.nvidia-container-toolkit = {
+    enable = true;
+    suppressNvidiaDriverAssertion = true;
+  };
+
   tux.services.openssh.enable = true;
 
   sops.secrets = {
@@ -42,6 +47,7 @@
     enable = true;
     defaultUser = "${username}";
     useWindowsDriver = true;
+    interop.register = true;
   };
 
   networking.hostName = "sirius";
@@ -53,7 +59,7 @@
     nix-ld = {
       enable = true;
       libraries = config.hardware.graphics.extraPackages;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
 
     dconf.enable = true;

hosts/vega/default.nix

@@ -56,6 +56,7 @@
     enable = false;
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/vega/hardware.nix

@@ -1,24 +1,28 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = [ ];
+  boot.initrd.availableKernelModules = [];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
     fsType = "ext4";
   };
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

hosts/vps/default.nix

@@ -91,6 +91,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/vps/home.nix

@@ -1,11 +1,10 @@
-{username, ...}: {
+{...}: {
-  home.persistence."/persist/home/${username}" = {
+  home.persistence."/persist" = {
     directories = [
       "Projects"
       ".ssh"
       ".local/share/zsh"
     ];
-    allowOther = true;
   };
 
   home.stateVersion = "24.11";

modules/home/alacritty/default.nix

@@ -8,7 +8,7 @@
         bold.family = "JetBrainsMono Nerd Font";
         italic.family = "JetBrainsMono Nerd Font";
         bold_italic.family = "JetBrainsMono Nerd Font";
-        size = 16;
+        size = 12;
       };
 
       window = {

modules/home/barrier/default.nix

@@ -1,7 +0,0 @@
-{pkgs, ...}: {
-  # services.barrier.client.enable = true;
-
-  home.packages = with pkgs; [
-    barrier
-  ];
-}

modules/home/desktop/hyprland/default.nix

@@ -31,10 +31,13 @@
       terminal = "wezterm";
       floating_terminal = "wezterm start --class wezterm-floating";
       editor = "wezterm -e nvim";
-      browser = "brave";
+      browser = "vivaldi";
       spotify = "wezterm start --class wezterm-floating -e spotify_player";
       filemanager = "wezterm start --class wezterm-floating -e superfile";
     in {
+      # See https://wiki.hyprland.org/Configuring/Multi-GPU
+      env = "AQ_DRM_DEVICES,/dev/dri/card2";
+
       #-- Output
       # See https://wiki.hyprland.org/Configuring/Monitors
       monitor = "eDP-1,2560x1440@90,0x0,1";
@@ -71,6 +74,7 @@
       misc = {
         disable_hyprland_logo = true;
         force_default_wallpaper = 1;
+        focus_on_activate = true;
       };
 
       ecosystem = {
@@ -150,33 +154,25 @@
         mfact = 0.5;
         new_on_top = false;
         orientation = "left";
-        inherit_fullscreen = true;
         smart_resizing = true;
         drop_at_cursor = true;
       };
 
       #-- Window Rules
       # See https://wiki.hyprland.org/Configuring/Window-Rules
-      windowrulev2 = [
+      windowrule = [
-        "float, class:com.github.hluk.copyq"
+        "float on, center on, size 800 600, match:class org.pulseaudio.pavucontrol"
-        "size 800 600, class:com.github.hluk.copyq"
-
-        "float, class:org.pulseaudio.pavucontrol"
-        "size 800 600, class:org.pulseaudio.pavucontrol"
 
         # Wezterm and Ghostty floating terminal
-        "float, class:(com.ghostty.floating|wezterm-floating)"
+        "float on, center on, size 1200 800, match:class (com.ghostty.floating|wezterm-floating)"
-        "size 1200 800, class:(com.ghostty.floating|wezterm-floating)"
 
-        "float, class:GalaxyBudsClient"
+        "float on, center on, size 900 700, match:class GalaxyBudsClient"
-        "size 900 700, class:GalaxyBudsClient"
 
         # KDE Connect
-        "float, class:(org.kde.kdeconnect.sms|org.kde.kdeconnect.app)"
+        "float on, center on, size 900 700, match:class (org.kde.kdeconnect.sms|org.kde.kdeconnect.app)"
-        "size 900 700, class:(org.kde.kdeconnect.sms|org.kde.kdeconnect.app)"
 
-        "workspace 3 silent, class:(firefox|Brave-browser)"
+        "workspace 3 silent, match:class (firefox|brave-browser)"
-        "workspace 5 silent, class:(discord|org.telegram.desktop)"
+        "workspace 5 silent, match:class (discord|org.telegram.desktop)"
       ];
 
       plugin = {
@@ -185,14 +181,14 @@
           gap_size = 5;
           bg_col = "rgb(111111)";
           workspace_method = "center current";
-
-          enable_gesture = true;
-          gesture_fingers = 3;
           gesture_distance = 300;
-          gesture_positive = true;
         };
       };
 
+      gesture = [
+        "3, horizontal, workspace"
+      ];
+
       bindm = [
         "SUPER,mouse:273,resizewindow"
         "SUPER,mouse:272,movewindow"
@@ -201,19 +197,20 @@
       bind = [
         # apps
         "SUPER, Return, exec, ${terminal}"
+        "SUPER, Space, exec, vicinae toggle"
         "SUPER, F, exec, ${filemanager}"
         "SUPER, E, exec, ${editor}"
         "SUPER, B, exec, ${browser}"
         "SUPER, G, exec, GalaxyBudsClient"
         "SUPER, D, exec, discord"
+        "SUPER, T, exec, Telegram"
         "SUPER, S, exec, ${spotify}"
-        "SUPER, V, exec, copyq show"
+        "SUPER, V, exec, vicinae vicinae://extensions/vicinae/clipboard/history"
 
         "SUPER_SHIFT, Return, exec, ${floating_terminal}"
         "SUPER_SHIFT, S, exec, flameshot gui"
 
         # tpanel
-        "SUPER, A, exec, ags toggle launcher"
         "SUPER_SHIFT, B, exec, ags toggle bar"
         "SUPER_SHIFT, C, exec, ags toggle control-center"
         "SUPER_SHIFT, W, exec, ags toggle wallpaper-manager"
@@ -273,6 +270,7 @@
         "SUPER_CTRL, right, resizeactive, 20 0"
         "SUPER_CTRL, up,    resizeactive, 0 -20"
         "SUPER_CTRL, down,  resizeactive, 0 20"
+        "SUPER_CTRL, equal, exec, hyprctl dispatch layoutmsg mfact exact 0.5;"
 
         # move active (Floating Only)
         "SUPER_ALT, left,  moveactive, -20 0"
@@ -303,7 +301,6 @@
 
         "hyprpaper"
         "${pkgs.tpanel}/bin/tpanel"
-        "copyq"
         "kdeconnectd"
         "kdeconnect-indicator"
       ];

modules/home/desktop/hyprland/hyprpaper.nix

@@ -5,15 +5,13 @@
     settings = {
       ipc = "on";
       splash = false;
-      splash_offset = 2.0;
+      splash_offset = 20;
 
-      preload = [
+      wallpaper = {
-        "~/Wallpapers/mountain.jpg"
+        monitor = "";
-      ];
+        path = "~/Wallpapers/new/sunset-pixel.png";
-
+        fit_mode = "";
-      wallpaper = [
+      };
-        ", ~/Wallpapers/mountain.jpg"
-      ];
     };
   };
 

modules/home/desktop/vicinae/default.nix

@@ -0,0 +1,37 @@
+{...}: {
+  programs.vicinae = {
+    enable = true;
+    systemd = {
+      enable = true;
+      autoStart = true;
+    };
+    useLayerShell = true;
+
+    settings = {
+      close_on_focus_loss = false;
+      consider_preedit = true;
+      pop_to_root_on_close = true;
+      favicon_service = "twenty";
+      search_files_in_root = true;
+      font = {
+        normal = {
+          size = 10;
+          family = "JetBrainsMono Nerd Font";
+        };
+      };
+      theme = {
+        light = {
+          name = "vicinae-light";
+          icon_theme = "default";
+        };
+        dark = {
+          name = "vicinae-dark";
+          icon_theme = "default";
+        };
+      };
+      launcher_window = {
+        opacity = 0.98;
+      };
+    };
+  };
+}

modules/home/fastfetch/default.nix

@@ -42,10 +42,6 @@
           "key": "  │           │\u001b[11D{#32}  shell",
           "type": "shell",
         },
-        {
-          "key": "  │           │\u001b[11D{#35}󰏖  pkgs",
-          "type": "packages",
-        },
         {
           "key": "  │           │\u001b[11D{#35}  memory",
           "type": "memory",

modules/home/ghostty/default.nix

@@ -7,7 +7,7 @@
         window-padding-x = 10
         window-padding-y = 10
         background-opacity = 0.9
-        font-size = 14
+        font-size = 12
 
         palette = 0=#252b37
         palette = 1=#d0679d

modules/home/git/default.nix

@@ -5,13 +5,15 @@
 }: {
   programs.git = {
     enable = true;
-    userName = "${username}";
-    userEmail = "${email}";
     signing = {
       key = "~/.ssh/id_ed25519.pub";
       signByDefault = true;
     };
-    extraConfig = {
+    settings = {
+      user = {
+        name = "${username}";
+        email = "${email}";
+      };
       init.defaultBranch = "main";
       commit.gpgSign = true;
       gpg.format = "ssh";

modules/home/lan-mouse/default.nix

@@ -0,0 +1,19 @@
+{inputs, ...}: {
+  imports = [
+    inputs.lan-mouse.homeManagerModules.default
+  ];
+
+  programs.lan-mouse = {
+    enable = true;
+    systemd = true;
+    settings = {
+      # release_bind = ["KeyA" "KeyS" "KeyD" "KeyF"];
+
+      port = 4242;
+
+      authorized_fingerprints = {
+        "30:66:b3:95:dc:6b:55:a4:9f:30:31:9c:3e:4d:70:03:33:c3:f0:6f:df:31:35:58:36:6e:80:2f:32:b2:ce:48" = "pc";
+      };
+    };
+  };
+}

modules/home/picom/default.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   services.picom = {
     enable = true;
-    package = pkgs.picom-next;
+    package = pkgs.picom;
 
     backend = "glx";
     vSync = true;

modules/home/spotify/default.nix

@@ -1,4 +1,17 @@
 {
+  services.spotifyd = {
+    enable = true;
+    settings = {
+      global = {
+        device_name = "canopus";
+        device_type = "computer";
+        bitrate = 320;
+        volume_normalisation = true;
+        autoplay = true;
+      };
+    };
+  };
+
   programs.spotify-player = {
     enable = true;
     settings = {

modules/home/wezterm/default.nix

@@ -1,17 +1,15 @@
-{
+{pkgs, ...}: {
-  inputs,
-  pkgs,
-  ...
-}: {
   programs.wezterm = {
     enable = true;
-    package = inputs.wezterm-flake.packages."${pkgs.system}".default;
+    package = pkgs.wezterm-git;
     enableZshIntegration = false;
 
     extraConfig = ''
       local wezterm = require 'wezterm'
       local config = {}
 
+      config.check_for_updates = false
+
       config.window_close_confirmation = 'NeverPrompt'
       config.color_scheme = 'Poimandres'
       config.colors = {
@@ -21,7 +19,7 @@
       config.font = wezterm.font_with_fallback {
         'JetBrainsMono Nerd Font',
       }
-      config.font_size = 14.0
+      config.font_size = 12.0
       config.window_background_opacity = 1
       config.audible_bell = "Disabled"
 

modules/nixos/desktop/default.nix

@@ -2,12 +2,12 @@
   xdg.mime = {
     enable = true;
     defaultApplications = {
-      "application/pdf" = ["brave-browser.desktop"];
+      "application/pdf" = ["vivaldi.desktop"];
-      "text/html" = ["brave-browser.desktop"];
+      "text/html" = ["vivaldi.desktop"];
-      "x-scheme-handler/http" = ["brave-browser.desktop"];
+      "x-scheme-handler/http" = ["vivaldi.desktop"];
-      "x-scheme-handler/https" = ["brave-browser.desktop"];
+      "x-scheme-handler/https" = ["vivaldi.desktop"];
-      "x-scheme-handler/about" = ["brave-browser.desktop"];
+      "x-scheme-handler/about" = ["vivaldi.desktop"];
-      "x-scheme-handler/unknown" = ["brave-browser.desktop"];
+      "x-scheme-handler/unknown" = ["vivaldi.desktop"];
     };
   };
 }

modules/nixos/distrobox.nix

@@ -0,0 +1,112 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.packages.distrobox;
+in {
+  options.tux.packages.distrobox = {
+    enable = mkEnableOption "Enable DistroBox";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      distrobox
+
+      (writeShellScriptBin "dbox-create" ''
+        #!/usr/bin/env bash
+
+        # 1. Initialize variables
+        IMAGE=""
+        NAME=""
+
+        # Array to hold optional arguments (like volumes)
+        declare -a EXTRA_ARGS
+
+        # 2. Parse arguments
+        while [[ $# -gt 0 ]]; do
+          case $1 in
+            -i|--image)
+              IMAGE="$2"
+              shift 2
+              ;;
+            -n|--name)
+              NAME="$2"
+              shift 2
+              ;;
+            -p|--profile)
+              echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
+              # Add volume flags to the array
+              EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
+              shift 1
+              ;;
+            *)
+              echo "Unknown option $1"
+              exit 1
+              ;;
+          esac
+        done
+
+        if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
+            echo "Usage: dbox-create -i <image> -n <name> [-p]"
+            exit 1
+        fi
+
+        # 3. Define the custom home path
+        CUSTOM_HOME="$HOME/Distrobox/$NAME"
+
+        echo "------------------------------------------------"
+        echo "Creating Distrobox: $NAME"
+        echo "Location: $CUSTOM_HOME"
+        echo "------------------------------------------------"
+
+        # 4. Run Distrobox Create
+        # We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
+        ${pkgs.distrobox}/bin/distrobox create \
+          --image "$IMAGE" \
+          --name "$NAME" \
+          --home "$CUSTOM_HOME" \
+          "''${EXTRA_ARGS[@]}"
+
+        # Check exit code
+        if [ $? -ne 0 ]; then
+            echo "Error: Distrobox creation failed."
+            exit 1
+        fi
+
+        # 5. Post-Creation: Symlink Config Files
+        echo "--> Linking configurations to $NAME..."
+
+        # Helper function to symlink
+        link_config() {
+            SRC="$1"
+            DEST="$2"
+            DEST_DIR=$(dirname "$DEST")
+
+            # Create parent directory if it doesn't exist
+            mkdir -p "$DEST_DIR"
+
+            if [ -e "$SRC" ]; then
+                # ln -sf: symbolic link, force overwrite
+                ln -sf "$SRC" "$DEST"
+                echo "    [LINK] $DEST -> $SRC"
+            else
+                echo "    [SKIP] $SRC not found on host"
+            fi
+        }
+
+        # Create Symlinks
+        link_config "$HOME/.zshrc"                "$CUSTOM_HOME/.zshrc"
+        link_config "$HOME/.zshenv"               "$CUSTOM_HOME/.zshenv"
+        link_config "$HOME/.config/fastfetch"     "$CUSTOM_HOME/.config/fastfetch"
+        link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
+
+        echo "--> Done! Enter via: distrobox enter $NAME"
+      '')
+    ];
+  };
+}

modules/nixos/selfhosted/containers/aiostreams.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.containers.aiostreams;
+in {
+  options.tux.containers.aiostreams = {
+    enable = mkEnableOption "Enable AIOStreams";
+
+    port = mkOption {
+      type = types.int;
+      default = 3000;
+    };
+
+    environment = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
+
+    environmentFiles = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.aiostreams = {
+      autoStart = true;
+      image = "ghcr.io/viren070/aiostreams:latest";
+      ports = [
+        "${toString cfg.port}:3000"
+      ];
+
+      environment = cfg.environment;
+      environmentFiles = cfg.environmentFiles;
+    };
+
+    services.nginx.virtualHosts = {
+      "${cfg.environment.ADDON_ID}" = {
+        forceSSL = true;
+        useACMEHost = "tux.rs";
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/selfhosted/nextcloud.nix

@@ -19,7 +19,7 @@
     nextcloud = {
       enable = true;
       hostName = "cloud.tux.rs";
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud32;
       database.createLocally = true;
       configureRedis = true;
       maxUploadSize = "16G";
@@ -44,5 +44,7 @@
     };
   };
 
-  environment.systemPackages = with pkgs; [nextcloud31];
+  environment.systemPackages = with pkgs; [
+    nextcloud32
+  ];
 }

modules/nixos/selfhosted/umami.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  services = {
+    umami = {
+      enable = true;
+      settings = {
+        APP_SECRET_FILE = config.sops.secrets.umami.path;
+        PORT = 4645;
+      };
+      createPostgresqlDatabase = true;
+    };
+
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "umami.tux.rs" = {
+          forceSSL = true;
+          useACMEHost = "tux.rs";
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/virtualisation/qemu.nix

@@ -8,10 +8,9 @@
       enable = true;
       qemu = {
         swtpm.enable = true;
-        ovmf.enable = true;
-        ovmf.packages = [pkgs.OVMFFull.fd];
       };
     };
+    spiceUSBRedirection.enable = true;
   };
 
   users.users.${username}.extraGroups = ["libvirtd"];

overlays/default.nix

@@ -2,24 +2,25 @@
   additions = final: _prev: import ../pkgs {pkgs = final;};
 
   modifications = final: prev: {
-    awesome = inputs.nixpkgs-f2k.packages.${prev.system}.awesome-git;
+    awesome = inputs.nixpkgs-f2k.packages.${prev.stdenv.hostPlatform.system}.awesome-git;
-    ghostty = inputs.ghostty.packages.${prev.system}.default;
+    ghostty = inputs.ghostty.packages.${prev.stdenv.hostPlatform.system}.default;
-    tawm = inputs.tawm.packages.${prev.system}.default;
+    tawm = inputs.tawm.packages.${prev.stdenv.hostPlatform.system}.default;
-    tnvim = inputs.tnvim.packages.${prev.system}.default;
+    tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
-    tpanel = inputs.tpanel.packages.${prev.system}.default;
+    tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
-    ags = inputs.tpanel.packages.${prev.system}.ags.default;
+    ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
-    tfolio = inputs.tfolio.packages.${prev.system}.default;
+    tfolio = inputs.tfolio.packages.${prev.stdenv.hostPlatform.system}.default;
-    trok = inputs.trok.packages.${prev.system}.default;
+    trok = inputs.trok.packages.${prev.stdenv.hostPlatform.system}.default;
-    cyber-tux = inputs.cyber-tux.packages.${prev.system}.default;
+    cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
-    hyprland-git = inputs.hyprland.packages.${prev.system};
+    hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
-    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.system};
+    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.stdenv.hostPlatform.system};
+    wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
   };
 
   # When applied, the stable nixpkgs set (declared in the flake inputs) will
   # be accessible through 'pkgs.stable'
   stable-packages = final: _prev: {
     stable = import inputs.nixpkgs-stable {
-      system = final.system;
+      system = final.stdenv.hostPlatform.system;
       config.allowUnfree = true;
     };
   };

pkgs/firefox-mod-blur/default.nix

@@ -11,7 +11,7 @@ stdenv.mkDerivation {
     owner = "datguypiko";
     repo = "Firefox-Mod-Blur";
     rev = "refs/heads/master";
-    sha256 = "sha256-BZ1NvKQwUDTMxQHEKX61PvD99cTDmBURSUKEKZNQDR4=";
+    sha256 = "sha256-J/SBMxDWxDC7o8P0t/3surUod52uUwy+xaD5dzZPGq0=";
   };
 
   installPhase = ''