feat: setup distrobox module

feat(node): enable firewall for additional ports
feat: add umami
2025-12-15 23:00:06 +05:30 · 2025-11-22 06:13:15 +05:30 · 2025-11-14 20:37:51 +05:30 · 2025-11-14 14:13:37 +05:30 · 2025-11-14 12:36:34 +05:30 · 2025-11-14 04:05:04 +05:30
21 changed files with 337 additions and 73 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,7 +9,7 @@ keys:
    - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
    - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
    - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
-    - &node age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z
+    - &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
    - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh

 creation_rules:
--- a/README.md
+++ b/README.md
@@ -36,7 +36,8 @@

 ## Installation

-> **Note:** This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
+> [!NOTE]  
+> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.

 ### Prerequisites

--- a/hosts/alpha/default.nix
+++ b/hosts/alpha/default.nix
@@ -153,6 +153,7 @@
    ];
  };

+  users.users.${username} = {linger = true;};
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@@ -19,7 +19,7 @@
    ../../modules/nixos/selfhosted/headscale.nix
    ../../modules/nixos/selfhosted/vaultwarden.nix
    ../../modules/nixos/selfhosted/gitea.nix
-    ../../modules/nixos/selfhosted/plausible.nix
+    ../../modules/nixos/selfhosted/umami.nix
    ../../modules/nixos/selfhosted/monitoring/grafana.nix
    ../../modules/nixos/selfhosted/monitoring/loki.nix
    ../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -35,6 +35,18 @@
  ];

  tux.services.openssh.enable = true;
+  tux.containers.aiostreams = {
+    enable = true;
+    port = 4567;
+    environment = {
+      ADDON_ID = "aiostreams.tux.rs";
+      BASE_URL = "https://aiostreams.tux.rs";
+    };
+
+    environmentFiles = [
+      config.sops.secrets."aiostreams".path
+    ];
+  };

  sops.secrets = {
    borg_encryption_key = {
@@ -81,6 +93,14 @@
    "cs2_secrets/CS2_PW" = {
      sopsFile = ./secrets.yaml;
    };
+
+    aiostreams = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    umami = {
+      sopsFile = ./secrets.yaml;
+    };
  };

  nixpkgs = {
@@ -144,7 +164,13 @@

    firewall = {
      enable = true;
-      allowedTCPPorts = [80 443 22 3333 8081];
+      allowedTCPPorts = [
+        80
+        443
+        22
+        3333
+        8081
+      ];
    };
  };

@@ -207,6 +233,9 @@
    ];
  };

+  users.users.${username} = {
+    linger = true;
+  };
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/hosts/arcturus/secrets.yaml
+++ b/hosts/arcturus/secrets.yaml
@@ -11,11 +11,9 @@ cs2_secrets:
    SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
    CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
    CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
+aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
+umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
    age:
        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
          enc: |
@@ -35,8 +33,7 @@ sops:
            NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
            uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-24T12:59:25Z"
-    mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
-    pgp: []
+    lastmodified: "2025-11-14T08:22:34Z"
+    mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.11.0
--- a/hosts/canopus/default.nix
+++ b/hosts/canopus/default.nix
@@ -21,8 +21,9 @@
    ../../modules/nixos/steam.nix
  ];

+  hardware.nvidia-container-toolkit.enable = true;
  tux.services.openssh.enable = true;
-
+  tux.packages.distrobox.enable = true;
  nixpkgs.config.cudaSupport = true;

  sops.secrets = {
--- a/hosts/canopus/home.nix
+++ b/hosts/canopus/home.nix
@@ -77,7 +77,6 @@
    copyq
    vlc
    tor-browser
-    distrobox
    bluetui
    impala
  ];
@@ -91,12 +90,14 @@
      "Videos"
      "Projects"
      "Stuff"
+      "Distrobox"
      "go"
      ".mozilla"
      ".ssh"
      ".wakatime"
      ".rustup"
      ".cargo"
+      ".steam"
      ".cache/spotify-player"
      ".config/BraveSoftware"
      ".config/copyq"
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -15,7 +15,9 @@
    ../../modules/nixos/selfhosted/upstream-proxy.nix
    ../../modules/nixos/selfhosted/tfolio.nix
    ../../modules/nixos/selfhosted/cyber-tux.nix
+    ../../modules/nixos/selfhosted/containers/aiostreams.nix
    ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/distrobox.nix
  ];

  sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
  home-manager = {
    backupFileExtension = "hm-backup";
    useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs username email;};
+    extraSpecialArgs = {
+      inherit
+        inputs
+        outputs
+        username
+        email
+        ;
+    };
    users.${username} = {
      imports = [
        ./home.nix
--- a/hosts/common/secrets.yaml
+++ b/hosts/common/secrets.yaml
@@ -1,88 +1,88 @@
-tux-password: ENC[AES256_GCM,data:L7f+qd79ahu5IFEND4vAuJYyeZGWi6tAwjCA3yeDprskPlN3sVv4L9Cgr9fLBsebrIkooEETTMWaTpCej0C3ke0RG6EtqUhzvg==,iv:fhovTgvUBgWr+Nj2eNVDs0gVla76+qwQBJzrBRE8paw=,tag:3QGPvJddrFN2RIrVKAkLmg==,type:str]
+tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str]
 sops:
    age:
        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyOG0wQWgzK0Y5L1FjUEpU
-            SGp6U1lybEFxTTVLemRqL0JjbGpvc1doVENZCjl5TGJYSENHQURmRnZzb05xMUhZ
-            QjU0QUE1WGQ0RW11YTRVazBlLzV5TkUKLS0tIFBDQTdyaU9tdjFpakRlK1JBSWdZ
-            K3NZak1iY0o1V3NvTWE5c2VKaGZiTG8K1B2VOTKmMO2p4eEnXhNhUtz5RthSwMNB
-            W/z5bPzrR+NB1QDvILmxE+aVNqmaW0t5WsCh62ygvDQHDj8wczZtGA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6
+            Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO
+            R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK
+            WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS
+            Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc0l6YndBd3kxTmFkRXpC
-            bmRta0RtOVhPRjdCd0lGSzVDS2Yza0IxZW1nCk1KcVNzYUxiTC9xd3BBRUg1WldI
-            SUtEdWNkK1ZBVzlwWWRjZHRVeDArRTAKLS0tIFBlWitJQzZPbWc5Si9obkhHTzI2
-            RG9mOFFBSGJwZmoxcWQvQnlXQnprNFEK3/Ndje4n5v045bO7nU0Sf6xk6RZCjvZu
-            75kpDXhmvwwMfJYYyuemLKoK8Erxjr1vXJ0xmwErNHsdEEcDFbZhaw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj
+            RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03
+            T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr
+            UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r
+            x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZCtXcGdtVVFDZkNwQnFu
-            dk5YbG1yQnFNY3NjNXFrZU5GU3dmQ1FWTmprCnAzc1lhUEFPb1Y1bmQza1lybkhV
-            YzU5Q1JUUXdQYXB4STZVZ0xCUC96ZUUKLS0tIHByZndVaUVyaU1kcXl3QjFlWS9M
-            Sk54K1VrSnFrZjBuNFkxUndlQWwrUDQKy/kdRKVVtFyROJU6jElBruzrWWuH6o0q
-            gbelOOKYLOoj5dvPfIuBoBNXe7xKs9w76PY4Fm7M1U1SXs/XRnigTw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV
+            MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV
+            VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0
+            b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA
+            CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NktQRmw1Qlh2U2FhSGta
-            WEczbENZWnBzWldNRVA0UWppYW5sYytacXprClJqVUFaTCtCWFFmN25BUWwrSlZx
-            S1ZQK2ErNEhDYjRycVZob083ZERSaWcKLS0tIFBNTTByWEVMTzZCLys5d3VCRnph
-            VVBqUHN5dWlnNDlUYWhLcndKcFVhMVUKaxhoANxILZ+lBGwyf1s7uJKqHeHEtDK1
-            SS7yqtB7bn93EjjlkKsmRk1GSyh91KxxUuFphWagbned8FnrwTUdRA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F
+            d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT
+            V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1
+            Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA
+            C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMnhhL1h4UGg4NVNTTGFq
-            N0FkZDMyZnMvc3hPeFZScmsvNWg5ZGc2aVFNCkVlbkFZQWFjVE5KcVJMNjVqTWFr
-            YXFOblRyTlVNYTZZVzRPN0N4enA0aXMKLS0tIFBFU1duNExtenVYNU4xYitYbS9t
-            VUFPYzlWa000NkdiMG5aVUhXMDZLaUEKHVpkfUiRCgtffRfVeCYyUSd8GG4unYNA
-            Nk8ctjKYhzzMW4VNM3QVm4txOxEILIaJtDoqF2klpMIIaYhucNLppA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE
+            NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16
+            V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx
+            aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4
+            i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWR1F3ejVWdUgxNFhKQlkv
-            dlVSdk9qZFpMNDV1R0hGdG5vOGpsUTl5TTBzCmVLWWIrOXJ2b3QrS3puUU5oeW9s
-            YWNhTE5nUFg1WTNoVUVxTW5QT0FjMHcKLS0tIFMxdEh6dVRyZkZPazQ0TGZBUFJM
-            QmFEMTlFZTFya21tSkJOeGhLVlBpRG8KHoGPNjwXdTIOUwuMnVAo4i7koWTE083b
-            svpVUzC4KHfyrAJL8dR0RRPKejBKSgQny8P+CNkjLfyp+19GyPkIvQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R
+            QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv
+            bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6
+            Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o
+            /+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPV0JmTlR6dFpBZHR6SFk0
-            aXRVNk9qOERWQUtnNGhlUjJHTmkwQSt2RXlBCnFvYVVQTG8vSHFIRXFxZm94QmU0
-            aEF6V1hadlFQNHBGK1dkK08wMU1yY0EKLS0tIGNkbVdvUGxjRHh3NjBMNjFmeE5k
-            cUsrZjRRcW1tRXJDcVdUVG1ZQnM2Z2cKy4ikF/Cmi4bfv9LHQ8jWY4QT/M1lGdVd
-            5x0hx8q0nB24yBUUxqTm601CbSm1bBiha/t0wVZU/MU1b4p4SFJhxA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4
+            T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G
+            ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG
+            ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr
+            cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z
+        - recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCVXNvWitpb1pESStMazUv
-            aTBhUG8xbjNrYVZFVm1Nei80Y3NCUXdJUGkwCm9yK3UyTHFrV2grMW93ZHVrZlMy
-            V29mZnYrT2F1QnlJUUdDVU5FdVd4RkkKLS0tIFVSZmIwRHJTV0FFTE9aRU5pVDkx
-            T1NIZG8zdC8vVFRKZHp3TWFvb2hoTzQK5bTrc1bb2t9xXIDZw5YrWT9Lv0EWtJCE
-            xN52eUVI2/XXuExI7XcI5JfDNGynagzkj++QYwoH9TNQHqlRMBYOwA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr
+            aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp
+            QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2
+            emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx
+            XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBS3F2UnlDMkpJdEdDZEs4
-            eldVU1BNUXVNdjR3cHhNc0libnBZQXNmVUZ3CkFOOUpmVXgzcllDTWFEaEZTTm5W
-            OW1lRFJSWFFtU205d1habWp1VExIWEkKLS0tIHhXOGJQZWlvUUVLUnBuQTdQMXB0
-            aW5FRkNWR2QySXVXZ0I2Ky9rNHUxNzgK2S5OgrP0o4hko5VPyCv9Mzb48BSkL+9A
-            H872Z+Nu6kephicg4gewqtJvLvE4wrUyXXzza1O7Q9VHuE1BQqw72A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw
+            aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv
+            QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G
+            bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL
+            5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-27T17:05:12Z"
-    mac: ENC[AES256_GCM,data:gyvhzdjSc8Wjv+IroaiMXMzNCSrFjpK07i7w0hs6bSKzvNtpIbwf7+tgFISe5dXrEq9HD+Z1JC6xwo45V+XAyguXUXa37YoCM5aG41f/LMCsoGQYsEPuq6djeraKXEfElQbGnjZOjHxy/nNlgiyuqze9+AScG+JsKr/DOd2+ACw=,iv:yGHLJw39HRujbcRB/2dDWaec/6GmSAUVnKUvjlCiGY0=,tag:/M9iuG8aegOK5Spa2uM30Q==,type:str]
+    lastmodified: "2025-11-04T09:28:17Z"
+    mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/hosts/homelab/default.nix
+++ b/hosts/homelab/default.nix
@@ -156,6 +156,7 @@
    ];
  };

+  users.users.${username} = {linger = true;};
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/hosts/node/default.nix
+++ b/hosts/node/default.nix
@@ -1,15 +1,16 @@
 {
  inputs,
  username,
-  lib,
  ...
-}: {
+}:
+{
  imports = [
    inputs.disko.nixosModules.default

    (import ./disko.nix {
      device = "/dev/nvme0n1";
      device2 = "/dev/nvme1n1";
+      device3 = "/dev/sda";
    })
    ./hardware.nix

@@ -28,7 +29,13 @@
    };
    firewall = {
      enable = true;
-      allowedTCPPorts = [22];
+      allowedTCPPorts = [
+        22
+        8545
+        8546
+        9545
+        9546
+      ];
    };
  };

--- a/hosts/node/disko.nix
+++ b/hosts/node/disko.nix
@@ -1,6 +1,7 @@
 {
  device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
  device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
+  device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1",
  ...
 }: {
  disko.devices = {
@@ -45,6 +46,23 @@
          };
        };
      };
+      hdd = {
+        type = "disk";
+        device = "${device3}";
+        content = {
+          type = "gpt";
+          partitions = {
+            data = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/mnt/hdd";
+              };
+            };
+          };
+        };
+      };
    };
    mdadm = {
      raid0 = {
--- a/hosts/sirius/default.nix
+++ b/hosts/sirius/default.nix
@@ -12,7 +12,10 @@
    ../../modules/nixos/virtualisation/docker.nix
  ];

-  hardware.nvidia-container-toolkit.suppressNvidiaDriverAssertion = true;
+  hardware.nvidia-container-toolkit = {
+    enable = true;
+    suppressNvidiaDriverAssertion = true;
+  };

  tux.services.openssh.enable = true;

--- a/hosts/vega/default.nix
+++ b/hosts/vega/default.nix
@@ -56,6 +56,7 @@
    enable = false;
  };

+  users.users.${username} = {linger = true;};
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@@ -91,6 +91,7 @@
    ];
  };

+  users.users.${username} = {linger = true;};
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/modules/home/desktop/hyprland/hyprpaper.nix
+++ b/modules/home/desktop/hyprland/hyprpaper.nix
@@ -8,11 +8,11 @@
      splash_offset = 2.0;

      preload = [
-        "~/Wallpapers/mountain.jpg"
+        "~/Wallpapers/new/sunset-pixel.png"
      ];

      wallpaper = [
-        ", ~/Wallpapers/mountain.jpg"
+        ", ~/Wallpapers/new/sunset-pixel.png"
      ];
    };
  };
--- a/modules/nixos/distrobox.nix
+++ b/modules/nixos/distrobox.nix
@@ -0,0 +1,112 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.packages.distrobox;
+in {
+  options.tux.packages.distrobox = {
+    enable = mkEnableOption "Enable DistroBox";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      distrobox
+
+      (writeShellScriptBin "dbox-create" ''
+        #!/usr/bin/env bash
+
+        # 1. Initialize variables
+        IMAGE=""
+        NAME=""
+
+        # Array to hold optional arguments (like volumes)
+        declare -a EXTRA_ARGS
+
+        # 2. Parse arguments
+        while [[ $# -gt 0 ]]; do
+          case $1 in
+            -i|--image)
+              IMAGE="$2"
+              shift 2
+              ;;
+            -n|--name)
+              NAME="$2"
+              shift 2
+              ;;
+            -p|--profile)
+              echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
+              # Add volume flags to the array
+              EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
+              shift 1
+              ;;
+            *)
+              echo "Unknown option $1"
+              exit 1
+              ;;
+          esac
+        done
+
+        if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
+            echo "Usage: dbox-create -i <image> -n <name> [-p]"
+            exit 1
+        fi
+
+        # 3. Define the custom home path
+        CUSTOM_HOME="$HOME/Distrobox/$NAME"
+
+        echo "------------------------------------------------"
+        echo "Creating Distrobox: $NAME"
+        echo "Location: $CUSTOM_HOME"
+        echo "------------------------------------------------"
+
+        # 4. Run Distrobox Create
+        # We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
+        ${pkgs.distrobox}/bin/distrobox create \
+          --image "$IMAGE" \
+          --name "$NAME" \
+          --home "$CUSTOM_HOME" \
+          "''${EXTRA_ARGS[@]}"
+
+        # Check exit code
+        if [ $? -ne 0 ]; then
+            echo "Error: Distrobox creation failed."
+            exit 1
+        fi
+
+        # 5. Post-Creation: Symlink Config Files
+        echo "--> Linking configurations to $NAME..."
+
+        # Helper function to symlink
+        link_config() {
+            SRC="$1"
+            DEST="$2"
+            DEST_DIR=$(dirname "$DEST")
+
+            # Create parent directory if it doesn't exist
+            mkdir -p "$DEST_DIR"
+
+            if [ -e "$SRC" ]; then
+                # ln -sf: symbolic link, force overwrite
+                ln -sf "$SRC" "$DEST"
+                echo "    [LINK] $DEST -> $SRC"
+            else
+                echo "    [SKIP] $SRC not found on host"
+            fi
+        }
+
+        # Create Symlinks
+        link_config "$HOME/.zshrc"                "$CUSTOM_HOME/.zshrc"
+        link_config "$HOME/.zshenv"               "$CUSTOM_HOME/.zshenv"
+        link_config "$HOME/.config/fastfetch"     "$CUSTOM_HOME/.config/fastfetch"
+        link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
+
+        echo "--> Done! Enter via: distrobox enter $NAME"
+      '')
+    ];
+  };
+}
--- a/modules/nixos/selfhosted/containers/aiostreams.nix
+++ b/modules/nixos/selfhosted/containers/aiostreams.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.containers.aiostreams;
+in {
+  options.tux.containers.aiostreams = {
+    enable = mkEnableOption "Enable AIOStreams";
+
+    port = mkOption {
+      type = types.int;
+      default = 3000;
+    };
+
+    environment = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
+
+    environmentFiles = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.aiostreams = {
+      autoStart = true;
+      image = "ghcr.io/viren070/aiostreams:latest";
+      ports = [
+        "${toString cfg.port}:3000"
+      ];
+
+      environment = cfg.environment;
+      environmentFiles = cfg.environmentFiles;
+    };
+
+    services.nginx.virtualHosts = {
+      "${cfg.environment.ADDON_ID}" = {
+        forceSSL = true;
+        useACMEHost = "tux.rs";
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/selfhosted/nextcloud.nix
+++ b/modules/nixos/selfhosted/nextcloud.nix
@@ -19,7 +19,7 @@
    nextcloud = {
      enable = true;
      hostName = "cloud.tux.rs";
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud32;
      database.createLocally = true;
      configureRedis = true;
      maxUploadSize = "16G";
--- a/modules/nixos/selfhosted/umami.nix
+++ b/modules/nixos/selfhosted/umami.nix
@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  services = {
+    umami = {
+      enable = true;
+      settings = {
+        APP_SECRET_FILE = config.sops.secrets.umami.path;
+        PORT = 4645;
+      };
+      createPostgresqlDatabase = true;
+    };
+
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "umami.tux.rs" = {
+          forceSSL = true;
+          useACMEHost = "tux.rs";
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/virtualisation/docker.nix
+++ b/modules/nixos/virtualisation/docker.nix
@@ -8,8 +8,6 @@
    docker.enable = true;
  };

-  hardware.nvidia-container-toolkit.enable = true;
-
  environment.systemPackages = with pkgs; [lazydocker];

  users.users.${username}.extraGroups = ["docker"];
Author	SHA1	Message	Date
tux	7772514fce	feat: setup distrobox module	2025-11-22 06:13:15 +05:30
tux	71cc3c3e7f	feat(node): enable firewall for additional ports	2025-11-14 20:37:51 +05:30
tux	f3063dd250	feat: add umami	2025-11-14 14:13:37 +05:30
tux	abd2134a2a	feat: add aiostreams	2025-11-14 12:36:34 +05:30
tux	f033f3406a	feat(canopus): change wallpaper	2025-11-14 04:05:04 +05:30
tux	eb95321b42	feat: add steam to persist dir	2025-11-14 04:04:52 +05:30
tux	50549a7ab3	feat: migrate node	2025-11-04 15:00:36 +05:30
tux	7b25ac4f30	feat: upgrade to nextcloud 32	2025-11-03 20:17:52 +05:30
tux	dbb226713d	docs: update README.md	2025-10-29 23:29:15 +05:30
tux	b59a134631	feat(hosts): enable user linger for services	2025-10-29 13:37:35 +05:30
tux	b8209290f7	refactor(hosts): consolidate nvidia-container-toolkit configuration	2025-10-29 12:31:26 +05:30