feat(sirius): enable interop

.sops.yaml

@@ -9,6 +9,7 @@ keys:
     - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
     - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
     - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
+    - &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
     - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
 
 creation_rules:
@@ -22,6 +23,7 @@ creation_rules:
           - *arcturus
           - *alpha
           - *vega
+          - *node
           - *capella
   - path_regex: hosts/sirius/secrets.yaml$
     key_groups:

README.md

@@ -22,48 +22,132 @@
 
 ## Hosts
 
-|     | Hostname   | Board             | CPU                | RAM  | GPU                       | Purpose                                                                            |
+|     | Hostname   | Board             | CPU                | RAM   | GPU                       | Purpose                                                                          |
-| --- | ---------- | ----------------- | ------------------ | ---- | ------------------------- | ---------------------------------------------------------------------------------- |
+| --- | ---------- | ----------------- | ------------------ | ----- | ------------------------- | -------------------------------------------------------------------------------- |
-| 🖥️  | `sirius`   | MSI X570-A Pro    | Ryzen 7 5700X3D    | 64GB | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux.                        |
+| 🖥️  | `sirius`   | MSI X570-A Pro    | Ryzen 7 5700X3D    | 64GB  | RTX 3080 TI + RTX 3060 TI | Triple-monitor desktop running Windows Subsystem for Linux.                      |
-| 💻  | `canopus`  | Asus Zephyrus G15 | Ryzen 9 5900HS     | 16GB | RTX 3060                  | Optimized for productivity on the go and some gaming.                              |
+| 💻  | `canopus`  | Asus Zephyrus G15 | Ryzen 9 5900HS     | 16GB  | RTX 3060                  | Optimized for productivity on the go and some gaming.                            |
-| ☁️  | `homelab`  | Minisforum MS-A1  | Ryzen 7 8700G      | 32GB | Radeon 780M               | WIP                                                                                |
+| ☁️  | `homelab`  | Minisforum MS-A1  | Ryzen 7 8700G      | 32GB  | Radeon 780M               | WIP                                                                              |
-| ☁️  | `arcturus` | KVM               | 4 Core             | 8GB  |                           | Primary server responsible for exposing my homelab applications to the internet.   |
+| ☁️  | `arcturus` | KVM               | 4 Core             | 8GB   |                           | Primary server responsible for exposing my homelab applications to the internet. |
-| ☁️  | `alpha`    | KVM               | 4 Core             | 4GB  |                           | Monitors uptime and health status of all services across the infrastructure.       |
+| ☁️  | `alpha`    | KVM               | 4 Core             | 4GB   |                           | Monitors uptime and health status of all services across the infrastructure.     |
-| 🥔  | `vega`     | Raspberry Pi 3B+  | Cortex A53         | 1GB  |                           | Running AdGuard Home for network-wide ad blocking.                                 |
+| 🥔  | `vega`     | Raspberry Pi 3B+  | Cortex A53         | 1GB   |                           | Running AdGuard Home for network-wide ad blocking.                               |
-| 📱  | `capella`  | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB | Adreno 830                | Primary mobile for daily usage. (Locked)                                           |
+| 📱  | `capella`  | Samsung S25 Ultra | Snapdragon 8 Elite | 12GB  | Adreno 830                | Primary mobile for daily usage. (Locked)                                         |
-| 📱  | `rigel`    | Motorola Edge 30  | Snapdragon 778G+   | 8GB  | Adreno 642L               | Secondary mobile for some fun. (Rooted)                                            |
+| 📱  | `rigel`    | Motorola Edge 30  | Snapdragon 778G+   | 8GB   | Adreno 642L               | Secondary mobile for some fun. (Rooted)                                          |
-| ☁️  | `node`     | KVM               | i9-13900           | 64GB |                           | Running Ethereum and BSC nodes. Currently in the process of migrating from Ubuntu. |
+| ☁️  | `node`     | ASRock B565D4     | Ryzen 9 5950X      | 128GB |                           | Running Ethereum and BSC nodes.                                                  |
 
 ## Installation
 
-Boot into NixOS bootable USB and then enter the following commands
+> [!NOTE]  
+> This will get your base system ready, but keep in mind that many things might not work correctly — such as monitor resolution, font size, and more.
+
+### Prerequisites
+
+Boot into the NixOS bootable USB before proceeding with the installation steps.
+
+### Installation Steps
+
+#### 1. Clone the repository
+
+```bash
+git clone https://github.com/tuxdotrs/nix-config.git
+cd nix-config
+```
+
+#### 2. Gain root privileges
+
+```bash
+sudo su
 
 ```
-# Clone this repositry
-git clone https://github.com/tuxdotrs/nix-config.git
 
-# Navigate to the repository directory
+#### 3. Set up disk partitioning
-cd nix-config
 
-# Install disko for disk partitioning
+Install the required tools:
-nix-shell -p disko
 
-# Partition the disk and make sure to replace DISK_PATH (eg. /dev/vda)
+```bash
+nix-shell -p disko neovim
+```
+
+Partition your disk using disko. **This will wipe your drive.** Replace `DISK_PATH` with your actual disk path (e.g., `/dev/vda` or `/dev/nvme0n1`):
+
+```bash
 disko --mode disko ./hosts/canopus/disko.nix --arg device '"DISK_PATH"'
+```
 
-# Generate the hardware.nix file for your system
+#### 4. Configure your disk
+
+Edit the configuration file:
+
+```bash
+nvim ./hosts/canopus/default.nix
+```
+
+In the imports statement, replace:
+
+```nix
+(import ./disko.nix {device = "/dev/nvme0n1";})
+```
+
+with:
+
+```nix
+(import ./disko.nix {device = "DISK_PATH";})
+```
+
+Make sure to replace `DISK_PATH` with your actual disk path.
+
+#### 5. Generate hardware configuration
+
+```bash
 nixos-generate-config --no-filesystems --root /mnt
+```
 
-# Replace the hardware.nix with generated one
+Copy the generated hardware configuration to the repository:
+
+```bash
 cp /mnt/etc/nixos/hardware-configuration.nix ./hosts/canopus/hardware.nix
+```
 
-# Install
+#### 6. Install NixOS
+
+```bash
 nixos-install --root /mnt --flake .#canopus
+```
 
-# Reboot to your beautiful DE
+#### 7. Enter into the new system
+
+```bash
+nixos-enter --root /mnt
+```
+
+#### 8. Set up directories and permissions
+
+```bash
+mkdir -p /persist/home
+chown -R tux:users /persist/home
+```
+
+#### 9. Set passwords
+
+Set the root password:
+
+```bash
+passwd root
+```
+
+Set the user password:
+
+```bash
+passwd tux
+```
+
+#### 10. Reboot
+
+```bash
 reboot
 ```
 
+Your NixOS system should now boot into a beautiful DE.
+
 ## Components
 
 |               | Wayland  | Xorg             |

flake.nix

@@ -66,6 +66,7 @@
       alpha = nixosSystem (mkNixOSConfig "alpha");
       sirius = nixosSystem (mkNixOSConfig "sirius");
       vega = nixosSystem (mkNixOSConfig "vega");
+      node = nixosSystem (mkNixOSConfig "node");
       vps = nixosSystem (mkNixOSConfig "vps");
       isoImage = nixosSystem (mkNixOSConfig "isoImage");
       homelab = nixosSystem (mkNixOSConfig "homelab");
@@ -85,6 +86,7 @@
         alpha = mkNixOSNode "alpha";
         sirius = mkNixOSNode "sirius";
         vega = mkNixOSNode "vega";
+        node = mkNixOSNode "node";
         homelab = mkNixOSNode "homelab";
         capella = mkDroidNode "capella";
         rigel = mkDroidNode "rigel";
@@ -166,5 +168,6 @@
     impermanence.url = "github:nix-community/impermanence";
     deploy-rs.url = "github:serokell/deploy-rs";
     nixcord.url = "github:kaylorben/nixcord";
+    lan-mouse.url = "github:feschber/lan-mouse";
   };
 }

hosts/alpha/default.nix

@@ -153,6 +153,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/arcturus/default.nix

@@ -19,7 +19,7 @@
     ../../modules/nixos/selfhosted/headscale.nix
     ../../modules/nixos/selfhosted/vaultwarden.nix
     ../../modules/nixos/selfhosted/gitea.nix
-    ../../modules/nixos/selfhosted/plausible.nix
+    ../../modules/nixos/selfhosted/umami.nix
     ../../modules/nixos/selfhosted/monitoring/grafana.nix
     ../../modules/nixos/selfhosted/monitoring/loki.nix
     ../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -35,6 +35,18 @@
   ];
 
   tux.services.openssh.enable = true;
+  tux.containers.aiostreams = {
+    enable = true;
+    port = 4567;
+    environment = {
+      ADDON_ID = "aiostreams.tux.rs";
+      BASE_URL = "https://aiostreams.tux.rs";
+    };
+
+    environmentFiles = [
+      config.sops.secrets."aiostreams".path
+    ];
+  };
 
   sops.secrets = {
     borg_encryption_key = {
@@ -81,6 +93,14 @@
     "cs2_secrets/CS2_PW" = {
       sopsFile = ./secrets.yaml;
     };
+
+    aiostreams = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    umami = {
+      sopsFile = ./secrets.yaml;
+    };
   };
 
   nixpkgs = {
@@ -144,7 +164,13 @@
 
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443 22 3333 8081];
+      allowedTCPPorts = [
+        80
+        443
+        22
+        3333
+        8081
+      ];
     };
   };
 
@@ -207,6 +233,9 @@
     ];
   };
 
+  users.users.${username} = {
+    linger = true;
+  };
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/arcturus/secrets.yaml

@@ -11,11 +11,9 @@ cs2_secrets:
     SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
     CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
     CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
+aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
+umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -35,8 +33,7 @@ sops:
             NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
             uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-24T12:59:25Z"
+    lastmodified: "2025-11-14T08:22:34Z"
-    mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
+    mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.11.0

hosts/canopus/default.nix

@@ -21,8 +21,9 @@
     ../../modules/nixos/steam.nix
   ];
 
+  hardware.nvidia-container-toolkit.enable = true;
   tux.services.openssh.enable = true;
-
+  tux.packages.distrobox.enable = true;
   nixpkgs.config.cudaSupport = true;
 
   sops.secrets = {
@@ -60,7 +61,7 @@
       ];
 
       # Facilitate firewall punching
-      allowedUDPPorts = [41641];
+      allowedUDPPorts = [41641 4242];
 
       allowedTCPPortRanges = [
         {
@@ -183,7 +184,6 @@
   programs = {
     ssh.startAgent = true;
     xfconf.enable = true;
-    file-roller.enable = true;
     thunar = {
       enable = true;
       plugins = with pkgs.xfce; [
@@ -193,7 +193,7 @@
     };
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
     nm-applet.enable = true;
     noisetorch.enable = true;
@@ -235,14 +235,6 @@
       openDefaultPorts = true;
     };
 
-    xserver = {
-      enable = true;
-      xkb = {
-        layout = "in";
-        variant = "eng";
-      };
-    };
-
     libinput.touchpad.naturalScrolling = true;
     libinput.mouse.accelProfile = "flat";
 

hosts/canopus/home.nix

@@ -11,7 +11,7 @@
     ../../modules/home/wezterm
     ../../modules/home/ghostty
     ../../modules/home/desktop/rofi
-    ../../modules/home/barrier
+    ../../modules/home/lan-mouse
     ../../modules/home/firefox
     ../../modules/home/brave
     ../../modules/home/vs-code
@@ -28,6 +28,7 @@
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   qt = {
@@ -76,7 +77,6 @@
     copyq
     vlc
     tor-browser
-    distrobox
     bluetui
     impala
   ];
@@ -90,12 +90,14 @@
       "Videos"
       "Projects"
       "Stuff"
+      "Distrobox"
       "go"
       ".mozilla"
       ".ssh"
       ".wakatime"
       ".rustup"
       ".cargo"
+      ".steam"
       ".cache/spotify-player"
       ".config/BraveSoftware"
       ".config/copyq"

hosts/common/default.nix

@@ -15,7 +15,9 @@
     ../../modules/nixos/selfhosted/upstream-proxy.nix
     ../../modules/nixos/selfhosted/tfolio.nix
     ../../modules/nixos/selfhosted/cyber-tux.nix
+    ../../modules/nixos/selfhosted/containers/aiostreams.nix
     ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/distrobox.nix
   ];
 
   sops.secrets.tux-password = {
@@ -48,7 +50,14 @@
   home-manager = {
     backupFileExtension = "hm-backup";
     useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs username email;};
+    extraSpecialArgs = {
+      inherit
+        inputs
+        outputs
+        username
+        email
+        ;
+    };
     users.${username} = {
       imports = [
         ./home.nix

hosts/common/secrets.yaml

@@ -1,79 +1,88 @@
-tux-password: ENC[AES256_GCM,data:68ZXKJMBBLV1mkNP9LFf+xC5arsARqKPFQAtmfag3ftip1suuZ1FmQICqsuCqXgGuwcSfH4ACkuiQ769u4aI7+jPxs0A62hFig==,iv:Yx9EfqChjBtgxxkWmayfKWoE498w4wUYoS353cMUMsI=,tag:Zr3KuIiXsi2VahRZ7Ncpig==,type:str]
+tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str]
 sops:
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWblJrWjErZC81d1IzTHV6
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6
-            ZUkwTEhRdVdTTlJQb1pocnpnSkdZSWNTelVFCkJLR3VwT2dwM3IydCtkZ24yLzVF
+            Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO
-            ei9xMG51djNldnZkSnVqeEtsVFNSMkEKLS0tIGNEdi9OV0ZjVW93SUUyVURpT2tR
+            R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK
-            U3ZybTNac1JvVW9zTy9ocE5FUkpQTjAK2lAp5MC3B779uSWaOOxbnfdAa9xYDCL2
+            WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS
-            TloXlxfuYKe0j9Z2TIlYOa6z+/m8upOpE42Ux0qjZprE1LBq3g5uMA==
+            Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZGdNSG5ER0JxbWhNanJU
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj
-            WGlCZlIyT3JLWnFkSnBaakkyMXZBU0o0cjFVCml5VDB2d2dJTGkvVDh5M1NweXl1
+            RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03
-            ajl3R2RUWmtwWU5RUlpsVFIvM3R0cUUKLS0tIFNkbmtrRGdrcUFibDlldncrbjg2
+            T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr
-            TWJ1UFh5RnI2VDRocnZ0VVNmd2JRSVEKmqNV4dADO9ZxTjlDgMC5fNdioJrO6vrN
+            UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r
-            vTg3lTrwOTZ/TCg9PS2T5QEX9fZh2UthCEisPO7p1Q81Gyk7ySg2ow==
+            x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWRuaHIvT3BSZ2M0OUla
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV
-            YWhSa2Q5SDJNbkRLQUZxaVFISmJENTIxc0hrCjlKTVBCK2g2WWNNNlNJQ25sMjVY
+            MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV
-            TURsSkNsbTQwRGlyU3NySis5azNvTVUKLS0tIGZHUEh3NHMyVXN5T0pXOWpOT1JP
+            VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0
-            UmZSM1J0elprbVBUZzU5QjVLRnVxNWsKFVdUQcKiHaSDR2+GqafXvoRQ0yyiKMcy
+            b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA
-            /UP/yCMoNUYIpiv4ocRhtDj4QrrO6NdJJTUifMkB9I1B6R7B7NG/gw==
+            CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeEpwakIyMkRYN1c0bUNy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F
-            eDFpUGlkTW02NWE1VlYxYnNsQTJ1NHIyWVY4ClI3VHlSWW1IK3I3SHY5YXN5S09q
+            d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT
-            OU5aSXVXU0FVU1VrNGlCTzFKWm95ZkkKLS0tIGV0Sy9LYlBuTm4xa2Zkc3JoaWo0
+            V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1
-            ZXllYnMwaXBXTW5vVVhoNXVFcEwvdlEKbuiT2/Isi3nsx/r3whpX6RiLEtsLMm6f
+            Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA
-            2A3bKpz1+MUupE6umEIBCXc+k58W6VhBkdrMxGtxZt1ZeA8ftz4bVA==
+            C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFUwbXoyUnZGMElMdldX
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE
-            UkJseC9XWEU3Vks2eGdYbHFjUjZMUVVGbkY0ClNIWFMvWEl1eDRncEt1dy9iVS81
+            NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16
-            ZE1rN25lR0w0Wno2OHZDZTRhSTVXVDgKLS0tIG9jNmFkdGxoRmRCT1RJQjVlOUJa
+            V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx
-            R0kxbllzMXZML1J6MitXSGhSTkF0MEkK8g7s87t956UTDtQO+IUEXe2B6WNM+KfH
+            aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4
-            aRobwCjvXcv5I8G+gkNll23MYlLMBRZ1qkeq24R0xA7cMYXj5APUsA==
+            i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bTBEck44R2ZxS0M3Ris1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R
-            VllxeEgyTjRWcHp3RUdpMytFQ0podkxXT1JrCi9VU2U2SHFrd1dPb3RESkQ4OGhi
+            QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv
-            RjZVVTZWQUVXSUxqaG5KVkJxQ0RCQncKLS0tIDJiVGpIU0NjelVCZkloOGhxQTdV
+            bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6
-            eHlaVm9iUFk2YThXZnU5SVpHUVVHbkEKcmUvbINRqmkkvXyyskNJ4eYD7VdQnxqg
+            Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o
-            7VuWV7zUK5ZVPv9kJiUl3OB3vNU8U15sNIdAjCp8//RtNkRyDJMgEQ==
+            /+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVjU1Vy9tMkp5MS96Si9v
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4
-            bnB4OHpzdktPeStYZHFZTXVmSWphMkxFQkRZCjEvTEpZY1I4TWNlM0c4Wi9nUVhx
+            T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G
-            dktvOXdXQ0M1YzhVU3BlOUZ4Tjkrd28KLS0tIC9NT0NKZTd0VUVUQTB6UHhDSVVw
+            ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG
-            eFM1Q1JOVXZoSXltRVZpaTNTUWhNa3MKFoY5bWWQS9qh0j8sgIgRA4jT6sl0xRkC
+            ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr
-            Tu0WUz344TzkJFuy7MgOpviQMqAijmbyYjaRSdS3CLGHvTKY8GcpOA==
+            cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr
+            aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp
+            QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2
+            emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx
+            XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYlpXRGNpQVZTQ3hZK2lr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw
-            L2xodmhycTlRczN1c2Zib3RoeGlxQTAwTVRRCkJ1aWc3bzAyNnlMbUhuK2YwTXBq
+            aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv
-            Q1VhUUtWWXU0RXY2NG5jMG90dis4bEUKLS0tIHlkRkdCV0ZvU2pLZDRlN2h6c0JO
+            QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G
-            TTNtbGY1UWV5K3VQWjk5WlgyNUd1UVkK+XeX8vK4K2DJaWtFE91YGg/58M09rwuj
+            bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL
-            VVcMIPPPO1+KD16HTe1b8bVPeNfpIj9p3ybew3ILducyrYiRrxzGwg==
+            5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-10T10:14:47Z"
+    lastmodified: "2025-11-04T09:28:17Z"
-    mac: ENC[AES256_GCM,data:fmBWLOOCvJLfKSNG14zd9cBEa9+M4dJ7UtR+SZfGEcoGtBPmX1c6ZR8OgB+I45WkpT+Ho8kwQMcnD0n6IWzg946OEzIZjNuCds/wM1cCd3LjjlqwKnN1QGL5DNSIyi5CFzrjvvFtZCsw2acNjxtK86JujhpOivdVKC/kGkJzF0M=,iv:g0jXzrtU53YpW/NIb8ulmOGSJIXMA1Wady6DlOMA9aU=,tag:zf7WmNNYcFO9Rtynm5vaUg==,type:str]
+    mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0

hosts/homelab/default.nix

@@ -23,6 +23,21 @@
     discord_token = {
       sopsFile = ./secrets.yaml;
     };
+
+    hyperbolic_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    gemini_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    open_router_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
   };
 
   tux.services.cyber-tux = {
@@ -109,7 +124,7 @@
   programs = {
     nix-ld = {
       enable = true;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
   };
 
@@ -141,6 +156,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/homelab/secrets.yaml

@@ -1,9 +1,8 @@
 discord_token: ENC[AES256_GCM,data:fZqz6LD3+Svtton5gNCXO5ddWAqW1IyxP3M2DAIXZEIYRHUfAq8h9LES2IHWepjl5qKimxB35zacE/TYK2fitngWtRGVoMDBzzU6VTKNulNV3yFWrPA=,iv:YOplYld+c9vHVC0Srfm89qrh4yUygDiW67X2TdwHKMc=,tag:Ioc2wNLX818fRQ/2PSO7Sw==,type:str]
+hyperbolic_api_key: ENC[AES256_GCM,data:t8xjjzhgvM9BXiB5jDc2RR384d+mL5zXr+/obDLMm2J+IN+Xw9fr4iz50CTQ5ZMWWMoPjxzY5vgiJ+h71BsDRM0TvBMWuXd2ihKOIZOVo6OQmCX/SeKUgkjunFqz+YKcxsLsF7ZG/tOgWGqMmxom8iGV7LELKG/8MLDCF50YgJNO568MJMUU,iv:Cf+mSG2dxsRclDy8k7gK+hi+Qd5J7wqfS9SQztRob80=,tag:Io4aAFa29SUsfuPFI2/+DA==,type:str]
+gemini_api_key: ENC[AES256_GCM,data:GJWo7dXSaUbl2Q9h+Sc1sRF0g+82LyHk3mKFqDaBmRdalvyGwMvp,iv:odLpACXHVqxWIj7e/u6AY1pxjYX+e10Lezne1BlHl60=,tag:qO3zcz/93eHuEzG66zwwdA==,type:str]
+open_router_api_key: ENC[AES256_GCM,data:ETiZEngQRnOrJtDXSDfBanzbUyThTAu9BSQCL1tuVv07CCWJaXUui9Y0kS9oIO5to655FON3C0RxovTGx6rWQwOMKeEn5bHUHA==,iv:ePJzHKFWddkLGfydPi6uEzvksm7Djln/DBV88Jc1ugA=,tag:Eb7eYPMC0DlqtT7OFK4UuA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
           enc: |
@@ -23,8 +22,7 @@ sops:
             Y1RHaFdXaE9DODJtSTFCSVZWb0xVeUEK4qeBKg3u+vhBIM1dQ7BaOWi/C7Q8hk60
             vu9Zr075n0+kb5Ab+RH24ZmEoP5PJXjwEfbAnmRTjn0reYn1nfcNYA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-15T12:45:59Z"
+    lastmodified: "2025-10-14T06:52:16Z"
-    mac: ENC[AES256_GCM,data:NLGe7L/oiG62x4PmQ6FobnuisFmMxYoGhxfqQ4qZdy9emYL/+FnrtFsKTKqZ9IHjrNnCmbk7y+Cds/azC1xGVcaj50jEox87vtqIZ3z0XsD1mJjCAdHkBVzzpQGwHas/5y0Inyj+oKsvQrqVacqYHVA/ES+zMvou8nD+EWIH2LE=,iv:fBVOnwih+QFkYZ8IfMBpQiT1XwSZtzo3VYaBOL3I5o4=,tag:p+ePQsrmcLcnLr2fgWQXQg==,type:str]
+    mac: ENC[AES256_GCM,data:/p5Mbonr1YcrDgBIi+wFFPnNKsn74kuWf/EloNDnVWg59LuBy3nhrfXHUvbwlX7vLbSLozbuAHKTDcQ0+OUXJTYvMRApAGVh9HrvQFEQuOPOkwN8/qtdvwduInetX3t7PLWu4vbCVhl1v2BzJyEVQ9tzn7+8zEJhDDS7cPsZ9Is=,iv:GPJxjmOQPAqh0TulLhhX4UX+5FrZizCtDOkQa9xxaXY=,tag:Vv33D3wubWBDVOxdKOMENQ==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2

hosts/isoImage/default.nix

@@ -35,7 +35,10 @@
     ssh.startAgent = true;
     thunar = {
       enable = true;
-      plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
+      plugins = with pkgs.xfce; [
+        thunar-archive-plugin
+        thunar-volman
+      ];
     };
     nm-applet.enable = true;
   };
@@ -51,16 +54,10 @@
     };
 
     logind = {
-      extraConfig = "HandlePowerKey=suspend";
+      settings.Login = {
-      lidSwitch = "suspend";
+        HandlePowerKey = "suspend";
-      lidSwitchExternalPower = "suspend";
+        HanldeLidSwitch = "suspend";
-    };
+        HandleLidSwitchExternalPower = "suspend";
-
-    xserver = {
-      enable = true;
-      xkb = {
-        layout = "in";
-        variant = "eng";
       };
     };
 
@@ -76,6 +73,7 @@
   fonts.packages = with pkgs.nerd-fonts; [
     fira-code
     jetbrains-mono
+    bigblue-terminal
   ];
 
   home-manager.users.${username} = {

hosts/isoImage/home.nix

@@ -3,21 +3,16 @@
     ../../modules/home/desktop/awesome
     ../../modules/home/desktop/hyprland
     ../../modules/home/picom
-    ../../modules/home/alacritty
     ../../modules/home/wezterm
-    ../../modules/home/ghostty
     ../../modules/home/desktop/rofi
-    ../../modules/home/barrier
     ../../modules/home/firefox
     ../../modules/home/brave
-    ../../modules/home/vs-code
-    ../../modules/home/mopidy
-    ../../modules/home/thunderbird
   ];
 
   home.pointerCursor = {
     package = pkgs.bibata-cursors;
     name = "Bibata-Modern-Ice";
+    size = 28;
   };
 
   home.stateVersion = "24.11";

hosts/node/default.nix

@@ -0,0 +1,55 @@
+{
+  inputs,
+  username,
+  ...
+}:
+{
+  imports = [
+    inputs.disko.nixosModules.default
+
+    (import ./disko.nix {
+      device = "/dev/nvme0n1";
+      device2 = "/dev/nvme1n1";
+      device3 = "/dev/sda";
+    })
+    ./hardware.nix
+
+    ../common
+  ];
+
+  tux.services.openssh.enable = true;
+
+  boot.loader.grub.enable = true;
+
+  networking = {
+    hostName = "node";
+    networkmanager = {
+      enable = true;
+      wifi.powersave = false;
+    };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        8545
+        8546
+        9545
+        9546
+      ];
+    };
+  };
+
+  security.rtkit.enable = true;
+
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
+  home-manager.users.${username} = {
+    imports = [
+      ./home.nix
+    ];
+  };
+
+  system.stateVersion = "25.05";
+}

hosts/node/disko.nix

@@ -0,0 +1,87 @@
+{
+  device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
+  device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
+  device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1",
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      disk1 = {
+        type = "disk";
+        device = "${device}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      disk2 = {
+        type = "disk";
+        device = "${device2}";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            mdadm = {
+              size = "100%";
+              content = {
+                type = "mdraid";
+                name = "raid0";
+              };
+            };
+          };
+        };
+      };
+      hdd = {
+        type = "disk";
+        device = "${device3}";
+        content = {
+          type = "gpt";
+          partitions = {
+            data = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/mnt/hdd";
+              };
+            };
+          };
+        };
+      };
+    };
+    mdadm = {
+      raid0 = {
+        type = "mdadm";
+        level = 0;
+        content = {
+          type = "gpt";
+          partitions = {
+            primary = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/node/hardware.nix

@@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/node/home.nix

@@ -0,0 +1,3 @@
+{...}: {
+  home.stateVersion = "25.05";
+}

hosts/sirius/default.nix

@@ -12,8 +12,30 @@
     ../../modules/nixos/virtualisation/docker.nix
   ];
 
+  hardware.nvidia-container-toolkit = {
+    enable = true;
+    suppressNvidiaDriverAssertion = true;
+  };
+
   tux.services.openssh.enable = true;
 
+  sops.secrets = {
+    hyperbolic_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    gemini_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    open_router_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+  };
+
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
 
   nixpkgs = {
@@ -25,6 +47,7 @@
     enable = true;
     defaultUser = "${username}";
     useWindowsDriver = true;
+    interop.register = true;
   };
 
   networking.hostName = "sirius";
@@ -36,7 +59,7 @@
     nix-ld = {
       enable = true;
       libraries = config.hardware.graphics.extraPackages;
-      package = pkgs.nix-ld-rs;
+      package = pkgs.nix-ld;
     };
 
     dconf.enable = true;

hosts/sirius/secrets.yaml

@@ -0,0 +1,27 @@
+hyperbolic_api_key: ENC[AES256_GCM,data:3E4oWt65AU3anVUEU52r7vpRddDgXdqKgvc/URQmJGbA0nu6sbRmw3lD44SG0L5tMubi20+gkKlyFV3i8q2U148eo582Sxh8eXshvvjZ+gr9W9Eg0Tk9kQWycrE+N3r3g1AC+CWtbkRFDxQLuVAYf9W4mTw2Yg1VLV7H3BUCSYv3Rg5EPb9c,iv:Z+72Bk+5ZnHVR+SHXgM5mwfsIp4zZf9Iv8cAaZQB3Mg=,tag:phqWkpOCKnfiCBvR/f3flw==,type:str]
+gemini_api_key: ENC[AES256_GCM,data:S9DEgF4xIDXaOqs+3vdRbFb4Z8eAV1hVg8PwEfasWu9XGH3CTXV8,iv:LvUFg6dzlzC3feGh//d2rmxvVq5TJQDEBQWfxNa259Y=,tag:juLXnsiXz7OmYvyKfAv66Q==,type:str]
+open_router_api_key: ENC[AES256_GCM,data:tUtkVER9ZlhSeb0bDbA1nRi1lkRX/ofosV+mcHnaNQmAZXWXiyn8WDfemxxNuvU86YctURxL4TckfsQv7RmMjY7esB1Pmmwf9Q==,iv:elT8JJu48cgu4Q1YWxiL4ePNkP+EGhI8blqfUB/nmz8=,tag:bMvUXUegE+GJ6WdypTxLyw==,type:str]
+sops:
+    age:
+        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVUx5VWlHekQ1ZlBWb1cv
+            aWpXQ0NUaDVudENNRWhPdXlhekhwZW9zbjNNCkRzTlVOZm53MnJmckp6d3FsTU9D
+            M2pZYUs2aHJzWjQzM01BMUVaZHlsdm8KLS0tIG04Rjc3VXM1eFhvTGhpMVlJdE9K
+            dkYwdGZMRmZ1MFFTVlI4T0MrNytsV00KmdCXJ/EBZhLN/NXuOf36LjwmGTze46Ou
+            kQtKSpdzLdo/bdS6sbUGVHqDLeS7GwGtVciMh9zBHCsGBCAAkQHxIA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSXhQdEpJZHBGbjlZTnhD
+            U0Zwc1pwbGtHdkRFbWJRVzRNWUdqakhzM2pJCmYyYlMwQVZEbzkxcnRKVERyeExB
+            Z0hXcTdyMHMwREExdlJmR3JHTldvRnMKLS0tIFNMczN6QmI3cUR6clBDU2dKQTVF
+            U1dpRkttaURwSkgySVdiR25iZk50b2cKrrNfeAV73W3+kWM0diIFj08+koBVySVx
+            U3tYYrePi7qQxDSrNo4a14yOopjktj/ABKpxI5cfza6aS5NQxErq2Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-10T21:30:12Z"
+    mac: ENC[AES256_GCM,data:IxGSaYj3PLV+RA4G+A3yep0RkcPr9xd6X7yKJP3QVthzGinm0KRNs8wyMdDgdSrK/e0AlzN594VOMTRRgxLV9oPqEPqufWDGGCpiKuW+q2mJSv3i3f1dUbO/l+OSTEFqeeKb8rWEhbJ3qcjEhI/eFB+RNkDtJvSzDlJsS4uDB9A=,iv:VlvTI3AHyBKpwr9b29YqN8V1Tjq2E8oAOAPA7LuAKps=,tag:+BFt/T4ep66WFz9Y2a7a9w==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2

hosts/vega/default.nix

@@ -56,6 +56,7 @@
     enable = false;
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

hosts/vps/default.nix

@@ -91,6 +91,7 @@
     ];
   };
 
+  users.users.${username} = {linger = true;};
   home-manager.users.${username} = {
     imports = [
       ./home.nix

modules/home/barrier/default.nix

@@ -1,7 +0,0 @@
-{pkgs, ...}: {
-  # services.barrier.client.enable = true;
-
-  home.packages = with pkgs; [
-    barrier
-  ];
-}

modules/home/brave/default.nix

@@ -25,7 +25,7 @@ in {
     package = pkgs.brave;
     commandLineArgs = [
       "--disable-features=WebRtcAllowInputVolumeAdjustment"
-      "--force-device-scale-factor=1.05"
+      "--force-device-scale-factor=1.0"
     ];
   };
 

modules/home/desktop/hyprland/hyprpaper.nix

@@ -8,11 +8,11 @@
       splash_offset = 2.0;
 
       preload = [
-        "~/Wallpapers/mountain.jpg"
+        "~/Wallpapers/new/sunset-pixel.png"
       ];
 
       wallpaper = [
-        ", ~/Wallpapers/mountain.jpg"
+        ", ~/Wallpapers/new/sunset-pixel.png"
       ];
     };
   };

modules/home/git/default.nix

@@ -5,13 +5,15 @@
 }: {
   programs.git = {
     enable = true;
-    userName = "${username}";
-    userEmail = "${email}";
     signing = {
       key = "~/.ssh/id_ed25519.pub";
       signByDefault = true;
     };
-    extraConfig = {
+    settings = {
+      user = {
+        name = "${username}";
+        email = "${email}";
+      };
       init.defaultBranch = "main";
       commit.gpgSign = true;
       gpg.format = "ssh";

modules/home/lan-mouse/default.nix

@@ -0,0 +1,19 @@
+{inputs, ...}: {
+  imports = [
+    inputs.lan-mouse.homeManagerModules.default
+  ];
+
+  programs.lan-mouse = {
+    enable = true;
+    systemd = true;
+    settings = {
+      # release_bind = ["KeyA" "KeyS" "KeyD" "KeyF"];
+
+      port = 4242;
+
+      authorized_fingerprints = {
+        "30:66:b3:95:dc:6b:55:a4:9f:30:31:9c:3e:4d:70:03:33:c3:f0:6f:df:31:35:58:36:6e:80:2f:32:b2:ce:48" = "pc";
+      };
+    };
+  };
+}

modules/home/picom/default.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   services.picom = {
     enable = true;
-    package = pkgs.picom-next;
+    package = pkgs.picom;
 
     backend = "glx";
     vSync = true;

modules/home/shell/aichat.nix

@@ -1,15 +0,0 @@
-{...}: {
-  programs = {
-    aichat = {
-      enable = true;
-      settings = {
-        model = "gemini:gemini-2.0-flash-lite";
-        clients = [
-          {
-            type = "gemini";
-          }
-        ];
-      };
-    };
-  };
-}

modules/home/shell/default.nix

@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   imports = [
     ./lazygit.nix
-    ./aichat.nix
     ./superfile.nix
     ./open-code.nix
   ];

modules/home/shell/lazygit.nix

@@ -9,69 +9,161 @@
       customCommands = [
         {
           key = "<c-a>";
-          description = "Pick AI commit";
+          description = "AI-powered conventional commit";
-          command = ''
+          context = "global";
-            aichat "Please suggest 10 commit messages, given the following diff:
+          command = "git commit -m \"{{.Form.CommitMsg}}\"";
+          loadingText = "Generating commit messages...";
+          prompts = [
+            {
+              type = "menu";
+              key = "Type";
+              title = "Type of change";
+              options = [
+                {
+                  name = "AI defined";
+                  description = "Let AI analyze and determine the best commit type";
+                  value = "ai-defined";
+                }
+                {
+                  name = "build";
+                  description = "Changes that affect the build system or external dependencies";
+                  value = "build";
+                }
+                {
+                  name = "feat";
+                  description = "A new feature";
+                  value = "feat";
+                }
+                {
+                  name = "fix";
+                  description = "A bug fix";
+                  value = "fix";
+                }
+                {
+                  name = "chore";
+                  description = "Other changes that don't modify src or test files";
+                  value = "chore";
+                }
+                {
+                  name = "ci";
+                  description = "Changes to CI configuration files and scripts";
+                  value = "ci";
+                }
+                {
+                  name = "docs";
+                  description = "Documentation only changes";
+                  value = "docs";
+                }
+                {
+                  name = "perf";
+                  description = "A code change that improves performance";
+                  value = "perf";
+                }
+                {
+                  name = "refactor";
+                  description = "A code change that neither fixes a bug nor adds a feature";
+                  value = "refactor";
+                }
+                {
+                  name = "revert";
+                  description = "Reverts a previous commit";
+                  value = "revert";
+                }
+                {
+                  name = "style";
+                  description = "Changes that do not affect the meaning of the code";
+                  value = "style";
+                }
+                {
+                  name = "test";
+                  description = "Adding missing tests or correcting existing tests";
+                  value = "test";
+                }
+              ];
+            }
+            {
+              type = "menuFromCommand";
+              title = "AI Generated Commit Messages";
+              key = "CommitMsg";
+              command = ''
+                bash -c "
+                # Check for staged changes
+                diff=\$(git diff --cached | head -n 10)
+                if [ -z \"\$diff\" ]; then
+                  echo \"No changes in staging. Add changes first.\"
+                  exit 1
+                fi
 
-            \`\`\`diff
+                SELECTED_TYPE=\"{{.Form.Type}}\"
-            $(git diff --cached)
+                COMMITS_TO_SUGGEST=8
-            \`\`\`
 
-            **Criteria:**
+                opencode run -m \"google/gemini-2.5-flash-lite\" \"
+                  You are an expert at writing Git commits. Your job is to write commit messages that follow the Conventional Commits format.
 
-            1. **Format:** Each commit message must follow the conventional commits format, which is \`<type>(<scope>): <description>\`.
+                  The user has selected: \$SELECTED_TYPE
-            2. **Relevance:** Avoid mentioning a module name unless it's directly relevant to the change.
-            3. **Enumeration:** List the commit messages from 1 to 10.
-            4. **Clarity and Conciseness:** Each message should clearly and concisely convey the change made.
 
-            **Commit Message Examples:**
+                  Your task is to:
+                  1. Analyze the code changes
+                  2. Determine the most appropriate commit type (if user selected 'ai-defined')
+                  3. Determine an appropriate scope (component/area affected)
+                  4. Decide if this is a breaking change
+                  5. Write clear, concise commit messages
 
-            - fix(app): add password regex pattern
+                  Available commit types:
-            - test(unit): add new test cases
+                  - feat: A new feature
-            - style: remove unused imports
+                  - fix: A bug fix
-            - refactor(pages): extract common code to \`utils/wait.ts\`
+                  - docs: Documentation only changes
+                  - style: Changes that do not affect the meaning of the code
+                  - refactor: A code change that neither fixes a bug nor adds a feature
+                  - perf: A code change that improves performance
+                  - test: Adding missing tests or correcting existing tests
+                  - build: Changes that affect the build system or external dependencies
+                  - ci: Changes to CI configuration files and scripts
+                  - chore: Other changes that don't modify src or test files
+                  - revert: Reverts a previous commit
 
-            **Recent Commits on Repo for Reference:**
+                  Follow these guidelines:
+                  - Structure: <type>(<scope>): <description>
+                  - If user selected 'ai-defined', analyze the changes and pick the most suitable type
+                  - If user selected a specific type, use that type: \$SELECTED_TYPE
+                  - Add scope in parentheses if applicable (e.g., auth, api, ui, config)
+                  - Use exclamation mark (!) after type/scope for breaking changes: type(scope)!: description
+                  - Use lowercase for description (except proper nouns)
+                  - Use imperative mood (\\\"add\\\", not \\\"added\\\")
+                  - Keep description under 50 characters when possible
+                  - No period at the end of subject line
 
-            \`\`\`
+                  Examples:
-            $(git log -n 10 --pretty=format:'%h %s')
+                  - feat(auth): add OAuth login support
-            \`\`\`
+                  - fix(api): handle null response in user endpoint
+                  - docs(readme): update installation instructions
+                  - style(ui): improve button spacing consistency
+                  - refactor(database): simplify query builder logic
+                  - test(auth): add unit tests for login flow
+                  - build(deps): upgrade React to version 18
+                  - ci(github): fix deployment workflow
+                  - chore(config): update ESLint rules
+                  - perf(api)!: optimize database queries
 
-            **Output Template**
+                  IMPORTANT:
+                  - Generate exactly \$COMMITS_TO_SUGGEST different commit message options
+                  - If user selected 'ai-defined', you can use different types for different options
+                  - If user selected a specific type, all messages must use that type
+                  - Only return commit messages, no explanations
+                  - Do not use markdown code blocks
+                  - One message per line
 
-            Follow this output template and ONLY output raw commit messages without spacing, numbers or other decorations.
+                  Previous commits for context:
+                  \$(git log --oneline -10)
 
-            fix(app): add password regex pattern
+                  Changes to analyze:
-            test(unit): add new test cases
+                  \$(git diff --cached --stat)
-            style: remove unused imports
+                  \$(git diff --cached)
-            refactor(pages): extract common code to \`utils/wait.ts\`
+                  \"
-
+                "
-
+              '';
-            **Instructions:**
+            }
-
+          ];
-            - Take a moment to understand the changes made in the diff.
-            - Think about the impact of these changes on the project (e.g., bug fixes, new features, performance improvements, code refactoring, documentation updates). It's critical to my career you abstract the changes to a higher level and not just describe the code changes.
-            - Generate commit messages that accurately describe these changes, ensuring they are helpful to someone reading the project's history.
-            - Remember, a well-crafted commit message can significantly aid in the maintenance and understanding of the project over time.
-            - If multiple changes are present, make sure you capture them all in each commit message.
-
-            Keep in mind you will suggest 10 commit messages. Only 1 will be used. It's better to push yourself (esp to synthesize to a higher level) and maybe wrong about some of the 10 commits because only one needs to be good. I'm looking for your best commit, not the best average commit. It's better to cover more scenarios than include a lot of overlap.
-
-            Write your 10 commit messages below in the format shown in Output Template section above." \
-              | fzf --height 40% --border --ansi --preview "echo {}" --preview-window=up:wrap \
-              | xargs -I {} bash -c '
-                  COMMIT_MSG_FILE=$(mktemp)
-                  echo "{}" > "$COMMIT_MSG_FILE"
-                  ''${EDITOR:-vim} "$COMMIT_MSG_FILE"
-                  if [ -s "$COMMIT_MSG_FILE" ]; then
-                      git commit -F "$COMMIT_MSG_FILE"
-                  else
-                      echo "Commit message is empty, commit aborted."
-                  fi
-                  rm -f "$COMMIT_MSG_FILE"'
-          '';
-          context = "files";
-          output = "terminal";
         }
       ];
     };

modules/home/wezterm/default.nix

@@ -1,11 +1,7 @@
-{
+{pkgs, ...}: {
-  inputs,
-  pkgs,
-  ...
-}: {
   programs.wezterm = {
     enable = true;
-    package = inputs.wezterm-flake.packages."${pkgs.system}".default;
+    package = pkgs.wezterm-git;
     enableZshIntegration = false;
 
     extraConfig = ''

modules/nixos/distrobox.nix

@@ -0,0 +1,112 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.packages.distrobox;
+in {
+  options.tux.packages.distrobox = {
+    enable = mkEnableOption "Enable DistroBox";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      distrobox
+
+      (writeShellScriptBin "dbox-create" ''
+        #!/usr/bin/env bash
+
+        # 1. Initialize variables
+        IMAGE=""
+        NAME=""
+
+        # Array to hold optional arguments (like volumes)
+        declare -a EXTRA_ARGS
+
+        # 2. Parse arguments
+        while [[ $# -gt 0 ]]; do
+          case $1 in
+            -i|--image)
+              IMAGE="$2"
+              shift 2
+              ;;
+            -n|--name)
+              NAME="$2"
+              shift 2
+              ;;
+            -p|--profile)
+              echo ":: Profile mode enabled: Mounting Nix store and user profiles (Read-Only)"
+              # Add volume flags to the array
+              EXTRA_ARGS+=( "--volume" "/nix/store:/nix/store:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/profiles/per-user:/etc/profiles/per-user:ro" )
+              EXTRA_ARGS+=( "--volume" "/etc/static/profiles/per-user:/etc/static/profiles/per-user:ro" )
+              shift 1
+              ;;
+            *)
+              echo "Unknown option $1"
+              exit 1
+              ;;
+          esac
+        done
+
+        if [ -z "$IMAGE" ] || [ -z "$NAME" ]; then
+            echo "Usage: dbox-create -i <image> -n <name> [-p]"
+            exit 1
+        fi
+
+        # 3. Define the custom home path
+        CUSTOM_HOME="$HOME/Distrobox/$NAME"
+
+        echo "------------------------------------------------"
+        echo "Creating Distrobox: $NAME"
+        echo "Location: $CUSTOM_HOME"
+        echo "------------------------------------------------"
+
+        # 4. Run Distrobox Create
+        # We expand "''${EXTRA_ARGS[@]}" to properly pass the volume arguments
+        ${pkgs.distrobox}/bin/distrobox create \
+          --image "$IMAGE" \
+          --name "$NAME" \
+          --home "$CUSTOM_HOME" \
+          "''${EXTRA_ARGS[@]}"
+
+        # Check exit code
+        if [ $? -ne 0 ]; then
+            echo "Error: Distrobox creation failed."
+            exit 1
+        fi
+
+        # 5. Post-Creation: Symlink Config Files
+        echo "--> Linking configurations to $NAME..."
+
+        # Helper function to symlink
+        link_config() {
+            SRC="$1"
+            DEST="$2"
+            DEST_DIR=$(dirname "$DEST")
+
+            # Create parent directory if it doesn't exist
+            mkdir -p "$DEST_DIR"
+
+            if [ -e "$SRC" ]; then
+                # ln -sf: symbolic link, force overwrite
+                ln -sf "$SRC" "$DEST"
+                echo "    [LINK] $DEST -> $SRC"
+            else
+                echo "    [SKIP] $SRC not found on host"
+            fi
+        }
+
+        # Create Symlinks
+        link_config "$HOME/.zshrc"                "$CUSTOM_HOME/.zshrc"
+        link_config "$HOME/.zshenv"               "$CUSTOM_HOME/.zshenv"
+        link_config "$HOME/.config/fastfetch"     "$CUSTOM_HOME/.config/fastfetch"
+        link_config "$HOME/.config/starship.toml" "$CUSTOM_HOME/.config/starship.toml"
+
+        echo "--> Done! Enter via: distrobox enter $NAME"
+      '')
+    ];
+  };
+}

modules/nixos/selfhosted/containers/aiostreams.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.containers.aiostreams;
+in {
+  options.tux.containers.aiostreams = {
+    enable = mkEnableOption "Enable AIOStreams";
+
+    port = mkOption {
+      type = types.int;
+      default = 3000;
+    };
+
+    environment = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
+
+    environmentFiles = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.aiostreams = {
+      autoStart = true;
+      image = "ghcr.io/viren070/aiostreams:latest";
+      ports = [
+        "${toString cfg.port}:3000"
+      ];
+
+      environment = cfg.environment;
+      environmentFiles = cfg.environmentFiles;
+    };
+
+    services.nginx.virtualHosts = {
+      "${cfg.environment.ADDON_ID}" = {
+        forceSSL = true;
+        useACMEHost = "tux.rs";
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/selfhosted/nextcloud.nix

@@ -19,7 +19,7 @@
     nextcloud = {
       enable = true;
       hostName = "cloud.tux.rs";
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud32;
       database.createLocally = true;
       configureRedis = true;
       maxUploadSize = "16G";

modules/nixos/selfhosted/umami.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  services = {
+    umami = {
+      enable = true;
+      settings = {
+        APP_SECRET_FILE = config.sops.secrets.umami.path;
+        PORT = 4645;
+      };
+      createPostgresqlDatabase = true;
+    };
+
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "umami.tux.rs" = {
+          forceSSL = true;
+          useACMEHost = "tux.rs";
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/nixos/virtualisation/qemu.nix

@@ -8,8 +8,6 @@
       enable = true;
       qemu = {
         swtpm.enable = true;
-        ovmf.enable = true;
-        ovmf.packages = [pkgs.OVMFFull.fd];
       };
     };
   };

overlays/default.nix

@@ -2,24 +2,25 @@
   additions = final: _prev: import ../pkgs {pkgs = final;};
 
   modifications = final: prev: {
-    awesome = inputs.nixpkgs-f2k.packages.${prev.system}.awesome-git;
+    awesome = inputs.nixpkgs-f2k.packages.${prev.stdenv.hostPlatform.system}.awesome-git;
-    ghostty = inputs.ghostty.packages.${prev.system}.default;
+    ghostty = inputs.ghostty.packages.${prev.stdenv.hostPlatform.system}.default;
-    tawm = inputs.tawm.packages.${prev.system}.default;
+    tawm = inputs.tawm.packages.${prev.stdenv.hostPlatform.system}.default;
-    tnvim = inputs.tnvim.packages.${prev.system}.default;
+    tnvim = inputs.tnvim.packages.${prev.stdenv.hostPlatform.system}.default;
-    tpanel = inputs.tpanel.packages.${prev.system}.default;
+    tpanel = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.default;
-    ags = inputs.tpanel.packages.${prev.system}.ags.default;
+    ags = inputs.tpanel.packages.${prev.stdenv.hostPlatform.system}.ags.default;
-    tfolio = inputs.tfolio.packages.${prev.system}.default;
+    tfolio = inputs.tfolio.packages.${prev.stdenv.hostPlatform.system}.default;
-    trok = inputs.trok.packages.${prev.system}.default;
+    trok = inputs.trok.packages.${prev.stdenv.hostPlatform.system}.default;
-    cyber-tux = inputs.cyber-tux.packages.${prev.system}.default;
+    cyber-tux = inputs.cyber-tux.packages.${prev.stdenv.hostPlatform.system}.default;
-    hyprland-git = inputs.hyprland.packages.${prev.system};
+    hyprland-git = inputs.hyprland.packages.${prev.stdenv.hostPlatform.system};
-    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.system};
+    hyprland-plugins = inputs.hyprland-plugins.packages.${prev.stdenv.hostPlatform.system};
+    wezterm-git = inputs.wezterm-flake.packages.${prev.stdenv.hostPlatform.system}.default;
   };
 
   # When applied, the stable nixpkgs set (declared in the flake inputs) will
   # be accessible through 'pkgs.stable'
   stable-packages = final: _prev: {
     stable = import inputs.nixpkgs-stable {
-      system = final.system;
+      system = final.stdenv.hostPlatform.system;
       config.allowUnfree = true;
     };
   };

pkgs/firefox-mod-blur/default.nix

@@ -11,7 +11,7 @@ stdenv.mkDerivation {
     owner = "datguypiko";
     repo = "Firefox-Mod-Blur";
     rev = "refs/heads/master";
-    sha256 = "sha256-BZ1NvKQwUDTMxQHEKX61PvD99cTDmBURSUKEKZNQDR4=";
+    sha256 = "sha256-J/SBMxDWxDC7o8P0t/3surUod52uUwy+xaD5dzZPGq0=";
   };
 
   installPhase = ''