feat(ssh): update hostnames and comment out mirai block from ssh config

fix(configuration): add Wake on LAN to allowed UDP ports

.gitattributes

@@ -0,0 +1 @@
+*.png filter=lfs diff=lfs merge=lfs -text

.rules

@@ -0,0 +1,9 @@
+# Identity
+You are a sysadmin that manages server configurations and deployments in nixos/nix-darwin and the nix language.
+
+# Instructions
+1. DO NOT under any circumstance create any new markdown files in this repository.
+2. DO NOT add any helper scripts or shell scripts.
+3. DO NOT add any example / snippets or sample code.
+4. All configurations must be done using nix expressions if possible.
+5. When adding any new file ensure it follows the existing naming conventions and directory structure.

DEVICE_ARCHITECTURE.md

@@ -1,215 +0,0 @@
-# Device Architecture Overview
-
-This document provides a comprehensive overview of all devices managed by this NixOS/nix-darwin dotfiles repository.
-
-> **Visual Diagram**: See [assets/devices-diagram.svg](assets/devices-diagram.svg) for a visual representation of this architecture.
-
-## Device Categories
-
-### 🖥️ Server Infrastructure (Headless)
-
-#### mirai (Main Server)
-- **Architecture**: x86_64-linux
-- **User**: fs0c131y
-- **Role**: Primary server hosting various services
-- **Configuration**: NixOS + Home Manager
-- **Hardware**: AMD CPU with NVME storage
-- **Location**: Local network
-- **Services**:
-  - Nextcloud (file storage and sync)
-  - Gitea (Git hosting)
-  - Minecraft server
-  - Immich (photo management)
-  - Paperless (document management)
-  - Tailscale VPN node
-  - ZeroTier network node
-  - Atuin (shell history sync)
-  - LLDAP (LDAP server)
-  - Navidrome (music streaming)
-  - Searxng (search engine)
-  - Syncthing
-  - And many more services
-
-#### deoxys (VM Server)
-- **Architecture**: x86_64-linux
-- **User**: servius
-- **Role**: Virtual machine server for testing and isolation
-- **Configuration**: NixOS + Home Manager
-- **Location**: Local network
-
-#### tsuba (Raspberry Pi)
-- **Architecture**: aarch64-linux
-- **User**: servius
-- **Role**: ARM-based server for lightweight services
-- **Configuration**: NixOS + Home Manager (using stable channel)
-- **Hardware**: Raspberry Pi
-- **Access**: External via tsuba.darksailor.dev
-- **Special**: Uses nixos-raspberrypi input for hardware support
-
-### 💻 Development Workstations
-
-#### ryu (Main Desktop)
-- **Architecture**: x86_64-linux
-- **User**: servius
-- **Role**: Primary development workstation
-- **Configuration**: NixOS + Home Manager
-- **Desktop Environment**: Hyprland (primary) + GNOME (fallback)
-- **Features**:
-  - Multi-monitor setup:
-    - Primary: HDMI-A-1 (Gigabyte FO27Q3)
-    - Secondary: DP-3 (Acer XV272U)
-    - Tertiary: DP-1 (Gigabyte M27Q)
-  - Audio production setup (musnix)
-  - Gaming support (Wine, Steam)
-  - Virtualization (virt-manager)
-  - Hardware acceleration (CUDA support)
-  - Secure boot with Lanzaboote
-  - TPM2 support
-
-#### shiro (Mac Mini)
-- **Architecture**: aarch64-darwin (Apple Silicon)
-- **User**: servius
-- **Role**: macOS desktop and build server
-- **Configuration**: nix-darwin + Home Manager
-- **Features**:
-  - ARM64 build server for distributed builds
-  - Samba file sharing
-  - Colima container runtime
-  - Aerospace window management
-
-### 📱 Portable/Mobile Devices
-
-#### kuro (MacBook)
-- **Architecture**: aarch64-darwin (Apple Silicon)
-- **User**: fs0c131y
-- **Role**: macOS development machine
-- **Configuration**: nix-darwin + Home Manager
-- **Features**:
-  - Touch ID for sudo authentication
-  - Custom keyboard mappings
-  - Homebrew integration
-
-#### SteamDeck (Gaming Handheld)
-- **Architecture**: x86_64-linux
-- **User**: deck
-- **Role**: Portable gaming device
-- **Configuration**: Home Manager only (no NixOS)
-- **Special**: Uses SteamOS with Home Manager overlay
-
-## Network Architecture
-
-### VPN Networks
-- **Tailscale**: Primary VPN connecting most devices
-  - Devices: mirai, deoxys, tsuba, deck
-- **ZeroTier**: Secondary network layer
-  - Devices: mirai, ryu
-
-### Local Network
-- **Primary connection**: ryu (main desktop)
-- **Wake-on-LAN**: Enabled for ryu (eno1 interface)
-
-## Configuration Management
-
-### NixOS Flake
-- **Manages**: mirai, deoxys, tsuba, ryu
-- **Features**: Unified configuration across Linux devices
-- **Inputs**: Multiple flake inputs for extended functionality
-
-### nix-darwin
-- **Manages**: kuro, shiro
-- **Features**: macOS system configuration
-
-### Home Manager
-- **Standalone**: deck (SteamDeck)
-- **Integrated**: All other devices
-- **Stable channel**: Used for tsuba
-
-## Build Infrastructure
-
-### Distributed Building
-- **Build machines**: 
-  - mirai (primary build server)
-  - shiro (macOS builds)
-  - tsuba (ARM builds, commented out)
-- **Consumers**: 
-  - ryu (uses remote builders)
-  - kuro (uses remote builders)
-
-### Cache Strategy
-- **Substituters**:
-  - nix-community.cachix.org
-  - nixos-raspberrypi.cachix.org (for ARM builds)
-- **Build optimization**: Auto-optimise-store enabled
-
-## Deployment Strategy
-
-### SSH-based Deployment
-Using deploy-rs for automated deployments:
-
-```
-ryu → mirai, deoxys, tsuba, deck
-kuro → mirai, shiro
-```
-
-### Special Access
-- **tsuba**: Accessed via external domain (tsuba.darksailor.dev)
-- **All servers**: SSH key authentication with authorized_keys
-
-## Hardware-Specific Features
-
-### ryu (Desktop)
-- **Graphics**: NVIDIA with CUDA support
-- **Audio**: Professional audio setup with musnix
-- **Input devices**: QMK keyboard support
-- **Monitors**: DDC/CI control with ddcutil
-- **Security**: TPM2, secure boot (Lanzaboote)
-
-### mirai (Server)
-- **CPU**: AMD with virtualization support
-- **Storage**: Custom disk layout with disko
-- **Containers**: Docker with custom mount points
-- **Emulation**: aarch64-linux binfmt support
-
-### macOS Devices (kuro - MacBook, shiro - Mac Mini)
-- **Authentication**: Touch ID integration (kuro)
-- **Keyboard**: Custom modifier key mappings
-- **Package management**: Homebrew + Nix hybrid approach
-- **Build server**: shiro provides ARM64 builds for the network
-
-## Security Features
-
-- **SOPS**: Secrets management across all devices
-- **SSH keys**: Centralized key management
-- **Fail2ban**: Enabled on mirai
-- **Secure boot**: Implemented on ryu
-- **TPM**: Hardware security on ryu
-
-## Development Environment
-
-### Shared Tools
-- **Editor**: Nixvim (custom Neovim configuration)
-- **Shell**: Fish + Nushell support
-- **Terminal**: Various per-device preferences
-- **Version control**: Git with shared configuration
-
-### Language Support
-- **Rust**: Custom overlay with latest toolchain
-- **Python**: Python 3 with development tools
-- **Nix**: Latest Nix with flakes enabled
-- **Web**: Node.js and web development tools
-
-## Monitoring and Observability
-
-- **System metrics**: Collected across all NixOS devices
-- **Shell history**: Synchronized via Atuin
-- **File synchronization**: Syncthing for selective sync
-
-## Backup and Data Management
-
-- **Nextcloud**: Primary cloud storage on mirai
-- **Syncthing**: Decentralized file sync
-- **Git repositories**: Self-hosted on Gitea (mirai)
-- **Photos**: Immich for photo management
-- **Documents**: Paperless for document archival
-
-This architecture provides a robust, scalable, and maintainable infrastructure for development, gaming, media consumption, and server hosting across multiple platforms and architectures.

README.md

@@ -1,259 +1,11 @@
-# Personal Dotfiles & NixOS Configuration
+# Machines
 
-A comprehensive, multi-platform dotfiles repository managing Linux, macOS, and specialized devices through Nix flakes, NixOS, nix-darwin, and Home Manager.
-
-## 📊 Architecture Overview
-
-This repository manages **7 devices** across multiple platforms and architectures:
-
-- **3 Servers**: mirai (main), deoxys (VM), tsuba (Raspberry Pi)  
-- **1 Workstation**: ryu (primary desktop)
-- **3 Portable devices**: kuro (MacBook), SteamDeck, and 1 desktop Mac Mini (shiro)
-
-> 📈 **Visual Architecture**: See [Device Architecture Diagram](assets/devices-diagram.svg) for a complete visual overview.
-
-## 🖥️ Device Portfolio
-
-### Server Infrastructure
-| Device | Architecture | Role | Services |
-|--------|-------------|------|----------|
-| **mirai** | x86_64-linux | Main Server | Nextcloud, Gitea, Minecraft, Immich, Paperless, +20 more |
-| **deoxys** | x86_64-linux | VM Server | Testing & isolation environment |
-| **tsuba** | aarch64-linux | Raspberry Pi | ARM-based lightweight services |
-
-### Development Environment
-| Device | Architecture | Setup | Features |
-|--------|-------------|-------|----------|
-| **ryu** | x86_64-linux | Main Desktop | Hyprland+GNOME, 3-monitor setup, gaming, audio production |
-| **shiro** | aarch64-darwin | Mac Mini Desktop | nix-darwin + Home Manager, build server |
-
-### Portable Devices  
-| Device | Architecture | Platform | Configuration |
-|--------|-------------|----------|---------------|
-| **kuro** | aarch64-darwin | MacBook | nix-darwin + Home Manager |
-| **SteamDeck** | x86_64-linux | SteamOS | Home Manager only |
-
-## 🚀 Quick Start
-
-### Prerequisites
-```bash
-# Install Nix with flakes support
-curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+1. Ryu Dektop (Intel i9-14900KS / Nvidia 5090 / 64GB CL36@6000MTs) 
     ```
-
-### Installation
-
-#### NixOS (Linux)
-```bash
-sudo nixos-rebuild switch --flake .#<device-name>
+    deploy -s .#ryu
     ```
-
-#### macOS (nix-darwin)
-```bash
-nix run nix-darwin -- switch --flake .#<device-name>
-```
-
-#### Home Manager only (SteamDeck)
-```bash
-nix run home-manager/master -- switch --flake .#deck
-```
-
-### Available Devices
-- `mirai` - Main server
-- `ryu` - Primary desktop  
-- `deoxys` - VM server
-- `tsuba` - Raspberry Pi
-- `kuro` - MacBook (fs0c131y)
-- `shiro` - MacBook (servius)
-- `deck` - SteamDeck
-
-## 🛠️ Development Tools
-
-### Using Just (Recommended)
-```bash
-# Install on current system
-just install
-
-# Build without switching
-just build
-
-# Try Neovim configuration
-just nvim
-
-# Home Manager for non-NixOS
-just home
-```
-
-### Core Technologies
-- **OS**: NixOS, macOS, SteamOS
-- **Shells**: Fish (primary), Nushell 
-- **Editor**: Neovim with custom nixvim configuration
-- **Desktop**: Hyprland (Linux), Yabai + Aerospace (macOS)
-- **Terminals**: Foot, Wezterm, Kitty
-- **Package Management**: Nix Flakes with distributed building
-
-## 🎯 Key Features
-
-### 🔧 Multi-Platform Configuration Management
-- **NixOS**: Complete system configuration for servers and workstations
-- **nix-darwin**: macOS system management with Homebrew integration
-- **Home Manager**: User environment configuration across all platforms
-
-### 🌐 Network Infrastructure
-- **Tailscale VPN**: Secure mesh networking across all devices
-- **ZeroTier**: Secondary network layer for specific services
-- **SSH Deployment**: Automated deployment via deploy-rs
-
-### ⚡ Development Environment
-- **Nixvim**: Custom Neovim configuration with LSP, tree-sitter, and plugins
-- **Multi-monitor support**: Professional 3-monitor setup on ryu
-- **Cross-compilation**: ARM64 and x86_64 support with distributed builds
-
-### 🔒 Security & Secrets Management
-- **SOPS**: Encrypted secrets management across all devices
-- **SSH Keys**: Centralized key distribution
-- **Secure Boot**: Lanzaboote implementation on ryu
-- **TPM Support**: Hardware security module integration
-
-### 🏗️ Build Infrastructure
-- **Distributed Building**: mirai, shiro as build servers
-- **Binary Caches**: nix-community and custom caches
-- **Cross-platform**: ARM64 and x86_64 builds
-
-## 📦 Self-Hosted Services (mirai)
-
-### Core Services
-- **Nextcloud**: File storage and synchronization
-- **Gitea**: Self-hosted Git server
-
-- **Immich**: Photo management and AI-powered search
-- **Paperless**: Document management and OCR
-
-### Development Tools
-- **Atuin**: Shell history synchronization
-- **LLDAP**: Lightweight LDAP server
-- **VS Code Server**: Remote development environment
-
-### Entertainment & Media
-- **Minecraft Server**: Gaming server
-- **Navidrome**: Music streaming server
-- **Polaris**: Alternative music server
-
-### Networking & Security
-- **Tailscale**: VPN coordination node
-- **ZeroTier**: Network management
-- **Fail2ban**: Intrusion prevention
-- **Caddy**: Reverse proxy and SSL termination
-
-## 🎮 Gaming & Entertainment
-
-### Gaming Setup (ryu)
-- **Steam**: Native Linux gaming
-- **Wine/Proton**: Windows game compatibility
-- **Controller support**: Multiple gamepad configurations
-- **Performance**: NVIDIA GPU with CUDA support
-
-### Audio Production
-- **Musnix**: Real-time audio kernel optimization
-- **Professional audio**: Low-latency audio pipeline
-- **Hardware support**: Audio interfaces and MIDI controllers
-
-## 📱 Portable Configuration
-
-### macOS Features (kuro - MacBook, shiro - Mac Mini)
-- **Touch ID**: Sudo authentication integration (kuro)
-- **Keyboard remapping**: Custom modifier key layouts
-- **Aerospace/Yabai**: Tiling window management
-- **Homebrew**: Package management for macOS-specific applications
-- **Build server**: shiro serves as ARM64 build machine
-
-### SteamDeck Integration
-- **Home Manager**: User environment without system changes
-- **Tailscale**: VPN connectivity for remote access
-- **Development tools**: Portable development environment
-
-## 🔄 Deployment & Management
-
-### Automated Deployment
-```bash
-# Deploy to all servers from ryu
-deploy .
-
-# Deploy specific device
-deploy .#mirai
-```
-
-### Build Management
-- **Local builds**: Fast builds on powerful workstations
-- **Remote builds**: Offload to build servers for efficiency
-- **Binary caches**: Minimize rebuild times across devices
-
-### Configuration Updates
-- **Git-based**: All configurations version controlled
-- **Atomic updates**: Rollback capability for all changes
-- **Testing**: Safe deployment with easy rollback
-
-## 📚 Try My Configurations
-
-### Neovim Configuration
-```bash
-# Try my Neovim setup without installation
-nix run github:uttarayan21/dotfiles#neovim
-```
-
-### Standalone Packages
-The flake provides packages for:
-- Custom Neovim configuration
-- Development shells with tools
-- Custom applications and scripts
-
-## 🛡️ Security Practices
-
-- **Encrypted secrets**: All sensitive data managed via SOPS
-- **SSH hardening**: Key-based authentication only
-- **Network segmentation**: VPN-based access control
-- **Regular updates**: Automated security updates via Nix channels
-- **Hardware security**: TPM and secure boot where available
-
-## 📖 Documentation
-
-- **[Device Architecture](DEVICE_ARCHITECTURE.md)**: Detailed device specifications and relationships
-- **[Visual Diagram](assets/devices-diagram.svg)**: Complete infrastructure overview
-- **Module documentation**: Inline documentation for custom Nix modules
-
-## 🧰 Included Tools
-
-### Command Line Utilities
-| Tool | Purpose | Repository |
-|------|---------|------------|
-| `bat` | Enhanced cat with syntax highlighting | [sharkdp/bat](https://github.com/sharkdp/bat) |
-| `dust` | Intuitive du replacement | [bootandy/dust](https://github.com/bootandy/dust) |
-| `eza` | Modern ls replacement | [eza-community/eza](https://github.com/eza-community/eza) |
-| `fd` | Simple, fast find alternative | [sharkdp/fd](https://github.com/sharkdp/fd) |
-| `fzf` | Command-line fuzzy finder | [junegunn/fzf](https://github.com/junegunn/fzf) |
-| `just` | Command runner | [casey/just](https://github.com/casey/just) |
-| `ripgrep` | Fast text search | [BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep) |
-| `starship` | Cross-shell prompt | [starship/starship](https://github.com/starship/starship) |
-| `zoxide` | Smarter cd command | [ajeetdsouza/zoxide](https://github.com/ajeetdsouza/zoxide) |
-
-### GUI Applications
-- **Anyrun**: Application launcher for Hyprland
-- **Hyprland**: Modern Wayland compositor
-- **Ghostty**: GPU-accelerated terminal
-- **Firefox**: Web browser with custom CSS
-- **And many more...**
-
-## 🤝 Contributing
-
-This is a personal dotfiles repository, but feel free to:
-- Use configurations as inspiration
-- Report issues or suggest improvements
-- Fork for your own use (please respect licenses)
-
-## 📄 License
-
-This repository contains configurations and scripts for personal use. Individual tools and applications maintain their respective licenses.
-
----
-
-**Infrastructure Status**: 7 devices managed • 20+ services hosted • Multi-platform deployment ready
+2. Mirai Server (AMD Ryzen 7 7700 / 64GB@5200MHz)
+3. Tako Server (Intel Xeon E-2236 / 64GB)
+4. Tsuba Server  (Raspberry Pi 5 / 8GB)
+5. Kuro Laptop (Apple M4 Pro macbook / 24GB)
+6. Shiro Desktop (Apple M4 macmini / 16GB)

builders/mirai.nix

@@ -1,7 +1,7 @@
-{
-  hostName = "sh.darksailor.dev";
-  sshUser = "remotebuilder";
-  systems = ["x86_64-linux" "aarch64-linux"];
-  protocol = "ssh-ng";
-  supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
-}
+# {
+#   hostName = "mirai.darksailor.dev";
+#   sshUser = "remotebuilder";
+#   systems = ["x86_64-linux" "aarch64-linux"];
+#   protocol = "ssh-ng";
+#   supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+# }

builders/tako.nix

@@ -0,0 +1,7 @@
+{
+  hostName = "tako.darksailor.dev";
+  sshUser = "remotebuilder";
+  systems = ["x86_64-linux" "aarch64-linux"];
+  protocol = "ssh-ng";
+  supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+}

darwin/default.nix

@@ -1,35 +1,27 @@
 {
   devices,
   inputs,
-  overlays,
-  home-manager,
   nix-darwin,
+  overlays,
   ...
 }: (builtins.mapAttrs (
     name: device:
       nix-darwin.lib.darwinSystem {
         system = device.system;
         specialArgs = {
-          inherit device;
+          inherit device inputs;
+          stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
         };
         modules = [
-          {nixpkgs.overlays = overlays;}
-          ./${device.name}/configuration.nix
+          inputs.home-manager.darwinModules.home-manager
           inputs.sops-nix.darwinModules.sops
-          home-manager.darwinModules.home-manager
-          {
-            nixpkgs.config.allowUnfree = true;
-            home-manager = {
-              backupFileExtension = "bak";
-              useGlobalPkgs = true;
-              useUserPackages = true;
-              extraSpecialArgs = {
-                inherit inputs;
-                inherit device;
-              };
-              users.${device.user}.imports = [../home];
-            };
-          }
+          inputs.stylix.darwinModules.stylix
+
+          ./${device.name}/configuration.nix
+          ../home/module.nix
+          {nixpkgs.overlays = overlays;}
+          ../sops.nix
+          ../stylix.nix
         ];
       }
   )

darwin/kuro/configuration.nix

@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  device,
   ...
 }: {
   imports = [./services ./homebrew.nix ./programs];
@@ -12,7 +13,7 @@
       # ids.gids.nixbld = 30000;
       experimental-features = "nix-command flakes auto-allocate-uids";
       max-jobs = 8;
-      trusted-users = ["root" "fs0c131y"];
+      trusted-users = ["root" device.user];
       substituters = [
         "https://nix-community.cachix.org"
         # "https://sh.darksailor.dev"
@@ -29,7 +30,7 @@
     '';
     package = pkgs.nixVersions.latest;
     buildMachines = [
-      ../../builders/mirai.nix
+      ../../builders/tako.nix
       ../../builders/shiro.nix
     ];
     distributedBuilds = true;
@@ -58,7 +59,7 @@
 
   # services.nix-daemon.enable = true;
   system.stateVersion = 5;
-  system.primaryUser = "fs0c131y";
+  system.primaryUser = device.user;
 
   system.keyboard.enableKeyMapping = true;
   system.keyboard.remapCapsLockToControl = true;

darwin/shiro/configuration.nix

@@ -8,7 +8,7 @@
 
   # environment.systemPackages = with pkgs; [nix neovim];
   nix = {
-    enable = false;
+    enable = true;
     settings = {
       experimental-features = "nix-command flakes auto-allocate-uids";
       max-jobs = 8;
@@ -29,8 +29,8 @@
     '';
     package = pkgs.nixVersions.latest;
     buildMachines = [
-      ../../builders/mirai.nix
-      # ../../builders/shiro.nix
+      ../../builders/tako.nix
+      ../../builders/shiro.nix
     ];
     distributedBuilds = true;
   };
@@ -43,9 +43,9 @@
     ];
   };
   users.users.remotebuilder = {
-    name = "remotebuilder";
+    description = "User for Nix remote builds";
     uid = 700;
-    home = "/var/lib/remotebuilder";
+    # home = "/var/remotebuilder";
     createHome = true;
     shell = "/bin/bash";
     openssh.authorizedKeys.keyFiles = [
@@ -76,7 +76,7 @@
 
   # services.nix-daemon.enable = true;
   system.primaryUser = "servius";
-  system.stateVersion = 4;
+  system.stateVersion = 5;
 
   system.keyboard.enableKeyMapping = true;
   system.keyboard.remapCapsLockToControl = true;

darwin/shiro/homebrew.nix

@@ -6,14 +6,14 @@
     ];
     casks = [
       "docker"
-      "librewolf"
       "raycast"
-      "kunkun" # Soon
       "lunar"
       "virtual-desktop-streamer"
       "kicad"
       "shapr3d"
       "orcaslicer"
+      "zed"
+      "zen"
     ];
   };
 }

darwin/shiro/services/caddy.nix

@@ -4,31 +4,31 @@
   ...
 }: {
   sops = {
-    secrets."hetzner/api_key".owner = config.services.caddy.user;
+    secrets."cloudflare/api_key".owner = config.services.caddy.user;
     templates = {
-      "HETZNER_API_KEY.env".content = ''
-        HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
+      "CLOUDFLARE_API_KEY.env".content = ''
+        CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
       '';
     };
   };
   services = {
     caddy = {
       enable = true;
-      environmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
+      environmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
       globalConfig = ''
         debug
       '';
       extraConfig = ''
-        (hetzner) {
+        (cloudflare) {
             tls {
                 propagation_timeout -1
                 propagation_delay 120s
-                dns hetzner {env.HETZNER_API_KEY}
+                dns cloudflare {env.CLOUDFLARE_API_KEY}
                 resolvers 1.1.1.1
             }
         }
       '';
-      package = pkgs.caddyWithHetzner;
+      package = pkgs.caddyWithCloudflare;
     };
   };
 }

darwin/shiro/services/default.nix

@@ -1,11 +1,11 @@
 {...}: {
   imports = [
-    ../../../modules/darwin/caddy
+    # ../../../modules/darwin/caddy
     ./yabai.nix
     ./skhd.nix
     ./tailscale.nix
     ./autossh.nix
-    ./caddy.nix
+    # ./caddy.nix
     ./sops.nix
     # ./lmstudio.nix
     # ./colima.nix

darwin/shiro/services/lmstudio.nix

@@ -1,7 +1,7 @@
 {...}: {
   services = {
     caddy.virtualHosts."lmstudio.shiro.darksailor.dev" = ''
-      import hetzner
+      import cloudflare
       reverse_proxy localhost:1234
     '';
   };

deploy.nix

@@ -1,14 +1,15 @@
 {
   inputs,
   self,
+  deploy-rs,
   ...
 }: {
   nodes = {
     mirai = {
-      hostname = "mirai";
+      hostname = "mirai.darksailor.dev";
       profiles.system = {
         sshUser = "fs0c131y";
-        path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
         user = "root";
       };
     };
@@ -16,7 +17,7 @@
       hostname = "tsuba.darksailor.dev";
       profiles.system = {
         sshUser = "servius";
-        path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
+        path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
         user = "root";
       };
     };
@@ -24,7 +25,15 @@
       hostname = "ryu";
       profiles.system = {
         sshUser = "servius";
-        path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
+        user = "root";
+      };
+    };
+    tako = {
+      hostname = "tako.darksailor.dev";
+      profiles.system = {
+        sshUser = "servius";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
         user = "root";
       };
     };
@@ -33,7 +42,7 @@
       interactiveSudo = true;
       profiles.system = {
         sshUser = "fs0c131y";
-        path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
+        path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
         user = "root";
       };
     };
@@ -42,25 +51,17 @@
       interactiveSudo = true;
       profiles.system = {
         sshUser = "servius";
-        path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
+        path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
         user = "root";
       };
     };
-    deoxys = {
-      hostname = "deoxys";
-      profiles.system = {
-        sshUser = "servius";
-        path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.deoxys;
-        user = "root";
-      };
-    };
-    deck = {
-      hostname = "steamdeck";
-      profiles.system = {
-        sshUser = "deck";
-        path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
-        user = "deck";
-      };
-    };
+    # deck = {
+    #   hostname = "steamdeck";
+    #   profiles.system = {
+    #     sshUser = "deck";
+    #     path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
+    #     user = "deck";
+    #   };
+    # };
   };
 }

flake.nix

@@ -3,19 +3,27 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-master.url = "github:nixos/nixpkgs/master";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
     flake-utils.url = "github:numtide/flake-utils";
     disko = {
       url = "github:nix-community/disko/latest";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    stylix = {
+      url = "github:nix-community/stylix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    stylix-stable = {
+      url = "github:nix-community/stylix/release-25.05";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
+    };
     home-manager-stable = {
       url = "github:nix-community/home-manager/release-25.05";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
     };
     nix-darwin = {
       url = "github:LnL7/nix-darwin";
@@ -26,7 +34,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     ironbar = {
-      url = "github:da-x/ironbar/correct-gdk-monitor";
+      url = "github:JakeStanger/ironbar";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     lanzaboote = {
@@ -35,7 +43,7 @@
     };
     nixvim = {
       url = "github:nix-community/nixvim";
-      inputs.nixpkgs.follows = "nixpkgs";
+      # inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-index-database.url = "github:Mic92/nix-index-database";
     music-player = {
@@ -115,6 +123,10 @@
       url = "github:nushell/tree-sitter-nu";
       flake = false;
     };
+    tree-sitter-pest = {
+      url = "github:pest-parser/tree-sitter-pest";
+      flake = false;
+    };
     navigator = {
       url = "github:ray-x/navigator.lua";
       flake = false;
@@ -150,7 +162,7 @@
 
     anyrun = {
       # My fork of anyrun that allows up / down with <C-n> / <C-p>
-      url = "github:uttarayan21/anyrun";
+      url = "github:anyrun-org/anyrun";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     anyrun-hyprwin = {
@@ -162,7 +174,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     onepassword-shell-plugins = {
-      url = "github:uttarayan21/shell-plugins";
+      url = "github:1Password/shell-plugins";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     zeronsd = {
@@ -183,7 +195,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     hyprmonitors = {
-      url = "git+ssh://gitea@git.darksailor.dev/servius/hyprmonitors";
+      url = "git+https://git.darksailor.dev/servius/hyprmonitors";
       # url = "path:/home/servius/Projects/hyprmonitors";
       inputs.nixpkgs.follows = "nixpkgs";
     };
@@ -195,21 +207,38 @@
     ik_llama = {
       url = "github:ikawrakow/ik_llama.cpp?submodules=1";
       # submodules = true;
-      flake = false;
+      inputs.nixpkgs.follows = "nixpkgs";
     };
     llama-cpp = {
       # url = "https://github.com/ggml-org/llama.cpp";
       url = "github:ggml-org/llama.cpp/b6178?submodules=1";
-      flake = false;
-    };
-    immich = {
-      url = "github:immich-app/immich/v1.142.0";
-      flake = false;
+      inputs.nixpkgs.follows = "nixpkgs";
     };
     yabai = {
       url = "github:koekeishiya/yabai";
       flake = false;
     };
+    nix-auth = {
+      url = "github:numtide/nix-auth";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixpkgs-xr = {
+      url = "github:nix-community/nixpkgs-xr";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    handoff = {
+      url = "github:xatuke/handoff";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    crates-nix.url = "github:uttarayan21/crates.nix";
+    headplane = {
+      url = "github:tale/headplane";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    vicinae = {
+      url = "github:vicinaehq/vicinae";
+      # inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
@@ -226,11 +255,19 @@
     ...
   } @ inputs: let
     devices = {
-      mirai = mkDevice {
-        name = "mirai";
+      # mirai = mkDevice {
+      #   name = "mirai";
+      #   system = "x86_64-linux";
+      #   user = "fs0c131y";
+      #   hasGui = false; # Don't wan't to run GUI apps on a headless server
+      #   isNix = true;
+      #   isServer = true;
+      # };
+      tako = mkDevice {
+        name = "tako";
         system = "x86_64-linux";
-        user = "fs0c131y";
-        hasGui = false; # Don't wan't to run GUI apps on a headless server
+        user = "servius";
+        hasGui = false;
         isNix = true;
         isServer = true;
       };
@@ -248,14 +285,6 @@
           tertiary = "DP-1";
         };
       };
-      deoxys = mkDevice {
-        name = "deoxys";
-        system = "x86_64-linux";
-        user = "servius";
-        hasGui = false; # It's a vm so no GUI apps are used
-        isNix = true;
-        isServer = true;
-      };
       tsuba = mkDevice {
         name = "tsuba";
         system = "aarch64-linux";
@@ -313,10 +342,14 @@
         if isDarwin
         then "/Users/${device.user}"
         else "/home/${device.user}";
+      # output =
+      #   if isDarwin
+      #   then self.darwinConfigurations."${device.name}"
+      #   else self.nixosConfigurations."${device.name}";
     };
 
     nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices;
-    linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
+    # linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
     darwin_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isDarwin) devices;
     rpi_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isArm && x.isLinux) devices;
 
@@ -324,7 +357,7 @@
       inherit inputs;
     };
   in
-    rec {
+    {
       nixosConfigurations =
         (import ./nixos {
           inherit inputs nixpkgs home-manager overlays nur;
@@ -370,7 +403,8 @@
       in {
         tsuba = mkImage nixos.tsuba;
       };
-      deploy = import ./deploy.nix {inherit inputs self;};
+      deploy = import ./deploy.nix {inherit inputs self deploy-rs;};
+      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
       inherit devices;
     }
     // flake-utils.lib.eachDefaultSystem (
@@ -385,7 +419,7 @@
       in {
         packages = rec {
           default = neovim;
-          neovim = pkgs.nixvim.makeNixvim (import ./neovim);
+          neovim = pkgs.nixvim.makeNixvim (pkgs.callPackage ./neovim);
         };
         devShells = {
           default = pkgs.mkShell {

home/apps/blueman.nix

@@ -5,7 +5,6 @@
 }: {
   home.packages = lib.optionals pkgs.stdenv.isLinux [
     pkgs.blueman
-    pkgs.webcord
   ];
   services.blueman-applet.enable = pkgs.stdenv.isLinux;
 }

home/apps/default.nix

@@ -7,36 +7,38 @@ lib.optionalAttrs device.hasGui {
   imports = [
     # ./audacity.nix
     ./blueman.nix
-    ./bottles.nix
+    # ./bottles.nix
     ./chromium.nix
-    ./cursor.nix
+    # ./cursor.nix
     ./discord.nix
     ./firefox.nix
     ./ghostty.nix
-    # ./gimp.nix
-    ./guitarix.nix
+    ./gimp.nix
+    # ./guitarix.nix
     ./hyprpicker.nix
-    ./jellyflix.nix
-    ./kicad.nix
+    # ./jellyflix.nix
+    # ./kicad.nix
     ./kitty.nix
     ./lmstudio.nix
     ./mpv.nix
-    ./neovide.nix
+    # ./neovide.nix
     ./nextcloud.nix
     ./obs-studio.nix
-    ./openscad.nix
+    # ./openscad.nix
     ./orcaslicer.nix
-    ./pcsx2.nix
+    # ./pcsx2.nix
     # ./rpcs3.nix
     # ./shadps4.nix
     ./slack.nix
-    ./thunderbird.nix
+    # ./thunderbird.nix
+    # ./tsukimi.nix
+    # ./vial.nix
     ./vlc.nix
     ./vscode.nix
     ./wezterm.nix
     ./zathura.nix
     ./zed.nix
     ./zen.nix
-    ./vial.nix
+    ./vicinae.nix
   ];
 }

home/apps/discord.nix

@@ -5,6 +5,8 @@
 }: {
   home.packages = lib.optionals pkgs.stdenv.isLinux [
     pkgs.discord
-    pkgs.webcord
+    pkgs.vesktop
+    pkgs.discord-canary
+    pkgs.discord-ptb
   ];
 }

home/apps/firefox.nix

@@ -53,6 +53,8 @@
     };
   };
 in {
-  programs.librewolf = config // {package = stablePkgs.librewolf;};
+  stylix.targets.librewolf.profileNames = ["default"];
+  stylix.targets.zen-browser.profileNames = ["default"];
+  # programs.librewolf = config // {package = stablePkgs.librewolf;};
   # programs.firefox = config;
 }

home/apps/ghostty.nix

@@ -7,7 +7,6 @@
     enable = device.is "ryu";
     installBatSyntax = false;
     settings = {
-      theme = "catppuccin-mocha";
       font-family = [
         "Hasklug Nerd Font Mono"
       ];

home/apps/gimp.nix

@@ -1,3 +1,8 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [gimp];
+{
+  pkgs,
+  device,
+  lib,
+  ...
+}: {
+  home.packages = with pkgs; lib.optionals (device.is "ryu") [gimp];
 }

home/apps/kitty.nix

@@ -1,9 +1,11 @@
 {
+  lib,
   pkgs,
-  device,
-  inputs,
+  # device,
+  # inputs,
   ...
 }: {
+  stylix.targets.kitty.enable = false;
   programs.kitty = {
     enable = true;
     # enable = false;
@@ -11,11 +13,11 @@
       # name = "FiraCode Nerd Font Mono";
       name = "Hasklug Nerd Font Mono";
       # name = "Monaspace Krypton Var Light";
-      size = 13;
+      size = lib.mkForce 13;
     };
     settings = {
-      background_opacity = "0.8";
-      background = "#000000";
+      background_opacity = lib.mkForce "0.8";
+      background = lib.mkForce "#000000";
       shell = "${pkgs.fish}/bin/fish";
       hide_window_decorations = "yes";
       cursor_trail = 1;
@@ -25,7 +27,7 @@
     darwinLaunchOptions = [
       "--single-instance"
     ];
-    themeFile = "Catppuccin-Mocha";
+    themeFile = lib.mkForce "Catppuccin-Mocha";
     # package = inputs.nixpkgs-stable.legacyPackages.${device.system}.kitty;
   };
 }

home/apps/lmstudio.nix

@@ -6,6 +6,9 @@
 }:
 lib.mkIf (device.is "ryu") {
   home.packages = with pkgs; [
-    lmstudio
+    (lmstudio.overrideAttrs
+      (old: {
+        extraPkgs = old.extraPkgs or [] ++ [pkgs.cudaPackages.cudatoolkit];
+      }))
   ];
 }

home/apps/mpv.nix

@@ -1,6 +1,29 @@
 {pkgs, ...}: {
   programs.mpv = {
     enable = true;
+    config = {
+      vo = "gpu-next";
+      gpu-api = "vulkan";
+      loop-file = "inf";
+      loop-playlist = "inf";
+    };
+    profiles = {
+      hdr = {
+        vo = "gpu-next";
+        gpu-api = "vulkan";
+        hdr-compute-peak = "yes";
+        hdr-peak-detect = "yes";
+        target-peak = 400;
+        target-prim = "bt.2020";
+        target-trc = "pq";
+        inverse-tone-mapping = "yes";
+        tone-mapping = "spline";
+        tone-mapping-mode = "auto";
+        target-colorspace-hint = "auto";
+        gamut-mapping = "desaturate";
+      };
+    };
+
     package =
       if pkgs.stdenv.isLinux
       then pkgs.mpv-unwrapped.wrapper {mpv = pkgs.mpv-unwrapped.override {sixelSupport = true;};}

home/apps/tsukimi.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    tsukimi
+  ];
+}

home/apps/vicinae.nix

@@ -0,0 +1,16 @@
+{
+  pkgs,
+  inputs,
+  device,
+  ...
+}: {
+  imports = [inputs.vicinae.homeManagerModules.default];
+  services.vicinae = {
+    enable = device.is "ryu";
+    autoStart = true;
+    extensions = [];
+    # package = pkgs.vicinae.overrideAttrs (old: {
+    #   patches = [../../patches/vicinae-ctrl-np.patch];
+    # });
+  };
+}

home/apps/zed.nix

@@ -101,22 +101,9 @@
       telemetry = {
         metrics = false;
       };
-      buffer_font_size = 15;
-      # language_models = {
-      #   ollama = {
-      #     api_url = "https://ollama.ryu.darksailor.dev";
-      #     available_models = [
-      #       {
-      #         name = "qwen3:30b-a3b";
-      #         display_name = "Qwen3 MoE (30b-a3b)";
-      #         max_tokens = 32768;
-      #         supports_tools = true;
-      #         supports_thinking = false;
-      #         supports_images = false;
-      #       }
-      #     ];
-      #   };
-      # };
+      buffer_font_size = lib.mkDefault 15;
+      language_models = {
+      };
       terminal = {
         shell = {
           program = "${pkgs.fish}/bin/fish";
@@ -143,7 +130,7 @@
           };
         };
       };
-      theme = "Catppuccin Mocha";
+      theme = lib.mkForce "Catppuccin Mocha";
     };
     userTasks = let
       zed =

home/module.nix

@@ -0,0 +1,21 @@
+{
+  device,
+  inputs,
+  ...
+}: {
+  nixpkgs.config.allowUnfree = true;
+  home-manager = {
+    backupFileExtension = "bak";
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit inputs;
+      inherit device;
+      stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+    };
+    users.${device.user}.imports = [
+      inputs.nixvim.homeModules.nixvim
+      ./.
+    ];
+  };
+}

home/programs/aichat.nix

@@ -8,13 +8,16 @@
   imports = [
     ../../modules/aichat.nix
   ];
-  programs.mayichat = {
+
+  disabledModules = ["programs/aichat.nix"];
+  programs.aichat = {
     enable = true;
     enableFishIntegration = true;
     enableNushellIntegration = false;
     settings = {
       save_session = true;
       model = "openai:gpt-4o";
+      # model = "ryu:qwen3-coder-30b";
       rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k";
       clients = [
         {
@@ -48,7 +51,7 @@
           api_base = "https://llama.ryu.darksailor.dev/v1";
           models = [
             {
-              name = "gpt-oss-20b";
+              name = "qwen3-coder-30b";
               type = "chat";
             }
             # {
@@ -173,7 +176,7 @@
           ---
           model: openai:gpt-4o
           ---
-          Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Don't include any additional text or explanations, just the commit message.
+          Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Do not under any circumstance include any additional text or explanations, just add the commit message.
         '';
     };
   };

home/programs/bat.nix

@@ -7,13 +7,6 @@
   programs.
     bat = {
     enable = true;
-    config = {theme = "catppuccin";};
-    themes = {
-      catppuccin = {
-        src = "${pkgs.catppuccinThemes.bat}/themes";
-        file = "Catppuccin Mocha.tmTheme";
-      };
-    };
     # extraPackages = with pkgs.bat-extras; [batman batgrep batwatch];
   };
 }

home/programs/default.nix

@@ -13,6 +13,7 @@
     ./ddcbacklight.nix
     ./direnv.nix
     ./eza.nix
+    ./fastfetch.nix
     ./fish.nix
     ./fzf.nix
     ./gh.nix
@@ -24,6 +25,7 @@
     ./nix-index.nix
     ./nushell.nix
     ./omnix.nix
+    ./retroarch.nix
     ./rustup.nix
     ./ryujinx.nix
     ./sops.nix
@@ -34,10 +36,13 @@
     ./television.nix
     ./tmux.nix
     ./tuifeed.nix
+    ./uv.nix
     ./xh.nix
     ./yazi.nix
     ./yt-dlp.nix
     ./zoxide.nix
+    ./neovim.nix
+    ./opencode.nix
 
     # ./goread.nix
     # ./helix.nix
@@ -60,7 +65,7 @@
       bottom
       btop
       cachix
-      deploy-rs
+      deploy-rs.deploy-rs
       dust
       fd
       file
@@ -71,7 +76,6 @@
       just
       macchina
       nb
-      (nixvim.makeNixvim (import ../../neovim))
       p7zip
       pandoc
       pfetch-rs
@@ -86,6 +90,13 @@
       nerd-fonts.fira-code
       nerd-fonts.hasklug
       nerd-fonts.symbols-only
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-color-emoji
+      liberation_ttf
+      fira-code
+      fira-code-symbols
+      mplus-outline-fonts.githubRelease
     ]
     ++ lib.optionals device.isLinux []
     ++ lib.optionals device.isDarwin [];

home/programs/fastfetch.nix

@@ -0,0 +1,51 @@
+{
+  pkgs,
+  lib,
+  device,
+  config,
+  ...
+}: let
+  nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
+in {
+  programs = {
+    fastfetch = {
+      enable = true;
+      settings = {
+        logo = lib.mkIf (device.is "ryu") {
+          source = nextcloudWallpapers "hornet.png";
+          width = 70;
+        };
+        modules = [
+          "title"
+          "separator"
+          "os"
+          "host"
+          "kernel"
+          "uptime"
+          "packages"
+          "shell"
+          "display"
+          "de"
+          "wm"
+          "wmtheme"
+          "theme"
+          "icons"
+          "cursor"
+          "terminal"
+          "terminalfont"
+          "cpu"
+          "gpu"
+          "memory"
+          "swap"
+          "disk"
+          "battery"
+          "poweradapter"
+          "locale"
+          "break"
+          "colors"
+        ];
+      };
+    };
+    fish.shellAbbrs.ff = "fastfetch";
+  };
+}

home/programs/fish.nix

@@ -5,6 +5,7 @@
   config,
   ...
 }: {
+  stylix.targets.fish.enable = false;
   programs.fish = {
     enable = true;
     shellAbbrs = {

home/programs/git.nix

@@ -1,15 +1,18 @@
 {
   pkgs,
+  config,
   lib,
   device,
   ...
-}: {
+}:
+lib.optionalAttrs (!(device.is "tsuba")) {
   programs.git = {
     enable = true;
     lfs.enable = true;
-    userName = "uttarayan21";
-    userEmail = "email@uttarayan.me";
-    extraConfig = {
+    settings = {
+      user.name = "uttarayan21";
+      user.email = config.accounts.email.accounts.fastmail.address;
+      user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfKKrX8yeIHUUury0aPwMY6Ha+BJyUR7P0Gqid90ik/";
       color.ui = true;
       core.editor = "nvim";
       core.pager = "${pkgs.delta}/bin/delta";
@@ -18,7 +21,6 @@
       merge.conflictStyle = "diff3";
       diff.colorMoved = "default";
       push.autoSetupRemote = true;
-      user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfKKrX8yeIHUUury0aPwMY6Ha+BJyUR7P0Gqid90ik/";
       gpg.format = "ssh";
       commit.gpgsign = true;
       pull = {

home/programs/neovim.nix

@@ -0,0 +1,21 @@
+{
+  pkgs,
+  device,
+  stablePkgs,
+  lib,
+  ...
+}: {
+  stylix.targets.nixvim.enable = false;
+  programs = lib.optionalAttrs (device.is "ryu" || device.is "kuro" || device.is "mirai" || device.is "tako" || device.is "shiro") {
+    nixvim =
+      {
+        enable = true;
+        nixpkgs = {
+          config = {
+            allowUnfree = true;
+          };
+        };
+      }
+      // (import ./../../neovim {inherit pkgs stablePkgs;});
+  };
+}

home/programs/opencode.nix

@@ -0,0 +1,10 @@
+{
+  device,
+  lib,
+  ...
+}:
+lib.optionalAttrs (device.is "ryu") {
+  programs.opencode = {
+    enable = true;
+  };
+}

home/programs/retroarch.nix

@@ -0,0 +1,8 @@
+{
+  pkgs,
+  device,
+  lib,
+  ...
+}: {
+  home.packages = lib.optionals (device.name == "ryu") [pkgs.retroarch-full];
+}

home/programs/ssh.nix

@@ -9,25 +9,25 @@
     matchBlocks = {
       tsuba = {
         user = "servius";
-        hostname = "tsuba";
+        hostname = "tsuba.darksailor.dev";
       };
       github = {
         user = "git";
         host = "github.com";
       };
-      deoxys = {
+      # mirai = {
+      #   user = "fs0c131y";
+      #   hostname = "mirai.darksailor.dev";
+      #   forwardAgent = true;
+      # };
+      tako = {
         user = "servius";
-        hostname = "deoxys";
-        forwardAgent = true;
-      };
-      mirai = {
-        user = "fs0c131y";
-        hostname = "sh.darksailor.dev";
+        hostname = "tako.darksailor.dev";
         forwardAgent = true;
       };
       ryu = {
         user = "servius";
-        hostname = "ryu";
+        hostname = "ryu.darksailor.dev";
         forwardAgent = true;
       };
       kuro = {

home/programs/starship.nix

@@ -4,6 +4,7 @@
   device,
   ...
 }: {
+  stylix.targets.starship.enable = false;
   programs.starship = {
     enable = true;
     enableFishIntegration = true;

home/programs/uv.nix

@@ -0,0 +1,3 @@
+{...}: {
+  programs.uv.enable = true;
+}

home/programs/yazi.nix

@@ -1,14 +1,18 @@
-{
-  pkgs,
-  lib,
-  device,
-  ...
-}: {
-  programs.
-    yazi = {
+{...}: {
+  programs. yazi = {
     enable = true;
     enableFishIntegration = true;
     enableNushellIntegration = true;
-    theme = builtins.fromTOML (builtins.readFile "${pkgs.catppuccinThemes.yazi}/themes/mocha.toml");
+    # theme = lib.mkDefault builtins.fromTOML (builtins.readFile "${pkgs.catppuccinThemes.yazi}/themes/mocha.toml");
+    settings = {
+      plugin = {
+        prepend_preloaders = [
+          {
+            name = "/run/user/1000/gvfs";
+            run = "noop";
+          }
+        ];
+      };
+    };
   };
 }

home/services/anyrun.nix

@@ -10,6 +10,7 @@
   imports = [inputs.anyrun.homeManagerModules.default];
   programs.anyrun = {
     enable = device.isDesktopLinux;
+    package = inputs.anyrun.packages.${pkgs.system}.anyrun.overrideAttrs (finalAttrs: prevAttrs: {patches = [../../patches/ctrl-np.patch];});
     config = {
       plugins = with inputs.anyrun.packages.${pkgs.system}; [
         inputs.anyrun-nixos-options.packages.${pkgs.system}.default

home/services/default.nix

@@ -3,13 +3,15 @@
     ./swaync.nix
     ./swayosd.nix
     ./kdeconnect.nix
-    ./hyprland.nix
     ./gtk.nix
     ./anyrun.nix
-    ./ironbar
+    # ./ironbar
     ./gui.nix
     ./eww.nix
-    ./hyprmon.nix
     ./xdg.nix
+    ./hyprmon.nix
+    ./hyprland.nix
+    ./hyprpaper.nix
+    # ./wallpaperengine.nix
   ];
 }

home/services/eww.nix

@@ -1,19 +1,15 @@
 {
-  pkgs,
   device,
-  lib,
+  config,
   ...
-}: let
-  activate_linux = pkgs.fetchFromGitHub {
-    owner = "Nycta-b424b3c7";
-    repo = "eww_activate-linux";
-    rev = "master";
-    sha256 = "sha256-CHNkRYR4F9JGMrNubHu+XzkwwI3IHzh93nuS7/Plhe4=";
-  };
-in {
+}: {
   programs.eww = {
     enable = device.is "ryu";
     enableFishIntegration = true;
-    configDir = activate_linux;
   };
+  # xdg.configFile = {
+  #   eww = {
+  #     source = "${config.home.homeDirectory}/Projects/dotfiles/home/services/eww";
+  #   };
+  # };
 }

home/services/eww/README.md

@@ -0,0 +1,5 @@
+# "Activate Linux"
+
+"Activate Linux" text for [Eww](https://github.com/elkowar/eww/)
+
+![Activate Linux](activate-linux.png)

home/services/eww/eww.scss

@@ -0,0 +1,7 @@
+.activate-linux {
+  color: rgba(250, 250, 250, 0.5);
+
+  &.background {
+    background: none;
+  }
+}

home/services/eww/eww.yuck

@@ -0,0 +1,41 @@
+(defwidget activate-linux []
+  (box
+    :orientation "v"
+    :halign "start"
+    :valign "start"
+    (label :xalign 0 :markup "<span font_size=\"large\">Activate Linux</span>")
+    (label :xalign 0 :text "Go to Settings to activate Linux")))
+
+(defwindow activate-linux
+  :monitor 0
+  :stacking "fg"
+  :geometry (geometry :x "96px" :y "96px" :width "250px" :anchor "bottom right")
+  (activate-linux))
+
+
+(defwidget bar []
+    (centerbox :orientation "h"
+        (workspaces)
+        (music)
+        (tray)))
+
+
+;; (defwidget tray []
+;;     (box :sclass "tray" :orientation "h" :space-evenly false :haligh "end"
+;;         (system-tray)
+;;         (battery)
+;;         (clock)))
+
+
+(defwidgets workspaces []
+    (box :class "workspaces" :orientation "h" :space-evenly true :halign "start" :spacing 10
+        (workspace-indicator :index 0)
+        (workspace-indicator :index 1)
+        (workspace-indicator :index 2)
+        (workspace-indicator :index 3)
+        (workspace-indicator :index 4)
+        (workspace-indicator :index 5)
+        (workspace-indicator :index 6)
+        (workspace-indicator :index 7)
+        (workspace-indicator :index 8)
+        (workspace-indicator :index 9)))

home/services/gtk.nix

@@ -3,9 +3,11 @@
   lib,
   device,
   ...
-}: {
+}:
+lib.optionalAttrs (device.is "ryu") {
   gtk = {
     enable = device.is "ryu";
+    colorScheme = lib.mkForce "dark";
     theme = {
       name = "catppuccin-mocha-mauve-standard+normal";
       package = pkgs.catppuccinThemes.gtk;
@@ -37,4 +39,7 @@
     # pkgs.catppuccinThemes.gtk
     pkgs.catppuccinThemes.papirus-folders
   ];
+  # stylix.targets.gtk.enable = false;
+  stylix.targets.gtk.enable = false;
+  stylix.targets.gnome.enable = false;
 }

home/services/gui.nix

@@ -2,6 +2,7 @@
   pkgs,
   device,
   lib,
+  inputs,
   ...
 }: {
   systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") {
@@ -24,21 +25,21 @@
       nautilus
       totem
       ffmpegthumbnailer
-      polkit_gnome
+      # polkit_gnome
       seahorse
       signal-desktop
       # sony-headphones-client
       spotify
       steam-run
       wl-clipboard
-      (prismlauncher.override {
-        additionalPrograms = [ffmpeg zenity];
-        jdks = [
-          graalvm-ce
-          zulu8
-          zulu17
-          zulu
-        ];
-      })
+      # (prismlauncher.override {
+      #   additionalPrograms = [ffmpeg zenity];
+      #   jdks = [
+      #     # graalvm-ce
+      #     zulu8
+      #     zulu17
+      #     zulu
+      #   ];
+      # })
     ];
 }

home/services/hyprland.nix

@@ -6,10 +6,6 @@
 }:
 # lib.optionalAttrs device.isNix
 {
-  imports = [
-    ../../modules/hyprpaper.nix
-  ];
-
   # services.hyprpolkitagent.enable = true;
   services.hypridle = {
     enable = device.is "ryu";
@@ -29,20 +25,6 @@
   services.hyprsunset = {
     enable = device.is "ryu";
   };
-  programs.hyprpaper = let
-    wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;};
-  in {
-    enable = device.is "ryu";
-    # enable = true;
-    systemd.enable = true;
-    systemd.target = "hyprland-session.target";
-    settings.preload = wallpapers.all;
-    settings.wallpapers = {
-      "${device.monitors.primary}" = wallpapers.moon;
-      "${device.monitors.secondary}" = wallpapers.frieren_3;
-      "${device.monitors.tertiary}" = wallpapers.shapes;
-    };
-  };
   programs.hyprlock = {
     enable = device.is "ryu";
   };
@@ -51,11 +33,15 @@
     systemd.enable = true;
 
     settings = {
-      source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
+      # source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
       render = {
+        direct_scanout = true;
         cm_fs_passthrough = 1;
         cm_auto_hdr = 1;
       };
+      experimental = {
+        xx_color_management_v4 = true;
+      };
       monitorv2 = [
         {
           output = device.monitors.primary;
@@ -63,10 +49,12 @@
           position = "0x0";
           scale = 1;
           transform = 0;
-          # bitdepth = 10;
-          # cm = "hdr";
-          # sdrbrightness = 1.1;
-          # sdrsaturation = 1.2;
+          supports_wide_color = 1;
+          supports_hdr = 1;
+          bitdepth = 10;
+          cm = "hdr";
+          # sdrbrightness = 0.005;
+          # sdrsaturation = 200;
         }
         {
           output = device.monitors.secondary;
@@ -104,8 +92,8 @@
         gaps_in = 5;
         gaps_out = 20;
         border_size = 2;
-        "col.active_border" = "$mauve $mauve 45deg";
-        "col.inactive_border" = "$crust";
+        # "col.active_border" = "$mauve $mauve 45deg";
+        # "col.inactive_border" = "$crust";
       };
 
       ecosystem = {
@@ -200,26 +188,32 @@
       ];
       bind = [
         # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
-        "$mainMod, Return, exec, ${pkgs.kitty}/bin/kitty"
-        "$mainModShift, Return, exec, ${pkgs.wezterm}/bin/wezterm"
+        "$mainMod, Return, exec, ${lib.getExe pkgs.kitty}"
+        "$mainModShift, Return, exec, ${lib.getExe pkgs.wezterm}"
         # "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot"
         "$mainModShift, Q, killactive,"
-        "$mainModShift, s, exec, ${pkgs.hyprshot}/bin/hyprshot -m region"
+        "$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region -o ~/Pictures/Screenshots/"
         # "$mainMod, M, exit,"
-        "$mainMod, t, togglefloating,"
+        "$mainModShift, f, togglefloating,"
+        "$mainModShift, f, pin"
+        "$mainModShift, f, alterzorder, top"
         "$mainMod, f, fullscreen,"
         "$mainMod, g, fullscreenstate,0,2"
-        "$mainMod, d, exec, ${pkgs.anyrun}/bin/anyrun"
-        "$mainMod, Space, exec, ${pkgs.anyrun}/bin/anyrun"
+        "$mainMod, d, exec, ${lib.getExe pkgs.vicinae} toggle"
+        "$mainMod, Space, exec, ${lib.getExe pkgs.vicinae} toggle"
         "$mainMod, p, pseudo, # dwindle"
         "$mainMod, v, togglesplit,"
-        # "$mainMod, a, exec, swaync-client -t"
+        "$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
         "$mainMod, Tab, cyclenext"
         # Audio
         ",xf86audiomute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle"
-        # ",xf86audioprev, exec, /home/fs0c131y/.cargo/bin/mctl prev"
-        # ",xf86audionext, exec, /home/fs0c131y/.cargo/bin/mctl next"
-        # ",xf86audioplay, exec, /home/fs0c131y/.cargo/bin/mctl toggle"
+        # replace with later
+        # https://github.com/uttarayan21/mctl-rs
+        ",xf86audioprev, exec, ${lib.getExe pkgs.playerctl} previous"
+        ",xf86audionext, exec, ${lib.getExe pkgs.playerctl} next"
+        ",xf86audioplay, exec, ${lib.getExe pkgs.playerctl} play-pause"
+        ",xf86monbrightnessup, exec, ${lib.getExe pkgs.ddcbacklight} inc 10"
+        ",xf86monbrightnessdown, exec, ${lib.getExe pkgs.ddcbacklight} dec 10"
 
         # Screenshot
         # "$mainMod,Print, exec, grim"

home/services/hyprpaper.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  device,
+  config,
+  ...
+}: {
+  imports = [
+    ../../modules/hyprpaper.nix
+  ];
+  programs.hyprpaper = let
+    wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;};
+    nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
+    silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
+    silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
+  in rec {
+    enable = device.is "ryu";
+    systemd.enable = true;
+    systemd.target = "hyprland-session.target";
+    settings.preload =
+      wallpapers.all
+      ++ pkgs.lib.mapAttrsToList (_: value: value) settings.wallpapers;
+    settings.wallpapers = {
+      "${device.monitors.primary}" = silksongShadeLord;
+      "${device.monitors.secondary}" = wallpapers.frieren_3;
+      "${device.monitors.tertiary}" = silksongFleas;
+    };
+  };
+}

home/services/ironbar/default.nix

@@ -7,7 +7,7 @@
   imports = [inputs.ironbar.homeManagerModules.default];
   programs.ironbar = {
     enable = device.is "ryu";
-    package = inputs.ironbar.packages.${pkgs.system}.default;
+    package = inputs.ironbar.packages.${pkgs.system}.ironbar;
     systemd = true;
     config.monitors = {
       "${device.monitors.secondary}" = {

home/services/syncthing.nix

@@ -5,7 +5,7 @@
   ...
 }: {
   services.syncthing = {
-    enable = true;
+    enable = device.is "ryu";
     openDefaultPorts = true;
     # user = "${device.user}";
     # group = "${device.user}";

home/services/wallpaperengine.nix

@@ -0,0 +1,32 @@
+{
+  pkgs,
+  device,
+  lib,
+  ...
+}:
+lib.mkIf (device.is "ryu") {
+  # systemd.user.services.wallpaperengine = {
+  #   Unit = {
+  #     Description = "Linux Wallpaper Engine";
+  #     After = ["hyprland-session.target"];
+  #     Wants = ["hyprland-session.target"];
+  #     PartOf = ["hyprland-session.target"];
+  #   };
+  #
+  #   Service = {
+  #     Environment = [
+  #       "XDG_SESSION_TYPE=wayland"
+  #     ];
+  #     Type = "simple";
+  #     ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
+  #     ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434";
+  #     Restart = "on-failure";
+  #     RestartSec = 5;
+  #     TimeoutStartSec = 30;
+  #   };
+  #
+  #   Install = {
+  #     WantedBy = ["hyprland-session.target"];
+  #   };
+  # };
+}

home/services/xdg.nix

@@ -1,12 +1,20 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  device,
+  ...
+}:
+lib.optionalAttrs (device.is "ryu") {
   xdg.portal = {
     enable = pkgs.stdenv.isLinux;
-    # config = {
-    #
-    # };
+    config = {
+      hyprland.default = ["kde" "hyprland"];
+      common.default = ["*" "hyprland"];
+    };
     extraPortals = with pkgs; [
-      xdg-desktop-portal-hyprland
       kdePackages.xdg-desktop-portal-kde
+      xdg-desktop-portal-hyprland
+      xdg-desktop-portal-gtk
     ];
   };
 }

justfile

@@ -6,7 +6,7 @@ install:
 
 [linux]
 install:
-	sudo nixos-rebuild switch --flake .
+	sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
 
 [macos]
 build:

modules/aichat.nix

@@ -5,7 +5,7 @@
   ...
 }:
 with lib; let
-  cfg = config.programs.mayichat;
+  cfg = config.programs.aichat;
   yamlFormat = pkgs.formats.yaml {};
   fishIntegration = ''
     function _aichat_fish
@@ -64,7 +64,7 @@ with lib; let
   '';
 in {
   options = {
-    programs.mayichat = {
+    programs.aichat = {
       enable = mkEnableOption "aichat";
       package = mkPackageOption pkgs "aichat" {};
 

modules/nixos/caddy/default.nix

@@ -4,10 +4,7 @@
   pkgs,
   ...
 }:
-
-with lib;
-
-let
+with lib; let
   cfg = config.services.caddy;
 
   certs = config.security.acme.certs;
@@ -17,12 +14,9 @@ let
   dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
   independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
 
-  mkVHostConf =
-    hostOpts:
-    let
+  mkVHostConf = hostOpts: let
     sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
-    in
-    ''
+  in ''
     ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
       ${optionalString (
       hostOpts.listenAddresses != []
@@ -41,10 +35,9 @@ let
   settingsFormat = pkgs.formats.json {};
 
   configFile =
-    if cfg.settings != { } then
-      settingsFormat.generate "caddy.json" cfg.settings
-    else
-      let
+    if cfg.settings != {}
+    then settingsFormat.generate "caddy.json" cfg.settings
+    else let
       Caddyfile = pkgs.writeTextDir "Caddyfile" ''
         {
           ${cfg.globalConfig}
@@ -58,9 +51,10 @@ let
         cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
         ${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
       '';
-      in
-      "${
-        if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile
+    in "${
+      if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
+      then Caddyfile-formatted
+      else Caddyfile
     }/Caddyfile";
 
   etcConfigFile = "caddy/caddy_config";
@@ -68,8 +62,7 @@ let
   configPath = "/etc/${etcConfigFile}";
 
   mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
-in
-{
+in {
   imports = [
     (mkRemovedOptionModule [
       "services"
@@ -183,10 +176,9 @@ in
 
     adapter = mkOption {
       default =
-        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then
-          "caddyfile"
-        else
-          null;
+        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
+        then "caddyfile"
+        else null;
       defaultText = literalExpression ''
         if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
       '';
@@ -380,8 +372,8 @@ in
 
   # implementation
   config = mkIf cfg.enable {
-
-    assertions = [
+    assertions =
+      [
         {
           assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
           message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
@@ -394,7 +386,8 @@ in
             groups = config.users.groups;
             services = [config.systemd.services.caddy];
           }
-    ) vhostCertNames;
+      )
+      vhostCertNames;
 
     services.caddy.globalConfig = ''
       ${optionalString (cfg.email != null) "email ${cfg.email}"}
@@ -422,13 +415,11 @@ in
       reloadTriggers = optional cfg.enableReload cfg.configFile;
       restartTriggers = optional (!cfg.enableReload) cfg.configFile;
 
-      serviceConfig =
-        let
+      serviceConfig = let
         runOptions = ''--config ${configPath} ${
             optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
           }'';
-        in
-        {
+      in {
         # Override the `ExecStart` line from upstream's systemd unit file by our own:
         # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
         # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
@@ -437,7 +428,8 @@ in
           ''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
         ];
         # Validating the configuration before applying it ensures we’ll get a proper error that will be reported when switching to the configuration
-          ExecReload = [
+        ExecReload =
+          [
             ""
           ]
           ++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
@@ -470,15 +462,16 @@ in
       caddy.gid = config.ids.gids.caddy;
     };
 
-    security.acme.certs =
-      let
-        certCfg = map (
+    security.acme.certs = let
+      certCfg =
+        map (
           certName:
             nameValuePair certName {
               group = mkDefault cfg.group;
               reloadServices = ["caddy.service"];
             }
-        ) vhostCertNames;
+        )
+        vhostCertNames;
     in
       listToAttrs certCfg;
 

modules/nixos/caddy/vhost-options.nix

@@ -1,16 +1,12 @@
-{ cfg }:
-{
+{cfg}: {
   config,
   lib,
   name,
   ...
-}:
-let
+}: let
   inherit (lib) literalExpression mkOption types;
-in
-{
+in {
   options = {
-
     hostName = mkOption {
       type = types.str;
       default = name;
@@ -83,6 +79,5 @@ in
         automatically generated `Caddyfile`.
       '';
     };
-
   };
 }

modules/nixos/satisfactory.nix

@@ -1,8 +1,11 @@
-{config, pkgs, lib, ...}:
-let
-  cfg = config.services.satisfactory;
-in
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.services.satisfactory;
+in {
   options.services.satisfactory = {
     enable = lib.mkEnableOption "Enable Satisfactory Dedicated Server";
 
@@ -56,7 +59,12 @@ in
     networking = {
       firewall = {
         allowedUDPPorts = [15777 15000 7777 27015];
-        allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
+        allowedUDPPortRanges = [
+          {
+            from = 27031;
+            to = 27036;
+          }
+        ];
         allowedTCPPorts = [27015 27036];
       };
     };
@@ -76,8 +84,16 @@ in
         ln -sfv /var/lib/satisfactory/.steam/steam/linux64 /var/lib/satisfactory/.steam/sdk64
         mkdir -p /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer
         ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/Game.ini '/Script/Engine.GameSession' MaxPlayers ${toString cfg.maxPlayers}
-        ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${if cfg.autoPause then "True" else "False"}
-        ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${if cfg.autoSaveOnDisconnect then "True" else "False"}
+        ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${
+          if cfg.autoPause
+          then "True"
+          else "False"
+        }
+        ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${
+          if cfg.autoSaveOnDisconnect
+          then "True"
+          else "False"
+        }
       '';
       script = ''
         /var/lib/satisfactory/SatisfactoryDedicatedServer/Engine/Binaries/Linux/UnrealServer-Linux-Shipping FactoryGame -multihome=${cfg.address}

neovim/default.nix

@@ -1,6 +1,6 @@
 {
   pkgs,
-  # config,
+  stablePkgs,
   ...
 }: let
   mkMappings = mappings:
@@ -107,6 +107,7 @@ in {
       "<C-q>x" = "[[<cmd>tabclose<cr>]]";
       "<C-q>n" = "[[<cmd>tabnext<cr>]]";
       "<C-q>p" = "[[<cmd>tabprevious<cr>]]";
+      "<c-.>" = "require('sidekick.cli').toggle";
     };
     terminal = {
       "<C-\\>" = "require('FTerm').toggle";
@@ -128,6 +129,14 @@ in {
       pattern = "*.norg";
       command = "set conceallevel=3";
     }
+    {
+      event = [
+        "BufEnter"
+        "BufWinEnter"
+      ];
+      pattern = "*.pest";
+      command = "setlocal commentstring=//%s";
+    }
     # {
     #   event = ["BufEnter" "BufWinEnter"];
     #   pattern = "*.sql";
@@ -143,6 +152,20 @@ in {
       pattern = "?*";
       command = "silent! loadview!";
     }
+    {
+      event = ["FileType"];
+      pattern = "json";
+      callback =
+        rawLua
+        /*
+        lua
+        */
+        ''
+          function(ev)
+              vim.bo[ev.buf].formatprg = "${pkgs.jq}/bin/jq"
+          end
+        '';
+    }
   ];
 
   plugins = {
@@ -155,6 +178,16 @@ in {
     trouble.enable = true;
     ts-context-commentstring.enable = true;
     which-key.enable = true;
+
+    sidekick = {
+      enable = true;
+      settings = {
+        nes = {
+          enabled = false;
+        };
+      };
+    };
+
     conform-nvim = {
       enable = true;
       settings = {
@@ -169,6 +202,7 @@ in {
             end
           '';
         formatters_by_ft = {
+          json = ["jq"];
           d2 = ["d2"];
           sql = ["sleek"];
           toml = ["taplo"];
@@ -180,7 +214,7 @@ in {
       enable = true;
       settings = {
         panel = {
-          enabled = true;
+          enabled = false;
         };
         suggestion = {
           enabled = true;
@@ -221,14 +255,15 @@ in {
 
     lualine = {
       enable = true;
+      # package = stablePkgs.vimPlugins.lualine-nvim;
     };
 
     neotest = {
-      enable = false;
+      enable = true;
       settings = {
-        # adapters = [
-        #   ''require('rustaceanvim.neotest')''
-        # ];
+        adapters = [
+          ''require('rustaceanvim.neotest')''
+        ];
       };
     };
     neorg = {
@@ -334,9 +369,11 @@ in {
           tree-sitter-norg-meta
           tree-sitter-just
           tree-sitter-nu
-          # pkgs.tree-sitter-grammars.tree-sitter-d2
+          tree-sitter-pest
+          tree-sitter-slint
         ])
         ++ pkgs.vimPlugins.nvim-treesitter.allGrammars;
+      nixGrammars = true;
     };
 
     telescope = {
@@ -358,7 +395,14 @@ in {
       extensions = {
         undo.enable = true;
         ui-select.enable = true;
-        fzf-native.enable = true;
+        fzf-native = {
+          enable = true;
+          settings = {
+            fuzzy = true;
+            override_generic_sorter = true;
+            override_file_sorter = true;
+          };
+        };
         file-browser.enable = true;
       };
     };
@@ -386,7 +430,7 @@ in {
       };
     };
     rustaceanvim = {
-      enable = false;
+      enable = true;
       settings = {
         server = {
           on_attach =
@@ -455,13 +499,13 @@ in {
           codelldb = "${vscode-lldb.adapter}/bin/codelldb";
         in {
           autoload_configurations = false;
-          # adapter =
-          #   /*
-          #   lua
-          #   */
-          #   ''
-          #     require('rustaceanvim.config').get_codelldb_adapter("${codelldb}", "${liblldb}")
-          #   '';
+          adapter =
+            /*
+            lua
+            */
+            ''
+              require('rustaceanvim.config').get_codelldb_adapter("${codelldb}", "${liblldb}")
+            '';
         };
         tools = {
           float_win_config = {
@@ -501,8 +545,9 @@ in {
         slint_lsp.enable = true;
         # sourcekit.enable = true;
         openscad_lsp.enable = true;
+        tinymist.enable = true;
         rust_analyzer = {
-          enable = true;
+          enable = false;
           installCargo = false;
           installRustc = false;
           settings = {
@@ -545,11 +590,6 @@ in {
           window.border = "rounded";
         };
         keymap = {
-          # "<CR>" = "cmp.mapping.confirm({select = true})";
-          # "<CR>" = "cmp.mapping.confirm()";
-          # "<C-Space>" = "cmp.mapping.complete()";
-          # "<C-n>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
-          # "<C-p>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
           "<CR>" = ["select_and_accept" "fallback"];
           "<C-n>" = [
             "select_next"
@@ -559,14 +599,6 @@ in {
             "select_prev"
             "fallback"
           ];
-          # "<c-l>" = [
-          #   "snippet_forward"
-          #   "fallback"
-          # ];
-          # "<c-h>" = [
-          #   "snippet_backward"
-          #   "fallback"
-          # ];
           "<C-u>" = [
             "scroll_documentation_up"
             "fallback"
@@ -578,7 +610,15 @@ in {
         };
         sources = {
           cmdline = [];
-          default = ["lsp" "dictionary" "snippets" "path" "buffer"];
+          default = [
+            "git"
+            "lsp"
+            "dictionary"
+            "snippets"
+            "path"
+            "buffer"
+            "ripgrep"
+          ];
           providers = {
             buffer = {
               score_offset = -7;
@@ -594,12 +634,25 @@ in {
               opts = {
               };
             };
+            git = {
+              module = "blink-cmp-git";
+              name = "Git";
+              opts = {
+                # -- options for the blink-cmp-git
+              };
+            };
+            ripgrep = {
+              module = "blink-ripgrep";
+              name = "Ripgrep";
+              opts = {};
             };
           };
         };
       };
-    blink-cmp-dictionary.enable = true;
+    };
+    blink-ripgrep.enable = true;
     blink-cmp-git.enable = true;
+    blink-cmp-dictionary.enable = true;
     blink-cmp-copilot.enable = true;
     blink-cmp-spell.enable = true;
     blink-compat = {
@@ -681,6 +734,12 @@ in {
            end,
        {})
 
+       vim.api.nvim_create_user_command('DapUiToggle',
+          function()
+            require('dapui').toggle()
+          end,
+       {})
+
       local iron = require("iron.core")
       iron.setup({
         config = {
@@ -740,12 +799,20 @@ in {
           },
        })
 
+       vim.filetype.add({
+          extension = {
+             pest = "pest",
+          },
+       })
+
        vim.filetype.add({
            filename = {
                ['nurfile'] = "nu",
            },
        })
 
+       vim.bo.formatexpr = "v:lua.require'conform'.formatexpr()"
+
     '';
   extraPlugins = with pkgs.vimPlugins; [
     FTerm-nvim
@@ -781,5 +848,9 @@ in {
     pkgs.sleek
     pkgs.graphqurl
     pkgs.sqls
+    pkgs.lua
+    pkgs.ripgrep
+    pkgs.nodejs-slim
+    pkgs.qwen-code
   ];
 }

neovim/overlays.nix

@@ -29,6 +29,16 @@
           version = "1";
           src = inputs.tree-sitter-nu;
         };
+        tree-sitter-pest = final.pkgs.tree-sitter.buildGrammar {
+          language = "pest";
+          version = "1";
+          src = inputs.tree-sitter-pest;
+        };
+        tree-sitter-slint = final.pkgs.tree-sitter.buildGrammar {
+          language = "slint";
+          version = "1";
+          src = inputs.tree-sitter-slint;
+        };
       };
   };
 in [
@@ -37,3 +47,36 @@ in [
   vimPlugins
   tree-sitter-grammars
 ]
+# tree-sitter-grammars = final: prev: {
+#   tree-sitter-grammars =
+#     prev.tree-sitter-grammars
+#     // {
+#       # tree-sitter-just = final.pkgs.tree-sitter.buildGrammar {
+#       #   language = "just";
+#       #   version = "1";
+#       #   src = inputs.tree-sitter-just;
+#       # };
+#       # tree-sitter-nu = final.pkgs.tree-sitter.buildGrammar {
+#       #   language = "nu";
+#       #   version = "1";
+#       #   src = inputs.tree-sitter-nu;
+#       # };
+#       tree-sitter-d2 = final.pkgs.tree-sitter.buildGrammar {
+#         language = "d2";
+#         version = "1";
+#         src = inputs.tree-sitter-d2;
+#       };
+#     };
+# };
+# vimPlugins = final: prev: {
+#   vimPlugins =
+#     prev.vimPlugins
+#     // {
+#       d2 = final.pkgs.vimUtils.buildVimPlugin {
+#         name = "d2";
+#         version = "1";
+#         src = inputs.d2;
+#       };
+#     };
+# };
+

nixos/default.nix

@@ -1,10 +1,8 @@
 {
-  nixpkgs,
   devices,
   inputs,
+  nixpkgs,
   overlays,
-  home-manager,
-  nur,
   ...
 }: (builtins.mapAttrs (
     name: device:
@@ -13,37 +11,29 @@
         specialArgs = {
           inherit device inputs;
           stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+          masterPkgs = inputs.nixpkgs-master.legacyPackages.${device.system};
           lanzaboote = inputs.lanzaboote;
+          cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
         };
         modules = [
-          nur.modules.nixos.default
-          inputs.sops-nix.nixosModules.sops
-          inputs.disko.nixosModules.disko
-          {nixpkgs.overlays = overlays;}
-          home-manager.nixosModules.home-manager
           inputs.arion.nixosModules.arion
-          # inputs.command-runner.nixosModules.command-runner
+          inputs.disko.nixosModules.disko
+          inputs.handoff.nixosModules.default
+          inputs.home-manager.nixosModules.home-manager
           inputs.lanzaboote.nixosModules.lanzaboote
           inputs.musnix.nixosModules.musnix
           inputs.nix-minecraft.nixosModules.minecraft-servers
-          {
-            nixpkgs.config.allowUnfree = true;
-            home-manager = {
-              backupFileExtension = "bak";
-              useGlobalPkgs = true;
-              useUserPackages = true;
-              extraSpecialArgs = {
-                inherit inputs;
-                inherit device;
-                stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
-              };
-              users.${device.user}.imports = [
-                ../home
-              ];
-            };
-          }
-          ../sops.nix
+          inputs.nixpkgs-xr.nixosModules.nixpkgs-xr
+          inputs.nur.modules.nixos.default
+          inputs.sops-nix.nixosModules.sops
+          inputs.stylix.nixosModules.stylix
+          inputs.headplane.nixosModules.headplane
+
           ./${device.name}/configuration.nix
+          ../home/module.nix
+          {nixpkgs.overlays = overlays;}
+          ../sops.nix
+          ../stylix.nix
         ];
       }
   )

nixos/deoxys/configuration.nix

@@ -1,127 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [
-    # Include the results of the hardware scan.
-    ./deoxys.nix
-    ./services
-  ];
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
-
-  nix = {
-    settings = {
-      auto-optimise-store = true;
-      extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "servius" "fs0c131y"];
-    };
-    extraOptions = ''
-      build-users-group = nixbld
-      extra-nix-path = nixpkgs=flake:nixpkgs
-      builders-use-substitutes = true
-    '';
-    gc = {
-      automatic = true;
-      dates = "daily";
-      options = "--delete-older-than +5";
-    };
-    package = pkgs.nixVersions.latest;
-    buildMachines = [];
-    distributedBuilds = true;
-  };
-
-  networking.hostName = "deoxys"; # Define your hostname.
-  # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "Asia/Kolkata";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US";
-    LC_IDENTIFICATION = "en_US";
-    LC_MEASUREMENT = "en_US";
-    LC_MONETARY = "en_US";
-    LC_NAME = "en_US";
-    LC_NUMERIC = "en_US";
-    LC_PAPER = "en_US";
-    LC_TELEPHONE = "en_US";
-    LC_TIME = "en_US";
-  };
-
-  # Configure keymap in X11
-  services.xserver = {
-    xkb = {
-      layout = "us";
-      variant = "";
-    };
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.servius = {
-    isNormalUser = true;
-    description = "servius";
-    extraGroups = ["networkmanager" "wheel"];
-    packages = with pkgs; [];
-    openssh.authorizedKeys.keyFiles = [
-      ../../secrets/id_ed25519.pub
-      ../../secrets/id_ios.pub
-    ];
-  };
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    #  wget
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.tailscale.enable = true;
-
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [22];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
-}

nixos/deoxys/services/default.nix

@@ -1,3 +0,0 @@
-{...}: {
-  imports = [];
-}

nixos/mirai/configuration.nix

@@ -42,7 +42,7 @@
       cores = 8;
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "fs0c131y" "remotebuilder"];
+      trusted-users = [device.user "remotebuilder"];
       trusted-substituters = [
         "https://nix-community.cachix.org"
         "https://nixos-raspberrypi.cachix.org"
@@ -65,11 +65,11 @@
       dates = "daily";
       options = "--delete-older-than 5d";
     };
-    package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
+    package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
     distributedBuilds = true;
   };
 
-  users.users.fs0c131y = {
+  users.users.${device.user} = {
     isNormalUser = true;
     extraGroups = ["wheel" "docker" "media"];
     openssh.authorizedKeys.keyFiles = [

nixos/mirai/services/default.nix

@@ -1,23 +1,26 @@
 {...}: {
   imports = [
-    ./atuin.nix
-    ./authelia.nix
-    ./caddy.nix
-    ./excalidraw.nix
-    ./fail2ban.nix
-    ./flaresolverr.nix
-    ./gitea.nix
-    ./homepage.nix
-    ./immich.nix
-    ./llama.nix
-    ./lldap.nix
-    ./nextcloud.nix
-    ./prowlarr.nix
-    ./resolved.nix
-    ./searxng.nix
+    #   ./atuin.nix
+    #   ./authelia.nix
+    #   ./caddy.nix
+    #   ./excalidraw.nix
+    #   ./fail2ban.nix
+    #   ./flaresolverr.nix
+    #   ./games
+    #   ./gitea.nix
+    #   ./homepage.nix
+    #   # ./immich.nix
+    #   ./immich.nix
+    #   # ./llama.nix
+    #   ./lldap.nix
+    #   ./nextcloud.nix
+    #   # ./paperless.nix
+    #   ./prowlarr.nix
+    #   ./resolved.nix
+    #   ./searxng.nix
     ./tailscale.nix
-    ./games
-    # ./paperless.nix
+    #   ./headscale.nix
+    #   ./shitpost.nix
   ];
   services = {
     nix-serve = {

nixos/mirai/services/games/default.nix

@@ -2,5 +2,6 @@
   imports = [
     ./minecraft.nix
     ./satisfactory.nix
+    ./terraria.nix
   ];
 }

nixos/mirai/services/games/terraria.nix

@@ -0,0 +1,7 @@
+{...}: {
+  services.terraria = {
+    enable = true;
+    # port = 7777;
+    autoCreatedWorldSize = "large";
+  };
+}

nixos/mirai/services/gitea.nix

@@ -75,22 +75,22 @@
         };
       };
     };
-    gitea-actions-runner = {
-      instances = {
-        mirai = {
-          enable = true;
-          name = "mirai";
-          url = "https://git.darksailor.dev";
-          labels = [
-            "ubuntu-latest:docker://catthehacker/ubuntu:full-latest"
-            "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04"
-            "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04"
-            "native:host"
-          ];
-          tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}";
-        };
-      };
-    };
+    # gitea-actions-runner = {
+    #   instances = {
+    #     mirai = {
+    #       enable = true;
+    #       name = "mirai";
+    #       url = "https://git.darksailor.dev";
+    #       labels = [
+    #         "ubuntu-latest:docker://catthehacker/ubuntu:full-latest"
+    #         "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04"
+    #         "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04"
+    #         "native:host"
+    #       ];
+    #       tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}";
+    #     };
+    #   };
+    # };
     caddy = {
       virtualHosts."git.darksailor.dev".extraConfig = ''
         reverse_proxy localhost:3000
@@ -148,9 +148,10 @@
   systemd.services.gitea = {
     after = ["sops-install-secrets.service"];
   };
-  systemd.services."gitea-actions-mirai" = {
-    after = ["gitea.service"];
-  };
+
+  # systemd.services."gitea-actions-mirai" = {
+  #   after = ["gitea.service"];
+  # };
 
   # systemd.services.gitea-oauth-setup = let
   #   name = "authelia";

nixos/mirai/services/headscale.nix

@@ -0,0 +1,79 @@
+{config, ...}: {
+  sops = {
+    secrets.headscale-secret = {
+      owner = config.systemd.services.headscale.serviceConfig.User;
+      mode = "0440";
+      restartUnits = ["headscale.service" "authelia-darksailor.service"];
+      key = "authelia/oidc/headscale/client_secret";
+    };
+    secrets.headscale-authelia = {
+      owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+      mode = "0440";
+      restartUnits = ["headscale.service" "authelia-darksailor.service"];
+      key = "authelia/oidc/headscale/client_secret";
+    };
+  };
+  services = {
+    headscale = {
+      enable = true;
+      port = 8095;
+      settings = {
+        dns = {
+          magic_dns = true;
+          base_domain = "headscale.darksailor.dev";
+          nameservers.global = ["1.1.1.1"];
+        };
+        oidc = {
+          issuer = "https://auth.darksailor.dev";
+          client_id = "headscale";
+          client_secret_path = "${config.sops.secrets.headscale-secret.path}";
+          pkce = {
+            enabled = true;
+            method = "S256";
+          };
+        };
+      };
+    };
+    # headplane = {
+    #   enable = true;
+    #   settings = {
+    #     server.port = 42562;
+    #   };
+    # };
+    caddy = {
+      virtualHosts."headscale.darksailor.dev".extraConfig = ''
+        reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
+      '';
+    };
+    authelia = {
+      instances.darksailor = {
+        settings = {
+          identity_providers = {
+            oidc = {
+              clients = [
+                {
+                  client_name = "HeadScale";
+                  client_id = "headscale";
+                  client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
+                  public = false;
+                  authorization_policy = "one_factor";
+                  require_pkce = true;
+                  pkce_challenge_method = "S256";
+                  redirect_uris = [
+                    "https://headscale.darksailor.dev/oidc/callback"
+                  ];
+                  scopes = ["openid" "email" "profile" "groups"];
+                  response_types = ["code"];
+                  grant_types = ["authorization_code"];
+                  access_token_signed_response_alg = "none";
+                  userinfo_signed_response_alg = "none";
+                  token_endpoint_auth_method = "client_secret_basic";
+                }
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

nixos/mirai/services/homepage.nix

@@ -26,13 +26,6 @@
                 href = "https://jellyfin.tsuba.darksailor.dev";
               };
             }
-            {
-              "Jellyseerr" = {
-                icon = "jellyseerr.png";
-                description = "Jellyseerr: Media Request Management";
-                href = "https://jellyseerr.tsuba.darksailor.dev";
-              };
-            }
             {
               "Sonarr" = {
                 icon = "sonarr.png";
@@ -47,13 +40,6 @@
                 href = "https://bazarr.tsuba.darksailor.dev";
               };
             }
-            {
-              "Lidarr" = {
-                icon = "lidarr.png";
-                description = "Lidarr: Music Management";
-                href = "https://lidarr.tsuba.darksailor.dev";
-              };
-            }
             {
               "Radarr" = {
                 icon = "radarr.png";

nixos/mirai/services/llama.nix

@@ -29,7 +29,7 @@
       # package = pkgs.ik_llama;
     };
     ollama = {
-      enable = true;
+      enable = false;
       loadModels = [
         "deepseek-r1:7b"
         "deepseek-r1:14b"

nixos/mirai/services/shitpost.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: let
+  src = pkgs.fetchgit {
+    url = "https://git.darksailor.dev/servius/adarkdayinmylife.public";
+    rev = "68d972f68cab8f68916b94df05b7ab6a7da4a1da";
+    sha256 = "sha256-EVis06rmHq1jJK0FVsbgi7TOru7GtEUpbx0PjU2AKEo=";
+  };
+in {
+  services.caddy.virtualHosts."adarkdayinmy.life".extraConfig = ''
+    root * ${src}/
+    file_server
+  '';
+}

nixos/mirai/services/tailscale.nix

@@ -1,8 +1,9 @@
-{...}: {
+{masterPkgs, ...}: {
   services.tailscale = {
     enable = true;
     useRoutingFeatures = "server";
     extraUpFlags = "--advertise-exit-node";
+    package = masterPkgs.tailscale;
   };
   networking.firewall.trustedInterfaces = [
     "tailscale0"

nixos/ryu/apps/default.nix

@@ -4,6 +4,8 @@
   ...
 }: {
   imports = [
-    ./alvr.nix
+    # ./alvr.nix
+    ./easyeffects.nix
+    ./vr.nix
   ];
 }

nixos/ryu/apps/easyeffects.nix

@@ -0,0 +1,7 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [easyeffects];
+}

nixos/ryu/apps/vr.nix

@@ -0,0 +1,9 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    wlx-overlay-s
+    wayvr-dashboard
+    bs-manager
+    monado-vulkan-layers
+    envision
+  ];
+}

nixos/ryu/configuration.nix

@@ -9,14 +9,10 @@
     ./services
     ./programs
     ./containers
+    ./apps
+    # ./vms
   ];
 
-  # sops = {
-  #   defaultSopsFile = ../../secrets/secrets.yaml;
-  #   defaultSopsFormat = "yaml";
-  #   age.keyFile = "/home/${device.user}/.config/sops/age/keys.txt";
-  # };
-
   security.tpm2 = {
     enable = true;
     pkcs11.enable = true;
@@ -26,7 +22,7 @@
   programs = {
     hyprland = {
       enable = true;
-      # withUWSM = true;
+      withUWSM = true;
       xwayland.enable = true;
     };
   };
@@ -44,15 +40,19 @@
   nix = {
     settings = {
       max-jobs = 1;
-      cores = 12;
+      cores = 24;
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "servius"];
+      trusted-users = [device.user];
       trusted-substituters = [
         "https://nix-community.cachix.org"
         "https://nixos-raspberrypi.cachix.org"
+        "https://llama-cpp.cachix.org"
+        "https://cuda-maintainers.cachix.org"
       ];
       trusted-public-keys = [
+        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
+        "llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
       ];
@@ -67,9 +67,9 @@
       dates = "daily";
       options = "--delete-older-than +5";
     };
-    package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
+    package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
     buildMachines = [
-      ../../builders/mirai.nix
+      ../../builders/tako.nix
       ../../builders/shiro.nix
       # ../../builders/tsuba.nix
     ];
@@ -78,7 +78,7 @@
 
   users.users.${device.user} = {
     isNormalUser = true;
-    extraGroups = ["wheel" "audio" "i2c" "media" "openrazer" "video" "tss"];
+    extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"];
     openssh.authorizedKeys.keyFiles = [
       ../../secrets/id_ed25519.pub
       ../../secrets/id_ios.pub
@@ -103,7 +103,7 @@
       };
     };
     displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
+    # desktopManager.gnome.enable = true;
     pipewire = {
       enable = true;
       alsa.enable = true;
@@ -119,8 +119,6 @@
     };
     plymouth = {
       enable = true;
-      theme = "catppuccin-mocha";
-      themePackages = with pkgs; [(catppuccin-plymouth.override {variant = "mocha";})];
     };
 
     # Bootloader.
@@ -170,8 +168,6 @@
     };
   };
 
-  services.openssh.enable = true;
-
   networking = {
     interfaces.eno1.wakeOnLan = {
       policy = ["magic"];
@@ -195,20 +191,38 @@
     # firewall.allowedTCPPorts = [ ... ];
     # firewall.allowedUDPPorts = [ ... ];
     # firewall.enable = false;
+    nftables.enable = true;
     firewall = {
-      enable = true;
+      enable = false;
+      trustedInterfaces = [
+        "tailscale0"
+      ];
+      allowedUDPPorts = [
+        9 # Wake on LAN
+        4950 # Warframe
+        4955 # Warframe
+        3113 # Other
+      ];
       allowedTCPPortRanges = [
         {
           from = 1714;
           to = 1764;
-        } # KDE Connect
+        }
       ];
       allowedUDPPortRanges = [
         {
           from = 1714;
           to = 1764;
-        } # KDE Connect
+        }
       ];
+      # extraInputRules = ''
+      #   table inet mullvad_tailscale {
+      #     chain output {
+      #       type route hook output priority 0; policy accept;
+      #       ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+      #     }
+      #   }
+      # '';
     };
   };
 
@@ -260,7 +274,7 @@
       gparted
       nvtopPackages.nvidia
       quickemu
-      (nixvim.makeNixvim (import ../../neovim))
+      # (nixvim.makeNixvim (import ../../neovim))
       qpwgraph
       hyprland
       xorg.xhost
@@ -284,23 +298,23 @@
       NIXOS_OZONE_WL = "1";
     };
     # etc
-    gnome.excludePackages = with pkgs; [
-      atomix # puzzle game
-      cheese # webcam tool
-      epiphany # web browser
-      evince # document viewer
-      geary # email reader
-      gedit # text editor
-      gnome-characters
-      gnome-music
-      gnome-photos
-      gnome-terminal
-      gnome-tour
-      hitori # sudoku game
-      iagno # go game
-      tali # poker game
-      totem # video player
-    ];
+    # gnome.excludePackages = with pkgs; [
+    #   atomix # puzzle game
+    #   cheese # webcam tool
+    #   epiphany # web browser
+    #   evince # document viewer
+    #   geary # email reader
+    #   gedit # text editor
+    #   gnome-characters
+    #   gnome-music
+    #   gnome-photos
+    #   gnome-terminal
+    #   gnome-tour
+    #   hitori # sudoku game
+    #   iagno # go game
+    #   tali # poker game
+    #   totem # video player
+    # ];
   };
 
   musnix.enable = true;

nixos/ryu/programs/default.nix

@@ -8,5 +8,6 @@
     ./obs-studio.nix
     ./gnome-disks.nix
     ./nix-ld.nix
+    ./gamemode.nix
   ];
 }

nixos/ryu/programs/gamemode.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  device,
+  ...
+}: {
+  programs.gamemode = {
+    enable = true;
+    settings = {
+      general = {
+        renice = 10;
+      };
+      custom = {
+        start = let
+          out = pkgs.writeScriptBin "gamemode-start" ''
+            ${pkgs.lmstudio}/bin/lms unload
+            ${pkgs.libnotify}/bin/notify-send 'GameMode started'
+          '';
+        in "${out}/bin/gamemode-start";
+        end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
+      };
+    };
+  };
+  users.users.${device.user}.extraGroups = ["gamemode"];
+}

nixos/ryu/programs/obs-studio.nix

@@ -5,7 +5,9 @@
       enableVirtualCamera = true;
       plugins = [
         pkgs.obs-studio-plugins.wlrobs
-        pkgs.obs-studio-plugins.droidcam-obs
+        pkgs.obs-studio-plugins.input-overlay
+        pkgs.obs-studio-plugins.obs-vkcapture
+        # pkgs.obs-studio-plugins.droidcam-obs
       ];
     };
   };

nixos/ryu/programs/steam.nix

@@ -4,8 +4,18 @@
     gamescopeSession.enable = true;
     remotePlay.openFirewall = true;
     dedicatedServer.openFirewall = true;
+    localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
     extraCompatPackages = [
       pkgs.proton-ge-bin
+      pkgs.gamescope
+      pkgs.mangohud
     ];
   };
+  programs.gamescope = {
+    enable = true;
+    capSysNice = true;
+  };
+  environment.systemPackages = [
+    pkgs.protonup-qt
+  ];
 }

nixos/ryu/ryu.nix

@@ -17,26 +17,30 @@
       enable = true;
       enable32Bit = true;
       extraPackages = with pkgs; [
-        # intel-vaapi-driver
+        vpl-gpu-rt
+        intel-media-driver
         nvidia-vaapi-driver
+        cudatoolkit
         # vaapiVdpau
         # libvdpau-va-gl
+        # nvidia-utils
       ];
     };
     nvidia = {
-      open = false;
+      open = true;
       modesetting.enable = true;
       powerManagement.enable = true;
       powerManagement.finegrained = false;
       nvidiaSettings = true;
-      package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
-        version = "575.64.05";
-        sha256_64bit = "sha256-hfK1D5EiYcGRegss9+H5dDr/0Aj9wPIJ9NVWP3dNUC0=";
-        sha256_aarch64 = "sha256-GRE9VEEosbY7TL4HPFoyo0Ac5jgBHsZg9sBKJ4BLhsA=";
-        openSha256 = "sha256-mcbMVEyRxNyRrohgwWNylu45vIqF+flKHnmt47R//KU=";
-        settingsSha256 = "sha256-o2zUnYFUQjHOcCrB0w/4L6xI1hVUXLAWgG2Y26BowBE=";
-        persistencedSha256 = "sha256-2g5z7Pu8u2EiAh5givP5Q1Y4zk4Cbb06W37rf768NFU=";
-      };
+      # package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
+      #   version = "575.64.05";
+      #   sha256_64bit = "sha256-hfK1D5EiYcGRegss9+H5dDr/0Aj9wPIJ9NVWP3dNUC0=";
+      #   sha256_aarch64 = "sha256-GRE9VEEosbY7TL4HPFoyo0Ac5jgBHsZg9sBKJ4BLhsA=";
+      #   openSha256 = "sha256-mcbMVEyRxNyRrohgwWNylu45vIqF+flKHnmt47R//KU=";
+      #   settingsSha256 = "sha256-o2zUnYFUQjHOcCrB0w/4L6xI1hVUXLAWgG2Y26BowBE=";
+      #   persistencedSha256 = "sha256-2g5z7Pu8u2EiAh5givP5Q1Y4zk4Cbb06W37rf768NFU=";
+      # };
+      package = config.boot.kernelPackages.nvidiaPackages.latest;
     };
     cpu.intel.updateMicrocode =
       lib.mkDefault config.hardware.enableRedistributableFirmware;
@@ -46,20 +50,15 @@
   # nixpkgs.localSystem = {system = "x86_64-linux";};
   # nixpkgs.crossSystem = {system = "aarch64-linux";};
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
-  services.fprintd.enable = true;
-  services.sshd.enable = true;
   boot.loader.systemd-boot.consoleMode = "max";
 
   environment.sessionVariables = {
-    # LIBVA_DRIVER_NAME = "i965";
-    # __EGL_VENDOR_LIBRARY_FILENAMES = "/run/opengl-driver/share/glvnd/egl_vendor.d/50_mesa.json";
     LIBVA_DRIVER_NAME = "nvidia";
     NVD_BACKEND = "direct";
     __GLX_VENDOR_LIBRARY_NAME = "nvidia";
     NIXOS_OZONE_WL = "1";
   };
 
-  virtualisation.libvirtd.enable = true;
   users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
 
   boot.extraModprobeConfig = ''
@@ -86,6 +85,7 @@
     "nvidia_modeset"
     "nvidia_drm"
     "dm-snapshot"
+    "dm-mirror"
   ];
   boot.kernelParams = [
     "intel_iommu=on"
@@ -100,20 +100,19 @@
   '';
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/11d8beef-2a63-4231-af35-b9b8d3a17e9b";
+    device = "/dev/disk/by-uuid/7b488da9-49d3-44d1-b11b-bc6dcd418b1d";
     fsType = "ext4";
   };
 
   fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/64099f91-d4d6-44fa-92d4-9e905b3e7829";
+    device = "/dev/disk/by-uuid/ef734595-a856-4207-8da1-1f0bde4bad61";
     fsType = "ext4";
-    neededForBoot = true;
-    options = ["noatime"];
   };
 
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/4E27-DAC0";
     fsType = "vfat";
+    options = ["fmask=0007" "dmask=0007"];
   };
 
   fileSystems."/home" = {
@@ -122,18 +121,18 @@
     neededForBoot = true;
   };
 
-  # fileSystems."/media" = {
-  #   device = "/dev/storage/media";
-  #   fsType = "ext4";
-  #   options = ["users" "nofail"];
-  # };
-
   fileSystems."/games" = {
     device = "/dev/storage/games";
     fsType = "ext4";
     options = ["nofail"];
   };
 
+  fileSystems."/volumes/windows-games" = {
+    device = "/dev/disk/by-partuuid/56359fb7-7d33-44d2-bebd-b0c53daeeb73";
+    fsType = "ntfs3";
+    options = ["nofail"];
+  };
+
   swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

nixos/ryu/services/caddy.nix

@@ -4,10 +4,10 @@
   ...
 }: {
   sops = {
-    secrets."hetzner/api_key".owner = config.services.caddy.user;
+    secrets."cloudflare/api_key".owner = config.services.caddy.user;
     templates = {
-      "HETZNER_API_KEY.env".content = ''
-        HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
+      "CLOUDFLARE_API_KEY.env".content = ''
+        CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
       '';
     };
   };
@@ -15,28 +15,22 @@
     caddy = {
       enable = true;
       extraConfig = ''
-        (hetzner) {
+        (cloudflare) {
             tls {
                 propagation_timeout -1
                 propagation_delay 120s
-                dns hetzner {env.HETZNER_API_KEY}
+                dns cloudflare {env.CLOUDFLARE_API_KEY}
                 resolvers 1.1.1.1
             }
         }
       '';
-      package = pkgs.caddyWithHetzner;
-      # package = pkgs.caddy.withPlugins {
-      #   plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
-      #   # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
-      #   # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="
-      #   hash = "sha256-YUrprDZQL+cX3P8fVLKHouXTMG4rw3sCaQdGqiq37uA=";
-      # };
+      package = pkgs.caddyWithCloudflare;
     };
   };
   systemd.services.caddy = {
     after = ["sops-install-secrets.service"];
     serviceConfig = {
-      EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
+      EnvironmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
     };
   };
 }

nixos/ryu/services/default.nix

@@ -4,7 +4,7 @@
     # ./sunshine.nix
     # ./zerotier.nix
     # ./dnscrypt.nix
-    ./ollama.nix
+    # ./ollama.nix
     ./llama.nix
     ./tailscale.nix
     ./samba.nix
@@ -16,5 +16,12 @@
     ./fwupd.nix
     ./caddy.nix
     ./monitoring.nix
+    ./wivrn.nix
+    ./sshd.nix
+    ./fprintd.nix
+    ./handoff.nix
+    ./gstreamer.nix
+    ./dualsense.nix
+    ./openssh.nix
   ];
 }

nixos/ryu/services/dualsense.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    dualsensectl
+  ];
+  services.udev.extraRules = ''
+    # USB
+    ATTRS{name}=="Sony Interactive Entertainment DualSense Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
+    # Bluetooth
+    ATTRS{name}=="DualSense Wireless Controller", ENV{LIBINPUT_IGNORE_DEVICE}="1"
+  '';
+}

nixos/ryu/services/fprintd.nix

@@ -0,0 +1,3 @@
+{...}: {
+  services.fprintd.enable = true;
+}

nixos/ryu/services/gstreamer.nix

@@ -0,0 +1,22 @@
+{pkgs, ...}: {
+  environment = {
+    systemPackages = with pkgs; [
+      gst_all_1.gst-libav
+      gst_all_1.gst-plugins-bad
+      gst_all_1.gst-plugins-base
+      gst_all_1.gst-plugins-good
+      gst_all_1.gst-plugins-rs
+      gst_all_1.gst-plugins-ugly
+      gst_all_1.gstreamer
+      gst_all_1.gstreamermm
+      gst_all_1.gst-rtsp-server
+      gst_all_1.gst-vaapi
+      # gst_all_1.icamerasrc-ipu6
+      # gst_all_1.icamerasrc-ipu6ep
+      # gst_all_1.icamerasrc-ipu6epmtl
+    ];
+    sessionVariables = {
+      GST_PLUGIN_PATH = "/run/current-system/sw/lib/gstreamer-1.0/";
+    };
+  };
+}

nixos/ryu/services/handoff.nix

@@ -0,0 +1,7 @@
+{...}: {
+  services.airpods-handoff = {
+    enable = true;
+    user = "servius";
+    macAddress = "14:14:7D:E5:1A:AC";
+  };
+}

nixos/ryu/services/llama.nix

@@ -1,25 +1,38 @@
 {
-  inputs,
   pkgs,
-  lib,
   config,
+  inputs,
   ...
 }: {
   services = {
     llama-cpp = {
       enable = false;
-      port = 11435;
+      port = 11345;
+      # model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
       model = pkgs.fetchurl {
-        url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
-        sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
+        # url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
+        # sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
+        url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
+        sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
       };
-      # package = pkgs.ik_llama;
+      extraFlags = [
+        "-c"
+        "98304"
+        "--jinja"
+        "--chat-template-file"
+        "${../../../assets/chat.hbs}"
+        # "/nix/store/4zk1p50hrzghp3jzzysz96pa64i2kmjl-promp.hbs"
+      ];
+      # package = inputs.llama-cpp.packages.${pkgs.system}.cuda;
     };
     caddy = {
       virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
-        import hetzner
+        import cloudflare
         reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
       '';
     };
   };
+  environment.systemPackages = with pkgs; [
+    llama-cpp
+  ];
 }

nixos/ryu/services/monitoring.nix

@@ -2,6 +2,10 @@
   services = {
     prometheus = {
       exporters = {
+        systemd = {
+          enable = true;
+        };
+        nvidia-gpu.enable = true;
         node = {
           enable = true;
           enabledCollectors = [
@@ -16,7 +20,6 @@
             "uname"
             "vmstat"
           ];
-          port = 9100;
         };
         process = {
           enable = true;
@@ -30,12 +33,4 @@
       };
     };
   };
-
-  # Open firewall ports for Prometheus exporters
-  networking.firewall = {
-    allowedTCPPorts = [
-      9100 # node exporter
-      9256 # process exporter
-    ];
-  };
 }

nixos/ryu/services/ollama.nix

@@ -9,6 +9,7 @@
       enable = false;
       host = "0.0.0.0";
       # loadModels = ["deepseek-r1:7b" "deepseek-r1:14b" "RobinBially/nomic-embed-text-8k" "qwen3:8b" "qwen3:14b"];
+      # loadModels = ["deepseek-r1:7b" "deepseek-r1:14b" "RobinBially/nomic-embed-text-8k" "qwen3:8b" "qwen3:14b"];
       port = 11434;
       acceleration = "cuda";
       environmentVariables = {
@@ -17,18 +18,18 @@
         LD_LIBRARY_PATH = "run/opengl-driver/lib";
         HTTP_PROXY = "https://ollama.ryu.darksailor.dev";
       };
-      package = pkgs.ollama.overrideAttrs {
-        version = "0.11.0";
-        src = pkgs.fetchFromGitHub {
-          owner = "ollama";
-          repo = "ollama";
-          tag = "v0.11.0";
-          hash = "sha256-po7BxJAj9eOpOaXsLDmw6/1RyjXPtXza0YUv0pVojZ0=";
-          fetchSubmodules = true;
-        };
-        doCheck = false;
-        vendorHash = "sha256-SlaDsu001TUW+t9WRp7LqxUSQSGDF1Lqu9M1bgILoX4=";
-      };
+      # package = pkgs.ollama.overrideAttrs {
+      #   version = "0.11.0";
+      #   src = pkgs.fetchFromGitHub {
+      #     owner = "ollama";
+      #     repo = "ollama";
+      #     tag = "v0.11.0";
+      #     hash = "sha256-po7BxJAj9eOpOaXsLDmw6/1RyjXPtXza0YUv0pVojZ0=";
+      #     fetchSubmodules = true;
+      #   };
+      #   doCheck = false;
+      #   vendorHash = "sha256-SlaDsu001TUW+t9WRp7LqxUSQSGDF1Lqu9M1bgILoX4=";
+      # };
     };
     # open-webui = {
     #   enable = false;
@@ -40,15 +41,15 @@
     # };
     caddy = {
       # virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
-      #   import hetzner
-      #   forward_auth mirai:5555 {
+      #   import cloudflare
+      #   forward_auth tako:5555 {
       #       uri /api/authz/forward-auth
       #       copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
       #   }
       #   reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
       # '';
       virtualHosts."ollama.ryu.darksailor.dev".extraConfig = ''
-        import hetzner
+        import cloudflare
         reverse_proxy localhost:${builtins.toString config.services.ollama.port}
       '';
     };

nixos/ryu/services/openssh.nix

@@ -0,0 +1,7 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "prohibit-password";
+  };
+}

nixos/ryu/services/sshd.nix

@@ -0,0 +1,3 @@
+{...}: {
+  services.sshd.enable = true;
+}

nixos/ryu/services/tailscale.nix

@@ -1,22 +1,8 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
+{masterPkgs, ...}: {
   services = {
     tailscale = {
       enable = true;
-      # useRoutingFeatures = "both";
-      # extraUpFlags = ["--advertise-routes=192.168.0.0/24"];
+      package = masterPkgs.tailscale;
     };
-    # networkd-dispatcher = {
-    #   enable = true;
-    #   rules."50-tailscale" = {
-    #     onState = ["routable"];
-    #     script = ''
-    #       ${lib.getExe pkgs.ethtool} -K en01 rx-udp-gro-forwarding on rg-xgro-list off
-    #     '';
-    #   };
-    # };
   };
 }

nixos/ryu/services/wivrn.nix

@@ -0,0 +1,13 @@
+{pkgs, ...}: {
+  services.wivrn = {
+    enable = true;
+    openFirewall = true;
+    defaultRuntime = true;
+    autoStart = true;
+    steam = {
+      importOXRRuntimes = true;
+    };
+    highPriority = true;
+    # package = pkgs.wivrn;
+  };
+}

nixos/ryu/vms/default.nix

@@ -1,4 +1,16 @@
 {
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu = {
+        runAsRoot = true;
+        swtpm.enable = true;
+        # ovmf = {
+        #   enable = true;
+        # };
+      };
+    };
+  };
   imports = [
     ./win11.nix
   ];