feat: Unify all of the nixos substituters

AGENTS.md

@@ -133,6 +133,7 @@ sessionVariables.BROWSER = if device.isDarwin then "open" else "xdg-open";
 2. **DO NOT add shell scripts** - use Nix expressions
 3. **All configurations must use Nix expressions** when possible
 4. **Follow existing naming conventions** and directory structure
+5. Create custom application entries in `~/.local/share/applications/{appname}.desktop`
 
 ## Secrets Management
 

home/programs/cargo.nix

@@ -3,7 +3,9 @@
   device,
   cratesNix,
   ...
-}:
+}: let
+  cargo-credential-1password = cratesNix.buildCrate "cargo-credential-1password" {};
+in
   lib.mkIf (!device.isServer) {
     home.file.".cargo/config.toml".text =
       # toml
@@ -19,9 +21,9 @@ lib.mkIf (!device.isServer) {
         index = "sparse+https://crates.darksailor.dev/api/v1/crates/"
 
         [registry]
-      global-credential-providers = ["cargo:token", "/etc/profiles/per-user/fs0c131y/bin/cargo-credential-1password --account my.1password.com"]
+        global-credential-providers = ["cargo:token", "${lib.getExe cargo-credential-1password} --account my.1password.com"]
       '';
     home.packages = [
-    (cratesNix.buildCrate "cargo-credential-1password" {})
+      cargo-credential-1password
     ];
   }

home/services/remmina.nix

@@ -1,7 +1,68 @@
-{device, ...}: {
+{
+  device,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  remminaDir = "${config.home.homeDirectory}/.local/share/remmina";
+  applicationsDir = "${config.home.homeDirectory}/.local/share/applications";
+
+  # Script to generate desktop entries for Remmina connections
+  generateRemminaDesktopEntries = pkgs.writeShellScript "generate-remmina-desktop-entries" ''
+    REMMINA_DIR="${remminaDir}"
+    APPS_DIR="${applicationsDir}"
+
+    # Create applications directory if it doesn't exist
+    mkdir -p "$APPS_DIR"
+
+    # Remove old remmina desktop entries
+    rm -f "$APPS_DIR"/remmina-*.desktop
+
+    # Exit if remmina directory doesn't exist
+    [[ ! -d "$REMMINA_DIR" ]] && exit 0
+
+    # Generate desktop entries for each .remmina file
+    find "$REMMINA_DIR" -name "*.remmina" -type f | while read -r file; do
+      # Extract connection details
+      name=$(${pkgs.gnugrep}/bin/grep "^name=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+      server=$(${pkgs.gnugrep}/bin/grep "^server=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+      protocol=$(${pkgs.gnugrep}/bin/grep "^protocol=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+
+      # Use filename as fallback if name is empty
+      [[ -z "$name" ]] && name=$(${pkgs.coreutils}/bin/basename "$file" .remmina)
+      [[ -z "$protocol" ]] && protocol="Unknown"
+
+      # Generate desktop entry filename
+      desktop_name=$(${pkgs.coreutils}/bin/basename "$file" .remmina | ${pkgs.gnused}/bin/sed 's/[^a-zA-Z0-9_-]/-/g')
+      desktop_file="$APPS_DIR/remmina-$desktop_name.desktop"
+
+      # Create desktop entry
+      cat > "$desktop_file" <<EOF
+    [Desktop Entry]
+    Type=Application
+    Name=Remmina - $name
+    GenericName=$protocol Connection to $server
+    Comment=Connect to $server via $protocol
+    Exec=${pkgs.remmina}/bin/remmina -c "$file"
+    Icon=org.remmina.Remmina
+    Terminal=false
+    Categories=Network;RemoteAccess;
+    EOF
+    done
+  '';
+in {
   services.remmina = {
     enable = device.is "ryu";
     systemdService.enable = true;
     addRdpMimeTypeAssoc = true;
   };
+
+  # Activation script to generate desktop entries
+  home.activation.generateRemminaDesktopEntries = mkIf (device.is "ryu") (
+    lib.hm.dag.entryAfter ["writeBoundary"] ''
+      run ${generateRemminaDesktopEntries}
+    ''
+  );
 }

modules/nixos/substituters.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nix.substituters;
+in {
+  options.nix.substituters = {
+    enableCuda = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable NixOS CUDA cache";
+    };
+
+    enableLlamaCpp = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable llama-cpp cache";
+    };
+  };
+
+  config = {
+    nix.settings = {
+      trusted-substituters =
+        [
+          "https://nix-community.cachix.org"
+          "https://nixos-raspberrypi.cachix.org"
+        ]
+        ++ optionals cfg.enableLlamaCpp [
+          "https://llama-cpp.cachix.org"
+        ]
+        ++ optionals cfg.enableCuda [
+          "https://cache.nixos-cuda.org"
+        ];
+
+      trusted-public-keys =
+        [
+          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+          "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
+        ]
+        ++ optionals cfg.enableLlamaCpp [
+          "llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
+        ]
+        ++ optionals cfg.enableCuda [
+          "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
+        ];
+    };
+  };
+}

nixos/ryu/configuration.nix

@@ -12,6 +12,7 @@
     ./apps
     ./vms
     ./games
+    ../../modules/nixos/substituters.nix
   ];
 
   security.tpm2 = {
@@ -46,18 +47,6 @@
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
       trusted-users = [device.user];
-      trusted-substituters = [
-        "https://nix-community.cachix.org"
-        "https://nixos-raspberrypi.cachix.org"
-        "https://llama-cpp.cachix.org"
-        "https://cuda-maintainers.cachix.org"
-      ];
-      trusted-public-keys = [
-        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
-        "llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
-      ];
     };
     extraOptions = ''
       build-users-group = nixbld
@@ -76,6 +65,11 @@
       # ../../builders/tsuba.nix
     ];
     distributedBuilds = true;
+    # Enable CUDA and llama-cpp caches
+    substituters = {
+      enableCuda = true;
+      enableLlamaCpp = true;
+    };
   };
 
   users.users.${device.user} = {

nixos/tako/configuration.nix

@@ -9,6 +9,7 @@
     ./services
     ./tako.nix
     # ./docker.nix
+    ../../modules/nixos/substituters.nix
   ];
 
   virtualisation.docker.enable = true;
@@ -35,7 +36,6 @@
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-
   nix = {
     settings = {
       max-jobs = 1;
@@ -43,16 +43,6 @@
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
       trusted-users = [device.user "remotebuilder"];
-      trusted-substituters = [
-        "https://nix-community.cachix.org"
-        "https://nixos-raspberrypi.cachix.org"
-        # "https://sh.darksailor.dev"
-      ];
-      trusted-public-keys = [
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
-        # "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
-      ];
     };
     extraOptions = ''
       build-users-group = nixbld
@@ -67,6 +57,9 @@
     };
     package = pkgs.nixVersions.nix_2_32; # deploy-rs doesn't work with nix >= 2.32
     distributedBuilds = true;
+    substituters = {
+      enableCuda = true;
+    };
   };
 
   users.users.${device.user} = {

nixos/tsuba/configuration.nix

@@ -5,6 +5,10 @@
   device,
   ...
 }: {
+  imports = [
+    ../../modules/nixos/substituters.nix
+  ];
+
   users.extraUsers.servius.extraGroups = ["docker"];
   networking.firewall.enable = false;
   services.openssh.enable = true;
@@ -16,14 +20,6 @@
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
       trusted-users = ["root" "remotebuilder" device.user];
-      trusted-substituters = [
-        "https://nix-community.cachix.org"
-        "https://nixos-raspberrypi.cachix.org"
-      ];
-      trusted-public-keys = [
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
-      ];
     };
     extraOptions = ''
       build-users-group = nixbld

patches/430171.patch

@@ -1,73 +0,0 @@
-From 3f49f2d9783151520ac0b9a588581454b60fd2ad Mon Sep 17 00:00:00 2001
-From: Lin Xianyi <iynaix@gmail.com>
-Date: Sat, 2 Aug 2025 01:15:23 +0800
-Subject: [PATCH] orca-slicer: remove dependency on libsoup2
-
----
- pkgs/by-name/or/orca-slicer/package.nix             | 13 +++++++++++--
- ...stream-CMakeLists-Link-against-webkit2gtk-.patch |  7 +++----
- 2 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/pkgs/by-name/or/orca-slicer/package.nix b/pkgs/by-name/or/orca-slicer/package.nix
-index 7e817859988acd..e1376110dcd38e 100644
---- a/pkgs/by-name/or/orca-slicer/package.nix
-+++ b/pkgs/by-name/or/orca-slicer/package.nix
-@@ -35,7 +35,7 @@
-   pcre,
-   systemd,
-   tbb_2021,
--  webkitgtk_4_0,
-+  webkitgtk_4_1,
-   wxGTK31,
-   xorg,
-   libnoise,
-@@ -47,8 +47,17 @@ let
-       withCurl = true;
-       withPrivateFonts = true;
-       withWebKit = true;
-+      webkitgtk_4_0 = webkitgtk_4_1;
-     }).overrideAttrs
-       (old: {
-+        src = fetchFromGitHub {
-+          owner = "SoftFever";
-+          repo = "Orca-deps-wxWidgets";
-+          rev = "acdc6db5064274405c323c3823eedf559bbe0474";
-+          hash = "sha256-Rt03VK0AzZyROkya0zRKpckS/OSa74pLTNbZoJiitfo=";
-+          fetchSubmodules = true;
-+        };
-+
-         configureFlags = old.configureFlags ++ [
-           # Disable noisy debug dialogs
-           "--enable-debug=no"
-@@ -112,7 +121,7 @@ stdenv.mkDerivation (finalAttrs: {
-     openvdb
-     pcre
-     tbb_2021
--    webkitgtk_4_0
-+    webkitgtk_4_1
-     wxGTK'
-     xorg.libX11
-     opencv.cxxdev
-diff --git a/pkgs/by-name/or/orca-slicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch b/pkgs/by-name/or/orca-slicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch
-index 15f1bf8f0b59e1..8cf3345131449f 100644
---- a/pkgs/by-name/or/orca-slicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch
-+++ b/pkgs/by-name/or/orca-slicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch
-@@ -20,15 +20,14 @@ index 9c5cb96..e92a0e3 100644
- @@ -175,6 +175,11 @@ if (WIN32)
-      target_link_libraries(BambuStudio_app_gui PRIVATE boost_headeronly)
-  endif ()
-- 
-+
- +# We link against webkit2gtk symbols in src/slic3r/GUI/Widgets/WebView.cpp
- +if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
--+    target_link_libraries(libslic3r_gui "-lwebkit2gtk-4.0")
-++    target_link_libraries(libslic3r_gui "-lwebkit2gtk-4.1")
- +endif ()
- +
-  # Link the resources dir to where Slic3r GUI expects it
-  set(output_dlls_Release "")
-  set(output_dlls_Debug "")
---- 
-+--
- 2.38.1
--